1 // SPDX-License-Identifier: GPL-2.0 2 #include <linux/kernel.h> 3 #include <linux/errno.h> 4 #include <linux/init.h> 5 #include <linux/slab.h> 6 #include <linux/mm.h> 7 #include <linux/module.h> 8 #include <linux/moduleparam.h> 9 #include <linux/scatterlist.h> 10 #include <linux/mutex.h> 11 #include <linux/timer.h> 12 #include <linux/usb.h> 13 14 #define SIMPLE_IO_TIMEOUT 10000 /* in milliseconds */ 15 16 /*-------------------------------------------------------------------------*/ 17 18 static int override_alt = -1; 19 module_param_named(alt, override_alt, int, 0644); 20 MODULE_PARM_DESC(alt, ">= 0 to override altsetting selection"); 21 static void complicated_callback(struct urb *urb); 22 23 /*-------------------------------------------------------------------------*/ 24 25 /* FIXME make these public somewhere; usbdevfs.h? */ 26 27 /* Parameter for usbtest driver. */ 28 struct usbtest_param_32 { 29 /* inputs */ 30 __u32 test_num; /* 0..(TEST_CASES-1) */ 31 __u32 iterations; 32 __u32 length; 33 __u32 vary; 34 __u32 sglen; 35 36 /* outputs */ 37 __s32 duration_sec; 38 __s32 duration_usec; 39 }; 40 41 /* 42 * Compat parameter to the usbtest driver. 43 * This supports older user space binaries compiled with 64 bit compiler. 44 */ 45 struct usbtest_param_64 { 46 /* inputs */ 47 __u32 test_num; /* 0..(TEST_CASES-1) */ 48 __u32 iterations; 49 __u32 length; 50 __u32 vary; 51 __u32 sglen; 52 53 /* outputs */ 54 __s64 duration_sec; 55 __s64 duration_usec; 56 }; 57 58 /* IOCTL interface to the driver. */ 59 #define USBTEST_REQUEST_32 _IOWR('U', 100, struct usbtest_param_32) 60 /* COMPAT IOCTL interface to the driver. */ 61 #define USBTEST_REQUEST_64 _IOWR('U', 100, struct usbtest_param_64) 62 63 /*-------------------------------------------------------------------------*/ 64 65 #define GENERIC /* let probe() bind using module params */ 66 67 /* Some devices that can be used for testing will have "real" drivers. 68 * Entries for those need to be enabled here by hand, after disabling 69 * that "real" driver. 70 */ 71 //#define IBOT2 /* grab iBOT2 webcams */ 72 //#define KEYSPAN_19Qi /* grab un-renumerated serial adapter */ 73 74 /*-------------------------------------------------------------------------*/ 75 76 struct usbtest_info { 77 const char *name; 78 u8 ep_in; /* bulk/intr source */ 79 u8 ep_out; /* bulk/intr sink */ 80 unsigned autoconf:1; 81 unsigned ctrl_out:1; 82 unsigned iso:1; /* try iso in/out */ 83 unsigned intr:1; /* try interrupt in/out */ 84 int alt; 85 }; 86 87 /* this is accessed only through usbfs ioctl calls. 88 * one ioctl to issue a test ... one lock per device. 89 * tests create other threads if they need them. 90 * urbs and buffers are allocated dynamically, 91 * and data generated deterministically. 92 */ 93 struct usbtest_dev { 94 struct usb_interface *intf; 95 struct usbtest_info *info; 96 int in_pipe; 97 int out_pipe; 98 int in_iso_pipe; 99 int out_iso_pipe; 100 int in_int_pipe; 101 int out_int_pipe; 102 struct usb_endpoint_descriptor *iso_in, *iso_out; 103 struct usb_endpoint_descriptor *int_in, *int_out; 104 struct mutex lock; 105 106 #define TBUF_SIZE 256 107 u8 *buf; 108 }; 109 110 static struct usb_device *testdev_to_usbdev(struct usbtest_dev *test) 111 { 112 return interface_to_usbdev(test->intf); 113 } 114 115 /* set up all urbs so they can be used with either bulk or interrupt */ 116 #define INTERRUPT_RATE 1 /* msec/transfer */ 117 118 #define ERROR(tdev, fmt, args...) \ 119 dev_err(&(tdev)->intf->dev , fmt , ## args) 120 #define WARNING(tdev, fmt, args...) \ 121 dev_warn(&(tdev)->intf->dev , fmt , ## args) 122 123 #define GUARD_BYTE 0xA5 124 #define MAX_SGLEN 128 125 126 /*-------------------------------------------------------------------------*/ 127 128 static inline void endpoint_update(int edi, 129 struct usb_host_endpoint **in, 130 struct usb_host_endpoint **out, 131 struct usb_host_endpoint *e) 132 { 133 if (edi) { 134 if (!*in) 135 *in = e; 136 } else { 137 if (!*out) 138 *out = e; 139 } 140 } 141 142 static int 143 get_endpoints(struct usbtest_dev *dev, struct usb_interface *intf) 144 { 145 int tmp; 146 struct usb_host_interface *alt; 147 struct usb_host_endpoint *in, *out; 148 struct usb_host_endpoint *iso_in, *iso_out; 149 struct usb_host_endpoint *int_in, *int_out; 150 struct usb_device *udev; 151 152 for (tmp = 0; tmp < intf->num_altsetting; tmp++) { 153 unsigned ep; 154 155 in = out = NULL; 156 iso_in = iso_out = NULL; 157 int_in = int_out = NULL; 158 alt = intf->altsetting + tmp; 159 160 if (override_alt >= 0 && 161 override_alt != alt->desc.bAlternateSetting) 162 continue; 163 164 /* take the first altsetting with in-bulk + out-bulk; 165 * ignore other endpoints and altsettings. 166 */ 167 for (ep = 0; ep < alt->desc.bNumEndpoints; ep++) { 168 struct usb_host_endpoint *e; 169 int edi; 170 171 e = alt->endpoint + ep; 172 edi = usb_endpoint_dir_in(&e->desc); 173 174 switch (usb_endpoint_type(&e->desc)) { 175 case USB_ENDPOINT_XFER_BULK: 176 endpoint_update(edi, &in, &out, e); 177 continue; 178 case USB_ENDPOINT_XFER_INT: 179 if (dev->info->intr) 180 endpoint_update(edi, &int_in, &int_out, e); 181 continue; 182 case USB_ENDPOINT_XFER_ISOC: 183 if (dev->info->iso) 184 endpoint_update(edi, &iso_in, &iso_out, e); 185 /* FALLTHROUGH */ 186 default: 187 continue; 188 } 189 } 190 if ((in && out) || iso_in || iso_out || int_in || int_out) 191 goto found; 192 } 193 return -EINVAL; 194 195 found: 196 udev = testdev_to_usbdev(dev); 197 dev->info->alt = alt->desc.bAlternateSetting; 198 if (alt->desc.bAlternateSetting != 0) { 199 tmp = usb_set_interface(udev, 200 alt->desc.bInterfaceNumber, 201 alt->desc.bAlternateSetting); 202 if (tmp < 0) 203 return tmp; 204 } 205 206 if (in) 207 dev->in_pipe = usb_rcvbulkpipe(udev, 208 in->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK); 209 if (out) 210 dev->out_pipe = usb_sndbulkpipe(udev, 211 out->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK); 212 213 if (iso_in) { 214 dev->iso_in = &iso_in->desc; 215 dev->in_iso_pipe = usb_rcvisocpipe(udev, 216 iso_in->desc.bEndpointAddress 217 & USB_ENDPOINT_NUMBER_MASK); 218 } 219 220 if (iso_out) { 221 dev->iso_out = &iso_out->desc; 222 dev->out_iso_pipe = usb_sndisocpipe(udev, 223 iso_out->desc.bEndpointAddress 224 & USB_ENDPOINT_NUMBER_MASK); 225 } 226 227 if (int_in) { 228 dev->int_in = &int_in->desc; 229 dev->in_int_pipe = usb_rcvintpipe(udev, 230 int_in->desc.bEndpointAddress 231 & USB_ENDPOINT_NUMBER_MASK); 232 } 233 234 if (int_out) { 235 dev->int_out = &int_out->desc; 236 dev->out_int_pipe = usb_sndintpipe(udev, 237 int_out->desc.bEndpointAddress 238 & USB_ENDPOINT_NUMBER_MASK); 239 } 240 return 0; 241 } 242 243 /*-------------------------------------------------------------------------*/ 244 245 /* Support for testing basic non-queued I/O streams. 246 * 247 * These just package urbs as requests that can be easily canceled. 248 * Each urb's data buffer is dynamically allocated; callers can fill 249 * them with non-zero test data (or test for it) when appropriate. 250 */ 251 252 static void simple_callback(struct urb *urb) 253 { 254 complete(urb->context); 255 } 256 257 static struct urb *usbtest_alloc_urb( 258 struct usb_device *udev, 259 int pipe, 260 unsigned long bytes, 261 unsigned transfer_flags, 262 unsigned offset, 263 u8 bInterval, 264 usb_complete_t complete_fn) 265 { 266 struct urb *urb; 267 268 urb = usb_alloc_urb(0, GFP_KERNEL); 269 if (!urb) 270 return urb; 271 272 if (bInterval) 273 usb_fill_int_urb(urb, udev, pipe, NULL, bytes, complete_fn, 274 NULL, bInterval); 275 else 276 usb_fill_bulk_urb(urb, udev, pipe, NULL, bytes, complete_fn, 277 NULL); 278 279 urb->interval = (udev->speed == USB_SPEED_HIGH) 280 ? (INTERRUPT_RATE << 3) 281 : INTERRUPT_RATE; 282 urb->transfer_flags = transfer_flags; 283 if (usb_pipein(pipe)) 284 urb->transfer_flags |= URB_SHORT_NOT_OK; 285 286 if ((bytes + offset) == 0) 287 return urb; 288 289 if (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP) 290 urb->transfer_buffer = usb_alloc_coherent(udev, bytes + offset, 291 GFP_KERNEL, &urb->transfer_dma); 292 else 293 urb->transfer_buffer = kmalloc(bytes + offset, GFP_KERNEL); 294 295 if (!urb->transfer_buffer) { 296 usb_free_urb(urb); 297 return NULL; 298 } 299 300 /* To test unaligned transfers add an offset and fill the 301 unused memory with a guard value */ 302 if (offset) { 303 memset(urb->transfer_buffer, GUARD_BYTE, offset); 304 urb->transfer_buffer += offset; 305 if (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP) 306 urb->transfer_dma += offset; 307 } 308 309 /* For inbound transfers use guard byte so that test fails if 310 data not correctly copied */ 311 memset(urb->transfer_buffer, 312 usb_pipein(urb->pipe) ? GUARD_BYTE : 0, 313 bytes); 314 return urb; 315 } 316 317 static struct urb *simple_alloc_urb( 318 struct usb_device *udev, 319 int pipe, 320 unsigned long bytes, 321 u8 bInterval) 322 { 323 return usbtest_alloc_urb(udev, pipe, bytes, URB_NO_TRANSFER_DMA_MAP, 0, 324 bInterval, simple_callback); 325 } 326 327 static struct urb *complicated_alloc_urb( 328 struct usb_device *udev, 329 int pipe, 330 unsigned long bytes, 331 u8 bInterval) 332 { 333 return usbtest_alloc_urb(udev, pipe, bytes, URB_NO_TRANSFER_DMA_MAP, 0, 334 bInterval, complicated_callback); 335 } 336 337 static unsigned pattern; 338 static unsigned mod_pattern; 339 module_param_named(pattern, mod_pattern, uint, S_IRUGO | S_IWUSR); 340 MODULE_PARM_DESC(mod_pattern, "i/o pattern (0 == zeroes)"); 341 342 static unsigned get_maxpacket(struct usb_device *udev, int pipe) 343 { 344 struct usb_host_endpoint *ep; 345 346 ep = usb_pipe_endpoint(udev, pipe); 347 return le16_to_cpup(&ep->desc.wMaxPacketSize); 348 } 349 350 static void simple_fill_buf(struct urb *urb) 351 { 352 unsigned i; 353 u8 *buf = urb->transfer_buffer; 354 unsigned len = urb->transfer_buffer_length; 355 unsigned maxpacket; 356 357 switch (pattern) { 358 default: 359 /* FALLTHROUGH */ 360 case 0: 361 memset(buf, 0, len); 362 break; 363 case 1: /* mod63 */ 364 maxpacket = get_maxpacket(urb->dev, urb->pipe); 365 for (i = 0; i < len; i++) 366 *buf++ = (u8) ((i % maxpacket) % 63); 367 break; 368 } 369 } 370 371 static inline unsigned long buffer_offset(void *buf) 372 { 373 return (unsigned long)buf & (ARCH_KMALLOC_MINALIGN - 1); 374 } 375 376 static int check_guard_bytes(struct usbtest_dev *tdev, struct urb *urb) 377 { 378 u8 *buf = urb->transfer_buffer; 379 u8 *guard = buf - buffer_offset(buf); 380 unsigned i; 381 382 for (i = 0; guard < buf; i++, guard++) { 383 if (*guard != GUARD_BYTE) { 384 ERROR(tdev, "guard byte[%d] %d (not %d)\n", 385 i, *guard, GUARD_BYTE); 386 return -EINVAL; 387 } 388 } 389 return 0; 390 } 391 392 static int simple_check_buf(struct usbtest_dev *tdev, struct urb *urb) 393 { 394 unsigned i; 395 u8 expected; 396 u8 *buf = urb->transfer_buffer; 397 unsigned len = urb->actual_length; 398 unsigned maxpacket = get_maxpacket(urb->dev, urb->pipe); 399 400 int ret = check_guard_bytes(tdev, urb); 401 if (ret) 402 return ret; 403 404 for (i = 0; i < len; i++, buf++) { 405 switch (pattern) { 406 /* all-zeroes has no synchronization issues */ 407 case 0: 408 expected = 0; 409 break; 410 /* mod63 stays in sync with short-terminated transfers, 411 * or otherwise when host and gadget agree on how large 412 * each usb transfer request should be. resync is done 413 * with set_interface or set_config. 