xref: /openbmc/linux/drivers/usb/class/usbtmc.c (revision 2e7c04aec86758e0adfcad4a24c86593b45807a3)
1 // SPDX-License-Identifier: GPL-2.0+
2 /**
3  * drivers/usb/class/usbtmc.c - USB Test & Measurement class driver
4  *
5  * Copyright (C) 2007 Stefan Kopp, Gechingen, Germany
6  * Copyright (C) 2008 Novell, Inc.
7  * Copyright (C) 2008 Greg Kroah-Hartman <gregkh@suse.de>
8  */
9 
10 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11 
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/fs.h>
15 #include <linux/uaccess.h>
16 #include <linux/kref.h>
17 #include <linux/slab.h>
18 #include <linux/poll.h>
19 #include <linux/mutex.h>
20 #include <linux/usb.h>
21 #include <linux/compat.h>
22 #include <linux/usb/tmc.h>
23 
24 
25 #define USBTMC_HEADER_SIZE	12
26 #define USBTMC_MINOR_BASE	176
27 
28 /*
29  * Size of driver internal IO buffer. Must be multiple of 4 and at least as
30  * large as wMaxPacketSize (which is usually 512 bytes).
31  */
32 #define USBTMC_SIZE_IOBUFFER	2048
33 
34 /* Minimum USB timeout (in milliseconds) */
35 #define USBTMC_MIN_TIMEOUT	100
36 /* Default USB timeout (in milliseconds) */
37 #define USBTMC_TIMEOUT		5000
38 
39 /*
40  * Maximum number of read cycles to empty bulk in endpoint during CLEAR and
41  * ABORT_BULK_IN requests. Ends the loop if (for whatever reason) a short
42  * packet is never read.
43  */
44 #define USBTMC_MAX_READS_TO_CLEAR_BULK_IN	100
45 
46 static const struct usb_device_id usbtmc_devices[] = {
47 	{ USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 0), },
48 	{ USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 1), },
49 	{ 0, } /* terminating entry */
50 };
51 MODULE_DEVICE_TABLE(usb, usbtmc_devices);
52 
53 /*
54  * This structure is the capabilities for the device
55  * See section 4.2.1.8 of the USBTMC specification,
56  * and section 4.2.2 of the USBTMC usb488 subclass
57  * specification for details.
58  */
59 struct usbtmc_dev_capabilities {
60 	__u8 interface_capabilities;
61 	__u8 device_capabilities;
62 	__u8 usb488_interface_capabilities;
63 	__u8 usb488_device_capabilities;
64 };
65 
66 /* This structure holds private data for each USBTMC device. One copy is
67  * allocated for each USBTMC device in the driver's probe function.
68  */
69 struct usbtmc_device_data {
70 	const struct usb_device_id *id;
71 	struct usb_device *usb_dev;
72 	struct usb_interface *intf;
73 	struct list_head file_list;
74 
75 	unsigned int bulk_in;
76 	unsigned int bulk_out;
77 
78 	u8 bTag;
79 	u8 bTag_last_write;	/* needed for abort */
80 	u8 bTag_last_read;	/* needed for abort */
81 
82 	/* data for interrupt in endpoint handling */
83 	u8             bNotify1;
84 	u8             bNotify2;
85 	u16            ifnum;
86 	u8             iin_bTag;
87 	u8            *iin_buffer;
88 	atomic_t       iin_data_valid;
89 	unsigned int   iin_ep;
90 	int            iin_ep_present;
91 	int            iin_interval;
92 	struct urb    *iin_urb;
93 	u16            iin_wMaxPacketSize;
94 
95 	/* coalesced usb488_caps from usbtmc_dev_capabilities */
96 	__u8 usb488_caps;
97 
98 	/* attributes from the USB TMC spec for this device */
99 	u8 TermChar;
100 	bool TermCharEnabled;
101 	bool auto_abort;
102 
103 	bool zombie; /* fd of disconnected device */
104 
105 	struct usbtmc_dev_capabilities	capabilities;
106 	struct kref kref;
107 	struct mutex io_mutex;	/* only one i/o function running at a time */
108 	wait_queue_head_t waitq;
109 	struct fasync_struct *fasync;
110 	spinlock_t dev_lock; /* lock for file_list */
111 };
112 #define to_usbtmc_data(d) container_of(d, struct usbtmc_device_data, kref)
113 
114 /*
115  * This structure holds private data for each USBTMC file handle.
116  */
117 struct usbtmc_file_data {
118 	struct usbtmc_device_data *data;
119 	struct list_head file_elem;
120 
121 	u32            timeout;
122 	u8             srq_byte;
123 	atomic_t       srq_asserted;
124 	u8             eom_val;
125 	u8             term_char;
126 	bool           term_char_enabled;
127 };
128 
129 /* Forward declarations */
130 static struct usb_driver usbtmc_driver;
131 
132 static void usbtmc_delete(struct kref *kref)
133 {
134 	struct usbtmc_device_data *data = to_usbtmc_data(kref);
135 
136 	usb_put_dev(data->usb_dev);
137 	kfree(data);
138 }
139 
140 static int usbtmc_open(struct inode *inode, struct file *filp)
141 {
142 	struct usb_interface *intf;
143 	struct usbtmc_device_data *data;
144 	struct usbtmc_file_data *file_data;
145 
146 	intf = usb_find_interface(&usbtmc_driver, iminor(inode));
147 	if (!intf) {
148 		pr_err("can not find device for minor %d", iminor(inode));
149 		return -ENODEV;
150 	}
151 
152 	file_data = kzalloc(sizeof(*file_data), GFP_KERNEL);
153 	if (!file_data)
154 		return -ENOMEM;
155 
156 	data = usb_get_intfdata(intf);
157 	/* Protect reference to data from file structure until release */
158 	kref_get(&data->kref);
159 
160 	mutex_lock(&data->io_mutex);
161 	file_data->data = data;
162 
163 	/* copy default values from device settings */
164 	file_data->timeout = USBTMC_TIMEOUT;
165 	file_data->term_char = data->TermChar;
166 	file_data->term_char_enabled = data->TermCharEnabled;
167 	file_data->eom_val = 1;
168 
169 	INIT_LIST_HEAD(&file_data->file_elem);
170 	spin_lock_irq(&data->dev_lock);
171 	list_add_tail(&file_data->file_elem, &data->file_list);
172 	spin_unlock_irq(&data->dev_lock);
173 	mutex_unlock(&data->io_mutex);
174 
175 	/* Store pointer in file structure's private data field */
176 	filp->private_data = file_data;
177 
178 	return 0;
179 }
180 
181 static int usbtmc_release(struct inode *inode, struct file *file)
182 {
183 	struct usbtmc_file_data *file_data = file->private_data;
184 
185 	/* prevent IO _AND_ usbtmc_interrupt */
186 	mutex_lock(&file_data->data->io_mutex);
187 	spin_lock_irq(&file_data->data->dev_lock);
188 
189 	list_del(&file_data->file_elem);
190 
191 	spin_unlock_irq(&file_data->data->dev_lock);
192 	mutex_unlock(&file_data->data->io_mutex);
193 
194 	kref_put(&file_data->data->kref, usbtmc_delete);
195 	file_data->data = NULL;
196 	kfree(file_data);
197 	return 0;
198 }
199 
200 static int usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data *data)
201 {
202 	u8 *buffer;
203 	struct device *dev;
204 	int rv;
