Loading...
1/*
2 * cdc-wdm.c
3 *
4 * This driver supports USB CDC WCM Device Management.
5 *
6 * Copyright (c) 2007-2009 Oliver Neukum
7 *
8 * Some code taken from cdc-acm.c
9 *
10 * Released under the GPLv2.
11 *
12 * Many thanks to Carl Nordbeck
13 */
14#include <linux/kernel.h>
15#include <linux/errno.h>
16#include <linux/ioctl.h>
17#include <linux/slab.h>
18#include <linux/module.h>
19#include <linux/mutex.h>
20#include <linux/uaccess.h>
21#include <linux/bitops.h>
22#include <linux/poll.h>
23#include <linux/usb.h>
24#include <linux/usb/cdc.h>
25#include <asm/byteorder.h>
26#include <asm/unaligned.h>
27#include <linux/usb/cdc-wdm.h>
28
29/*
30 * Version Information
31 */
32#define DRIVER_VERSION "v0.03"
33#define DRIVER_AUTHOR "Oliver Neukum"
34#define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
35
36static const struct usb_device_id wdm_ids[] = {
37 {
38 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
39 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
40 .bInterfaceClass = USB_CLASS_COMM,
41 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
42 },
43 { }
44};
45
46MODULE_DEVICE_TABLE (usb, wdm_ids);
47
48#define WDM_MINOR_BASE 176
49
50
51#define WDM_IN_USE 1
52#define WDM_DISCONNECTING 2
53#define WDM_RESULT 3
54#define WDM_READ 4
55#define WDM_INT_STALL 5
56#define WDM_POLL_RUNNING 6
57#define WDM_RESPONDING 7
58#define WDM_SUSPENDING 8
59#define WDM_RESETTING 9
60#define WDM_OVERFLOW 10
61
62#define WDM_MAX 16
63
64/* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
65#define WDM_DEFAULT_BUFSIZE 256
66
67static DEFINE_MUTEX(wdm_mutex);
68static DEFINE_SPINLOCK(wdm_device_list_lock);
69static LIST_HEAD(wdm_device_list);
70
71/* --- method tables --- */
72
73struct wdm_device {
74 u8 *inbuf; /* buffer for response */
75 u8 *outbuf; /* buffer for command */
76 u8 *sbuf; /* buffer for status */
77 u8 *ubuf; /* buffer for copy to user space */
78
79 struct urb *command;
80 struct urb *response;
81 struct urb *validity;
82 struct usb_interface *intf;
83 struct usb_ctrlrequest *orq;
84 struct usb_ctrlrequest *irq;
85 spinlock_t iuspin;
86
87 unsigned long flags;
88 u16 bufsize;
89 u16 wMaxCommand;
90 u16 wMaxPacketSize;
91 __le16 inum;
92 int reslength;
93 int length;
94 int read;
95 int count;
96 dma_addr_t shandle;
97 dma_addr_t ihandle;
98 struct mutex wlock;
99 struct mutex rlock;
100 wait_queue_head_t wait;
101 struct work_struct rxwork;
102 int werr;
103 int rerr;
104 int resp_count;
105
106 struct list_head device_list;
107 int (*manage_power)(struct usb_interface *, int);
108};
109
110static struct usb_driver wdm_driver;
111
112/* return intfdata if we own the interface, else look up intf in the list */
113static struct wdm_device *wdm_find_device(struct usb_interface *intf)
114{
115 struct wdm_device *desc;
116
117 spin_lock(&wdm_device_list_lock);
118 list_for_each_entry(desc, &wdm_device_list, device_list)
119 if (desc->intf == intf)
120 goto found;
121 desc = NULL;
122found:
123 spin_unlock(&wdm_device_list_lock);
124
125 return desc;
126}
127
128static struct wdm_device *wdm_find_device_by_minor(int minor)
129{
130 struct wdm_device *desc;
131
132 spin_lock(&wdm_device_list_lock);
133 list_for_each_entry(desc, &wdm_device_list, device_list)
134 if (desc->intf->minor == minor)
135 goto found;
136 desc = NULL;
137found:
138 spin_unlock(&wdm_device_list_lock);
139
140 return desc;
141}
142
143/* --- callbacks --- */
144static void wdm_out_callback(struct urb *urb)
145{
146 struct wdm_device *desc;
147 desc = urb->context;
148 spin_lock(&desc->iuspin);
149 desc->werr = urb->status;
150 spin_unlock(&desc->iuspin);
151 kfree(desc->outbuf);
152 desc->outbuf = NULL;
153 clear_bit(WDM_IN_USE, &desc->flags);
154 wake_up(&desc->wait);
155}
156
157static void wdm_in_callback(struct urb *urb)
158{
159 struct wdm_device *desc = urb->context;
160 int status = urb->status;
161 int length = urb->actual_length;
162
163 spin_lock(&desc->iuspin);
164 clear_bit(WDM_RESPONDING, &desc->flags);
165
166 if (status) {
167 switch (status) {
168 case -ENOENT:
169 dev_dbg(&desc->intf->dev,
170 "nonzero urb status received: -ENOENT");
171 goto skip_error;
172 case -ECONNRESET:
173 dev_dbg(&desc->intf->dev,
174 "nonzero urb status received: -ECONNRESET");
175 goto skip_error;
176 case -ESHUTDOWN:
177 dev_dbg(&desc->intf->dev,
178 "nonzero urb status received: -ESHUTDOWN");
179 goto skip_error;
180 case -EPIPE:
181 dev_err(&desc->intf->dev,
182 "nonzero urb status received: -EPIPE\n");
183 break;
184 default:
185 dev_err(&desc->intf->dev,
186 "Unexpected error %d\n", status);
187 break;
188 }
189 }
190
191 desc->rerr = status;
192 if (length + desc->length > desc->wMaxCommand) {
193 /* The buffer would overflow */
194 set_bit(WDM_OVERFLOW, &desc->flags);
195 } else {
196 /* we may already be in overflow */
197 if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
198 memmove(desc->ubuf + desc->length, desc->inbuf, length);
199 desc->length += length;
200 desc->reslength = length;
201 }
202 }
203skip_error:
204 wake_up(&desc->wait);
205
206 set_bit(WDM_READ, &desc->flags);
207 spin_unlock(&desc->iuspin);
208}
209
210static void wdm_int_callback(struct urb *urb)
211{
212 int rv = 0;
213 int responding;
214 int status = urb->status;
215 struct wdm_device *desc;
216 struct usb_cdc_notification *dr;
217
218 desc = urb->context;
219 dr = (struct usb_cdc_notification *)desc->sbuf;
220
221 if (status) {
222 switch (status) {
223 case -ESHUTDOWN:
224 case -ENOENT:
225 case -ECONNRESET:
226 return; /* unplug */
227 case -EPIPE:
228 set_bit(WDM_INT_STALL, &desc->flags);
229 dev_err(&desc->intf->dev, "Stall on int endpoint\n");
230 goto sw; /* halt is cleared in work */
231 default:
232 dev_err(&desc->intf->dev,
233 "nonzero urb status received: %d\n", status);
234 break;
235 }
236 }
237
238 if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
239 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
240 urb->actual_length);
241 goto exit;
242 }
243
244 switch (dr->bNotificationType) {
245 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
246 dev_dbg(&desc->intf->dev,
247 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d",
248 le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
249 break;
250
251 case USB_CDC_NOTIFY_NETWORK_CONNECTION:
252
253 dev_dbg(&desc->intf->dev,
254 "NOTIFY_NETWORK_CONNECTION %s network",
255 dr->wValue ? "connected to" : "disconnected from");
256 goto exit;
257 case USB_CDC_NOTIFY_SPEED_CHANGE:
258 dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)",
259 urb->actual_length);
260 goto exit;
261 default:
262 clear_bit(WDM_POLL_RUNNING, &desc->flags);
263 dev_err(&desc->intf->dev,
264 "unknown notification %d received: index %d len %d\n",
265 dr->bNotificationType,
266 le16_to_cpu(dr->wIndex),
267 le16_to_cpu(dr->wLength));
268 goto exit;
269 }
270
271 spin_lock(&desc->iuspin);
272 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
273 if (!desc->resp_count++ && !responding
274 && !test_bit(WDM_DISCONNECTING, &desc->flags)
275 && !test_bit(WDM_SUSPENDING, &desc->flags)) {
276 rv = usb_submit_urb(desc->response, GFP_ATOMIC);
277 dev_dbg(&desc->intf->dev, "%s: usb_submit_urb %d",
278 __func__, rv);
279 }
280 spin_unlock(&desc->iuspin);
281 if (rv < 0) {
282 clear_bit(WDM_RESPONDING, &desc->flags);
283 if (rv == -EPERM)
