Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * cdc-wdm.c
4 *
5 * This driver supports USB CDC WCM Device Management.
6 *
7 * Copyright (c) 2007-2009 Oliver Neukum
8 *
9 * Some code taken from cdc-acm.c
10 *
11 * Released under the GPLv2.
12 *
13 * Many thanks to Carl Nordbeck
14 */
15#include <linux/kernel.h>
16#include <linux/errno.h>
17#include <linux/ioctl.h>
18#include <linux/slab.h>
19#include <linux/module.h>
20#include <linux/mutex.h>
21#include <linux/uaccess.h>
22#include <linux/bitops.h>
23#include <linux/poll.h>
24#include <linux/skbuff.h>
25#include <linux/usb.h>
26#include <linux/usb/cdc.h>
27#include <linux/wwan.h>
28#include <asm/byteorder.h>
29#include <asm/unaligned.h>
30#include <linux/usb/cdc-wdm.h>
31
32#define DRIVER_AUTHOR "Oliver Neukum"
33#define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
34
35static const struct usb_device_id wdm_ids[] = {
36 {
37 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
38 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
39 .bInterfaceClass = USB_CLASS_COMM,
40 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
41 },
42 { }
43};
44
45MODULE_DEVICE_TABLE (usb, wdm_ids);
46
47#define WDM_MINOR_BASE 176
48
49
50#define WDM_IN_USE 1
51#define WDM_DISCONNECTING 2
52#define WDM_RESULT 3
53#define WDM_READ 4
54#define WDM_INT_STALL 5
55#define WDM_POLL_RUNNING 6
56#define WDM_RESPONDING 7
57#define WDM_SUSPENDING 8
58#define WDM_RESETTING 9
59#define WDM_OVERFLOW 10
60#define WDM_WWAN_IN_USE 11
61
62#define WDM_MAX 16
63
64/* we cannot wait forever at flush() */
65#define WDM_FLUSH_TIMEOUT (30 * HZ)
66
67/* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
68#define WDM_DEFAULT_BUFSIZE 256
69
70static DEFINE_MUTEX(wdm_mutex);
71static DEFINE_SPINLOCK(wdm_device_list_lock);
72static LIST_HEAD(wdm_device_list);
73
74/* --- method tables --- */
75
76struct wdm_device {
77 u8 *inbuf; /* buffer for response */
78 u8 *outbuf; /* buffer for command */
79 u8 *sbuf; /* buffer for status */
80 u8 *ubuf; /* buffer for copy to user space */
81
82 struct urb *command;
83 struct urb *response;
84 struct urb *validity;
85 struct usb_interface *intf;
86 struct usb_ctrlrequest *orq;
87 struct usb_ctrlrequest *irq;
88 spinlock_t iuspin;
89
90 unsigned long flags;
91 u16 bufsize;
92 u16 wMaxCommand;
93 u16 wMaxPacketSize;
94 __le16 inum;
95 int reslength;
96 int length;
97 int read;
98 int count;
99 dma_addr_t shandle;
100 dma_addr_t ihandle;
101 struct mutex wlock;
102 struct mutex rlock;
103 wait_queue_head_t wait;
104 struct work_struct rxwork;
105 struct work_struct service_outs_intr;
106 int werr;
107 int rerr;
108 int resp_count;
109
110 struct list_head device_list;
111 int (*manage_power)(struct usb_interface *, int);
112
113 enum wwan_port_type wwanp_type;
114 struct wwan_port *wwanp;
115};
116
117static struct usb_driver wdm_driver;
118
119/* return intfdata if we own the interface, else look up intf in the list */
120static struct wdm_device *wdm_find_device(struct usb_interface *intf)
121{
122 struct wdm_device *desc;
123
124 spin_lock(&wdm_device_list_lock);
125 list_for_each_entry(desc, &wdm_device_list, device_list)
126 if (desc->intf == intf)
127 goto found;
128 desc = NULL;
129found:
130 spin_unlock(&wdm_device_list_lock);
131
132 return desc;
133}
134
135static struct wdm_device *wdm_find_device_by_minor(int minor)
136{
137 struct wdm_device *desc;
138
139 spin_lock(&wdm_device_list_lock);
140 list_for_each_entry(desc, &wdm_device_list, device_list)
141 if (desc->intf->minor == minor)
142 goto found;
143 desc = NULL;
144found:
145 spin_unlock(&wdm_device_list_lock);
146
147 return desc;
148}
149
150/* --- callbacks --- */
151static void wdm_out_callback(struct urb *urb)
152{
153 struct wdm_device *desc;
154 unsigned long flags;
155
156 desc = urb->context;
157 spin_lock_irqsave(&desc->iuspin, flags);
158 desc->werr = urb->status;
159 spin_unlock_irqrestore(&desc->iuspin, flags);
160 kfree(desc->outbuf);
161 desc->outbuf = NULL;
162 clear_bit(WDM_IN_USE, &desc->flags);
163 wake_up_all(&desc->wait);
164}
165
166static void wdm_wwan_rx(struct wdm_device *desc, int length);
167
168static void wdm_in_callback(struct urb *urb)
169{
170 unsigned long flags;
171 struct wdm_device *desc = urb->context;
172 int status = urb->status;
173 int length = urb->actual_length;
174
175 spin_lock_irqsave(&desc->iuspin, flags);
176 clear_bit(WDM_RESPONDING, &desc->flags);
177
178 if (status) {
179 switch (status) {
180 case -ENOENT:
181 dev_dbg(&desc->intf->dev,
182 "nonzero urb status received: -ENOENT\n");
183 goto skip_error;
184 case -ECONNRESET:
185 dev_dbg(&desc->intf->dev,
186 "nonzero urb status received: -ECONNRESET\n");
187 goto skip_error;
188 case -ESHUTDOWN:
189 dev_dbg(&desc->intf->dev,
190 "nonzero urb status received: -ESHUTDOWN\n");
191 goto skip_error;
192 case -EPIPE:
193 dev_err(&desc->intf->dev,
194 "nonzero urb status received: -EPIPE\n");
195 break;
196 default:
197 dev_err(&desc->intf->dev,
198 "Unexpected error %d\n", status);
199 break;
200 }
201 }
202
203 if (test_bit(WDM_WWAN_IN_USE, &desc->flags)) {
204 wdm_wwan_rx(desc, length);
205 goto out;
206 }
207
208 /*
209 * only set a new error if there is no previous error.
210 * Errors are only cleared during read/open
211 * Avoid propagating -EPIPE (stall) to userspace since it is
212 * better handled as an empty read
213 */
214 if (desc->rerr == 0 && status != -EPIPE)
215 desc->rerr = status;
216
217 if (length + desc->length > desc->wMaxCommand) {
218 /* The buffer would overflow */
219 set_bit(WDM_OVERFLOW, &desc->flags);
220 } else {
221 /* we may already be in overflow */
222 if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
223 memmove(desc->ubuf + desc->length, desc->inbuf, length);
224 desc->length += length;
225 desc->reslength = length;
226 }
227 }
228skip_error:
229
230 if (desc->rerr) {
231 /*
232 * Since there was an error, userspace may decide to not read
233 * any data after poll'ing.
234 * We should respond to further attempts from the device to send
235 * data, so that we can get unstuck.
