xref: /freebsd/sys/dev/usb/usb_generic.c (revision e3d9ae4c56e15404846e4cb3360394a0a36cec23)
1 /* $FreeBSD$ */
2 /*-
3  * Copyright (c) 2008 Hans Petter Selasky. All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #ifdef USB_GLOBAL_INCLUDE_FILE
28 #include USB_GLOBAL_INCLUDE_FILE
29 #else
30 #include <sys/stdint.h>
31 #include <sys/stddef.h>
32 #include <sys/param.h>
33 #include <sys/queue.h>
34 #include <sys/types.h>
35 #include <sys/systm.h>
36 #include <sys/kernel.h>
37 #include <sys/bus.h>
38 #include <sys/module.h>
39 #include <sys/lock.h>
40 #include <sys/mutex.h>
41 #include <sys/condvar.h>
42 #include <sys/sysctl.h>
43 #include <sys/sx.h>
44 #include <sys/unistd.h>
45 #include <sys/callout.h>
46 #include <sys/malloc.h>
47 #include <sys/priv.h>
48 #include <sys/conf.h>
49 #include <sys/fcntl.h>
50 
51 #include <dev/usb/usb.h>
52 #include <dev/usb/usb_ioctl.h>
53 #include <dev/usb/usbdi.h>
54 #include <dev/usb/usbdi_util.h>
55 
56 #define	USB_DEBUG_VAR ugen_debug
57 
58 #include <dev/usb/usb_core.h>
59 #include <dev/usb/usb_dev.h>
60 #include <dev/usb/usb_mbuf.h>
61 #include <dev/usb/usb_process.h>
62 #include <dev/usb/usb_device.h>
63 #include <dev/usb/usb_debug.h>
64 #include <dev/usb/usb_request.h>
65 #include <dev/usb/usb_busdma.h>
66 #include <dev/usb/usb_util.h>
67 #include <dev/usb/usb_hub.h>
68 #include <dev/usb/usb_generic.h>
69 #include <dev/usb/usb_transfer.h>
70 
71 #include <dev/usb/usb_controller.h>
72 #include <dev/usb/usb_bus.h>
73 #endif			/* USB_GLOBAL_INCLUDE_FILE */
74 
75 #if USB_HAVE_UGEN
76 
77 /* defines */
78 
79 #define	UGEN_BULK_FS_BUFFER_SIZE	(64*32)	/* bytes */
80 #define	UGEN_BULK_HS_BUFFER_SIZE	(1024*32)	/* bytes */
81 #define	UGEN_HW_FRAMES	50		/* number of milliseconds per transfer */
82 
83 /* function prototypes */
84 
85 static usb_callback_t ugen_read_clear_stall_callback;
86 static usb_callback_t ugen_write_clear_stall_callback;
87 static usb_callback_t ugen_ctrl_read_callback;
88 static usb_callback_t ugen_ctrl_write_callback;
89 static usb_callback_t ugen_isoc_read_callback;
90 static usb_callback_t ugen_isoc_write_callback;
91 static usb_callback_t ugen_ctrl_fs_callback;
92 
93 static usb_fifo_open_t ugen_open;
94 static usb_fifo_close_t ugen_close;
95 static usb_fifo_ioctl_t ugen_ioctl;
96 static usb_fifo_ioctl_t ugen_ioctl_post;
97 static usb_fifo_cmd_t ugen_start_read;
98 static usb_fifo_cmd_t ugen_start_write;
99 static usb_fifo_cmd_t ugen_stop_io;
100 
101 static int	ugen_transfer_setup(struct usb_fifo *,
102 		     const struct usb_config *, uint8_t);
103 static int	ugen_open_pipe_write(struct usb_fifo *);
104 static int	ugen_open_pipe_read(struct usb_fifo *);
105 static int	ugen_set_config(struct usb_fifo *, uint8_t);
106 static int	ugen_set_interface(struct usb_fifo *, uint8_t, uint8_t);
107 static int	ugen_get_cdesc(struct usb_fifo *, struct usb_gen_descriptor *);
108 static int	ugen_get_sdesc(struct usb_fifo *, struct usb_gen_descriptor *);
109 static int	ugen_get_iface_driver(struct usb_fifo *f, struct usb_gen_descriptor *ugd);
110 static int	usb_gen_fill_deviceinfo(struct usb_fifo *,
111 		    struct usb_device_info *);
112 static int	ugen_re_enumerate(struct usb_fifo *);
113 static int	ugen_iface_ioctl(struct usb_fifo *, u_long, void *, int);
114 static uint8_t	ugen_fs_get_complete(struct usb_fifo *, uint8_t *);
115 static int	ugen_fs_uninit(struct usb_fifo *f);
116 
117 /* structures */
118 
119 struct usb_fifo_methods usb_ugen_methods = {
120 	.f_open = &ugen_open,
121 	.f_close = &ugen_close,
122 	.f_ioctl = &ugen_ioctl,
123 	.f_ioctl_post = &ugen_ioctl_post,
124 	.f_start_read = &ugen_start_read,
125 	.f_stop_read = &ugen_stop_io,
126 	.f_start_write = &ugen_start_write,
127 	.f_stop_write = &ugen_stop_io,
128 };
129 
130 #ifdef USB_DEBUG
131 static int ugen_debug = 0;
132 
133 static SYSCTL_NODE(_hw_usb, OID_AUTO, ugen, CTLFLAG_RW, 0, "USB generic");
134 SYSCTL_INT(_hw_usb_ugen, OID_AUTO, debug, CTLFLAG_RWTUN, &ugen_debug,
135     0, "Debug level");
136 #endif
137 
138 
139 /* prototypes */
140 
141 static int
142 ugen_transfer_setup(struct usb_fifo *f,
143     const struct usb_config *setup, uint8_t n_setup)
144 {
145 	struct usb_endpoint *ep = usb_fifo_softc(f);
146 	struct usb_device *udev = f->udev;
147 	uint8_t iface_index = ep->iface_index;
148 	int error;
149 
150 	mtx_unlock(f->priv_mtx);
151 
152 	/*
153 	 * "usbd_transfer_setup()" can sleep so one needs to make a wrapper,
154 	 * exiting the mutex and checking things
155 	 */
156 	error = usbd_transfer_setup(udev, &iface_index, f->xfer,
157 	    setup, n_setup, f, f->priv_mtx);
158 	if (error == 0) {
159 
160 		if (f->xfer[0]->nframes == 1) {
161 			error = usb_fifo_alloc_buffer(f,
162 			    f->xfer[0]->max_data_length, 2);
163 		} else {
164 			error = usb_fifo_alloc_buffer(f,
165 			    f->xfer[0]->max_frame_size,
166 			    2 * f->xfer[0]->nframes);
167 		}
168 		if (error) {
169 			usbd_transfer_unsetup(f->xfer, n_setup);
170 		}
171 	}
172 	mtx_lock(f->priv_mtx);
173 
174 	return (error);
175 }
176 
177 static int
178 ugen_open(struct usb_fifo *f, int fflags)
179 {
180 	struct usb_endpoint *ep = usb_fifo_softc(f);
181 	struct usb_endpoint_descriptor *ed = ep->edesc;
182 	uint8_t type;
183 
184 	DPRINTFN(6, "flag=0x%x\n", fflags);
185 
186 	mtx_lock(f->priv_mtx);
187 	switch (usbd_get_speed(f->udev)) {
188 	case USB_SPEED_LOW:
189 	case USB_SPEED_FULL:
190 		f->nframes = UGEN_HW_FRAMES;
191 		f->bufsize = UGEN_BULK_FS_BUFFER_SIZE;
192 		break;
193 	default:
194 		f->nframes = UGEN_HW_FRAMES * 8;
195 		f->bufsize = UGEN_BULK_HS_BUFFER_SIZE;
196 		break;
197 	}
198 
199 	type = ed->bmAttributes & UE_XFERTYPE;
200 	if (type == UE_INTERRUPT) {
201 		f->bufsize = 0;		/* use "wMaxPacketSize" */
202 	}
203 	f->timeout = USB_NO_TIMEOUT;
204 	f->flag_short = 0;
205 	f->fifo_zlp = 0;
206 	mtx_unlock(f->priv_mtx);
207 
208 	return (0);
209 }
210 
211 static void
212 ugen_close(struct usb_fifo *f, int fflags)
213 {
214 	DPRINTFN(6, "flag=0x%x\n", fflags);
215 
216 	/* cleanup */
217 
218 	mtx_lock(f->priv_mtx);
219 	usbd_transfer_stop(f->xfer[0]);
220 	usbd_transfer_stop(f->xfer[1]);
221 	mtx_unlock(f->priv_mtx);
222 
223 	usbd_transfer_unsetup(f->xfer, 2);
224 	usb_fifo_free_buffer(f);
225 
226 	if (ugen_fs_uninit(f)) {
227 		/* ignore any errors - we are closing */
228 		DPRINTFN(6, "no FIFOs\n");
229 	}
230 }
231 
232 static int
233 ugen_open_pipe_write(struct usb_fifo *f)
234 {
235 	struct usb_config usb_config[2];
236 	struct usb_endpoint *ep = usb_fifo_softc(f);
237 	struct usb_endpoint_descriptor *ed = ep->edesc;
238 
239 	mtx_assert(f->priv_mtx, MA_OWNED);
240 
241 	if (f->xfer[0] || f->xfer[1]) {
242 		/* transfers are already opened */
243 		return (0);
244 	}
245 	memset(usb_config, 0, sizeof(usb_config));