284 return;
285 if (rv == -ENOMEM) {
286sw:
287 rv = schedule_work(&desc->rxwork);
288 if (rv)
289 dev_err(&desc->intf->dev,
290 "Cannot schedule work\n");
291 }
292 }
293exit:
294 rv = usb_submit_urb(urb, GFP_ATOMIC);
295 if (rv)
296 dev_err(&desc->intf->dev,
297 "%s - usb_submit_urb failed with result %d\n",
298 __func__, rv);
299
300}
301
302static void kill_urbs(struct wdm_device *desc)
303{
304 /* the order here is essential */
305 usb_kill_urb(desc->command);
306 usb_kill_urb(desc->validity);
307 usb_kill_urb(desc->response);
308}
309
310static void free_urbs(struct wdm_device *desc)
311{
312 usb_free_urb(desc->validity);
313 usb_free_urb(desc->response);
314 usb_free_urb(desc->command);
315}
316
317static void cleanup(struct wdm_device *desc)
318{
319 kfree(desc->sbuf);
320 kfree(desc->inbuf);
321 kfree(desc->orq);
322 kfree(desc->irq);
323 kfree(desc->ubuf);
324 free_urbs(desc);
325 kfree(desc);
326}
327
328static ssize_t wdm_write
329(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
330{
331 u8 *buf;
332 int rv = -EMSGSIZE, r, we;
333 struct wdm_device *desc = file->private_data;
334 struct usb_ctrlrequest *req;
335
336 if (count > desc->wMaxCommand)
337 count = desc->wMaxCommand;
338
339 spin_lock_irq(&desc->iuspin);
340 we = desc->werr;
341 desc->werr = 0;
342 spin_unlock_irq(&desc->iuspin);
343 if (we < 0)
344 return usb_translate_errors(we);
345
346 buf = kmalloc(count, GFP_KERNEL);
347 if (!buf) {
348 rv = -ENOMEM;
349 goto outnl;
350 }
351
352 r = copy_from_user(buf, buffer, count);
353 if (r > 0) {
354 rv = -EFAULT;
355 goto out_free_mem;
356 }
357
358 /* concurrent writes and disconnect */
359 r = mutex_lock_interruptible(&desc->wlock);
360 rv = -ERESTARTSYS;
361 if (r)
362 goto out_free_mem;
363
364 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
365 rv = -ENODEV;
366 goto out_free_mem_lock;
367 }
368
369 r = usb_autopm_get_interface(desc->intf);
370 if (r < 0) {
371 rv = usb_translate_errors(r);
372 goto out_free_mem_lock;
373 }
374
375 if (!(file->f_flags & O_NONBLOCK))
376 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
377 &desc->flags));
378 else
379 if (test_bit(WDM_IN_USE, &desc->flags))
380 r = -EAGAIN;
381
382 if (test_bit(WDM_RESETTING, &desc->flags))
383 r = -EIO;
384
385 if (r < 0) {
386 rv = r;
387 goto out_free_mem_pm;
388 }
389
390 req = desc->orq;
391 usb_fill_control_urb(
392 desc->command,
393 interface_to_usbdev(desc->intf),
394 /* using common endpoint 0 */
395 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
396 (unsigned char *)req,
397 buf,
398 count,
399 wdm_out_callback,
400 desc
401 );
402
403 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
404 USB_RECIP_INTERFACE);
405 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
406 req->wValue = 0;
407 req->wIndex = desc->inum; /* already converted */
408 req->wLength = cpu_to_le16(count);
409 set_bit(WDM_IN_USE, &desc->flags);
410 desc->outbuf = buf;
411
412 rv = usb_submit_urb(desc->command, GFP_KERNEL);
413 if (rv < 0) {
414 desc->outbuf = NULL;
415 clear_bit(WDM_IN_USE, &desc->flags);
416 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
417 rv = usb_translate_errors(rv);
418 goto out_free_mem_pm;
419 } else {
420 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d",
421 le16_to_cpu(req->wIndex));
422 }
423
424 usb_autopm_put_interface(desc->intf);
425 mutex_unlock(&desc->wlock);
426outnl:
427 return rv < 0 ? rv : count;
428
429out_free_mem_pm:
430 usb_autopm_put_interface(desc->intf);
431out_free_mem_lock:
432 mutex_unlock(&desc->wlock);
433out_free_mem:
434 kfree(buf);
435 return rv;
436}
437
438/*
439 * clear WDM_READ flag and possibly submit the read urb if resp_count
440 * is non-zero.
441 *
442 * Called with desc->iuspin locked
443 */
444static int clear_wdm_read_flag(struct wdm_device *desc)
445{
446 int rv = 0;
447
448 clear_bit(WDM_READ, &desc->flags);
449
450 /* submit read urb only if the device is waiting for it */
451 if (!desc->resp_count || !--desc->resp_count)
452 goto out;
453
454 set_bit(WDM_RESPONDING, &desc->flags);
455 spin_unlock_irq(&desc->iuspin);
456 rv = usb_submit_urb(desc->response, GFP_KERNEL);
457 spin_lock_irq(&desc->iuspin);
458 if (rv) {
459 dev_err(&desc->intf->dev,
460 "usb_submit_urb failed with result %d\n", rv);
461
462 /* make sure the next notification trigger a submit */
463 clear_bit(WDM_RESPONDING, &desc->flags);
464 desc->resp_count = 0;
465 }
466out:
467 return rv;
468}
469
470static ssize_t wdm_read
471(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
472{
473 int rv, cntr;
474 int i = 0;
475 struct wdm_device *desc = file->private_data;
476
477
478 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
479 if (rv < 0)
480 return -ERESTARTSYS;
481
482 cntr = ACCESS_ONCE(desc->length);
483 if (cntr == 0) {
484 desc->read = 0;
485retry:
486 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
487 rv = -ENODEV;
488 goto err;
489 }
490 if (test_bit(WDM_OVERFLOW, &desc->flags)) {
491 clear_bit(WDM_OVERFLOW, &desc->flags);
492 rv = -ENOBUFS;
493 goto err;
494 }
495 i++;
496 if (file->f_flags & O_NONBLOCK) {
497 if (!test_bit(WDM_READ, &desc->flags)) {
498 rv = cntr ? cntr : -EAGAIN;
499 goto err;
500 }
501 rv = 0;
502 } else {
503 rv = wait_event_interruptible(desc->wait,
504 test_bit(WDM_READ, &desc->flags));
505 }
506
507 /* may have happened while we slept */
508 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
509 rv = -ENODEV;
510 goto err;
511 }
512 if (test_bit(WDM_RESETTING, &desc->flags)) {
513 rv = -EIO;
514 goto err;
515 }
516 usb_mark_last_busy(interface_to_usbdev(desc->intf));
517 if (rv < 0) {
518 rv = -ERESTARTSYS;
519 goto err;
520 }
521
522 spin_lock_irq(&desc->iuspin);
523
524 if (desc->rerr) { /* read completed, error happened */
525 rv = usb_translate_errors(desc->rerr);
526 desc->rerr = 0;
527 spin_unlock_irq(&desc->iuspin);
528 goto err;
529 }
530 /*
531 * recheck whether we've lost the race
532 * against the completion handler
533 */
534 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
535 spin_unlock_irq(&desc->iuspin);
536 goto retry;
537 }
538
539 if (!desc->reslength) { /* zero length read */
540 dev_dbg(&desc->intf->dev, "%s: zero length - clearing WDM_READ\n", __func__);
541 rv = clear_wdm_read_flag(desc);
542 spin_unlock_irq(&desc->iuspin);
543 if (rv < 0)
544 goto err;
545 goto retry;
546 }
547 cntr = desc->length;
548 spin_unlock_irq(&desc->iuspin);
549 }
550
551 if (cntr > count)
552 cntr = count;
553 rv = copy_to_user(buffer, desc->ubuf, cntr);
554 if (rv > 0) {
555 rv = -EFAULT;
556 goto err;
557 }
558
559 spin_lock_irq(&desc->iuspin);
560
561 for (i = 0; i < desc->length - cntr; i++)
562 desc->ubuf[i] = desc->ubuf[i + cntr];
563
564 desc->length -= cntr;
565 /* in case we had outstanding data */
566 if (!desc->length)
567 clear_wdm_read_flag(desc);
568 spin_unlock_irq(&desc->iuspin);
569 rv = cntr;
570
571err:
572 mutex_unlock(&desc->rlock);
573 return rv;
574}
575
576static int wdm_flush(struct file *file, fl_owner_t id)
577{
578 struct wdm_device *desc = file->private_data;
579
580 wait_event(desc->wait, !test_bit(WDM_IN_USE, &desc->flags));
581
582 /* cannot dereference desc->intf if WDM_DISCONNECTING */
583 if (desc->werr < 0 && !test_bit(WDM_DISCONNECTING, &desc->flags))
584 dev_err(&desc->intf->dev, "Error in flush path: %d\n",
585 desc->werr);
586
