xref: /openbmc/linux/drivers/usb/class/usbtmc.c (revision 781095f903f398148cd0b646d3984234a715f29e)
1 /**
2  * drivers/usb/class/usbtmc.c - USB Test & Measurement class driver
3  *
4  * Copyright (C) 2007 Stefan Kopp, Gechingen, Germany
5  * Copyright (C) 2008 Novell, Inc.
6  * Copyright (C) 2008 Greg Kroah-Hartman <gregkh@suse.de>
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public License
10  * as published by the Free Software Foundation; either version 2
11  * of the License, or (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  * GNU General Public License for more details.
17  *
18  * The GNU General Public License is available at
19  * http://www.gnu.org/copyleft/gpl.html.
20  */
21 
22 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
23 
24 #include <linux/module.h>
25 #include <linux/kernel.h>
26 #include <linux/fs.h>
27 #include <linux/uaccess.h>
28 #include <linux/kref.h>
29 #include <linux/slab.h>
30 #include <linux/mutex.h>
31 #include <linux/usb.h>
32 #include <linux/usb/tmc.h>
33 
34 
35 #define RIGOL			1
36 #define USBTMC_HEADER_SIZE	12
37 #define USBTMC_MINOR_BASE	176
38 
39 /*
40  * Size of driver internal IO buffer. Must be multiple of 4 and at least as
41  * large as wMaxPacketSize (which is usually 512 bytes).
42  */
43 #define USBTMC_SIZE_IOBUFFER	2048
44 
45 /* Default USB timeout (in milliseconds) */
46 #define USBTMC_TIMEOUT		5000
47 
48 /*
49  * Maximum number of read cycles to empty bulk in endpoint during CLEAR and
50  * ABORT_BULK_IN requests. Ends the loop if (for whatever reason) a short
51  * packet is never read.
52  */
53 #define USBTMC_MAX_READS_TO_CLEAR_BULK_IN	100
54 
55 static const struct usb_device_id usbtmc_devices[] = {
56 	{ USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 0), },
57 	{ USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 1), },
58 	{ 0, } /* terminating entry */
59 };
60 MODULE_DEVICE_TABLE(usb, usbtmc_devices);
61 
62 /*
63  * This structure is the capabilities for the device
64  * See section 4.2.1.8 of the USBTMC specification,
65  * and section 4.2.2 of the USBTMC usb488 subclass
66  * specification for details.
67  */
68 struct usbtmc_dev_capabilities {
69 	__u8 interface_capabilities;
70 	__u8 device_capabilities;
71 	__u8 usb488_interface_capabilities;
72 	__u8 usb488_device_capabilities;
73 };
74 
75 /* This structure holds private data for each USBTMC device. One copy is
76  * allocated for each USBTMC device in the driver's probe function.
77  */
78 struct usbtmc_device_data {
79 	const struct usb_device_id *id;
80 	struct usb_device *usb_dev;
81 	struct usb_interface *intf;
82 
83 	unsigned int bulk_in;
84 	unsigned int bulk_out;
85 
86 	u8 bTag;
87 	u8 bTag_last_write;	/* needed for abort */
88 	u8 bTag_last_read;	/* needed for abort */
89 
90 	u8 rigol_quirk;
91 
92 	/* attributes from the USB TMC spec for this device */
93 	u8 TermChar;
94 	bool TermCharEnabled;
95 	bool auto_abort;
96 
97 	bool zombie; /* fd of disconnected device */
98 
99 	struct usbtmc_dev_capabilities	capabilities;
100 	struct kref kref;
101 	struct mutex io_mutex;	/* only one i/o function running at a time */
102 };
103 #define to_usbtmc_data(d) container_of(d, struct usbtmc_device_data, kref)
104 
105 struct usbtmc_ID_rigol_quirk {
106 	__u16 idVendor;
107 	__u16 idProduct;
108 };
109 
110 static const struct usbtmc_ID_rigol_quirk usbtmc_id_quirk[] = {
111 	{ 0x1ab1, 0x0588 },
112 	{ 0x1ab1, 0x04b0 },
113 	{ 0, 0 }
114 };
115 
116 /* Forward declarations */
117 static struct usb_driver usbtmc_driver;
118 
119 static void usbtmc_delete(struct kref *kref)
120 {
121 	struct usbtmc_device_data *data = to_usbtmc_data(kref);
122 
123 	usb_put_dev(data->usb_dev);
124 }
125 
126 static int usbtmc_open(struct inode *inode, struct file *filp)
127 {
128 	struct usb_interface *intf;
129 	struct usbtmc_device_data *data;
130 	int retval = 0;
131 
132 	intf = usb_find_interface(&usbtmc_driver, iminor(inode));
133 	if (!intf) {
134 		pr_err("can not find device for minor %d", iminor(inode));
135 		return -ENODEV;
136 	}
137 
138 	data = usb_get_intfdata(intf);
139 	kref_get(&data->kref);
140 
141 	/* Store pointer in file structure's private data field */
142 	filp->private_data = data;
143 
144 	return retval;
145 }
146 
147 static int usbtmc_release(struct inode *inode, struct file *file)
148 {
149 	struct usbtmc_device_data *data = file->private_data;
150 
151 	kref_put(&data->kref, usbtmc_delete);
152 	return 0;
153 }
154 
155 static int usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data *data)
156 {
157 	u8 *buffer;
158 	struct device *dev;
159 	int rv;
160 	int n;
161 	int actual;
162 	struct usb_host_interface *current_setting;
163 	int max_size;
164 
165 	dev = &data->intf->dev;
166 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
167 	if (!buffer)
168 		return -ENOMEM;
169 
170 	rv = usb_control_msg(data->usb_dev,
171 			     usb_rcvctrlpipe(data->usb_dev, 0),
172 			     USBTMC_REQUEST_INITIATE_ABORT_BULK_IN,
173 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
174 			     data->bTag_last_read, data->bulk_in,
175 			     buffer, 2, USBTMC_TIMEOUT);
176 
177 	if (rv < 0) {
178 		dev_err(dev, "usb_control_msg returned %d\n", rv);
179 		goto exit;
180 	}
181 
