xref: /freebsd/sys/dev/usb/usb_dev.c (revision 5abaf0866445a61c11665fffc148ecd13a7bb9ac)
1 /* $FreeBSD$ */
2 /*-
3  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4  *
5  * Copyright (c) 2006-2008 Hans Petter Selasky. All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  *
28  *
29  * usb_dev.c - An abstraction layer for creating devices under /dev/...
30  */
31 
32 #ifdef USB_GLOBAL_INCLUDE_FILE
33 #include USB_GLOBAL_INCLUDE_FILE
34 #else
35 #ifdef COMPAT_FREEBSD32
36 #include <sys/abi_compat.h>
37 #endif
38 #include <sys/stdint.h>
39 #include <sys/stddef.h>
40 #include <sys/param.h>
41 #include <sys/queue.h>
42 #include <sys/types.h>
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/bus.h>
46 #include <sys/module.h>
47 #include <sys/lock.h>
48 #include <sys/mutex.h>
49 #include <sys/condvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/sx.h>
52 #include <sys/unistd.h>
53 #include <sys/callout.h>
54 #include <sys/malloc.h>
55 #include <sys/priv.h>
56 #include <sys/vnode.h>
57 #include <sys/conf.h>
58 #include <sys/fcntl.h>
59 
60 #include <dev/usb/usb.h>
61 #include <dev/usb/usb_ioctl.h>
62 #include <dev/usb/usbdi.h>
63 #include <dev/usb/usbdi_util.h>
64 
65 #define	USB_DEBUG_VAR usb_fifo_debug
66 
67 #include <dev/usb/usb_core.h>
68 #include <dev/usb/usb_dev.h>
69 #include <dev/usb/usb_mbuf.h>
70 #include <dev/usb/usb_process.h>
71 #include <dev/usb/usb_device.h>
72 #include <dev/usb/usb_debug.h>
73 #include <dev/usb/usb_busdma.h>
74 #include <dev/usb/usb_generic.h>
75 #include <dev/usb/usb_dynamic.h>
76 #include <dev/usb/usb_util.h>
77 
78 #include <dev/usb/usb_controller.h>
79 #include <dev/usb/usb_bus.h>
80 
81 #include <sys/filio.h>
82 #include <sys/ttycom.h>
83 #include <sys/syscallsubr.h>
84 
85 #include <machine/stdarg.h>
86 #endif			/* USB_GLOBAL_INCLUDE_FILE */
87 
88 #if USB_HAVE_UGEN
89 
90 #ifdef USB_DEBUG
91 static int usb_fifo_debug = 0;
92 
93 static SYSCTL_NODE(_hw_usb, OID_AUTO, dev, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
94     "USB device");
95 SYSCTL_INT(_hw_usb_dev, OID_AUTO, debug, CTLFLAG_RWTUN,
96     &usb_fifo_debug, 0, "Debug Level");
97 #endif
98 
99 #define	USB_UCRED struct ucred *ucred,
100 
101 /* prototypes */
102 
103 static int	usb_fifo_open(struct usb_cdev_privdata *,
104 		    struct usb_fifo *, int);
105 static void	usb_fifo_close(struct usb_fifo *, int);
106 static void	usb_dev_init(void *);
107 static void	usb_dev_init_post(void *);
108 static void	usb_dev_uninit(void *);
109 static int	usb_fifo_uiomove(struct usb_fifo *, void *, int,
110 		    struct uio *);
111 static void	usb_fifo_check_methods(struct usb_fifo_methods *);
112 static struct	usb_fifo *usb_fifo_alloc(struct mtx *);
113 static struct	usb_endpoint *usb_dev_get_ep(struct usb_device *, uint8_t,
114 		    uint8_t);
115 static void	usb_loc_fill(struct usb_fs_privdata *,
116 		    struct usb_cdev_privdata *);
117 static void	usb_close(void *);
118 static usb_error_t usb_ref_device(struct usb_cdev_privdata *, struct usb_cdev_refdata *, int);
119 static usb_error_t usb_usb_ref_device(struct usb_cdev_privdata *, struct usb_cdev_refdata *);
120 static void	usb_unref_device(struct usb_cdev_privdata *, struct usb_cdev_refdata *);
121 
122 static d_open_t usb_open;
123 static d_ioctl_t usb_ioctl;
124 static d_read_t usb_read;
125 static d_write_t usb_write;
126 static d_poll_t usb_poll;
127 static d_kqfilter_t usb_kqfilter;
128 
129 static d_ioctl_t usb_static_ioctl;
130 
131 static usb_fifo_open_t usb_fifo_dummy_open;
132 static usb_fifo_close_t usb_fifo_dummy_close;
133 static usb_fifo_ioctl_t usb_fifo_dummy_ioctl;
134 static usb_fifo_cmd_t usb_fifo_dummy_cmd;
135 
136 /* character device structure used for devices (/dev/ugenX.Y and /dev/uXXX) */
137 struct cdevsw usb_devsw = {
138 	.d_version = D_VERSION,
139 	.d_open = usb_open,
140 	.d_ioctl = usb_ioctl,
141 	.d_name = "usbdev",
142 	.d_flags = D_TRACKCLOSE,
143 	.d_read = usb_read,
144 	.d_write = usb_write,
145 	.d_poll = usb_poll,
146 	.d_kqfilter = usb_kqfilter,
147 };
148 
149 static struct cdev* usb_dev = NULL;
150 
151 /* character device structure used for /dev/usb */
152 static struct cdevsw usb_static_devsw = {
153 	.d_version = D_VERSION,
154 	.d_ioctl = usb_static_ioctl,
155 	.d_name = "usb"
156 };
157 
158 static TAILQ_HEAD(, usb_symlink) usb_sym_head;
159 static struct sx usb_sym_lock;
160 
161 struct mtx usb_ref_lock;
162 
163 /*------------------------------------------------------------------------*
164  *	usb_loc_fill
165  *
166  * This is used to fill out a usb_cdev_privdata structure based on the
167  * device's address as contained in usb_fs_privdata.
168  *------------------------------------------------------------------------*/
169 static void
170 usb_loc_fill(struct usb_fs_privdata* pd, struct usb_cdev_privdata *cpd)
171 {
172 	cpd->bus_index = pd->bus_index;
173 	cpd->dev_index = pd->dev_index;
174 	cpd->ep_addr = pd->ep_addr;
175 	cpd->fifo_index = pd->fifo_index;
176 }
177 
178 /*------------------------------------------------------------------------*
179  *	usb_ref_device
180  *
181  * This function is used to atomically refer an USB device by its
182  * device location. If this function returns success the USB device
183  * will not disappear until the USB device is unreferenced.
184  *
185  * Return values:
186  *  0: Success, refcount incremented on the given USB device.
187  *  Else: Failure.
188  *------------------------------------------------------------------------*/
189 static usb_error_t
190 usb_ref_device(struct usb_cdev_privdata *cpd,
191     struct usb_cdev_refdata *crd, int need_uref)
192 {
193 	struct usb_fifo **ppf;
194 	struct usb_fifo *f;
195 
196 	DPRINTFN(2, "cpd=%p need uref=%d\n", cpd, need_uref);
197 
198 	/* clear all refs */
199 	memset(crd, 0, sizeof(*crd));
200 
201 	mtx_lock(&usb_ref_lock);
202 	cpd->bus = devclass_get_softc(usb_devclass_ptr, cpd->bus_index);
203 	if (cpd->bus == NULL) {
204 		DPRINTFN(2, "no bus at %u\n", cpd->bus_index);
205 		goto error;
206 	}
207 	cpd->udev = cpd->bus->devices[cpd->dev_index];
208 	if (cpd->udev == NULL) {
209 		DPRINTFN(2, "no device at %u\n", cpd->dev_index);
210 		goto error;
211 	}
212 	if (cpd->udev->state == USB_STATE_DETACHED &&
213 	    (need_uref != 2)) {
214 		DPRINTFN(2, "device is detached\n");
215 		goto error;
216 	}
217 	if (need_uref) {
218 		DPRINTFN(2, "ref udev - needed\n");
219 
220 		if (cpd->udev->refcount == USB_DEV_REF_MAX) {
221 			DPRINTFN(2, "no dev ref\n");
222 			goto error;
223 		}
224 		cpd->udev->refcount++;
225 
226 		mtx_unlock(&usb_ref_lock);
227 
228 		/*
229 		 * We need to grab the enumeration SX-lock before
230 		 * grabbing the FIFO refs to avoid deadlock at detach!
231 		 */
232 		crd->do_unlock = usbd_enum_lock_sig(cpd->udev);
233 
234 		mtx_lock(&usb_ref_lock);
235 
236 		/*
237 		 * Set "is_uref" after grabbing the default SX lock
238 		 */
239 		crd->is_uref = 1;
240 
241 		/* check for signal */
242 		if (crd->do_unlock > 1) {
243 			crd->do_unlock = 0;
244 			goto error;
245 		}
246 	}
247 
248 	/* check if we are doing an open */
249 	if (cpd->fflags == 0) {
250 		/* use zero defaults */
251 	} else {
252 		/* check for write */
253 		if (cpd->fflags & FWRITE) {
254 			ppf = cpd->udev->fifo;
255 			f = ppf[cpd->fifo_index + USB_FIFO_TX];
256 			crd->txfifo = f;
257 			crd->is_write = 1;	/* ref */
258 			if (f == NULL || f->refcount == USB_FIFO_REF_MAX)
259 				goto error;
260 			if (f->curr_cpd != cpd)
261 				goto error;
262 			/* check if USB-FS is active */
263 			if (f->fs_ep_max != 0) {
264 				crd->is_usbfs = 1;
265 			}
266 		}
267 
268 		/* check for read */
269 		if (cpd->fflags & FREAD) {
270 			ppf = cpd->udev->fifo;
271 			f = ppf[cpd->fifo_index + USB_FIFO_RX];
272 			crd->rxfifo = f;
273 			crd->is_read = 1;	/* ref */
274 			if (f == NULL || f->refcount == USB_FIFO_REF_MAX)
275 				goto error;
276 			if (f->curr_cpd != cpd)
277 				goto error;
278 			/* check if USB-FS is active */
279 			if (f->fs_ep_max != 0) {
280 				crd->is_usbfs = 1;
281 			}
282 		}
283 	}
284 
285 	/* when everything is OK we increment the refcounts */
286 	if (crd->is_write) {
287 		DPRINTFN(2, "ref write\n");
288 		crd->txfifo->refcount++;
289 	}
290 	if (crd->is_read) {
291 		DPRINTFN(2, "ref read\n");
292 		crd->rxfifo->refcount++;
293 	}
294 	mtx_unlock(&usb_ref_lock);
295 
296 	return (0);
297 
298 error:
299 	if (crd->do_unlock)
300 		usbd_enum_unlock(cpd->udev);
301 
302 	if (crd->is_uref) {
303 		if (--(cpd->udev->refcount) == 0)
304 			cv_broadcast(&cpd->udev->ref_cv);
305 	}
306 	mtx_unlock(&usb_ref_lock);
307 	DPRINTFN(2, "fail\n");
308 
309 	/* clear all refs */
310 	memset(crd, 0, sizeof(*crd));
311 
312 	return (USB_ERR_INVAL);
313 }
314 
315 /*------------------------------------------------------------------------*
316  *	usb_usb_ref_device
317  *
318  * This function is used to upgrade an USB reference to include the
319  * USB device reference on a USB location.