587 return usb_translate_errors(desc->werr);
588}
589
590static unsigned int wdm_poll(struct file *file, struct poll_table_struct *wait)
591{
592 struct wdm_device *desc = file->private_data;
593 unsigned long flags;
594 unsigned int mask = 0;
595
596 spin_lock_irqsave(&desc->iuspin, flags);
597 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
598 mask = POLLHUP | POLLERR;
599 spin_unlock_irqrestore(&desc->iuspin, flags);
600 goto desc_out;
601 }
602 if (test_bit(WDM_READ, &desc->flags))
603 mask = POLLIN | POLLRDNORM;
604 if (desc->rerr || desc->werr)
605 mask |= POLLERR;
606 if (!test_bit(WDM_IN_USE, &desc->flags))
607 mask |= POLLOUT | POLLWRNORM;
608 spin_unlock_irqrestore(&desc->iuspin, flags);
609
610 poll_wait(file, &desc->wait, wait);
611
612desc_out:
613 return mask;
614}
615
616static int wdm_open(struct inode *inode, struct file *file)
617{
618 int minor = iminor(inode);
619 int rv = -ENODEV;
620 struct usb_interface *intf;
621 struct wdm_device *desc;
622
623 mutex_lock(&wdm_mutex);
624 desc = wdm_find_device_by_minor(minor);
625 if (!desc)
626 goto out;
627
628 intf = desc->intf;
629 if (test_bit(WDM_DISCONNECTING, &desc->flags))
630 goto out;
631 file->private_data = desc;
632
633 rv = usb_autopm_get_interface(desc->intf);
634 if (rv < 0) {
635 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
636 goto out;
637 }
638
639 /* using write lock to protect desc->count */
640 mutex_lock(&desc->wlock);
641 if (!desc->count++) {
642 desc->werr = 0;
643 desc->rerr = 0;
644 rv = usb_submit_urb(desc->validity, GFP_KERNEL);
645 if (rv < 0) {
646 desc->count--;
647 dev_err(&desc->intf->dev,
648 "Error submitting int urb - %d\n", rv);
649 rv = usb_translate_errors(rv);
650 }
651 } else {
652 rv = 0;
653 }
654 mutex_unlock(&desc->wlock);
655 if (desc->count == 1)
656 desc->manage_power(intf, 1);
657 usb_autopm_put_interface(desc->intf);
658out:
659 mutex_unlock(&wdm_mutex);
660 return rv;
661}
662
663static int wdm_release(struct inode *inode, struct file *file)
664{
665 struct wdm_device *desc = file->private_data;
666
667 mutex_lock(&wdm_mutex);
668
669 /* using write lock to protect desc->count */
670 mutex_lock(&desc->wlock);
671 desc->count--;
672 mutex_unlock(&desc->wlock);
673
674 if (!desc->count) {
675 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
676 dev_dbg(&desc->intf->dev, "wdm_release: cleanup");
677 kill_urbs(desc);
678 spin_lock_irq(&desc->iuspin);
679 desc->resp_count = 0;
680 spin_unlock_irq(&desc->iuspin);
681 desc->manage_power(desc->intf, 0);
682 } else {
683 /* must avoid dev_printk here as desc->intf is invalid */
684 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
685 cleanup(desc);
686 }
687 }
688 mutex_unlock(&wdm_mutex);
689 return 0;
690}
691
692static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
693{
694 struct wdm_device *desc = file->private_data;
695 int rv = 0;
696
697 switch (cmd) {
698 case IOCTL_WDM_MAX_COMMAND:
699 if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
700 rv = -EFAULT;
701 break;
702 default:
703 rv = -ENOTTY;
704 }
705 return rv;
706}
707
708static const struct file_operations wdm_fops = {
709 .owner = THIS_MODULE,
710 .read = wdm_read,
711 .write = wdm_write,
712 .open = wdm_open,
713 .flush = wdm_flush,
714 .release = wdm_release,
715 .poll = wdm_poll,
716 .unlocked_ioctl = wdm_ioctl,
717 .compat_ioctl = wdm_ioctl,
718 .llseek = noop_llseek,
719};
720
721static struct usb_class_driver wdm_class = {
722 .name = "cdc-wdm%d",
723 .fops = &wdm_fops,
724 .minor_base = WDM_MINOR_BASE,
725};
726
727/* --- error handling --- */
728static void wdm_rxwork(struct work_struct *work)
729{
730 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
731 unsigned long flags;
732 int rv = 0;
733 int responding;
734
735 spin_lock_irqsave(&desc->iuspin, flags);
736 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
737 spin_unlock_irqrestore(&desc->iuspin, flags);
738 } else {
739 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
740 spin_unlock_irqrestore(&desc->iuspin, flags);
741 if (!responding)
742 rv = usb_submit_urb(desc->response, GFP_KERNEL);
743 if (rv < 0 && rv != -EPERM) {
744 spin_lock_irqsave(&desc->iuspin, flags);
745 clear_bit(WDM_RESPONDING, &desc->flags);
746 if (!test_bit(WDM_DISCONNECTING, &desc->flags))
747 schedule_work(&desc->rxwork);
748 spin_unlock_irqrestore(&desc->iuspin, flags);
749 }
750 }
751}
752
753/* --- hotplug --- */
754
755static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
756 u16 bufsize, int (*manage_power)(struct usb_interface *, int))
757{
758 int rv = -ENOMEM;
759 struct wdm_device *desc;
760
761 desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
762 if (!desc)
763 goto out;
764 INIT_LIST_HEAD(&desc->device_list);
765 mutex_init(&desc->rlock);
766 mutex_init(&desc->wlock);
767 spin_lock_init(&desc->iuspin);
768 init_waitqueue_head(&desc->wait);
769 desc->wMaxCommand = bufsize;
770 /* this will be expanded and needed in hardware endianness */
771 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
772 desc->intf = intf;
773 INIT_WORK(&desc->rxwork, wdm_rxwork);
774
775 rv = -EINVAL;
776 if (!usb_endpoint_is_int_in(ep))
777 goto err;
778
779 desc->wMaxPacketSize = usb_endpoint_maxp(ep);
780
781 desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
782 if (!desc->orq)
783 goto err;
784 desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
785 if (!desc->irq)
786 goto err;
787
788 desc->validity = usb_alloc_urb(0, GFP_KERNEL);
789 if (!desc->validity)
790 goto err;
791
792 desc->response = usb_alloc_urb(0, GFP_KERNEL);
793 if (!desc->response)
794 goto err;
795
796 desc->command = usb_alloc_urb(0, GFP_KERNEL);
797 if (!desc->command)
798 goto err;
799
800 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
801 if (!desc->ubuf)
802 goto err;
803
804 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
805 if (!desc->sbuf)
806 goto err;
807
808 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
809 if (!desc->inbuf)
810 goto err;
811
812 usb_fill_int_urb(
813 desc->validity,
814 interface_to_usbdev(intf),
815 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
816 desc->sbuf,
817 desc->wMaxPacketSize,
818 wdm_int_callback,
819 desc,
820 ep->bInterval
821 );
822
823 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
824 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
825 desc->irq->wValue = 0;
826 desc->irq->wIndex = desc->inum; /* already converted */
827 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
828
829 usb_fill_control_urb(
830 desc->response,
831 interface_to_usbdev(intf),
832 /* using common endpoint 0 */
833 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
834 (unsigned char *)desc->irq,
835 desc->inbuf,
836 desc->wMaxCommand,
837 wdm_in_callback,
838 desc
839 );
840
841 desc->manage_power = manage_power;
842
843 spin_lock(&wdm_device_list_lock);
844 list_add(&desc->device_list, &wdm_device_list);
845 spin_unlock(&wdm_device_list_lock);
846
847 rv = usb_register_dev(intf, &wdm_class);
848 if (rv < 0)
849 goto err;
850 else
851 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
852out:
853 return rv;
854err:
855 spin_lock(&wdm_device_list_lock);
856 list_del(&desc->device_list);
857 spin_unlock(&wdm_device_list_lock);
858 cleanup(desc);
859 return rv;
860}
861
862static int wdm_manage_power(struct usb_interface *intf, int on)