182 	dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x\n", buffer[0]);
183 
184 	if (buffer[0] == USBTMC_STATUS_FAILED) {
185 		rv = 0;
186 		goto exit;
187 	}
188 
189 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
190 		dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n",
191 			buffer[0]);
192 		rv = -EPERM;
193 		goto exit;
194 	}
195 
196 	max_size = 0;
197 	current_setting = data->intf->cur_altsetting;
198 	for (n = 0; n < current_setting->desc.bNumEndpoints; n++)
199 		if (current_setting->endpoint[n].desc.bEndpointAddress ==
200 			data->bulk_in)
201 			max_size = usb_endpoint_maxp(&current_setting->endpoint[n].desc);
202 
203 	if (max_size == 0) {
204 		dev_err(dev, "Couldn't get wMaxPacketSize\n");
205 		rv = -EPERM;
206 		goto exit;
207 	}
208 
209 	dev_dbg(&data->intf->dev, "wMaxPacketSize is %d\n", max_size);
210 
211 	n = 0;
212 
213 	do {
214 		dev_dbg(dev, "Reading from bulk in EP\n");
215 
216 		rv = usb_bulk_msg(data->usb_dev,
217 				  usb_rcvbulkpipe(data->usb_dev,
218 						  data->bulk_in),
219 				  buffer, USBTMC_SIZE_IOBUFFER,
220 				  &actual, USBTMC_TIMEOUT);
221 
222 		n++;
223 
224 		if (rv < 0) {
225 			dev_err(dev, "usb_bulk_msg returned %d\n", rv);
226 			goto exit;
227 		}
228 	} while ((actual == max_size) &&
229 		 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
230 
231 	if (actual == max_size) {
232 		dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
233 			USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
234 		rv = -EPERM;
235 		goto exit;
236 	}
237 
238 	n = 0;
239 
240 usbtmc_abort_bulk_in_status:
241 	rv = usb_control_msg(data->usb_dev,
242 			     usb_rcvctrlpipe(data->usb_dev, 0),
243 			     USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS,
244 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
245 			     0, data->bulk_in, buffer, 0x08,
246 			     USBTMC_TIMEOUT);
247 
248 	if (rv < 0) {
249 		dev_err(dev, "usb_control_msg returned %d\n", rv);
250 		goto exit;
251 	}
252 
253 	dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x\n", buffer[0]);
254 
255 	if (buffer[0] == USBTMC_STATUS_SUCCESS) {
256 		rv = 0;
257 		goto exit;
258 	}
259 
260 	if (buffer[0] != USBTMC_STATUS_PENDING) {
261 		dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n", buffer[0]);
262 		rv = -EPERM;
263 		goto exit;
264 	}
265 
266 	if (buffer[1] == 1)
267 		do {
268 			dev_dbg(dev, "Reading from bulk in EP\n");
269 
270 			rv = usb_bulk_msg(data->usb_dev,
271 					  usb_rcvbulkpipe(data->usb_dev,
272 							  data->bulk_in),
273 					  buffer, USBTMC_SIZE_IOBUFFER,
274 					  &actual, USBTMC_TIMEOUT);
275 
276 			n++;
277 
278 			if (rv < 0) {
279 				dev_err(dev, "usb_bulk_msg returned %d\n", rv);
280 				goto exit;
281 			}
282 		} while ((actual == max_size) &&
283 			 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
284 
285 	if (actual == max_size) {
286 		dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
287 			USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
288 		rv = -EPERM;
289 		goto exit;
290 	}
291 
292 	goto usbtmc_abort_bulk_in_status;
293 
294 exit:
295 	kfree(buffer);
296 	return rv;
297 
298 }
299 
300 static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data)
301 {
302 	struct device *dev;
303 	u8 *buffer;
304 	int rv;
305 	int n;
306 
307 	dev = &data->intf->dev;
308 
309 	buffer = kmalloc(8, GFP_KERNEL);
310 	if (!buffer)
311 		return -ENOMEM;
312 
313 	rv = usb_control_msg(data->usb_dev,
314 			     usb_rcvctrlpipe(data->usb_dev, 0),
315 			     USBTMC_REQUEST_INITIATE_ABORT_BULK_OUT,
316 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
317 			     data->bTag_last_write, data->bulk_out,
318 			     buffer, 2, USBTMC_TIMEOUT);
319 
320 	if (rv < 0) {
321 		dev_err(dev, "usb_control_msg returned %d\n", rv);
322 		goto exit;
323 	}
324 
325 	dev_dbg(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", buffer[0]);
326 
327 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
328 		dev_err(dev, "INITIATE_ABORT_BULK_OUT returned %x\n",
329 			buffer[0]);
330 		rv = -EPERM;
331 		goto exit;
332 	}
333 
334 	n = 0;
335 
336 usbtmc_abort_bulk_out_check_status:
337 	rv = usb_control_msg(data->usb_dev,
338 			     usb_rcvctrlpipe(data->usb_dev, 0),
339 			     USBTMC_REQUEST_CHECK_ABORT_BULK_OUT_STATUS,
340 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
341 			     0, data->bulk_out, buffer, 0x08,
342 			     USBTMC_TIMEOUT);
343 	n++;
344 	if (rv < 0) {
345 		dev_err(dev, "usb_control_msg returned %d\n", rv);
346 		goto exit;
347 	}
348 
349 	dev_dbg(dev, "CHECK_ABORT_BULK_OUT returned %x\n", buffer[0]);
350 
351 	if (buffer[0] == USBTMC_STATUS_SUCCESS)
352 		goto usbtmc_abort_bulk_out_clear_halt;
353 
354 	if ((buffer[0] == USBTMC_STATUS_PENDING) &&
355 	    (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN))
356 		goto usbtmc_abort_bulk_out_check_status;
357 
358 	rv = -EPERM;
359 	goto exit;
360 
361 usbtmc_abort_bulk_out_clear_halt:
362 	rv = usb_clear_halt(data->usb_dev,
363 			    usb_sndbulkpipe(data->usb_dev, data->bulk_out));
364 
365 	if (rv < 0) {
366 		dev_err(dev, "usb_control_msg returned %d\n", rv);
367 		goto exit;
368 	}
369 	rv = 0;
370 
371 exit:
372 	kfree(buffer);
373 	return rv;
374 }
375 
376 /*
377  * Sends a REQUEST_DEV_DEP_MSG_IN message on the Bulk-IN endpoint.