414 */ 415 case 1: /* mod63 */ 416 expected = (i % maxpacket) % 63; 417 break; 418 /* always fail unsupported patterns */ 419 default: 420 expected = !*buf; 421 break; 422 } 423 if (*buf == expected) 424 continue; 425 ERROR(tdev, "buf[%d] = %d (not %d)\n", i, *buf, expected); 426 return -EINVAL; 427 } 428 return 0; 429 } 430 431 static void simple_free_urb(struct urb *urb) 432 { 433 unsigned long offset = buffer_offset(urb->transfer_buffer); 434 435 if (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP) 436 usb_free_coherent( 437 urb->dev, 438 urb->transfer_buffer_length + offset, 439 urb->transfer_buffer - offset, 440 urb->transfer_dma - offset); 441 else 442 kfree(urb->transfer_buffer - offset); 443 usb_free_urb(urb); 444 } 445 446 static int simple_io( 447 struct usbtest_dev *tdev, 448 struct urb *urb, 449 int iterations, 450 int vary, 451 int expected, 452 const char *label 453 ) 454 { 455 struct usb_device *udev = urb->dev; 456 int max = urb->transfer_buffer_length; 457 struct completion completion; 458 int retval = 0; 459 unsigned long expire; 460 461 urb->context = &completion; 462 while (retval == 0 && iterations-- > 0) { 463 init_completion(&completion); 464 if (usb_pipeout(urb->pipe)) { 465 simple_fill_buf(urb); 466 urb->transfer_flags |= URB_ZERO_PACKET; 467 } 468 retval = usb_submit_urb(urb, GFP_KERNEL); 469 if (retval != 0) 470 break; 471 472 expire = msecs_to_jiffies(SIMPLE_IO_TIMEOUT); 473 if (!wait_for_completion_timeout(&completion, expire)) { 474 usb_kill_urb(urb); 475 retval = (urb->status == -ENOENT ? 476 -ETIMEDOUT : urb->status); 477 } else { 478 retval = urb->status; 479 } 480 481 urb->dev = udev; 482 if (retval == 0 && usb_pipein(urb->pipe)) 483 retval = simple_check_buf(tdev, urb); 484 485 if (vary) { 486 int len = urb->transfer_buffer_length; 487 488 len += vary; 489 len %= max; 490 if (len == 0) 491 len = (vary < max) ? vary : max; 492 urb->transfer_buffer_length = len; 493 } 494 495 /* FIXME if endpoint halted, clear halt (and log) */ 496 } 497 urb->transfer_buffer_length = max; 498 499 if (expected != retval) 500 dev_err(&udev->dev, 501 "%s failed, iterations left %d, status %d (not %d)\n", 502 label, iterations, retval, expected); 503 return retval; 504 } 505 506 507 /*-------------------------------------------------------------------------*/ 508 509 /* We use scatterlist primitives to test queued I/O. 510 * Yes, this also tests the scatterlist primitives. 511 */ 512 513 static void free_sglist(struct scatterlist *sg, int nents) 514 { 515 unsigned i; 516 517 if (!sg) 518 return; 519 for (i = 0; i < nents; i++) { 520 if (!sg_page(&sg[i])) 521 continue; 522 kfree(sg_virt(&sg[i])); 523 } 524 kfree(sg); 525 } 526 527 static struct scatterlist * 528 alloc_sglist(int nents, int max, int vary, struct usbtest_dev *dev, int pipe) 529 { 530 struct scatterlist *sg; 531 unsigned int n_size = 0; 532 unsigned i; 533 unsigned size = max; 534 unsigned maxpacket = 535 get_maxpacket(interface_to_usbdev(dev->intf), pipe); 536 537 if (max == 0) 538 return NULL; 539 540 sg = kmalloc_array(nents, sizeof(*sg), GFP_KERNEL); 541 if (!sg) 542 return NULL; 543 sg_init_table(sg, nents); 544 545 for (i = 0; i < nents; i++) { 546 char *buf; 547 unsigned j; 548 549 buf = kzalloc(size, GFP_KERNEL); 550 if (!buf) { 551 free_sglist(sg, i); 552 return NULL; 553 } 554 555 /* kmalloc pages are always physically contiguous! */ 556 sg_set_buf(&sg[i], buf, size); 557 558 switch (pattern) { 559 case 0: 560 /* already zeroed */ 561 break; 562 case 1: 563 for (j = 0; j < size; j++) 564 *buf++ = (u8) (((j + n_size) % maxpacket) % 63); 565 n_size += size; 566 break; 567 } 568 569 if (vary) { 570 size += vary; 571 size %= max; 572 if (size == 0) 573 size = (vary < max) ? vary : max; 574 } 575 } 576 577 return sg; 578 } 579 580 struct sg_timeout { 581 struct timer_list timer; 582 struct usb_sg_request *req; 583 }; 584 585 static void sg_timeout(struct timer_list *t) 586 { 587 struct sg_timeout *timeout = from_timer(timeout, t, timer); 588 589 usb_sg_cancel(timeout->req); 590 } 591 592 static int perform_sglist( 593 struct usbtest_dev *tdev, 594 unsigned iterations, 595 int pipe, 596 struct usb_sg_request *req, 597 struct scatterlist *sg, 598 int nents 599 ) 600 { 601 struct usb_device *udev = testdev_to_usbdev(tdev); 602 int retval = 0; 603 struct sg_timeout timeout = { 604 .req = req, 605 }; 606 607 timer_setup_on_stack(&timeout.timer, sg_timeout, 0); 608 609 while (retval == 0 && iterations-- > 0) { 610 retval = usb_sg_init(req, udev, pipe, 611 (udev->speed == USB_SPEED_HIGH) 612 ? (INTERRUPT_RATE << 3) 613 : INTERRUPT_RATE, 614 sg, nents, 0, GFP_KERNEL); 615 616 if (retval) 617 break; 618 mod_timer(&timeout.timer, jiffies + 619 msecs_to_jiffies(SIMPLE_IO_TIMEOUT)); 620 usb_sg_wait(req); 621 if (!del_timer_sync(&timeout.timer)) 622 retval = -ETIMEDOUT; 623 else 624 retval = req->status; 625 destroy_timer_on_stack(&timeout.timer); 626 627 /* FIXME check resulting data pattern */ 628 629 /* FIXME if endpoint halted, clear halt (and log) */ 630 } 631 632 /* FIXME for unlink or fault handling tests, don't report 633 * failure if retval is as we expected ... 634 */ 635 if (retval) 636 ERROR(tdev, "perform_sglist failed, " 637 "iterations left %d, status %d\n", 638 iterations, retval); 639 return retval; 640 } 641 642 643 /*-------------------------------------------------------------------------*/ 644 645 /* unqueued control message testing 646 * 647 * there's a nice set of device functional requirements in chapter 9 of the 648 * usb 2.0 spec, which we can apply to ANY device, even ones that don't use 649 * special test firmware. 650 * 651 * we know the device is configured (or suspended) by the time it's visible 652 * through usbfs. we can't change that, so we won't test enumeration (which 653 * worked 'well enough' to get here, this time), power management (ditto), 654 * or remote wakeup (which needs human interaction). 655 */ 656 657 static unsigned realworld = 1; 658 module_param(realworld, uint, 0); 659 MODULE_PARM_DESC(realworld, "clear to demand stricter spec compliance"); 660 661 static int get_altsetting(struct usbtest_dev *dev) 662 { 663 struct usb_interface *iface = dev->intf; 664 struct usb_device *udev = interface_to_usbdev(iface); 665 int retval; 666 667 retval = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), 668 USB_REQ_GET_INTERFACE, USB_DIR_IN|USB_RECIP_INTERFACE, 669 0, iface->altsetting[0].desc.bInterfaceNumber, 670 dev->buf, 1, USB_CTRL_GET_TIMEOUT); 671 switch (retval) { 672 case 1: 673 return dev->buf[0]; 674 case 0: 675 retval = -ERANGE; 676 /* FALLTHROUGH */ 677 default: 678 return retval; 679 } 680 } 681 682 static int set_altsetting(struct usbtest_dev *dev, int alternate) 683 { 684 struct usb_interface *iface = dev->intf; 685 struct usb_device *udev; 686 687 if (alternate < 0 || alternate >= 256) 688 return -EINVAL; 689 690 udev = interface_to_usbdev(iface); 691 return usb_set_interface(udev, 692 iface->altsetting[0].desc.bInterfaceNumber, 693 alternate); 694 } 695 696 static int is_good_config(struct usbtest_dev *tdev, int len) 697 { 698 struct usb_config_descriptor *config; 699 700 if (len < sizeof(*config)) 701 return 0; 702 config = (struct usb_config_descriptor *) tdev->buf; 703 704 switch (config->bDescriptorType) { 705 case USB_DT_CONFIG: 706 case USB_DT_OTHER_SPEED_CONFIG: 707 if (config->bLength != 9) { 708 ERROR(tdev, "bogus config descriptor length\n"); 709 return 0; 710 } 711 /* this bit 'must be 1' but often isn't */ 712 if (!realworld && !(config->bmAttributes & 0x80)) { 713 ERROR(tdev, "high bit of config attributes not set\n"); 714 return 0; 715 } 716 if (config->bmAttributes & 0x1f) { /* reserved == 0 */ 717 ERROR(tdev, "reserved config bits set\n"); 718 return 0; 719 } 720 break; 721 default: 722 return 0; 723 } 724 725 if (le16_to_cpu(config->wTotalLength) == len) /* read it all */ 726 return 1; 727 if (le16_to_cpu(config->wTotalLength) >= TBUF_SIZE) /* max partial read */ 728 return 1; 729 ERROR(tdev, "bogus config descriptor read size\n"); 730 return 0; 731 } 732 733 static int is_good_ext(struct usbtest_dev *tdev, u8 *buf) 734 { 735 struct usb_ext_cap_descriptor *ext; 736 u32 attr; 737 738 ext = (struct usb_ext_cap_descriptor *) buf; 739 740 if (ext->bLength != USB_DT_USB_EXT_CAP_SIZE) { 741 ERROR(tdev, "bogus usb 2.0 extension descriptor length\n"); 742 return 0; 743 } 744 745 attr = le32_to_cpu(ext->bmAttributes); 746 /* bits[1:15] is used and others are reserved */ 747 if (attr & ~0xfffe) { /* reserved == 0 */ 748 ERROR(tdev, "reserved bits set\n"); 749 return 0; 750 } 751 752 return 1; 753 } 754 755 static int is_good_ss_cap(struct usbtest_dev *tdev, u8 *buf) 756 { 757 struct usb_ss_cap_descriptor *ss; 758 759 ss = (struct usb_ss_cap_descriptor *) buf; 760 761 if (ss->bLength != USB_DT_USB_SS_CAP_SIZE) { 762 ERROR(tdev, "bogus superspeed device capability descriptor length\n"); 763 return 0; 764 } 765 766 /* 767 * only bit[1] of bmAttributes is used for LTM and others are 768 * reserved 769 */ 770 if (ss->bmAttributes & ~0x02) { /* reserved == 0 */ 771 ERROR(tdev, "reserved bits set in bmAttributes\n"); 772 return 0; 773 } 774 775 /* bits[0:3] of wSpeedSupported is used and others are reserved */ 776 if (le16_to_cpu(ss->wSpeedSupported) & ~0x0f) { /* reserved == 0 */ 777 ERROR(tdev, "reserved bits set in wSpeedSupported\n"); 778 return 0; 779 } 780 781 return 1; 782 } 783 784 static int is_good_con_id(struct usbtest_dev *tdev, u8 *buf) 785 { 786 struct usb_ss_container_id_descriptor *con_id; 787 788 con_id = (struct usb_ss_container_id_descriptor *) buf; 789 790 if (con_id->bLength != USB_DT_USB_SS_CONTN_ID_SIZE) { 791 ERROR(tdev, "bogus container id descriptor length\n"); 792 return 0; 793 } 794 795 if (con_id->bReserved) { /* reserved == 0 */ 796 ERROR(tdev, "reserved bits set\n"); 797 return 0; 798 } 799 800 return 1; 801 } 802 803 /* sanity test for standard requests working with usb_control_mesg() and some 804 * of the utility functions which use it. 805 * 806 * this doesn't test how endpoint halts behave or data toggles get set, since 807 * we won't do I/O to bulk/interrupt endpoints here (which is how to change 808 * halt or toggle). toggle testing is impractical without support from hcds. 809 * 810 * this avoids failing devices linux would normally work with, by not testing 811 * config/altsetting operations for devices that only support their defaults. 812 * such devices rarely support those needless operations. 813 * 814 * NOTE that since this is a sanity test, it's not examining boundary cases 815 * to see if usbcore, hcd, and device all behave right. such testing would 816 * involve varied read sizes and other operation sequences. 