205 	int n;
206 	int actual;
207 	struct usb_host_interface *current_setting;
208 	int max_size;
209 
210 	dev = &data->intf->dev;
211 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
212 	if (!buffer)
213 		return -ENOMEM;
214 
215 	rv = usb_control_msg(data->usb_dev,
216 			     usb_rcvctrlpipe(data->usb_dev, 0),
217 			     USBTMC_REQUEST_INITIATE_ABORT_BULK_IN,
218 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
219 			     data->bTag_last_read, data->bulk_in,
220 			     buffer, 2, USBTMC_TIMEOUT);
221 
222 	if (rv < 0) {
223 		dev_err(dev, "usb_control_msg returned %d\n", rv);
224 		goto exit;
225 	}
226 
227 	dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x\n", buffer[0]);
228 
229 	if (buffer[0] == USBTMC_STATUS_FAILED) {
230 		rv = 0;
231 		goto exit;
232 	}
233 
234 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
235 		dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n",
236 			buffer[0]);
237 		rv = -EPERM;
238 		goto exit;
239 	}
240 
241 	max_size = 0;
242 	current_setting = data->intf->cur_altsetting;
243 	for (n = 0; n < current_setting->desc.bNumEndpoints; n++)
244 		if (current_setting->endpoint[n].desc.bEndpointAddress ==
245 			data->bulk_in)
246 			max_size = usb_endpoint_maxp(&current_setting->endpoint[n].desc);
247 
248 	if (max_size == 0) {
249 		dev_err(dev, "Couldn't get wMaxPacketSize\n");
250 		rv = -EPERM;
251 		goto exit;
252 	}
253 
254 	dev_dbg(&data->intf->dev, "wMaxPacketSize is %d\n", max_size);
255 
256 	n = 0;
257 
258 	do {
259 		dev_dbg(dev, "Reading from bulk in EP\n");
260 
261 		rv = usb_bulk_msg(data->usb_dev,
262 				  usb_rcvbulkpipe(data->usb_dev,
263 						  data->bulk_in),
264 				  buffer, USBTMC_SIZE_IOBUFFER,
265 				  &actual, USBTMC_TIMEOUT);
266 
267 		n++;
268 
269 		if (rv < 0) {
270 			dev_err(dev, "usb_bulk_msg returned %d\n", rv);
271 			goto exit;
272 		}
273 	} while ((actual == max_size) &&
274 		 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
275 
276 	if (actual == max_size) {
277 		dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
278 			USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
279 		rv = -EPERM;
280 		goto exit;
281 	}
282 
283 	n = 0;
284 
285 usbtmc_abort_bulk_in_status:
286 	rv = usb_control_msg(data->usb_dev,
287 			     usb_rcvctrlpipe(data->usb_dev, 0),
288 			     USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS,
289 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
290 			     0, data->bulk_in, buffer, 0x08,
291 			     USBTMC_TIMEOUT);
292 
293 	if (rv < 0) {
294 		dev_err(dev, "usb_control_msg returned %d\n", rv);
295 		goto exit;
296 	}
297 
298 	dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x\n", buffer[0]);
299 
300 	if (buffer[0] == USBTMC_STATUS_SUCCESS) {
301 		rv = 0;
302 		goto exit;
303 	}
304 
305 	if (buffer[0] != USBTMC_STATUS_PENDING) {
306 		dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n", buffer[0]);
307 		rv = -EPERM;
308 		goto exit;
309 	}
310 
311 	if (buffer[1] == 1)
312 		do {
313 			dev_dbg(dev, "Reading from bulk in EP\n");
314 
315 			rv = usb_bulk_msg(data->usb_dev,
316 					  usb_rcvbulkpipe(data->usb_dev,
317 							  data->bulk_in),
318 					  buffer, USBTMC_SIZE_IOBUFFER,
319 					  &actual, USBTMC_TIMEOUT);
320 
321 			n++;
322 
323 			if (rv < 0) {
324 				dev_err(dev, "usb_bulk_msg returned %d\n", rv);
325 				goto exit;
326 			}
327 		} while ((actual == max_size) &&
328 			 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
329 
330 	if (actual == max_size) {
331 		dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
332 			USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
333 		rv = -EPERM;
334 		goto exit;
335 	}
336 
337 	goto usbtmc_abort_bulk_in_status;
338 
339 exit:
340 	kfree(buffer);
341 	return rv;
342 
343 }
344 
345 static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data)
346 {
347 	struct device *dev;
348 	u8 *buffer;
349 	int rv;
350 	int n;
351 
352 	dev = &data->intf->dev;
353 
354 	buffer = kmalloc(8, GFP_KERNEL);
355 	if (!buffer)
356 		return -ENOMEM;
357 
358 	rv = usb_control_msg(data->usb_dev,
359 			     usb_rcvctrlpipe(data->usb_dev, 0),
360 			     USBTMC_REQUEST_INITIATE_ABORT_BULK_OUT,
361 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
362 			     data->bTag_last_write, data->bulk_out,
363 			     buffer, 2, USBTMC_TIMEOUT);
364 
365 	if (rv < 0) {
366 		dev_err(dev, "usb_control_msg returned %d\n", rv);
367 		goto exit;
368 	}
369 
370 	dev_dbg(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", buffer[0]);
371 
372 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
373 		dev_err(dev, "INITIATE_ABORT_BULK_OUT returned %x\n",
374 			buffer[0]);
375 		rv = -EPERM;
376 		goto exit;
377 	}
378 
379 	n = 0;
380 
381 usbtmc_abort_bulk_out_check_status:
382 	rv = usb_control_msg(data->usb_dev,
383 			     usb_rcvctrlpipe(data->usb_dev, 0),
384 			     USBTMC_REQUEST_CHECK_ABORT_BULK_OUT_STATUS,
385 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
386 			     0, data->bulk_out, buffer, 0x08,
387 			     USBTMC_TIMEOUT);
388 	n++;
389 	if (rv < 0) {
390 		dev_err(dev, "usb_control_msg returned %d\n", rv);
391 		goto exit;
392 	}
393 
394 	dev_dbg(dev, "CHECK_ABORT_BULK_OUT returned %x\n", buffer[0]);
395 
396 	if (buffer[0] == USBTMC_STATUS_SUCCESS)
397 		goto usbtmc_abort_bulk_out_clear_halt;
398 
399 	if ((buffer[0] == USBTMC_STATUS_PENDING) &&
400 	    (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN))
401 		goto usbtmc_abort_bulk_out_check_status;
402 
403 	rv = -EPERM;
404 	goto exit;
405 
406 usbtmc_abort_bulk_out_clear_halt:
407 	rv = usb_clear_halt(data->usb_dev,
408 			    usb_sndbulkpipe(data->usb_dev, data->bulk_out));
409 
410 	if (rv < 0) {
411 		dev_err(dev, "usb_control_msg returned %d\n", rv);
412 		goto exit;
413 	}
414 	rv = 0;
415 
416 exit:
417 	kfree(buffer);
418 	return rv;
419 }
420 
421 static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data,
422 				void __user *arg)
423 {
424 	struct usbtmc_device_data *data = file_data->data;
425 	struct device *dev = &data->intf->dev;
426 	int srq_asserted = 0;
427 	u8 *buffer;
428 	u8 tag;
429 	__u8 stb;
430 	int rv;
431 
432 	dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n",