246 
247 	usb_config[1].type = UE_CONTROL;
248 	usb_config[1].endpoint = 0;
249 	usb_config[1].direction = UE_DIR_ANY;
250 	usb_config[1].timeout = 1000;	/* 1 second */
251 	usb_config[1].interval = 50;/* 50 milliseconds */
252 	usb_config[1].bufsize = sizeof(struct usb_device_request);
253 	usb_config[1].callback = &ugen_write_clear_stall_callback;
254 	usb_config[1].usb_mode = USB_MODE_HOST;
255 
256 	usb_config[0].type = ed->bmAttributes & UE_XFERTYPE;
257 	usb_config[0].endpoint = ed->bEndpointAddress & UE_ADDR;
258 	usb_config[0].stream_id = 0;	/* XXX support more stream ID's */
259 	usb_config[0].direction = UE_DIR_TX;
260 	usb_config[0].interval = USB_DEFAULT_INTERVAL;
261 	usb_config[0].flags.proxy_buffer = 1;
262 	usb_config[0].usb_mode = USB_MODE_DUAL;	/* both modes */
263 
264 	switch (ed->bmAttributes & UE_XFERTYPE) {
265 	case UE_INTERRUPT:
266 	case UE_BULK:
267 		if (f->flag_short) {
268 			usb_config[0].flags.force_short_xfer = 1;
269 		}
270 		usb_config[0].callback = &ugen_ctrl_write_callback;
271 		usb_config[0].timeout = f->timeout;
272 		usb_config[0].frames = 1;
273 		usb_config[0].bufsize = f->bufsize;
274 		if (ugen_transfer_setup(f, usb_config, 2)) {
275 			return (EIO);
276 		}
277 		/* first transfer does not clear stall */
278 		f->flag_stall = 0;
279 		break;
280 
281 	case UE_ISOCHRONOUS:
282 		usb_config[0].flags.short_xfer_ok = 1;
283 		usb_config[0].bufsize = 0;	/* use default */
284 		usb_config[0].frames = f->nframes;
285 		usb_config[0].callback = &ugen_isoc_write_callback;
286 		usb_config[0].timeout = 0;
287 
288 		/* clone configuration */
289 		usb_config[1] = usb_config[0];
290 
291 		if (ugen_transfer_setup(f, usb_config, 2)) {
292 			return (EIO);
293 		}
294 		break;
295 	default:
296 		return (EINVAL);
297 	}
298 	return (0);
299 }
300 
301 static int
302 ugen_open_pipe_read(struct usb_fifo *f)
303 {
304 	struct usb_config usb_config[2];
305 	struct usb_endpoint *ep = usb_fifo_softc(f);
306 	struct usb_endpoint_descriptor *ed = ep->edesc;
307 
308 	mtx_assert(f->priv_mtx, MA_OWNED);
309 
310 	if (f->xfer[0] || f->xfer[1]) {
311 		/* transfers are already opened */
312 		return (0);
313 	}
314 	memset(usb_config, 0, sizeof(usb_config));
315 
316 	usb_config[1].type = UE_CONTROL;
317 	usb_config[1].endpoint = 0;
318 	usb_config[1].direction = UE_DIR_ANY;
319 	usb_config[1].timeout = 1000;	/* 1 second */
320 	usb_config[1].interval = 50;/* 50 milliseconds */
321 	usb_config[1].bufsize = sizeof(struct usb_device_request);
322 	usb_config[1].callback = &ugen_read_clear_stall_callback;
323 	usb_config[1].usb_mode = USB_MODE_HOST;
324 
325 	usb_config[0].type = ed->bmAttributes & UE_XFERTYPE;
326 	usb_config[0].endpoint = ed->bEndpointAddress & UE_ADDR;
327 	usb_config[0].stream_id = 0;	/* XXX support more stream ID's */
328 	usb_config[0].direction = UE_DIR_RX;
329 	usb_config[0].interval = USB_DEFAULT_INTERVAL;
330 	usb_config[0].flags.proxy_buffer = 1;
331 	usb_config[0].usb_mode = USB_MODE_DUAL;	/* both modes */
332 
333 	switch (ed->bmAttributes & UE_XFERTYPE) {
334 	case UE_INTERRUPT:
335 	case UE_BULK:
336 		if (f->flag_short) {
337 			usb_config[0].flags.short_xfer_ok = 1;
338 		}
339 		usb_config[0].timeout = f->timeout;
340 		usb_config[0].frames = 1;
341 		usb_config[0].callback = &ugen_ctrl_read_callback;
342 		usb_config[0].bufsize = f->bufsize;
343 
344 		if (ugen_transfer_setup(f, usb_config, 2)) {
345 			return (EIO);
346 		}
347 		/* first transfer does not clear stall */
348 		f->flag_stall = 0;
349 		break;
350 
351 	case UE_ISOCHRONOUS:
352 		usb_config[0].flags.short_xfer_ok = 1;
353 		usb_config[0].bufsize = 0;	/* use default */
354 		usb_config[0].frames = f->nframes;
355 		usb_config[0].callback = &ugen_isoc_read_callback;
356 		usb_config[0].timeout = 0;
357 
358 		/* clone configuration */
359 		usb_config[1] = usb_config[0];
360 
361 		if (ugen_transfer_setup(f, usb_config, 2)) {
362 			return (EIO);
363 		}
364 		break;
365 
366 	default:
367 		return (EINVAL);
368 	}
369 	return (0);
370 }
371 
372 static void
373 ugen_start_read(struct usb_fifo *f)
374 {
375 	/* check that pipes are open */
376 	if (ugen_open_pipe_read(f)) {
377 		/* signal error */
378 		usb_fifo_put_data_error(f);
379 	}
380 	/* start transfers */
381 	usbd_transfer_start(f->xfer[0]);
382 	usbd_transfer_start(f->xfer[1]);
383 }
384 
385 static void
386 ugen_start_write(struct usb_fifo *f)
387 {
388 	/* check that pipes are open */
389 	if (ugen_open_pipe_write(f)) {
390 		/* signal error */
391 		usb_fifo_get_data_error(f);
392 	}
393 	/* start transfers */
394 	usbd_transfer_start(f->xfer[0]);
395 	usbd_transfer_start(f->xfer[1]);
396 }
397 
398 static void
399 ugen_stop_io(struct usb_fifo *f)
400 {
401 	/* stop transfers */
402 	usbd_transfer_stop(f->xfer[0]);
403 	usbd_transfer_stop(f->xfer[1]);
404 }
405 
406 static void
407 ugen_ctrl_read_callback(struct usb_xfer *xfer, usb_error_t error)
408 {
409 	struct usb_fifo *f = usbd_xfer_softc(xfer);
410 	struct usb_mbuf *m;
411 
412 	DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
413 
414 	switch (USB_GET_STATE(xfer)) {
415 	case USB_ST_TRANSFERRED:
416 		if (xfer->actlen == 0) {
417 			if (f->fifo_zlp != 4) {
418 				f->fifo_zlp++;
419 			} else {
420 				/*
421 				 * Throttle a little bit we have multiple ZLPs
422 				 * in a row!
423 				 */
424 				xfer->interval = 64;	/* ms */
425 			}
426 		} else {
427 			/* clear throttle */
428 			xfer->interval = 0;
429 			f->fifo_zlp = 0;
430 		}
431 		usb_fifo_put_data(f, xfer->frbuffers, 0,
432 		    xfer->actlen, 1);
433 
434 	case USB_ST_SETUP:
435 		if (f->flag_stall) {
436 			usbd_transfer_start(f->xfer[1]);
437 			break;
438 		}
439 		USB_IF_POLL(&f->free_q, m);
440 		if (m) {
441 			usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
442 			usbd_transfer_submit(xfer);
443 		}
444 		break;
445 
446 	default:			/* Error */
447 		if (xfer->error != USB_ERR_CANCELLED) {
448 			/* send a zero length packet to userland */
449 			usb_fifo_put_data(f, xfer->frbuffers, 0, 0, 1);
450 			f->flag_stall = 1;
451 			f->fifo_zlp = 0;
452 			usbd_transfer_start(f->xfer[1]);
453 		}
454 		break;
455 	}
456 }
457 
458 static void
459 ugen_ctrl_write_callback(struct usb_xfer *xfer, usb_error_t error)
460 {
461 	struct usb_fifo *f = usbd_xfer_softc(xfer);
462 	usb_frlength_t actlen;
463 
464 	DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
465 
466 	switch (USB_GET_STATE(xfer)) {
467 	case USB_ST_SETUP:
468 	case USB_ST_TRANSFERRED:
469 		/*
470 		 * If writing is in stall, just jump to clear stall
471 		 * callback and solve the situation.
472 		 */
473 		if (f->flag_stall) {
474 			usbd_transfer_start(f->xfer[1]);
475 			break;
476 		}
477 		/*
478 		 * Write data, setup and perform hardware transfer.