236 */
237 schedule_work(&desc->service_outs_intr);
238 } else {
239 set_bit(WDM_READ, &desc->flags);
240 wake_up(&desc->wait);
241 }
242out:
243 spin_unlock_irqrestore(&desc->iuspin, flags);
244}
245
246static void wdm_int_callback(struct urb *urb)
247{
248 unsigned long flags;
249 int rv = 0;
250 int responding;
251 int status = urb->status;
252 struct wdm_device *desc;
253 struct usb_cdc_notification *dr;
254
255 desc = urb->context;
256 dr = (struct usb_cdc_notification *)desc->sbuf;
257
258 if (status) {
259 switch (status) {
260 case -ESHUTDOWN:
261 case -ENOENT:
262 case -ECONNRESET:
263 return; /* unplug */
264 case -EPIPE:
265 set_bit(WDM_INT_STALL, &desc->flags);
266 dev_err(&desc->intf->dev, "Stall on int endpoint\n");
267 goto sw; /* halt is cleared in work */
268 default:
269 dev_err(&desc->intf->dev,
270 "nonzero urb status received: %d\n", status);
271 break;
272 }
273 }
274
275 if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
276 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
277 urb->actual_length);
278 goto exit;
279 }
280
281 switch (dr->bNotificationType) {
282 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
283 dev_dbg(&desc->intf->dev,
284 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n",
285 le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
286 break;
287
288 case USB_CDC_NOTIFY_NETWORK_CONNECTION:
289
290 dev_dbg(&desc->intf->dev,
291 "NOTIFY_NETWORK_CONNECTION %s network\n",
292 dr->wValue ? "connected to" : "disconnected from");
293 goto exit;
294 case USB_CDC_NOTIFY_SPEED_CHANGE:
295 dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n",
296 urb->actual_length);
297 goto exit;
298 default:
299 clear_bit(WDM_POLL_RUNNING, &desc->flags);
300 dev_err(&desc->intf->dev,
301 "unknown notification %d received: index %d len %d\n",
302 dr->bNotificationType,
303 le16_to_cpu(dr->wIndex),
304 le16_to_cpu(dr->wLength));
305 goto exit;
306 }
307
308 spin_lock_irqsave(&desc->iuspin, flags);
309 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
310 if (!desc->resp_count++ && !responding
311 && !test_bit(WDM_DISCONNECTING, &desc->flags)
312 && !test_bit(WDM_SUSPENDING, &desc->flags)) {
313 rv = usb_submit_urb(desc->response, GFP_ATOMIC);
314 dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv);
315 }
316 spin_unlock_irqrestore(&desc->iuspin, flags);
317 if (rv < 0) {
318 clear_bit(WDM_RESPONDING, &desc->flags);
319 if (rv == -EPERM)
320 return;
321 if (rv == -ENOMEM) {
322sw:
323 rv = schedule_work(&desc->rxwork);
324 if (rv)
325 dev_err(&desc->intf->dev,
326 "Cannot schedule work\n");
327 }
328 }
329exit:
330 rv = usb_submit_urb(urb, GFP_ATOMIC);
331 if (rv)
332 dev_err(&desc->intf->dev,
333 "%s - usb_submit_urb failed with result %d\n",
334 __func__, rv);
335
336}
337
338static void poison_urbs(struct wdm_device *desc)
339{
340 /* the order here is essential */
341 usb_poison_urb(desc->command);
342 usb_poison_urb(desc->validity);
343 usb_poison_urb(desc->response);
344}
345
346static void unpoison_urbs(struct wdm_device *desc)
347{
348 /*
349 * the order here is not essential
350 * it is symmetrical just to be nice
351 */
352 usb_unpoison_urb(desc->response);
353 usb_unpoison_urb(desc->validity);
354 usb_unpoison_urb(desc->command);
355}
356
357static void free_urbs(struct wdm_device *desc)
358{
359 usb_free_urb(desc->validity);
360 usb_free_urb(desc->response);
361 usb_free_urb(desc->command);
362}
363
364static void cleanup(struct wdm_device *desc)
365{
366 kfree(desc->sbuf);
367 kfree(desc->inbuf);
368 kfree(desc->orq);
369 kfree(desc->irq);
370 kfree(desc->ubuf);
371 free_urbs(desc);
372 kfree(desc);
373}
374
375static ssize_t wdm_write
376(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
377{
378 u8 *buf;
379 int rv = -EMSGSIZE, r, we;
380 struct wdm_device *desc = file->private_data;
381 struct usb_ctrlrequest *req;
382
383 if (count > desc->wMaxCommand)
384 count = desc->wMaxCommand;
385
386 spin_lock_irq(&desc->iuspin);
387 we = desc->werr;
388 desc->werr = 0;
389 spin_unlock_irq(&desc->iuspin);
390 if (we < 0)
391 return usb_translate_errors(we);
392
393 buf = memdup_user(buffer, count);
394 if (IS_ERR(buf))
395 return PTR_ERR(buf);
396
397 /* concurrent writes and disconnect */
398 r = mutex_lock_interruptible(&desc->wlock);
399 rv = -ERESTARTSYS;
400 if (r)
401 goto out_free_mem;
402
403 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
404 rv = -ENODEV;
405 goto out_free_mem_lock;
406 }
407
408 r = usb_autopm_get_interface(desc->intf);
409 if (r < 0) {
410 rv = usb_translate_errors(r);
411 goto out_free_mem_lock;
412 }
413
414 if (!(file->f_flags & O_NONBLOCK))
415 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
416 &desc->flags));
417 else
418 if (test_bit(WDM_IN_USE, &desc->flags))
419 r = -EAGAIN;
420
421 if (test_bit(WDM_RESETTING, &desc->flags))
422 r = -EIO;
423
424 if (test_bit(WDM_DISCONNECTING, &desc->flags))
425 r = -ENODEV;
426
427 if (r < 0) {
428 rv = r;
429 goto out_free_mem_pm;
430 }
431
432 req = desc->orq;
433 usb_fill_control_urb(
434 desc->command,
435 interface_to_usbdev(desc->intf),
436 /* using common endpoint 0 */
437 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
438 (unsigned char *)req,
439 buf,
440 count,
441 wdm_out_callback,
442 desc
443 );
444
445 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
446 USB_RECIP_INTERFACE);
447 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
448 req->wValue = 0;
449 req->wIndex = desc->inum; /* already converted */
450 req->wLength = cpu_to_le16(count);
451 set_bit(WDM_IN_USE, &desc->flags);
452 desc->outbuf = buf;
453
454 rv = usb_submit_urb(desc->command, GFP_KERNEL);
455 if (rv < 0) {
456 desc->outbuf = NULL;
457 clear_bit(WDM_IN_USE, &desc->flags);
458 wake_up_all(&desc->wait); /* for wdm_wait_for_response() */
459 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
460 rv = usb_translate_errors(rv);
461 goto out_free_mem_pm;
462 } else {
463 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n",
464 le16_to_cpu(req->wIndex));
465 }
466
467 usb_autopm_put_interface(desc->intf);
468 mutex_unlock(&desc->wlock);
469 return count;
470
471out_free_mem_pm:
472 usb_autopm_put_interface(desc->intf);
473out_free_mem_lock:
474 mutex_unlock(&desc->wlock);
475out_free_mem:
476 kfree(buf);
477 return rv;
478}
479
480/*
481 * Submit the read urb if resp_count is non-zero.
482 *
483 * Called with desc->iuspin locked
484 */
485static int service_outstanding_interrupt(struct wdm_device *desc)
486{
487 int rv = 0;
488
489 /* submit read urb only if the device is waiting for it */
490 if (!desc->resp_count || !--desc->resp_count)
491 goto out;
492
493 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
494 rv = -ENODEV;
495 goto out;
496 }
497 if (test_bit(WDM_RESETTING, &desc->flags)) {
498 rv = -EIO;
499 goto out;
500 }
501
502 set_bit(WDM_RESPONDING, &desc->flags);
503 spin_unlock_irq(&desc->iuspin);
504 rv = usb_submit_urb(desc->response, GFP_KERNEL);
505 spin_lock_irq(&desc->iuspin);
506 if (rv) {
507 if (!test_bit(WDM_DISCONNECTING, &desc->flags))
508 dev_err(&desc->intf->dev,
509 "usb_submit_urb failed with result %d\n", rv);
510
511 /* make sure the next notification trigger a submit */
512 clear_bit(WDM_RESPONDING, &desc->flags);
513 desc->resp_count = 0;
514 }
515out:
516 return rv;
517}
518
519static ssize_t wdm_read
520(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
521{
522 int rv, cntr;
523 int i = 0;
524 struct wdm_device *desc = file->private_data;
525
526
527 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
528 if (rv < 0)
529 return -ERESTARTSYS;
530
531 cntr = READ_ONCE(desc->length);
532 if (cntr == 0) {
533 desc->read = 0;
534retry:
535 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
536 rv = -ENODEV;
537 goto err;
538 }
539 if (test_bit(WDM_OVERFLOW, &desc->flags)) {
540 clear_bit(WDM_OVERFLOW, &desc->flags);
541 rv = -ENOBUFS;
542 goto err;
543 }
544 i++;
545 if (file->f_flags & O_NONBLOCK) {
546 if (!test_bit(WDM_READ, &desc->flags)) {
547 rv = -EAGAIN;
548 goto err;
549 }
550 rv = 0;
551 } else {
552 rv = wait_event_interruptible(desc->wait,
553 test_bit(WDM_READ, &desc->flags));
554 }
555
556 /* may have happened while we slept */
557 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
558 rv = -ENODEV;
559 goto err;
560 }
561 if (test_bit(WDM_RESETTING, &desc->flags)) {
562 rv = -EIO;
563 goto err;
564 }
565 usb_mark_last_busy(interface_to_usbdev(desc->intf));
566 if (rv < 0) {
567 rv = -ERESTARTSYS;
568 goto err;
569 }
570
571 spin_lock_irq(&desc->iuspin);
572
573 if (desc->rerr) { /* read completed, error happened */
574 rv = usb_translate_errors(desc->rerr);
575 desc->rerr = 0;
576 spin_unlock_irq(&desc->iuspin);
577 goto err;
578 }
579 /*
580 * recheck whether we've lost the race
581 * against the completion handler
582 */
583 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
584 spin_unlock_irq(&desc->iuspin);
585 goto retry;
586 }
587
588 if (!desc->reslength) { /* zero length read */
589 dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n");
590 clear_bit(WDM_READ, &desc->flags);
591 rv = service_outstanding_interrupt(desc);
592 spin_unlock_irq(&desc->iuspin);
593 if (rv < 0)
594 goto err;
595 goto retry;
596 }
597 cntr = desc->length;
598 spin_unlock_irq(&desc->iuspin);
599 }
600
601 if (cntr > count)
602 cntr = count;
603 rv = copy_to_user(buffer, desc->ubuf, cntr);
604 if (rv > 0) {
605 rv = -EFAULT;
606 goto err;
607 }
608
609 spin_lock_irq(&desc->iuspin);
610
611 for (i = 0; i < desc->length - cntr; i++)
612 desc->ubuf[i] = desc->ubuf[i + cntr];
613
614 desc->length -= cntr;
615 /* in case we had outstanding data */
616 if (!desc->length) {
617 clear_bit(WDM_READ, &desc->flags);
618 service_outstanding_interrupt(desc);
619 }
620 spin_unlock_irq(&desc->iuspin);
621 rv = cntr;
622
623err:
624 mutex_unlock(&desc->rlock);
625 return rv;
626}
627
628static int wdm_wait_for_response(struct file *file, long timeout)
629{
630 struct wdm_device *desc = file->private_data;
631 long rv; /* Use long here because (int) MAX_SCHEDULE_TIMEOUT < 0. */
632
633 /*
634 * Needs both flags. We cannot do with one because resetting it would
635 * cause a race with write() yet we need to signal a disconnect.
636 */
637 rv = wait_event_interruptible_timeout(desc->wait,
638 !test_bit(WDM_IN_USE, &desc->flags) ||
639 test_bit(WDM_DISCONNECTING, &desc->flags),
640 timeout);
641
642 /*
643 * To report the correct error. This is best effort.