320  *
321  * Return values:
322  *  0: Success, refcount incremented on the given USB device.
323  *  Else: Failure.
324  *------------------------------------------------------------------------*/
325 static usb_error_t
326 usb_usb_ref_device(struct usb_cdev_privdata *cpd,
327     struct usb_cdev_refdata *crd)
328 {
329 	/*
330 	 * Check if we already got an USB reference on this location:
331 	 */
332 	if (crd->is_uref)
333 		return (0);		/* success */
334 
335 	/*
336 	 * To avoid deadlock at detach we need to drop the FIFO ref
337 	 * and re-acquire a new ref!
338 	 */
339 	usb_unref_device(cpd, crd);
340 
341 	return (usb_ref_device(cpd, crd, 1 /* need uref */));
342 }
343 
344 /*------------------------------------------------------------------------*
345  *	usb_unref_device
346  *
347  * This function will release the reference count by one unit for the
348  * given USB device.
349  *------------------------------------------------------------------------*/
350 static void
351 usb_unref_device(struct usb_cdev_privdata *cpd,
352     struct usb_cdev_refdata *crd)
353 {
354 
355 	DPRINTFN(2, "cpd=%p is_uref=%d\n", cpd, crd->is_uref);
356 
357 	if (crd->do_unlock)
358 		usbd_enum_unlock(cpd->udev);
359 
360 	mtx_lock(&usb_ref_lock);
361 	if (crd->is_read) {
362 		if (--(crd->rxfifo->refcount) == 0) {
363 			cv_signal(&crd->rxfifo->cv_drain);
364 		}
365 		crd->is_read = 0;
366 	}
367 	if (crd->is_write) {
368 		if (--(crd->txfifo->refcount) == 0) {
369 			cv_signal(&crd->txfifo->cv_drain);
370 		}
371 		crd->is_write = 0;
372 	}
373 	if (crd->is_uref) {
374 		crd->is_uref = 0;
375 		if (--(cpd->udev->refcount) == 0)
376 			cv_broadcast(&cpd->udev->ref_cv);
377 	}
378 	mtx_unlock(&usb_ref_lock);
379 }
380 
381 static struct usb_fifo *
382 usb_fifo_alloc(struct mtx *mtx)
383 {
384 	struct usb_fifo *f;
385 
386 	f = malloc(sizeof(*f), M_USBDEV, M_WAITOK | M_ZERO);
387 	cv_init(&f->cv_io, "FIFO-IO");
388 	cv_init(&f->cv_drain, "FIFO-DRAIN");
389 	f->priv_mtx = mtx;
390 	f->refcount = 1;
391 	knlist_init_mtx(&f->selinfo.si_note, mtx);
392 	return (f);
393 }
394 
395 /*------------------------------------------------------------------------*
396  *	usb_fifo_create
397  *------------------------------------------------------------------------*/
398 static int
399 usb_fifo_create(struct usb_cdev_privdata *cpd,
400     struct usb_cdev_refdata *crd)
401 {
402 	struct usb_device *udev = cpd->udev;
403 	struct usb_fifo *f;
404 	struct usb_endpoint *ep;
405 	uint8_t n;
406 	uint8_t is_tx;
407 	uint8_t is_rx;
408 	uint8_t no_null;
409 	uint8_t is_busy;
410 	int e = cpd->ep_addr;
411 
412 	is_tx = (cpd->fflags & FWRITE) ? 1 : 0;
413 	is_rx = (cpd->fflags & FREAD) ? 1 : 0;
414 	no_null = 1;
415 	is_busy = 0;
416 
417 	/* Preallocated FIFO */
418 	if (e < 0) {
419 		DPRINTFN(5, "Preallocated FIFO\n");
420 		if (is_tx) {
421 			f = udev->fifo[cpd->fifo_index + USB_FIFO_TX];
422 			if (f == NULL)
423 				return (EINVAL);
424 			crd->txfifo = f;
425 		}
426 		if (is_rx) {
427 			f = udev->fifo[cpd->fifo_index + USB_FIFO_RX];
428 			if (f == NULL)
429 				return (EINVAL);
430 			crd->rxfifo = f;
431 		}
432 		return (0);
433 	}
434 
435 	KASSERT(e >= 0 && e <= 15, ("endpoint %d out of range", e));
436 
437 	/* search for a free FIFO slot */
438 	DPRINTFN(5, "Endpoint device, searching for 0x%02x\n", e);
439 	for (n = 0;; n += 2) {
440 		if (n == USB_FIFO_MAX) {
441 			if (no_null) {
442 				no_null = 0;
443 				n = 0;
444 			} else {
445 				/* end of FIFOs reached */
446 				DPRINTFN(5, "out of FIFOs\n");
447 				return (ENOMEM);
448 			}
449 		}
450 		/* Check for TX FIFO */
451 		if (is_tx) {
452 			f = udev->fifo[n + USB_FIFO_TX];
453 			if (f != NULL) {
454 				if (f->dev_ep_index != e) {
455 					/* wrong endpoint index */
456 					continue;
457 				}
458 				if (f->curr_cpd != NULL) {
459 					/* FIFO is opened */
460 					is_busy = 1;
461 					continue;
462 				}
463 			} else if (no_null) {
464 				continue;
465 			}
466 		}
467 		/* Check for RX FIFO */
468 		if (is_rx) {
469 			f = udev->fifo[n + USB_FIFO_RX];
470 			if (f != NULL) {
471 				if (f->dev_ep_index != e) {
472 					/* wrong endpoint index */
473 					continue;
474 				}
475 				if (f->curr_cpd != NULL) {
476 					/* FIFO is opened */
477 					is_busy = 1;
478 					continue;
479 				}
480 			} else if (no_null) {
481 				continue;
482 			}
483 		}
484 		break;
485 	}
486 
487 	if (no_null == 0) {
488 		if (e >= (USB_EP_MAX / 2)) {
489 			/* we don't create any endpoints in this range */
490 			DPRINTFN(5, "ep out of range\n");
491 			return (is_busy ? EBUSY : EINVAL);
492 		}
493 	}
494 
495 	if ((e != 0) && is_busy) {
496 		/*
497 		 * Only the default control endpoint is allowed to be
498 		 * opened multiple times!
499 		 */
500 		DPRINTFN(5, "busy\n");
501 		return (EBUSY);
502 	}
503 
504 	/* Check TX FIFO */
505 	if (is_tx &&
506 	    (udev->fifo[n + USB_FIFO_TX] == NULL)) {
507 		ep = usb_dev_get_ep(udev, e, USB_FIFO_TX);
508 		DPRINTFN(5, "dev_get_endpoint(%d, 0x%x)\n", e, USB_FIFO_TX);
509 		if (ep == NULL) {
510 			DPRINTFN(5, "dev_get_endpoint returned NULL\n");
511 			return (EINVAL);
512 		}
513 		f = usb_fifo_alloc(&udev->device_mtx);
514 		if (f == NULL) {
515 			DPRINTFN(5, "could not alloc tx fifo\n");
516 			return (ENOMEM);
517 		}
518 		/* update some fields */
519 		f->fifo_index = n + USB_FIFO_TX;
520 		f->dev_ep_index = e;
521 		f->priv_sc0 = ep;
522 		f->methods = &usb_ugen_methods;
523 		f->iface_index = ep->iface_index;
524 		f->udev = udev;
525 		mtx_lock(&usb_ref_lock);
526 		udev->fifo[n + USB_FIFO_TX] = f;
527 		mtx_unlock(&usb_ref_lock);
528 	}
529 	/* Check RX FIFO */
530 	if (is_rx &&
531 	    (udev->fifo[n + USB_FIFO_RX] == NULL)) {
532 		ep = usb_dev_get_ep(udev, e, USB_FIFO_RX);
533 		DPRINTFN(5, "dev_get_endpoint(%d, 0x%x)\n", e, USB_FIFO_RX);
534 		if (ep == NULL) {
535 			DPRINTFN(5, "dev_get_endpoint returned NULL\n");
536 			return (EINVAL);
537 		}
538 		f = usb_fifo_alloc(&udev->device_mtx);
539 		if (f == NULL) {
540 			DPRINTFN(5, "could not alloc rx fifo\n");
541 			return (ENOMEM);
542 		}
543 		/* update some fields */
544 		f->fifo_index = n + USB_FIFO_RX;
545 		f->dev_ep_index = e;
546 		f->priv_sc0 = ep;
547 		f->methods = &usb_ugen_methods;
548 		f->iface_index = ep->iface_index;
549 		f->udev = udev;
550 		mtx_lock(&usb_ref_lock);
551 		udev->fifo[n + USB_FIFO_RX] = f;
552 		mtx_unlock(&usb_ref_lock);
553 	}
554 	if (is_tx) {
555 		crd->txfifo = udev->fifo[n + USB_FIFO_TX];
556 	}
557 	if (is_rx) {
558 		crd->rxfifo = udev->fifo[n + USB_FIFO_RX];
559 	}
560 	/* fill out fifo index */
561 	DPRINTFN(5, "fifo index = %d\n", n);
562 	cpd->fifo_index = n;
563 
564 	/* complete */
565 
566 	return (0);
567 }
568 
569 void
570 usb_fifo_free(struct usb_fifo *f)
571 {
572 	uint8_t n;
573 
574 	if (f == NULL) {
575 		/* be NULL safe */
576 		return;
577 	}
578 	/* destroy symlink devices, if any */
579 	for (n = 0; n != 2; n++) {
580 		if (f->symlink[n]) {
581 			usb_free_symlink(f->symlink[n]);
582 			f->symlink[n] = NULL;
583 		}
584 	}
585 	mtx_lock(&usb_ref_lock);
586 
587 	/* delink ourselves to stop calls from userland */
588 	if ((f->fifo_index < USB_FIFO_MAX) &&
589 	    (f->udev != NULL) &&
590 	    (f->udev->fifo[f->fifo_index] == f)) {
591 		f->udev->fifo[f->fifo_index] = NULL;
592 	} else {
593 		DPRINTFN(0, "USB FIFO %p has not been linked\n", f);
594 	}
595 
596 	/* decrease refcount */
597 	f->refcount--;
598 	/* need to wait until all callers have exited */
599 	while (f->refcount != 0) {
600 		mtx_unlock(&usb_ref_lock);	/* avoid LOR */
601 		mtx_lock(f->priv_mtx);
602 		/* prevent write flush, if any */
603 		f->flag_iserror = 1;
604 		/* get I/O thread out of any sleep state */
605 		if (f->flag_sleeping) {
606 			f->flag_sleeping = 0;
607 			cv_broadcast(&f->cv_io);
608 		}
609 		mtx_unlock(f->priv_mtx);
610 		mtx_lock(&usb_ref_lock);
611 
612 		/*
613 		 * Check if the "f->refcount" variable reached zero
614 		 * during the unlocked time before entering wait:
615 		 */
616 		if (f->refcount == 0)
617 			break;
618 
619 		/* wait for sync */
620 		cv_wait(&f->cv_drain, &usb_ref_lock);
621 	}
622 	mtx_unlock(&usb_ref_lock);
623 
624 	/* take care of closing the device here, if any */
625 	usb_fifo_close(f, 0);
626 
627 	cv_destroy(&f->cv_io);
628 	cv_destroy(&f->cv_drain);
629 
630 	knlist_clear(&f->selinfo.si_note, 0);
631 	seldrain(&f->selinfo);
632 	knlist_destroy(&f->selinfo.si_note);
633 
634 	free(f, M_USBDEV);
635 }
636 
637 static struct usb_endpoint *
638 usb_dev_get_ep(struct usb_device *udev, uint8_t ep_index, uint8_t dir)
639 {
640 	struct usb_endpoint *ep;
641 	uint8_t ep_dir;
642 
643 	if (ep_index == 0) {
644 		ep = &udev->ctrl_ep;
645 	} else {
646 		if (dir == USB_FIFO_RX) {
647 			if (udev->flags.usb_mode == USB_MODE_HOST) {