863{
864 /* need autopm_get/put here to ensure the usbcore sees the new value */
865 int rv = usb_autopm_get_interface(intf);
866
867 intf->needs_remote_wakeup = on;
868 if (!rv)
869 usb_autopm_put_interface(intf);
870 return 0;
871}
872
873static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
874{
875 int rv = -EINVAL;
876 struct usb_host_interface *iface;
877 struct usb_endpoint_descriptor *ep;
878 struct usb_cdc_dmm_desc *dmhd;
879 u8 *buffer = intf->altsetting->extra;
880 int buflen = intf->altsetting->extralen;
881 u16 maxcom = WDM_DEFAULT_BUFSIZE;
882
883 if (!buffer)
884 goto err;
885 while (buflen > 2) {
886 if (buffer[1] != USB_DT_CS_INTERFACE) {
887 dev_err(&intf->dev, "skipping garbage\n");
888 goto next_desc;
889 }
890
891 switch (buffer[2]) {
892 case USB_CDC_HEADER_TYPE:
893 break;
894 case USB_CDC_DMM_TYPE:
895 dmhd = (struct usb_cdc_dmm_desc *)buffer;
896 maxcom = le16_to_cpu(dmhd->wMaxCommand);
897 dev_dbg(&intf->dev,
898 "Finding maximum buffer length: %d", maxcom);
899 break;
900 default:
901 dev_err(&intf->dev,
902 "Ignoring extra header, type %d, length %d\n",
903 buffer[2], buffer[0]);
904 break;
905 }
906next_desc:
907 buflen -= buffer[0];
908 buffer += buffer[0];
909 }
910
911 iface = intf->cur_altsetting;
912 if (iface->desc.bNumEndpoints != 1)
913 goto err;
914 ep = &iface->endpoint[0].desc;
915
916 rv = wdm_create(intf, ep, maxcom, &wdm_manage_power);
917
918err:
919 return rv;
920}
921
922/**
923 * usb_cdc_wdm_register - register a WDM subdriver
924 * @intf: usb interface the subdriver will associate with
925 * @ep: interrupt endpoint to monitor for notifications
926 * @bufsize: maximum message size to support for read/write
927 *
928 * Create WDM usb class character device and associate it with intf
929 * without binding, allowing another driver to manage the interface.
930 *
931 * The subdriver will manage the given interrupt endpoint exclusively
932 * and will issue control requests referring to the given intf. It
933 * will otherwise avoid interferring, and in particular not do
934 * usb_set_intfdata/usb_get_intfdata on intf.
935 *
936 * The return value is a pointer to the subdriver's struct usb_driver.
937 * The registering driver is responsible for calling this subdriver's
938 * disconnect, suspend, resume, pre_reset and post_reset methods from
939 * its own.
940 */
941struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
942 struct usb_endpoint_descriptor *ep,
943 int bufsize,
944 int (*manage_power)(struct usb_interface *, int))
945{
946 int rv = -EINVAL;
947
948 rv = wdm_create(intf, ep, bufsize, manage_power);
949 if (rv < 0)
950 goto err;
951
952 return &wdm_driver;
953err:
954 return ERR_PTR(rv);
955}
956EXPORT_SYMBOL(usb_cdc_wdm_register);
957
958static void wdm_disconnect(struct usb_interface *intf)
959{
960 struct wdm_device *desc;
961 unsigned long flags;
962
963 usb_deregister_dev(intf, &wdm_class);
964 desc = wdm_find_device(intf);
965 mutex_lock(&wdm_mutex);
966
967 /* the spinlock makes sure no new urbs are generated in the callbacks */
968 spin_lock_irqsave(&desc->iuspin, flags);
969 set_bit(WDM_DISCONNECTING, &desc->flags);
970 set_bit(WDM_READ, &desc->flags);
971 /* to terminate pending flushes */
972 clear_bit(WDM_IN_USE, &desc->flags);
973 spin_unlock_irqrestore(&desc->iuspin, flags);
974 wake_up_all(&desc->wait);
975 mutex_lock(&desc->rlock);
976 mutex_lock(&desc->wlock);
977 kill_urbs(desc);
978 cancel_work_sync(&desc->rxwork);
979 mutex_unlock(&desc->wlock);
980 mutex_unlock(&desc->rlock);
981
982 /* the desc->intf pointer used as list key is now invalid */
983 spin_lock(&wdm_device_list_lock);
984 list_del(&desc->device_list);
985 spin_unlock(&wdm_device_list_lock);
986
987 if (!desc->count)
988 cleanup(desc);
989 else
990 dev_dbg(&intf->dev, "%s: %d open files - postponing cleanup\n", __func__, desc->count);
991 mutex_unlock(&wdm_mutex);
992}
993
994#ifdef CONFIG_PM
995static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
996{
997 struct wdm_device *desc = wdm_find_device(intf);
998 int rv = 0;
999
1000 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1001
1002 /* if this is an autosuspend the caller does the locking */
1003 if (!PMSG_IS_AUTO(message)) {
1004 mutex_lock(&desc->rlock);
1005 mutex_lock(&desc->wlock);
1006 }
1007 spin_lock_irq(&desc->iuspin);
1008
1009 if (PMSG_IS_AUTO(message) &&
1010 (test_bit(WDM_IN_USE, &desc->flags)
1011 || test_bit(WDM_RESPONDING, &desc->flags))) {
1012 spin_unlock_irq(&desc->iuspin);
1013 rv = -EBUSY;
1014 } else {
1015
1016 set_bit(WDM_SUSPENDING, &desc->flags);
1017 spin_unlock_irq(&desc->iuspin);
1018 /* callback submits work - order is essential */
1019 kill_urbs(desc);
1020 cancel_work_sync(&desc->rxwork);
1021 }
1022 if (!PMSG_IS_AUTO(message)) {
1023 mutex_unlock(&desc->wlock);
1024 mutex_unlock(&desc->rlock);
1025 }
1026
1027 return rv;
1028}
1029#endif
1030
1031static int recover_from_urb_loss(struct wdm_device *desc)
1032{
1033 int rv = 0;
1034
1035 if (desc->count) {
1036 rv = usb_submit_urb(desc->validity, GFP_NOIO);
1037 if (rv < 0)
1038 dev_err(&desc->intf->dev,
1039 "Error resume submitting int urb - %d\n", rv);
1040 }
1041 return rv;
1042}
1043
1044#ifdef CONFIG_PM
1045static int wdm_resume(struct usb_interface *intf)
1046{
1047 struct wdm_device *desc = wdm_find_device(intf);
1048 int rv;
1049
1050 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1051
1052 clear_bit(WDM_SUSPENDING, &desc->flags);
1053 rv = recover_from_urb_loss(desc);
1054
1055 return rv;
1056}
1057#endif
1058
1059static int wdm_pre_reset(struct usb_interface *intf)
1060{
1061 struct wdm_device *desc = wdm_find_device(intf);
1062
1063 /*
1064 * we notify everybody using poll of
1065 * an exceptional situation
1066 * must be done before recovery lest a spontaneous
1067 * message from the device is lost
1068 */
1069 spin_lock_irq(&desc->iuspin);
1070 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */
1071 set_bit(WDM_READ, &desc->flags); /* unblock read */
1072 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */
1073 desc->rerr = -EINTR;
1074 spin_unlock_irq(&desc->iuspin);
1075 wake_up_all(&desc->wait);
1076 mutex_lock(&desc->rlock);
1077 mutex_lock(&desc->wlock);
1078 kill_urbs(desc);
1079 cancel_work_sync(&desc->rxwork);
1080 return 0;
1081}
1082
1083static int wdm_post_reset(struct usb_interface *intf)
1084{
1085 struct wdm_device *desc = wdm_find_device(intf);
1086 int rv;
1087
1088 clear_bit(WDM_OVERFLOW, &desc->flags);
1089 clear_bit(WDM_RESETTING, &desc->flags);
1090 rv = recover_from_urb_loss(desc);
1091 mutex_unlock(&desc->wlock);
1092 mutex_unlock(&desc->rlock);
1093 return 0;
1094}
1095
1096static struct usb_driver wdm_driver = {
1097 .name = "cdc_wdm",
1098 .probe = wdm_probe,
1099 .disconnect = wdm_disconnect,
1100#ifdef CONFIG_PM
1101 .suspend = wdm_suspend,
1102 .resume = wdm_resume,
1103 .reset_resume = wdm_resume,
1104#endif
1105 .pre_reset = wdm_pre_reset,
1106 .post_reset = wdm_post_reset,
1107 .id_table = wdm_ids,
1108 .supports_autosuspend = 1,
1109 .disable_hub_initiated_lpm = 1,
1110};
1111
1112module_usb_driver(wdm_driver);
1113
1114MODULE_AUTHOR(DRIVER_AUTHOR);
1115MODULE_DESCRIPTION(DRIVER_DESC);
1116MODULE_LICENSE("GPL");
1/*
2 * cdc-wdm.c
3 *
4 * This driver supports USB CDC WCM Device Management.
