1 // SPDX-License-Identifier: GPL-2.0+ 2 /** 3 * drivers/usb/class/usbtmc.c - USB Test & Measurement class driver 4 * 5 * Copyright (C) 2007 Stefan Kopp, Gechingen, Germany 6 * Copyright (C) 2008 Novell, Inc. 7 * Copyright (C) 2008 Greg Kroah-Hartman <gregkh@suse.de> 8 * Copyright (C) 2018 IVI Foundation, Inc. 9 */ 10 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13 #include <linux/module.h> 14 #include <linux/kernel.h> 15 #include <linux/fs.h> 16 #include <linux/uaccess.h> 17 #include <linux/kref.h> 18 #include <linux/slab.h> 19 #include <linux/poll.h> 20 #include <linux/mutex.h> 21 #include <linux/usb.h> 22 #include <linux/compat.h> 23 #include <linux/usb/tmc.h> 24 25 /* Increment API VERSION when changing tmc.h with new flags or ioctls 26 * or when changing a significant behavior of the driver. 27 */ 28 #define USBTMC_API_VERSION (2) 29 30 #define USBTMC_HEADER_SIZE 12 31 #define USBTMC_MINOR_BASE 176 32 33 /* Minimum USB timeout (in milliseconds) */ 34 #define USBTMC_MIN_TIMEOUT 100 35 /* Default USB timeout (in milliseconds) */ 36 #define USBTMC_TIMEOUT 5000 37 38 /* Max number of urbs used in write transfers */ 39 #define MAX_URBS_IN_FLIGHT 16 40 /* I/O buffer size used in generic read/write functions */ 41 #define USBTMC_BUFSIZE (4096) 42 43 /* 44 * Maximum number of read cycles to empty bulk in endpoint during CLEAR and 45 * ABORT_BULK_IN requests. Ends the loop if (for whatever reason) a short 46 * packet is never read. 47 */ 48 #define USBTMC_MAX_READS_TO_CLEAR_BULK_IN 100 49 50 static const struct usb_device_id usbtmc_devices[] = { 51 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 0), }, 52 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 1), }, 53 { 0, } /* terminating entry */ 54 }; 55 MODULE_DEVICE_TABLE(usb, usbtmc_devices); 56 57 /* 58 * This structure is the capabilities for the device 59 * See section 4.2.1.8 of the USBTMC specification, 60 * and section 4.2.2 of the USBTMC usb488 subclass 61 * specification for details. 62 */ 63 struct usbtmc_dev_capabilities { 64 __u8 interface_capabilities; 65 __u8 device_capabilities; 66 __u8 usb488_interface_capabilities; 67 __u8 usb488_device_capabilities; 68 }; 69 70 /* This structure holds private data for each USBTMC device. One copy is 71 * allocated for each USBTMC device in the driver's probe function. 72 */ 73 struct usbtmc_device_data { 74 const struct usb_device_id *id; 75 struct usb_device *usb_dev; 76 struct usb_interface *intf; 77 struct list_head file_list; 78 79 unsigned int bulk_in; 80 unsigned int bulk_out; 81 82 u8 bTag; 83 u8 bTag_last_write; /* needed for abort */ 84 u8 bTag_last_read; /* needed for abort */ 85 86 /* packet size of IN bulk */ 87 u16 wMaxPacketSize; 88 89 /* data for interrupt in endpoint handling */ 90 u8 bNotify1; 91 u8 bNotify2; 92 u16 ifnum; 93 u8 iin_bTag; 94 u8 *iin_buffer; 95 atomic_t iin_data_valid; 96 unsigned int iin_ep; 97 int iin_ep_present; 98 int iin_interval; 99 struct urb *iin_urb; 100 u16 iin_wMaxPacketSize; 101 102 /* coalesced usb488_caps from usbtmc_dev_capabilities */ 103 __u8 usb488_caps; 104 105 bool zombie; /* fd of disconnected device */ 106 107 struct usbtmc_dev_capabilities capabilities; 108 struct kref kref; 109 struct mutex io_mutex; /* only one i/o function running at a time */ 110 wait_queue_head_t waitq; 111 struct fasync_struct *fasync; 112 spinlock_t dev_lock; /* lock for file_list */ 113 }; 114 #define to_usbtmc_data(d) container_of(d, struct usbtmc_device_data, kref) 115 116 /* 117 * This structure holds private data for each USBTMC file handle. 118 */ 119 struct usbtmc_file_data { 120 struct usbtmc_device_data *data; 121 struct list_head file_elem; 122 123 u32 timeout; 124 u8 srq_byte; 125 atomic_t srq_asserted; 126 atomic_t closing; 127 u8 bmTransferAttributes; /* member of DEV_DEP_MSG_IN */ 128 129 u8 eom_val; 130 u8 term_char; 131 bool term_char_enabled; 132 bool auto_abort; 133 134 spinlock_t err_lock; /* lock for errors */ 135 136 struct usb_anchor submitted; 137 138 /* data for generic_write */ 139 struct semaphore limit_write_sem; 140 u32 out_transfer_size; 141 int out_status; 142 143 /* data for generic_read */ 144 u32 in_transfer_size; 145 int in_status; 146 int in_urbs_used; 147 struct usb_anchor in_anchor; 148 wait_queue_head_t wait_bulk_in; 149 }; 150 151 /* Forward declarations */ 152 static struct usb_driver usbtmc_driver; 153 static void usbtmc_draw_down(struct usbtmc_file_data *file_data); 154 155 static void usbtmc_delete(struct kref *kref) 156 { 157 struct usbtmc_device_data *data = to_usbtmc_data(kref); 158 159 usb_put_dev(data->usb_dev); 160 kfree(data); 161 } 162 163 static int usbtmc_open(struct inode *inode, struct file *filp) 164 { 165 struct usb_interface *intf; 166 struct usbtmc_device_data *data; 167 struct usbtmc_file_data *file_data; 168 169 intf = usb_find_interface(&usbtmc_driver, iminor(inode)); 170 if (!intf) { 171 pr_err("can not find device for minor %d", iminor(inode)); 172 return -ENODEV; 173 } 174 175 file_data = kzalloc(sizeof(*file_data), GFP_KERNEL); 176 if (!file_data) 177 return -ENOMEM; 178 179 spin_lock_init(&file_data->err_lock); 180 sema_init(&file_data->limit_write_sem, MAX_URBS_IN_FLIGHT); 181 init_usb_anchor(&file_data->submitted); 182 init_usb_anchor(&file_data->in_anchor); 183 init_waitqueue_head(&file_data->wait_bulk_in); 184 185 data = usb_get_intfdata(intf); 186 /* Protect reference to data from file structure until release */ 187 kref_get(&data->kref); 188 189 mutex_lock(&data->io_mutex); 190 file_data->data = data; 191 192 atomic_set(&file_data->closing, 0); 193 194 file_data->timeout = USBTMC_TIMEOUT; 195 file_data->term_char = '\n'; 196 file_data->term_char_enabled = 0; 197 file_data->auto_abort = 0; 198 file_data->eom_val = 1; 199 200 INIT_LIST_HEAD(&file_data->file_elem); 201 spin_lock_irq(&data->dev_lock); 202 list_add_tail(&file_data->file_elem, &data->file_list); 203 spin_unlock_irq(&data->dev_lock); 204 mutex_unlock(&data->io_mutex); 205 206 /* Store pointer in file structure's private data field */ 207 filp->private_data = file_data; 208 209 return 0; 210 } 211 212 /* 213 * usbtmc_flush - called before file handle is closed 214 */ 215 static int usbtmc_flush(struct file *file, fl_owner_t id) 216 { 217 struct usbtmc_file_data *file_data; 218 struct usbtmc_device_data *data; 219 220 file_data = file->private_data; 221 if (file_data == NULL) 222 return -ENODEV; 223 224 atomic_set(&file_data->closing, 1); 225 data = file_data->data; 226 227 /* wait for io to stop */ 228 mutex_lock(&data->io_mutex); 229 230 usbtmc_draw_down(file_data); 231 232 spin_lock_irq(&file_data->err_lock); 233 file_data->in_status = 0; 234 file_data->in_transfer_size = 0; 235 file_data->in_urbs_used = 0; 236 file_data->out_status = 0; 237 file_data->out_transfer_size = 0; 238 spin_unlock_irq(&file_data->err_lock); 239 240 wake_up_interruptible_all(&data->waitq); 241 mutex_unlock(&data->io_mutex); 242 243 return 0; 244 } 245 246 static int usbtmc_release(struct inode *inode, struct file *file) 247 { 248 struct usbtmc_file_data *file_data = file->private_data; 249 250 /* prevent IO _AND_ usbtmc_interrupt */ 251 mutex_lock(&file_data->data->io_mutex); 252 spin_lock_irq(&file_data->data->dev_lock); 253 254 list_del(&file_data->file_elem); 255 256 spin_unlock_irq(&file_data->data->dev_lock); 257 mutex_unlock(&file_data->data->io_mutex); 258 259 kref_put(&file_data->data->kref, usbtmc_delete); 260 file_data->data = NULL; 261 kfree(file_data); 262 return 0; 263 } 264 265 static int usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data *data, 266 u8 tag) 267 { 268 u8 *buffer; 269 struct device *dev; 270 int rv; 271 int n; 272 int actual; 273 274 dev = &data->intf->dev; 275 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL); 276 if (!buffer) 277 return -ENOMEM; 278 279 rv = usb_control_msg(data->usb_dev, 280 usb_rcvctrlpipe(data->usb_dev, 0), 281 USBTMC_REQUEST_INITIATE_ABORT_BULK_IN, 282 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 283 tag, data->bulk_in, 284 buffer, 2, USB_CTRL_GET_TIMEOUT); 285 286 if (rv < 0) { 287 dev_err(dev, "usb_control_msg returned %d\n", rv); 288 goto exit; 289 } 290 291 dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x with tag %02x\n", 292 buffer[0], buffer[1]); 293 294 if (buffer[0] == USBTMC_STATUS_FAILED) { 295 /* No transfer in progress and the Bulk-OUT FIFO is empty. */ 296 rv = 0; 297 goto exit; 298 } 299 300 if (buffer[0] == USBTMC_STATUS_TRANSFER_NOT_IN_PROGRESS) { 301 /* The device returns this status if either: 302 * - There is a transfer in progress, but the specified bTag 303 * does not match. 304 * - There is no transfer in progress, but the Bulk-OUT FIFO 305 * is not empty. 