648 				ep_dir = UE_DIR_IN;
649 			} else {
650 				ep_dir = UE_DIR_OUT;
651 			}
652 		} else {
653 			if (udev->flags.usb_mode == USB_MODE_HOST) {
654 				ep_dir = UE_DIR_OUT;
655 			} else {
656 				ep_dir = UE_DIR_IN;
657 			}
658 		}
659 		ep = usbd_get_ep_by_addr(udev, ep_index | ep_dir);
660 	}
661 
662 	if (ep == NULL) {
663 		/* if the endpoint does not exist then return */
664 		return (NULL);
665 	}
666 	if (ep->edesc == NULL) {
667 		/* invalid endpoint */
668 		return (NULL);
669 	}
670 	return (ep);			/* success */
671 }
672 
673 /*------------------------------------------------------------------------*
674  *	usb_fifo_open
675  *
676  * Returns:
677  * 0: Success
678  * Else: Failure
679  *------------------------------------------------------------------------*/
680 static int
681 usb_fifo_open(struct usb_cdev_privdata *cpd,
682     struct usb_fifo *f, int fflags)
683 {
684 	int err;
685 
686 	if (f == NULL) {
687 		/* no FIFO there */
688 		DPRINTFN(2, "no FIFO\n");
689 		return (ENXIO);
690 	}
691 	/* remove FWRITE and FREAD flags */
692 	fflags &= ~(FWRITE | FREAD);
693 
694 	/* set correct file flags */
695 	if ((f->fifo_index & 1) == USB_FIFO_TX) {
696 		fflags |= FWRITE;
697 	} else {
698 		fflags |= FREAD;
699 	}
700 
701 	/* check if we are already opened */
702 	/* we don't need any locks when checking this variable */
703 	if (f->curr_cpd != NULL) {
704 		err = EBUSY;
705 		goto done;
706 	}
707 
708 	/* reset short flag before open */
709 	f->flag_short = 0;
710 
711 	/* call open method */
712 	err = (f->methods->f_open) (f, fflags);
713 	if (err) {
714 		goto done;
715 	}
716 	mtx_lock(f->priv_mtx);
717 
718 	/* reset sleep flag */
719 	f->flag_sleeping = 0;
720 
721 	/* reset error flag */
722 	f->flag_iserror = 0;
723 
724 	/* reset complete flag */
725 	f->flag_iscomplete = 0;
726 
727 	/* reset select flag */
728 	f->flag_isselect = 0;
729 
730 	/* reset flushing flag */
731 	f->flag_flushing = 0;
732 
733 	/* reset ASYNC proc flag */
734 	f->async_p = NULL;
735 
736 	mtx_lock(&usb_ref_lock);
737 	/* flag the fifo as opened to prevent others */
738 	f->curr_cpd = cpd;
739 	mtx_unlock(&usb_ref_lock);
740 
741 	/* reset queue */
742 	usb_fifo_reset(f);
743 
744 	mtx_unlock(f->priv_mtx);
745 done:
746 	return (err);
747 }
748 
749 /*------------------------------------------------------------------------*
750  *	usb_fifo_reset
751  *------------------------------------------------------------------------*/
752 void
753 usb_fifo_reset(struct usb_fifo *f)
754 {
755 	struct usb_mbuf *m;
756 
757 	if (f == NULL) {
758 		return;
759 	}
760 	while (1) {
761 		USB_IF_DEQUEUE(&f->used_q, m);
762 		if (m) {
763 			USB_IF_ENQUEUE(&f->free_q, m);
764 		} else {
765 			break;
766 		}
767 	}
768 	/* reset have fragment flag */
769 	f->flag_have_fragment = 0;
770 }
771 
772 /*------------------------------------------------------------------------*
773  *	usb_fifo_close
774  *------------------------------------------------------------------------*/
775 static void
776 usb_fifo_close(struct usb_fifo *f, int fflags)
777 {
778 	int err;
779 
780 	/* check if we are not opened */
781 	if (f->curr_cpd == NULL) {
782 		/* nothing to do - already closed */
783 		return;
784 	}
785 	mtx_lock(f->priv_mtx);
786 
787 	/* clear current cdev private data pointer */
788 	mtx_lock(&usb_ref_lock);
789 	f->curr_cpd = NULL;
790 	mtx_unlock(&usb_ref_lock);
791 
792 	/* check if we are watched by kevent */
793 	KNOTE_LOCKED(&f->selinfo.si_note, 0);
794 
795 	/* check if we are selected */
796 	if (f->flag_isselect) {
797 		selwakeup(&f->selinfo);
798 		f->flag_isselect = 0;
799 	}
800 	/* check if a thread wants SIGIO */
801 	if (f->async_p != NULL) {
802 		PROC_LOCK(f->async_p);
803 		kern_psignal(f->async_p, SIGIO);
804 		PROC_UNLOCK(f->async_p);
805 		f->async_p = NULL;
806 	}
807 	/* remove FWRITE and FREAD flags */
808 	fflags &= ~(FWRITE | FREAD);
809 
810 	/* flush written data, if any */
811 	if ((f->fifo_index & 1) == USB_FIFO_TX) {
812 		if (!f->flag_iserror) {
813 			/* set flushing flag */
814 			f->flag_flushing = 1;
815 
816 			/* get the last packet in */
817 			if (f->flag_have_fragment) {
818 				struct usb_mbuf *m;
819 				f->flag_have_fragment = 0;
820 				USB_IF_DEQUEUE(&f->free_q, m);
821 				if (m) {
822 					USB_IF_ENQUEUE(&f->used_q, m);
823 				}
824 			}
825 
826 			/* start write transfer, if not already started */
827 			(f->methods->f_start_write) (f);
828 
829 			/* check if flushed already */
830 			while (f->flag_flushing &&
831 			    (!f->flag_iserror)) {
832 				/* wait until all data has been written */
833 				f->flag_sleeping = 1;
834 				err = cv_timedwait_sig(&f->cv_io, f->priv_mtx,
835 				    USB_MS_TO_TICKS(USB_DEFAULT_TIMEOUT));
836 				if (err) {
837 					DPRINTF("signal received\n");
838 					break;
839 				}
840 			}
841 		}
842 		fflags |= FWRITE;
843 
844 		/* stop write transfer, if not already stopped */
845 		(f->methods->f_stop_write) (f);
846 	} else {
847 		fflags |= FREAD;
848 
849 		/* stop write transfer, if not already stopped */
850 		(f->methods->f_stop_read) (f);
851 	}
852 
853 	/* check if we are sleeping */
854 	if (f->flag_sleeping) {
855 		DPRINTFN(2, "Sleeping at close!\n");
856 	}
857 	mtx_unlock(f->priv_mtx);
858 
859 	/* call close method */
860 	(f->methods->f_close) (f, fflags);
861 
862 	DPRINTF("closed\n");
863 }
864 
865 /*------------------------------------------------------------------------*
866  *	usb_open - cdev callback
867  *------------------------------------------------------------------------*/
868 static int
869 usb_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
870 {
871 	struct usb_fs_privdata* pd = (struct usb_fs_privdata*)dev->si_drv1;
872 	struct usb_cdev_refdata refs;
873 	struct usb_cdev_privdata *cpd;
874 	int err;
875 
876 	DPRINTFN(2, "%s fflags=0x%08x\n", devtoname(dev), fflags);
877 
878 	KASSERT(fflags & (FREAD|FWRITE), ("invalid open flags"));
879 	if (((fflags & FREAD) && !(pd->mode & FREAD)) ||
880 	    ((fflags & FWRITE) && !(pd->mode & FWRITE))) {
881 		DPRINTFN(2, "access mode not supported\n");
882 		return (EPERM);
883 	}
884 
885 	cpd = malloc(sizeof(*cpd), M_USBDEV, M_WAITOK | M_ZERO);
886 
887 	usb_loc_fill(pd, cpd);
888 	err = usb_ref_device(cpd, &refs, 1);
889 	if (err) {
890 		DPRINTFN(2, "cannot ref device\n");
891 		free(cpd, M_USBDEV);
892 		return (ENXIO);
893 	}
894 	cpd->fflags = fflags;	/* access mode for open lifetime */
895 
896 	/* create FIFOs, if any */
897 	err = usb_fifo_create(cpd, &refs);
898 	/* check for error */
899 	if (err) {
900 		DPRINTFN(2, "cannot create fifo\n");
901 		usb_unref_device(cpd, &refs);
902 		free(cpd, M_USBDEV);
903 		return (err);
904 	}
905 	if (fflags & FREAD) {
906 		err = usb_fifo_open(cpd, refs.rxfifo, fflags);
907 		if (err) {
908 			DPRINTFN(2, "read open failed\n");
909 			usb_unref_device(cpd, &refs);
910 			free(cpd, M_USBDEV);
911 			return (err);
912 		}
913 	}
914 	if (fflags & FWRITE) {
915 		err = usb_fifo_open(cpd, refs.txfifo, fflags);
916 		if (err) {
917 			DPRINTFN(2, "write open failed\n");
918 			if (fflags & FREAD) {
919 				usb_fifo_close(refs.rxfifo, fflags);
920 			}
921 			usb_unref_device(cpd, &refs);
922 			free(cpd, M_USBDEV);
923 			return (err);
924 		}
925 	}
926 	usb_unref_device(cpd, &refs);
927 	devfs_set_cdevpriv(cpd, usb_close);
928 
929 	return (0);
930 }
931 
932 /*------------------------------------------------------------------------*
933  *	usb_close - cdev callback
934  *------------------------------------------------------------------------*/
935 static void
936 usb_close(void *arg)
937 {
938 	struct usb_cdev_refdata refs;
939 	struct usb_cdev_privdata *cpd = arg;
940 	int err;
941 
942 	DPRINTFN(2, "cpd=%p\n", cpd);
943 
944 	err = usb_ref_device(cpd, &refs,
945 	    2 /* uref and allow detached state */);
946 	if (err) {
947 		DPRINTFN(2, "Cannot grab USB reference when "
948 		    "closing USB file handle\n");
949 		goto done;
950 	}
951 	if (cpd->fflags & FREAD) {
952 		usb_fifo_close(refs.rxfifo, cpd->fflags);
953 	}
954 	if (cpd->fflags & FWRITE) {
955 		usb_fifo_close(refs.txfifo, cpd->fflags);
956 	}
957 	usb_unref_device(cpd, &refs);
958 done:
959 	free(cpd, M_USBDEV);
960 }
961 
962 static void
963 usb_dev_init(void *arg)
964 {
965 	mtx_init(&usb_ref_lock, "USB ref mutex", NULL, MTX_DEF);
966 	sx_init(&usb_sym_lock, "USB sym mutex");
967 	TAILQ_INIT(&usb_sym_head);
968 
969 	/* check the UGEN methods */
970 	usb_fifo_check_methods(&usb_ugen_methods);
971 }
972 
973 SYSINIT(usb_dev_init, SI_SUB_KLD, SI_ORDER_FIRST, usb_dev_init, NULL);
974 
975 static void
976 usb_dev_init_post(void *arg)
977 {
978 	/*
979 	 * Create /dev/usb - this is needed for usbconfig(8), which
980 	 * needs a well-known device name to access.
