Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * cdc-wdm.c
4 *
5 * This driver supports USB CDC WCM Device Management.
6 *
7 * Copyright (c) 2007-2009 Oliver Neukum
8 *
9 * Some code taken from cdc-acm.c
10 *
11 * Released under the GPLv2.
12 *
13 * Many thanks to Carl Nordbeck
14 */
15#include <linux/kernel.h>
16#include <linux/errno.h>
17#include <linux/ioctl.h>
18#include <linux/slab.h>
19#include <linux/module.h>
20#include <linux/mutex.h>
21#include <linux/uaccess.h>
22#include <linux/bitops.h>
23#include <linux/poll.h>
24#include <linux/skbuff.h>
25#include <linux/usb.h>
26#include <linux/usb/cdc.h>
27#include <linux/wwan.h>
28#include <asm/byteorder.h>
29#include <asm/unaligned.h>
30#include <linux/usb/cdc-wdm.h>
31
32#define DRIVER_AUTHOR "Oliver Neukum"
33#define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
34
35static const struct usb_device_id wdm_ids[] = {
36 {
37 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
38 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
39 .bInterfaceClass = USB_CLASS_COMM,
40 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
41 },
42 { }
43};
44
45MODULE_DEVICE_TABLE (usb, wdm_ids);
46
47#define WDM_MINOR_BASE 176
48
49
50#define WDM_IN_USE 1
51#define WDM_DISCONNECTING 2
52#define WDM_RESULT 3
53#define WDM_READ 4
54#define WDM_INT_STALL 5
55#define WDM_POLL_RUNNING 6
56#define WDM_RESPONDING 7
57#define WDM_SUSPENDING 8
58#define WDM_RESETTING 9
59#define WDM_OVERFLOW 10
60#define WDM_WWAN_IN_USE 11
61
62#define WDM_MAX 16
63
64/* we cannot wait forever at flush() */
65#define WDM_FLUSH_TIMEOUT (30 * HZ)
66
67/* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
68#define WDM_DEFAULT_BUFSIZE 256
69
70static DEFINE_MUTEX(wdm_mutex);
71static DEFINE_SPINLOCK(wdm_device_list_lock);
72static LIST_HEAD(wdm_device_list);
73
74/* --- method tables --- */
75
76struct wdm_device {
77 u8 *inbuf; /* buffer for response */
78 u8 *outbuf; /* buffer for command */
79 u8 *sbuf; /* buffer for status */
80 u8 *ubuf; /* buffer for copy to user space */
81
82 struct urb *command;
83 struct urb *response;
84 struct urb *validity;
85 struct usb_interface *intf;
86 struct usb_ctrlrequest *orq;
87 struct usb_ctrlrequest *irq;
88 spinlock_t iuspin;
89
90 unsigned long flags;
91 u16 bufsize;
92 u16 wMaxCommand;
93 u16 wMaxPacketSize;
94 __le16 inum;
95 int reslength;
96 int length;
97 int read;
98 int count;
99 dma_addr_t shandle;
100 dma_addr_t ihandle;
101 struct mutex wlock;
102 struct mutex rlock;
103 wait_queue_head_t wait;
104 struct work_struct rxwork;
105 struct work_struct service_outs_intr;
106 int werr;
107 int rerr;
108 int resp_count;
109
110 struct list_head device_list;
111 int (*manage_power)(struct usb_interface *, int);
112
113 enum wwan_port_type wwanp_type;
114 struct wwan_port *wwanp;
115};
116
117static struct usb_driver wdm_driver;
118
119/* return intfdata if we own the interface, else look up intf in the list */
120static struct wdm_device *wdm_find_device(struct usb_interface *intf)
121{
122 struct wdm_device *desc;
123
124 spin_lock(&wdm_device_list_lock);
125 list_for_each_entry(desc, &wdm_device_list, device_list)
126 if (desc->intf == intf)
127 goto found;
128 desc = NULL;
129found:
130 spin_unlock(&wdm_device_list_lock);
131
132 return desc;
133}
134
135static struct wdm_device *wdm_find_device_by_minor(int minor)
136{
137 struct wdm_device *desc;
138
139 spin_lock(&wdm_device_list_lock);
140 list_for_each_entry(desc, &wdm_device_list, device_list)
141 if (desc->intf->minor == minor)
142 goto found;
143 desc = NULL;
144found:
145 spin_unlock(&wdm_device_list_lock);
146
147 return desc;
148}
149
150/* --- callbacks --- */
151static void wdm_out_callback(struct urb *urb)
152{
153 struct wdm_device *desc;
154 unsigned long flags;
155
156 desc = urb->context;
157 spin_lock_irqsave(&desc->iuspin, flags);
158 desc->werr = urb->status;
159 spin_unlock_irqrestore(&desc->iuspin, flags);
160 kfree(desc->outbuf);
161 desc->outbuf = NULL;
162 clear_bit(WDM_IN_USE, &desc->flags);
163 wake_up_all(&desc->wait);
164}
165
166static void wdm_wwan_rx(struct wdm_device *desc, int length);
167
168static void wdm_in_callback(struct urb *urb)
169{
170 unsigned long flags;
171 struct wdm_device *desc = urb->context;
172 int status = urb->status;
173 int length = urb->actual_length;
174
175 spin_lock_irqsave(&desc->iuspin, flags);
176 clear_bit(WDM_RESPONDING, &desc->flags);
177
178 if (status) {
179 switch (status) {
180 case -ENOENT:
181 dev_dbg(&desc->intf->dev,
182 "nonzero urb status received: -ENOENT\n");
183 goto skip_error;
184 case -ECONNRESET:
185 dev_dbg(&desc->intf->dev,
186 "nonzero urb status received: -ECONNRESET\n");
187 goto skip_error;
188 case -ESHUTDOWN:
189 dev_dbg(&desc->intf->dev,
190 "nonzero urb status received: -ESHUTDOWN\n");
191 goto skip_error;
192 case -EPIPE:
193 dev_err(&desc->intf->dev,
194 "nonzero urb status received: -EPIPE\n");
195 break;
196 default:
197 dev_err(&desc->intf->dev,
198 "Unexpected error %d\n", status);
199 break;
200 }
201 }
202
203 if (test_bit(WDM_WWAN_IN_USE, &desc->flags)) {
204 wdm_wwan_rx(desc, length);
205 goto out;
206 }
207
208 /*
209 * only set a new error if there is no previous error.
210 * Errors are only cleared during read/open
211 * Avoid propagating -EPIPE (stall) to userspace since it is
212 * better handled as an empty read
213 */
214 if (desc->rerr == 0 && status != -EPIPE)
215 desc->rerr = status;
216
217 if (length + desc->length > desc->wMaxCommand) {
218 /* The buffer would overflow */
219 set_bit(WDM_OVERFLOW, &desc->flags);
220 } else {
221 /* we may already be in overflow */
222 if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
223 memmove(desc->ubuf + desc->length, desc->inbuf, length);
224 desc->length += length;
225 desc->reslength = length;
226 }
227 }
228skip_error:
229
230 if (desc->rerr) {
231 /*
232 * Since there was an error, userspace may decide to not read
233 * any data after poll'ing.
234 * We should respond to further attempts from the device to send
235 * data, so that we can get unstuck.
