LXR linux/drivers/usb/class/cdc-wdm.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * cdc-wdm.c
   4 *
   5 * This driver supports USB CDC WCM Device Management.
   6 *
   7 * Copyright (c) 2007-2009 Oliver Neukum
   8 *
   9 * Some code taken from cdc-acm.c
  10 *
  11 * Released under the GPLv2.
  12 *
  13 * Many thanks to Carl Nordbeck
  14 */
  15#include <linux/kernel.h>
  16#include <linux/errno.h>
  17#include <linux/ioctl.h>
  18#include <linux/slab.h>
  19#include <linux/module.h>
  20#include <linux/mutex.h>
  21#include <linux/uaccess.h>
  22#include <linux/bitops.h>
  23#include <linux/poll.h>
  24#include <linux/usb.h>
  25#include <linux/usb/cdc.h>
  26#include <asm/byteorder.h>
  27#include <asm/unaligned.h>
  28#include <linux/usb/cdc-wdm.h>
  29
  30#define DRIVER_AUTHOR "Oliver Neukum"
  31#define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
  32
  33static const struct usb_device_id wdm_ids[] = {
  34        {
  35                .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
  36                                 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
  37                .bInterfaceClass = USB_CLASS_COMM,
  38                .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
  39        },
  40        { }
  41};
  42
  43MODULE_DEVICE_TABLE (usb, wdm_ids);
  44
  45#define WDM_MINOR_BASE  176
  46
  47
  48#define WDM_IN_USE              1
  49#define WDM_DISCONNECTING       2
  50#define WDM_RESULT              3
  51#define WDM_READ                4
  52#define WDM_INT_STALL           5
  53#define WDM_POLL_RUNNING        6
  54#define WDM_RESPONDING          7
  55#define WDM_SUSPENDING          8
  56#define WDM_RESETTING           9
  57#define WDM_OVERFLOW            10
  58
  59#define WDM_MAX                 16
  60
  61/* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
  62#define WDM_DEFAULT_BUFSIZE     256
  63
  64static DEFINE_MUTEX(wdm_mutex);
  65static DEFINE_SPINLOCK(wdm_device_list_lock);
  66static LIST_HEAD(wdm_device_list);
  67
  68/* --- method tables --- */
  69
  70struct wdm_device {
  71        u8                      *inbuf; /* buffer for response */
  72        u8                      *outbuf; /* buffer for command */
  73        u8                      *sbuf; /* buffer for status */
  74        u8                      *ubuf; /* buffer for copy to user space */
  75
  76        struct urb              *command;
  77        struct urb              *response;
  78        struct urb              *validity;
  79        struct usb_interface    *intf;
  80        struct usb_ctrlrequest  *orq;
  81        struct usb_ctrlrequest  *irq;
  82        spinlock_t              iuspin;
  83
  84        unsigned long           flags;
  85        u16                     bufsize;
  86        u16                     wMaxCommand;
  87        u16                     wMaxPacketSize;
  88        __le16                  inum;
  89        int                     reslength;
  90        int                     length;
  91        int                     read;
  92        int                     count;
  93        dma_addr_t              shandle;
  94        dma_addr_t              ihandle;
  95        struct mutex            wlock;
  96        struct mutex            rlock;
  97        wait_queue_head_t       wait;
  98        struct work_struct      rxwork;
  99        struct work_struct      service_outs_intr;
 100        int                     werr;
 101        int                     rerr;
 102        int                     resp_count;
 103
 104        struct list_head        device_list;
 105        int                     (*manage_power)(struct usb_interface *, int);
 106};
 107
 108static struct usb_driver wdm_driver;
 109
 110/* return intfdata if we own the interface, else look up intf in the list */
 111static struct wdm_device *wdm_find_device(struct usb_interface *intf)
 112{
 113        struct wdm_device *desc;
 114
 115        spin_lock(&wdm_device_list_lock);
 116        list_for_each_entry(desc, &wdm_device_list, device_list)
 117                if (desc->intf == intf)
 118                        goto found;
 119        desc = NULL;
 120found:
 121        spin_unlock(&wdm_device_list_lock);
 122
 123        return desc;
 124}
 125
 126static struct wdm_device *wdm_find_device_by_minor(int minor)
 127{
 128        struct wdm_device *desc;
 129
 130        spin_lock(&wdm_device_list_lock);
 131        list_for_each_entry(desc, &wdm_device_list, device_list)
 132                if (desc->intf->minor == minor)
 133                        goto found;
 134        desc = NULL;
 135found:
 136        spin_unlock(&wdm_device_list_lock);
 137
 138        return desc;
 139}
 140
 141/* --- callbacks --- */
 142static void wdm_out_callback(struct urb *urb)
 143{
 144        struct wdm_device *desc;
 145        unsigned long flags;
 146
 147        desc = urb->context;
 148        spin_lock_irqsave(&desc->iuspin, flags);
 149        desc->werr = urb->status;
 150        spin_unlock_irqrestore(&desc->iuspin, flags);
 151        kfree(desc->outbuf);
 152        desc->outbuf = NULL;
 153        clear_bit(WDM_IN_USE, &desc->flags);
 154        wake_up(&desc->wait);
 155}
 156
 157static void wdm_in_callback(struct urb *urb)
 158{
 159        unsigned long flags;
 160        struct wdm_device *desc = urb->context;
 161        int status = urb->status;
 162        int length = urb->actual_length;
 163
