xref: /freebsd/sys/dev/usb/usb_request.c (revision 13ec1e3155c7e9bf037b12af186351b7fa9b9450)
1 /* $FreeBSD$ */
2 /*-
3  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4  *
5  * Copyright (c) 1998 The NetBSD Foundation, Inc. All rights reserved.
6  * Copyright (c) 1998 Lennart Augustsson. All rights reserved.
7  * Copyright (c) 2008-2020 Hans Petter Selasky. All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  */
30 
31 #ifdef USB_GLOBAL_INCLUDE_FILE
32 #include USB_GLOBAL_INCLUDE_FILE
33 #else
34 #include <sys/stdint.h>
35 #include <sys/stddef.h>
36 #include <sys/param.h>
37 #include <sys/queue.h>
38 #include <sys/types.h>
39 #include <sys/systm.h>
40 #include <sys/kernel.h>
41 #include <sys/bus.h>
42 #include <sys/module.h>
43 #include <sys/lock.h>
44 #include <sys/mutex.h>
45 #include <sys/condvar.h>
46 #include <sys/sysctl.h>
47 #include <sys/sx.h>
48 #include <sys/unistd.h>
49 #include <sys/callout.h>
50 #include <sys/malloc.h>
51 #include <sys/priv.h>
52 
53 #include <dev/usb/usb.h>
54 #include <dev/usb/usbdi.h>
55 #include <dev/usb/usbdi_util.h>
56 #include <dev/usb/usbhid.h>
57 
58 #define	USB_DEBUG_VAR usb_debug
59 
60 #include <dev/usb/usb_core.h>
61 #include <dev/usb/usb_busdma.h>
62 #include <dev/usb/usb_request.h>
63 #include <dev/usb/usb_process.h>
64 #include <dev/usb/usb_transfer.h>
65 #include <dev/usb/usb_debug.h>
66 #include <dev/usb/usb_device.h>
67 #include <dev/usb/usb_util.h>
68 #include <dev/usb/usb_dynamic.h>
69 
70 #include <dev/usb/usb_controller.h>
71 #include <dev/usb/usb_bus.h>
72 #include <sys/ctype.h>
73 #endif			/* USB_GLOBAL_INCLUDE_FILE */
74 
75 static int usb_no_cs_fail;
76 
77 SYSCTL_INT(_hw_usb, OID_AUTO, no_cs_fail, CTLFLAG_RWTUN,
78     &usb_no_cs_fail, 0, "USB clear stall failures are ignored, if set");
79 
80 static int usb_full_ddesc;
81 
82 SYSCTL_INT(_hw_usb, OID_AUTO, full_ddesc, CTLFLAG_RWTUN,
83     &usb_full_ddesc, 0, "USB always read complete device descriptor, if set");
84 
85 #ifdef USB_DEBUG
86 #ifdef USB_REQ_DEBUG
87 /* The following structures are used in connection to fault injection. */
88 struct usb_ctrl_debug {
89 	int bus_index;		/* target bus */
90 	int dev_index;		/* target address */
91 	int ds_fail;		/* fail data stage */
92 	int ss_fail;		/* fail status stage */
93 	int ds_delay;		/* data stage delay in ms */
94 	int ss_delay;		/* status stage delay in ms */
95 	int bmRequestType_value;
96 	int bRequest_value;
97 };
98 
99 struct usb_ctrl_debug_bits {
100 	uint16_t ds_delay;
101 	uint16_t ss_delay;
102 	uint8_t ds_fail:1;
103 	uint8_t ss_fail:1;
104 	uint8_t enabled:1;
105 };
106 
107 /* The default is to disable fault injection. */
108 
109 static struct usb_ctrl_debug usb_ctrl_debug = {
110 	.bus_index = -1,
111 	.dev_index = -1,
112 	.bmRequestType_value = -1,
113 	.bRequest_value = -1,
114 };
115 
116 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_bus_fail, CTLFLAG_RWTUN,
117     &usb_ctrl_debug.bus_index, 0, "USB controller index to fail");
118 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_dev_fail, CTLFLAG_RWTUN,
119     &usb_ctrl_debug.dev_index, 0, "USB device address to fail");
120 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ds_fail, CTLFLAG_RWTUN,
121     &usb_ctrl_debug.ds_fail, 0, "USB fail data stage");
122 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ss_fail, CTLFLAG_RWTUN,
123     &usb_ctrl_debug.ss_fail, 0, "USB fail status stage");
124 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ds_delay, CTLFLAG_RWTUN,
125     &usb_ctrl_debug.ds_delay, 0, "USB data stage delay in ms");
126 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ss_delay, CTLFLAG_RWTUN,
127     &usb_ctrl_debug.ss_delay, 0, "USB status stage delay in ms");
128 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_rt_fail, CTLFLAG_RWTUN,
129     &usb_ctrl_debug.bmRequestType_value, 0, "USB bmRequestType to fail");
130 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_rv_fail, CTLFLAG_RWTUN,
131     &usb_ctrl_debug.bRequest_value, 0, "USB bRequest to fail");
132 
133 /*------------------------------------------------------------------------*
134  *	usbd_get_debug_bits
135  *
136  * This function is only useful in USB host mode.
137  *------------------------------------------------------------------------*/
138 static void
139 usbd_get_debug_bits(struct usb_device *udev, struct usb_device_request *req,
140     struct usb_ctrl_debug_bits *dbg)
141 {
142 	int temp;
143 
144 	memset(dbg, 0, sizeof(*dbg));
145 
146 	/* Compute data stage delay */
147 
148 	temp = usb_ctrl_debug.ds_delay;
149 	if (temp < 0)
150 		temp = 0;
151 	else if (temp > (16*1024))
152 		temp = (16*1024);
153 
154 	dbg->ds_delay = temp;
155 
156 	/* Compute status stage delay */
157 
158 	temp = usb_ctrl_debug.ss_delay;
159 	if (temp < 0)
160 		temp = 0;
161 	else if (temp > (16*1024))
162 		temp = (16*1024);
163 
164 	dbg->ss_delay = temp;
165 
166 	/* Check if this control request should be failed */
167 
168 	if (usbd_get_bus_index(udev) != usb_ctrl_debug.bus_index)
169 		return;
170 
171 	if (usbd_get_device_index(udev) != usb_ctrl_debug.dev_index)
172 		return;
173 
174 	temp = usb_ctrl_debug.bmRequestType_value;
175 
176 	if ((temp != req->bmRequestType) && (temp >= 0) && (temp <= 255))
177 		return;
178 
179 	temp = usb_ctrl_debug.bRequest_value;
180 
181 	if ((temp != req->bRequest) && (temp >= 0) && (temp <= 255))
182 		return;
183 
184 	temp = usb_ctrl_debug.ds_fail;
185 	if (temp)
186 		dbg->ds_fail = 1;
187 
188 	temp = usb_ctrl_debug.ss_fail;
189 	if (temp)
190 		dbg->ss_fail = 1;
191 
192 	dbg->enabled = 1;
193 }
194 #endif	/* USB_REQ_DEBUG */
195 #endif	/* USB_DEBUG */
196 
197 /*------------------------------------------------------------------------*
198  *	usbd_do_request_callback
199  *
200  * This function is the USB callback for generic USB Host control
201  * transfers.
202  *------------------------------------------------------------------------*/
203 void
204 usbd_do_request_callback(struct usb_xfer *xfer, usb_error_t error)
205 {
206 	;				/* workaround for a bug in "indent" */
207 
208 	DPRINTF("st=%u\n", USB_GET_STATE(xfer));
209 
210 	switch (USB_GET_STATE(xfer)) {
211 	case USB_ST_SETUP:
212 		usbd_transfer_submit(xfer);
213 		break;
214 	default:
215 		cv_signal(&xfer->xroot->udev->ctrlreq_cv);
216 		break;
217 	}
218 }
219 
220 /*------------------------------------------------------------------------*
221  *	usb_do_clear_stall_callback
222  *
223  * This function is the USB callback for generic clear stall requests.
224  *------------------------------------------------------------------------*/
225 void
226 usb_do_clear_stall_callback(struct usb_xfer *xfer, usb_error_t error)
227 {
228 	struct usb_device_request req;
229 	struct usb_device *udev;
230 	struct usb_endpoint *ep;
231 	struct usb_endpoint *ep_end;
232 	struct usb_endpoint *ep_first;
233 	usb_stream_t x;
234 	uint8_t to;
235 
236 	udev = xfer->xroot->udev;
237 
238 	USB_BUS_LOCK(udev->bus);
239 
240 	/* round robin endpoint clear stall */
241 
242 	ep = udev->ep_curr;
243 	ep_end = udev->endpoints + udev->endpoints_max;
244 	ep_first = udev->endpoints;
245 	to = udev->endpoints_max;
246 
247 	switch (USB_GET_STATE(xfer)) {
248 	case USB_ST_TRANSFERRED:
249 tr_transferred:
250 		/* reset error counter */
251 		udev->clear_stall_errors = 0;
252 
253 		if (ep == NULL)
254 			goto tr_setup;		/* device was unconfigured */
255 		if (ep->edesc &&
256 		    ep->is_stalled) {
257 			ep->toggle_next = 0;
258 			ep->is_stalled = 0;
259 			/* some hardware needs a callback to clear the data toggle */
260 			usbd_clear_stall_locked(udev, ep);
261 			for (x = 0; x != USB_MAX_EP_STREAMS; x++) {
262 				/* start the current or next transfer, if any */
263 				usb_command_wrapper(&ep->endpoint_q[x],
264 				    ep->endpoint_q[x].curr);
265 			}
266 		}
267 		ep++;
268 
269 	case USB_ST_SETUP:
270 tr_setup:
271 		if (to == 0)
272 			break;			/* no endpoints - nothing to do */
273 		if ((ep < ep_first) || (ep >= ep_end))
274 			ep = ep_first;	/* endpoint wrapped around */
275 		if (ep->edesc &&
276 		    ep->is_stalled) {
277 			/* setup a clear-stall packet */
278 
279 			req.bmRequestType = UT_WRITE_ENDPOINT;
280 			req.bRequest = UR_CLEAR_FEATURE;
281 			USETW(req.wValue, UF_ENDPOINT_HALT);
282 			req.wIndex[0] = ep->edesc->bEndpointAddress;
283 			req.wIndex[1] = 0;
284 			USETW(req.wLength, 0);
285 
286 			/* copy in the transfer */
287 
288 			usbd_copy_in(xfer->frbuffers, 0, &req, sizeof(req));
289 
290 			/* set length */
291 			usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
292 			xfer->nframes = 1;
293 			USB_BUS_UNLOCK(udev->bus);
294 
295 			usbd_transfer_submit(xfer);
296 
297 			USB_BUS_LOCK(udev->bus);
298 			break;
299 		}
300 		ep++;
301 		to--;
302 		goto tr_setup;
303 
304 	default:
305 		if (error == USB_ERR_CANCELLED)
306 			break;
307 
308 		DPRINTF("Clear stall failed.\n");
309 
310 		/*
311 		 * Some VMs like VirtualBox always return failure on
312 		 * clear-stall which we sometimes should just ignore.