644 * We are inevitably racing with the hardware.
645 */
646 if (test_bit(WDM_DISCONNECTING, &desc->flags))
647 return -ENODEV;
648 if (!rv)
649 return -EIO;
650 if (rv < 0)
651 return -EINTR;
652
653 spin_lock_irq(&desc->iuspin);
654 rv = desc->werr;
655 desc->werr = 0;
656 spin_unlock_irq(&desc->iuspin);
657
658 return usb_translate_errors(rv);
659
660}
661
662/*
663 * You need to send a signal when you react to malicious or defective hardware.
664 * Also, don't abort when fsync() returned -EINVAL, for older kernels which do
665 * not implement wdm_flush() will return -EINVAL.
666 */
667static int wdm_fsync(struct file *file, loff_t start, loff_t end, int datasync)
668{
669 return wdm_wait_for_response(file, MAX_SCHEDULE_TIMEOUT);
670}
671
672/*
673 * Same with wdm_fsync(), except it uses finite timeout in order to react to
674 * malicious or defective hardware which ceased communication after close() was
675 * implicitly called due to process termination.
676 */
677static int wdm_flush(struct file *file, fl_owner_t id)
678{
679 return wdm_wait_for_response(file, WDM_FLUSH_TIMEOUT);
680}
681
682static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait)
683{
684 struct wdm_device *desc = file->private_data;
685 unsigned long flags;
686 __poll_t mask = 0;
687
688 spin_lock_irqsave(&desc->iuspin, flags);
689 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
690 mask = EPOLLHUP | EPOLLERR;
691 spin_unlock_irqrestore(&desc->iuspin, flags);
692 goto desc_out;
693 }
694 if (test_bit(WDM_READ, &desc->flags))
695 mask = EPOLLIN | EPOLLRDNORM;
696 if (desc->rerr || desc->werr)
697 mask |= EPOLLERR;
698 if (!test_bit(WDM_IN_USE, &desc->flags))
699 mask |= EPOLLOUT | EPOLLWRNORM;
700 spin_unlock_irqrestore(&desc->iuspin, flags);
701
702 poll_wait(file, &desc->wait, wait);
703
704desc_out:
705 return mask;
706}
707
708static int wdm_open(struct inode *inode, struct file *file)
709{
710 int minor = iminor(inode);
711 int rv = -ENODEV;
712 struct usb_interface *intf;
713 struct wdm_device *desc;
714
715 mutex_lock(&wdm_mutex);
716 desc = wdm_find_device_by_minor(minor);
717 if (!desc)
718 goto out;
719
720 intf = desc->intf;
721 if (test_bit(WDM_DISCONNECTING, &desc->flags))
722 goto out;
723 file->private_data = desc;
724
725 if (test_bit(WDM_WWAN_IN_USE, &desc->flags)) {
726 rv = -EBUSY;
727 goto out;
728 }
729
730 rv = usb_autopm_get_interface(desc->intf);
731 if (rv < 0) {
732 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
733 goto out;
734 }
735
736 /* using write lock to protect desc->count */
737 mutex_lock(&desc->wlock);
738 if (!desc->count++) {
739 desc->werr = 0;
740 desc->rerr = 0;
741 rv = usb_submit_urb(desc->validity, GFP_KERNEL);
742 if (rv < 0) {
743 desc->count--;
744 dev_err(&desc->intf->dev,
745 "Error submitting int urb - %d\n", rv);
746 rv = usb_translate_errors(rv);
747 }
748 } else {
749 rv = 0;
750 }
751 mutex_unlock(&desc->wlock);
752 if (desc->count == 1)
753 desc->manage_power(intf, 1);
754 usb_autopm_put_interface(desc->intf);
755out:
756 mutex_unlock(&wdm_mutex);
757 return rv;
758}
759
760static int wdm_release(struct inode *inode, struct file *file)
761{
762 struct wdm_device *desc = file->private_data;
763
764 mutex_lock(&wdm_mutex);
765
766 /* using write lock to protect desc->count */
767 mutex_lock(&desc->wlock);
768 desc->count--;
769 mutex_unlock(&desc->wlock);
770
771 if (!desc->count) {
772 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
773 dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n");
774 poison_urbs(desc);
775 spin_lock_irq(&desc->iuspin);
776 desc->resp_count = 0;
777 clear_bit(WDM_RESPONDING, &desc->flags);
778 spin_unlock_irq(&desc->iuspin);
779 desc->manage_power(desc->intf, 0);
780 unpoison_urbs(desc);
781 } else {
782 /* must avoid dev_printk here as desc->intf is invalid */
783 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
784 cleanup(desc);
785 }
786 }
787 mutex_unlock(&wdm_mutex);
788 return 0;
789}
790
791static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
792{
793 struct wdm_device *desc = file->private_data;
794 int rv = 0;
795
796 switch (cmd) {
797 case IOCTL_WDM_MAX_COMMAND:
798 if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
799 rv = -EFAULT;
800 break;
801 default:
802 rv = -ENOTTY;
803 }
804 return rv;
805}
806
807static const struct file_operations wdm_fops = {
808 .owner = THIS_MODULE,
809 .read = wdm_read,
810 .write = wdm_write,
811 .fsync = wdm_fsync,
812 .open = wdm_open,
813 .flush = wdm_flush,
814 .release = wdm_release,
815 .poll = wdm_poll,
816 .unlocked_ioctl = wdm_ioctl,
817 .compat_ioctl = compat_ptr_ioctl,
818 .llseek = noop_llseek,
819};
820
821static struct usb_class_driver wdm_class = {
822 .name = "cdc-wdm%d",
823 .fops = &wdm_fops,
824 .minor_base = WDM_MINOR_BASE,
825};
826
827/* --- WWAN framework integration --- */
828#ifdef CONFIG_WWAN
829static int wdm_wwan_port_start(struct wwan_port *port)
830{
831 struct wdm_device *desc = wwan_port_get_drvdata(port);
832
833 /* The interface is both exposed via the WWAN framework and as a
834 * legacy usbmisc chardev. If chardev is already open, just fail
835 * to prevent concurrent usage. Otherwise, switch to WWAN mode.
836 */
837 mutex_lock(&wdm_mutex);
838 if (desc->count) {
839 mutex_unlock(&wdm_mutex);
840 return -EBUSY;
841 }
842 set_bit(WDM_WWAN_IN_USE, &desc->flags);
843 mutex_unlock(&wdm_mutex);
844
845 desc->manage_power(desc->intf, 1);
846
847 /* tx is allowed */
848 wwan_port_txon(port);
849
850 /* Start getting events */
851 return usb_submit_urb(desc->validity, GFP_KERNEL);
852}
853
854static void wdm_wwan_port_stop(struct wwan_port *port)
855{
856 struct wdm_device *desc = wwan_port_get_drvdata(port);
857
858 /* Stop all transfers and disable WWAN mode */
859 poison_urbs(desc);
860 desc->manage_power(desc->intf, 0);
861 clear_bit(WDM_READ, &desc->flags);
862 clear_bit(WDM_WWAN_IN_USE, &desc->flags);
863 unpoison_urbs(desc);
864}
865
866static void wdm_wwan_port_tx_complete(struct urb *urb)
867{
868 struct sk_buff *skb = urb->context;
869 struct wdm_device *desc = skb_shinfo(skb)->destructor_arg;
870
871 usb_autopm_put_interface(desc->intf);
872 wwan_port_txon(desc->wwanp);
873 kfree_skb(skb);
874}
875
876static int wdm_wwan_port_tx(struct wwan_port *port, struct sk_buff *skb)
877{
878 struct wdm_device *desc = wwan_port_get_drvdata(port);
879 struct usb_interface *intf = desc->intf;
880 struct usb_ctrlrequest *req = desc->orq;
881 int rv;
882
883 rv = usb_autopm_get_interface(intf);
884 if (rv)
885 return rv;
886
887 usb_fill_control_urb(
888 desc->command,
889 interface_to_usbdev(intf),
890 usb_sndctrlpipe(interface_to_usbdev(intf), 0),
891 (unsigned char *)req,
892 skb->data,
893 skb->len,
894 wdm_wwan_port_tx_complete,
895 skb
896 );
897
898 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
899 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
900 req->wValue = 0;
901 req->wIndex = desc->inum;
902 req->wLength = cpu_to_le16(skb->len);
903
904 skb_shinfo(skb)->destructor_arg = desc;
905
906 rv = usb_submit_urb(desc->command, GFP_KERNEL);
907 if (rv)
908 usb_autopm_put_interface(intf);
909 else /* One transfer at a time, stop TX until URB completion */
910 wwan_port_txoff(port);
911
912 return rv;
913}
914
915static const struct wwan_port_ops wdm_wwan_port_ops = {
916 .start = wdm_wwan_port_start,
917 .stop = wdm_wwan_port_stop,
918 .tx = wdm_wwan_port_tx,
919};
920
921static void wdm_wwan_init(struct wdm_device *desc)
922{
923 struct usb_interface *intf = desc->intf;
924 struct wwan_port *port;
925
926 /* Only register to WWAN core if protocol/type is known */
927 if (desc->wwanp_type == WWAN_PORT_UNKNOWN) {
928 dev_info(&intf->dev, "Unknown control protocol\n");
929 return;
930 }
931