306 */ 307 rv = -ENOMSG; 308 goto exit; 309 } 310 311 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 312 dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n", 313 buffer[0]); 314 rv = -EPERM; 315 goto exit; 316 } 317 318 n = 0; 319 320 usbtmc_abort_bulk_in_status: 321 dev_dbg(dev, "Reading from bulk in EP\n"); 322 323 /* Data must be present. So use low timeout 300 ms */ 324 actual = 0; 325 rv = usb_bulk_msg(data->usb_dev, 326 usb_rcvbulkpipe(data->usb_dev, 327 data->bulk_in), 328 buffer, USBTMC_BUFSIZE, 329 &actual, 300); 330 331 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1, 332 buffer, actual, true); 333 334 n++; 335 336 if (rv < 0) { 337 dev_err(dev, "usb_bulk_msg returned %d\n", rv); 338 if (rv != -ETIMEDOUT) 339 goto exit; 340 } 341 342 if (actual == USBTMC_BUFSIZE) 343 goto usbtmc_abort_bulk_in_status; 344 345 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) { 346 dev_err(dev, "Couldn't clear device buffer within %d cycles\n", 347 USBTMC_MAX_READS_TO_CLEAR_BULK_IN); 348 rv = -EPERM; 349 goto exit; 350 } 351 352 rv = usb_control_msg(data->usb_dev, 353 usb_rcvctrlpipe(data->usb_dev, 0), 354 USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS, 355 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 356 0, data->bulk_in, buffer, 0x08, 357 USB_CTRL_GET_TIMEOUT); 358 359 if (rv < 0) { 360 dev_err(dev, "usb_control_msg returned %d\n", rv); 361 goto exit; 362 } 363 364 dev_dbg(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]); 365 366 if (buffer[0] == USBTMC_STATUS_SUCCESS) { 367 rv = 0; 368 goto exit; 369 } 370 371 if (buffer[0] != USBTMC_STATUS_PENDING) { 372 dev_err(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]); 373 rv = -EPERM; 374 goto exit; 375 } 376 377 if ((buffer[1] & 1) > 0) { 378 /* The device has 1 or more queued packets the Host can read */ 379 goto usbtmc_abort_bulk_in_status; 380 } 381 382 /* The Host must send CHECK_ABORT_BULK_IN_STATUS at a later time. */ 383 rv = -EAGAIN; 384 exit: 385 kfree(buffer); 386 return rv; 387 } 388 389 static int usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data *data) 390 { 391 return usbtmc_ioctl_abort_bulk_in_tag(data, data->bTag_last_read); 392 } 393 394 static int usbtmc_ioctl_abort_bulk_out_tag(struct usbtmc_device_data *data, 395 u8 tag) 396 { 397 struct device *dev; 398 u8 *buffer; 399 int rv; 400 int n; 401 402 dev = &data->intf->dev; 403 404 buffer = kmalloc(8, GFP_KERNEL); 405 if (!buffer) 406 return -ENOMEM; 407 408 rv = usb_control_msg(data->usb_dev, 409 usb_rcvctrlpipe(data->usb_dev, 0), 410 USBTMC_REQUEST_INITIATE_ABORT_BULK_OUT, 411 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 412 tag, data->bulk_out, 413 buffer, 2, USB_CTRL_GET_TIMEOUT); 414 415 if (rv < 0) { 416 dev_err(dev, "usb_control_msg returned %d\n", rv); 417 goto exit; 418 } 419 420 dev_dbg(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", buffer[0]); 421 422 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 423 dev_err(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", 424 buffer[0]); 425 rv = -EPERM; 426 goto exit; 427 } 428 429 n = 0; 430 431 usbtmc_abort_bulk_out_check_status: 432 /* do not stress device with subsequent requests */ 433 msleep(50); 434 rv = usb_control_msg(data->usb_dev, 435 usb_rcvctrlpipe(data->usb_dev, 0), 436 USBTMC_REQUEST_CHECK_ABORT_BULK_OUT_STATUS, 437 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 438 0, data->bulk_out, buffer, 0x08, 439 USB_CTRL_GET_TIMEOUT); 440 n++; 441 if (rv < 0) { 442 dev_err(dev, "usb_control_msg returned %d\n", rv); 443 goto exit; 444 } 445 446 dev_dbg(dev, "CHECK_ABORT_BULK_OUT returned %x\n", buffer[0]); 447 448 if (buffer[0] == USBTMC_STATUS_SUCCESS) 449 goto usbtmc_abort_bulk_out_clear_halt; 450 451 if ((buffer[0] == USBTMC_STATUS_PENDING) && 452 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN)) 453 goto usbtmc_abort_bulk_out_check_status; 454 455 rv = -EPERM; 456 goto exit; 457 458 usbtmc_abort_bulk_out_clear_halt: 459 rv = usb_clear_halt(data->usb_dev, 460 usb_sndbulkpipe(data->usb_dev, data->bulk_out)); 461 462 if (rv < 0) { 463 dev_err(dev, "usb_control_msg returned %d\n", rv); 464 goto exit; 465 } 466 rv = 0; 467 468 exit: 469 kfree(buffer); 470 return rv; 471 } 472 473 static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data) 474 { 475 return usbtmc_ioctl_abort_bulk_out_tag(data, data->bTag_last_write); 476 } 477 478 static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, 479 void __user *arg) 480 { 481 struct usbtmc_device_data *data = file_data->data; 482 struct device *dev = &data->intf->dev; 483 int srq_asserted = 0; 484 u8 *buffer; 485 u8 tag; 486 __u8 stb; 487 int rv; 488 489 dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n", 490 data->iin_ep_present); 491 492 spin_lock_irq(&data->dev_lock); 493 srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted); 494 if (srq_asserted) { 495 /* a STB with SRQ is already received */ 496 stb = file_data->srq_byte; 497 spin_unlock_irq(&data->dev_lock); 498 rv = put_user(stb, (__u8 __user *)arg); 499 dev_dbg(dev, "stb:0x%02x with srq received %d\n", 500 (unsigned int)stb, rv); 501 return rv; 502 } 503 spin_unlock_irq(&data->dev_lock); 504 505 buffer = kmalloc(8, GFP_KERNEL); 506 if (!buffer) 507 return -ENOMEM; 508 509 atomic_set(&data->iin_data_valid, 0); 510 511 rv = usb_control_msg(data->usb_dev, 512 usb_rcvctrlpipe(data->usb_dev, 0), 513 USBTMC488_REQUEST_READ_STATUS_BYTE, 514 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 515 data->iin_bTag, 516 data->ifnum, 517 buffer, 0x03, USB_CTRL_GET_TIMEOUT); 518 if (rv < 0) { 519 dev_err(dev, "stb usb_control_msg returned %d\n", rv); 520 goto exit; 521 } 522 523 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 524 dev_err(dev, "control status returned %x\n", buffer[0]); 525 rv = -EIO; 526 goto exit; 527 } 528 529 if (data->iin_ep_present) { 530 rv = wait_event_interruptible_timeout( 531 data->waitq, 532 atomic_read(&data->iin_data_valid) != 0, 533 file_data->timeout); 534 if (rv < 0) { 535 dev_dbg(dev, "wait interrupted %d\n", rv); 536 goto exit; 537 } 538 539 if (rv == 0) { 540 dev_dbg(dev, "wait timed out\n"); 541 rv = -ETIMEDOUT; 542 goto exit; 543 } 544 545 tag = data->bNotify1 & 0x7f; 546 if (tag != data->iin_bTag) { 547 dev_err(dev, "expected bTag %x got %x\n", 548 data->iin_bTag, tag); 549 } 550 551 stb = data->bNotify2; 552 } else { 553 stb = buffer[2]; 554 } 555 556 rv = put_user(stb, (__u8 __user *)arg); 557 dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)stb, rv); 558 559 exit: 560 /* bump interrupt bTag */ 561 data->iin_bTag += 1; 562 if (data->iin_bTag > 127) 563 /* 1 is for SRQ see USBTMC-USB488 subclass spec section 4.3.1 */ 564 data->iin_bTag = 2; 565 566 kfree(buffer); 567 return rv; 568 } 569 570 static int usbtmc488_ioctl_wait_srq(struct usbtmc_file_data *file_data, 571 __u32 __user *arg) 572 { 573 struct usbtmc_device_data *data = file_data->data; 574 struct device *dev = &data->intf->dev; 575 int rv; 576 u32 timeout; 577 unsigned long expire; 578 579 if (!data->iin_ep_present) { 580 dev_dbg(dev, "no interrupt endpoint present\n"); 581 return -EFAULT; 582 } 583 584 if (get_user(timeout, arg)) 585 return -EFAULT; 586 587 expire = msecs_to_jiffies(timeout); 588 589 mutex_unlock(&data->io_mutex); 590 591 rv = wait_event_interruptible_timeout( 592 data->waitq, 593 atomic_read(&file_data->srq_asserted) != 0 || 594 atomic_read(&file_data->closing), 595 expire); 596 597 mutex_lock(&data->io_mutex); 598 599 /* Note! disconnect or close could be called in the meantime */ 600 if (atomic_read(&file_data->closing) || data->zombie) 601 rv = -ENODEV; 602 603 if (rv < 0) { 604 /* dev can be invalid now! */ 605 pr_debug("%s - wait interrupted %d\n", __func__, rv); 606 return rv; 607 } 608 609 if (rv == 0) { 610 dev_dbg(dev, "%s - wait timed out\n", __func__); 611 return -ETIMEDOUT; 612 } 613 614 dev_dbg(dev, "%s - srq asserted\n", __func__); 615 return 0; 616 } 617 618 static int usbtmc488_ioctl_simple(struct usbtmc_device_data *data, 619 void __user *arg, unsigned int cmd) 620 { 621 struct device *dev = &data->intf->dev; 622 __u8 val; 623 u8 *buffer; 624 u16 wValue; 625 int rv; 626 627 if (!(data->usb488_caps & USBTMC488_CAPABILITY_SIMPLE)) 628 return -EINVAL; 629 630 buffer = kmalloc(8, GFP_KERNEL); 631 if (!buffer) 632 return -ENOMEM; 633 634 if (cmd == USBTMC488_REQUEST_REN_CONTROL) { 635 rv = copy_from_user(&val, arg, sizeof(val)); 636 if (rv) { 637 rv = -EFAULT; 638 goto exit; 639 } 640 wValue = val ? 