313 		 */
314 		if (usb_no_cs_fail)
315 			goto tr_transferred;
316 		if (udev->clear_stall_errors == USB_CS_RESET_LIMIT)
317 			goto tr_setup;
318 
319 		if (error == USB_ERR_TIMEOUT) {
320 			udev->clear_stall_errors = USB_CS_RESET_LIMIT;
321 			DPRINTF("Trying to re-enumerate.\n");
322 			usbd_start_re_enumerate(udev);
323 		} else {
324 			udev->clear_stall_errors++;
325 			if (udev->clear_stall_errors == USB_CS_RESET_LIMIT) {
326 				DPRINTF("Trying to re-enumerate.\n");
327 				usbd_start_re_enumerate(udev);
328 			}
329 		}
330 		goto tr_setup;
331 	}
332 
333 	/* store current endpoint */
334 	udev->ep_curr = ep;
335 	USB_BUS_UNLOCK(udev->bus);
336 }
337 
338 static usb_handle_req_t *
339 usbd_get_hr_func(struct usb_device *udev)
340 {
341 	/* figure out if there is a Handle Request function */
342 	if (udev->flags.usb_mode == USB_MODE_DEVICE)
343 		return (usb_temp_get_desc_p);
344 	else if (udev->parent_hub == NULL)
345 		return (udev->bus->methods->roothub_exec);
346 	else
347 		return (NULL);
348 }
349 
350 /*------------------------------------------------------------------------*
351  *	usbd_do_request_flags and usbd_do_request
352  *
353  * Description of arguments passed to these functions:
354  *
355  * "udev" - this is the "usb_device" structure pointer on which the
356  * request should be performed. It is possible to call this function
357  * in both Host Side mode and Device Side mode.
358  *
359  * "mtx" - if this argument is non-NULL the mutex pointed to by it
360  * will get dropped and picked up during the execution of this
361  * function, hence this function sometimes needs to sleep. If this
362  * argument is NULL it has no effect.
363  *
364  * "req" - this argument must always be non-NULL and points to an
365  * 8-byte structure holding the USB request to be done. The USB
366  * request structure has a bit telling the direction of the USB
367  * request, if it is a read or a write.
368  *
369  * "data" - if the "wLength" part of the structure pointed to by "req"
370  * is non-zero this argument must point to a valid kernel buffer which
371  * can hold at least "wLength" bytes. If "wLength" is zero "data" can
372  * be NULL.
373  *
374  * "flags" - here is a list of valid flags:
375  *
376  *  o USB_SHORT_XFER_OK: allows the data transfer to be shorter than
377  *  specified
378  *
379  *  o USB_DELAY_STATUS_STAGE: allows the status stage to be performed
380  *  at a later point in time. This is tunable by the "hw.usb.ss_delay"
381  *  sysctl. This flag is mostly useful for debugging.
382  *
383  *  o USB_USER_DATA_PTR: treat the "data" pointer like a userland
384  *  pointer.
385  *
386  * "actlen" - if non-NULL the actual transfer length will be stored in
387  * the 16-bit unsigned integer pointed to by "actlen". This
388  * information is mostly useful when the "USB_SHORT_XFER_OK" flag is
389  * used.
390  *
391  * "timeout" - gives the timeout for the control transfer in
392  * milliseconds. A "timeout" value less than 50 milliseconds is
393  * treated like a 50 millisecond timeout. A "timeout" value greater
394  * than 30 seconds is treated like a 30 second timeout. This USB stack
395  * does not allow control requests without a timeout.
396  *
397  * NOTE: This function is thread safe. All calls to "usbd_do_request_flags"
398  * will be serialized by the use of the USB device enumeration lock.
399  *
400  * Returns:
401  *    0: Success
402  * Else: Failure
403  *------------------------------------------------------------------------*/
404 usb_error_t
405 usbd_do_request_flags(struct usb_device *udev, struct mtx *mtx,
406     struct usb_device_request *req, void *data, uint16_t flags,
407     uint16_t *actlen, usb_timeout_t timeout)
408 {
409 #ifdef USB_REQ_DEBUG
410 	struct usb_ctrl_debug_bits dbg;
411 #endif
412 	usb_handle_req_t *hr_func;
413 	struct usb_xfer *xfer;
414 	const void *desc;
415 	int err = 0;
416 	usb_ticks_t start_ticks;
417 	usb_ticks_t delta_ticks;
418 	usb_ticks_t max_ticks;
419 	uint16_t length;
420 	uint16_t temp;
421 	uint16_t acttemp;
422 	uint8_t do_unlock;
423 
424 	if (timeout < 50) {
425 		/* timeout is too small */
426 		timeout = 50;
427 	}
428 	if (timeout > 30000) {
429 		/* timeout is too big */
430 		timeout = 30000;
431 	}
432 	length = UGETW(req->wLength);
433 
434 	DPRINTFN(5, "udev=%p bmRequestType=0x%02x bRequest=0x%02x "
435 	    "wValue=0x%02x%02x wIndex=0x%02x%02x wLength=0x%02x%02x\n",
436 	    udev, req->bmRequestType, req->bRequest,
437 	    req->wValue[1], req->wValue[0],
438 	    req->wIndex[1], req->wIndex[0],
439 	    req->wLength[1], req->wLength[0]);
440 
441 	/* Check if the device is still alive */
442 	if (udev->state < USB_STATE_POWERED) {
443 		DPRINTF("usb device has gone\n");
444 		return (USB_ERR_NOT_CONFIGURED);
445 	}
446 
447 	/*
448 	 * Set "actlen" to a known value in case the caller does not
449 	 * check the return value:
450 	 */
451 	if (actlen)
452 		*actlen = 0;
453 
454 #if (USB_HAVE_USER_IO == 0)
455 	if (flags & USB_USER_DATA_PTR)
456 		return (USB_ERR_INVAL);
457 #endif
458 	if ((mtx != NULL) && (mtx != &Giant)) {
459 		USB_MTX_UNLOCK(mtx);
460 		USB_MTX_ASSERT(mtx, MA_NOTOWNED);
461 	}
462 
463 	/*
464 	 * Serialize access to this function:
465 	 */
466 	do_unlock = usbd_ctrl_lock(udev);
467 
468 	hr_func = usbd_get_hr_func(udev);
469 
470 	if (hr_func != NULL) {
471 		DPRINTF("Handle Request function is set\n");
472 
473 		desc = NULL;
474 		temp = 0;
475 
476 		if (!(req->bmRequestType & UT_READ)) {
477 			if (length != 0) {
478 				DPRINTFN(1, "The handle request function "
479 				    "does not support writing data!\n");
480 				err = USB_ERR_INVAL;
481 				goto done;
482 			}
483 		}
484 
485 		/* The root HUB code needs the BUS lock locked */
486 
487 		USB_BUS_LOCK(udev->bus);
488 		err = (hr_func) (udev, req, &desc, &temp);
489 		USB_BUS_UNLOCK(udev->bus);
490 
491 		if (err)
492 			goto done;
493 
494 		if (length > temp) {
495 			if (!(flags & USB_SHORT_XFER_OK)) {
496 				err = USB_ERR_SHORT_XFER;
497 				goto done;
498 			}
499 			length = temp;
500 		}
501 		if (actlen)
502 			*actlen = length;
503 
504 		if (length > 0) {
505 #if USB_HAVE_USER_IO
506 			if (flags & USB_USER_DATA_PTR) {
507 				if (copyout(desc, data, length)) {
508 					err = USB_ERR_INVAL;
509 					goto done;
510 				}
511 			} else
512 #endif
513 				memcpy(data, desc, length);
514 		}
515 		goto done;		/* success */
516 	}
517 
518 	/*
519 	 * Setup a new USB transfer or use the existing one, if any:
520 	 */
521 	usbd_ctrl_transfer_setup(udev);
522 
523 	xfer = udev->ctrl_xfer[0];
524 	if (xfer == NULL) {
525 		/* most likely out of memory */
526 		err = USB_ERR_NOMEM;
527 		goto done;
528 	}
529 
530 #ifdef USB_REQ_DEBUG
531 	/* Get debug bits */
532 	usbd_get_debug_bits(udev, req, &dbg);
533 
534 	/* Check for fault injection */
535 	if (dbg.enabled)
536 		flags |= USB_DELAY_STATUS_STAGE;
537 #endif
538 	USB_XFER_LOCK(xfer);
539 
540 	if (flags & USB_DELAY_STATUS_STAGE)
541 		xfer->flags.manual_status = 1;
542 	else
543 		xfer->flags.manual_status = 0;
544 
545 	if (flags & USB_SHORT_XFER_OK)
546 		xfer->flags.short_xfer_ok = 1;
547 	else
548 		xfer->flags.short_xfer_ok = 0;
549 
550 	xfer->timeout = timeout;
551 
552 	start_ticks = ticks;
553 
554 	max_ticks = USB_MS_TO_TICKS(timeout);
555 
556 	usbd_copy_in(xfer->frbuffers, 0, req, sizeof(*req));
557 
558 	usbd_xfer_set_frame_len(xfer, 0, sizeof(*req));
559 
560 	while (1) {
561 		temp = length;
562 		if (temp > usbd_xfer_max_len(xfer)) {
563 			temp = usbd_xfer_max_len(xfer);
564 		}
565 #ifdef USB_REQ_DEBUG
566 		if (xfer->flags.manual_status) {
567 			if (usbd_xfer_frame_len(xfer, 0) != 0) {
568 				/* Execute data stage separately */
569 				temp = 0;
570 			} else if (temp > 0) {
571 				if (dbg.ds_fail) {
572 					err = USB_ERR_INVAL;
573 					break;
574 				}
575 				if (dbg.ds_delay > 0) {
576 					usb_pause_mtx(
577 					    xfer->xroot->xfer_mtx,
578 				            USB_MS_TO_TICKS(dbg.ds_delay));
579 					/* make sure we don't time out */
580 					start_ticks = ticks;