236 */
237 schedule_work(&desc->service_outs_intr);
238 } else {
239 set_bit(WDM_READ, &desc->flags);
240 wake_up(&desc->wait);
241 }
242out:
243 spin_unlock_irqrestore(&desc->iuspin, flags);
244}
245
246static void wdm_int_callback(struct urb *urb)
247{
248 unsigned long flags;
249 int rv = 0;
250 int responding;
251 int status = urb->status;
252 struct wdm_device *desc;
253 struct usb_cdc_notification *dr;
254
255 desc = urb->context;
256 dr = (struct usb_cdc_notification *)desc->sbuf;
257
258 if (status) {
259 switch (status) {
260 case -ESHUTDOWN:
261 case -ENOENT:
262 case -ECONNRESET:
263 return; /* unplug */
264 case -EPIPE:
265 set_bit(WDM_INT_STALL, &desc->flags);
266 dev_err(&desc->intf->dev, "Stall on int endpoint\n");
267 goto sw; /* halt is cleared in work */
268 default:
269 dev_err(&desc->intf->dev,
270 "nonzero urb status received: %d\n", status);
271 break;
272 }
273 }
274
275 if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
276 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
277 urb->actual_length);
278 goto exit;
279 }
280
281 switch (dr->bNotificationType) {
282 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
283 dev_dbg(&desc->intf->dev,
284 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n",
285 le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
286 break;
287
288 case USB_CDC_NOTIFY_NETWORK_CONNECTION:
289
290 dev_dbg(&desc->intf->dev,
291 "NOTIFY_NETWORK_CONNECTION %s network\n",
292 dr->wValue ? "connected to" : "disconnected from");
293 goto exit;
294 case USB_CDC_NOTIFY_SPEED_CHANGE:
295 dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n",
296 urb->actual_length);
297 goto exit;
298 default:
299 clear_bit(WDM_POLL_RUNNING, &desc->flags);
300 dev_err(&desc->intf->dev,
301 "unknown notification %d received: index %d len %d\n",
302 dr->bNotificationType,
303 le16_to_cpu(dr->wIndex),
304 le16_to_cpu(dr->wLength));
305 goto exit;
306 }
307
308 spin_lock_irqsave(&desc->iuspin, flags);
309 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
310 if (!desc->resp_count++ && !responding
311 && !test_bit(WDM_DISCONNECTING, &desc->flags)
312 && !test_bit(WDM_SUSPENDING, &desc->flags)) {
313 rv = usb_submit_urb(desc->response, GFP_ATOMIC);
314 dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv);
315 }
316 spin_unlock_irqrestore(&desc->iuspin, flags);
317 if (rv < 0) {
318 clear_bit(WDM_RESPONDING, &desc->flags);
319 if (rv == -EPERM)
320 return;
321 if (rv == -ENOMEM) {
322sw:
323 rv = schedule_work(&desc->rxwork);
324 if (rv)
325 dev_err(&desc->intf->dev,
326 "Cannot schedule work\n");
327 }
328 }
329exit:
330 rv = usb_submit_urb(urb, GFP_ATOMIC);
331 if (rv)
332 dev_err(&desc->intf->dev,
333 "%s - usb_submit_urb failed with result %d\n",
334 __func__, rv);
335
336}
337
338static void poison_urbs(struct wdm_device *desc)
339{
340 /* the order here is essential */
341 usb_poison_urb(desc->command);
342 usb_poison_urb(desc->validity);
343 usb_poison_urb(desc->response);
344}
345
346static void unpoison_urbs(struct wdm_device *desc)
347{
348 /*
349 * the order here is not essential
350 * it is symmetrical just to be nice
351 */
352 usb_unpoison_urb(desc->response);
353 usb_unpoison_urb(desc->validity);
354 usb_unpoison_urb(desc->command);
355}
356
357static void free_urbs(struct wdm_device *desc)
358{
359 usb_free_urb(desc->validity);
360 usb_free_urb(desc->response);
361 usb_free_urb(desc->command);
362}
363
364static void cleanup(struct wdm_device *desc)
365{
366 kfree(desc->sbuf);
367 kfree(desc->inbuf);
368 kfree(desc->orq);
369 kfree(desc->irq);
370 kfree(desc->ubuf);
371 free_urbs(desc);
372 kfree(desc);
373}
374
375static ssize_t wdm_write
376(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
377{
378 u8 *buf;
379 int rv = -EMSGSIZE, r, we;
380 struct wdm_device *desc = file->private_data;
381 struct usb_ctrlrequest *req;
382
383 if (count > desc->wMaxCommand)
384 count = desc->wMaxCommand;
385
386 spin_lock_irq(&desc->iuspin);
387 we = desc->werr;
388 desc->werr = 0;
389 spin_unlock_irq(&desc->iuspin);
390 if (we < 0)
391 return usb_translate_errors(we);
392
393 buf = memdup_user(buffer, count);
394 if (IS_ERR(buf))
395 return PTR_ERR(buf);
396
397 /* concurrent writes and disconnect */
398 r = mutex_lock_interruptible(&desc->wlock);
399 rv = -ERESTARTSYS;
400 if (r)
401 goto out_free_mem;
402
403 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
404 rv = -ENODEV;
405 goto out_free_mem_lock;
406 }
407
408 r = usb_autopm_get_interface(desc->intf);
409 if (r < 0) {
410 rv = usb_translate_errors(r);
411 goto out_free_mem_lock;
412 }
413
414 if (!(file->f_flags & O_NONBLOCK))
415 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
416 &desc->flags));
417 else
418 if (test_bit(WDM_IN_USE, &desc->flags))
419 r = -EAGAIN;
420
421 if (test_bit(WDM_RESETTING, &desc->flags))
422 r = -EIO;
423
424 if (test_bit(WDM_DISCONNECTING, &desc->flags))
425 r = -ENODEV;
426
427 if (r < 0) {
428 rv = r;
429 goto out_free_mem_pm;
430 }
431
432 req = desc->orq;
433 usb_fill_control_urb(
434 desc->command,
435 interface_to_usbdev(desc->intf),
436 /* using common endpoint 0 */
437 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
438 (unsigned char *)req,
439 buf,
440 count,
441 wdm_out_callback,
442 desc
443 );
444
445 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
446 USB_RECIP_INTERFACE);
447 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
448 req->wValue = 0;
449 req->wIndex = desc->inum; /* already converted */
450 req->wLength = cpu_to_le16(count);
451 set_bit(WDM_IN_USE, &desc->flags);
452 desc->outbuf = buf;
453
454 rv = usb_submit_urb(desc->command, GFP_KERNEL);
455 if (rv < 0) {
456 desc->outbuf = NULL;
457 clear_bit(WDM_IN_USE, &desc->flags);
458 wake_up_all(&desc->wait); /* for wdm_wait_for_response() */
459 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
460 rv = usb_translate_errors(rv);
461 goto out_free_mem_pm;
462 } else {
463 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n",
464 le16_to_cpu(req->wIndex));
465 }
466
467 usb_autopm_put_interface(desc->intf);
468 mutex_unlock(&desc->wlock);
469 return count;
470
471out_free_mem_pm:
472 usb_autopm_put_interface(desc->intf);
473out_free_mem_lock:
474 mutex_unlock(&desc->wlock);
475out_free_mem:
476 kfree(buf);
477 return rv;
478}
479
480/*
481 * Submit the read urb if resp_count is non-zero.
482 *
483 * Called with desc->iuspin locked
484 */
485static int service_outstanding_interrupt(struct wdm_device *desc)
486{
487 int rv = 0;
488
489 /* submit read urb only if the device is waiting for it */
490 if (!desc->resp_count || !--desc->resp_count)
491 goto out;
492
493 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
494 rv = -ENODEV;
495 goto out;
496 }
497 if (test_bit(WDM_RESETTING, &desc->flags)) {
498 rv = -EIO;
499 goto out;
500 }
501
502 set_bit(WDM_RESPONDING, &desc->flags);
503 spin_unlock_irq(&desc->iuspin);
504 rv = usb_submit_urb(desc->response, GFP_KERNEL);
505 spin_lock_irq(&desc->iuspin);
506 if (rv) {
507 if (!test_bit(WDM_DISCONNECTING, &desc->flags))
508 dev_err(&desc->intf->dev,
509 "usb_submit_urb failed with result %d\n", rv);
510
511 /* make sure the next notification trigger a submit */
512 clear_bit(WDM_RESPONDING, &desc->flags);
513 desc->resp_count = 0;
514 }
515out:
516 return rv;
517}
518
519static ssize_t wdm_read
520(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
521{
522 int rv, cntr;
523 int i = 0;
524 struct wdm_device *desc = file->private_data;
525
526
527 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
528 if (rv < 0)
529 return -ERESTARTSYS;
530
531 cntr = READ_ONCE(desc->length);
532 if (cntr == 0) {
533 desc->read = 0;
534retry:
535 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
536 rv = -ENODEV;
537 goto err;
538 }
539 if (test_bit(WDM_OVERFLOW, &desc->flags)) {
540 clear_bit(WDM_OVERFLOW, &desc->flags);
541 rv = -ENOBUFS;
542 goto err;
543 }
544 i++;
545 if (file->f_flags & O_NONBLOCK) {
546 if (!test_bit(WDM_READ, &desc->flags)) {
547 rv = -EAGAIN;
548 goto err;
549 }
550 rv = 0;
551 } else {
552 rv = wait_event_interruptible(desc->wait,
553 test_bit(WDM_READ, &desc->flags));
554 }
555
556 /* may have happened while we slept */
557 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
558 rv = -ENODEV;
559 goto err;
560 }
561 if (test_bit(WDM_RESETTING, &desc->flags)) {
562 rv = -EIO;
563 goto err;
564 }
565 usb_mark_last_busy(interface_to_usbdev(desc->intf));
566 if (rv < 0) {
567 rv = -ERESTARTSYS;
568 goto err;
569 }
570
571 spin_lock_irq(&desc->iuspin);
572
573 if (desc->rerr) { /* read completed, error happened */
574 rv = usb_translate_errors(desc->rerr);
575 desc->rerr = 0;
576 spin_unlock_irq(&desc->iuspin);
577 goto err;
578 }
579 /*
580 * recheck whether we've lost the race
581 * against the completion handler
582 */
583 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
584 spin_unlock_irq(&desc->iuspin);
585 goto retry;
586 }
587
588 if (!desc->reslength) { /* zero length read */
589 dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n");
590 clear_bit(WDM_READ, &desc->flags);
591 rv = service_outstanding_interrupt(desc);
592 spin_unlock_irq(&desc->iuspin);
593 if (rv < 0)
594 goto err;
595 goto retry;
596 }
597 cntr = desc->length;
598 spin_unlock_irq(&desc->iuspin);
599 }
600
601 if (cntr > count)
602 cntr = count;
603 rv = copy_to_user(buffer, desc->ubuf, cntr);
604 if (rv > 0) {
605 rv = -EFAULT;
606 goto err;
607 }
608
609 spin_lock_irq(&desc->iuspin);
610
611 for (i = 0; i < desc->length - cntr; i++)
612 desc->ubuf[i] = desc->ubuf[i + cntr];
613
614 desc->length -= cntr;
615 /* in case we had outstanding data */
616 if (!desc->length) {
617 clear_bit(WDM_READ, &desc->flags);
618 service_outstanding_interrupt(desc);
619 }
620 spin_unlock_irq(&desc->iuspin);
621 rv = cntr;
622
623err:
624 mutex_unlock(&desc->rlock);
625 return rv;
626}
627
628static int wdm_wait_for_response(struct file *file, long timeout)
629{
630 struct wdm_device *desc = file->private_data;
631 long rv; /* Use long here because (int) MAX_SCHEDULE_TIMEOUT < 0. */
632
633 /*
634 * Needs both flags. We cannot do with one because resetting it would
635 * cause a race with write() yet we need to signal a disconnect.
636 */
637 rv = wait_event_interruptible_timeout(desc->wait,
638 !test_bit(WDM_IN_USE, &desc->flags) ||
639 test_bit(WDM_DISCONNECTING, &desc->flags),
640 timeout);
641
642 /*
643 * To report the correct error. This is best effort.
644 * We are inevitably racing with the hardware.