 164        spin_lock_irqsave(&desc->iuspin, flags);
 165        clear_bit(WDM_RESPONDING, &desc->flags);
 166
 167        if (status) {
 168                switch (status) {
 169                case -ENOENT:
 170                        dev_dbg(&desc->intf->dev,
 171                                "nonzero urb status received: -ENOENT\n");
 172                        goto skip_error;
 173                case -ECONNRESET:
 174                        dev_dbg(&desc->intf->dev,
 175                                "nonzero urb status received: -ECONNRESET\n");
 176                        goto skip_error;
 177                case -ESHUTDOWN:
 178                        dev_dbg(&desc->intf->dev,
 179                                "nonzero urb status received: -ESHUTDOWN\n");
 180                        goto skip_error;
 181                case -EPIPE:
 182                        dev_err(&desc->intf->dev,
 183                                "nonzero urb status received: -EPIPE\n");
 184                        break;
 185                default:
 186                        dev_err(&desc->intf->dev,
 187                                "Unexpected error %d\n", status);
 188                        break;
 189                }
 190        }
 191
 192        /*
 193         * only set a new error if there is no previous error.
 194         * Errors are only cleared during read/open
 195         * Avoid propagating -EPIPE (stall) to userspace since it is
 196         * better handled as an empty read
 197         */
 198        if (desc->rerr == 0 && status != -EPIPE)
 199                desc->rerr = status;
 200
 201        if (length + desc->length > desc->wMaxCommand) {
 202                /* The buffer would overflow */
 203                set_bit(WDM_OVERFLOW, &desc->flags);
 204        } else {
 205                /* we may already be in overflow */
 206                if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
 207                        memmove(desc->ubuf + desc->length, desc->inbuf, length);
 208                        desc->length += length;
 209                        desc->reslength = length;
 210                }
 211        }
 212skip_error:
 213
 214        if (desc->rerr) {
 215                /*
 216                 * Since there was an error, userspace may decide to not read
 217                 * any data after poll'ing.
 218                 * We should respond to further attempts from the device to send
 219                 * data, so that we can get unstuck.
 220                 */
 221                schedule_work(&desc->service_outs_intr);
 222        } else {
 223                set_bit(WDM_READ, &desc->flags);
 224                wake_up(&desc->wait);
 225        }
 226        spin_unlock_irqrestore(&desc->iuspin, flags);
 227}
 228
 229static void wdm_int_callback(struct urb *urb)
 230{
 231        unsigned long flags;
 232        int rv = 0;
 233        int responding;
 234        int status = urb->status;
 235        struct wdm_device *desc;
 236        struct usb_cdc_notification *dr;
 237
 238        desc = urb->context;
 239        dr = (struct usb_cdc_notification *)desc->sbuf;
 240
 241        if (status) {
 242                switch (status) {
 243                case -ESHUTDOWN:
 244                case -ENOENT:
 245                case -ECONNRESET:
 246                        return; /* unplug */
 247                case -EPIPE:
 248                        set_bit(WDM_INT_STALL, &desc->flags);
 249                        dev_err(&desc->intf->dev, "Stall on int endpoint\n");
 250                        goto sw; /* halt is cleared in work */
 251                default:
 252                        dev_err(&desc->intf->dev,
 253                                "nonzero urb status received: %d\n", status);
 254                        break;
 255                }
 256        }
 257
 258        if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
 259                dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
 260                        urb->actual_length);
 261                goto exit;
 262        }
 263
 264        switch (dr->bNotificationType) {
 265        case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
 266                dev_dbg(&desc->intf->dev,
 267                        "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n",
 268                        le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
 269                break;
 270
 271        case USB_CDC_NOTIFY_NETWORK_CONNECTION:
 272
 273                dev_dbg(&desc->intf->dev,
 274                        "NOTIFY_NETWORK_CONNECTION %s network\n",
 275                        dr->wValue ? "connected to" : "disconnected from");
 276                goto exit;
 277        case USB_CDC_NOTIFY_SPEED_CHANGE:
 278                dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n",
 279                        urb->actual_length);
 280                goto exit;
 281        default:
 282                clear_bit(WDM_POLL_RUNNING, &desc->flags);
 283                dev_err(&desc->intf->dev,
 284                        "unknown notification %d received: index %d len %d\n",
 285                        dr->bNotificationType,
 286                        le16_to_cpu(dr->wIndex),
 287                        le16_to_cpu(dr->wLength));
 288                goto exit;
 289        }
 290
 291        spin_lock_irqsave(&desc->iuspin, flags);