433 		data->iin_ep_present);
434 
435 	spin_lock_irq(&data->dev_lock);
436 	srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted);
437 	if (srq_asserted) {
438 		/* a STB with SRQ is already received */
439 		stb = file_data->srq_byte;
440 		spin_unlock_irq(&data->dev_lock);
441 		rv = put_user(stb, (__u8 __user *)arg);
442 		dev_dbg(dev, "stb:0x%02x with srq received %d\n",
443 			(unsigned int)stb, rv);
444 		return rv;
445 	}
446 	spin_unlock_irq(&data->dev_lock);
447 
448 	buffer = kmalloc(8, GFP_KERNEL);
449 	if (!buffer)
450 		return -ENOMEM;
451 
452 	atomic_set(&data->iin_data_valid, 0);
453 
454 	rv = usb_control_msg(data->usb_dev,
455 			usb_rcvctrlpipe(data->usb_dev, 0),
456 			USBTMC488_REQUEST_READ_STATUS_BYTE,
457 			USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
458 			data->iin_bTag,
459 			data->ifnum,
460 			buffer, 0x03, USBTMC_TIMEOUT);
461 	if (rv < 0) {
462 		dev_err(dev, "stb usb_control_msg returned %d\n", rv);
463 		goto exit;
464 	}
465 
466 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
467 		dev_err(dev, "control status returned %x\n", buffer[0]);
468 		rv = -EIO;
469 		goto exit;
470 	}
471 
472 	if (data->iin_ep_present) {
473 		rv = wait_event_interruptible_timeout(
474 			data->waitq,
475 			atomic_read(&data->iin_data_valid) != 0,
476 			file_data->timeout);
477 		if (rv < 0) {
478 			dev_dbg(dev, "wait interrupted %d\n", rv);
479 			goto exit;
480 		}
481 
482 		if (rv == 0) {
483 			dev_dbg(dev, "wait timed out\n");
484 			rv = -ETIMEDOUT;
485 			goto exit;
486 		}
487 
488 		tag = data->bNotify1 & 0x7f;
489 		if (tag != data->iin_bTag) {
490 			dev_err(dev, "expected bTag %x got %x\n",
491 				data->iin_bTag, tag);
492 		}
493 
494 		stb = data->bNotify2;
495 	} else {
496 		stb = buffer[2];
497 	}
498 
499 	rv = put_user(stb, (__u8 __user *)arg);
500 	dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)stb, rv);
501 
502  exit:
503 	/* bump interrupt bTag */
504 	data->iin_bTag += 1;
505 	if (data->iin_bTag > 127)
506 		/* 1 is for SRQ see USBTMC-USB488 subclass spec section 4.3.1 */
507 		data->iin_bTag = 2;
508 
509 	kfree(buffer);
510 	return rv;
511 }
512 
513 static int usbtmc488_ioctl_simple(struct usbtmc_device_data *data,
514 				void __user *arg, unsigned int cmd)
515 {
516 	struct device *dev = &data->intf->dev;
517 	__u8 val;
518 	u8 *buffer;
519 	u16 wValue;
520 	int rv;
521 
522 	if (!(data->usb488_caps & USBTMC488_CAPABILITY_SIMPLE))
523 		return -EINVAL;
524 
525 	buffer = kmalloc(8, GFP_KERNEL);
526 	if (!buffer)
527 		return -ENOMEM;
528 
529 	if (cmd == USBTMC488_REQUEST_REN_CONTROL) {
530 		rv = copy_from_user(&val, arg, sizeof(val));
531 		if (rv) {
532 			rv = -EFAULT;
533 			goto exit;
534 		}
535 		wValue = val ? 1 : 0;
536 	} else {
537 		wValue = 0;
538 	}
539 
540 	rv = usb_control_msg(data->usb_dev,
541 			usb_rcvctrlpipe(data->usb_dev, 0),
542 			cmd,
543 			USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
544 			wValue,
545 			data->ifnum,
546 			buffer, 0x01, USBTMC_TIMEOUT);
547 	if (rv < 0) {
548 		dev_err(dev, "simple usb_control_msg failed %d\n", rv);
549 		goto exit;
550 	} else if (rv != 1) {
551 		dev_warn(dev, "simple usb_control_msg returned %d\n", rv);
552 		rv = -EIO;
553 		goto exit;
554 	}
555 
556 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
557 		dev_err(dev, "simple control status returned %x\n", buffer[0]);
558 		rv = -EIO;
559 		goto exit;
560 	}
561 	rv = 0;
562 
563  exit:
564 	kfree(buffer);
565 	return rv;
566 }
567 
568 /*
569  * Sends a TRIGGER Bulk-OUT command message
570  * See the USBTMC-USB488 specification, Table 2.
571  *
572  * Also updates bTag_last_write.
573  */
574 static int usbtmc488_ioctl_trigger(struct usbtmc_file_data *file_data)
575 {
576 	struct usbtmc_device_data *data = file_data->data;
577 	int retval;
578 	u8 *buffer;
579 	int actual;
580 
581 	buffer = kzalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
582 	if (!buffer)
583 		return -ENOMEM;
584 
585 	buffer[0] = 128;
586 	buffer[1] = data->bTag;
587 	buffer[2] = ~data->bTag;
588 
589 	retval = usb_bulk_msg(data->usb_dev,
590 			      usb_sndbulkpipe(data->usb_dev,
591 					      data->bulk_out),
592 			      buffer, USBTMC_HEADER_SIZE,
593 			      &actual, file_data->timeout);
594 
595 	/* Store bTag (in case we need to abort) */
596 	data->bTag_last_write = data->bTag;
597 
598 	/* Increment bTag -- and increment again if zero */
599 	data->bTag++;
600 	if (!data->bTag)
601 		data->bTag++;
602 
603 	kfree(buffer);
604 	if (retval < 0) {
605 		dev_err(&data->intf->dev, "%s returned %d\n",
606 			__func__, retval);
607 		return retval;
608 	}
609 
610 	return 0;
611 }
612 
613 /*
614  * Sends a REQUEST_DEV_DEP_MSG_IN message on the Bulk-OUT endpoint.
615  * @transfer_size: number of bytes to request from the device.
616  *
617  * See the USBTMC specification, Table 4.
618  *
619  * Also updates bTag_last_write.
620  */
621 static int send_request_dev_dep_msg_in(struct usbtmc_file_data *file_data,
622 				       size_t transfer_size)
623 {
624 	struct usbtmc_device_data *data = file_data->data;
625 	int retval;
626 	u8 *buffer;
627 	int actual;
628 
629 	buffer = kmalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
630 	if (!buffer)
631 		return -ENOMEM;
632 	/* Setup IO buffer for REQUEST_DEV_DEP_MSG_IN message
633 	 * Refer to class specs for details
634 	 */
635 	buffer[0] = 2;
636 	buffer[1] = data->bTag;
637 	buffer[2] = ~data->bTag;
638 	buffer[3] = 0; /* Reserved */
639 	buffer[4] = transfer_size >> 0;
640 	buffer[5] = transfer_size >> 8;
641 	buffer[6] = transfer_size >> 16;
642 	buffer[7] = transfer_size >> 24;
643 	buffer[8] = file_data->term_char_enabled * 2;
644 	/* Use term character? */
645 	buffer[9] = file_data->term_char;
646 	buffer[10] = 0; /* Reserved */
647 	buffer[11] = 0; /* Reserved */
648 
649 	/* Send bulk URB */
650 	retval = usb_bulk_msg(data->usb_dev,
651 			      usb_sndbulkpipe(data->usb_dev,
652 					      data->bulk_out),
653 			      buffer, USBTMC_HEADER_SIZE,
654 			      &actual, file_data->timeout);
655 
656 	/* Store bTag (in case we need to abort) */
657 	data->bTag_last_write = data->bTag;
658 
659 	/* Increment bTag -- and increment again if zero */
660 	data->bTag++;
