1 #include <linux/kernel.h> 2 #include <linux/errno.h> 3 #include <linux/init.h> 4 #include <linux/slab.h> 5 #include <linux/mm.h> 6 #include <linux/module.h> 7 #include <linux/moduleparam.h> 8 #include <linux/scatterlist.h> 9 #include <linux/mutex.h> 10 11 #include <linux/usb.h> 12 13 14 /*-------------------------------------------------------------------------*/ 15 16 static int override_alt = -1; 17 module_param_named(alt, override_alt, int, 0644); 18 MODULE_PARM_DESC(alt, ">= 0 to override altsetting selection"); 19 20 /*-------------------------------------------------------------------------*/ 21 22 /* FIXME make these public somewhere; usbdevfs.h? */ 23 struct usbtest_param { 24 /* inputs */ 25 unsigned test_num; /* 0..(TEST_CASES-1) */ 26 unsigned iterations; 27 unsigned length; 28 unsigned vary; 29 unsigned sglen; 30 31 /* outputs */ 32 struct timeval duration; 33 }; 34 #define USBTEST_REQUEST _IOWR('U', 100, struct usbtest_param) 35 36 /*-------------------------------------------------------------------------*/ 37 38 #define GENERIC /* let probe() bind using module params */ 39 40 /* Some devices that can be used for testing will have "real" drivers. 41 * Entries for those need to be enabled here by hand, after disabling 42 * that "real" driver. 43 */ 44 //#define IBOT2 /* grab iBOT2 webcams */ 45 //#define KEYSPAN_19Qi /* grab un-renumerated serial adapter */ 46 47 /*-------------------------------------------------------------------------*/ 48 49 struct usbtest_info { 50 const char *name; 51 u8 ep_in; /* bulk/intr source */ 52 u8 ep_out; /* bulk/intr sink */ 53 unsigned autoconf:1; 54 unsigned ctrl_out:1; 55 unsigned iso:1; /* try iso in/out */ 56 int alt; 57 }; 58 59 /* this is accessed only through usbfs ioctl calls. 60 * one ioctl to issue a test ... one lock per device. 61 * tests create other threads if they need them. 62 * urbs and buffers are allocated dynamically, 63 * and data generated deterministically. 64 */ 65 struct usbtest_dev { 66 struct usb_interface *intf; 67 struct usbtest_info *info; 68 int in_pipe; 69 int out_pipe; 70 int in_iso_pipe; 71 int out_iso_pipe; 72 struct usb_endpoint_descriptor *iso_in, *iso_out; 73 struct mutex lock; 74 75 #define TBUF_SIZE 256 76 u8 *buf; 77 }; 78 79 static struct usb_device *testdev_to_usbdev(struct usbtest_dev *test) 80 { 81 return interface_to_usbdev(test->intf); 82 } 83 84 /* set up all urbs so they can be used with either bulk or interrupt */ 85 #define INTERRUPT_RATE 1 /* msec/transfer */ 86 87 #define ERROR(tdev, fmt, args...) \ 88 dev_err(&(tdev)->intf->dev , fmt , ## args) 89 #define WARNING(tdev, fmt, args...) \ 90 dev_warn(&(tdev)->intf->dev , fmt , ## args) 91 92 #define GUARD_BYTE 0xA5 93 94 /*-------------------------------------------------------------------------*/ 95 96 static int 97 get_endpoints(struct usbtest_dev *dev, struct usb_interface *intf) 98 { 99 int tmp; 100 struct usb_host_interface *alt; 101 struct usb_host_endpoint *in, *out; 102 struct usb_host_endpoint *iso_in, *iso_out; 103 struct usb_device *udev; 104 105 for (tmp = 0; tmp < intf->num_altsetting; tmp++) { 106 unsigned ep; 107 108 in = out = NULL; 109 iso_in = iso_out = NULL; 110 alt = intf->altsetting + tmp; 111 112 if (override_alt >= 0 && 113 override_alt != alt->desc.bAlternateSetting) 114 continue; 115 116 /* take the first altsetting with in-bulk + out-bulk; 117 * ignore other endpoints and altsettings. 118 */ 119 for (ep = 0; ep < alt->desc.bNumEndpoints; ep++) { 120 struct usb_host_endpoint *e; 121 122 e = alt->endpoint + ep; 123 switch (e->desc.bmAttributes) { 124 case USB_ENDPOINT_XFER_BULK: 125 break; 126 case USB_ENDPOINT_XFER_ISOC: 127 if (dev->info->iso) 128 goto try_iso; 129 /* FALLTHROUGH */ 130 default: 131 continue; 132 } 133 if (usb_endpoint_dir_in(&e->desc)) { 134 if (!in) 135 in = e; 136 } else { 137 if (!out) 138 out = e; 139 } 140 continue; 141 try_iso: 142 if (usb_endpoint_dir_in(&e->desc)) { 143 if (!iso_in) 144 iso_in = e; 145 } else { 146 if (!iso_out) 147 iso_out = e; 148 } 149 } 150 if ((in && out) || iso_in || iso_out) 151 goto found; 152 } 153 return -EINVAL; 154 155 found: 156 udev = testdev_to_usbdev(dev); 157 dev->info->alt = alt->desc.bAlternateSetting; 158 if (alt->desc.bAlternateSetting != 0) { 159 tmp = usb_set_interface(udev, 160 alt->desc.bInterfaceNumber, 161 alt->desc.bAlternateSetting); 162 if (tmp < 0) 163 return tmp; 164 } 165 166 if (in) { 167 dev->in_pipe = usb_rcvbulkpipe(udev, 168 in->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK); 169 dev->out_pipe = usb_sndbulkpipe(udev, 170 out->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK); 171 } 172 if (iso_in) { 173 dev->iso_in = &iso_in->desc; 174 dev->in_iso_pipe = usb_rcvisocpipe(udev, 175 iso_in->desc.bEndpointAddress 176 & USB_ENDPOINT_NUMBER_MASK); 177 } 178 179 if (iso_out) { 180 dev->iso_out = &iso_out->desc; 181 dev->out_iso_pipe = usb_sndisocpipe(udev, 182 iso_out->desc.bEndpointAddress 183 & USB_ENDPOINT_NUMBER_MASK); 184 } 185 return 0; 186 } 187 188 /*-------------------------------------------------------------------------*/ 189 190 /* Support for testing basic non-queued I/O streams. 191 * 192 * These just package urbs as requests that can be easily canceled. 193 * Each urb's data buffer is dynamically allocated; callers can fill 194 * them with non-zero test data (or test for it) when appropriate. 195 */ 196 197 static void simple_callback(struct urb *urb) 198 { 199 complete(urb->context); 200 } 201 202 static struct urb *usbtest_alloc_urb( 203 struct usb_device *udev, 204 int pipe, 205 unsigned long bytes, 206 unsigned transfer_flags, 207 unsigned offset) 208 { 209 struct urb *urb; 210 211 urb = usb_alloc_urb(0, GFP_KERNEL); 212 if (!urb) 213 return urb; 214 usb_fill_bulk_urb(urb, udev, pipe, NULL, bytes, simple_callback, NULL); 215 urb->interval = (udev->speed == USB_SPEED_HIGH) 216 ? (INTERRUPT_RATE << 3) 217 : INTERRUPT_RATE; 218 urb->transfer_flags = transfer_flags; 219 if (usb_pipein(pipe)) 220 urb->transfer_flags |= URB_SHORT_NOT_OK; 221 222 if (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP) 223 urb->transfer_buffer = usb_alloc_coherent(udev, bytes + offset, 224 GFP_KERNEL, &urb->transfer_dma); 225 else 226 urb->transfer_buffer = kmalloc(bytes + offset, GFP_KERNEL); 227 228 if (!urb->transfer_buffer) { 229 usb_free_urb(urb); 230 return NULL; 231 } 232 233 /* To test unaligned transfers add an offset and fill the 234 unused memory with a guard value */ 235 if (offset) { 236 memset(urb->transfer_buffer, GUARD_BYTE, offset); 237 urb->transfer_buffer += offset; 238 if (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP) 239 urb->transfer_dma += offset; 240 } 241 242 /* For inbound transfers use guard byte so that test fails if 243 data not correctly copied */ 244 memset(urb->transfer_buffer, 245 usb_pipein(urb->pipe) ? GUARD_BYTE : 0, 246 bytes); 247 return urb; 248 } 249 250 static struct urb *simple_alloc_urb( 251 struct usb_device *udev, 252 int pipe, 253 unsigned long bytes) 254 { 255 return usbtest_alloc_urb(udev, pipe, bytes, URB_NO_TRANSFER_DMA_MAP, 0); 256 } 257 258 static unsigned pattern; 259 static unsigned mod_pattern; 260 module_param_named(pattern, mod_pattern, uint, S_IRUGO | S_IWUSR); 261 MODULE_PARM_DESC(mod_pattern, "i/o pattern (0 == zeroes)"); 262 263 static inline void simple_fill_buf(struct urb *urb) 264 { 265 unsigned i; 266 u8 *buf = urb->transfer_buffer; 267 unsigned len = urb->transfer_buffer_length; 268 269 switch (pattern) { 270 default: 271 /* FALLTHROUGH */ 272 case 0: 273 memset(buf, 0, len); 274 break; 275 case 1: /* mod63 */ 276 for (i = 0; i < len; i++) 277 *buf++ = (u8) (i % 63); 278 break; 279 } 280 } 281 282 static inline unsigned long buffer_offset(void *buf) 283 { 284 return (unsigned long)buf & (ARCH_KMALLOC_MINALIGN - 1); 285 } 286 287 static int check_guard_bytes(struct usbtest_dev *tdev, struct urb *urb) 288 { 289 u8 *buf = urb->transfer_buffer; 290 u8 *guard = buf - buffer_offset(buf); 291 unsigned i; 292 293 for (i = 0; guard < buf; i++, guard++) { 294 if (*guard != GUARD_BYTE) { 295 ERROR(tdev, "guard byte[%d] %d (not %d)\n", 296 i, *guard, GUARD_BYTE); 297 return -EINVAL; 298 } 299 } 300 return 0; 301 } 302 303 static int simple_check_buf(struct usbtest_dev *tdev, struct urb *urb) 304 { 305 unsigned i; 306 u8 expected; 307 u8 *buf = urb->transfer_buffer; 308 unsigned len = urb->actual_length; 309 310 int ret = check_guard_bytes(tdev, urb); 311 if (ret) 312 return ret; 313 314 for (i = 0; i < len; i++, buf++) { 315 switch (pattern) { 316 /* all-zeroes has no synchronization issues */ 317 case 0: 318 expected = 0; 319 break; 320 /* mod63 stays in sync with short-terminated transfers, 321 * or otherwise when host and gadget agree on how large 322 * each usb transfer request should be. resync is done 323 * with set_interface or set_config. 324 */ 325 case 1: /* mod63 */ 326 expected = i % 63; 327 break; 328 /* always fail unsupported patterns */ 329 default: 330 expected = !