479 		 */
480 		if (usb_fifo_get_data(f, xfer->frbuffers, 0,
481 		    xfer->max_data_length, &actlen, 0)) {
482 			usbd_xfer_set_frame_len(xfer, 0, actlen);
483 			usbd_transfer_submit(xfer);
484 		}
485 		break;
486 
487 	default:			/* Error */
488 		if (xfer->error != USB_ERR_CANCELLED) {
489 			f->flag_stall = 1;
490 			usbd_transfer_start(f->xfer[1]);
491 		}
492 		break;
493 	}
494 }
495 
496 static void
497 ugen_read_clear_stall_callback(struct usb_xfer *xfer, usb_error_t error)
498 {
499 	struct usb_fifo *f = usbd_xfer_softc(xfer);
500 	struct usb_xfer *xfer_other = f->xfer[0];
501 
502 	if (f->flag_stall == 0) {
503 		/* nothing to do */
504 		return;
505 	}
506 	if (usbd_clear_stall_callback(xfer, xfer_other)) {
507 		DPRINTFN(5, "f=%p: stall cleared\n", f);
508 		f->flag_stall = 0;
509 		usbd_transfer_start(xfer_other);
510 	}
511 }
512 
513 static void
514 ugen_write_clear_stall_callback(struct usb_xfer *xfer, usb_error_t error)
515 {
516 	struct usb_fifo *f = usbd_xfer_softc(xfer);
517 	struct usb_xfer *xfer_other = f->xfer[0];
518 
519 	if (f->flag_stall == 0) {
520 		/* nothing to do */
521 		return;
522 	}
523 	if (usbd_clear_stall_callback(xfer, xfer_other)) {
524 		DPRINTFN(5, "f=%p: stall cleared\n", f);
525 		f->flag_stall = 0;
526 		usbd_transfer_start(xfer_other);
527 	}
528 }
529 
530 static void
531 ugen_isoc_read_callback(struct usb_xfer *xfer, usb_error_t error)
532 {
533 	struct usb_fifo *f = usbd_xfer_softc(xfer);
534 	usb_frlength_t offset;
535 	usb_frcount_t n;
536 
537 	DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
538 
539 	switch (USB_GET_STATE(xfer)) {
540 	case USB_ST_TRANSFERRED:
541 
542 		DPRINTFN(6, "actlen=%d\n", xfer->actlen);
543 
544 		offset = 0;
545 
546 		for (n = 0; n != xfer->aframes; n++) {
547 			usb_fifo_put_data(f, xfer->frbuffers, offset,
548 			    xfer->frlengths[n], 1);
549 			offset += xfer->max_frame_size;
550 		}
551 
552 	case USB_ST_SETUP:
553 tr_setup:
554 		for (n = 0; n != xfer->nframes; n++) {
555 			/* setup size for next transfer */
556 			usbd_xfer_set_frame_len(xfer, n, xfer->max_frame_size);
557 		}
558 		usbd_transfer_submit(xfer);
559 		break;
560 
561 	default:			/* Error */
562 		if (xfer->error == USB_ERR_CANCELLED) {
563 			break;
564 		}
565 		goto tr_setup;
566 	}
567 }
568 
569 static void
570 ugen_isoc_write_callback(struct usb_xfer *xfer, usb_error_t error)
571 {
572 	struct usb_fifo *f = usbd_xfer_softc(xfer);
573 	usb_frlength_t actlen;
574 	usb_frlength_t offset;
575 	usb_frcount_t n;
576 
577 	DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
578 
579 	switch (USB_GET_STATE(xfer)) {
580 	case USB_ST_TRANSFERRED:
581 	case USB_ST_SETUP:
582 tr_setup:
583 		offset = 0;
584 		for (n = 0; n != xfer->nframes; n++) {
585 			if (usb_fifo_get_data(f, xfer->frbuffers, offset,
586 			    xfer->max_frame_size, &actlen, 1)) {
587 				usbd_xfer_set_frame_len(xfer, n, actlen);
588 				offset += actlen;
589 			} else {
590 				break;
591 			}
592 		}
593 
594 		for (; n != xfer->nframes; n++) {
595 			/* fill in zero frames */
596 			usbd_xfer_set_frame_len(xfer, n, 0);
597 		}
598 		usbd_transfer_submit(xfer);
599 		break;
600 
601 	default:			/* Error */
602 		if (xfer->error == USB_ERR_CANCELLED) {
603 			break;
604 		}
605 		goto tr_setup;
606 	}
607 }
608 
609 static int
610 ugen_set_config(struct usb_fifo *f, uint8_t index)
611 {
612 	DPRINTFN(2, "index %u\n", index);
613 
614 	if (f->udev->flags.usb_mode != USB_MODE_HOST) {
615 		/* not possible in device side mode */
616 		return (ENOTTY);
617 	}
618 
619 	/* make sure all FIFO's are gone */
620 	/* else there can be a deadlock */
621 	if (ugen_fs_uninit(f)) {
622 		/* ignore any errors */
623 		DPRINTFN(6, "no FIFOs\n");
624 	}
625 
626 	if (usbd_start_set_config(f->udev, index) != 0)
627 		return (EIO);
628 
629 	return (0);
630 }
631 
632 static int
633 ugen_set_interface(struct usb_fifo *f,
634     uint8_t iface_index, uint8_t alt_index)
635 {
636 	DPRINTFN(2, "%u, %u\n", iface_index, alt_index);
637 
638 	if (f->udev->flags.usb_mode != USB_MODE_HOST) {
639 		/* not possible in device side mode */
640 		return (ENOTTY);
641 	}
642 	/* make sure all FIFO's are gone */
643 	/* else there can be a deadlock */
644 	if (ugen_fs_uninit(f)) {
645 		/* ignore any errors */
646 		DPRINTFN(6, "no FIFOs\n");
647 	}
648 	/* change setting - will free generic FIFOs, if any */
649 	if (usbd_set_alt_interface_index(f->udev, iface_index, alt_index)) {
650 		return (EIO);
651 	}
652 	/* probe and attach */
653 	if (usb_probe_and_attach(f->udev, iface_index)) {
654 		return (EIO);
655 	}
656 	return (0);
657 }
658 
659 /*------------------------------------------------------------------------*
660  *	ugen_get_cdesc
661  *
662  * This function will retrieve the complete configuration descriptor
663  * at the given index.
664  *------------------------------------------------------------------------*/
665 static int
666 ugen_get_cdesc(struct usb_fifo *f, struct usb_gen_descriptor *ugd)
667 {
668 	struct usb_config_descriptor *cdesc;
669 	struct usb_device *udev = f->udev;
670 	int error;
671 	uint16_t len;
672 	uint8_t free_data;
673 
674 	DPRINTFN(6, "\n");
675 
676 	if (ugd->ugd_data == NULL) {
677 		/* userland pointer should not be zero */
678 		return (EINVAL);
679 	}
680 	if ((ugd->ugd_config_index == USB_UNCONFIG_INDEX) ||
681 	    (ugd->ugd_config_index == udev->curr_config_index)) {
682 		cdesc = usbd_get_config_descriptor(udev);
683 		if (cdesc == NULL)
684 			return (ENXIO);
685 		free_data = 0;
686 
687 	} else {
688 #if (USB_HAVE_FIXED_CONFIG == 0)
689 		if (usbd_req_get_config_desc_full(udev,
690 		    NULL, &cdesc, ugd->ugd_config_index)) {
691 			return (ENXIO);
692 		}
693 		free_data = 1;
694 #else
695 		/* configuration descriptor data is shared */
696 		return (EINVAL);
697 #endif
698 	}
699 
700 	len = UGETW(cdesc->wTotalLength);
701 	if (len > ugd->ugd_maxlen) {
702 		len = ugd->ugd_maxlen;
703 	}
704 	DPRINTFN(6, "len=%u\n", len);
705 
706 	ugd->ugd_actlen = len;
707 	ugd->ugd_offset = 0;
708 
709 	error = copyout(cdesc, ugd->ugd_data, len);
710 
711 	if (free_data)
712 		usbd_free_config_desc(udev, cdesc);
713 
714 	return (error);
715 }
716 
717 static int
718 ugen_get_sdesc(struct usb_fifo *f, struct usb_gen_descriptor *ugd)
719 {
720 	void *ptr;
721 	uint16_t size;
722 	int error;
723 	uint8_t do_unlock;
724 
725 	/* Protect scratch area */
726 	do_unlock = usbd_ctrl_lock(f->udev);
727 
728 	ptr = f->udev->scratch.data;
729 	size = sizeof(f->udev->scratch.data);
730 
731 	if (usbd_req_get_string_desc(f->udev, NULL, ptr,
732 	    size, ugd->ugd_lang_id, ugd->ugd_string_index)) {
733 		error = EINVAL;
734 	} else {
735 
736 		if (size > ((uint8_t *)ptr)[0]) {
737 			size = ((uint8_t *)ptr)[0];
738 		}
739 		if (size > ugd->ugd_maxlen) {
740 			size = ugd->ugd_maxlen;
741 		}
742 		ugd->ugd_actlen = size;
743 		ugd->ugd_offset = 0;
744 
745 		error = copyout(ptr, ugd->ugd_data, size);
746 	}
747 	if (do_unlock)
748 		usbd_ctrl_unlock(f->udev);
749 
750 	return (error);
751 }
752 
753 /*------------------------------------------------------------------------*
754  *	ugen_get_iface_driver
755  *
756  * This function generates an USB interface description for userland.
757  *
758  * Returns:
759  *    0: Success
760  * Else: Failure
761  *------------------------------------------------------------------------*/
762 static int
763 ugen_get_iface_driver(struct usb_fifo *f, struct usb_gen_descriptor *ugd)
764 {
765 	struct usb_device *udev = f->udev;
766 	struct usb_interface *iface;
767 	const char *ptr;
768 	const char *desc;
769 	unsigned int len;
770 	unsigned int maxlen;
771 	char buf[128];
772 	int error;
773 
774 	DPRINTFN(6, "\n");
775 
776 	if ((ugd->ugd_data == NULL) || (ugd->ugd_maxlen == 0)) {
777 		/* userland pointer should not be zero */
778 		return (EINVAL);
779 	}
780 
781 	iface = usbd_get_iface(udev, ugd->ugd_iface_index);
782 	if ((iface == NULL) || (iface->idesc == NULL)) {
783 		/* invalid interface index */
784 		return (EINVAL);
785 	}
786 
787 	/* read out device nameunit string, if any */
788 	if ((iface->subdev != NULL) &&
789 	    device_is_attached(iface->subdev) &&
790 	    (ptr = device_get_nameunit(iface->subdev)) &&
791 	    (desc = device_get_desc(iface->subdev))) {
792 
793 		/* print description */
794 		snprintf(buf, sizeof(buf), "%s: <%s>", ptr, desc);
795 
796 		/* range checks */
797 		maxlen = ugd->ugd_maxlen - 1;
798 		len = strlen(buf);
799 		if (len > maxlen)
800 			len = maxlen;
801 
802 		/* update actual length, including terminating zero */
803 		ugd->ugd_actlen = len + 1;
804 
805 		/* copy out interface description */
806 		error = copyout(buf, ugd->ugd_data, ugd->ugd_actlen);
807 	} else {
808 		/* zero length string is default */
809 		error = copyout("", ugd->ugd_data, 1);
810 	}
811 	return (error);
812 }
813 
814 /*------------------------------------------------------------------------*
815  *	usb_gen_fill_deviceinfo
816  *
817  * This function dumps information about an USB device to the
818  * structure pointed to by the "di" argument.
