• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * cdc-wdm.c
4  *
5  * This driver supports USB CDC WCM Device Management.
6  *
7  * Copyright (c) 2007-2009 Oliver Neukum
8  *
9  * Some code taken from cdc-acm.c
10  *
11  * Released under the GPLv2.
12  *
13  * Many thanks to Carl Nordbeck
14  */
15 #include <linux/kernel.h>
16 #include <linux/errno.h>
17 #include <linux/ioctl.h>
18 #include <linux/slab.h>
19 #include <linux/module.h>
20 #include <linux/mutex.h>
21 #include <linux/uaccess.h>
22 #include <linux/bitops.h>
23 #include <linux/poll.h>
24 #include <linux/usb.h>
25 #include <linux/usb/cdc.h>
26 #include <asm/byteorder.h>
27 #include <asm/unaligned.h>
28 #include <linux/usb/cdc-wdm.h>
29 
30 #define DRIVER_AUTHOR "Oliver Neukum"
31 #define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
32 
33 static const struct usb_device_id wdm_ids[] = {
34 	{
35 		.match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
36 				 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
37 		.bInterfaceClass = USB_CLASS_COMM,
38 		.bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
39 	},
40 	{ }
41 };
42 
43 MODULE_DEVICE_TABLE (usb, wdm_ids);
44 
45 #define WDM_MINOR_BASE	176
46 
47 
48 #define WDM_IN_USE		1
49 #define WDM_DISCONNECTING	2
50 #define WDM_RESULT		3
51 #define WDM_READ		4
52 #define WDM_INT_STALL		5
53 #define WDM_POLL_RUNNING	6
54 #define WDM_RESPONDING		7
55 #define WDM_SUSPENDING		8
56 #define WDM_RESETTING		9
57 #define WDM_OVERFLOW		10
58 
59 #define WDM_MAX			16
60 
61 /* we cannot wait forever at flush() */
62 #define WDM_FLUSH_TIMEOUT	(30 * HZ)
63 
64 /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
65 #define WDM_DEFAULT_BUFSIZE	256
66 
67 static DEFINE_MUTEX(wdm_mutex);
68 static DEFINE_SPINLOCK(wdm_device_list_lock);
69 static LIST_HEAD(wdm_device_list);
70 
71 /* --- method tables --- */
72 
73 struct wdm_device {
74 	u8			*inbuf; /* buffer for response */
75 	u8			*outbuf; /* buffer for command */
76 	u8			*sbuf; /* buffer for status */
77 	u8			*ubuf; /* buffer for copy to user space */
78 
79 	struct urb		*command;
80 	struct urb		*response;
81 	struct urb		*validity;
82 	struct usb_interface	*intf;
83 	struct usb_ctrlrequest	*orq;
84 	struct usb_ctrlrequest	*irq;
85 	spinlock_t		iuspin;
86 
87 	unsigned long		flags;
88 	u16			bufsize;
89 	u16			wMaxCommand;
90 	u16			wMaxPacketSize;
91 	__le16			inum;
92 	int			reslength;
93 	int			length;
94 	int			read;
95 	int			count;
96 	dma_addr_t		shandle;
97 	dma_addr_t		ihandle;
98 	struct mutex		wlock;
99 	struct mutex		rlock;
100 	wait_queue_head_t	wait;
101 	struct work_struct	rxwork;
102 	struct work_struct	service_outs_intr;
103 	int			werr;
104 	int			rerr;
105 	int                     resp_count;
106 
107 	struct list_head	device_list;
108 	int			(*manage_power)(struct usb_interface *, int);
109 };
110 
111 static struct usb_driver wdm_driver;
112 
113 /* return intfdata if we own the interface, else look up intf in the list */
wdm_find_device(struct usb_interface * intf)114 static struct wdm_device *wdm_find_device(struct usb_interface *intf)
115 {
116 	struct wdm_device *desc;
117 
118 	spin_lock(&wdm_device_list_lock);
119 	list_for_each_entry(desc, &wdm_device_list, device_list)
120 		if (desc->intf == intf)
121 			goto found;
122 	desc = NULL;
123 found:
124 	spin_unlock(&wdm_device_list_lock);
125 
126 	return desc;
127 }
128 
wdm_find_device_by_minor(int minor)129 static struct wdm_device *wdm_find_device_by_minor(int minor)
130 {
131 	struct wdm_device *desc;
132 
133 	spin_lock(&wdm_device_list_lock);
134 	list_for_each_entry(desc, &wdm_device_list, device_list)
135 		if (desc->intf->minor == minor)
136 			goto found;
137 	desc = NULL;
138 found:
139 	spin_unlock(&wdm_device_list_lock);
140 
141 	return desc;
142 }
143 
144 /* --- callbacks --- */
wdm_out_callback(struct urb * urb)145 static void wdm_out_callback(struct urb *urb)
146 {
147 	struct wdm_device *desc;
148 	unsigned long flags;
149 
150 	desc = urb->context;
151 	spin_lock_irqsave(&desc->iuspin, flags);
152 	desc->werr = urb->status;
153 	spin_unlock_irqrestore(&desc->iuspin, flags);
154 	kfree(desc->outbuf);
155 	desc->outbuf = NULL;
156 	clear_bit(WDM_IN_USE, &desc->flags);
157 	wake_up_all(&desc->wait);
158 }
159 
wdm_in_callback(struct urb * urb)160 static void wdm_in_callback(struct urb *urb)
161 {
162 	unsigned long flags;
163 	struct wdm_device *desc = urb->context;
164 	int status = urb->status;
165 	int length = urb->actual_length;
166 
167 	spin_lock_irqsave(&desc->iuspin, flags);
168 	clear_bit(WDM_RESPONDING, &desc->flags);
169 
170 	if (status) {
171 		switch (status) {
172 		case -ENOENT:
173 			dev_dbg(&desc->intf->dev,
174 				"nonzero urb status received: -ENOENT\n");
175 			goto skip_error;
176 		case -ECONNRESET:
177 			dev_dbg(&desc->intf->dev,
178 				"nonzero urb status received: -ECONNRESET\n");
179 			goto skip_error;
180 		case -ESHUTDOWN:
181 			dev_dbg(&desc->intf->dev,
182 				"nonzero urb status received: -ESHUTDOWN\n");
183 			goto skip_error;
184 		case -EPIPE:
185 			dev_err(&desc->intf->dev,
186 				"nonzero urb status received: -EPIPE\n");
187 			break;
188 		default:
189 			dev_err(&desc->intf->dev,
190 				"Unexpected error %d\n", status);
191 			break;
192 		}
193 	}
194 
195 	/*
196 	 * only set a new error if there is no previous error.
