xref: /freebsd/sys/dev/usb/usb_generic.c (revision 258a0d760aa8b42899a000e30f610f900a402556)
1 /* $FreeBSD$ */
2 /*-
3  * SPDX-License-Identifier: BSD-2-Clause
4  *
5  * Copyright (c) 2008-2023 Hans Petter Selasky
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #ifdef USB_GLOBAL_INCLUDE_FILE
30 #include USB_GLOBAL_INCLUDE_FILE
31 #else
32 #ifdef COMPAT_FREEBSD32
33 #include <sys/abi_compat.h>
34 #endif
35 #include <sys/stdint.h>
36 #include <sys/stddef.h>
37 #include <sys/param.h>
38 #include <sys/queue.h>
39 #include <sys/types.h>
40 #include <sys/systm.h>
41 #include <sys/kernel.h>
42 #include <sys/bus.h>
43 #include <sys/module.h>
44 #include <sys/lock.h>
45 #include <sys/mutex.h>
46 #include <sys/condvar.h>
47 #include <sys/sysctl.h>
48 #include <sys/sx.h>
49 #include <sys/unistd.h>
50 #include <sys/callout.h>
51 #include <sys/malloc.h>
52 #include <sys/priv.h>
53 #include <sys/conf.h>
54 #include <sys/fcntl.h>
55 
56 #include <dev/usb/usb.h>
57 #include <dev/usb/usb_ioctl.h>
58 #include <dev/usb/usbdi.h>
59 #include <dev/usb/usbdi_util.h>
60 
61 #define	USB_DEBUG_VAR ugen_debug
62 
63 #include <dev/usb/usb_core.h>
64 #include <dev/usb/usb_dev.h>
65 #include <dev/usb/usb_mbuf.h>
66 #include <dev/usb/usb_process.h>
67 #include <dev/usb/usb_device.h>
68 #include <dev/usb/usb_debug.h>
69 #include <dev/usb/usb_request.h>
70 #include <dev/usb/usb_busdma.h>
71 #include <dev/usb/usb_util.h>
72 #include <dev/usb/usb_hub.h>
73 #include <dev/usb/usb_generic.h>
74 #include <dev/usb/usb_transfer.h>
75 
76 #include <dev/usb/usb_controller.h>
77 #include <dev/usb/usb_bus.h>
78 #endif			/* USB_GLOBAL_INCLUDE_FILE */
79 
80 #if USB_HAVE_UGEN
81 
82 /* defines */
83 
84 #define	UGEN_BULK_FS_BUFFER_SIZE	(64*32)	/* bytes */
85 #define	UGEN_BULK_HS_BUFFER_SIZE	(1024*32)	/* bytes */
86 #define	UGEN_HW_FRAMES	50		/* number of milliseconds per transfer */
87 
88 /* function prototypes */
89 
90 static usb_callback_t ugen_read_clear_stall_callback;
91 static usb_callback_t ugen_write_clear_stall_callback;
92 static usb_callback_t ugen_ctrl_read_callback;
93 static usb_callback_t ugen_ctrl_write_callback;
94 static usb_callback_t ugen_isoc_read_callback;
95 static usb_callback_t ugen_isoc_write_callback;
96 static usb_callback_t ugen_ctrl_fs_callback;
97 
98 static usb_fifo_open_t ugen_open;
99 static usb_fifo_close_t ugen_close;
100 static usb_fifo_ioctl_t ugen_ioctl;
101 static usb_fifo_ioctl_t ugen_ioctl_post;
102 static usb_fifo_cmd_t ugen_start_read;
103 static usb_fifo_cmd_t ugen_start_write;
104 static usb_fifo_cmd_t ugen_stop_io;
105 
106 static int	ugen_transfer_setup(struct usb_fifo *,
107 		     const struct usb_config *, uint8_t);
108 static int	ugen_open_pipe_write(struct usb_fifo *);
109 static int	ugen_open_pipe_read(struct usb_fifo *);
110 static int	ugen_set_config(struct usb_fifo *, uint8_t);
111 static int	ugen_set_interface(struct usb_fifo *, uint8_t, uint8_t);
112 static int	ugen_get_cdesc(struct usb_fifo *, struct usb_gen_descriptor *);
113 static int	ugen_get_sdesc(struct usb_fifo *, struct usb_gen_descriptor *);
114 static int	ugen_get_iface_driver(struct usb_fifo *f, struct usb_gen_descriptor *ugd);
115 #ifdef COMPAT_FREEBSD32
116 static int	ugen_get32(u_long cmd, struct usb_fifo *f, struct usb_gen_descriptor32 *ugd32);
117 #endif
118 static int	ugen_re_enumerate(struct usb_fifo *);
119 static int	ugen_iface_ioctl(struct usb_fifo *, u_long, void *, int);
120 static uint8_t	ugen_fs_get_complete(struct usb_fifo *, uint8_t *);
121 static int	ugen_fs_uninit(struct usb_fifo *f);
122 static int	ugen_fs_copyin(struct usb_fifo *, uint8_t, struct usb_fs_endpoint*);
123 static uint8_t	ugen_fifo_in_use(struct usb_fifo *, int fflags);
124 
125 /* structures */
126 
127 struct usb_fifo_methods usb_ugen_methods = {
128 	.f_open = &ugen_open,
129 	.f_close = &ugen_close,
130 	.f_ioctl = &ugen_ioctl,
131 	.f_ioctl_post = &ugen_ioctl_post,
132 	.f_start_read = &ugen_start_read,
133 	.f_stop_read = &ugen_stop_io,
134 	.f_start_write = &ugen_start_write,
135 	.f_stop_write = &ugen_stop_io,
136 };
137 
138 #ifdef USB_DEBUG
139 static int ugen_debug = 0;
140 
141 static SYSCTL_NODE(_hw_usb, OID_AUTO, ugen, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
142     "USB generic");
143 SYSCTL_INT(_hw_usb_ugen, OID_AUTO, debug, CTLFLAG_RWTUN, &ugen_debug,
144     0, "Debug level");
145 #endif
146 
147 /* prototypes */
148 
149 static int
150 ugen_transfer_setup(struct usb_fifo *f,
151     const struct usb_config *setup, uint8_t n_setup)
152 {
153 	struct usb_endpoint *ep = usb_fifo_softc(f);
154 	struct usb_device *udev = f->udev;
155 	uint8_t iface_index = ep->iface_index;
156 	int error;
157 
158 	mtx_unlock(f->priv_mtx);
159 
160 	/*
161 	 * "usbd_transfer_setup()" can sleep so one needs to make a wrapper,
162 	 * exiting the mutex and checking things
163 	 */
164 	error = usbd_transfer_setup(udev, &iface_index, f->xfer,
165 	    setup, n_setup, f, f->priv_mtx);
166 	if (error == 0) {
167 		if (f->xfer[0]->nframes == 1) {
168 			error = usb_fifo_alloc_buffer(f,
169 			    f->xfer[0]->max_data_length, 2);
170 		} else {
171 			error = usb_fifo_alloc_buffer(f,
172 			    f->xfer[0]->max_frame_size,
173 			    2 * f->xfer[0]->nframes);
174 		}
175 		if (error) {
176 			usbd_transfer_unsetup(f->xfer, n_setup);
177 		}
178 	}
179 	mtx_lock(f->priv_mtx);
180 
181 	return (error);
182 }
183 
184 static int
185 ugen_open(struct usb_fifo *f, int fflags)
186 {
187 	struct usb_endpoint *ep = usb_fifo_softc(f);
188 	struct usb_endpoint_descriptor *ed = ep->edesc;
189 	uint8_t type;
190 
191 	DPRINTFN(1, "flag=0x%x pid=%d name=%s\n", fflags,
192 	    curthread->td_proc->p_pid, curthread->td_proc->p_comm);
193 
194 	mtx_lock(f->priv_mtx);
195 	switch (usbd_get_speed(f->udev)) {
196 	case USB_SPEED_LOW:
197 	case USB_SPEED_FULL:
198 		f->nframes = UGEN_HW_FRAMES;
199 		f->bufsize = UGEN_BULK_FS_BUFFER_SIZE;
200 		break;
201 	default:
202 		f->nframes = UGEN_HW_FRAMES * 8;
203 		f->bufsize = UGEN_BULK_HS_BUFFER_SIZE;
204 		break;
205 	}
206 
207 	type = ed->bmAttributes & UE_XFERTYPE;
208 	if (type == UE_INTERRUPT) {
209 		f->bufsize = 0;		/* use "wMaxPacketSize" */
210 	}
211 	f->timeout = USB_NO_TIMEOUT;
212 	f->flag_short = 0;
213 	f->fifo_zlp = 0;
214 	mtx_unlock(f->priv_mtx);
215 
216 	return (0);
217 }
218 
219 static void
220 ugen_close(struct usb_fifo *f, int fflags)
221 {
222 
223 	DPRINTFN(1, "flag=0x%x pid=%d name=%s\n", fflags,
224 	    curthread->td_proc->p_pid, curthread->td_proc->p_comm);
225 
226 	/* cleanup */
227 
228 	mtx_lock(f->priv_mtx);
229 	usbd_transfer_stop(f->xfer[0]);
230 	usbd_transfer_stop(f->xfer[1]);
231 	mtx_unlock(f->priv_mtx);
232 
233 	usbd_transfer_unsetup(f->xfer, 2);
234 	usb_fifo_free_buffer(f);
235 
236 	if (ugen_fs_uninit(f)) {
237 		/* ignore any errors - we are closing */
238 		DPRINTFN(6, "no FIFOs\n");
239 	}
240 }
241 
242 static int
243 ugen_open_pipe_write(struct usb_fifo *f)
244 {
245 	struct usb_config usb_config[2];
246 	struct usb_endpoint *ep = usb_fifo_softc(f);
247 	struct usb_endpoint_descriptor *ed = ep->edesc;
248 
249 	USB_MTX_ASSERT(f->priv_mtx, MA_OWNED);
250 
251 	if (f->xfer[0] || f->xfer[1]) {
252 		/* transfers are already opened */
253 		return (0);
254 	}
255 	memset(usb_config, 0, sizeof(usb_config));
256 
257 	usb_config[1].type = UE_CONTROL;
258 	usb_config[1].endpoint = 0;
259 	usb_config[1].direction = UE_DIR_ANY;
260 	usb_config[1].timeout = 1000;	/* 1 second */
261 	usb_config[1].interval = 50;/* 50 milliseconds */
262 	usb_config[1].bufsize = sizeof(struct usb_device_request);
263 	usb_config[1].callback = &ugen_write_clear_stall_callback;
264 	usb_config[1].usb_mode = USB_MODE_HOST;
265 
266 	usb_config[0].type = ed->bmAttributes & UE_XFERTYPE;
267 	usb_config[0].endpoint = ed->bEndpointAddress & UE_ADDR;
268 	usb_config[0].stream_id = 0;	/* XXX support more stream ID's */
269 	usb_config[0].direction = UE_DIR_TX;
270 	usb_config[0].interval = USB_DEFAULT_INTERVAL;
271 	usb_config[0].flags.proxy_buffer = 1;
272 	usb_config[0].usb_mode = USB_MODE_DUAL;	/* both modes */
273 
274 	switch (ed->bmAttributes & UE_XFERTYPE) {
275 	case UE_INTERRUPT:
276 	case UE_BULK:
277 		if (f->flag_short) {
278 			usb_config[0].flags.force_short_xfer = 1;
279 		}
280 		usb_config[0].callback = &ugen_ctrl_write_callback;
281 		usb_config[0].timeout = f->timeout;
282 		usb_config[0].frames = 1;
283 		usb_config[0].bufsize = f->bufsize;
284 		if (ugen_transfer_setup(f, usb_config, 2)) {
285 			return (EIO);
286 		}
287 		/* first transfer does not clear stall */
288 		f->flag_stall = 0;
289 		break;
290 
291 	case UE_ISOCHRONOUS:
292 		usb_config[0].flags.short_xfer_ok = 1;
293 		usb_config[0].bufsize = 0;	/* use default */
294 		usb_config[0].frames = f->nframes;
295 		usb_config[0].callback = &ugen_isoc_write_callback;
296 		usb_config[0].timeout = 0;
297 
298 		/* clone configuration */
299 		usb_config[1] = usb_config[0];
300 
301 		if (ugen_transfer_setup(f, usb_config, 2)) {
302 			return (EIO);
303 		}
304 		break;
305 	default:
306 		return (EINVAL);
307 	}
308 	return (0);
309 }
310 
311 static int
312 ugen_open_pipe_read(struct usb_fifo *f)
313 {
314 	struct usb_config usb_config[2];
315 	struct usb_endpoint *ep = usb_fifo_softc(f);
316 	struct usb_endpoint_descriptor *ed = ep->edesc;
317 
318 	USB_MTX_ASSERT(f->priv_mtx, MA_OWNED);
319 
320 	if (f->xfer[0] || f->xfer[1]) {
321 		/* transfers are already opened */
322 		return (0);