819  *
820  * Returns:
821  *    0: Success
822  * Else: Failure
823  *------------------------------------------------------------------------*/
824 static int
825 usb_gen_fill_deviceinfo(struct usb_fifo *f, struct usb_device_info *di)
826 {
827 	struct usb_device *udev;
828 	struct usb_device *hub;
829 
830 	udev = f->udev;
831 
832 	bzero(di, sizeof(di[0]));
833 
834 	di->udi_bus = device_get_unit(udev->bus->bdev);
835 	di->udi_addr = udev->address;
836 	di->udi_index = udev->device_index;
837 	strlcpy(di->udi_serial, usb_get_serial(udev), sizeof(di->udi_serial));
838 	strlcpy(di->udi_vendor, usb_get_manufacturer(udev), sizeof(di->udi_vendor));
839 	strlcpy(di->udi_product, usb_get_product(udev), sizeof(di->udi_product));
840 	usb_printbcd(di->udi_release, sizeof(di->udi_release),
841 	    UGETW(udev->ddesc.bcdDevice));
842 	di->udi_vendorNo = UGETW(udev->ddesc.idVendor);
843 	di->udi_productNo = UGETW(udev->ddesc.idProduct);
844 	di->udi_releaseNo = UGETW(udev->ddesc.bcdDevice);
845 	di->udi_class = udev->ddesc.bDeviceClass;
846 	di->udi_subclass = udev->ddesc.bDeviceSubClass;
847 	di->udi_protocol = udev->ddesc.bDeviceProtocol;
848 	di->udi_config_no = udev->curr_config_no;
849 	di->udi_config_index = udev->curr_config_index;
850 	di->udi_power = udev->flags.self_powered ? 0 : udev->power;
851 	di->udi_speed = udev->speed;
852 	di->udi_mode = udev->flags.usb_mode;
853 	di->udi_power_mode = udev->power_mode;
854 	di->udi_suspended = udev->flags.peer_suspended;
855 
856 	hub = udev->parent_hub;
857 	if (hub) {
858 		di->udi_hubaddr = hub->address;
859 		di->udi_hubindex = hub->device_index;
860 		di->udi_hubport = udev->port_no;
861 	}
862 	return (0);
863 }
864 
865 /*------------------------------------------------------------------------*
866  *	ugen_check_request
867  *
868  * Return values:
869  * 0: Access allowed
870  * Else: No access
871  *------------------------------------------------------------------------*/
872 static int
873 ugen_check_request(struct usb_device *udev, struct usb_device_request *req)
874 {
875 	struct usb_endpoint *ep;
876 	int error;
877 
878 	/*
879 	 * Avoid requests that would damage the bus integrity:
880 	 */
881 	if (((req->bmRequestType == UT_WRITE_DEVICE) &&
882 	    (req->bRequest == UR_SET_ADDRESS)) ||
883 	    ((req->bmRequestType == UT_WRITE_DEVICE) &&
884 	    (req->bRequest == UR_SET_CONFIG)) ||
885 	    ((req->bmRequestType == UT_WRITE_INTERFACE) &&
886 	    (req->bRequest == UR_SET_INTERFACE))) {
887 		/*
888 		 * These requests can be useful for testing USB drivers.
889 		 */
890 		error = priv_check(curthread, PRIV_DRIVER);
891 		if (error) {
892 			return (error);
893 		}
894 	}
895 	/*
896 	 * Special case - handle clearing of stall
897 	 */
898 	if (req->bmRequestType == UT_WRITE_ENDPOINT) {
899 
900 		ep = usbd_get_ep_by_addr(udev, req->wIndex[0]);
901 		if (ep == NULL) {
902 			return (EINVAL);
903 		}
904 		if ((req->bRequest == UR_CLEAR_FEATURE) &&
905 		    (UGETW(req->wValue) == UF_ENDPOINT_HALT)) {
906 			usbd_clear_data_toggle(udev, ep);
907 		}
908 	}
909 	/* TODO: add more checks to verify the interface index */
910 
911 	return (0);
912 }
913 
914 int
915 ugen_do_request(struct usb_fifo *f, struct usb_ctl_request *ur)
916 {
917 	int error;
918 	uint16_t len;
919 	uint16_t actlen;
920 
921 	if (ugen_check_request(f->udev, &ur->ucr_request)) {
922 		return (EPERM);
923 	}
924 	len = UGETW(ur->ucr_request.wLength);
925 
926 	/* check if "ucr_data" is valid */
927 	if (len != 0) {
928 		if (ur->ucr_data == NULL) {
929 			return (EFAULT);
930 		}
931 	}
932 	/* do the USB request */
933 	error = usbd_do_request_flags
934 	    (f->udev, NULL, &ur->ucr_request, ur->ucr_data,
935 	    (ur->ucr_flags & USB_SHORT_XFER_OK) |
936 	    USB_USER_DATA_PTR, &actlen,
937 	    USB_DEFAULT_TIMEOUT);
938 
939 	ur->ucr_actlen = actlen;
940 
941 	if (error) {
942 		error = EIO;
943 	}
944 	return (error);
945 }
946 
947 /*------------------------------------------------------------------------
948  *	ugen_re_enumerate
949  *------------------------------------------------------------------------*/
950 static int
951 ugen_re_enumerate(struct usb_fifo *f)
952 {
953 	struct usb_device *udev = f->udev;
954 	int error;
955 
956 	/*
957 	 * This request can be useful for testing USB drivers:
958 	 */
959 	error = priv_check(curthread, PRIV_DRIVER);
960 	if (error) {
961 		return (error);
962 	}
963 	if (udev->flags.usb_mode != USB_MODE_HOST) {
964 		/* not possible in device side mode */
965 		DPRINTFN(6, "device mode\n");
966 		return (ENOTTY);
967 	}
968 	/* make sure all FIFO's are gone */
969 	/* else there can be a deadlock */
970 	if (ugen_fs_uninit(f)) {
971 		/* ignore any errors */
972 		DPRINTFN(6, "no FIFOs\n");
973 	}
974 	/* start re-enumeration of device */
975 	usbd_start_re_enumerate(udev);
976 	return (0);
977 }
978 
979 int
980 ugen_fs_uninit(struct usb_fifo *f)
981 {
982 	if (f->fs_xfer == NULL) {
983 		return (EINVAL);
984 	}
985 	usbd_transfer_unsetup(f->fs_xfer, f->fs_ep_max);
986 	free(f->fs_xfer, M_USB);
987 	f->fs_xfer = NULL;
988 	f->fs_ep_max = 0;
989 	f->fs_ep_ptr = NULL;
990 	f->flag_iscomplete = 0;
991 	usb_fifo_free_buffer(f);
992 	return (0);
993 }
994 
995 static uint8_t
996 ugen_fs_get_complete(struct usb_fifo *f, uint8_t *pindex)
997 {
998 	struct usb_mbuf *m;
999 
1000 	USB_IF_DEQUEUE(&f->used_q, m);
1001 
1002 	if (m) {
1003 		*pindex = *((uint8_t *)(m->cur_data_ptr));
1004 
1005 		USB_IF_ENQUEUE(&f->free_q, m);
1006 
1007 		return (0);		/* success */
1008 	} else {
1009 
1010 		*pindex = 0;		/* fix compiler warning */
1011 
1012 		f->flag_iscomplete = 0;
1013 	}
1014 	return (1);			/* failure */
1015 }
1016 
1017 static void
1018 ugen_fs_set_complete(struct usb_fifo *f, uint8_t index)
1019 {
1020 	struct usb_mbuf *m;
1021 
1022 	USB_IF_DEQUEUE(&f->free_q, m);
1023 
1024 	if (m == NULL) {
1025 		/* can happen during close */
1026 		DPRINTF("out of buffers\n");
1027 		return;
1028 	}
1029 	USB_MBUF_RESET(m);
1030 
1031 	*((uint8_t *)(m->cur_data_ptr)) = index;
1032 
1033 	USB_IF_ENQUEUE(&f->used_q, m);
1034 
1035 	f->flag_iscomplete = 1;
1036 
1037 	usb_fifo_wakeup(f);
1038 }
1039 
1040 static int
1041 ugen_fs_copy_in(struct usb_fifo *f, uint8_t ep_index)
1042 {
1043 	struct usb_device_request *req;
1044 	struct usb_xfer *xfer;
1045 	struct usb_fs_endpoint fs_ep;
1046 	void *uaddr;			/* userland pointer */
1047 	void *kaddr;
1048 	usb_frlength_t offset;
1049 	usb_frlength_t rem;
1050 	usb_frcount_t n;
1051 	uint32_t length;
1052 	int error;
1053 	uint8_t isread;
1054 
1055 	if (ep_index >= f->fs_ep_max) {
1056 		return (EINVAL);
1057 	}
1058 	xfer = f->fs_xfer[ep_index];
1059 	if (xfer == NULL) {
1060 		return (EINVAL);
1061 	}
1062 	mtx_lock(f->priv_mtx);
1063 	if (usbd_transfer_pending(xfer)) {
1064 		mtx_unlock(f->priv_mtx);
1065 		return (EBUSY);		/* should not happen */
1066 	}
1067 	mtx_unlock(f->priv_mtx);
1068 
1069 	error = copyin(f->fs_ep_ptr +
1070 	    ep_index, &fs_ep, sizeof(fs_ep));
1071 	if (error) {
1072 		return (error);
1073 	}
1074 	/* security checks */
1075 
1076 	if (fs_ep.nFrames > xfer->max_frame_count) {
1077 		xfer->error = USB_ERR_INVAL;
1078 		goto complete;
1079 	}
1080 	if (fs_ep.nFrames == 0) {
1081 		xfer->error = USB_ERR_INVAL;
1082 		goto complete;
1083 	}
1084 	error = copyin(fs_ep.ppBuffer,
1085 	    &uaddr, sizeof(uaddr));
1086 	if (error) {
1087 		return (error);
1088 	}
1089 	/* reset first frame */
1090 	usbd_xfer_set_frame_offset(xfer, 0, 0);
1091 
1092 	if (xfer->flags_int.control_xfr) {
1093 
1094 		req = xfer->frbuffers[0].buffer;
1095 
1096 		error = copyin(fs_ep.pLength,
1097 		    &length, sizeof(length));
1098 		if (error) {
1099 			return (error);
1100 		}
1101 		if (length != sizeof(*req)) {
1102 			xfer->error = USB_ERR_INVAL;
1103 			goto complete;
1104 		}
1105 		if (length != 0) {
1106 			error = copyin(uaddr, req, length);
1107 			if (error) {
1108 				return (error);
1109 			}
1110 		}
1111 		if (ugen_check_request(f->udev, req)) {
1112 			xfer->error = USB_ERR_INVAL;
1113 			goto complete;
1114 		}
1115 		usbd_xfer_set_frame_len(xfer, 0, length);
1116 
1117 		/* Host mode only ! */
1118 		if ((req->bmRequestType &
1119 		    (UT_READ | UT_WRITE)) == UT_READ) {
1120 			isread = 1;
1121 		} else {
1122 			isread = 0;
1123 		}
1124 		n = 1;
1125 		offset = sizeof(*req);
1126 
1127 	} else {
1128 		/* Device and Host mode */
1129 		if (USB_GET_DATA_ISREAD(xfer)) {
1130 			isread = 1;
1131 		} else {
1132 			isread = 0;
1133 		}
1134 		n = 0;
1135 		offset = 0;
1136 	}