981 	 */
982 	usb_dev = make_dev(&usb_static_devsw, 0, UID_ROOT, GID_OPERATOR,
983 	    0644, USB_DEVICE_NAME);
984 	if (usb_dev == NULL) {
985 		DPRINTFN(0, "Could not create usb bus device\n");
986 	}
987 }
988 
989 SYSINIT(usb_dev_init_post, SI_SUB_KICK_SCHEDULER, SI_ORDER_FIRST, usb_dev_init_post, NULL);
990 
991 static void
992 usb_dev_uninit(void *arg)
993 {
994 	if (usb_dev != NULL) {
995 		destroy_dev(usb_dev);
996 		usb_dev = NULL;
997 	}
998 	mtx_destroy(&usb_ref_lock);
999 	sx_destroy(&usb_sym_lock);
1000 }
1001 
1002 SYSUNINIT(usb_dev_uninit, SI_SUB_KICK_SCHEDULER, SI_ORDER_ANY, usb_dev_uninit, NULL);
1003 
1004 static int
1005 usb_ioctl_f_sub(struct usb_fifo *f, u_long cmd, void *addr,
1006     struct thread *td)
1007 {
1008 	int error = 0;
1009 
1010 	switch (cmd) {
1011 	case FIODTYPE:
1012 		*(int *)addr = 0;	/* character device */
1013 		break;
1014 
1015 	case FIONBIO:
1016 		/* handled by upper FS layer */
1017 		break;
1018 
1019 	case FIOASYNC:
1020 		if (*(int *)addr) {
1021 			if (f->async_p != NULL) {
1022 				error = EBUSY;
1023 				break;
1024 			}
1025 			f->async_p = USB_TD_GET_PROC(td);
1026 		} else {
1027 			f->async_p = NULL;
1028 		}
1029 		break;
1030 
1031 		/* XXX this is not the most general solution */
1032 	case TIOCSPGRP:
1033 		if (f->async_p == NULL) {
1034 			error = EINVAL;
1035 			break;
1036 		}
1037 		if (*(int *)addr != USB_PROC_GET_GID(f->async_p)) {
1038 			error = EPERM;
1039 			break;
1040 		}
1041 		break;
1042 	default:
1043 		return (ENOIOCTL);
1044 	}
1045 	DPRINTFN(3, "cmd 0x%lx = %d\n", cmd, error);
1046 	return (error);
1047 }
1048 
1049 /*------------------------------------------------------------------------*
1050  *	usb_ioctl - cdev callback
1051  *------------------------------------------------------------------------*/
1052 static int
1053 usb_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int fflag, struct thread* td)
1054 {
1055 	struct usb_cdev_refdata refs;
1056 	struct usb_cdev_privdata* cpd;
1057 	struct usb_fifo *f;
1058 	int fflags;
1059 	int err;
1060 
1061 	DPRINTFN(2, "cmd=0x%lx\n", cmd);
1062 
1063 	err = devfs_get_cdevpriv((void **)&cpd);
1064 	if (err != 0)
1065 		return (err);
1066 
1067 	/*
1068 	 * Performance optimisation: We try to check for IOCTL's that
1069 	 * don't need the USB reference first. Then we grab the USB
1070 	 * reference if we need it!
1071 	 */
1072 	err = usb_ref_device(cpd, &refs, 0 /* no uref */ );
1073 	if (err)
1074 		return (ENXIO);
1075 
1076 	fflags = cpd->fflags;
1077 
1078 	f = NULL;			/* set default value */
1079 	err = ENOIOCTL;			/* set default value */
1080 
1081 	if (fflags & FWRITE) {
1082 		f = refs.txfifo;
1083 		err = usb_ioctl_f_sub(f, cmd, addr, td);
1084 	}
1085 	if (fflags & FREAD) {
1086 		f = refs.rxfifo;
1087 		err = usb_ioctl_f_sub(f, cmd, addr, td);
1088 	}
1089 	KASSERT(f != NULL, ("fifo not found"));
1090 	if (err != ENOIOCTL)
1091 		goto done;
1092 
1093 	err = (f->methods->f_ioctl) (f, cmd, addr, fflags);
1094 
1095 	DPRINTFN(2, "f_ioctl cmd 0x%lx = %d\n", cmd, err);
1096 
1097 	if (err != ENOIOCTL)
1098 		goto done;
1099 
1100 	if (usb_usb_ref_device(cpd, &refs)) {
1101 		/* we lost the reference */
1102 		return (ENXIO);
1103 	}
1104 
1105 	err = (f->methods->f_ioctl_post) (f, cmd, addr, fflags);
1106 
1107 	DPRINTFN(2, "f_ioctl_post cmd 0x%lx = %d\n", cmd, err);
1108 
1109 	if (err == ENOIOCTL)
1110 		err = ENOTTY;
1111 
1112 	if (err)
1113 		goto done;
1114 
1115 	/* Wait for re-enumeration, if any */
1116 
1117 	while (f->udev->re_enumerate_wait != USB_RE_ENUM_DONE) {
1118 		usb_unref_device(cpd, &refs);
1119 
1120 		usb_pause_mtx(NULL, hz / 128);
1121 
1122 		while (usb_ref_device(cpd, &refs, 1 /* need uref */)) {
1123 			if (usb_ref_device(cpd, &refs, 0)) {
1124 				/* device no longer exists */
1125 				return (ENXIO);
1126 			}
1127 			usb_unref_device(cpd, &refs);
1128 			usb_pause_mtx(NULL, hz / 128);
1129 		}
1130 	}
1131 
1132 done:
1133 	usb_unref_device(cpd, &refs);
1134 	return (err);
1135 }
1136 
1137 static void
1138 usb_filter_detach(struct knote *kn)
1139 {
1140 	struct usb_fifo *f = kn->kn_hook;
1141 	knlist_remove(&f->selinfo.si_note, kn, 0);
1142 }
1143 
1144 static int
1145 usb_filter_write(struct knote *kn, long hint)
1146 {
1147 	struct usb_cdev_privdata* cpd;
1148 	struct usb_fifo *f;
1149 	struct usb_mbuf *m;
1150 
1151 	DPRINTFN(2, "\n");
1152 
1153 	f = kn->kn_hook;
1154 
1155 	USB_MTX_ASSERT(f->priv_mtx, MA_OWNED);
1156 
1157 	cpd = f->curr_cpd;
1158 	if (cpd == NULL) {
1159 		m = (void *)1;
1160 	} else if (f->fs_ep_max == 0) {
1161 		if (f->flag_iserror) {
1162 			/* we got an error */
1163 			m = (void *)1;
1164 		} else {
1165 			if (f->queue_data == NULL) {
1166 				/*
1167 				 * start write transfer, if not
1168 				 * already started
1169 				 */
1170 				(f->methods->f_start_write) (f);
1171 			}
1172 			/* check if any packets are available */
1173 			USB_IF_POLL(&f->free_q, m);
1174 		}
1175 	} else {
1176 		if (f->flag_iscomplete) {
1177 			m = (void *)1;
1178 		} else {
1179 			m = NULL;
1180 		}
1181 	}
1182 	return (m ? 1 : 0);
1183 }
1184 
1185 static int
1186 usb_filter_read(struct knote *kn, long hint)
1187 {
1188 	struct usb_cdev_privdata* cpd;
1189 	struct usb_fifo *f;
1190 	struct usb_mbuf *m;
1191 
1192 	DPRINTFN(2, "\n");
1193 
1194 	f = kn->kn_hook;
1195 
1196 	USB_MTX_ASSERT(f->priv_mtx, MA_OWNED);
1197 
1198 	cpd = f->curr_cpd;
1199 	if (cpd == NULL) {
1200 		m = (void *)1;
1201 	} else if (f->fs_ep_max == 0) {
1202 		if (f->flag_iserror) {
1203 			/* we have an error */
1204 			m = (void *)1;
1205 		} else {
1206 			if (f->queue_data == NULL) {
1207 				/*
1208 				 * start read transfer, if not
1209 				 * already started
1210 				 */
1211 				(f->methods->f_start_read) (f);
1212 			}
1213 			/* check if any packets are available */
1214 			USB_IF_POLL(&f->used_q, m);
1215 
1216 			/* start reading data, if any */
1217 			if (m == NULL)
1218 				(f->methods->f_start_read) (f);
1219 		}
1220 	} else {
1221 		if (f->flag_iscomplete) {
1222 			m = (void *)1;
1223 		} else {
1224 			m = NULL;
1225 		}
1226 	}
1227 	return (m ? 1 : 0);
1228 }
1229 
1230 static struct filterops usb_filtops_write = {
1231 	.f_isfd = 1,
1232 	.f_detach = usb_filter_detach,
1233 	.f_event = usb_filter_write,
1234 };
1235 
1236 static struct filterops usb_filtops_read = {
1237 	.f_isfd = 1,
1238 	.f_detach = usb_filter_detach,
1239 	.f_event = usb_filter_read,
1240 };
1241 
1242 /* ARGSUSED */
1243 static int
1244 usb_kqfilter(struct cdev* dev, struct knote *kn)
1245 {
1246 	struct usb_cdev_refdata refs;
1247 	struct usb_cdev_privdata* cpd;
1248 	struct usb_fifo *f;
1249 	int fflags;
1250 	int err = EINVAL;
1251 
1252 	DPRINTFN(2, "\n");
1253 
1254 	if (devfs_get_cdevpriv((void **)&cpd) != 0 ||
1255 	    usb_ref_device(cpd, &refs, 0) != 0)
1256 		return (ENXIO);
1257 
1258 	fflags = cpd->fflags;
1259 
