1 #include <linux/kernel.h>
2 #include <linux/errno.h>
3 #include <linux/init.h>
4 #include <linux/slab.h>
5 #include <linux/mm.h>
6 #include <linux/module.h>
7 #include <linux/moduleparam.h>
8 #include <linux/scatterlist.h>
9 #include <linux/mutex.h>
10 #include <linux/timer.h>
11 #include <linux/usb.h>
12
13 #define SIMPLE_IO_TIMEOUT 10000 /* in milliseconds */
14
15 /*-------------------------------------------------------------------------*/
16
17 static int override_alt = -1;
18 module_param_named(alt, override_alt, int, 0644);
19 MODULE_PARM_DESC(alt, ">= 0 to override altsetting selection");
20 static void complicated_callback(struct urb *urb);
21
22 /*-------------------------------------------------------------------------*/
23
24 /* FIXME make these public somewhere; usbdevfs.h? */
25
26 /* Parameter for usbtest driver. */
27 struct usbtest_param_32 {
28 /* inputs */
29 __u32 test_num; /* 0..(TEST_CASES-1) */
30 __u32 iterations;
31 __u32 length;
32 __u32 vary;
33 __u32 sglen;
34
35 /* outputs */
36 __s32 duration_sec;
37 __s32 duration_usec;
38 };
39
40 /*
41 * Compat parameter to the usbtest driver.
42 * This supports older user space binaries compiled with 64 bit compiler.
43 */
44 struct usbtest_param_64 {
45 /* inputs */
46 __u32 test_num; /* 0..(TEST_CASES-1) */
47 __u32 iterations;
48 __u32 length;
49 __u32 vary;
50 __u32 sglen;
51
52 /* outputs */
53 __s64 duration_sec;
54 __s64 duration_usec;
55 };
56
57 /* IOCTL interface to the driver. */
58 #define USBTEST_REQUEST_32 _IOWR('U', 100, struct usbtest_param_32)
59 /* COMPAT IOCTL interface to the driver. */
60 #define USBTEST_REQUEST_64 _IOWR('U', 100, struct usbtest_param_64)
61
62 /*-------------------------------------------------------------------------*/
63
64 #define GENERIC /* let probe() bind using module params */
65
66 /* Some devices that can be used for testing will have "real" drivers.
67 * Entries for those need to be enabled here by hand, after disabling
68 * that "real" driver.
69 */
70 //#define IBOT2 /* grab iBOT2 webcams */
71 //#define KEYSPAN_19Qi /* grab un-renumerated serial adapter */
72
73 /*-------------------------------------------------------------------------*/
74
75 struct usbtest_info {
76 const char *name;
77 u8 ep_in; /* bulk/intr source */
78 u8 ep_out; /* bulk/intr sink */
79 unsigned autoconf:1;
80 unsigned ctrl_out:1;
81 unsigned iso:1; /* try iso in/out */
82 unsigned intr:1; /* try interrupt in/out */
83 int alt;
84 };
85
86 /* this is accessed only through usbfs ioctl calls.
87 * one ioctl to issue a test ... one lock per device.
88 * tests create other threads if they need them.
89 * urbs and buffers are allocated dynamically,
90 * and data generated deterministically.
91 */
92 struct usbtest_dev {
93 struct usb_interface *intf;
94 struct usbtest_info *info;
95 int in_pipe;
96 int out_pipe;
97 int in_iso_pipe;
98 int out_iso_pipe;
99 int in_int_pipe;
100 int out_int_pipe;
101 struct usb_endpoint_descriptor *iso_in, *iso_out;
102 struct usb_endpoint_descriptor *int_in, *int_out;
103 struct mutex lock;
104
105 #define TBUF_SIZE 256
106 u8 *buf;
107 };
108
testdev_to_usbdev(struct usbtest_dev * test)109 static struct usb_device *testdev_to_usbdev(struct usbtest_dev *test)
110 {
111 return interface_to_usbdev(test->intf);
112 }
113
114 /* set up all urbs so they can be used with either bulk or interrupt */
115 #define INTERRUPT_RATE 1 /* msec/transfer */
116
117 #define ERROR(tdev, fmt, args...) \
118 dev_err(&(tdev)->intf->dev , fmt , ## args)
119 #define WARNING(tdev, fmt, args...) \
120 dev_warn(&(tdev)->intf->dev , fmt , ## args)
121
122 #define GUARD_BYTE 0xA5
123 #define MAX_SGLEN 128
124
125 /*-------------------------------------------------------------------------*/
126
endpoint_update(int edi,struct usb_host_endpoint ** in,struct usb_host_endpoint ** out,struct usb_host_endpoint * e)127 static inline void endpoint_update(int edi,
128 struct usb_host_endpoint **in,
129 struct usb_host_endpoint **out,
130 struct usb_host_endpoint *e)
131 {
132 if (edi) {
133 if (!*in)
134 *in = e;
135 } else {
136 if (!*out)
137 *out = e;
138 }
139 }
140
141 static int
get_endpoints(struct usbtest_dev * dev,struct usb_interface * intf)142 get_endpoints(struct usbtest_dev *dev, struct usb_interface *intf)
143 {
144 int tmp;
145 struct usb_host_interface *alt;
146 struct usb_host_endpoint *in, *out;
147 struct usb_host_endpoint *iso_in, *iso_out;
148 struct usb_host_endpoint *int_in, *int_out;
149 struct usb_device *udev;
150
151 for (tmp = 0; tmp < intf->num_altsetting; tmp++) {
152 unsigned ep;
153
154 in = out = NULL;
155 iso_in = iso_out = NULL;
156 int_in = int_out = NULL;
157 alt = intf->altsetting + tmp;
158
159 if (override_alt >= 0 &&
160 override_alt != alt->desc.bAlternateSetting)
161 continue;
162
163 /* take the first altsetting with in-bulk + out-bulk;
164 * ignore other endpoints and altsettings.
165 */
166 for (ep = 0; ep < alt->desc.bNumEndpoints; ep++) {
167 struct usb_host_endpoint *e;
168 int edi;
169
170 e = alt->endpoint + ep;
171 edi = usb_endpoint_dir_in(&e->desc);
172
173 switch (usb_endpoint_type(&e->desc)) {
174 case USB_ENDPOINT_XFER_BULK:
175 endpoint_update(edi, &in, &out, e);
176 continue;
177 case USB_ENDPOINT_XFER_INT:
178 if (dev->info->intr)
179 endpoint_update(edi, &int_in, &int_out, e);
180 continue;
181 case USB_ENDPOINT_XFER_ISOC:
182 if (dev->info->iso)
183 endpoint_update(edi, &iso_in, &iso_out, e);
184 /* FALLTHROUGH */
185 default:
186 continue;
187 }
188 }
189 if ((in && out) || iso_in || iso_out || int_in || int_out)
190 goto found;
191 }
192 return -EINVAL;
193
194 found:
195 udev = testdev_to_usbdev(dev);
196 dev->info->alt = alt->desc.bAlternateSetting;
197 if (alt->desc.bAlternateSetting != 0) {
198 tmp = usb_set_interface(udev,
199 alt->desc.bInterfaceNumber,
200 alt->desc.bAlternateSetting);
201 if (tmp < 0)
202 return tmp;
203 }
204
205 if (in)
206 dev->in_pipe = usb_rcvbulkpipe(udev,
207 in->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
208 if (out)
209 dev->out_pipe = usb_sndbulkpipe(udev,
210 out->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
211
212 if (iso_in) {
213 dev->iso_in = &iso_in->desc;
214 dev->in_iso_pipe = usb_rcvisocpipe(udev,
215 iso_in->desc.bEndpointAddress
216 & USB_ENDPOINT_NUMBER_MASK);
217 }
218
219 if (iso_out) {
220 dev->iso_out = &iso_out->desc;
221 dev->out_iso_pipe = usb_sndisocpipe(udev,
222 iso_out->desc.bEndpointAddress
223 & USB_ENDPOINT_NUMBER_MASK);
224 }
225
226 if (int_in) {
227 dev->int_in = &int_in->desc;
228 dev->in_int_pipe = usb_rcvintpipe(udev,
229 int_in->desc.bEndpointAddress
230 & USB_ENDPOINT_NUMBER_MASK);
231 }
232
233 if (int_out) {
234 dev->int_out = &int_out->desc;
235 dev->out_int_pipe = usb_sndintpipe(udev,
236 int_out->desc.bEndpointAddress
237 & USB_ENDPOINT_NUMBER_MASK);
238 }
239 return 0;
240 }
241
242 /*-------------------------------------------------------------------------*/
243
244 /* Support for testing basic non-queued I/O streams.
245 *
246 * These just package urbs as requests that can be easily canceled.
247 * Each urb's data buffer is dynamically allocated; callers can fill
248 * them with non-zero test data (or test for it) when appropriate.
249 */
250
simple_callback(struct urb * urb)251 static void simple_callback(struct urb *urb)
252 {
253 complete(urb->context);
254 }
255
usbtest_alloc_urb(struct usb_device * udev,int pipe,unsigned long bytes,unsigned transfer_flags,unsigned offset,u8 bInterval,usb_complete_t complete_fn)256 static struct urb *usbtest_alloc_urb(
257 struct usb_device *udev,
258 int pipe,
259 unsigned long bytes,
260 unsigned transfer_flags,
261 unsigned offset,
262 u8 bInterval,
263 usb_complete_t complete_fn)
264 {
265 struct urb *urb;
266
267 urb = usb_alloc_urb(0, GFP_KERNEL);
268 if (!urb)
269 return urb;
270
271 if (bInterval)
272 usb_fill_int_urb(urb, udev, pipe, NULL, bytes, complete_fn,
273 NULL, bInterval);
274 else
275 usb_fill_bulk_urb(urb, udev, pipe, NULL, bytes, complete_fn,
276 NULL);
277
278 urb->interval = (udev->speed == USB_SPEED_HIGH)
279 ? (INTERRUPT_RATE << 3)
280 : INTERRUPT_RATE;
281 urb->transfer_flags = transfer_flags;
282 if (usb_pipein(pipe))
283 urb->transfer_flags |= URB_SHORT_NOT_OK;
284
285 if ((bytes + offset) == 0)
286 return urb;
287
288 if (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP)
289 urb->transfer_buffer = usb_alloc_coherent(udev, bytes + offset,
290 GFP_KERNEL, &urb->transfer_dma);
291 else
292 urb->transfer_buffer = kmalloc(bytes + offset, GFP_KERNEL);
293
294 if (!urb->transfer_buffer) {
295 usb_free_urb(urb);
296 return NULL;
297 }
298
299 /* To test unaligned transfers add an offset and fill the
300 unused memory with a guard value */
301 if (offset) {
302 memset(urb->transfer_buffer, GUARD_BYTE, offset);
303 urb->transfer_buffer += offset;
304 if (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP)
305 urb->transfer_dma += offset;
306 }
307
308 /* For inbound transfers use guard byte so that test fails if
309 data not correctly copied */
310 memset(urb->transfer_buffer,
311 usb_pipein(urb->pipe) ? GUARD_BYTE : 0,
312 bytes);
313 return urb;
314 }
315
simple_alloc_urb(struct usb_device * udev,int pipe,unsigned long bytes,u8 bInterval)316 static struct urb *simple_alloc_urb(
317 struct usb_device *udev,
318 int pipe,
319 unsigned long bytes,
320 u8 bInterval)
321 {
322 return usbtest_alloc_urb(udev, pipe, bytes, URB_NO_TRANSFER_DMA_MAP, 0,
323 bInterval, simple_callback);
324 }
325
complicated_alloc_urb(struct usb_device * udev,int pipe,unsigned long bytes,u8 bInterval)326 static struct urb *complicated_alloc_urb(
327 struct usb_device *udev,
328 int pipe,
329 unsigned long bytes,
330 u8 bInterval)
331 {
332 return usbtest_alloc_urb(udev, pipe, bytes, URB_NO_TRANSFER_DMA_MAP, 0,
333 bInterval, complicated_callback);
334 }
335
336 static unsigned pattern;
337 static unsigned mod_pattern;
338 module_param_named(pattern, mod_pattern, uint, S_IRUGO | S_IWUSR);
339 MODULE_PARM_DESC(mod_pattern, "i/o pattern (0 == zeroes)");
340
get_maxpacket(struct usb_device * udev,int pipe)341 static unsigned get_maxpacket(struct usb_device *udev, int pipe)
342 {
343 struct usb_host_endpoint *ep;
344
345 ep = usb_pipe_endpoint(udev, pipe);
346 return le16_to_cpup(&ep->desc.wMaxPacketSize);
347 }
348
simple_fill_buf(struct urb * urb)349 static void simple_fill_buf(struct urb *urb)
350 {
351 unsigned i;
352 u8 *buf = urb->transfer_buffer;
353 unsigned len = urb->transfer_buffer_length;
354 unsigned maxpacket;
355
356 switch (pattern) {
357 default:
358 /* FALLTHROUGH */
359 case 0:
360 memset(buf, 0, len);
361 break;
362 case 1: /* mod63 */
363 maxpacket = get_maxpacket(urb->dev, urb->pipe);
364 for (i = 0; i < len; i++)
365 *buf++ = (u8) ((i % maxpacket) % 63);
366 break;
367 }
368 }
369
buffer_offset(void * buf)370 static inline unsigned long buffer_offset(void *buf)
371 {
372 return (unsigned long)buf & (ARCH_KMALLOC_MINALIGN - 1);
373 }
374
check_guard_bytes(struct usbtest_dev * tdev,struct urb * urb)375 static int check_guard_bytes(struct usbtest_dev *tdev, struct urb *urb)
376 {
377 u8 *buf = urb->transfer_buffer;
378 u8 *guard = buf - buffer_offset(buf);
379 unsigned i;
380
381 for (i = 0; guard < buf; i++, guard++) {
382 if (*guard != GUARD_BYTE) {
383 ERROR(tdev, "guard byte[%d] %d (not %d)\n",
384 i, *guard, GUARD_BYTE);
385 return -EINVAL;
386 }
387 }
388 return 0;
389 }
390
simple_check_buf(struct usbtest_dev * tdev,struct urb * urb)391 static int simple_check_buf(struct usbtest_dev *tdev, struct urb *urb)
392 {
393 unsigned i;
394 u8 expected;
395 u8 *buf = urb->transfer_buffer;
396 unsigned len = urb->actual_length;
397 unsigned maxpacket = get_maxpacket(urb->dev, urb->pipe);
398
399 int ret = check_guard_bytes(tdev, urb);
400 if (ret)
401 return ret;
402
403 for (i = 0; i < len; i++, buf++) {
404 switch (pattern) {
405 /* all-zeroes has no synchronization issues */
406 case 0:
407 expected = 0;
408 break;
409 /* mod63 stays in sync with short-terminated transfers,
410 * or otherwise when host and gadget agree on how large
411 * each usb transfer request should be. resync is done
412 * with set_interface or set_config.