581 				}
582 			}
583 		}
584 #endif
585 		usbd_xfer_set_frame_len(xfer, 1, temp);
586 
587 		if (temp > 0) {
588 			if (!(req->bmRequestType & UT_READ)) {
589 #if USB_HAVE_USER_IO
590 				if (flags & USB_USER_DATA_PTR) {
591 					USB_XFER_UNLOCK(xfer);
592 					err = usbd_copy_in_user(xfer->frbuffers + 1,
593 					    0, data, temp);
594 					USB_XFER_LOCK(xfer);
595 					if (err) {
596 						err = USB_ERR_INVAL;
597 						break;
598 					}
599 				} else
600 #endif
601 					usbd_copy_in(xfer->frbuffers + 1,
602 					    0, data, temp);
603 			}
604 			usbd_xfer_set_frames(xfer, 2);
605 		} else {
606 			if (usbd_xfer_frame_len(xfer, 0) == 0) {
607 				if (xfer->flags.manual_status) {
608 #ifdef USB_REQ_DEBUG
609 					if (dbg.ss_fail) {
610 						err = USB_ERR_INVAL;
611 						break;
612 					}
613 					if (dbg.ss_delay > 0) {
614 						usb_pause_mtx(
615 						    xfer->xroot->xfer_mtx,
616 						    USB_MS_TO_TICKS(dbg.ss_delay));
617 						/* make sure we don't time out */
618 						start_ticks = ticks;
619 					}
620 #endif
621 					xfer->flags.manual_status = 0;
622 				} else {
623 					break;
624 				}
625 			}
626 			usbd_xfer_set_frames(xfer, 1);
627 		}
628 
629 		usbd_transfer_start(xfer);
630 
631 		while (usbd_transfer_pending(xfer)) {
632 			cv_wait(&udev->ctrlreq_cv,
633 			    xfer->xroot->xfer_mtx);
634 		}
635 
636 		err = xfer->error;
637 
638 		if (err) {
639 			break;
640 		}
641 
642 		/* get actual length of DATA stage */
643 
644 		if (xfer->aframes < 2) {
645 			acttemp = 0;
646 		} else {
647 			acttemp = usbd_xfer_frame_len(xfer, 1);
648 		}
649 
650 		/* check for short packet */
651 
652 		if (temp > acttemp) {
653 			temp = acttemp;
654 			length = temp;
655 		}
656 		if (temp > 0) {
657 			if (req->bmRequestType & UT_READ) {
658 #if USB_HAVE_USER_IO
659 				if (flags & USB_USER_DATA_PTR) {
660 					USB_XFER_UNLOCK(xfer);
661 					err = usbd_copy_out_user(xfer->frbuffers + 1,
662 					    0, data, temp);
663 					USB_XFER_LOCK(xfer);
664 					if (err) {
665 						err = USB_ERR_INVAL;
666 						break;
667 					}
668 				} else
669 #endif
670 					usbd_copy_out(xfer->frbuffers + 1,
671 					    0, data, temp);
672 			}
673 		}
674 		/*
675 		 * Clear "frlengths[0]" so that we don't send the setup
676 		 * packet again:
677 		 */
678 		usbd_xfer_set_frame_len(xfer, 0, 0);
679 
680 		/* update length and data pointer */
681 		length -= temp;
682 		data = USB_ADD_BYTES(data, temp);
683 
684 		if (actlen) {
685 			(*actlen) += temp;
686 		}
687 		/* check for timeout */
688 
689 		delta_ticks = ticks - start_ticks;
690 		if (delta_ticks > max_ticks) {
691 			if (!err) {
692 				err = USB_ERR_TIMEOUT;
693 			}
694 		}
695 		if (err) {
696 			break;
697 		}
698 	}
699 
700 	if (err) {
701 		/*
702 		 * Make sure that the control endpoint is no longer
703 		 * blocked in case of a non-transfer related error:
704 		 */
705 		usbd_transfer_stop(xfer);
706 	}
707 	USB_XFER_UNLOCK(xfer);
708 
709 done:
710 	if (do_unlock)
711 		usbd_ctrl_unlock(udev);
712 
713 	if ((mtx != NULL) && (mtx != &Giant))
714 		USB_MTX_LOCK(mtx);
715 
716 	switch (err) {
717 	case USB_ERR_NORMAL_COMPLETION:
718 	case USB_ERR_SHORT_XFER:
719 	case USB_ERR_STALLED:
720 	case USB_ERR_CANCELLED:
721 		break;
722 	default:
723 		DPRINTF("error=%s - waiting a bit for TT cleanup\n",
724 		    usbd_errstr(err));
725 		usb_pause_mtx(mtx, hz / 16);
726 		break;
727 	}
728 	return ((usb_error_t)err);
729 }
730 
731 /*------------------------------------------------------------------------*
732  *	usbd_do_request_proc - factored out code
733  *
734  * This function is factored out code. It does basically the same like
735  * usbd_do_request_flags, except it will check the status of the
736  * passed process argument before doing the USB request. If the
737  * process is draining the USB_ERR_IOERROR code will be returned. It
738  * is assumed that the mutex associated with the process is locked
739  * when calling this function.
740  *------------------------------------------------------------------------*/
741 usb_error_t
742 usbd_do_request_proc(struct usb_device *udev, struct usb_process *pproc,
743     struct usb_device_request *req, void *data, uint16_t flags,
744     uint16_t *actlen, usb_timeout_t timeout)
745 {
746 	usb_error_t err;
747 	uint16_t len;
748 
749 	/* get request data length */
750 	len = UGETW(req->wLength);
751 
752 	/* check if the device is being detached */
753 	if (usb_proc_is_gone(pproc)) {
754 		err = USB_ERR_IOERROR;
755 		goto done;
756 	}
757 
758 	/* forward the USB request */
759 	err = usbd_do_request_flags(udev, pproc->up_mtx,
760 	    req, data, flags, actlen, timeout);
761 
762 done:
763 	/* on failure we zero the data */
764 	/* on short packet we zero the unused data */
765 	if ((len != 0) && (req->bmRequestType & UE_DIR_IN)) {
766 		if (err)
767 			memset(data, 0, len);
768 		else if (actlen && *actlen != len)
769 			memset(((uint8_t *)data) + *actlen, 0, len - *actlen);
770 	}
771 	return (err);
772 }
773 
774 /*------------------------------------------------------------------------*
775  *	usbd_req_reset_port
776  *
777  * This function will instruct a USB HUB to perform a reset sequence
778  * on the specified port number.
779  *
780  * Returns:
781  *    0: Success. The USB device should now be at address zero.
782  * Else: Failure. No USB device is present and the USB port should be
783  *       disabled.
784  *------------------------------------------------------------------------*/
785 usb_error_t
786 usbd_req_reset_port(struct usb_device *udev, struct mtx *mtx, uint8_t port)
787 {
788 	struct usb_port_status ps;
789 	usb_error_t err;
790 	uint16_t n;
791 	uint16_t status;
792 	uint16_t change;
793 
794 	DPRINTF("\n");
795 
796 	/* clear any leftover port reset changes first */
797 	usbd_req_clear_port_feature(
798 	    udev, mtx, port, UHF_C_PORT_RESET);
799 
800 	/* assert port reset on the given port */
801 	err = usbd_req_set_port_feature(
802 	    udev, mtx, port, UHF_PORT_RESET);
803 
804 	/* check for errors */
805 	if (err)
806 		goto done;
807 	n = 0;
808 	while (1) {
809 		/* wait for the device to recover from reset */
810 		usb_pause_mtx(mtx, USB_MS_TO_TICKS(usb_port_reset_delay));
811 		n += usb_port_reset_delay;
812 		err = usbd_req_get_port_status(udev, mtx, &ps, port);
813 		if (err)
814 			goto done;
815 
816 		status = UGETW(ps.wPortStatus);
817 		change = UGETW(ps.wPortChange);
818 
819 		/* if the device disappeared, just give up */
820 		if (!(status & UPS_CURRENT_CONNECT_STATUS))
821 			goto done;
822 
823 		/* check if reset is complete */
824 		if (change & UPS_C_PORT_RESET)
825 			break;
826 
827 		/*
828 		 * Some Virtual Machines like VirtualBox 4.x fail to
829 		 * generate a port reset change event. Check if reset
830 		 * is no longer asserted.
831 		 */
832 		if (!(status & UPS_RESET))
833 			break;
834 
835 		/* check for timeout */
836 		if (n > 1000) {
837 			n = 0;
838 			break;
839 		}
840 	}
841 
842 	/* clear port reset first */
843 	err = usbd_req_clear_port_feature(
844 	    udev, mtx, port, UHF_C_PORT_RESET);
845 	if (err)
846 		goto done;
847 
848 	/* check for timeout */
849 	if (n == 0) {
850 		err = USB_ERR_TIMEOUT;
851 		goto done;
852 	}
853 	/* wait for the device to recover from reset */
854 	usb_pause_mtx(mtx, USB_MS_TO_TICKS(usb_port_reset_recovery));
855 
856 done:
857 	DPRINTFN(2, "port %d reset returning error=%s\n",
858 	    port, usbd_errstr(err));
859 	return (err);
860 }
861 
862 /*------------------------------------------------------------------------*
863  *	usbd_req_warm_reset_port
864  *
865  * This function will instruct an USB HUB to perform a warm reset
866  * sequence on the specified port number. This kind of reset is not
867  * mandatory for LOW-, FULL- and HIGH-speed USB HUBs and is targeted
868  * for SUPER-speed USB HUBs.
869  *
870  * Returns:
871  *    0: Success. The USB device should now be available again.
872  * Else: Failure. No USB device is present and the USB port should be
873  *       disabled.