323 	}
324 	memset(usb_config, 0, sizeof(usb_config));
325 
326 	usb_config[1].type = UE_CONTROL;
327 	usb_config[1].endpoint = 0;
328 	usb_config[1].direction = UE_DIR_ANY;
329 	usb_config[1].timeout = 1000;	/* 1 second */
330 	usb_config[1].interval = 50;/* 50 milliseconds */
331 	usb_config[1].bufsize = sizeof(struct usb_device_request);
332 	usb_config[1].callback = &ugen_read_clear_stall_callback;
333 	usb_config[1].usb_mode = USB_MODE_HOST;
334 
335 	usb_config[0].type = ed->bmAttributes & UE_XFERTYPE;
336 	usb_config[0].endpoint = ed->bEndpointAddress & UE_ADDR;
337 	usb_config[0].stream_id = 0;	/* XXX support more stream ID's */
338 	usb_config[0].direction = UE_DIR_RX;
339 	usb_config[0].interval = USB_DEFAULT_INTERVAL;
340 	usb_config[0].flags.proxy_buffer = 1;
341 	usb_config[0].usb_mode = USB_MODE_DUAL;	/* both modes */
342 
343 	switch (ed->bmAttributes & UE_XFERTYPE) {
344 	case UE_INTERRUPT:
345 	case UE_BULK:
346 		if (f->flag_short) {
347 			usb_config[0].flags.short_xfer_ok = 1;
348 		}
349 		usb_config[0].timeout = f->timeout;
350 		usb_config[0].frames = 1;
351 		usb_config[0].callback = &ugen_ctrl_read_callback;
352 		usb_config[0].bufsize = f->bufsize;
353 
354 		if (ugen_transfer_setup(f, usb_config, 2)) {
355 			return (EIO);
356 		}
357 		/* first transfer does not clear stall */
358 		f->flag_stall = 0;
359 		break;
360 
361 	case UE_ISOCHRONOUS:
362 		usb_config[0].flags.short_xfer_ok = 1;
363 		usb_config[0].bufsize = 0;	/* use default */
364 		usb_config[0].frames = f->nframes;
365 		usb_config[0].callback = &ugen_isoc_read_callback;
366 		usb_config[0].timeout = 0;
367 
368 		/* clone configuration */
369 		usb_config[1] = usb_config[0];
370 
371 		if (ugen_transfer_setup(f, usb_config, 2)) {
372 			return (EIO);
373 		}
374 		break;
375 
376 	default:
377 		return (EINVAL);
378 	}
379 	return (0);
380 }
381 
382 static void
383 ugen_start_read(struct usb_fifo *f)
384 {
385 	/* check that pipes are open */
386 	if (ugen_open_pipe_read(f)) {
387 		/* signal error */
388 		usb_fifo_put_data_error(f);
389 	}
390 	/* start transfers */
391 	usbd_transfer_start(f->xfer[0]);
392 	usbd_transfer_start(f->xfer[1]);
393 }
394 
395 static void
396 ugen_start_write(struct usb_fifo *f)
397 {
398 	/* check that pipes are open */
399 	if (ugen_open_pipe_write(f)) {
400 		/* signal error */
401 		usb_fifo_get_data_error(f);
402 	}
403 	/* start transfers */
404 	usbd_transfer_start(f->xfer[0]);
405 	usbd_transfer_start(f->xfer[1]);
406 }
407 
408 static void
409 ugen_stop_io(struct usb_fifo *f)
410 {
411 	/* stop transfers */
412 	usbd_transfer_stop(f->xfer[0]);
413 	usbd_transfer_stop(f->xfer[1]);
414 }
415 
416 static void
417 ugen_ctrl_read_callback(struct usb_xfer *xfer, usb_error_t error)
418 {
419 	struct usb_fifo *f = usbd_xfer_softc(xfer);
420 	struct usb_mbuf *m;
421 
422 	DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
423 
424 	switch (USB_GET_STATE(xfer)) {
425 	case USB_ST_TRANSFERRED:
426 		if (xfer->actlen == 0) {
427 			if (f->fifo_zlp != 4) {
428 				f->fifo_zlp++;
429 			} else {
430 				/*
431 				 * Throttle a little bit we have multiple ZLPs
432 				 * in a row!
433 				 */
434 				xfer->interval = 64;	/* ms */
435 			}
436 		} else {
437 			/* clear throttle */
438 			xfer->interval = 0;
439 			f->fifo_zlp = 0;
440 		}
441 		usb_fifo_put_data(f, xfer->frbuffers, 0,
442 		    xfer->actlen, 1);
443 
444 	case USB_ST_SETUP:
445 		if (f->flag_stall) {
446 			usbd_transfer_start(f->xfer[1]);
447 			break;
448 		}
449 		USB_IF_POLL(&f->free_q, m);
450 		if (m) {
451 			usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
452 			usbd_transfer_submit(xfer);
453 		}
454 		break;
455 
456 	default:			/* Error */
457 		if (xfer->error != USB_ERR_CANCELLED) {
458 			/* send a zero length packet to userland */
459 			usb_fifo_put_data(f, xfer->frbuffers, 0, 0, 1);
460 			f->flag_stall = 1;
461 			f->fifo_zlp = 0;
462 			usbd_transfer_start(f->xfer[1]);
463 		}
464 		break;
465 	}
466 }
467 
468 static void
469 ugen_ctrl_write_callback(struct usb_xfer *xfer, usb_error_t error)
470 {
471 	struct usb_fifo *f = usbd_xfer_softc(xfer);
472 	usb_frlength_t actlen;
473 
474 	DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
475 
476 	switch (USB_GET_STATE(xfer)) {
477 	case USB_ST_SETUP:
478 	case USB_ST_TRANSFERRED:
479 		/*
480 		 * If writing is in stall, just jump to clear stall
481 		 * callback and solve the situation.
482 		 */
483 		if (f->flag_stall) {
484 			usbd_transfer_start(f->xfer[1]);
485 			break;
486 		}
487 		/*
488 		 * Write data, setup and perform hardware transfer.
489 		 */
490 		if (usb_fifo_get_data(f, xfer->frbuffers, 0,
491 		    xfer->max_data_length, &actlen, 0)) {
492 			usbd_xfer_set_frame_len(xfer, 0, actlen);
493 			usbd_transfer_submit(xfer);
494 		}
495 		break;
496 
497 	default:			/* Error */
498 		if (xfer->error != USB_ERR_CANCELLED) {
499 			f->flag_stall = 1;
500 			usbd_transfer_start(f->xfer[1]);
501 		}
502 		break;
503 	}
504 }
505 
506 static void
507 ugen_read_clear_stall_callback(struct usb_xfer *xfer, usb_error_t error)
508 {
509 	struct usb_fifo *f = usbd_xfer_softc(xfer);
510 	struct usb_xfer *xfer_other = f->xfer[0];
511 
512 	if (f->flag_stall == 0) {
513 		/* nothing to do */
514 		return;
515 	}
516 	if (usbd_clear_stall_callback(xfer, xfer_other)) {
517 		DPRINTFN(5, "f=%p: stall cleared\n", f);
518 		f->flag_stall = 0;
519 		usbd_transfer_start(xfer_other);
520 	}
521 }
522 
523 static void
524 ugen_write_clear_stall_callback(struct usb_xfer *xfer, usb_error_t error)
525 {
526 	struct usb_fifo *f = usbd_xfer_softc(xfer);
527 	struct usb_xfer *xfer_other = f->xfer[0];
528 
529 	if (f->flag_stall == 0) {
530 		/* nothing to do */
531 		return;
532 	}
533 	if (usbd_clear_stall_callback(xfer, xfer_other)) {
534 		DPRINTFN(5, "f=%p: stall cleared\n", f);
535 		f->flag_stall = 0;
536 		usbd_transfer_start(xfer_other);
537 	}
538 }
539 
540 static void
541 ugen_isoc_read_callback(struct usb_xfer *xfer, usb_error_t error)
542 {
543 	struct usb_fifo *f = usbd_xfer_softc(xfer);
544 	usb_frlength_t offset;
545 	usb_frcount_t n;
546 
547 	DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
548 
549 	switch (USB_GET_STATE(xfer)) {
550 	case USB_ST_TRANSFERRED:
551 
552 		DPRINTFN(6, "actlen=%d\n", xfer->actlen);
553 
554 		offset = 0;
555 
556 		for (n = 0; n != xfer->aframes; n++) {
557 			usb_fifo_put_data(f, xfer->frbuffers, offset,
558 			    xfer->frlengths[n], 1);
559 			offset += xfer->max_frame_size;
560 		}
561 
562 	case USB_ST_SETUP:
563 tr_setup:
564 		for (n = 0; n != xfer->nframes; n++) {
565 			/* setup size for next transfer */
566 			usbd_xfer_set_frame_len(xfer, n, xfer->max_frame_size);
567 		}
568 		usbd_transfer_submit(xfer);
569 		break;
570 
571 	default:			/* Error */
572 		if (xfer->error == USB_ERR_CANCELLED) {
573 			break;
574 		}
575 		goto tr_setup;
576 	}
577 }
578 
579 static void
580 ugen_isoc_write_callback(struct usb_xfer *xfer, usb_error_t error)
581 {
582 	struct usb_fifo *f = usbd_xfer_softc(xfer);
583 	usb_frlength_t actlen;
584 	usb_frlength_t offset;
585 	usb_frcount_t n;
586 
587 	DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
588 
589 	switch (USB_GET_STATE(xfer)) {
590 	case USB_ST_TRANSFERRED:
591 	case USB_ST_SETUP:
592 tr_setup:
593 		offset = 0;
594 		for (n = 0; n != xfer->nframes; n++) {
595 			if (usb_fifo_get_data(f, xfer->frbuffers, offset,
596 			    xfer->max_frame_size, &actlen, 1)) {
597 				usbd_xfer_set_frame_len(xfer, n, actlen);
598 				offset += actlen;
599 			} else {
600 				break;
601 			}
602 		}
603 
604 		for (; n != xfer->nframes; n++) {
605 			/* fill in zero frames */
606 			usbd_xfer_set_frame_len(xfer, n, 0);
607 		}
608 		usbd_transfer_submit(xfer);
609 		break;
610 
611 	default:			/* Error */
612 		if (xfer->error == USB_ERR_CANCELLED) {
613 			break;
614 		}
615 		goto tr_setup;
616 	}
617 }
618 
619 static int
620 ugen_set_config(struct usb_fifo *f, uint8_t index)
621 {
622 	DPRINTFN(2, "index %u\n", index);
623 
624 	if (f->udev->flags.usb_mode != USB_MODE_HOST) {
625 		/* not possible in device side mode */
626 		return (ENOTTY);
627 	}
628 
629 	/* make sure all FIFO's are gone */
630 	/* else there can be a deadlock */
631 	if (ugen_fs_uninit(f)) {
632 		/* ignore any errors */
633 		DPRINTFN(6, "no FIFOs\n");
634 	}
635 
636 	if (usbd_start_set_config(f->udev, index) != 0)
637 		return (EIO);
638 
639 	return (0);
640 }
641 
642 static int
643 ugen_set_interface(struct usb_fifo *f,
644     uint8_t iface_index, uint8_t alt_index)
645 {
646 	DPRINTFN(2, "%u, %u\n", iface_index, alt_index);
647 
648 	if (f->udev->flags.usb_mode != USB_MODE_HOST) {
649 		/* not possible in device side mode */
650 		return (ENOTTY);
651 	}
652 	/* make sure all FIFO's are gone */
653 	/* else there can be a deadlock */
654 	if (ugen_fs_uninit(f)) {
655 		/* ignore any errors */
656 		DPRINTFN(6, "no FIFOs\n");
657 	}
658 	/* change setting - will free generic FIFOs, if any */
659 	if (usbd_set_alt_interface_index(f->udev, iface_index, alt_index)) {
660 		return (EIO);
661 	}
662 	/* probe and attach */
663 	if (usb_probe_and_attach(f->udev, iface_index)) {
664 		return (EIO);
665 	}
666 	return (0);
667 }
668 
669 /*------------------------------------------------------------------------*
670  *	ugen_get_cdesc
671  *
672  * This function will retrieve the complete configuration descriptor
673  * at the given index.