645 */
646 if (test_bit(WDM_DISCONNECTING, &desc->flags))
647 return -ENODEV;
648 if (!rv)
649 return -EIO;
650 if (rv < 0)
651 return -EINTR;
652
653 spin_lock_irq(&desc->iuspin);
654 rv = desc->werr;
655 desc->werr = 0;
656 spin_unlock_irq(&desc->iuspin);
657
658 return usb_translate_errors(rv);
659
660}
661
662/*
663 * You need to send a signal when you react to malicious or defective hardware.
664 * Also, don't abort when fsync() returned -EINVAL, for older kernels which do
665 * not implement wdm_flush() will return -EINVAL.
666 */
667static int wdm_fsync(struct file *file, loff_t start, loff_t end, int datasync)
668{
669 return wdm_wait_for_response(file, MAX_SCHEDULE_TIMEOUT);
670}
671
672/*
673 * Same with wdm_fsync(), except it uses finite timeout in order to react to
674 * malicious or defective hardware which ceased communication after close() was
675 * implicitly called due to process termination.
676 */
677static int wdm_flush(struct file *file, fl_owner_t id)
678{
679 return wdm_wait_for_response(file, WDM_FLUSH_TIMEOUT);
680}
681
682static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait)
683{
684 struct wdm_device *desc = file->private_data;
685 unsigned long flags;
686 __poll_t mask = 0;
687
688 spin_lock_irqsave(&desc->iuspin, flags);
689 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
690 mask = EPOLLHUP | EPOLLERR;
691 spin_unlock_irqrestore(&desc->iuspin, flags);
692 goto desc_out;
693 }
694 if (test_bit(WDM_READ, &desc->flags))
695 mask = EPOLLIN | EPOLLRDNORM;
696 if (desc->rerr || desc->werr)
697 mask |= EPOLLERR;
698 if (!test_bit(WDM_IN_USE, &desc->flags))
699 mask |= EPOLLOUT | EPOLLWRNORM;
700 spin_unlock_irqrestore(&desc->iuspin, flags);
701
702 poll_wait(file, &desc->wait, wait);
703
704desc_out:
705 return mask;
706}
707
708static int wdm_open(struct inode *inode, struct file *file)
709{
710 int minor = iminor(inode);
711 int rv = -ENODEV;
712 struct usb_interface *intf;
713 struct wdm_device *desc;
714
715 mutex_lock(&wdm_mutex);
716 desc = wdm_find_device_by_minor(minor);
717 if (!desc)
718 goto out;
719
720 intf = desc->intf;
721 if (test_bit(WDM_DISCONNECTING, &desc->flags))
722 goto out;
723 file->private_data = desc;
724
725 if (test_bit(WDM_WWAN_IN_USE, &desc->flags)) {
726 rv = -EBUSY;
727 goto out;
728 }
729
730 rv = usb_autopm_get_interface(desc->intf);
731 if (rv < 0) {
732 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
733 goto out;
734 }
735
736 /* using write lock to protect desc->count */
737 mutex_lock(&desc->wlock);
738 if (!desc->count++) {
739 desc->werr = 0;
740 desc->rerr = 0;
741 rv = usb_submit_urb(desc->validity, GFP_KERNEL);
742 if (rv < 0) {
743 desc->count--;
744 dev_err(&desc->intf->dev,
745 "Error submitting int urb - %d\n", rv);
746 rv = usb_translate_errors(rv);
747 }
748 } else {
749 rv = 0;
750 }
751 mutex_unlock(&desc->wlock);
752 if (desc->count == 1)
753 desc->manage_power(intf, 1);
754 usb_autopm_put_interface(desc->intf);
755out:
756 mutex_unlock(&wdm_mutex);
757 return rv;
758}
759
760static int wdm_release(struct inode *inode, struct file *file)
761{
762 struct wdm_device *desc = file->private_data;
763
764 mutex_lock(&wdm_mutex);
765
766 /* using write lock to protect desc->count */
767 mutex_lock(&desc->wlock);
768 desc->count--;
769 mutex_unlock(&desc->wlock);
770
771 if (!desc->count) {
772 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
773 dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n");
774 poison_urbs(desc);
775 spin_lock_irq(&desc->iuspin);
776 desc->resp_count = 0;
777 clear_bit(WDM_RESPONDING, &desc->flags);
778 spin_unlock_irq(&desc->iuspin);
779 desc->manage_power(desc->intf, 0);
780 unpoison_urbs(desc);
781 } else {
782 /* must avoid dev_printk here as desc->intf is invalid */
783 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
784 cleanup(desc);
785 }
786 }
787 mutex_unlock(&wdm_mutex);
788 return 0;
789}
790
791static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
792{
793 struct wdm_device *desc = file->private_data;
794 int rv = 0;
795
796 switch (cmd) {
797 case IOCTL_WDM_MAX_COMMAND:
798 if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
799 rv = -EFAULT;
800 break;
801 default:
802 rv = -ENOTTY;
803 }
804 return rv;
805}
806
807static const struct file_operations wdm_fops = {
808 .owner = THIS_MODULE,
809 .read = wdm_read,
810 .write = wdm_write,
811 .fsync = wdm_fsync,
812 .open = wdm_open,
813 .flush = wdm_flush,
814 .release = wdm_release,
815 .poll = wdm_poll,
816 .unlocked_ioctl = wdm_ioctl,
817 .compat_ioctl = compat_ptr_ioctl,
818 .llseek = noop_llseek,
819};
820
821static struct usb_class_driver wdm_class = {
822 .name = "cdc-wdm%d",
823 .fops = &wdm_fops,
824 .minor_base = WDM_MINOR_BASE,
825};
826
827/* --- WWAN framework integration --- */
828#ifdef CONFIG_WWAN
829static int wdm_wwan_port_start(struct wwan_port *port)
830{
831 struct wdm_device *desc = wwan_port_get_drvdata(port);
832
833 /* The interface is both exposed via the WWAN framework and as a
834 * legacy usbmisc chardev. If chardev is already open, just fail
835 * to prevent concurrent usage. Otherwise, switch to WWAN mode.
836 */
837 mutex_lock(&wdm_mutex);
838 if (desc->count) {
839 mutex_unlock(&wdm_mutex);
840 return -EBUSY;
841 }
842 set_bit(WDM_WWAN_IN_USE, &desc->flags);
843 mutex_unlock(&wdm_mutex);
844
845 desc->manage_power(desc->intf, 1);
846
847 /* tx is allowed */
848 wwan_port_txon(port);
849
850 /* Start getting events */
851 return usb_submit_urb(desc->validity, GFP_KERNEL);
852}
853
854static void wdm_wwan_port_stop(struct wwan_port *port)
855{
856 struct wdm_device *desc = wwan_port_get_drvdata(port);
857
858 /* Stop all transfers and disable WWAN mode */
859 poison_urbs(desc);
860 desc->manage_power(desc->intf, 0);
861 clear_bit(WDM_READ, &desc->flags);
862 clear_bit(WDM_WWAN_IN_USE, &desc->flags);
863 unpoison_urbs(desc);
864}
865
866static void wdm_wwan_port_tx_complete(struct urb *urb)
867{
868 struct sk_buff *skb = urb->context;
869 struct wdm_device *desc = skb_shinfo(skb)->destructor_arg;
870
871 usb_autopm_put_interface(desc->intf);
872 wwan_port_txon(desc->wwanp);
873 kfree_skb(skb);
874}
875
876static int wdm_wwan_port_tx(struct wwan_port *port, struct sk_buff *skb)
877{
878 struct wdm_device *desc = wwan_port_get_drvdata(port);
879 struct usb_interface *intf = desc->intf;
880 struct usb_ctrlrequest *req = desc->orq;
881 int rv;
882
883 rv = usb_autopm_get_interface(intf);
884 if (rv)
885 return rv;
886
887 usb_fill_control_urb(
888 desc->command,
889 interface_to_usbdev(intf),
890 usb_sndctrlpipe(interface_to_usbdev(intf), 0),
891 (unsigned char *)req,
892 skb->data,
893 skb->len,
894 wdm_wwan_port_tx_complete,
895 skb
896 );
897
898 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
899 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
900 req->wValue = 0;
901 req->wIndex = desc->inum;
902 req->wLength = cpu_to_le16(skb->len);
903
904 skb_shinfo(skb)->destructor_arg = desc;
905
906 rv = usb_submit_urb(desc->command, GFP_KERNEL);
907 if (rv)
908 usb_autopm_put_interface(intf);
909 else /* One transfer at a time, stop TX until URB completion */
910 wwan_port_txoff(port);
911
912 return rv;
913}
914
915static const struct wwan_port_ops wdm_wwan_port_ops = {
916 .start = wdm_wwan_port_start,
917 .stop = wdm_wwan_port_stop,
918 .tx = wdm_wwan_port_tx,
919};
920
921static void wdm_wwan_init(struct wdm_device *desc)
922{
923 struct usb_interface *intf = desc->intf;
924 struct wwan_port *port;
925
926 /* Only register to WWAN core if protocol/type is known */
927 if (desc->wwanp_type == WWAN_PORT_UNKNOWN) {
928 dev_info(&intf->dev, "Unknown control protocol\n");
929 return;
930 }
931