874  *------------------------------------------------------------------------*/
875 usb_error_t
876 usbd_req_warm_reset_port(struct usb_device *udev, struct mtx *mtx,
877     uint8_t port)
878 {
879 	struct usb_port_status ps;
880 	usb_error_t err;
881 	uint16_t n;
882 	uint16_t status;
883 	uint16_t change;
884 
885 	DPRINTF("\n");
886 
887 	err = usbd_req_get_port_status(udev, mtx, &ps, port);
888 	if (err)
889 		goto done;
890 
891 	status = UGETW(ps.wPortStatus);
892 
893 	switch (UPS_PORT_LINK_STATE_GET(status)) {
894 	case UPS_PORT_LS_U3:
895 	case UPS_PORT_LS_COMP_MODE:
896 	case UPS_PORT_LS_LOOPBACK:
897 	case UPS_PORT_LS_SS_INA:
898 		break;
899 	default:
900 		DPRINTF("Wrong state for warm reset\n");
901 		return (0);
902 	}
903 
904 	/* clear any leftover warm port reset changes first */
905 	usbd_req_clear_port_feature(udev, mtx,
906 	    port, UHF_C_BH_PORT_RESET);
907 
908 	/* set warm port reset */
909 	err = usbd_req_set_port_feature(udev, mtx,
910 	    port, UHF_BH_PORT_RESET);
911 	if (err)
912 		goto done;
913 
914 	n = 0;
915 	while (1) {
916 		/* wait for the device to recover from reset */
917 		usb_pause_mtx(mtx, USB_MS_TO_TICKS(usb_port_reset_delay));
918 		n += usb_port_reset_delay;
919 		err = usbd_req_get_port_status(udev, mtx, &ps, port);
920 		if (err)
921 			goto done;
922 
923 		status = UGETW(ps.wPortStatus);
924 		change = UGETW(ps.wPortChange);
925 
926 		/* if the device disappeared, just give up */
927 		if (!(status & UPS_CURRENT_CONNECT_STATUS))
928 			goto done;
929 
930 		/* check if reset is complete */
931 		if (change & UPS_C_BH_PORT_RESET)
932 			break;
933 
934 		/* check for timeout */
935 		if (n > 1000) {
936 			n = 0;
937 			break;
938 		}
939 	}
940 
941 	/* clear port reset first */
942 	err = usbd_req_clear_port_feature(
943 	    udev, mtx, port, UHF_C_BH_PORT_RESET);
944 	if (err)
945 		goto done;
946 
947 	/* check for timeout */
948 	if (n == 0) {
949 		err = USB_ERR_TIMEOUT;
950 		goto done;
951 	}
952 	/* wait for the device to recover from reset */
953 	usb_pause_mtx(mtx, USB_MS_TO_TICKS(usb_port_reset_recovery));
954 
955 done:
956 	DPRINTFN(2, "port %d warm reset returning error=%s\n",
957 	    port, usbd_errstr(err));
958 	return (err);
959 }
960 
961 /*------------------------------------------------------------------------*
962  *	usbd_req_get_desc
963  *
964  * This function can be used to retrieve USB descriptors. It contains
965  * some additional logic like zeroing of missing descriptor bytes and
966  * retrying an USB descriptor in case of failure. The "min_len"
967  * argument specifies the minimum descriptor length. The "max_len"
968  * argument specifies the maximum descriptor length. If the real
969  * descriptor length is less than the minimum length the missing
970  * byte(s) will be zeroed. The type field, the second byte of the USB
971  * descriptor, will get forced to the correct type. If the "actlen"
972  * pointer is non-NULL, the actual length of the transfer will get
973  * stored in the 16-bit unsigned integer which it is pointing to. The
974  * first byte of the descriptor will not get updated. If the "actlen"
975  * pointer is NULL the first byte of the descriptor will get updated
976  * to reflect the actual length instead. If "min_len" is not equal to
977  * "max_len" then this function will try to retrive the beginning of
978  * the descriptor and base the maximum length on the first byte of the
979  * descriptor.
980  *
981  * Returns:
982  *    0: Success
983  * Else: Failure
984  *------------------------------------------------------------------------*/
985 usb_error_t
986 usbd_req_get_desc(struct usb_device *udev,
987     struct mtx *mtx, uint16_t *actlen, void *desc,
988     uint16_t min_len, uint16_t max_len,
989     uint16_t id, uint8_t type, uint8_t index,
990     uint8_t retries)
991 {
992 	struct usb_device_request req;
993 	uint8_t *buf = desc;
994 	usb_error_t err;
995 
996 	DPRINTFN(4, "id=%d, type=%d, index=%d, max_len=%d\n",
997 	    id, type, index, max_len);
998 
999 	req.bmRequestType = UT_READ_DEVICE;
1000 	req.bRequest = UR_GET_DESCRIPTOR;
1001 	USETW2(req.wValue, type, index);
1002 	USETW(req.wIndex, id);
1003 
1004 	while (1) {
1005 		if ((min_len < 2) || (max_len < 2)) {
1006 			err = USB_ERR_INVAL;
1007 			goto done;
1008 		}
1009 		USETW(req.wLength, min_len);
1010 
1011 		err = usbd_do_request_flags(udev, mtx, &req,
1012 		    desc, 0, NULL, 1000 /* ms */);
1013 
1014 		if (err != 0 && err != USB_ERR_TIMEOUT &&
1015 		    min_len != max_len) {
1016 			/* clear descriptor data */
1017 			memset(desc, 0, max_len);
1018 
1019 			/* try to read full descriptor length */
1020 			USETW(req.wLength, max_len);
1021 
1022 			err = usbd_do_request_flags(udev, mtx, &req,
1023 			    desc, USB_SHORT_XFER_OK, NULL, 1000 /* ms */);
1024 
1025 			if (err == 0) {
1026 				/* verify length */
1027 				if (buf[0] > max_len)
1028 					buf[0] = max_len;
1029 				else if (buf[0] < 2)
1030 					err = USB_ERR_INVAL;
1031 
1032 				min_len = buf[0];
1033 
1034 				/* enforce descriptor type */
1035 				buf[1] = type;
1036 				goto done;
1037 			}
1038 		}
1039 
1040 		if (err) {
1041 			if (!retries) {
1042 				goto done;
1043 			}
1044 			retries--;
1045 
1046 			usb_pause_mtx(mtx, hz / 5);
1047 
1048 			continue;
1049 		}
1050 
1051 		if (min_len == max_len) {
1052 			/* enforce correct length */
1053 			if ((buf[0] > min_len) && (actlen == NULL))
1054 				buf[0] = min_len;
1055 
1056 			/* enforce correct type */
1057 			buf[1] = type;
1058 
1059 			goto done;
1060 		}
1061 		/* range check */
1062 
1063 		if (max_len > buf[0]) {
1064 			max_len = buf[0];
1065 		}
1066 		/* zero minimum data */
1067 
1068 		while (min_len > max_len) {
1069 			min_len--;
1070 			buf[min_len] = 0;
1071 		}
1072 
1073 		/* set new minimum length */
1074 
1075 		min_len = max_len;
1076 	}
1077 done:
1078 	if (actlen != NULL) {
1079 		if (err)
1080 			*actlen = 0;
1081 		else
1082 			*actlen = min_len;
1083 	}
1084 	return (err);
1085 }
1086 
1087 /*------------------------------------------------------------------------*
1088  *	usbd_req_get_string_any
1089  *
1090  * This function will return the string given by "string_index"
1091  * using the first language ID. The maximum length "len" includes
1092  * the terminating zero. The "len" argument should be twice as
1093  * big pluss 2 bytes, compared with the actual maximum string length !
1094  *
1095  * Returns:
1096  *    0: Success
1097  * Else: Failure
1098  *------------------------------------------------------------------------*/
1099 usb_error_t
1100 usbd_req_get_string_any(struct usb_device *udev, struct mtx *mtx, char *buf,
1101     uint16_t len, uint8_t string_index)
1102 {
1103 	char *s;
1104 	uint8_t *temp;
1105 	uint16_t i;
1106 	uint16_t n;
1107 	uint16_t c;
1108 	uint8_t swap;
1109 	usb_error_t err;
1110 
1111 	if (len == 0) {
1112 		/* should not happen */
1113 		return (USB_ERR_NORMAL_COMPLETION);
1114 	}
1115 	if (string_index == 0) {
1116 		/* this is the language table */
1117 		buf[0] = 0;
1118 		return (USB_ERR_INVAL);
1119 	}
1120 	if (udev->flags.no_strings) {
1121 		buf[0] = 0;
1122 		return (USB_ERR_STALLED);
1123 	}
1124 	err = usbd_req_get_string_desc
1125 	    (udev, mtx, buf, len, udev->langid, string_index);
1126 	if (err) {
1127 		buf[0] = 0;
1128 		return (err);
1129 	}
1130 	temp = (uint8_t *)buf;
1131 
1132 	if (temp[0] < 2) {
1133 		/* string length is too short */
1134 		buf[0] = 0;
1135 		return (USB_ERR_INVAL);
1136 	}
1137 	/* reserve one byte for terminating zero */
1138 	len--;
1139 
1140 	/* find maximum length */
1141 	s = buf;
1142 	n = (temp[0] / 2) - 1;
1143 	if (n > len) {
1144 		n = len;
1145 	}
1146 	/* skip descriptor header */
1147 	temp += 2;
1148 
1149 	/* reset swap state */
1150 	swap = 3;
1151 
1152 	/* convert and filter */
1153 	for (i = 0; (i != n); i++) {
1154 		c = UGETW(temp + (2 * i));
1155 
1156 		/* convert from Unicode, handle buggy strings */
1157 		if (((c & 0xff00) == 0) && (swap & 1)) {
1158 			/* Little Endian, default */
1159 			*s = c;
1160 			swap = 1;
1161 		} else if (((c & 0x00ff) == 0) && (swap & 2)) {
1162 			/* Big Endian */
1163 			*s = c >> 8;
1164 			swap = 2;
1165 		} else {
1166 			/* silently skip bad character */
1167 			continue;
1168 		}
1169 
1170 		/*
1171 		 * Filter by default - We only allow alphanumerical
1172 		 * and a few more to avoid any problems with scripts
1173 		 * and daemons.
1174 		 */
1175 		if (isalpha(*s) ||
1176 		    isdigit(*s) ||
1177 		    *s == '-' ||
1178 		    *s == '+' ||
1179 		    *s == ' ' ||
1180 		    *s == '.' ||
1181 		    *s == ',' ||
1182 		    *s == ':' ||
1183 		    *s == '/' ||
1184 		    *s == '(' ||
1185 		    *s == ')') {
1186 			/* allowed */
1187 			s++;
1188 		}
1189 		/* silently skip bad character */
1190 	}
1191 	*s = 0;				/* zero terminate resulting string */
1192 	return (USB_ERR_NORMAL_COMPLETION);
1193 }
1194 
1195 /*------------------------------------------------------------------------*
1196  *	usbd_req_get_string_desc
1197  *
1198  * If you don't know the language ID, consider using
1199  * "usbd_req_get_string_any()".
1200  *
1201  * Returns:
1202  *    0: Success
1203  * Else: Failure
1204  *------------------------------------------------------------------------*/
1205 usb_error_t
1206 usbd_req_get_string_desc(struct usb_device *udev, struct mtx *mtx, void *sdesc,
1207     uint16_t max_len, uint16_t lang_id,
1208     uint8_t string_index)
1209 {
1210 	return (usbd_req_get_desc(udev, mtx, NULL, sdesc, 2, max_len, lang_id,
1211 	    UDESC_STRING, string_index, 0));
1212 }
1213 
1214 /*------------------------------------------------------------------------*
1215  *	usbd_req_get_config_desc_ptr
1216  *
1217  * This function is used in device side mode to retrieve the pointer
1218  * to the generated config descriptor. This saves allocating space for
1219  * an additional config descriptor when setting the configuration.