1 : 0; 641 } else { 642 wValue = 0; 643 } 644 645 rv = usb_control_msg(data->usb_dev, 646 usb_rcvctrlpipe(data->usb_dev, 0), 647 cmd, 648 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 649 wValue, 650 data->ifnum, 651 buffer, 0x01, USB_CTRL_GET_TIMEOUT); 652 if (rv < 0) { 653 dev_err(dev, "simple usb_control_msg failed %d\n", rv); 654 goto exit; 655 } else if (rv != 1) { 656 dev_warn(dev, "simple usb_control_msg returned %d\n", rv); 657 rv = -EIO; 658 goto exit; 659 } 660 661 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 662 dev_err(dev, "simple control status returned %x\n", buffer[0]); 663 rv = -EIO; 664 goto exit; 665 } 666 rv = 0; 667 668 exit: 669 kfree(buffer); 670 return rv; 671 } 672 673 /* 674 * Sends a TRIGGER Bulk-OUT command message 675 * See the USBTMC-USB488 specification, Table 2. 676 * 677 * Also updates bTag_last_write. 678 */ 679 static int usbtmc488_ioctl_trigger(struct usbtmc_file_data *file_data) 680 { 681 struct usbtmc_device_data *data = file_data->data; 682 int retval; 683 u8 *buffer; 684 int actual; 685 686 buffer = kzalloc(USBTMC_HEADER_SIZE, GFP_KERNEL); 687 if (!buffer) 688 return -ENOMEM; 689 690 buffer[0] = 128; 691 buffer[1] = data->bTag; 692 buffer[2] = ~data->bTag; 693 694 retval = usb_bulk_msg(data->usb_dev, 695 usb_sndbulkpipe(data->usb_dev, 696 data->bulk_out), 697 buffer, USBTMC_HEADER_SIZE, 698 &actual, file_data->timeout); 699 700 /* Store bTag (in case we need to abort) */ 701 data->bTag_last_write = data->bTag; 702 703 /* Increment bTag -- and increment again if zero */ 704 data->bTag++; 705 if (!data->bTag) 706 data->bTag++; 707 708 kfree(buffer); 709 if (retval < 0) { 710 dev_err(&data->intf->dev, "%s returned %d\n", 711 __func__, retval); 712 return retval; 713 } 714 715 return 0; 716 } 717 718 static struct urb *usbtmc_create_urb(void) 719 { 720 const size_t bufsize = USBTMC_BUFSIZE; 721 u8 *dmabuf = NULL; 722 struct urb *urb = usb_alloc_urb(0, GFP_KERNEL); 723 724 if (!urb) 725 return NULL; 726 727 dmabuf = kmalloc(bufsize, GFP_KERNEL); 728 if (!dmabuf) { 729 usb_free_urb(urb); 730 return NULL; 731 } 732 733 urb->transfer_buffer = dmabuf; 734 urb->transfer_buffer_length = bufsize; 735 urb->transfer_flags |= URB_FREE_BUFFER; 736 return urb; 737 } 738 739 static void usbtmc_read_bulk_cb(struct urb *urb) 740 { 741 struct usbtmc_file_data *file_data = urb->context; 742 int status = urb->status; 743 unsigned long flags; 744 745 /* sync/async unlink faults aren't errors */ 746 if (status) { 747 if (!(/* status == -ENOENT || */ 748 status == -ECONNRESET || 749 status == -EREMOTEIO || /* Short packet */ 750 status == -ESHUTDOWN)) 751 dev_err(&file_data->data->intf->dev, 752 "%s - nonzero read bulk status received: %d\n", 753 __func__, status); 754 755 spin_lock_irqsave(&file_data->err_lock, flags); 756 if (!file_data->in_status) 757 file_data->in_status = status; 758 spin_unlock_irqrestore(&file_data->err_lock, flags); 759 } 760 761 spin_lock_irqsave(&file_data->err_lock, flags); 762 file_data->in_transfer_size += urb->actual_length; 763 dev_dbg(&file_data->data->intf->dev, 764 "%s - total size: %u current: %d status: %d\n", 765 __func__, file_data->in_transfer_size, 766 urb->actual_length, status); 767 spin_unlock_irqrestore(&file_data->err_lock, flags); 768 usb_anchor_urb(urb, &file_data->in_anchor); 769 770 wake_up_interruptible(&file_data->wait_bulk_in); 771 wake_up_interruptible(&file_data->data->waitq); 772 } 773 774 static inline bool usbtmc_do_transfer(struct usbtmc_file_data *file_data) 775 { 776 bool data_or_error; 777 778 spin_lock_irq(&file_data->err_lock); 779 data_or_error = !usb_anchor_empty(&file_data->in_anchor) 780 || file_data->in_status; 781 spin_unlock_irq(&file_data->err_lock); 782 dev_dbg(&file_data->data->intf->dev, "%s: returns %d\n", __func__, 783 data_or_error); 784 return data_or_error; 785 } 786 787 static ssize_t usbtmc_generic_read(struct usbtmc_file_data *file_data, 788 void __user *user_buffer, 789 u32 transfer_size, 790 u32 *transferred, 791 u32 flags) 792 { 793 struct usbtmc_device_data *data = file_data->data; 794 struct device *dev = &data->intf->dev; 795 u32 done = 0; 796 u32 remaining; 797 const u32 bufsize = USBTMC_BUFSIZE; 798 int retval = 0; 799 u32 max_transfer_size; 800 unsigned long expire; 801 int bufcount = 1; 802 int again = 0; 803 804 /* mutex already locked */ 805 806 *transferred = done; 807 808 max_transfer_size = transfer_size; 809 810 if (flags & USBTMC_FLAG_IGNORE_TRAILER) { 811 /* The device may send extra alignment bytes (up to 812 * wMaxPacketSize – 1) to avoid sending a zero-length 813 * packet 814 */ 815 remaining = transfer_size; 816 if ((max_transfer_size % data->wMaxPacketSize) == 0) 817 max_transfer_size += (data->wMaxPacketSize - 1); 818 } else { 819 /* round down to bufsize to avoid truncated data left */ 820 if (max_transfer_size > bufsize) { 821 max_transfer_size = 822 roundup(max_transfer_size + 1 - bufsize, 823 bufsize); 824 } 825 remaining = max_transfer_size; 826 } 827 828 spin_lock_irq(&file_data->err_lock); 829 830 if (file_data->in_status) { 831 /* return the very first error */ 832 retval = file_data->in_status; 833 spin_unlock_irq(&file_data->err_lock); 834 goto error; 835 } 836 837 if (flags & USBTMC_FLAG_ASYNC) { 838 if (usb_anchor_empty(&file_data->in_anchor)) 839 again = 1; 840 841 if (file_data->in_urbs_used == 0) { 842 file_data->in_transfer_size = 0; 843 file_data->in_status = 0; 844 } 845 } else { 846 file_data->in_transfer_size = 0; 847 file_data->in_status = 0; 848 } 849 850 if (max_transfer_size == 0) { 851 bufcount = 0; 852 } else { 853 bufcount = roundup(max_transfer_size, bufsize) / bufsize; 854 if (bufcount > file_data->in_urbs_used) 855 bufcount -= file_data->in_urbs_used; 856 else 857 bufcount = 0; 858 859 if (bufcount + file_data->in_urbs_used > MAX_URBS_IN_FLIGHT) { 860 bufcount = MAX_URBS_IN_FLIGHT - 861 file_data->in_urbs_used; 862 } 863 } 864 spin_unlock_irq(&file_data->err_lock); 865 866 dev_dbg(dev, "%s: requested=%u flags=0x%X size=%u bufs=%d used=%d\n", 867 __func__, transfer_size, flags, 868 max_transfer_size, bufcount, file_data->in_urbs_used); 869 870 while (bufcount > 0) { 871 u8 *dmabuf = NULL; 872 struct urb *urb = usbtmc_create_urb(); 873 874 if (!urb) { 875 retval = -ENOMEM; 876 goto error; 877 } 878 879 dmabuf = urb->transfer_buffer; 880 881 usb_fill_bulk_urb(urb, data->usb_dev, 882 usb_rcvbulkpipe(data->usb_dev, data->bulk_in), 883 dmabuf, bufsize, 884 usbtmc_read_bulk_cb, file_data); 885 886 usb_anchor_urb(urb, &file_data->submitted); 887 retval = usb_submit_urb(urb, GFP_KERNEL); 888 /* urb is anchored. We can release our reference. */ 889 usb_free_urb(urb); 890 if (unlikely(retval)) { 891 usb_unanchor_urb(urb); 892 goto error; 893 } 894 file_data->in_urbs_used++; 895 bufcount--; 896 } 897 898 if (again) { 899 dev_dbg(dev, "%s: ret=again\n", __func__); 900 return -EAGAIN; 901 } 902 903 if (user_buffer == NULL) 904 return -EINVAL; 905 906 expire = msecs_to_jiffies(file_data->timeout); 907 908 while (max_transfer_size > 0) { 909 u32 this_part; 910 struct urb *urb = NULL; 911 912 if (!(flags & USBTMC_FLAG_ASYNC)) { 913 dev_dbg(dev, "%s: before wait time %lu\n", 914 __func__, expire); 915 retval = wait_event_interruptible_timeout( 916 file_data->wait_bulk_in, 917 usbtmc_do_transfer(file_data), 918 expire); 919 920 dev_dbg(dev, "%s: wait returned %d\n", 921 __func__, retval); 922 923 if (retval <= 0) { 924 if (retval == 0) 925 retval = -ETIMEDOUT; 926 goto error; 927 } 928 } 929 930 urb = usb_get_from_anchor(&file_data->in_anchor); 931 if (!urb) { 932 if (!(flags & USBTMC_FLAG_ASYNC)) { 933 /* synchronous case: must not happen */ 934 retval = -EFAULT; 935 goto error; 936 } 937 938 /* asynchronous case: ready, do not block or wait */ 939 *transferred = done; 940 dev_dbg(dev, "%s: (async) done=%u ret=0\n", 941 __func__, done); 942 return 0; 943 } 944 945 file_data->in_urbs_used--; 946 947 if (max_transfer_size > urb->actual_length) 948 max_transfer_size -= urb->actual_length; 949 else 950 max_transfer_size = 0; 951 952 if (remaining > urb->actual_length) 953 this_part = urb->actual_length; 954 else 955 this_part = remaining; 956 957 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1, 958 urb->transfer_buffer, urb->actual_length, true); 959 960 if (copy_to_user(user_buffer + done, 961 urb->transfer_buffer, this_part)) { 962 usb_free_urb(urb); 963 retval = -EFAULT; 964 goto error; 965 } 966 967 remaining -= this_part; 968 done += this_part; 969 970 spin_lock_irq(&file_data->err_lock); 971 if (urb->status) { 972 /* return the very first error */ 973 retval = file_data->in_status; 974 spin_unlock_irq(&file_data->err_lock); 975 usb_free_urb(urb); 976 goto error; 977 } 978 spin_unlock_irq(&file_data->err_lock); 979 980 if (urb->actual_length < bufsize) { 981 /* short packet or ZLP received => ready */ 982 usb_free_urb(urb); 983 retval = 1; 984 break; 985 } 986 987 if (!