932 port = wwan_create_port(&intf->dev, desc->wwanp_type, &wdm_wwan_port_ops,
933 NULL, desc);
934 if (IS_ERR(port)) {
935 dev_err(&intf->dev, "%s: Unable to create WWAN port\n",
936 dev_name(intf->usb_dev));
937 return;
938 }
939
940 desc->wwanp = port;
941}
942
943static void wdm_wwan_deinit(struct wdm_device *desc)
944{
945 if (!desc->wwanp)
946 return;
947
948 wwan_remove_port(desc->wwanp);
949 desc->wwanp = NULL;
950}
951
952static void wdm_wwan_rx(struct wdm_device *desc, int length)
953{
954 struct wwan_port *port = desc->wwanp;
955 struct sk_buff *skb;
956
957 /* Forward data to WWAN port */
958 skb = alloc_skb(length, GFP_ATOMIC);
959 if (!skb)
960 return;
961
962 skb_put_data(skb, desc->inbuf, length);
963 wwan_port_rx(port, skb);
964
965 /* inbuf has been copied, it is safe to check for outstanding data */
966 schedule_work(&desc->service_outs_intr);
967}
968#else /* CONFIG_WWAN */
969static void wdm_wwan_init(struct wdm_device *desc) {}
970static void wdm_wwan_deinit(struct wdm_device *desc) {}
971static void wdm_wwan_rx(struct wdm_device *desc, int length) {}
972#endif /* CONFIG_WWAN */
973
974/* --- error handling --- */
975static void wdm_rxwork(struct work_struct *work)
976{
977 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
978 unsigned long flags;
979 int rv = 0;
980 int responding;
981
982 spin_lock_irqsave(&desc->iuspin, flags);
983 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
984 spin_unlock_irqrestore(&desc->iuspin, flags);
985 } else {
986 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
987 spin_unlock_irqrestore(&desc->iuspin, flags);
988 if (!responding)
989 rv = usb_submit_urb(desc->response, GFP_KERNEL);
990 if (rv < 0 && rv != -EPERM) {
991 spin_lock_irqsave(&desc->iuspin, flags);
992 clear_bit(WDM_RESPONDING, &desc->flags);
993 if (!test_bit(WDM_DISCONNECTING, &desc->flags))
994 schedule_work(&desc->rxwork);
995 spin_unlock_irqrestore(&desc->iuspin, flags);
996 }
997 }
998}
999
1000static void service_interrupt_work(struct work_struct *work)
1001{
1002 struct wdm_device *desc;
1003
1004 desc = container_of(work, struct wdm_device, service_outs_intr);
1005
1006 spin_lock_irq(&desc->iuspin);
1007 service_outstanding_interrupt(desc);
1008 if (!desc->resp_count) {
1009 set_bit(WDM_READ, &desc->flags);
1010 wake_up(&desc->wait);
1011 }
1012 spin_unlock_irq(&desc->iuspin);
1013}
1014
1015/* --- hotplug --- */
1016
1017static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
1018 u16 bufsize, enum wwan_port_type type,
1019 int (*manage_power)(struct usb_interface *, int))
1020{
1021 int rv = -ENOMEM;
1022 struct wdm_device *desc;
1023
1024 desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
1025 if (!desc)
1026 goto out;
1027 INIT_LIST_HEAD(&desc->device_list);
1028 mutex_init(&desc->rlock);
1029 mutex_init(&desc->wlock);
1030 spin_lock_init(&desc->iuspin);
1031 init_waitqueue_head(&desc->wait);
1032 desc->wMaxCommand = bufsize;
1033 /* this will be expanded and needed in hardware endianness */
1034 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
1035 desc->intf = intf;
1036 desc->wwanp_type = type;
1037 INIT_WORK(&desc->rxwork, wdm_rxwork);
1038 INIT_WORK(&desc->service_outs_intr, service_interrupt_work);
1039
1040 if (!usb_endpoint_is_int_in(ep)) {
1041 rv = -EINVAL;
1042 goto err;
1043 }
1044
1045 desc->wMaxPacketSize = usb_endpoint_maxp(ep);
1046
1047 desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
1048 if (!desc->orq)
1049 goto err;
1050 desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
1051 if (!desc->irq)
1052 goto err;
1053
1054 desc->validity = usb_alloc_urb(0, GFP_KERNEL);
1055 if (!desc->validity)
1056 goto err;
1057
1058 desc->response = usb_alloc_urb(0, GFP_KERNEL);
1059 if (!desc->response)
1060 goto err;
1061
1062 desc->command = usb_alloc_urb(0, GFP_KERNEL);
1063 if (!desc->command)
1064 goto err;
1065
1066 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
1067 if (!desc->ubuf)
1068 goto err;
1069
1070 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
1071 if (!desc->sbuf)
1072 goto err;
1073
1074 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
1075 if (!desc->inbuf)
1076 goto err;
1077
1078 usb_fill_int_urb(
1079 desc->validity,
1080 interface_to_usbdev(intf),
1081 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
1082 desc->sbuf,
1083 desc->wMaxPacketSize,
1084 wdm_int_callback,
1085 desc,
1086 ep->bInterval
1087 );
1088
1089 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
1090 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
1091 desc->irq->wValue = 0;
1092 desc->irq->wIndex = desc->inum; /* already converted */
1093 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
1094
1095 usb_fill_control_urb(
1096 desc->response,
1097 interface_to_usbdev(intf),
1098 /* using common endpoint 0 */
1099 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
1100 (unsigned char *)desc->irq,
1101 desc->inbuf,
1102 desc->wMaxCommand,
1103 wdm_in_callback,
1104 desc
1105 );
1106
1107 desc->manage_power = manage_power;
1108
1109 spin_lock(&wdm_device_list_lock);
1110 list_add(&desc->device_list, &wdm_device_list);
1111 spin_unlock(&wdm_device_list_lock);
1112
1113 rv = usb_register_dev(intf, &wdm_class);
1114 if (rv < 0)
1115 goto err;
1116 else
1117 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
1118
1119 wdm_wwan_init(desc);
1120
1121out:
1122 return rv;
1123err:
1124 spin_lock(&wdm_device_list_lock);
1125 list_del(&desc->device_list);
1126 spin_unlock(&wdm_device_list_lock);
1127 cleanup(desc);
1128 return rv;
1129}
1130
1131static int wdm_manage_power(struct usb_interface *intf, int on)
1132{
1133 /* need autopm_get/put here to ensure the usbcore sees the new value */
1134 int rv = usb_autopm_get_interface(intf);
1135
1136 intf->needs_remote_wakeup = on;
1137 if (!rv)
1138 usb_autopm_put_interface(intf);
1139 return 0;
1140}
1141
1142static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
1143{
1144 int rv = -EINVAL;
1145 struct usb_host_interface *iface;
1146 struct usb_endpoint_descriptor *ep;
1147 struct usb_cdc_parsed_header hdr;
1148 u8 *buffer = intf->altsetting->extra;
1149 int buflen = intf->altsetting->extralen;
1150 u16 maxcom = WDM_DEFAULT_BUFSIZE;
1151
1152 if (!buffer)
1153 goto err;
1154
1155 cdc_parse_cdc_header(&hdr, intf, buffer, buflen);
1156
1157 if (hdr.usb_cdc_dmm_desc)
1158 maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand);
1159
1160 iface = intf->cur_altsetting;
1161 if (iface->desc.bNumEndpoints != 1)
1162 goto err;
1163 ep = &iface->endpoint[0].desc;
1164
1165 rv = wdm_create(intf, ep, maxcom, WWAN_PORT_UNKNOWN, &wdm_manage_power);
1166
1167err:
1168 return rv;
1169}
1170
1171/**
1172 * usb_cdc_wdm_register - register a WDM subdriver
1173 * @intf: usb interface the subdriver will associate with
1174 * @ep: interrupt endpoint to monitor for notifications
1175 * @bufsize: maximum message size to support for read/write
1176 * @type: Type/protocol of the transported data (MBIM, QMI...)
1177 * @manage_power: call-back invoked during open and release to
1178 * manage the device's power
1179 * Create WDM usb class character device and associate it with intf
1180 * without binding, allowing another driver to manage the interface.
1181 *
1182 * The subdriver will manage the given interrupt endpoint exclusively
1183 * and will issue control requests referring to the given intf. It
1184 * will otherwise avoid interferring, and in particular not do
1185 * usb_set_intfdata/usb_get_intfdata on intf.
1186 *
1187 * The return value is a pointer to the subdriver's struct usb_driver.
1188 * The registering driver is responsible for calling this subdriver's
1189 * disconnect, suspend, resume, pre_reset and post_reset methods from
1190 * its own.