1220  *
1221  * Returns:
1222  *    0: Success
1223  * Else: Failure
1224  *------------------------------------------------------------------------*/
1225 usb_error_t
1226 usbd_req_get_descriptor_ptr(struct usb_device *udev,
1227     struct usb_config_descriptor **ppcd, uint16_t wValue)
1228 {
1229 	struct usb_device_request req;
1230 	usb_handle_req_t *hr_func;
1231 	const void *ptr;
1232 	uint16_t len;
1233 	usb_error_t err;
1234 
1235 	req.bmRequestType = UT_READ_DEVICE;
1236 	req.bRequest = UR_GET_DESCRIPTOR;
1237 	USETW(req.wValue, wValue);
1238 	USETW(req.wIndex, 0);
1239 	USETW(req.wLength, 0);
1240 
1241 	ptr = NULL;
1242 	len = 0;
1243 
1244 	hr_func = usbd_get_hr_func(udev);
1245 
1246 	if (hr_func == NULL)
1247 		err = USB_ERR_INVAL;
1248 	else {
1249 		USB_BUS_LOCK(udev->bus);
1250 		err = (hr_func) (udev, &req, &ptr, &len);
1251 		USB_BUS_UNLOCK(udev->bus);
1252 	}
1253 
1254 	if (err)
1255 		ptr = NULL;
1256 	else if (ptr == NULL)
1257 		err = USB_ERR_INVAL;
1258 
1259 	*ppcd = __DECONST(struct usb_config_descriptor *, ptr);
1260 
1261 	return (err);
1262 }
1263 
1264 /*------------------------------------------------------------------------*
1265  *	usbd_req_get_config_desc
1266  *
1267  * Returns:
1268  *    0: Success
1269  * Else: Failure
1270  *------------------------------------------------------------------------*/
1271 usb_error_t
1272 usbd_req_get_config_desc(struct usb_device *udev, struct mtx *mtx,
1273     struct usb_config_descriptor *d, uint8_t conf_index)
1274 {
1275 	usb_error_t err;
1276 
1277 	DPRINTFN(4, "confidx=%d\n", conf_index);
1278 
1279 	err = usbd_req_get_desc(udev, mtx, NULL, d, sizeof(*d),
1280 	    sizeof(*d), 0, UDESC_CONFIG, conf_index, 0);
1281 	if (err) {
1282 		goto done;
1283 	}
1284 	/* Extra sanity checking */
1285 	if (UGETW(d->wTotalLength) < (uint16_t)sizeof(*d)) {
1286 		err = USB_ERR_INVAL;
1287 	}
1288 done:
1289 	return (err);
1290 }
1291 
1292 /*------------------------------------------------------------------------*
1293  *	usbd_alloc_config_desc
1294  *
1295  * This function is used to allocate a zeroed configuration
1296  * descriptor.
1297  *
1298  * Returns:
1299  * NULL: Failure
1300  * Else: Success
1301  *------------------------------------------------------------------------*/
1302 void *
1303 usbd_alloc_config_desc(struct usb_device *udev, uint32_t size)
1304 {
1305 	if (size > USB_CONFIG_MAX) {
1306 		DPRINTF("Configuration descriptor too big\n");
1307 		return (NULL);
1308 	}
1309 #if (USB_HAVE_FIXED_CONFIG == 0)
1310 	return (malloc(size, M_USBDEV, M_ZERO | M_WAITOK));
1311 #else
1312 	memset(udev->config_data, 0, sizeof(udev->config_data));
1313 	return (udev->config_data);
1314 #endif
1315 }
1316 
1317 /*------------------------------------------------------------------------*
1318  *	usbd_alloc_config_desc
1319  *
1320  * This function is used to free a configuration descriptor.
1321  *------------------------------------------------------------------------*/
1322 void
1323 usbd_free_config_desc(struct usb_device *udev, void *ptr)
1324 {
1325 #if (USB_HAVE_FIXED_CONFIG == 0)
1326 	free(ptr, M_USBDEV);
1327 #endif
1328 }
1329 
1330 /*------------------------------------------------------------------------*
1331  *	usbd_req_get_config_desc_full
1332  *
1333  * This function gets the complete USB configuration descriptor and
1334  * ensures that "wTotalLength" is correct. The returned configuration
1335  * descriptor is freed by calling "usbd_free_config_desc()".
1336  *
1337  * Returns:
1338  *    0: Success
1339  * Else: Failure
1340  *------------------------------------------------------------------------*/
1341 usb_error_t
1342 usbd_req_get_config_desc_full(struct usb_device *udev, struct mtx *mtx,
1343     struct usb_config_descriptor **ppcd, uint8_t index)
1344 {
1345 	struct usb_config_descriptor cd;
1346 	struct usb_config_descriptor *cdesc;
1347 	uint32_t len;
1348 	usb_error_t err;
1349 
1350 	DPRINTFN(4, "index=%d\n", index);
1351 
1352 	*ppcd = NULL;
1353 
1354 	err = usbd_req_get_config_desc(udev, mtx, &cd, index);
1355 	if (err)
1356 		return (err);
1357 
1358 	/* get full descriptor */
1359 	len = UGETW(cd.wTotalLength);
1360 	if (len < (uint32_t)sizeof(*cdesc)) {
1361 		/* corrupt descriptor */
1362 		return (USB_ERR_INVAL);
1363 	} else if (len > USB_CONFIG_MAX) {
1364 		DPRINTF("Configuration descriptor was truncated\n");
1365 		len = USB_CONFIG_MAX;
1366 	}
1367 	cdesc = usbd_alloc_config_desc(udev, len);
1368 	if (cdesc == NULL)
1369 		return (USB_ERR_NOMEM);
1370 	err = usbd_req_get_desc(udev, mtx, NULL, cdesc, len, len, 0,
1371 	    UDESC_CONFIG, index, 3);
1372 	if (err) {
1373 		usbd_free_config_desc(udev, cdesc);
1374 		return (err);
1375 	}
1376 	/* make sure that the device is not fooling us: */
1377 	USETW(cdesc->wTotalLength, len);
1378 
1379 	*ppcd = cdesc;
1380 
1381 	return (0);			/* success */
1382 }
1383 
1384 /*------------------------------------------------------------------------*
1385  *	usbd_req_get_device_desc
1386  *
1387  * Returns:
1388  *    0: Success
1389  * Else: Failure
1390  *------------------------------------------------------------------------*/
1391 usb_error_t
1392 usbd_req_get_device_desc(struct usb_device *udev, struct mtx *mtx,
1393     struct usb_device_descriptor *d)
1394 {
1395 	DPRINTFN(4, "\n");
1396 	return (usbd_req_get_desc(udev, mtx, NULL, d, sizeof(*d),
1397 	    sizeof(*d), 0, UDESC_DEVICE, 0, 3));
1398 }
1399 
1400 /*------------------------------------------------------------------------*
1401  *	usbd_req_get_alt_interface_no
1402  *
1403  * Returns:
1404  *    0: Success
1405  * Else: Failure
1406  *------------------------------------------------------------------------*/
1407 usb_error_t
1408 usbd_req_get_alt_interface_no(struct usb_device *udev, struct mtx *mtx,
1409     uint8_t *alt_iface_no, uint8_t iface_index)
1410 {
1411 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1412 	struct usb_device_request req;
1413 
1414 	if ((iface == NULL) || (iface->idesc == NULL))
1415 		return (USB_ERR_INVAL);
1416 
1417 	req.bmRequestType = UT_READ_INTERFACE;
1418 	req.bRequest = UR_GET_INTERFACE;
1419 	USETW(req.wValue, 0);
1420 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1421 	req.wIndex[1] = 0;
1422 	USETW(req.wLength, 1);
1423 	return (usbd_do_request(udev, mtx, &req, alt_iface_no));
1424 }
1425 
1426 /*------------------------------------------------------------------------*
1427  *	usbd_req_set_alt_interface_no
1428  *
1429  * Returns:
1430  *    0: Success
1431  * Else: Failure
1432  *------------------------------------------------------------------------*/
1433 usb_error_t
1434 usbd_req_set_alt_interface_no(struct usb_device *udev, struct mtx *mtx,
1435     uint8_t iface_index, uint8_t alt_no)
1436 {
1437 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1438 	struct usb_device_request req;
1439 	usb_error_t err;
1440 
1441 	if ((iface == NULL) || (iface->idesc == NULL))
1442 		return (USB_ERR_INVAL);
1443 
1444 	req.bmRequestType = UT_WRITE_INTERFACE;
1445 	req.bRequest = UR_SET_INTERFACE;
1446 	req.wValue[0] = alt_no;
1447 	req.wValue[1] = 0;
1448 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1449 	req.wIndex[1] = 0;
1450 	USETW(req.wLength, 0);
1451 	err = usbd_do_request(udev, mtx, &req, 0);
1452 	if (err == USB_ERR_STALLED && iface->num_altsetting == 1) {
1453 		/*
1454 		 * The USB specification chapter 9.4.10 says that USB
1455 		 * devices having only one alternate setting are
1456 		 * allowed to STALL this request. Ignore this failure.