197 	 * Errors are only cleared during read/open
198 	 * Avoid propagating -EPIPE (stall) to userspace since it is
199 	 * better handled as an empty read
200 	 */
201 	if (desc->rerr == 0 && status != -EPIPE)
202 		desc->rerr = status;
203 
204 	if (length + desc->length > desc->wMaxCommand) {
205 		/* The buffer would overflow */
206 		set_bit(WDM_OVERFLOW, &desc->flags);
207 	} else {
208 		/* we may already be in overflow */
209 		if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
210 			memmove(desc->ubuf + desc->length, desc->inbuf, length);
211 			desc->length += length;
212 			desc->reslength = length;
213 		}
214 	}
215 skip_error:
216 
217 	if (desc->rerr) {
218 		/*
219 		 * Since there was an error, userspace may decide to not read
220 		 * any data after poll'ing.
221 		 * We should respond to further attempts from the device to send
222 		 * data, so that we can get unstuck.
223 		 */
224 		schedule_work(&desc->service_outs_intr);
225 	} else {
226 		set_bit(WDM_READ, &desc->flags);
227 		wake_up(&desc->wait);
228 	}
229 	spin_unlock_irqrestore(&desc->iuspin, flags);
230 }
231 
wdm_int_callback(struct urb * urb)232 static void wdm_int_callback(struct urb *urb)
233 {
234 	unsigned long flags;
235 	int rv = 0;
236 	int responding;
237 	int status = urb->status;
238 	struct wdm_device *desc;
239 	struct usb_cdc_notification *dr;
240 
241 	desc = urb->context;
242 	dr = (struct usb_cdc_notification *)desc->sbuf;
243 
244 	if (status) {
245 		switch (status) {
246 		case -ESHUTDOWN:
247 		case -ENOENT:
248 		case -ECONNRESET:
249 			return; /* unplug */
250 		case -EPIPE:
251 			set_bit(WDM_INT_STALL, &desc->flags);
252 			dev_err(&desc->intf->dev, "Stall on int endpoint\n");
253 			goto sw; /* halt is cleared in work */
254 		default:
255 			dev_err(&desc->intf->dev,
256 				"nonzero urb status received: %d\n", status);
257 			break;
258 		}
259 	}
260 
261 	if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
262 		dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
263 			urb->actual_length);
264 		goto exit;
265 	}
266 
267 	switch (dr->bNotificationType) {
268 	case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
269 		dev_dbg(&desc->intf->dev,
270 			"NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n",
271 			le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
272 		break;
273 
274 	case USB_CDC_NOTIFY_NETWORK_CONNECTION:
275 
276 		dev_dbg(&desc->intf->dev,
277 			"NOTIFY_NETWORK_CONNECTION %s network\n",
278 			dr->wValue ? "connected to" : "disconnected from");
279 		goto exit;
280 	case USB_CDC_NOTIFY_SPEED_CHANGE:
281 		dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n",
282 			urb->actual_length);
283 		goto exit;
284 	default:
285 		clear_bit(WDM_POLL_RUNNING, &desc->flags);
286 		dev_err(&desc->intf->dev,
287 			"unknown notification %d received: index %d len %d\n",
288 			dr->bNotificationType,
289 			le16_to_cpu(dr->wIndex),
290 			le16_to_cpu(dr->wLength));
291 		goto exit;
292 	}
293 
294 	spin_lock_irqsave(&desc->iuspin, flags);
295 	responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
296 	if (!desc->resp_count++ && !responding
297 		&& !test_bit(WDM_DISCONNECTING, &desc->flags)
298 		&& !test_bit(WDM_SUSPENDING, &desc->flags)) {
299 		rv = usb_submit_urb(desc->response, GFP_ATOMIC);
300 		dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv);
301 	}
302 	spin_unlock_irqrestore(&desc->iuspin, flags);
303 	if (rv < 0) {
304 		clear_bit(WDM_RESPONDING, &desc->flags);
305 		if (rv == -EPERM)
306 			return;
307 		if (rv == -ENOMEM) {
308 sw:
309 			rv = schedule_work(&desc->rxwork);
310 			if (rv)
311 				dev_err(&desc->intf->dev,
312 					"Cannot schedule work\n");
313 		}
314 	}
315 exit:
316 	rv = usb_submit_urb(urb, GFP_ATOMIC);
317 	if (rv)