661 	if (!data->bTag)
662 		data->bTag++;
663 
664 	kfree(buffer);
665 	if (retval < 0) {
666 		dev_err(&data->intf->dev, "usb_bulk_msg in send_request_dev_dep_msg_in() returned %d\n", retval);
667 		return retval;
668 	}
669 
670 	return 0;
671 }
672 
673 static ssize_t usbtmc_read(struct file *filp, char __user *buf,
674 			   size_t count, loff_t *f_pos)
675 {
676 	struct usbtmc_file_data *file_data;
677 	struct usbtmc_device_data *data;
678 	struct device *dev;
679 	u32 n_characters;
680 	u8 *buffer;
681 	int actual;
682 	size_t done;
683 	size_t remaining;
684 	int retval;
685 	size_t this_part;
686 
687 	/* Get pointer to private data structure */
688 	file_data = filp->private_data;
689 	data = file_data->data;
690 	dev = &data->intf->dev;
691 
692 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
693 	if (!buffer)
694 		return -ENOMEM;
695 
696 	mutex_lock(&data->io_mutex);
697 	if (data->zombie) {
698 		retval = -ENODEV;
699 		goto exit;
700 	}
701 
702 	dev_dbg(dev, "usb_bulk_msg_in: count(%zu)\n", count);
703 
704 	retval = send_request_dev_dep_msg_in(file_data, count);
705 
706 	if (retval < 0) {
707 		if (data->auto_abort)
708 			usbtmc_ioctl_abort_bulk_out(data);
709 		goto exit;
710 	}
711 
712 	/* Loop until we have fetched everything we requested */
713 	remaining = count;
714 	this_part = remaining;
715 	done = 0;
716 
717 	while (remaining > 0) {
718 		/* Send bulk URB */
719 		retval = usb_bulk_msg(data->usb_dev,
720 				      usb_rcvbulkpipe(data->usb_dev,
721 						      data->bulk_in),
722 				      buffer, USBTMC_SIZE_IOBUFFER, &actual,
723 				      file_data->timeout);
724 
725 		dev_dbg(dev, "usb_bulk_msg: retval(%u), done(%zu), remaining(%zu), actual(%d)\n", retval, done, remaining, actual);
726 
727 		/* Store bTag (in case we need to abort) */
728 		data->bTag_last_read = data->bTag;
729 
730 		if (retval < 0) {
731 			dev_dbg(dev, "Unable to read data, error %d\n", retval);
732 			if (data->auto_abort)
733 				usbtmc_ioctl_abort_bulk_in(data);
734 			goto exit;
735 		}
736 
737 		/* Parse header in first packet */
738 		if (done == 0) {
739 			/* Sanity checks for the header */
740 			if (actual < USBTMC_HEADER_SIZE) {
741 				dev_err(dev, "Device sent too small first packet: %u < %u\n", actual, USBTMC_HEADER_SIZE);
742 				if (data->auto_abort)
743 					usbtmc_ioctl_abort_bulk_in(data);
744 				goto exit;
745 			}
746 
747 			if (buffer[0] != 2) {
748 				dev_err(dev, "Device sent reply with wrong MsgID: %u != 2\n", buffer[0]);
749 				if (data->auto_abort)
750 					usbtmc_ioctl_abort_bulk_in(data);
751 				goto exit;
752 			}
753 
754 			if (buffer[1] != data->bTag_last_write) {
755 				dev_err(dev, "Device sent reply with wrong bTag: %u != %u\n", buffer[1], data->bTag_last_write);
756 				if (data->auto_abort)
757 					usbtmc_ioctl_abort_bulk_in(data);
758 				goto exit;
759 			}
760 
761 			/* How many characters did the instrument send? */
762 			n_characters = buffer[4] +
763 				       (buffer[5] << 8) +
764 				       (buffer[6] << 16) +
765 				       (buffer[7] << 24);
766 
767 			if (n_characters > this_part) {
768 				dev_err(dev, "Device wants to return more data than requested: %u > %zu\n", n_characters, count);
769 				if (data->auto_abort)
770 					usbtmc_ioctl_abort_bulk_in(data);
771 				goto exit;
772 			}
773 
774 			/* Remove the USBTMC header */
775 			actual -= USBTMC_HEADER_SIZE;
776 
777 			/* Check if the message is smaller than requested */
778 			if (remaining > n_characters)
779 				remaining = n_characters;
780 			/* Remove padding if it exists */
781 			if (actual > remaining)
782 				actual = remaining;
783 
784 			dev_dbg(dev, "Bulk-IN header: N_characters(%u), bTransAttr(%u)\n", n_characters, buffer[8]);
785 
786 			remaining -= actual;
787 
788 			/* Terminate if end-of-message bit received from device */
789 			if ((buffer[8] & 0x01) && (actual >= n_characters))
790 				remaining = 0;
791 
792 			dev_dbg(dev, "Bulk-IN header: remaining(%zu), buf(%p), buffer(%p) done(%zu)\n", remaining,buf,buffer,done);
793 
794 
795 			/* Copy buffer to user space */
796 			if (copy_to_user(buf + done, &buffer[USBTMC_HEADER_SIZE], actual)) {
797 				/* There must have been an addressing problem */
798 				retval = -EFAULT;
799 				goto exit;
800 			}
801 			done += actual;
802 		}
803 		else  {
804 			if (actual > remaining)
805 				actual = remaining;
806 
807 			remaining -= actual;
808 
809 			dev_dbg(dev, "Bulk-IN header cont: actual(%u), done(%zu), remaining(%zu), buf(%p), buffer(%p)\n", actual, done, remaining,buf,buffer);
810 
811 			/* Copy buffer to user space */
812 			if (copy_to_user(buf + done, buffer, actual)) {
813 				/* There must have been an addressing problem */
814 				retval = -EFAULT;
815 				goto exit;
816 			}
817 			done += actual;
818 		}
819 	}
820 
821 	/* Update file position value */
822 	*f_pos = *f_pos + done;
823 	retval = done;
824 
825 exit:
826 	mutex_unlock(&data->io_mutex);
827 	kfree(buffer);
828 	return retval;
829 }
830 
831 static ssize_t usbtmc_write(struct file *filp, const char __user *buf,
832 			    size_t count, loff_t *f_pos)
833 {
834 	struct usbtmc_file_data *file_data;
835 	struct usbtmc_device_data *data;
836 	u8 *buffer;
837 	int retval;
838 	int actual;
839 	unsigned long int n_bytes;
840 	int remaining;
841 	int done;
842 	int this_part;
843 
844 	file_data = filp->private_data;
845 	data = file_data->data;
846 
847 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
848 	if (!buffer)
849 		return -ENOMEM;
850 
851 	mutex_lock(&data->io_mutex);
852 	if (data->zombie) {
853 		retval = -ENODEV;
854 		goto exit;
855 	}
856 
857 	remaining = count;
858 	done = 0;
859 
860 	while (remaining > 0) {
861 		if (remaining > USBTMC_SIZE_IOBUFFER - USBTMC_HEADER_SIZE) {
862 			this_part = USBTMC_SIZE_IOBUFFER - USBTMC_HEADER_SIZE;
863 			buffer[8] = 0;
864 		} else {
865 			this_part = remaining;
866 			buffer[8] = file_data->eom_val;
867 		}
868 
869 		/* Setup IO buffer for DEV_DEP_MSG_OUT message */
870 		buffer[0] = 1;
871 		buffer[1] = data->bTag;
872 		buffer[2] = ~data->bTag;
873 		buffer[3] = 0; /* Reserved */
874 		buffer[4] = this_part >> 0;
875 		buffer[5] = this_part >> 8;
876 		buffer[6] = this_part >> 16;