(flags & USBTMC_FLAG_ASYNC) && 988 max_transfer_size > (bufsize * file_data->in_urbs_used)) { 989 /* resubmit, since other buffers still not enough */ 990 usb_anchor_urb(urb, &file_data->submitted); 991 retval = usb_submit_urb(urb, GFP_KERNEL); 992 if (unlikely(retval)) { 993 usb_unanchor_urb(urb); 994 usb_free_urb(urb); 995 goto error; 996 } 997 file_data->in_urbs_used++; 998 } 999 usb_free_urb(urb); 1000 retval = 0; 1001 } 1002 1003 error: 1004 *transferred = done; 1005 1006 dev_dbg(dev, "%s: before kill\n", __func__); 1007 /* Attention: killing urbs can take long time (2 ms) */ 1008 usb_kill_anchored_urbs(&file_data->submitted); 1009 dev_dbg(dev, "%s: after kill\n", __func__); 1010 usb_scuttle_anchored_urbs(&file_data->in_anchor); 1011 file_data->in_urbs_used = 0; 1012 file_data->in_status = 0; /* no spinlock needed here */ 1013 dev_dbg(dev, "%s: done=%u ret=%d\n", __func__, done, retval); 1014 1015 return retval; 1016 } 1017 1018 static ssize_t usbtmc_ioctl_generic_read(struct usbtmc_file_data *file_data, 1019 void __user *arg) 1020 { 1021 struct usbtmc_message msg; 1022 ssize_t retval = 0; 1023 1024 /* mutex already locked */ 1025 1026 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message))) 1027 return -EFAULT; 1028 1029 retval = usbtmc_generic_read(file_data, msg.message, 1030 msg.transfer_size, &msg.transferred, 1031 msg.flags); 1032 1033 if (put_user(msg.transferred, 1034 &((struct usbtmc_message __user *)arg)->transferred)) 1035 return -EFAULT; 1036 1037 return retval; 1038 } 1039 1040 static void usbtmc_write_bulk_cb(struct urb *urb) 1041 { 1042 struct usbtmc_file_data *file_data = urb->context; 1043 int wakeup = 0; 1044 unsigned long flags; 1045 1046 spin_lock_irqsave(&file_data->err_lock, flags); 1047 file_data->out_transfer_size += urb->actual_length; 1048 1049 /* sync/async unlink faults aren't errors */ 1050 if (urb->status) { 1051 if (!(urb->status == -ENOENT || 1052 urb->status == -ECONNRESET || 1053 urb->status == -ESHUTDOWN)) 1054 dev_err(&file_data->data->intf->dev, 1055 "%s - nonzero write bulk status received: %d\n", 1056 __func__, urb->status); 1057 1058 if (!file_data->out_status) { 1059 file_data->out_status = urb->status; 1060 wakeup = 1; 1061 } 1062 } 1063 spin_unlock_irqrestore(&file_data->err_lock, flags); 1064 1065 dev_dbg(&file_data->data->intf->dev, 1066 "%s - write bulk total size: %u\n", 1067 __func__, file_data->out_transfer_size); 1068 1069 up(&file_data->limit_write_sem); 1070 if (usb_anchor_empty(&file_data->submitted) || wakeup) 1071 wake_up_interruptible(&file_data->data->waitq); 1072 } 1073 1074 static ssize_t usbtmc_generic_write(struct usbtmc_file_data *file_data, 1075 const void __user *user_buffer, 1076 u32 transfer_size, 1077 u32 *transferred, 1078 u32 flags) 1079 { 1080 struct usbtmc_device_data *data = file_data->data; 1081 struct device *dev; 1082 u32 done = 0; 1083 u32 remaining; 1084 unsigned long expire; 1085 const u32 bufsize = USBTMC_BUFSIZE; 1086 struct urb *urb = NULL; 1087 int retval = 0; 1088 u32 timeout; 1089 1090 *transferred = 0; 1091 1092 /* Get pointer to private data structure */ 1093 dev = &data->intf->dev; 1094 1095 dev_dbg(dev, "%s: size=%u flags=0x%X sema=%u\n", 1096 __func__, transfer_size, flags, 1097 file_data->limit_write_sem.count); 1098 1099 if (flags & USBTMC_FLAG_APPEND) { 1100 spin_lock_irq(&file_data->err_lock); 1101 retval = file_data->out_status; 1102 spin_unlock_irq(&file_data->err_lock); 1103 if (retval < 0) 1104 return retval; 1105 } else { 1106 spin_lock_irq(&file_data->err_lock); 1107 file_data->out_transfer_size = 0; 1108 file_data->out_status = 0; 1109 spin_unlock_irq(&file_data->err_lock); 1110 } 1111 1112 remaining = transfer_size; 1113 if (remaining > INT_MAX) 1114 remaining = INT_MAX; 1115 1116 timeout = file_data->timeout; 1117 expire = msecs_to_jiffies(timeout); 1118 1119 while (remaining > 0) { 1120 u32 this_part, aligned; 1121 u8 *buffer = NULL; 1122 1123 if (flags & USBTMC_FLAG_ASYNC) { 1124 if (down_trylock(&file_data->limit_write_sem)) { 1125 retval = (done)?(0):(-EAGAIN); 1126 goto exit; 1127 } 1128 } else { 1129 retval = down_timeout(&file_data->limit_write_sem, 1130 expire); 1131 if (retval < 0) { 1132 retval = -ETIMEDOUT; 1133 goto error; 1134 } 1135 } 1136 1137 spin_lock_irq(&file_data->err_lock); 1138 retval = file_data->out_status; 1139 spin_unlock_irq(&file_data->err_lock); 1140 if (retval < 0) { 1141 up(&file_data->limit_write_sem); 1142 goto error; 1143 } 1144 1145 /* prepare next urb to send */ 1146 urb = usbtmc_create_urb(); 1147 if (!urb) { 1148 retval = -ENOMEM; 1149 up(&file_data->limit_write_sem); 1150 goto error; 1151 } 1152 buffer = urb->transfer_buffer; 1153 1154 if (remaining > bufsize) 1155 this_part = bufsize; 1156 else 1157 this_part = remaining; 1158 1159 if (copy_from_user(buffer, user_buffer + done, this_part)) { 1160 retval = -EFAULT; 1161 up(&file_data->limit_write_sem); 1162 goto error; 1163 } 1164 1165 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1166 16, 1, buffer, this_part, true); 1167 1168 /* fill bulk with 32 bit alignment to meet USBTMC specification 1169 * (size + 3 & ~3) rounds up and simplifies user code 1170 */ 1171 aligned = (this_part + 3) & ~3; 1172 dev_dbg(dev, "write(size:%u align:%u done:%u)\n", 1173 (unsigned int)this_part, 1174 (unsigned int)aligned, 1175 (unsigned int)done); 1176 1177 usb_fill_bulk_urb(urb, data->usb_dev, 1178 usb_sndbulkpipe(data->usb_dev, data->bulk_out), 1179 urb->transfer_buffer, aligned, 1180 usbtmc_write_bulk_cb, file_data); 1181 1182 usb_anchor_urb(urb, &file_data->submitted); 1183 retval = usb_submit_urb(urb, GFP_KERNEL); 1184 if (unlikely(retval)) { 1185 usb_unanchor_urb(urb); 1186 up(&file_data->limit_write_sem); 1187 goto error; 1188 } 1189 1190 usb_free_urb(urb); 1191 urb = NULL; /* urb will be finally released by usb driver */ 1192 1193 remaining -= this_part; 1194 done += this_part; 1195 } 1196 1197 /* All urbs are on the fly */ 1198 if (!(flags & USBTMC_FLAG_ASYNC)) { 1199 if (!usb_wait_anchor_empty_timeout(&file_data->submitted, 1200 timeout)) { 1201 retval = -ETIMEDOUT; 1202 goto error; 1203 } 1204 } 1205 1206 retval = 0; 1207 goto exit; 1208 1209 error: 1210 usb_kill_anchored_urbs(&file_data->submitted); 1211 exit: 1212 usb_free_urb(urb); 1213 1214 spin_lock_irq(&file_data->err_lock); 1215 if (!(flags & USBTMC_FLAG_ASYNC)) 1216 done = file_data->out_transfer_size; 1217 if (!retval && file_data->out_status) 1218 retval = file_data->out_status; 1219 spin_unlock_irq(&file_data->err_lock); 1220 1221 *transferred = done; 1222 1223 dev_dbg(dev, "%s: done=%u, retval=%d, urbstat=%d\n", 1224 __func__, done, retval, file_data->out_status); 1225 1226 return retval; 1227 } 1228 1229 static ssize_t usbtmc_ioctl_generic_write(struct usbtmc_file_data *file_data, 1230 void __user *arg) 1231 { 1232 struct usbtmc_message msg; 1233 ssize_t retval = 0; 1234 1235 /* mutex already locked */ 1236 1237 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message))) 1238 return -EFAULT; 1239 1240 retval = usbtmc_generic_write(file_data, msg.message, 1241 msg.transfer_size, &msg.transferred, 1242 msg.flags); 1243 1244 if (put_user(msg.transferred, 1245 &((struct usbtmc_message __user *)arg)->transferred)) 1246 return -EFAULT; 1247 1248 return retval; 1249 } 1250 1251 /* 1252 * Get the generic write result 1253 */ 1254 static ssize_t usbtmc_ioctl_write_result(struct usbtmc_file_data *file_data, 1255 void __user *arg) 1256 { 1257 u32 transferred; 1258 int retval; 1259 1260 spin_lock_irq(&file_data->err_lock); 1261 transferred = file_data->out_transfer_size; 1262 retval = file_data->out_status; 1263 spin_unlock_irq(&file_data->err_lock); 1264 1265 if (put_user(transferred, (__u32 __user *)arg)) 1266 return -EFAULT; 1267 1268 return retval; 1269 } 1270 1271 /* 1272 * Sends a REQUEST_DEV_DEP_MSG_IN message on the Bulk-OUT endpoint. 1273 * @transfer_size: number of bytes to request from the device. 1274 * 1275 * See the USBTMC specification, Table 4. 1276 * 1277 * Also updates bTag_last_write. 