1137 
1138 	rem = usbd_xfer_max_len(xfer);
1139 	xfer->nframes = fs_ep.nFrames;
1140 	xfer->timeout = fs_ep.timeout;
1141 	if (xfer->timeout > 65535) {
1142 		xfer->timeout = 65535;
1143 	}
1144 	if (fs_ep.flags & USB_FS_FLAG_SINGLE_SHORT_OK)
1145 		xfer->flags.short_xfer_ok = 1;
1146 	else
1147 		xfer->flags.short_xfer_ok = 0;
1148 
1149 	if (fs_ep.flags & USB_FS_FLAG_MULTI_SHORT_OK)
1150 		xfer->flags.short_frames_ok = 1;
1151 	else
1152 		xfer->flags.short_frames_ok = 0;
1153 
1154 	if (fs_ep.flags & USB_FS_FLAG_FORCE_SHORT)
1155 		xfer->flags.force_short_xfer = 1;
1156 	else
1157 		xfer->flags.force_short_xfer = 0;
1158 
1159 	if (fs_ep.flags & USB_FS_FLAG_CLEAR_STALL)
1160 		usbd_xfer_set_stall(xfer);
1161 	else
1162 		xfer->flags.stall_pipe = 0;
1163 
1164 	for (; n != xfer->nframes; n++) {
1165 
1166 		error = copyin(fs_ep.pLength + n,
1167 		    &length, sizeof(length));
1168 		if (error) {
1169 			break;
1170 		}
1171 		usbd_xfer_set_frame_len(xfer, n, length);
1172 
1173 		if (length > rem) {
1174 			xfer->error = USB_ERR_INVAL;
1175 			goto complete;
1176 		}
1177 		rem -= length;
1178 
1179 		if (!isread) {
1180 
1181 			/* we need to know the source buffer */
1182 			error = copyin(fs_ep.ppBuffer + n,
1183 			    &uaddr, sizeof(uaddr));
1184 			if (error) {
1185 				break;
1186 			}
1187 			if (xfer->flags_int.isochronous_xfr) {
1188 				/* get kernel buffer address */
1189 				kaddr = xfer->frbuffers[0].buffer;
1190 				kaddr = USB_ADD_BYTES(kaddr, offset);
1191 			} else {
1192 				/* set current frame offset */
1193 				usbd_xfer_set_frame_offset(xfer, offset, n);
1194 
1195 				/* get kernel buffer address */
1196 				kaddr = xfer->frbuffers[n].buffer;
1197 			}
1198 
1199 			/* move data */
1200 			error = copyin(uaddr, kaddr, length);
1201 			if (error) {
1202 				break;
1203 			}
1204 		}
1205 		offset += length;
1206 	}
1207 	return (error);
1208 
1209 complete:
1210 	mtx_lock(f->priv_mtx);
1211 	ugen_fs_set_complete(f, ep_index);
1212 	mtx_unlock(f->priv_mtx);
1213 	return (0);
1214 }
1215 
1216 static int
1217 ugen_fs_copy_out(struct usb_fifo *f, uint8_t ep_index)
1218 {
1219 	struct usb_device_request *req;
1220 	struct usb_xfer *xfer;
1221 	struct usb_fs_endpoint fs_ep;
1222 	struct usb_fs_endpoint *fs_ep_uptr;	/* userland ptr */
1223 	void *uaddr;			/* userland ptr */
1224 	void *kaddr;
1225 	usb_frlength_t offset;
1226 	usb_frlength_t rem;
1227 	usb_frcount_t n;
1228 	uint32_t length;
1229 	uint32_t temp;
1230 	int error;
1231 	uint8_t isread;
1232 
1233 	if (ep_index >= f->fs_ep_max)
1234 		return (EINVAL);
1235 
1236 	xfer = f->fs_xfer[ep_index];
1237 	if (xfer == NULL)
1238 		return (EINVAL);
1239 
1240 	mtx_lock(f->priv_mtx);
1241 	if (usbd_transfer_pending(xfer)) {
1242 		mtx_unlock(f->priv_mtx);
1243 		return (EBUSY);		/* should not happen */
1244 	}
1245 	mtx_unlock(f->priv_mtx);
1246 
1247 	fs_ep_uptr = f->fs_ep_ptr + ep_index;
1248 	error = copyin(fs_ep_uptr, &fs_ep, sizeof(fs_ep));
1249 	if (error) {
1250 		return (error);
1251 	}
1252 	fs_ep.status = xfer->error;
1253 	fs_ep.aFrames = xfer->aframes;
1254 	fs_ep.isoc_time_complete = xfer->isoc_time_complete;
1255 	if (xfer->error) {
1256 		goto complete;
1257 	}
1258 	if (xfer->flags_int.control_xfr) {
1259 		req = xfer->frbuffers[0].buffer;
1260 
1261 		/* Host mode only ! */
1262 		if ((req->bmRequestType & (UT_READ | UT_WRITE)) == UT_READ) {
1263 			isread = 1;
1264 		} else {
1265 			isread = 0;
1266 		}
1267 		if (xfer->nframes == 0)
1268 			n = 0;		/* should never happen */
1269 		else
1270 			n = 1;
1271 	} else {
1272 		/* Device and Host mode */
1273 		if (USB_GET_DATA_ISREAD(xfer)) {
1274 			isread = 1;
1275 		} else {
1276 			isread = 0;
1277 		}
1278 		n = 0;
1279 	}
1280 
1281 	/* Update lengths and copy out data */
1282 
1283 	rem = usbd_xfer_max_len(xfer);
1284 	offset = 0;
1285 
1286 	for (; n != xfer->nframes; n++) {
1287 
1288 		/* get initial length into "temp" */
1289 		error = copyin(fs_ep.pLength + n,
1290 		    &temp, sizeof(temp));
1291 		if (error) {
1292 			return (error);
1293 		}
1294 		if (temp > rem) {
1295 			/* the userland length has been corrupted */
1296 			DPRINTF("corrupt userland length "
1297 			    "%u > %u\n", temp, rem);
1298 			fs_ep.status = USB_ERR_INVAL;
1299 			goto complete;
1300 		}
1301 		rem -= temp;
1302 
1303 		/* get actual transfer length */
1304 		length = xfer->frlengths[n];
1305 		if (length > temp) {
1306 			/* data overflow */
1307 			fs_ep.status = USB_ERR_INVAL;
1308 			DPRINTF("data overflow %u > %u\n",
1309 			    length, temp);
1310 			goto complete;
1311 		}
1312 		if (isread) {
1313 
1314 			/* we need to know the destination buffer */
1315 			error = copyin(fs_ep.ppBuffer + n,
1316 			    &uaddr, sizeof(uaddr));
1317 			if (error) {
1318 				return (error);
1319 			}
1320 			if (xfer->flags_int.isochronous_xfr) {
1321 				/* only one frame buffer */
1322 				kaddr = USB_ADD_BYTES(
1323 				    xfer->frbuffers[0].buffer, offset);
1324 			} else {
1325 				/* multiple frame buffers */
1326 				kaddr = xfer->frbuffers[n].buffer;
1327 			}
1328 
1329 			/* move data */
1330 			error = copyout(kaddr, uaddr, length);
1331 			if (error) {
1332 				return (error);
1333 			}
1334 		}
1335 		/*
1336 		 * Update offset according to initial length, which is
1337 		 * needed by isochronous transfers!
1338 		 */
1339 		offset += temp;
1340 
1341 		/* update length */
1342 		error = copyout(&length,
1343 		    fs_ep.pLength + n, sizeof(length));
1344 		if (error) {
1345 			return (error);
1346 		}
1347 	}
1348 
1349 complete:
1350 	/* update "aFrames" */
1351 	error = copyout(&fs_ep.aFrames, &fs_ep_uptr->aFrames,
1352 	    sizeof(fs_ep.aFrames));
1353 	if (error)
1354 		goto done;
1355 
1356 	/* update "isoc_time_complete" */
1357 	error = copyout(&fs_ep.isoc_time_complete,
1358 	    &fs_ep_uptr->isoc_time_complete,
1359 	    sizeof(fs_ep.isoc_time_complete));
1360 	if (error)
1361 		goto done;
1362 	/* update "status" */
1363 	error = copyout(&fs_ep.status, &fs_ep_uptr->status,
1364 	    sizeof(fs_ep.status));
1365 done:
1366 	return (error);
1367 }
1368 
1369 static uint8_t
1370 ugen_fifo_in_use(struct usb_fifo *f, int fflags)
1371 {
1372 	struct usb_fifo *f_rx;
1373 	struct usb_fifo *f_tx;
1374 
1375 	f_rx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_RX];
1376 	f_tx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_TX];
1377 
1378 	if ((fflags & FREAD) && f_rx &&
1379 	    (f_rx->xfer[0] || f_rx->xfer[1])) {
1380 		return (1);		/* RX FIFO in use */
1381 	}
1382 	if ((fflags & FWRITE) && f_tx &&
1383 	    (f_tx->xfer[0] || f_tx->xfer[1])) {
1384 		return (1);		/* TX FIFO in use */
1385 	}
1386 	return (0);			/* not in use */
1387 }
1388 
1389 static int
1390 ugen_ioctl(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
1391 {
1392 	struct usb_config usb_config[1];
1393 	struct usb_device_request req;
1394 	union {
1395 		struct usb_fs_complete *pcomp;
1396 		struct usb_fs_start *pstart;
1397 		struct usb_fs_stop *pstop;
1398 		struct usb_fs_open *popen;
1399 		struct usb_fs_open_stream *popen_stream;
1400 		struct usb_fs_close *pclose;
1401 		struct usb_fs_clear_stall_sync *pstall;
1402 		void   *addr;
1403 	}     u;
1404 	struct usb_endpoint *ep;
1405 	struct usb_endpoint_descriptor *ed;
1406 	struct usb_xfer *xfer;
1407 	int error = 0;
1408 	uint8_t iface_index;
1409 	uint8_t isread;
1410 	uint8_t ep_index;
1411 	uint8_t pre_scale;
1412 
1413 	u.addr = addr;
1414 
1415 	DPRINTFN(6, "cmd=0x%08lx\n", cmd);
1416 
1417 	switch (cmd) {
1418 	case USB_FS_COMPLETE:
1419 		mtx_lock(f->priv_mtx);
1420 		error = ugen_fs_get_complete(f, &ep_index);
1421 		mtx_unlock(f->priv_mtx);
1422 
1423 		if (error) {
1424 			error = EBUSY;
1425 			break;
1426 		}
1427 		u.pcomp->ep_index = ep_index;
1428 		error = ugen_fs_copy_out(f, u.pcomp->ep_index);
1429 		break;
1430 
1431 	case USB_FS_START:
1432 		error = ugen_fs_copy_in(f, u.pstart->ep_index);
1433 		if (error)
1434 			break;
1435 		mtx_lock(f->priv_mtx);
1436 		xfer = f->fs_xfer[u.pstart->ep_index];
1437 		usbd_transfer_start(xfer);
1438 		mtx_unlock(f->priv_mtx);
1439 		break;
1440 
1441 	case USB_FS_STOP:
1442 		if (u.pstop->ep_index >= f->fs_ep_max) {
1443 			error = EINVAL;
1444 			break;
1445 		}
1446 		mtx_lock(f->priv_mtx);
1447 		xfer = f->fs_xfer[u.pstart->ep_index];
1448 		if (usbd_transfer_pending(xfer)) {
1449 			usbd_transfer_stop(xfer);
1450 			/*
1451 			 * Check if the USB transfer was stopped
1452 			 * before it was even started. Else a cancel
1453 			 * callback will be pending.