877 		buffer[7] = this_part >> 24;
878 		/* buffer[8] is set above... */
879 		buffer[9] = 0; /* Reserved */
880 		buffer[10] = 0; /* Reserved */
881 		buffer[11] = 0; /* Reserved */
882 
883 		if (copy_from_user(&buffer[USBTMC_HEADER_SIZE], buf + done, this_part)) {
884 			retval = -EFAULT;
885 			goto exit;
886 		}
887 
888 		n_bytes = roundup(USBTMC_HEADER_SIZE + this_part, 4);
889 		memset(buffer + USBTMC_HEADER_SIZE + this_part, 0, n_bytes - (USBTMC_HEADER_SIZE + this_part));
890 
891 		do {
892 			retval = usb_bulk_msg(data->usb_dev,
893 					      usb_sndbulkpipe(data->usb_dev,
894 							      data->bulk_out),
895 					      buffer, n_bytes,
896 					      &actual, file_data->timeout);
897 			if (retval != 0)
898 				break;
899 			n_bytes -= actual;
900 		} while (n_bytes);
901 
902 		data->bTag_last_write = data->bTag;
903 		data->bTag++;
904 
905 		if (!data->bTag)
906 			data->bTag++;
907 
908 		if (retval < 0) {
909 			dev_err(&data->intf->dev,
910 				"Unable to send data, error %d\n", retval);
911 			if (data->auto_abort)
912 				usbtmc_ioctl_abort_bulk_out(data);
913 			goto exit;
914 		}
915 
916 		remaining -= this_part;
917 		done += this_part;
918 	}
919 
920 	retval = count;
921 exit:
922 	mutex_unlock(&data->io_mutex);
923 	kfree(buffer);
924 	return retval;
925 }
926 
927 static int usbtmc_ioctl_clear(struct usbtmc_device_data *data)
928 {
929 	struct usb_host_interface *current_setting;
930 	struct usb_endpoint_descriptor *desc;
931 	struct device *dev;
932 	u8 *buffer;
933 	int rv;
934 	int n;
935 	int actual = 0;
936 	int max_size;
937 
938 	dev = &data->intf->dev;
939 
940 	dev_dbg(dev, "Sending INITIATE_CLEAR request\n");
941 
942 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
943 	if (!buffer)
944 		return -ENOMEM;
945 
946 	rv = usb_control_msg(data->usb_dev,
947 			     usb_rcvctrlpipe(data->usb_dev, 0),
948 			     USBTMC_REQUEST_INITIATE_CLEAR,
949 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
950 			     0, 0, buffer, 1, USBTMC_TIMEOUT);
951 	if (rv < 0) {
952 		dev_err(dev, "usb_control_msg returned %d\n", rv);
953 		goto exit;
954 	}
955 
956 	dev_dbg(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
957 
958 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
959 		dev_err(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
960 		rv = -EPERM;
961 		goto exit;
962 	}
963 
964 	max_size = 0;
965 	current_setting = data->intf->cur_altsetting;
966 	for (n = 0; n < current_setting->desc.bNumEndpoints; n++) {
967 		desc = &current_setting->endpoint[n].desc;
968 		if (desc->bEndpointAddress == data->bulk_in)
969 			max_size = usb_endpoint_maxp(desc);
970 	}
971 
972 	if (max_size == 0) {
973 		dev_err(dev, "Couldn't get wMaxPacketSize\n");
974 		rv = -EPERM;
975 		goto exit;
976 	}
977 
978 	dev_dbg(dev, "wMaxPacketSize is %d\n", max_size);
979 
980 	n = 0;
981 
982 usbtmc_clear_check_status:
983 
984 	dev_dbg(dev, "Sending CHECK_CLEAR_STATUS request\n");
985 
986 	rv = usb_control_msg(data->usb_dev,
987 			     usb_rcvctrlpipe(data->usb_dev, 0),
988 			     USBTMC_REQUEST_CHECK_CLEAR_STATUS,
989 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
990 			     0, 0, buffer, 2, USBTMC_TIMEOUT);
991 	if (rv < 0) {
992 		dev_err(dev, "usb_control_msg returned %d\n", rv);
993 		goto exit;
994 	}
995 
996 	dev_dbg(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
997 
998 	if (buffer[0] == USBTMC_STATUS_SUCCESS)
999 		goto usbtmc_clear_bulk_out_halt;
1000 
1001 	if (buffer[0] != USBTMC_STATUS_PENDING) {
1002 		dev_err(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
1003 		rv = -EPERM;
1004 		goto exit;
1005 	}
1006 
1007 	if (buffer[1] == 1)
1008 		do {
1009 			dev_dbg(dev, "Reading from bulk in EP\n");
1010 
1011 			rv = usb_bulk_msg(data->usb_dev,
1012 					  usb_rcvbulkpipe(data->usb_dev,
1013 							  data->bulk_in),
1014 					  buffer, USBTMC_SIZE_IOBUFFER,
1015 					  &actual, USBTMC_TIMEOUT);
1016 			n++;
1017 
1018 			if (rv < 0) {
1019 				dev_err(dev, "usb_control_msg returned %d\n",
1020 					rv);
1021 				goto exit;
1022 			}
1023 		} while ((actual == max_size) &&
1024 			  (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
1025 
1026 	if (actual == max_size) {
1027 		dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
1028 			USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
1029 		rv = -EPERM;
1030 		goto exit;
1031 	}
1032 
1033 	goto usbtmc_clear_check_status;
1034 
1035 usbtmc_clear_bulk_out_halt:
1036 
1037 	rv = usb_clear_halt(data->usb_dev,
1038 			    usb_sndbulkpipe(data->usb_dev, data->bulk_out));
1039 	if (rv < 0) {
1040 		dev_err(dev, "usb_control_msg returned %d\n", rv);
1041 		goto exit;
1042 	}
1043 	rv = 0;
1044 
1045 exit:
1046 	kfree(buffer);
1047 	return rv;
1048 }
1049 
1050 static int usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data *data)
1051 {
1052 	int rv;
1053 
1054 	rv = usb_clear_halt(data->usb_dev,
1055 			    usb_sndbulkpipe(data->usb_dev, data->bulk_out));
1056 
1057 	if (rv < 0) {
1058 		dev_err(&data->usb_dev->dev, "usb_control_msg returned %d\n",
1059 			rv);
1060 		return rv;
1061 	}
1062 	return 0;
1063 }
1064 
1065 static int usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data *data)
1066 {
1067 	int rv;
1068 
1069 	rv = usb_clear_halt(data->usb_dev,
1070 			    usb_rcvbulkpipe(data->usb_dev, data->bulk_in));
1071 
1072 	if (rv < 0) {
1073 		dev_err(&data->usb_dev->dev, "usb_control_msg returned %d\n",
1074 			rv);
1075 		return rv;
1076 	}
1077 	return 0;
1078 }
1079 
1080 static int get_capabilities(struct usbtmc_device_data *data)
1081 {
1082 	struct device *dev = &data->usb_dev->dev;
1083 	char *buffer;
1084 	int rv = 0;
1085 
1086 	buffer = kmalloc(0x18, GFP_KERNEL);
1087 	if (!buffer)
1088 		return -ENOMEM;
1089 
1090 	rv = usb_control_msg(data->usb_dev, usb_rcvctrlpipe(data->usb_dev, 0),
1091 			     USBTMC_REQUEST_GET_CAPABILITIES,
1092 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1093 			     0, 0, buffer, 0x18, USBTMC_TIMEOUT);
1094 	if (rv < 0) {
1095 		dev_err(dev, "usb_control_msg returned %d\n", rv);
1096 		goto err_out;
1097 	}
1098 
1099 	dev_dbg(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