5 *
6 * Copyright (c) 2007-2009 Oliver Neukum
7 *
8 * Some code taken from cdc-acm.c
9 *
10 * Released under the GPLv2.
11 *
12 * Many thanks to Carl Nordbeck
13 */
14#include <linux/kernel.h>
15#include <linux/errno.h>
16#include <linux/slab.h>
17#include <linux/module.h>
18#include <linux/mutex.h>
19#include <linux/uaccess.h>
20#include <linux/bitops.h>
21#include <linux/poll.h>
22#include <linux/usb.h>
23#include <linux/usb/cdc.h>
24#include <asm/byteorder.h>
25#include <asm/unaligned.h>
26#include <linux/usb/cdc-wdm.h>
27
28/*
29 * Version Information
30 */
31#define DRIVER_VERSION "v0.03"
32#define DRIVER_AUTHOR "Oliver Neukum"
33#define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
34
35#define HUAWEI_VENDOR_ID 0x12D1
36
37static const struct usb_device_id wdm_ids[] = {
38 {
39 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
40 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
41 .bInterfaceClass = USB_CLASS_COMM,
42 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
43 },
44 {
45 /*
46 * Huawei E392, E398 and possibly other Qualcomm based modems
47 * embed the Qualcomm QMI protocol inside CDC on CDC ECM like
48 * control interfaces. Userspace access to this is required
49 * to configure the accompanying data interface
50 */
51 .match_flags = USB_DEVICE_ID_MATCH_VENDOR |
52 USB_DEVICE_ID_MATCH_INT_INFO,
53 .idVendor = HUAWEI_VENDOR_ID,
54 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
55 .bInterfaceSubClass = 1,
56 .bInterfaceProtocol = 9, /* NOTE: CDC ECM control interface! */
57 },
58 {
59 /* Vodafone/Huawei K5005 (12d1:14c8) and similar modems */
60 .match_flags = USB_DEVICE_ID_MATCH_VENDOR |
61 USB_DEVICE_ID_MATCH_INT_INFO,
62 .idVendor = HUAWEI_VENDOR_ID,
63 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
64 .bInterfaceSubClass = 1,
65 .bInterfaceProtocol = 57, /* NOTE: CDC ECM control interface! */
66 },
67 { }
68};
69
70MODULE_DEVICE_TABLE (usb, wdm_ids);
71
72#define WDM_MINOR_BASE 176
73
74
75#define WDM_IN_USE 1
76#define WDM_DISCONNECTING 2
77#define WDM_RESULT 3
78#define WDM_READ 4
79#define WDM_INT_STALL 5
80#define WDM_POLL_RUNNING 6
81#define WDM_RESPONDING 7
82#define WDM_SUSPENDING 8
83#define WDM_RESETTING 9
84
85#define WDM_MAX 16
86
87/* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
88#define WDM_DEFAULT_BUFSIZE 256
89
90static DEFINE_MUTEX(wdm_mutex);
91static DEFINE_SPINLOCK(wdm_device_list_lock);
92static LIST_HEAD(wdm_device_list);
93
94/* --- method tables --- */
95
96struct wdm_device {
97 u8 *inbuf; /* buffer for response */
98 u8 *outbuf; /* buffer for command */
99 u8 *sbuf; /* buffer for status */
100 u8 *ubuf; /* buffer for copy to user space */
101
102 struct urb *command;
103 struct urb *response;
104 struct urb *validity;
105 struct usb_interface *intf;
106 struct usb_ctrlrequest *orq;
107 struct usb_ctrlrequest *irq;
108 spinlock_t iuspin;
109
110 unsigned long flags;
111 u16 bufsize;
112 u16 wMaxCommand;
113 u16 wMaxPacketSize;
114 __le16 inum;
115 int reslength;
116 int length;
117 int read;
118 int count;
119 dma_addr_t shandle;
120 dma_addr_t ihandle;
121 struct mutex wlock;
122 struct mutex rlock;
123 wait_queue_head_t wait;
124 struct work_struct rxwork;
125 int werr;
126 int rerr;
127
128 struct list_head device_list;
129 int (*manage_power)(struct usb_interface *, int);
130};
131
132static struct usb_driver wdm_driver;
133
134/* return intfdata if we own the interface, else look up intf in the list */
135static struct wdm_device *wdm_find_device(struct usb_interface *intf)
136{
137 struct wdm_device *desc;
138
139 spin_lock(&wdm_device_list_lock);
140 list_for_each_entry(desc, &wdm_device_list, device_list)
141 if (desc->intf == intf)
142 goto found;
143 desc = NULL;
144found:
145 spin_unlock(&wdm_device_list_lock);
146
147 return desc;
148}
149
150static struct wdm_device *wdm_find_device_by_minor(int minor)
151{
152 struct wdm_device *desc;
153
154 spin_lock(&wdm_device_list_lock);
155 list_for_each_entry(desc, &wdm_device_list, device_list)
156 if (desc->intf->minor == minor)
157 goto found;
158 desc = NULL;
159found:
160 spin_unlock(&wdm_device_list_lock);
161
162 return desc;
163}
164
165/* --- callbacks --- */
166static void wdm_out_callback(struct urb *urb)
167{
168 struct wdm_device *desc;
169 desc = urb->context;
170 spin_lock(&desc->iuspin);
171 desc->werr = urb->status;
172 spin_unlock(&desc->iuspin);
173 kfree(desc->outbuf);
174 desc->outbuf = NULL;
175 clear_bit(WDM_IN_USE, &desc->flags);
176 wake_up(&desc->wait);
177}
178
179static void wdm_in_callback(struct urb *urb)
180{
181 struct wdm_device *desc = urb->context;
182 int status = urb->status;
183
184 spin_lock(&desc->iuspin);
185 clear_bit(WDM_RESPONDING, &desc->flags);
186
187 if (status) {
188 switch (status) {
189 case -ENOENT:
190 dev_dbg(&desc->intf->dev,
191 "nonzero urb status received: -ENOENT");
192 goto skip_error;
193 case -ECONNRESET:
194 dev_dbg(&desc->intf->dev,
195 "nonzero urb status received: -ECONNRESET");
196 goto skip_error;
197 case -ESHUTDOWN:
198 dev_dbg(&desc->intf->dev,
199 "nonzero urb status received: -ESHUTDOWN");
200 goto skip_error;
201 case -EPIPE:
202 dev_err(&desc->intf->dev,
203 "nonzero urb status received: -EPIPE\n");
204 break;
205 default:
206 dev_err(&desc->intf->dev,
207 "Unexpected error %d\n", status);
208 break;
209 }
210 }
211
212 desc->rerr = status;
213 desc->reslength = urb->actual_length;
214 memmove(desc->ubuf + desc->length, desc->inbuf, desc->reslength);
215 desc->length += desc->reslength;
216skip_error:
217 wake_up(&desc->wait);
218
219 set_bit(WDM_READ, &desc->flags);
220 spin_unlock(&desc->iuspin);
221}
222
223static void wdm_int_callback(struct urb *urb)
224{
225 int rv = 0;
226 int status = urb->status;
227 struct wdm_device *desc;
228 struct usb_cdc_notification *dr;
229
230 desc = urb->context;
231 dr = (struct usb_cdc_notification *)desc->sbuf;
232
233 if (status) {
234 switch (status) {
235 case -ESHUTDOWN:
236 case -ENOENT:
237 case -ECONNRESET:
238 return; /* unplug */
239 case -EPIPE:
240 set_bit(WDM_INT_STALL, &desc->flags);
241 dev_err(&desc->intf->dev, "Stall on int endpoint\n");
242 goto sw; /* halt is cleared in work */
243 default:
244 dev_err(&desc->intf->dev,
245 "nonzero urb status received: %d\n", status);
246 break;
247 }
248 }
249
250 if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
251 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
252 urb->actual_length);
253 goto exit;
254 }
255
256 switch (dr->bNotificationType) {
257 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
258 dev_dbg(&desc->intf->dev,
259 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d",
260 dr->wIndex, dr->wLength);
261 break;
262
263 case USB_CDC_NOTIFY_NETWORK_CONNECTION:
264
265 dev_dbg(&desc->intf->dev,
266 "NOTIFY_NETWORK_CONNECTION %s network",
267 dr->wValue ? "connected to" : "disconnected from");
268 goto exit;
269 default:
270 clear_bit(WDM_POLL_RUNNING, &desc->flags);
271 dev_err(&desc->intf->dev,
272 "unknown notification %d received: index %d len %d\n",
273 dr->bNotificationType, dr->wIndex, dr->wLength);
274 goto exit;
275 }
276
277 spin_lock(&desc->iuspin);
278 clear_bit(WDM_READ, &desc->flags);
279 set_bit(WDM_RESPONDING, &desc->flags);
280 if (!test_bit(WDM_DISCONNECTING, &desc->flags)
281 && !test_bit(WDM_SUSPENDING, &desc->flags)) {
282 rv = usb_submit_urb(desc->response, GFP_ATOMIC);
283 dev_dbg(&desc->intf->dev, "%s: usb_submit_urb %d",