674  *------------------------------------------------------------------------*/
675 static int
676 ugen_get_cdesc(struct usb_fifo *f, struct usb_gen_descriptor *ugd)
677 {
678 	struct usb_config_descriptor *cdesc;
679 	struct usb_device *udev = f->udev;
680 	int error;
681 	uint16_t len;
682 	uint8_t free_data;
683 
684 	DPRINTFN(6, "\n");
685 
686 	if (ugd->ugd_data == NULL) {
687 		/* userland pointer should not be zero */
688 		return (EINVAL);
689 	}
690 	if ((ugd->ugd_config_index == USB_UNCONFIG_INDEX) ||
691 	    (ugd->ugd_config_index == udev->curr_config_index)) {
692 		cdesc = usbd_get_config_descriptor(udev);
693 		if (cdesc == NULL)
694 			return (ENXIO);
695 		free_data = 0;
696 
697 	} else {
698 #if (USB_HAVE_FIXED_CONFIG == 0)
699 		if (usbd_req_get_config_desc_full(udev,
700 		    NULL, &cdesc, ugd->ugd_config_index)) {
701 			return (ENXIO);
702 		}
703 		free_data = 1;
704 #else
705 		/* configuration descriptor data is shared */
706 		return (EINVAL);
707 #endif
708 	}
709 
710 	len = UGETW(cdesc->wTotalLength);
711 	if (len > ugd->ugd_maxlen) {
712 		len = ugd->ugd_maxlen;
713 	}
714 	DPRINTFN(6, "len=%u\n", len);
715 
716 	ugd->ugd_actlen = len;
717 	ugd->ugd_offset = 0;
718 
719 	error = copyout(cdesc, ugd->ugd_data, len);
720 
721 	if (free_data)
722 		usbd_free_config_desc(udev, cdesc);
723 
724 	return (error);
725 }
726 
727 static int
728 ugen_get_sdesc(struct usb_fifo *f, struct usb_gen_descriptor *ugd)
729 {
730 	void *ptr;
731 	uint16_t size;
732 	int error;
733 	uint8_t do_unlock;
734 
735 	/* Protect scratch area */
736 	do_unlock = usbd_ctrl_lock(f->udev);
737 
738 	ptr = f->udev->scratch.data;
739 	size = sizeof(f->udev->scratch.data);
740 
741 	if (usbd_req_get_string_desc(f->udev, NULL, ptr,
742 	    size, ugd->ugd_lang_id, ugd->ugd_string_index)) {
743 		error = EINVAL;
744 	} else {
745 		if (size > ((uint8_t *)ptr)[0]) {
746 			size = ((uint8_t *)ptr)[0];
747 		}
748 		if (size > ugd->ugd_maxlen) {
749 			size = ugd->ugd_maxlen;
750 		}
751 		ugd->ugd_actlen = size;
752 		ugd->ugd_offset = 0;
753 
754 		error = copyout(ptr, ugd->ugd_data, size);
755 	}
756 	if (do_unlock)
757 		usbd_ctrl_unlock(f->udev);
758 
759 	return (error);
760 }
761 
762 /*------------------------------------------------------------------------*
763  *	ugen_get_iface_driver
764  *
765  * This function generates an USB interface description for userland.
766  *
767  * Returns:
768  *    0: Success
769  * Else: Failure
770  *------------------------------------------------------------------------*/
771 static int
772 ugen_get_iface_driver(struct usb_fifo *f, struct usb_gen_descriptor *ugd)
773 {
774 	struct usb_device *udev = f->udev;
775 	struct usb_interface *iface;
776 	const char *ptr;
777 	const char *desc;
778 	unsigned len;
779 	unsigned maxlen;
780 	char buf[128];
781 	int error;
782 
783 	DPRINTFN(6, "\n");
784 
785 	if ((ugd->ugd_data == NULL) || (ugd->ugd_maxlen == 0)) {
786 		/* userland pointer should not be zero */
787 		return (EINVAL);
788 	}
789 
790 	iface = usbd_get_iface(udev, ugd->ugd_iface_index);
791 	if ((iface == NULL) || (iface->idesc == NULL)) {
792 		/* invalid interface index */
793 		return (EINVAL);
794 	}
795 
796 	/* read out device nameunit string, if any */
797 	if ((iface->subdev != NULL) &&
798 	    device_is_attached(iface->subdev) &&
799 	    (ptr = device_get_nameunit(iface->subdev)) &&
800 	    (desc = device_get_desc(iface->subdev))) {
801 		/* print description */
802 		snprintf(buf, sizeof(buf), "%s: <%s>", ptr, desc);
803 
804 		/* range checks */
805 		maxlen = ugd->ugd_maxlen - 1;
806 		len = strlen(buf);
807 		if (len > maxlen)
808 			len = maxlen;
809 
810 		/* update actual length, including terminating zero */
811 		ugd->ugd_actlen = len + 1;
812 
813 		/* copy out interface description */
814 		error = copyout(buf, ugd->ugd_data, ugd->ugd_actlen);
815 	} else {
816 		/* zero length string is default */
817 		error = copyout("", ugd->ugd_data, 1);
818 	}
819 	return (error);
820 }
821 
822 /*------------------------------------------------------------------------*
823  *	ugen_fill_deviceinfo
824  *
825  * This function dumps information about an USB device to the
826  * structure pointed to by the "di" argument.
827  *
828  * Returns:
829  *    0: Success
830  * Else: Failure
831  *------------------------------------------------------------------------*/
832 int
833 ugen_fill_deviceinfo(struct usb_fifo *f, struct usb_device_info *di)
834 {
835 	struct usb_device *udev;
836 	struct usb_device *hub;
837 
838 	udev = f->udev;
839 
840 	bzero(di, sizeof(di[0]));
841 
842 	di->udi_bus = device_get_unit(udev->bus->bdev);
843 	di->udi_addr = udev->address;
844 	di->udi_index = udev->device_index;
845 	strlcpy(di->udi_serial, usb_get_serial(udev), sizeof(di->udi_serial));
846 	strlcpy(di->udi_vendor, usb_get_manufacturer(udev), sizeof(di->udi_vendor));
847 	strlcpy(di->udi_product, usb_get_product(udev), sizeof(di->udi_product));
848 	usb_printbcd(di->udi_release, sizeof(di->udi_release),
849 	    UGETW(udev->ddesc.bcdDevice));
850 	di->udi_vendorNo = UGETW(udev->ddesc.idVendor);
851 	di->udi_productNo = UGETW(udev->ddesc.idProduct);
852 	di->udi_releaseNo = UGETW(udev->ddesc.bcdDevice);
853 	di->udi_class = udev->ddesc.bDeviceClass;
854 	di->udi_subclass = udev->ddesc.bDeviceSubClass;
855 	di->udi_protocol = udev->ddesc.bDeviceProtocol;
856 	di->udi_config_no = udev->curr_config_no;
857 	di->udi_config_index = udev->curr_config_index;
858 	di->udi_power = udev->flags.self_powered ? 0 : udev->power;
859 	di->udi_speed = udev->speed;
860 	di->udi_mode = udev->flags.usb_mode;
861 	di->udi_power_mode = udev->power_mode;
862 	di->udi_suspended = udev->flags.peer_suspended;
863 
864 	hub = udev->parent_hub;
865 	if (hub) {
866 		di->udi_hubaddr = hub->address;
867 		di->udi_hubindex = hub->device_index;
868 		di->udi_hubport = udev->port_no;
869 	}
870 	return (0);
871 }
872 
873 int
874 ugen_do_request(struct usb_fifo *f, struct usb_ctl_request *ur)
875 {
876 	int error;
877 	uint16_t len;
878 	uint16_t actlen;
879 
880 	if (usb_check_request(f->udev, &ur->ucr_request)) {
881 		return (EPERM);
882 	}
883 	len = UGETW(ur->ucr_request.wLength);
884 
885 	/* check if "ucr_data" is valid */
886 	if (len != 0) {
887 		if (ur->ucr_data == NULL) {
888 			return (EFAULT);
889 		}
890 	}
891 	/* do the USB request */
892 	error = usbd_do_request_flags
893 	    (f->udev, NULL, &ur->ucr_request, ur->ucr_data,
894 	    (ur->ucr_flags & USB_SHORT_XFER_OK) |
895 	    USB_USER_DATA_PTR, &actlen,
896 	    USB_DEFAULT_TIMEOUT);
897 
898 	ur->ucr_actlen = actlen;
899 
900 	if (error) {
901 		error = EIO;
902 	}
903 	return (error);
904 }
905 
906 #ifdef COMPAT_FREEBSD32
907 static int
908 ugen_do_request32(struct usb_fifo *f, struct usb_ctl_request32 *ur32)
909 {
910 	struct usb_ctl_request ur;
911 	int error;
912 
913 	PTRIN_CP(*ur32, ur, ucr_data);
914 	CP(*ur32, ur, ucr_flags);
915 	CP(*ur32, ur, ucr_actlen);
916 	CP(*ur32, ur, ucr_addr);
917 	CP(*ur32, ur, ucr_request);
918 
919 	error = ugen_do_request(f, &ur);
920 
921 	/* Don't update ucr_data pointer */
922 	CP(ur, *ur32, ucr_flags);
923 	CP(ur, *ur32, ucr_actlen);
924 	CP(ur, *ur32, ucr_addr);
925 	CP(ur, *ur32, ucr_request);
926 
927 	return (error);
928 }
929 #endif
930 
931 /*------------------------------------------------------------------------
932  *	ugen_re_enumerate
933  *------------------------------------------------------------------------*/
934 static int
935 ugen_re_enumerate(struct usb_fifo *f)
936 {
937 	struct usb_device *udev = f->udev;
938 	int error;
939 
940 	/*
941 	 * This request can be useful for testing USB drivers:
942 	 */
943 	error = priv_check(curthread, PRIV_DRIVER);
944 	if (error) {
945 		return (error);
946 	}
947 	if (udev->flags.usb_mode != USB_MODE_HOST) {
948 		/* not possible in device side mode */
949 		DPRINTFN(6, "device mode\n");
950 		return (ENOTTY);
951 	}
952 	/* make sure all FIFO's are gone */
953 	/* else there can be a deadlock */
954 	if (ugen_fs_uninit(f)) {
955 		/* ignore any errors */
956 		DPRINTFN(6, "no FIFOs\n");
957 	}
958 	/* start re-enumeration of device */
959 	usbd_start_re_enumerate(udev);
960 	return (0);
961 }
962 
963 static int
964 ugen_fs_init(struct usb_fifo *f,
965     struct usb_fs_endpoint *fs_ep_ptr, usb_size_t fs_ep_sz,