932 port = wwan_create_port(&intf->dev, desc->wwanp_type, &wdm_wwan_port_ops,
933 NULL, desc);
934 if (IS_ERR(port)) {
935 dev_err(&intf->dev, "%s: Unable to create WWAN port\n",
936 dev_name(intf->usb_dev));
937 return;
938 }
939
940 desc->wwanp = port;
941}
942
943static void wdm_wwan_deinit(struct wdm_device *desc)
944{
945 if (!desc->wwanp)
946 return;
947
948 wwan_remove_port(desc->wwanp);
949 desc->wwanp = NULL;
950}
951
952static void wdm_wwan_rx(struct wdm_device *desc, int length)
953{
954 struct wwan_port *port = desc->wwanp;
955 struct sk_buff *skb;
956
957 /* Forward data to WWAN port */
958 skb = alloc_skb(length, GFP_ATOMIC);
959 if (!skb)
960 return;
961
962 skb_put_data(skb, desc->inbuf, length);
963 wwan_port_rx(port, skb);
964
965 /* inbuf has been copied, it is safe to check for outstanding data */
966 schedule_work(&desc->service_outs_intr);
967}
968#else /* CONFIG_WWAN */
969static void wdm_wwan_init(struct wdm_device *desc) {}
970static void wdm_wwan_deinit(struct wdm_device *desc) {}
971static void wdm_wwan_rx(struct wdm_device *desc, int length) {}
972#endif /* CONFIG_WWAN */
973
974/* --- error handling --- */
975static void wdm_rxwork(struct work_struct *work)
976{
977 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
978 unsigned long flags;
979 int rv = 0;
980 int responding;
981
982 spin_lock_irqsave(&desc->iuspin, flags);
983 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
984 spin_unlock_irqrestore(&desc->iuspin, flags);
985 } else {
986 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
987 spin_unlock_irqrestore(&desc->iuspin, flags);
988 if (!responding)
989 rv = usb_submit_urb(desc->response, GFP_KERNEL);
990 if (rv < 0 && rv != -EPERM) {
991 spin_lock_irqsave(&desc->iuspin, flags);
992 clear_bit(WDM_RESPONDING, &desc->flags);
993 if (!test_bit(WDM_DISCONNECTING, &desc->flags))
994 schedule_work(&desc->rxwork);
995 spin_unlock_irqrestore(&desc->iuspin, flags);
996 }
997 }
998}
999
1000static void service_interrupt_work(struct work_struct *work)
1001{
1002 struct wdm_device *desc;
1003
1004 desc = container_of(work, struct wdm_device, service_outs_intr);
1005
1006 spin_lock_irq(&desc->iuspin);
1007 service_outstanding_interrupt(desc);
1008 if (!desc->resp_count) {
1009 set_bit(WDM_READ, &desc->flags);
1010 wake_up(&desc->wait);
1011 }
1012 spin_unlock_irq(&desc->iuspin);
1013}
1014
1015/* --- hotplug --- */
1016
1017static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
1018 u16 bufsize, enum wwan_port_type type,
1019 int (*manage_power)(struct usb_interface *, int))
1020{
1021 int rv = -ENOMEM;
1022 struct wdm_device *desc;
1023
1024 desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
1025 if (!desc)
1026 goto out;
1027 INIT_LIST_HEAD(&desc->device_list);
1028 mutex_init(&desc->rlock);
1029 mutex_init(&desc->wlock);
1030 spin_lock_init(&desc->iuspin);
1031 init_waitqueue_head(&desc->wait);
1032 desc->wMaxCommand = bufsize;
1033 /* this will be expanded and needed in hardware endianness */
1034 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
1035 desc->intf = intf;
1036 desc->wwanp_type = type;
1037 INIT_WORK(&desc->rxwork, wdm_rxwork);
1038 INIT_WORK(&desc->service_outs_intr, service_interrupt_work);
1039
1040 if (!usb_endpoint_is_int_in(ep)) {
1041 rv = -EINVAL;
1042 goto err;
1043 }
1044
1045 desc->wMaxPacketSize = usb_endpoint_maxp(ep);
1046
1047 desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
1048 if (!desc->orq)
1049 goto err;
1050 desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
1051 if (!desc->irq)
1052 goto err;
1053
1054 desc->validity = usb_alloc_urb(0, GFP_KERNEL);
1055 if (!desc->validity)
1056 goto err;
1057
1058 desc->response = usb_alloc_urb(0, GFP_KERNEL);
1059 if (!desc->response)
1060 goto err;
1061
1062 desc->command = usb_alloc_urb(0, GFP_KERNEL);
1063 if (!desc->command)
1064 goto err;
1065
1066 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
1067 if (!desc->ubuf)
1068 goto err;
1069
1070 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
1071 if (!desc->sbuf)
1072 goto err;
1073
1074 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
1075 if (!desc->inbuf)
1076 goto err;
1077
1078 usb_fill_int_urb(
1079 desc->validity,
1080 interface_to_usbdev(intf),
1081 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
1082 desc->sbuf,
1083 desc->wMaxPacketSize,
1084 wdm_int_callback,
1085 desc,
1086 ep->bInterval
1087 );
1088
1089 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
1090 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
1091 desc->irq->wValue = 0;
1092 desc->irq->wIndex = desc->inum; /* already converted */
1093 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
1094
1095 usb_fill_control_urb(
1096 desc->response,
1097 interface_to_usbdev(intf),
1098 /* using common endpoint 0 */
1099 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
1100 (unsigned char *)desc->irq,
1101 desc->inbuf,
1102 desc->wMaxCommand,
1103 wdm_in_callback,
1104 desc
1105 );
1106
1107 desc->manage_power = manage_power;
1108
1109 spin_lock(&wdm_device_list_lock);
1110 list_add(&desc->device_list, &wdm_device_list);
1111 spin_unlock(&wdm_device_list_lock);
1112
1113 rv = usb_register_dev(intf, &wdm_class);
1114 if (rv < 0)
1115 goto err;
1116 else
1117 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
1118
1119 wdm_wwan_init(desc);
1120
1121out:
1122 return rv;
1123err:
1124 spin_lock(&wdm_device_list_lock);
1125 list_del(&desc->device_list);
1126 spin_unlock(&wdm_device_list_lock);
1127 cleanup(desc);
1128 return rv;
1129}
1130
1131static int wdm_manage_power(struct usb_interface *intf, int on)
1132{
1133 /* need autopm_get/put here to ensure the usbcore sees the new value */
1134 int rv = usb_autopm_get_interface(intf);
1135
1136 intf->needs_remote_wakeup = on;
1137 if (!rv)
1138 usb_autopm_put_interface(intf);
1139 return 0;
1140}
1141
1142static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
1143{
1144 int rv = -EINVAL;
1145 struct usb_host_interface *iface;
1146 struct usb_endpoint_descriptor *ep;
1147 struct usb_cdc_parsed_header hdr;
1148 u8 *buffer = intf->altsetting->extra;
1149 int buflen = intf->altsetting->extralen;
1150 u16 maxcom = WDM_DEFAULT_BUFSIZE;
1151
1152 if (!buffer)
1153 goto err;
1154
1155 cdc_parse_cdc_header(&hdr, intf, buffer, buflen);
1156
1157 if (hdr.usb_cdc_dmm_desc)
1158 maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand);
1159
1160 iface = intf->cur_altsetting;
1161 if (iface->desc.bNumEndpoints != 1)
1162 goto err;
1163 ep = &iface->endpoint[0].desc;
1164
1165 rv = wdm_create(intf, ep, maxcom, WWAN_PORT_UNKNOWN, &wdm_manage_power);
1166
1167err:
1168 return rv;
1169}
1170
1171/**
1172 * usb_cdc_wdm_register - register a WDM subdriver
1173 * @intf: usb interface the subdriver will associate with
1174 * @ep: interrupt endpoint to monitor for notifications
1175 * @bufsize: maximum message size to support for read/write
1176 * @type: Type/protocol of the transported data (MBIM, QMI...)
1177 * @manage_power: call-back invoked during open and release to
1178 * manage the device's power
1179 * Create WDM usb class character device and associate it with intf
1180 * without binding, allowing another driver to manage the interface.
1181 *
1182 * The subdriver will manage the given interrupt endpoint exclusively
1183 * and will issue control requests referring to the given intf. It
1184 * will otherwise avoid interferring, and in particular not do
1185 * usb_set_intfdata/usb_get_intfdata on intf.
1186 *
1187 * The return value is a pointer to the subdriver's struct usb_driver.
1188 * The registering driver is responsible for calling this subdriver's
1189 * disconnect, suspend, resume, pre_reset and post_reset methods from
1190 * its own.