318 		dev_err(&desc->intf->dev,
319 			"%s - usb_submit_urb failed with result %d\n",
320 			__func__, rv);
321 
322 }
323 
kill_urbs(struct wdm_device * desc)324 static void kill_urbs(struct wdm_device *desc)
325 {
326 	/* the order here is essential */
327 	usb_kill_urb(desc->command);
328 	usb_kill_urb(desc->validity);
329 	usb_kill_urb(desc->response);
330 }
331 
free_urbs(struct wdm_device * desc)332 static void free_urbs(struct wdm_device *desc)
333 {
334 	usb_free_urb(desc->validity);
335 	usb_free_urb(desc->response);
336 	usb_free_urb(desc->command);
337 }
338 
cleanup(struct wdm_device * desc)339 static void cleanup(struct wdm_device *desc)
340 {
341 	kfree(desc->sbuf);
342 	kfree(desc->inbuf);
343 	kfree(desc->orq);
344 	kfree(desc->irq);
345 	kfree(desc->ubuf);
346 	free_urbs(desc);
347 	kfree(desc);
348 }
349 
wdm_write(struct file * file,const char __user * buffer,size_t count,loff_t * ppos)350 static ssize_t wdm_write
351 (struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
352 {
353 	u8 *buf;
354 	int rv = -EMSGSIZE, r, we;
355 	struct wdm_device *desc = file->private_data;
356 	struct usb_ctrlrequest *req;
357 
358 	if (count > desc->wMaxCommand)
359 		count = desc->wMaxCommand;
360 
361 	spin_lock_irq(&desc->iuspin);
362 	we = desc->werr;
363 	desc->werr = 0;
364 	spin_unlock_irq(&desc->iuspin);
365 	if (we < 0)
366 		return usb_translate_errors(we);
367 
368 	buf = memdup_user(buffer, count);
369 	if (IS_ERR(buf))
370 		return PTR_ERR(buf);
371 
372 	/* concurrent writes and disconnect */
373 	r = mutex_lock_interruptible(&desc->wlock);
374 	rv = -ERESTARTSYS;
375 	if (r)
376 		goto out_free_mem;
377 
378 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
379 		rv = -ENODEV;
380 		goto out_free_mem_lock;
381 	}
382 
383 	r = usb_autopm_get_interface(desc->intf);
384 	if (r < 0) {
385 		rv = usb_translate_errors(r);
386 		goto out_free_mem_lock;
387 	}
388 
389 	if (!(file->f_flags & O_NONBLOCK))
390 		r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
391 								&desc->flags));
392 	else
393 		if (test_bit(WDM_IN_USE, &desc->flags))
394 			r = -EAGAIN;
395 
396 	if (test_bit(WDM_RESETTING, &desc->flags))
397 		r = -EIO;
398 
399 	if (test_bit(WDM_DISCONNECTING, &desc->flags))
400 		r = -ENODEV;
401 
402 	if (r < 0) {
403 		rv = r;
404 		goto out_free_mem_pm;
405 	}
406 
407 	req = desc->orq;
408 	usb_fill_control_urb(
409 		desc->command,
410 		interface_to_usbdev(desc->intf),
411 		/* using common endpoint 0 */
412 		usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
413 		(unsigned char *)req,
414 		buf,
415 		count,
416 		wdm_out_callback,
417 		desc
418 	);
419 
420 	req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
421 			     USB_RECIP_INTERFACE);
422 	req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
423 	req->wValue = 0;
424 	req->wIndex = desc->inum; /* already converted */
425 	req->wLength = cpu_to_le16(count);
426 	set_bit(WDM_IN_USE, &desc->flags);
427 	desc->outbuf = buf;
428 
429 	rv = usb_submit_urb(desc->command, GFP_KERNEL);
430 	if (rv < 0) {
431 		desc->outbuf = NULL;
432 		clear_bit(WDM_IN_USE, &desc->flags);
433 		wake_up_all(&desc->wait); /* for wdm_wait_for_response() */
434 		dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
435 		rv = usb_translate_errors(rv);
436 		goto out_free_mem_pm;
437 	} else {
438 		dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n",
439 			le16_to_cpu(req->wIndex));
440 	}
441 
442 	usb_autopm_put_interface(desc->intf);
443 	mutex_unlock(&desc->wlock);
444 	return count;
445 
446 out_free_mem_pm:
447 	usb_autopm_put_interface(desc->intf);
448 out_free_mem_lock:
449 	mutex_unlock(&desc->wlock);
450 out_free_mem:
451 	kfree(buf);
452 	return rv;
453 }
454 
455 /*
456  * Submit the read urb if resp_count is non-zero.