378  * @transfer_size: number of bytes to request from the device.
379  *
380  * See the USBTMC specification, Table 4.
381  *
382  * Also updates bTag_last_write.
383  */
384 static int send_request_dev_dep_msg_in(struct usbtmc_device_data *data, size_t transfer_size)
385 {
386 	int retval;
387 	u8 *buffer;
388 	int actual;
389 
390 	buffer = kmalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
391 	if (!buffer)
392 		return -ENOMEM;
393 	/* Setup IO buffer for REQUEST_DEV_DEP_MSG_IN message
394 	 * Refer to class specs for details
395 	 */
396 	buffer[0] = 2;
397 	buffer[1] = data->bTag;
398 	buffer[2] = ~data->bTag;
399 	buffer[3] = 0; /* Reserved */
400 	buffer[4] = transfer_size >> 0;
401 	buffer[5] = transfer_size >> 8;
402 	buffer[6] = transfer_size >> 16;
403 	buffer[7] = transfer_size >> 24;
404 	buffer[8] = data->TermCharEnabled * 2;
405 	/* Use term character? */
406 	buffer[9] = data->TermChar;
407 	buffer[10] = 0; /* Reserved */
408 	buffer[11] = 0; /* Reserved */
409 
410 	/* Send bulk URB */
411 	retval = usb_bulk_msg(data->usb_dev,
412 			      usb_sndbulkpipe(data->usb_dev,
413 					      data->bulk_out),
414 			      buffer, USBTMC_HEADER_SIZE, &actual, USBTMC_TIMEOUT);
415 
416 	/* Store bTag (in case we need to abort) */
417 	data->bTag_last_write = data->bTag;
418 
419 	/* Increment bTag -- and increment again if zero */
420 	data->bTag++;
421 	if (!data->bTag)
422 		data->bTag++;
423 
424 	kfree(buffer);
425 	if (retval < 0) {
426 		dev_err(&data->intf->dev, "usb_bulk_msg in send_request_dev_dep_msg_in() returned %d\n", retval);
427 		return retval;
428 	}
429 
430 	return 0;
431 }
432 
433 static ssize_t usbtmc_read(struct file *filp, char __user *buf,
434 			   size_t count, loff_t *f_pos)
435 {
436 	struct usbtmc_device_data *data;
437 	struct device *dev;
438 	u32 n_characters;
439 	u8 *buffer;
440 	int actual;
441 	size_t done;
442 	size_t remaining;
443 	int retval;
444 	size_t this_part;
445 
446 	/* Get pointer to private data structure */
447 	data = filp->private_data;
448 	dev = &data->intf->dev;
449 
450 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
451 	if (!buffer)
452 		return -ENOMEM;
453 
454 	mutex_lock(&data->io_mutex);
455 	if (data->zombie) {
456 		retval = -ENODEV;
457 		goto exit;
458 	}
459 
460 	if (data->rigol_quirk) {
461 		dev_dbg(dev, "usb_bulk_msg_in: count(%zu)\n", count);
462 
463 		retval = send_request_dev_dep_msg_in(data, count);
464 
465 		if (retval < 0) {
466 			if (data->auto_abort)
467 				usbtmc_ioctl_abort_bulk_out(data);
468 			goto exit;
469 		}
470 	}
471 
472 	/* Loop until we have fetched everything we requested */
473 	remaining = count;
474 	this_part = remaining;
475 	done = 0;
476 
477 	while (remaining > 0) {
478 		if (!data->rigol_quirk) {
479 			dev_dbg(dev, "usb_bulk_msg_in: remaining(%zu), count(%zu)\n", remaining, count);
480 
481 			if (remaining > USBTMC_SIZE_IOBUFFER - USBTMC_HEADER_SIZE - 3)
482 				this_part = USBTMC_SIZE_IOBUFFER - USBTMC_HEADER_SIZE - 3;
483 			else
484 				this_part = remaining;
485 
486 			retval = send_request_dev_dep_msg_in(data, this_part);
487 			if (retval < 0) {
488 			dev_err(dev, "usb_bulk_msg returned %d\n", retval);
489 				if (data->auto_abort)
490 					usbtmc_ioctl_abort_bulk_out(data);
491 				goto exit;
492 			}
493 		}
494 
495 		/* Send bulk URB */
496 		retval = usb_bulk_msg(data->usb_dev,
497 				      usb_rcvbulkpipe(data->usb_dev,
498 						      data->bulk_in),
499 				      buffer, USBTMC_SIZE_IOBUFFER, &actual,
500 				      USBTMC_TIMEOUT);
501 
502 		dev_dbg(dev, "usb_bulk_msg: retval(%u), done(%zu), remaining(%zu), actual(%d)\n", retval, done, remaining, actual);
503 
504 		/* Store bTag (in case we need to abort) */
505 		data->bTag_last_read = data->bTag;
506 
507 		if (retval < 0) {
508 			dev_dbg(dev, "Unable to read data, error %d\n", retval);
509 			if (data->auto_abort)
510 				usbtmc_ioctl_abort_bulk_in(data);
511 			goto exit;
512 		}
513 
514 		/* Parse header in first packet */
515 		if ((done == 0) || !data->rigol_quirk) {
516 			/* Sanity checks for the header */
517 			if (actual < USBTMC_HEADER_SIZE) {
518 				dev_err(dev, "Device sent too small first packet: %u < %u\n", actual, USBTMC_HEADER_SIZE);
