LXR linux/drivers/usb/class/cdc-wdm.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * cdc-wdm.c
   4 *
   5 * This driver supports USB CDC WCM Device Management.
   6 *
   7 * Copyright (c) 2007-2009 Oliver Neukum
   8 *
   9 * Some code taken from cdc-acm.c
  10 *
  11 * Released under the GPLv2.
  12 *
  13 * Many thanks to Carl Nordbeck
  14 */
  15#include <linux/kernel.h>
  16#include <linux/errno.h>
  17#include <linux/ioctl.h>
  18#include <linux/slab.h>
  19#include <linux/module.h>
  20#include <linux/mutex.h>
  21#include <linux/uaccess.h>
  22#include <linux/bitops.h>
  23#include <linux/poll.h>
  24#include <linux/usb.h>
  25#include <linux/usb/cdc.h>
  26#include <asm/byteorder.h>
  27#include <asm/unaligned.h>
  28#include <linux/usb/cdc-wdm.h>
  29
  30#define DRIVER_AUTHOR "Oliver Neukum"
  31#define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
  32
  33static const struct usb_device_id wdm_ids[] = {
  34        {
  35                .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
  36                                 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
  37                .bInterfaceClass = USB_CLASS_COMM,
  38                .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
  39        },
  40        { }
  41};
  42
  43MODULE_DEVICE_TABLE (usb, wdm_ids);
  44
  45#define WDM_MINOR_BASE  176
  46
  47
  48#define WDM_IN_USE              1
  49#define WDM_DISCONNECTING       2
  50#define WDM_RESULT              3
  51#define WDM_READ                4
  52#define WDM_INT_STALL           5
  53#define WDM_POLL_RUNNING        6
  54#define WDM_RESPONDING          7
  55#define WDM_SUSPENDING          8
  56#define WDM_RESETTING           9
  57#define WDM_OVERFLOW            10
  58
  59#define WDM_MAX                 16
  60
  61/* we cannot wait forever at flush() */
  62#define WDM_FLUSH_TIMEOUT       (30 * HZ)
  63
  64/* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
  65#define WDM_DEFAULT_BUFSIZE     256
  66
  67static DEFINE_MUTEX(wdm_mutex);
  68static DEFINE_SPINLOCK(wdm_device_list_lock);
  69static LIST_HEAD(wdm_device_list);
  70
  71/* --- method tables --- */
  72
  73struct wdm_device {
  74        u8                      *inbuf; /* buffer for response */
  75        u8                      *outbuf; /* buffer for command */
  76        u8                      *sbuf; /* buffer for status */
  77        u8                      *ubuf; /* buffer for copy to user space */
  78
  79        struct urb              *command;
  80        struct urb              *response;
  81        struct urb              *validity;
  82        struct usb_interface    *intf;
  83        struct usb_ctrlrequest  *orq;
  84        struct usb_ctrlrequest  *irq;
  85        spinlock_t              iuspin;
  86
  87        unsigned long           flags;
  88        u16                     bufsize;
  89        u16                     wMaxCommand;
  90        u16                     wMaxPacketSize;
  91        __le16                  inum;
  92        int                     reslength;
  93        int                     length;
  94        int                     read;
  95        int                     count;
  96        dma_addr_t              shandle;
  97        dma_addr_t              ihandle;
  98        struct mutex            wlock;
  99        struct mutex            rlock;
 100        wait_queue_head_t       wait;
 101        struct work_struct      rxwork;
 102        struct work_struct      service_outs_intr;
 103        int                     werr;
 104        int                     rerr;
 105        int                     resp_count;
 106
 107        struct list_head        device_list;
 108        int                     (*manage_power)(struct usb_interface *, int);
 109};
 110
 111static struct usb_driver wdm_driver;
 112
 113/* return intfdata if we own the interface, else look up intf in the list */
 114static struct wdm_device *wdm_find_device(struct usb_interface *intf)
 115{
 116        struct wdm_device *desc;
 117
 118        spin_lock(&wdm_device_list_lock);
 119        list_for_each_entry(desc, &wdm_device_list, device_list)
 120                if (desc->intf == intf)
 121                        goto found;
 122        desc = NULL;
 123found:
 124        spin_unlock(&wdm_device_list_lock);
 125
 126        return desc;
 127}
 128
 129static struct wdm_device *wdm_find_device_by_minor(int minor)
 130{
 131        struct wdm_device *desc;
 132
 133        spin_lock(&wdm_device_list_lock);
 134        list_for_each_entry(desc, &wdm_device_list, device_list)
 135                if (desc->intf->minor == minor)
 136                        goto found;
 137        desc = NULL;
 138found:
 139        spin_unlock(&wdm_device_list_lock);
 140
 141        return desc;
 142}
 143
 144/* --- callbacks --- */
 145static void wdm_out_callback(struct urb *urb)
 146{
 147        struct wdm_device *desc;
 148        unsigned long flags;
 149
 150        desc = urb->context;
 151        spin_lock_irqsave(&desc->iuspin, flags);
 152        desc->werr = urb->status;
 153        spin_unlock_irqrestore(&desc->iuspin, flags);
 154        kfree(desc->outbuf);
 155        desc->outbuf = NULL;
 156        clear_bit(WDM_IN_USE, &desc->flags);
 157        wake_up_all(&desc->wait);
 158}
 159
 160static void wdm_in_callback(struct urb *urb)
 161{
 162        unsigned long flags;
 163        struct wdm_device *desc = urb->context;
 164        int status = urb->status;
 165        int length = urb->actual_length;