*buf; 331 break; 332 } 333 if (*buf == expected) 334 continue; 335 ERROR(tdev, "buf[%d] = %d (not %d)\n", i, *buf, expected); 336 return -EINVAL; 337 } 338 return 0; 339 } 340 341 static void simple_free_urb(struct urb *urb) 342 { 343 unsigned long offset = buffer_offset(urb->transfer_buffer); 344 345 if (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP) 346 usb_free_coherent( 347 urb->dev, 348 urb->transfer_buffer_length + offset, 349 urb->transfer_buffer - offset, 350 urb->transfer_dma - offset); 351 else 352 kfree(urb->transfer_buffer - offset); 353 usb_free_urb(urb); 354 } 355 356 static int simple_io( 357 struct usbtest_dev *tdev, 358 struct urb *urb, 359 int iterations, 360 int vary, 361 int expected, 362 const char *label 363 ) 364 { 365 struct usb_device *udev = urb->dev; 366 int max = urb->transfer_buffer_length; 367 struct completion completion; 368 int retval = 0; 369 370 urb->context = &completion; 371 while (retval == 0 && iterations-- > 0) { 372 init_completion(&completion); 373 if (usb_pipeout(urb->pipe)) { 374 simple_fill_buf(urb); 375 urb->transfer_flags |= URB_ZERO_PACKET; 376 } 377 retval = usb_submit_urb(urb, GFP_KERNEL); 378 if (retval != 0) 379 break; 380 381 /* NOTE: no timeouts; can't be broken out of by interrupt */ 382 wait_for_completion(&completion); 383 retval = urb->status; 384 urb->dev = udev; 385 if (retval == 0 && usb_pipein(urb->pipe)) 386 retval = simple_check_buf(tdev, urb); 387 388 if (vary) { 389 int len = urb->transfer_buffer_length; 390 391 len += vary; 392 len %= max; 393 if (len == 0) 394 len = (vary < max) ? vary : max; 395 urb->transfer_buffer_length = len; 396 } 397 398 /* FIXME if endpoint halted, clear halt (and log) */ 399 } 400 urb->transfer_buffer_length = max; 401 402 if (expected != retval) 403 dev_err(&udev->dev, 404 "%s failed, iterations left %d, status %d (not %d)\n", 405 label, iterations, retval, expected); 406 return retval; 407 } 408 409 410 /*-------------------------------------------------------------------------*/ 411 412 /* We use scatterlist primitives to test queued I/O. 413 * Yes, this also tests the scatterlist primitives. 414 */ 415 416 static void free_sglist(struct scatterlist *sg, int nents) 417 { 418 unsigned i; 419 420 if (!sg) 421 return; 422 for (i = 0; i < nents; i++) { 423 if (!sg_page(&sg[i])) 424 continue; 425 kfree(sg_virt(&sg[i])); 426 } 427 kfree(sg); 428 } 429 430 static struct scatterlist * 431 alloc_sglist(int nents, int max, int vary) 432 { 433 struct scatterlist *sg; 434 unsigned i; 435 unsigned size = max; 436 437 if (max == 0) 438 return NULL; 439 440 sg = kmalloc_array(nents, sizeof *sg, GFP_KERNEL); 441 if (!sg) 442 return NULL; 443 sg_init_table(sg, nents); 444 445 for (i = 0; i < nents; i++) { 446 char *buf; 447 unsigned j; 448 449 buf = kzalloc(size, GFP_KERNEL); 450 if (!buf) { 451 free_sglist(sg, i); 452 return NULL; 453 } 454 455 /* kmalloc pages are always physically contiguous! */ 456 sg_set_buf(&sg[i], buf, size); 457 458 switch (pattern) { 459 case 0: 460 /* already zeroed */ 461 break; 462 case 1: 463 for (j = 0; j < size; j++) 464 *buf++ = (u8) (j % 63); 465 break; 466 } 467 468 if (vary) { 469 size += vary; 470 size %= max; 471 if (size == 0) 472 size = (vary < max) ? vary : max; 473 } 474 } 475 476 return sg; 477 } 478 479 static int perform_sglist( 480 struct usbtest_dev *tdev, 481 unsigned iterations, 482 int pipe, 483 struct usb_sg_request *req, 484 struct scatterlist *sg, 485 int nents 486 ) 487 { 488 struct usb_device *udev = testdev_to_usbdev(tdev); 489 int retval = 0; 490 491 while (retval == 0 && iterations-- > 0) { 492 retval = usb_sg_init(req, udev, pipe, 493 (udev->speed == USB_SPEED_HIGH) 494 ? (INTERRUPT_RATE << 3) 495 : INTERRUPT_RATE, 496 sg, nents, 0, GFP_KERNEL); 497 498 if (retval) 499 break; 500 usb_sg_wait(req); 501 retval = req->status; 502 503 /* FIXME check resulting data pattern */ 504 505 /* FIXME if endpoint halted, clear halt (and log) */ 506 } 507 508 /* FIXME for unlink or fault handling tests, don't report 509 * failure if retval is as we expected ... 510 */ 511 if (retval) 512 ERROR(tdev, "perform_sglist failed, " 513 "iterations left %d, status %d\n", 514 iterations, retval); 515 return retval; 516 } 517 518 519 /*-------------------------------------------------------------------------*/ 520 521 /* unqueued control message testing 522 * 523 * there's a nice set of device functional requirements in chapter 9 of the 524 * usb 2.0 spec, which we can apply to ANY device, even ones that don't use 525 * special test firmware. 526 * 527 * we know the device is configured (or suspended) by the time it's visible 528 * through usbfs. we can't change that, so we won't test enumeration (which 529 * worked 'well enough' to get here, this time), power management (ditto), 530 * or remote wakeup (which needs human interaction). 531 */ 532 533 static unsigned realworld = 1; 534 module_param(realworld, uint, 0); 535 MODULE_PARM_DESC(realworld, "clear to demand stricter spec compliance"); 536 537 static int get_altsetting(struct usbtest_dev *dev) 538 { 539 struct usb_interface *iface = dev->intf; 540 struct usb_device *udev = interface_to_usbdev(iface); 541 int retval; 542 543 retval = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), 544 USB_REQ_GET_INTERFACE, USB_DIR_IN|USB_RECIP_INTERFACE, 545 0, iface->altsetting[0].desc.bInterfaceNumber, 546 dev->buf, 1, USB_CTRL_GET_TIMEOUT); 547 switch (retval) { 548 case 1: 549 return dev->buf[0]; 550 case 0: 551 retval = -ERANGE; 552 /* FALLTHROUGH */ 553 default: 554 return retval; 555 } 556 } 557 558 static int set_altsetting(struct usbtest_dev *dev, int alternate) 559 { 560 struct usb_interface *iface = dev->intf; 561 struct usb_device *udev; 562 563 if (alternate < 0 || alternate >= 256) 564 return -EINVAL; 565 566 udev = interface_to_usbdev(iface); 567 return usb_set_interface(udev, 568 iface->altsetting[0].desc.bInterfaceNumber, 569 alternate); 570 } 571 572 static int is_good_config(struct usbtest_dev *tdev, int len) 573 { 574 struct usb_config_descriptor *config; 575 576 if (len < sizeof *config) 577 return 0; 578 config = (struct usb_config_descriptor *) tdev->buf; 579 580 switch (config->bDescriptorType) { 581 case USB_DT_CONFIG: 582 case USB_DT_OTHER_SPEED_CONFIG: 583 if (config->bLength != 9) { 584 ERROR(tdev, "bogus config descriptor length\n"); 585 return 0; 586 } 587 /* this bit 'must be 1' but often isn't */ 588 if (!realworld && !(config->bmAttributes & 0x80)) { 589 ERROR(tdev, "high bit of config attributes not set\n"); 590 return 0; 591 } 592 if (config->bmAttributes & 0x1f) { /* reserved == 0 */ 593 ERROR(tdev, "reserved config bits set\n"); 594 return 0; 595 } 596 break; 597 default: 598 return 0; 599 } 600 601 if (le16_to_cpu(config->wTotalLength) == len) /* read it all */ 602 return 1; 603 if (le16_to_cpu(config->wTotalLength) >= TBUF_SIZE) /* max partial read */ 604 return 1; 605 ERROR(tdev, "bogus config descriptor read size\n"); 606 return 0; 607 } 608 609 /* sanity test for standard requests working with usb_control_mesg() and some 610 * of the utility functions which use it. 611 * 612 * this doesn't test how endpoint halts behave or data toggles get set, since 613 * we won't do I/O to bulk/interrupt endpoints here (which is how to change 614 * halt or toggle). toggle testing is impractical without support from hcds. 615 * 616 * this avoids failing devices linux would normally work with, by not testing 617 * config/altsetting operations for devices that only support their defaults. 618 * such devices rarely support those needless operations. 619 * 620 * NOTE that since this is a sanity test, it's not examining boundary cases 621 * to see if usbcore, hcd, and device all behave right. such testing would 622 * involve varied read sizes and other operation sequences. 623 */ 624 static int ch9_postconfig(struct usbtest_dev *dev) 625 { 626 struct usb_interface *iface = dev->intf; 627 struct usb_device *udev = interface_to_usbdev(iface); 628 int i, alt, retval; 629 630 /* [9.2.3] if there's more than one altsetting, we need to be able to 631 * set and get each one. mostly trusts the descriptors from usbcore. 632 */ 633 for (i = 0; i < iface->num_altsetting; i++) { 634 635 /* 9.2.3 constrains the range here */ 636 alt = iface->altsetting[i].desc.bAlternateSetting; 637 if (alt < 0 || alt >= iface->num_altsetting) { 638 dev_err(&iface->dev, 639 "invalid alt [%d].bAltSetting = %d\n", 640 i, alt); 641 } 642 643 /* [real world] get/set unimplemented if there's only one */ 644 if (realworld && iface->num_altsetting == 1) 645 continue; 646 647 /* [9.4.10] set_interface */ 648 retval = set_altsetting(dev, alt); 649 if (retval) { 650 dev_err(&iface->dev, "can't set_interface = %d, %d\n", 651 alt, retval); 652 return retval; 653 } 654 655 /* [9.4.4] get_interface always works */ 656 retval = get_altsetting(dev); 657 if (retval != alt) { 658 dev_err(&iface->dev, "get alt should be %d, was %d\n", 659 alt, retval); 660 return (retval < 0) ? retval : -EDOM; 661 } 662 663 } 664 665 /* [real world] get_config unimplemented if there's only one */ 666 if (!realworld || udev->descriptor.bNumConfigurations != 1) { 667 int expected = udev->actconfig->desc.bConfigurationValue; 668 669 /* [9.4.2] get_configuration always works 670 * ... although some cheap devices (like one TI Hub I've got) 671 * won't return config descriptors except before set_config. 