 292        responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
 293        if (!desc->resp_count++ && !responding
 294                && !test_bit(WDM_DISCONNECTING, &desc->flags)
 295                && !test_bit(WDM_SUSPENDING, &desc->flags)) {
 296                rv = usb_submit_urb(desc->response, GFP_ATOMIC);
 297                dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv);
 298        }
 299        spin_unlock_irqrestore(&desc->iuspin, flags);
 300        if (rv < 0) {
 301                clear_bit(WDM_RESPONDING, &desc->flags);
 302                if (rv == -EPERM)
 303                        return;
 304                if (rv == -ENOMEM) {
 305sw:
 306                        rv = schedule_work(&desc->rxwork);
 307                        if (rv)
 308                                dev_err(&desc->intf->dev,
 309                                        "Cannot schedule work\n");
 310                }
 311        }
 312exit:
 313        rv = usb_submit_urb(urb, GFP_ATOMIC);
 314        if (rv)
 315                dev_err(&desc->intf->dev,
 316                        "%s - usb_submit_urb failed with result %d\n",
 317                        __func__, rv);
 318
 319}
 320
 321static void kill_urbs(struct wdm_device *desc)
 322{
 323        /* the order here is essential */
 324        usb_kill_urb(desc->command);
 325        usb_kill_urb(desc->validity);
 326        usb_kill_urb(desc->response);
 327}
 328
 329static void free_urbs(struct wdm_device *desc)
 330{
 331        usb_free_urb(desc->validity);
 332        usb_free_urb(desc->response);
 333        usb_free_urb(desc->command);
 334}
 335
 336static void cleanup(struct wdm_device *desc)
 337{
 338        kfree(desc->sbuf);
 339        kfree(desc->inbuf);
 340        kfree(desc->orq);
 341        kfree(desc->irq);
 342        kfree(desc->ubuf);
 343        free_urbs(desc);
 344        kfree(desc);
 345}
 346
 347static ssize_t wdm_write
 348(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
 349{
 350        u8 *buf;
 351        int rv = -EMSGSIZE, r, we;
 352        struct wdm_device *desc = file->private_data;
 353        struct usb_ctrlrequest *req;
 354
 355        if (count > desc->wMaxCommand)
 356                count = desc->wMaxCommand;
 357
 358        spin_lock_irq(&desc->iuspin);
 359        we = desc->werr;
 360        desc->werr = 0;
 361        spin_unlock_irq(&desc->iuspin);
 362        if (we < 0)
 363                return usb_translate_errors(we);
 364
 365        buf = memdup_user(buffer, count);
 366        if (IS_ERR(buf))
 367                return PTR_ERR(buf);
 368
 369        /* concurrent writes and disconnect */
 370        r = mutex_lock_interruptible(&desc->wlock);
 371        rv = -ERESTARTSYS;
 372        if (r)
 373                goto out_free_mem;
 374
 375        if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
 376                rv = -ENODEV;
 377                goto out_free_mem_lock;
 378        }
 379
 380        r = usb_autopm_get_interface(desc->intf);
 381        if (r < 0) {
 382                rv = usb_translate_errors(r);
 383                goto out_free_mem_lock;
 384        }
 385
 386        if (!(file->f_flags & O_NONBLOCK))
 387                r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
 388                                                                &desc->flags));
 389        else
 390                if (test_bit(WDM_IN_USE, &desc->flags))
 391                        r = -EAGAIN;
 392
 393        if (test_bit(WDM_RESETTING, &desc->flags))
 394                r = -EIO;
 395
 396        if (r < 0) {
 397                rv = r;
 398                goto out_free_mem_pm;
 399        }
 400
 401        req = desc->orq;
 402        usb_fill_control_urb(
 403                desc->command,
 404                interface_to_usbdev(desc->intf),
 405                /* using common endpoint 0 */
 406                usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
 407                (unsigned char *)req,
 408                buf,
 409                count,
 410                wdm_out_callback,
 411                desc
 412        );
 413
 414        req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
 415                             USB_RECIP_INTERFACE);
 416        req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
 417        req->wValue = 0;
 418        req->wIndex = desc->inum; /* already converted */
 419        req->wLength = cpu_to_le16(count);
 420        set_bit(WDM_IN_USE, &desc->flags);
 421        desc->outbuf = buf;
 422
 423        rv = usb_submit_urb(desc->command, GFP_KERNEL);
 424        if (rv < 0) {
 425                desc->outbuf = NULL;
 426                clear_bit(WDM_IN_USE, &desc->flags);
 427                dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
 428                rv = usb_translate_errors(rv);
 429                goto out_free_mem_pm;
 430        } else {
 431                dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n",
 432                        le16_to_cpu(req->wIndex));
 433        }
 434
 435        usb_autopm_put_interface(desc->intf);
 436        mutex_unlock(&desc->wlock);
 437        return count;
 438
 439out_free_mem_pm:
 440        usb_autopm_put_interface(desc->intf);
 441out_free_mem_lock:
 442        mutex_unlock(&desc->wlock);
 443out_free_mem:
 444        kfree(buf);
 445        return rv;
 446}
 447
 448/*
 449 * Submit the read urb if resp_count is non-zero.