1454 			 */
1455 			if (!xfer->flags_int.transferring) {
1456 				ugen_fs_set_complete(xfer->priv_sc,
1457 				    USB_P2U(xfer->priv_fifo));
1458 			}
1459 		}
1460 		mtx_unlock(f->priv_mtx);
1461 		break;
1462 
1463 	case USB_FS_OPEN:
1464 	case USB_FS_OPEN_STREAM:
1465 		if (u.popen->ep_index >= f->fs_ep_max) {
1466 			error = EINVAL;
1467 			break;
1468 		}
1469 		if (f->fs_xfer[u.popen->ep_index] != NULL) {
1470 			error = EBUSY;
1471 			break;
1472 		}
1473 		if (u.popen->max_bufsize > USB_FS_MAX_BUFSIZE) {
1474 			u.popen->max_bufsize = USB_FS_MAX_BUFSIZE;
1475 		}
1476 		if (u.popen->max_frames & USB_FS_MAX_FRAMES_PRE_SCALE) {
1477 			pre_scale = 1;
1478 			u.popen->max_frames &= ~USB_FS_MAX_FRAMES_PRE_SCALE;
1479 		} else {
1480 			pre_scale = 0;
1481 		}
1482 		if (u.popen->max_frames > USB_FS_MAX_FRAMES) {
1483 			u.popen->max_frames = USB_FS_MAX_FRAMES;
1484 			break;
1485 		}
1486 		if (u.popen->max_frames == 0) {
1487 			error = EINVAL;
1488 			break;
1489 		}
1490 		ep = usbd_get_ep_by_addr(f->udev, u.popen->ep_no);
1491 		if (ep == NULL) {
1492 			error = EINVAL;
1493 			break;
1494 		}
1495 		ed = ep->edesc;
1496 		if (ed == NULL) {
1497 			error = ENXIO;
1498 			break;
1499 		}
1500 		iface_index = ep->iface_index;
1501 
1502 		memset(usb_config, 0, sizeof(usb_config));
1503 
1504 		usb_config[0].type = ed->bmAttributes & UE_XFERTYPE;
1505 		usb_config[0].endpoint = ed->bEndpointAddress & UE_ADDR;
1506 		usb_config[0].direction = ed->bEndpointAddress & (UE_DIR_OUT | UE_DIR_IN);
1507 		usb_config[0].interval = USB_DEFAULT_INTERVAL;
1508 		usb_config[0].flags.proxy_buffer = 1;
1509 		if (pre_scale != 0)
1510 			usb_config[0].flags.pre_scale_frames = 1;
1511 		usb_config[0].callback = &ugen_ctrl_fs_callback;
1512 		usb_config[0].timeout = 0;	/* no timeout */
1513 		usb_config[0].frames = u.popen->max_frames;
1514 		usb_config[0].bufsize = u.popen->max_bufsize;
1515 		usb_config[0].usb_mode = USB_MODE_DUAL;	/* both modes */
1516 		if (cmd == USB_FS_OPEN_STREAM)
1517 			usb_config[0].stream_id = u.popen_stream->stream_id;
1518 
1519 		if (usb_config[0].type == UE_CONTROL) {
1520 			if (f->udev->flags.usb_mode != USB_MODE_HOST) {
1521 				error = EINVAL;
1522 				break;
1523 			}
1524 		} else {
1525 
1526 			isread = ((usb_config[0].endpoint &
1527 			    (UE_DIR_IN | UE_DIR_OUT)) == UE_DIR_IN);
1528 
1529 			if (f->udev->flags.usb_mode != USB_MODE_HOST) {
1530 				isread = !isread;
1531 			}
1532 			/* check permissions */
1533 			if (isread) {
1534 				if (!(fflags & FREAD)) {
1535 					error = EPERM;
1536 					break;
1537 				}
1538 			} else {
1539 				if (!(fflags & FWRITE)) {
1540 					error = EPERM;
1541 					break;
1542 				}
1543 			}
1544 		}
1545 		error = usbd_transfer_setup(f->udev, &iface_index,
1546 		    f->fs_xfer + u.popen->ep_index, usb_config, 1,
1547 		    f, f->priv_mtx);
1548 		if (error == 0) {
1549 			/* update maximums */
1550 			u.popen->max_packet_length =
1551 			    f->fs_xfer[u.popen->ep_index]->max_frame_size;
1552 			u.popen->max_bufsize =
1553 			    f->fs_xfer[u.popen->ep_index]->max_data_length;
1554 			/* update number of frames */
1555 			u.popen->max_frames =
1556 			    f->fs_xfer[u.popen->ep_index]->nframes;
1557 			/* store index of endpoint */
1558 			f->fs_xfer[u.popen->ep_index]->priv_fifo =
1559 			    ((uint8_t *)0) + u.popen->ep_index;
1560 		} else {
1561 			error = ENOMEM;
1562 		}
1563 		break;
1564 
1565 	case USB_FS_CLOSE:
1566 		if (u.pclose->ep_index >= f->fs_ep_max) {
1567 			error = EINVAL;
1568 			break;
1569 		}
1570 		if (f->fs_xfer[u.pclose->ep_index] == NULL) {
1571 			error = EINVAL;
1572 			break;
1573 		}
1574 		usbd_transfer_unsetup(f->fs_xfer + u.pclose->ep_index, 1);
1575 		break;
1576 
1577 	case USB_FS_CLEAR_STALL_SYNC:
1578 		if (u.pstall->ep_index >= f->fs_ep_max) {
1579 			error = EINVAL;
1580 			break;
1581 		}
1582 		if (f->fs_xfer[u.pstall->ep_index] == NULL) {
1583 			error = EINVAL;
1584 			break;
1585 		}
1586 		if (f->udev->flags.usb_mode != USB_MODE_HOST) {
1587 			error = EINVAL;
1588 			break;
1589 		}
1590 		mtx_lock(f->priv_mtx);
1591 		error = usbd_transfer_pending(f->fs_xfer[u.pstall->ep_index]);
1592 		mtx_unlock(f->priv_mtx);
1593 
1594 		if (error) {
1595 			return (EBUSY);
1596 		}
1597 		ep = f->fs_xfer[u.pstall->ep_index]->endpoint;
1598 
1599 		/* setup a clear-stall packet */
1600 		req.bmRequestType = UT_WRITE_ENDPOINT;
1601 		req.bRequest = UR_CLEAR_FEATURE;
1602 		USETW(req.wValue, UF_ENDPOINT_HALT);
1603 		req.wIndex[0] = ep->edesc->bEndpointAddress;
1604 		req.wIndex[1] = 0;
1605 		USETW(req.wLength, 0);
1606 
1607 		error = usbd_do_request(f->udev, NULL, &req, NULL);
1608 		if (error == 0) {
1609 			usbd_clear_data_toggle(f->udev, ep);
1610 		} else {
1611 			error = ENXIO;
1612 		}
1613 		break;
1614 
1615 	default:
1616 		error = ENOIOCTL;
1617 		break;
1618 	}
1619 
1620 	DPRINTFN(6, "error=%d\n", error);
1621 
1622 	return (error);
1623 }
1624 
1625 static int
1626 ugen_set_short_xfer(struct usb_fifo *f, void *addr)
1627 {
1628 	uint8_t t;
1629 
1630 	if (*(int *)addr)
1631 		t = 1;
1632 	else
1633 		t = 0;
1634 
1635 	if (f->flag_short == t) {
1636 		/* same value like before - accept */
1637 		return (0);
1638 	}
1639 	if (f->xfer[0] || f->xfer[1]) {
1640 		/* cannot change this during transfer */
1641 		return (EBUSY);
1642 	}
1643 	f->flag_short = t;
1644 	return (0);
1645 }
1646 
1647 static int
1648 ugen_set_timeout(struct usb_fifo *f, void *addr)
1649 {
1650 	f->timeout = *(int *)addr;
1651 	if (f->timeout > 65535) {
1652 		/* limit user input */
1653 		f->timeout = 65535;
1654 	}
1655 	return (0);
1656 }
1657 
1658 static int
1659 ugen_get_frame_size(struct usb_fifo *f, void *addr)
1660 {
1661 	if (f->xfer[0]) {
1662 		*(int *)addr = f->xfer[0]->max_frame_size;
1663 	} else {
1664 		return (EINVAL);
1665 	}
1666 	return (0);
1667 }
1668 
1669 static int
1670 ugen_set_buffer_size(struct usb_fifo *f, void *addr)
1671 {
1672 	usb_frlength_t t;
1673 
1674 	if (*(int *)addr < 0)
1675 		t = 0;		/* use "wMaxPacketSize" */
1676 	else if (*(int *)addr < (256 * 1024))
1677 		t = *(int *)addr;
1678 	else
1679 		t = 256 * 1024;
1680 
1681 	if (f->bufsize == t) {
1682 		/* same value like before - accept */
1683 		return (0);
1684 	}
1685 	if (f->xfer[0] || f->xfer[1]) {
1686 		/* cannot change this during transfer */
1687 		return (EBUSY);
1688 	}
1689 	f->bufsize = t;
1690 	return (0);
1691 }
1692 
1693 static int
1694 ugen_get_buffer_size(struct usb_fifo *f, void *addr)
1695 {
1696 	*(int *)addr = f->bufsize;
1697 	return (0);
1698 }
1699 
1700 static int
1701 ugen_get_iface_desc(struct usb_fifo *f,
1702     struct usb_interface_descriptor *idesc)
1703 {
1704 	struct usb_interface *iface;
1705 
1706 	iface = usbd_get_iface(f->udev, f->iface_index);
1707 	if (iface && iface->idesc) {
1708 		*idesc = *(iface->idesc);
1709 	} else {
1710 		return (EIO);
1711 	}
1712 	return (0);
1713 }
1714 
1715 static int
1716 ugen_get_endpoint_desc(struct usb_fifo *f,
1717     struct usb_endpoint_descriptor *ed)
1718 {
1719 	struct usb_endpoint *ep;
1720 
1721 	ep = usb_fifo_softc(f);
1722 
1723 	if (ep && ep->edesc) {
1724 		*ed = *ep->edesc;
1725 	} else {
1726 		return (EINVAL);
1727 	}
1728 	return (0);
1729 }
1730 
1731 static int
1732 ugen_set_power_mode(struct usb_fifo *f, int mode)
1733 {