457  *
458  * Called with desc->iuspin locked
459  */
service_outstanding_interrupt(struct wdm_device * desc)460 static int service_outstanding_interrupt(struct wdm_device *desc)
461 {
462 	int rv = 0;
463 
464 	/* submit read urb only if the device is waiting for it */
465 	if (!desc->resp_count || !--desc->resp_count)
466 		goto out;
467 
468 	set_bit(WDM_RESPONDING, &desc->flags);
469 	spin_unlock_irq(&desc->iuspin);
470 	rv = usb_submit_urb(desc->response, GFP_KERNEL);
471 	spin_lock_irq(&desc->iuspin);
472 	if (rv) {
473 		dev_err(&desc->intf->dev,
474 			"usb_submit_urb failed with result %d\n", rv);
475 
476 		/* make sure the next notification trigger a submit */
477 		clear_bit(WDM_RESPONDING, &desc->flags);
478 		desc->resp_count = 0;
479 	}
480 out:
481 	return rv;
482 }
483 
wdm_read(struct file * file,char __user * buffer,size_t count,loff_t * ppos)484 static ssize_t wdm_read
485 (struct file *file, char __user *buffer, size_t count, loff_t *ppos)
486 {
487 	int rv, cntr;
488 	int i = 0;
489 	struct wdm_device *desc = file->private_data;
490 
491 
492 	rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
493 	if (rv < 0)
494 		return -ERESTARTSYS;
495 
496 	cntr = READ_ONCE(desc->length);
497 	if (cntr == 0) {
498 		desc->read = 0;
499 retry:
500 		if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
501 			rv = -ENODEV;
502 			goto err;
503 		}
504 		if (test_bit(WDM_OVERFLOW, &desc->flags)) {
505 			clear_bit(WDM_OVERFLOW, &desc->flags);
506 			rv = -ENOBUFS;
507 			goto err;
508 		}
509 		i++;
510 		if (file->f_flags & O_NONBLOCK) {
511 			if (!test_bit(WDM_READ, &desc->flags)) {
512 				rv = -EAGAIN;
513 				goto err;
514 			}
515 			rv = 0;
516 		} else {
517 			rv = wait_event_interruptible(desc->wait,
518 				test_bit(WDM_READ, &desc->flags));
519 		}
520 
521 		/* may have happened while we slept */
522 		if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
523 			rv = -ENODEV;
524 			goto err;
525 		}
526 		if (test_bit(WDM_RESETTING, &desc->flags)) {
527 			rv = -EIO;
528 			goto err;
529 		}
530 		usb_mark_last_busy(interface_to_usbdev(desc->intf));
531 		if (rv < 0) {
532 			rv = -ERESTARTSYS;
533 			goto err;
534 		}
535 
536 		spin_lock_irq(&desc->iuspin);
537 
538 		if (desc->rerr) { /* read completed, error happened */
539 			rv = usb_translate_errors(desc->rerr);
540 			desc->rerr = 0;
541 			spin_unlock_irq(&desc->iuspin);
542 			goto err;
543 		}
544 		/*
545 		 * recheck whether we've lost the race
546 		 * against the completion handler
547 		 */
548 		if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
549 			spin_unlock_irq(&desc->iuspin);
550 			goto retry;
551 		}
552 
553 		if (!desc->reslength) { /* zero length read */
554 			dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n");
555 			clear_bit(WDM_READ, &desc->flags);
556 			rv = service_outstanding_interrupt(desc);
557 			spin_unlock_irq(&desc->iuspin);
558 			if (rv < 0)
559 				goto err;
560 			goto retry;
561 		}
562 		cntr = desc->length;
563 		spin_unlock_irq(&desc->iuspin);
564 	}
565 
566 	if (cntr > count)
567 		cntr = count;
568 	rv = copy_to_user(buffer, desc->ubuf, cntr);
569 	if (rv > 0) {
570 		rv = -EFAULT;
571 		goto err;
572 	}
573 
574 	spin_lock_irq(&desc->iuspin);
575 
576 	for (i = 0; i < desc->length - cntr; i++)
577 		desc->ubuf[i] = desc->ubuf[i + cntr];
578 
579 	desc->length -= cntr;
580 	/* in case we had outstanding data */
581 	if (!desc->length) {
582 		clear_bit(WDM_READ, &desc->flags);
583 		service_outstanding_interrupt(desc);
584 	}
585 	spin_unlock_irq(&desc->iuspin);
586 	rv = cntr;
587 
588 err:
589 	mutex_unlock(&desc->rlock);
590 	return rv;
591 }
592 
wdm_wait_for_response(struct file * file,long timeout)593 static int wdm_wait_for_response(struct file *file, long timeout)
594 {
595 	struct wdm_device *desc = file->private_data;
596 	long rv; /* Use long here because (int) MAX_SCHEDULE_TIMEOUT < 0. */
597 
598 	/*
599 	 * Needs both flags. We cannot do with one because resetting it would
600 	 * cause a race with write() yet we need to signal a disconnect.
601 	 */
602 	rv = wait_event_interruptible_timeout(desc->wait,
603 			      !test_bit(WDM_IN_USE, &desc->flags) ||
604 			      test_bit(WDM_DISCONNECTING, &desc->flags),
605 			      timeout);
606 
607 	/*
608 	 * To report the correct error. This is best effort.
609 	 * We are inevitably racing with the hardware.