1457 		 */
1458 		err = 0;
1459 		DPRINTF("Setting default alternate number failed. (ignored)\n");
1460 	}
1461 	return (err);
1462 }
1463 
1464 /*------------------------------------------------------------------------*
1465  *	usbd_req_get_device_status
1466  *
1467  * Returns:
1468  *    0: Success
1469  * Else: Failure
1470  *------------------------------------------------------------------------*/
1471 usb_error_t
1472 usbd_req_get_device_status(struct usb_device *udev, struct mtx *mtx,
1473     struct usb_status *st)
1474 {
1475 	struct usb_device_request req;
1476 
1477 	req.bmRequestType = UT_READ_DEVICE;
1478 	req.bRequest = UR_GET_STATUS;
1479 	USETW(req.wValue, 0);
1480 	USETW(req.wIndex, 0);
1481 	USETW(req.wLength, sizeof(*st));
1482 	return (usbd_do_request(udev, mtx, &req, st));
1483 }
1484 
1485 /*------------------------------------------------------------------------*
1486  *	usbd_req_get_hub_descriptor
1487  *
1488  * Returns:
1489  *    0: Success
1490  * Else: Failure
1491  *------------------------------------------------------------------------*/
1492 usb_error_t
1493 usbd_req_get_hub_descriptor(struct usb_device *udev, struct mtx *mtx,
1494     struct usb_hub_descriptor *hd, uint8_t nports)
1495 {
1496 	struct usb_device_request req;
1497 	uint16_t len = (nports + 7 + (8 * 8)) / 8;
1498 
1499 	req.bmRequestType = UT_READ_CLASS_DEVICE;
1500 	req.bRequest = UR_GET_DESCRIPTOR;
1501 	USETW2(req.wValue, UDESC_HUB, 0);
1502 	USETW(req.wIndex, 0);
1503 	USETW(req.wLength, len);
1504 	return (usbd_do_request(udev, mtx, &req, hd));
1505 }
1506 
1507 /*------------------------------------------------------------------------*
1508  *	usbd_req_get_ss_hub_descriptor
1509  *
1510  * Returns:
1511  *    0: Success
1512  * Else: Failure
1513  *------------------------------------------------------------------------*/
1514 usb_error_t
1515 usbd_req_get_ss_hub_descriptor(struct usb_device *udev, struct mtx *mtx,
1516     struct usb_hub_ss_descriptor *hd, uint8_t nports)
1517 {
1518 	struct usb_device_request req;
1519 	uint16_t len = sizeof(*hd) - 32 + 1 + ((nports + 7) / 8);
1520 
1521 	req.bmRequestType = UT_READ_CLASS_DEVICE;
1522 	req.bRequest = UR_GET_DESCRIPTOR;
1523 	USETW2(req.wValue, UDESC_SS_HUB, 0);
1524 	USETW(req.wIndex, 0);
1525 	USETW(req.wLength, len);
1526 	return (usbd_do_request(udev, mtx, &req, hd));
1527 }
1528 
1529 /*------------------------------------------------------------------------*
1530  *	usbd_req_get_hub_status
1531  *
1532  * Returns:
1533  *    0: Success
1534  * Else: Failure
1535  *------------------------------------------------------------------------*/
1536 usb_error_t
1537 usbd_req_get_hub_status(struct usb_device *udev, struct mtx *mtx,
1538     struct usb_hub_status *st)
1539 {
1540 	struct usb_device_request req;
1541 
1542 	req.bmRequestType = UT_READ_CLASS_DEVICE;
1543 	req.bRequest = UR_GET_STATUS;
1544 	USETW(req.wValue, 0);
1545 	USETW(req.wIndex, 0);
1546 	USETW(req.wLength, sizeof(struct usb_hub_status));
1547 	return (usbd_do_request(udev, mtx, &req, st));
1548 }
1549 
1550 /*------------------------------------------------------------------------*
1551  *	usbd_req_set_address
1552  *
1553  * This function is used to set the address for an USB device. After
1554  * port reset the USB device will respond at address zero.
1555  *
1556  * Returns:
1557  *    0: Success
1558  * Else: Failure
1559  *------------------------------------------------------------------------*/
1560 usb_error_t
1561 usbd_req_set_address(struct usb_device *udev, struct mtx *mtx, uint16_t addr)
1562 {
1563 	struct usb_device_request req;
1564 	usb_error_t err;
1565 
1566 	DPRINTFN(6, "setting device address=%d\n", addr);
1567 
1568 	req.bmRequestType = UT_WRITE_DEVICE;
1569 	req.bRequest = UR_SET_ADDRESS;
1570 	USETW(req.wValue, addr);
1571 	USETW(req.wIndex, 0);
1572 	USETW(req.wLength, 0);
1573 
1574 	err = USB_ERR_INVAL;
1575 
1576 	/* check if USB controller handles set address */
1577 	if (udev->bus->methods->set_address != NULL)
1578 		err = (udev->bus->methods->set_address) (udev, mtx, addr);
1579 
1580 	if (err != USB_ERR_INVAL)
1581 		goto done;
1582 
1583 	/* Setting the address should not take more than 1 second ! */
1584 	err = usbd_do_request_flags(udev, mtx, &req, NULL,
1585 	    USB_DELAY_STATUS_STAGE, NULL, 1000);
1586 
1587 done:
1588 	/* allow device time to set new address */
1589 	usb_pause_mtx(mtx,
1590 	    USB_MS_TO_TICKS(usb_set_address_settle));
1591 
1592 	return (err);
1593 }
1594 
1595 /*------------------------------------------------------------------------*
1596  *	usbd_req_get_port_status
1597  *
1598  * Returns:
1599  *    0: Success
1600  * Else: Failure
1601  *------------------------------------------------------------------------*/
1602 usb_error_t
1603 usbd_req_get_port_status(struct usb_device *udev, struct mtx *mtx,
1604     struct usb_port_status *ps, uint8_t port)
1605 {
1606 	struct usb_device_request req;
1607 
1608 	req.bmRequestType = UT_READ_CLASS_OTHER;
1609 	req.bRequest = UR_GET_STATUS;
1610 	USETW(req.wValue, 0);
1611 	req.wIndex[0] = port;
1612 	req.wIndex[1] = 0;
1613 	USETW(req.wLength, sizeof(*ps));
1614 
1615 	return (usbd_do_request_flags(udev, mtx, &req, ps, 0, NULL, 1000));
1616 }
1617 
1618 /*------------------------------------------------------------------------*
1619  *	usbd_req_clear_hub_feature
1620  *
1621  * Returns:
1622  *    0: Success
1623  * Else: Failure
1624  *------------------------------------------------------------------------*/
1625 usb_error_t
1626 usbd_req_clear_hub_feature(struct usb_device *udev, struct mtx *mtx,
1627     uint16_t sel)
1628 {
1629 	struct usb_device_request req;
1630 
1631 	req.bmRequestType = UT_WRITE_CLASS_DEVICE;
1632 	req.bRequest = UR_CLEAR_FEATURE;
1633 	USETW(req.wValue, sel);
1634 	USETW(req.wIndex, 0);
1635 	USETW(req.wLength, 0);
1636 	return (usbd_do_request(udev, mtx, &req, 0));
1637 }
1638 
1639 /*------------------------------------------------------------------------*
1640  *	usbd_req_set_hub_feature
1641  *
1642  * Returns:
1643  *    0: Success
1644  * Else: Failure
1645  *------------------------------------------------------------------------*/
1646 usb_error_t
1647 usbd_req_set_hub_feature(struct usb_device *udev, struct mtx *mtx,
1648     uint16_t sel)
1649 {
1650 	struct usb_device_request req;
1651 
1652 	req.bmRequestType = UT_WRITE_CLASS_DEVICE;
1653 	req.bRequest = UR_SET_FEATURE;
1654 	USETW(req.wValue, sel);
1655 	USETW(req.wIndex, 0);
1656 	USETW(req.wLength, 0);
1657 	return (usbd_do_request(udev, mtx, &req, 0));
1658 }
1659 
1660 /*------------------------------------------------------------------------*
1661  *	usbd_req_set_hub_u1_timeout
1662  *
1663  * Returns:
1664  *    0: Success
1665  * Else: Failure
1666  *------------------------------------------------------------------------*/
1667 usb_error_t
1668 usbd_req_set_hub_u1_timeout(struct usb_device *udev, struct mtx *mtx,
1669     uint8_t port, uint8_t timeout)
1670 {
1671 	struct usb_device_request req;
1672 
1673 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1674 	req.bRequest = UR_SET_FEATURE;
1675 	USETW(req.wValue, UHF_PORT_U1_TIMEOUT);
1676 	req.wIndex[0] = port;
1677 	req.wIndex[1] = timeout;
1678 	USETW(req.wLength, 0);
1679 	return (usbd_do_request(udev, mtx, &req, 0));
1680 }
1681 
1682 /*------------------------------------------------------------------------*
1683  *	usbd_req_set_hub_u2_timeout
1684  *
1685  * Returns:
1686  *    0: Success
1687  * Else: Failure
1688  *------------------------------------------------------------------------*/
1689 usb_error_t
1690 usbd_req_set_hub_u2_timeout(struct usb_device *udev, struct mtx *mtx,
1691     uint8_t port, uint8_t timeout)
1692 {
1693 	struct usb_device_request req;
1694 
1695 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1696 	req.bRequest = UR_SET_FEATURE;
1697 	USETW(req.wValue, UHF_PORT_U2_TIMEOUT);
1698 	req.wIndex[0] = port;
1699 	req.wIndex[1] = timeout;
1700 	USETW(req.wLength, 0);
1701 	return (usbd_do_request(udev, mtx, &req, 0));
1702 }
1703 
1704 /*------------------------------------------------------------------------*
1705  *	usbd_req_set_hub_depth
1706  *
1707  * Returns:
1708  *    0: Success
1709  * Else: Failure
1710  *------------------------------------------------------------------------*/
1711 usb_error_t
1712 usbd_req_set_hub_depth(struct usb_device *udev, struct mtx *mtx,
1713     uint16_t depth)
1714 {
1715 	struct usb_device_request req;
1716 
1717 	req.bmRequestType = UT_WRITE_CLASS_DEVICE;
1718 	req.bRequest = UR_SET_HUB_DEPTH;
1719 	USETW(req.wValue, depth);
1720 	USETW(req.wIndex, 0);
1721 	USETW(req.wLength, 0);
1722 	return (usbd_do_request(udev, mtx, &req, 0));
1723 }
1724 
1725 /*------------------------------------------------------------------------*
1726  *	usbd_req_clear_port_feature
1727  *
1728  * Returns:
1729  *    0: Success
1730  * Else: Failure
1731  *------------------------------------------------------------------------*/
1732 usb_error_t
1733 usbd_req_clear_port_feature(struct usb_device *udev, struct mtx *mtx,
1734     uint8_t port, uint16_t sel)
1735 {
1736 	struct usb_device_request req;
1737 
1738 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1739 	req.bRequest = UR_CLEAR_FEATURE;
1740 	USETW(req.wValue, sel);
1741 	req.wIndex[0] = port;
1742 	req.wIndex[1] = 0;
1743 	USETW(req.wLength, 0);
1744 	return (usbd_do_request(udev, mtx, &req, 0));
1745 }
1746 
1747 /*------------------------------------------------------------------------*
1748  *	usbd_req_set_port_feature
1749  *
1750  * Returns:
1751  *    0: Success
1752  * Else: Failure
1753  *------------------------------------------------------------------------*/
1754 usb_error_t
1755 usbd_req_set_port_feature(struct usb_device *udev, struct mtx *mtx,
1756     uint8_t port, uint16_t sel)
1757 {
1758 	struct usb_device_request req;
1759 
1760 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1761 	req.bRequest = UR_SET_FEATURE;
1762 	USETW(req.wValue, sel);
1763 	req.wIndex[0] = port;
1764 	req.wIndex[1] = 0;
1765 	USETW(req.wLength, 0);
1766 	return (usbd_do_request(udev, mtx, &req, 0));
1767 }
1768 
1769 /*------------------------------------------------------------------------*
1770  *	usbd_req_set_protocol
1771  *
1772  * Returns:
1773  *    0: Success
1774  * Else: Failure