 166
 167        spin_lock_irqsave(&desc->iuspin, flags);
 168        clear_bit(WDM_RESPONDING, &desc->flags);
 169
 170        if (status) {
 171                switch (status) {
 172                case -ENOENT:
 173                        dev_dbg(&desc->intf->dev,
 174                                "nonzero urb status received: -ENOENT\n");
 175                        goto skip_error;
 176                case -ECONNRESET:
 177                        dev_dbg(&desc->intf->dev,
 178                                "nonzero urb status received: -ECONNRESET\n");
 179                        goto skip_error;
 180                case -ESHUTDOWN:
 181                        dev_dbg(&desc->intf->dev,
 182                                "nonzero urb status received: -ESHUTDOWN\n");
 183                        goto skip_error;
 184                case -EPIPE:
 185                        dev_err(&desc->intf->dev,
 186                                "nonzero urb status received: -EPIPE\n");
 187                        break;
 188                default:
 189                        dev_err(&desc->intf->dev,
 190                                "Unexpected error %d\n", status);
 191                        break;
 192                }
 193        }
 194
 195        /*
 196         * only set a new error if there is no previous error.
 197         * Errors are only cleared during read/open
 198         * Avoid propagating -EPIPE (stall) to userspace since it is
 199         * better handled as an empty read
 200         */
 201        if (desc->rerr == 0 && status != -EPIPE)
 202                desc->rerr = status;
 203
 204        if (length + desc->length > desc->wMaxCommand) {
 205                /* The buffer would overflow */
 206                set_bit(WDM_OVERFLOW, &desc->flags);
 207        } else {
 208                /* we may already be in overflow */
 209                if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
 210                        memmove(desc->ubuf + desc->length, desc->inbuf, length);
 211                        desc->length += length;
 212                        desc->reslength = length;
 213                }
 214        }
 215skip_error:
 216
 217        if (desc->rerr) {
 218                /*
 219                 * Since there was an error, userspace may decide to not read
 220                 * any data after poll'ing.
 221                 * We should respond to further attempts from the device to send
 222                 * data, so that we can get unstuck.
 223                 */
 224                schedule_work(&desc->service_outs_intr);
 225        } else {
 226                set_bit(WDM_READ, &desc->flags);
 227                wake_up(&desc->wait);
 228        }
 229        spin_unlock_irqrestore(&desc->iuspin, flags);
 230}
 231
 232static void wdm_int_callback(struct urb *urb)
 233{
 234        unsigned long flags;
 235        int rv = 0;
 236        int responding;
 237        int status = urb->status;
 238        struct wdm_device *desc;
 239        struct usb_cdc_notification *dr;
 240
 241        desc = urb->context;
 242        dr = (struct usb_cdc_notification *)desc->sbuf;
 243
 244        if (status) {
 245                switch (status) {
 246                case -ESHUTDOWN:
 247                case -ENOENT:
 248                case -ECONNRESET:
 249                        return; /* unplug */
 250                case -EPIPE:
 251                        set_bit(WDM_INT_STALL, &desc->flags);
 252                        dev_err(&desc->intf->dev, "Stall on int endpoint\n");
 253                        goto sw; /* halt is cleared in work */
 254                default:
 255                        dev_err(&desc->intf->dev,
 256                                "nonzero urb status received: %d\n", status);
 257                        break;
 258                }
 259        }
 260
 261        if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
 262                dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
 263                        urb->actual_length);
 264                goto exit;
 265        }
 266
 267        switch (dr->bNotificationType) {
 268        case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
 269                dev_dbg(&desc->intf->dev,
 270                        "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n",
 271                        le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
 272                break;
 273
 274        case USB_CDC_NOTIFY_NETWORK_CONNECTION:
 275
 276                dev_dbg(&desc->intf->dev,
 277                        "NOTIFY_NETWORK_CONNECTION %s network\n",
 278                        dr->wValue ? "connected to" : "disconnected from");
 279                goto exit;
 280        case USB_CDC_NOTIFY_SPEED_CHANGE:
 281                dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n",
 282                        urb->actual_length);
 283                goto exit;
 284        default:
 285                clear_bit(WDM_POLL_RUNNING, &desc->flags);
 286                dev_err(&desc->intf->dev,
 287                        "unknown notification %d received: index %d len %d\n",
 288                        dr->bNotificationType,
 289                        le16_to_cpu(dr->wIndex),
 290                        le16_to_cpu(dr->wLength));
 291                goto exit;
 292        }
 293
 294        spin_lock_irqsave(&desc->iuspin, flags);
 295        responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
 296        if (!desc->resp_count++ && !responding