1278 */ 1279 static int send_request_dev_dep_msg_in(struct usbtmc_file_data *file_data, 1280 u32 transfer_size) 1281 { 1282 struct usbtmc_device_data *data = file_data->data; 1283 int retval; 1284 u8 *buffer; 1285 int actual; 1286 1287 buffer = kmalloc(USBTMC_HEADER_SIZE, GFP_KERNEL); 1288 if (!buffer) 1289 return -ENOMEM; 1290 /* Setup IO buffer for REQUEST_DEV_DEP_MSG_IN message 1291 * Refer to class specs for details 1292 */ 1293 buffer[0] = 2; 1294 buffer[1] = data->bTag; 1295 buffer[2] = ~data->bTag; 1296 buffer[3] = 0; /* Reserved */ 1297 buffer[4] = transfer_size >> 0; 1298 buffer[5] = transfer_size >> 8; 1299 buffer[6] = transfer_size >> 16; 1300 buffer[7] = transfer_size >> 24; 1301 buffer[8] = file_data->term_char_enabled * 2; 1302 /* Use term character? */ 1303 buffer[9] = file_data->term_char; 1304 buffer[10] = 0; /* Reserved */ 1305 buffer[11] = 0; /* Reserved */ 1306 1307 /* Send bulk URB */ 1308 retval = usb_bulk_msg(data->usb_dev, 1309 usb_sndbulkpipe(data->usb_dev, 1310 data->bulk_out), 1311 buffer, USBTMC_HEADER_SIZE, 1312 &actual, file_data->timeout); 1313 1314 /* Store bTag (in case we need to abort) */ 1315 data->bTag_last_write = data->bTag; 1316 1317 /* Increment bTag -- and increment again if zero */ 1318 data->bTag++; 1319 if (!data->bTag) 1320 data->bTag++; 1321 1322 kfree(buffer); 1323 if (retval < 0) 1324 dev_err(&data->intf->dev, "%s returned %d\n", 1325 __func__, retval); 1326 1327 return retval; 1328 } 1329 1330 static ssize_t usbtmc_read(struct file *filp, char __user *buf, 1331 size_t count, loff_t *f_pos) 1332 { 1333 struct usbtmc_file_data *file_data; 1334 struct usbtmc_device_data *data; 1335 struct device *dev; 1336 const u32 bufsize = USBTMC_BUFSIZE; 1337 u32 n_characters; 1338 u8 *buffer; 1339 int actual; 1340 u32 done = 0; 1341 u32 remaining; 1342 int retval; 1343 1344 /* Get pointer to private data structure */ 1345 file_data = filp->private_data; 1346 data = file_data->data; 1347 dev = &data->intf->dev; 1348 1349 buffer = kmalloc(bufsize, GFP_KERNEL); 1350 if (!buffer) 1351 return -ENOMEM; 1352 1353 mutex_lock(&data->io_mutex); 1354 if (data->zombie) { 1355 retval = -ENODEV; 1356 goto exit; 1357 } 1358 1359 if (count > INT_MAX) 1360 count = INT_MAX; 1361 1362 dev_dbg(dev, "%s(count:%zu)\n", __func__, count); 1363 1364 retval = send_request_dev_dep_msg_in(file_data, count); 1365 1366 if (retval < 0) { 1367 if (file_data->auto_abort) 1368 usbtmc_ioctl_abort_bulk_out(data); 1369 goto exit; 1370 } 1371 1372 /* Loop until we have fetched everything we requested */ 1373 remaining = count; 1374 actual = 0; 1375 1376 /* Send bulk URB */ 1377 retval = usb_bulk_msg(data->usb_dev, 1378 usb_rcvbulkpipe(data->usb_dev, 1379 data->bulk_in), 1380 buffer, bufsize, &actual, 1381 file_data->timeout); 1382 1383 dev_dbg(dev, "%s: bulk_msg retval(%u), actual(%d)\n", 1384 __func__, retval, actual); 1385 1386 /* Store bTag (in case we need to abort) */ 1387 data->bTag_last_read = data->bTag; 1388 1389 if (retval < 0) { 1390 if (file_data->auto_abort) 1391 usbtmc_ioctl_abort_bulk_in(data); 1392 goto exit; 1393 } 1394 1395 /* Sanity checks for the header */ 1396 if (actual < USBTMC_HEADER_SIZE) { 1397 dev_err(dev, "Device sent too small first packet: %u < %u\n", 1398 actual, USBTMC_HEADER_SIZE); 1399 if (file_data->auto_abort) 1400 usbtmc_ioctl_abort_bulk_in(data); 1401 goto exit; 1402 } 1403 1404 if (buffer[0] != 2) { 1405 dev_err(dev, "Device sent reply with wrong MsgID: %u != 2\n", 1406 buffer[0]); 1407 if (file_data->auto_abort) 1408 usbtmc_ioctl_abort_bulk_in(data); 1409 goto exit; 1410 } 1411 1412 if (buffer[1] != data->bTag_last_write) { 1413 dev_err(dev, "Device sent reply with wrong bTag: %u != %u\n", 1414 buffer[1], data->bTag_last_write); 1415 if (file_data->auto_abort) 1416 usbtmc_ioctl_abort_bulk_in(data); 1417 goto exit; 1418 } 1419 1420 /* How many characters did the instrument send? */ 1421 n_characters = buffer[4] + 1422 (buffer[5] << 8) + 1423 (buffer[6] << 16) + 1424 (buffer[7] << 24); 1425 1426 file_data->bmTransferAttributes = buffer[8]; 1427 1428 dev_dbg(dev, "Bulk-IN header: N_characters(%u), bTransAttr(%u)\n", 1429 n_characters, buffer[8]); 1430 1431 if (n_characters > remaining) { 1432 dev_err(dev, "Device wants to return more data than requested: %u > %zu\n", 1433 n_characters, count); 1434 if (file_data->auto_abort) 1435 usbtmc_ioctl_abort_bulk_in(data); 1436 goto exit; 1437 } 1438 1439 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1440 16, 1, buffer, actual, true); 1441 1442 remaining = n_characters; 1443 1444 /* Remove the USBTMC header */ 1445 actual -= USBTMC_HEADER_SIZE; 1446 1447 /* Remove padding if it exists */ 1448 if (actual > remaining) 1449 actual = remaining; 1450 1451 remaining -= actual; 1452 1453 /* Copy buffer to user space */ 1454 if (copy_to_user(buf, &buffer[USBTMC_HEADER_SIZE], actual)) { 1455 /* There must have been an addressing problem */ 1456 retval = -EFAULT; 1457 goto exit; 1458 } 1459 1460 if ((actual + USBTMC_HEADER_SIZE) == bufsize) { 1461 retval = usbtmc_generic_read(file_data, buf + actual, 1462 remaining, 1463 &done, 1464 USBTMC_FLAG_IGNORE_TRAILER); 1465 if (retval < 0) 1466 goto exit; 1467 } 1468 done += actual; 1469 1470 /* Update file position value */ 1471 *f_pos = *f_pos + done; 1472 retval = done; 1473 1474 exit: 1475 mutex_unlock(&data->io_mutex); 1476 kfree(buffer); 1477 return retval; 1478 } 1479 1480 static ssize_t usbtmc_write(struct file *filp, const char __user *buf, 1481 size_t count, loff_t *f_pos) 1482 { 1483 struct usbtmc_file_data *file_data; 1484 struct usbtmc_device_data *data; 1485 struct urb *urb = NULL; 1486 ssize_t retval = 0; 1487 u8 *buffer; 1488 u32 remaining, done; 1489 u32 transfersize, aligned, buflen; 1490 1491 file_data = filp->private_data; 1492 data = file_data->data; 1493 1494 mutex_lock(&data->io_mutex); 1495 1496 if (data->zombie) { 1497 retval = -ENODEV; 1498 goto exit; 1499 } 1500 1501 done = 0; 1502 1503 spin_lock_irq(&file_data->err_lock); 1504 file_data->out_transfer_size = 0; 1505 file_data->out_status = 0; 1506 spin_unlock_irq(&file_data->err_lock); 1507 1508 if (!count) 1509 goto exit; 1510 1511 if (down_trylock(&file_data->limit_write_sem)) { 1512 /* previous calls were async */ 1513 retval = -EBUSY; 1514 goto exit; 1515 } 1516 1517 urb = usbtmc_create_urb(); 1518 if (!urb) { 1519 retval = -ENOMEM; 1520 up(&file_data->limit_write_sem); 1521 goto exit; 1522 } 1523 1524 buffer = urb->transfer_buffer; 1525 buflen = urb->transfer_buffer_length; 1526 1527 if (count > INT_MAX) { 1528 transfersize = INT_MAX; 1529 buffer[8] = 0; 1530 } else { 1531 transfersize = count; 1532 buffer[8] = file_data->eom_val; 1533 } 1534 1535 /* Setup IO buffer for DEV_DEP_MSG_OUT message */ 1536 buffer[0] = 1; 1537 buffer[1] = data->bTag; 1538 buffer[2] = ~data->bTag; 1539 buffer[3] = 0; /* Reserved */ 1540 buffer[4] = transfersize >> 0; 1541 buffer[5] = transfersize >> 8; 1542 buffer[6] = transfersize >> 16; 1543 buffer[7] = transfersize >> 24; 1544 /* buffer[8] is set above... */ 1545 buffer[9] = 0; /* Reserved */ 1546 buffer[10] = 0; /* Reserved */ 1547 buffer[11] = 0; /* Reserved */ 1548 1549 remaining = transfersize; 1550 1551 if (transfersize + USBTMC_HEADER_SIZE > buflen) { 1552 transfersize = buflen - USBTMC_HEADER_SIZE; 1553 aligned = buflen; 1554 } else { 1555 aligned = (transfersize + (USBTMC_HEADER_SIZE + 3)) & ~3; 1556 } 1557 1558 if (copy_from_user(&buffer[USBTMC_HEADER_SIZE], buf, transfersize)) { 1559 retval = -EFAULT; 1560 up(&file_data->limit_write_sem); 1561 goto exit; 1562 } 1563 1564 dev_dbg(&data->intf->dev, "%s(size:%u align:%u)\n", __func__, 1565 (unsigned int)transfersize, (unsigned int)aligned); 1566 1567 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1568 16, 1, buffer, aligned, true); 1569 1570 usb_fill_bulk_urb(urb, data->usb_dev, 1571 usb_sndbulkpipe(data->usb_dev, data->bulk_out), 1572 urb->transfer_buffer, aligned, 1573 usbtmc_write_bulk_cb, file_data); 1574 1575 usb_anchor_urb(urb, &file_data->submitted); 1576 retval = usb_submit_urb(urb, GFP_KERNEL); 1577 if (unlikely(retval)) { 1578 usb_unanchor_urb(urb); 1579 up(&file_data->limit_write_sem); 1580 goto exit; 1581 } 1582 1583 remaining -= transfersize; 1584 1585 data->bTag_last_write = data->bTag; 1586 data->bTag++; 1587 1588 if (!data->bTag) 1589 data->bTag++; 1590 1591 /* call generic_write even when remaining = 0 */ 1592 retval = usbtmc_generic_write(file_data, buf + transfersize, remaining, 1593 &done, USBTMC_FLAG_APPEND); 1594 /* truncate alignment bytes */ 1595 if (done > remaining) 1596 done = remaining; 1597 1598 /*add size of first urb*/ 1599 done += transfersize; 1600 1601 if (retval < 0) { 1602 usb_kill_anchored_urbs(&file_data->submitted); 1603 1604 dev_err(&data->intf->dev, 1605 "Unable to send data, error %d\n", (int)retval); 1606 if (file_data->auto_abort) 1607 usbtmc_ioctl_abort_bulk_out(data); 1608 goto exit; 1609 } 1610 1611 retval = done; 1612 exit: 1613 usb_free_urb(urb); 1614 mutex_unlock(&data->io_mutex); 1615 return retval; 1616 } 1617 1618 static int usbtmc_ioctl_clear(struct usbtmc_device_data *data) 1619 { 1620 struct device *dev; 1621 u8 *buffer; 1622 int rv; 1623 int n; 1624 int actual = 0; 1625 1626 dev = &data->intf->dev; 1627 