1100 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1101 		dev_err(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
1102 		rv = -EPERM;
1103 		goto err_out;
1104 	}
1105 	dev_dbg(dev, "Interface capabilities are %x\n", buffer[4]);
1106 	dev_dbg(dev, "Device capabilities are %x\n", buffer[5]);
1107 	dev_dbg(dev, "USB488 interface capabilities are %x\n", buffer[14]);
1108 	dev_dbg(dev, "USB488 device capabilities are %x\n", buffer[15]);
1109 
1110 	data->capabilities.interface_capabilities = buffer[4];
1111 	data->capabilities.device_capabilities = buffer[5];
1112 	data->capabilities.usb488_interface_capabilities = buffer[14];
1113 	data->capabilities.usb488_device_capabilities = buffer[15];
1114 	data->usb488_caps = (buffer[14] & 0x07) | ((buffer[15] & 0x0f) << 4);
1115 	rv = 0;
1116 
1117 err_out:
1118 	kfree(buffer);
1119 	return rv;
1120 }
1121 
1122 #define capability_attribute(name)					\
1123 static ssize_t name##_show(struct device *dev,				\
1124 			   struct device_attribute *attr, char *buf)	\
1125 {									\
1126 	struct usb_interface *intf = to_usb_interface(dev);		\
1127 	struct usbtmc_device_data *data = usb_get_intfdata(intf);	\
1128 									\
1129 	return sprintf(buf, "%d\n", data->capabilities.name);		\
1130 }									\
1131 static DEVICE_ATTR_RO(name)
1132 
1133 capability_attribute(interface_capabilities);
1134 capability_attribute(device_capabilities);
1135 capability_attribute(usb488_interface_capabilities);
1136 capability_attribute(usb488_device_capabilities);
1137 
1138 static struct attribute *capability_attrs[] = {
1139 	&dev_attr_interface_capabilities.attr,
1140 	&dev_attr_device_capabilities.attr,
1141 	&dev_attr_usb488_interface_capabilities.attr,
1142 	&dev_attr_usb488_device_capabilities.attr,
1143 	NULL,
1144 };
1145 
1146 static const struct attribute_group capability_attr_grp = {
1147 	.attrs = capability_attrs,
1148 };
1149 
1150 static ssize_t TermChar_show(struct device *dev,
1151 			     struct device_attribute *attr, char *buf)
1152 {
1153 	struct usb_interface *intf = to_usb_interface(dev);
1154 	struct usbtmc_device_data *data = usb_get_intfdata(intf);
1155 
1156 	return sprintf(buf, "%c\n", data->TermChar);
1157 }
1158 
1159 static ssize_t TermChar_store(struct device *dev,
1160 			      struct device_attribute *attr,
1161 			      const char *buf, size_t count)
1162 {
1163 	struct usb_interface *intf = to_usb_interface(dev);
1164 	struct usbtmc_device_data *data = usb_get_intfdata(intf);
1165 
1166 	if (count < 1)
1167 		return -EINVAL;
1168 	data->TermChar = buf[0];
1169 	return count;
1170 }
1171 static DEVICE_ATTR_RW(TermChar);
1172 
1173 #define data_attribute(name)						\
1174 static ssize_t name##_show(struct device *dev,				\
1175 			   struct device_attribute *attr, char *buf)	\
1176 {									\
1177 	struct usb_interface *intf = to_usb_interface(dev);		\
1178 	struct usbtmc_device_data *data = usb_get_intfdata(intf);	\
1179 									\
1180 	return sprintf(buf, "%d\n", data->name);			\
1181 }									\
1182 static ssize_t name##_store(struct device *dev,				\
1183 			    struct device_attribute *attr,		\
1184 			    const char *buf, size_t count)		\
1185 {									\
1186 	struct usb_interface *intf = to_usb_interface(dev);		\
1187 	struct usbtmc_device_data *data = usb_get_intfdata(intf);	\
1188 	ssize_t result;							\
1189 	unsigned val;							\
1190 									\
1191 	result = sscanf(buf, "%u\n", &val);				\
1192 	if (result != 1)						\
1193 		result = -EINVAL;					\
1194 	data->name = val;						\
1195 	if (result < 0)							\
1196 		return result;						\
1197 	else								\
1198 		return count;						\
1199 }									\
1200 static DEVICE_ATTR_RW(name)
1201 
1202 data_attribute(TermCharEnabled);
1203 data_attribute(auto_abort);
1204 
1205 static struct attribute *data_attrs[] = {
1206 	&dev_attr_TermChar.attr,
1207 	&dev_attr_TermCharEnabled.attr,
1208 	&dev_attr_auto_abort.attr,
1209 	NULL,
1210 };
1211 
1212 static const struct attribute_group data_attr_grp = {
1213 	.attrs = data_attrs,
1214 };
1215 
1216 static int usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data *data)
1217 {
1218 	struct device *dev;
1219 	u8 *buffer;
1220 	int rv;
1221 
1222 	dev = &data->intf->dev;
1223 
1224 	buffer = kmalloc(2, GFP_KERNEL);
1225 	if (!buffer)
1226 		return -ENOMEM;
1227 
1228 	rv = usb_control_msg(data->usb_dev,
1229 			     usb_rcvctrlpipe(data->usb_dev, 0),
1230 			     USBTMC_REQUEST_INDICATOR_PULSE,
1231 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1232 			     0, 0, buffer, 0x01, USBTMC_TIMEOUT);
1233 
1234 	if (rv < 0) {
1235 		dev_err(dev, "usb_control_msg returned %d\n", rv);
1236 		goto exit;
1237 	}
1238 
1239 	dev_dbg(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1240 
1241 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1242 		dev_err(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1243 		rv = -EPERM;
1244 		goto exit;
1245 	}
1246 	rv = 0;
1247 
1248 exit:
1249 	kfree(buffer);
1250 	return rv;
1251 }
1252 
1253 /*
1254  * Get the usb timeout value
1255  */
1256 static int usbtmc_ioctl_get_timeout(struct usbtmc_file_data *file_data,
1257 				void __user *arg)
1258 {
1259 	u32 timeout;
1260 
1261 	timeout = file_data->timeout;
1262 
1263 	return put_user(timeout, (__u32 __user *)arg);
1264 }
1265 
1266 /*
1267  * Set the usb timeout value
1268  */
1269 static int usbtmc_ioctl_set_timeout(struct usbtmc_file_data *file_data,
1270 				void __user *arg)
1271 {
1272 	u32 timeout;
1273 
1274 	if (get_user(timeout, (__u32 __user *)arg))
1275 		return -EFAULT;
1276 
1277 	/* Note that timeout = 0 means
1278 	 * MAX_SCHEDULE_TIMEOUT in usb_control_msg
1279 	 */
1280 	if (timeout < USBTMC_MIN_TIMEOUT)
1281 		return -EINVAL;
1282 
1283 	file_data->timeout = timeout;
1284 
1285 	return 0;
1286 }
1287 
1288 /*
1289  * enables/disables sending EOM on write
1290  */
1291 static int usbtmc_ioctl_eom_enable(struct usbtmc_file_data *file_data,
1292 				void __user *arg)
1293 {
1294 	u8 eom_enable;
1295 
1296 	if (copy_from_user(&eom_enable, arg, sizeof(eom_enable)))
1297 		return -EFAULT;
1298 
1299 	if (eom_enable > 1)
1300 		return -EINVAL;
1301 
1302 	file_data->eom_val = eom_enable;
1303 
1304 	return 0;
1305 }
1306 
1307 /*
1308  * Configure termination character for read()