 297                && !test_bit(WDM_DISCONNECTING, &desc->flags)
 298                && !test_bit(WDM_SUSPENDING, &desc->flags)) {
 299                rv = usb_submit_urb(desc->response, GFP_ATOMIC);
 300                dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv);
 301        }
 302        spin_unlock_irqrestore(&desc->iuspin, flags);
 303        if (rv < 0) {
 304                clear_bit(WDM_RESPONDING, &desc->flags);
 305                if (rv == -EPERM)
 306                        return;
 307                if (rv == -ENOMEM) {
 308sw:
 309                        rv = schedule_work(&desc->rxwork);
 310                        if (rv)
 311                                dev_err(&desc->intf->dev,
 312                                        "Cannot schedule work\n");
 313                }
 314        }
 315exit:
 316        rv = usb_submit_urb(urb, GFP_ATOMIC);
 317        if (rv)
 318                dev_err(&desc->intf->dev,
 319                        "%s - usb_submit_urb failed with result %d\n",
 320                        __func__, rv);
 321
 322}
 323
 324static void kill_urbs(struct wdm_device *desc)
 325{
 326        /* the order here is essential */
 327        usb_kill_urb(desc->command);
 328        usb_kill_urb(desc->validity);
 329        usb_kill_urb(desc->response);
 330}
 331
 332static void free_urbs(struct wdm_device *desc)
 333{
 334        usb_free_urb(desc->validity);
 335        usb_free_urb(desc->response);
 336        usb_free_urb(desc->command);
 337}
 338
 339static void cleanup(struct wdm_device *desc)
 340{
 341        kfree(desc->sbuf);
 342        kfree(desc->inbuf);
 343        kfree(desc->orq);
 344        kfree(desc->irq);
 345        kfree(desc->ubuf);
 346        free_urbs(desc);
 347        kfree(desc);
 348}
 349
 350static ssize_t wdm_write
 351(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
 352{
 353        u8 *buf;
 354        int rv = -EMSGSIZE, r, we;
 355        struct wdm_device *desc = file->private_data;
 356        struct usb_ctrlrequest *req;
 357
 358        if (count > desc->wMaxCommand)
 359                count = desc->wMaxCommand;
 360
 361        spin_lock_irq(&desc->iuspin);
 362        we = desc->werr;
 363        desc->werr = 0;
 364        spin_unlock_irq(&desc->iuspin);
 365        if (we < 0)
 366                return usb_translate_errors(we);
 367
 368        buf = memdup_user(buffer, count);
 369        if (IS_ERR(buf))
 370                return PTR_ERR(buf);
 371
 372        /* concurrent writes and disconnect */
 373        r = mutex_lock_interruptible(&desc->wlock);
 374        rv = -ERESTARTSYS;
 375        if (r)
 376                goto out_free_mem;
 377
 378        if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
 379                rv = -ENODEV;
 380                goto out_free_mem_lock;
 381        }
 382
 383        r = usb_autopm_get_interface(desc->intf);
 384        if (r < 0) {
 385                rv = usb_translate_errors(r);
 386                goto out_free_mem_lock;
 387        }
 388
 389        if (!(file->f_flags & O_NONBLOCK))
 390                r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
 391                                                                &desc->flags));
 392        else
 393                if (test_bit(WDM_IN_USE, &desc->flags))
 394                        r = -EAGAIN;
 395
 396        if (test_bit(WDM_RESETTING, &desc->flags))
 397                r = -EIO;
 398
 399        if (test_bit(WDM_DISCONNECTING, &desc->flags))
 400                r = -ENODEV;
 401
 402        if (r < 0) {
 403                rv = r;
 404                goto out_free_mem_pm;
 405        }
 406
 407        req = desc->orq;
 408        usb_fill_control_urb(
 409                desc->command,
 410                interface_to_usbdev(desc->intf),
 411                /* using common endpoint 0 */
 412                usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
 413                (unsigned char *)req,
 414                buf,
 415                count,
 416                wdm_out_callback,
 417                desc
 418        );
 419
 420        req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
 421                             USB_RECIP_INTERFACE);
 422        req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
 423        req->wValue = 0;
 424        req->wIndex = desc->inum; /* already converted */
 425        req->wLength = cpu_to_le16(count);
 426        set_bit(WDM_IN_USE, &desc->flags);
 427        desc->outbuf = buf;
 428
 429        rv = usb_submit_urb(desc->command, GFP_KERNEL);
 430        if (rv < 0) {
 431                desc->outbuf = NULL;
 432                clear_bit(WDM_IN_USE, &desc->flags);
 433                wake_up_all(&desc->wait); /* for wdm_wait_for_response() */
 434                dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
 435                rv = usb_translate_errors(rv);
 436                goto out_free_mem_pm;
 437        } else {
 438                dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n",
 439                        le16_to_cpu(req->wIndex));
 440        }
 441
 442        usb_autopm_put_interface(desc->intf);
 443        mutex_unlock(&desc->wlock);
 444        return count;
 445
 446out_free_mem_pm:
 447        usb_autopm_put_interface(desc->intf);
 448out_free_mem_lock:
 449        mutex_unlock(&desc->wlock);
 450out_free_mem:
 451        kfree(buf);
 452        return rv;
 453}
 454
 455/*
 456 * Submit the read urb if resp_count is non-zero.