672 */ 673 retval = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), 674 USB_REQ_GET_CONFIGURATION, 675 USB_DIR_IN | USB_RECIP_DEVICE, 676 0, 0, dev->buf, 1, USB_CTRL_GET_TIMEOUT); 677 if (retval != 1 || dev->buf[0] != expected) { 678 dev_err(&iface->dev, "get config --> %d %d (1 %d)\n", 679 retval, dev->buf[0], expected); 680 return (retval < 0) ? retval : -EDOM; 681 } 682 } 683 684 /* there's always [9.4.3] a device descriptor [9.6.1] */ 685 retval = usb_get_descriptor(udev, USB_DT_DEVICE, 0, 686 dev->buf, sizeof udev->descriptor); 687 if (retval != sizeof udev->descriptor) { 688 dev_err(&iface->dev, "dev descriptor --> %d\n", retval); 689 return (retval < 0) ? retval : -EDOM; 690 } 691 692 /* there's always [9.4.3] at least one config descriptor [9.6.3] */ 693 for (i = 0; i < udev->descriptor.bNumConfigurations; i++) { 694 retval = usb_get_descriptor(udev, USB_DT_CONFIG, i, 695 dev->buf, TBUF_SIZE); 696 if (!is_good_config(dev, retval)) { 697 dev_err(&iface->dev, 698 "config [%d] descriptor --> %d\n", 699 i, retval); 700 return (retval < 0) ? retval : -EDOM; 701 } 702 703 /* FIXME cross-checking udev->config[i] to make sure usbcore 704 * parsed it right (etc) would be good testing paranoia 705 */ 706 } 707 708 /* and sometimes [9.2.6.6] speed dependent descriptors */ 709 if (le16_to_cpu(udev->descriptor.bcdUSB) == 0x0200) { 710 struct usb_qualifier_descriptor *d = NULL; 711 712 /* device qualifier [9.6.2] */ 713 retval = usb_get_descriptor(udev, 714 USB_DT_DEVICE_QUALIFIER, 0, dev->buf, 715 sizeof(struct usb_qualifier_descriptor)); 716 if (retval == -EPIPE) { 717 if (udev->speed == USB_SPEED_HIGH) { 718 dev_err(&iface->dev, 719 "hs dev qualifier --> %d\n", 720 retval); 721 return (retval < 0) ? retval : -EDOM; 722 } 723 /* usb2.0 but not high-speed capable; fine */ 724 } else if (retval != sizeof(struct usb_qualifier_descriptor)) { 725 dev_err(&iface->dev, "dev qualifier --> %d\n", retval); 726 return (retval < 0) ? retval : -EDOM; 727 } else 728 d = (struct usb_qualifier_descriptor *) dev->buf; 729 730 /* might not have [9.6.2] any other-speed configs [9.6.4] */ 731 if (d) { 732 unsigned max = d->bNumConfigurations; 733 for (i = 0; i < max; i++) { 734 retval = usb_get_descriptor(udev, 735 USB_DT_OTHER_SPEED_CONFIG, i, 736 dev->buf, TBUF_SIZE); 737 if (!is_good_config(dev, retval)) { 738 dev_err(&iface->dev, 739 "other speed config --> %d\n", 740 retval); 741 return (retval < 0) ? retval : -EDOM; 742 } 743 } 744 } 745 } 746 /* FIXME fetch strings from at least the device descriptor */ 747 748 /* [9.4.5] get_status always works */ 749 retval = usb_get_status(udev, USB_RECIP_DEVICE, 0, dev->buf); 750 if (retval != 2) { 751 dev_err(&iface->dev, "get dev status --> %d\n", retval); 752 return (retval < 0) ? retval : -EDOM; 753 } 754 755 /* FIXME configuration.bmAttributes says if we could try to set/clear 756 * the device's remote wakeup feature ... if we can, test that here 757 */ 758 759 retval = usb_get_status(udev, USB_RECIP_INTERFACE, 760 iface->altsetting[0].desc.bInterfaceNumber, dev->buf); 761 if (retval != 2) { 762 dev_err(&iface->dev, "get interface status --> %d\n", retval); 763 return (retval < 0) ? retval : -EDOM; 764 } 765 /* FIXME get status for each endpoint in the interface */ 766 767 return 0; 768 } 769 770 /*-------------------------------------------------------------------------*/ 771 772 /* use ch9 requests to test whether: 773 * (a) queues work for control, keeping N subtests queued and 774 * active (auto-resubmit) for M loops through the queue. 775 * (b) protocol stalls (control-only) will autorecover. 776 * it's not like bulk/intr; no halt clearing. 777 * (c) short control reads are reported and handled. 778 * (d) queues are always processed in-order 779 */ 780 781 struct ctrl_ctx { 782 spinlock_t lock; 783 struct usbtest_dev *dev; 784 struct completion complete; 785 unsigned count; 786 unsigned pending; 787 int status; 788 struct urb **urb; 789 struct usbtest_param *param; 790 int last; 791 }; 792 793 #define NUM_SUBCASES 15 /* how many test subcases here? */ 794 795 struct subcase { 796 struct usb_ctrlrequest setup; 797 int number; 798 int expected; 799 }; 800 801 static void ctrl_complete(struct urb *urb) 802 { 803 struct ctrl_ctx *ctx = urb->context; 804 struct usb_ctrlrequest *reqp; 805 struct subcase *subcase; 806 int status = urb->status; 807 808 reqp = (struct usb_ctrlrequest *)urb->setup_packet; 809 subcase = container_of(reqp, struct subcase, setup); 810 811 spin_lock(&ctx->lock); 812 ctx->count--; 813 ctx->pending--; 814 815 /* queue must transfer and complete in fifo order, unless 816 * usb_unlink_urb() is used to unlink something not at the 817 * physical queue head (not tested). 818 */ 819 if (subcase->number > 0) { 820 if ((subcase->number - ctx->last) != 1) { 821 ERROR(ctx->dev, 822 "subcase %d completed out of order, last %d\n", 823 subcase->number, ctx->last); 824 status = -EDOM; 825 ctx->last = subcase->number; 826 goto error; 827 } 828 } 829 ctx->last = subcase->number; 830 831 /* succeed or fault in only one way? */ 832 if (status == subcase->expected) 833 status = 0; 834 835 /* async unlink for cleanup? */ 836 else if (status != -ECONNRESET) { 837 838 /* some faults are allowed, not required */ 839 if (subcase->expected > 0 && ( 840 ((status == -subcase->expected /* happened */ 841 || status == 0)))) /* didn't */ 842 status = 0; 843 /* sometimes more than one fault is allowed */ 844 else if (subcase->number == 12 && status == -EPIPE) 845 status = 0; 846 else 847 ERROR(ctx->dev, "subtest %d error, status %d\n", 848 subcase->number, status); 849 } 850 851 /* unexpected status codes mean errors; ideally, in hardware */ 852 if (status) { 853 error: 854 if (ctx->status == 0) { 855 int i; 856 857 ctx->status = status; 858 ERROR(ctx->dev, "control queue %02x.%02x, err %d, " 859 "%d left, subcase %d, len %d/%d\n", 860 reqp->bRequestType, reqp->bRequest, 861 status, ctx->count, subcase->number, 862 urb->actual_length, 863 urb->transfer_buffer_length); 864 865 /* FIXME this "unlink everything" exit route should 866 * be a separate test case. 867 */ 868 869 /* unlink whatever's still pending */ 870 for (i = 1; i < ctx->param->sglen; i++) { 871 struct urb *u = ctx->urb[ 872 (i + subcase->number) 873 % ctx->param->sglen]; 874 875 if (u == urb || !u->dev) 876 continue; 877 spin_unlock(&ctx->lock); 878 status = usb_unlink_urb(u); 879 spin_lock(&ctx->lock); 880 switch (status) { 881 case -EINPROGRESS: 882 case -EBUSY: 883 case -EIDRM: 884 continue; 885 default: 886 ERROR(ctx->dev, "urb unlink --> %d\n", 887 status); 888 } 889 } 890 status = ctx->status; 891 } 892 } 893 894 /* resubmit if we need to, else mark this as done */ 895 if ((status == 0) && (ctx->pending < ctx->count)) { 896 status = usb_submit_urb(urb, GFP_ATOMIC); 897 if (status != 0) { 898 ERROR(ctx->dev, 899 "can't resubmit ctrl %02x.%02x, err %d\n", 900 reqp->bRequestType, reqp->bRequest, status); 901 urb->dev = NULL; 902 } else 903 ctx->pending++; 904 } else 905 urb->dev = NULL; 906 907 /* signal completion when nothing's queued */ 908 if (ctx->pending == 0) 909 complete(&ctx->complete); 910 spin_unlock(&ctx->lock); 911 } 912 913 static int 914 test_ctrl_queue(struct usbtest_dev *dev, struct usbtest_param *param) 915 { 916 struct usb_device *udev = testdev_to_usbdev(dev); 917 struct urb **urb; 918 struct ctrl_ctx context; 919 int i; 920 921 if (param->sglen == 0 || param->iterations > UINT_MAX / param->sglen) 922 return -EOPNOTSUPP; 923 924 spin_lock_init(&context.lock); 925 context.dev = dev; 926 init_completion(&context.complete); 927 context.count = param->sglen * param->iterations; 928 context.pending = 0; 929 context.status = -ENOMEM; 930 context.param = param; 931 context.last = -1; 932 933 /* allocate and init the urbs we'll queue. 934 * as with bulk/intr sglists, sglen is the queue depth; it also 935 * controls which subtests run (more tests than sglen) or rerun. 936 */ 937 urb = kcalloc(param->sglen, sizeof(struct urb *), GFP_KERNEL); 938 if (!urb) 939 return -ENOMEM; 940 for (i = 0; i < param->sglen; i++) { 941 int pipe = usb_rcvctrlpipe(udev, 0); 942 unsigned len; 943 struct urb *u; 944 struct usb_ctrlrequest req; 945 struct subcase *reqp; 946 947 /* sign of this variable means: 948 * -: tested code must return this (negative) error code 949 * +: tested code may return this (negative too) error code 950 */ 951 int expected = 0; 952 953 /* requests here are mostly expected to succeed on any 954 * device, but some are chosen to trigger protocol stalls 955 * or short reads. 