 450 *
 451 * Called with desc->iuspin locked
 452 */
 453static int service_outstanding_interrupt(struct wdm_device *desc)
 454{
 455        int rv = 0;
 456
 457        /* submit read urb only if the device is waiting for it */
 458        if (!desc->resp_count || !--desc->resp_count)
 459                goto out;
 460
 461        set_bit(WDM_RESPONDING, &desc->flags);
 462        spin_unlock_irq(&desc->iuspin);
 463        rv = usb_submit_urb(desc->response, GFP_KERNEL);
 464        spin_lock_irq(&desc->iuspin);
 465        if (rv) {
 466                dev_err(&desc->intf->dev,
 467                        "usb_submit_urb failed with result %d\n", rv);
 468
 469                /* make sure the next notification trigger a submit */
 470                clear_bit(WDM_RESPONDING, &desc->flags);
 471                desc->resp_count = 0;
 472        }
 473out:
 474        return rv;
 475}
 476
 477static ssize_t wdm_read
 478(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
 479{
 480        int rv, cntr;
 481        int i = 0;
 482        struct wdm_device *desc = file->private_data;
 483
 484
 485        rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
 486        if (rv < 0)
 487                return -ERESTARTSYS;
 488
 489        cntr = READ_ONCE(desc->length);
 490        if (cntr == 0) {
 491                desc->read = 0;
 492retry:
 493                if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
 494                        rv = -ENODEV;
 495                        goto err;
 496                }
 497                if (test_bit(WDM_OVERFLOW, &desc->flags)) {
 498                        clear_bit(WDM_OVERFLOW, &desc->flags);
 499                        rv = -ENOBUFS;
 500                        goto err;
 501                }
 502                i++;
 503                if (file->f_flags & O_NONBLOCK) {
 504                        if (!test_bit(WDM_READ, &desc->flags)) {
 505                                rv = -EAGAIN;
 506                                goto err;
 507                        }
 508                        rv = 0;
 509                } else {
 510                        rv = wait_event_interruptible(desc->wait,
 511                                test_bit(WDM_READ, &desc->flags));
 512                }
 513
 514                /* may have happened while we slept */
 515                if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
 516                        rv = -ENODEV;
 517                        goto err;
 518                }
 519                if (test_bit(WDM_RESETTING, &desc->flags)) {
 520                        rv = -EIO;
 521                        goto err;
 522                }
 523                usb_mark_last_busy(interface_to_usbdev(desc->intf));
 524                if (rv < 0) {
 525                        rv = -ERESTARTSYS;
 526                        goto err;
 527                }
 528
 529                spin_lock_irq(&desc->iuspin);
 530
 531                if (desc->rerr) { /* read completed, error happened */
 532                        rv = usb_translate_errors(desc->rerr);
 533                        desc->rerr = 0;
 534                        spin_unlock_irq(&desc->iuspin);
 535                        goto err;
 536                }
 537                /*
 538                 * recheck whether we've lost the race
 539                 * against the completion handler
 540                 */
 541                if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
 542                        spin_unlock_irq(&desc->iuspin);
 543                        goto retry;
 544                }
 545
 546                if (!desc->reslength) { /* zero length read */
 547                        dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n");
 548                        clear_bit(WDM_READ, &desc->flags);
 549                        rv = service_outstanding_interrupt(desc);
 550                        spin_unlock_irq(&desc->iuspin);
 551                        if (rv < 0)
 552                                goto err;
 553                        goto retry;
 554                }
 555                cntr = desc->length;
 556                spin_unlock_irq(&desc->iuspin);
 557        }
 558
 559        if (cntr > count)
 560                cntr = count;
 561        rv = copy_to_user(buffer, desc->ubuf, cntr);
 562        if (rv > 0) {
 563                rv = -EFAULT;
 564                goto err;
 565        }
 566
 567        spin_lock_irq(&desc->iuspin);
 568
 569        for (i = 0; i < desc->length - cntr; i++)
 570                desc->ubuf[i] = desc->ubuf[i + cntr];
 571
 572        desc->length -= cntr;
 573        /* in case we had outstanding data */
 574        if (!desc->length) {
 575                clear_bit(WDM_READ, &desc->flags);
 576                service_outstanding_interrupt(desc);
 577        }
 578        spin_unlock_irq(&desc->iuspin);
 579        rv = cntr;
 580
 581err:
 582        mutex_unlock(&desc->rlock);
 583        return rv;
 584}
 585
 586static int wdm_flush(struct file *file, fl_owner_t id)
 587{
 588        struct wdm_device *desc = file->private_data;
 589
 590        wait_event(desc->wait,
 591                        /*
 592                         * needs both flags. We cannot do with one
 593                         * because resetting it would cause a race
 594                         * with write() yet we need to signal
 595                         * a disconnect
 596                         */
 597                        !test_bit(WDM_IN_USE, &desc->flags) ||
 598                        test_bit(WDM_DISCONNECTING, &desc->flags));
 599
 600        /* cannot dereference desc->intf if WDM_DISCONNECTING */
 601        if (test_bit(WDM_DISCONNECTING, &desc->flags))
 602                return -ENODEV;
 603        if (desc->werr < 0)
 604                dev_err(&desc->intf->dev, "Error in flush path: %d\n",
 605                        desc->werr);
 606
 607        return usb_translate_errors(desc->werr);
 608}
 609
 610static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait)
 611{
 612        struct wdm_device *desc = file->private_data;
 613        unsigned long flags;
 614        __poll_t mask = 0;
 615
 616        spin_lock_irqsave(&desc->iuspin, flags);
 617        if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
 618                mask = EPOLLHUP | EPOLLERR;
 619                spin_unlock_irqrestore(&desc->iuspin, flags);
 620                goto desc_out;
 621        }
 622        if (test_bit(WDM_READ, &desc->flags))
 623                mask = EPOLLIN | EPOLLRDNORM;
 624        if (desc->rerr || desc->werr)
 625                mask |= EPOLLERR;
 626        if (!test_bit(WDM_IN_USE, &desc->flags))
 627                mask |= EPOLLOUT | EPOLLWRNORM;
 628        spin_unlock_irqrestore(&desc->iuspin, flags);
 629
 630        poll_wait(file, &desc->wait, wait);
 631
 632desc_out:
 633        return mask;
 634}
 635
 636static int wdm_open(struct inode *inode, struct file *file)
 637{
 638        int minor = iminor(inode);
 639        int rv = -ENODEV;
 640        struct usb_interface *intf;
 641        struct wdm_device *desc;
 642
 643        mutex_lock(&wdm_mutex);
 644        desc = wdm_find_device_by_minor(minor);
 645        if (!desc)
 646                goto out;
 647
 648        intf = desc->intf;
 649        if (test_bit(WDM_DISCONNECTING, &desc->flags))
 650                goto out;
 651        file->private_data = desc;
 652
 653        rv = usb_autopm_get_interface(desc->intf);
 654        if (rv < 0) {
 655                dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
 656                goto out;
 657        }
 658
 659        /* using write lock to protect desc->count */
 660        mutex_lock(&desc->wlock);
 661        if (!desc->count++) {
 662                desc->werr = 0;
 663                desc->rerr = 0;
 664                rv = usb_submit_urb(desc->validity, GFP_KERNEL);
 665                if (rv < 0) {
 666                        desc->count--;
 667                        dev_err(&desc->intf->dev,
 668                                "Error submitting int urb - %d\n", rv);
 669                        rv = usb_translate_errors(rv);
 670                }
 671        } else {
 672                rv = 0;
 673        }
 674        mutex_unlock(&desc->wlock);
 675        if (desc->count == 1)
 676                desc->manage_power(intf, 1);
 677        usb_autopm_put_interface(desc->intf);
 678out:
 679        mutex_unlock(&wdm_mutex);
 680        return rv;
 681}
 682
 683static int wdm_release(struct inode *inode, struct file *file)
 684{
 685        struct wdm_device *desc = file->private_data;
 686
 687        mutex_lock(&wdm_mutex);
 688
 689        /* using write lock to protect desc->count */
 690        mutex_lock(&desc->wlock);
 691        desc->count--;
 692        mutex_unlock(&desc->wlock);
 693
 694        if (!desc->count) {
 695                if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
 696                        dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n");
 697                        kill_urbs(desc);
 698                        spin_lock_irq(&desc->iuspin);
 699                        desc->resp_count = 0;
 700                        spin_unlock_irq(&desc->iuspin);
 701                        desc->manage_power(desc->intf, 0);
 702                } else {
 703                        /* must avoid dev_printk here as desc->intf is invalid */
 704                        pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
 705                        cleanup(desc);
 706                }
 707        }
 708        mutex_unlock(&wdm_mutex);
 709        return 0;
 710}
 711
 712static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 713{
 714        struct wdm_device *desc = file->private_data;
 715        int rv = 0;
 716