817 */ 818 static int ch9_postconfig(struct usbtest_dev *dev) 819 { 820 struct usb_interface *iface = dev->intf; 821 struct usb_device *udev = interface_to_usbdev(iface); 822 int i, alt, retval; 823 824 /* [9.2.3] if there's more than one altsetting, we need to be able to 825 * set and get each one. mostly trusts the descriptors from usbcore. 826 */ 827 for (i = 0; i < iface->num_altsetting; i++) { 828 829 /* 9.2.3 constrains the range here */ 830 alt = iface->altsetting[i].desc.bAlternateSetting; 831 if (alt < 0 || alt >= iface->num_altsetting) { 832 dev_err(&iface->dev, 833 "invalid alt [%d].bAltSetting = %d\n", 834 i, alt); 835 } 836 837 /* [real world] get/set unimplemented if there's only one */ 838 if (realworld && iface->num_altsetting == 1) 839 continue; 840 841 /* [9.4.10] set_interface */ 842 retval = set_altsetting(dev, alt); 843 if (retval) { 844 dev_err(&iface->dev, "can't set_interface = %d, %d\n", 845 alt, retval); 846 return retval; 847 } 848 849 /* [9.4.4] get_interface always works */ 850 retval = get_altsetting(dev); 851 if (retval != alt) { 852 dev_err(&iface->dev, "get alt should be %d, was %d\n", 853 alt, retval); 854 return (retval < 0) ? retval : -EDOM; 855 } 856 857 } 858 859 /* [real world] get_config unimplemented if there's only one */ 860 if (!realworld || udev->descriptor.bNumConfigurations != 1) { 861 int expected = udev->actconfig->desc.bConfigurationValue; 862 863 /* [9.4.2] get_configuration always works 864 * ... although some cheap devices (like one TI Hub I've got) 865 * won't return config descriptors except before set_config. 866 */ 867 retval = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), 868 USB_REQ_GET_CONFIGURATION, 869 USB_DIR_IN | USB_RECIP_DEVICE, 870 0, 0, dev->buf, 1, USB_CTRL_GET_TIMEOUT); 871 if (retval != 1 || dev->buf[0] != expected) { 872 dev_err(&iface->dev, "get config --> %d %d (1 %d)\n", 873 retval, dev->buf[0], expected); 874 return (retval < 0) ? retval : -EDOM; 875 } 876 } 877 878 /* there's always [9.4.3] a device descriptor [9.6.1] */ 879 retval = usb_get_descriptor(udev, USB_DT_DEVICE, 0, 880 dev->buf, sizeof(udev->descriptor)); 881 if (retval != sizeof(udev->descriptor)) { 882 dev_err(&iface->dev, "dev descriptor --> %d\n", retval); 883 return (retval < 0) ? retval : -EDOM; 884 } 885 886 /* 887 * there's always [9.4.3] a bos device descriptor [9.6.2] in USB 888 * 3.0 spec 889 */ 890 if (le16_to_cpu(udev->descriptor.bcdUSB) >= 0x0210) { 891 struct usb_bos_descriptor *bos = NULL; 892 struct usb_dev_cap_header *header = NULL; 893 unsigned total, num, length; 894 u8 *buf; 895 896 retval = usb_get_descriptor(udev, USB_DT_BOS, 0, dev->buf, 897 sizeof(*udev->bos->desc)); 898 if (retval != sizeof(*udev->bos->desc)) { 899 dev_err(&iface->dev, "bos descriptor --> %d\n", retval); 900 return (retval < 0) ? retval : -EDOM; 901 } 902 903 bos = (struct usb_bos_descriptor *)dev->buf; 904 total = le16_to_cpu(bos->wTotalLength); 905 num = bos->bNumDeviceCaps; 906 907 if (total > TBUF_SIZE) 908 total = TBUF_SIZE; 909 910 /* 911 * get generic device-level capability descriptors [9.6.2] 912 * in USB 3.0 spec 913 */ 914 retval = usb_get_descriptor(udev, USB_DT_BOS, 0, dev->buf, 915 total); 916 if (retval != total) { 917 dev_err(&iface->dev, "bos descriptor set --> %d\n", 918 retval); 919 return (retval < 0) ? retval : -EDOM; 920 } 921 922 length = sizeof(*udev->bos->desc); 923 buf = dev->buf; 924 for (i = 0; i < num; i++) { 925 buf += length; 926 if (buf + sizeof(struct usb_dev_cap_header) > 927 dev->buf + total) 928 break; 929 930 header = (struct usb_dev_cap_header *)buf; 931 length = header->bLength; 932 933 if (header->bDescriptorType != 934 USB_DT_DEVICE_CAPABILITY) { 935 dev_warn(&udev->dev, "not device capability descriptor, skip\n"); 936 continue; 937 } 938 939 switch (header->bDevCapabilityType) { 940 case USB_CAP_TYPE_EXT: 941 if (buf + USB_DT_USB_EXT_CAP_SIZE > 942 dev->buf + total || 943 !is_good_ext(dev, buf)) { 944 dev_err(&iface->dev, "bogus usb 2.0 extension descriptor\n"); 945 return -EDOM; 946 } 947 break; 948 case USB_SS_CAP_TYPE: 949 if (buf + USB_DT_USB_SS_CAP_SIZE > 950 dev->buf + total || 951 !is_good_ss_cap(dev, buf)) { 952 dev_err(&iface->dev, "bogus superspeed device capability descriptor\n"); 953 return -EDOM; 954 } 955 break; 956 case CONTAINER_ID_TYPE: 957 if (buf + USB_DT_USB_SS_CONTN_ID_SIZE > 958 dev->buf + total || 959 !is_good_con_id(dev, buf)) { 960 dev_err(&iface->dev, "bogus container id descriptor\n"); 961 return -EDOM; 962 } 963 break; 964 default: 965 break; 966 } 967 } 968 } 969 970 /* there's always [9.4.3] at least one config descriptor [9.6.3] */ 971 for (i = 0; i < udev->descriptor.bNumConfigurations; i++) { 972 retval = usb_get_descriptor(udev, USB_DT_CONFIG, i, 973 dev->buf, TBUF_SIZE); 974 if (!is_good_config(dev, retval)) { 975 dev_err(&iface->dev, 976 "config [%d] descriptor --> %d\n", 977 i, retval); 978 return (retval < 0) ? retval : -EDOM; 979 } 980 981 /* FIXME cross-checking udev->config[i] to make sure usbcore 982 * parsed it right (etc) would be good testing paranoia 983 */ 984 } 985 986 /* and sometimes [9.2.6.6] speed dependent descriptors */ 987 if (le16_to_cpu(udev->descriptor.bcdUSB) == 0x0200) { 988 struct usb_qualifier_descriptor *d = NULL; 989 990 /* device qualifier [9.6.2] */ 991 retval = usb_get_descriptor(udev, 992 USB_DT_DEVICE_QUALIFIER, 0, dev->buf, 993 sizeof(struct usb_qualifier_descriptor)); 994 if (retval == -EPIPE) { 995 if (udev->speed == USB_SPEED_HIGH) { 996 dev_err(&iface->dev, 997 "hs dev qualifier --> %d\n", 998 retval); 999 return retval; 1000 } 1001 /* usb2.0 but not high-speed capable; fine */ 1002 } else if (retval != sizeof(struct usb_qualifier_descriptor)) { 1003 dev_err(&iface->dev, "dev qualifier --> %d\n", retval); 1004 return (retval < 0) ? retval : -EDOM; 1005 } else 1006 d = (struct usb_qualifier_descriptor *) dev->buf; 1007 1008 /* might not have [9.6.2] any other-speed configs [9.6.4] */ 1009 if (d) { 1010 unsigned max = d->bNumConfigurations; 1011 for (i = 0; i < max; i++) { 1012 retval = usb_get_descriptor(udev, 1013 USB_DT_OTHER_SPEED_CONFIG, i, 1014 dev->buf, TBUF_SIZE); 1015 if (!is_good_config(dev, retval)) { 1016 dev_err(&iface->dev, 1017 "other speed config --> %d\n", 1018 retval); 1019 return (retval < 0) ? retval : -EDOM; 1020 } 1021 } 1022 } 1023 } 1024 /* FIXME fetch strings from at least the device descriptor */ 1025 1026 /* [9.4.5] get_status always works */ 1027 retval = usb_get_std_status(udev, USB_RECIP_DEVICE, 0, dev->buf); 1028 if (retval) { 1029 dev_err(&iface->dev, "get dev status --> %d\n", retval); 1030 return retval; 1031 } 1032 1033 /* FIXME configuration.bmAttributes says if we could try to set/clear 1034 * the device's remote wakeup feature ... if we can, test that here 1035 */ 1036 1037 retval = usb_get_std_status(udev, USB_RECIP_INTERFACE, 1038 iface->altsetting[0].desc.bInterfaceNumber, dev->buf); 1039 if (retval) { 1040 dev_err(&iface->dev, "get interface status --> %d\n", retval); 1041 return retval; 1042 } 1043 /* FIXME get status for each endpoint in the interface */ 1044 1045 return 0; 1046 } 1047 1048 /*-------------------------------------------------------------------------*/ 1049 1050 /* use ch9 requests to test whether: 1051 * (a) queues work for control, keeping N subtests queued and 1052 * active (auto-resubmit) for M loops through the queue. 1053 * (b) protocol stalls (control-only) will autorecover. 1054 * it's not like bulk/intr; no halt clearing. 1055 * (c) short control reads are reported and handled. 1056 * (d) queues are always processed in-order 1057 */ 1058 1059 struct ctrl_ctx { 1060 spinlock_t lock; 1061 struct usbtest_dev *dev; 1062 struct completion complete; 1063 unsigned count; 1064 unsigned pending; 1065 int status; 1066 struct urb **urb; 1067 struct usbtest_param_32 *param; 1068 int last; 1069 }; 1070 1071 #define NUM_SUBCASES 16 /* how many test subcases here? */ 1072 1073 struct subcase { 1074 struct usb_ctrlrequest setup; 1075 int number; 1076 int expected; 1077 }; 1078 1079 static void ctrl_complete(struct urb *urb) 1080 { 1081 struct ctrl_ctx *ctx = urb->context; 1082 struct usb_ctrlrequest *reqp; 1083 struct subcase *subcase; 1084 int status = urb->status; 1085 1086 reqp = (struct usb_ctrlrequest *)urb->setup_packet; 1087 subcase = container_of(reqp, struct subcase, setup); 1088 1089 spin_lock(&ctx->lock); 1090 ctx->count--; 1091 ctx->pending--; 1092 1093 /* queue must transfer and complete in fifo order, unless 1094 * usb_unlink_urb() is used to unlink something not at the 1095 * physical queue head (not tested). 1096 */ 1097 if (subcase->number > 0) { 1098 if ((subcase->number - ctx->last) != 1) { 1099 ERROR(ctx->dev, 1100 "subcase %d completed out of order, last %d\n", 1101 subcase->number, ctx->last); 1102 status = -EDOM; 1103 ctx->last = subcase->number; 1104 goto error; 1105 } 1106 } 1107 ctx->last = subcase->number; 1108 1109 /* succeed or fault in only one way? */ 1110 if (status == subcase->expected) 1111 status = 0; 1112 1113 /* async unlink for cleanup? */ 1114 else if (status != -ECONNRESET) { 1115 1116 /* some faults are allowed, not required */ 1117 if (subcase->expected > 0 && ( 1118 ((status == -subcase->expected /* happened */ 1119 || status == 0)))) /* didn't */ 1120 status = 0; 1121 /* sometimes more than one fault is allowed */ 1122 else if (subcase->number == 12 && status == -EPIPE) 1123 status = 0; 1124 else 1125 ERROR(ctx->dev, "subtest %d error, status %d\n", 1126 subcase->number, status); 1127 } 1128 1129 /* unexpected status codes mean errors; ideally, in hardware */ 1130 if (status) { 1131 error: 1132 if (ctx->status == 0) { 1133 int i; 1134 1135 ctx->status = status; 1136 ERROR(ctx->dev, "control queue %02x.%02x, err %d, " 1137 "%d left, subcase %d, len %d/%d\n", 1138 reqp->bRequestType, reqp->bRequest, 1139 status, ctx->count, subcase->number, 1140 urb->actual_length, 1141 urb->transfer_buffer_length); 1142 1143 /* FIXME this "unlink everything" exit route should 1144 * be a separate test case. 1145 */ 1146 1147 /* unlink whatever's still pending */ 1148 for (i = 1; i < ctx->param->sglen; i++) { 1149 struct urb *u = ctx->urb[ 1150 (i + subcase->number) 1151 % ctx->param->sglen]; 1152 1153 if (u == urb || !u->dev) 1154 continue; 1155 spin_unlock(&ctx->lock); 1156 status = usb_unlink_urb(u); 1157 spin_lock(&ctx->lock); 1158 switch (status) { 1159 case -EINPROGRESS: 1160 case -EBUSY: 1161 case -EIDRM: 1162 continue; 1163 default: 1164 ERROR(ctx->dev, "urb unlink --> %d\n", 1165 status); 1166 } 1167 } 1168 status = ctx->status; 1169 } 1170 } 1171 1172 /* resubmit if we need to, else mark this as done */ 1173 if ((status == 0) && (ctx->pending < ctx->count)) { 1174 status = usb_submit_urb(urb, GFP_ATOMIC); 1175 if (status != 0) { 1176 ERROR(ctx->dev, 1177 "can't resubmit ctrl %02x.