413 */
414 case 1: /* mod63 */
415 expected = (i % maxpacket) % 63;
416 break;
417 /* always fail unsupported patterns */
418 default:
419 expected = !*buf;
420 break;
421 }
422 if (*buf == expected)
423 continue;
424 ERROR(tdev, "buf[%d] = %d (not %d)\n", i, *buf, expected);
425 return -EINVAL;
426 }
427 return 0;
428 }
429
simple_free_urb(struct urb * urb)430 static void simple_free_urb(struct urb *urb)
431 {
432 unsigned long offset = buffer_offset(urb->transfer_buffer);
433
434 if (urb->transfer_flags & URB_NO_TRANSFER_DMA_MAP)
435 usb_free_coherent(
436 urb->dev,
437 urb->transfer_buffer_length + offset,
438 urb->transfer_buffer - offset,
439 urb->transfer_dma - offset);
440 else
441 kfree(urb->transfer_buffer - offset);
442 usb_free_urb(urb);
443 }
444
simple_io(struct usbtest_dev * tdev,struct urb * urb,int iterations,int vary,int expected,const char * label)445 static int simple_io(
446 struct usbtest_dev *tdev,
447 struct urb *urb,
448 int iterations,
449 int vary,
450 int expected,
451 const char *label
452 )
453 {
454 struct usb_device *udev = urb->dev;
455 int max = urb->transfer_buffer_length;
456 struct completion completion;
457 int retval = 0;
458 unsigned long expire;
459
460 urb->context = &completion;
461 while (retval == 0 && iterations-- > 0) {
462 init_completion(&completion);
463 if (usb_pipeout(urb->pipe)) {
464 simple_fill_buf(urb);
465 urb->transfer_flags |= URB_ZERO_PACKET;
466 }
467 retval = usb_submit_urb(urb, GFP_KERNEL);
468 if (retval != 0)
469 break;
470
471 expire = msecs_to_jiffies(SIMPLE_IO_TIMEOUT);
472 if (!wait_for_completion_timeout(&completion, expire)) {
473 usb_kill_urb(urb);
474 retval = (urb->status == -ENOENT ?
475 -ETIMEDOUT : urb->status);
476 } else {
477 retval = urb->status;
478 }
479
480 urb->dev = udev;
481 if (retval == 0 && usb_pipein(urb->pipe))
482 retval = simple_check_buf(tdev, urb);
483
484 if (vary) {
485 int len = urb->transfer_buffer_length;
486
487 len += vary;
488 len %= max;
489 if (len == 0)
490 len = (vary < max) ? vary : max;
491 urb->transfer_buffer_length = len;
492 }
493
494 /* FIXME if endpoint halted, clear halt (and log) */
495 }
496 urb->transfer_buffer_length = max;
497
498 if (expected != retval)
499 dev_err(&udev->dev,
500 "%s failed, iterations left %d, status %d (not %d)\n",
501 label, iterations, retval, expected);
502 return retval;
503 }
504
505
506 /*-------------------------------------------------------------------------*/
507
508 /* We use scatterlist primitives to test queued I/O.
509 * Yes, this also tests the scatterlist primitives.
510 */
511
free_sglist(struct scatterlist * sg,int nents)512 static void free_sglist(struct scatterlist *sg, int nents)
513 {
514 unsigned i;
515
516 if (!sg)
517 return;
518 for (i = 0; i < nents; i++) {
519 if (!sg_page(&sg[i]))
520 continue;
521 kfree(sg_virt(&sg[i]));
522 }
523 kfree(sg);
524 }
525
526 static struct scatterlist *
alloc_sglist(int nents,int max,int vary,struct usbtest_dev * dev,int pipe)527 alloc_sglist(int nents, int max, int vary, struct usbtest_dev *dev, int pipe)
528 {
529 struct scatterlist *sg;
530 unsigned int n_size = 0;
531 unsigned i;
532 unsigned size = max;
533 unsigned maxpacket =
534 get_maxpacket(interface_to_usbdev(dev->intf), pipe);
535
536 if (max == 0)
537 return NULL;
538
539 sg = kmalloc_array(nents, sizeof(*sg), GFP_KERNEL);
540 if (!sg)
541 return NULL;
542 sg_init_table(sg, nents);
543
544 for (i = 0; i < nents; i++) {
545 char *buf;
546 unsigned j;
547
548 buf = kzalloc(size, GFP_KERNEL);
549 if (!buf) {
550 free_sglist(sg, i);
551 return NULL;
552 }
553
554 /* kmalloc pages are always physically contiguous! */
555 sg_set_buf(&sg[i], buf, size);
556
557 switch (pattern) {
558 case 0:
559 /* already zeroed */
560 break;
561 case 1:
562 for (j = 0; j < size; j++)
563 *buf++ = (u8) (((j + n_size) % maxpacket) % 63);
564 n_size += size;
565 break;
566 }
567
568 if (vary) {
569 size += vary;
570 size %= max;
571 if (size == 0)
572 size = (vary < max) ? vary : max;
573 }
574 }
575
576 return sg;
577 }
578
sg_timeout(unsigned long _req)579 static void sg_timeout(unsigned long _req)
580 {
581 struct usb_sg_request *req = (struct usb_sg_request *) _req;
582
583 usb_sg_cancel(req);
584 }
585
perform_sglist(struct usbtest_dev * tdev,unsigned iterations,int pipe,struct usb_sg_request * req,struct scatterlist * sg,int nents)586 static int perform_sglist(
587 struct usbtest_dev *tdev,
588 unsigned iterations,
589 int pipe,
590 struct usb_sg_request *req,
591 struct scatterlist *sg,
592 int nents
593 )
594 {
595 struct usb_device *udev = testdev_to_usbdev(tdev);
596 int retval = 0;
597 struct timer_list sg_timer;
598
599 setup_timer_on_stack(&sg_timer, sg_timeout, (unsigned long) req);
600
601 while (retval == 0 && iterations-- > 0) {
602 retval = usb_sg_init(req, udev, pipe,
603 (udev->speed == USB_SPEED_HIGH)
604 ? (INTERRUPT_RATE << 3)
605 : INTERRUPT_RATE,
606 sg, nents, 0, GFP_KERNEL);
607
608 if (retval)
609 break;
610 mod_timer(&sg_timer, jiffies +
611 msecs_to_jiffies(SIMPLE_IO_TIMEOUT));
612 usb_sg_wait(req);
613 if (!del_timer_sync(&sg_timer))
614 retval = -ETIMEDOUT;
615 else
616 retval = req->status;
617
618 /* FIXME check resulting data pattern */
619
620 /* FIXME if endpoint halted, clear halt (and log) */
621 }
622
623 /* FIXME for unlink or fault handling tests, don't report
624 * failure if retval is as we expected ...
625 */
626 if (retval)
627 ERROR(tdev, "perform_sglist failed, "
628 "iterations left %d, status %d\n",
629 iterations, retval);
630 return retval;
631 }
632
633
634 /*-------------------------------------------------------------------------*/
635
636 /* unqueued control message testing
637 *
638 * there's a nice set of device functional requirements in chapter 9 of the
639 * usb 2.0 spec, which we can apply to ANY device, even ones that don't use
640 * special test firmware.
641 *
642 * we know the device is configured (or suspended) by the time it's visible
643 * through usbfs. we can't change that, so we won't test enumeration (which
644 * worked 'well enough' to get here, this time), power management (ditto),
645 * or remote wakeup (which needs human interaction).
646 */
647
648 static unsigned realworld = 1;
649 module_param(realworld, uint, 0);
650 MODULE_PARM_DESC(realworld, "clear to demand stricter spec compliance");
651
get_altsetting(struct usbtest_dev * dev)652 static int get_altsetting(struct usbtest_dev *dev)
653 {
654 struct usb_interface *iface = dev->intf;
655 struct usb_device *udev = interface_to_usbdev(iface);
656 int retval;
657
658 retval = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
659 USB_REQ_GET_INTERFACE, USB_DIR_IN|USB_RECIP_INTERFACE,
660 0, iface->altsetting[0].desc.bInterfaceNumber,
661 dev->buf, 1, USB_CTRL_GET_TIMEOUT);
662 switch (retval) {
663 case 1:
664 return dev->buf[0];
665 case 0:
666 retval = -ERANGE;
667 /* FALLTHROUGH */
668 default:
669 return retval;
670 }
671 }
672
set_altsetting(struct usbtest_dev * dev,int alternate)673 static int set_altsetting(struct usbtest_dev *dev, int alternate)
674 {
675 struct usb_interface *iface = dev->intf;
676 struct usb_device *udev;
677
678 if (alternate < 0 || alternate >= 256)
679 return -EINVAL;
680
681 udev = interface_to_usbdev(iface);
682 return usb_set_interface(udev,
683 iface->altsetting[0].desc.bInterfaceNumber,
684 alternate);
685 }
686
is_good_config(struct usbtest_dev * tdev,int len)687 static int is_good_config(struct usbtest_dev *tdev, int len)
688 {
689 struct usb_config_descriptor *config;
690
691 if (len < sizeof(*config))
692 return 0;
693 config = (struct usb_config_descriptor *) tdev->buf;
694
695 switch (config->bDescriptorType) {
696 case USB_DT_CONFIG:
697 case USB_DT_OTHER_SPEED_CONFIG:
698 if (config->bLength != 9) {
699 ERROR(tdev, "bogus config descriptor length\n");
700 return 0;
701 }
702 /* this bit 'must be 1' but often isn't */
703 if (!realworld && !(config->bmAttributes & 0x80)) {
704 ERROR(tdev, "high bit of config attributes not set\n");
705 return 0;
706 }
707 if (config->bmAttributes & 0x1f) { /* reserved == 0 */
708 ERROR(tdev, "reserved config bits set\n");
709 return 0;
710 }
711 break;
712 default:
713 return 0;
714 }
715
716 if (le16_to_cpu(config->wTotalLength) == len) /* read it all */
717 return 1;
718 if (le16_to_cpu(config->wTotalLength) >= TBUF_SIZE) /* max partial read */
719 return 1;
720 ERROR(tdev, "bogus config descriptor read size\n");
721 return 0;
722 }
723
is_good_ext(struct usbtest_dev * tdev,u8 * buf)724 static int is_good_ext(struct usbtest_dev *tdev, u8 *buf)
725 {
726 struct usb_ext_cap_descriptor *ext;
727 u32 attr;
728
729 ext = (struct usb_ext_cap_descriptor *) buf;
730
731 if (ext->bLength != USB_DT_USB_EXT_CAP_SIZE) {
732 ERROR(tdev, "bogus usb 2.0 extension descriptor length\n");
733 return 0;
734 }
735
736 attr = le32_to_cpu(ext->bmAttributes);
737 /* bits[1:15] is used and others are reserved */
738 if (attr & ~0xfffe) { /* reserved == 0 */
739 ERROR(tdev, "reserved bits set\n");
740 return 0;
741 }
742
743 return 1;
744 }
745
is_good_ss_cap(struct usbtest_dev * tdev,u8 * buf)746 static int is_good_ss_cap(struct usbtest_dev *tdev, u8 *buf)
747 {
748 struct usb_ss_cap_descriptor *ss;
749
750 ss = (struct usb_ss_cap_descriptor *) buf;
751
752 if (ss->bLength != USB_DT_USB_SS_CAP_SIZE) {
753 ERROR(tdev, "bogus superspeed device capability descriptor length\n");
754 return 0;
755 }
756
757 /*
758 * only bit[1] of bmAttributes is used for LTM and others are
759 * reserved
760 */
761 if (ss->bmAttributes & ~0x02) { /* reserved == 0 */
762 ERROR(tdev, "reserved bits set in bmAttributes\n");
763 return 0;
764 }
765
766 /* bits[0:3] of wSpeedSupported is used and others are reserved */
767 if (le16_to_cpu(ss->wSpeedSupported) & ~0x0f) { /* reserved == 0 */
768 ERROR(tdev, "reserved bits set in wSpeedSupported\n");
769 return 0;
770 }
771
772 return 1;
773 }
774
is_good_con_id(struct usbtest_dev * tdev,u8 * buf)775 static int is_good_con_id(struct usbtest_dev *tdev, u8 *buf)
776 {
777 struct usb_ss_container_id_descriptor *con_id;
778
779 con_id = (struct usb_ss_container_id_descriptor *) buf;
780
781 if (con_id->bLength != USB_DT_USB_SS_CONTN_ID_SIZE) {
782 ERROR(tdev, "bogus container id descriptor length\n");
783 return 0;
784 }
785
786 if (con_id->bReserved) { /* reserved == 0 */
787 ERROR(tdev, "reserved bits set\n");
788 return 0;
789 }
790
791 return 1;
792 }
793
794 /* sanity test for standard requests working with usb_control_mesg() and some
795 * of the utility functions which use it.