966     int fflags, uint8_t ep_index_max)
967 {
968 	int error;
969 
970 	/* verify input parameters */
971 	if (fs_ep_ptr == NULL || ep_index_max > USB_FS_XFER_MAX)
972 		return (EINVAL);
973 
974 	if (f->fs_ep_max != 0)
975 		return (EBUSY);
976 
977 	if (f->dev_ep_index != 0 || ep_index_max == 0)
978 		return (EINVAL);
979 
980 	if (ugen_fifo_in_use(f, fflags))
981 		return (EBUSY);
982 
983 	error = usb_fifo_alloc_buffer(f, 1, ep_index_max);
984 	if (error == 0) {
985 		mtx_lock(f->priv_mtx);
986 		f->fs_ep_max = ep_index_max;
987 		f->fs_ep_ptr = fs_ep_ptr;
988 		f->fs_ep_sz = fs_ep_sz;
989 		mtx_unlock(f->priv_mtx);
990 	}
991 	return (error);
992 }
993 
994 int
995 ugen_fs_uninit(struct usb_fifo *f)
996 {
997 	if (f->fs_ep_max == 0)
998 		return (EINVAL);
999 
1000 	/*
1001 	 * Prevent calls into the fast-path code, by setting fs_ep_max
1002 	 * to zero:
1003 	 */
1004 	sx_xlock(&f->fs_fastpath_lock);
1005 	mtx_lock(f->priv_mtx);
1006 	f->fs_ep_max = 0;
1007 	mtx_unlock(f->priv_mtx);
1008 	sx_xunlock(&f->fs_fastpath_lock);
1009 
1010 	usbd_transfer_unsetup(f->fs_xfer, USB_FS_XFER_MAX);
1011 
1012 	mtx_lock(f->priv_mtx);
1013 	f->fs_ep_ptr = NULL;
1014 	f->flag_iscomplete = 0;
1015 	mtx_unlock(f->priv_mtx);
1016 
1017 	usb_fifo_free_buffer(f);
1018 	return (0);
1019 }
1020 
1021 static int
1022 usb_fs_open(struct usb_fifo *f, struct usb_fs_open *popen,
1023     int fflags, usb_stream_t stream_id)
1024 {
1025 	struct usb_config usb_config[1] = {};
1026 	struct usb_endpoint *ep;
1027 	struct usb_endpoint_descriptor *ed;
1028 	uint8_t iface_index;
1029 	uint8_t pre_scale;
1030 	uint8_t isread;
1031 	int error;
1032 
1033 	if (popen->ep_index >= f->fs_ep_max)
1034 		return (EINVAL);
1035 
1036 	if (f->fs_xfer[popen->ep_index] != NULL)
1037 		return (EBUSY);
1038 
1039 	if (popen->max_bufsize > USB_FS_MAX_BUFSIZE)
1040 		popen->max_bufsize = USB_FS_MAX_BUFSIZE;
1041 
1042 	if (popen->max_frames & USB_FS_MAX_FRAMES_PRE_SCALE) {
1043 		pre_scale = 1;
1044 		popen->max_frames &= ~USB_FS_MAX_FRAMES_PRE_SCALE;
1045 	} else {
1046 		pre_scale = 0;
1047 	}
1048 
1049 	if (popen->max_frames > USB_FS_MAX_FRAMES)
1050 		popen->max_frames = USB_FS_MAX_FRAMES;
1051 
1052 	if (popen->max_frames == 0)
1053 		return (EINVAL);
1054 
1055 	ep = usbd_get_ep_by_addr(f->udev, popen->ep_no);
1056 	if (ep == NULL)
1057 		return (EINVAL);
1058 
1059 	ed = ep->edesc;
1060 	if (ed == NULL)
1061 		return (ENXIO);
1062 
1063 	iface_index = ep->iface_index;
1064 
1065 	usb_config[0].type = ed->bmAttributes & UE_XFERTYPE;
1066 	usb_config[0].endpoint = ed->bEndpointAddress & UE_ADDR;
1067 	usb_config[0].direction = ed->bEndpointAddress & (UE_DIR_OUT | UE_DIR_IN);
1068 	usb_config[0].interval = USB_DEFAULT_INTERVAL;
1069 	usb_config[0].flags.proxy_buffer = 1;
1070 	if (pre_scale != 0)
1071 		usb_config[0].flags.pre_scale_frames = 1;
1072 
1073 	usb_config[0].callback = &ugen_ctrl_fs_callback;
1074 	usb_config[0].timeout = 0;	/* no timeout */
1075 	usb_config[0].frames = popen->max_frames;
1076 	usb_config[0].bufsize = popen->max_bufsize;
1077 	usb_config[0].usb_mode = USB_MODE_DUAL;	/* both modes */
1078 	usb_config[0].stream_id = stream_id;
1079 
1080 	if (usb_config[0].type == UE_CONTROL) {
1081 		if (f->udev->flags.usb_mode != USB_MODE_HOST)
1082 			return (EINVAL);
1083 	} else {
1084 		isread = ((usb_config[0].endpoint &
1085 		    (UE_DIR_IN | UE_DIR_OUT)) == UE_DIR_IN);
1086 
1087 		if (f->udev->flags.usb_mode != USB_MODE_HOST)
1088 			isread = !isread;
1089 
1090 		/* check permissions */
1091 		if (isread) {
1092 			if (!(fflags & FREAD))
1093 				return (EPERM);
1094 		} else {
1095 			if (!(fflags & FWRITE))
1096 				return (EPERM);
1097 		}
1098 	}
1099 	error = usbd_transfer_setup(f->udev, &iface_index,
1100 	    f->fs_xfer + popen->ep_index, usb_config, 1,
1101 	    f, f->priv_mtx);
1102 	if (error == 0) {
1103 		/* update maximums */
1104 		popen->max_packet_length =
1105 		    f->fs_xfer[popen->ep_index]->max_frame_size;
1106 		popen->max_bufsize =
1107 		    f->fs_xfer[popen->ep_index]->max_data_length;
1108 		/* update number of frames */
1109 		popen->max_frames =
1110 		    f->fs_xfer[popen->ep_index]->nframes;
1111 		/* store index of endpoint */
1112 		f->fs_xfer[popen->ep_index]->priv_fifo =
1113 		    ((uint8_t *)0) + popen->ep_index;
1114 	} else {
1115 		error = ENOMEM;
1116 	}
1117 	return (error);
1118 }
1119 
1120 static int
1121 usb_fs_close(struct usb_fifo *f, struct usb_fs_close *pclose)
1122 {
1123 	struct usb_xfer *xfer;
1124 
1125 	if (pclose->ep_index >= f->fs_ep_max)
1126 		return (EINVAL);
1127 
1128 	/*
1129 	 * Prevent calls into the fast-path code, by setting the
1130 	 * fs_xfer[] in question to NULL:
1131 	 */
1132 	sx_xlock(&f->fs_fastpath_lock);
1133 	mtx_lock(f->priv_mtx);
1134 	xfer = f->fs_xfer[pclose->ep_index];
1135 	f->fs_xfer[pclose->ep_index] = NULL;
1136 	mtx_unlock(f->priv_mtx);
1137 	sx_xunlock(&f->fs_fastpath_lock);
1138 
1139 	if (xfer == NULL)
1140 		return (EINVAL);
1141 
1142 	usbd_transfer_unsetup(&xfer, 1);
1143 	return (0);
1144 }
1145 
1146 static int
1147 usb_fs_clear_stall_sync(struct usb_fifo *f, struct usb_fs_clear_stall_sync *pstall)
1148 {
1149 	struct usb_device_request req;
1150 	struct usb_endpoint *ep;
1151 	int error;
1152 
1153 	if (pstall->ep_index >= f->fs_ep_max)
1154 		return (EINVAL);
1155 
1156 	if (f->fs_xfer[pstall->ep_index] == NULL)
1157 		return (EINVAL);
1158 
1159 	if (f->udev->flags.usb_mode != USB_MODE_HOST)
1160 		return (EINVAL);
1161 
1162 	mtx_lock(f->priv_mtx);
1163 	error = usbd_transfer_pending(f->fs_xfer[pstall->ep_index]);
1164 	mtx_unlock(f->priv_mtx);
1165 
1166 	if (error)
1167 		return (EBUSY);
1168 
1169 	ep = f->fs_xfer[pstall->ep_index]->endpoint;
1170 
1171 	/* setup a clear-stall packet */
1172 	req.bmRequestType = UT_WRITE_ENDPOINT;
1173 	req.bRequest = UR_CLEAR_FEATURE;
1174 	USETW(req.wValue, UF_ENDPOINT_HALT);
1175 	req.wIndex[0] = ep->edesc->bEndpointAddress;
1176 	req.wIndex[1] = 0;
1177 	USETW(req.wLength, 0);
1178 
1179 	error = usbd_do_request(f->udev, NULL, &req, NULL);
1180 	if (error == 0) {
1181 		usbd_clear_data_toggle(f->udev, ep);
1182 	} else {
1183 		error = ENXIO;
1184 	}
1185 	return (error);
1186 }
1187 
1188 static uint8_t
1189 ugen_fs_get_complete(struct usb_fifo *f, uint8_t *pindex)
1190 {
1191 	struct usb_mbuf *m;
1192 
1193 	USB_IF_DEQUEUE(&f->used_q, m);
1194 
1195 	if (m) {
1196 		*pindex = *((uint8_t *)(m->cur_data_ptr));
1197 
1198 		USB_IF_ENQUEUE(&f->free_q, m);
1199 
1200 		return (0);		/* success */
1201 	} else {
1202 		*pindex = 0;		/* fix compiler warning */
1203 
1204 		f->flag_iscomplete = 0;
1205 	}
1206 	return (1);			/* failure */
1207 }
1208 
1209 static void
1210 ugen_fs_set_complete(struct usb_fifo *f, uint8_t index)
1211 {
1212 	struct usb_mbuf *m;
1213 
1214 	USB_IF_DEQUEUE(&f->free_q, m);
1215 
1216 	if (m == NULL) {
1217 		/* can happen during close */
1218 		DPRINTF("out of buffers\n");
1219 		return;
1220 	}
1221 	USB_MBUF_RESET(m);
1222 
1223 	*((uint8_t *)(m->cur_data_ptr)) = index;
1224 
1225 	USB_IF_ENQUEUE(&f->used_q, m);
1226 
1227 	f->flag_iscomplete = 1;
1228 
1229 	usb_fifo_wakeup(f);
1230 }
1231 
1232 static int
1233 ugen_fs_getbuffer(void **uptrp, struct usb_fifo *f, void *buffer,
1234     usb_frcount_t n)
1235 {
1236 	union {
1237 		void **ppBuffer;
1238 #ifdef COMPAT_FREEBSD32
1239 		uint32_t *ppBuffer32;
1240 #endif
1241 	} u;
1242 #ifdef COMPAT_FREEBSD32
1243 	uint32_t uptr32;
1244 #endif
1245 
1246 	u.ppBuffer = buffer;
1247 	switch (f->fs_ep_sz) {
1248 	case sizeof(struct usb_fs_endpoint):
1249 		if (fueword(u.ppBuffer + n, (long *)uptrp) != 0)
1250 			return (EFAULT);
1251 		return (0);
1252 #ifdef COMPAT_FREEBSD32
1253 	case sizeof(struct usb_fs_endpoint32):
1254 		if (fueword32(u.ppBuffer32 + n, &uptr32) != 0)
1255 			return (EFAULT);
1256 		*uptrp = PTRIN(uptr32);
1257 		return (0);
1258 #endif
1259 	default:
1260 		panic("%s: unhandled fs_ep_sz %#x", __func__, f->fs_ep_sz);
1261 	}
1262 }
1263 
1264 static int
1265 ugen_fs_copy_in(struct usb_fifo *f, uint8_t ep_index)
1266 {
1267 	struct usb_device_request *req;
1268 	struct usb_xfer *xfer;
1269 	struct usb_fs_endpoint fs_ep;
1270 	void *uaddr;			/* userland pointer */
1271 	void *kaddr;
1272 	usb_frlength_t offset;