610 	 */
611 	if (test_bit(WDM_DISCONNECTING, &desc->flags))
612 		return -ENODEV;
613 	if (!rv)
614 		return -EIO;
615 	if (rv < 0)
616 		return -EINTR;
617 
618 	spin_lock_irq(&desc->iuspin);
619 	rv = desc->werr;
620 	desc->werr = 0;
621 	spin_unlock_irq(&desc->iuspin);
622 
623 	return usb_translate_errors(rv);
624 
625 }
626 
627 /*
628  * You need to send a signal when you react to malicious or defective hardware.
629  * Also, don't abort when fsync() returned -EINVAL, for older kernels which do
630  * not implement wdm_flush() will return -EINVAL.
631  */
wdm_fsync(struct file * file,loff_t start,loff_t end,int datasync)632 static int wdm_fsync(struct file *file, loff_t start, loff_t end, int datasync)
633 {
634 	return wdm_wait_for_response(file, MAX_SCHEDULE_TIMEOUT);
635 }
636 
637 /*
638  * Same with wdm_fsync(), except it uses finite timeout in order to react to
639  * malicious or defective hardware which ceased communication after close() was
640  * implicitly called due to process termination.
641  */
wdm_flush(struct file * file,fl_owner_t id)642 static int wdm_flush(struct file *file, fl_owner_t id)
643 {
644 	return wdm_wait_for_response(file, WDM_FLUSH_TIMEOUT);
645 }
646 
wdm_poll(struct file * file,struct poll_table_struct * wait)647 static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait)
648 {
649 	struct wdm_device *desc = file->private_data;
650 	unsigned long flags;
651 	__poll_t mask = 0;
652 
653 	spin_lock_irqsave(&desc->iuspin, flags);
654 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
655 		mask = EPOLLHUP | EPOLLERR;
656 		spin_unlock_irqrestore(&desc->iuspin, flags);
657 		goto desc_out;
658 	}
659 	if (test_bit(WDM_READ, &desc->flags))
660 		mask = EPOLLIN | EPOLLRDNORM;
661 	if (desc->rerr || desc->werr)
662 		mask |= EPOLLERR;
663 	if (!test_bit(WDM_IN_USE, &desc->flags))
664 		mask |= EPOLLOUT | EPOLLWRNORM;
665 	spin_unlock_irqrestore(&desc->iuspin, flags);
666 
667 	poll_wait(file, &desc->wait, wait);
668 
669 desc_out:
670 	return mask;
671 }
672 
wdm_open(struct inode * inode,struct file * file)673 static int wdm_open(struct inode *inode, struct file *file)
674 {
675 	int minor = iminor(inode);
676 	int rv = -ENODEV;
677 	struct usb_interface *intf;
678 	struct wdm_device *desc;
679 
680 	mutex_lock(&wdm_mutex);
681 	desc = wdm_find_device_by_minor(minor);
682 	if (!desc)
683 		goto out;
684 
685 	intf = desc->intf;
686 	if (test_bit(WDM_DISCONNECTING, &desc->flags))
687 		goto out;
688 	file->private_data = desc;
689 
690 	rv = usb_autopm_get_interface(desc->intf);
691 	if (rv < 0) {
692 		dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
693 		goto out;
694 	}
695 
696 	/* using write lock to protect desc->count */
697 	mutex_lock(&desc->wlock);
698 	if (!desc->count++) {
699 		desc->werr = 0;
700 		desc->rerr = 0;
701 		rv = usb_submit_urb(desc->validity, GFP_KERNEL);
702 		if (rv < 0) {
703 			desc->count--;
704 			dev_err(&desc->intf->dev,
705 				"Error submitting int urb - %d\n", rv);
706 			rv = usb_translate_errors(rv);
707 		}
708 	} else {
709 		rv = 0;
710 	}
711 	mutex_unlock(&desc->wlock);
712 	if (desc->count == 1)
713 		desc->manage_power(intf, 1);
714 	usb_autopm_put_interface(desc->intf);
715 out:
716 	mutex_unlock(&wdm_mutex);
717 	return rv;
718 }
719 
wdm_release(struct inode * inode,struct file * file)720 static int wdm_release(struct inode *inode, struct file *file)
721 {
722 	struct wdm_device *desc = file->private_data;
723 
724 	mutex_lock(&wdm_mutex);
725 
726 	/* using write lock to protect desc->count */
727 	mutex_lock(&desc->wlock);
728 	desc->count--;
729 	mutex_unlock(&desc->wlock);
730 
731 	if (!desc->count) {
732 		if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
733 			dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n");
734 			kill_urbs(desc);
735 			spin_lock_irq(&desc->iuspin);
736 			desc->resp_count = 0;
737 			spin_unlock_irq(&desc->iuspin);
738 			desc->manage_power(desc->intf, 0);
739 		} else {
740 			/* must avoid dev_printk here as desc->intf is invalid */
741 			pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
742 			cleanup(desc);
743 		}
744 	}
745 	mutex_unlock(&wdm_mutex);
746 	return 0;
747 }
748 
wdm_ioctl(struct file * file,unsigned int cmd,unsigned long arg)749 static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
750 {
751 	struct wdm_device *desc = file->private_data;