 717        switch (cmd) {
 718        case IOCTL_WDM_MAX_COMMAND:
 719                if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
 720                        rv = -EFAULT;
 721                break;
 722        default:
 723                rv = -ENOTTY;
 724        }
 725        return rv;
 726}
 727
 728static const struct file_operations wdm_fops = {
 729        .owner =        THIS_MODULE,
 730        .read =         wdm_read,
 731        .write =        wdm_write,
 732        .open =         wdm_open,
 733        .flush =        wdm_flush,
 734        .release =      wdm_release,
 735        .poll =         wdm_poll,
 736        .unlocked_ioctl = wdm_ioctl,
 737        .compat_ioctl = wdm_ioctl,
 738        .llseek =       noop_llseek,
 739};
 740
 741static struct usb_class_driver wdm_class = {
 742        .name =         "cdc-wdm%d",
 743        .fops =         &wdm_fops,
 744        .minor_base =   WDM_MINOR_BASE,
 745};
 746
 747/* --- error handling --- */
 748static void wdm_rxwork(struct work_struct *work)
 749{
 750        struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
 751        unsigned long flags;
 752        int rv = 0;
 753        int responding;
 754
 755        spin_lock_irqsave(&desc->iuspin, flags);
 756        if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
 757                spin_unlock_irqrestore(&desc->iuspin, flags);
 758        } else {
 759                responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
 760                spin_unlock_irqrestore(&desc->iuspin, flags);
 761                if (!responding)
 762                        rv = usb_submit_urb(desc->response, GFP_KERNEL);
 763                if (rv < 0 && rv != -EPERM) {
 764                        spin_lock_irqsave(&desc->iuspin, flags);
 765                        clear_bit(WDM_RESPONDING, &desc->flags);
 766                        if (!test_bit(WDM_DISCONNECTING, &desc->flags))
 767                                schedule_work(&desc->rxwork);
 768                        spin_unlock_irqrestore(&desc->iuspin, flags);
 769                }
 770        }
 771}
 772
 773static void service_interrupt_work(struct work_struct *work)
 774{
 775        struct wdm_device *desc;
 776
 777        desc = container_of(work, struct wdm_device, service_outs_intr);
 778
 779        spin_lock_irq(&desc->iuspin);
 780        service_outstanding_interrupt(desc);
 781        if (!desc->resp_count) {
 782                set_bit(WDM_READ, &desc->flags);
 783                wake_up(&desc->wait);
 784        }
 785        spin_unlock_irq(&desc->iuspin);
 786}
 787
 788/* --- hotplug --- */
 789
 790static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
 791                u16 bufsize, int (*manage_power)(struct usb_interface *, int))
 792{
 793        int rv = -ENOMEM;
 794        struct wdm_device *desc;
 795
 796        desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
 797        if (!desc)
 798                goto out;
 799        INIT_LIST_HEAD(&desc->device_list);
 800        mutex_init(&desc->rlock);
 801        mutex_init(&desc->wlock);
 802        spin_lock_init(&desc->iuspin);
 803        init_waitqueue_head(&desc->wait);
 804        desc->wMaxCommand = bufsize;
 805        /* this will be expanded and needed in hardware endianness */
 806        desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
 807        desc->intf = intf;
 808        INIT_WORK(&desc->rxwork, wdm_rxwork);
 809        INIT_WORK(&desc->service_outs_intr, service_interrupt_work);
 810
 811        rv = -EINVAL;
 812        if (!usb_endpoint_is_int_in(ep))
 813                goto err;
 814
 815        desc->wMaxPacketSize = usb_endpoint_maxp(ep);
 816
 817        desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
 818        if (!desc->orq)
 819                goto err;
 820        desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
 821        if (!desc->irq)
 822                goto err;
 823
 824        desc->validity = usb_alloc_urb(0, GFP_KERNEL);
 825        if (!desc->validity)
 826                goto err;
 827
 828        desc->response = usb_alloc_urb(0, GFP_KERNEL);
 829        if (!desc->response)
 830                goto err;
 831
 832        desc->command = usb_alloc_urb(0, GFP_KERNEL);
 833        if (!desc->command)
 834                goto err;
 835
 836        desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
 837        if (!desc->ubuf)
 838                goto err;
 839
 840        desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
 841        if (!desc->sbuf)
 842                goto err;
 843
 844        desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
 845        if (!desc->inbuf)
 846                goto err;
 847
 848        usb_fill_int_urb(
 849                desc->validity,
 850                interface_to_usbdev(intf),
 851                usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
 852                desc->sbuf,