1191 */
1192struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
1193 struct usb_endpoint_descriptor *ep,
1194 int bufsize, enum wwan_port_type type,
1195 int (*manage_power)(struct usb_interface *, int))
1196{
1197 int rv;
1198
1199 rv = wdm_create(intf, ep, bufsize, type, manage_power);
1200 if (rv < 0)
1201 goto err;
1202
1203 return &wdm_driver;
1204err:
1205 return ERR_PTR(rv);
1206}
1207EXPORT_SYMBOL(usb_cdc_wdm_register);
1208
1209static void wdm_disconnect(struct usb_interface *intf)
1210{
1211 struct wdm_device *desc;
1212 unsigned long flags;
1213
1214 usb_deregister_dev(intf, &wdm_class);
1215 desc = wdm_find_device(intf);
1216 mutex_lock(&wdm_mutex);
1217
1218 wdm_wwan_deinit(desc);
1219
1220 /* the spinlock makes sure no new urbs are generated in the callbacks */
1221 spin_lock_irqsave(&desc->iuspin, flags);
1222 set_bit(WDM_DISCONNECTING, &desc->flags);
1223 set_bit(WDM_READ, &desc->flags);
1224 spin_unlock_irqrestore(&desc->iuspin, flags);
1225 wake_up_all(&desc->wait);
1226 mutex_lock(&desc->rlock);
1227 mutex_lock(&desc->wlock);
1228 poison_urbs(desc);
1229 cancel_work_sync(&desc->rxwork);
1230 cancel_work_sync(&desc->service_outs_intr);
1231 mutex_unlock(&desc->wlock);
1232 mutex_unlock(&desc->rlock);
1233
1234 /* the desc->intf pointer used as list key is now invalid */
1235 spin_lock(&wdm_device_list_lock);
1236 list_del(&desc->device_list);
1237 spin_unlock(&wdm_device_list_lock);
1238
1239 if (!desc->count)
1240 cleanup(desc);
1241 else
1242 dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count);
1243 mutex_unlock(&wdm_mutex);
1244}
1245
1246#ifdef CONFIG_PM
1247static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
1248{
1249 struct wdm_device *desc = wdm_find_device(intf);
1250 int rv = 0;
1251
1252 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1253
1254 /* if this is an autosuspend the caller does the locking */
1255 if (!PMSG_IS_AUTO(message)) {
1256 mutex_lock(&desc->rlock);
1257 mutex_lock(&desc->wlock);
1258 }
1259 spin_lock_irq(&desc->iuspin);
1260
1261 if (PMSG_IS_AUTO(message) &&
1262 (test_bit(WDM_IN_USE, &desc->flags)
1263 || test_bit(WDM_RESPONDING, &desc->flags))) {
1264 spin_unlock_irq(&desc->iuspin);
1265 rv = -EBUSY;
1266 } else {
1267
1268 set_bit(WDM_SUSPENDING, &desc->flags);
1269 spin_unlock_irq(&desc->iuspin);
1270 /* callback submits work - order is essential */
1271 poison_urbs(desc);
1272 cancel_work_sync(&desc->rxwork);
1273 cancel_work_sync(&desc->service_outs_intr);
1274 unpoison_urbs(desc);
1275 }
1276 if (!PMSG_IS_AUTO(message)) {
1277 mutex_unlock(&desc->wlock);
1278 mutex_unlock(&desc->rlock);
1279 }
1280
1281 return rv;
1282}
1283#endif
1284
1285static int recover_from_urb_loss(struct wdm_device *desc)
1286{
1287 int rv = 0;
1288
1289 if (desc->count) {
1290 rv = usb_submit_urb(desc->validity, GFP_NOIO);
1291 if (rv < 0)
1292 dev_err(&desc->intf->dev,
1293 "Error resume submitting int urb - %d\n", rv);
1294 }
1295 return rv;
1296}
1297
1298#ifdef CONFIG_PM
1299static int wdm_resume(struct usb_interface *intf)
1300{
1301 struct wdm_device *desc = wdm_find_device(intf);
1302 int rv;
1303
1304 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1305
1306 clear_bit(WDM_SUSPENDING, &desc->flags);
1307 rv = recover_from_urb_loss(desc);
1308
1309 return rv;
1310}
1311#endif
1312
1313static int wdm_pre_reset(struct usb_interface *intf)
1314{
1315 struct wdm_device *desc = wdm_find_device(intf);
1316
1317 /*
1318 * we notify everybody using poll of
1319 * an exceptional situation
1320 * must be done before recovery lest a spontaneous
1321 * message from the device is lost
1322 */
1323 spin_lock_irq(&desc->iuspin);
1324 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */
1325 set_bit(WDM_READ, &desc->flags); /* unblock read */
1326 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */
1327 desc->rerr = -EINTR;
1328 spin_unlock_irq(&desc->iuspin);
1329 wake_up_all(&desc->wait);
1330 mutex_lock(&desc->rlock);
1331 mutex_lock(&desc->wlock);
1332 poison_urbs(desc);
1333 cancel_work_sync(&desc->rxwork);
1334 cancel_work_sync(&desc->service_outs_intr);
1335 return 0;
1336}
1337
1338static int wdm_post_reset(struct usb_interface *intf)
1339{
1340 struct wdm_device *desc = wdm_find_device(intf);
1341 int rv;
1342
1343 unpoison_urbs(desc);
1344 clear_bit(WDM_OVERFLOW, &desc->flags);
1345 clear_bit(WDM_RESETTING, &desc->flags);
1346 rv = recover_from_urb_loss(desc);
1347 mutex_unlock(&desc->wlock);
1348 mutex_unlock(&desc->rlock);
1349 return rv;
1350}
1351
1352static struct usb_driver wdm_driver = {
1353 .name = "cdc_wdm",
1354 .probe = wdm_probe,
1355 .disconnect = wdm_disconnect,
1356#ifdef CONFIG_PM
1357 .suspend = wdm_suspend,
1358 .resume = wdm_resume,
1359 .reset_resume = wdm_resume,
1360#endif
1361 .pre_reset = wdm_pre_reset,
1362 .post_reset = wdm_post_reset,
1363 .id_table = wdm_ids,
1364 .supports_autosuspend = 1,
1365 .disable_hub_initiated_lpm = 1,
1366};
1367
1368module_usb_driver(wdm_driver);
1369
1370MODULE_AUTHOR(DRIVER_AUTHOR);
1371MODULE_DESCRIPTION(DRIVER_DESC);
1372MODULE_LICENSE("GPL");
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * cdc-wdm.c
4 *
5 * This driver supports USB CDC WCM Device Management.
6 *
7 * Copyright (c) 2007-2009 Oliver Neukum
8 *
9 * Some code taken from cdc-acm.c
10 *
11 * Released under the GPLv2.
12 *
13 * Many thanks to Carl Nordbeck
14 */
15#include <linux/kernel.h>
16#include <linux/errno.h>
17#include <linux/ioctl.h>
18#include <linux/slab.h>
19#include <linux/module.h>
20#include <linux/mutex.h>
21#include <linux/uaccess.h>
22#include <linux/bitops.h>
23#include <linux/poll.h>
24#include <linux/usb.h>
25#include <linux/usb/cdc.h>
26#include <asm/byteorder.h>
27#include <asm/unaligned.h>
28#include <linux/usb/cdc-wdm.h>
29
30#define DRIVER_AUTHOR "Oliver Neukum"
31#define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
32
33static const struct usb_device_id wdm_ids[] = {
34 {
35 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
36 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
37 .bInterfaceClass = USB_CLASS_COMM,
38 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
39 },
40 { }
41};
42
43MODULE_DEVICE_TABLE (usb, wdm_ids);
44
45#define WDM_MINOR_BASE 176
46
47
48#define WDM_IN_USE 1
49#define WDM_DISCONNECTING 2
50#define WDM_RESULT 3
51#define WDM_READ 4
52#define WDM_INT_STALL 5
53#define WDM_POLL_RUNNING 6
54#define WDM_RESPONDING 7
55#define WDM_SUSPENDING 8
56#define WDM_RESETTING 9
57#define WDM_OVERFLOW 10
58
59#define WDM_MAX 16
60
61/* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
62#define WDM_DEFAULT_BUFSIZE 256
63
64static DEFINE_MUTEX(wdm_mutex);
65static DEFINE_SPINLOCK(wdm_device_list_lock);
66static LIST_HEAD(wdm_device_list);
67
68/* --- method tables --- */
69
70struct wdm_device {
71 u8 *inbuf; /* buffer for response */
72 u8 *outbuf; /* buffer for command */
73 u8 *sbuf; /* buffer for status */
74 u8 *ubuf; /* buffer for copy to user space */
75
76 struct urb *command;
77 struct urb *response;
78 struct urb *validity;
79 struct usb_interface *intf;
80 struct usb_ctrlrequest *orq;
81 struct usb_ctrlrequest *irq;
82 spinlock_t iuspin;
83
84 unsigned long flags;
85 u16 bufsize;
86 u16 wMaxCommand;
87 u16 wMaxPacketSize;
88 __le16 inum;
89 int reslength;
90 int length;
91 int read;
92 int count;
93 dma_addr_t shandle;
94 dma_addr_t ihandle;
95 struct mutex wlock;
96 struct mutex rlock;
97 wait_queue_head_t wait;
98 struct work_struct rxwork;
99 int werr;
100 int rerr;
101 int resp_count;
102
103 struct list_head device_list;
104 int (*manage_power)(struct usb_interface *, int);
105};
106
107static struct usb_driver wdm_driver;
108
109/* return intfdata if we own the interface, else look up intf in the list */
110static struct wdm_device *wdm_find_device(struct usb_interface *intf)
111{
112 struct wdm_device *desc;
113
114 spin_lock(&wdm_device_list_lock);
115 list_for_each_entry(desc, &wdm_device_list, device_list)
116 if (desc->intf == intf)
117 goto found;
118 desc = NULL;
119found:
120 spin_unlock(&wdm_device_list_lock);
121
122 return desc;
123}
124
125static struct wdm_device *wdm_find_device_by_minor(int minor)
126{
127 struct wdm_device *desc;
128
129 spin_lock(&wdm_device_list_lock);
130 list_for_each_entry(desc, &wdm_device_list, device_list)
131 if (desc->intf->minor == minor)
132 goto found;
133 desc = NULL;
134found:
135 spin_unlock(&wdm_device_list_lock);
136
137 return desc;
138}
139
140/* --- callbacks --- */
141static void wdm_out_callback(struct urb *urb)
142{
143 struct wdm_device *desc;
144 desc = urb->context;
145 spin_lock(&desc->iuspin);
146 desc->werr = urb->status;
147 spin_unlock(&desc->iuspin);
148 kfree(desc->outbuf);
149 desc->outbuf = NULL;
150 clear_bit(WDM_IN_USE, &desc->flags);
151 wake_up(&desc->wait);
152}
153
154/* forward declaration */
155static int service_outstanding_interrupt(struct wdm_device *desc);
156
157static void wdm_in_callback(struct urb *urb)
158{
159 struct wdm_device *desc = urb->context;
160 int status = urb->status;
161 int length = urb->actual_length;
162
163 spin_lock(&desc->iuspin);
164 clear_bit(WDM_RESPONDING, &desc->flags);
165
166 if (status) {
167 switch (status) {
168 case -ENOENT:
169 dev_dbg(&desc->intf->dev,
170 "nonzero urb status received: -ENOENT\n");
171 goto skip_error;
172 case -ECONNRESET:
173 dev_dbg(&desc->intf->dev,
174 "nonzero urb status received: -ECONNRESET\n");
175 goto skip_error;
176 case -ESHUTDOWN:
177 dev_dbg(&desc->intf->dev,
178 "nonzero urb status received: -ESHUTDOWN\n");
179 goto skip_error;
180 case -EPIPE:
181 dev_err(&desc->intf->dev,
182 "nonzero urb status received: -EPIPE\n");
183 break;
184 default:
185 dev_err(&desc->intf->dev,
186 "Unexpected error %d\n", status);
187 break;
188 }
189 }
190
191 /*
192 * only set a new error if there is no previous error.