956 */ 957 memset(&req, 0, sizeof req); 958 req.bRequest = USB_REQ_GET_DESCRIPTOR; 959 req.bRequestType = USB_DIR_IN|USB_RECIP_DEVICE; 960 961 switch (i % NUM_SUBCASES) { 962 case 0: /* get device descriptor */ 963 req.wValue = cpu_to_le16(USB_DT_DEVICE << 8); 964 len = sizeof(struct usb_device_descriptor); 965 break; 966 case 1: /* get first config descriptor (only) */ 967 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0); 968 len = sizeof(struct usb_config_descriptor); 969 break; 970 case 2: /* get altsetting (OFTEN STALLS) */ 971 req.bRequest = USB_REQ_GET_INTERFACE; 972 req.bRequestType = USB_DIR_IN|USB_RECIP_INTERFACE; 973 /* index = 0 means first interface */ 974 len = 1; 975 expected = EPIPE; 976 break; 977 case 3: /* get interface status */ 978 req.bRequest = USB_REQ_GET_STATUS; 979 req.bRequestType = USB_DIR_IN|USB_RECIP_INTERFACE; 980 /* interface 0 */ 981 len = 2; 982 break; 983 case 4: /* get device status */ 984 req.bRequest = USB_REQ_GET_STATUS; 985 req.bRequestType = USB_DIR_IN|USB_RECIP_DEVICE; 986 len = 2; 987 break; 988 case 5: /* get device qualifier (MAY STALL) */ 989 req.wValue = cpu_to_le16 (USB_DT_DEVICE_QUALIFIER << 8); 990 len = sizeof(struct usb_qualifier_descriptor); 991 if (udev->speed != USB_SPEED_HIGH) 992 expected = EPIPE; 993 break; 994 case 6: /* get first config descriptor, plus interface */ 995 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0); 996 len = sizeof(struct usb_config_descriptor); 997 len += sizeof(struct usb_interface_descriptor); 998 break; 999 case 7: /* get interface descriptor (ALWAYS STALLS) */ 1000 req.wValue = cpu_to_le16 (USB_DT_INTERFACE << 8); 1001 /* interface == 0 */ 1002 len = sizeof(struct usb_interface_descriptor); 1003 expected = -EPIPE; 1004 break; 1005 /* NOTE: two consecutive stalls in the queue here. 1006 * that tests fault recovery a bit more aggressively. */ 1007 case 8: /* clear endpoint halt (MAY STALL) */ 1008 req.bRequest = USB_REQ_CLEAR_FEATURE; 1009 req.bRequestType = USB_RECIP_ENDPOINT; 1010 /* wValue 0 == ep halt */ 1011 /* wIndex 0 == ep0 (shouldn't halt!) */ 1012 len = 0; 1013 pipe = usb_sndctrlpipe(udev, 0); 1014 expected = EPIPE; 1015 break; 1016 case 9: /* get endpoint status */ 1017 req.bRequest = USB_REQ_GET_STATUS; 1018 req.bRequestType = USB_DIR_IN|USB_RECIP_ENDPOINT; 1019 /* endpoint 0 */ 1020 len = 2; 1021 break; 1022 case 10: /* trigger short read (EREMOTEIO) */ 1023 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0); 1024 len = 1024; 1025 expected = -EREMOTEIO; 1026 break; 1027 /* NOTE: two consecutive _different_ faults in the queue. */ 1028 case 11: /* get endpoint descriptor (ALWAYS STALLS) */ 1029 req.wValue = cpu_to_le16(USB_DT_ENDPOINT << 8); 1030 /* endpoint == 0 */ 1031 len = sizeof(struct usb_interface_descriptor); 1032 expected = EPIPE; 1033 break; 1034 /* NOTE: sometimes even a third fault in the queue! */ 1035 case 12: /* get string 0 descriptor (MAY STALL) */ 1036 req.wValue = cpu_to_le16(USB_DT_STRING << 8); 1037 /* string == 0, for language IDs */ 1038 len = sizeof(struct usb_interface_descriptor); 1039 /* may succeed when > 4 languages */ 1040 expected = EREMOTEIO; /* or EPIPE, if no strings */ 1041 break; 1042 case 13: /* short read, resembling case 10 */ 1043 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0); 1044 /* last data packet "should" be DATA1, not DATA0 */ 1045 if (udev->speed == USB_SPEED_SUPER) 1046 len = 1024 - 512; 1047 else 1048 len = 1024 - udev->descriptor.bMaxPacketSize0; 1049 expected = -EREMOTEIO; 1050 break; 1051 case 14: /* short read; try to fill the last packet */ 1052 req.wValue = cpu_to_le16((USB_DT_DEVICE << 8) | 0); 1053 /* device descriptor size == 18 bytes */ 1054 len = udev->descriptor.bMaxPacketSize0; 1055 if (udev->speed == USB_SPEED_SUPER) 1056 len = 512; 1057 switch (len) { 1058 case 8: 1059 len = 24; 1060 break; 1061 case 16: 1062 len = 32; 1063 break; 1064 } 1065 expected = -EREMOTEIO; 1066 break; 1067 default: 1068 ERROR(dev, "bogus number of ctrl queue testcases!\n"); 1069 context.status = -EINVAL; 1070 goto cleanup; 1071 } 1072 req.wLength = cpu_to_le16(len); 1073 urb[i] = u = simple_alloc_urb(udev, pipe, len); 1074 if (!u) 1075 goto cleanup; 1076 1077 reqp = kmalloc(sizeof *reqp, GFP_KERNEL); 1078 if (!reqp) 1079 goto cleanup; 1080 reqp->setup = req; 1081 reqp->number = i % NUM_SUBCASES; 1082 reqp->expected = expected; 1083 u->setup_packet = (char *) &reqp->setup; 1084 1085 u->context = &context; 1086 u->complete = ctrl_complete; 1087 } 1088 1089 /* queue the urbs */ 1090 context.urb = urb; 1091 spin_lock_irq(&context.lock); 1092 for (i = 0; i < param->sglen; i++) { 1093 context.status = usb_submit_urb(urb[i], GFP_ATOMIC); 1094 if (context.status != 0) { 1095 ERROR(dev, "can't submit urb[%d], status %d\n", 1096 i, context.status); 1097 context.count = context.pending; 1098 break; 1099 } 1100 context.pending++; 1101 } 1102 spin_unlock_irq(&context.lock); 1103 1104 /* FIXME set timer and time out; provide a disconnect hook */ 1105 1106 /* wait for the last one to complete */ 1107 if (context.pending > 0) 1108 wait_for_completion(&context.complete); 1109 1110 cleanup: 1111 for (i = 0; i < param->sglen; i++) { 1112 if (!urb[i]) 1113 continue; 1114 urb[i]->dev = udev; 1115 kfree(urb[i]->setup_packet); 1116 simple_free_urb(urb[i]); 1117 } 1118 kfree(urb); 1119 return context.status; 1120 } 1121 #undef NUM_SUBCASES 1122 1123 1124 /*-------------------------------------------------------------------------*/ 1125 1126 static void unlink1_callback(struct urb *urb) 1127 { 1128 int status = urb->status; 1129 1130 /* we "know" -EPIPE (stall) never happens */ 1131 if (!status) 1132 status = usb_submit_urb(urb, GFP_ATOMIC); 1133 if (status) { 1134 urb->status = status; 1135 complete(urb->context); 1136 } 1137 } 1138 1139 static int unlink1(struct usbtest_dev *dev, int pipe, int size, int async) 1140 { 1141 struct urb *urb; 1142 struct completion completion; 1143 int retval = 0; 1144 1145 init_completion(&completion); 1146 urb = simple_alloc_urb(testdev_to_usbdev(dev), pipe, size); 1147 if (!urb) 1148 return -ENOMEM; 1149 urb->context = &completion; 1150 urb->complete = unlink1_callback; 1151 1152 /* keep the endpoint busy. there are lots of hc/hcd-internal 1153 * states, and testing should get to all of them over time. 1154 * 1155 * FIXME want additional tests for when endpoint is STALLing 1156 * due to errors, or is just NAKing requests. 1157 */ 1158 retval = usb_submit_urb(urb, GFP_KERNEL); 1159 if (retval != 0) { 1160 dev_err(&dev->intf->dev, "submit fail %d\n", retval); 1161 return retval; 1162 } 1163 1164 /* unlinking that should always work. variable delay tests more 1165 * hcd states and code paths, even with little other system load. 1166 */ 1167 msleep(jiffies % (2 * INTERRUPT_RATE)); 1168 if (async) { 1169 while (!completion_done(&completion)) { 1170 retval = usb_unlink_urb(urb); 1171 1172 switch (retval) { 1173 case -EBUSY: 1174 case -EIDRM: 1175 /* we can't unlink urbs while they're completing 1176 * or if they've completed, and we haven't 1177 * resubmitted. "normal" drivers would prevent 1178 * resubmission, but since we're testing unlink 1179 * paths, we can't. 1180 */ 1181 ERROR(dev, "unlink retry\n"); 1182 continue; 1183 case 0: 1184 case -EINPROGRESS: 1185 break; 1186 1187 default: 1188 dev_err(&dev->intf->dev, 1189 "unlink fail %d\n", retval); 1190 return retval; 1191 } 1192 1193 break; 1194 } 1195 } else 1196 usb_kill_urb(urb); 1197 1198 wait_for_completion(&completion); 1199 retval = urb->status; 1200 simple_free_urb(urb); 1201 1202 if (async) 1203 return (retval == -ECONNRESET) ? 0 : retval - 1000; 1204 else 1205 return (retval == -ENOENT || retval == -EPERM) ? 1206 0 : retval - 2000; 1207 } 1208 1209 static int unlink_simple(struct usbtest_dev *dev, int pipe, int len) 1210 { 1211 int retval = 0; 1212 1213 /* test sync and async paths */ 1214 retval = unlink1(dev, pipe, len, 1); 1215 if (!retval) 1216 retval = unlink1(dev, pipe, len, 0); 1217 return retval; 1218 } 1219 1220 /*-------------------------------------------------------------------------*/ 1221 1222 struct queued_ctx { 1223 struct completion complete; 1224 atomic_t pending; 1225 unsigned num; 1226 int status; 1227 struct urb **urbs; 1228 }; 1229 1230 static void unlink_queued_callback(struct urb *urb) 1231 { 1232 int status = urb->status; 1233 struct queued_ctx *ctx = urb->context; 1234 1235 if (ctx->status) 1236 goto done; 1237 if (urb == ctx->urbs[ctx->num - 4] || urb == ctx->urbs[ctx->num - 2]) { 1238 if (status == -ECONNRESET) 1239 goto done; 1240 /* What error should we report if the URB completed normally? */ 1241 } 1242 if (status != 0) 1243 ctx->status = status; 1244 1245 done: 1246 if (atomic_dec_and_test(&ctx->pending)) 1247 complete(&ctx->complete); 1248 } 1249 1250 static int unlink_queued(struct usbtest_dev *dev, int pipe, unsigned num, 1251 unsigned size) 1252 { 1253 struct queued_ctx ctx; 1254 struct usb_device *udev = testdev_to_usbdev(dev); 1255 void *buf; 1256 dma_addr_t buf_dma; 1257 int i; 1258 int retval = -ENOMEM; 1259 1260 init_completion(&ctx.complete); 1261 atomic_set(&ctx.pending, 1); /* One more than the actual value */ 1262 ctx.num = num; 1263 ctx.status = 0; 1264 1265 buf = usb_alloc_coherent(udev, size, GFP_KERNEL, &buf_dma); 1266 if (!buf) 1267 return retval; 1268 memset(buf, 0, size); 1269 1270 /* Allocate and init the urbs we'll queue */ 1271 ctx.urbs = kcalloc(num, sizeof(struct urb *), GFP_KERNEL); 1272 if (!ctx.urbs) 1273 goto free_buf; 1274 for (i = 0; i < num; i++) { 1275 ctx.urbs[i] = usb_alloc_urb(0, GFP_KERNEL); 1276 if (!ctx.urbs[i]) 1277 goto free_urbs; 1278 usb_fill_bulk_urb(ctx.urbs[i], udev, pipe, buf, size, 1279 unlink_queued_callback, &ctx); 1280 ctx.urbs[i]->transfer_dma = buf_dma; 1281 ctx.urbs[i]->transfer_flags = URB_NO_TRANSFER_DMA_MAP; 1282 } 1283 1284 /* Submit all the URBs and then unlink URBs num - 4 and num - 2. */ 1285 for (i = 0; i < num; i++) { 1286 atomic_inc(&ctx.pending); 1287 retval = usb_submit_urb(ctx.urbs[i], GFP_KERNEL); 