 853                desc->wMaxPacketSize,
 854                wdm_int_callback,
 855                desc,
 856                ep->bInterval
 857        );
 858
 859        desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
 860        desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
 861        desc->irq->wValue = 0;
 862        desc->irq->wIndex = desc->inum; /* already converted */
 863        desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
 864
 865        usb_fill_control_urb(
 866                desc->response,
 867                interface_to_usbdev(intf),
 868                /* using common endpoint 0 */
 869                usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
 870                (unsigned char *)desc->irq,
 871                desc->inbuf,
 872                desc->wMaxCommand,
 873                wdm_in_callback,
 874                desc
 875        );
 876
 877        desc->manage_power = manage_power;
 878
 879        spin_lock(&wdm_device_list_lock);
 880        list_add(&desc->device_list, &wdm_device_list);
 881        spin_unlock(&wdm_device_list_lock);
 882
 883        rv = usb_register_dev(intf, &wdm_class);
 884        if (rv < 0)
 885                goto err;
 886        else
 887                dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
 888out:
 889        return rv;
 890err:
 891        spin_lock(&wdm_device_list_lock);
 892        list_del(&desc->device_list);
 893        spin_unlock(&wdm_device_list_lock);
 894        cleanup(desc);
 895        return rv;
 896}
 897
 898static int wdm_manage_power(struct usb_interface *intf, int on)
 899{
 900        /* need autopm_get/put here to ensure the usbcore sees the new value */
 901        int rv = usb_autopm_get_interface(intf);
 902
 903        intf->needs_remote_wakeup = on;
 904        if (!rv)
 905                usb_autopm_put_interface(intf);
 906        return 0;
 907}
 908
 909static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
 910{
 911        int rv = -EINVAL;
 912        struct usb_host_interface *iface;
 913        struct usb_endpoint_descriptor *ep;
 914        struct usb_cdc_parsed_header hdr;
 915        u8 *buffer = intf->altsetting->extra;
 916        int buflen = intf->altsetting->extralen;
 917        u16 maxcom = WDM_DEFAULT_BUFSIZE;
 918
 919        if (!buffer)
 920                goto err;
 921
 922        cdc_parse_cdc_header(&hdr, intf, buffer, buflen);
 923
 924        if (hdr.usb_cdc_dmm_desc)
 925                maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand);
 926
 927        iface = intf->cur_altsetting;
 928        if (iface->desc.bNumEndpoints != 1)
 929                goto err;
 930        ep = &iface->endpoint[0].desc;
 931
 932        rv = wdm_create(intf, ep, maxcom, &wdm_manage_power);
 933
 934err:
 935        return rv;
 936}
 937
 938/**
 939 * usb_cdc_wdm_register - register a WDM subdriver
 940 * @intf: usb interface the subdriver will associate with
 941 * @ep: interrupt endpoint to monitor for notifications
 942 * @bufsize: maximum message size to support for read/write
 943 *
 944 * Create WDM usb class character device and associate it with intf
 945 * without binding, allowing another driver to manage the interface.
 946 *
 947 * The subdriver will manage the given interrupt endpoint exclusively
 948 * and will issue control requests referring to the given intf. It
 949 * will otherwise avoid interferring, and in particular not do
 950 * usb_set_intfdata/usb_get_intfdata on intf.
 951 *
 952 * The return value is a pointer to the subdriver's struct usb_driver.
 953 * The registering driver is responsible for calling this subdriver's
 954 * disconnect, suspend, resume, pre_reset and post_reset methods from
 955 * its own.
 956 */
 957struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
 958                                        struct usb_endpoint_descriptor *ep,
 959                                        int bufsize,
 960                                        int (*manage_power)(struct usb_interface *, int))
 961{
 962        int rv;
 963
 964        rv = wdm_create(intf, ep, bufsize, manage_power);
 965        if (rv < 0)
 966                goto err;
 967
 968        return &wdm_driver;
 969err:
 970        return ERR_PTR(rv);
 971}
 972EXPORT_SYMBOL(usb_cdc_wdm_register);
 973
 974static void wdm_disconnect(struct usb_interface *intf)
 975{
 976        struct wdm_device *desc;
 977        unsigned long flags;
 978
 979        usb_deregister_dev(intf, &wdm_class);
 980        desc = wdm_find_device(intf);
 981        mutex_lock(&wdm_mutex);
 982
 983        /* the spinlock makes sure no new urbs are generated in the callbacks */
 984        spin_lock_irqsave(&desc->iuspin, flags);
 985        set_bit(WDM_DISCONNECTING, &desc->flags);
 986        set_bit(WDM_READ, &desc->flags);
 987        spin_unlock_irqrestore(&desc->iuspin, flags);
 988        wake_up_all(&desc->wait);