193 * Errors are only cleared during read/open
194 * Avoid propagating -EPIPE (stall) to userspace since it is
195 * better handled as an empty read
196 */
197 if (desc->rerr == 0 && status != -EPIPE)
198 desc->rerr = status;
199
200 if (length + desc->length > desc->wMaxCommand) {
201 /* The buffer would overflow */
202 set_bit(WDM_OVERFLOW, &desc->flags);
203 } else {
204 /* we may already be in overflow */
205 if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
206 memmove(desc->ubuf + desc->length, desc->inbuf, length);
207 desc->length += length;
208 desc->reslength = length;
209 }
210 }
211skip_error:
212 set_bit(WDM_READ, &desc->flags);
213 wake_up(&desc->wait);
214
215 if (desc->rerr) {
216 /*
217 * Since there was an error, userspace may decide to not read
218 * any data after poll'ing.
219 * We should respond to further attempts from the device to send
220 * data, so that we can get unstuck.
221 */
222 service_outstanding_interrupt(desc);
223 }
224
225 spin_unlock(&desc->iuspin);
226}
227
228static void wdm_int_callback(struct urb *urb)
229{
230 int rv = 0;
231 int responding;
232 int status = urb->status;
233 struct wdm_device *desc;
234 struct usb_cdc_notification *dr;
235
236 desc = urb->context;
237 dr = (struct usb_cdc_notification *)desc->sbuf;
238
239 if (status) {
240 switch (status) {
241 case -ESHUTDOWN:
242 case -ENOENT:
243 case -ECONNRESET:
244 return; /* unplug */
245 case -EPIPE:
246 set_bit(WDM_INT_STALL, &desc->flags);
247 dev_err(&desc->intf->dev, "Stall on int endpoint\n");
248 goto sw; /* halt is cleared in work */
249 default:
250 dev_err(&desc->intf->dev,
251 "nonzero urb status received: %d\n", status);
252 break;
253 }
254 }
255
256 if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
257 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
258 urb->actual_length);
259 goto exit;
260 }
261
262 switch (dr->bNotificationType) {
263 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
264 dev_dbg(&desc->intf->dev,
265 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n",
266 le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
267 break;
268
269 case USB_CDC_NOTIFY_NETWORK_CONNECTION:
270
271 dev_dbg(&desc->intf->dev,
272 "NOTIFY_NETWORK_CONNECTION %s network\n",
273 dr->wValue ? "connected to" : "disconnected from");
274 goto exit;
275 case USB_CDC_NOTIFY_SPEED_CHANGE:
276 dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n",
277 urb->actual_length);
278 goto exit;
279 default:
280 clear_bit(WDM_POLL_RUNNING, &desc->flags);
281 dev_err(&desc->intf->dev,
282 "unknown notification %d received: index %d len %d\n",
283 dr->bNotificationType,
284 le16_to_cpu(dr->wIndex),
285 le16_to_cpu(dr->wLength));
286 goto exit;
287 }
288
289 spin_lock(&desc->iuspin);
290 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
291 if (!desc->resp_count++ && !responding
292 && !test_bit(WDM_DISCONNECTING, &desc->flags)
293 && !test_bit(WDM_SUSPENDING, &desc->flags)) {
294 rv = usb_submit_urb(desc->response, GFP_ATOMIC);
295 dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv);
296 }
297 spin_unlock(&desc->iuspin);
298 if (rv < 0) {
299 clear_bit(WDM_RESPONDING, &desc->flags);
300 if (rv == -EPERM)
301 return;
302 if (rv == -ENOMEM) {
303sw:
304 rv = schedule_work(&desc->rxwork);
305 if (rv)
306 dev_err(&desc->intf->dev,
307 "Cannot schedule work\n");
308 }
309 }
310exit:
311 rv = usb_submit_urb(urb, GFP_ATOMIC);
312 if (rv)
313 dev_err(&desc->intf->dev,
314 "%s - usb_submit_urb failed with result %d\n",
315 __func__, rv);
316
317}
318
319static void kill_urbs(struct wdm_device *desc)
320{
321 /* the order here is essential */
322 usb_kill_urb(desc->command);
323 usb_kill_urb(desc->validity);
324 usb_kill_urb(desc->response);
325}
326
327static void free_urbs(struct wdm_device *desc)
328{
329 usb_free_urb(desc->validity);
330 usb_free_urb(desc->response);
331 usb_free_urb(desc->command);
332}
333
334static void cleanup(struct wdm_device *desc)
335{
336 kfree(desc->sbuf);
337 kfree(desc->inbuf);
338 kfree(desc->orq);
339 kfree(desc->irq);
340 kfree(desc->ubuf);
341 free_urbs(desc);
342 kfree(desc);
343}
344
345static ssize_t wdm_write
346(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
347{
348 u8 *buf;
349 int rv = -EMSGSIZE, r, we;
350 struct wdm_device *desc = file->private_data;
351 struct usb_ctrlrequest *req;
352
353 if (count > desc->wMaxCommand)
354 count = desc->wMaxCommand;
355
356 spin_lock_irq(&desc->iuspin);
357 we = desc->werr;
358 desc->werr = 0;
359 spin_unlock_irq(&desc->iuspin);
360 if (we < 0)
361 return usb_translate_errors(we);
362
363 buf = memdup_user(buffer, count);
364 if (IS_ERR(buf))
365 return PTR_ERR(buf);
366
367 /* concurrent writes and disconnect */
368 r = mutex_lock_interruptible(&desc->wlock);
369 rv = -ERESTARTSYS;
370 if (r)
371 goto out_free_mem;
372
373 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
374 rv = -ENODEV;
375 goto out_free_mem_lock;
376 }
377
378 r = usb_autopm_get_interface(desc->intf);
379 if (r < 0) {
380 rv = usb_translate_errors(r);
381 goto out_free_mem_lock;
382 }
383
384 if (!(file->f_flags & O_NONBLOCK))
385 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
386 &desc->flags));
387 else
388 if (test_bit(WDM_IN_USE, &desc->flags))
389 r = -EAGAIN;
390
391 if (test_bit(WDM_RESETTING, &desc->flags))
392 r = -EIO;
393
394 if (r < 0) {
395 rv = r;
396 goto out_free_mem_pm;
397 }
398
399 req = desc->orq;
400 usb_fill_control_urb(
401 desc->command,
402 interface_to_usbdev(desc->intf),
403 /* using common endpoint 0 */
404 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
405 (unsigned char *)req,
406 buf,
407 count,
408 wdm_out_callback,
409 desc
410 );
411
412 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
413 USB_RECIP_INTERFACE);
414 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
415 req->wValue = 0;
416 req->wIndex = desc->inum; /* already converted */
417 req->wLength = cpu_to_le16(count);
418 set_bit(WDM_IN_USE, &desc->flags);
419 desc->outbuf = buf;
420
421 rv = usb_submit_urb(desc->command, GFP_KERNEL);
422 if (rv < 0) {
423 desc->outbuf = NULL;
424 clear_bit(WDM_IN_USE, &desc->flags);
425 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
426 rv = usb_translate_errors(rv);
427 goto out_free_mem_pm;
428 } else {
429 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n",
430 le16_to_cpu(req->wIndex));
431 }
432
433 usb_autopm_put_interface(desc->intf);
434 mutex_unlock(&desc->wlock);
435 return count;
436
437out_free_mem_pm:
438 usb_autopm_put_interface(desc->intf);
439out_free_mem_lock:
440 mutex_unlock(&desc->wlock);
441out_free_mem:
442 kfree(buf);
443 return rv;
444}
445
446/*
447 * Submit the read urb if resp_count is non-zero.