1775  *------------------------------------------------------------------------*/
1776 usb_error_t
1777 usbd_req_set_protocol(struct usb_device *udev, struct mtx *mtx,
1778     uint8_t iface_index, uint16_t report)
1779 {
1780 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1781 	struct usb_device_request req;
1782 
1783 	if ((iface == NULL) || (iface->idesc == NULL)) {
1784 		return (USB_ERR_INVAL);
1785 	}
1786 	DPRINTFN(5, "iface=%p, report=%d, endpt=%d\n",
1787 	    iface, report, iface->idesc->bInterfaceNumber);
1788 
1789 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1790 	req.bRequest = UR_SET_PROTOCOL;
1791 	USETW(req.wValue, report);
1792 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1793 	req.wIndex[1] = 0;
1794 	USETW(req.wLength, 0);
1795 	return (usbd_do_request(udev, mtx, &req, 0));
1796 }
1797 
1798 /*------------------------------------------------------------------------*
1799  *	usbd_req_set_report
1800  *
1801  * Returns:
1802  *    0: Success
1803  * Else: Failure
1804  *------------------------------------------------------------------------*/
1805 usb_error_t
1806 usbd_req_set_report(struct usb_device *udev, struct mtx *mtx, void *data, uint16_t len,
1807     uint8_t iface_index, uint8_t type, uint8_t id)
1808 {
1809 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1810 	struct usb_device_request req;
1811 
1812 	if ((iface == NULL) || (iface->idesc == NULL)) {
1813 		return (USB_ERR_INVAL);
1814 	}
1815 	DPRINTFN(5, "len=%d\n", len);
1816 
1817 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1818 	req.bRequest = UR_SET_REPORT;
1819 	USETW2(req.wValue, type, id);
1820 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1821 	req.wIndex[1] = 0;
1822 	USETW(req.wLength, len);
1823 	return (usbd_do_request(udev, mtx, &req, data));
1824 }
1825 
1826 /*------------------------------------------------------------------------*
1827  *	usbd_req_get_report
1828  *
1829  * Returns:
1830  *    0: Success
1831  * Else: Failure
1832  *------------------------------------------------------------------------*/
1833 usb_error_t
1834 usbd_req_get_report(struct usb_device *udev, struct mtx *mtx, void *data,
1835     uint16_t len, uint8_t iface_index, uint8_t type, uint8_t id)
1836 {
1837 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1838 	struct usb_device_request req;
1839 
1840 	if ((iface == NULL) || (iface->idesc == NULL)) {
1841 		return (USB_ERR_INVAL);
1842 	}
1843 	DPRINTFN(5, "len=%d\n", len);
1844 
1845 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
1846 	req.bRequest = UR_GET_REPORT;
1847 	USETW2(req.wValue, type, id);
1848 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1849 	req.wIndex[1] = 0;
1850 	USETW(req.wLength, len);
1851 	return (usbd_do_request(udev, mtx, &req, data));
1852 }
1853 
1854 /*------------------------------------------------------------------------*
1855  *	usbd_req_set_idle
1856  *
1857  * Returns:
1858  *    0: Success
1859  * Else: Failure
1860  *------------------------------------------------------------------------*/
1861 usb_error_t
1862 usbd_req_set_idle(struct usb_device *udev, struct mtx *mtx,
1863     uint8_t iface_index, uint8_t duration, uint8_t id)
1864 {
1865 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1866 	struct usb_device_request req;
1867 
1868 	if ((iface == NULL) || (iface->idesc == NULL)) {
1869 		return (USB_ERR_INVAL);
1870 	}
1871 	DPRINTFN(5, "%d %d\n", duration, id);
1872 
1873 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1874 	req.bRequest = UR_SET_IDLE;
1875 	USETW2(req.wValue, duration, id);
1876 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1877 	req.wIndex[1] = 0;
1878 	USETW(req.wLength, 0);
1879 	return (usbd_do_request(udev, mtx, &req, 0));
1880 }
1881 
1882 /*------------------------------------------------------------------------*
1883  *	usbd_req_get_report_descriptor
1884  *
1885  * Returns:
1886  *    0: Success
1887  * Else: Failure
1888  *------------------------------------------------------------------------*/
1889 usb_error_t
1890 usbd_req_get_report_descriptor(struct usb_device *udev, struct mtx *mtx,
1891     void *d, uint16_t size, uint8_t iface_index)
1892 {
1893 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1894 	struct usb_device_request req;
1895 
1896 	if ((iface == NULL) || (iface->idesc == NULL)) {
1897 		return (USB_ERR_INVAL);
1898 	}
1899 	req.bmRequestType = UT_READ_INTERFACE;
1900 	req.bRequest = UR_GET_DESCRIPTOR;
1901 	USETW2(req.wValue, UDESC_REPORT, 0);	/* report id should be 0 */
1902 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1903 	req.wIndex[1] = 0;
1904 	USETW(req.wLength, size);
1905 	return (usbd_do_request(udev, mtx, &req, d));
1906 }
1907 
1908 /*------------------------------------------------------------------------*
1909  *	usbd_req_set_config
1910  *
1911  * This function is used to select the current configuration number in
1912  * both USB device side mode and USB host side mode. When setting the
1913  * configuration the function of the interfaces can change.
1914  *
1915  * Returns:
1916  *    0: Success
1917  * Else: Failure
1918  *------------------------------------------------------------------------*/
1919 usb_error_t
1920 usbd_req_set_config(struct usb_device *udev, struct mtx *mtx, uint8_t conf)
1921 {
1922 	struct usb_device_request req;
1923 
1924 	DPRINTF("setting config %d\n", conf);
1925 
1926 	/* do "set configuration" request */
1927 
1928 	req.bmRequestType = UT_WRITE_DEVICE;
1929 	req.bRequest = UR_SET_CONFIG;
1930 	req.wValue[0] = conf;
1931 	req.wValue[1] = 0;
1932 	USETW(req.wIndex, 0);
1933 	USETW(req.wLength, 0);
1934 	return (usbd_do_request(udev, mtx, &req, 0));
1935 }
1936 
1937 /*------------------------------------------------------------------------*
1938  *	usbd_req_get_config
1939  *
1940  * Returns:
1941  *    0: Success
1942  * Else: Failure
1943  *------------------------------------------------------------------------*/
1944 usb_error_t
1945 usbd_req_get_config(struct usb_device *udev, struct mtx *mtx, uint8_t *pconf)
1946 {
1947 	struct usb_device_request req;
1948 
1949 	req.bmRequestType = UT_READ_DEVICE;
1950 	req.bRequest = UR_GET_CONFIG;
1951 	USETW(req.wValue, 0);
1952 	USETW(req.wIndex, 0);
1953 	USETW(req.wLength, 1);
1954 	return (usbd_do_request(udev, mtx, &req, pconf));
1955 }
1956 
1957 /*------------------------------------------------------------------------*
1958  *	usbd_setup_device_desc
1959  *------------------------------------------------------------------------*/
1960 usb_error_t
1961 usbd_setup_device_desc(struct usb_device *udev, struct mtx *mtx)
1962 {
1963 	usb_error_t err;
1964 
1965 	/*
1966 	 * Get the first 8 bytes of the device descriptor !
1967 	 *
1968 	 * NOTE: "usbd_do_request()" will check the device descriptor
1969 	 * next time we do a request to see if the maximum packet size
1970 	 * changed! The 8 first bytes of the device descriptor
1971 	 * contains the maximum packet size to use on control endpoint
1972 	 * 0. If this value is different from "USB_MAX_IPACKET" a new
1973 	 * USB control request will be setup!
1974 	 */
1975 	switch (udev->speed) {
1976 	case USB_SPEED_FULL:
1977 		if (usb_full_ddesc != 0) {
1978 			/* get full device descriptor */
1979 			err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
1980 			if (err == 0)
1981 				break;
1982 		}
1983 
1984 		/* get partial device descriptor, some devices crash on this */
1985 		err = usbd_req_get_desc(udev, mtx, NULL, &udev->ddesc,
1986 		    USB_MAX_IPACKET, USB_MAX_IPACKET, 0, UDESC_DEVICE, 0, 0);
1987 		if (err != 0) {
1988 			DPRINTF("Trying fallback for getting the USB device descriptor\n");
1989 			/* try 8 bytes bMaxPacketSize */
1990 			udev->ddesc.bMaxPacketSize = 8;
1991 			/* get full device descriptor */
1992 			err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
1993 			if (err == 0)
1994 				break;
1995 			/* try 16 bytes bMaxPacketSize */
1996 			udev->ddesc.bMaxPacketSize = 16;
1997 			/* get full device descriptor */
1998 			err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
1999 			if (err == 0)
2000 				break;
2001 			/* try 32/64 bytes bMaxPacketSize */
2002 			udev->ddesc.bMaxPacketSize = 32;
2003 		}
2004 		/* get the full device descriptor */
2005 		err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
2006 		break;
2007 
2008 	default:
2009 		DPRINTF("Minimum bMaxPacketSize is large enough "
2010 		    "to hold the complete device descriptor or "
2011 		    "only one bMaxPacketSize choice\n");
2012 
2013 		/* get the full device descriptor */
2014 		err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
2015 
2016 		/* try one more time, if error */
2017 		if (err != 0)
2018 			err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
2019 		break;
2020 	}
2021 
2022 	if (err != 0) {
2023 		DPRINTFN(0, "getting device descriptor "
2024 		    "at addr %d failed, %s\n", udev->address,
2025 		    usbd_errstr(err));
2026 		return (err);
2027 	}
2028 
2029 	DPRINTF("adding unit addr=%d, rev=%02x, class=%d, "
2030 	    "subclass=%d, protocol=%d, maxpacket=%d, len=%d, speed=%d\n",
2031 	    udev->address, UGETW(udev->ddesc.bcdUSB),
2032 	    udev->ddesc.bDeviceClass,
2033 	    udev->ddesc.bDeviceSubClass,
2034 	    udev->ddesc.bDeviceProtocol,
2035 	    udev->ddesc.bMaxPacketSize,
2036 	    udev->ddesc.bLength,
2037 	    udev->speed);
2038 
2039 	return (err);
2040 }
2041 
2042 /*------------------------------------------------------------------------*
2043  *	usbd_req_re_enumerate
2044  *
2045  * NOTE: After this function returns the hardware is in the
2046  * unconfigured state! The application is responsible for setting a
2047  * new configuration.
2048  *
2049  * Returns:
2050  *    0: Success
2051  * Else: Failure
2052  *------------------------------------------------------------------------*/
2053 usb_error_t
2054 usbd_req_re_enumerate(struct usb_device *udev, struct mtx *mtx)
2055 {
2056 	struct usb_device *parent_hub;
2057 	usb_error_t err;
2058 	uint8_t old_addr;
2059 	uint8_t do_retry = 1;
2060 
2061 	if (udev->flags.usb_mode != USB_MODE_HOST) {
2062 		return (USB_ERR_INVAL);
2063 	}
2064 	old_addr = udev->address;
2065 	parent_hub = udev->parent_hub;
2066 	if (parent_hub == NULL) {
2067 		return (USB_ERR_INVAL);
2068 	}
2069 retry:
2070 #if USB_HAVE_TT_SUPPORT
2071 	/*
2072 	 * Try to reset the High Speed parent HUB of a LOW- or FULL-
2073 	 * speed device, if any.