 989        mutex_lock(&desc->rlock);
 990        mutex_lock(&desc->wlock);
 991        kill_urbs(desc);
 992        cancel_work_sync(&desc->rxwork);
 993        cancel_work_sync(&desc->service_outs_intr);
 994        mutex_unlock(&desc->wlock);
 995        mutex_unlock(&desc->rlock);
 996
 997        /* the desc->intf pointer used as list key is now invalid */
 998        spin_lock(&wdm_device_list_lock);
 999        list_del(&desc->device_list);
1000        spin_unlock(&wdm_device_list_lock);

1001
1002        if (!desc->count)
1003                cleanup(desc);
1004        else
1005                dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count);
1006        mutex_unlock(&wdm_mutex);
1007}
1008
1009#ifdef CONFIG_PM
1010static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
1011{
1012        struct wdm_device *desc = wdm_find_device(intf);
1013        int rv = 0;
1014
1015        dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1016
1017        /* if this is an autosuspend the caller does the locking */
1018        if (!PMSG_IS_AUTO(message)) {
1019                mutex_lock(&desc->rlock);
1020                mutex_lock(&desc->wlock);
1021        }
1022        spin_lock_irq(&desc->iuspin);
1023
1024        if (PMSG_IS_AUTO(message) &&
1025                        (test_bit(WDM_IN_USE, &desc->flags)
1026                        || test_bit(WDM_RESPONDING, &desc->flags))) {
1027                spin_unlock_irq(&desc->iuspin);
1028                rv = -EBUSY;
1029        } else {
1030
1031                set_bit(WDM_SUSPENDING, &desc->flags);
1032                spin_unlock_irq(&desc->iuspin);
1033                /* callback submits work - order is essential */
1034                kill_urbs(desc);
1035                cancel_work_sync(&desc->rxwork);
1036                cancel_work_sync(&desc->service_outs_intr);
1037        }
1038        if (!PMSG_IS_AUTO(message)) {
1039                mutex_unlock(&desc->wlock);
1040                mutex_unlock(&desc->rlock);
1041        }
1042
1043        return rv;
1044}
1045#endif
1046
1047static int recover_from_urb_loss(struct wdm_device *desc)
1048{
1049        int rv = 0;
1050
1051        if (desc->count) {
1052                rv = usb_submit_urb(desc->validity, GFP_NOIO);
1053                if (rv < 0)
1054                        dev_err(&desc->intf->dev,
1055                                "Error resume submitting int urb - %d\n", rv);
1056        }
1057        return rv;
1058}
1059
1060#ifdef CONFIG_PM
1061static int wdm_resume(struct usb_interface *intf)
1062{
1063        struct wdm_device *desc = wdm_find_device(intf);
1064        int rv;
1065
1066        dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1067
1068        clear_bit(WDM_SUSPENDING, &desc->flags);
1069        rv = recover_from_urb_loss(desc);
1070
1071        return rv;
1072}
1073#endif
1074
1075static int wdm_pre_reset(struct usb_interface *intf)
1076{
1077        struct wdm_device *desc = wdm_find_device(intf);
1078
1079        /*
1080         * we notify everybody using poll of
1081         * an exceptional situation
1082         * must be done before recovery lest a spontaneous
1083         * message from the device is lost
1084         */
1085        spin_lock_irq(&desc->iuspin);
1086        set_bit(WDM_RESETTING, &desc->flags);   /* inform read/write */
1087        set_bit(WDM_READ, &desc->flags);        /* unblock read */
1088        clear_bit(WDM_IN_USE, &desc->flags);    /* unblock write */
1089        desc->rerr = -EINTR;
1090        spin_unlock_irq(&desc->iuspin);
1091        wake_up_all(&desc->wait);
1092        mutex_lock(&desc->rlock);
1093        mutex_lock(&desc->wlock);
1094        kill_urbs(desc);
1095        cancel_work_sync(&desc->rxwork);
1096        cancel_work_sync(&desc->service_outs_intr);
1097        return 0;
1098}
1099
1100static int wdm_post_reset(struct usb_interface *intf)
1101{
1102        struct wdm_device *desc = wdm_find_device(intf);
1103        int rv;
1104
1105        clear_bit(WDM_OVERFLOW, &desc->flags);
1106        clear_bit(WDM_RESETTING, &desc->flags);
1107        rv = recover_from_urb_loss(desc);
1108        mutex_unlock(&desc->wlock);
1109        mutex_unlock(&desc->rlock);
1110        return rv;
1111}
1112
1113static struct usb_driver wdm_driver = {
1114        .name =         "cdc_wdm",
1115        .probe =        wdm_probe,
1116        .disconnect =   wdm_disconnect,
1117#ifdef CONFIG_PM
1118        .suspend =      wdm_suspend,
1119        .resume =       wdm_resume,
1120        .reset_resume = wdm_resume,
1121#endif
1122        .pre_reset =    wdm_pre_reset,
1123        .post_reset =   wdm_post_reset,
1124        .id_table =     wdm_ids,
1125        .supports_autosuspend = 1,
1126        .disable_hub_initiated_lpm = 1,
1127};
1128
1129module_usb_driver(wdm_driver);
1130
1131MODULE_AUTHOR(DRIVER_AUTHOR);
1132MODULE_DESCRIPTION(DRIVER_DESC);
1133MODULE_LICENSE("GPL");
1134