796 *
797 * this doesn't test how endpoint halts behave or data toggles get set, since
798 * we won't do I/O to bulk/interrupt endpoints here (which is how to change
799 * halt or toggle). toggle testing is impractical without support from hcds.
800 *
801 * this avoids failing devices linux would normally work with, by not testing
802 * config/altsetting operations for devices that only support their defaults.
803 * such devices rarely support those needless operations.
804 *
805 * NOTE that since this is a sanity test, it's not examining boundary cases
806 * to see if usbcore, hcd, and device all behave right. such testing would
807 * involve varied read sizes and other operation sequences.
808 */
ch9_postconfig(struct usbtest_dev * dev)809 static int ch9_postconfig(struct usbtest_dev *dev)
810 {
811 struct usb_interface *iface = dev->intf;
812 struct usb_device *udev = interface_to_usbdev(iface);
813 int i, alt, retval;
814
815 /* [9.2.3] if there's more than one altsetting, we need to be able to
816 * set and get each one. mostly trusts the descriptors from usbcore.
817 */
818 for (i = 0; i < iface->num_altsetting; i++) {
819
820 /* 9.2.3 constrains the range here */
821 alt = iface->altsetting[i].desc.bAlternateSetting;
822 if (alt < 0 || alt >= iface->num_altsetting) {
823 dev_err(&iface->dev,
824 "invalid alt [%d].bAltSetting = %d\n",
825 i, alt);
826 }
827
828 /* [real world] get/set unimplemented if there's only one */
829 if (realworld && iface->num_altsetting == 1)
830 continue;
831
832 /* [9.4.10] set_interface */
833 retval = set_altsetting(dev, alt);
834 if (retval) {
835 dev_err(&iface->dev, "can't set_interface = %d, %d\n",
836 alt, retval);
837 return retval;
838 }
839
840 /* [9.4.4] get_interface always works */
841 retval = get_altsetting(dev);
842 if (retval != alt) {
843 dev_err(&iface->dev, "get alt should be %d, was %d\n",
844 alt, retval);
845 return (retval < 0) ? retval : -EDOM;
846 }
847
848 }
849
850 /* [real world] get_config unimplemented if there's only one */
851 if (!realworld || udev->descriptor.bNumConfigurations != 1) {
852 int expected = udev->actconfig->desc.bConfigurationValue;
853
854 /* [9.4.2] get_configuration always works
855 * ... although some cheap devices (like one TI Hub I've got)
856 * won't return config descriptors except before set_config.
857 */
858 retval = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
859 USB_REQ_GET_CONFIGURATION,
860 USB_DIR_IN | USB_RECIP_DEVICE,
861 0, 0, dev->buf, 1, USB_CTRL_GET_TIMEOUT);
862 if (retval != 1 || dev->buf[0] != expected) {
863 dev_err(&iface->dev, "get config --> %d %d (1 %d)\n",
864 retval, dev->buf[0], expected);
865 return (retval < 0) ? retval : -EDOM;
866 }
867 }
868
869 /* there's always [9.4.3] a device descriptor [9.6.1] */
870 retval = usb_get_descriptor(udev, USB_DT_DEVICE, 0,
871 dev->buf, sizeof(udev->descriptor));
872 if (retval != sizeof(udev->descriptor)) {
873 dev_err(&iface->dev, "dev descriptor --> %d\n", retval);
874 return (retval < 0) ? retval : -EDOM;
875 }
876
877 /*
878 * there's always [9.4.3] a bos device descriptor [9.6.2] in USB
879 * 3.0 spec
880 */
881 if (le16_to_cpu(udev->descriptor.bcdUSB) >= 0x0210) {
882 struct usb_bos_descriptor *bos = NULL;
883 struct usb_dev_cap_header *header = NULL;
884 unsigned total, num, length;
885 u8 *buf;
886
887 retval = usb_get_descriptor(udev, USB_DT_BOS, 0, dev->buf,
888 sizeof(*udev->bos->desc));
889 if (retval != sizeof(*udev->bos->desc)) {
890 dev_err(&iface->dev, "bos descriptor --> %d\n", retval);
891 return (retval < 0) ? retval : -EDOM;
892 }
893
894 bos = (struct usb_bos_descriptor *)dev->buf;
895 total = le16_to_cpu(bos->wTotalLength);
896 num = bos->bNumDeviceCaps;
897
898 if (total > TBUF_SIZE)
899 total = TBUF_SIZE;
900
901 /*
902 * get generic device-level capability descriptors [9.6.2]
903 * in USB 3.0 spec
904 */
905 retval = usb_get_descriptor(udev, USB_DT_BOS, 0, dev->buf,
906 total);
907 if (retval != total) {
908 dev_err(&iface->dev, "bos descriptor set --> %d\n",
909 retval);
910 return (retval < 0) ? retval : -EDOM;
911 }
912
913 length = sizeof(*udev->bos->desc);
914 buf = dev->buf;
915 for (i = 0; i < num; i++) {
916 buf += length;
917 if (buf + sizeof(struct usb_dev_cap_header) >
918 dev->buf + total)
919 break;
920
921 header = (struct usb_dev_cap_header *)buf;
922 length = header->bLength;
923
924 if (header->bDescriptorType !=
925 USB_DT_DEVICE_CAPABILITY) {
926 dev_warn(&udev->dev, "not device capability descriptor, skip\n");
927 continue;
928 }
929
930 switch (header->bDevCapabilityType) {
931 case USB_CAP_TYPE_EXT:
932 if (buf + USB_DT_USB_EXT_CAP_SIZE >
933 dev->buf + total ||
934 !is_good_ext(dev, buf)) {
935 dev_err(&iface->dev, "bogus usb 2.0 extension descriptor\n");
936 return -EDOM;
937 }
938 break;
939 case USB_SS_CAP_TYPE:
940 if (buf + USB_DT_USB_SS_CAP_SIZE >
941 dev->buf + total ||
942 !is_good_ss_cap(dev, buf)) {
943 dev_err(&iface->dev, "bogus superspeed device capability descriptor\n");
944 return -EDOM;
945 }
946 break;
947 case CONTAINER_ID_TYPE:
948 if (buf + USB_DT_USB_SS_CONTN_ID_SIZE >
949 dev->buf + total ||
950 !is_good_con_id(dev, buf)) {
951 dev_err(&iface->dev, "bogus container id descriptor\n");
952 return -EDOM;
953 }
954 break;
955 default:
956 break;
957 }
958 }
959 }
960
961 /* there's always [9.4.3] at least one config descriptor [9.6.3] */
962 for (i = 0; i < udev->descriptor.bNumConfigurations; i++) {
963 retval = usb_get_descriptor(udev, USB_DT_CONFIG, i,
964 dev->buf, TBUF_SIZE);
965 if (!is_good_config(dev, retval)) {
966 dev_err(&iface->dev,
967 "config [%d] descriptor --> %d\n",
968 i, retval);
969 return (retval < 0) ? retval : -EDOM;
970 }
971
972 /* FIXME cross-checking udev->config[i] to make sure usbcore
973 * parsed it right (etc) would be good testing paranoia
974 */
975 }
976
977 /* and sometimes [9.2.6.6] speed dependent descriptors */
978 if (le16_to_cpu(udev->descriptor.bcdUSB) == 0x0200) {
979 struct usb_qualifier_descriptor *d = NULL;
980
981 /* device qualifier [9.6.2] */
982 retval = usb_get_descriptor(udev,
983 USB_DT_DEVICE_QUALIFIER, 0, dev->buf,
984 sizeof(struct usb_qualifier_descriptor));
985 if (retval == -EPIPE) {
986 if (udev->speed == USB_SPEED_HIGH) {
987 dev_err(&iface->dev,
988 "hs dev qualifier --> %d\n",
989 retval);
990 return retval;
991 }
992 /* usb2.0 but not high-speed capable; fine */
993 } else if (retval != sizeof(struct usb_qualifier_descriptor)) {
994 dev_err(&iface->dev, "dev qualifier --> %d\n", retval);
995 return (retval < 0) ? retval : -EDOM;
996 } else
997 d = (struct usb_qualifier_descriptor *) dev->buf;
998
999 /* might not have [9.6.2] any other-speed configs [9.6.4] */
1000 if (d) {
1001 unsigned max = d->bNumConfigurations;
1002 for (i = 0; i < max; i++) {
1003 retval = usb_get_descriptor(udev,
1004 USB_DT_OTHER_SPEED_CONFIG, i,
1005 dev->buf, TBUF_SIZE);
1006 if (!is_good_config(dev, retval)) {
1007 dev_err(&iface->dev,
1008 "other speed config --> %d\n",
1009 retval);
1010 return (retval < 0) ? retval : -EDOM;
1011 }
1012 }
1013 }
1014 }
1015 /* FIXME fetch strings from at least the device descriptor */
1016
1017 /* [9.4.5] get_status always works */
1018 retval = usb_get_status(udev, USB_RECIP_DEVICE, 0, dev->buf);
1019 if (retval) {
1020 dev_err(&iface->dev, "get dev status --> %d\n", retval);
1021 return retval;
1022 }
1023
1024 /* FIXME configuration.bmAttributes says if we could try to set/clear
1025 * the device's remote wakeup feature ... if we can, test that here
1026 */
1027
1028 retval = usb_get_status(udev, USB_RECIP_INTERFACE,
1029 iface->altsetting[0].desc.bInterfaceNumber, dev->buf);
1030 if (retval) {
1031 dev_err(&iface->dev, "get interface status --> %d\n", retval);
1032 return retval;
1033 }
1034 /* FIXME get status for each endpoint in the interface */
1035
1036 return 0;
1037 }
1038
1039 /*-------------------------------------------------------------------------*/
1040
1041 /* use ch9 requests to test whether:
1042 * (a) queues work for control, keeping N subtests queued and
1043 * active (auto-resubmit) for M loops through the queue.
1044 * (b) protocol stalls (control-only) will autorecover.
1045 * it's not like bulk/intr; no halt clearing.
1046 * (c) short control reads are reported and handled.
1047 * (d) queues are always processed in-order
1048 */
1049
1050 struct ctrl_ctx {
1051 spinlock_t lock;
1052 struct usbtest_dev *dev;
1053 struct completion complete;
1054 unsigned count;
1055 unsigned pending;
1056 int status;
1057 struct urb **urb;
1058 struct usbtest_param_32 *param;
1059 int last;
1060 };
1061
1062 #define NUM_SUBCASES 16 /* how many test subcases here? */
1063
1064 struct subcase {
1065 struct usb_ctrlrequest setup;
1066 int number;
1067 int expected;
1068 };
1069
ctrl_complete(struct urb * urb)1070 static void ctrl_complete(struct urb *urb)
1071 {
1072 struct ctrl_ctx *ctx = urb->context;
1073 struct usb_ctrlrequest *reqp;
1074 struct subcase *subcase;
1075 int status = urb->status;
1076
1077 reqp = (struct usb_ctrlrequest *)urb->setup_packet;
1078 subcase = container_of(reqp, struct subcase, setup);
1079
1080 spin_lock(&ctx->lock);
1081 ctx->count--;
1082 ctx->pending--;
1083
1084 /* queue must transfer and complete in fifo order, unless
1085 * usb_unlink_urb() is used to unlink something not at the
1086 * physical queue head (not tested).
1087 */
1088 if (subcase->number > 0) {
1089 if ((subcase->number - ctx->last) != 1) {
1090 ERROR(ctx->dev,
1091 "subcase %d completed out of order, last %d\n",
1092 subcase->number, ctx->last);
1093 status = -EDOM;
1094 ctx->last = subcase->number;
1095 goto error;
1096 }
1097 }
1098 ctx->last = subcase->number;
1099
1100 /* succeed or fault in only one way? */
1101 if (status == subcase->expected)
1102 status = 0;
1103
1104 /* async unlink for cleanup? */
1105 else if (status != -ECONNRESET) {
1106
1107 /* some faults are allowed, not required */
1108 if (subcase->expected > 0 && (
1109 ((status == -subcase->expected /* happened */
1110 || status == 0)))) /* didn't */
1111 status = 0;
1112 /* sometimes more than one fault is allowed */
1113 else if (subcase->number == 12 && status == -EPIPE)
1114 status = 0;
1115 else
1116 ERROR(ctx->dev, "subtest %d error, status %d\n",
1117 subcase->number, status);
1118 }
1119
1120 /* unexpected status codes mean errors; ideally, in hardware */
1121 if (status) {
1122 error:
1123 if (ctx->status == 0) {
1124 int i;
1125
1126 ctx->status = status;
1127 ERROR(ctx->dev, "control queue %02x.%02x, err %d, "
1128 "%d left, subcase %d, len %d/%d\n",
1129 reqp->bRequestType, reqp->bRequest,
1130 status, ctx->count, subcase->number,
1131 urb->actual_length,
1132 urb->transfer_buffer_length);
1133
1134 /* FIXME this "unlink everything" exit route should
1135 * be a separate test case.