1288 if (retval != 0) { 1289 dev_err(&dev->intf->dev, "submit urbs[%d] fail %d\n", 1290 i, retval); 1291 atomic_dec(&ctx.pending); 1292 ctx.status = retval; 1293 break; 1294 } 1295 } 1296 if (i == num) { 1297 usb_unlink_urb(ctx.urbs[num - 4]); 1298 usb_unlink_urb(ctx.urbs[num - 2]); 1299 } else { 1300 while (--i >= 0) 1301 usb_unlink_urb(ctx.urbs[i]); 1302 } 1303 1304 if (atomic_dec_and_test(&ctx.pending)) /* The extra count */ 1305 complete(&ctx.complete); 1306 wait_for_completion(&ctx.complete); 1307 retval = ctx.status; 1308 1309 free_urbs: 1310 for (i = 0; i < num; i++) 1311 usb_free_urb(ctx.urbs[i]); 1312 kfree(ctx.urbs); 1313 free_buf: 1314 usb_free_coherent(udev, size, buf, buf_dma); 1315 return retval; 1316 } 1317 1318 /*-------------------------------------------------------------------------*/ 1319 1320 static int verify_not_halted(struct usbtest_dev *tdev, int ep, struct urb *urb) 1321 { 1322 int retval; 1323 u16 status; 1324 1325 /* shouldn't look or act halted */ 1326 retval = usb_get_status(urb->dev, USB_RECIP_ENDPOINT, ep, &status); 1327 if (retval < 0) { 1328 ERROR(tdev, "ep %02x couldn't get no-halt status, %d\n", 1329 ep, retval); 1330 return retval; 1331 } 1332 if (status != 0) { 1333 ERROR(tdev, "ep %02x bogus status: %04x != 0\n", ep, status); 1334 return -EINVAL; 1335 } 1336 retval = simple_io(tdev, urb, 1, 0, 0, __func__); 1337 if (retval != 0) 1338 return -EINVAL; 1339 return 0; 1340 } 1341 1342 static int verify_halted(struct usbtest_dev *tdev, int ep, struct urb *urb) 1343 { 1344 int retval; 1345 u16 status; 1346 1347 /* should look and act halted */ 1348 retval = usb_get_status(urb->dev, USB_RECIP_ENDPOINT, ep, &status); 1349 if (retval < 0) { 1350 ERROR(tdev, "ep %02x couldn't get halt status, %d\n", 1351 ep, retval); 1352 return retval; 1353 } 1354 le16_to_cpus(&status); 1355 if (status != 1) { 1356 ERROR(tdev, "ep %02x bogus status: %04x != 1\n", ep, status); 1357 return -EINVAL; 1358 } 1359 retval = simple_io(tdev, urb, 1, 0, -EPIPE, __func__); 1360 if (retval != -EPIPE) 1361 return -EINVAL; 1362 retval = simple_io(tdev, urb, 1, 0, -EPIPE, "verify_still_halted"); 1363 if (retval != -EPIPE) 1364 return -EINVAL; 1365 return 0; 1366 } 1367 1368 static int test_halt(struct usbtest_dev *tdev, int ep, struct urb *urb) 1369 { 1370 int retval; 1371 1372 /* shouldn't look or act halted now */ 1373 retval = verify_not_halted(tdev, ep, urb); 1374 if (retval < 0) 1375 return retval; 1376 1377 /* set halt (protocol test only), verify it worked */ 1378 retval = usb_control_msg(urb->dev, usb_sndctrlpipe(urb->dev, 0), 1379 USB_REQ_SET_FEATURE, USB_RECIP_ENDPOINT, 1380 USB_ENDPOINT_HALT, ep, 1381 NULL, 0, USB_CTRL_SET_TIMEOUT); 1382 if (retval < 0) { 1383 ERROR(tdev, "ep %02x couldn't set halt, %d\n", ep, retval); 1384 return retval; 1385 } 1386 retval = verify_halted(tdev, ep, urb); 1387 if (retval < 0) 1388 return retval; 1389 1390 /* clear halt (tests API + protocol), verify it worked */ 1391 retval = usb_clear_halt(urb->dev, urb->pipe); 1392 if (retval < 0) { 1393 ERROR(tdev, "ep %02x couldn't clear halt, %d\n", ep, retval); 1394 return retval; 1395 } 1396 retval = verify_not_halted(tdev, ep, urb); 1397 if (retval < 0) 1398 return retval; 1399 1400 /* NOTE: could also verify SET_INTERFACE clear halts ... */ 1401 1402 return 0; 1403 } 1404 1405 static int halt_simple(struct usbtest_dev *dev) 1406 { 1407 int ep; 1408 int retval = 0; 1409 struct urb *urb; 1410 struct usb_device *udev = testdev_to_usbdev(dev); 1411 1412 if (udev->speed == USB_SPEED_SUPER) 1413 urb = simple_alloc_urb(udev, 0, 1024); 1414 else 1415 urb = simple_alloc_urb(udev, 0, 512); 1416 if (urb == NULL) 1417 return -ENOMEM; 1418 1419 if (dev->in_pipe) { 1420 ep = usb_pipeendpoint(dev->in_pipe) | USB_DIR_IN; 1421 urb->pipe = dev->in_pipe; 1422 retval = test_halt(dev, ep, urb); 1423 if (retval < 0) 1424 goto done; 1425 } 1426 1427 if (dev->out_pipe) { 1428 ep = usb_pipeendpoint(dev->out_pipe); 1429 urb->pipe = dev->out_pipe; 1430 retval = test_halt(dev, ep, urb); 1431 } 1432 done: 1433 simple_free_urb(urb); 1434 return retval; 1435 } 1436 1437 /*-------------------------------------------------------------------------*/ 1438 1439 /* Control OUT tests use the vendor control requests from Intel's 1440 * USB 2.0 compliance test device: write a buffer, read it back. 1441 * 1442 * Intel's spec only _requires_ that it work for one packet, which 1443 * is pretty weak. Some HCDs place limits here; most devices will 1444 * need to be able to handle more than one OUT data packet. We'll 1445 * try whatever we're told to try. 1446 */ 1447 static int ctrl_out(struct usbtest_dev *dev, 1448 unsigned count, unsigned length, unsigned vary, unsigned offset) 1449 { 1450 unsigned i, j, len; 1451 int retval; 1452 u8 *buf; 1453 char *what = "?"; 1454 struct usb_device *udev; 1455 1456 if (length < 1 || length > 0xffff || vary >= length) 1457 return -EINVAL; 1458 1459 buf = kmalloc(length + offset, GFP_KERNEL); 1460 if (!buf) 1461 return -ENOMEM; 1462 1463 buf += offset; 1464 udev = testdev_to_usbdev(dev); 1465 len = length; 1466 retval = 0; 1467 1468 /* NOTE: hardware might well act differently if we pushed it 1469 * with lots back-to-back queued requests. 1470 */ 1471 for (i = 0; i < count; i++) { 1472 /* write patterned data */ 1473 for (j = 0; j < len; j++) 1474 buf[j] = i + j; 1475 retval = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 1476 0x5b, USB_DIR_OUT|USB_TYPE_VENDOR, 1477 0, 0, buf, len, USB_CTRL_SET_TIMEOUT); 1478 if (retval != len) { 1479 what = "write"; 1480 if (retval >= 0) { 1481 ERROR(dev, "ctrl_out, wlen %d (expected %d)\n", 1482 retval, len); 1483 retval = -EBADMSG; 1484 } 1485 break; 1486 } 1487 1488 /* read it back -- assuming nothing intervened!! */ 1489 retval = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), 1490 0x5c, USB_DIR_IN|USB_TYPE_VENDOR, 1491 0, 0, buf, len, USB_CTRL_GET_TIMEOUT); 1492 if (retval != len) { 1493 what = "read"; 1494 if (retval >= 0) { 1495 ERROR(dev, "ctrl_out, rlen %d (expected %d)\n", 1496 retval, len); 1497 retval = -EBADMSG; 1498 } 1499 break; 1500 } 1501 1502 /* fail if we can't verify */ 1503 for (j = 0; j < len; j++) { 1504 if (buf[j] != (u8) (i + j)) { 1505 ERROR(dev, "ctrl_out, byte %d is %d not %d\n", 1506 j, buf[j], (u8) i + j); 1507 retval = -EBADMSG; 1508 break; 1509 } 1510 } 1511 if (retval < 0) { 1512 what = "verify"; 1513 break; 1514 } 1515 1516 len += vary; 1517 1518 /* [real world] the "zero bytes IN" case isn't really used. 1519 * hardware can easily trip up in this weird case, since its 1520 * status stage is IN, not OUT like other ep0in transfers. 1521 */ 1522 if (len > length) 1523 len = realworld ? 1 : 0; 1524 } 1525 1526 if (retval < 0) 1527 ERROR(dev, "ctrl_out %s failed, code %d, count %d\n", 1528 what, retval, i); 1529 1530 kfree(buf - offset); 1531 return retval; 1532 } 1533 1534 /*-------------------------------------------------------------------------*/ 1535 1536 /* ISO tests ... mimics common usage 1537 * - buffer length is split into N packets (mostly maxpacket sized) 1538 * - multi-buffers according to sglen 1539 */ 1540 1541 struct iso_context { 1542 unsigned count; 1543 unsigned pending; 1544 spinlock_t lock; 1545 struct completion done; 1546 int submit_error; 1547 unsigned long errors; 1548 unsigned long packet_count; 1549 struct usbtest_dev *dev; 1550 }; 1551 1552 static void iso_callback(struct urb *urb) 1553 { 1554 struct iso_context *ctx = urb->context; 1555 1556 spin_lock(&ctx->lock); 1557 ctx->count--; 1558 1559 ctx->packet_count += urb->number_of_packets; 1560 if (urb->error_count > 0) 1561 ctx->errors += urb->error_count; 1562 else if (urb->status != 0) 1563 ctx->errors += urb->number_of_packets; 1564 else if (urb->actual_length != urb->transfer_buffer_length) 1565 ctx->errors++; 1566 else if (check_guard_bytes(ctx->dev, urb) != 0) 1567 ctx->errors++; 1568 1569 if (urb->status == 0 && ctx->count > (ctx->pending - 1) 1570 && !ctx->submit_error) { 1571 int status = usb_submit_urb(urb, GFP_ATOMIC); 1572 switch (status) { 1573 case 0: 1574 goto done; 1575 default: 1576 dev_err(&ctx->dev->intf->dev, 1577 "iso resubmit err %d\n", 1578 status); 1579 /* FALLTHROUGH */ 1580 case -ENODEV: /* disconnected */ 1581 case -ESHUTDOWN: /* endpoint disabled */ 1582 ctx->submit_error = 1; 1583 break; 1584 } 1585 } 1586 1587 ctx->pending--; 1588 if (ctx->pending == 0) { 1589 if (ctx->errors) 1590 dev_err(&ctx->dev->intf->dev, 1591 "iso test, %lu errors out of %lu\n", 1592 ctx->errors, ctx->packet_count); 1593 complete(&ctx->done); 1594 } 1595 done: 1596 spin_unlock(&ctx->lock); 1597 } 1598 1599 static struct urb *iso_alloc_urb( 1600 struct usb_device *udev, 1601 int pipe, 1602 struct usb_endpoint_descriptor *desc, 1603 long bytes, 1604 unsigned offset 1605 ) 1606 { 1607 struct urb *urb; 1608 unsigned i, maxp, packets; 1609 1610 if (bytes < 0 || !desc) 1611 return NULL; 1612 maxp = 0x7ff & usb_endpoint_maxp(desc); 1613 maxp *= 1 + (0x3 & (usb_endpoint_maxp(desc) >> 11)); 1614 packets = DIV_ROUND_UP(bytes, maxp); 1615 1616 urb = usb_alloc_urb(packets, GFP_KERNEL); 1617 if (!urb) 1618 return urb; 1619 urb->dev = udev; 1620 urb->pipe = pipe; 1621 1622 urb->number_of_packets = packets; 1623 urb->transfer_buffer_length = bytes; 1624 urb->transfer_buffer = usb_alloc_coherent(udev, bytes + offset, 1625 GFP_KERNEL, 1626 &urb->transfer_dma); 1627 if (!urb->transfer_buffer) { 1628 usb_free_urb(urb); 1629 return NULL; 1630 } 1631 if (offset) { 1632 memset(urb->transfer_buffer, GUARD_BYTE, offset); 1633 urb->transfer_buffer += offset; 1634 urb->transfer_dma += offset; 1635 } 1636 /* For inbound transfers use guard byte so that test fails if 1637 data not correctly copied */ 1638 memset(urb->transfer_buffer, 1639 usb_pipein(urb->pipe) ? GUARD_BYTE : 0, 1640 bytes); 1641 1642 for (i = 0; i < packets; i++) { 1643 /* here, only the last packet will be short */ 1644 urb->iso_frame_desc[i].length = min((unsigned) bytes, maxp); 1645 bytes -= urb->iso_frame_desc[i].length; 1646 1647 urb->iso_frame_desc[i].offset = maxp * i; 1648 } 1649 1650 urb->complete = iso_callback; 1651 /* urb->context = SET BY CALLER */ 1652 urb->interval = 1 << (desc->bInterval - 1); 1653 urb->transfer_flags = URB_ISO_ASAP | URB_NO_TRANSFER_DMA_MAP; 1654 return urb; 1655 } 1656 1657 static int 1658 test_iso_queue(struct usbtest_dev *dev, struct usbtest_param *param, 1659 int pipe, struct usb_endpoint_descriptor *desc, unsigned offset) 1660 { 1661 struct iso_context context; 1662 struct usb_device *udev; 1663 unsigned i; 1664 unsigned long packets = 0; 1665 int status = 0; 1666 struct urb *urbs[10]; /* FIXME no limit */ 1667 1668 if (param->sglen > 10) 1669 return -EDOM; 1670 1671 memset(&context, 0, sizeof context); 1672 context.count = param->iterations * param->sglen; 1673 context.dev = dev; 1674 init_completion(&context.done); 1675 spin_lock_init(&context.lock); 1676 1677 memset(urbs, 0, sizeof urbs); 1678 udev = testdev_to_usbdev(dev); 1679 dev_info(&dev->intf->dev, 1680 "... iso period %d %sframes, wMaxPacket %04x\n", 1681 1 << (desc->bInterval - 1), 1682 (udev->speed == USB_SPEED_HIGH) ? "micro" : "", 1683 usb_endpoint_maxp(desc)); 1684 1685 for (i = 0; i < param->sglen; i++) { 1686 urbs[i] = iso_alloc_urb(udev, pipe, desc, 1687 param->length, offset); 1688 if (!urbs[i]) { 1689 status = -ENOMEM; 1690 goto fail; 1691 } 1692 packets += urbs[i]->number_of_packets; 1693 urbs[i]->context = &context; 1694 } 1695 packets *= param->iterations; 1696 dev_info(&dev->intf->dev, 1697 "... total %lu msec (%lu packets)\n", 1698 (packets * (1 << (desc->bInterval - 1))) 1699 / ((udev->speed == USB_SPEED_HIGH) ? 8 : 1), 1700 packets); 1701 1702 spin_lock_irq(&context.lock); 1703 for (i = 0; i < param->sglen; i++) { 1704 ++context.pending; 1705 status = usb_submit_urb(urbs[i], GFP_ATOMIC); 1706 if (status < 0) { 1707 ERROR(dev, "submit iso[%d], error %d\n", i, status); 1708 if (i == 0) { 1709 spin_unlock_irq(&context.lock); 1710 goto fail; 1711 } 1712 1713 simple_free_urb(urbs[i]); 1714 urbs[i] = NULL; 1715 context.pending--; 1716 context.submit_error = 1; 1717 break; 1718 } 1719 } 1720 spin_unlock_irq(&context.lock); 1721 1722 wait_for_completion(&context.done); 1723 1724 for (i = 0; i < param->sglen; i++) { 1725 if (urbs[i]) 1726 simple_free_urb(urbs[i]); 1727 } 1728 /* 1729 * Isochronous transfers are expected to fail sometimes. As an 1730 * arbitrary limit, we will report an error if any submissions 1731 * fail or if the transfer failure rate is > 10%. 1732 */ 1733 if (status != 0) 1734 ; 1735 else if (context.submit_error) 1736 status = -EACCES; 1737 else if (context.errors > context.packet_count / 10) 1738 status = -EIO; 1739 return status; 1740 1741 fail: 1742 for (i = 0; i < param->sglen; i++) { 1743 if (urbs[i]) 1744 simple_free_urb(urbs[i]); 1745 } 1746 return status; 1747 } 1748 1749 static int test_unaligned_bulk( 1750 struct usbtest_dev *tdev, 1751 int pipe, 1752 unsigned length, 1753 int iterations, 1754 unsigned transfer_flags, 1755 const char *label) 1756 { 1757 int retval; 1758 struct urb *urb = usbtest_alloc_urb( 1759 testdev_to_usbdev(tdev), pipe, length, transfer_flags, 1); 1760 1761 if (!urb) 1762 return -ENOMEM; 1763 1764 retval = simple_io(tdev, urb, iterations, 0, 0, label); 1765 simple_free_urb(urb); 1766 return retval; 1767 } 1768 1769 /*-------------------------------------------------------------------------*/ 1770 1771 /* We only have this one interface to user space, through usbfs. 1772 * User mode code can scan usbfs to find N different devices (maybe on 1773 * different busses) to use when testing, and allocate one thread per 1774 * test. So discovery is simplified, and we have no device naming issues. 1775 * 1776 * Don't use these only as stress/load tests. Use them along with with 1777 * other USB bus activity: plugging, unplugging, mousing, mp3 playback, 1778 * video capture, and so on. Run different tests at different times, in 1779 * different sequences. Nothing here should interact with other devices, 1780 * except indirectly by consuming USB bandwidth and CPU resources for test 1781 * threads and request completion. But the only way to know that for sure 1782 * is to test when HC queues are in use by many devices. 1783 * 1784 * WARNING: Because usbfs grabs udev->dev.sem before calling this ioctl(), 1785 * it locks out usbcore in certain code paths. Notably, if you disconnect 1786 * the device-under-test, khubd will wait block forever waiting for the 1787 * ioctl to complete ... so that usb_disconnect() can abort the pending 1788 * urbs and then call usbtest_disconnect(). To abort a test, you're best 1789 * off just killing the userspace task and waiting for it to exit. 1790 */ 1791 1792 static int 1793 usbtest_ioctl(struct usb_interface *intf, unsigned int code, void *buf) 1794 { 1795 struct usbtest_dev *dev = usb_get_intfdata(intf); 1796 struct usb_device *udev = testdev_to_usbdev(dev); 1797 struct usbtest_param *param = buf; 1798 int retval = -EOPNOTSUPP; 1799 struct urb *urb; 1800 struct scatterlist *sg; 1801 struct usb_sg_request req; 1802 struct timeval start; 1803 unsigned i; 1804 1805 /* FIXME USBDEVFS_CONNECTINFO doesn't say how fast the device is. */ 1806 1807 pattern = mod_pattern; 1808 1809 if (code != USBTEST_REQUEST) 1810 return -EOPNOTSUPP; 1811 1812 if (param->iterations <= 0) 1813 return -EINVAL; 1814 1815 if (mutex_lock_interruptible(&dev->lock)) 1816 return -ERESTARTSYS; 1817 1818 /* FIXME: What if a system sleep starts while a test is running? */ 1819 1820 /* some devices, like ez-usb default devices, need a non-default 1821 * altsetting to have any active endpoints. some tests change 1822 * altsettings; force a default so most tests don't need to check. 1823 */ 1824 if (dev->info->alt >= 0) { 1825 int res; 1826 1827 if (intf->altsetting->desc.bInterfaceNumber) { 1828 mutex_unlock(&dev->lock); 1829 return -ENODEV; 1830 } 1831 res = set_altsetting(dev, dev->info->alt); 1832 if (res) { 1833 dev_err(&intf->dev, 1834 "set altsetting to %d failed, %d\n", 1835 dev->info->alt, res); 1836 mutex_unlock(&dev->lock); 1837 return res; 1838 } 1839 } 1840 1841 /* 1842 * Just a bunch of test cases that every HCD is expected to handle. 1843 * 1844 * Some may need specific firmware, though it'd be good to have 1845 * one firmware image to handle all the test cases. 1846 * 1847 * FIXME add more tests! cancel requests, verify the data, control 1848 * queueing, concurrent read+write threads, and so on. 1849 */ 1850 do_gettimeofday(&start); 1851 switch (param->test_num) { 1852 1853 case 0: 1854 dev_info(&intf->dev, "TEST 0: NOP\n"); 1855 retval = 0; 1856 break; 1857 1858 /* Simple non-queued bulk I/O tests */ 1859 case 1: 1860 if (dev->out_pipe == 0) 1861 break; 1862 dev_info(&intf->dev, 1863 "TEST 1: write %d bytes %u times\n", 1864 param->length, param->iterations); 1865 urb = simple_alloc_urb(udev, dev->out_pipe, param->length); 1866 if (!urb) { 1867 retval = -ENOMEM; 1868 break; 1869 } 1870 /* FIRMWARE: bulk sink (maybe accepts short writes) */ 1871 retval = simple_io(dev, urb, param->iterations, 0, 0, "test1"); 1872 simple_free_urb(urb); 1873 break; 1874 case 2: 1875 if (dev->in_pipe == 0) 1876 break; 1877 dev_info(&intf->dev, 1878 "TEST 2: read %d bytes %u times\n", 1879 param->length, param->iterations); 1880 urb = simple_alloc_urb(udev, dev->in_pipe, param->length); 1881 if (!urb) { 1882 retval = -ENOMEM; 1883 break; 1884 } 1885 /* FIRMWARE: bulk source (maybe generates short writes) */ 1886 retval = simple_io(dev, urb, param->iterations, 0, 0, "test2"); 1887 simple_free_urb(urb); 1888 break; 1889 case 3: 1890 if (dev->out_pipe == 0 || param->vary == 0) 1891 break; 1892 dev_info(&intf->dev, 1893 "TEST 3: write/%d 0..%d bytes %u times\n", 1894 param->vary, param->length, param->iterations); 1895 urb = simple_alloc_urb(udev, dev->out_pipe, param->length); 1896 if (!urb) { 1897 retval = -ENOMEM; 1898 break; 1899 } 1900 /* FIRMWARE: bulk sink (maybe accepts short writes) */ 1901 retval = simple_io(dev, urb, param->iterations, param->vary, 1902 0, "test3"); 1903 simple_free_urb(urb); 1904 break; 1905 case 4: 1906 if (dev->in_pipe == 0 || param->vary == 0) 1907 break; 1908 dev_info(&intf->dev, 1909 "TEST 4: read/%d 0..