 457 *
 458 * Called with desc->iuspin locked
 459 */
 460static int service_outstanding_interrupt(struct wdm_device *desc)
 461{
 462        int rv = 0;
 463
 464        /* submit read urb only if the device is waiting for it */
 465        if (!desc->resp_count || !--desc->resp_count)
 466                goto out;
 467
 468        set_bit(WDM_RESPONDING, &desc->flags);
 469        spin_unlock_irq(&desc->iuspin);
 470        rv = usb_submit_urb(desc->response, GFP_KERNEL);
 471        spin_lock_irq(&desc->iuspin);
 472        if (rv) {
 473                dev_err(&desc->intf->dev,
 474                        "usb_submit_urb failed with result %d\n", rv);
 475
 476                /* make sure the next notification trigger a submit */
 477                clear_bit(WDM_RESPONDING, &desc->flags);
 478                desc->resp_count = 0;
 479        }
 480out:
 481        return rv;
 482}
 483
 484static ssize_t wdm_read
 485(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
 486{
 487        int rv, cntr;
 488        int i = 0;
 489        struct wdm_device *desc = file->private_data;
 490
 491
 492        rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
 493        if (rv < 0)
 494                return -ERESTARTSYS;
 495
 496        cntr = READ_ONCE(desc->length);
 497        if (cntr == 0) {
 498                desc->read = 0;
 499retry:
 500                if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
 501                        rv = -ENODEV;
 502                        goto err;
 503                }
 504                if (test_bit(WDM_OVERFLOW, &desc->flags)) {
 505                        clear_bit(WDM_OVERFLOW, &desc->flags);
 506                        rv = -ENOBUFS;
 507                        goto err;
 508                }
 509                i++;
 510                if (file->f_flags & O_NONBLOCK) {
 511                        if (!test_bit(WDM_READ, &desc->flags)) {
 512                                rv = -EAGAIN;
 513                                goto err;
 514                        }
 515                        rv = 0;
 516                } else {
 517                        rv = wait_event_interruptible(desc->wait,
 518                                test_bit(WDM_READ, &desc->flags));
 519                }
 520
 521                /* may have happened while we slept */
 522                if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
 523                        rv = -ENODEV;
 524                        goto err;
 525                }
 526                if (test_bit(WDM_RESETTING, &desc->flags)) {
 527                        rv = -EIO;
 528                        goto err;
 529                }
 530                usb_mark_last_busy(interface_to_usbdev(desc->intf));
 531                if (rv < 0) {
 532                        rv = -ERESTARTSYS;
 533                        goto err;
 534                }
 535
 536                spin_lock_irq(&desc->iuspin);
 537
 538                if (desc->rerr) { /* read completed, error happened */
 539                        rv = usb_translate_errors(desc->rerr);
 540                        desc->rerr = 0;
 541                        spin_unlock_irq(&desc->iuspin);
 542                        goto err;
 543                }
 544                /*
 545                 * recheck whether we've lost the race
 546                 * against the completion handler
 547                 */
 548                if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
 549                        spin_unlock_irq(&desc->iuspin);
 550                        goto retry;
 551                }
 552
 553                if (!desc->reslength) { /* zero length read */
 554                        dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n");
 555                        clear_bit(WDM_READ, &desc->flags);
 556                        rv = service_outstanding_interrupt(desc);
 557                        spin_unlock_irq(&desc->iuspin);
 558                        if (rv < 0)
 559                                goto err;
 560                        goto retry;
 561                }
 562                cntr = desc->length;
 563                spin_unlock_irq(&desc->iuspin);
 564        }
 565
 566        if (cntr > count)
 567                cntr = count;
 568        rv = copy_to_user(buffer, desc->ubuf, cntr);
 569        if (rv > 0) {
 570                rv = -EFAULT;
 571                goto err;
 572        }
 573
 574        spin_lock_irq(&desc->iuspin);
 575
 576        for (i = 0; i < desc->length - cntr; i++)
 577                desc->ubuf[i] = desc->ubuf[i + cntr];
 578
 579        desc->length -= cntr;
 580        /* in case we had outstanding data */
 581        if (!desc->length) {
 582                clear_bit(WDM_READ, &desc->flags);
 583                service_outstanding_interrupt(desc);
 584        }
 585        spin_unlock_irq(&desc->iuspin);
 586        rv = cntr;
 587
 588err:
 589        mutex_unlock(&desc->rlock);
 590        return rv;
 591}
 592
 593static int wdm_wait_for_response(struct file *file, long timeout)
 594{
 595        struct wdm_device *desc = file->private_data;
 596        long rv; /* Use long here because (int) MAX_SCHEDULE_TIMEOUT < 0. */
 597
 598        /*
 599         * Needs both flags. We cannot do with one because resetting it would
 600         * cause a race with write() yet we need to signal a disconnect.