1136 */
1137
1138 /* unlink whatever's still pending */
1139 for (i = 1; i < ctx->param->sglen; i++) {
1140 struct urb *u = ctx->urb[
1141 (i + subcase->number)
1142 % ctx->param->sglen];
1143
1144 if (u == urb || !u->dev)
1145 continue;
1146 spin_unlock(&ctx->lock);
1147 status = usb_unlink_urb(u);
1148 spin_lock(&ctx->lock);
1149 switch (status) {
1150 case -EINPROGRESS:
1151 case -EBUSY:
1152 case -EIDRM:
1153 continue;
1154 default:
1155 ERROR(ctx->dev, "urb unlink --> %d\n",
1156 status);
1157 }
1158 }
1159 status = ctx->status;
1160 }
1161 }
1162
1163 /* resubmit if we need to, else mark this as done */
1164 if ((status == 0) && (ctx->pending < ctx->count)) {
1165 status = usb_submit_urb(urb, GFP_ATOMIC);
1166 if (status != 0) {
1167 ERROR(ctx->dev,
1168 "can't resubmit ctrl %02x.%02x, err %d\n",
1169 reqp->bRequestType, reqp->bRequest, status);
1170 urb->dev = NULL;
1171 } else
1172 ctx->pending++;
1173 } else
1174 urb->dev = NULL;
1175
1176 /* signal completion when nothing's queued */
1177 if (ctx->pending == 0)
1178 complete(&ctx->complete);
1179 spin_unlock(&ctx->lock);
1180 }
1181
1182 static int
test_ctrl_queue(struct usbtest_dev * dev,struct usbtest_param_32 * param)1183 test_ctrl_queue(struct usbtest_dev *dev, struct usbtest_param_32 *param)
1184 {
1185 struct usb_device *udev = testdev_to_usbdev(dev);
1186 struct urb **urb;
1187 struct ctrl_ctx context;
1188 int i;
1189
1190 if (param->sglen == 0 || param->iterations > UINT_MAX / param->sglen)
1191 return -EOPNOTSUPP;
1192
1193 spin_lock_init(&context.lock);
1194 context.dev = dev;
1195 init_completion(&context.complete);
1196 context.count = param->sglen * param->iterations;
1197 context.pending = 0;
1198 context.status = -ENOMEM;
1199 context.param = param;
1200 context.last = -1;
1201
1202 /* allocate and init the urbs we'll queue.
1203 * as with bulk/intr sglists, sglen is the queue depth; it also
1204 * controls which subtests run (more tests than sglen) or rerun.
1205 */
1206 urb = kcalloc(param->sglen, sizeof(struct urb *), GFP_KERNEL);
1207 if (!urb)
1208 return -ENOMEM;
1209 for (i = 0; i < param->sglen; i++) {
1210 int pipe = usb_rcvctrlpipe(udev, 0);
1211 unsigned len;
1212 struct urb *u;
1213 struct usb_ctrlrequest req;
1214 struct subcase *reqp;
1215
1216 /* sign of this variable means:
1217 * -: tested code must return this (negative) error code
1218 * +: tested code may return this (negative too) error code
1219 */
1220 int expected = 0;
1221
1222 /* requests here are mostly expected to succeed on any
1223 * device, but some are chosen to trigger protocol stalls
1224 * or short reads.
1225 */
1226 memset(&req, 0, sizeof(req));
1227 req.bRequest = USB_REQ_GET_DESCRIPTOR;
1228 req.bRequestType = USB_DIR_IN|USB_RECIP_DEVICE;
1229
1230 switch (i % NUM_SUBCASES) {
1231 case 0: /* get device descriptor */
1232 req.wValue = cpu_to_le16(USB_DT_DEVICE << 8);
1233 len = sizeof(struct usb_device_descriptor);
1234 break;
1235 case 1: /* get first config descriptor (only) */
1236 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0);
1237 len = sizeof(struct usb_config_descriptor);
1238 break;
1239 case 2: /* get altsetting (OFTEN STALLS) */
1240 req.bRequest = USB_REQ_GET_INTERFACE;
1241 req.bRequestType = USB_DIR_IN|USB_RECIP_INTERFACE;
1242 /* index = 0 means first interface */
1243 len = 1;
1244 expected = EPIPE;
1245 break;
1246 case 3: /* get interface status */
1247 req.bRequest = USB_REQ_GET_STATUS;
1248 req.bRequestType = USB_DIR_IN|USB_RECIP_INTERFACE;
1249 /* interface 0 */
1250 len = 2;
1251 break;
1252 case 4: /* get device status */
1253 req.bRequest = USB_REQ_GET_STATUS;
1254 req.bRequestType = USB_DIR_IN|USB_RECIP_DEVICE;
1255 len = 2;
1256 break;
1257 case 5: /* get device qualifier (MAY STALL) */
1258 req.wValue = cpu_to_le16 (USB_DT_DEVICE_QUALIFIER << 8);
1259 len = sizeof(struct usb_qualifier_descriptor);
1260 if (udev->speed != USB_SPEED_HIGH)
1261 expected = EPIPE;
1262 break;
1263 case 6: /* get first config descriptor, plus interface */
1264 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0);
1265 len = sizeof(struct usb_config_descriptor);
1266 len += sizeof(struct usb_interface_descriptor);
1267 break;
1268 case 7: /* get interface descriptor (ALWAYS STALLS) */
1269 req.wValue = cpu_to_le16 (USB_DT_INTERFACE << 8);
1270 /* interface == 0 */
1271 len = sizeof(struct usb_interface_descriptor);
1272 expected = -EPIPE;
1273 break;
1274 /* NOTE: two consecutive stalls in the queue here.
1275 * that tests fault recovery a bit more aggressively. */
1276 case 8: /* clear endpoint halt (MAY STALL) */
1277 req.bRequest = USB_REQ_CLEAR_FEATURE;
1278 req.bRequestType = USB_RECIP_ENDPOINT;
1279 /* wValue 0 == ep halt */
1280 /* wIndex 0 == ep0 (shouldn't halt!) */
1281 len = 0;
1282 pipe = usb_sndctrlpipe(udev, 0);
1283 expected = EPIPE;
1284 break;
1285 case 9: /* get endpoint status */
1286 req.bRequest = USB_REQ_GET_STATUS;
1287 req.bRequestType = USB_DIR_IN|USB_RECIP_ENDPOINT;
1288 /* endpoint 0 */
1289 len = 2;
1290 break;
1291 case 10: /* trigger short read (EREMOTEIO) */
1292 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0);
1293 len = 1024;
1294 expected = -EREMOTEIO;
1295 break;
1296 /* NOTE: two consecutive _different_ faults in the queue. */
1297 case 11: /* get endpoint descriptor (ALWAYS STALLS) */
1298 req.wValue = cpu_to_le16(USB_DT_ENDPOINT << 8);
1299 /* endpoint == 0 */
1300 len = sizeof(struct usb_interface_descriptor);
1301 expected = EPIPE;
1302 break;
1303 /* NOTE: sometimes even a third fault in the queue! */
1304 case 12: /* get string 0 descriptor (MAY STALL) */
1305 req.wValue = cpu_to_le16(USB_DT_STRING << 8);
1306 /* string == 0, for language IDs */
1307 len = sizeof(struct usb_interface_descriptor);
1308 /* may succeed when > 4 languages */
1309 expected = EREMOTEIO; /* or EPIPE, if no strings */
1310 break;
1311 case 13: /* short read, resembling case 10 */
1312 req.wValue = cpu_to_le16((USB_DT_CONFIG << 8) | 0);
1313 /* last data packet "should" be DATA1, not DATA0 */
1314 if (udev->speed == USB_SPEED_SUPER)
1315 len = 1024 - 512;
1316 else
1317 len = 1024 - udev->descriptor.bMaxPacketSize0;
1318 expected = -EREMOTEIO;
1319 break;
1320 case 14: /* short read; try to fill the last packet */
1321 req.wValue = cpu_to_le16((USB_DT_DEVICE << 8) | 0);
1322 /* device descriptor size == 18 bytes */
1323 len = udev->descriptor.bMaxPacketSize0;
1324 if (udev->speed == USB_SPEED_SUPER)
1325 len = 512;
1326 switch (len) {
1327 case 8:
1328 len = 24;
1329 break;
1330 case 16:
1331 len = 32;
1332 break;
1333 }
1334 expected = -EREMOTEIO;
1335 break;
1336 case 15:
1337 req.wValue = cpu_to_le16(USB_DT_BOS << 8);
1338 if (udev->bos)
1339 len = le16_to_cpu(udev->bos->desc->wTotalLength);
1340 else
1341 len = sizeof(struct usb_bos_descriptor);
1342 if (le16_to_cpu(udev->descriptor.bcdUSB) < 0x0201)
1343 expected = -EPIPE;
1344 break;
1345 default:
1346 ERROR(dev, "bogus number of ctrl queue testcases!\n");
1347 context.status = -EINVAL;
1348 goto cleanup;
1349 }
1350 req.wLength = cpu_to_le16(len);
1351 urb[i] = u = simple_alloc_urb(udev, pipe, len, 0);
1352 if (!u)
1353 goto cleanup;
1354
1355 reqp = kmalloc(sizeof(*reqp), GFP_KERNEL);
1356 if (!reqp)
1357 goto cleanup;
1358 reqp->setup = req;
1359 reqp->number = i % NUM_SUBCASES;
1360 reqp->expected = expected;
1361 u->setup_packet = (char *) &reqp->setup;
1362
1363 u->context = &context;
1364 u->complete = ctrl_complete;
1365 }
1366
1367 /* queue the urbs */
1368 context.urb = urb;
1369 spin_lock_irq(&context.lock);
1370 for (i = 0; i < param->sglen; i++) {
1371 context.status = usb_submit_urb(urb[i], GFP_ATOMIC);
1372 if (context.status != 0) {
1373 ERROR(dev, "can't submit urb[%d], status %d\n",
1374 i, context.status);
1375 context.count = context.pending;
1376 break;
1377 }
1378 context.pending++;
1379 }
1380 spin_unlock_irq(&context.lock);
1381
1382 /* FIXME set timer and time out; provide a disconnect hook */
1383
1384 /* wait for the last one to complete */
1385 if (context.pending > 0)
1386 wait_for_completion(&context.complete);
1387
1388 cleanup:
1389 for (i = 0; i < param->sglen; i++) {
1390 if (!urb[i])
1391 continue;
1392 urb[i]->dev = udev;
1393 kfree(urb[i]->setup_packet);
1394 simple_free_urb(urb[i]);
1395 }
1396 kfree(urb);
1397 return context.status;
1398 }
1399 #undef NUM_SUBCASES
1400
1401
1402 /*-------------------------------------------------------------------------*/
1403
unlink1_callback(struct urb * urb)1404 static void unlink1_callback(struct urb *urb)
1405 {
1406 int status = urb->status;
1407
1408 /* we "know" -EPIPE (stall) never happens */
1409 if (!status)
1410 status = usb_submit_urb(urb, GFP_ATOMIC);
1411 if (status) {
1412 urb->status = status;
1413 complete(urb->context);
1414 }
1415 }
1416
unlink1(struct usbtest_dev * dev,int pipe,int size,int async)1417 static int unlink1(struct usbtest_dev *dev, int pipe, int size, int async)
1418 {
1419 struct urb *urb;
1420 struct completion completion;
1421 int retval = 0;
1422
1423 init_completion(&completion);
1424 urb = simple_alloc_urb(testdev_to_usbdev(dev), pipe, size, 0);
1425 if (!urb)
1426 return -ENOMEM;
1427 urb->context = &completion;
1428 urb->complete = unlink1_callback;
1429
1430 if (usb_pipeout(urb->pipe)) {
1431 simple_fill_buf(urb);
1432 urb->transfer_flags |= URB_ZERO_PACKET;
1433 }
1434
1435 /* keep the endpoint busy. there are lots of hc/hcd-internal
1436 * states, and testing should get to all of them over time.
1437 *
1438 * FIXME want additional tests for when endpoint is STALLing
1439 * due to errors, or is just NAKing requests.
1440 */
1441 retval = usb_submit_urb(urb, GFP_KERNEL);
1442 if (retval != 0) {
1443 dev_err(&dev->intf->dev, "submit fail %d\n", retval);
1444 return retval;
1445 }
1446
1447 /* unlinking that should always work. variable delay tests more
1448 * hcd states and code paths, even with little other system load.
1449 */
1450 msleep(jiffies % (2 * INTERRUPT_RATE));
1451 if (async) {
1452 while (!completion_done(&completion)) {
1453 retval = usb_unlink_urb(urb);
1454
1455 if (retval == 0 && usb_pipein(urb->pipe))
1456 retval = simple_check_buf(dev, urb);
1457
1458 switch (retval) {
1459 case -EBUSY:
1460 case -EIDRM:
1461 /* we can't unlink urbs while they're completing
1462 * or if they've completed, and we haven't
1463 * resubmitted. "normal" drivers would prevent
1464 * resubmission, but since we're testing unlink
1465 * paths, we can't.
1466 */
1467 ERROR(dev, "unlink retry\n");
1468 continue;
1469 case 0:
1470 case -EINPROGRESS:
1471 break;
1472
1473 default:
1474 dev_err(&dev->intf->dev,
1475 "unlink fail %d\n", retval);
1476 return retval;
1477 }
1478
1479 break;
1480 }
1481 } else
1482 usb_kill_urb(urb);
1483
1484 wait_for_completion(&completion);
1485 retval = urb->status;
1486 simple_free_urb(urb);
1487
1488 if (async)
1489 return (retval == -ECONNRESET) ? 0 : retval - 1000;
1490 else
1491 return (retval == -ENOENT || retval == -EPERM) ?