1260 	/* Figure out who needs service */
1261 	switch (kn->kn_filter) {
1262 	case EVFILT_WRITE:
1263 		if (fflags & FWRITE) {
1264 			f = refs.txfifo;
1265 			kn->kn_fop = &usb_filtops_write;
1266 			err = 0;
1267 		}
1268 		break;
1269 	case EVFILT_READ:
1270 		if (fflags & FREAD) {
1271 			f = refs.rxfifo;
1272 			kn->kn_fop = &usb_filtops_read;
1273 			err = 0;
1274 		}
1275 		break;
1276 	default:
1277 		err = EOPNOTSUPP;
1278 		break;
1279 	}
1280 
1281 	if (err == 0) {
1282 		kn->kn_hook = f;
1283 		mtx_lock(f->priv_mtx);
1284 		knlist_add(&f->selinfo.si_note, kn, 1);
1285 		mtx_unlock(f->priv_mtx);
1286 	}
1287 
1288 	usb_unref_device(cpd, &refs);
1289 	return (err);
1290 }
1291 
1292 /* ARGSUSED */
1293 static int
1294 usb_poll(struct cdev* dev, int events, struct thread* td)
1295 {
1296 	struct usb_cdev_refdata refs;
1297 	struct usb_cdev_privdata* cpd;
1298 	struct usb_fifo *f;
1299 	struct usb_mbuf *m;
1300 	int fflags, revents;
1301 
1302 	if (devfs_get_cdevpriv((void **)&cpd) != 0 ||
1303 	    usb_ref_device(cpd, &refs, 0) != 0)
1304 		return (events &
1305 		    (POLLHUP|POLLIN|POLLRDNORM|POLLOUT|POLLWRNORM));
1306 
1307 	fflags = cpd->fflags;
1308 
1309 	/* Figure out who needs service */
1310 	revents = 0;
1311 	if ((events & (POLLOUT | POLLWRNORM)) &&
1312 	    (fflags & FWRITE)) {
1313 		f = refs.txfifo;
1314 
1315 		mtx_lock(f->priv_mtx);
1316 
1317 		if (!refs.is_usbfs) {
1318 			if (f->flag_iserror) {
1319 				/* we got an error */
1320 				m = (void *)1;
1321 			} else {
1322 				if (f->queue_data == NULL) {
1323 					/*
1324 					 * start write transfer, if not
1325 					 * already started
1326 					 */
1327 					(f->methods->f_start_write) (f);
1328 				}
1329 				/* check if any packets are available */
1330 				USB_IF_POLL(&f->free_q, m);
1331 			}
1332 		} else {
1333 			if (f->flag_iscomplete) {
1334 				m = (void *)1;
1335 			} else {
1336 				m = NULL;
1337 			}
1338 		}
1339 
1340 		if (m) {
1341 			revents |= events & (POLLOUT | POLLWRNORM);
1342 		} else {
1343 			f->flag_isselect = 1;
1344 			selrecord(td, &f->selinfo);
1345 		}
1346 
1347 		mtx_unlock(f->priv_mtx);
1348 	}
1349 	if ((events & (POLLIN | POLLRDNORM)) &&
1350 	    (fflags & FREAD)) {
1351 		f = refs.rxfifo;
1352 
1353 		mtx_lock(f->priv_mtx);
1354 
1355 		if (!refs.is_usbfs) {
1356 			if (f->flag_iserror) {
1357 				/* we have an error */
1358 				m = (void *)1;
1359 			} else {
1360 				if (f->queue_data == NULL) {
1361 					/*
1362 					 * start read transfer, if not
1363 					 * already started
1364 					 */
1365 					(f->methods->f_start_read) (f);
1366 				}
1367 				/* check if any packets are available */
1368 				USB_IF_POLL(&f->used_q, m);
1369 			}
1370 		} else {
1371 			if (f->flag_iscomplete) {
1372 				m = (void *)1;
1373 			} else {
1374 				m = NULL;
1375 			}
1376 		}
1377 
1378 		if (m) {
1379 			revents |= events & (POLLIN | POLLRDNORM);
1380 		} else {
1381 			f->flag_isselect = 1;
1382 			selrecord(td, &f->selinfo);
1383 
1384 			if (!refs.is_usbfs) {
1385 				/* start reading data */
1386 				(f->methods->f_start_read) (f);
1387 			}
1388 		}
1389 
1390 		mtx_unlock(f->priv_mtx);
1391 	}
1392 	usb_unref_device(cpd, &refs);
1393 	return (revents);
1394 }
1395 
1396 static int
1397 usb_read(struct cdev *dev, struct uio *uio, int ioflag)
1398 {
1399 	struct usb_cdev_refdata refs;
1400 	struct usb_cdev_privdata* cpd;
1401 	struct usb_fifo *f;
1402 	struct usb_mbuf *m;
1403 	int io_len;
1404 	int err;
1405 	uint8_t tr_data = 0;
1406 
1407 	err = devfs_get_cdevpriv((void **)&cpd);
1408 	if (err != 0)
1409 		return (err);
1410 
1411 	err = usb_ref_device(cpd, &refs, 0 /* no uref */ );
1412 	if (err)
1413 		return (ENXIO);
1414 
1415 	f = refs.rxfifo;
1416 	if (f == NULL) {
1417 		/* should not happen */
1418 		usb_unref_device(cpd, &refs);
1419 		return (EPERM);
1420 	}
1421 
1422 	mtx_lock(f->priv_mtx);
1423 
1424 	/* check for permanent read error */
1425 	if (f->flag_iserror) {
1426 		err = EIO;
1427 		goto done;
1428 	}
1429 	/* check if USB-FS interface is active */
1430 	if (refs.is_usbfs) {
1431 		/*
1432 		 * The queue is used for events that should be
1433 		 * retrieved using the "USB_FS_COMPLETE" ioctl.
1434 		 */
1435 		err = EINVAL;
1436 		goto done;
1437 	}
1438 	while (uio->uio_resid > 0) {
1439 		USB_IF_DEQUEUE(&f->used_q, m);
1440 
1441 		if (m == NULL) {
1442 			/* start read transfer, if not already started */
1443 
1444 			(f->methods->f_start_read) (f);
1445 
1446 			if (ioflag & IO_NDELAY) {
1447 				if (tr_data) {
1448 					/* return length before error */
1449 					break;
1450 				}
1451 				err = EWOULDBLOCK;
1452 				break;
1453 			}
1454 			DPRINTF("sleeping\n");
1455 
1456 			err = usb_fifo_wait(f);
1457 			if (err) {
1458 				break;
1459 			}
1460 			continue;
1461 		}
1462 		if (f->methods->f_filter_read) {
1463 			/*
1464 			 * Sometimes it is convenient to process data at the
1465 			 * expense of a userland process instead of a kernel
1466 			 * process.
1467 			 */
1468 			(f->methods->f_filter_read) (f, m);
1469 		}
1470 		tr_data = 1;
1471 
1472 		io_len = MIN(m->cur_data_len, uio->uio_resid);
1473 
1474 		DPRINTFN(2, "transfer %d bytes from %p\n",
1475 		    io_len, m->cur_data_ptr);
1476 
1477 		err = usb_fifo_uiomove(f,
1478 		    m->cur_data_ptr, io_len, uio);
1479 
1480 		m->cur_data_len -= io_len;
1481 		m->cur_data_ptr += io_len;
1482 
1483 		if (m->cur_data_len == 0) {
1484 			uint8_t last_packet;
1485 
1486 			last_packet = m->last_packet;
1487 
1488 			USB_IF_ENQUEUE(&f->free_q, m);
1489 
1490 			if (last_packet) {
1491 				/* keep framing */
1492 				break;
1493 			}
1494 		} else {
1495 			USB_IF_PREPEND(&f->used_q, m);
1496 		}
1497 
1498 		if (err) {
1499 			break;
1500 		}
1501 	}
1502 done:
1503 	mtx_unlock(f->priv_mtx);
1504 
1505 	usb_unref_device(cpd, &refs);
1506 
1507 	return (err);
1508 }
1509 
1510 static int
1511 usb_write(struct cdev *dev, struct uio *uio, int ioflag)
1512 {
1513 	struct usb_cdev_refdata refs;
1514 	struct usb_cdev_privdata* cpd;
1515 	struct usb_fifo *f;
1516 	struct usb_mbuf *m;
1517 	uint8_t *pdata;
1518 	int io_len;
1519 	int err;
1520 	uint8_t tr_data = 0;
1521 
1522 	DPRINTFN(2, "\n");
1523 
1524 	err = devfs_get_cdevpriv((void **)&cpd);
1525 	if (err != 0)
1526 		return (err);
1527 
1528 	err = usb_ref_device(cpd, &refs, 0 /* no uref */ );
1529 	if (err)
1530 		return (ENXIO);
1531 
1532 	f = refs.txfifo;
1533 	if (f == NULL) {
1534 		/* should not happen */
1535 		usb_unref_device(cpd, &refs);
1536 		return (EPERM);
1537 	}
1538 
1539 	mtx_lock(f->priv_mtx);
1540 
1541 	/* check for permanent write error */
1542 	if (f->flag_iserror) {
1543 		err = EIO;
1544 		goto done;
1545 	}
1546 	/* check if USB-FS interface is active */
1547 	if (refs.is_usbfs) {
1548 		/*
1549 		 * The queue is used for events that should be
1550 		 * retrieved using the "USB_FS_COMPLETE" ioctl.