519 				if (data->auto_abort)
520 					usbtmc_ioctl_abort_bulk_in(data);
521 				goto exit;
522 			}
523 
524 			if (buffer[0] != 2) {
525 				dev_err(dev, "Device sent reply with wrong MsgID: %u != 2\n", buffer[0]);
526 				if (data->auto_abort)
527 					usbtmc_ioctl_abort_bulk_in(data);
528 				goto exit;
529 			}
530 
531 			if (buffer[1] != data->bTag_last_write) {
532 				dev_err(dev, "Device sent reply with wrong bTag: %u != %u\n", buffer[1], data->bTag_last_write);
533 				if (data->auto_abort)
534 					usbtmc_ioctl_abort_bulk_in(data);
535 				goto exit;
536 			}
537 
538 			/* How many characters did the instrument send? */
539 			n_characters = buffer[4] +
540 				       (buffer[5] << 8) +
541 				       (buffer[6] << 16) +
542 				       (buffer[7] << 24);
543 
544 			if (n_characters > this_part) {
545 				dev_err(dev, "Device wants to return more data than requested: %u > %zu\n", n_characters, count);
546 				if (data->auto_abort)
547 					usbtmc_ioctl_abort_bulk_in(data);
548 				goto exit;
549 			}
550 
551 			/* Remove the USBTMC header */
552 			actual -= USBTMC_HEADER_SIZE;
553 
554 			/* Check if the message is smaller than requested */
555 			if (data->rigol_quirk) {
556 				if (remaining > n_characters)
557 					remaining = n_characters;
558 				/* Remove padding if it exists */
559 				if (actual > remaining)
560 					actual = remaining;
561 			}
562 			else {
563 				if (this_part > n_characters)
564 					this_part = n_characters;
565 				/* Remove padding if it exists */
566 				if (actual > this_part)
567 					actual = this_part;
568 			}
569 
570 			dev_dbg(dev, "Bulk-IN header: N_characters(%u), bTransAttr(%u)\n", n_characters, buffer[8]);
571 
572 			remaining -= actual;
573 
574 			/* Terminate if end-of-message bit received from device */
575 			if ((buffer[8] & 0x01) && (actual >= n_characters))
576 				remaining = 0;
577 
578 			dev_dbg(dev, "Bulk-IN header: remaining(%zu), buf(%p), buffer(%p) done(%zu)\n", remaining,buf,buffer,done);
579 
580 
581 			/* Copy buffer to user space */
582 			if (copy_to_user(buf + done, &buffer[USBTMC_HEADER_SIZE], actual)) {
583 				/* There must have been an addressing problem */
584 				retval = -EFAULT;
585 				goto exit;
586 			}
587 			done += actual;
588 		}
589 		else  {
590 			if (actual > remaining)
591 				actual = remaining;
592 
593 			remaining -= actual;
594 
595 			dev_dbg(dev, "Bulk-IN header cont: actual(%u), done(%zu), remaining(%zu), buf(%p), buffer(%p)\n", actual, done, remaining,buf,buffer);
596 
597 			/* Copy buffer to user space */
598 			if (copy_to_user(buf + done, buffer, actual)) {
599 				/* There must have been an addressing problem */
600 				retval = -EFAULT;
601 				goto exit;
602 			}
603 			done += actual;
604 		}
605 	}
606 
607 	/* Update file position value */
608 	*f_pos = *f_pos + done;
609 	retval = done;
610 
611 exit:
612 	mutex_unlock(&data->io_mutex);
613 	kfree(buffer);
614 	return retval;
615 }
616 
617 static ssize_t usbtmc_write(struct file *filp, const char __user *buf,
618 			    size_t count, loff_t *f_pos)
619 {
620 	struct usbtmc_device_data *data;
621 	u8 *buffer;
622 	int retval;
623 	int actual;
624 	unsigned long int n_bytes;
625 	int remaining;
626 	int done;
627 	int this_part;
628 
629 	data = filp->private_data;
630 
631 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
632 	if (!buffer)
633 		return -ENOMEM;
634 
635 	mutex_lock(&data->io_mutex);
636 	if (data->zombie) {
637 		retval = -ENODEV;
638 		goto exit;
639 	}
640 
641 	remaining = count;
642 	done = 0;
643 
644 	while (remaining > 0) {
645 		if (remaining > USBTMC_SIZE_IOBUFFER - USBTMC_HEADER_SIZE) {
646 			this_part = USBTMC_SIZE_IOBUFFER - USBTMC_HEADER_SIZE;
647 			buffer[8] = 0;
648 		} else {
649 			this_part = remaining;
650 			buffer[8] = 1;
651 		}
652 
653 		/* Setup IO buffer for DEV_DEP_MSG_OUT message */
654 		buffer[0] = 1;
655 		buffer[1] = data->bTag;
656 		buffer[2] = ~data->bTag;
657 		buffer[3] = 0; /* Reserved */
658 		buffer[4] = this_part >> 0;
659 		buffer[5] = this_part >> 8;
660 		buffer[6] = this_part >> 16;
661 		buffer[7] = this_part >> 24;