%d bytes %u times\n", 1910 param->vary, param->length, param->iterations); 1911 urb = simple_alloc_urb(udev, dev->in_pipe, param->length); 1912 if (!urb) { 1913 retval = -ENOMEM; 1914 break; 1915 } 1916 /* FIRMWARE: bulk source (maybe generates short writes) */ 1917 retval = simple_io(dev, urb, param->iterations, param->vary, 1918 0, "test4"); 1919 simple_free_urb(urb); 1920 break; 1921 1922 /* Queued bulk I/O tests */ 1923 case 5: 1924 if (dev->out_pipe == 0 || param->sglen == 0) 1925 break; 1926 dev_info(&intf->dev, 1927 "TEST 5: write %d sglists %d entries of %d bytes\n", 1928 param->iterations, 1929 param->sglen, param->length); 1930 sg = alloc_sglist(param->sglen, param->length, 0); 1931 if (!sg) { 1932 retval = -ENOMEM; 1933 break; 1934 } 1935 /* FIRMWARE: bulk sink (maybe accepts short writes) */ 1936 retval = perform_sglist(dev, param->iterations, dev->out_pipe, 1937 &req, sg, param->sglen); 1938 free_sglist(sg, param->sglen); 1939 break; 1940 1941 case 6: 1942 if (dev->in_pipe == 0 || param->sglen == 0) 1943 break; 1944 dev_info(&intf->dev, 1945 "TEST 6: read %d sglists %d entries of %d bytes\n", 1946 param->iterations, 1947 param->sglen, param->length); 1948 sg = alloc_sglist(param->sglen, param->length, 0); 1949 if (!sg) { 1950 retval = -ENOMEM; 1951 break; 1952 } 1953 /* FIRMWARE: bulk source (maybe generates short writes) */ 1954 retval = perform_sglist(dev, param->iterations, dev->in_pipe, 1955 &req, sg, param->sglen); 1956 free_sglist(sg, param->sglen); 1957 break; 1958 case 7: 1959 if (dev->out_pipe == 0 || param->sglen == 0 || param->vary == 0) 1960 break; 1961 dev_info(&intf->dev, 1962 "TEST 7: write/%d %d sglists %d entries 0..%d bytes\n", 1963 param->vary, param->iterations, 1964 param->sglen, param->length); 1965 sg = alloc_sglist(param->sglen, param->length, param->vary); 1966 if (!sg) { 1967 retval = -ENOMEM; 1968 break; 1969 } 1970 /* FIRMWARE: bulk sink (maybe accepts short writes) */ 1971 retval = perform_sglist(dev, param->iterations, dev->out_pipe, 1972 &req, sg, param->sglen); 1973 free_sglist(sg, param->sglen); 1974 break; 1975 case 8: 1976 if (dev->in_pipe == 0 || param->sglen == 0 || param->vary == 0) 1977 break; 1978 dev_info(&intf->dev, 1979 "TEST 8: read/%d %d sglists %d entries 0..%d bytes\n", 1980 param->vary, param->iterations, 1981 param->sglen, param->length); 1982 sg = alloc_sglist(param->sglen, param->length, param->vary); 1983 if (!sg) { 1984 retval = -ENOMEM; 1985 break; 1986 } 1987 /* FIRMWARE: bulk source (maybe generates short writes) */ 1988 retval = perform_sglist(dev, param->iterations, dev->in_pipe, 1989 &req, sg, param->sglen); 1990 free_sglist(sg, param->sglen); 1991 break; 1992 1993 /* non-queued sanity tests for control (chapter 9 subset) */ 1994 case 9: 1995 retval = 0; 1996 dev_info(&intf->dev, 1997 "TEST 9: ch9 (subset) control tests, %d times\n", 1998 param->iterations); 1999 for (i = param->iterations; retval == 0 && i--; /* NOP */) 2000 retval = ch9_postconfig(dev); 2001 if (retval) 2002 dev_err(&intf->dev, "ch9 subset failed, " 2003 "iterations left %d\n", i); 2004 break; 2005 2006 /* queued control messaging */ 2007 case 10: 2008 retval = 0; 2009 dev_info(&intf->dev, 2010 "TEST 10: queue %d control calls, %d times\n", 2011 param->sglen, 2012 param->iterations); 2013 retval = test_ctrl_queue(dev, param); 2014 break; 2015 2016 /* simple non-queued unlinks (ring with one urb) */ 2017 case 11: 2018 if (dev->in_pipe == 0 || !param->length) 2019 break; 2020 retval = 0; 2021 dev_info(&intf->dev, "TEST 11: unlink %d reads of %d\n", 2022 param->iterations, param->length); 2023 for (i = param->iterations; retval == 0 && i--; /* NOP */) 2024 retval = unlink_simple(dev, dev->in_pipe, 2025 param->length); 2026 if (retval) 2027 dev_err(&intf->dev, "unlink reads failed %d, " 2028 "iterations left %d\n", retval, i); 2029 break; 2030 case 12: 2031 if (dev->out_pipe == 0 || !param->length) 2032 break; 2033 retval = 0; 2034 dev_info(&intf->dev, "TEST 12: unlink %d writes of %d\n", 2035 param->iterations, param->length); 2036 for (i = param->iterations; retval == 0 && i--; /* NOP */) 2037 retval = unlink_simple(dev, dev->out_pipe, 2038 param->length); 2039 if (retval) 2040 dev_err(&intf->dev, "unlink writes failed %d, " 2041 "iterations left %d\n", retval, i); 2042 break; 2043 2044 /* ep halt tests */ 2045 case 13: 2046 if (dev->out_pipe == 0 && dev->in_pipe == 0) 2047 break; 2048 retval = 0; 2049 dev_info(&intf->dev, "TEST 13: set/clear %d halts\n", 2050 param->iterations); 2051 for (i = param->iterations; retval == 0 && i--; /* NOP */) 2052 retval = halt_simple(dev); 2053 2054 if (retval) 2055 ERROR(dev, "halts failed, iterations left %d\n", i); 2056 break; 2057 2058 /* control write tests */ 2059 case 14: 2060 if (!dev->info->ctrl_out) 2061 break; 2062 dev_info(&intf->dev, "TEST 14: %d ep0out, %d..%d vary %d\n", 2063 param->iterations, 2064 realworld ? 1 : 0, param->length, 2065 param->vary); 2066 retval = ctrl_out(dev, param->iterations, 2067 param->length, param->vary, 0); 2068 break; 2069 2070 /* iso write tests */ 2071 case 15: 2072 if (dev->out_iso_pipe == 0 || param->sglen == 0) 2073 break; 2074 dev_info(&intf->dev, 2075 "TEST 15: write %d iso, %d entries of %d bytes\n", 2076 param->iterations, 2077 param->sglen, param->length); 2078 /* FIRMWARE: iso sink */ 2079 retval = test_iso_queue(dev, param, 2080 dev->out_iso_pipe, dev->iso_out, 0); 2081 break; 2082 2083 /* iso read tests */ 2084 case 16: 2085 if (dev->in_iso_pipe == 0 || param->sglen == 0) 2086 break; 2087 dev_info(&intf->dev, 2088 "TEST 16: read %d iso, %d entries of %d bytes\n", 2089 param->iterations, 2090 param->sglen, param->length); 2091 /* FIRMWARE: iso source */ 2092 retval = test_iso_queue(dev, param, 2093 dev->in_iso_pipe, dev->iso_in, 0); 2094 break; 2095 2096 /* FIXME scatterlist cancel (needs helper thread) */ 2097 2098 /* Tests for bulk I/O using DMA mapping by core and odd address */ 2099 case 17: 2100 if (dev->out_pipe == 0) 2101 break; 2102 dev_info(&intf->dev, 2103 "TEST 17: write odd addr %d bytes %u times core map\n", 2104 param->length, param->iterations); 2105 2106 retval = test_unaligned_bulk( 2107 dev, dev->out_pipe, 2108 param->length, param->iterations, 2109 0, "test17"); 2110 break; 2111 2112 case 18: 2113 if (dev->in_pipe == 0) 2114 break; 2115 dev_info(&intf->dev, 2116 "TEST 18: read odd addr %d bytes %u times core map\n", 2117 param->length, param->iterations); 2118 2119 retval = test_unaligned_bulk( 2120 dev, dev->in_pipe, 2121 param->length, param->iterations, 2122 0, "test18"); 2123 break; 2124 2125 /* Tests for bulk I/O using premapped coherent buffer and odd address */ 2126 case 19: 2127 if (dev->out_pipe == 0) 2128 break; 2129 dev_info(&intf->dev, 2130 "TEST 19: write odd addr %d bytes %u times premapped\n", 2131 param->length, param->iterations); 2132 2133 retval = test_unaligned_bulk( 2134 dev, dev->out_pipe, 2135 param->length, param->iterations, 2136 URB_NO_TRANSFER_DMA_MAP, "test19"); 2137 break; 2138 2139 case 20: 2140 if (dev->in_pipe == 0) 2141 break; 2142 dev_info(&intf->dev, 2143 "TEST 20: read odd addr %d bytes %u times premapped\n", 2144 param->length, param->iterations); 2145 2146 retval = test_unaligned_bulk( 2147 dev, dev->in_pipe, 2148 param->length, param->iterations, 2149 URB_NO_TRANSFER_DMA_MAP, "test20"); 2150 break; 2151 2152 /* control write tests with unaligned buffer */ 2153 case 21: 2154 if (!dev->info->ctrl_out) 2155 break; 2156 dev_info(&intf->dev, 2157 "TEST 21: %d ep0out odd addr, %d..%d vary %d\n", 2158 param->iterations, 2159 realworld ? 1 : 0, param->length, 2160 param->vary); 2161 retval = ctrl_out(dev, param->iterations, 2162 param->length, param->vary, 1); 2163 break; 2164 2165 /* unaligned iso tests */ 2166 case 22: 2167 if (dev->out_iso_pipe == 0 || param->sglen == 0) 2168 break; 2169 dev_info(&intf->dev, 2170 "TEST 22: write %d iso odd, %d entries of %d bytes\n", 2171 param->iterations, 2172 param->sglen, param->length); 2173 retval = test_iso_queue(dev, param, 2174 dev->out_iso_pipe, dev->iso_out, 1); 2175 break; 2176 2177 case 23: 2178 if (dev->in_iso_pipe == 0 || param->sglen == 0) 2179 break; 2180 dev_info(&intf->dev, 2181 "TEST 23: read %d iso odd, %d entries of %d bytes\n", 2182 param->iterations, 2183 param->sglen, param->length); 2184 retval = test_iso_queue(dev, param, 2185 dev->in_iso_pipe, dev->iso_in, 1); 2186 break; 2187 2188 /* unlink URBs from a bulk-OUT queue */ 2189 case 24: 2190 if (dev->out_pipe == 0 || !param->length || param->sglen < 4) 2191 break; 2192 retval = 0; 2193 dev_info(&intf->dev, "TEST 24: unlink from %d queues of " 2194 "%d %d-byte writes\n", 2195 param->iterations, param->sglen, param->length); 2196 for (i = param->iterations; retval == 0 && i > 0; --i) { 2197 retval = unlink_queued(dev, dev->out_pipe, 2198 param->sglen, param->length); 2199 if (retval) { 2200 dev_err(&intf->dev, 2201 "unlink queued writes failed %d, " 2202 "iterations left %d\n", retval, i); 2203 break; 2204 } 2205 } 2206 break; 2207 2208 } 2209 do_gettimeofday(¶m->duration); 2210 param->duration.tv_sec -= start.tv_sec; 2211 param->duration.tv_usec -= start.tv_usec; 2212 if (param->duration.tv_usec < 0) { 2213 param->duration.tv_usec += 1000 * 1000; 2214 param->duration.tv_sec -= 1; 2215 } 2216 mutex_unlock(&dev->lock); 2217 return retval; 2218 } 2219 2220 /*-------------------------------------------------------------------------*/ 2221 2222 static unsigned force_interrupt; 2223 module_param(force_interrupt, uint, 0); 2224 