448 *
449 * Called with desc->iuspin locked
450 */
451static int service_outstanding_interrupt(struct wdm_device *desc)
452{
453 int rv = 0;
454
455 /* submit read urb only if the device is waiting for it */
456 if (!desc->resp_count || !--desc->resp_count)
457 goto out;
458
459 set_bit(WDM_RESPONDING, &desc->flags);
460 spin_unlock_irq(&desc->iuspin);
461 rv = usb_submit_urb(desc->response, GFP_KERNEL);
462 spin_lock_irq(&desc->iuspin);
463 if (rv) {
464 dev_err(&desc->intf->dev,
465 "usb_submit_urb failed with result %d\n", rv);
466
467 /* make sure the next notification trigger a submit */
468 clear_bit(WDM_RESPONDING, &desc->flags);
469 desc->resp_count = 0;
470 }
471out:
472 return rv;
473}
474
475static ssize_t wdm_read
476(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
477{
478 int rv, cntr;
479 int i = 0;
480 struct wdm_device *desc = file->private_data;
481
482
483 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
484 if (rv < 0)
485 return -ERESTARTSYS;
486
487 cntr = READ_ONCE(desc->length);
488 if (cntr == 0) {
489 desc->read = 0;
490retry:
491 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
492 rv = -ENODEV;
493 goto err;
494 }
495 if (test_bit(WDM_OVERFLOW, &desc->flags)) {
496 clear_bit(WDM_OVERFLOW, &desc->flags);
497 rv = -ENOBUFS;
498 goto err;
499 }
500 i++;
501 if (file->f_flags & O_NONBLOCK) {
502 if (!test_bit(WDM_READ, &desc->flags)) {
503 rv = -EAGAIN;
504 goto err;
505 }
506 rv = 0;
507 } else {
508 rv = wait_event_interruptible(desc->wait,
509 test_bit(WDM_READ, &desc->flags));
510 }
511
512 /* may have happened while we slept */
513 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
514 rv = -ENODEV;
515 goto err;
516 }
517 if (test_bit(WDM_RESETTING, &desc->flags)) {
518 rv = -EIO;
519 goto err;
520 }
521 usb_mark_last_busy(interface_to_usbdev(desc->intf));
522 if (rv < 0) {
523 rv = -ERESTARTSYS;
524 goto err;
525 }
526
527 spin_lock_irq(&desc->iuspin);
528
529 if (desc->rerr) { /* read completed, error happened */
530 rv = usb_translate_errors(desc->rerr);
531 desc->rerr = 0;
532 spin_unlock_irq(&desc->iuspin);
533 goto err;
534 }
535 /*
536 * recheck whether we've lost the race
537 * against the completion handler
538 */
539 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
540 spin_unlock_irq(&desc->iuspin);
541 goto retry;
542 }
543
544 if (!desc->reslength) { /* zero length read */
545 dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n");
546 clear_bit(WDM_READ, &desc->flags);
547 rv = service_outstanding_interrupt(desc);
548 spin_unlock_irq(&desc->iuspin);
549 if (rv < 0)
550 goto err;
551 goto retry;
552 }
553 cntr = desc->length;
554 spin_unlock_irq(&desc->iuspin);
555 }
556
557 if (cntr > count)
558 cntr = count;
559 rv = copy_to_user(buffer, desc->ubuf, cntr);
560 if (rv > 0) {
561 rv = -EFAULT;
562 goto err;
563 }
564
565 spin_lock_irq(&desc->iuspin);
566
567 for (i = 0; i < desc->length - cntr; i++)
568 desc->ubuf[i] = desc->ubuf[i + cntr];
569
570 desc->length -= cntr;
571 /* in case we had outstanding data */
572 if (!desc->length) {
573 clear_bit(WDM_READ, &desc->flags);
574 service_outstanding_interrupt(desc);
575 }
576 spin_unlock_irq(&desc->iuspin);
577 rv = cntr;
578
579err:
580 mutex_unlock(&desc->rlock);
581 return rv;
582}
583
584static int wdm_flush(struct file *file, fl_owner_t id)
585{
586 struct wdm_device *desc = file->private_data;
587
588 wait_event(desc->wait, !test_bit(WDM_IN_USE, &desc->flags));
589
590 /* cannot dereference desc->intf if WDM_DISCONNECTING */
591 if (desc->werr < 0 && !test_bit(WDM_DISCONNECTING, &desc->flags))
592 dev_err(&desc->intf->dev, "Error in flush path: %d\n",
593 desc->werr);
594
595 return usb_translate_errors(desc->werr);
596}
597
598static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait)
599{
600 struct wdm_device *desc = file->private_data;
601 unsigned long flags;
602 __poll_t mask = 0;
603
604 spin_lock_irqsave(&desc->iuspin, flags);
605 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
606 mask = EPOLLHUP | EPOLLERR;
607 spin_unlock_irqrestore(&desc->iuspin, flags);
608 goto desc_out;
609 }
610 if (test_bit(WDM_READ, &desc->flags))
611 mask = EPOLLIN | EPOLLRDNORM;
612 if (desc->rerr || desc->werr)
613 mask |= EPOLLERR;
614 if (!test_bit(WDM_IN_USE, &desc->flags))
615 mask |= EPOLLOUT | EPOLLWRNORM;
616 spin_unlock_irqrestore(&desc->iuspin, flags);
617
618 poll_wait(file, &desc->wait, wait);
619
620desc_out:
621 return mask;
622}
623
624static int wdm_open(struct inode *inode, struct file *file)
625{
626 int minor = iminor(inode);
627 int rv = -ENODEV;
628 struct usb_interface *intf;
629 struct wdm_device *desc;
630
631 mutex_lock(&wdm_mutex);
632 desc = wdm_find_device_by_minor(minor);
633 if (!desc)
634 goto out;
635
636 intf = desc->intf;
637 if (test_bit(WDM_DISCONNECTING, &desc->flags))
638 goto out;
639 file->private_data = desc;
640
641 rv = usb_autopm_get_interface(desc->intf);
642 if (rv < 0) {
643 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
644 goto out;
645 }
646
647 /* using write lock to protect desc->count */
648 mutex_lock(&desc->wlock);
649 if (!desc->count++) {
650 desc->werr = 0;
651 desc->rerr = 0;
652 rv = usb_submit_urb(desc->validity, GFP_KERNEL);
653 if (rv < 0) {
654 desc->count--;
655 dev_err(&desc->intf->dev,
656 "Error submitting int urb - %d\n", rv);
657 rv = usb_translate_errors(rv);
658 }
659 } else {
660 rv = 0;
661 }
662 mutex_unlock(&desc->wlock);
663 if (desc->count == 1)
664 desc->manage_power(intf, 1);
665 usb_autopm_put_interface(desc->intf);
666out:
667 mutex_unlock(&wdm_mutex);
668 return rv;
669}
670
671static int wdm_release(struct inode *inode, struct file *file)
672{
673 struct wdm_device *desc = file->private_data;
674
675 mutex_lock(&wdm_mutex);
676
677 /* using write lock to protect desc->count */
678 mutex_lock(&desc->wlock);
679 desc->count--;
680 mutex_unlock(&desc->wlock);
681
682 if (!desc->count) {
683 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
684 dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n");
685 kill_urbs(desc);
686 spin_lock_irq(&desc->iuspin);
687 desc->resp_count = 0;
688 spin_unlock_irq(&desc->iuspin);
689 desc->manage_power(desc->intf, 0);
690 } else {
691 /* must avoid dev_printk here as desc->intf is invalid */
692 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
693 cleanup(desc);
694 }
695 }
696 mutex_unlock(&wdm_mutex);
697 return 0;
698}
699
700static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
701{
702 struct wdm_device *desc = file->private_data;
703 int rv = 0;
704
705 switch (cmd) {
706 case IOCTL_WDM_MAX_COMMAND:
707 if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
708 rv = -EFAULT;
709 break;
710 default:
711 rv = -ENOTTY;
712 }
713 return rv;
714}
715
716static const struct file_operations wdm_fops = {
717 .owner = THIS_MODULE,
718 .read = wdm_read,
719 .write = wdm_write,
720 .open = wdm_open,
721 .flush = wdm_flush,
722 .release = wdm_release,
723 .poll = wdm_poll,
724 .unlocked_ioctl = wdm_ioctl,
725 .compat_ioctl = wdm_ioctl,
726 .llseek = noop_llseek,
727};
728
729static struct usb_class_driver wdm_class = {
730 .name = "cdc-wdm%d",
731 .fops = &wdm_fops,
732 .minor_base = WDM_MINOR_BASE,
733};
734
735/* --- error handling --- */
736static void wdm_rxwork(struct work_struct *work)
737{
738 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
739 unsigned long flags;
740 int rv = 0;
741 int responding;
742
743 spin_lock_irqsave(&desc->iuspin, flags);
744 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
745 spin_unlock_irqrestore(&desc->iuspin, flags);
746 } else {
747 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
748 spin_unlock_irqrestore(&desc->iuspin, flags);
749 if (!responding)
750 rv = usb_submit_urb(desc->response, GFP_KERNEL);
751 if (rv < 0 && rv != -EPERM) {
752 spin_lock_irqsave(&desc->iuspin, flags);
753 clear_bit(WDM_RESPONDING, &desc->flags);
754 if (!test_bit(WDM_DISCONNECTING, &desc->flags))
755 schedule_work(&desc->rxwork);
756 spin_unlock_irqrestore(&desc->iuspin, flags);
757 }
758 }
759}
760
761/* --- hotplug --- */
762
763static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
764 u16 bufsize, int (*manage_power)(struct usb_interface *, int))
765{
766 int rv = -ENOMEM;
767 struct wdm_device *desc;
768
769 desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
770 if (!desc)
771 goto out;
772 INIT_LIST_HEAD(&desc->device_list);
773 mutex_init(&desc->rlock);
774 mutex_init(&desc->wlock);
775 spin_lock_init(&desc->iuspin);
776 init_waitqueue_head(&desc->wait);
777 desc->wMaxCommand = bufsize;
778 /* this will be expanded and needed in hardware endianness */
779 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
780 desc->intf = intf;
781 INIT_WORK(&desc->rxwork, wdm_rxwork);
782
783 rv = -EINVAL;
784 if (!usb_endpoint_is_int_in(ep))
785 goto err;
786
787 desc->wMaxPacketSize = usb_endpoint_maxp(ep);