752 	int rv = 0;
753 
754 	switch (cmd) {
755 	case IOCTL_WDM_MAX_COMMAND:
756 		if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
757 			rv = -EFAULT;
758 		break;
759 	default:
760 		rv = -ENOTTY;
761 	}
762 	return rv;
763 }
764 
765 static const struct file_operations wdm_fops = {
766 	.owner =	THIS_MODULE,
767 	.read =		wdm_read,
768 	.write =	wdm_write,
769 	.fsync =	wdm_fsync,
770 	.open =		wdm_open,
771 	.flush =	wdm_flush,
772 	.release =	wdm_release,
773 	.poll =		wdm_poll,
774 	.unlocked_ioctl = wdm_ioctl,
775 	.compat_ioctl = wdm_ioctl,
776 	.llseek =	noop_llseek,
777 };
778 
779 static struct usb_class_driver wdm_class = {
780 	.name =		"cdc-wdm%d",
781 	.fops =		&wdm_fops,
782 	.minor_base =	WDM_MINOR_BASE,
783 };
784 
785 /* --- error handling --- */
wdm_rxwork(struct work_struct * work)786 static void wdm_rxwork(struct work_struct *work)
787 {
788 	struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
789 	unsigned long flags;
790 	int rv = 0;
791 	int responding;
792 
793 	spin_lock_irqsave(&desc->iuspin, flags);
794 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
795 		spin_unlock_irqrestore(&desc->iuspin, flags);
796 	} else {
797 		responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
798 		spin_unlock_irqrestore(&desc->iuspin, flags);
799 		if (!responding)
800 			rv = usb_submit_urb(desc->response, GFP_KERNEL);
801 		if (rv < 0 && rv != -EPERM) {
802 			spin_lock_irqsave(&desc->iuspin, flags);
803 			clear_bit(WDM_RESPONDING, &desc->flags);
804 			if (!test_bit(WDM_DISCONNECTING, &desc->flags))
805 				schedule_work(&desc->rxwork);
806 			spin_unlock_irqrestore(&desc->iuspin, flags);
807 		}
808 	}
809 }
810 
service_interrupt_work(struct work_struct * work)811 static void service_interrupt_work(struct work_struct *work)
812 {
813 	struct wdm_device *desc;
814 
815 	desc = container_of(work, struct wdm_device, service_outs_intr);
816 
817 	spin_lock_irq(&desc->iuspin);
818 	service_outstanding_interrupt(desc);
819 	if (!desc->resp_count) {
820 		set_bit(WDM_READ, &desc->flags);
821 		wake_up(&desc->wait);
822 	}
823 	spin_unlock_irq(&desc->iuspin);
824 }
825 
826 /* --- hotplug --- */
827 
wdm_create(struct usb_interface * intf,struct usb_endpoint_descriptor * ep,u16 bufsize,int (* manage_power)(struct usb_interface *,int))828 static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
829 		u16 bufsize, int (*manage_power)(struct usb_interface *, int))
830 {
831 	int rv = -ENOMEM;
832 	struct wdm_device *desc;
833 
834 	desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
835 	if (!desc)
836 		goto out;
837 	INIT_LIST_HEAD(&desc->device_list);
838 	mutex_init(&desc->rlock);
839 	mutex_init(&desc->wlock);
840 	spin_lock_init(&desc->iuspin);
841 	init_waitqueue_head(&desc->wait);
842 	desc->wMaxCommand = bufsize;
843 	/* this will be expanded and needed in hardware endianness */
844 	desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
845 	desc->intf = intf;
846 	INIT_WORK(&desc->rxwork, wdm_rxwork);
847 	INIT_WORK(&desc->service_outs_intr, service_interrupt_work);
848 
849 	rv = -EINVAL;
850 	if (!usb_endpoint_is_int_in(ep))
851 		goto err;
852 
853 	desc->wMaxPacketSize = usb_endpoint_maxp(ep);
854 
855 	desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
856 	if (!desc->orq)
857 		goto err;
858 	desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
859 	if (!desc->irq)
860 		goto err;
861 
862 	desc->validity = usb_alloc_urb(0, GFP_KERNEL);
863 	if (!desc->validity)
864 		goto err;
865 
866 	desc->response = usb_alloc_urb(0, GFP_KERNEL);
867 	if (!desc->response)
868 		goto err;
869 
870 	desc->command = usb_alloc_urb(0, GFP_KERNEL);
871 	if (!desc->command)
872 		goto err;
873 
874 	desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
875 	if (!desc->ubuf)
876 		goto err;
877 
878 	desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
879 	if (!desc->sbuf)
880 		goto err;
881 
882 	desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
883 	if (!desc->inbuf)
884 		goto err;
885 
886 	usb_fill_int_urb(
887 		desc->validity,
888 		interface_to_usbdev(intf),
889 		usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
890 		desc->sbuf,
891 		desc->wMaxPacketSize,
892 		wdm_int_callback,
893 		desc,
894 		ep->bInterval
895 	);
896 
897 	desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