1551 		 */
1552 		err = EINVAL;
1553 		goto done;
1554 	}
1555 	if (f->queue_data == NULL) {
1556 		/* start write transfer, if not already started */
1557 		(f->methods->f_start_write) (f);
1558 	}
1559 	/* we allow writing zero length data */
1560 	do {
1561 		USB_IF_DEQUEUE(&f->free_q, m);
1562 
1563 		if (m == NULL) {
1564 			if (ioflag & IO_NDELAY) {
1565 				if (tr_data) {
1566 					/* return length before error */
1567 					break;
1568 				}
1569 				err = EWOULDBLOCK;
1570 				break;
1571 			}
1572 			DPRINTF("sleeping\n");
1573 
1574 			err = usb_fifo_wait(f);
1575 			if (err) {
1576 				break;
1577 			}
1578 			continue;
1579 		}
1580 		tr_data = 1;
1581 
1582 		if (f->flag_have_fragment == 0) {
1583 			USB_MBUF_RESET(m);
1584 			io_len = m->cur_data_len;
1585 			pdata = m->cur_data_ptr;
1586 			if (io_len > uio->uio_resid)
1587 				io_len = uio->uio_resid;
1588 			m->cur_data_len = io_len;
1589 		} else {
1590 			io_len = m->max_data_len - m->cur_data_len;
1591 			pdata = m->cur_data_ptr + m->cur_data_len;
1592 			if (io_len > uio->uio_resid)
1593 				io_len = uio->uio_resid;
1594 			m->cur_data_len += io_len;
1595 		}
1596 
1597 		DPRINTFN(2, "transfer %d bytes to %p\n",
1598 		    io_len, pdata);
1599 
1600 		err = usb_fifo_uiomove(f, pdata, io_len, uio);
1601 
1602 		if (err) {
1603 			f->flag_have_fragment = 0;
1604 			USB_IF_ENQUEUE(&f->free_q, m);
1605 			break;
1606 		}
1607 
1608 		/* check if the buffer is ready to be transmitted */
1609 
1610 		if ((f->flag_write_defrag == 0) ||
1611 		    (m->cur_data_len == m->max_data_len)) {
1612 			f->flag_have_fragment = 0;
1613 
1614 			/*
1615 			 * Check for write filter:
1616 			 *
1617 			 * Sometimes it is convenient to process data
1618 			 * at the expense of a userland process
1619 			 * instead of a kernel process.
1620 			 */
1621 			if (f->methods->f_filter_write) {
1622 				(f->methods->f_filter_write) (f, m);
1623 			}
1624 
1625 			/* Put USB mbuf in the used queue */
1626 			USB_IF_ENQUEUE(&f->used_q, m);
1627 
1628 			/* Start writing data, if not already started */
1629 			(f->methods->f_start_write) (f);
1630 		} else {
1631 			/* Wait for more data or close */
1632 			f->flag_have_fragment = 1;
1633 			USB_IF_PREPEND(&f->free_q, m);
1634 		}
1635 
1636 	} while (uio->uio_resid > 0);
1637 done:
1638 	mtx_unlock(f->priv_mtx);
1639 
1640 	usb_unref_device(cpd, &refs);
1641 
1642 	return (err);
1643 }
1644 
1645 int
1646 usb_static_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int fflag,
1647     struct thread *td)
1648 {
1649 	union {
1650 		struct usb_read_dir *urd;
1651 #ifdef COMPAT_FREEBSD32
1652 		struct usb_read_dir32 *urd32;
1653 #endif
1654 		void* data;
1655 	} u;
1656 	int err;
1657 
1658 	u.data = data;
1659 	switch (cmd) {
1660 		case USB_READ_DIR:
1661 			err = usb_read_symlink(u.urd->urd_data,
1662 			    u.urd->urd_startentry, u.urd->urd_maxlen);
1663 			break;
1664 #ifdef COMPAT_FREEBSD32
1665 		case USB_READ_DIR32:
1666 			err = usb_read_symlink(PTRIN(u.urd32->urd_data),
1667 			    u.urd32->urd_startentry, u.urd32->urd_maxlen);
1668 			break;
1669 #endif
1670 		case USB_DEV_QUIRK_GET:
1671 		case USB_QUIRK_NAME_GET:
1672 		case USB_DEV_QUIRK_ADD:
1673 		case USB_DEV_QUIRK_REMOVE:
1674 			err = usb_quirk_ioctl_p(cmd, data, fflag, td);
1675 			break;
1676 		case USB_GET_TEMPLATE:
1677 			*(int *)data = usb_template;
1678 			err = 0;
1679 			break;
1680 		case USB_SET_TEMPLATE:
1681 			err = priv_check(curthread, PRIV_DRIVER);
1682 			if (err)
1683 				break;
1684 			usb_template = *(int *)data;
1685 			break;
1686 		default:
1687 			err = ENOTTY;
1688 			break;
1689 	}
1690 	return (err);
1691 }
1692 
1693 static int
1694 usb_fifo_uiomove(struct usb_fifo *f, void *cp,
1695     int n, struct uio *uio)
1696 {
1697 	int error;
1698 
1699 	mtx_unlock(f->priv_mtx);
1700 
1701 	/*
1702 	 * "uiomove()" can sleep so one needs to make a wrapper,
1703 	 * exiting the mutex and checking things:
1704 	 */
1705 	error = uiomove(cp, n, uio);
1706 
1707 	mtx_lock(f->priv_mtx);
1708 
1709 	return (error);
1710 }
1711 
1712 int
1713 usb_fifo_wait(struct usb_fifo *f)
1714 {
1715 	int err;
1716 
1717 	USB_MTX_ASSERT(f->priv_mtx, MA_OWNED);
1718 
1719 	if (f->flag_iserror) {
1720 		/* we are gone */
1721 		return (EIO);
1722 	}
1723 	f->flag_sleeping = 1;
1724 
1725 	err = cv_wait_sig(&f->cv_io, f->priv_mtx);
1726 
1727 	if (f->flag_iserror) {
1728 		/* we are gone */
1729 		err = EIO;
1730 	}
1731 	return (err);
1732 }
1733 
1734 void
1735 usb_fifo_signal(struct usb_fifo *f)
1736 {
1737 	if (f->flag_sleeping) {
1738 		f->flag_sleeping = 0;
1739 		cv_broadcast(&f->cv_io);
1740 	}
1741 }
1742 
1743 void
1744 usb_fifo_wakeup(struct usb_fifo *f)
1745 {
1746 	usb_fifo_signal(f);
1747 
1748 	KNOTE_LOCKED(&f->selinfo.si_note, 0);
1749 
1750 	if (f->flag_isselect) {
1751 		selwakeup(&f->selinfo);
1752 		f->flag_isselect = 0;
1753 	}
1754 	if (f->async_p != NULL) {
1755 		PROC_LOCK(f->async_p);
1756 		kern_psignal(f->async_p, SIGIO);
1757 		PROC_UNLOCK(f->async_p);
1758 	}
1759 }
1760 
1761 static int
1762 usb_fifo_dummy_open(struct usb_fifo *fifo, int fflags)
1763 {
1764 	return (0);
1765 }
1766 
1767 static void
1768 usb_fifo_dummy_close(struct usb_fifo *fifo, int fflags)
1769 {
1770 	return;
1771 }
1772 
1773 static int
1774 usb_fifo_dummy_ioctl(struct usb_fifo *fifo, u_long cmd, void *addr, int fflags)
1775 {
1776 	return (ENOIOCTL);
1777 }
1778 
1779 static void
1780 usb_fifo_dummy_cmd(struct usb_fifo *fifo)
1781 {
1782 	fifo->flag_flushing = 0;	/* not flushing */
1783 }
1784 
1785 static void
1786 usb_fifo_check_methods(struct usb_fifo_methods *pm)
1787 {
1788 	/* check that all callback functions are OK */
1789 
1790 	if (pm->f_open == NULL)
1791 		pm->f_open = &usb_fifo_dummy_open;
1792 
1793 	if (pm->f_close == NULL)
1794 		pm->f_close = &usb_fifo_dummy_close;
1795 
1796 	if (pm->f_ioctl == NULL)
1797 		pm->f_ioctl = &usb_fifo_dummy_ioctl;
1798 
1799 	if (pm->f_ioctl_post == NULL)
1800 		pm->f_ioctl_post = &usb_fifo_dummy_ioctl;
1801 
1802 	if (pm->f_start_read == NULL)
1803 		pm->f_start_read = &usb_fifo_dummy_cmd;
1804 
1805 	if (pm->f_stop_read == NULL)
1806 		pm->f_stop_read = &usb_fifo_dummy_cmd;
1807 
1808 	if (pm->f_start_write == NULL)
1809 		pm->f_start_write = &usb_fifo_dummy_cmd;
1810 
1811 	if (pm->f_stop_write == NULL)
1812 		pm->f_stop_write = &usb_fifo_dummy_cmd;
1813 }
1814 
1815 /*------------------------------------------------------------------------*
1816  *	usb_fifo_attach
1817  *
1818  * The following function will create a duplex FIFO.
1819  *
1820  * Return values:
1821  * 0: Success.
1822  * Else: Failure.