662 		/* buffer[8] is set above... */
663 		buffer[9] = 0; /* Reserved */
664 		buffer[10] = 0; /* Reserved */
665 		buffer[11] = 0; /* Reserved */
666 
667 		if (copy_from_user(&buffer[USBTMC_HEADER_SIZE], buf + done, this_part)) {
668 			retval = -EFAULT;
669 			goto exit;
670 		}
671 
672 		n_bytes = roundup(USBTMC_HEADER_SIZE + this_part, 4);
673 		memset(buffer + USBTMC_HEADER_SIZE + this_part, 0, n_bytes - (USBTMC_HEADER_SIZE + this_part));
674 
675 		do {
676 			retval = usb_bulk_msg(data->usb_dev,
677 					      usb_sndbulkpipe(data->usb_dev,
678 							      data->bulk_out),
679 					      buffer, n_bytes,
680 					      &actual, USBTMC_TIMEOUT);
681 			if (retval != 0)
682 				break;
683 			n_bytes -= actual;
684 		} while (n_bytes);
685 
686 		data->bTag_last_write = data->bTag;
687 		data->bTag++;
688 
689 		if (!data->bTag)
690 			data->bTag++;
691 
692 		if (retval < 0) {
693 			dev_err(&data->intf->dev,
694 				"Unable to send data, error %d\n", retval);
695 			if (data->auto_abort)
696 				usbtmc_ioctl_abort_bulk_out(data);
697 			goto exit;
698 		}
699 
700 		remaining -= this_part;
701 		done += this_part;
702 	}
703 
704 	retval = count;
705 exit:
706 	mutex_unlock(&data->io_mutex);
707 	kfree(buffer);
708 	return retval;
709 }
710 
711 static int usbtmc_ioctl_clear(struct usbtmc_device_data *data)
712 {
713 	struct usb_host_interface *current_setting;
714 	struct usb_endpoint_descriptor *desc;
715 	struct device *dev;
716 	u8 *buffer;
717 	int rv;
718 	int n;
719 	int actual = 0;
720 	int max_size;
721 
722 	dev = &data->intf->dev;
723 
724 	dev_dbg(dev, "Sending INITIATE_CLEAR request\n");
725 
726 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
727 	if (!buffer)
728 		return -ENOMEM;
729 
730 	rv = usb_control_msg(data->usb_dev,
731 			     usb_rcvctrlpipe(data->usb_dev, 0),
732 			     USBTMC_REQUEST_INITIATE_CLEAR,
733 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
734 			     0, 0, buffer, 1, USBTMC_TIMEOUT);
735 	if (rv < 0) {
736 		dev_err(dev, "usb_control_msg returned %d\n", rv);
737 		goto exit;
738 	}
739 
740 	dev_dbg(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
741 
742 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
743 		dev_err(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
744 		rv = -EPERM;
745 		goto exit;
746 	}
747 
748 	max_size = 0;
749 	current_setting = data->intf->cur_altsetting;
750 	for (n = 0; n < current_setting->desc.bNumEndpoints; n++) {
751 		desc = &current_setting->endpoint[n].desc;
752 		if (desc->bEndpointAddress == data->bulk_in)
753 			max_size = usb_endpoint_maxp(desc);
754 	}
755 
756 	if (max_size == 0) {
757 		dev_err(dev, "Couldn't get wMaxPacketSize\n");
758 		rv = -EPERM;
759 		goto exit;
760 	}
761 
762 	dev_dbg(dev, "wMaxPacketSize is %d\n", max_size);
763 
764 	n = 0;
765 
766 usbtmc_clear_check_status:
767 
768 	dev_dbg(dev, "Sending CHECK_CLEAR_STATUS request\n");
769 
770 	rv = usb_control_msg(data->usb_dev,
771 			     usb_rcvctrlpipe(data->usb_dev, 0),
772 			     USBTMC_REQUEST_CHECK_CLEAR_STATUS,
773 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
774 			     0, 0, buffer, 2, USBTMC_TIMEOUT);
775 	if (rv < 0) {
776 		dev_err(dev, "usb_control_msg returned %d\n", rv);
777 		goto exit;
778 	}
779 
780 	dev_dbg(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
781 
782 	if (buffer[0] == USBTMC_STATUS_SUCCESS)
783 		goto usbtmc_clear_bulk_out_halt;
784 
785 	if (buffer[0] != USBTMC_STATUS_PENDING) {
786 		dev_err(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
787 		rv = -EPERM;
788 		goto exit;
789 	}
790 
791 	if (buffer[1] == 1)
792 		do {
793 			dev_dbg(dev, "Reading from bulk in EP\n");
794 
795 			rv = usb_bulk_msg(data->usb_dev,
796 					  usb_rcvbulkpipe(data->usb_dev,
797 							  data->bulk_in),
798 					  buffer, USBTMC_SIZE_IOBUFFER,
799 					  &actual, USBTMC_TIMEOUT);
800 			n++;
801 
802 			if (rv < 0) {
803 				dev_err(dev, "usb_control_msg returned %d\n",
804 					rv);
805 				goto exit;
806 			}
807 		} while ((actual == max_size) &&
808 			  (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
809 
810 	if (actual == max_size) {
811 		dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