1492 0 : retval - 2000;
1493 }
1494
unlink_simple(struct usbtest_dev * dev,int pipe,int len)1495 static int unlink_simple(struct usbtest_dev *dev, int pipe, int len)
1496 {
1497 int retval = 0;
1498
1499 /* test sync and async paths */
1500 retval = unlink1(dev, pipe, len, 1);
1501 if (!retval)
1502 retval = unlink1(dev, pipe, len, 0);
1503 return retval;
1504 }
1505
1506 /*-------------------------------------------------------------------------*/
1507
1508 struct queued_ctx {
1509 struct completion complete;
1510 atomic_t pending;
1511 unsigned num;
1512 int status;
1513 struct urb **urbs;
1514 };
1515
unlink_queued_callback(struct urb * urb)1516 static void unlink_queued_callback(struct urb *urb)
1517 {
1518 int status = urb->status;
1519 struct queued_ctx *ctx = urb->context;
1520
1521 if (ctx->status)
1522 goto done;
1523 if (urb == ctx->urbs[ctx->num - 4] || urb == ctx->urbs[ctx->num - 2]) {
1524 if (status == -ECONNRESET)
1525 goto done;
1526 /* What error should we report if the URB completed normally? */
1527 }
1528 if (status != 0)
1529 ctx->status = status;
1530
1531 done:
1532 if (atomic_dec_and_test(&ctx->pending))
1533 complete(&ctx->complete);
1534 }
1535
unlink_queued(struct usbtest_dev * dev,int pipe,unsigned num,unsigned size)1536 static int unlink_queued(struct usbtest_dev *dev, int pipe, unsigned num,
1537 unsigned size)
1538 {
1539 struct queued_ctx ctx;
1540 struct usb_device *udev = testdev_to_usbdev(dev);
1541 void *buf;
1542 dma_addr_t buf_dma;
1543 int i;
1544 int retval = -ENOMEM;
1545
1546 init_completion(&ctx.complete);
1547 atomic_set(&ctx.pending, 1); /* One more than the actual value */
1548 ctx.num = num;
1549 ctx.status = 0;
1550
1551 buf = usb_alloc_coherent(udev, size, GFP_KERNEL, &buf_dma);
1552 if (!buf)
1553 return retval;
1554 memset(buf, 0, size);
1555
1556 /* Allocate and init the urbs we'll queue */
1557 ctx.urbs = kcalloc(num, sizeof(struct urb *), GFP_KERNEL);
1558 if (!ctx.urbs)
1559 goto free_buf;
1560 for (i = 0; i < num; i++) {
1561 ctx.urbs[i] = usb_alloc_urb(0, GFP_KERNEL);
1562 if (!ctx.urbs[i])
1563 goto free_urbs;
1564 usb_fill_bulk_urb(ctx.urbs[i], udev, pipe, buf, size,
1565 unlink_queued_callback, &ctx);
1566 ctx.urbs[i]->transfer_dma = buf_dma;
1567 ctx.urbs[i]->transfer_flags = URB_NO_TRANSFER_DMA_MAP;
1568
1569 if (usb_pipeout(ctx.urbs[i]->pipe)) {
1570 simple_fill_buf(ctx.urbs[i]);
1571 ctx.urbs[i]->transfer_flags |= URB_ZERO_PACKET;
1572 }
1573 }
1574
1575 /* Submit all the URBs and then unlink URBs num - 4 and num - 2. */
1576 for (i = 0; i < num; i++) {
1577 atomic_inc(&ctx.pending);
1578 retval = usb_submit_urb(ctx.urbs[i], GFP_KERNEL);
1579 if (retval != 0) {
1580 dev_err(&dev->intf->dev, "submit urbs[%d] fail %d\n",
1581 i, retval);
1582 atomic_dec(&ctx.pending);
1583 ctx.status = retval;
1584 break;
1585 }
1586 }
1587 if (i == num) {
1588 usb_unlink_urb(ctx.urbs[num - 4]);
1589 usb_unlink_urb(ctx.urbs[num - 2]);
1590 } else {
1591 while (--i >= 0)
1592 usb_unlink_urb(ctx.urbs[i]);
1593 }
1594
1595 if (atomic_dec_and_test(&ctx.pending)) /* The extra count */
1596 complete(&ctx.complete);
1597 wait_for_completion(&ctx.complete);
1598 retval = ctx.status;
1599
1600 free_urbs:
1601 for (i = 0; i < num; i++)
1602 usb_free_urb(ctx.urbs[i]);
1603 kfree(ctx.urbs);
1604 free_buf:
1605 usb_free_coherent(udev, size, buf, buf_dma);
1606 return retval;
1607 }
1608
1609 /*-------------------------------------------------------------------------*/
1610
verify_not_halted(struct usbtest_dev * tdev,int ep,struct urb * urb)1611 static int verify_not_halted(struct usbtest_dev *tdev, int ep, struct urb *urb)
1612 {
1613 int retval;
1614 u16 status;
1615
1616 /* shouldn't look or act halted */
1617 retval = usb_get_status(urb->dev, USB_RECIP_ENDPOINT, ep, &status);
1618 if (retval < 0) {
1619 ERROR(tdev, "ep %02x couldn't get no-halt status, %d\n",
1620 ep, retval);
1621 return retval;
1622 }
1623 if (status != 0) {
1624 ERROR(tdev, "ep %02x bogus status: %04x != 0\n", ep, status);
1625 return -EINVAL;
1626 }
1627 retval = simple_io(tdev, urb, 1, 0, 0, __func__);
1628 if (retval != 0)
1629 return -EINVAL;
1630 return 0;
1631 }
1632
verify_halted(struct usbtest_dev * tdev,int ep,struct urb * urb)1633 static int verify_halted(struct usbtest_dev *tdev, int ep, struct urb *urb)
1634 {
1635 int retval;
1636 u16 status;
1637
1638 /* should look and act halted */
1639 retval = usb_get_status(urb->dev, USB_RECIP_ENDPOINT, ep, &status);
1640 if (retval < 0) {
1641 ERROR(tdev, "ep %02x couldn't get halt status, %d\n",
1642 ep, retval);
1643 return retval;
1644 }
1645 if (status != 1) {
1646 ERROR(tdev, "ep %02x bogus status: %04x != 1\n", ep, status);
1647 return -EINVAL;
1648 }
1649 retval = simple_io(tdev, urb, 1, 0, -EPIPE, __func__);
1650 if (retval != -EPIPE)
1651 return -EINVAL;
1652 retval = simple_io(tdev, urb, 1, 0, -EPIPE, "verify_still_halted");
1653 if (retval != -EPIPE)
1654 return -EINVAL;
1655 return 0;
1656 }
1657
test_halt(struct usbtest_dev * tdev,int ep,struct urb * urb)1658 static int test_halt(struct usbtest_dev *tdev, int ep, struct urb *urb)
1659 {
1660 int retval;
1661
1662 /* shouldn't look or act halted now */
1663 retval = verify_not_halted(tdev, ep, urb);
1664 if (retval < 0)
1665 return retval;
1666
1667 /* set halt (protocol test only), verify it worked */
1668 retval = usb_control_msg(urb->dev, usb_sndctrlpipe(urb->dev, 0),
1669 USB_REQ_SET_FEATURE, USB_RECIP_ENDPOINT,
1670 USB_ENDPOINT_HALT, ep,
1671 NULL, 0, USB_CTRL_SET_TIMEOUT);
1672 if (retval < 0) {
1673 ERROR(tdev, "ep %02x couldn't set halt, %d\n", ep, retval);
1674 return retval;
1675 }
1676 retval = verify_halted(tdev, ep, urb);
1677 if (retval < 0) {
1678 int ret;
1679
1680 /* clear halt anyways, else further tests will fail */
1681 ret = usb_clear_halt(urb->dev, urb->pipe);
1682 if (ret)
1683 ERROR(tdev, "ep %02x couldn't clear halt, %d\n",
1684 ep, ret);
1685
1686 return retval;
1687 }
1688
1689 /* clear halt (tests API + protocol), verify it worked */
1690 retval = usb_clear_halt(urb->dev, urb->pipe);
1691 if (retval < 0) {
1692 ERROR(tdev, "ep %02x couldn't clear halt, %d\n", ep, retval);
1693 return retval;
1694 }
1695 retval = verify_not_halted(tdev, ep, urb);
1696 if (retval < 0)
1697 return retval;
1698
1699 /* NOTE: could also verify SET_INTERFACE clear halts ... */
1700
1701 return 0;
1702 }
1703
halt_simple(struct usbtest_dev * dev)1704 static int halt_simple(struct usbtest_dev *dev)
1705 {
1706 int ep;
1707 int retval = 0;
1708 struct urb *urb;
1709 struct usb_device *udev = testdev_to_usbdev(dev);
1710
1711 if (udev->speed == USB_SPEED_SUPER)
1712 urb = simple_alloc_urb(udev, 0, 1024, 0);
1713 else
1714 urb = simple_alloc_urb(udev, 0, 512, 0);
1715 if (urb == NULL)
1716 return -ENOMEM;
1717
1718 if (dev->in_pipe) {
1719 ep = usb_pipeendpoint(dev->in_pipe) | USB_DIR_IN;
1720 urb->pipe = dev->in_pipe;
1721 retval = test_halt(dev, ep, urb);
1722 if (retval < 0)
1723 goto done;
1724 }
1725
1726 if (dev->out_pipe) {
1727 ep = usb_pipeendpoint(dev->out_pipe);
1728 urb->pipe = dev->out_pipe;
1729 retval = test_halt(dev, ep, urb);
1730 }
1731 done:
1732 simple_free_urb(urb);
1733 return retval;
1734 }
1735
1736 /*-------------------------------------------------------------------------*/
1737
1738 /* Control OUT tests use the vendor control requests from Intel's
1739 * USB 2.0 compliance test device: write a buffer, read it back.
1740 *
1741 * Intel's spec only _requires_ that it work for one packet, which
1742 * is pretty weak. Some HCDs place limits here; most devices will
1743 * need to be able to handle more than one OUT data packet. We'll
1744 * try whatever we're told to try.
1745 */
ctrl_out(struct usbtest_dev * dev,unsigned count,unsigned length,unsigned vary,unsigned offset)1746 static int ctrl_out(struct usbtest_dev *dev,
1747 unsigned count, unsigned length, unsigned vary, unsigned offset)
1748 {
1749 unsigned i, j, len;
1750 int retval;
1751 u8 *buf;
1752 char *what = "?";
1753 struct usb_device *udev;
1754
1755 if (length < 1 || length > 0xffff || vary >= length)
1756 return -EINVAL;
1757
1758 buf = kmalloc(length + offset, GFP_KERNEL);
1759 if (!buf)
1760 return -ENOMEM;
1761
1762 buf += offset;
1763 udev = testdev_to_usbdev(dev);
1764 len = length;
1765 retval = 0;
1766
1767 /* NOTE: hardware might well act differently if we pushed it
1768 * with lots back-to-back queued requests.
1769 */
1770 for (i = 0; i < count; i++) {
1771 /* write patterned data */
1772 for (j = 0; j < len; j++)
1773 buf[j] = (u8)(i + j);
1774 retval = usb_control_msg(udev, usb_sndctrlpipe(udev, 0),
1775 0x5b, USB_DIR_OUT|USB_TYPE_VENDOR,
1776 0, 0, buf, len, USB_CTRL_SET_TIMEOUT);
1777 if (retval != len) {
1778 what = "write";
1779 if (retval >= 0) {
1780 ERROR(dev, "ctrl_out, wlen %d (expected %d)\n",
1781 retval, len);
1782 retval = -EBADMSG;
1783 }
1784 break;
1785 }
1786
1787 /* read it back -- assuming nothing intervened!! */
1788 retval = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
1789 0x5c, USB_DIR_IN|USB_TYPE_VENDOR,
1790 0, 0, buf, len, USB_CTRL_GET_TIMEOUT);
1791 if (retval != len) {
1792 what = "read";
1793 if (retval >= 0) {
1794 ERROR(dev, "ctrl_out, rlen %d (expected %d)\n",
1795 retval, len);
1796 retval = -EBADMSG;
1797 }
1798 break;
1799 }
1800
1801 /* fail if we can't verify */
1802 for (j = 0; j < len; j++) {
1803 if (buf[j] != (u8)(i + j)) {
1804 ERROR(dev, "ctrl_out, byte %d is %d not %d\n",
1805 j, buf[j], (u8)(i + j));
1806 retval = -EBADMSG;
1807 break;
1808 }
1809 }
1810 if (retval < 0) {
1811 what = "verify";
1812 break;
1813 }
1814
1815 len += vary;
1816
1817 /* [real world] the "zero bytes IN" case isn't really used.
1818 * hardware can easily trip up in this weird case, since its
1819 * status stage is IN, not OUT like other ep0in transfers.