%02x, err %d\n", 1178 reqp->bRequestType, reqp->bRequest, status); 1179 urb->dev = NULL; 1180 } else 1181 ctx->pending++; 1182 } else 1183 urb->dev = NULL; 1184 1185 /* signal completion when nothing's queued */ 1186 if (ctx->pending == 0) 1187 complete(&ctx->complete); 1188 spin_unlock(&ctx->lock); 1189 } 1190 1191 static int 1192 test_ctrl_queue(struct usbtest_dev *dev, struct usbtest_param_32 *param) 1193 { 1194 struct usb_device *udev = testdev_to_usbdev(dev); 1195 struct urb **urb; 1196 struct ctrl_ctx context; 1197 int i; 1198 1199 if (param->sglen == 0 || param->iterations > UINT_MAX / param->sglen) 1200 return -EOPNOTSUPP; 1201 1202 spin_lock_init(&context.lock); 1203 context.dev = dev; 1204 init_completion(&context.complete); 1205 context.count = param->sglen * param->iterations; 1206 context.pending = 0; 1207 context.status = -ENOMEM; 1208 context.param = param; 1209 context.last = -1; 1210 1211 /* allocate and init the urbs we'll queue. 1212 * as with bulk/intr sglists, sglen is the queue depth; it also 1213 * controls which subtests run (more tests than sglen) or rerun. 1214 */ 1215 urb = kcalloc(param->sglen, sizeof(struct urb *), GFP_KERNEL); 1216 if (!urb) 1217 return -ENOMEM; 1218 for (i = 0; i < param->sglen; i++) { 1219 int pipe = usb_rcvctrlpipe(udev, 0); 1220 unsigned len; 1221 struct urb *u; 1222 struct usb_ctrlrequest req; 1223 struct subcase *reqp; 1224 1225 /* sign of this variable means: 1226 * -: tested code must return this (negative) error code 1227 * +: tested code may return this (negative too) error code 1228 */ 1229 int expected = 0; 1230 1231 /* requests here are mostly expected to succeed on any 1232 * device, but some are chosen to trigger protocol stalls 1233 * or short reads. 1234 */ 1235 memset(&req, 0, sizeof(req)); 1236 req.bRequest = USB_REQ_GET_DESCRIPTOR; 1237 req.bRequestType = USB_DIR_IN|USB_RECIP_DEVICE; 1238 1239 switch (i % NUM_SUBCASES) { 1240 case 0: /* get device descriptor */ 1241 req.wValue = cpu_to_le16(USB_DT_DEVICE << 8); 1242 len = sizeof(struct usb_device_descriptor); 1243 break; 1244 case 1: /* get first config descriptor (only) */ 1245 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0); 1246 len = sizeof(struct usb_config_descriptor); 1247 break; 1248 case 2: /* get altsetting (OFTEN STALLS) */ 1249 req.bRequest = USB_REQ_GET_INTERFACE; 1250 req.bRequestType = USB_DIR_IN|USB_RECIP_INTERFACE; 1251 /* index = 0 means first interface */ 1252 len = 1; 1253 expected = EPIPE; 1254 break; 1255 case 3: /* get interface status */ 1256 req.bRequest = USB_REQ_GET_STATUS; 1257 req.bRequestType = USB_DIR_IN|USB_RECIP_INTERFACE; 1258 /* interface 0 */ 1259 len = 2; 1260 break; 1261 case 4: /* get device status */ 1262 req.bRequest = USB_REQ_GET_STATUS; 1263 req.bRequestType = USB_DIR_IN|USB_RECIP_DEVICE; 1264 len = 2; 1265 break; 1266 case 5: /* get device qualifier (MAY STALL) */ 1267 req.wValue = cpu_to_le16 (USB_DT_DEVICE_QUALIFIER << 8); 1268 len = sizeof(struct usb_qualifier_descriptor); 1269 if (udev->speed != USB_SPEED_HIGH) 1270 expected = EPIPE; 1271 break; 1272 case 6: /* get first config descriptor, plus interface */ 1273 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0); 1274 len = sizeof(struct usb_config_descriptor); 1275 len += sizeof(struct usb_interface_descriptor); 1276 break; 1277 case 7: /* get interface descriptor (ALWAYS STALLS) */ 1278 req.wValue = cpu_to_le16 (USB_DT_INTERFACE << 8); 1279 /* interface == 0 */ 1280 len = sizeof(struct usb_interface_descriptor); 1281 expected = -EPIPE; 1282 break; 1283 /* NOTE: two consecutive stalls in the queue here. 1284 * that tests fault recovery a bit more aggressively. */ 1285 case 8: /* clear endpoint halt (MAY STALL) */ 1286 req.bRequest = USB_REQ_CLEAR_FEATURE; 1287 req.bRequestType = USB_RECIP_ENDPOINT; 1288 /* wValue 0 == ep halt */ 1289 /* wIndex 0 == ep0 (shouldn't halt!) */ 1290 len = 0; 1291 pipe = usb_sndctrlpipe(udev, 0); 1292 expected = EPIPE; 1293 break; 1294 case 9: /* get endpoint status */ 1295 req.bRequest = USB_REQ_GET_STATUS; 1296 req.bRequestType = USB_DIR_IN|USB_RECIP_ENDPOINT; 1297 /* endpoint 0 */ 1298 len = 2; 1299 break; 1300 case 10: /* trigger short read (EREMOTEIO) */ 1301 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0); 1302 len = 1024; 1303 expected = -EREMOTEIO; 1304 break; 1305 /* NOTE: two consecutive _different_ faults in the queue. */ 1306 case 11: /* get endpoint descriptor (ALWAYS STALLS) */ 1307 req.wValue = cpu_to_le16(USB_DT_ENDPOINT << 8); 1308 /* endpoint == 0 */ 1309 len = sizeof(struct usb_interface_descriptor); 1310 expected = EPIPE; 1311 break; 1312 /* NOTE: sometimes even a third fault in the queue! */ 1313 case 12: /* get string 0 descriptor (MAY STALL) */ 1314 req.wValue = cpu_to_le16(USB_DT_STRING << 8); 1315 /* string == 0, for language IDs */ 1316 len = sizeof(struct usb_interface_descriptor); 1317 /* may succeed when > 4 languages */ 1318 expected = EREMOTEIO; /* or EPIPE, if no strings */ 1319 break; 1320 case 13: /* short read, resembling case 10 */ 1321 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0); 1322 /* last data packet "should" be DATA1, not DATA0 */ 1323 if (udev->speed == USB_SPEED_SUPER) 1324 len = 1024 - 512; 1325 else 1326 len = 1024 - udev->descriptor.bMaxPacketSize0; 1327 expected = -EREMOTEIO; 1328 break; 1329 case 14: /* short read; try to fill the last packet */ 1330 req.wValue = cpu_to_le16((USB_DT_DEVICE << 8) | 0); 1331 /* device descriptor size == 18 bytes */ 1332 len = udev->descriptor.bMaxPacketSize0; 1333 if (udev->speed == USB_SPEED_SUPER) 1334 len = 512; 1335 switch (len) { 1336 case 8: 1337 len = 24; 1338 break; 1339 case 16: 1340 len = 32; 1341 break; 1342 } 1343 expected = -EREMOTEIO; 1344 break; 1345 case 15: 1346 req.wValue = cpu_to_le16(USB_DT_BOS << 8); 1347 if (udev->bos) 1348 len = le16_to_cpu(udev->bos->desc->wTotalLength); 1349 else 1350 len = sizeof(struct usb_bos_descriptor); 1351 if (le16_to_cpu(udev->descriptor.bcdUSB) < 0x0201) 1352 expected = -EPIPE; 1353 break; 1354 default: 1355 ERROR(dev, "bogus number of ctrl queue testcases!\n"); 1356 context.status = -EINVAL; 1357 goto cleanup; 1358 } 1359 req.wLength = cpu_to_le16(len); 1360 urb[i] = u = simple_alloc_urb(udev, pipe, len, 0); 1361 if (!u) 1362 goto cleanup; 1363 1364 reqp = kmalloc(sizeof(*reqp), GFP_KERNEL); 1365 if (!reqp) 1366 goto cleanup; 1367 reqp->setup = req; 1368 reqp->number = i % NUM_SUBCASES; 1369 reqp->expected = expected; 1370 u->setup_packet = (char *) &reqp->setup; 1371 1372 u->context = &context; 1373 u->complete = ctrl_complete; 1374 } 1375 1376 /* queue the urbs */ 1377 context.urb = urb; 1378 spin_lock_irq(&context.lock); 1379 for (i = 0; i < param->sglen; i++) { 1380 context.status = usb_submit_urb(urb[i], GFP_ATOMIC); 1381 if (context.status != 0) { 1382 ERROR(dev, "can't submit urb[%d], status %d\n", 1383 i, context.status); 1384 context.count = context.pending; 1385 break; 1386 } 1387 context.pending++; 1388 } 1389 spin_unlock_irq(&context.lock); 1390 1391 /* FIXME set timer and time out; provide a disconnect hook */ 1392 1393 /* wait for the last one to complete */ 1394 if (context.pending > 0) 1395 wait_for_completion(&context.complete); 1396 1397 cleanup: 1398 for (i = 0; i < param->sglen; i++) { 1399 if (!urb[i]) 1400 continue; 1401 urb[i]->dev = udev; 1402 kfree(urb[i]->setup_packet); 1403 simple_free_urb(urb[i]); 1404 } 1405 kfree(urb); 1406 return context.status; 1407 } 1408 #undef NUM_SUBCASES 1409 1410 1411 /*-------------------------------------------------------------------------*/ 1412 1413 static void unlink1_callback(struct urb *urb) 1414 { 1415 int status = urb->status; 1416 1417 /* we "know" -EPIPE (stall) never happens */ 1418 if (!status) 1419 status = usb_submit_urb(urb, GFP_ATOMIC); 1420 if (status) { 1421 urb->status = status; 1422 complete(urb->context); 1423 } 1424 } 1425 1426 static int unlink1(struct usbtest_dev *dev, int pipe, int size, int async) 1427 { 1428 struct urb *urb; 1429 struct completion completion; 1430 int retval = 0; 1431 1432 init_completion(&completion); 1433 urb = simple_alloc_urb(testdev_to_usbdev(dev), pipe, size, 0); 1434 if (!urb) 1435 return -ENOMEM; 1436 urb->context = &completion; 1437 urb->complete = unlink1_callback; 1438 1439 if (usb_pipeout(urb->pipe)) { 1440 simple_fill_buf(urb); 1441 urb->transfer_flags |= URB_ZERO_PACKET; 1442 } 1443 1444 /* keep the endpoint busy. there are lots of hc/hcd-internal 1445 * states, and testing should get to all of them over time. 1446 * 1447 * FIXME want additional tests for when endpoint is STALLing 1448 * due to errors, or is just NAKing requests. 1449 */ 1450 retval = usb_submit_urb(urb, GFP_KERNEL); 1451 if (retval != 0) { 1452 dev_err(&dev->intf->dev, "submit fail %d\n", retval); 1453 return retval; 1454 } 1455 1456 /* unlinking that should always work. variable delay tests more 1457 * hcd states and code paths, even with little other system load. 1458 */ 1459 msleep(jiffies % (2 * INTERRUPT_RATE)); 1460 if (async) { 1461 while (!completion_done(&completion)) { 1462 retval = usb_unlink_urb(urb); 1463 1464 if (retval == 0 && usb_pipein(urb->pipe)) 1465 retval = simple_check_buf(dev, urb); 1466 1467 switch (retval) { 1468 case -EBUSY: 1469 case -EIDRM: 1470 /* we can't unlink urbs while they're completing 1471 * or if they've completed, and we haven't 1472 * resubmitted. "normal" drivers would prevent 1473 * resubmission, but since we're testing unlink 1474 * paths, we can't. 1475 */ 1476 ERROR(dev, "unlink retry\n"); 1477 continue; 1478 case 0: 1479 case -EINPROGRESS: 1480 break; 1481 1482 default: 1483 dev_err(&dev->intf->dev, 1484 "unlink fail %d\n", retval); 1485 return retval; 1486 } 1487 1488 break; 1489 } 1490 } else 1491 usb_kill_urb(urb); 1492 1493 wait_for_completion(&completion); 1494 retval = urb->status; 1495 simple_free_urb(urb); 1496 1497 if (async) 1498 return (retval == -ECONNRESET) ? 0 : retval - 1000; 1499 else 1500 return (retval == -ENOENT || retval == -EPERM) ? 