812 			USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
813 		rv = -EPERM;
814 		goto exit;
815 	}
816 
817 	goto usbtmc_clear_check_status;
818 
819 usbtmc_clear_bulk_out_halt:
820 
821 	rv = usb_clear_halt(data->usb_dev,
822 			    usb_sndbulkpipe(data->usb_dev, data->bulk_out));
823 	if (rv < 0) {
824 		dev_err(dev, "usb_control_msg returned %d\n", rv);
825 		goto exit;
826 	}
827 	rv = 0;
828 
829 exit:
830 	kfree(buffer);
831 	return rv;
832 }
833 
834 static int usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data *data)
835 {
836 	int rv;
837 
838 	rv = usb_clear_halt(data->usb_dev,
839 			    usb_sndbulkpipe(data->usb_dev, data->bulk_out));
840 
841 	if (rv < 0) {
842 		dev_err(&data->usb_dev->dev, "usb_control_msg returned %d\n",
843 			rv);
844 		return rv;
845 	}
846 	return 0;
847 }
848 
849 static int usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data *data)
850 {
851 	int rv;
852 
853 	rv = usb_clear_halt(data->usb_dev,
854 			    usb_rcvbulkpipe(data->usb_dev, data->bulk_in));
855 
856 	if (rv < 0) {
857 		dev_err(&data->usb_dev->dev, "usb_control_msg returned %d\n",
858 			rv);
859 		return rv;
860 	}
861 	return 0;
862 }
863 
864 static int get_capabilities(struct usbtmc_device_data *data)
865 {
866 	struct device *dev = &data->usb_dev->dev;
867 	char *buffer;
868 	int rv = 0;
869 
870 	buffer = kmalloc(0x18, GFP_KERNEL);
871 	if (!buffer)
872 		return -ENOMEM;
873 
874 	rv = usb_control_msg(data->usb_dev, usb_rcvctrlpipe(data->usb_dev, 0),
875 			     USBTMC_REQUEST_GET_CAPABILITIES,
876 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
877 			     0, 0, buffer, 0x18, USBTMC_TIMEOUT);
878 	if (rv < 0) {
879 		dev_err(dev, "usb_control_msg returned %d\n", rv);
880 		goto err_out;
881 	}
882 
883 	dev_dbg(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
884 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
885 		dev_err(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
886 		rv = -EPERM;
887 		goto err_out;
888 	}
889 	dev_dbg(dev, "Interface capabilities are %x\n", buffer[4]);
890 	dev_dbg(dev, "Device capabilities are %x\n", buffer[5]);
891 	dev_dbg(dev, "USB488 interface capabilities are %x\n", buffer[14]);
892 	dev_dbg(dev, "USB488 device capabilities are %x\n", buffer[15]);
893 
894 	data->capabilities.interface_capabilities = buffer[4];
895 	data->capabilities.device_capabilities = buffer[5];
896 	data->capabilities.usb488_interface_capabilities = buffer[14];
897 	data->capabilities.usb488_device_capabilities = buffer[15];
898 	rv = 0;
899 
900 err_out:
901 	kfree(buffer);
902 	return rv;
903 }
904 
905 #define capability_attribute(name)					\
906 static ssize_t name##_show(struct device *dev,				\
907 			   struct device_attribute *attr, char *buf)	\
908 {									\
909 	struct usb_interface *intf = to_usb_interface(dev);		\
910 	struct usbtmc_device_data *data = usb_get_intfdata(intf);	\
911 									\
912 	return sprintf(buf, "%d\n", data->capabilities.name);		\
913 }									\
914 static DEVICE_ATTR_RO(name)
915 
916 capability_attribute(interface_capabilities);
917 capability_attribute(device_capabilities);
918 capability_attribute(usb488_interface_capabilities);
919 capability_attribute(usb488_device_capabilities);
920 
921 static struct attribute *capability_attrs[] = {
922 	&dev_attr_interface_capabilities.attr,
923 	&dev_attr_device_capabilities.attr,
924 	&dev_attr_usb488_interface_capabilities.attr,
925 	&dev_attr_usb488_device_capabilities.attr,
926 	NULL,
927 };
928 
929 static struct attribute_group capability_attr_grp = {
930 	.attrs = capability_attrs,
931 };
932 
933 static ssize_t TermChar_show(struct device *dev,
934 			     struct device_attribute *attr, char *buf)
935 {
936 	struct usb_interface *intf = to_usb_interface(dev);
937 	struct usbtmc_device_data *data = usb_get_intfdata(intf);
938 
939 	return sprintf(buf, "%c\n", data->TermChar);
940 }
941 
942 static ssize_t TermChar_store(struct device *dev,
943 			      struct device_attribute *attr,
944 			      const char *buf, size_t count)
945 {
946 	struct usb_interface *intf = to_usb_interface(dev);
947 	struct usbtmc_device_data *data = usb_get_intfdata(intf);