1273 	usb_frlength_t rem;
1274 	usb_frcount_t n;
1275 	uint32_t length;
1276 	int error;
1277 	uint8_t isread;
1278 
1279 	mtx_lock(f->priv_mtx);
1280 	if (ep_index >= f->fs_ep_max) {
1281 		mtx_unlock(f->priv_mtx);
1282 		return (EINVAL);
1283 	}
1284 	xfer = f->fs_xfer[ep_index];
1285 	if (xfer == NULL) {
1286 		mtx_unlock(f->priv_mtx);
1287 		return (EINVAL);
1288 	}
1289 	if (usbd_transfer_pending(xfer)) {
1290 		mtx_unlock(f->priv_mtx);
1291 		return (EBUSY);		/* should not happen */
1292 	}
1293 	mtx_unlock(f->priv_mtx);
1294 
1295 	error = ugen_fs_copyin(f, ep_index, &fs_ep);
1296 	if (error) {
1297 		return (error);
1298 	}
1299 	/* security checks */
1300 
1301 	if (fs_ep.nFrames > xfer->max_frame_count) {
1302 		xfer->error = USB_ERR_INVAL;
1303 		goto complete;
1304 	}
1305 	if (fs_ep.nFrames == 0) {
1306 		xfer->error = USB_ERR_INVAL;
1307 		goto complete;
1308 	}
1309 	error = ugen_fs_getbuffer(&uaddr, f, fs_ep.ppBuffer, 0);
1310 	if (error) {
1311 		return (error);
1312 	}
1313 	/* reset first frame */
1314 	usbd_xfer_set_frame_offset(xfer, 0, 0);
1315 
1316 	if (xfer->flags_int.control_xfr) {
1317 		req = xfer->frbuffers[0].buffer;
1318 
1319 		if (fueword32(fs_ep.pLength, &length) != 0) {
1320 			return (EFAULT);
1321 		}
1322 		if (length != sizeof(*req)) {
1323 			xfer->error = USB_ERR_INVAL;
1324 			goto complete;
1325 		}
1326 		if (length != 0) {
1327 			error = copyin(uaddr, req, length);
1328 			if (error) {
1329 				return (error);
1330 			}
1331 		}
1332 		if (usb_check_request(f->udev, req)) {
1333 			xfer->error = USB_ERR_INVAL;
1334 			goto complete;
1335 		}
1336 		usbd_xfer_set_frame_len(xfer, 0, length);
1337 
1338 		/* Host mode only ! */
1339 		if ((req->bmRequestType &
1340 		    (UT_READ | UT_WRITE)) == UT_READ) {
1341 			isread = 1;
1342 		} else {
1343 			isread = 0;
1344 		}
1345 		n = 1;
1346 		offset = sizeof(*req);
1347 
1348 	} else {
1349 		/* Device and Host mode */
1350 		if (USB_GET_DATA_ISREAD(xfer)) {
1351 			isread = 1;
1352 		} else {
1353 			isread = 0;
1354 		}
1355 		n = 0;
1356 		offset = 0;
1357 	}
1358 
1359 	rem = usbd_xfer_max_len(xfer);
1360 	xfer->nframes = fs_ep.nFrames;
1361 	xfer->timeout = fs_ep.timeout;
1362 	if (xfer->timeout > 65535) {
1363 		xfer->timeout = 65535;
1364 	}
1365 	if (fs_ep.flags & USB_FS_FLAG_SINGLE_SHORT_OK)
1366 		xfer->flags.short_xfer_ok = 1;
1367 	else
1368 		xfer->flags.short_xfer_ok = 0;
1369 
1370 	if (fs_ep.flags & USB_FS_FLAG_MULTI_SHORT_OK)
1371 		xfer->flags.short_frames_ok = 1;
1372 	else
1373 		xfer->flags.short_frames_ok = 0;
1374 
1375 	if (fs_ep.flags & USB_FS_FLAG_FORCE_SHORT)
1376 		xfer->flags.force_short_xfer = 1;
1377 	else
1378 		xfer->flags.force_short_xfer = 0;
1379 
1380 	if (fs_ep.flags & USB_FS_FLAG_CLEAR_STALL)
1381 		usbd_xfer_set_stall(xfer);
1382 	else
1383 		xfer->flags.stall_pipe = 0;
1384 
1385 	for (; n != xfer->nframes; n++) {
1386 		if (fueword32(fs_ep.pLength + n, &length) != 0) {
1387 			break;
1388 		}
1389 		usbd_xfer_set_frame_len(xfer, n, length);
1390 
1391 		if (length > rem) {
1392 			xfer->error = USB_ERR_INVAL;
1393 			goto complete;
1394 		}
1395 		rem -= length;
1396 
1397 		if (!isread) {
1398 			/* we need to know the source buffer */
1399 			error = ugen_fs_getbuffer(&uaddr, f, fs_ep.ppBuffer, n);
1400 			if (error) {
1401 				break;
1402 			}
1403 			if (xfer->flags_int.isochronous_xfr) {
1404 				/* get kernel buffer address */
1405 				kaddr = xfer->frbuffers[0].buffer;
1406 				kaddr = USB_ADD_BYTES(kaddr, offset);
1407 			} else {
1408 				/* set current frame offset */
1409 				usbd_xfer_set_frame_offset(xfer, offset, n);
1410 
1411 				/* get kernel buffer address */
1412 				kaddr = xfer->frbuffers[n].buffer;
1413 			}
1414 
1415 			/* move data */
1416 			error = copyin(uaddr, kaddr, length);
1417 			if (error) {
1418 				break;
1419 			}
1420 		}
1421 		offset += length;
1422 	}
1423 	return (error);
1424 
1425 complete:
1426 	mtx_lock(f->priv_mtx);
1427 	ugen_fs_set_complete(f, ep_index);
1428 	mtx_unlock(f->priv_mtx);
1429 	return (0);
1430 }
1431 
1432 static struct usb_fs_endpoint *
1433 ugen_fs_ep_uptr(struct usb_fifo *f, uint8_t ep_index)
1434 {
1435 	return ((struct usb_fs_endpoint *)
1436 	    ((char *)f->fs_ep_ptr + (ep_index * f->fs_ep_sz)));
1437 }
1438 
1439 static int
1440 ugen_fs_copyin(struct usb_fifo *f, uint8_t ep_index,
1441     struct usb_fs_endpoint* fs_ep)
1442 {
1443 #ifdef COMPAT_FREEBSD32
1444 	struct usb_fs_endpoint32 fs_ep32;
1445 #endif
1446 	int error;
1447 
1448 	switch (f->fs_ep_sz) {
1449 	case sizeof(struct usb_fs_endpoint):
1450 		error = copyin(ugen_fs_ep_uptr(f, ep_index), fs_ep,
1451 		    f->fs_ep_sz);
1452 		if (error != 0)
1453 			return (error);
1454 		break;
1455 
1456 #ifdef COMPAT_FREEBSD32
1457 	case sizeof(struct usb_fs_endpoint32):
1458 		error = copyin(ugen_fs_ep_uptr(f, ep_index), &fs_ep32,
1459 		    f->fs_ep_sz);
1460 		if (error != 0)
1461 			return (error);
1462 		PTRIN_CP(fs_ep32, *fs_ep, ppBuffer);
1463 		PTRIN_CP(fs_ep32, *fs_ep, pLength);
1464 		CP(fs_ep32, *fs_ep, nFrames);
1465 		CP(fs_ep32, *fs_ep, aFrames);
1466 		CP(fs_ep32, *fs_ep, flags);
1467 		CP(fs_ep32, *fs_ep, timeout);
1468 		CP(fs_ep32, *fs_ep, isoc_time_complete);
1469 		CP(fs_ep32, *fs_ep, status);
1470 		break;
1471 #endif
1472 	default:
1473 		panic("%s: unhandled fs_ep_sz %#x", __func__, f->fs_ep_sz);
1474 	}
1475 
1476 	return (0);
1477 }
1478 
1479 static int
1480 ugen_fs_update(const struct usb_fs_endpoint *fs_ep,
1481     struct usb_fifo *f, uint8_t ep_index)
1482 {
1483 	union {
1484 		struct usb_fs_endpoint *fs_ep_uptr;
1485 #ifdef COMPAT_FREEBSD32
1486 		struct usb_fs_endpoint32 *fs_ep_uptr32;
1487 #endif
1488 	} u;
1489 	uint32_t *aFrames_uptr;
1490 	uint16_t *isoc_time_complete_uptr;
1491 	int *status_uptr;
1492 
1493 	switch (f->fs_ep_sz) {
1494 	case sizeof(struct usb_fs_endpoint):
1495 		u.fs_ep_uptr = ugen_fs_ep_uptr(f, ep_index);
1496 		aFrames_uptr = &u.fs_ep_uptr->aFrames;
1497 		isoc_time_complete_uptr = &u.fs_ep_uptr->isoc_time_complete;
1498 		status_uptr = &u.fs_ep_uptr->status;
1499 		break;
1500 #ifdef COMPAT_FREEBSD32
1501 	case sizeof(struct usb_fs_endpoint32):
1502 		u.fs_ep_uptr32 = (struct usb_fs_endpoint32 *)
1503 		    ugen_fs_ep_uptr(f, ep_index);
1504 		aFrames_uptr = &u.fs_ep_uptr32->aFrames;
1505 		isoc_time_complete_uptr = &u.fs_ep_uptr32->isoc_time_complete;
1506 		status_uptr = &u.fs_ep_uptr32->status;
1507 		break;
1508 #endif
1509 	default:
1510 		panic("%s: unhandled fs_ep_sz %#x", __func__, f->fs_ep_sz);
1511 	}
1512 
1513 	/* update "aFrames" */
1514 	if (suword32(aFrames_uptr, fs_ep->aFrames) != 0)
1515 		return (EFAULT);
1516 
1517 	/* update "isoc_time_complete" */
1518 	if (suword16(isoc_time_complete_uptr, fs_ep->isoc_time_complete) != 0)
1519 		return (EFAULT);
1520 
1521 	/* update "status" */
1522 	if (suword32(status_uptr, fs_ep->status) != 0)
1523 		return (EFAULT);
1524 
1525 	return (0);
1526 }
1527 
1528 static int
1529 ugen_fs_copy_out_cancelled(struct usb_fifo *f, uint8_t ep_index)
1530 {
1531 	struct usb_fs_endpoint fs_ep;
1532 	int error;
1533 
1534 	error = ugen_fs_copyin(f, ep_index, &fs_ep);
1535 	if (error)
1536 		return (error);
1537 
1538 	fs_ep.status = USB_ERR_CANCELLED;
1539 	fs_ep.aFrames = 0;
1540 	fs_ep.isoc_time_complete = 0;
1541 
1542 	return (ugen_fs_update(&fs_ep, f, ep_index));
1543 }
1544 
1545 static int
1546 ugen_fs_copy_out(struct usb_fifo *f, uint8_t ep_index)
1547 {
1548 	struct usb_device_request *req;
1549 	struct usb_xfer *xfer;
1550 	struct usb_fs_endpoint fs_ep;
1551 	void *uaddr;			/* userland ptr */
1552 	void *kaddr;
1553 	usb_frlength_t offset;
1554 	usb_frlength_t rem;
1555 	usb_frcount_t n;
1556 	uint32_t length;
1557 	uint32_t temp;
1558 	int error;
1559 	uint8_t isread;
1560 
1561 	mtx_lock(f->priv_mtx);
1562 	if (ep_index >= f->fs_ep_max) {
1563 		mtx_unlock(f->priv_mtx);
1564 		return (EINVAL);
1565 	}
1566 	xfer = f->fs_xfer[ep_index];
1567 	if (xfer == NULL) {
1568 		mtx_unlock(f->priv_mtx);
1569 		return (EINVAL);
1570 	}
1571 	if (!xfer->flags_int.transferring &&
1572 	    !xfer->flags_int.started) {
1573 		mtx_unlock(f->priv_mtx);
1574 		DPRINTF("Returning fake cancel event\n");
1575 		return (ugen_fs_copy_out_cancelled(f, ep_index));
1576 	} else if (usbd_transfer_pending(xfer)) {
1577 		mtx_unlock(f->priv_mtx);