898 	desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
899 	desc->irq->wValue = 0;
900 	desc->irq->wIndex = desc->inum; /* already converted */
901 	desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
902 
903 	usb_fill_control_urb(
904 		desc->response,
905 		interface_to_usbdev(intf),
906 		/* using common endpoint 0 */
907 		usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
908 		(unsigned char *)desc->irq,
909 		desc->inbuf,
910 		desc->wMaxCommand,
911 		wdm_in_callback,
912 		desc
913 	);
914 
915 	desc->manage_power = manage_power;
916 
917 	spin_lock(&wdm_device_list_lock);
918 	list_add(&desc->device_list, &wdm_device_list);
919 	spin_unlock(&wdm_device_list_lock);
920 
921 	rv = usb_register_dev(intf, &wdm_class);
922 	if (rv < 0)
923 		goto err;
924 	else
925 		dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
926 out:
927 	return rv;
928 err:
929 	spin_lock(&wdm_device_list_lock);
930 	list_del(&desc->device_list);
931 	spin_unlock(&wdm_device_list_lock);
932 	cleanup(desc);
933 	return rv;
934 }
935 
wdm_manage_power(struct usb_interface * intf,int on)936 static int wdm_manage_power(struct usb_interface *intf, int on)
937 {
938 	/* need autopm_get/put here to ensure the usbcore sees the new value */
939 	int rv = usb_autopm_get_interface(intf);
940 
941 	intf->needs_remote_wakeup = on;
942 	if (!rv)
943 		usb_autopm_put_interface(intf);
944 	return 0;
945 }
946 
wdm_probe(struct usb_interface * intf,const struct usb_device_id * id)947 static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
948 {
949 	int rv = -EINVAL;
950 	struct usb_host_interface *iface;
951 	struct usb_endpoint_descriptor *ep;
952 	struct usb_cdc_parsed_header hdr;
953 	u8 *buffer = intf->altsetting->extra;
954 	int buflen = intf->altsetting->extralen;
955 	u16 maxcom = WDM_DEFAULT_BUFSIZE;
956 
957 	if (!buffer)
958 		goto err;
959 
960 	cdc_parse_cdc_header(&hdr, intf, buffer, buflen);
961 
962 	if (hdr.usb_cdc_dmm_desc)
963 		maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand);
964 
965 	iface = intf->cur_altsetting;
966 	if (iface->desc.bNumEndpoints != 1)
967 		goto err;
968 	ep = &iface->endpoint[0].desc;
969 
970 	rv = wdm_create(intf, ep, maxcom, &wdm_manage_power);
971 
972 err:
973 	return rv;
974 }
975 
976 /**
977  * usb_cdc_wdm_register - register a WDM subdriver
978  * @intf: usb interface the subdriver will associate with
979  * @ep: interrupt endpoint to monitor for notifications
980  * @bufsize: maximum message size to support for read/write
981  *
982  * Create WDM usb class character device and associate it with intf
983  * without binding, allowing another driver to manage the interface.
984  *
985  * The subdriver will manage the given interrupt endpoint exclusively
986  * and will issue control requests referring to the given intf. It
987  * will otherwise avoid interferring, and in particular not do
988  * usb_set_intfdata/usb_get_intfdata on intf.
989  *
990  * The return value is a pointer to the subdriver's struct usb_driver.
991  * The registering driver is responsible for calling this subdriver's
992  * disconnect, suspend, resume, pre_reset and post_reset methods from
993  * its own.
994  */
usb_cdc_wdm_register(struct usb_interface * intf,struct usb_endpoint_descriptor * ep,int bufsize,int (* manage_power)(struct usb_interface *,int))995 struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
996 					struct usb_endpoint_descriptor *ep,
997 					int bufsize,
998 					int (*manage_power)(struct usb_interface *, int))
999 {
1000 	int rv = -EINVAL;
1001 
1002 	rv = wdm_create(intf, ep, bufsize, manage_power);
1003 	if (rv < 0)
1004 		goto err;
1005 
1006 	return &wdm_driver;
1007 err:
1008 	return ERR_PTR(rv);
1009 }
1010 EXPORT_SYMBOL(usb_cdc_wdm_register);
1011 
wdm_disconnect(struct usb_interface * intf)1012 static void wdm_disconnect(struct usb_interface *intf)
1013 {
1014 	struct wdm_device *desc;
1015 	unsigned long flags;
1016 
1017 	usb_deregister_dev(intf, &wdm_class);
1018 	desc = wdm_find_device(intf);
1019 	mutex_lock(&wdm_mutex);
1020 
1021 	/* the spinlock makes sure no new urbs are generated in the callbacks */
1022 	spin_lock_irqsave(&desc->iuspin, flags);
1023 	set_bit(WDM_DISCONNECTING, &desc->flags);
1024 	set_bit(WDM_READ, &desc->flags);
1025 	spin_unlock_irqrestore(&desc->iuspin, flags);
1026 	wake_up_all(&desc->wait);
1027 	mutex_lock(&desc->rlock);