1820 */
1821 if (len > length)
1822 len = realworld ? 1 : 0;
1823 }
1824
1825 if (retval < 0)
1826 ERROR(dev, "ctrl_out %s failed, code %d, count %d\n",
1827 what, retval, i);
1828
1829 kfree(buf - offset);
1830 return retval;
1831 }
1832
1833 /*-------------------------------------------------------------------------*/
1834
1835 /* ISO/BULK tests ... mimics common usage
1836 * - buffer length is split into N packets (mostly maxpacket sized)
1837 * - multi-buffers according to sglen
1838 */
1839
1840 struct transfer_context {
1841 unsigned count;
1842 unsigned pending;
1843 spinlock_t lock;
1844 struct completion done;
1845 int submit_error;
1846 unsigned long errors;
1847 unsigned long packet_count;
1848 struct usbtest_dev *dev;
1849 bool is_iso;
1850 };
1851
complicated_callback(struct urb * urb)1852 static void complicated_callback(struct urb *urb)
1853 {
1854 struct transfer_context *ctx = urb->context;
1855
1856 spin_lock(&ctx->lock);
1857 ctx->count--;
1858
1859 ctx->packet_count += urb->number_of_packets;
1860 if (urb->error_count > 0)
1861 ctx->errors += urb->error_count;
1862 else if (urb->status != 0)
1863 ctx->errors += (ctx->is_iso ? urb->number_of_packets : 1);
1864 else if (urb->actual_length != urb->transfer_buffer_length)
1865 ctx->errors++;
1866 else if (check_guard_bytes(ctx->dev, urb) != 0)
1867 ctx->errors++;
1868
1869 if (urb->status == 0 && ctx->count > (ctx->pending - 1)
1870 && !ctx->submit_error) {
1871 int status = usb_submit_urb(urb, GFP_ATOMIC);
1872 switch (status) {
1873 case 0:
1874 goto done;
1875 default:
1876 dev_err(&ctx->dev->intf->dev,
1877 "resubmit err %d\n",
1878 status);
1879 /* FALLTHROUGH */
1880 case -ENODEV: /* disconnected */
1881 case -ESHUTDOWN: /* endpoint disabled */
1882 ctx->submit_error = 1;
1883 break;
1884 }
1885 }
1886
1887 ctx->pending--;
1888 if (ctx->pending == 0) {
1889 if (ctx->errors)
1890 dev_err(&ctx->dev->intf->dev,
1891 "during the test, %lu errors out of %lu\n",
1892 ctx->errors, ctx->packet_count);
1893 complete(&ctx->done);
1894 }
1895 done:
1896 spin_unlock(&ctx->lock);
1897 }
1898
iso_alloc_urb(struct usb_device * udev,int pipe,struct usb_endpoint_descriptor * desc,long bytes,unsigned offset)1899 static struct urb *iso_alloc_urb(
1900 struct usb_device *udev,
1901 int pipe,
1902 struct usb_endpoint_descriptor *desc,
1903 long bytes,
1904 unsigned offset
1905 )
1906 {
1907 struct urb *urb;
1908 unsigned i, maxp, packets;
1909
1910 if (bytes < 0 || !desc)
1911 return NULL;
1912 maxp = 0x7ff & usb_endpoint_maxp(desc);
1913 maxp *= usb_endpoint_maxp_mult(desc);
1914 packets = DIV_ROUND_UP(bytes, maxp);
1915
1916 urb = usb_alloc_urb(packets, GFP_KERNEL);
1917 if (!urb)
1918 return urb;
1919 urb->dev = udev;
1920 urb->pipe = pipe;
1921
1922 urb->number_of_packets = packets;
1923 urb->transfer_buffer_length = bytes;
1924 urb->transfer_buffer = usb_alloc_coherent(udev, bytes + offset,
1925 GFP_KERNEL,
1926 &urb->transfer_dma);
1927 if (!urb->transfer_buffer) {
1928 usb_free_urb(urb);
1929 return NULL;
1930 }
1931 if (offset) {
1932 memset(urb->transfer_buffer, GUARD_BYTE, offset);
1933 urb->transfer_buffer += offset;
1934 urb->transfer_dma += offset;
1935 }
1936 /* For inbound transfers use guard byte so that test fails if
1937 data not correctly copied */
1938 memset(urb->transfer_buffer,
1939 usb_pipein(urb->pipe) ? GUARD_BYTE : 0,
1940 bytes);
1941
1942 for (i = 0; i < packets; i++) {
1943 /* here, only the last packet will be short */
1944 urb->iso_frame_desc[i].length = min((unsigned) bytes, maxp);
1945 bytes -= urb->iso_frame_desc[i].length;
1946
1947 urb->iso_frame_desc[i].offset = maxp * i;
1948 }
1949
1950 urb->complete = complicated_callback;
1951 /* urb->context = SET BY CALLER */
1952 urb->interval = 1 << (desc->bInterval - 1);
1953 urb->transfer_flags = URB_ISO_ASAP | URB_NO_TRANSFER_DMA_MAP;
1954 return urb;
1955 }
1956
1957 static int
test_queue(struct usbtest_dev * dev,struct usbtest_param_32 * param,int pipe,struct usb_endpoint_descriptor * desc,unsigned offset)1958 test_queue(struct usbtest_dev *dev, struct usbtest_param_32 *param,
1959 int pipe, struct usb_endpoint_descriptor *desc, unsigned offset)
1960 {
1961 struct transfer_context context;
1962 struct usb_device *udev;
1963 unsigned i;
1964 unsigned long packets = 0;
1965 int status = 0;
1966 struct urb *urbs[param->sglen];
1967
1968 if (!param->sglen || param->iterations > UINT_MAX / param->sglen)
1969 return -EINVAL;
1970
1971 memset(&context, 0, sizeof(context));
1972 context.count = param->iterations * param->sglen;
1973 context.dev = dev;
1974 context.is_iso = !!desc;
1975 init_completion(&context.done);
1976 spin_lock_init(&context.lock);
1977
1978 udev = testdev_to_usbdev(dev);
1979
1980 for (i = 0; i < param->sglen; i++) {
1981 if (context.is_iso)
1982 urbs[i] = iso_alloc_urb(udev, pipe, desc,
1983 param->length, offset);
1984 else
1985 urbs[i] = complicated_alloc_urb(udev, pipe,
1986 param->length, 0);
1987
1988 if (!urbs[i]) {
1989 status = -ENOMEM;
1990 goto fail;
1991 }
1992 packets += urbs[i]->number_of_packets;
1993 urbs[i]->context = &context;
1994 }
1995 packets *= param->iterations;
1996
1997 if (context.is_iso) {
1998 dev_info(&dev->intf->dev,
1999 "iso period %d %sframes, wMaxPacket %d, transactions: %d\n",
2000 1 << (desc->bInterval - 1),
2001 (udev->speed == USB_SPEED_HIGH) ? "micro" : "",
2002 usb_endpoint_maxp(desc),
2003 usb_endpoint_maxp_mult(desc));
2004
2005 dev_info(&dev->intf->dev,
2006 "total %lu msec (%lu packets)\n",
2007 (packets * (1 << (desc->bInterval - 1)))
2008 / ((udev->speed == USB_SPEED_HIGH) ? 8 : 1),
2009 packets);
2010 }
2011
2012 spin_lock_irq(&context.lock);
2013 for (i = 0; i < param->sglen; i++) {
2014 ++context.pending;
2015 status = usb_submit_urb(urbs[i], GFP_ATOMIC);
2016 if (status < 0) {
2017 ERROR(dev, "submit iso[%d], error %d\n", i, status);
2018 if (i == 0) {
2019 spin_unlock_irq(&context.lock);
2020 goto fail;
2021 }
2022
2023 simple_free_urb(urbs[i]);
2024 urbs[i] = NULL;
2025 context.pending--;
2026 context.submit_error = 1;
2027 break;
2028 }
2029 }
2030 spin_unlock_irq(&context.lock);
2031
2032 wait_for_completion(&context.done);
2033
2034 for (i = 0; i < param->sglen; i++) {
2035 if (urbs[i])
2036 simple_free_urb(urbs[i]);
2037 }
2038 /*
2039 * Isochronous transfers are expected to fail sometimes. As an
2040 * arbitrary limit, we will report an error if any submissions
2041 * fail or if the transfer failure rate is > 10%.
2042 */
2043 if (status != 0)
2044 ;
2045 else if (context.submit_error)
2046 status = -EACCES;
2047 else if (context.errors >
2048 (context.is_iso ? context.packet_count / 10 : 0))
2049 status = -EIO;
2050 return status;
2051
2052 fail:
2053 for (i = 0; i < param->sglen; i++) {
2054 if (urbs[i])
2055 simple_free_urb(urbs[i]);
2056 }
2057 return status;
2058 }
2059
test_unaligned_bulk(struct usbtest_dev * tdev,int pipe,unsigned length,int iterations,unsigned transfer_flags,const char * label)2060 static int test_unaligned_bulk(
2061 struct usbtest_dev *tdev,
2062 int pipe,
2063 unsigned length,
2064 int iterations,
2065 unsigned transfer_flags,
2066 const char *label)
2067 {
2068 int retval;
2069 struct urb *urb = usbtest_alloc_urb(testdev_to_usbdev(tdev),
2070 pipe, length, transfer_flags, 1, 0, simple_callback);
2071
2072 if (!urb)
2073 return -ENOMEM;
2074
2075 retval = simple_io(tdev, urb, iterations, 0, 0, label);
2076 simple_free_urb(urb);
2077 return retval;
2078 }
2079
2080 /* Run tests. */
2081 static int
usbtest_do_ioctl(struct usb_interface * intf,struct usbtest_param_32 * param)2082 usbtest_do_ioctl(struct usb_interface *intf, struct usbtest_param_32 *param)
2083 {
2084 struct usbtest_dev *dev = usb_get_intfdata(intf);
2085 struct usb_device *udev = testdev_to_usbdev(dev);
2086 struct urb *urb;
2087 struct scatterlist *sg;
2088 struct usb_sg_request req;
2089 unsigned i;
2090 int retval = -EOPNOTSUPP;
2091
2092 if (param->iterations <= 0)
2093 return -EINVAL;
2094 if (param->sglen > MAX_SGLEN)
2095 return -EINVAL;
2096 /*
2097 * Just a bunch of test cases that every HCD is expected to handle.
2098 *
2099 * Some may need specific firmware, though it'd be good to have
2100 * one firmware image to handle all the test cases.
2101 *
2102 * FIXME add more tests! cancel requests, verify the data, control
2103 * queueing, concurrent read+write threads, and so on.
2104 */
2105 switch (param->test_num) {
2106
2107 case 0:
2108 dev_info(&intf->dev, "TEST 0: NOP\n");
2109 retval = 0;
2110 break;
2111
2112 /* Simple non-queued bulk I/O tests */
2113 case 1:
2114 if (dev->out_pipe == 0)
2115 break;
2116 dev_info(&intf->dev,
2117 "TEST 1: write %d bytes %u times\n",
2118 param->length, param->iterations);
2119 urb = simple_alloc_urb(udev, dev->out_pipe, param->length, 0);
2120 if (!urb) {
2121 retval = -ENOMEM;
2122 break;
2123 }
2124 /* FIRMWARE: bulk sink (maybe accepts short writes) */
2125 retval = simple_io(dev, urb, param->iterations, 0, 0, "test1");
2126 simple_free_urb(urb);
2127 break;
2128 case 2:
2129 if (dev->in_pipe == 0)
2130 break;
2131 dev_info(&intf->dev,
2132 "TEST 2: read %d bytes %u times\n",
2133 param->length, param->iterations);
2134 urb = simple_alloc_urb(udev, dev->in_pipe, param->length, 0);
2135 if (!urb) {
2136 retval = -ENOMEM;
2137 break;
2138 }
2139 /* FIRMWARE: bulk source (maybe generates short writes) */
2140 retval = simple_io(dev, urb, param->iterations, 0, 0, "test2");
2141 simple_free_urb(urb);
2142 break;
2143 case 3:
2144 if (dev->out_pipe == 0 || param->vary == 0)
2145 break;
2146 dev_info(&intf->dev,
2147 "TEST 3: write/%d 0..%d bytes %u times\n",
2148 param->vary, param->length, param->iterations);
2149 urb = simple_alloc_urb(udev, dev->out_pipe, param->length, 0);
2150 if (!urb) {
2151 retval = -ENOMEM;
2152 break;
2153 }
2154 /* FIRMWARE: bulk sink (maybe accepts short writes) */
2155 retval = simple_io(dev, urb, param->iterations, param->vary,
2156 0, "test3");
2157 simple_free_urb(urb);
2158 break;
2159 case 4:
2160 if (dev->in_pipe == 0 || param->vary == 0)
2161 break;
2162 dev_info(&intf->dev,
2163 "TEST 4: read/%d 0..%d bytes %u times\n",
2164 param->vary, param->length, param->iterations);
2165 urb = simple_alloc_urb(udev, dev->in_pipe, param->length, 0);
2166 if (!urb) {
2167 retval = -ENOMEM;
2168 break;
2169 }
2170 /* FIRMWARE: bulk source (maybe generates short writes) */
2171 retval = simple_io(dev, urb, param->iterations, param->vary,
2172 0, "test4");
2173 simple_free_urb(urb);
2174 break;
2175
2176 /* Queued bulk I/O tests */
2177 case 5:
2178 if (dev->out_pipe == 0 || param->sglen == 0)
2179 break;
2180 dev_info(&intf->dev,
2181 "TEST 5: write %d sglists %d entries of %d bytes\n",
2182 param->iterations,
2183 param->sglen, param->length);
2184 sg = alloc_sglist(param->sglen, param->length,
2185 0, dev, dev->out_pipe);
2186 if (!sg) {
2187 retval = -ENOMEM;
2188 break;
2189 }
2190 /* FIRMWARE: bulk sink (maybe accepts short writes) */
2191 retval = perform_sglist(dev, param->iterations, dev->out_pipe,
2192 &req, sg, param->sglen);
2193 free_sglist(sg, param->sglen);
2194 break;
2195
2196 case 6:
2197 if (dev->in_pipe == 0 || param->sglen == 0)
2198 break;
2199 dev_info(&intf->dev,
2200 "TEST 6: read %d sglists %d entries of %d bytes\n",
2201 param->iterations,
2202 param->sglen, param->length);
2203 sg = alloc_sglist(param->sglen, param->length,
2204 0, dev, dev->in_pipe);
2205 if (!sg) {
2206 retval = -ENOMEM;
2207 break;
2208 }
2209 /* FIRMWARE: bulk source (maybe generates short writes) */
2210 retval = perform_sglist(dev, param->iterations, dev->in_pipe,
2211 &req, sg, param->sglen);
2212 free_sglist(sg, param->sglen);
2213 break;