1823  *------------------------------------------------------------------------*/
1824 int
1825 usb_fifo_attach(struct usb_device *udev, void *priv_sc,
1826     struct mtx *priv_mtx, struct usb_fifo_methods *pm,
1827     struct usb_fifo_sc *f_sc, uint16_t unit, int16_t subunit,
1828     uint8_t iface_index, uid_t uid, gid_t gid, int mode)
1829 {
1830 	struct usb_fifo *f_tx;
1831 	struct usb_fifo *f_rx;
1832 	char devname[32];
1833 	uint8_t n;
1834 
1835 	f_sc->fp[USB_FIFO_TX] = NULL;
1836 	f_sc->fp[USB_FIFO_RX] = NULL;
1837 
1838 	if (pm == NULL)
1839 		return (EINVAL);
1840 
1841 	/* check the methods */
1842 	usb_fifo_check_methods(pm);
1843 
1844 	if (priv_mtx == NULL)
1845 		priv_mtx = &Giant;
1846 
1847 	/* search for a free FIFO slot */
1848 	for (n = 0;; n += 2) {
1849 		if (n == USB_FIFO_MAX) {
1850 			/* end of FIFOs reached */
1851 			return (ENOMEM);
1852 		}
1853 		/* Check for TX FIFO */
1854 		if (udev->fifo[n + USB_FIFO_TX] != NULL) {
1855 			continue;
1856 		}
1857 		/* Check for RX FIFO */
1858 		if (udev->fifo[n + USB_FIFO_RX] != NULL) {
1859 			continue;
1860 		}
1861 		break;
1862 	}
1863 
1864 	f_tx = usb_fifo_alloc(priv_mtx);
1865 	f_rx = usb_fifo_alloc(priv_mtx);
1866 
1867 	if ((f_tx == NULL) || (f_rx == NULL)) {
1868 		usb_fifo_free(f_tx);
1869 		usb_fifo_free(f_rx);
1870 		return (ENOMEM);
1871 	}
1872 	/* initialise FIFO structures */
1873 
1874 	f_tx->fifo_index = n + USB_FIFO_TX;
1875 	f_tx->dev_ep_index = -1;
1876 	f_tx->priv_sc0 = priv_sc;
1877 	f_tx->methods = pm;
1878 	f_tx->iface_index = iface_index;
1879 	f_tx->udev = udev;
1880 
1881 	f_rx->fifo_index = n + USB_FIFO_RX;
1882 	f_rx->dev_ep_index = -1;
1883 	f_rx->priv_sc0 = priv_sc;
1884 	f_rx->methods = pm;
1885 	f_rx->iface_index = iface_index;
1886 	f_rx->udev = udev;
1887 
1888 	f_sc->fp[USB_FIFO_TX] = f_tx;
1889 	f_sc->fp[USB_FIFO_RX] = f_rx;
1890 
1891 	mtx_lock(&usb_ref_lock);
1892 	udev->fifo[f_tx->fifo_index] = f_tx;
1893 	udev->fifo[f_rx->fifo_index] = f_rx;
1894 	mtx_unlock(&usb_ref_lock);
1895 
1896 	for (n = 0; n != 4; n++) {
1897 		if (pm->basename[n] == NULL) {
1898 			continue;
1899 		}
1900 		if (subunit < 0) {
1901 			if (snprintf(devname, sizeof(devname),
1902 			    "%s%u%s", pm->basename[n],
1903 			    unit, pm->postfix[n] ?
1904 			    pm->postfix[n] : "")) {
1905 				/* ignore */
1906 			}
1907 		} else {
1908 			if (snprintf(devname, sizeof(devname),
1909 			    "%s%u.%d%s", pm->basename[n],
1910 			    unit, subunit, pm->postfix[n] ?
1911 			    pm->postfix[n] : "")) {
1912 				/* ignore */
1913 			}
1914 		}
1915 
1916 		/*
1917 		 * Distribute the symbolic links into two FIFO structures:
1918 		 */
1919 		if (n & 1) {
1920 			f_rx->symlink[n / 2] =
1921 			    usb_alloc_symlink(devname);
1922 		} else {
1923 			f_tx->symlink[n / 2] =
1924 			    usb_alloc_symlink(devname);
1925 		}
1926 
1927 		/* Create the device */
1928 		f_sc->dev = usb_make_dev(udev, devname, -1,
1929 		    f_tx->fifo_index & f_rx->fifo_index,
1930 		    FREAD|FWRITE, uid, gid, mode);
1931 	}
1932 
1933 	DPRINTFN(2, "attached %p/%p\n", f_tx, f_rx);
1934 	return (0);
1935 }
1936 
1937 /*------------------------------------------------------------------------*
1938  *	usb_fifo_alloc_buffer
1939  *
1940  * Return values:
1941  * 0: Success
1942  * Else failure
1943  *------------------------------------------------------------------------*/
1944 int
1945 usb_fifo_alloc_buffer(struct usb_fifo *f, usb_size_t bufsize,
1946     uint16_t nbuf)
1947 {
1948 	struct usb_ifqueue temp_q = {};
1949 	void *queue_data;
1950 
1951 	usb_fifo_free_buffer(f);
1952 
1953 	temp_q.ifq_maxlen = nbuf;
1954 
1955 	queue_data = usb_alloc_mbufs(
1956 	    M_USBDEV, &temp_q, bufsize, nbuf);
1957 
1958 	if (queue_data == NULL && bufsize != 0 && nbuf != 0)
1959 		return (ENOMEM);
1960 
1961 	mtx_lock(f->priv_mtx);
1962 
1963 	/*
1964 	 * Setup queues and sizes under lock to avoid early use by
1965 	 * concurrent FIFO access:
1966 	 */
1967 	f->free_q = temp_q;
1968 	f->used_q.ifq_maxlen = nbuf;
1969 	f->queue_data = queue_data;
1970 	mtx_unlock(f->priv_mtx);
1971 
1972 	return (0);			/* success */
1973 }
1974 
1975 /*------------------------------------------------------------------------*
1976  *	usb_fifo_free_buffer
1977  *
1978  * This function will free the buffers associated with a FIFO. This
1979  * function can be called multiple times in a row.
1980  *------------------------------------------------------------------------*/
1981 void
1982 usb_fifo_free_buffer(struct usb_fifo *f)
1983 {
1984 	void *queue_data;
1985 
1986 	mtx_lock(f->priv_mtx);
1987 
1988 	/* Get and clear pointer to free, if any. */
1989 	queue_data = f->queue_data;
1990 	f->queue_data = NULL;
1991 
1992 	/*
1993 	 * Reset queues under lock to avoid use of freed buffers by
1994 	 * concurrent FIFO activity:
1995 	 */
1996 	memset(&f->free_q, 0, sizeof(f->free_q));
1997 	memset(&f->used_q, 0, sizeof(f->used_q));
1998 	mtx_unlock(f->priv_mtx);
1999 
2000 	/* Free old buffer, if any. */
2001 	free(queue_data, M_USBDEV);
2002 }
2003 
2004 void
2005 usb_fifo_detach(struct usb_fifo_sc *f_sc)
2006 {
2007 	if (f_sc == NULL) {
2008 		return;
2009 	}
2010 	usb_fifo_free(f_sc->fp[USB_FIFO_TX]);
2011 	usb_fifo_free(f_sc->fp[USB_FIFO_RX]);
2012 
2013 	f_sc->fp[USB_FIFO_TX] = NULL;
2014 	f_sc->fp[USB_FIFO_RX] = NULL;
2015 
2016 	usb_destroy_dev(f_sc->dev);
2017 
2018 	f_sc->dev = NULL;
2019 
2020 	DPRINTFN(2, "detached %p\n", f_sc);
2021 }
2022 
2023 usb_size_t
2024 usb_fifo_put_bytes_max(struct usb_fifo *f)
2025 {
2026 	struct usb_mbuf *m;
2027 	usb_size_t len;
2028 
2029 	USB_IF_POLL(&f->free_q, m);
2030 
2031 	if (m) {
2032 		len = m->max_data_len;
2033 	} else {
2034 		len = 0;
2035 	}
2036 	return (len);
2037 }
2038 
2039 /*------------------------------------------------------------------------*
2040  *	usb_fifo_put_data
2041  *
2042  * what:
2043  *  0 - normal operation
2044  *  1 - set last packet flag to enforce framing
2045  *------------------------------------------------------------------------*/
2046 void
2047 usb_fifo_put_data(struct usb_fifo *f, struct usb_page_cache *pc,
2048     usb_frlength_t offset, usb_frlength_t len, uint8_t what)
2049 {
2050 	struct usb_mbuf *m;
2051 	usb_frlength_t io_len;
2052 
2053 	while (len || (what == 1)) {
2054 		USB_IF_DEQUEUE(&f->free_q, m);
2055 
2056 		if (m) {
2057 			USB_MBUF_RESET(m);
2058 
2059 			io_len = MIN(len, m->cur_data_len);
2060 
2061 			usbd_copy_out(pc, offset, m->cur_data_ptr, io_len);
2062 
2063 			m->cur_data_len = io_len;
2064 			offset += io_len;
2065 			len -= io_len;
2066 
2067 			if ((len == 0) && (what == 1)) {
2068 				m->last_packet = 1;
2069 			}
2070 			USB_IF_ENQUEUE(&f->used_q, m);
2071 
2072 			usb_fifo_wakeup(f);
2073 
2074 			if ((len == 0) || (what == 1)) {
2075 				break;
2076 			}
2077 		} else {
2078 			break;
2079 		}
2080 	}
2081 }
2082 
2083 void
2084 usb_fifo_put_data_linear(struct usb_fifo *f, void *ptr,
2085     usb_size_t len, uint8_t what)
2086 {
2087 	struct usb_mbuf *m;
2088 	usb_size_t io_len;
2089 
2090 	while (len || (what == 1)) {
2091 		USB_IF_DEQUEUE(&f->free_q, m);
2092 
2093 		if (m) {
2094 			USB_MBUF_RESET(m);
2095 
2096 			io_len = MIN(len, m->cur_data_len);
2097 
2098 			memcpy(m->cur_data_ptr, ptr, io_len);
2099 
2100 			m->cur_data_len = io_len;
2101 			ptr = USB_ADD_BYTES(ptr, io_len);
2102 			len -= io_len;
2103 
2104 			if ((len == 0) && (what == 1)) {
2105 				m->last_packet = 1;
2106 			}
2107 			USB_IF_ENQUEUE(&f->used_q, m);
2108 
2109 			usb_fifo_wakeup(f);
2110 
2111 			if ((len == 0) || (what == 1)) {
2112 				break;
2113 			}
2114 		} else {
2115 			break;
2116 		}
2117 	}
2118 }
2119 
2120 uint8_t
2121 usb_fifo_put_data_buffer(struct usb_fifo *f, void *ptr, usb_size_t len)
2122 {
2123 	struct usb_mbuf *m;
2124 
2125 	USB_IF_DEQUEUE(&f->free_q, m);
2126 
2127 	if (m) {
2128 		m->cur_data_len = len;
2129 		m->cur_data_ptr = ptr;
2130 		USB_IF_ENQUEUE(&f->used_q, m);
2131 		usb_fifo_wakeup(f);
2132 		return (1);
2133 	}
2134 	return (0);
2135 }
2136 
2137 void
2138 usb_fifo_put_data_error(struct usb_fifo *f)