 601         */
 602        rv = wait_event_interruptible_timeout(desc->wait,
 603                              !test_bit(WDM_IN_USE, &desc->flags) ||
 604                              test_bit(WDM_DISCONNECTING, &desc->flags),
 605                              timeout);
 606
 607        /*
 608         * To report the correct error. This is best effort.
 609         * We are inevitably racing with the hardware.
 610         */
 611        if (test_bit(WDM_DISCONNECTING, &desc->flags))
 612                return -ENODEV;
 613        if (!rv)
 614                return -EIO;
 615        if (rv < 0)
 616                return -EINTR;
 617
 618        spin_lock_irq(&desc->iuspin);
 619        rv = desc->werr;
 620        desc->werr = 0;
 621        spin_unlock_irq(&desc->iuspin);
 622
 623        return usb_translate_errors(rv);
 624
 625}
 626
 627/*
 628 * You need to send a signal when you react to malicious or defective hardware.
 629 * Also, don't abort when fsync() returned -EINVAL, for older kernels which do
 630 * not implement wdm_flush() will return -EINVAL.
 631 */
 632static int wdm_fsync(struct file *file, loff_t start, loff_t end, int datasync)
 633{
 634        return wdm_wait_for_response(file, MAX_SCHEDULE_TIMEOUT);
 635}
 636
 637/*
 638 * Same with wdm_fsync(), except it uses finite timeout in order to react to
 639 * malicious or defective hardware which ceased communication after close() was
 640 * implicitly called due to process termination.
 641 */
 642static int wdm_flush(struct file *file, fl_owner_t id)
 643{
 644        return wdm_wait_for_response(file, WDM_FLUSH_TIMEOUT);
 645}
 646
 647static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait)
 648{
 649        struct wdm_device *desc = file->private_data;
 650        unsigned long flags;
 651        __poll_t mask = 0;
 652
 653        spin_lock_irqsave(&desc->iuspin, flags);
 654        if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
 655                mask = EPOLLHUP | EPOLLERR;
 656                spin_unlock_irqrestore(&desc->iuspin, flags);
 657                goto desc_out;
 658        }
 659        if (test_bit(WDM_READ, &desc->flags))
 660                mask = EPOLLIN | EPOLLRDNORM;
 661        if (desc->rerr || desc->werr)
 662                mask |= EPOLLERR;
 663        if (!test_bit(WDM_IN_USE, &desc->flags))
 664                mask |= EPOLLOUT | EPOLLWRNORM;
 665        spin_unlock_irqrestore(&desc->iuspin, flags);
 666
 667        poll_wait(file, &desc->wait, wait);
 668
 669desc_out:
 670        return mask;
 671}
 672
 673static int wdm_open(struct inode *inode, struct file *file)
 674{
 675        int minor = iminor(inode);
 676        int rv = -ENODEV;
 677        struct usb_interface *intf;
 678        struct wdm_device *desc;
 679
 680        mutex_lock(&wdm_mutex);
 681        desc = wdm_find_device_by_minor(minor);
 682        if (!desc)
 683                goto out;
 684
 685        intf = desc->intf;
 686        if (test_bit(WDM_DISCONNECTING, &desc->flags))
 687                goto out;
 688        file->private_data = desc;
 689
 690        rv = usb_autopm_get_interface(desc->intf);
 691        if (rv < 0) {
 692                dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
 693                goto out;
 694        }
 695
 696        /* using write lock to protect desc->count */
 697        mutex_lock(&desc->wlock);
 698        if (!desc->count++) {
 699                desc->werr = 0;
 700                desc->rerr = 0;
 701                rv = usb_submit_urb(desc->validity, GFP_KERNEL);
 702                if (rv < 0) {
 703                        desc->count--;
 704                        dev_err(&desc->intf->dev,
 705                                "Error submitting int urb - %d\n", rv);
 706                        rv = usb_translate_errors(rv);
 707                }
 708        } else {
 709                rv = 0;
 710        }
 711        mutex_unlock(&desc->wlock);
 712        if (desc->count == 1)
 713                desc->manage_power(intf, 1);
 714        usb_autopm_put_interface(desc->intf);
 715out:
 716        mutex_unlock(&wdm_mutex);
 717        return rv;
 718}
 719
 720static int wdm_release(struct inode *inode, struct file *file)
 721{
 722        struct wdm_device *desc = file->private_data;
 723
 724        mutex_lock(&wdm_mutex);
 725
 726        /* using write lock to protect desc->count */
 727        mutex_lock(&desc->wlock);
 728        desc->count--;
 729        mutex_unlock(&desc->wlock);
 730
 731        if (!desc->count) {
 732                if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
 733                        dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n");
 734                        kill_urbs(desc);
 735                        spin_lock_irq(&desc->iuspin);
 736                        desc->resp_count = 0;
 737                        spin_unlock_irq(&desc->iuspin);
 738                        desc->manage_power(desc->intf, 0);
 739                } else {
 740                        /* must avoid dev_printk here as desc->intf is invalid */