2214 case 7:
2215 if (dev->out_pipe == 0 || param->sglen == 0 || param->vary == 0)
2216 break;
2217 dev_info(&intf->dev,
2218 "TEST 7: write/%d %d sglists %d entries 0..%d bytes\n",
2219 param->vary, param->iterations,
2220 param->sglen, param->length);
2221 sg = alloc_sglist(param->sglen, param->length,
2222 param->vary, dev, dev->out_pipe);
2223 if (!sg) {
2224 retval = -ENOMEM;
2225 break;
2226 }
2227 /* FIRMWARE: bulk sink (maybe accepts short writes) */
2228 retval = perform_sglist(dev, param->iterations, dev->out_pipe,
2229 &req, sg, param->sglen);
2230 free_sglist(sg, param->sglen);
2231 break;
2232 case 8:
2233 if (dev->in_pipe == 0 || param->sglen == 0 || param->vary == 0)
2234 break;
2235 dev_info(&intf->dev,
2236 "TEST 8: read/%d %d sglists %d entries 0..%d bytes\n",
2237 param->vary, param->iterations,
2238 param->sglen, param->length);
2239 sg = alloc_sglist(param->sglen, param->length,
2240 param->vary, dev, dev->in_pipe);
2241 if (!sg) {
2242 retval = -ENOMEM;
2243 break;
2244 }
2245 /* FIRMWARE: bulk source (maybe generates short writes) */
2246 retval = perform_sglist(dev, param->iterations, dev->in_pipe,
2247 &req, sg, param->sglen);
2248 free_sglist(sg, param->sglen);
2249 break;
2250
2251 /* non-queued sanity tests for control (chapter 9 subset) */
2252 case 9:
2253 retval = 0;
2254 dev_info(&intf->dev,
2255 "TEST 9: ch9 (subset) control tests, %d times\n",
2256 param->iterations);
2257 for (i = param->iterations; retval == 0 && i--; /* NOP */)
2258 retval = ch9_postconfig(dev);
2259 if (retval)
2260 dev_err(&intf->dev, "ch9 subset failed, "
2261 "iterations left %d\n", i);
2262 break;
2263
2264 /* queued control messaging */
2265 case 10:
2266 retval = 0;
2267 dev_info(&intf->dev,
2268 "TEST 10: queue %d control calls, %d times\n",
2269 param->sglen,
2270 param->iterations);
2271 retval = test_ctrl_queue(dev, param);
2272 break;
2273
2274 /* simple non-queued unlinks (ring with one urb) */
2275 case 11:
2276 if (dev->in_pipe == 0 || !param->length)
2277 break;
2278 retval = 0;
2279 dev_info(&intf->dev, "TEST 11: unlink %d reads of %d\n",
2280 param->iterations, param->length);
2281 for (i = param->iterations; retval == 0 && i--; /* NOP */)
2282 retval = unlink_simple(dev, dev->in_pipe,
2283 param->length);
2284 if (retval)
2285 dev_err(&intf->dev, "unlink reads failed %d, "
2286 "iterations left %d\n", retval, i);
2287 break;
2288 case 12:
2289 if (dev->out_pipe == 0 || !param->length)
2290 break;
2291 retval = 0;
2292 dev_info(&intf->dev, "TEST 12: unlink %d writes of %d\n",
2293 param->iterations, param->length);
2294 for (i = param->iterations; retval == 0 && i--; /* NOP */)
2295 retval = unlink_simple(dev, dev->out_pipe,
2296 param->length);
2297 if (retval)
2298 dev_err(&intf->dev, "unlink writes failed %d, "
2299 "iterations left %d\n", retval, i);
2300 break;
2301
2302 /* ep halt tests */
2303 case 13:
2304 if (dev->out_pipe == 0 && dev->in_pipe == 0)
2305 break;
2306 retval = 0;
2307 dev_info(&intf->dev, "TEST 13: set/clear %d halts\n",
2308 param->iterations);
2309 for (i = param->iterations; retval == 0 && i--; /* NOP */)
2310 retval = halt_simple(dev);
2311
2312 if (retval)
2313 ERROR(dev, "halts failed, iterations left %d\n", i);
2314 break;
2315
2316 /* control write tests */
2317 case 14:
2318 if (!dev->info->ctrl_out)
2319 break;
2320 dev_info(&intf->dev, "TEST 14: %d ep0out, %d..%d vary %d\n",
2321 param->iterations,
2322 realworld ? 1 : 0, param->length,
2323 param->vary);
2324 retval = ctrl_out(dev, param->iterations,
2325 param->length, param->vary, 0);
2326 break;
2327
2328 /* iso write tests */
2329 case 15:
2330 if (dev->out_iso_pipe == 0 || param->sglen == 0)
2331 break;
2332 dev_info(&intf->dev,
2333 "TEST 15: write %d iso, %d entries of %d bytes\n",
2334 param->iterations,
2335 param->sglen, param->length);
2336 /* FIRMWARE: iso sink */
2337 retval = test_queue(dev, param,
2338 dev->out_iso_pipe, dev->iso_out, 0);
2339 break;
2340
2341 /* iso read tests */
2342 case 16:
2343 if (dev->in_iso_pipe == 0 || param->sglen == 0)
2344 break;
2345 dev_info(&intf->dev,
2346 "TEST 16: read %d iso, %d entries of %d bytes\n",
2347 param->iterations,
2348 param->sglen, param->length);
2349 /* FIRMWARE: iso source */
2350 retval = test_queue(dev, param,
2351 dev->in_iso_pipe, dev->iso_in, 0);
2352 break;
2353
2354 /* FIXME scatterlist cancel (needs helper thread) */
2355
2356 /* Tests for bulk I/O using DMA mapping by core and odd address */
2357 case 17:
2358 if (dev->out_pipe == 0)
2359 break;
2360 dev_info(&intf->dev,
2361 "TEST 17: write odd addr %d bytes %u times core map\n",
2362 param->length, param->iterations);
2363
2364 retval = test_unaligned_bulk(
2365 dev, dev->out_pipe,
2366 param->length, param->iterations,
2367 0, "test17");
2368 break;
2369
2370 case 18:
2371 if (dev->in_pipe == 0)
2372 break;
2373 dev_info(&intf->dev,
2374 "TEST 18: read odd addr %d bytes %u times core map\n",
2375 param->length, param->iterations);
2376
2377 retval = test_unaligned_bulk(
2378 dev, dev->in_pipe,
2379 param->length, param->iterations,
2380 0, "test18");
2381 break;
2382
2383 /* Tests for bulk I/O using premapped coherent buffer and odd address */
2384 case 19:
2385 if (dev->out_pipe == 0)
2386 break;
2387 dev_info(&intf->dev,
2388 "TEST 19: write odd addr %d bytes %u times premapped\n",
2389 param->length, param->iterations);
2390
2391 retval = test_unaligned_bulk(
2392 dev, dev->out_pipe,
2393 param->length, param->iterations,
2394 URB_NO_TRANSFER_DMA_MAP, "test19");
2395 break;
2396
2397 case 20:
2398 if (dev->in_pipe == 0)
2399 break;
2400 dev_info(&intf->dev,
2401 "TEST 20: read odd addr %d bytes %u times premapped\n",
2402 param->length, param->iterations);
2403
2404 retval = test_unaligned_bulk(
2405 dev, dev->in_pipe,
2406 param->length, param->iterations,
2407 URB_NO_TRANSFER_DMA_MAP, "test20");
2408 break;
2409
2410 /* control write tests with unaligned buffer */
2411 case 21:
2412 if (!dev->info->ctrl_out)
2413 break;
2414 dev_info(&intf->dev,
2415 "TEST 21: %d ep0out odd addr, %d..%d vary %d\n",
2416 param->iterations,
2417 realworld ? 1 : 0, param->length,
2418 param->vary);
2419 retval = ctrl_out(dev, param->iterations,
2420 param->length, param->vary, 1);
2421 break;
2422
2423 /* unaligned iso tests */
2424 case 22:
2425 if (dev->out_iso_pipe == 0 || param->sglen == 0)
2426 break;
2427 dev_info(&intf->dev,
2428 "TEST 22: write %d iso odd, %d entries of %d bytes\n",
2429 param->iterations,
2430 param->sglen, param->length);
2431 retval = test_queue(dev, param,
2432 dev->out_iso_pipe, dev->iso_out, 1);
2433 break;
2434
2435 case 23:
2436 if (dev->in_iso_pipe == 0 || param->sglen == 0)
2437 break;
2438 dev_info(&intf->dev,
2439 "TEST 23: read %d iso odd, %d entries of %d bytes\n",
2440 param->iterations,
2441 param->sglen, param->length);
2442 retval = test_queue(dev, param,
2443 dev->in_iso_pipe, dev->iso_in, 1);
2444 break;
2445
2446 /* unlink URBs from a bulk-OUT queue */
2447 case 24:
2448 if (dev->out_pipe == 0 || !param->length || param->sglen < 4)
2449 break;
2450 retval = 0;
2451 dev_info(&intf->dev, "TEST 24: unlink from %d queues of "
2452 "%d %d-byte writes\n",
2453 param->iterations, param->sglen, param->length);
2454 for (i = param->iterations; retval == 0 && i > 0; --i) {
2455 retval = unlink_queued(dev, dev->out_pipe,
2456 param->sglen, param->length);
2457 if (retval) {
2458 dev_err(&intf->dev,
2459 "unlink queued writes failed %d, "
2460 "iterations left %d\n", retval, i);
2461 break;
2462 }
2463 }
2464 break;
2465
2466 /* Simple non-queued interrupt I/O tests */
2467 case 25:
2468 if (dev->out_int_pipe == 0)
2469 break;
2470 dev_info(&intf->dev,
2471 "TEST 25: write %d bytes %u times\n",
2472 param->length, param->iterations);
2473 urb = simple_alloc_urb(udev, dev->out_int_pipe, param->length,
2474 dev->int_out->bInterval);
2475 if (!urb) {
2476 retval = -ENOMEM;
2477 break;
2478 }
2479 /* FIRMWARE: interrupt sink (maybe accepts short writes) */
2480 retval = simple_io(dev, urb, param->iterations, 0, 0, "test25");
2481 simple_free_urb(urb);
2482 break;
2483 case 26:
2484 if (dev->in_int_pipe == 0)
2485 break;
2486 dev_info(&intf->dev,
2487 "TEST 26: read %d bytes %u times\n",
2488 param->length, param->iterations);
2489 urb = simple_alloc_urb(udev, dev->in_int_pipe, param->length,
2490 dev->int_in->bInterval);
2491 if (!urb) {
2492 retval = -ENOMEM;
2493 break;
2494 }
2495 /* FIRMWARE: interrupt source (maybe generates short writes) */
2496 retval = simple_io(dev, urb, param->iterations, 0, 0, "test26");
2497 simple_free_urb(urb);
2498 break;
2499 case 27:
2500 /* We do performance test, so ignore data compare */
2501 if (dev->out_pipe == 0 || param->sglen == 0 || pattern != 0)
2502 break;
2503 dev_info(&intf->dev,
2504 "TEST 27: bulk write %dMbytes\n", (param->iterations *
2505 param->sglen * param->length) / (1024 * 1024));
2506 retval = test_queue(dev, param,
2507 dev->out_pipe, NULL, 0);
2508 break;
2509 case 28:
2510 if (dev->in_pipe == 0 || param->sglen == 0 || pattern != 0)
2511 break;
2512 dev_info(&intf->dev,
2513 "TEST 28: bulk read %dMbytes\n", (param->iterations *
2514 param->sglen * param->length) / (1024 * 1024));
2515 retval = test_queue(dev, param,
2516 dev->in_pipe, NULL, 0);
2517 break;
2518 }
2519 return retval;
2520 }
2521
2522 /*-------------------------------------------------------------------------*/
2523
2524 /* We only have this one interface to user space, through usbfs.
2525 * User mode code can scan usbfs to find N different devices (maybe on
2526 * different busses) to use when testing, and allocate one thread per
2527 * test. So discovery is simplified, and we have no device naming issues.
2528 *
2529 * Don't use these only as stress/load tests. Use them along with with
2530 * other USB bus activity: plugging, unplugging, mousing, mp3 playback,
2531 * video capture, and so on. Run different tests at different times, in
2532 * different sequences. Nothing here should interact with other devices,
2533 * except indirectly by consuming USB bandwidth and CPU resources for test
2534 * threads and request completion. But the only way to know that for sure
2535 * is to test when HC queues are in use by many devices.
2536 *
2537 * WARNING: Because usbfs grabs udev->dev.sem before calling this ioctl(),
2538 * it locks out usbcore in certain code paths. Notably, if you disconnect
2539 * the device-under-test, hub_wq will wait block forever waiting for the
2540 * ioctl to complete ... so that usb_disconnect() can abort the pending
2541 * urbs and then call usbtest_disconnect(). To abort a test, you're best
2542 * off just killing the userspace task and waiting for it to exit.
2543 */
2544
2545 static int
usbtest_ioctl(struct usb_interface * intf,unsigned int code,void * buf)2546 usbtest_ioctl(struct usb_interface *intf, unsigned int code, void *buf)
2547 {
2548
2549 struct usbtest_dev *dev = usb_get_intfdata(intf);
2550 struct usbtest_param_64 *param_64 = buf;
2551 struct usbtest_param_32 temp;
2552 struct usbtest_param_32 *param_32 = buf;
2553 struct timespec64 start;
2554 struct timespec64 end;
2555 struct timespec64 duration;
2556 int retval = -EOPNOTSUPP;
2557
2558 /* FIXME USBDEVFS_CONNECTINFO doesn't say how fast the device is. */
2559
2560 pattern = mod_pattern;
2561
2562 if (mutex_lock_interruptible(&dev->lock))
2563 return -ERESTARTSYS;
2564
2565 /* FIXME: What if a system sleep starts while a test is running? */
2566
2567 /* some devices, like ez-usb default devices, need a non-default
2568 * altsetting to have any active endpoints. some tests change
2569 * altsettings; force a default so most tests don't need to check.