1578 		return (EBUSY);		/* should not happen */
1579 	}
1580 	mtx_unlock(f->priv_mtx);
1581 
1582 	error = ugen_fs_copyin(f, ep_index, &fs_ep);
1583 	if (error) {
1584 		return (error);
1585 	}
1586 
1587 	fs_ep.status = xfer->error;
1588 	fs_ep.aFrames = xfer->aframes;
1589 	fs_ep.isoc_time_complete = xfer->isoc_time_complete;
1590 	if (xfer->error) {
1591 		goto complete;
1592 	}
1593 	if (xfer->flags_int.control_xfr) {
1594 		req = xfer->frbuffers[0].buffer;
1595 
1596 		/* Host mode only ! */
1597 		if ((req->bmRequestType & (UT_READ | UT_WRITE)) == UT_READ) {
1598 			isread = 1;
1599 		} else {
1600 			isread = 0;
1601 		}
1602 		if (xfer->nframes == 0)
1603 			n = 0;		/* should never happen */
1604 		else
1605 			n = 1;
1606 	} else {
1607 		/* Device and Host mode */
1608 		if (USB_GET_DATA_ISREAD(xfer)) {
1609 			isread = 1;
1610 		} else {
1611 			isread = 0;
1612 		}
1613 		n = 0;
1614 	}
1615 
1616 	/* Update lengths and copy out data */
1617 
1618 	rem = usbd_xfer_max_len(xfer);
1619 	offset = 0;
1620 
1621 	for (; n != xfer->nframes; n++) {
1622 		/* get initial length into "temp" */
1623 		if (fueword32(fs_ep.pLength + n, &temp) != 0) {
1624 			return (EFAULT);
1625 		}
1626 		if (temp > rem) {
1627 			/* the userland length has been corrupted */
1628 			DPRINTF("corrupt userland length "
1629 			    "%u > %u\n", temp, rem);
1630 			fs_ep.status = USB_ERR_INVAL;
1631 			goto complete;
1632 		}
1633 		rem -= temp;
1634 
1635 		/* get actual transfer length */
1636 		length = xfer->frlengths[n];
1637 		if (length > temp) {
1638 			/* data overflow */
1639 			fs_ep.status = USB_ERR_INVAL;
1640 			DPRINTF("data overflow %u > %u\n",
1641 			    length, temp);
1642 			goto complete;
1643 		}
1644 		if (isread) {
1645 			/* we need to know the destination buffer */
1646 			error = ugen_fs_getbuffer(&uaddr, f, fs_ep.ppBuffer, n);
1647 			if (error) {
1648 				return (error);
1649 			}
1650 			if (xfer->flags_int.isochronous_xfr) {
1651 				/* only one frame buffer */
1652 				kaddr = USB_ADD_BYTES(
1653 				    xfer->frbuffers[0].buffer, offset);
1654 			} else {
1655 				/* multiple frame buffers */
1656 				kaddr = xfer->frbuffers[n].buffer;
1657 			}
1658 
1659 			/* move data */
1660 			error = copyout(kaddr, uaddr, length);
1661 			if (error) {
1662 				goto complete;
1663 			}
1664 		}
1665 		/*
1666 		 * Update offset according to initial length, which is
1667 		 * needed by isochronous transfers!
1668 		 */
1669 		offset += temp;
1670 
1671 		/* update length */
1672 		if (suword32(fs_ep.pLength + n, length) != 0)
1673 			goto complete;
1674 	}
1675 
1676 complete:
1677 	if (error == 0)
1678 		error = ugen_fs_update(&fs_ep, f, ep_index);
1679 	return (error);
1680 }
1681 
1682 static uint8_t
1683 ugen_fifo_in_use(struct usb_fifo *f, int fflags)
1684 {
1685 	struct usb_fifo *f_rx;
1686 	struct usb_fifo *f_tx;
1687 
1688 	f_rx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_RX];
1689 	f_tx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_TX];
1690 
1691 	if ((fflags & FREAD) && f_rx &&
1692 	    (f_rx->xfer[0] || f_rx->xfer[1])) {
1693 		return (1);		/* RX FIFO in use */
1694 	}
1695 	if ((fflags & FWRITE) && f_tx &&
1696 	    (f_tx->xfer[0] || f_tx->xfer[1])) {
1697 		return (1);		/* TX FIFO in use */
1698 	}
1699 	return (0);			/* not in use */
1700 }
1701 
1702 static int
1703 ugen_ioctl(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
1704 {
1705 	union {
1706 		struct usb_fs_complete *pcomp;
1707 		struct usb_fs_start *pstart;
1708 		struct usb_fs_stop *pstop;
1709 		void   *addr;
1710 	}     u;
1711 	struct usb_xfer *xfer;
1712 	int error;
1713 	uint8_t ep_index;
1714 
1715 	u.addr = addr;
1716 
1717 	DPRINTFN(6, "cmd=0x%08lx\n", cmd);
1718 
1719 	switch (cmd) {
1720 	case USB_FS_COMPLETE:
1721 		sx_slock(&f->fs_fastpath_lock);
1722 		mtx_lock(f->priv_mtx);
1723 		error = ugen_fs_get_complete(f, &ep_index);
1724 		mtx_unlock(f->priv_mtx);
1725 
1726 		if (error != 0) {
1727 			error = EBUSY;
1728 		} else {
1729 			u.pcomp->ep_index = ep_index;
1730 			error = ugen_fs_copy_out(f, u.pcomp->ep_index);
1731 		}
1732 		sx_sunlock(&f->fs_fastpath_lock);
1733 		break;
1734 
1735 	case USB_FS_START:
1736 		sx_slock(&f->fs_fastpath_lock);
1737 		error = ugen_fs_copy_in(f, u.pstart->ep_index);
1738 		if (error == 0) {
1739 			mtx_lock(f->priv_mtx);
1740 			xfer = f->fs_xfer[u.pstart->ep_index];
1741 			usbd_transfer_start(xfer);
1742 			mtx_unlock(f->priv_mtx);
1743 		}
1744 		sx_sunlock(&f->fs_fastpath_lock);
1745 		break;
1746 
1747 	case USB_FS_STOP:
1748 		mtx_lock(f->priv_mtx);
1749 		if (u.pstop->ep_index >= f->fs_ep_max) {
1750 			error = EINVAL;
1751 		} else {
1752 			error = 0;
1753 			xfer = f->fs_xfer[u.pstart->ep_index];
1754 			if (usbd_transfer_pending(xfer)) {
1755 				usbd_transfer_stop(xfer);
1756 
1757 				/*
1758 				 * Check if the USB transfer was
1759 				 * stopped before it was even started
1760 				 * and fake a cancel event.
1761 				 */
1762 				if (!xfer->flags_int.transferring &&
1763 				    !xfer->flags_int.started) {
1764 					DPRINTF("Issuing fake completion event\n");
1765 					ugen_fs_set_complete(xfer->priv_sc,
1766 					    USB_P2U(xfer->priv_fifo));
1767 				}
1768 			}
1769 		}
1770 		mtx_unlock(f->priv_mtx);
1771 		break;
1772 
1773 	default:
1774 		error = ENOIOCTL;
1775 		break;
1776 	}
1777 
1778 	DPRINTFN(6, "error=%d\n", error);
1779 
1780 	return (error);
1781 }
1782 
1783 static int
1784 ugen_set_short_xfer(struct usb_fifo *f, void *addr)
1785 {
1786 	uint8_t t;
1787 
1788 	if (*(int *)addr)
1789 		t = 1;
1790 	else
1791 		t = 0;
1792 
1793 	if (f->flag_short == t) {
1794 		/* same value like before - accept */
1795 		return (0);
1796 	}
1797 	if (f->xfer[0] || f->xfer[1]) {
1798 		/* cannot change this during transfer */
1799 		return (EBUSY);
1800 	}
1801 	f->flag_short = t;
1802 	return (0);
1803 }
1804 
1805 static int
1806 ugen_set_timeout(struct usb_fifo *f, void *addr)
1807 {
1808 	f->timeout = *(int *)addr;
1809 	if (f->timeout > 65535) {
1810 		/* limit user input */
1811 		f->timeout = 65535;
1812 	}
1813 	return (0);
1814 }
1815 
1816 static int
1817 ugen_get_frame_size(struct usb_fifo *f, void *addr)
1818 {
1819 	if (f->xfer[0]) {
1820 		*(int *)addr = f->xfer[0]->max_frame_size;
1821 	} else {
1822 		return (EINVAL);
1823 	}
1824 	return (0);
1825 }
1826 
1827 static int
1828 ugen_set_buffer_size(struct usb_fifo *f, void *addr)
1829 {
1830 	usb_frlength_t t;
1831 
1832 	if (*(int *)addr < 0)
1833 		t = 0;		/* use "wMaxPacketSize" */
1834 	else if (*(int *)addr < (256 * 1024))
1835 		t = *(int *)addr;
1836 	else
1837 		t = 256 * 1024;
1838 
1839 	if (f->bufsize == t) {
1840 		/* same value like before - accept */
1841 		return (0);
1842 	}
1843 	if (f->xfer[0] || f->xfer[1]) {
1844 		/* cannot change this during transfer */
1845 		return (EBUSY);
1846 	}
1847 	f->bufsize = t;
1848 	return (0);
1849 }
1850 
1851 static int
1852 ugen_get_buffer_size(struct usb_fifo *f, void *addr)
1853 {
1854 	*(int *)addr = f->bufsize;
1855 	return (0);
1856 }
1857 
1858 static int
1859 ugen_get_iface_desc(struct usb_fifo *f,
1860     struct usb_interface_descriptor *idesc)
1861 {
1862 	struct usb_interface *iface;
1863 
1864 	iface = usbd_get_iface(f->udev, f->iface_index);
1865 	if (iface && iface->idesc) {
1866 		*idesc = *(iface->idesc);
1867 	} else {
1868 		return (EIO);
1869 	}
1870 	return (0);
1871 }
1872 
1873 static int
1874 ugen_get_endpoint_desc(struct usb_fifo *f,
1875     struct usb_endpoint_descriptor *ed)
1876 {
1877 	struct usb_endpoint *ep;
1878 
1879 	ep = usb_fifo_softc(f);
1880 
1881 	if (ep && ep->edesc) {
1882 		*ed = *ep->edesc;
1883 	} else {
1884 		return (EINVAL);
1885 	}
1886 	return (0);
1887 }
1888 
1889 static int
1890 ugen_set_power_mode(struct usb_fifo *f, int mode)
1891 {
1892 	struct usb_device *udev = f->udev;
1893 	int err;
1894 	uint8_t old_mode;
1895 
1896 	if ((udev == NULL) ||
1897 	    (udev->parent_hub == NULL)) {
1898 		return (EINVAL);
1899 	}
1900 	err = priv_check(curthread, PRIV_DRIVER);
1901 	if (err)
1902 		return (err);
1903 
1904 	/* get old power mode */
1905 	old_mode = udev->power_mode;
1906 
1907 	/* if no change, then just return */
1908 	if (old_mode == mode)
1909 		return (0);
1910 
1911 	switch (mode) {
1912 	case USB_POWER_MODE_OFF:
1913 		if (udev->flags.usb_mode == USB_MODE_HOST &&
1914 		    udev->re_enumerate_wait == USB_RE_ENUM_DONE) {
1915 			udev->re_enumerate_wait = USB_RE_ENUM_PWR_OFF;
1916 		}
1917 		/* set power mode will wake up the explore thread */
1918 		break;
1919 
1920 	case USB_POWER_MODE_ON:
1921 	case USB_POWER_MODE_SAVE:
1922 		break;
1923 
1924 	case USB_POWER_MODE_RESUME:
1925 #if USB_HAVE_POWERD
1926 		/* let USB-powerd handle resume */
1927 		USB_BUS_LOCK(udev->bus);
1928 		udev->pwr_save.write_refs++;
1929 		udev->pwr_save.last_xfer_time = ticks;
1930 		USB_BUS_UNLOCK(udev->bus);
1931 
1932 		/* set new power mode */
1933 		usbd_set_power_mode(udev, USB_POWER_MODE_SAVE);
1934 
1935 		/* wait for resume to complete */
1936 		usb_pause_mtx(NULL, hz / 4);
1937 
1938 		/* clear write reference */
1939 		USB_BUS_LOCK(udev->bus);
1940 		udev->pwr_save.write_refs--;
1941 		USB_BUS_UNLOCK(udev->bus);
1942 #endif
1943 		mode = USB_POWER_MODE_SAVE;
1944 		break;
1945 
1946 	case USB_POWER_MODE_SUSPEND:
1947 #if USB_HAVE_POWERD
1948 		/* let USB-powerd handle suspend */
1949 		USB_BUS_LOCK(udev->bus);
1950 		udev->pwr_save.last_xfer_time = ticks - (256 * hz);
1951 		USB_BUS_UNLOCK(udev->bus);
1952 #endif
1953 		mode = USB_POWER_MODE_SAVE;
1954 		break;
1955 
1956 	default:
1957 		return (EINVAL);
1958 	}
1959 
1960 	if (err)
1961 		return (ENXIO);		/* I/O failure */
1962 
1963 	/* if we are powered off we need to re-enumerate first */
1964 	if (old_mode == USB_POWER_MODE_OFF) {
1965 		if (udev->flags.usb_mode == USB_MODE_HOST &&
1966 		    udev->re_enumerate_wait == USB_RE_ENUM_DONE) {
1967 			udev->re_enumerate_wait = USB_RE_ENUM_START;
1968 		}
1969 		/* set power mode will wake up the explore thread */
1970 	}
1971 
1972 	/* set new power mode */
1973 	usbd_set_power_mode(udev, mode);
1974 
1975 	return (0);			/* success */
1976 }
1977 
1978 static int
1979 ugen_get_power_mode(struct usb_fifo *f)
1980 {
1981 	struct usb_device *udev = f->udev;
1982 
1983 	if (udev == NULL)
1984 		return (USB_POWER_MODE_ON);
1985 
1986 	return (udev->power_mode);
1987 }
1988 
1989 static int
1990 ugen_get_port_path(struct usb_fifo *f, struct usb_device_port_path *dpp)
1991 {
1992 	struct usb_device *udev = f->udev;
1993 	struct usb_device *next;
1994 	unsigned nlevel = 0;
1995 
1996 	if (udev == NULL)
1997 		goto error;
1998 
1999 	dpp->udp_bus = device_get_unit(udev->bus->bdev);
2000 	dpp->udp_index = udev->device_index;
2001 
2002 	/* count port levels */
2003 	next = udev;
2004 	while (next->parent_hub != NULL) {
2005 		nlevel++;
2006 		next = next->parent_hub;
2007 	}
2008 
2009 	/* check if too many levels */
2010 	if (nlevel > USB_DEVICE_PORT_PATH_MAX)
2011 		goto error;
2012 
2013 	/* store total level of ports */
2014 	dpp->udp_port_level = nlevel;
2015 
2016 	/* store port index array */
2017 	next = udev;
2018 	while (next->parent_hub != NULL) {
2019 		dpp->udp_port_no[--nlevel] = next->port_no;
2020 		next = next->parent_hub;
2021 	}
2022 	return (0);	/* success */
2023 
2024 error:
2025 	return (EINVAL);	/* failure */
2026 }
2027 
2028 static int
2029 ugen_get_power_usage(struct usb_fifo *f)
2030 {
2031 	struct usb_device *udev = f->udev;
2032 
2033 	if (udev == NULL)
2034 		return (0);
2035 
2036 	return (udev->power);
2037 }
2038 
2039 static int
2040 ugen_do_port_feature(struct usb_fifo *f, uint8_t port_no,
2041     uint8_t set, uint16_t feature)
2042 {
2043 	struct usb_device *udev = f->udev;
2044 	struct usb_hub *hub;
2045 	int err;
2046 
2047 	err = priv_check(curthread, PRIV_DRIVER);
2048 	if (err) {
2049 		return (err);
2050 	}
2051 	if (port_no == 0) {
2052 		return (EINVAL);
2053 	}
2054 	if ((udev == NULL) ||
2055 	    (udev->hub == NULL)) {
2056 		return (EINVAL);
2057 	}
2058 	hub = udev->hub;
2059 
2060 	if (port_no > hub->nports) {
2061 		return (EINVAL);
2062 	}
2063 	if (set)
2064 		err = usbd_req_set_port_feature(udev,
2065 		    NULL, port_no, feature);
2066 	else
2067 		err = usbd_req_clear_port_feature(udev,
2068 		    NULL, port_no, feature);
2069 
2070 	if (err)
2071 		return (ENXIO);		/* failure */
2072 
2073 	return (0);			/* success */
2074 }
2075 
2076 static int
2077 ugen_iface_ioctl(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
2078 {
2079 	struct usb_fifo *f_rx;
2080 	struct usb_fifo *f_tx;
2081 	int error = 0;
2082 
2083 	f_rx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_RX];
2084 	f_tx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_TX];
2085 
2086 	switch (cmd) {
2087 	case USB_SET_RX_SHORT_XFER:
2088 		if (fflags & FREAD) {
2089 			error = ugen_set_short_xfer(f_rx, addr);
2090 		} else {
2091 			error = EINVAL;
2092 		}
2093 		break;
2094 
2095 	case USB_SET_TX_FORCE_SHORT:
2096 		if (fflags & FWRITE) {
2097 			error = ugen_set_short_xfer(f_tx, addr);
2098 		} else {
2099 			error = EINVAL;
2100 		}
2101 		break;
2102 
2103 	case USB_SET_RX_TIMEOUT:
2104 		if (fflags & FREAD) {
2105 			error = ugen_set_timeout(f_rx, addr);
2106 		} else {
2107 			error = EINVAL;
2108 		}
2109 		break;
2110 
2111 	case USB_SET_TX_TIMEOUT:
2112 		if (fflags & FWRITE) {
2113 			error = ugen_set_timeout(f_tx, addr);
2114 		} else {
2115 			error = EINVAL;
2116 		}
2117 		break;
2118 
2119 	case USB_GET_RX_FRAME_SIZE:
2120 		if (fflags & FREAD) {
2121 			error = ugen_get_frame_size(f_rx, addr);
2122 		} else {
2123 			error = EINVAL;
2124 		}
2125 		break;
2126 
2127 	case USB_GET_TX_FRAME_SIZE:
2128 		if (fflags & FWRITE) {
2129 			error = ugen_get_frame_size(f_tx, addr);
2130 		} else {
2131 			error = EINVAL;
2132 		}
2133 		break;
2134 
2135 	case USB_SET_RX_BUFFER_SIZE:
2136 		if (fflags & FREAD) {
2137 			error = ugen_set_buffer_size(f_rx, addr);
2138 		} else {
2139 			error = EINVAL;
2140 		}
2141 		break;
2142 
2143 	case USB_SET_TX_BUFFER_SIZE:
2144 		if (fflags & FWRITE) {
2145 			error = ugen_set_buffer_size(f_tx, addr);
2146 		} else {
2147 			error = EINVAL;
2148 		}
2149 		break;
2150 
2151 	case USB_GET_RX_BUFFER_SIZE:
2152 		if (fflags & FREAD) {
2153 			error = ugen_get_buffer_size(f_rx, addr);
2154 		} else {
2155 			error = EINVAL;
2156 		}
2157 		break;
2158 
2159 	case USB_GET_TX_BUFFER_SIZE:
2160 		if (fflags & FWRITE) {
2161 			error = ugen_get_buffer_size(f_tx, addr);
2162 		} else {
2163 			error = EINVAL;
2164 		}
2165 		break;
2166 
2167 	case USB_GET_RX_INTERFACE_DESC:
2168 		if (fflags & FREAD) {
2169 			error = ugen_get_iface_desc(f_rx, addr);
2170 		} else {
2171 			error = EINVAL;
2172 		}
2173 		break;
2174 
2175 	case USB_GET_TX_INTERFACE_DESC:
2176 		if (fflags & FWRITE) {
2177 			error = ugen_get_iface_desc(f_tx, addr);
2178 		} else {
2179 			error = EINVAL;
2180 		}
2181 		break;
2182 
2183 	case USB_GET_RX_ENDPOINT_DESC:
2184 		if (fflags & FREAD) {
2185 			error = ugen_get_endpoint_desc(f_rx, addr);
2186 		} else {
2187 			error = EINVAL;
2188 		}
2189 		break;
2190 
2191 	case USB_GET_TX_ENDPOINT_DESC:
2192 		if (fflags & FWRITE) {
2193 			error = ugen_get_endpoint_desc(f_tx, addr);
2194 		} else {
2195 			error = EINVAL;
2196 		}
2197 		break;
2198 
2199 	case USB_SET_RX_STALL_FLAG:
2200 		if ((fflags & FREAD) && (*(int *)addr)) {
2201 			f_rx->flag_stall = 1;
2202 		}
2203 		break;
2204 
2205 	case USB_SET_TX_STALL_FLAG:
2206 		if ((fflags & FWRITE) && (*(int *)addr)) {
2207 			f_tx->flag_stall = 1;
2208 		}
2209 		break;
2210 
2211 	default:
2212 		error = ENOIOCTL;
2213 		break;
2214 	}
2215 	return (error);
2216 }
2217 
2218 static int
2219 ugen_ioctl_post(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
2220 {
2221 	union {
2222 		struct usb_interface_descriptor *idesc;
2223 		struct usb_alt_interface *ai;
2224 		struct usb_device_descriptor *ddesc;
2225 		struct usb_config_descriptor *cdesc;
2226 		struct usb_device_stats *stat;
2227 		struct usb_fs_init *pinit;
2228 #ifdef COMPAT_FREEBSD32
2229 		struct usb_fs_init32 *pinit32;
2230 #endif
2231 		struct usb_fs_uninit *puninit;
2232 		struct usb_fs_open *popen;
2233 		struct usb_fs_open_stream *popen_stream;
2234 		struct usb_fs_close *pclose;
2235 		struct usb_fs_clear_stall_sync *pstall;
2236 		struct usb_device_port_path *dpp;
2237 		uint32_t *ptime;
2238 		void   *addr;
2239 		int    *pint;
2240 	}     u;
2241 	struct usb_device_descriptor *dtemp;
2242 	struct usb_config_descriptor *ctemp;
2243 	struct usb_interface *iface;