788
789 desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
790 if (!desc->orq)
791 goto err;
792 desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
793 if (!desc->irq)
794 goto err;
795
796 desc->validity = usb_alloc_urb(0, GFP_KERNEL);
797 if (!desc->validity)
798 goto err;
799
800 desc->response = usb_alloc_urb(0, GFP_KERNEL);
801 if (!desc->response)
802 goto err;
803
804 desc->command = usb_alloc_urb(0, GFP_KERNEL);
805 if (!desc->command)
806 goto err;
807
808 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
809 if (!desc->ubuf)
810 goto err;
811
812 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
813 if (!desc->sbuf)
814 goto err;
815
816 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
817 if (!desc->inbuf)
818 goto err;
819
820 usb_fill_int_urb(
821 desc->validity,
822 interface_to_usbdev(intf),
823 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
824 desc->sbuf,
825 desc->wMaxPacketSize,
826 wdm_int_callback,
827 desc,
828 ep->bInterval
829 );
830
831 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
832 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
833 desc->irq->wValue = 0;
834 desc->irq->wIndex = desc->inum; /* already converted */
835 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
836
837 usb_fill_control_urb(
838 desc->response,
839 interface_to_usbdev(intf),
840 /* using common endpoint 0 */
841 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
842 (unsigned char *)desc->irq,
843 desc->inbuf,
844 desc->wMaxCommand,
845 wdm_in_callback,
846 desc
847 );
848
849 desc->manage_power = manage_power;
850
851 spin_lock(&wdm_device_list_lock);
852 list_add(&desc->device_list, &wdm_device_list);
853 spin_unlock(&wdm_device_list_lock);
854
855 rv = usb_register_dev(intf, &wdm_class);
856 if (rv < 0)
857 goto err;
858 else
859 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
860out:
861 return rv;
862err:
863 spin_lock(&wdm_device_list_lock);
864 list_del(&desc->device_list);
865 spin_unlock(&wdm_device_list_lock);
866 cleanup(desc);
867 return rv;
868}
869
870static int wdm_manage_power(struct usb_interface *intf, int on)
871{
872 /* need autopm_get/put here to ensure the usbcore sees the new value */
873 int rv = usb_autopm_get_interface(intf);
874
875 intf->needs_remote_wakeup = on;
876 if (!rv)
877 usb_autopm_put_interface(intf);
878 return 0;
879}
880
881static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
882{
883 int rv = -EINVAL;
884 struct usb_host_interface *iface;
885 struct usb_endpoint_descriptor *ep;
886 struct usb_cdc_parsed_header hdr;
887 u8 *buffer = intf->altsetting->extra;
888 int buflen = intf->altsetting->extralen;
889 u16 maxcom = WDM_DEFAULT_BUFSIZE;
890
891 if (!buffer)
892 goto err;
893
894 cdc_parse_cdc_header(&hdr, intf, buffer, buflen);
895
896 if (hdr.usb_cdc_dmm_desc)
897 maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand);
898
899 iface = intf->cur_altsetting;
900 if (iface->desc.bNumEndpoints != 1)
901 goto err;
902 ep = &iface->endpoint[0].desc;
903
904 rv = wdm_create(intf, ep, maxcom, &wdm_manage_power);
905
906err:
907 return rv;
908}
909
910/**
911 * usb_cdc_wdm_register - register a WDM subdriver
912 * @intf: usb interface the subdriver will associate with
913 * @ep: interrupt endpoint to monitor for notifications
914 * @bufsize: maximum message size to support for read/write
915 *
916 * Create WDM usb class character device and associate it with intf
917 * without binding, allowing another driver to manage the interface.
918 *
919 * The subdriver will manage the given interrupt endpoint exclusively
920 * and will issue control requests referring to the given intf. It
921 * will otherwise avoid interferring, and in particular not do
922 * usb_set_intfdata/usb_get_intfdata on intf.
923 *
924 * The return value is a pointer to the subdriver's struct usb_driver.
925 * The registering driver is responsible for calling this subdriver's
926 * disconnect, suspend, resume, pre_reset and post_reset methods from
927 * its own.
928 */
929struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
930 struct usb_endpoint_descriptor *ep,
931 int bufsize,
932 int (*manage_power)(struct usb_interface *, int))
933{
934 int rv = -EINVAL;
935
936 rv = wdm_create(intf, ep, bufsize, manage_power);
937 if (rv < 0)
938 goto err;
939
940 return &wdm_driver;
941err:
942 return ERR_PTR(rv);
943}
944EXPORT_SYMBOL(usb_cdc_wdm_register);
945
946static void wdm_disconnect(struct usb_interface *intf)
947{
948 struct wdm_device *desc;
949 unsigned long flags;
950
951 usb_deregister_dev(intf, &wdm_class);
952 desc = wdm_find_device(intf);
953 mutex_lock(&wdm_mutex);
954
955 /* the spinlock makes sure no new urbs are generated in the callbacks */
956 spin_lock_irqsave(&desc->iuspin, flags);
957 set_bit(WDM_DISCONNECTING, &desc->flags);
958 set_bit(WDM_READ, &desc->flags);
959 /* to terminate pending flushes */
960 clear_bit(WDM_IN_USE, &desc->flags);
961 spin_unlock_irqrestore(&desc->iuspin, flags);
962 wake_up_all(&desc->wait);
963 mutex_lock(&desc->rlock);
964 mutex_lock(&desc->wlock);
965 kill_urbs(desc);
966 cancel_work_sync(&desc->rxwork);
967 mutex_unlock(&desc->wlock);
968 mutex_unlock(&desc->rlock);
969
970 /* the desc->intf pointer used as list key is now invalid */
971 spin_lock(&wdm_device_list_lock);
972 list_del(&desc->device_list);
973 spin_unlock(&wdm_device_list_lock);
974
975 if (!desc->count)
976 cleanup(desc);
977 else
978 dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count);
979 mutex_unlock(&wdm_mutex);
980}
981
982#ifdef CONFIG_PM
983static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
984{
985 struct wdm_device *desc = wdm_find_device(intf);
986 int rv = 0;
987
988 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
989
990 /* if this is an autosuspend the caller does the locking */
991 if (!PMSG_IS_AUTO(message)) {
992 mutex_lock(&desc->rlock);
993 mutex_lock(&desc->wlock);
994 }
995 spin_lock_irq(&desc->iuspin);
996
997 if (PMSG_IS_AUTO(message) &&
998 (test_bit(WDM_IN_USE, &desc->flags)
999 || test_bit(WDM_RESPONDING, &desc->flags))) {
1000 spin_unlock_irq(&desc->iuspin);
1001 rv = -EBUSY;
1002 } else {
1003
1004 set_bit(WDM_SUSPENDING, &desc->flags);
1005 spin_unlock_irq(&desc->iuspin);
1006 /* callback submits work - order is essential */
1007 kill_urbs(desc);
1008 cancel_work_sync(&desc->rxwork);
1009 }
1010 if (!PMSG_IS_AUTO(message)) {
1011 mutex_unlock(&desc->wlock);
1012 mutex_unlock(&desc->rlock);
1013 }
1014
1015 return rv;
1016}
1017#endif
1018
1019static int recover_from_urb_loss(struct wdm_device *desc)
1020{
1021 int rv = 0;
1022
1023 if (desc->count) {
1024 rv = usb_submit_urb(desc->validity, GFP_NOIO);
1025 if (rv < 0)
1026 dev_err(&desc->intf->dev,
1027 "Error resume submitting int urb - %d\n", rv);
1028 }
1029 return rv;
1030}
1031
1032#ifdef CONFIG_PM
1033static int wdm_resume(struct usb_interface *intf)
1034{
1035 struct wdm_device *desc = wdm_find_device(intf);
1036 int rv;
1037
1038 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1039
1040 clear_bit(WDM_SUSPENDING, &desc->flags);
1041 rv = recover_from_urb_loss(desc);
1042
1043 return rv;
1044}
1045#endif
1046
1047static int wdm_pre_reset(struct usb_interface *intf)
1048{
1049 struct wdm_device *desc = wdm_find_device(intf);
1050
1051 /*
1052 * we notify everybody using poll of
1053 * an exceptional situation
1054 * must be done before recovery lest a spontaneous
1055 * message from the device is lost
1056 */
1057 spin_lock_irq(&desc->iuspin);
1058 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */
1059 set_bit(WDM_READ, &desc->flags); /* unblock read */
1060 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */
1061 desc->rerr = -EINTR;
1062 spin_unlock_irq(&desc->iuspin);
1063 wake_up_all(&desc->wait);
1064 mutex_lock(&desc->rlock);
1065 mutex_lock(&desc->wlock);
1066 kill_urbs(desc);
1067 cancel_work_sync(&desc->rxwork);
1068 return 0;
1069}
1070
1071static int wdm_post_reset(struct usb_interface *intf)
1072{
1073 struct wdm_device *desc = wdm_find_device(intf);
1074 int rv;
1075
1076 clear_bit(WDM_OVERFLOW, &desc->flags);
1077 clear_bit(WDM_RESETTING, &desc->flags);
1078 rv = recover_from_urb_loss(desc);
1079 mutex_unlock(&desc->wlock);
1080 mutex_unlock(&desc->rlock);
1081 return 0;
1082}
1083
1084static struct usb_driver wdm_driver = {
1085 .name = "cdc_wdm",
1086 .probe = wdm_probe,
1087 .disconnect = wdm_disconnect,
1088#ifdef CONFIG_PM
1089 .suspend = wdm_suspend,
1090 .resume = wdm_resume,
1091 .reset_resume = wdm_resume,
1092#endif
1093 .pre_reset = wdm_pre_reset,
1094 .post_reset = wdm_post_reset,
1095 .id_table = wdm_ids,
1096 .supports_autosuspend = 1,
1097 .disable_hub_initiated_lpm = 1,
1098};
1099
1100module_usb_driver(wdm_driver);
1101
1102MODULE_AUTHOR(DRIVER_AUTHOR);
1103MODULE_DESCRIPTION(DRIVER_DESC);
1104MODULE_LICENSE("GPL");