 741                        pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
 742                        cleanup(desc);
 743                }
 744        }
 745        mutex_unlock(&wdm_mutex);
 746        return 0;
 747}
 748
 749static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 750{
 751        struct wdm_device *desc = file->private_data;
 752        int rv = 0;
 753
 754        switch (cmd) {
 755        case IOCTL_WDM_MAX_COMMAND:
 756                if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
 757                        rv = -EFAULT;
 758                break;
 759        default:
 760                rv = -ENOTTY;
 761        }
 762        return rv;
 763}
 764
 765static const struct file_operations wdm_fops = {
 766        .owner =        THIS_MODULE,
 767        .read =         wdm_read,
 768        .write =        wdm_write,
 769        .fsync =        wdm_fsync,
 770        .open =         wdm_open,
 771        .flush =        wdm_flush,
 772        .release =      wdm_release,
 773        .poll =         wdm_poll,
 774        .unlocked_ioctl = wdm_ioctl,
 775        .compat_ioctl = compat_ptr_ioctl,
 776        .llseek =       noop_llseek,
 777};
 778
 779static struct usb_class_driver wdm_class = {
 780        .name =         "cdc-wdm%d",
 781        .fops =         &wdm_fops,
 782        .minor_base =   WDM_MINOR_BASE,
 783};
 784
 785/* --- error handling --- */
 786static void wdm_rxwork(struct work_struct *work)
 787{
 788        struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
 789        unsigned long flags;
 790        int rv = 0;
 791        int responding;
 792
 793        spin_lock_irqsave(&desc->iuspin, flags);
 794        if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
 795                spin_unlock_irqrestore(&desc->iuspin, flags);
 796        } else {
 797                responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
 798                spin_unlock_irqrestore(&desc->iuspin, flags);
 799                if (!responding)
 800                        rv = usb_submit_urb(desc->response, GFP_KERNEL);
 801                if (rv < 0 && rv != -EPERM) {
 802                        spin_lock_irqsave(&desc->iuspin, flags);
 803                        clear_bit(WDM_RESPONDING, &desc->flags);
 804                        if (!test_bit(WDM_DISCONNECTING, &desc->flags))
 805                                schedule_work(&desc->rxwork);
 806                        spin_unlock_irqrestore(&desc->iuspin, flags);
 807                }
 808        }
 809}
 810
 811static void service_interrupt_work(struct work_struct *work)
 812{
 813        struct wdm_device *desc;
 814
 815        desc = container_of(work, struct wdm_device, service_outs_intr);
 816
 817        spin_lock_irq(&desc->iuspin);
 818        service_outstanding_interrupt(desc);
 819        if (!desc->resp_count) {
 820                set_bit(WDM_READ, &desc->flags);
 821                wake_up(&desc->wait);
 822        }
 823        spin_unlock_irq(&desc->iuspin);
 824}
 825
 826/* --- hotplug --- */
 827
 828static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
 829                u16 bufsize, int (*manage_power)(struct usb_interface *, int))
 830{
 831        int rv = -ENOMEM;
 832        struct wdm_device *desc;
 833
 834        desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
 835        if (!desc)
 836                goto out;
 837        INIT_LIST_HEAD(&desc->device_list);
 838        mutex_init(&desc->rlock);
 839        mutex_init(&desc->wlock);
 840        spin_lock_init(&desc->iuspin);
 841        init_waitqueue_head(&desc->wait);
 842        desc->wMaxCommand = bufsize;
 843        /* this will be expanded and needed in hardware endianness */
 844        desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
 845        desc->intf = intf;
 846        INIT_WORK(&desc->rxwork, wdm_rxwork);
 847        INIT_WORK(&desc->service_outs_intr, service_interrupt_work);
 848
 849        rv = -EINVAL;
 850        if (!usb_endpoint_is_int_in(ep))
 851                goto err;
 852
 853        desc->wMaxPacketSize = usb_endpoint_maxp(ep);
 854
 855        desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
 856        if (!desc->orq)
 857                goto err;
 858        desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
 859        if (!desc->irq)
 860                goto err;
 861
 862        desc->validity = usb_alloc_urb(0, GFP_KERNEL);
 863        if (!desc->validity)
 864                goto err;
 865
 866        desc->response = usb_alloc_urb(0, GFP_KERNEL);
 867        if (!desc->response)
 868                goto err;
 869
 870        desc->command = usb_alloc_urb(0, GFP_KERNEL);
 871        if (!desc->command)
 872                goto err;
 873
 874        desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
 875        if (!desc->ubuf)
 876                goto err;
 877
 878        desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
 879        if (!desc->sbuf)
 880                goto err;
 881
 882        desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
 883        if (!desc->inbuf)