1191 */
1192struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
1193 struct usb_endpoint_descriptor *ep,
1194 int bufsize, enum wwan_port_type type,
1195 int (*manage_power)(struct usb_interface *, int))
1196{
1197 int rv;
1198
1199 rv = wdm_create(intf, ep, bufsize, type, manage_power);
1200 if (rv < 0)
1201 goto err;
1202
1203 return &wdm_driver;
1204err:
1205 return ERR_PTR(rv);
1206}
1207EXPORT_SYMBOL(usb_cdc_wdm_register);
1208
1209static void wdm_disconnect(struct usb_interface *intf)
1210{
1211 struct wdm_device *desc;
1212 unsigned long flags;
1213
1214 usb_deregister_dev(intf, &wdm_class);
1215 desc = wdm_find_device(intf);
1216 mutex_lock(&wdm_mutex);
1217
1218 wdm_wwan_deinit(desc);
1219
1220 /* the spinlock makes sure no new urbs are generated in the callbacks */
1221 spin_lock_irqsave(&desc->iuspin, flags);
1222 set_bit(WDM_DISCONNECTING, &desc->flags);
1223 set_bit(WDM_READ, &desc->flags);
1224 spin_unlock_irqrestore(&desc->iuspin, flags);
1225 wake_up_all(&desc->wait);
1226 mutex_lock(&desc->rlock);
1227 mutex_lock(&desc->wlock);
1228 poison_urbs(desc);
1229 cancel_work_sync(&desc->rxwork);
1230 cancel_work_sync(&desc->service_outs_intr);
1231 mutex_unlock(&desc->wlock);
1232 mutex_unlock(&desc->rlock);
1233
1234 /* the desc->intf pointer used as list key is now invalid */
1235 spin_lock(&wdm_device_list_lock);
1236 list_del(&desc->device_list);
1237 spin_unlock(&wdm_device_list_lock);
1238
1239 if (!desc->count)
1240 cleanup(desc);
1241 else
1242 dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count);
1243 mutex_unlock(&wdm_mutex);
1244}
1245
1246#ifdef CONFIG_PM
1247static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
1248{
1249 struct wdm_device *desc = wdm_find_device(intf);
1250 int rv = 0;
1251
1252 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1253
1254 /* if this is an autosuspend the caller does the locking */
1255 if (!PMSG_IS_AUTO(message)) {
1256 mutex_lock(&desc->rlock);
1257 mutex_lock(&desc->wlock);
1258 }
1259 spin_lock_irq(&desc->iuspin);
1260
1261 if (PMSG_IS_AUTO(message) &&
1262 (test_bit(WDM_IN_USE, &desc->flags)
1263 || test_bit(WDM_RESPONDING, &desc->flags))) {
1264 spin_unlock_irq(&desc->iuspin);
1265 rv = -EBUSY;
1266 } else {
1267
1268 set_bit(WDM_SUSPENDING, &desc->flags);
1269 spin_unlock_irq(&desc->iuspin);
1270 /* callback submits work - order is essential */
1271 poison_urbs(desc);
1272 cancel_work_sync(&desc->rxwork);
1273 cancel_work_sync(&desc->service_outs_intr);
1274 unpoison_urbs(desc);
1275 }
1276 if (!PMSG_IS_AUTO(message)) {
1277 mutex_unlock(&desc->wlock);
1278 mutex_unlock(&desc->rlock);
1279 }
1280
1281 return rv;
1282}
1283#endif
1284
1285static int recover_from_urb_loss(struct wdm_device *desc)
1286{
1287 int rv = 0;
1288
1289 if (desc->count) {
1290 rv = usb_submit_urb(desc->validity, GFP_NOIO);
1291 if (rv < 0)
1292 dev_err(&desc->intf->dev,
1293 "Error resume submitting int urb - %d\n", rv);
1294 }
1295 return rv;
1296}
1297
1298#ifdef CONFIG_PM
1299static int wdm_resume(struct usb_interface *intf)
1300{
1301 struct wdm_device *desc = wdm_find_device(intf);
1302 int rv;
1303
1304 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1305
1306 clear_bit(WDM_SUSPENDING, &desc->flags);
1307 rv = recover_from_urb_loss(desc);
1308
1309 return rv;
1310}
1311#endif
1312
1313static int wdm_pre_reset(struct usb_interface *intf)
1314{
1315 struct wdm_device *desc = wdm_find_device(intf);
1316
1317 /*
1318 * we notify everybody using poll of
1319 * an exceptional situation
1320 * must be done before recovery lest a spontaneous
1321 * message from the device is lost
1322 */
1323 spin_lock_irq(&desc->iuspin);
1324 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */
1325 set_bit(WDM_READ, &desc->flags); /* unblock read */
1326 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */
1327 desc->rerr = -EINTR;
1328 spin_unlock_irq(&desc->iuspin);
1329 wake_up_all(&desc->wait);
1330 mutex_lock(&desc->rlock);
1331 mutex_lock(&desc->wlock);
1332 poison_urbs(desc);
1333 cancel_work_sync(&desc->rxwork);
1334 cancel_work_sync(&desc->service_outs_intr);
1335 return 0;
1336}
1337
1338static int wdm_post_reset(struct usb_interface *intf)
1339{
1340 struct wdm_device *desc = wdm_find_device(intf);
1341 int rv;
1342
1343 unpoison_urbs(desc);
1344 clear_bit(WDM_OVERFLOW, &desc->flags);
1345 clear_bit(WDM_RESETTING, &desc->flags);
1346 rv = recover_from_urb_loss(desc);
1347 mutex_unlock(&desc->wlock);
1348 mutex_unlock(&desc->rlock);
1349 return rv;
1350}
1351
1352static struct usb_driver wdm_driver = {
1353 .name = "cdc_wdm",
1354 .probe = wdm_probe,
1355 .disconnect = wdm_disconnect,
1356#ifdef CONFIG_PM
1357 .suspend = wdm_suspend,
1358 .resume = wdm_resume,
1359 .reset_resume = wdm_resume,
1360#endif
1361 .pre_reset = wdm_pre_reset,
1362 .post_reset = wdm_post_reset,
1363 .id_table = wdm_ids,
1364 .supports_autosuspend = 1,
1365 .disable_hub_initiated_lpm = 1,
1366};
1367
1368module_usb_driver(wdm_driver);
1369
1370MODULE_AUTHOR(DRIVER_AUTHOR);
1371MODULE_DESCRIPTION(DRIVER_DESC);
1372MODULE_LICENSE("GPL");
1/*
2 * cdc-wdm.c
3 *
4 * This driver supports USB CDC WCM Device Management.
5 *
6 * Copyright (c) 2007-2009 Oliver Neukum
7 *
8 * Some code taken from cdc-acm.c
9 *
10 * Released under the GPLv2.
11 *
12 * Many thanks to Carl Nordbeck
13 */
14#include <linux/kernel.h>
15#include <linux/errno.h>
16#include <linux/ioctl.h>
17#include <linux/slab.h>
18#include <linux/module.h>
19#include <linux/mutex.h>
20#include <linux/uaccess.h>
21#include <linux/bitops.h>
22#include <linux/poll.h>
23#include <linux/usb.h>
24#include <linux/usb/cdc.h>
25#include <asm/byteorder.h>
26#include <asm/unaligned.h>
27#include <linux/usb/cdc-wdm.h>
28
29/*
30 * Version Information
31 */
32#define DRIVER_VERSION "v0.03"
33#define DRIVER_AUTHOR "Oliver Neukum"
34#define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
35
36static const struct usb_device_id wdm_ids[] = {
37 {
38 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
39 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
40 .bInterfaceClass = USB_CLASS_COMM,
41 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
42 },
43 { }
44};
45
46MODULE_DEVICE_TABLE (usb, wdm_ids);
47
48#define WDM_MINOR_BASE 176
49
50
51#define WDM_IN_USE 1
52#define WDM_DISCONNECTING 2
53#define WDM_RESULT 3
54#define WDM_READ 4
55#define WDM_INT_STALL 5
56#define WDM_POLL_RUNNING 6
57#define WDM_RESPONDING 7
58#define WDM_SUSPENDING 8
59#define WDM_RESETTING 9
60#define WDM_OVERFLOW 10
61
62#define WDM_MAX 16
63
64/* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
65#define WDM_DEFAULT_BUFSIZE 256
66
67static DEFINE_MUTEX(wdm_mutex);
68static DEFINE_SPINLOCK(wdm_device_list_lock);
69static LIST_HEAD(wdm_device_list);
70
71/* --- method tables --- */
72
73struct wdm_device {
74 u8 *inbuf; /* buffer for response */
75 u8 *outbuf; /* buffer for command */
76 u8 *sbuf; /* buffer for status */
77 u8 *ubuf; /* buffer for copy to user space */
78
79 struct urb *command;
80 struct urb *response;
81 struct urb *validity;
82 struct usb_interface *intf;
83 struct usb_ctrlrequest *orq;
84 struct usb_ctrlrequest *irq;
85 spinlock_t iuspin;
86
87 unsigned long flags;
88 u16 bufsize;
89 u16 wMaxCommand;
90 u16 wMaxPacketSize;
91 __le16 inum;
92 int reslength;
93 int length;
94 int read;
95 int count;
96 dma_addr_t shandle;
97 dma_addr_t ihandle;
98 struct mutex wlock;
99 struct mutex rlock;
100 wait_queue_head_t wait;
101 struct work_struct rxwork;
102 int werr;
103 int rerr;
104 int resp_count;
105
106 struct list_head device_list;
107 int (*manage_power)(struct usb_interface *, int);
108};
109
110static struct usb_driver wdm_driver;
111
112/* return intfdata if we own the interface, else look up intf in the list */
113static struct wdm_device *wdm_find_device(struct usb_interface *intf)
114{
115 struct wdm_device *desc;
116
117 spin_lock(&wdm_device_list_lock);
118 list_for_each_entry(desc, &wdm_device_list, device_list)
119 if (desc->intf == intf)
120 goto found;
121 desc = NULL;
122found:
123 spin_unlock(&wdm_device_list_lock);
124
125 return desc;
126}
127
128static struct wdm_device *wdm_find_device_by_minor(int minor)
129{
130 struct wdm_device *desc;
131
132 spin_lock(&wdm_device_list_lock);
133 list_for_each_entry(desc, &wdm_device_list, device_list)
134 if (desc->intf->minor == minor)
135 goto found;
136 desc = NULL;
137found:
138 spin_unlock(&wdm_device_list_lock);
139
140 return desc;
141}
142
143/* --- callbacks --- */
144static void wdm_out_callback(struct urb *urb)
145{
146 struct wdm_device *desc;
147 desc = urb->context;
148 spin_lock(&desc->iuspin);
149 desc->werr = urb->status;
150 spin_unlock(&desc->iuspin);
151 kfree(desc->outbuf);
152 desc->outbuf = NULL;
153 clear_bit(WDM_IN_USE, &desc->flags);
154 wake_up(&desc->wait);
155}
156
157static void wdm_in_callback(struct urb *urb)
158{
159 struct wdm_device *desc = urb->context;
160 int status = urb->status;
161 int length = urb->actual_length;
162
163 spin_lock(&desc->iuspin);
164 clear_bit(WDM_RESPONDING, &desc->flags);
165
166 if (status) {
167 switch (status) {
168 case -ENOENT:
169 dev_dbg(&desc->intf->dev,
170 "nonzero urb status received: -ENOENT");
171 goto skip_error;
172 case -ECONNRESET:
173 dev_dbg(&desc->intf->dev,
174 "nonzero urb status received: -ECONNRESET");
175 goto skip_error;
176 case -ESHUTDOWN:
177 dev_dbg(&desc->intf->dev,
178 "nonzero urb status received: -ESHUTDOWN");
179 goto skip_error;
180 case -EPIPE:
181 dev_err(&desc->intf->dev,
182 "nonzero urb status received: -EPIPE\n");
183 break;
184 default:
185 dev_err(&desc->intf->dev,
186 "Unexpected error %d\n", status);
187 break;
188 }
189 }
190
191 desc->rerr = status;
192 if (length + desc->length > desc->wMaxCommand) {
193 /* The buffer would overflow */
194 set_bit(WDM_OVERFLOW, &desc->flags);
195 } else {
196 /* we may already be in overflow */
197 if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
198 memmove(desc->ubuf + desc->length, desc->inbuf, length);
199 desc->length += length;
200 desc->reslength = length;
201 }
202 }
203skip_error:
204 wake_up(&desc->wait);
205
206 set_bit(WDM_READ, &desc->flags);
207 spin_unlock(&desc->iuspin);
208}
209
210static void wdm_int_callback(struct urb *urb)
211{
212 int rv = 0;
213 int responding;
214 int status = urb->status;
215 struct wdm_device *desc;
216 struct usb_cdc_notification *dr;
217
218 desc = urb->context;
219 dr = (struct usb_cdc_notification *)desc->sbuf;
220
221 if (status) {
222 switch (status) {
223 case -ESHUTDOWN:
224 case -ENOENT:
225 case -ECONNRESET:
226 return; /* unplug */
227 case -EPIPE:
228 set_bit(WDM_INT_STALL, &desc->flags);
229 dev_err(&desc->intf->dev, "Stall on int endpoint\n");
230 goto sw; /* halt is cleared in work */
231 default:
232 dev_err(&desc->intf->dev,
233 "nonzero urb status received: %d\n", status);
234 break;
235 }
236 }
237
238 if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
239 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
240 urb->actual_length);
241 goto exit;
242 }
243
244 switch (dr->bNotificationType) {
245 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
246 dev_dbg(&desc->intf->dev,
247 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d",
248 le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
249 break;
250
251 case USB_CDC_NOTIFY_NETWORK_CONNECTION:
252
253 dev_dbg(&desc->intf->dev,
254 "NOTIFY_NETWORK_CONNECTION %s network",
255 dr->wValue ? "connected to" : "disconnected from");
256 goto exit;
257 case USB_CDC_NOTIFY_SPEED_CHANGE:
258 dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)",
259 urb->actual_length);
260 goto exit;
261 default:
262 clear_bit(WDM_POLL_RUNNING, &desc->flags);
263 dev_err(&desc->intf->dev,
264 "unknown notification %d received: index %d len %d\n",
265 dr->bNotificationType,
266 le16_to_cpu(dr->wIndex),
267 le16_to_cpu(dr->wLength));
268 goto exit;
269 }
270
271 spin_lock(&desc->iuspin);
272 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
273 if (!desc->resp_count++ && !responding
274 && !test_bit(WDM_DISCONNECTING, &desc->flags)
275 && !test_bit(WDM_SUSPENDING, &desc->flags)) {
276 rv = usb_submit_urb(desc->response, GFP_ATOMIC);
277 dev_dbg(&desc->intf->dev, "%s: usb_submit_urb %d",
278 __func__, rv);
279 }
280 spin_unlock(&desc->iuspin);
281 if (rv < 0) {
282 clear_bit(WDM_RESPONDING, &desc->flags);
283 if (rv == -EPERM)
284 return;
285 if (rv == -ENOMEM) {
286sw:
287 rv = schedule_work(&desc->rxwork);
288 if (rv)
289 dev_err(&desc->intf->dev,
290 "Cannot schedule work\n");
291 }
292 }
293exit:
294 rv = usb_submit_urb(urb, GFP_ATOMIC);
295 if (rv)
296 dev_err(&desc->intf->dev,
297 "%s - usb_submit_urb failed with result %d\n",
298 __func__, rv);
299
300}
301
302static void kill_urbs(struct wdm_device *desc)
303{
304 /* the order here is essential */
305 usb_kill_urb(desc->command);
306 usb_kill_urb(desc->validity);
307 usb_kill_urb(desc->response);
308}
309
310static void free_urbs(struct wdm_device *desc)
311{
312 usb_free_urb(desc->validity);
313 usb_free_urb(desc->response);
314 usb_free_urb(desc->command);
315}
316
317static void cleanup(struct wdm_device *desc)
318{
319 kfree(desc->sbuf);
320 kfree(desc->inbuf);
321 kfree(desc->orq);
322 kfree(desc->irq);
323 kfree(desc->ubuf);
324 free_urbs(desc);
325 kfree(desc);
326}
327
328static ssize_t wdm_write
329(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
330{
331 u8 *buf;
332 int rv = -EMSGSIZE, r, we;
333 struct wdm_device *desc = file->private_data;
334 struct usb_ctrlrequest *req;
335
336 if (count > desc->wMaxCommand)
337 count = desc->wMaxCommand;
338
339 spin_lock_irq(&desc->iuspin);
340 we = desc->werr;
341 desc->werr = 0;
342 spin_unlock_irq(&desc->iuspin);
343 if (we < 0)
344 return usb_translate_errors(we);
345
346 buf = kmalloc(count, GFP_KERNEL);
347 if (!buf) {
348 rv = -ENOMEM;
349 goto outnl;
350 }
351
352 r = copy_from_user(buf, buffer, count);
353 if (r > 0) {
354 rv = -EFAULT;
355 goto out_free_mem;
356 }
357
358 /* concurrent writes and disconnect */
359 r = mutex_lock_interruptible(&desc->wlock);
360 rv = -ERESTARTSYS;
361 if (r)
362 goto out_free_mem;
363
364 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
365 rv = -ENODEV;
366 goto out_free_mem_lock;
367 }
368
369 r = usb_autopm_get_interface(desc->intf);
370 if (r < 0) {
371 rv = usb_translate_errors(r);
372 goto out_free_mem_lock;
373 }
374
375 if (!(file->f_flags & O_NONBLOCK))
376 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
377 &desc->flags));
378 else
379 if (test_bit(WDM_IN_USE, &desc->flags))
380 r = -EAGAIN;
381
382 if (test_bit(WDM_RESETTING, &desc->flags))
383 r = -EIO;
384
385 if (r < 0) {
386 rv = r;
387 goto out_free_mem_pm;
388 }
389
390 req = desc->orq;
391 usb_fill_control_urb(
392 desc->command,
393 interface_to_usbdev(desc->intf),
394 /* using common endpoint 0 */
395 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
396 (unsigned char *)req,
397 buf,
398 count,
399 wdm_out_callback,
400 desc
401 );
402
403 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
404 USB_RECIP_INTERFACE);
405 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
406 req->wValue = 0;
407 req->wIndex = desc->inum; /* already converted */
408 req->wLength = cpu_to_le16(count);
409 set_bit(WDM_IN_USE, &desc->flags);
410 desc->outbuf = buf;
411
412 rv = usb_submit_urb(desc->command, GFP_KERNEL);
413 if (rv < 0) {
414 desc->outbuf = NULL;
415 clear_bit(WDM_IN_USE, &desc->flags);
416 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
417 rv = usb_translate_errors(rv);
418 goto out_free_mem_pm;
419 } else {
420 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d",
421 le16_to_cpu(req->wIndex));
422 }
423
424 usb_autopm_put_interface(desc->intf);
425 mutex_unlock(&desc->wlock);
426outnl:
427 return rv < 0 ? rv : count;
428
429out_free_mem_pm:
430 usb_autopm_put_interface(desc->intf);
431out_free_mem_lock:
432 mutex_unlock(&desc->wlock);
433out_free_mem:
434 kfree(buf);
435 return rv;
436}
437
438/*
439 * clear WDM_READ flag and possibly submit the read urb if resp_count
440 * is non-zero.