1501 0 : retval - 2000; 1502 } 1503 1504 static int unlink_simple(struct usbtest_dev *dev, int pipe, int len) 1505 { 1506 int retval = 0; 1507 1508 /* test sync and async paths */ 1509 retval = unlink1(dev, pipe, len, 1); 1510 if (!retval) 1511 retval = unlink1(dev, pipe, len, 0); 1512 return retval; 1513 } 1514 1515 /*-------------------------------------------------------------------------*/ 1516 1517 struct queued_ctx { 1518 struct completion complete; 1519 atomic_t pending; 1520 unsigned num; 1521 int status; 1522 struct urb **urbs; 1523 }; 1524 1525 static void unlink_queued_callback(struct urb *urb) 1526 { 1527 int status = urb->status; 1528 struct queued_ctx *ctx = urb->context; 1529 1530 if (ctx->status) 1531 goto done; 1532 if (urb == ctx->urbs[ctx->num - 4] || urb == ctx->urbs[ctx->num - 2]) { 1533 if (status == -ECONNRESET) 1534 goto done; 1535 /* What error should we report if the URB completed normally? */ 1536 } 1537 if (status != 0) 1538 ctx->status = status; 1539 1540 done: 1541 if (atomic_dec_and_test(&ctx->pending)) 1542 complete(&ctx->complete); 1543 } 1544 1545 static int unlink_queued(struct usbtest_dev *dev, int pipe, unsigned num, 1546 unsigned size) 1547 { 1548 struct queued_ctx ctx; 1549 struct usb_device *udev = testdev_to_usbdev(dev); 1550 void *buf; 1551 dma_addr_t buf_dma; 1552 int i; 1553 int retval = -ENOMEM; 1554 1555 init_completion(&ctx.complete); 1556 atomic_set(&ctx.pending, 1); /* One more than the actual value */ 1557 ctx.num = num; 1558 ctx.status = 0; 1559 1560 buf = usb_alloc_coherent(udev, size, GFP_KERNEL, &buf_dma); 1561 if (!buf) 1562 return retval; 1563 memset(buf, 0, size); 1564 1565 /* Allocate and init the urbs we'll queue */ 1566 ctx.urbs = kcalloc(num, sizeof(struct urb *), GFP_KERNEL); 1567 if (!ctx.urbs) 1568 goto free_buf; 1569 for (i = 0; i < num; i++) { 1570 ctx.urbs[i] = usb_alloc_urb(0, GFP_KERNEL); 1571 if (!ctx.urbs[i]) 1572 goto free_urbs; 1573 usb_fill_bulk_urb(ctx.urbs[i], udev, pipe, buf, size, 1574 unlink_queued_callback, &ctx); 1575 ctx.urbs[i]->transfer_dma = buf_dma; 1576 ctx.urbs[i]->transfer_flags = URB_NO_TRANSFER_DMA_MAP; 1577 1578 if (usb_pipeout(ctx.urbs[i]->pipe)) { 1579 simple_fill_buf(ctx.urbs[i]); 1580 ctx.urbs[i]->transfer_flags |= URB_ZERO_PACKET; 1581 } 1582 } 1583 1584 /* Submit all the URBs and then unlink URBs num - 4 and num - 2. */ 1585 for (i = 0; i < num; i++) { 1586 atomic_inc(&ctx.pending); 1587 retval = usb_submit_urb(ctx.urbs[i], GFP_KERNEL); 1588 if (retval != 0) { 1589 dev_err(&dev->intf->dev, "submit urbs[%d] fail %d\n", 1590 i, retval); 1591 atomic_dec(&ctx.pending); 1592 ctx.status = retval; 1593 break; 1594 } 1595 } 1596 if (i == num) { 1597 usb_unlink_urb(ctx.urbs[num - 4]); 1598 usb_unlink_urb(ctx.urbs[num - 2]); 1599 } else { 1600 while (--i >= 0) 1601 usb_unlink_urb(ctx.urbs[i]); 1602 } 1603 1604 if (atomic_dec_and_test(&ctx.pending)) /* The extra count */ 1605 complete(&ctx.complete); 1606 wait_for_completion(&ctx.complete); 1607 retval = ctx.status; 1608 1609 free_urbs: 1610 for (i = 0; i < num; i++) 1611 usb_free_urb(ctx.urbs[i]); 1612 kfree(ctx.urbs); 1613 free_buf: 1614 usb_free_coherent(udev, size, buf, buf_dma); 1615 return retval; 1616 } 1617 1618 /*-------------------------------------------------------------------------*/ 1619 1620 static int verify_not_halted(struct usbtest_dev *tdev, int ep, struct urb *urb) 1621 { 1622 int retval; 1623 u16 status; 1624 1625 /* shouldn't look or act halted */ 1626 retval = usb_get_std_status(urb->dev, USB_RECIP_ENDPOINT, ep, &status); 1627 if (retval < 0) { 1628 ERROR(tdev, "ep %02x couldn't get no-halt status, %d\n", 1629 ep, retval); 1630 return retval; 1631 } 1632 if (status != 0) { 1633 ERROR(tdev, "ep %02x bogus status: %04x != 0\n", ep, status); 1634 return -EINVAL; 1635 } 1636 retval = simple_io(tdev, urb, 1, 0, 0, __func__); 1637 if (retval != 0) 1638 return -EINVAL; 1639 return 0; 1640 } 1641 1642 static int verify_halted(struct usbtest_dev *tdev, int ep, struct urb *urb) 1643 { 1644 int retval; 1645 u16 status; 1646 1647 /* should look and act halted */ 1648 retval = usb_get_std_status(urb->dev, USB_RECIP_ENDPOINT, ep, &status); 1649 if (retval < 0) { 1650 ERROR(tdev, "ep %02x couldn't get halt status, %d\n", 1651 ep, retval); 1652 return retval; 1653 } 1654 if (status != 1) { 1655 ERROR(tdev, "ep %02x bogus status: %04x != 1\n", ep, status); 1656 return -EINVAL; 1657 } 1658 retval = simple_io(tdev, urb, 1, 0, -EPIPE, __func__); 1659 if (retval != -EPIPE) 1660 return -EINVAL; 1661 retval = simple_io(tdev, urb, 1, 0, -EPIPE, "verify_still_halted"); 1662 if (retval != -EPIPE) 1663 return -EINVAL; 1664 return 0; 1665 } 1666 1667 static int test_halt(struct usbtest_dev *tdev, int ep, struct urb *urb) 1668 { 1669 int retval; 1670 1671 /* shouldn't look or act halted now */ 1672 retval = verify_not_halted(tdev, ep, urb); 1673 if (retval < 0) 1674 return retval; 1675 1676 /* set halt (protocol test only), verify it worked */ 1677 retval = usb_control_msg(urb->dev, usb_sndctrlpipe(urb->dev, 0), 1678 USB_REQ_SET_FEATURE, USB_RECIP_ENDPOINT, 1679 USB_ENDPOINT_HALT, ep, 1680 NULL, 0, USB_CTRL_SET_TIMEOUT); 1681 if (retval < 0) { 1682 ERROR(tdev, "ep %02x couldn't set halt, %d\n", ep, retval); 1683 return retval; 1684 } 1685 retval = verify_halted(tdev, ep, urb); 1686 if (retval < 0) { 1687 int ret; 1688 1689 /* clear halt anyways, else further tests will fail */ 1690 ret = usb_clear_halt(urb->dev, urb->pipe); 1691 if (ret) 1692 ERROR(tdev, "ep %02x couldn't clear halt, %d\n", 1693 ep, ret); 1694 1695 return retval; 1696 } 1697 1698 /* clear halt (tests API + protocol), verify it worked */ 1699 retval = usb_clear_halt(urb->dev, urb->pipe); 1700 if (retval < 0) { 1701 ERROR(tdev, "ep %02x couldn't clear halt, %d\n", ep, retval); 1702 return retval; 1703 } 1704 retval = verify_not_halted(tdev, ep, urb); 1705 if (retval < 0) 1706 return retval; 1707 1708 /* NOTE: could also verify SET_INTERFACE clear halts ... */ 1709 1710 return 0; 1711 } 1712 1713 static int test_toggle_sync(struct usbtest_dev *tdev, int ep, struct urb *urb) 1714 { 1715 int retval; 1716 1717 /* clear initial data toggle to DATA0 */ 1718 retval = usb_clear_halt(urb->dev, urb->pipe); 1719 if (retval < 0) { 1720 ERROR(tdev, "ep %02x couldn't clear halt, %d\n", ep, retval); 1721 return retval; 1722 } 1723 1724 /* transfer 3 data packets, should be DATA0, DATA1, DATA0 */ 1725 retval = simple_io(tdev, urb, 1, 0, 0, __func__); 1726 if (retval != 0) 1727 return -EINVAL; 1728 1729 /* clear halt resets device side data toggle, host should react to it */ 1730 retval = usb_clear_halt(urb->dev, urb->pipe); 1731 if (retval < 0) { 1732 ERROR(tdev, "ep %02x couldn't clear halt, %d\n", ep, retval); 1733 return retval; 1734 } 1735 1736 /* host should use DATA0 again after clear halt */ 1737 retval = simple_io(tdev, urb, 1, 0, 0, __func__); 1738 1739 return retval; 1740 } 1741 1742 static int halt_simple(struct usbtest_dev *dev) 1743 { 1744 int ep; 1745 int retval = 0; 1746 struct urb *urb; 1747 struct usb_device *udev = testdev_to_usbdev(dev); 1748 1749 if (udev->speed == USB_SPEED_SUPER) 1750 urb = simple_alloc_urb(udev, 0, 1024, 0); 1751 else 1752 urb = simple_alloc_urb(udev, 0, 512, 0); 1753 if (urb == NULL) 1754 return -ENOMEM; 1755 1756 if (dev->in_pipe) { 1757 ep = usb_pipeendpoint(dev->in_pipe) | USB_DIR_IN; 1758 urb->pipe = dev->in_pipe; 1759 retval = test_halt(dev, ep, urb); 1760 if (retval < 0) 1761 goto done; 1762 } 1763 1764 if (dev->out_pipe) { 1765 ep = usb_pipeendpoint(dev->out_pipe); 1766 urb->pipe = dev->out_pipe; 1767 retval = test_halt(dev, ep, urb); 1768 } 1769 done: 1770 simple_free_urb(urb); 1771 return retval; 1772 } 1773 1774 static int toggle_sync_simple(struct usbtest_dev *dev) 1775 { 1776 int ep; 1777 int retval = 0; 1778 struct urb *urb; 1779 struct usb_device *udev = testdev_to_usbdev(dev); 1780 unsigned maxp = get_maxpacket(udev, dev->out_pipe); 1781 1782 /* 1783 * Create a URB that causes a transfer of uneven amount of data packets 1784 * This way the clear toggle has an impact on the data toggle sequence. 1785 * Use 2 maxpacket length packets and one zero packet. 1786 */ 1787 urb = simple_alloc_urb(udev, 0, 2 * maxp, 0); 1788 if (urb == NULL) 1789 return -ENOMEM; 1790 1791 urb->transfer_flags |= URB_ZERO_PACKET; 1792 1793 ep = usb_pipeendpoint(dev->out_pipe); 1794 urb->pipe = dev->out_pipe; 1795 retval = test_toggle_sync(dev, ep, urb); 1796 1797 simple_free_urb(urb); 1798 return retval; 1799 } 1800 1801 /*-------------------------------------------------------------------------*/ 1802 1803 /* Control OUT tests use the vendor control requests from Intel's 1804 * USB 2.0 compliance test device: write a buffer, read it back. 1805 * 1806 * Intel's spec only _requires_ that it work for one packet, which 1807 * is pretty weak. Some HCDs place limits here; most devices will 1808 * need to be able to handle more than one OUT data packet. We'll 1809 * try whatever we're told to try. 1810 */ 1811 static int ctrl_out(struct usbtest_dev *dev, 1812 unsigned count, unsigned length, unsigned vary, unsigned offset) 1813 { 1814 unsigned i, j, len; 1815 int retval; 1816 u8 *buf; 1817 char *what = "?"; 1818 struct usb_device *udev; 1819 1820 if (length < 1 || length > 0xffff || vary >= length) 1821 return -EINVAL; 1822 1823 buf = kmalloc(length + offset, GFP_KERNEL); 1824 if (!buf) 1825 return -ENOMEM; 1826 1827 buf += offset; 1828 udev = testdev_to_usbdev(dev); 1829 len = length; 1830 retval = 0; 1831 1832 /* NOTE: hardware might well act differently if we pushed it 1833 * with lots back-to-back queued requests. 1834 */ 1835 for (i = 0; i < count; i++) { 1836 /* write patterned data */ 1837 for (j = 0; j < len; j++) 1838 buf[j] = (u8)(i + j); 1839 retval = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 1840 0x5b, USB_DIR_OUT|USB_TYPE_VENDOR, 1841 0, 0, buf, len, USB_CTRL_SET_TIMEOUT); 1842 if (retval != len) { 1843 what = "write"; 1844 if (retval >= 0) { 1845 ERROR(dev, "ctrl_out, wlen %d (expected %d)\n", 1846 retval, len); 1847 retval = -EBADMSG; 1848 } 1849 break; 1850 } 1851 1852 /* read it back -- assuming nothing intervened!! */ 1853 retval = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), 1854 0x5c, USB_DIR_IN|USB_TYPE_VENDOR, 1855 0, 0, buf, len, USB_CTRL_GET_TIMEOUT); 1856 if (retval != len) { 1857 what = "read"; 1858 if (retval >= 0) { 1859 ERROR(dev, "ctrl_out, rlen %d (expected %d)\n", 1860 retval, len); 1861 retval = -EBADMSG; 1862 } 1863 break; 1864 } 1865 1866 /* fail if we can't verify */ 1867 for (j = 0; j < len; j++) { 1868 if (buf[j] != (u8)(i + j)) { 1869 ERROR(dev, "ctrl_out, byte %d is %d not %d\n", 1870 j, buf[j], (u8)(i + j)); 1871 retval = -EBADMSG; 1872 break; 1873 } 1874 } 1875 if (retval < 0) { 1876 what = "verify"; 1877 break; 1878 } 1879 1880 len += vary; 1881 1882 /* [real world] the "zero bytes IN" case isn't really used. 1883 * hardware can easily trip up in this weird case, since its 1884 * status stage is IN, not OUT like other ep0in transfers. 1885 */ 1886 if (len > length) 1887 len = realworld ? 