1628 dev_dbg(dev, "Sending INITIATE_CLEAR request\n"); 1629 1630 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL); 1631 if (!buffer) 1632 return -ENOMEM; 1633 1634 rv = usb_control_msg(data->usb_dev, 1635 usb_rcvctrlpipe(data->usb_dev, 0), 1636 USBTMC_REQUEST_INITIATE_CLEAR, 1637 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1638 0, 0, buffer, 1, USB_CTRL_GET_TIMEOUT); 1639 if (rv < 0) { 1640 dev_err(dev, "usb_control_msg returned %d\n", rv); 1641 goto exit; 1642 } 1643 1644 dev_dbg(dev, "INITIATE_CLEAR returned %x\n", buffer[0]); 1645 1646 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 1647 dev_err(dev, "INITIATE_CLEAR returned %x\n", buffer[0]); 1648 rv = -EPERM; 1649 goto exit; 1650 } 1651 1652 n = 0; 1653 1654 usbtmc_clear_check_status: 1655 1656 dev_dbg(dev, "Sending CHECK_CLEAR_STATUS request\n"); 1657 1658 rv = usb_control_msg(data->usb_dev, 1659 usb_rcvctrlpipe(data->usb_dev, 0), 1660 USBTMC_REQUEST_CHECK_CLEAR_STATUS, 1661 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1662 0, 0, buffer, 2, USB_CTRL_GET_TIMEOUT); 1663 if (rv < 0) { 1664 dev_err(dev, "usb_control_msg returned %d\n", rv); 1665 goto exit; 1666 } 1667 1668 dev_dbg(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]); 1669 1670 if (buffer[0] == USBTMC_STATUS_SUCCESS) 1671 goto usbtmc_clear_bulk_out_halt; 1672 1673 if (buffer[0] != USBTMC_STATUS_PENDING) { 1674 dev_err(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]); 1675 rv = -EPERM; 1676 goto exit; 1677 } 1678 1679 if ((buffer[1] & 1) != 0) { 1680 do { 1681 dev_dbg(dev, "Reading from bulk in EP\n"); 1682 1683 actual = 0; 1684 rv = usb_bulk_msg(data->usb_dev, 1685 usb_rcvbulkpipe(data->usb_dev, 1686 data->bulk_in), 1687 buffer, USBTMC_BUFSIZE, 1688 &actual, USB_CTRL_GET_TIMEOUT); 1689 1690 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1691 16, 1, buffer, actual, true); 1692 1693 n++; 1694 1695 if (rv < 0) { 1696 dev_err(dev, "usb_control_msg returned %d\n", 1697 rv); 1698 goto exit; 1699 } 1700 } while ((actual == USBTMC_BUFSIZE) && 1701 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN)); 1702 } else { 1703 /* do not stress device with subsequent requests */ 1704 msleep(50); 1705 n++; 1706 } 1707 1708 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) { 1709 dev_err(dev, "Couldn't clear device buffer within %d cycles\n", 1710 USBTMC_MAX_READS_TO_CLEAR_BULK_IN); 1711 rv = -EPERM; 1712 goto exit; 1713 } 1714 1715 goto usbtmc_clear_check_status; 1716 1717 usbtmc_clear_bulk_out_halt: 1718 1719 rv = usb_clear_halt(data->usb_dev, 1720 usb_sndbulkpipe(data->usb_dev, data->bulk_out)); 1721 if (rv < 0) { 1722 dev_err(dev, "usb_clear_halt returned %d\n", rv); 1723 goto exit; 1724 } 1725 rv = 0; 1726 1727 exit: 1728 kfree(buffer); 1729 return rv; 1730 } 1731 1732 static int usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data *data) 1733 { 1734 int rv; 1735 1736 rv = usb_clear_halt(data->usb_dev, 1737 usb_sndbulkpipe(data->usb_dev, data->bulk_out)); 1738 1739 if (rv < 0) 1740 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv); 1741 return rv; 1742 } 1743 1744 static int usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data *data) 1745 { 1746 int rv; 1747 1748 rv = usb_clear_halt(data->usb_dev, 1749 usb_rcvbulkpipe(data->usb_dev, data->bulk_in)); 1750 1751 if (rv < 0) 1752 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv); 1753 return rv; 1754 } 1755 1756 static int usbtmc_ioctl_cancel_io(struct usbtmc_file_data *file_data) 1757 { 1758 spin_lock_irq(&file_data->err_lock); 1759 file_data->in_status = -ECANCELED; 1760 file_data->out_status = -ECANCELED; 1761 spin_unlock_irq(&file_data->err_lock); 1762 usb_kill_anchored_urbs(&file_data->submitted); 1763 return 0; 1764 } 1765 1766 static int usbtmc_ioctl_cleanup_io(struct usbtmc_file_data *file_data) 1767 { 1768 usb_kill_anchored_urbs(&file_data->submitted); 1769 usb_scuttle_anchored_urbs(&file_data->in_anchor); 1770 spin_lock_irq(&file_data->err_lock); 1771 file_data->in_status = 0; 1772 file_data->in_transfer_size = 0; 1773 file_data->out_status = 0; 1774 file_data->out_transfer_size = 0; 1775 spin_unlock_irq(&file_data->err_lock); 1776 1777 file_data->in_urbs_used = 0; 1778 return 0; 1779 } 1780 1781 static int get_capabilities(struct usbtmc_device_data *data) 1782 { 1783 struct device *dev = &data->usb_dev->dev; 1784 char *buffer; 1785 int rv = 0; 1786 1787 buffer = kmalloc(0x18, GFP_KERNEL); 1788 if (!buffer) 1789 return -ENOMEM; 1790 1791 rv = usb_control_msg(data->usb_dev, usb_rcvctrlpipe(data->usb_dev, 0), 1792 USBTMC_REQUEST_GET_CAPABILITIES, 1793 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1794 0, 0, buffer, 0x18, USB_CTRL_GET_TIMEOUT); 1795 if (rv < 0) { 1796 dev_err(dev, "usb_control_msg returned %d\n", rv); 1797 goto err_out; 1798 } 1799 1800 dev_dbg(dev, "GET_CAPABILITIES returned %x\n", buffer[0]); 1801 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 1802 dev_err(dev, "GET_CAPABILITIES returned %x\n", buffer[0]); 1803 rv = -EPERM; 1804 goto err_out; 1805 } 1806 dev_dbg(dev, "Interface capabilities are %x\n", buffer[4]); 1807 dev_dbg(dev, "Device capabilities are %x\n", buffer[5]); 1808 dev_dbg(dev, "USB488 interface capabilities are %x\n", buffer[14]); 1809 dev_dbg(dev, "USB488 device capabilities are %x\n", buffer[15]); 1810 1811 data->capabilities.interface_capabilities = buffer[4]; 1812 data->capabilities.device_capabilities = buffer[5]; 1813 data->capabilities.usb488_interface_capabilities = buffer[14]; 1814 data->capabilities.usb488_device_capabilities = buffer[15]; 1815 data->usb488_caps = (buffer[14] & 0x07) | ((buffer[15] & 0x0f) << 4); 1816 rv = 0; 1817 1818 err_out: 1819 kfree(buffer); 1820 return rv; 1821 } 1822 1823 #define capability_attribute(name) \ 1824 static ssize_t name##_show(struct device *dev, \ 1825 struct device_attribute *attr, char *buf) \ 1826 { \ 1827 struct usb_interface *intf = to_usb_interface(dev); \ 1828 struct usbtmc_device_data *data = usb_get_intfdata(intf); \ 1829 \ 1830 return sprintf(buf, "%d\n", data->capabilities.name); \ 1831 } \ 1832 static DEVICE_ATTR_RO(name) 1833 1834 capability_attribute(interface_capabilities); 1835 capability_attribute(device_capabilities); 1836 capability_attribute(usb488_interface_capabilities); 1837 capability_attribute(usb488_device_capabilities); 1838 1839 static struct attribute *capability_attrs[] = { 1840 &dev_attr_interface_capabilities.attr, 1841 &dev_attr_device_capabilities.attr, 1842 &dev_attr_usb488_interface_capabilities.attr, 1843 &dev_attr_usb488_device_capabilities.attr, 1844 NULL, 1845 }; 1846 1847 static const struct attribute_group capability_attr_grp = { 1848 .attrs = capability_attrs, 1849 }; 1850 1851 static int usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data *data) 1852 { 1853 struct device *dev; 1854 u8 *buffer; 1855 int rv; 1856 1857 dev = &data->intf->dev; 1858 1859 buffer = kmalloc(2, GFP_KERNEL); 1860 if (!buffer) 1861 return -ENOMEM; 1862 1863 rv = usb_control_msg(data->usb_dev, 1864 usb_rcvctrlpipe(data->usb_dev, 0), 1865 USBTMC_REQUEST_INDICATOR_PULSE, 1866 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1867 0, 0, buffer, 0x01, USB_CTRL_GET_TIMEOUT); 1868 1869 if (rv < 0) { 1870 dev_err(dev, "usb_control_msg returned %d\n", rv); 1871 goto exit; 1872 } 1873 1874 dev_dbg(dev, "INDICATOR_PULSE returned %x\n", buffer[0]); 1875 1876 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 1877 dev_err(dev, "INDICATOR_PULSE returned %x\n", buffer[0]); 1878 rv = -EPERM; 1879 goto exit; 1880 } 1881 rv = 0; 1882 1883 exit: 1884 kfree(buffer); 1885 return rv; 1886 } 1887 1888 static int usbtmc_ioctl_request(struct usbtmc_device_data *data, 1889 void __user *arg) 1890 { 1891 struct device *dev = &data->intf->dev; 1892 struct usbtmc_ctrlrequest request; 1893 u8 *buffer = NULL; 1894 int rv; 1895 unsigned long res; 1896 1897 res = copy_from_user(&request, arg, sizeof(struct usbtmc_ctrlrequest)); 1898 if (res) 1899 return -EFAULT; 1900 1901 if (request.req.wLength > USBTMC_BUFSIZE) 1902 return -EMSGSIZE; 1903 1904 if (request.req.wLength) { 1905 buffer = kmalloc(request.req.wLength, GFP_KERNEL); 1906 if (!buffer) 1907 return -ENOMEM; 1908 1909 if ((request.req.bRequestType & USB_DIR_IN) == 0) { 1910 /* Send control data to device */ 1911 res = copy_from_user(buffer, request.data, 1912 request.req.wLength); 1913 if (res) { 1914 rv = -EFAULT; 1915 goto exit; 1916 } 1917 } 1918 } 1919 1920 rv = usb_control_msg(data->usb_dev, 1921 usb_rcvctrlpipe(data->usb_dev, 0), 1922 request.req.bRequest, 1923 request.req.bRequestType, 1924 request.req.wValue, 1925 request.req.wIndex, 1926 buffer, request.req.wLength, USB_CTRL_GET_TIMEOUT); 1927 1928 