1734 	struct usb_device *udev = f->udev;
1735 	int err;
1736 	uint8_t old_mode;
1737 
1738 	if ((udev == NULL) ||
1739 	    (udev->parent_hub == NULL)) {
1740 		return (EINVAL);
1741 	}
1742 	err = priv_check(curthread, PRIV_DRIVER);
1743 	if (err)
1744 		return (err);
1745 
1746 	/* get old power mode */
1747 	old_mode = udev->power_mode;
1748 
1749 	/* if no change, then just return */
1750 	if (old_mode == mode)
1751 		return (0);
1752 
1753 	switch (mode) {
1754 	case USB_POWER_MODE_OFF:
1755 		if (udev->flags.usb_mode == USB_MODE_HOST &&
1756 		    udev->re_enumerate_wait == USB_RE_ENUM_DONE) {
1757 			udev->re_enumerate_wait = USB_RE_ENUM_PWR_OFF;
1758 		}
1759 		/* set power mode will wake up the explore thread */
1760 		break;
1761 
1762 	case USB_POWER_MODE_ON:
1763 	case USB_POWER_MODE_SAVE:
1764 		break;
1765 
1766 	case USB_POWER_MODE_RESUME:
1767 #if USB_HAVE_POWERD
1768 		/* let USB-powerd handle resume */
1769 		USB_BUS_LOCK(udev->bus);
1770 		udev->pwr_save.write_refs++;
1771 		udev->pwr_save.last_xfer_time = ticks;
1772 		USB_BUS_UNLOCK(udev->bus);
1773 
1774 		/* set new power mode */
1775 		usbd_set_power_mode(udev, USB_POWER_MODE_SAVE);
1776 
1777 		/* wait for resume to complete */
1778 		usb_pause_mtx(NULL, hz / 4);
1779 
1780 		/* clear write reference */
1781 		USB_BUS_LOCK(udev->bus);
1782 		udev->pwr_save.write_refs--;
1783 		USB_BUS_UNLOCK(udev->bus);
1784 #endif
1785 		mode = USB_POWER_MODE_SAVE;
1786 		break;
1787 
1788 	case USB_POWER_MODE_SUSPEND:
1789 #if USB_HAVE_POWERD
1790 		/* let USB-powerd handle suspend */
1791 		USB_BUS_LOCK(udev->bus);
1792 		udev->pwr_save.last_xfer_time = ticks - (256 * hz);
1793 		USB_BUS_UNLOCK(udev->bus);
1794 #endif
1795 		mode = USB_POWER_MODE_SAVE;
1796 		break;
1797 
1798 	default:
1799 		return (EINVAL);
1800 	}
1801 
1802 	if (err)
1803 		return (ENXIO);		/* I/O failure */
1804 
1805 	/* if we are powered off we need to re-enumerate first */
1806 	if (old_mode == USB_POWER_MODE_OFF) {
1807 		if (udev->flags.usb_mode == USB_MODE_HOST &&
1808 		    udev->re_enumerate_wait == USB_RE_ENUM_DONE) {
1809 			udev->re_enumerate_wait = USB_RE_ENUM_START;
1810 		}
1811 		/* set power mode will wake up the explore thread */
1812 	}
1813 
1814 	/* set new power mode */
1815 	usbd_set_power_mode(udev, mode);
1816 
1817 	return (0);			/* success */
1818 }
1819 
1820 static int
1821 ugen_get_power_mode(struct usb_fifo *f)
1822 {
1823 	struct usb_device *udev = f->udev;
1824 
1825 	if (udev == NULL)
1826 		return (USB_POWER_MODE_ON);
1827 
1828 	return (udev->power_mode);
1829 }
1830 
1831 static int
1832 ugen_get_port_path(struct usb_fifo *f, struct usb_device_port_path *dpp)
1833 {
1834 	struct usb_device *udev = f->udev;
1835 	struct usb_device *next;
1836 	unsigned int nlevel = 0;
1837 
1838 	if (udev == NULL)
1839 		goto error;
1840 
1841 	dpp->udp_bus = device_get_unit(udev->bus->bdev);
1842 	dpp->udp_index = udev->device_index;
1843 
1844 	/* count port levels */
1845 	next = udev;
1846 	while (next->parent_hub != NULL) {
1847 		nlevel++;
1848 		next = next->parent_hub;
1849 	}
1850 
1851 	/* check if too many levels */
1852 	if (nlevel > USB_DEVICE_PORT_PATH_MAX)
1853 		goto error;
1854 
1855 	/* store total level of ports */
1856 	dpp->udp_port_level = nlevel;
1857 
1858 	/* store port index array */
1859 	next = udev;
1860 	while (next->parent_hub != NULL) {
1861 		dpp->udp_port_no[--nlevel] = next->port_no;
1862 		next = next->parent_hub;
1863 	}
1864 	return (0);	/* success */
1865 
1866 error:
1867 	return (EINVAL);	/* failure */
1868 }
1869 
1870 static int
1871 ugen_get_power_usage(struct usb_fifo *f)
1872 {
1873 	struct usb_device *udev = f->udev;
1874 
1875 	if (udev == NULL)
1876 		return (0);
1877 
1878 	return (udev->power);
1879 }
1880 
1881 static int
1882 ugen_do_port_feature(struct usb_fifo *f, uint8_t port_no,
1883     uint8_t set, uint16_t feature)
1884 {
1885 	struct usb_device *udev = f->udev;
1886 	struct usb_hub *hub;
1887 	int err;
1888 
1889 	err = priv_check(curthread, PRIV_DRIVER);
1890 	if (err) {
1891 		return (err);
1892 	}
1893 	if (port_no == 0) {
1894 		return (EINVAL);
1895 	}
1896 	if ((udev == NULL) ||
1897 	    (udev->hub == NULL)) {
1898 		return (EINVAL);
1899 	}
1900 	hub = udev->hub;
1901 
1902 	if (port_no > hub->nports) {
1903 		return (EINVAL);
1904 	}
1905 	if (set)
1906 		err = usbd_req_set_port_feature(udev,
1907 		    NULL, port_no, feature);
1908 	else
1909 		err = usbd_req_clear_port_feature(udev,
1910 		    NULL, port_no, feature);
1911 
1912 	if (err)
1913 		return (ENXIO);		/* failure */
1914 
1915 	return (0);			/* success */
1916 }
1917 
1918 static int
1919 ugen_iface_ioctl(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
1920 {
1921 	struct usb_fifo *f_rx;
1922 	struct usb_fifo *f_tx;
1923 	int error = 0;
1924 
1925 	f_rx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_RX];
1926 	f_tx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_TX];
1927 
1928 	switch (cmd) {
1929 	case USB_SET_RX_SHORT_XFER:
1930 		if (fflags & FREAD) {
1931 			error = ugen_set_short_xfer(f_rx, addr);
1932 		} else {
1933 			error = EINVAL;
1934 		}
1935 		break;
1936 
1937 	case USB_SET_TX_FORCE_SHORT:
1938 		if (fflags & FWRITE) {
1939 			error = ugen_set_short_xfer(f_tx, addr);
1940 		} else {
1941 			error = EINVAL;
1942 		}
1943 		break;
1944 
1945 	case USB_SET_RX_TIMEOUT:
1946 		if (fflags & FREAD) {
1947 			error = ugen_set_timeout(f_rx, addr);
1948 		} else {
1949 			error = EINVAL;
1950 		}
1951 		break;
1952 
1953 	case USB_SET_TX_TIMEOUT:
1954 		if (fflags & FWRITE) {
1955 			error = ugen_set_timeout(f_tx, addr);
1956 		} else {
1957 			error = EINVAL;
1958 		}
1959 		break;
1960 
1961 	case USB_GET_RX_FRAME_SIZE:
1962 		if (fflags & FREAD) {
1963 			error = ugen_get_frame_size(f_rx, addr);
1964 		} else {
1965 			error = EINVAL;
1966 		}
1967 		break;
1968 
1969 	case USB_GET_TX_FRAME_SIZE:
1970 		if (fflags & FWRITE) {
1971 			error = ugen_get_frame_size(f_tx, addr);
1972 		} else {
1973 			error = EINVAL;
1974 		}
1975 		break;
1976 
1977 	case USB_SET_RX_BUFFER_SIZE:
1978 		if (fflags & FREAD) {
1979 			error = ugen_set_buffer_size(f_rx, addr);
1980 		} else {
1981 			error = EINVAL;
1982 		}
1983 		break;
1984 
1985 	case USB_SET_TX_BUFFER_SIZE:
1986 		if (fflags & FWRITE) {
1987 			error = ugen_set_buffer_size(f_tx, addr);
1988 		} else {
1989 			error = EINVAL;
1990 		}
1991 		break;
1992 
1993 	case USB_GET_RX_BUFFER_SIZE:
1994 		if (fflags & FREAD) {
1995 			error = ugen_get_buffer_size(f_rx, addr);
1996 		} else {
1997 			error = EINVAL;
1998 		}
1999 		break;
2000 
2001 	case USB_GET_TX_BUFFER_SIZE:
2002 		if (fflags & FWRITE) {
2003 			error = ugen_get_buffer_size(f_tx, addr);
2004 		} else {
2005 			error = EINVAL;
2006 		}
2007 		break;
2008 
2009 	case USB_GET_RX_INTERFACE_DESC:
2010 		if (fflags & FREAD) {
2011 			error = ugen_get_iface_desc(f_rx, addr);
2012 		} else {
2013 			error = EINVAL;
2014 		}
2015 		break;
2016 
2017 	case USB_GET_TX_INTERFACE_DESC:
2018 		if (fflags & FWRITE) {
2019 			error = ugen_get_iface_desc(f_tx, addr);
2020 		} else {
2021 			error = EINVAL;
2022 		}
2023 		break;
2024 
2025 	case USB_GET_RX_ENDPOINT_DESC:
2026 		if (fflags & FREAD) {
2027 			error = ugen_get_endpoint_desc(f_rx, addr);
2028 		} else {
2029 			error = EINVAL;