948 
949 	if (count < 1)
950 		return -EINVAL;
951 	data->TermChar = buf[0];
952 	return count;
953 }
954 static DEVICE_ATTR_RW(TermChar);
955 
956 #define data_attribute(name)						\
957 static ssize_t name##_show(struct device *dev,				\
958 			   struct device_attribute *attr, char *buf)	\
959 {									\
960 	struct usb_interface *intf = to_usb_interface(dev);		\
961 	struct usbtmc_device_data *data = usb_get_intfdata(intf);	\
962 									\
963 	return sprintf(buf, "%d\n", data->name);			\
964 }									\
965 static ssize_t name##_store(struct device *dev,				\
966 			    struct device_attribute *attr,		\
967 			    const char *buf, size_t count)		\
968 {									\
969 	struct usb_interface *intf = to_usb_interface(dev);		\
970 	struct usbtmc_device_data *data = usb_get_intfdata(intf);	\
971 	ssize_t result;							\
972 	unsigned val;							\
973 									\
974 	result = sscanf(buf, "%u\n", &val);				\
975 	if (result != 1)						\
976 		result = -EINVAL;					\
977 	data->name = val;						\
978 	if (result < 0)							\
979 		return result;						\
980 	else								\
981 		return count;						\
982 }									\
983 static DEVICE_ATTR_RW(name)
984 
985 data_attribute(TermCharEnabled);
986 data_attribute(auto_abort);
987 
988 static struct attribute *data_attrs[] = {
989 	&dev_attr_TermChar.attr,
990 	&dev_attr_TermCharEnabled.attr,
991 	&dev_attr_auto_abort.attr,
992 	NULL,
993 };
994 
995 static struct attribute_group data_attr_grp = {
996 	.attrs = data_attrs,
997 };
998 
999 static int usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data *data)
1000 {
1001 	struct device *dev;
1002 	u8 *buffer;
1003 	int rv;
1004 
1005 	dev = &data->intf->dev;
1006 
1007 	buffer = kmalloc(2, GFP_KERNEL);
1008 	if (!buffer)
1009 		return -ENOMEM;
1010 
1011 	rv = usb_control_msg(data->usb_dev,
1012 			     usb_rcvctrlpipe(data->usb_dev, 0),
1013 			     USBTMC_REQUEST_INDICATOR_PULSE,
1014 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1015 			     0, 0, buffer, 0x01, USBTMC_TIMEOUT);
1016 
1017 	if (rv < 0) {
1018 		dev_err(dev, "usb_control_msg returned %d\n", rv);
1019 		goto exit;
1020 	}
1021 
1022 	dev_dbg(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1023 
1024 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1025 		dev_err(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1026 		rv = -EPERM;
1027 		goto exit;
1028 	}
1029 	rv = 0;
1030 
1031 exit:
1032 	kfree(buffer);
1033 	return rv;
1034 }
1035 
1036 static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1037 {
1038 	struct usbtmc_device_data *data;
1039 	int retval = -EBADRQC;
1040 
1041 	data = file->private_data;
1042 	mutex_lock(&data->io_mutex);
1043 	if (data->zombie) {
1044 		retval = -ENODEV;
1045 		goto skip_io_on_zombie;
1046 	}
1047 
1048 	switch (cmd) {
1049 	case USBTMC_IOCTL_CLEAR_OUT_HALT:
1050 		retval = usbtmc_ioctl_clear_out_halt(data);
1051 		break;
1052 
1053 	case USBTMC_IOCTL_CLEAR_IN_HALT:
1054 		retval = usbtmc_ioctl_clear_in_halt(data);
1055 		break;
1056 
1057 	case USBTMC_IOCTL_INDICATOR_PULSE:
1058 		retval = usbtmc_ioctl_indicator_pulse(data);
1059 		break;
1060 
1061 	case USBTMC_IOCTL_CLEAR:
1062 		retval = usbtmc_ioctl_clear(data);
1063 		break;
1064 
1065 	case USBTMC_IOCTL_ABORT_BULK_OUT:
1066 		retval = usbtmc_ioctl_abort_bulk_out(data);
1067 		break;
1068 
1069 	case USBTMC_IOCTL_ABORT_BULK_IN:
1070 		retval = usbtmc_ioctl_abort_bulk_in(data);
1071 		break;
1072 	}
1073 
1074 skip_io_on_zombie:
1075 	mutex_unlock(&data->io_mutex);
1076 	return retval;
1077 }
1078 
1079 static const struct file_operations fops = {
1080 	.owner		= THIS_MODULE,
1081 	.read		= usbtmc_read,
1082 	.write		= usbtmc_write,
1083 	.open		= usbtmc_open,
1084 	.release	= usbtmc_release,
1085 	.unlocked_ioctl	= usbtmc_ioctl,
1086 	.llseek		= default_llseek,
1087 };
1088 
1089 static struct usb_class_driver usbtmc_class = {
1090 	.name =		"usbtmc%d",
1091 	.fops =		&fops,
1092 	.minor_base =	USBTMC_MINOR_BASE,
1093 };
1094 
1095 
1096 static int usbtmc_probe(struct usb_interface *intf,
1097 			const struct usb_device_id *id)
1098 {
1099 	struct usbtmc_device_data *data;
1100 	struct usb_host_interface *iface_desc;