1028 	mutex_lock(&desc->wlock);
1029 	kill_urbs(desc);
1030 	cancel_work_sync(&desc->rxwork);
1031 	cancel_work_sync(&desc->service_outs_intr);
1032 	mutex_unlock(&desc->wlock);
1033 	mutex_unlock(&desc->rlock);
1034 
1035 	/* the desc->intf pointer used as list key is now invalid */
1036 	spin_lock(&wdm_device_list_lock);
1037 	list_del(&desc->device_list);
1038 	spin_unlock(&wdm_device_list_lock);
1039 
1040 	if (!desc->count)
1041 		cleanup(desc);
1042 	else
1043 		dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count);
1044 	mutex_unlock(&wdm_mutex);
1045 }
1046 
1047 #ifdef CONFIG_PM
wdm_suspend(struct usb_interface * intf,pm_message_t message)1048 static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
1049 {
1050 	struct wdm_device *desc = wdm_find_device(intf);
1051 	int rv = 0;
1052 
1053 	dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1054 
1055 	/* if this is an autosuspend the caller does the locking */
1056 	if (!PMSG_IS_AUTO(message)) {
1057 		mutex_lock(&desc->rlock);
1058 		mutex_lock(&desc->wlock);
1059 	}
1060 	spin_lock_irq(&desc->iuspin);
1061 
1062 	if (PMSG_IS_AUTO(message) &&
1063 			(test_bit(WDM_IN_USE, &desc->flags)
1064 			|| test_bit(WDM_RESPONDING, &desc->flags))) {
1065 		spin_unlock_irq(&desc->iuspin);
1066 		rv = -EBUSY;
1067 	} else {
1068 
1069 		set_bit(WDM_SUSPENDING, &desc->flags);
1070 		spin_unlock_irq(&desc->iuspin);
1071 		/* callback submits work - order is essential */
1072 		kill_urbs(desc);
1073 		cancel_work_sync(&desc->rxwork);
1074 		cancel_work_sync(&desc->service_outs_intr);
1075 	}
1076 	if (!PMSG_IS_AUTO(message)) {
1077 		mutex_unlock(&desc->wlock);
1078 		mutex_unlock(&desc->rlock);
1079 	}
1080 
1081 	return rv;
1082 }
1083 #endif
1084 
recover_from_urb_loss(struct wdm_device * desc)1085 static int recover_from_urb_loss(struct wdm_device *desc)
1086 {
1087 	int rv = 0;
1088 
1089 	if (desc->count) {
1090 		rv = usb_submit_urb(desc->validity, GFP_NOIO);
1091 		if (rv < 0)
1092 			dev_err(&desc->intf->dev,
1093 				"Error resume submitting int urb - %d\n", rv);
1094 	}
1095 	return rv;
1096 }
1097 
1098 #ifdef CONFIG_PM
wdm_resume(struct usb_interface * intf)1099 static int wdm_resume(struct usb_interface *intf)
1100 {
1101 	struct wdm_device *desc = wdm_find_device(intf);
1102 	int rv;
1103 
1104 	dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1105 
1106 	clear_bit(WDM_SUSPENDING, &desc->flags);
1107 	rv = recover_from_urb_loss(desc);
1108 
1109 	return rv;
1110 }
1111 #endif
1112 
wdm_pre_reset(struct usb_interface * intf)1113 static int wdm_pre_reset(struct usb_interface *intf)
1114 {
1115 	struct wdm_device *desc = wdm_find_device(intf);
1116 
1117 	/*
1118 	 * we notify everybody using poll of
1119 	 * an exceptional situation
1120 	 * must be done before recovery lest a spontaneous
1121 	 * message from the device is lost
1122 	 */
1123 	spin_lock_irq(&desc->iuspin);
1124 	set_bit(WDM_RESETTING, &desc->flags);	/* inform read/write */
1125 	set_bit(WDM_READ, &desc->flags);	/* unblock read */
1126 	clear_bit(WDM_IN_USE, &desc->flags);	/* unblock write */
1127 	desc->rerr = -EINTR;
1128 	spin_unlock_irq(&desc->iuspin);
1129 	wake_up_all(&desc->wait);
1130 	mutex_lock(&desc->rlock);
1131 	mutex_lock(&desc->wlock);
1132 	kill_urbs(desc);
1133 	cancel_work_sync(&desc->rxwork);
1134 	cancel_work_sync(&desc->service_outs_intr);
1135 	return 0;
1136 }
1137 
wdm_post_reset(struct usb_interface * intf)1138 static int wdm_post_reset(struct usb_interface *intf)
1139 {
1140 	struct wdm_device *desc = wdm_find_device(intf);
1141 	int rv;
1142 
1143 	clear_bit(WDM_OVERFLOW, &desc->flags);
1144 	clear_bit(WDM_RESETTING, &desc->flags);
1145 	rv = recover_from_urb_loss(desc);
1146 	mutex_unlock(&desc->wlock);
1147 	mutex_unlock(&desc->rlock);
1148 	return rv;
1149 }
1150 
1151 static struct usb_driver wdm_driver = {
1152 	.name =		"cdc_wdm",
1153 	.probe =	wdm_probe,
1154 	.disconnect =	wdm_disconnect,
1155 #ifdef CONFIG_PM
1156 	.suspend =	wdm_suspend,
1157 	.resume =	wdm_resume,
1158 	.reset_resume =	wdm_resume,
1159 #endif
1160 	.pre_reset =	wdm_pre_reset,
1161 	.post_reset =	wdm_post_reset,
1162 	.id_table =	wdm_ids,
1163 	.supports_autosuspend = 1,
1164 	.disable_hub_initiated_lpm = 1,
1165 };
1166 
1167 module_usb_driver(wdm_driver);
1168 
1169 MODULE_AUTHOR(DRIVER_AUTHOR);
1170 MODULE_DESCRIPTION(DRIVER_DESC);
1171 MODULE_LICENSE("GPL");
1172