441 *
442 * Called with desc->iuspin locked
443 */
444static int clear_wdm_read_flag(struct wdm_device *desc)
445{
446 int rv = 0;
447
448 clear_bit(WDM_READ, &desc->flags);
449
450 /* submit read urb only if the device is waiting for it */
451 if (!desc->resp_count || !--desc->resp_count)
452 goto out;
453
454 set_bit(WDM_RESPONDING, &desc->flags);
455 spin_unlock_irq(&desc->iuspin);
456 rv = usb_submit_urb(desc->response, GFP_KERNEL);
457 spin_lock_irq(&desc->iuspin);
458 if (rv) {
459 dev_err(&desc->intf->dev,
460 "usb_submit_urb failed with result %d\n", rv);
461
462 /* make sure the next notification trigger a submit */
463 clear_bit(WDM_RESPONDING, &desc->flags);
464 desc->resp_count = 0;
465 }
466out:
467 return rv;
468}
469
470static ssize_t wdm_read
471(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
472{
473 int rv, cntr;
474 int i = 0;
475 struct wdm_device *desc = file->private_data;
476
477
478 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
479 if (rv < 0)
480 return -ERESTARTSYS;
481
482 cntr = ACCESS_ONCE(desc->length);
483 if (cntr == 0) {
484 desc->read = 0;
485retry:
486 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
487 rv = -ENODEV;
488 goto err;
489 }
490 if (test_bit(WDM_OVERFLOW, &desc->flags)) {
491 clear_bit(WDM_OVERFLOW, &desc->flags);
492 rv = -ENOBUFS;
493 goto err;
494 }
495 i++;
496 if (file->f_flags & O_NONBLOCK) {
497 if (!test_bit(WDM_READ, &desc->flags)) {
498 rv = cntr ? cntr : -EAGAIN;
499 goto err;
500 }
501 rv = 0;
502 } else {
503 rv = wait_event_interruptible(desc->wait,
504 test_bit(WDM_READ, &desc->flags));
505 }
506
507 /* may have happened while we slept */
508 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
509 rv = -ENODEV;
510 goto err;
511 }
512 if (test_bit(WDM_RESETTING, &desc->flags)) {
513 rv = -EIO;
514 goto err;
515 }
516 usb_mark_last_busy(interface_to_usbdev(desc->intf));
517 if (rv < 0) {
518 rv = -ERESTARTSYS;
519 goto err;
520 }
521
522 spin_lock_irq(&desc->iuspin);
523
524 if (desc->rerr) { /* read completed, error happened */
525 rv = usb_translate_errors(desc->rerr);
526 desc->rerr = 0;
527 spin_unlock_irq(&desc->iuspin);
528 goto err;
529 }
530 /*
531 * recheck whether we've lost the race
532 * against the completion handler
533 */
534 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
535 spin_unlock_irq(&desc->iuspin);
536 goto retry;
537 }
538
539 if (!desc->reslength) { /* zero length read */
540 dev_dbg(&desc->intf->dev, "%s: zero length - clearing WDM_READ\n", __func__);
541 rv = clear_wdm_read_flag(desc);
542 spin_unlock_irq(&desc->iuspin);
543 if (rv < 0)
544 goto err;
545 goto retry;
546 }
547 cntr = desc->length;
548 spin_unlock_irq(&desc->iuspin);
549 }
550
551 if (cntr > count)
552 cntr = count;
553 rv = copy_to_user(buffer, desc->ubuf, cntr);
554 if (rv > 0) {
555 rv = -EFAULT;
556 goto err;
557 }
558
559 spin_lock_irq(&desc->iuspin);
560
561 for (i = 0; i < desc->length - cntr; i++)
562 desc->ubuf[i] = desc->ubuf[i + cntr];
563
564 desc->length -= cntr;
565 /* in case we had outstanding data */
566 if (!desc->length)
567 clear_wdm_read_flag(desc);
568 spin_unlock_irq(&desc->iuspin);
569 rv = cntr;
570
571err:
572 mutex_unlock(&desc->rlock);
573 return rv;
574}
575
576static int wdm_flush(struct file *file, fl_owner_t id)
577{
578 struct wdm_device *desc = file->private_data;
579
580 wait_event(desc->wait, !test_bit(WDM_IN_USE, &desc->flags));
581
582 /* cannot dereference desc->intf if WDM_DISCONNECTING */
583 if (desc->werr < 0 && !test_bit(WDM_DISCONNECTING, &desc->flags))
584 dev_err(&desc->intf->dev, "Error in flush path: %d\n",
585 desc->werr);
586
587 return usb_translate_errors(desc->werr);
588}
589
590static unsigned int wdm_poll(struct file *file, struct poll_table_struct *wait)
591{
592 struct wdm_device *desc = file->private_data;
593 unsigned long flags;
594 unsigned int mask = 0;
595
596 spin_lock_irqsave(&desc->iuspin, flags);
597 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
598 mask = POLLHUP | POLLERR;
599 spin_unlock_irqrestore(&desc->iuspin, flags);
600 goto desc_out;
601 }
602 if (test_bit(WDM_READ, &desc->flags))
603 mask = POLLIN | POLLRDNORM;
604 if (desc->rerr || desc->werr)
605 mask |= POLLERR;
606 if (!test_bit(WDM_IN_USE, &desc->flags))
607 mask |= POLLOUT | POLLWRNORM;
608 spin_unlock_irqrestore(&desc->iuspin, flags);
609
610 poll_wait(file, &desc->wait, wait);
611
612desc_out:
613 return mask;
614}
615
616static int wdm_open(struct inode *inode, struct file *file)
617{
618 int minor = iminor(inode);
619 int rv = -ENODEV;
620 struct usb_interface *intf;
621 struct wdm_device *desc;
622
623 mutex_lock(&wdm_mutex);
624 desc = wdm_find_device_by_minor(minor);
625 if (!desc)
626 goto out;
627
628 intf = desc->intf;
629 if (test_bit(WDM_DISCONNECTING, &desc->flags))
630 goto out;
631 file->private_data = desc;
632
633 rv = usb_autopm_get_interface(desc->intf);
634 if (rv < 0) {
635 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
636 goto out;
637 }
638
639 /* using write lock to protect desc->count */
640 mutex_lock(&desc->wlock);
641 if (!desc->count++) {
642 desc->werr = 0;
643 desc->rerr = 0;
644 rv = usb_submit_urb(desc->validity, GFP_KERNEL);
645 if (rv < 0) {
646 desc->count--;
647 dev_err(&desc->intf->dev,
648 "Error submitting int urb - %d\n", rv);
649 rv = usb_translate_errors(rv);
650 }
651 } else {
652 rv = 0;
653 }
654 mutex_unlock(&desc->wlock);
655 if (desc->count == 1)
656 desc->manage_power(intf, 1);
657 usb_autopm_put_interface(desc->intf);
658out:
659 mutex_unlock(&wdm_mutex);
660 return rv;
661}
662
663static int wdm_release(struct inode *inode, struct file *file)
664{
665 struct wdm_device *desc = file->private_data;
666
667 mutex_lock(&wdm_mutex);
668
669 /* using write lock to protect desc->count */
670 mutex_lock(&desc->wlock);
671 desc->count--;
672 mutex_unlock(&desc->wlock);
673
674 if (!desc->count) {
675 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
676 dev_dbg(&desc->intf->dev, "wdm_release: cleanup");
677 kill_urbs(desc);
678 spin_lock_irq(&desc->iuspin);
679 desc->resp_count = 0;
680 spin_unlock_irq(&desc->iuspin);
681 desc->manage_power(desc->intf, 0);
682 } else {
683 /* must avoid dev_printk here as desc->intf is invalid */
684 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
685 cleanup(desc);
686 }
687 }
688 mutex_unlock(&wdm_mutex);
689 return 0;
690}
691
692static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
693{
694 struct wdm_device *desc = file->private_data;
695 int rv = 0;
696
697 switch (cmd) {
698 case IOCTL_WDM_MAX_COMMAND:
699 if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
700 rv = -EFAULT;
701 break;
702 default:
703 rv = -ENOTTY;
704 }
705 return rv;
706}
707
708static const struct file_operations wdm_fops = {
709 .owner = THIS_MODULE,
710 .read = wdm_read,
711 .write = wdm_write,
712 .open = wdm_open,
713 .flush = wdm_flush,
714 .release = wdm_release,
715 .poll = wdm_poll,
716 .unlocked_ioctl = wdm_ioctl,
717 .compat_ioctl = wdm_ioctl,
718 .llseek = noop_llseek,
719};
720
721static struct usb_class_driver wdm_class = {
722 .name = "cdc-wdm%d",
723 .fops = &wdm_fops,
724 .minor_base = WDM_MINOR_BASE,
725};
726
727/* --- error handling --- */
728static void wdm_rxwork(struct work_struct *work)
729{
730 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
731 unsigned long flags;
732 int rv = 0;
733 int responding;
734
735 spin_lock_irqsave(&desc->iuspin, flags);
736 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
737 spin_unlock_irqrestore(&desc->iuspin, flags);
738 } else {
739 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
740 spin_unlock_irqrestore(&desc->iuspin, flags);
741 if (!responding)
742 rv = usb_submit_urb(desc->response, GFP_KERNEL);
743 if (rv < 0 && rv != -EPERM) {
744 spin_lock_irqsave(&desc->iuspin, flags);
745 clear_bit(WDM_RESPONDING, &desc->flags);
746 if (!test_bit(WDM_DISCONNECTING, &desc->flags))
747 schedule_work(&desc->rxwork);
748 spin_unlock_irqrestore(&desc->iuspin, flags);
749 }
750 }
751}
752
753/* --- hotplug --- */
754
755static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
756 u16 bufsize, int (*manage_power)(struct usb_interface *, int))
757{
758 int rv = -ENOMEM;
759 struct wdm_device *desc;
760
761 desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
762 if (!desc)
763 goto out;
764 INIT_LIST_HEAD(&desc->device_list);
765 mutex_init(&desc->rlock);
766 mutex_init(&desc->wlock);
767 spin_lock_init(&desc->iuspin);
768 init_waitqueue_head(&desc->wait);
769 desc->wMaxCommand = bufsize;
770 /* this will be expanded and needed in hardware endianness */
771 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
772 desc->intf = intf;
773 INIT_WORK(&desc->rxwork, wdm_rxwork);
774
775 rv = -EINVAL;
776 if (!usb_endpoint_is_int_in(ep))
777 goto err;
778
779 desc->wMaxPacketSize = usb_endpoint_maxp(ep);
780
781 desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
782 if (!desc->orq)
783 goto err;
784 desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
785 if (!desc->irq)
786 goto err;
787
788 desc->validity = usb_alloc_urb(0, GFP_KERNEL);