1101 	struct usb_endpoint_descriptor *endpoint;
1102 	int n;
1103 	int retcode;
1104 
1105 	dev_dbg(&intf->dev, "%s called\n", __func__);
1106 
1107 	data = devm_kzalloc(&intf->dev, sizeof(*data), GFP_KERNEL);
1108 	if (!data)
1109 		return -ENOMEM;
1110 
1111 	data->intf = intf;
1112 	data->id = id;
1113 	data->usb_dev = usb_get_dev(interface_to_usbdev(intf));
1114 	usb_set_intfdata(intf, data);
1115 	kref_init(&data->kref);
1116 	mutex_init(&data->io_mutex);
1117 	data->zombie = 0;
1118 
1119 	/* Determine if it is a Rigol or not */
1120 	data->rigol_quirk = 0;
1121 	dev_dbg(&intf->dev, "Trying to find if device Vendor 0x%04X Product 0x%04X has the RIGOL quirk\n",
1122 		le16_to_cpu(data->usb_dev->descriptor.idVendor),
1123 		le16_to_cpu(data->usb_dev->descriptor.idProduct));
1124 	for(n = 0; usbtmc_id_quirk[n].idVendor > 0; n++) {
1125 		if ((usbtmc_id_quirk[n].idVendor == le16_to_cpu(data->usb_dev->descriptor.idVendor)) &&
1126 		    (usbtmc_id_quirk[n].idProduct == le16_to_cpu(data->usb_dev->descriptor.idProduct))) {
1127 			dev_dbg(&intf->dev, "Setting this device as having the RIGOL quirk\n");
1128 			data->rigol_quirk = 1;
1129 			break;
1130 		}
1131 	}
1132 
1133 	/* Initialize USBTMC bTag and other fields */
1134 	data->bTag	= 1;
1135 	data->TermCharEnabled = 0;
1136 	data->TermChar = '\n';
1137 
1138 	/* USBTMC devices have only one setting, so use that */
1139 	iface_desc = data->intf->cur_altsetting;
1140 
1141 	/* Find bulk in endpoint */
1142 	for (n = 0; n < iface_desc->desc.bNumEndpoints; n++) {
1143 		endpoint = &iface_desc->endpoint[n].desc;
1144 
1145 		if (usb_endpoint_is_bulk_in(endpoint)) {
1146 			data->bulk_in = endpoint->bEndpointAddress;
1147 			dev_dbg(&intf->dev, "Found bulk in endpoint at %u\n",
1148 				data->bulk_in);
1149 			break;
1150 		}
1151 	}
1152 
1153 	/* Find bulk out endpoint */
1154 	for (n = 0; n < iface_desc->desc.bNumEndpoints; n++) {
1155 		endpoint = &iface_desc->endpoint[n].desc;
1156 
1157 		if (usb_endpoint_is_bulk_out(endpoint)) {
1158 			data->bulk_out = endpoint->bEndpointAddress;
1159 			dev_dbg(&intf->dev, "Found Bulk out endpoint at %u\n",
1160 				data->bulk_out);
1161 			break;
1162 		}
1163 	}
1164 
1165 	retcode = get_capabilities(data);
1166 	if (retcode)
1167 		dev_err(&intf->dev, "can't read capabilities\n");
1168 	else
1169 		retcode = sysfs_create_group(&intf->dev.kobj,
1170 					     &capability_attr_grp);
1171 
1172 	retcode = sysfs_create_group(&intf->dev.kobj, &data_attr_grp);
1173 
1174 	retcode = usb_register_dev(intf, &usbtmc_class);
1175 	if (retcode) {
1176 		dev_err(&intf->dev, "Not able to get a minor"
1177 			" (base %u, slice default): %d\n", USBTMC_MINOR_BASE,
1178 			retcode);
1179 		goto error_register;
1180 	}
1181 	dev_dbg(&intf->dev, "Using minor number %d\n", intf->minor);
1182 
1183 	return 0;
1184 
1185 error_register:
1186 	sysfs_remove_group(&intf->dev.kobj, &capability_attr_grp);
1187 	sysfs_remove_group(&intf->dev.kobj, &data_attr_grp);
1188 	kref_put(&data->kref, usbtmc_delete);
1189 	return retcode;
1190 }
1191 
1192 static void usbtmc_disconnect(struct usb_interface *intf)
1193 {
1194 	struct usbtmc_device_data *data;
1195 
1196 	dev_dbg(&intf->dev, "usbtmc_disconnect called\n");
1197 
1198 	data = usb_get_intfdata(intf);
1199 	usb_deregister_dev(intf, &usbtmc_class);
1200 	sysfs_remove_group(&intf->dev.kobj, &capability_attr_grp);
1201 	sysfs_remove_group(&intf->dev.kobj, &data_attr_grp);
1202 	mutex_lock(&data->io_mutex);
1203 	data->zombie = 1;
1204 	mutex_unlock(&data->io_mutex);
1205 	kref_put(&data->kref, usbtmc_delete);
1206 }
1207 
1208 static int usbtmc_suspend(struct usb_interface *intf, pm_message_t message)
1209 {
1210 	/* this driver does not have pending URBs */
1211 	return 0;
1212 }
1213 
1214 static int usbtmc_resume(struct usb_interface *intf)
1215 {
1216 	return 0;
1217 }
1218 
1219 static struct usb_driver usbtmc_driver = {
1220 	.name		= "usbtmc",
1221 	.id_table	= usbtmc_devices,
1222 	.probe		= usbtmc_probe,
1223 	.disconnect	= usbtmc_disconnect,
1224 	.suspend	= usbtmc_suspend,
1225 	.resume		= usbtmc_resume,
1226 };
1227 
1228 module_usb_driver(usbtmc_driver);
1229 
1230 MODULE_LICENSE("GPL");
1231