if (rv < 0) { 1929 dev_err(dev, "%s failed %d\n", __func__, rv); 1930 goto exit; 1931 } 1932 1933 if (rv && (request.req.bRequestType & USB_DIR_IN)) { 1934 /* Read control data from device */ 1935 res = copy_to_user(request.data, buffer, rv); 1936 if (res) 1937 rv = -EFAULT; 1938 } 1939 1940 exit: 1941 kfree(buffer); 1942 return rv; 1943 } 1944 1945 /* 1946 * Get the usb timeout value 1947 */ 1948 static int usbtmc_ioctl_get_timeout(struct usbtmc_file_data *file_data, 1949 void __user *arg) 1950 { 1951 u32 timeout; 1952 1953 timeout = file_data->timeout; 1954 1955 return put_user(timeout, (__u32 __user *)arg); 1956 } 1957 1958 /* 1959 * Set the usb timeout value 1960 */ 1961 static int usbtmc_ioctl_set_timeout(struct usbtmc_file_data *file_data, 1962 void __user *arg) 1963 { 1964 u32 timeout; 1965 1966 if (get_user(timeout, (__u32 __user *)arg)) 1967 return -EFAULT; 1968 1969 /* Note that timeout = 0 means 1970 * MAX_SCHEDULE_TIMEOUT in usb_control_msg 1971 */ 1972 if (timeout < USBTMC_MIN_TIMEOUT) 1973 return -EINVAL; 1974 1975 file_data->timeout = timeout; 1976 1977 return 0; 1978 } 1979 1980 /* 1981 * enables/disables sending EOM on write 1982 */ 1983 static int usbtmc_ioctl_eom_enable(struct usbtmc_file_data *file_data, 1984 void __user *arg) 1985 { 1986 u8 eom_enable; 1987 1988 if (copy_from_user(&eom_enable, arg, sizeof(eom_enable))) 1989 return -EFAULT; 1990 1991 if (eom_enable > 1) 1992 return -EINVAL; 1993 1994 file_data->eom_val = eom_enable; 1995 1996 return 0; 1997 } 1998 1999 /* 2000 * Configure termination character for read() 2001 */ 2002 static int usbtmc_ioctl_config_termc(struct usbtmc_file_data *file_data, 2003 void __user *arg) 2004 { 2005 struct usbtmc_termchar termc; 2006 2007 if (copy_from_user(&termc, arg, sizeof(termc))) 2008 return -EFAULT; 2009 2010 if ((termc.term_char_enabled > 1) || 2011 (termc.term_char_enabled && 2012 !(file_data->data->capabilities.device_capabilities & 1))) 2013 return -EINVAL; 2014 2015 file_data->term_char = termc.term_char; 2016 file_data->term_char_enabled = termc.term_char_enabled; 2017 2018 return 0; 2019 } 2020 2021 static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2022 { 2023 struct usbtmc_file_data *file_data; 2024 struct usbtmc_device_data *data; 2025 int retval = -EBADRQC; 2026 __u8 tmp_byte; 2027 2028 file_data = file->private_data; 2029 data = file_data->data; 2030 2031 mutex_lock(&data->io_mutex); 2032 if (data->zombie) { 2033 retval = -ENODEV; 2034 goto skip_io_on_zombie; 2035 } 2036 2037 switch (cmd) { 2038 case USBTMC_IOCTL_CLEAR_OUT_HALT: 2039 retval = usbtmc_ioctl_clear_out_halt(data); 2040 break; 2041 2042 case USBTMC_IOCTL_CLEAR_IN_HALT: 2043 retval = usbtmc_ioctl_clear_in_halt(data); 2044 break; 2045 2046 case USBTMC_IOCTL_INDICATOR_PULSE: 2047 retval = usbtmc_ioctl_indicator_pulse(data); 2048 break; 2049 2050 case USBTMC_IOCTL_CLEAR: 2051 retval = usbtmc_ioctl_clear(data); 2052 break; 2053 2054 case USBTMC_IOCTL_ABORT_BULK_OUT: 2055 retval = usbtmc_ioctl_abort_bulk_out(data); 2056 break; 2057 2058 case USBTMC_IOCTL_ABORT_BULK_IN: 2059 retval = usbtmc_ioctl_abort_bulk_in(data); 2060 break; 2061 2062 case USBTMC_IOCTL_CTRL_REQUEST: 2063 retval = usbtmc_ioctl_request(data, (void __user *)arg); 2064 break; 2065 2066 case USBTMC_IOCTL_GET_TIMEOUT: 2067 retval = usbtmc_ioctl_get_timeout(file_data, 2068 (void __user *)arg); 2069 break; 2070 2071 case USBTMC_IOCTL_SET_TIMEOUT: 2072 retval = usbtmc_ioctl_set_timeout(file_data, 2073 (void __user *)arg); 2074 break; 2075 2076 case USBTMC_IOCTL_EOM_ENABLE: 2077 retval = usbtmc_ioctl_eom_enable(file_data, 2078 (void __user *)arg); 2079 break; 2080 2081 case USBTMC_IOCTL_CONFIG_TERMCHAR: 2082 retval = usbtmc_ioctl_config_termc(file_data, 2083 (void __user *)arg); 2084 break; 2085 2086 case USBTMC_IOCTL_WRITE: 2087 retval = usbtmc_ioctl_generic_write(file_data, 2088 (void __user *)arg); 2089 break; 2090 2091 case USBTMC_IOCTL_READ: 2092 retval = usbtmc_ioctl_generic_read(file_data, 2093 (void __user *)arg); 2094 break; 2095 2096 case USBTMC_IOCTL_WRITE_RESULT: 2097 retval = usbtmc_ioctl_write_result(file_data, 2098 (void __user *)arg); 2099 break; 2100 2101 case USBTMC_IOCTL_API_VERSION: 2102 retval = put_user(USBTMC_API_VERSION, 2103 (__u32 __user *)arg); 2104 break; 2105 2106 case USBTMC488_IOCTL_GET_CAPS: 2107 retval = put_user(data->usb488_caps, 2108 (unsigned char __user *)arg); 2109 break; 2110 2111 case USBTMC488_IOCTL_READ_STB: 2112 retval = usbtmc488_ioctl_read_stb(file_data, 2113 (void __user *)arg); 2114 break; 2115 2116 case USBTMC488_IOCTL_REN_CONTROL: 2117 retval = usbtmc488_ioctl_simple(data, (void __user *)arg, 2118 USBTMC488_REQUEST_REN_CONTROL); 2119 break; 2120 2121 case USBTMC488_IOCTL_GOTO_LOCAL: 2122 retval = usbtmc488_ioctl_simple(data, (void __user *)arg, 2123 USBTMC488_REQUEST_GOTO_LOCAL); 2124 break; 2125 2126 case USBTMC488_IOCTL_LOCAL_LOCKOUT: 2127 retval = usbtmc488_ioctl_simple(data, (void __user *)arg, 2128 USBTMC488_REQUEST_LOCAL_LOCKOUT); 2129 break; 2130 2131 case USBTMC488_IOCTL_TRIGGER: 2132 retval = usbtmc488_ioctl_trigger(file_data); 2133 break; 2134 2135 case USBTMC488_IOCTL_WAIT_SRQ: 2136 retval = usbtmc488_ioctl_wait_srq(file_data, 2137 (__u32 __user *)arg); 2138 break; 2139 2140 case USBTMC_IOCTL_MSG_IN_ATTR: 2141 retval = put_user(file_data->bmTransferAttributes, 2142 (__u8 __user *)arg); 2143 break; 2144 2145 case USBTMC_IOCTL_AUTO_ABORT: 2146 retval = get_user(tmp_byte, (unsigned char __user *)arg); 2147 if (retval == 0) 2148 file_data->auto_abort = !!tmp_byte; 2149 break; 2150 2151 case USBTMC_IOCTL_CANCEL_IO: 2152 retval = usbtmc_ioctl_cancel_io(file_data); 2153 break; 2154 2155 case USBTMC_IOCTL_CLEANUP_IO: 2156 retval = usbtmc_ioctl_cleanup_io(file_data); 2157 break; 2158 } 2159 2160 skip_io_on_zombie: 2161 mutex_unlock(&data->io_mutex); 2162 return retval; 2163 } 2164 2165 static int usbtmc_fasync(int fd, struct file *file, int on) 2166 { 2167 struct usbtmc_file_data *file_data = file->private_data; 2168 2169 return fasync_helper(fd, file, on, &file_data->data->fasync); 2170 } 2171 2172 static __poll_t usbtmc_poll(struct file *file, poll_table *wait) 2173 { 2174 struct usbtmc_file_data *file_data = file->private_data; 2175 struct usbtmc_device_data *data = file_data->data; 2176 __poll_t mask; 2177 2178 mutex_lock(&data->io_mutex); 2179 2180 if (data->zombie) { 2181 mask = EPOLLHUP | EPOLLERR; 2182 goto no_poll; 2183 } 2184 2185 poll_wait(file, &data->waitq, wait); 2186 2187 /* Note that EPOLLPRI is now assigned to SRQ, and 2188 * EPOLLIN|EPOLLRDNORM to normal read data. 2189 */ 2190 mask = 0; 2191 if (atomic_read(&file_data->srq_asserted)) 2192 mask |= EPOLLPRI; 2193 2194 /* Note that the anchor submitted includes all urbs for BULK IN 2195 * and OUT. So EPOLLOUT is signaled when BULK OUT is empty and 2196 * all BULK IN urbs are completed and moved to in_anchor. 2197 */ 2198 if (usb_anchor_empty(&file_data->submitted)) 2199 mask |= (EPOLLOUT | EPOLLWRNORM); 2200 if (!usb_anchor_empty(&file_data->in_anchor)) 2201 mask |= (EPOLLIN | EPOLLRDNORM); 2202 2203 spin_lock_irq(&file_data->err_lock); 2204 if (file_data->in_status || file_data->out_status) 2205 mask |= EPOLLERR; 2206 spin_unlock_irq(&file_data->err_lock); 2207 2208 dev_dbg(&data->intf->dev, "poll mask = %x\n", mask); 2209 2210 no_poll: 2211 mutex_unlock(&data->io_mutex); 2212 return mask; 2213 } 2214 2215 static const struct file_operations fops = { 2216 .owner = THIS_MODULE, 2217 .read = usbtmc_read, 2218 .write = usbtmc_write, 2219 .open = usbtmc_open, 2220 .release = usbtmc_release, 2221 .flush = usbtmc_flush, 2222 .unlocked_ioctl = usbtmc_ioctl, 2223 #ifdef CONFIG_COMPAT 2224 .compat_ioctl = usbtmc_ioctl, 2225 #endif 2226 .fasync = usbtmc_fasync, 2227 .poll = usbtmc_poll, 2228 .llseek = default_llseek, 2229 }; 2230 2231 static struct usb_class_driver usbtmc_class = { 2232 .name = "usbtmc%d", 2233 .fops = &fops, 2234 .minor_base = USBTMC_MINOR_BASE, 2235 }; 2236 2237 static void usbtmc_interrupt(struct urb *urb) 2238 { 2239 struct usbtmc_device_data *data = urb->context; 2240 struct device *dev = &data->intf->dev; 2241 int status = urb->status; 2242 int rv; 2243 2244 dev_dbg(&data->intf->dev, "int status: %d len %d\n", 2245 status, urb->actual_length); 2246 2247 switch (status) { 2248 case 0: /* SUCCESS */ 2249 /* check for valid STB notification */ 2250 if (data->iin_buffer[0] > 0x81) { 2251 data->bNotify1 = data->iin_buffer[0]; 2252 data->bNotify2 = data->iin_buffer[1]; 2253 atomic_set(&data->iin_data_valid, 1); 2254 wake_up_interruptible(&data->waitq); 2255 goto exit; 2256 } 2257 /* check for SRQ notification */ 2258 if (data->iin_buffer[0] == 0x81) { 2259 unsigned