1309  */
1310 static int usbtmc_ioctl_config_termc(struct usbtmc_file_data *file_data,
1311 				void __user *arg)
1312 {
1313 	struct usbtmc_termchar termc;
1314 
1315 	if (copy_from_user(&termc, arg, sizeof(termc)))
1316 		return -EFAULT;
1317 
1318 	if ((termc.term_char_enabled > 1) ||
1319 		(termc.term_char_enabled &&
1320 		!(file_data->data->capabilities.device_capabilities & 1)))
1321 		return -EINVAL;
1322 
1323 	file_data->term_char = termc.term_char;
1324 	file_data->term_char_enabled = termc.term_char_enabled;
1325 
1326 	return 0;
1327 }
1328 
1329 static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1330 {
1331 	struct usbtmc_file_data *file_data;
1332 	struct usbtmc_device_data *data;
1333 	int retval = -EBADRQC;
1334 
1335 	file_data = file->private_data;
1336 	data = file_data->data;
1337 
1338 	mutex_lock(&data->io_mutex);
1339 	if (data->zombie) {
1340 		retval = -ENODEV;
1341 		goto skip_io_on_zombie;
1342 	}
1343 
1344 	switch (cmd) {
1345 	case USBTMC_IOCTL_CLEAR_OUT_HALT:
1346 		retval = usbtmc_ioctl_clear_out_halt(data);
1347 		break;
1348 
1349 	case USBTMC_IOCTL_CLEAR_IN_HALT:
1350 		retval = usbtmc_ioctl_clear_in_halt(data);
1351 		break;
1352 
1353 	case USBTMC_IOCTL_INDICATOR_PULSE:
1354 		retval = usbtmc_ioctl_indicator_pulse(data);
1355 		break;
1356 
1357 	case USBTMC_IOCTL_CLEAR:
1358 		retval = usbtmc_ioctl_clear(data);
1359 		break;
1360 
1361 	case USBTMC_IOCTL_ABORT_BULK_OUT:
1362 		retval = usbtmc_ioctl_abort_bulk_out(data);
1363 		break;
1364 
1365 	case USBTMC_IOCTL_ABORT_BULK_IN:
1366 		retval = usbtmc_ioctl_abort_bulk_in(data);
1367 		break;
1368 
1369 	case USBTMC_IOCTL_GET_TIMEOUT:
1370 		retval = usbtmc_ioctl_get_timeout(file_data,
1371 						  (void __user *)arg);
1372 		break;
1373 
1374 	case USBTMC_IOCTL_SET_TIMEOUT:
1375 		retval = usbtmc_ioctl_set_timeout(file_data,
1376 						  (void __user *)arg);
1377 		break;
1378 
1379 	case USBTMC_IOCTL_EOM_ENABLE:
1380 		retval = usbtmc_ioctl_eom_enable(file_data,
1381 						 (void __user *)arg);
1382 		break;
1383 
1384 	case USBTMC_IOCTL_CONFIG_TERMCHAR:
1385 		retval = usbtmc_ioctl_config_termc(file_data,
1386 						   (void __user *)arg);
1387 		break;
1388 
1389 	case USBTMC488_IOCTL_GET_CAPS:
1390 		retval = copy_to_user((void __user *)arg,
1391 				&data->usb488_caps,
1392 				sizeof(data->usb488_caps));
1393 		if (retval)
1394 			retval = -EFAULT;
1395 		break;
1396 
1397 	case USBTMC488_IOCTL_READ_STB:
1398 		retval = usbtmc488_ioctl_read_stb(file_data,
1399 						  (void __user *)arg);
1400 		break;
1401 
1402 	case USBTMC488_IOCTL_REN_CONTROL:
1403 		retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
1404 						USBTMC488_REQUEST_REN_CONTROL);
1405 		break;
1406 
1407 	case USBTMC488_IOCTL_GOTO_LOCAL:
1408 		retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
1409 						USBTMC488_REQUEST_GOTO_LOCAL);
1410 		break;
1411 
1412 	case USBTMC488_IOCTL_LOCAL_LOCKOUT:
1413 		retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
1414 						USBTMC488_REQUEST_LOCAL_LOCKOUT);
1415 		break;
1416 
1417 	case USBTMC488_IOCTL_TRIGGER:
1418 		retval = usbtmc488_ioctl_trigger(file_data);
1419 		break;
1420 	}
1421 
1422 skip_io_on_zombie:
1423 	mutex_unlock(&data->io_mutex);
1424 	return retval;
1425 }
1426 
1427 static int usbtmc_fasync(int fd, struct file *file, int on)
1428 {
1429 	struct usbtmc_file_data *file_data = file->private_data;
1430 
1431 	return fasync_helper(fd, file, on, &file_data->data->fasync);
1432 }
1433 
1434 static __poll_t usbtmc_poll(struct file *file, poll_table *wait)
1435 {
1436 	struct usbtmc_file_data *file_data = file->private_data;
1437 	struct usbtmc_device_data *data = file_data->data;
1438 	__poll_t mask;
1439 
1440 	mutex_lock(&data->io_mutex);
1441 
1442 	if (data->zombie) {
1443 		mask = EPOLLHUP | EPOLLERR;
1444 		goto no_poll;
1445 	}
1446 
1447 	poll_wait(file, &data->waitq, wait);
1448 
1449 	mask = (atomic_read(&file_data->srq_asserted)) ? EPOLLPRI : 0;
1450 
1451 no_poll:
1452 	mutex_unlock(&data->io_mutex);
1453 	return mask;
1454 }
1455 
1456 static const struct file_operations fops = {
1457 	.owner		= THIS_MODULE,
1458 	.read		= usbtmc_read,
1459 	.write		= usbtmc_write,
1460 	.open		= usbtmc_open,
1461 	.release	= usbtmc_release,
1462 	.unlocked_ioctl	= usbtmc_ioctl,
1463 #ifdef CONFIG_COMPAT
1464 	.compat_ioctl	= usbtmc_ioctl,
1465 #endif
1466 	.fasync         = usbtmc_fasync,
1467 	.poll           = usbtmc_poll,
1468 	.llseek		= default_llseek,
1469 };
1470 
1471 static struct usb_class_driver usbtmc_class = {
1472 	.name =		"usbtmc%d",
1473 	.fops =		&fops,
1474 	.minor_base =	USBTMC_MINOR_BASE,
1475 };
1476 
1477 static void usbtmc_interrupt(struct urb *urb)
1478 {
1479 	struct usbtmc_device_data *data = urb->context;
1480 	struct device *dev = &data->intf->dev;
1481 	int status = urb->status;
1482 	int rv;
1483 
1484 	dev_dbg(&data->intf->dev, "int status: %d len %d\n",
1485 		status, urb->actual_length);
1486 
1487 	switch (status) {
1488 	case 0: /* SUCCESS */
1489 		/* check for valid STB notification */
1490 		if (data->iin_buffer[0] > 0x81) {
1491 			data->bNotify1 = data->iin_buffer[0];
1492 			data->bNotify2 = data->iin_buffer[1];
1493 			atomic_set(&data->iin_data_valid, 1);
1494 			wake_up_interruptible(&data->waitq);
1495 			goto exit;
1496 		}
1497 		/* check for SRQ notification */
1498 		if (data->iin_buffer[0] == 0x81) {
1499 			unsigned long flags;
1500 			struct list_head *elem;
1501 
1502 			if (data->fasync)
1503 				kill_fasync(&data->fasync,
1504 					SIGIO, POLL_PRI);
1505 
1506 			spin_lock_irqsave(&data->dev_lock, flags);
1507 			list_for_each(elem, &data->file_list) {
1508 				struct usbtmc_file_data *file_data;
1509 
1510 				file_data = list_entry(elem,
1511 						       struct usbtmc_file_data,
1512 						       file_elem);
1513 				file_data->srq_byte = data->iin_buffer[1];
1514 				atomic_set(&file_data->srq_asserted, 1);
1515 			}
1516 			spin_unlock_irqrestore(&data->dev_lock, flags);
1517 
1518 			dev_dbg(dev, "srq received bTag %x stb %x\n",
1519 				(unsigned int)data->iin_buffer[0],
1520 				(unsigned int)data->iin_buffer[1]);
1521 			wake_up_interruptible_all(&data->waitq);
1522 			goto exit;
1523 		}