2074 	 */
2075 	if (udev->parent_hs_hub != NULL &&
2076 	    udev->speed != USB_SPEED_HIGH) {
2077 		DPRINTF("Trying to reset parent High Speed TT.\n");
2078 		if (udev->parent_hs_hub == parent_hub &&
2079 		    (uhub_count_active_host_ports(parent_hub, USB_SPEED_LOW) +
2080 		     uhub_count_active_host_ports(parent_hub, USB_SPEED_FULL)) == 1) {
2081 			/* we can reset the whole TT */
2082 			err = usbd_req_reset_tt(parent_hub, NULL,
2083 			    udev->hs_port_no);
2084 		} else {
2085 			/* only reset a particular device and endpoint */
2086 			err = usbd_req_clear_tt_buffer(udev->parent_hs_hub, NULL,
2087 			    udev->hs_port_no, old_addr, UE_CONTROL, 0);
2088 		}
2089 		if (err) {
2090 			DPRINTF("Resetting parent High "
2091 			    "Speed TT failed (%s).\n",
2092 			    usbd_errstr(err));
2093 		}
2094 	}
2095 #endif
2096 	/* Try to warm reset first */
2097 	if (parent_hub->speed == USB_SPEED_SUPER)
2098 		usbd_req_warm_reset_port(parent_hub, mtx, udev->port_no);
2099 
2100 	/* Try to reset the parent HUB port. */
2101 	err = usbd_req_reset_port(parent_hub, mtx, udev->port_no);
2102 	if (err) {
2103 		DPRINTFN(0, "addr=%d, port reset failed, %s\n",
2104 		    old_addr, usbd_errstr(err));
2105 		goto done;
2106 	}
2107 
2108 	/*
2109 	 * After that the port has been reset our device should be at
2110 	 * address zero:
2111 	 */
2112 	udev->address = USB_START_ADDR;
2113 
2114 	/* reset "bMaxPacketSize" */
2115 	udev->ddesc.bMaxPacketSize = USB_MAX_IPACKET;
2116 
2117 	/* reset USB state */
2118 	usb_set_device_state(udev, USB_STATE_POWERED);
2119 
2120 	/*
2121 	 * Restore device address:
2122 	 */
2123 	err = usbd_req_set_address(udev, mtx, old_addr);
2124 	if (err) {
2125 		/* XXX ignore any errors! */
2126 		DPRINTFN(0, "addr=%d, set address failed! (%s, ignored)\n",
2127 		    old_addr, usbd_errstr(err));
2128 	}
2129 	/*
2130 	 * Restore device address, if the controller driver did not
2131 	 * set a new one:
2132 	 */
2133 	if (udev->address == USB_START_ADDR)
2134 		udev->address = old_addr;
2135 
2136 	/* setup the device descriptor and the initial "wMaxPacketSize" */
2137 	err = usbd_setup_device_desc(udev, mtx);
2138 
2139 done:
2140 	if (err && do_retry) {
2141 		/* give the USB firmware some time to load */
2142 		usb_pause_mtx(mtx, hz / 2);
2143 		/* no more retries after this retry */
2144 		do_retry = 0;
2145 		/* try again */
2146 		goto retry;
2147 	}
2148 	/* restore address */
2149 	if (udev->address == USB_START_ADDR)
2150 		udev->address = old_addr;
2151 	/* update state, if successful */
2152 	if (err == 0)
2153 		usb_set_device_state(udev, USB_STATE_ADDRESSED);
2154 	return (err);
2155 }
2156 
2157 /*------------------------------------------------------------------------*
2158  *	usbd_req_clear_device_feature
2159  *
2160  * Returns:
2161  *    0: Success
2162  * Else: Failure
2163  *------------------------------------------------------------------------*/
2164 usb_error_t
2165 usbd_req_clear_device_feature(struct usb_device *udev, struct mtx *mtx,
2166     uint16_t sel)
2167 {
2168 	struct usb_device_request req;
2169 
2170 	req.bmRequestType = UT_WRITE_DEVICE;
2171 	req.bRequest = UR_CLEAR_FEATURE;
2172 	USETW(req.wValue, sel);
2173 	USETW(req.wIndex, 0);
2174 	USETW(req.wLength, 0);
2175 	return (usbd_do_request(udev, mtx, &req, 0));
2176 }
2177 
2178 /*------------------------------------------------------------------------*
2179  *	usbd_req_set_device_feature
2180  *
2181  * Returns:
2182  *    0: Success
2183  * Else: Failure
2184  *------------------------------------------------------------------------*/
2185 usb_error_t
2186 usbd_req_set_device_feature(struct usb_device *udev, struct mtx *mtx,
2187     uint16_t sel)
2188 {
2189 	struct usb_device_request req;
2190 
2191 	req.bmRequestType = UT_WRITE_DEVICE;
2192 	req.bRequest = UR_SET_FEATURE;
2193 	USETW(req.wValue, sel);
2194 	USETW(req.wIndex, 0);
2195 	USETW(req.wLength, 0);
2196 	return (usbd_do_request(udev, mtx, &req, 0));
2197 }
2198 
2199 /*------------------------------------------------------------------------*
2200  *	usbd_req_reset_tt
2201  *
2202  * Returns:
2203  *    0: Success
2204  * Else: Failure
2205  *------------------------------------------------------------------------*/
2206 usb_error_t
2207 usbd_req_reset_tt(struct usb_device *udev, struct mtx *mtx,
2208     uint8_t port)
2209 {
2210 	struct usb_device_request req;
2211 
2212 	/* For single TT HUBs the port should be 1 */
2213 
2214 	if (udev->ddesc.bDeviceClass == UDCLASS_HUB &&
2215 	    udev->ddesc.bDeviceProtocol == UDPROTO_HSHUBSTT)
2216 		port = 1;
2217 
2218 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
2219 	req.bRequest = UR_RESET_TT;
2220 	USETW(req.wValue, 0);
2221 	req.wIndex[0] = port;
2222 	req.wIndex[1] = 0;
2223 	USETW(req.wLength, 0);
2224 	return (usbd_do_request(udev, mtx, &req, 0));
2225 }
2226 
2227 /*------------------------------------------------------------------------*
2228  *	usbd_req_clear_tt_buffer
2229  *
2230  * For single TT HUBs the port should be 1.
2231  *
2232  * Returns:
2233  *    0: Success
2234  * Else: Failure
2235  *------------------------------------------------------------------------*/
2236 usb_error_t
2237 usbd_req_clear_tt_buffer(struct usb_device *udev, struct mtx *mtx,
2238     uint8_t port, uint8_t addr, uint8_t type, uint8_t endpoint)
2239 {
2240 	struct usb_device_request req;
2241 	uint16_t wValue;
2242 
2243 	/* For single TT HUBs the port should be 1 */
2244 
2245 	if (udev->ddesc.bDeviceClass == UDCLASS_HUB &&
2246 	    udev->ddesc.bDeviceProtocol == UDPROTO_HSHUBSTT)
2247 		port = 1;
2248 
2249 	wValue = (endpoint & 0xF) | ((addr & 0x7F) << 4) |
2250 	    ((endpoint & 0x80) << 8) | ((type & 3) << 12);
2251 
2252 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
2253 	req.bRequest = UR_CLEAR_TT_BUFFER;
2254 	USETW(req.wValue, wValue);
2255 	req.wIndex[0] = port;
2256 	req.wIndex[1] = 0;
2257 	USETW(req.wLength, 0);
2258 	return (usbd_do_request(udev, mtx, &req, 0));
2259 }
2260 
2261 /*------------------------------------------------------------------------*
2262  *	usbd_req_set_port_link_state
2263  *
2264  * USB 3.0 specific request
2265  *
2266  * Returns:
2267  *    0: Success
2268  * Else: Failure
2269  *------------------------------------------------------------------------*/
2270 usb_error_t
2271 usbd_req_set_port_link_state(struct usb_device *udev, struct mtx *mtx,
2272     uint8_t port, uint8_t link_state)
2273 {
2274 	struct usb_device_request req;
2275 
2276 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
2277 	req.bRequest = UR_SET_FEATURE;
2278 	USETW(req.wValue, UHF_PORT_LINK_STATE);
2279 	req.wIndex[0] = port;
2280 	req.wIndex[1] = link_state;
2281 	USETW(req.wLength, 0);
2282 	return (usbd_do_request(udev, mtx, &req, 0));
2283 }
2284 
2285 /*------------------------------------------------------------------------*
2286  *		usbd_req_set_lpm_info
2287  *
2288  * USB 2.0 specific request for Link Power Management.
2289  *
2290  * Returns:
2291  * 0:				Success
2292  * USB_ERR_PENDING_REQUESTS:	NYET
2293  * USB_ERR_TIMEOUT:		TIMEOUT
2294  * USB_ERR_STALL:		STALL
2295  * Else:			Failure
2296  *------------------------------------------------------------------------*/
2297 usb_error_t
2298 usbd_req_set_lpm_info(struct usb_device *udev, struct mtx *mtx,
2299     uint8_t port, uint8_t besl, uint8_t addr, uint8_t rwe)
2300 {
2301 	struct usb_device_request req;
2302 	usb_error_t err;
2303 	uint8_t buf[1];
2304 
2305 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
2306 	req.bRequest = UR_SET_AND_TEST;
2307 	USETW(req.wValue, UHF_PORT_L1);
2308 	req.wIndex[0] = (port & 0xF) | ((besl & 0xF) << 4);
2309 	req.wIndex[1] = (addr & 0x7F) | (rwe ? 0x80 : 0x00);
2310 	USETW(req.wLength, sizeof(buf));
2311 
2312 	/* set default value in case of short transfer */
2313 	buf[0] = 0x00;
2314 
2315 	err = usbd_do_request(udev, mtx, &req, buf);
2316 	if (err)
2317 		return (err);
2318 
2319 	switch (buf[0]) {
2320 	case 0x00:	/* SUCCESS */
2321 		break;
2322 	case 0x10:	/* NYET */
2323 		err = USB_ERR_PENDING_REQUESTS;
2324 		break;
2325 	case 0x11:	/* TIMEOUT */
2326 		err = USB_ERR_TIMEOUT;
2327 		break;
2328 	case 0x30:	/* STALL */
2329 		err = USB_ERR_STALLED;
2330 		break;
2331 	default:	/* reserved */
2332 		err = USB_ERR_IOERROR;
2333 		break;
2334 	}
2335 	return (err);
2336 }
2337