1 : 0; 1888 } 1889 1890 if (retval < 0) 1891 ERROR(dev, "ctrl_out %s failed, code %d, count %d\n", 1892 what, retval, i); 1893 1894 kfree(buf - offset); 1895 return retval; 1896 } 1897 1898 /*-------------------------------------------------------------------------*/ 1899 1900 /* ISO/BULK tests ... mimics common usage 1901 * - buffer length is split into N packets (mostly maxpacket sized) 1902 * - multi-buffers according to sglen 1903 */ 1904 1905 struct transfer_context { 1906 unsigned count; 1907 unsigned pending; 1908 spinlock_t lock; 1909 struct completion done; 1910 int submit_error; 1911 unsigned long errors; 1912 unsigned long packet_count; 1913 struct usbtest_dev *dev; 1914 bool is_iso; 1915 }; 1916 1917 static void complicated_callback(struct urb *urb) 1918 { 1919 struct transfer_context *ctx = urb->context; 1920 1921 spin_lock(&ctx->lock); 1922 ctx->count--; 1923 1924 ctx->packet_count += urb->number_of_packets; 1925 if (urb->error_count > 0) 1926 ctx->errors += urb->error_count; 1927 else if (urb->status != 0) 1928 ctx->errors += (ctx->is_iso ? urb->number_of_packets : 1); 1929 else if (urb->actual_length != urb->transfer_buffer_length) 1930 ctx->errors++; 1931 else if (check_guard_bytes(ctx->dev, urb) != 0) 1932 ctx->errors++; 1933 1934 if (urb->status == 0 && ctx->count > (ctx->pending - 1) 1935 && !ctx->submit_error) { 1936 int status = usb_submit_urb(urb, GFP_ATOMIC); 1937 switch (status) { 1938 case 0: 1939 goto done; 1940 default: 1941 dev_err(&ctx->dev->intf->dev, 1942 "resubmit err %d\n", 1943 status); 1944 /* FALLTHROUGH */ 1945 case -ENODEV: /* disconnected */ 1946 case -ESHUTDOWN: /* endpoint disabled */ 1947 ctx->submit_error = 1; 1948 break; 1949 } 1950 } 1951 1952 ctx->pending--; 1953 if (ctx->pending == 0) { 1954 if (ctx->errors) 1955 dev_err(&ctx->dev->intf->dev, 1956 "during the test, %lu errors out of %lu\n", 1957 ctx->errors, ctx->packet_count); 1958 complete(&ctx->done); 1959 } 1960 done: 1961 spin_unlock(&ctx->lock); 1962 } 1963 1964 static struct urb *iso_alloc_urb( 1965 struct usb_device *udev, 1966 int pipe, 1967 struct usb_endpoint_descriptor *desc, 1968 long bytes, 1969 unsigned offset 1970 ) 1971 { 1972 struct urb *urb; 1973 unsigned i, maxp, packets; 1974 1975 if (bytes < 0 || !desc) 1976 return NULL; 1977 maxp = usb_endpoint_maxp(desc); 1978 maxp *= usb_endpoint_maxp_mult(desc); 1979 packets = DIV_ROUND_UP(bytes, maxp); 1980 1981 urb = usb_alloc_urb(packets, GFP_KERNEL); 1982 if (!urb) 1983 return urb; 1984 urb->dev = udev; 1985 urb->pipe = pipe; 1986 1987 urb->number_of_packets = packets; 1988 urb->transfer_buffer_length = bytes; 1989 urb->transfer_buffer = usb_alloc_coherent(udev, bytes + offset, 1990 GFP_KERNEL, 1991 &urb->transfer_dma); 1992 if (!urb->transfer_buffer) { 1993 usb_free_urb(urb); 1994 return NULL; 1995 } 1996 if (offset) { 1997 memset(urb->transfer_buffer, GUARD_BYTE, offset); 1998 urb->transfer_buffer += offset; 1999 urb->transfer_dma += offset; 2000 } 2001 /* For inbound transfers use guard byte so that test fails if 2002 data not correctly copied */ 2003 memset(urb->transfer_buffer, 2004 usb_pipein(urb->pipe) ? GUARD_BYTE : 0, 2005 bytes); 2006 2007 for (i = 0; i < packets; i++) { 2008 /* here, only the last packet will be short */ 2009 urb->iso_frame_desc[i].length = min((unsigned) bytes, maxp); 2010 bytes -= urb->iso_frame_desc[i].length; 2011 2012 urb->iso_frame_desc[i].offset = maxp * i; 2013 } 2014 2015 urb->complete = complicated_callback; 2016 /* urb->context = SET BY CALLER */ 2017 urb->interval = 1 << (desc->bInterval - 1); 2018 urb->transfer_flags = URB_ISO_ASAP | URB_NO_TRANSFER_DMA_MAP; 2019 return urb; 2020 } 2021 2022 static int 2023 test_queue(struct usbtest_dev *dev, struct usbtest_param_32 *param, 2024 int pipe, struct usb_endpoint_descriptor *desc, unsigned offset) 2025 { 2026 struct transfer_context context; 2027 struct usb_device *udev; 2028 unsigned i; 2029 unsigned long packets = 0; 2030 int status = 0; 2031 struct urb *urbs[param->sglen]; 2032 2033 if (!param->sglen || param->iterations > UINT_MAX / param->sglen) 2034 return -EINVAL; 2035 2036 memset(&context, 0, sizeof(context)); 2037 context.count = param->iterations * param->sglen; 2038 context.dev = dev; 2039 context.is_iso = !!desc; 2040 init_completion(&context.done); 2041 spin_lock_init(&context.lock); 2042 2043 udev = testdev_to_usbdev(dev); 2044 2045 for (i = 0; i < param->sglen; i++) { 2046 if (context.is_iso) 2047 urbs[i] = iso_alloc_urb(udev, pipe, desc, 2048 param->length, offset); 2049 else 2050 urbs[i] = complicated_alloc_urb(udev, pipe, 2051 param->length, 0); 2052 2053 if (!urbs[i]) { 2054 status = -ENOMEM; 2055 goto fail; 2056 } 2057 packets += urbs[i]->number_of_packets; 2058 urbs[i]->context = &context; 2059 } 2060 packets *= param->iterations; 2061 2062 if (context.is_iso) { 2063 dev_info(&dev->intf->dev, 2064 "iso period %d %sframes, wMaxPacket %d, transactions: %d\n", 2065 1 << (desc->bInterval - 1), 2066 (udev->speed == USB_SPEED_HIGH) ? "micro" : "", 2067 usb_endpoint_maxp(desc), 2068 usb_endpoint_maxp_mult(desc)); 2069 2070 dev_info(&dev->intf->dev, 2071 "total %lu msec (%lu packets)\n", 2072 (packets * (1 << (desc->bInterval - 1))) 2073 / ((udev->speed == USB_SPEED_HIGH) ? 8 : 1), 2074 packets); 2075 } 2076 2077 spin_lock_irq(&context.lock); 2078 for (i = 0; i < param->sglen; i++) { 2079 ++context.pending; 2080 status = usb_submit_urb(urbs[i], GFP_ATOMIC); 2081 if (status < 0) { 2082 ERROR(dev, "submit iso[%d], error %d\n", i, status); 2083 if (i == 0) { 2084 spin_unlock_irq(&context.lock); 2085 goto fail; 2086 } 2087 2088 simple_free_urb(urbs[i]); 2089 urbs[i] = NULL; 2090 context.pending--; 2091 context.submit_error = 1; 2092 break; 2093 } 2094 } 2095 spin_unlock_irq(&context.lock); 2096 2097 wait_for_completion(&context.done); 2098 2099 for (i = 0; i < param->sglen; i++) { 2100 if (urbs[i]) 2101 simple_free_urb(urbs[i]); 2102 } 2103 /* 2104 * Isochronous transfers are expected to fail sometimes. As an 2105 * arbitrary limit, we will report an error if any submissions 2106 * fail or if the transfer failure rate is > 10%. 2107 */ 2108 if (status != 0) 2109 ; 2110 else if (context.submit_error) 2111 status = -EACCES; 2112 else if (context.errors > 2113 (context.is_iso ? context.packet_count / 10 : 0)) 2114 status = -EIO; 2115 return status; 2116 2117 fail: 2118 for (i = 0; i < param->sglen; i++) { 2119 if (urbs[i]) 2120 simple_free_urb(urbs[i]); 2121 } 2122 return status; 2123 } 2124 2125 static int test_unaligned_bulk( 2126 struct usbtest_dev *tdev, 2127 int pipe, 2128 unsigned length, 2129 int iterations, 2130 unsigned transfer_flags, 2131 const char *label) 2132 { 2133 int retval; 2134 struct urb *urb = usbtest_alloc_urb(testdev_to_usbdev(tdev), 2135 pipe, length, transfer_flags, 1, 0, simple_callback); 2136 2137 if (!urb) 2138 return -ENOMEM; 2139 2140 retval = simple_io(tdev, urb, iterations, 0, 0, label); 2141 simple_free_urb(urb); 2142 return retval; 2143 } 2144 2145 /* Run tests. */ 2146 static int 2147 usbtest_do_ioctl(struct usb_interface *intf, struct usbtest_param_32 *param) 2148 { 2149 struct usbtest_dev *dev = usb_get_intfdata(intf); 2150 struct usb_device *udev = testdev_to_usbdev(dev); 2151 struct urb *urb; 2152 struct scatterlist *sg; 2153 struct usb_sg_request req; 2154 unsigned i; 2155 int retval = -EOPNOTSUPP; 2156 2157 if (param->iterations <= 0) 2158 return -EINVAL; 2159 if (param->sglen > MAX_SGLEN) 2160 return -EINVAL; 2161 /* 2162 * Just a bunch of test cases that every HCD is expected to handle. 2163 * 2164 * Some may need specific firmware, though it'd be good to have 2165 * one firmware image to handle all the test cases. 2166 * 2167 * FIXME add more tests! cancel requests, verify the data, control 2168 * queueing, concurrent read+write threads, and so on. 2169 */ 2170 switch (param->test_num) { 2171 2172 case 0: 2173 dev_info(&intf->dev, "TEST 0: NOP\n"); 2174 retval = 0; 2175 break; 2176 2177 /* Simple non-queued bulk I/O tests */ 2178 case 1: 2179 if (dev->out_pipe == 0) 2180 break; 2181 dev_info(&intf->dev, 2182 "TEST 1: write %d bytes %u times\n", 2183 param->length, param->iterations); 2184 urb = simple_alloc_urb(udev, dev->out_pipe, param->length, 0); 2185 if (!urb) { 2186 retval = -ENOMEM; 2187 break; 2188 } 2189 /* FIRMWARE: bulk sink (maybe accepts short writes) */ 2190 retval = simple_io(dev, urb, param->iterations, 0, 0, "test1"); 2191 simple_free_urb(urb); 2192 break; 2193 case 2: 2194 if (dev->in_pipe == 0) 2195 break; 2196 dev_info(&intf->dev, 2197 "TEST 2: read %d bytes %u times\n", 2198 param->length, param->iterations); 2199 urb = simple_alloc_urb(udev, dev->in_pipe, param->length, 0); 2200 if (!urb) { 2201 retval = -ENOMEM; 2202 break; 2203 } 2204 /* FIRMWARE: bulk source (maybe generates short writes) */ 2205 retval = simple_io(dev, urb, param->iterations, 0, 0, "test2"); 2206 simple_free_urb(urb); 2207 break; 2208 case 3: 2209 if (dev->out_pipe == 0 || param->vary == 0) 2210 break; 2211 dev_info(&intf->dev, 2212 "TEST 3: write/%d 0..%d bytes %u times\n", 2213 param->vary, param->length, param->iterations); 2214 urb = simple_alloc_urb(udev, dev->out_pipe, param->length, 0); 2215 if (!urb) { 2216 retval = -ENOMEM; 2217 break; 2218 } 2219 /* FIRMWARE: bulk sink (maybe accepts short writes) */ 2220 retval = simple_io(dev, urb, param->iterations, param->vary, 2221 0, "test3"); 2222 simple_free_urb(urb); 2223 break; 2224 case 4: 2225 if (dev->in_pipe == 0 || param->vary == 0) 2226 break; 2227 dev_info(&intf->dev, 2228 "TEST 4: read/%d 0..%d bytes %u times\n", 2229 param->vary, param->length, param->iterations); 2230 urb = simple_alloc_urb(udev, dev->in_pipe, param->length, 0); 2231 if (!urb) { 2232 retval = -ENOMEM; 2233 break; 2234 } 2235 /* FIRMWARE: bulk source (maybe generates short writes) */ 2236 retval = simple_io(dev, urb, param->iterations, param->vary, 2237 0, "test4"); 2238 simple_free_urb(urb); 2239 break; 2240 2241 /* Queued bulk I/O tests */ 2242 case 5: 2243 if (dev->out_pipe == 0 || param->sglen == 0) 2244 break; 2245 dev_info(&intf->dev, 2246 "TEST 5: write %d sglists %d entries of %d bytes\n", 2247 param->iterations, 2248 param->sglen, param->length); 2249 sg = alloc_sglist(param->sglen, param->length, 2250 0, dev, dev->out_pipe); 2251 if (!sg) { 2252 retval = -ENOMEM; 2253 break; 2254 } 2255 /* FIRMWARE: bulk sink (maybe accepts short writes) */ 2256 retval = perform_sglist(dev, param->iterations, dev->out_pipe, 2257 &req, sg, param->sglen); 2258 free_sglist(sg, param->sglen); 2259 break; 2260 2261 case 6: 2262 if (dev->in_pipe == 0 || param->sglen == 0) 2263 break; 2264 dev_info(&intf->dev, 2265 "TEST 6: read %d sglists %d entries of %d bytes\n", 2266 param->iterations, 2267 param->sglen, param->length); 2268 sg = alloc_sglist(param->sglen, param->length, 2269 0, dev, dev->in_pipe); 2270 if (!sg) { 2271 retval = -ENOMEM; 2272 break; 2273 } 2274 /* FIRMWARE: bulk source (maybe generates short writes) */ 2275 retval = perform_sglist(dev, param->iterations, dev->in_pipe, 2276 &req, sg, param->sglen); 2277 free_sglist(sg, param->sglen); 2278 break; 2279 case 7: 2280 if (dev->out_pipe == 0 || param->sglen == 0 || param->vary == 0) 2281 break; 2282 dev_info(&intf->dev, 2283 "TEST 7: write/%d %d sglists %d entries 0..%d bytes\n", 2284 param->vary, param->iterations, 2285 param->sglen, param->length); 2286 sg = alloc_sglist(param->sglen, param->length, 2287 param->vary, dev, dev->out_pipe); 2288 if (!sg) { 2289 retval = -ENOMEM; 2290 break; 2291 } 2292 /* FIRMWARE: bulk sink (maybe accepts short writes) */ 2293 retval = perform_sglist(dev, param->iterations, dev->out_pipe, 2294 &req, sg, param->sglen); 2295 free_sglist(sg, param->sglen); 2296 break; 2297 case 8: 2298 if (dev->in_pipe == 0 || param->sglen == 0 || param->vary == 0) 2299 break; 2300 dev_info(&intf->dev, 2301 "TEST 8: read/%d %d sglists %d entries 0..