284 __func__, rv);
285 }
286 spin_unlock(&desc->iuspin);
287 if (rv < 0) {
288 clear_bit(WDM_RESPONDING, &desc->flags);
289 if (rv == -EPERM)
290 return;
291 if (rv == -ENOMEM) {
292sw:
293 rv = schedule_work(&desc->rxwork);
294 if (rv)
295 dev_err(&desc->intf->dev,
296 "Cannot schedule work\n");
297 }
298 }
299exit:
300 rv = usb_submit_urb(urb, GFP_ATOMIC);
301 if (rv)
302 dev_err(&desc->intf->dev,
303 "%s - usb_submit_urb failed with result %d\n",
304 __func__, rv);
305
306}
307
308static void kill_urbs(struct wdm_device *desc)
309{
310 /* the order here is essential */
311 usb_kill_urb(desc->command);
312 usb_kill_urb(desc->validity);
313 usb_kill_urb(desc->response);
314}
315
316static void free_urbs(struct wdm_device *desc)
317{
318 usb_free_urb(desc->validity);
319 usb_free_urb(desc->response);
320 usb_free_urb(desc->command);
321}
322
323static void cleanup(struct wdm_device *desc)
324{
325 kfree(desc->sbuf);
326 kfree(desc->inbuf);
327 kfree(desc->orq);
328 kfree(desc->irq);
329 kfree(desc->ubuf);
330 free_urbs(desc);
331 kfree(desc);
332}
333
334static ssize_t wdm_write
335(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
336{
337 u8 *buf;
338 int rv = -EMSGSIZE, r, we;
339 struct wdm_device *desc = file->private_data;
340 struct usb_ctrlrequest *req;
341
342 if (count > desc->wMaxCommand)
343 count = desc->wMaxCommand;
344
345 spin_lock_irq(&desc->iuspin);
346 we = desc->werr;
347 desc->werr = 0;
348 spin_unlock_irq(&desc->iuspin);
349 if (we < 0)
350 return -EIO;
351
352 buf = kmalloc(count, GFP_KERNEL);
353 if (!buf) {
354 rv = -ENOMEM;
355 goto outnl;
356 }
357
358 r = copy_from_user(buf, buffer, count);
359 if (r > 0) {
360 kfree(buf);
361 rv = -EFAULT;
362 goto outnl;
363 }
364
365 /* concurrent writes and disconnect */
366 r = mutex_lock_interruptible(&desc->wlock);
367 rv = -ERESTARTSYS;
368 if (r) {
369 kfree(buf);
370 goto outnl;
371 }
372
373 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
374 kfree(buf);
375 rv = -ENODEV;
376 goto outnp;
377 }
378
379 r = usb_autopm_get_interface(desc->intf);
380 if (r < 0) {
381 kfree(buf);
382 rv = usb_translate_errors(r);
383 goto outnp;
384 }
385
386 if (!(file->f_flags & O_NONBLOCK))
387 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
388 &desc->flags));
389 else
390 if (test_bit(WDM_IN_USE, &desc->flags))
391 r = -EAGAIN;
392
393 if (test_bit(WDM_RESETTING, &desc->flags))
394 r = -EIO;
395
396 if (r < 0) {
397 kfree(buf);
398 rv = r;
399 goto out;
400 }
401
402 req = desc->orq;
403 usb_fill_control_urb(
404 desc->command,
405 interface_to_usbdev(desc->intf),
406 /* using common endpoint 0 */
407 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
408 (unsigned char *)req,
409 buf,
410 count,
411 wdm_out_callback,
412 desc
413 );
414
415 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
416 USB_RECIP_INTERFACE);
417 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
418 req->wValue = 0;
419 req->wIndex = desc->inum;
420 req->wLength = cpu_to_le16(count);
421 set_bit(WDM_IN_USE, &desc->flags);
422 desc->outbuf = buf;
423
424 rv = usb_submit_urb(desc->command, GFP_KERNEL);
425 if (rv < 0) {
426 kfree(buf);
427 desc->outbuf = NULL;
428 clear_bit(WDM_IN_USE, &desc->flags);
429 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
430 rv = usb_translate_errors(rv);
431 } else {
432 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d",
433 req->wIndex);
434 }
435out:
436 usb_autopm_put_interface(desc->intf);
437outnp:
438 mutex_unlock(&desc->wlock);
439outnl:
440 return rv < 0 ? rv : count;
441}
442
443static ssize_t wdm_read
444(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
445{
446 int rv, cntr;
447 int i = 0;
448 struct wdm_device *desc = file->private_data;
449
450
451 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
452 if (rv < 0)
453 return -ERESTARTSYS;
454
455 cntr = ACCESS_ONCE(desc->length);
456 if (cntr == 0) {
457 desc->read = 0;
458retry:
459 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
460 rv = -ENODEV;
461 goto err;
462 }
463 i++;
464 if (file->f_flags & O_NONBLOCK) {
465 if (!test_bit(WDM_READ, &desc->flags)) {
466 rv = cntr ? cntr : -EAGAIN;
467 goto err;
468 }
469 rv = 0;
470 } else {
471 rv = wait_event_interruptible(desc->wait,
472 test_bit(WDM_READ, &desc->flags));
473 }
474
475 /* may have happened while we slept */
476 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
477 rv = -ENODEV;
478 goto err;
479 }
480 if (test_bit(WDM_RESETTING, &desc->flags)) {
481 rv = -EIO;
482 goto err;
483 }
484 usb_mark_last_busy(interface_to_usbdev(desc->intf));
485 if (rv < 0) {
486 rv = -ERESTARTSYS;
487 goto err;
488 }
489
490 spin_lock_irq(&desc->iuspin);
491
492 if (desc->rerr) { /* read completed, error happened */
493 desc->rerr = 0;
494 spin_unlock_irq(&desc->iuspin);
495 rv = -EIO;
496 goto err;
497 }
498 /*
499 * recheck whether we've lost the race
500 * against the completion handler
501 */
502 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
503 spin_unlock_irq(&desc->iuspin);
504 goto retry;
505 }
506 if (!desc->reslength) { /* zero length read */
507 dev_dbg(&desc->intf->dev, "%s: zero length - clearing WDM_READ\n", __func__);
508 clear_bit(WDM_READ, &desc->flags);
509 spin_unlock_irq(&desc->iuspin);
510 goto retry;
511 }
512 cntr = desc->length;
513 spin_unlock_irq(&desc->iuspin);
514 }
515
516 if (cntr > count)
517 cntr = count;
518 rv = copy_to_user(buffer, desc->ubuf, cntr);
519 if (rv > 0) {
520 rv = -EFAULT;
521 goto err;
522 }
523
524 spin_lock_irq(&desc->iuspin);
525
526 for (i = 0; i < desc->length - cntr; i++)
527 desc->ubuf[i] = desc->ubuf[i + cntr];
528
529 desc->length -= cntr;
530 /* in case we had outstanding data */
531 if (!desc->length)
532 clear_bit(WDM_READ, &desc->flags);
533
534 spin_unlock_irq(&desc->iuspin);
535
536 rv = cntr;
537
538err:
539 mutex_unlock(&desc->rlock);
540 return rv;
541}
542
543static int wdm_flush(struct file *file, fl_owner_t id)
544{
545 struct wdm_device *desc = file->private_data;
546
547 wait_event(desc->wait, !test_bit(WDM_IN_USE, &desc->flags));
548
549 /* cannot dereference desc->intf if WDM_DISCONNECTING */
550 if (desc->werr < 0 && !test_bit(WDM_DISCONNECTING, &desc->flags))
551 dev_err(&desc->intf->dev, "Error in flush path: %d\n",
552 desc->werr);
553
554 return usb_translate_errors(desc->werr);
555}
556
557static unsigned int wdm_poll(struct file *file, struct poll_table_struct *wait)
558{
559 struct wdm_device *desc = file->private_data;
560 unsigned long flags;
561 unsigned int mask = 0;
562
563 spin_lock_irqsave(&desc->iuspin, flags);
564 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
565 mask = POLLHUP | POLLERR;
566 spin_unlock_irqrestore(&desc->iuspin, flags);
567 goto desc_out;
568 }
569 if (test_bit(WDM_READ, &desc->flags))
570 mask = POLLIN | POLLRDNORM;
571 if (desc->rerr || desc->werr)
572 mask |= POLLERR;
573 if (!test_bit(WDM_IN_USE, &desc->flags))
574 mask |= POLLOUT | POLLWRNORM;
575 spin_unlock_irqrestore(&desc->iuspin, flags);
576
577 poll_wait(file, &desc->wait, wait);
578
579desc_out:
580 return mask;
581}
582
583static int wdm_open(struct inode *inode, struct file *file)
584{
585 int minor = iminor(inode);
586 int rv = -ENODEV;
587 struct usb_interface *intf;
588 struct wdm_device *desc;
589
590 mutex_lock(&wdm_mutex);
591 desc = wdm_find_device_by_minor(minor);
592 if (!desc)
593 goto out;
594
595 intf = desc->intf;