2570 */
2571 if (dev->info->alt >= 0) {
2572 if (intf->altsetting->desc.bInterfaceNumber) {
2573 retval = -ENODEV;
2574 goto free_mutex;
2575 }
2576 retval = set_altsetting(dev, dev->info->alt);
2577 if (retval) {
2578 dev_err(&intf->dev,
2579 "set altsetting to %d failed, %d\n",
2580 dev->info->alt, retval);
2581 goto free_mutex;
2582 }
2583 }
2584
2585 switch (code) {
2586 case USBTEST_REQUEST_64:
2587 temp.test_num = param_64->test_num;
2588 temp.iterations = param_64->iterations;
2589 temp.length = param_64->length;
2590 temp.sglen = param_64->sglen;
2591 temp.vary = param_64->vary;
2592 param_32 = &temp;
2593 break;
2594
2595 case USBTEST_REQUEST_32:
2596 break;
2597
2598 default:
2599 retval = -EOPNOTSUPP;
2600 goto free_mutex;
2601 }
2602
2603 ktime_get_ts64(&start);
2604
2605 retval = usbtest_do_ioctl(intf, param_32);
2606 if (retval < 0)
2607 goto free_mutex;
2608
2609 ktime_get_ts64(&end);
2610
2611 duration = timespec64_sub(end, start);
2612
2613 temp.duration_sec = duration.tv_sec;
2614 temp.duration_usec = duration.tv_nsec/NSEC_PER_USEC;
2615
2616 switch (code) {
2617 case USBTEST_REQUEST_32:
2618 param_32->duration_sec = temp.duration_sec;
2619 param_32->duration_usec = temp.duration_usec;
2620 break;
2621
2622 case USBTEST_REQUEST_64:
2623 param_64->duration_sec = temp.duration_sec;
2624 param_64->duration_usec = temp.duration_usec;
2625 break;
2626 }
2627
2628 free_mutex:
2629 mutex_unlock(&dev->lock);
2630 return retval;
2631 }
2632
2633 /*-------------------------------------------------------------------------*/
2634
2635 static unsigned force_interrupt;
2636 module_param(force_interrupt, uint, 0);
2637 MODULE_PARM_DESC(force_interrupt, "0 = test default; else interrupt");
2638
2639 #ifdef GENERIC
2640 static unsigned short vendor;
2641 module_param(vendor, ushort, 0);
2642 MODULE_PARM_DESC(vendor, "vendor code (from usb-if)");
2643
2644 static unsigned short product;
2645 module_param(product, ushort, 0);
2646 MODULE_PARM_DESC(product, "product code (from vendor)");
2647 #endif
2648
2649 static int
usbtest_probe(struct usb_interface * intf,const struct usb_device_id * id)2650 usbtest_probe(struct usb_interface *intf, const struct usb_device_id *id)
2651 {
2652 struct usb_device *udev;
2653 struct usbtest_dev *dev;
2654 struct usbtest_info *info;
2655 char *rtest, *wtest;
2656 char *irtest, *iwtest;
2657 char *intrtest, *intwtest;
2658
2659 udev = interface_to_usbdev(intf);
2660
2661 #ifdef GENERIC
2662 /* specify devices by module parameters? */
2663 if (id->match_flags == 0) {
2664 /* vendor match required, product match optional */
2665 if (!vendor || le16_to_cpu(udev->descriptor.idVendor) != (u16)vendor)
2666 return -ENODEV;
2667 if (product && le16_to_cpu(udev->descriptor.idProduct) != (u16)product)
2668 return -ENODEV;
2669 dev_info(&intf->dev, "matched module params, "
2670 "vend=0x%04x prod=0x%04x\n",
2671 le16_to_cpu(udev->descriptor.idVendor),
2672 le16_to_cpu(udev->descriptor.idProduct));
2673 }
2674 #endif
2675
2676 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2677 if (!dev)
2678 return -ENOMEM;
2679 info = (struct usbtest_info *) id->driver_info;
2680 dev->info = info;
2681 mutex_init(&dev->lock);
2682
2683 dev->intf = intf;
2684
2685 /* cacheline-aligned scratch for i/o */
2686 dev->buf = kmalloc(TBUF_SIZE, GFP_KERNEL);
2687 if (dev->buf == NULL) {
2688 kfree(dev);
2689 return -ENOMEM;
2690 }
2691
2692 /* NOTE this doesn't yet test the handful of difference that are
2693 * visible with high speed interrupts: bigger maxpacket (1K) and
2694 * "high bandwidth" modes (up to 3 packets/uframe).
2695 */
2696 rtest = wtest = "";
2697 irtest = iwtest = "";
2698 intrtest = intwtest = "";
2699 if (force_interrupt || udev->speed == USB_SPEED_LOW) {
2700 if (info->ep_in) {
2701 dev->in_pipe = usb_rcvintpipe(udev, info->ep_in);
2702 rtest = " intr-in";
2703 }
2704 if (info->ep_out) {
2705 dev->out_pipe = usb_sndintpipe(udev, info->ep_out);
2706 wtest = " intr-out";
2707 }
2708 } else {
2709 if (override_alt >= 0 || info->autoconf) {
2710 int status;
2711
2712 status = get_endpoints(dev, intf);
2713 if (status < 0) {
2714 WARNING(dev, "couldn't get endpoints, %d\n",
2715 status);
2716 kfree(dev->buf);
2717 kfree(dev);
2718 return status;
2719 }
2720 /* may find bulk or ISO pipes */
2721 } else {
2722 if (info->ep_in)
2723 dev->in_pipe = usb_rcvbulkpipe(udev,
2724 info->ep_in);
2725 if (info->ep_out)
2726 dev->out_pipe = usb_sndbulkpipe(udev,
2727 info->ep_out);
2728 }
2729 if (dev->in_pipe)
2730 rtest = " bulk-in";
2731 if (dev->out_pipe)
2732 wtest = " bulk-out";
2733 if (dev->in_iso_pipe)
2734 irtest = " iso-in";
2735 if (dev->out_iso_pipe)
2736 iwtest = " iso-out";
2737 if (dev->in_int_pipe)
2738 intrtest = " int-in";
2739 if (dev->out_int_pipe)
2740 intwtest = " int-out";
2741 }
2742
2743 usb_set_intfdata(intf, dev);
2744 dev_info(&intf->dev, "%s\n", info->name);
2745 dev_info(&intf->dev, "%s {control%s%s%s%s%s%s%s} tests%s\n",
2746 usb_speed_string(udev->speed),
2747 info->ctrl_out ? " in/out" : "",
2748 rtest, wtest,
2749 irtest, iwtest,
2750 intrtest, intwtest,
2751 info->alt >= 0 ? " (+alt)" : "");
2752 return 0;
2753 }
2754
usbtest_suspend(struct usb_interface * intf,pm_message_t message)2755 static int usbtest_suspend(struct usb_interface *intf, pm_message_t message)
2756 {
2757 return 0;
2758 }
2759
usbtest_resume(struct usb_interface * intf)2760 static int usbtest_resume(struct usb_interface *intf)
2761 {
2762 return 0;
2763 }
2764
2765
usbtest_disconnect(struct usb_interface * intf)2766 static void usbtest_disconnect(struct usb_interface *intf)
2767 {
2768 struct usbtest_dev *dev = usb_get_intfdata(intf);
2769
2770 usb_set_intfdata(intf, NULL);
2771 dev_dbg(&intf->dev, "disconnect\n");
2772 kfree(dev);
2773 }
2774
2775 /* Basic testing only needs a device that can source or sink bulk traffic.
2776 * Any device can test control transfers (default with GENERIC binding).
2777 *
2778 * Several entries work with the default EP0 implementation that's built
2779 * into EZ-USB chips. There's a default vendor ID which can be overridden
2780 * by (very) small config EEPROMS, but otherwise all these devices act
2781 * identically until firmware is loaded: only EP0 works. It turns out
2782 * to be easy to make other endpoints work, without modifying that EP0
2783 * behavior. For now, we expect that kind of firmware.
2784 */
2785
2786 /* an21xx or fx versions of ez-usb */
2787 static struct usbtest_info ez1_info = {
2788 .name = "EZ-USB device",
2789 .ep_in = 2,
2790 .ep_out = 2,
2791 .alt = 1,
2792 };
2793
2794 /* fx2 version of ez-usb */
2795 static struct usbtest_info ez2_info = {
2796 .name = "FX2 device",
2797 .ep_in = 6,
2798 .ep_out = 2,
2799 .alt = 1,
2800 };
2801
2802 /* ezusb family device with dedicated usb test firmware,
2803 */
2804 static struct usbtest_info fw_info = {
2805 .name = "usb test device",
2806 .ep_in = 2,
2807 .ep_out = 2,
2808 .alt = 1,
2809 .autoconf = 1, /* iso and ctrl_out need autoconf */
2810 .ctrl_out = 1,
2811 .iso = 1, /* iso_ep's are #8 in/out */
2812 };
2813
2814 /* peripheral running Linux and 'zero.c' test firmware, or
2815 * its user-mode cousin. different versions of this use
2816 * different hardware with the same vendor/product codes.
2817 * host side MUST rely on the endpoint descriptors.
2818 */
2819 static struct usbtest_info gz_info = {
2820 .name = "Linux gadget zero",
2821 .autoconf = 1,
2822 .ctrl_out = 1,
2823 .iso = 1,
2824 .intr = 1,
2825 .alt = 0,
2826 };
2827
2828 static struct usbtest_info um_info = {
2829 .name = "Linux user mode test driver",
2830 .autoconf = 1,
2831 .alt = -1,
2832 };
2833
2834 static struct usbtest_info um2_info = {
2835 .name = "Linux user mode ISO test driver",
2836 .autoconf = 1,
2837 .iso = 1,
2838 .alt = -1,
2839 };
2840
2841 #ifdef IBOT2
2842 /* this is a nice source of high speed bulk data;
2843 * uses an FX2, with firmware provided in the device
2844 */
2845 static struct usbtest_info ibot2_info = {
2846 .name = "iBOT2 webcam",
2847 .ep_in = 2,
2848 .alt = -1,
2849 };
2850 #endif
2851
2852 #ifdef GENERIC
2853 /* we can use any device to test control traffic */
2854 static struct usbtest_info generic_info = {
2855 .name = "Generic USB device",
2856 .alt = -1,
2857 };
2858 #endif
2859
2860
2861 static const struct usb_device_id id_table[] = {
2862
2863 /*-------------------------------------------------------------*/
2864
2865 /* EZ-USB devices which download firmware to replace (or in our
2866 * case augment) the default device implementation.
2867 */
2868
2869 /* generic EZ-USB FX controller */
2870 { USB_DEVICE(0x0547, 0x2235),
2871 .driver_info = (unsigned long) &ez1_info,
2872 },
2873
2874 /* CY3671 development board with EZ-USB FX */
2875 { USB_DEVICE(0x0547, 0x0080),
2876 .driver_info = (unsigned long) &ez1_info,
2877 },
2878
2879 /* generic EZ-USB FX2 controller (or development board) */
2880 { USB_DEVICE(0x04b4, 0x8613),
2881 .driver_info = (unsigned long) &ez2_info,
2882 },
2883
2884 /* re-enumerated usb test device firmware */
2885 { USB_DEVICE(0xfff0, 0xfff0),
2886 .driver_info = (unsigned long) &fw_info,
2887 },
2888
2889 /* "Gadget Zero" firmware runs under Linux */
2890 { USB_DEVICE(0x0525, 0xa4a0),
2891 .driver_info = (unsigned long) &gz_info,
2892 },
2893
2894 /* so does a user-mode variant */
2895 { USB_DEVICE(0x0525, 0xa4a4),
2896 .driver_info = (unsigned long) &um_info,
2897 },
2898
2899 /* ... and a user-mode variant that talks iso */
2900 { USB_DEVICE(0x0525, 0xa4a3),
2901 .driver_info = (unsigned long) &um2_info,
2902 },
2903
2904 #ifdef KEYSPAN_19Qi
2905 /* Keyspan 19qi uses an21xx (original EZ-USB) */
2906 /* this does not coexist with the real Keyspan 19qi driver! */
2907 { USB_DEVICE(0x06cd, 0x010b),
2908 .driver_info = (unsigned long) &ez1_info,
2909 },
2910 #endif
2911
2912 /*-------------------------------------------------------------*/
2913
2914 #ifdef IBOT2
2915 /* iBOT2 makes a nice source of high speed bulk-in data */
2916 /* this does not coexist with a real iBOT2 driver! */
2917 { USB_DEVICE(0x0b62, 0x0059),
2918 .driver_info = (unsigned long) &ibot2_info,
2919 },
2920 #endif
2921
2922 /*-------------------------------------------------------------*/
2923
2924 #ifdef GENERIC
2925 /* module params can specify devices to use for control tests */
2926 { .driver_info = (unsigned long) &generic_info, },
2927 #endif
2928
2929 /*-------------------------------------------------------------*/
2930
2931 { }
2932 };
2933 MODULE_DEVICE_TABLE(usb, id_table);
2934
2935 static struct usb_driver usbtest_driver = {
2936 .name = "usbtest",
2937 .id_table = id_table,
2938 .probe = usbtest_probe,
2939 .unlocked_ioctl = usbtest_ioctl,
2940 .disconnect = usbtest_disconnect,
2941 .suspend = usbtest_suspend,
2942 .resume = usbtest_resume,
2943 };
2944
2945 /*-------------------------------------------------------------------------*/
2946
usbtest_init(void)2947 static int __init usbtest_init(void)
2948 {
2949 #ifdef GENERIC
2950 if (vendor)
2951 pr_debug("params: vend=0x%04x prod=0x%04x\n", vendor, product);
2952 #endif
2953 return usb_register(&usbtest_driver);
2954 }
2955 module_init(usbtest_init);
2956
usbtest_exit(void)2957 static void __exit usbtest_exit(void)
2958 {
2959 usb_deregister(&usbtest_driver);
2960 }
2961 module_exit(usbtest_exit);
2962
2963 MODULE_DESCRIPTION("USB Core/HCD Testing Driver");
2964 MODULE_LICENSE("GPL");
2965
2966