%d bytes\n", 2302 param->vary, param->iterations, 2303 param->sglen, param->length); 2304 sg = alloc_sglist(param->sglen, param->length, 2305 param->vary, dev, dev->in_pipe); 2306 if (!sg) { 2307 retval = -ENOMEM; 2308 break; 2309 } 2310 /* FIRMWARE: bulk source (maybe generates short writes) */ 2311 retval = perform_sglist(dev, param->iterations, dev->in_pipe, 2312 &req, sg, param->sglen); 2313 free_sglist(sg, param->sglen); 2314 break; 2315 2316 /* non-queued sanity tests for control (chapter 9 subset) */ 2317 case 9: 2318 retval = 0; 2319 dev_info(&intf->dev, 2320 "TEST 9: ch9 (subset) control tests, %d times\n", 2321 param->iterations); 2322 for (i = param->iterations; retval == 0 && i--; /* NOP */) 2323 retval = ch9_postconfig(dev); 2324 if (retval) 2325 dev_err(&intf->dev, "ch9 subset failed, " 2326 "iterations left %d\n", i); 2327 break; 2328 2329 /* queued control messaging */ 2330 case 10: 2331 retval = 0; 2332 dev_info(&intf->dev, 2333 "TEST 10: queue %d control calls, %d times\n", 2334 param->sglen, 2335 param->iterations); 2336 retval = test_ctrl_queue(dev, param); 2337 break; 2338 2339 /* simple non-queued unlinks (ring with one urb) */ 2340 case 11: 2341 if (dev->in_pipe == 0 || !param->length) 2342 break; 2343 retval = 0; 2344 dev_info(&intf->dev, "TEST 11: unlink %d reads of %d\n", 2345 param->iterations, param->length); 2346 for (i = param->iterations; retval == 0 && i--; /* NOP */) 2347 retval = unlink_simple(dev, dev->in_pipe, 2348 param->length); 2349 if (retval) 2350 dev_err(&intf->dev, "unlink reads failed %d, " 2351 "iterations left %d\n", retval, i); 2352 break; 2353 case 12: 2354 if (dev->out_pipe == 0 || !param->length) 2355 break; 2356 retval = 0; 2357 dev_info(&intf->dev, "TEST 12: unlink %d writes of %d\n", 2358 param->iterations, param->length); 2359 for (i = param->iterations; retval == 0 && i--; /* NOP */) 2360 retval = unlink_simple(dev, dev->out_pipe, 2361 param->length); 2362 if (retval) 2363 dev_err(&intf->dev, "unlink writes failed %d, " 2364 "iterations left %d\n", retval, i); 2365 break; 2366 2367 /* ep halt tests */ 2368 case 13: 2369 if (dev->out_pipe == 0 && dev->in_pipe == 0) 2370 break; 2371 retval = 0; 2372 dev_info(&intf->dev, "TEST 13: set/clear %d halts\n", 2373 param->iterations); 2374 for (i = param->iterations; retval == 0 && i--; /* NOP */) 2375 retval = halt_simple(dev); 2376 2377 if (retval) 2378 ERROR(dev, "halts failed, iterations left %d\n", i); 2379 break; 2380 2381 /* control write tests */ 2382 case 14: 2383 if (!dev->info->ctrl_out) 2384 break; 2385 dev_info(&intf->dev, "TEST 14: %d ep0out, %d..%d vary %d\n", 2386 param->iterations, 2387 realworld ? 1 : 0, param->length, 2388 param->vary); 2389 retval = ctrl_out(dev, param->iterations, 2390 param->length, param->vary, 0); 2391 break; 2392 2393 /* iso write tests */ 2394 case 15: 2395 if (dev->out_iso_pipe == 0 || param->sglen == 0) 2396 break; 2397 dev_info(&intf->dev, 2398 "TEST 15: write %d iso, %d entries of %d bytes\n", 2399 param->iterations, 2400 param->sglen, param->length); 2401 /* FIRMWARE: iso sink */ 2402 retval = test_queue(dev, param, 2403 dev->out_iso_pipe, dev->iso_out, 0); 2404 break; 2405 2406 /* iso read tests */ 2407 case 16: 2408 if (dev->in_iso_pipe == 0 || param->sglen == 0) 2409 break; 2410 dev_info(&intf->dev, 2411 "TEST 16: read %d iso, %d entries of %d bytes\n", 2412 param->iterations, 2413 param->sglen, param->length); 2414 /* FIRMWARE: iso source */ 2415 retval = test_queue(dev, param, 2416 dev->in_iso_pipe, dev->iso_in, 0); 2417 break; 2418 2419 /* FIXME scatterlist cancel (needs helper thread) */ 2420 2421 /* Tests for bulk I/O using DMA mapping by core and odd address */ 2422 case 17: 2423 if (dev->out_pipe == 0) 2424 break; 2425 dev_info(&intf->dev, 2426 "TEST 17: write odd addr %d bytes %u times core map\n", 2427 param->length, param->iterations); 2428 2429 retval = test_unaligned_bulk( 2430 dev, dev->out_pipe, 2431 param->length, param->iterations, 2432 0, "test17"); 2433 break; 2434 2435 case 18: 2436 if (dev->in_pipe == 0) 2437 break; 2438 dev_info(&intf->dev, 2439 "TEST 18: read odd addr %d bytes %u times core map\n", 2440 param->length, param->iterations); 2441 2442 retval = test_unaligned_bulk( 2443 dev, dev->in_pipe, 2444 param->length, param->iterations, 2445 0, "test18"); 2446 break; 2447 2448 /* Tests for bulk I/O using premapped coherent buffer and odd address */ 2449 case 19: 2450 if (dev->out_pipe == 0) 2451 break; 2452 dev_info(&intf->dev, 2453 "TEST 19: write odd addr %d bytes %u times premapped\n", 2454 param->length, param->iterations); 2455 2456 retval = test_unaligned_bulk( 2457 dev, dev->out_pipe, 2458 param->length, param->iterations, 2459 URB_NO_TRANSFER_DMA_MAP, "test19"); 2460 break; 2461 2462 case 20: 2463 if (dev->in_pipe == 0) 2464 break; 2465 dev_info(&intf->dev, 2466 "TEST 20: read odd addr %d bytes %u times premapped\n", 2467 param->length, param->iterations); 2468 2469 retval = test_unaligned_bulk( 2470 dev, dev->in_pipe, 2471 param->length, param->iterations, 2472 URB_NO_TRANSFER_DMA_MAP, "test20"); 2473 break; 2474 2475 /* control write tests with unaligned buffer */ 2476 case 21: 2477 if (!dev->info->ctrl_out) 2478 break; 2479 dev_info(&intf->dev, 2480 "TEST 21: %d ep0out odd addr, %d..%d vary %d\n", 2481 param->iterations, 2482 realworld ? 1 : 0, param->length, 2483 param->vary); 2484 retval = ctrl_out(dev, param->iterations, 2485 param->length, param->vary, 1); 2486 break; 2487 2488 /* unaligned iso tests */ 2489 case 22: 2490 if (dev->out_iso_pipe == 0 || param->sglen == 0) 2491 break; 2492 dev_info(&intf->dev, 2493 "TEST 22: write %d iso odd, %d entries of %d bytes\n", 2494 param->iterations, 2495 param->sglen, param->length); 2496 retval = test_queue(dev, param, 2497 dev->out_iso_pipe, dev->iso_out, 1); 2498 break; 2499 2500 case 23: 2501 if (dev->in_iso_pipe == 0 || param->sglen == 0) 2502 break; 2503 dev_info(&intf->dev, 2504 "TEST 23: read %d iso odd, %d entries of %d bytes\n", 2505 param->iterations, 2506 param->sglen, param->length); 2507 retval = test_queue(dev, param, 2508 dev->in_iso_pipe, dev->iso_in, 1); 2509 break; 2510 2511 /* unlink URBs from a bulk-OUT queue */ 2512 case 24: 2513 if (dev->out_pipe == 0 || !param->length || param->sglen < 4) 2514 break; 2515 retval = 0; 2516 dev_info(&intf->dev, "TEST 24: unlink from %d queues of " 2517 "%d %d-byte writes\n", 2518 param->iterations, param->sglen, param->length); 2519 for (i = param->iterations; retval == 0 && i > 0; --i) { 2520 retval = unlink_queued(dev, dev->out_pipe, 2521 param->sglen, param->length); 2522 if (retval) { 2523 dev_err(&intf->dev, 2524 "unlink queued writes failed %d, " 2525 "iterations left %d\n", retval, i); 2526 break; 2527 } 2528 } 2529 break; 2530 2531 /* Simple non-queued interrupt I/O tests */ 2532 case 25: 2533 if (dev->out_int_pipe == 0) 2534 break; 2535 dev_info(&intf->dev, 2536 "TEST 25: write %d bytes %u times\n", 2537 param->length, param->iterations); 2538 urb = simple_alloc_urb(udev, dev->out_int_pipe, param->length, 2539 dev->int_out->bInterval); 2540 if (!urb) { 2541 retval = -ENOMEM; 2542 break; 2543 } 2544 /* FIRMWARE: interrupt sink (maybe accepts short writes) */ 2545 retval = simple_io(dev, urb, param->iterations, 0, 0, "test25"); 2546 simple_free_urb(urb); 2547 break; 2548 case 26: 2549 if (dev->in_int_pipe == 0) 2550 break; 2551 dev_info(&intf->dev, 2552 "TEST 26: read %d bytes %u times\n", 2553 param->length, param->iterations); 2554 urb = simple_alloc_urb(udev, dev->in_int_pipe, param->length, 2555 dev->int_in->bInterval); 2556 if (!urb) { 2557 retval = -ENOMEM; 2558 break; 2559 } 2560 /* FIRMWARE: interrupt source (maybe generates short writes) */ 2561 retval = simple_io(dev, urb, param->iterations, 0, 0, "test26"); 2562 simple_free_urb(urb); 2563 break; 2564 case 27: 2565 /* We do performance test, so ignore data compare */ 2566 if (dev->out_pipe == 0 || param->sglen == 0 || pattern != 0) 2567 break; 2568 dev_info(&intf->dev, 2569 "TEST 27: bulk write %dMbytes\n", (param->iterations * 2570 param->sglen * param->length) / (1024 * 1024)); 2571 retval = test_queue(dev, param, 2572 dev->out_pipe, NULL, 0); 2573 break; 2574 case 28: 2575 if (dev->in_pipe == 0 || param->sglen == 0 || pattern != 0) 2576 break; 2577 dev_info(&intf->dev, 2578 "TEST 28: bulk read %dMbytes\n", (param->iterations * 2579 param->sglen * param->length) / (1024 * 1024)); 2580 retval = test_queue(dev, param, 2581 dev->in_pipe, NULL, 0); 2582 break; 2583 /* Test data Toggle/seq_nr clear between bulk out transfers */ 2584 case 29: 2585 if (dev->out_pipe == 0) 2586 break; 2587 retval = 0; 2588 dev_info(&intf->dev, "TEST 29: Clear toggle between bulk writes %d times\n", 2589 param->iterations); 2590 for (i = param->iterations; retval == 0 && i > 0; --i) 2591 retval = toggle_sync_simple(dev); 2592 2593 if (retval) 2594 ERROR(dev, "toggle sync failed, iterations left %d\n", 2595 i); 2596 break; 2597 } 2598 return retval; 2599 } 2600 2601 /*-------------------------------------------------------------------------*/ 2602 2603 /* We only have this one interface to user space, through usbfs. 2604 * User mode code can scan usbfs to find N different devices (maybe on 2605 * different busses) to use when testing, and allocate one thread per 2606 * test. So discovery is simplified, and we have no device naming issues. 2607 * 2608 * Don't use these only as stress/load tests. Use them along with with 2609 * other USB bus activity: plugging, unplugging, mousing, mp3 playback, 2610 * video capture, and so on. Run different tests at different times, in 2611 * different sequences. Nothing here should interact with other devices, 2612 * except indirectly by consuming USB bandwidth and CPU resources for test 2613 * threads and request completion. But the only way to know that for sure 2614 * is to test when HC queues are in use by many devices. 2615 * 2616 * WARNING: Because usbfs grabs udev->dev.sem before calling this ioctl(), 2617 * it locks out usbcore in certain code paths. Notably, if you disconnect 2618 * the device-under-test, hub_wq will wait block forever waiting for the 2619 * ioctl to complete ... so that usb_disconnect() can abort the pending 2620 * urbs and then call usbtest_disconnect(). To abort a test, you're best 2621 * off just killing the userspace task and waiting for it to exit. 2622 */ 2623 2624 static int 2625 usbtest_ioctl(struct usb_interface *intf, unsigned int code, void *buf) 2626 { 2627 2628 struct usbtest_dev *dev = usb_get_intfdata(intf); 2629 struct usbtest_param_64 *param_64 = buf; 2630 struct usbtest_param_32 temp; 2631 struct usbtest_param_32 *param_32 = buf; 2632 struct timespec64 start; 2633 struct timespec64 end; 2634 struct timespec64 duration; 2635 int retval = -EOPNOTSUPP; 2636 2637 /* FIXME USBDEVFS_CONNECTINFO doesn't say how fast the device is. */ 2638 2639 pattern = mod_pattern; 2640 2641 if (mutex_lock_interruptible(&dev->lock)) 2642 return -ERESTARTSYS; 2643 2644 /* FIXME: What if a system sleep starts while a test is running? */ 2645 2646 /* some devices, like ez-usb default devices, need a non-default 2647 * altsetting to have any active endpoints. some tests change 2648 * altsettings; force a default so most tests don't need to check. 