2139 {
2140 	f->flag_iserror = 1;
2141 	usb_fifo_wakeup(f);
2142 }
2143 
2144 /*------------------------------------------------------------------------*
2145  *	usb_fifo_get_data
2146  *
2147  * what:
2148  *  0 - normal operation
2149  *  1 - only get one "usb_mbuf"
2150  *
2151  * returns:
2152  *  0 - no more data
2153  *  1 - data in buffer
2154  *------------------------------------------------------------------------*/
2155 uint8_t
2156 usb_fifo_get_data(struct usb_fifo *f, struct usb_page_cache *pc,
2157     usb_frlength_t offset, usb_frlength_t len, usb_frlength_t *actlen,
2158     uint8_t what)
2159 {
2160 	struct usb_mbuf *m;
2161 	usb_frlength_t io_len;
2162 	uint8_t tr_data = 0;
2163 
2164 	actlen[0] = 0;
2165 
2166 	while (1) {
2167 		USB_IF_DEQUEUE(&f->used_q, m);
2168 
2169 		if (m) {
2170 			tr_data = 1;
2171 
2172 			io_len = MIN(len, m->cur_data_len);
2173 
2174 			usbd_copy_in(pc, offset, m->cur_data_ptr, io_len);
2175 
2176 			len -= io_len;
2177 			offset += io_len;
2178 			actlen[0] += io_len;
2179 			m->cur_data_ptr += io_len;
2180 			m->cur_data_len -= io_len;
2181 
2182 			if ((m->cur_data_len == 0) || (what == 1)) {
2183 				USB_IF_ENQUEUE(&f->free_q, m);
2184 
2185 				usb_fifo_wakeup(f);
2186 
2187 				if (what == 1) {
2188 					break;
2189 				}
2190 			} else {
2191 				USB_IF_PREPEND(&f->used_q, m);
2192 			}
2193 		} else {
2194 			if (tr_data) {
2195 				/* wait for data to be written out */
2196 				break;
2197 			}
2198 			if (f->flag_flushing) {
2199 				/* check if we should send a short packet */
2200 				if (f->flag_short != 0) {
2201 					f->flag_short = 0;
2202 					tr_data = 1;
2203 					break;
2204 				}
2205 				/* flushing complete */
2206 				f->flag_flushing = 0;
2207 				usb_fifo_wakeup(f);
2208 			}
2209 			break;
2210 		}
2211 		if (len == 0) {
2212 			break;
2213 		}
2214 	}
2215 	return (tr_data);
2216 }
2217 
2218 uint8_t
2219 usb_fifo_get_data_linear(struct usb_fifo *f, void *ptr,
2220     usb_size_t len, usb_size_t *actlen, uint8_t what)
2221 {
2222 	struct usb_mbuf *m;
2223 	usb_size_t io_len;
2224 	uint8_t tr_data = 0;
2225 
2226 	actlen[0] = 0;
2227 
2228 	while (1) {
2229 		USB_IF_DEQUEUE(&f->used_q, m);
2230 
2231 		if (m) {
2232 			tr_data = 1;
2233 
2234 			io_len = MIN(len, m->cur_data_len);
2235 
2236 			memcpy(ptr, m->cur_data_ptr, io_len);
2237 
2238 			len -= io_len;
2239 			ptr = USB_ADD_BYTES(ptr, io_len);
2240 			actlen[0] += io_len;
2241 			m->cur_data_ptr += io_len;
2242 			m->cur_data_len -= io_len;
2243 
2244 			if ((m->cur_data_len == 0) || (what == 1)) {
2245 				USB_IF_ENQUEUE(&f->free_q, m);
2246 
2247 				usb_fifo_wakeup(f);
2248 
2249 				if (what == 1) {
2250 					break;
2251 				}
2252 			} else {
2253 				USB_IF_PREPEND(&f->used_q, m);
2254 			}
2255 		} else {
2256 			if (tr_data) {
2257 				/* wait for data to be written out */
2258 				break;
2259 			}
2260 			if (f->flag_flushing) {
2261 				/* check if we should send a short packet */
2262 				if (f->flag_short != 0) {
2263 					f->flag_short = 0;
2264 					tr_data = 1;
2265 					break;
2266 				}
2267 				/* flushing complete */
2268 				f->flag_flushing = 0;
2269 				usb_fifo_wakeup(f);
2270 			}
2271 			break;
2272 		}
2273 		if (len == 0) {
2274 			break;
2275 		}
2276 	}
2277 	return (tr_data);
2278 }
2279 
2280 uint8_t
2281 usb_fifo_get_data_buffer(struct usb_fifo *f, void **pptr, usb_size_t *plen)
2282 {
2283 	struct usb_mbuf *m;
2284 
2285 	USB_IF_POLL(&f->used_q, m);
2286 
2287 	if (m) {
2288 		*plen = m->cur_data_len;
2289 		*pptr = m->cur_data_ptr;
2290 
2291 		return (1);
2292 	}
2293 	return (0);
2294 }
2295 
2296 void
2297 usb_fifo_get_data_error(struct usb_fifo *f)
2298 {
2299 	f->flag_iserror = 1;
2300 	usb_fifo_wakeup(f);
2301 }
2302 
2303 /*------------------------------------------------------------------------*
2304  *	usb_alloc_symlink
2305  *
2306  * Return values:
2307  * NULL: Failure
2308  * Else: Pointer to symlink entry
2309  *------------------------------------------------------------------------*/
2310 struct usb_symlink *
2311 usb_alloc_symlink(const char *target)
2312 {
2313 	struct usb_symlink *ps;
2314 
2315 	ps = malloc(sizeof(*ps), M_USBDEV, M_WAITOK);
2316 	/* XXX no longer needed */
2317 	strlcpy(ps->src_path, target, sizeof(ps->src_path));
2318 	ps->src_len = strlen(ps->src_path);
2319 	strlcpy(ps->dst_path, target, sizeof(ps->dst_path));
2320 	ps->dst_len = strlen(ps->dst_path);
2321 
2322 	sx_xlock(&usb_sym_lock);
2323 	TAILQ_INSERT_TAIL(&usb_sym_head, ps, sym_entry);
2324 	sx_unlock(&usb_sym_lock);
2325 	return (ps);
2326 }
2327 
2328 /*------------------------------------------------------------------------*
2329  *	usb_free_symlink
2330  *------------------------------------------------------------------------*/
2331 void
2332 usb_free_symlink(struct usb_symlink *ps)
2333 {
2334 	if (ps == NULL) {
2335 		return;
2336 	}
2337 	sx_xlock(&usb_sym_lock);
2338 	TAILQ_REMOVE(&usb_sym_head, ps, sym_entry);
2339 	sx_unlock(&usb_sym_lock);
2340 
2341 	free(ps, M_USBDEV);
2342 }
2343 
2344 /*------------------------------------------------------------------------*
2345  *	usb_read_symlink
2346  *
2347  * Return value:
2348  * 0: Success
2349  * Else: Failure
2350  *------------------------------------------------------------------------*/
2351 int
2352 usb_read_symlink(uint8_t *user_ptr, uint32_t startentry, uint32_t user_len)
2353 {
2354 	struct usb_symlink *ps;
2355 	uint32_t temp;
2356 	uint32_t delta = 0;
2357 	uint8_t len;
2358 	int error = 0;
2359 
2360 	sx_xlock(&usb_sym_lock);
2361 
2362 	TAILQ_FOREACH(ps, &usb_sym_head, sym_entry) {
2363 		/*
2364 		 * Compute total length of source and destination symlink
2365 		 * strings pluss one length byte and two NUL bytes:
2366 		 */
2367 		temp = ps->src_len + ps->dst_len + 3;
2368 
2369 		if (temp > 255) {
2370 			/*
2371 			 * Skip entry because this length cannot fit
2372 			 * into one byte:
2373 			 */
2374 			continue;
2375 		}
2376 		if (startentry != 0) {
2377 			/* decrement read offset */
2378 			startentry--;
2379 			continue;
2380 		}
2381 		if (temp > user_len) {
2382 			/* out of buffer space */
2383 			break;
2384 		}
2385 		len = temp;
2386 
2387 		/* copy out total length */
2388 
2389 		error = copyout(&len,
2390 		    USB_ADD_BYTES(user_ptr, delta), 1);
2391 		if (error) {
2392 			break;
2393 		}
2394 		delta += 1;
2395 
2396 		/* copy out source string */
2397 
2398 		error = copyout(ps->src_path,
2399 		    USB_ADD_BYTES(user_ptr, delta), ps->src_len);
2400 		if (error) {
2401 			break;
2402 		}
2403 		len = 0;
2404 		delta += ps->src_len;
2405 		error = copyout(&len,
2406 		    USB_ADD_BYTES(user_ptr, delta), 1);
2407 		if (error) {
2408 			break;
2409 		}
2410 		delta += 1;
2411 
2412 		/* copy out destination string */
2413 
2414 		error = copyout(ps->dst_path,
2415 		    USB_ADD_BYTES(user_ptr, delta), ps->dst_len);
2416 		if (error) {
2417 			break;
2418 		}
2419 		len = 0;
2420 		delta += ps->dst_len;
2421 		error = copyout(&len,
2422 		    USB_ADD_BYTES(user_ptr, delta), 1);
2423 		if (error) {
2424 			break;
2425 		}
2426 		delta += 1;
2427 
2428 		user_len -= temp;
2429 	}
2430 
2431 	/* a zero length entry indicates the end */
2432 
2433 	if ((user_len != 0) && (error == 0)) {
2434 		len = 0;
2435 
2436 		error = copyout(&len,
2437 		    USB_ADD_BYTES(user_ptr, delta), 1);
2438 	}
2439 	sx_unlock(&usb_sym_lock);
2440 	return (error);
2441 }
2442 
2443 void
2444 usb_fifo_set_close_zlp(struct usb_fifo *f, uint8_t onoff)
2445 {
2446 	if (f == NULL)
2447 		return;
2448 
2449 	/* send a Zero Length Packet, ZLP, before close */
2450 	f->flag_short = onoff;
2451 }
2452 
2453 void
2454 usb_fifo_set_write_defrag(struct usb_fifo *f, uint8_t onoff)
2455 {
2456 	if (f == NULL)
2457 		return;
2458 
2459 	/* defrag written data */
2460 	f->flag_write_defrag = onoff;
2461 	/* reset defrag state */
2462 	f->flag_have_fragment = 0;
2463 }
2464 
2465 void *
2466 usb_fifo_softc(struct usb_fifo *f)
2467 {
2468 	return (f->priv_sc0);
2469 }
2470 #endif	/* USB_HAVE_UGEN */
2471