789 if (!desc->validity)
790 goto err;
791
792 desc->response = usb_alloc_urb(0, GFP_KERNEL);
793 if (!desc->response)
794 goto err;
795
796 desc->command = usb_alloc_urb(0, GFP_KERNEL);
797 if (!desc->command)
798 goto err;
799
800 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
801 if (!desc->ubuf)
802 goto err;
803
804 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
805 if (!desc->sbuf)
806 goto err;
807
808 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
809 if (!desc->inbuf)
810 goto err;
811
812 usb_fill_int_urb(
813 desc->validity,
814 interface_to_usbdev(intf),
815 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
816 desc->sbuf,
817 desc->wMaxPacketSize,
818 wdm_int_callback,
819 desc,
820 ep->bInterval
821 );
822
823 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
824 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
825 desc->irq->wValue = 0;
826 desc->irq->wIndex = desc->inum; /* already converted */
827 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
828
829 usb_fill_control_urb(
830 desc->response,
831 interface_to_usbdev(intf),
832 /* using common endpoint 0 */
833 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
834 (unsigned char *)desc->irq,
835 desc->inbuf,
836 desc->wMaxCommand,
837 wdm_in_callback,
838 desc
839 );
840
841 desc->manage_power = manage_power;
842
843 spin_lock(&wdm_device_list_lock);
844 list_add(&desc->device_list, &wdm_device_list);
845 spin_unlock(&wdm_device_list_lock);
846
847 rv = usb_register_dev(intf, &wdm_class);
848 if (rv < 0)
849 goto err;
850 else
851 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
852out:
853 return rv;
854err:
855 spin_lock(&wdm_device_list_lock);
856 list_del(&desc->device_list);
857 spin_unlock(&wdm_device_list_lock);
858 cleanup(desc);
859 return rv;
860}
861
862static int wdm_manage_power(struct usb_interface *intf, int on)
863{
864 /* need autopm_get/put here to ensure the usbcore sees the new value */
865 int rv = usb_autopm_get_interface(intf);
866
867 intf->needs_remote_wakeup = on;
868 if (!rv)
869 usb_autopm_put_interface(intf);
870 return 0;
871}
872
873static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
874{
875 int rv = -EINVAL;
876 struct usb_host_interface *iface;
877 struct usb_endpoint_descriptor *ep;
878 struct usb_cdc_dmm_desc *dmhd;
879 u8 *buffer = intf->altsetting->extra;
880 int buflen = intf->altsetting->extralen;
881 u16 maxcom = WDM_DEFAULT_BUFSIZE;
882
883 if (!buffer)
884 goto err;
885 while (buflen > 2) {
886 if (buffer[1] != USB_DT_CS_INTERFACE) {
887 dev_err(&intf->dev, "skipping garbage\n");
888 goto next_desc;
889 }
890
891 switch (buffer[2]) {
892 case USB_CDC_HEADER_TYPE:
893 break;
894 case USB_CDC_DMM_TYPE:
895 dmhd = (struct usb_cdc_dmm_desc *)buffer;
896 maxcom = le16_to_cpu(dmhd->wMaxCommand);
897 dev_dbg(&intf->dev,
898 "Finding maximum buffer length: %d", maxcom);
899 break;
900 default:
901 dev_err(&intf->dev,
902 "Ignoring extra header, type %d, length %d\n",
903 buffer[2], buffer[0]);
904 break;
905 }
906next_desc:
907 buflen -= buffer[0];
908 buffer += buffer[0];
909 }
910
911 iface = intf->cur_altsetting;
912 if (iface->desc.bNumEndpoints != 1)
913 goto err;
914 ep = &iface->endpoint[0].desc;
915
916 rv = wdm_create(intf, ep, maxcom, &wdm_manage_power);
917
918err:
919 return rv;
920}
921
922/**
923 * usb_cdc_wdm_register - register a WDM subdriver
924 * @intf: usb interface the subdriver will associate with
925 * @ep: interrupt endpoint to monitor for notifications
926 * @bufsize: maximum message size to support for read/write
927 *
928 * Create WDM usb class character device and associate it with intf
929 * without binding, allowing another driver to manage the interface.
930 *
931 * The subdriver will manage the given interrupt endpoint exclusively
932 * and will issue control requests referring to the given intf. It
933 * will otherwise avoid interferring, and in particular not do
934 * usb_set_intfdata/usb_get_intfdata on intf.
935 *
936 * The return value is a pointer to the subdriver's struct usb_driver.
937 * The registering driver is responsible for calling this subdriver's
938 * disconnect, suspend, resume, pre_reset and post_reset methods from
939 * its own.
940 */
941struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
942 struct usb_endpoint_descriptor *ep,
943 int bufsize,
944 int (*manage_power)(struct usb_interface *, int))
945{
946 int rv = -EINVAL;
947
948 rv = wdm_create(intf, ep, bufsize, manage_power);
949 if (rv < 0)
950 goto err;
951
952 return &wdm_driver;
953err:
954 return ERR_PTR(rv);
955}
956EXPORT_SYMBOL(usb_cdc_wdm_register);
957
958static void wdm_disconnect(struct usb_interface *intf)
959{
960 struct wdm_device *desc;
961 unsigned long flags;
962
963 usb_deregister_dev(intf, &wdm_class);
964 desc = wdm_find_device(intf);
965 mutex_lock(&wdm_mutex);
966
967 /* the spinlock makes sure no new urbs are generated in the callbacks */
968 spin_lock_irqsave(&desc->iuspin, flags);
969 set_bit(WDM_DISCONNECTING, &desc->flags);
970 set_bit(WDM_READ, &desc->flags);
971 /* to terminate pending flushes */
972 clear_bit(WDM_IN_USE, &desc->flags);
973 spin_unlock_irqrestore(&desc->iuspin, flags);
974 wake_up_all(&desc->wait);
975 mutex_lock(&desc->rlock);
976 mutex_lock(&desc->wlock);
977 kill_urbs(desc);
978 cancel_work_sync(&desc->rxwork);
979 mutex_unlock(&desc->wlock);
980 mutex_unlock(&desc->rlock);
981
982 /* the desc->intf pointer used as list key is now invalid */
983 spin_lock(&wdm_device_list_lock);
984 list_del(&desc->device_list);
985 spin_unlock(&wdm_device_list_lock);
986
987 if (!desc->count)
988 cleanup(desc);
989 else
990 dev_dbg(&intf->dev, "%s: %d open files - postponing cleanup\n", __func__, desc->count);
991 mutex_unlock(&wdm_mutex);
992}
993
994#ifdef CONFIG_PM
995static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
996{
997 struct wdm_device *desc = wdm_find_device(intf);
998 int rv = 0;
999
1000 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1001
1002 /* if this is an autosuspend the caller does the locking */
1003 if (!PMSG_IS_AUTO(message)) {
1004 mutex_lock(&desc->rlock);
1005 mutex_lock(&desc->wlock);
1006 }
1007 spin_lock_irq(&desc->iuspin);
1008
1009 if (PMSG_IS_AUTO(message) &&
1010 (test_bit(WDM_IN_USE, &desc->flags)
1011 || test_bit(WDM_RESPONDING, &desc->flags))) {
1012 spin_unlock_irq(&desc->iuspin);
1013 rv = -EBUSY;
1014 } else {
1015
1016 set_bit(WDM_SUSPENDING, &desc->flags);
1017 spin_unlock_irq(&desc->iuspin);
1018 /* callback submits work - order is essential */
1019 kill_urbs(desc);
1020 cancel_work_sync(&desc->rxwork);
1021 }
1022 if (!PMSG_IS_AUTO(message)) {
1023 mutex_unlock(&desc->wlock);
1024 mutex_unlock(&desc->rlock);
1025 }
1026
1027 return rv;
1028}
1029#endif
1030
1031static int recover_from_urb_loss(struct wdm_device *desc)
1032{
1033 int rv = 0;
1034
1035 if (desc->count) {
1036 rv = usb_submit_urb(desc->validity, GFP_NOIO);
1037 if (rv < 0)
1038 dev_err(&desc->intf->dev,
1039 "Error resume submitting int urb - %d\n", rv);
1040 }
1041 return rv;
1042}
1043
1044#ifdef CONFIG_PM
1045static int wdm_resume(struct usb_interface *intf)
1046{
1047 struct wdm_device *desc = wdm_find_device(intf);
1048 int rv;
1049
1050 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1051
1052 clear_bit(WDM_SUSPENDING, &desc->flags);
1053 rv = recover_from_urb_loss(desc);
1054
1055 return rv;
1056}
1057#endif
1058
1059static int wdm_pre_reset(struct usb_interface *intf)
1060{
1061 struct wdm_device *desc = wdm_find_device(intf);
1062
1063 /*
1064 * we notify everybody using poll of
1065 * an exceptional situation
1066 * must be done before recovery lest a spontaneous
1067 * message from the device is lost
1068 */
1069 spin_lock_irq(&desc->iuspin);
1070 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */
1071 set_bit(WDM_READ, &desc->flags); /* unblock read */
1072 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */
1073 desc->rerr = -EINTR;
1074 spin_unlock_irq(&desc->iuspin);
1075 wake_up_all(&desc->wait);
1076 mutex_lock(&desc->rlock);
1077 mutex_lock(&desc->wlock);
1078 kill_urbs(desc);
1079 cancel_work_sync(&desc->rxwork);
1080 return 0;
1081}
1082
1083static int wdm_post_reset(struct usb_interface *intf)
1084{
1085 struct wdm_device *desc = wdm_find_device(intf);
1086 int rv;
1087
1088 clear_bit(WDM_OVERFLOW, &desc->flags);
1089 clear_bit(WDM_RESETTING, &desc->flags);
1090 rv = recover_from_urb_loss(desc);
1091 mutex_unlock(&desc->wlock);
1092 mutex_unlock(&desc->rlock);
1093 return 0;
1094}
1095
1096static struct usb_driver wdm_driver = {
1097 .name = "cdc_wdm",
1098 .probe = wdm_probe,
1099 .disconnect = wdm_disconnect,
1100#ifdef CONFIG_PM
1101 .suspend = wdm_suspend,
1102 .resume = wdm_resume,
1103 .reset_resume = wdm_resume,
1104#endif
1105 .pre_reset = wdm_pre_reset,
1106 .post_reset = wdm_post_reset,
1107 .id_table = wdm_ids,
1108 .supports_autosuspend = 1,
1109 .disable_hub_initiated_lpm = 1,
1110};
1111
1112module_usb_driver(wdm_driver);
1113
1114MODULE_AUTHOR(DRIVER_AUTHOR);
1115MODULE_DESCRIPTION(DRIVER_DESC);
1116MODULE_LICENSE("GPL");