2649 */ 2650 if (dev->info->alt >= 0) { 2651 if (intf->altsetting->desc.bInterfaceNumber) { 2652 retval = -ENODEV; 2653 goto free_mutex; 2654 } 2655 retval = set_altsetting(dev, dev->info->alt); 2656 if (retval) { 2657 dev_err(&intf->dev, 2658 "set altsetting to %d failed, %d\n", 2659 dev->info->alt, retval); 2660 goto free_mutex; 2661 } 2662 } 2663 2664 switch (code) { 2665 case USBTEST_REQUEST_64: 2666 temp.test_num = param_64->test_num; 2667 temp.iterations = param_64->iterations; 2668 temp.length = param_64->length; 2669 temp.sglen = param_64->sglen; 2670 temp.vary = param_64->vary; 2671 param_32 = &temp; 2672 break; 2673 2674 case USBTEST_REQUEST_32: 2675 break; 2676 2677 default: 2678 retval = -EOPNOTSUPP; 2679 goto free_mutex; 2680 } 2681 2682 ktime_get_ts64(&start); 2683 2684 retval = usbtest_do_ioctl(intf, param_32); 2685 if (retval < 0) 2686 goto free_mutex; 2687 2688 ktime_get_ts64(&end); 2689 2690 duration = timespec64_sub(end, start); 2691 2692 temp.duration_sec = duration.tv_sec; 2693 temp.duration_usec = duration.tv_nsec/NSEC_PER_USEC; 2694 2695 switch (code) { 2696 case USBTEST_REQUEST_32: 2697 param_32->duration_sec = temp.duration_sec; 2698 param_32->duration_usec = temp.duration_usec; 2699 break; 2700 2701 case USBTEST_REQUEST_64: 2702 param_64->duration_sec = temp.duration_sec; 2703 param_64->duration_usec = temp.duration_usec; 2704 break; 2705 } 2706 2707 free_mutex: 2708 mutex_unlock(&dev->lock); 2709 return retval; 2710 } 2711 2712 /*-------------------------------------------------------------------------*/ 2713 2714 static unsigned force_interrupt; 2715 module_param(force_interrupt, uint, 0); 2716 MODULE_PARM_DESC(force_interrupt, "0 = test default; else interrupt"); 2717 2718 #ifdef GENERIC 2719 static unsigned short vendor; 2720 module_param(vendor, ushort, 0); 2721 MODULE_PARM_DESC(vendor, "vendor code (from usb-if)"); 2722 2723 static unsigned short product; 2724 module_param(product, ushort, 0); 2725 MODULE_PARM_DESC(product, "product code (from vendor)"); 2726 #endif 2727 2728 static int 2729 usbtest_probe(struct usb_interface *intf, const struct usb_device_id *id) 2730 { 2731 struct usb_device *udev; 2732 struct usbtest_dev *dev; 2733 struct usbtest_info *info; 2734 char *rtest, *wtest; 2735 char *irtest, *iwtest; 2736 char *intrtest, *intwtest; 2737 2738 udev = interface_to_usbdev(intf); 2739 2740 #ifdef GENERIC 2741 /* specify devices by module parameters? */ 2742 if (id->match_flags == 0) { 2743 /* vendor match required, product match optional */ 2744 if (!vendor || le16_to_cpu(udev->descriptor.idVendor) != (u16)vendor) 2745 return -ENODEV; 2746 if (product && le16_to_cpu(udev->descriptor.idProduct) != (u16)product) 2747 return -ENODEV; 2748 dev_info(&intf->dev, "matched module params, " 2749 "vend=0x%04x prod=0x%04x\n", 2750 le16_to_cpu(udev->descriptor.idVendor), 2751 le16_to_cpu(udev->descriptor.idProduct)); 2752 } 2753 #endif 2754 2755 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 2756 if (!dev) 2757 return -ENOMEM; 2758 info = (struct usbtest_info *) id->driver_info; 2759 dev->info = info; 2760 mutex_init(&dev->lock); 2761 2762 dev->intf = intf; 2763 2764 /* cacheline-aligned scratch for i/o */ 2765 dev->buf = kmalloc(TBUF_SIZE, GFP_KERNEL); 2766 if (dev->buf == NULL) { 2767 kfree(dev); 2768 return -ENOMEM; 2769 } 2770 2771 /* NOTE this doesn't yet test the handful of difference that are 2772 * visible with high speed interrupts: bigger maxpacket (1K) and 2773 * "high bandwidth" modes (up to 3 packets/uframe). 2774 */ 2775 rtest = wtest = ""; 2776 irtest = iwtest = ""; 2777 intrtest = intwtest = ""; 2778 if (force_interrupt || udev->speed == USB_SPEED_LOW) { 2779 if (info->ep_in) { 2780 dev->in_pipe = usb_rcvintpipe(udev, info->ep_in); 2781 rtest = " intr-in"; 2782 } 2783 if (info->ep_out) { 2784 dev->out_pipe = usb_sndintpipe(udev, info->ep_out); 2785 wtest = " intr-out"; 2786 } 2787 } else { 2788 if (override_alt >= 0 || info->autoconf) { 2789 int status; 2790 2791 status = get_endpoints(dev, intf); 2792 if (status < 0) { 2793 WARNING(dev, "couldn't get endpoints, %d\n", 2794 status); 2795 kfree(dev->buf); 2796 kfree(dev); 2797 return status; 2798 } 2799 /* may find bulk or ISO pipes */ 2800 } else { 2801 if (info->ep_in) 2802 dev->in_pipe = usb_rcvbulkpipe(udev, 2803 info->ep_in); 2804 if (info->ep_out) 2805 dev->out_pipe = usb_sndbulkpipe(udev, 2806 info->ep_out); 2807 } 2808 if (dev->in_pipe) 2809 rtest = " bulk-in"; 2810 if (dev->out_pipe) 2811 wtest = " bulk-out"; 2812 if (dev->in_iso_pipe) 2813 irtest = " iso-in"; 2814 if (dev->out_iso_pipe) 2815 iwtest = " iso-out"; 2816 if (dev->in_int_pipe) 2817 intrtest = " int-in"; 2818 if (dev->out_int_pipe) 2819 intwtest = " int-out"; 2820 } 2821 2822 usb_set_intfdata(intf, dev); 2823 dev_info(&intf->dev, "%s\n", info->name); 2824 dev_info(&intf->dev, "%s {control%s%s%s%s%s%s%s} tests%s\n", 2825 usb_speed_string(udev->speed), 2826 info->ctrl_out ? " in/out" : "", 2827 rtest, wtest, 2828 irtest, iwtest, 2829 intrtest, intwtest, 2830 info->alt >= 0 ? " (+alt)" : ""); 2831 return 0; 2832 } 2833 2834 static int usbtest_suspend(struct usb_interface *intf, pm_message_t message) 2835 { 2836 return 0; 2837 } 2838 2839 static int usbtest_resume(struct usb_interface *intf) 2840 { 2841 return 0; 2842 } 2843 2844 2845 static void usbtest_disconnect(struct usb_interface *intf) 2846 { 2847 struct usbtest_dev *dev = usb_get_intfdata(intf); 2848 2849 usb_set_intfdata(intf, NULL); 2850 dev_dbg(&intf->dev, "disconnect\n"); 2851 kfree(dev); 2852 } 2853 2854 /* Basic testing only needs a device that can source or sink bulk traffic. 2855 * Any device can test control transfers (default with GENERIC binding). 2856 * 2857 * Several entries work with the default EP0 implementation that's built 2858 * into EZ-USB chips. There's a default vendor ID which can be overridden 2859 * by (very) small config EEPROMS, but otherwise all these devices act 2860 * identically until firmware is loaded: only EP0 works. It turns out 2861 * to be easy to make other endpoints work, without modifying that EP0 2862 * behavior. For now, we expect that kind of firmware. 2863 */ 2864 2865 /* an21xx or fx versions of ez-usb */ 2866 static struct usbtest_info ez1_info = { 2867 .name = "EZ-USB device", 2868 .ep_in = 2, 2869 .ep_out = 2, 2870 .alt = 1, 2871 }; 2872 2873 /* fx2 version of ez-usb */ 2874 static struct usbtest_info ez2_info = { 2875 .name = "FX2 device", 2876 .ep_in = 6, 2877 .ep_out = 2, 2878 .alt = 1, 2879 }; 2880 2881 /* ezusb family device with dedicated usb test firmware, 2882 */ 2883 static struct usbtest_info fw_info = { 2884 .name = "usb test device", 2885 .ep_in = 2, 2886 .ep_out = 2, 2887 .alt = 1, 2888 .autoconf = 1, /* iso and ctrl_out need autoconf */ 2889 .ctrl_out = 1, 2890 .iso = 1, /* iso_ep's are #8 in/out */ 2891 }; 2892 2893 /* peripheral running Linux and 'zero.c' test firmware, or 2894 * its user-mode cousin. different versions of this use 2895 * different hardware with the same vendor/product codes. 2896 * host side MUST rely on the endpoint descriptors. 2897 */ 2898 static struct usbtest_info gz_info = { 2899 .name = "Linux gadget zero", 2900 .autoconf = 1, 2901 .ctrl_out = 1, 2902 .iso = 1, 2903 .intr = 1, 2904 .alt = 0, 2905 }; 2906 2907 static struct usbtest_info um_info = { 2908 .name = "Linux user mode test driver", 2909 .autoconf = 1, 2910 .alt = -1, 2911 }; 2912 2913 static struct usbtest_info um2_info = { 2914 .name = "Linux user mode ISO test driver", 2915 .autoconf = 1, 2916 .iso = 1, 2917 .alt = -1, 2918 }; 2919 2920 #ifdef IBOT2 2921 /* this is a nice source of high speed bulk data; 2922 * uses an FX2, with firmware provided in the device 2923 */ 2924 static struct usbtest_info ibot2_info = { 2925 .name = "iBOT2 webcam", 2926 .ep_in = 2, 2927 .alt = -1, 2928 }; 2929 #endif 2930 2931 #ifdef GENERIC 2932 /* we can use any device to test control traffic */ 2933 static struct usbtest_info generic_info = { 2934 .name = "Generic USB device", 2935 .alt = -1, 2936 }; 2937 #endif 2938 2939 2940 static const struct usb_device_id id_table[] = { 2941 2942 /*-------------------------------------------------------------*/ 2943 2944 /* EZ-USB devices which download firmware to replace (or in our 2945 * case augment) the default device implementation. 2946 */ 2947 2948 /* generic EZ-USB FX controller */ 2949 { USB_DEVICE(0x0547, 0x2235), 2950 .driver_info = (unsigned long) &ez1_info, 2951 }, 2952 2953 /* CY3671 development board with EZ-USB FX */ 2954 { USB_DEVICE(0x0547, 0x0080), 2955 .driver_info = (unsigned long) &ez1_info, 2956 }, 2957 2958 /* generic EZ-USB FX2 controller (or development board) */ 2959 { USB_DEVICE(0x04b4, 0x8613), 2960 .driver_info = (unsigned long) &ez2_info, 2961 }, 2962 2963 /* re-enumerated usb test device firmware */ 2964 { USB_DEVICE(0xfff0, 0xfff0), 2965 .driver_info = (unsigned long) &fw_info, 2966 }, 2967 2968 /* "Gadget Zero" firmware runs under Linux */ 2969 { USB_DEVICE(0x0525, 0xa4a0), 2970 .driver_info = (unsigned long) &gz_info, 2971 }, 2972 2973 /* so does a user-mode variant */ 2974 { USB_DEVICE(0x0525, 0xa4a4), 2975 .driver_info = (unsigned long) &um_info, 2976 }, 2977 2978 /* ... and a user-mode variant that talks iso */ 2979 { USB_DEVICE(0x0525, 0xa4a3), 2980 .driver_info = (unsigned long) &um2_info, 2981 }, 2982 2983 #ifdef KEYSPAN_19Qi 2984 /* Keyspan 19qi uses an21xx (original EZ-USB) */ 2985 /* this does not coexist with the real Keyspan 19qi driver! */ 2986 { USB_DEVICE(0x06cd, 0x010b), 2987 .driver_info = (unsigned long) &ez1_info, 2988 }, 2989 #endif 2990 2991 /*-------------------------------------------------------------*/ 2992 2993 #ifdef IBOT2 2994 /* iBOT2 makes a nice source of high speed bulk-in data */ 2995 /* this does not coexist with a real iBOT2 driver! */ 2996 { USB_DEVICE(0x0b62, 0x0059), 2997 .driver_info = (unsigned long) &ibot2_info, 2998 }, 2999 #endif 3000 3001 /*-------------------------------------------------------------*/ 3002 3003 #ifdef GENERIC 3004 /* module params can specify devices to use for control tests */ 3005 { .driver_info = (unsigned long) &generic_info, }, 3006 #endif 3007 3008 /*-------------------------------------------------------------*/ 3009 3010 { } 3011 }; 3012 MODULE_DEVICE_TABLE(usb, id_table); 3013 3014 static struct usb_driver usbtest_driver = { 3015 .name = "usbtest", 3016 .id_table = id_table, 3017 .probe = usbtest_probe, 3018 .unlocked_ioctl = usbtest_ioctl, 3019 .disconnect = usbtest_disconnect, 3020 .suspend = usbtest_suspend, 3021 .resume = usbtest_resume, 3022 }; 3023 3024 /*-------------------------------------------------------------------------*/ 3025 3026 static int __init usbtest_init(void) 3027 { 3028 #ifdef GENERIC 3029 if (vendor) 3030 pr_debug("params: vend=0x%04x prod=0x%04x\n", vendor, product); 3031 #endif 3032 return usb_register(&usbtest_driver); 3033 } 3034 module_init(usbtest_init); 3035 3036 static void __exit usbtest_exit(void) 3037 { 3038 usb_deregister(&usbtest_driver); 3039 } 3040 module_exit(usbtest_exit); 3041 3042 MODULE_DESCRIPTION("USB Core/HCD Testing Driver"); 3043 MODULE_LICENSE("GPL"); 3044 3045