 884                goto err;
 885
 886        usb_fill_int_urb(
 887                desc->validity,
 888                interface_to_usbdev(intf),
 889                usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
 890                desc->sbuf,
 891                desc->wMaxPacketSize,
 892                wdm_int_callback,
 893                desc,
 894                ep->bInterval
 895        );
 896
 897        desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
 898        desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
 899        desc->irq->wValue = 0;
 900        desc->irq->wIndex = desc->inum; /* already converted */
 901        desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
 902
 903        usb_fill_control_urb(
 904                desc->response,
 905                interface_to_usbdev(intf),
 906                /* using common endpoint 0 */
 907                usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
 908                (unsigned char *)desc->irq,
 909                desc->inbuf,
 910                desc->wMaxCommand,
 911                wdm_in_callback,
 912                desc
 913        );
 914
 915        desc->manage_power = manage_power;
 916
 917        spin_lock(&wdm_device_list_lock);
 918        list_add(&desc->device_list, &wdm_device_list);
 919        spin_unlock(&wdm_device_list_lock);
 920
 921        rv = usb_register_dev(intf, &wdm_class);
 922        if (rv < 0)
 923                goto err;
 924        else
 925                dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
 926out:
 927        return rv;
 928err:
 929        spin_lock(&wdm_device_list_lock);
 930        list_del(&desc->device_list);
 931        spin_unlock(&wdm_device_list_lock);
 932        cleanup(desc);
 933        return rv;
 934}
 935
 936static int wdm_manage_power(struct usb_interface *intf, int on)
 937{
 938        /* need autopm_get/put here to ensure the usbcore sees the new value */
 939        int rv = usb_autopm_get_interface(intf);
 940
 941        intf->needs_remote_wakeup = on;
 942        if (!rv)
 943                usb_autopm_put_interface(intf);
 944        return 0;
 945}
 946
 947static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
 948{
 949        int rv = -EINVAL;
 950        struct usb_host_interface *iface;
 951        struct usb_endpoint_descriptor *ep;
 952        struct usb_cdc_parsed_header hdr;
 953        u8 *buffer = intf->altsetting->extra;
 954        int buflen = intf->altsetting->extralen;
 955        u16 maxcom = WDM_DEFAULT_BUFSIZE;
 956
 957        if (!buffer)
 958                goto err;
 959
 960        cdc_parse_cdc_header(&hdr, intf, buffer, buflen);
 961
 962        if (hdr.usb_cdc_dmm_desc)
 963                maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand);
 964
 965        iface = intf->cur_altsetting;
 966        if (iface->desc.bNumEndpoints != 1)
 967                goto err;
 968        ep = &iface->endpoint[0].desc;
 969
 970        rv = wdm_create(intf, ep, maxcom, &wdm_manage_power);
 971
 972err:
 973        return rv;
 974}
 975
 976/**
 977 * usb_cdc_wdm_register - register a WDM subdriver
 978 * @intf: usb interface the subdriver will associate with
 979 * @ep: interrupt endpoint to monitor for notifications
 980 * @bufsize: maximum message size to support for read/write
 981 * @manage_power: call-back invoked during open and release to
 982 *                manage the device's power
 983 * Create WDM usb class character device and associate it with intf
 984 * without binding, allowing another driver to manage the interface.
 985 *
 986 * The subdriver will manage the given interrupt endpoint exclusively
 987 * and will issue control requests referring to the given intf. It
 988 * will otherwise avoid interferring, and in particular not do
 989 * usb_set_intfdata/usb_get_intfdata on intf.
 990 *
 991 * The return value is a pointer to the subdriver's struct usb_driver.
 992 * The registering driver is responsible for calling this subdriver's
 993 * disconnect, suspend, resume, pre_reset and post_reset methods from
 994 * its own.
 995 */
 996struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
 997                                        struct usb_endpoint_descriptor *ep,
 998                                        int bufsize,
 999                                        int (*manage_power)(struct usb_interface *, int))
1000{

1001        int rv;
1002
1003        rv = wdm_create(intf, ep, bufsize, manage_power);
1004        if (rv < 0)
1005                goto err;
1006
1007        return &wdm_driver;
1008err:
1009        return ERR_PTR(rv);
1010}
1011EXPORT_SYMBOL(usb_cdc_wdm_register);
1012
1013static void wdm_disconnect(struct usb_interface *intf)
1014{
1015        struct wdm_device *desc;
1016        unsigned long flags;
1017
1018        usb_deregister_dev(intf, &wdm_class);
1019        desc = wdm_find_device(intf);
1020        mutex_lock(&wdm_mutex);
1021
1022        /* the spinlock makes sure no new urbs are generated in the callbacks */
1023        spin_lock_irqsave(&desc->iuspin, flags);