long flags; 2260 struct list_head *elem; 2261 2262 if (data->fasync) 2263 kill_fasync(&data->fasync, 2264 SIGIO, POLL_PRI); 2265 2266 spin_lock_irqsave(&data->dev_lock, flags); 2267 list_for_each(elem, &data->file_list) { 2268 struct usbtmc_file_data *file_data; 2269 2270 file_data = list_entry(elem, 2271 struct usbtmc_file_data, 2272 file_elem); 2273 file_data->srq_byte = data->iin_buffer[1]; 2274 atomic_set(&file_data->srq_asserted, 1); 2275 } 2276 spin_unlock_irqrestore(&data->dev_lock, flags); 2277 2278 dev_dbg(dev, "srq received bTag %x stb %x\n", 2279 (unsigned int)data->iin_buffer[0], 2280 (unsigned int)data->iin_buffer[1]); 2281 wake_up_interruptible_all(&data->waitq); 2282 goto exit; 2283 } 2284 dev_warn(dev, "invalid notification: %x\n", 2285 data->iin_buffer[0]); 2286 break; 2287 case -EOVERFLOW: 2288 dev_err(dev, "overflow with length %d, actual length is %d\n", 2289 data->iin_wMaxPacketSize, urb->actual_length); 2290 /* fall through */ 2291 case -ECONNRESET: 2292 case -ENOENT: 2293 case -ESHUTDOWN: 2294 case -EILSEQ: 2295 case -ETIME: 2296 case -EPIPE: 2297 /* urb terminated, clean up */ 2298 dev_dbg(dev, "urb terminated, status: %d\n", status); 2299 return; 2300 default: 2301 dev_err(dev, "unknown status received: %d\n", status); 2302 } 2303 exit: 2304 rv = usb_submit_urb(urb, GFP_ATOMIC); 2305 if (rv) 2306 dev_err(dev, "usb_submit_urb failed: %d\n", rv); 2307 } 2308 2309 static void usbtmc_free_int(struct usbtmc_device_data *data) 2310 { 2311 if (!data->iin_ep_present || !data->iin_urb) 2312 return; 2313 usb_kill_urb(data->iin_urb); 2314 kfree(data->iin_buffer); 2315 data->iin_buffer = NULL; 2316 usb_free_urb(data->iin_urb); 2317 data->iin_urb = NULL; 2318 kref_put(&data->kref, usbtmc_delete); 2319 } 2320 2321 static int usbtmc_probe(struct usb_interface *intf, 2322 const struct usb_device_id *id) 2323 { 2324 struct usbtmc_device_data *data; 2325 struct usb_host_interface *iface_desc; 2326 struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in; 2327 int retcode; 2328 2329 dev_dbg(&intf->dev, "%s called\n", __func__); 2330 2331 data = kzalloc(sizeof(*data), GFP_KERNEL); 2332 if (!data) 2333 return -ENOMEM; 2334 2335 data->intf = intf; 2336 data->id = id; 2337 data->usb_dev = usb_get_dev(interface_to_usbdev(intf)); 2338 usb_set_intfdata(intf, data); 2339 kref_init(&data->kref); 2340 mutex_init(&data->io_mutex); 2341 init_waitqueue_head(&data->waitq); 2342 atomic_set(&data->iin_data_valid, 0); 2343 INIT_LIST_HEAD(&data->file_list); 2344 spin_lock_init(&data->dev_lock); 2345 2346 data->zombie = 0; 2347 2348 /* Initialize USBTMC bTag and other fields */ 2349 data->bTag = 1; 2350 /* 2 <= bTag <= 127 USBTMC-USB488 subclass specification 4.3.1 */ 2351 data->iin_bTag = 2; 2352 2353 /* USBTMC devices have only one setting, so use that */ 2354 iface_desc = data->intf->cur_altsetting; 2355 data->ifnum = iface_desc->desc.bInterfaceNumber; 2356 2357 /* Find bulk endpoints */ 2358 retcode = usb_find_common_endpoints(iface_desc, 2359 &bulk_in, &bulk_out, NULL, NULL); 2360 if (retcode) { 2361 dev_err(&intf->dev, "bulk endpoints not found\n"); 2362 goto err_put; 2363 } 2364 2365 data->bulk_in = bulk_in->bEndpointAddress; 2366 data->wMaxPacketSize = usb_endpoint_maxp(bulk_in); 2367 dev_dbg(&intf->dev, "Found bulk in endpoint at %u\n", data->bulk_in); 2368 2369 data->bulk_out = bulk_out->bEndpointAddress; 2370 dev_dbg(&intf->dev, "Found Bulk out endpoint at %u\n", data->bulk_out); 2371 2372 /* Find int endpoint */ 2373 retcode = usb_find_int_in_endpoint(iface_desc, &int_in); 2374 if (!retcode) { 2375 data->iin_ep_present = 1; 2376 data->iin_ep = int_in->bEndpointAddress; 2377 data->iin_wMaxPacketSize = usb_endpoint_maxp(int_in); 2378 data->iin_interval = int_in->bInterval; 2379 dev_dbg(&intf->dev, "Found Int in endpoint at %u\n", 2380 data->iin_ep); 2381 } 2382 2383 retcode = get_capabilities(data); 2384 if (retcode) 2385 dev_err(&intf->dev, "can't read capabilities\n"); 2386 else 2387 retcode = sysfs_create_group(&intf->dev.kobj, 2388 &capability_attr_grp); 2389 2390 if (data->iin_ep_present) { 2391 /* allocate int urb */ 2392 data->iin_urb = usb_alloc_urb(0, GFP_KERNEL); 2393 if (!data->iin_urb) { 2394 retcode = -ENOMEM; 2395 goto error_register; 2396 } 2397 2398 /* Protect interrupt in endpoint data until iin_urb is freed */ 2399 kref_get(&data->kref); 2400 2401 /* allocate buffer for interrupt in */ 2402 data->iin_buffer = kmalloc(data->iin_wMaxPacketSize, 2403 GFP_KERNEL); 2404 if (!data->iin_buffer) { 2405 retcode = -ENOMEM; 2406 goto error_register; 2407 } 2408 2409 /* fill interrupt urb */ 2410 usb_fill_int_urb(data->iin_urb, data->usb_dev, 2411 usb_rcvintpipe(data->usb_dev, data->iin_ep), 2412 data->iin_buffer, data->iin_wMaxPacketSize, 2413 usbtmc_interrupt, 2414 data, data->iin_interval); 2415 2416 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL); 2417 if (retcode) { 2418 dev_err(&intf->dev, "Failed to submit iin_urb\n"); 2419 goto error_register; 2420 } 2421 } 2422 2423 retcode = usb_register_dev(intf, &usbtmc_class); 2424 if (retcode) { 2425 dev_err(&intf->dev, "Not able to get a minor (base %u, slice default): %d\n", 2426 USBTMC_MINOR_BASE, 2427 retcode); 2428 goto error_register; 2429 } 2430 dev_dbg(&intf->dev, "Using minor number %d\n", intf->minor); 2431 2432 return 0; 2433 2434 error_register: 2435 sysfs_remove_group(&intf->dev.kobj, &capability_attr_grp); 2436 usbtmc_free_int(data); 2437 err_put: 2438 kref_put(&data->kref, usbtmc_delete); 2439 return retcode; 2440 } 2441 2442 static void usbtmc_disconnect(struct usb_interface *intf) 2443 { 2444 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2445 struct list_head *elem; 2446 2447 usb_deregister_dev(intf, &usbtmc_class); 2448 sysfs_remove_group(&intf->dev.kobj, &capability_attr_grp); 2449 mutex_lock(&data->io_mutex); 2450 data->zombie = 1; 2451 wake_up_interruptible_all(&data->waitq); 2452 list_for_each(elem, &data->file_list) { 2453 struct usbtmc_file_data *file_data; 2454 2455 file_data = list_entry(elem, 2456 struct usbtmc_file_data, 2457 file_elem); 2458 usb_kill_anchored_urbs(&file_data->submitted); 2459 usb_scuttle_anchored_urbs(&file_data->in_anchor); 2460 } 2461 mutex_unlock(&data->io_mutex); 2462 usbtmc_free_int(data); 2463 kref_put(&data->kref, usbtmc_delete); 2464 } 2465 2466 static void usbtmc_draw_down(struct usbtmc_file_data *file_data) 2467 { 2468 int time; 2469 2470 time = usb_wait_anchor_empty_timeout(&file_data->submitted, 1000); 2471 if (!time) 2472 usb_kill_anchored_urbs(&file_data->submitted); 2473 usb_scuttle_anchored_urbs(&file_data->in_anchor); 2474 } 2475 2476 static int usbtmc_suspend(struct usb_interface *intf, pm_message_t message) 2477 { 2478 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2479 struct list_head *elem; 2480 2481 if (!data) 2482 return 0; 2483 2484 mutex_lock(&data->io_mutex); 2485 list_for_each(elem, &data->file_list) { 2486 struct usbtmc_file_data *file_data; 2487 2488 file_data = list_entry(elem, 2489 struct usbtmc_file_data, 2490 file_elem); 2491 usbtmc_draw_down(file_data); 2492 } 2493 2494 if (data->iin_ep_present && data->iin_urb) 2495 usb_kill_urb(data->iin_urb); 2496 2497 mutex_unlock(&data->io_mutex); 2498 return 0; 2499 } 2500 2501 static int usbtmc_resume(struct usb_interface *intf) 2502 { 2503 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2504 int retcode = 0; 2505 2506 if (data->iin_ep_present && data->iin_urb) 2507 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL); 2508 if (retcode) 2509 dev_err(&intf->dev, "Failed to submit iin_urb\n"); 2510 2511 return retcode; 2512 } 2513 2514 static int usbtmc_pre_reset(struct usb_interface *intf) 2515 { 2516 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2517 struct list_head *elem; 2518 2519 if (!data) 2520 return 0; 2521 2522 mutex_lock(&data->io_mutex); 2523 2524 list_for_each(elem, &data->file_list) { 2525 struct usbtmc_file_data *file_data; 2526 2527 file_data = list_entry(elem, 2528 struct usbtmc_file_data, 2529 file_elem); 2530 usbtmc_ioctl_cancel_io(file_data); 2531 } 2532 2533 return 0; 2534 } 2535 2536 static int usbtmc_post_reset(struct usb_interface *intf) 2537 { 2538 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2539 2540 mutex_unlock(&data->io_mutex); 2541 2542 return 0; 2543 } 2544 2545 static struct usb_driver usbtmc_driver = { 2546 .name = "usbtmc", 2547 .id_table = usbtmc_devices, 2548 .probe = usbtmc_probe, 2549 .disconnect = usbtmc_disconnect, 2550 .suspend = usbtmc_suspend, 2551 .resume = usbtmc_resume, 2552 .pre_reset = usbtmc_pre_reset, 2553 .post_reset = usbtmc_post_reset, 2554 }; 2555 2556 module_usb_driver(usbtmc_driver); 2557 2558 MODULE_LICENSE("GPL"); 2559