MODULE_PARM_DESC(force_interrupt, "0 = test default; else interrupt"); 2225 2226 #ifdef GENERIC 2227 static unsigned short vendor; 2228 module_param(vendor, ushort, 0); 2229 MODULE_PARM_DESC(vendor, "vendor code (from usb-if)"); 2230 2231 static unsigned short product; 2232 module_param(product, ushort, 0); 2233 MODULE_PARM_DESC(product, "product code (from vendor)"); 2234 #endif 2235 2236 static int 2237 usbtest_probe(struct usb_interface *intf, const struct usb_device_id *id) 2238 { 2239 struct usb_device *udev; 2240 struct usbtest_dev *dev; 2241 struct usbtest_info *info; 2242 char *rtest, *wtest; 2243 char *irtest, *iwtest; 2244 2245 udev = interface_to_usbdev(intf); 2246 2247 #ifdef GENERIC 2248 /* specify devices by module parameters? */ 2249 if (id->match_flags == 0) { 2250 /* vendor match required, product match optional */ 2251 if (!vendor || le16_to_cpu(udev->descriptor.idVendor) != (u16)vendor) 2252 return -ENODEV; 2253 if (product && le16_to_cpu(udev->descriptor.idProduct) != (u16)product) 2254 return -ENODEV; 2255 dev_info(&intf->dev, "matched module params, " 2256 "vend=0x%04x prod=0x%04x\n", 2257 le16_to_cpu(udev->descriptor.idVendor), 2258 le16_to_cpu(udev->descriptor.idProduct)); 2259 } 2260 #endif 2261 2262 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 2263 if (!dev) 2264 return -ENOMEM; 2265 info = (struct usbtest_info *) id->driver_info; 2266 dev->info = info; 2267 mutex_init(&dev->lock); 2268 2269 dev->intf = intf; 2270 2271 /* cacheline-aligned scratch for i/o */ 2272 dev->buf = kmalloc(TBUF_SIZE, GFP_KERNEL); 2273 if (dev->buf == NULL) { 2274 kfree(dev); 2275 return -ENOMEM; 2276 } 2277 2278 /* NOTE this doesn't yet test the handful of difference that are 2279 * visible with high speed interrupts: bigger maxpacket (1K) and 2280 * "high bandwidth" modes (up to 3 packets/uframe). 2281 */ 2282 rtest = wtest = ""; 2283 irtest = iwtest = ""; 2284 if (force_interrupt || udev->speed == USB_SPEED_LOW) { 2285 if (info->ep_in) { 2286 dev->in_pipe = usb_rcvintpipe(udev, info->ep_in); 2287 rtest = " intr-in"; 2288 } 2289 if (info->ep_out) { 2290 dev->out_pipe = usb_sndintpipe(udev, info->ep_out); 2291 wtest = " intr-out"; 2292 } 2293 } else { 2294 if (override_alt >= 0 || info->autoconf) { 2295 int status; 2296 2297 status = get_endpoints(dev, intf); 2298 if (status < 0) { 2299 WARNING(dev, "couldn't get endpoints, %d\n", 2300 status); 2301 kfree(dev->buf); 2302 kfree(dev); 2303 return status; 2304 } 2305 /* may find bulk or ISO pipes */ 2306 } else { 2307 if (info->ep_in) 2308 dev->in_pipe = usb_rcvbulkpipe(udev, 2309 info->ep_in); 2310 if (info->ep_out) 2311 dev->out_pipe = usb_sndbulkpipe(udev, 2312 info->ep_out); 2313 } 2314 if (dev->in_pipe) 2315 rtest = " bulk-in"; 2316 if (dev->out_pipe) 2317 wtest = " bulk-out"; 2318 if (dev->in_iso_pipe) 2319 irtest = " iso-in"; 2320 if (dev->out_iso_pipe) 2321 iwtest = " iso-out"; 2322 } 2323 2324 usb_set_intfdata(intf, dev); 2325 dev_info(&intf->dev, "%s\n", info->name); 2326 dev_info(&intf->dev, "%s {control%s%s%s%s%s} tests%s\n", 2327 usb_speed_string(udev->speed), 2328 info->ctrl_out ? " in/out" : "", 2329 rtest, wtest, 2330 irtest, iwtest, 2331 info->alt >= 0 ? " (+alt)" : ""); 2332 return 0; 2333 } 2334 2335 static int usbtest_suspend(struct usb_interface *intf, pm_message_t message) 2336 { 2337 return 0; 2338 } 2339 2340 static int usbtest_resume(struct usb_interface *intf) 2341 { 2342 return 0; 2343 } 2344 2345 2346 static void usbtest_disconnect(struct usb_interface *intf) 2347 { 2348 struct usbtest_dev *dev = usb_get_intfdata(intf); 2349 2350 usb_set_intfdata(intf, NULL); 2351 dev_dbg(&intf->dev, "disconnect\n"); 2352 kfree(dev); 2353 } 2354 2355 /* Basic testing only needs a device that can source or sink bulk traffic. 2356 * Any device can test control transfers (default with GENERIC binding). 2357 * 2358 * Several entries work with the default EP0 implementation that's built 2359 * into EZ-USB chips. There's a default vendor ID which can be overridden 2360 * by (very) small config EEPROMS, but otherwise all these devices act 2361 * identically until firmware is loaded: only EP0 works. It turns out 2362 * to be easy to make other endpoints work, without modifying that EP0 2363 * behavior. For now, we expect that kind of firmware. 2364 */ 2365 2366 /* an21xx or fx versions of ez-usb */ 2367 static struct usbtest_info ez1_info = { 2368 .name = "EZ-USB device", 2369 .ep_in = 2, 2370 .ep_out = 2, 2371 .alt = 1, 2372 }; 2373 2374 /* fx2 version of ez-usb */ 2375 static struct usbtest_info ez2_info = { 2376 .name = "FX2 device", 2377 .ep_in = 6, 2378 .ep_out = 2, 2379 .alt = 1, 2380 }; 2381 2382 /* ezusb family device with dedicated usb test firmware, 2383 */ 2384 static struct usbtest_info fw_info = { 2385 .name = "usb test device", 2386 .ep_in = 2, 2387 .ep_out = 2, 2388 .alt = 1, 2389 .autoconf = 1, /* iso and ctrl_out need autoconf */ 2390 .ctrl_out = 1, 2391 .iso = 1, /* iso_ep's are #8 in/out */ 2392 }; 2393 2394 /* peripheral running Linux and 'zero.c' test firmware, or 2395 * its user-mode cousin. different versions of this use 2396 * different hardware with the same vendor/product codes. 2397 * host side MUST rely on the endpoint descriptors. 2398 */ 2399 static struct usbtest_info gz_info = { 2400 .name = "Linux gadget zero", 2401 .autoconf = 1, 2402 .ctrl_out = 1, 2403 .iso = 1, 2404 .alt = 0, 2405 }; 2406 2407 static struct usbtest_info um_info = { 2408 .name = "Linux user mode test driver", 2409 .autoconf = 1, 2410 .alt = -1, 2411 }; 2412 2413 static struct usbtest_info um2_info = { 2414 .name = "Linux user mode ISO test driver", 2415 .autoconf = 1, 2416 .iso = 1, 2417 .alt = -1, 2418 }; 2419 2420 #ifdef IBOT2 2421 /* this is a nice source of high speed bulk data; 2422 * uses an FX2, with firmware provided in the device 2423 */ 2424 static struct usbtest_info ibot2_info = { 2425 .name = "iBOT2 webcam", 2426 .ep_in = 2, 2427 .alt = -1, 2428 }; 2429 #endif 2430 2431 #ifdef GENERIC 2432 /* we can use any device to test control traffic */ 2433 static struct usbtest_info generic_info = { 2434 .name = "Generic USB device", 2435 .alt = -1, 2436 }; 2437 #endif 2438 2439 2440 static const struct usb_device_id id_table[] = { 2441 2442 /*-------------------------------------------------------------*/ 2443 2444 /* EZ-USB devices which download firmware to replace (or in our 2445 * case augment) the default device implementation. 2446 */ 2447 2448 /* generic EZ-USB FX controller */ 2449 { USB_DEVICE(0x0547, 0x2235), 2450 .driver_info = (unsigned long) &ez1_info, 2451 }, 2452 2453 /* CY3671 development board with EZ-USB FX */ 2454 { USB_DEVICE(0x0547, 0x0080), 2455 .driver_info = (unsigned long) &ez1_info, 2456 }, 2457 2458 /* generic EZ-USB FX2 controller (or development board) */ 2459 { USB_DEVICE(0x04b4, 0x8613), 2460 .driver_info = (unsigned long) &ez2_info, 2461 }, 2462 2463 /* re-enumerated usb test device firmware */ 2464 { USB_DEVICE(0xfff0, 0xfff0), 2465 .driver_info = (unsigned long) &fw_info, 2466 }, 2467 2468 /* "Gadget Zero" firmware runs under Linux */ 2469 { USB_DEVICE(0x0525, 0xa4a0), 2470 .driver_info = (unsigned long) &gz_info, 2471 }, 2472 2473 /* so does a user-mode variant */ 2474 { USB_DEVICE(0x0525, 0xa4a4), 2475 .driver_info = (unsigned long) &um_info, 2476 }, 2477 2478 /* ... and a user-mode variant that talks iso */ 2479 { USB_DEVICE(0x0525, 0xa4a3), 2480 .driver_info = (unsigned long) &um2_info, 2481 }, 2482 2483 #ifdef KEYSPAN_19Qi 2484 /* Keyspan 19qi uses an21xx (original EZ-USB) */ 2485 /* this does not coexist with the real Keyspan 19qi driver! */ 2486 { USB_DEVICE(0x06cd, 0x010b), 2487 .driver_info = (unsigned long) &ez1_info, 2488 }, 2489 #endif 2490 2491 /*-------------------------------------------------------------*/ 2492 2493 #ifdef IBOT2 2494 /* iBOT2 makes a nice source of high speed bulk-in data */ 2495 /* this does not coexist with a real iBOT2 driver! */ 2496 { USB_DEVICE(0x0b62, 0x0059), 2497 .driver_info = (unsigned long) &ibot2_info, 2498 }, 2499 #endif 2500 2501 /*-------------------------------------------------------------*/ 2502 2503 #ifdef GENERIC 2504 /* module params can specify devices to use for control tests */ 2505 { .driver_info = (unsigned long) &generic_info, }, 2506 #endif 2507 2508 /*-------------------------------------------------------------*/ 2509 2510 { } 2511 }; 2512 MODULE_DEVICE_TABLE(usb, id_table); 2513 2514 static struct usb_driver usbtest_driver = { 2515 .name = "usbtest", 2516 .id_table = id_table, 2517 .probe = usbtest_probe, 2518 .unlocked_ioctl = usbtest_ioctl, 2519 .disconnect = usbtest_disconnect, 2520 .suspend = usbtest_suspend, 2521 .resume = usbtest_resume, 2522 }; 2523 2524 /*-------------------------------------------------------------------------*/ 2525 2526 static int __init usbtest_init(void) 2527 { 2528 #ifdef GENERIC 2529 if (vendor) 2530 pr_debug("params: vend=0x%04x prod=0x%04x\n", vendor, product); 2531 #endif 2532 return usb_register(&usbtest_driver); 2533 } 2534 module_init(usbtest_init); 2535 2536 static void __exit usbtest_exit(void) 2537 { 2538 usb_deregister(&usbtest_driver); 2539 } 2540 module_exit(usbtest_exit); 2541 2542 MODULE_DESCRIPTION("USB Core/HCD Testing Driver"); 2543 MODULE_LICENSE("GPL"); 2544 2545