1024        set_bit(WDM_DISCONNECTING, &desc->flags);
1025        set_bit(WDM_READ, &desc->flags);
1026        spin_unlock_irqrestore(&desc->iuspin, flags);
1027        wake_up_all(&desc->wait);
1028        mutex_lock(&desc->rlock);
1029        mutex_lock(&desc->wlock);
1030        kill_urbs(desc);
1031        cancel_work_sync(&desc->rxwork);
1032        cancel_work_sync(&desc->service_outs_intr);
1033        mutex_unlock(&desc->wlock);
1034        mutex_unlock(&desc->rlock);
1035
1036        /* the desc->intf pointer used as list key is now invalid */
1037        spin_lock(&wdm_device_list_lock);
1038        list_del(&desc->device_list);
1039        spin_unlock(&wdm_device_list_lock);
1040
1041        if (!desc->count)
1042                cleanup(desc);
1043        else
1044                dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count);
1045        mutex_unlock(&wdm_mutex);
1046}
1047
1048#ifdef CONFIG_PM
1049static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
1050{
1051        struct wdm_device *desc = wdm_find_device(intf);
1052        int rv = 0;
1053
1054        dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1055
1056        /* if this is an autosuspend the caller does the locking */
1057        if (!PMSG_IS_AUTO(message)) {
1058                mutex_lock(&desc->rlock);
1059                mutex_lock(&desc->wlock);
1060        }
1061        spin_lock_irq(&desc->iuspin);
1062
1063        if (PMSG_IS_AUTO(message) &&
1064                        (test_bit(WDM_IN_USE, &desc->flags)
1065                        || test_bit(WDM_RESPONDING, &desc->flags))) {
1066                spin_unlock_irq(&desc->iuspin);
1067                rv = -EBUSY;
1068        } else {
1069
1070                set_bit(WDM_SUSPENDING, &desc->flags);
1071                spin_unlock_irq(&desc->iuspin);
1072                /* callback submits work - order is essential */
1073                kill_urbs(desc);
1074                cancel_work_sync(&desc->rxwork);
1075                cancel_work_sync(&desc->service_outs_intr);
1076        }
1077        if (!PMSG_IS_AUTO(message)) {
1078                mutex_unlock(&desc->wlock);
1079                mutex_unlock(&desc->rlock);
1080        }
1081
1082        return rv;
1083}
1084#endif
1085
1086static int recover_from_urb_loss(struct wdm_device *desc)
1087{
1088        int rv = 0;
1089
1090        if (desc->count) {
1091                rv = usb_submit_urb(desc->validity, GFP_NOIO);
1092                if (rv < 0)
1093                        dev_err(&desc->intf->dev,
1094                                "Error resume submitting int urb - %d\n", rv);
1095        }
1096        return rv;
1097}
1098
1099#ifdef CONFIG_PM
1100static int wdm_resume(struct usb_interface *intf)
1101{
1102        struct wdm_device *desc = wdm_find_device(intf);
1103        int rv;
1104
1105        dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1106
1107        clear_bit(WDM_SUSPENDING, &desc->flags);
1108        rv = recover_from_urb_loss(desc);
1109
1110        return rv;
1111}
1112#endif
1113
1114static int wdm_pre_reset(struct usb_interface *intf)
1115{
1116        struct wdm_device *desc = wdm_find_device(intf);
1117
1118        /*
1119         * we notify everybody using poll of
1120         * an exceptional situation
1121         * must be done before recovery lest a spontaneous
1122         * message from the device is lost
1123         */
1124        spin_lock_irq(&desc->iuspin);
1125        set_bit(WDM_RESETTING, &desc->flags);   /* inform read/write */
1126        set_bit(WDM_READ, &desc->flags);        /* unblock read */
1127        clear_bit(WDM_IN_USE, &desc->flags);    /* unblock write */
1128        desc->rerr = -EINTR;
1129        spin_unlock_irq(&desc->iuspin);
1130        wake_up_all(&desc->wait);
1131        mutex_lock(&desc->rlock);
1132        mutex_lock(&desc->wlock);
1133        kill_urbs(desc);
1134        cancel_work_sync(&desc->rxwork);
1135        cancel_work_sync(&desc->service_outs_intr);
1136        return 0;
1137}
1138
1139static int wdm_post_reset(struct usb_interface *intf)
1140{
1141        struct wdm_device *desc = wdm_find_device(intf);
1142        int rv;
1143
1144        clear_bit(WDM_OVERFLOW, &desc->flags);
1145        clear_bit(WDM_RESETTING, &desc->flags);
1146        rv = recover_from_urb_loss(desc);
1147        mutex_unlock(&desc->wlock);
1148        mutex_unlock(&desc->rlock);
1149        return rv;
1150}
1151
1152static struct usb_driver wdm_driver = {
1153        .name =         "cdc_wdm",
1154        .probe =        wdm_probe,
1155        .disconnect =   wdm_disconnect,
1156#ifdef CONFIG_PM
1157        .suspend =      wdm_suspend,
1158        .resume =       wdm_resume,
1159        .reset_resume = wdm_resume,
1160#endif
1161        .pre_reset =    wdm_pre_reset,
1162        .post_reset =   wdm_post_reset,
1163        .id_table =     wdm_ids,
1164        .supports_autosuspend = 1,
1165        .disable_hub_initiated_lpm = 1,
1166};
1167
1168module_usb_driver(wdm_driver);
1169
1170MODULE_AUTHOR(DRIVER_AUTHOR);
1171MODULE_DESCRIPTION(DRIVER_DESC);
1172MODULE_LICENSE("GPL");
1173