2244 	int error = 0;
2245 	uint8_t n;
2246 
2247 	u.addr = addr;
2248 
2249 	DPRINTFN(6, "cmd=0x%08lx\n", cmd);
2250 
2251 	switch (cmd) {
2252 	case USB_DISCOVER:
2253 		usb_needs_explore_all();
2254 		break;
2255 
2256 	case USB_SETDEBUG:
2257 		if (!(fflags & FWRITE)) {
2258 			error = EPERM;
2259 			break;
2260 		}
2261 		usb_debug = *(int *)addr;
2262 		break;
2263 
2264 	case USB_GET_CONFIG:
2265 		*(int *)addr = f->udev->curr_config_index;
2266 		break;
2267 
2268 	case USB_SET_CONFIG:
2269 		if (!(fflags & FWRITE)) {
2270 			error = EPERM;
2271 			break;
2272 		}
2273 		error = ugen_set_config(f, *(int *)addr);
2274 		break;
2275 
2276 	case USB_GET_ALTINTERFACE:
2277 		iface = usbd_get_iface(f->udev,
2278 		    u.ai->uai_interface_index);
2279 		if (iface && iface->idesc) {
2280 			u.ai->uai_alt_index = iface->alt_index;
2281 		} else {
2282 			error = EINVAL;
2283 		}
2284 		break;
2285 
2286 	case USB_SET_ALTINTERFACE:
2287 		if (!(fflags & FWRITE)) {
2288 			error = EPERM;
2289 			break;
2290 		}
2291 		error = ugen_set_interface(f,
2292 		    u.ai->uai_interface_index, u.ai->uai_alt_index);
2293 		break;
2294 
2295 	case USB_GET_DEVICE_DESC:
2296 		dtemp = usbd_get_device_descriptor(f->udev);
2297 		if (!dtemp) {
2298 			error = EIO;
2299 			break;
2300 		}
2301 		*u.ddesc = *dtemp;
2302 		break;
2303 
2304 	case USB_GET_CONFIG_DESC:
2305 		ctemp = usbd_get_config_descriptor(f->udev);
2306 		if (!ctemp) {
2307 			error = EIO;
2308 			break;
2309 		}
2310 		*u.cdesc = *ctemp;
2311 		break;
2312 
2313 	case USB_GET_FULL_DESC:
2314 		error = ugen_get_cdesc(f, addr);
2315 		break;
2316 
2317 	case USB_GET_STRING_DESC:
2318 		error = ugen_get_sdesc(f, addr);
2319 		break;
2320 
2321 	case USB_GET_IFACE_DRIVER:
2322 		error = ugen_get_iface_driver(f, addr);
2323 		break;
2324 
2325 #ifdef COMPAT_FREEBSD32
2326 	case USB_GET_FULL_DESC32:
2327 	case USB_GET_STRING_DESC32:
2328 	case USB_GET_IFACE_DRIVER32:
2329 		error = ugen_get32(cmd, f, addr);
2330 		break;
2331 #endif
2332 
2333 	case USB_REQUEST:
2334 	case USB_DO_REQUEST:
2335 		if (!(fflags & FWRITE)) {
2336 			error = EPERM;
2337 			break;
2338 		}
2339 		error = ugen_do_request(f, addr);
2340 		break;
2341 
2342 #ifdef COMPAT_FREEBSD32
2343 	case USB_REQUEST32:
2344 	case USB_DO_REQUEST32:
2345 		if (!(fflags & FWRITE)) {
2346 			error = EPERM;
2347 			break;
2348 		}
2349 		error = ugen_do_request32(f, addr);
2350 		break;
2351 #endif
2352 
2353 	case USB_DEVICEINFO:
2354 	case USB_GET_DEVICEINFO:
2355 		error = ugen_fill_deviceinfo(f, addr);
2356 		break;
2357 
2358 	case USB_DEVICESTATS:
2359 		for (n = 0; n != 4; n++) {
2360 			u.stat->uds_requests_fail[n] =
2361 			    f->udev->stats_err.uds_requests[n];
2362 			u.stat->uds_requests_ok[n] =
2363 			    f->udev->stats_ok.uds_requests[n];
2364 		}
2365 		break;
2366 
2367 	case USB_DEVICEENUMERATE:
2368 		error = ugen_re_enumerate(f);
2369 		break;
2370 
2371 	case USB_GET_PLUGTIME:
2372 		*u.ptime = f->udev->plugtime;
2373 		break;
2374 
2375 	case USB_CLAIM_INTERFACE:
2376 	case USB_RELEASE_INTERFACE:
2377 		/* TODO */
2378 		break;
2379 
2380 	case USB_IFACE_DRIVER_ACTIVE:
2381 
2382 		n = *u.pint & 0xFF;
2383 
2384 		iface = usbd_get_iface(f->udev, n);
2385 
2386 		if (iface && iface->subdev)
2387 			error = 0;
2388 		else
2389 			error = ENXIO;
2390 		break;
2391 
2392 	case USB_IFACE_DRIVER_DETACH:
2393 
2394 		error = priv_check(curthread, PRIV_DRIVER);
2395 
2396 		if (error)
2397 			break;
2398 
2399 		n = *u.pint & 0xFF;
2400 
2401 		if (n == USB_IFACE_INDEX_ANY) {
2402 			error = EINVAL;
2403 			break;
2404 		}
2405 
2406 		/*
2407 		 * Detach the currently attached driver.
2408 		 */
2409 		usb_detach_device(f->udev, n, 0);
2410 
2411 		/*
2412 		 * Set parent to self, this should keep attach away
2413 		 * until the next set configuration event.
2414 		 */
2415 		usbd_set_parent_iface(f->udev, n, n);
2416 		break;
2417 
2418 	case USB_SET_POWER_MODE:
2419 		error = ugen_set_power_mode(f, *u.pint);
2420 		break;
2421 
2422 	case USB_GET_POWER_MODE:
2423 		*u.pint = ugen_get_power_mode(f);
2424 		break;
2425 
2426 	case USB_GET_DEV_PORT_PATH:
2427 		error = ugen_get_port_path(f, u.dpp);
2428 		break;
2429 
2430 	case USB_GET_POWER_USAGE:
2431 		*u.pint = ugen_get_power_usage(f);
2432 		break;
2433 
2434 	case USB_SET_PORT_ENABLE:
2435 		error = ugen_do_port_feature(f,
2436 		    *u.pint, 1, UHF_PORT_ENABLE);
2437 		break;
2438 
2439 	case USB_SET_PORT_DISABLE:
2440 		error = ugen_do_port_feature(f,
2441 		    *u.pint, 0, UHF_PORT_ENABLE);
2442 		break;
2443 
2444 	case USB_FS_INIT:
2445 		error = ugen_fs_init(f, u.pinit->pEndpoints,
2446 		    sizeof(struct usb_fs_endpoint), fflags,
2447 		    u.pinit->ep_index_max);
2448 		break;
2449 #ifdef COMPAT_FREEBSD32
2450 	case USB_FS_INIT32:
2451 		error = ugen_fs_init(f, PTRIN(u.pinit32->pEndpoints),
2452 		    sizeof(struct usb_fs_endpoint32), fflags,
2453 		    u.pinit32->ep_index_max);
2454 		break;
2455 #endif
2456 	case USB_FS_UNINIT:
2457 		if (u.puninit->dummy != 0) {
2458 			error = EINVAL;
2459 			break;
2460 		}
2461 		error = ugen_fs_uninit(f);
2462 		break;
2463 
2464 	case USB_FS_OPEN:
2465 	case USB_FS_OPEN_STREAM:
2466 		error = usb_fs_open(f, u.popen, fflags,
2467 		    (cmd == USB_FS_OPEN_STREAM) ? u.popen_stream->stream_id : 0);
2468 		break;
2469 
2470 	case USB_FS_CLOSE:
2471 		error = usb_fs_close(f, u.pclose);
2472 		break;
2473 
2474 	case USB_FS_CLEAR_STALL_SYNC:
2475 		error = usb_fs_clear_stall_sync(f, u.pstall);
2476 		break;
2477 
2478 	default:
2479 		mtx_lock(f->priv_mtx);
2480 		error = ugen_iface_ioctl(f, cmd, addr, fflags);
2481 		mtx_unlock(f->priv_mtx);
2482 		break;
2483 	}
2484 	DPRINTFN(6, "error=%d\n", error);
2485 	return (error);
2486 }
2487 
2488 static void
2489 ugen_ctrl_fs_callback(struct usb_xfer *xfer, usb_error_t error)
2490 {
2491 	;				/* workaround for a bug in "indent" */
2492 
2493 	DPRINTF("st=%u alen=%u aframes=%u\n",
2494 	    USB_GET_STATE(xfer), xfer->actlen, xfer->aframes);
2495 
2496 	switch (USB_GET_STATE(xfer)) {
2497 	case USB_ST_SETUP:
2498 		usbd_transfer_submit(xfer);
2499 		break;
2500 	default:
2501 		ugen_fs_set_complete(xfer->priv_sc, USB_P2U(xfer->priv_fifo));
2502 		break;
2503 	}
2504 }
2505 
2506 #ifdef COMPAT_FREEBSD32
2507 void
2508 usb_gen_descriptor_from32(struct usb_gen_descriptor *ugd,
2509     const struct usb_gen_descriptor32 *ugd32)
2510 {
2511 	PTRIN_CP(*ugd32, *ugd, ugd_data);
2512 	CP(*ugd32, *ugd, ugd_lang_id);
2513 	CP(*ugd32, *ugd, ugd_maxlen);
2514 	CP(*ugd32, *ugd, ugd_actlen);
2515 	CP(*ugd32, *ugd, ugd_offset);
2516 	CP(*ugd32, *ugd, ugd_config_index);
2517 	CP(*ugd32, *ugd, ugd_string_index);
2518 	CP(*ugd32, *ugd, ugd_iface_index);
2519 	CP(*ugd32, *ugd, ugd_altif_index);
2520 	CP(*ugd32, *ugd, ugd_endpt_index);
2521 	CP(*ugd32, *ugd, ugd_report_type);
2522 	/* Don't copy reserved */
2523 }
2524 
2525 void
2526 update_usb_gen_descriptor32(struct usb_gen_descriptor32 *ugd32,
2527     struct usb_gen_descriptor *ugd)
2528 {
2529 	/* Don't update ugd_data pointer */
2530 	CP(*ugd32, *ugd, ugd_lang_id);
2531 	CP(*ugd32, *ugd, ugd_maxlen);
2532 	CP(*ugd32, *ugd, ugd_actlen);
2533 	CP(*ugd32, *ugd, ugd_offset);
2534 	CP(*ugd32, *ugd, ugd_config_index);
2535 	CP(*ugd32, *ugd, ugd_string_index);
2536 	CP(*ugd32, *ugd, ugd_iface_index);
2537 	CP(*ugd32, *ugd, ugd_altif_index);
2538 	CP(*ugd32, *ugd, ugd_endpt_index);
2539 	CP(*ugd32, *ugd, ugd_report_type);
2540 	/* Don't update reserved */
2541 }
2542 
2543 static int
2544 ugen_get32(u_long cmd, struct usb_fifo *f, struct usb_gen_descriptor32 *ugd32)
2545 {
2546 	struct usb_gen_descriptor ugd;
2547 	int error;
2548 
2549 	usb_gen_descriptor_from32(&ugd, ugd32);
2550 	switch (cmd) {
2551 	case USB_GET_FULL_DESC32:
2552 		error = ugen_get_cdesc(f, &ugd);
2553 		break;
2554 
2555 	case USB_GET_STRING_DESC32:
2556 		error = ugen_get_sdesc(f, &ugd);
2557 		break;
2558 
2559 	case USB_GET_IFACE_DRIVER32:
2560 		error = ugen_get_iface_driver(f, &ugd);
2561 		break;
2562 	default:
2563 		/* Can't happen except by programmer error */
2564 		panic("%s: called with invalid cmd %lx", __func__, cmd);
2565 	}
2566 	update_usb_gen_descriptor32(ugd32, &ugd);
2567 
2568 	return (error);
2569 }
2570 
2571 #endif /* COMPAT_FREEBSD32 */
2572 
2573 #endif	/* USB_HAVE_UGEN */
2574