1524 		dev_warn(dev, "invalid notification: %x\n",
1525 			 data->iin_buffer[0]);
1526 		break;
1527 	case -EOVERFLOW:
1528 		dev_err(dev, "overflow with length %d, actual length is %d\n",
1529 			data->iin_wMaxPacketSize, urb->actual_length);
1530 		/* fall through */
1531 	case -ECONNRESET:
1532 	case -ENOENT:
1533 	case -ESHUTDOWN:
1534 	case -EILSEQ:
1535 	case -ETIME:
1536 	case -EPIPE:
1537 		/* urb terminated, clean up */
1538 		dev_dbg(dev, "urb terminated, status: %d\n", status);
1539 		return;
1540 	default:
1541 		dev_err(dev, "unknown status received: %d\n", status);
1542 	}
1543 exit:
1544 	rv = usb_submit_urb(urb, GFP_ATOMIC);
1545 	if (rv)
1546 		dev_err(dev, "usb_submit_urb failed: %d\n", rv);
1547 }
1548 
1549 static void usbtmc_free_int(struct usbtmc_device_data *data)
1550 {
1551 	if (!data->iin_ep_present || !data->iin_urb)
1552 		return;
1553 	usb_kill_urb(data->iin_urb);
1554 	kfree(data->iin_buffer);
1555 	usb_free_urb(data->iin_urb);
1556 	kref_put(&data->kref, usbtmc_delete);
1557 }
1558 
1559 static int usbtmc_probe(struct usb_interface *intf,
1560 			const struct usb_device_id *id)
1561 {
1562 	struct usbtmc_device_data *data;
1563 	struct usb_host_interface *iface_desc;
1564 	struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in;
1565 	int retcode;
1566 
1567 	dev_dbg(&intf->dev, "%s called\n", __func__);
1568 
1569 	data = kzalloc(sizeof(*data), GFP_KERNEL);
1570 	if (!data)
1571 		return -ENOMEM;
1572 
1573 	data->intf = intf;
1574 	data->id = id;
1575 	data->usb_dev = usb_get_dev(interface_to_usbdev(intf));
1576 	usb_set_intfdata(intf, data);
1577 	kref_init(&data->kref);
1578 	mutex_init(&data->io_mutex);
1579 	init_waitqueue_head(&data->waitq);
1580 	atomic_set(&data->iin_data_valid, 0);
1581 	INIT_LIST_HEAD(&data->file_list);
1582 	spin_lock_init(&data->dev_lock);
1583 
1584 	data->zombie = 0;
1585 
1586 	/* Initialize USBTMC bTag and other fields */
1587 	data->bTag	= 1;
1588 	data->TermCharEnabled = 0;
1589 	data->TermChar = '\n';
1590 	/*  2 <= bTag <= 127   USBTMC-USB488 subclass specification 4.3.1 */
1591 	data->iin_bTag = 2;
1592 
1593 	/* USBTMC devices have only one setting, so use that */
1594 	iface_desc = data->intf->cur_altsetting;
1595 	data->ifnum = iface_desc->desc.bInterfaceNumber;
1596 
1597 	/* Find bulk endpoints */
1598 	retcode = usb_find_common_endpoints(iface_desc,
1599 			&bulk_in, &bulk_out, NULL, NULL);
1600 	if (retcode) {
1601 		dev_err(&intf->dev, "bulk endpoints not found\n");
1602 		goto err_put;
1603 	}
1604 
1605 	data->bulk_in = bulk_in->bEndpointAddress;
1606 	dev_dbg(&intf->dev, "Found bulk in endpoint at %u\n", data->bulk_in);
1607 
1608 	data->bulk_out = bulk_out->bEndpointAddress;
1609 	dev_dbg(&intf->dev, "Found Bulk out endpoint at %u\n", data->bulk_out);
1610 
1611 	/* Find int endpoint */
1612 	retcode = usb_find_int_in_endpoint(iface_desc, &int_in);
1613 	if (!retcode) {
1614 		data->iin_ep_present = 1;
1615 		data->iin_ep = int_in->bEndpointAddress;
1616 		data->iin_wMaxPacketSize = usb_endpoint_maxp(int_in);
1617 		data->iin_interval = int_in->bInterval;
1618 		dev_dbg(&intf->dev, "Found Int in endpoint at %u\n",
1619 				data->iin_ep);
1620 	}
1621 
1622 	retcode = get_capabilities(data);
1623 	if (retcode)
1624 		dev_err(&intf->dev, "can't read capabilities\n");
1625 	else
1626 		retcode = sysfs_create_group(&intf->dev.kobj,
1627 					     &capability_attr_grp);
1628 
1629 	if (data->iin_ep_present) {
1630 		/* allocate int urb */
1631 		data->iin_urb = usb_alloc_urb(0, GFP_KERNEL);
1632 		if (!data->iin_urb) {
1633 			retcode = -ENOMEM;
1634 			goto error_register;
1635 		}
1636 
1637 		/* Protect interrupt in endpoint data until iin_urb is freed */
1638 		kref_get(&data->kref);
1639 
1640 		/* allocate buffer for interrupt in */
1641 		data->iin_buffer = kmalloc(data->iin_wMaxPacketSize,
1642 					GFP_KERNEL);
1643 		if (!data->iin_buffer) {
1644 			retcode = -ENOMEM;
1645 			goto error_register;
1646 		}
1647 
1648 		/* fill interrupt urb */
1649 		usb_fill_int_urb(data->iin_urb, data->usb_dev,
1650 				usb_rcvintpipe(data->usb_dev, data->iin_ep),
1651 				data->iin_buffer, data->iin_wMaxPacketSize,
1652 				usbtmc_interrupt,
1653 				data, data->iin_interval);
1654 
1655 		retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL);
1656 		if (retcode) {
1657 			dev_err(&intf->dev, "Failed to submit iin_urb\n");
1658 			goto error_register;
1659 		}
1660 	}
1661 
1662 	retcode = sysfs_create_group(&intf->dev.kobj, &data_attr_grp);
1663 
1664 	retcode = usb_register_dev(intf, &usbtmc_class);
1665 	if (retcode) {
1666 		dev_err(&intf->dev, "Not able to get a minor"
1667 			" (base %u, slice default): %d\n", USBTMC_MINOR_BASE,
1668 			retcode);
1669 		goto error_register;
1670 	}
1671 	dev_dbg(&intf->dev, "Using minor number %d\n", intf->minor);
1672 
1673 	return 0;
1674 
1675 error_register:
1676 	sysfs_remove_group(&intf->dev.kobj, &capability_attr_grp);
1677 	sysfs_remove_group(&intf->dev.kobj, &data_attr_grp);
1678 	usbtmc_free_int(data);
1679 err_put:
1680 	kref_put(&data->kref, usbtmc_delete);
1681 	return retcode;
1682 }
1683 
1684 static void usbtmc_disconnect(struct usb_interface *intf)
1685 {
1686 	struct usbtmc_device_data *data  = usb_get_intfdata(intf);
1687 
1688 	usb_deregister_dev(intf, &usbtmc_class);
1689 	sysfs_remove_group(&intf->dev.kobj, &capability_attr_grp);
1690 	sysfs_remove_group(&intf->dev.kobj, &data_attr_grp);
1691 	mutex_lock(&data->io_mutex);
1692 	data->zombie = 1;
1693 	wake_up_interruptible_all(&data->waitq);
1694 	mutex_unlock(&data->io_mutex);
1695 	usbtmc_free_int(data);
1696 	kref_put(&data->kref, usbtmc_delete);
1697 }
1698 
1699 static int usbtmc_suspend(struct usb_interface *intf, pm_message_t message)
1700 {
1701 	/* this driver does not have pending URBs */
1702 	return 0;
1703 }
1704 
1705 static int usbtmc_resume(struct usb_interface *intf)
1706 {
1707 	return 0;
1708 }
1709 
1710 static struct usb_driver usbtmc_driver = {
1711 	.name		= "usbtmc",
1712 	.id_table	= usbtmc_devices,
1713 	.probe		= usbtmc_probe,
1714 	.disconnect	= usbtmc_disconnect,
1715 	.suspend	= usbtmc_suspend,
1716 	.resume		= usbtmc_resume,
1717 };
1718 
1719 module_usb_driver(usbtmc_driver);
1720 
1721 MODULE_LICENSE("GPL");
1722