596 if (test_bit(WDM_DISCONNECTING, &desc->flags))
597 goto out;
598 file->private_data = desc;
599
600 rv = usb_autopm_get_interface(desc->intf);
601 if (rv < 0) {
602 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
603 goto out;
604 }
605
606 /* using write lock to protect desc->count */
607 mutex_lock(&desc->wlock);
608 if (!desc->count++) {
609 desc->werr = 0;
610 desc->rerr = 0;
611 rv = usb_submit_urb(desc->validity, GFP_KERNEL);
612 if (rv < 0) {
613 desc->count--;
614 dev_err(&desc->intf->dev,
615 "Error submitting int urb - %d\n", rv);
616 rv = usb_translate_errors(rv);
617 }
618 } else {
619 rv = 0;
620 }
621 mutex_unlock(&desc->wlock);
622 if (desc->count == 1)
623 desc->manage_power(intf, 1);
624 usb_autopm_put_interface(desc->intf);
625out:
626 mutex_unlock(&wdm_mutex);
627 return rv;
628}
629
630static int wdm_release(struct inode *inode, struct file *file)
631{
632 struct wdm_device *desc = file->private_data;
633
634 mutex_lock(&wdm_mutex);
635
636 /* using write lock to protect desc->count */
637 mutex_lock(&desc->wlock);
638 desc->count--;
639 mutex_unlock(&desc->wlock);
640
641 if (!desc->count) {
642 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
643 dev_dbg(&desc->intf->dev, "wdm_release: cleanup");
644 kill_urbs(desc);
645 desc->manage_power(desc->intf, 0);
646 } else {
647 /* must avoid dev_printk here as desc->intf is invalid */
648 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
649 cleanup(desc);
650 }
651 }
652 mutex_unlock(&wdm_mutex);
653 return 0;
654}
655
656static const struct file_operations wdm_fops = {
657 .owner = THIS_MODULE,
658 .read = wdm_read,
659 .write = wdm_write,
660 .open = wdm_open,
661 .flush = wdm_flush,
662 .release = wdm_release,
663 .poll = wdm_poll,
664 .llseek = noop_llseek,
665};
666
667static struct usb_class_driver wdm_class = {
668 .name = "cdc-wdm%d",
669 .fops = &wdm_fops,
670 .minor_base = WDM_MINOR_BASE,
671};
672
673/* --- error handling --- */
674static void wdm_rxwork(struct work_struct *work)
675{
676 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
677 unsigned long flags;
678 int rv;
679
680 spin_lock_irqsave(&desc->iuspin, flags);
681 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
682 spin_unlock_irqrestore(&desc->iuspin, flags);
683 } else {
684 spin_unlock_irqrestore(&desc->iuspin, flags);
685 rv = usb_submit_urb(desc->response, GFP_KERNEL);
686 if (rv < 0 && rv != -EPERM) {
687 spin_lock_irqsave(&desc->iuspin, flags);
688 if (!test_bit(WDM_DISCONNECTING, &desc->flags))
689 schedule_work(&desc->rxwork);
690 spin_unlock_irqrestore(&desc->iuspin, flags);
691 }
692 }
693}
694
695/* --- hotplug --- */
696
697static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
698 u16 bufsize, int (*manage_power)(struct usb_interface *, int))
699{
700 int rv = -ENOMEM;
701 struct wdm_device *desc;
702
703 desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
704 if (!desc)
705 goto out;
706 INIT_LIST_HEAD(&desc->device_list);
707 mutex_init(&desc->rlock);
708 mutex_init(&desc->wlock);
709 spin_lock_init(&desc->iuspin);
710 init_waitqueue_head(&desc->wait);
711 desc->wMaxCommand = bufsize;
712 /* this will be expanded and needed in hardware endianness */
713 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
714 desc->intf = intf;
715 INIT_WORK(&desc->rxwork, wdm_rxwork);
716
717 rv = -EINVAL;
718 if (!usb_endpoint_is_int_in(ep))
719 goto err;
720
721 desc->wMaxPacketSize = usb_endpoint_maxp(ep);
722
723 desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
724 if (!desc->orq)
725 goto err;
726 desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
727 if (!desc->irq)
728 goto err;
729
730 desc->validity = usb_alloc_urb(0, GFP_KERNEL);
731 if (!desc->validity)
732 goto err;
733
734 desc->response = usb_alloc_urb(0, GFP_KERNEL);
735 if (!desc->response)
736 goto err;
737
738 desc->command = usb_alloc_urb(0, GFP_KERNEL);
739 if (!desc->command)
740 goto err;
741
742 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
743 if (!desc->ubuf)
744 goto err;
745
746 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
747 if (!desc->sbuf)
748 goto err;
749
750 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
751 if (!desc->inbuf)
752 goto err;
753
754 usb_fill_int_urb(
755 desc->validity,
756 interface_to_usbdev(intf),
757 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
758 desc->sbuf,
759 desc->wMaxPacketSize,
760 wdm_int_callback,
761 desc,
762 ep->bInterval
763 );
764
765 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
766 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
767 desc->irq->wValue = 0;
768 desc->irq->wIndex = desc->inum;
769 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
770
771 usb_fill_control_urb(
772 desc->response,
773 interface_to_usbdev(intf),
774 /* using common endpoint 0 */
775 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
776 (unsigned char *)desc->irq,
777 desc->inbuf,
778 desc->wMaxCommand,
779 wdm_in_callback,
780 desc
781 );
782
783 desc->manage_power = manage_power;
784
785 spin_lock(&wdm_device_list_lock);
786 list_add(&desc->device_list, &wdm_device_list);
787 spin_unlock(&wdm_device_list_lock);
788
789 rv = usb_register_dev(intf, &wdm_class);
790 if (rv < 0)
791 goto err;
792 else
793 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
794out:
795 return rv;
796err:
797 spin_lock(&wdm_device_list_lock);
798 list_del(&desc->device_list);
799 spin_unlock(&wdm_device_list_lock);
800 cleanup(desc);
801 return rv;
802}
803
804static int wdm_manage_power(struct usb_interface *intf, int on)
805{
806 /* need autopm_get/put here to ensure the usbcore sees the new value */
807 int rv = usb_autopm_get_interface(intf);
808 if (rv < 0)
809 goto err;
810
811 intf->needs_remote_wakeup = on;
812 usb_autopm_put_interface(intf);
813err:
814 return rv;
815}
816
817static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
818{
819 int rv = -EINVAL;
820 struct usb_host_interface *iface;
821 struct usb_endpoint_descriptor *ep;
822 struct usb_cdc_dmm_desc *dmhd;
823 u8 *buffer = intf->altsetting->extra;
824 int buflen = intf->altsetting->extralen;
825 u16 maxcom = WDM_DEFAULT_BUFSIZE;
826
827 if (!buffer)
828 goto err;
829 while (buflen > 2) {
830 if (buffer[1] != USB_DT_CS_INTERFACE) {
831 dev_err(&intf->dev, "skipping garbage\n");
832 goto next_desc;
833 }
834
835 switch (buffer[2]) {
836 case USB_CDC_HEADER_TYPE:
837 break;
838 case USB_CDC_DMM_TYPE:
839 dmhd = (struct usb_cdc_dmm_desc *)buffer;
840 maxcom = le16_to_cpu(dmhd->wMaxCommand);
841 dev_dbg(&intf->dev,
842 "Finding maximum buffer length: %d", maxcom);
843 break;
844 default:
845 dev_err(&intf->dev,
846 "Ignoring extra header, type %d, length %d\n",
847 buffer[2], buffer[0]);
848 break;
849 }
850next_desc:
851 buflen -= buffer[0];
852 buffer += buffer[0];
853 }
854
855 iface = intf->cur_altsetting;
856 if (iface->desc.bNumEndpoints != 1)
857 goto err;
858 ep = &iface->endpoint[0].desc;
859
860 rv = wdm_create(intf, ep, maxcom, &wdm_manage_power);
861
862err:
863 return rv;
864}
865
866/**
867 * usb_cdc_wdm_register - register a WDM subdriver
868 * @intf: usb interface the subdriver will associate with
869 * @ep: interrupt endpoint to monitor for notifications
870 * @bufsize: maximum message size to support for read/write
871 *
872 * Create WDM usb class character device and associate it with intf
873 * without binding, allowing another driver to manage the interface.