2030 		}
2031 		break;
2032 
2033 	case USB_GET_TX_ENDPOINT_DESC:
2034 		if (fflags & FWRITE) {
2035 			error = ugen_get_endpoint_desc(f_tx, addr);
2036 		} else {
2037 			error = EINVAL;
2038 		}
2039 		break;
2040 
2041 	case USB_SET_RX_STALL_FLAG:
2042 		if ((fflags & FREAD) && (*(int *)addr)) {
2043 			f_rx->flag_stall = 1;
2044 		}
2045 		break;
2046 
2047 	case USB_SET_TX_STALL_FLAG:
2048 		if ((fflags & FWRITE) && (*(int *)addr)) {
2049 			f_tx->flag_stall = 1;
2050 		}
2051 		break;
2052 
2053 	default:
2054 		error = ENOIOCTL;
2055 		break;
2056 	}
2057 	return (error);
2058 }
2059 
2060 static int
2061 ugen_ioctl_post(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
2062 {
2063 	union {
2064 		struct usb_interface_descriptor *idesc;
2065 		struct usb_alt_interface *ai;
2066 		struct usb_device_descriptor *ddesc;
2067 		struct usb_config_descriptor *cdesc;
2068 		struct usb_device_stats *stat;
2069 		struct usb_fs_init *pinit;
2070 		struct usb_fs_uninit *puninit;
2071 		struct usb_device_port_path *dpp;
2072 		uint32_t *ptime;
2073 		void   *addr;
2074 		int    *pint;
2075 	}     u;
2076 	struct usb_device_descriptor *dtemp;
2077 	struct usb_config_descriptor *ctemp;
2078 	struct usb_interface *iface;
2079 	int error = 0;
2080 	uint8_t n;
2081 
2082 	u.addr = addr;
2083 
2084 	DPRINTFN(6, "cmd=0x%08lx\n", cmd);
2085 
2086 	switch (cmd) {
2087 	case USB_DISCOVER:
2088 		usb_needs_explore_all();
2089 		break;
2090 
2091 	case USB_SETDEBUG:
2092 		if (!(fflags & FWRITE)) {
2093 			error = EPERM;
2094 			break;
2095 		}
2096 		usb_debug = *(int *)addr;
2097 		break;
2098 
2099 	case USB_GET_CONFIG:
2100 		*(int *)addr = f->udev->curr_config_index;
2101 		break;
2102 
2103 	case USB_SET_CONFIG:
2104 		if (!(fflags & FWRITE)) {
2105 			error = EPERM;
2106 			break;
2107 		}
2108 		error = ugen_set_config(f, *(int *)addr);
2109 		break;
2110 
2111 	case USB_GET_ALTINTERFACE:
2112 		iface = usbd_get_iface(f->udev,
2113 		    u.ai->uai_interface_index);
2114 		if (iface && iface->idesc) {
2115 			u.ai->uai_alt_index = iface->alt_index;
2116 		} else {
2117 			error = EINVAL;
2118 		}
2119 		break;
2120 
2121 	case USB_SET_ALTINTERFACE:
2122 		if (!(fflags & FWRITE)) {
2123 			error = EPERM;
2124 			break;
2125 		}
2126 		error = ugen_set_interface(f,
2127 		    u.ai->uai_interface_index, u.ai->uai_alt_index);
2128 		break;
2129 
2130 	case USB_GET_DEVICE_DESC:
2131 		dtemp = usbd_get_device_descriptor(f->udev);
2132 		if (!dtemp) {
2133 			error = EIO;
2134 			break;
2135 		}
2136 		*u.ddesc = *dtemp;
2137 		break;
2138 
2139 	case USB_GET_CONFIG_DESC:
2140 		ctemp = usbd_get_config_descriptor(f->udev);
2141 		if (!ctemp) {
2142 			error = EIO;
2143 			break;
2144 		}
2145 		*u.cdesc = *ctemp;
2146 		break;
2147 
2148 	case USB_GET_FULL_DESC:
2149 		error = ugen_get_cdesc(f, addr);
2150 		break;
2151 
2152 	case USB_GET_STRING_DESC:
2153 		error = ugen_get_sdesc(f, addr);
2154 		break;
2155 
2156 	case USB_GET_IFACE_DRIVER:
2157 		error = ugen_get_iface_driver(f, addr);
2158 		break;
2159 
2160 	case USB_REQUEST:
2161 	case USB_DO_REQUEST:
2162 		if (!(fflags & FWRITE)) {
2163 			error = EPERM;
2164 			break;
2165 		}
2166 		error = ugen_do_request(f, addr);
2167 		break;
2168 
2169 	case USB_DEVICEINFO:
2170 	case USB_GET_DEVICEINFO:
2171 		error = usb_gen_fill_deviceinfo(f, addr);
2172 		break;
2173 
2174 	case USB_DEVICESTATS:
2175 		for (n = 0; n != 4; n++) {
2176 
2177 			u.stat->uds_requests_fail[n] =
2178 			    f->udev->bus->stats_err.uds_requests[n];
2179 
2180 			u.stat->uds_requests_ok[n] =
2181 			    f->udev->bus->stats_ok.uds_requests[n];
2182 		}
2183 		break;
2184 
2185 	case USB_DEVICEENUMERATE:
2186 		error = ugen_re_enumerate(f);
2187 		break;
2188 
2189 	case USB_GET_PLUGTIME:
2190 		*u.ptime = f->udev->plugtime;
2191 		break;
2192 
2193 	case USB_CLAIM_INTERFACE:
2194 	case USB_RELEASE_INTERFACE:
2195 		/* TODO */
2196 		break;
2197 
2198 	case USB_IFACE_DRIVER_ACTIVE:
2199 
2200 		n = *u.pint & 0xFF;
2201 
2202 		iface = usbd_get_iface(f->udev, n);
2203 
2204 		if (iface && iface->subdev)
2205 			error = 0;
2206 		else
2207 			error = ENXIO;
2208 		break;
2209 
2210 	case USB_IFACE_DRIVER_DETACH:
2211 
2212 		error = priv_check(curthread, PRIV_DRIVER);
2213 
2214 		if (error)
2215 			break;
2216 
2217 		n = *u.pint & 0xFF;
2218 
2219 		if (n == USB_IFACE_INDEX_ANY) {
2220 			error = EINVAL;
2221 			break;
2222 		}
2223 
2224 		/*
2225 		 * Detach the currently attached driver.
2226 		 */
2227 		usb_detach_device(f->udev, n, 0);
2228 
2229 		/*
2230 		 * Set parent to self, this should keep attach away
2231 		 * until the next set configuration event.
2232 		 */
2233 		usbd_set_parent_iface(f->udev, n, n);
2234 		break;
2235 
2236 	case USB_SET_POWER_MODE:
2237 		error = ugen_set_power_mode(f, *u.pint);
2238 		break;
2239 
2240 	case USB_GET_POWER_MODE:
2241 		*u.pint = ugen_get_power_mode(f);
2242 		break;
2243 
2244 	case USB_GET_DEV_PORT_PATH:
2245 		error = ugen_get_port_path(f, u.dpp);
2246 		break;
2247 
2248 	case USB_GET_POWER_USAGE:
2249 		*u.pint = ugen_get_power_usage(f);
2250 		break;
2251 
2252 	case USB_SET_PORT_ENABLE:
2253 		error = ugen_do_port_feature(f,
2254 		    *u.pint, 1, UHF_PORT_ENABLE);
2255 		break;
2256 
2257 	case USB_SET_PORT_DISABLE:
2258 		error = ugen_do_port_feature(f,
2259 		    *u.pint, 0, UHF_PORT_ENABLE);
2260 		break;
2261 
2262 	case USB_FS_INIT:
2263 		/* verify input parameters */
2264 		if (u.pinit->pEndpoints == NULL) {
2265 			error = EINVAL;
2266 			break;
2267 		}
2268 		if (u.pinit->ep_index_max > 127) {
2269 			error = EINVAL;
2270 			break;
2271 		}
2272 		if (u.pinit->ep_index_max == 0) {
2273 			error = EINVAL;
2274 			break;
2275 		}
2276 		if (f->fs_xfer != NULL) {
2277 			error = EBUSY;
2278 			break;
2279 		}
2280 		if (f->dev_ep_index != 0) {
2281 			error = EINVAL;
2282 			break;
2283 		}
2284 		if (ugen_fifo_in_use(f, fflags)) {
2285 			error = EBUSY;
2286 			break;
2287 		}
2288 		error = usb_fifo_alloc_buffer(f, 1, u.pinit->ep_index_max);
2289 		if (error) {
2290 			break;
2291 		}
2292 		f->fs_xfer = malloc(sizeof(f->fs_xfer[0]) *
2293 		    u.pinit->ep_index_max, M_USB, M_WAITOK | M_ZERO);
2294 		if (f->fs_xfer == NULL) {
2295 			usb_fifo_free_buffer(f);
2296 			error = ENOMEM;
2297 			break;
2298 		}
2299 		f->fs_ep_max = u.pinit->ep_index_max;
2300 		f->fs_ep_ptr = u.pinit->pEndpoints;
2301 		break;
2302 
2303 	case USB_FS_UNINIT:
2304 		if (u.puninit->dummy != 0) {
2305 			error = EINVAL;
2306 			break;
2307 		}
2308 		error = ugen_fs_uninit(f);
2309 		break;
2310 
2311 	default:
2312 		mtx_lock(f->priv_mtx);
2313 		error = ugen_iface_ioctl(f, cmd, addr, fflags);
2314 		mtx_unlock(f->priv_mtx);
2315 		break;
2316 	}
2317 	DPRINTFN(6, "error=%d\n", error);
2318 	return (error);
2319 }
2320 
2321 static void
2322 ugen_ctrl_fs_callback(struct usb_xfer *xfer, usb_error_t error)
2323 {
2324 	;				/* workaround for a bug in "indent" */
2325 
2326 	DPRINTF("st=%u alen=%u aframes=%u\n",
2327 	    USB_GET_STATE(xfer), xfer->actlen, xfer->aframes);
2328 
2329 	switch (USB_GET_STATE(xfer)) {
2330 	case USB_ST_SETUP:
2331 		usbd_transfer_submit(xfer);
2332 		break;
2333 	default:
2334 		ugen_fs_set_complete(xfer->priv_sc, USB_P2U(xfer->priv_fifo));
2335 		break;
2336 	}
2337 }
2338 #endif	/* USB_HAVE_UGEN */
2339