874 *
875 * The subdriver will manage the given interrupt endpoint exclusively
876 * and will issue control requests referring to the given intf. It
877 * will otherwise avoid interferring, and in particular not do
878 * usb_set_intfdata/usb_get_intfdata on intf.
879 *
880 * The return value is a pointer to the subdriver's struct usb_driver.
881 * The registering driver is responsible for calling this subdriver's
882 * disconnect, suspend, resume, pre_reset and post_reset methods from
883 * its own.
884 */
885struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
886 struct usb_endpoint_descriptor *ep,
887 int bufsize,
888 int (*manage_power)(struct usb_interface *, int))
889{
890 int rv = -EINVAL;
891
892 rv = wdm_create(intf, ep, bufsize, manage_power);
893 if (rv < 0)
894 goto err;
895
896 return &wdm_driver;
897err:
898 return ERR_PTR(rv);
899}
900EXPORT_SYMBOL(usb_cdc_wdm_register);
901
902static void wdm_disconnect(struct usb_interface *intf)
903{
904 struct wdm_device *desc;
905 unsigned long flags;
906
907 usb_deregister_dev(intf, &wdm_class);
908 desc = wdm_find_device(intf);
909 mutex_lock(&wdm_mutex);
910
911 /* the spinlock makes sure no new urbs are generated in the callbacks */
912 spin_lock_irqsave(&desc->iuspin, flags);
913 set_bit(WDM_DISCONNECTING, &desc->flags);
914 set_bit(WDM_READ, &desc->flags);
915 /* to terminate pending flushes */
916 clear_bit(WDM_IN_USE, &desc->flags);
917 spin_unlock_irqrestore(&desc->iuspin, flags);
918 wake_up_all(&desc->wait);
919 mutex_lock(&desc->rlock);
920 mutex_lock(&desc->wlock);
921 kill_urbs(desc);
922 cancel_work_sync(&desc->rxwork);
923 mutex_unlock(&desc->wlock);
924 mutex_unlock(&desc->rlock);
925
926 /* the desc->intf pointer used as list key is now invalid */
927 spin_lock(&wdm_device_list_lock);
928 list_del(&desc->device_list);
929 spin_unlock(&wdm_device_list_lock);
930
931 if (!desc->count)
932 cleanup(desc);
933 else
934 dev_dbg(&intf->dev, "%s: %d open files - postponing cleanup\n", __func__, desc->count);
935 mutex_unlock(&wdm_mutex);
936}
937
938#ifdef CONFIG_PM
939static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
940{
941 struct wdm_device *desc = wdm_find_device(intf);
942 int rv = 0;
943
944 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
945
946 /* if this is an autosuspend the caller does the locking */
947 if (!PMSG_IS_AUTO(message)) {
948 mutex_lock(&desc->rlock);
949 mutex_lock(&desc->wlock);
950 }
951 spin_lock_irq(&desc->iuspin);
952
953 if (PMSG_IS_AUTO(message) &&
954 (test_bit(WDM_IN_USE, &desc->flags)
955 || test_bit(WDM_RESPONDING, &desc->flags))) {
956 spin_unlock_irq(&desc->iuspin);
957 rv = -EBUSY;
958 } else {
959
960 set_bit(WDM_SUSPENDING, &desc->flags);
961 spin_unlock_irq(&desc->iuspin);
962 /* callback submits work - order is essential */
963 kill_urbs(desc);
964 cancel_work_sync(&desc->rxwork);
965 }
966 if (!PMSG_IS_AUTO(message)) {
967 mutex_unlock(&desc->wlock);
968 mutex_unlock(&desc->rlock);
969 }
970
971 return rv;
972}
973#endif
974
975static int recover_from_urb_loss(struct wdm_device *desc)
976{
977 int rv = 0;
978
979 if (desc->count) {
980 rv = usb_submit_urb(desc->validity, GFP_NOIO);
981 if (rv < 0)
982 dev_err(&desc->intf->dev,
983 "Error resume submitting int urb - %d\n", rv);
984 }
985 return rv;
986}
987
988#ifdef CONFIG_PM
989static int wdm_resume(struct usb_interface *intf)
990{
991 struct wdm_device *desc = wdm_find_device(intf);
992 int rv;
993
994 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
995
996 clear_bit(WDM_SUSPENDING, &desc->flags);
997 rv = recover_from_urb_loss(desc);
998
999 return rv;
1000}
1001#endif
1002
1003static int wdm_pre_reset(struct usb_interface *intf)
1004{
1005 struct wdm_device *desc = wdm_find_device(intf);
1006
1007 /*
1008 * we notify everybody using poll of
1009 * an exceptional situation
1010 * must be done before recovery lest a spontaneous
1011 * message from the device is lost
1012 */
1013 spin_lock_irq(&desc->iuspin);
1014 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */
1015 set_bit(WDM_READ, &desc->flags); /* unblock read */
1016 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */
1017 desc->rerr = -EINTR;
1018 spin_unlock_irq(&desc->iuspin);
1019 wake_up_all(&desc->wait);
1020 mutex_lock(&desc->rlock);
1021 mutex_lock(&desc->wlock);
1022 kill_urbs(desc);
1023 cancel_work_sync(&desc->rxwork);
1024 return 0;
1025}
1026
1027static int wdm_post_reset(struct usb_interface *intf)
1028{
1029 struct wdm_device *desc = wdm_find_device(intf);
1030 int rv;
1031
1032 clear_bit(WDM_RESETTING, &desc->flags);
1033 rv = recover_from_urb_loss(desc);
1034 mutex_unlock(&desc->wlock);
1035 mutex_unlock(&desc->rlock);
1036 return 0;
1037}
1038
1039static struct usb_driver wdm_driver = {
1040 .name = "cdc_wdm",
1041 .probe = wdm_probe,
1042 .disconnect = wdm_disconnect,
1043#ifdef CONFIG_PM
1044 .suspend = wdm_suspend,
1045 .resume = wdm_resume,
1046 .reset_resume = wdm_resume,
1047#endif
1048 .pre_reset = wdm_pre_reset,
1049 .post_reset = wdm_post_reset,
1050 .id_table = wdm_ids,
1051 .supports_autosuspend = 1,
1052 .disable_hub_initiated_lpm = 1,
1053};
1054
1055module_usb_driver(wdm_driver);
1056
1057MODULE_AUTHOR(DRIVER_AUTHOR);
1058MODULE_DESCRIPTION(DRIVER_DESC);
1059MODULE_LICENSE("GPL");