xref: /freebsd/sys/dev/usb/usb_request.c (revision 2da0fcde21e0b90384f61fd50b87ea7dbd820233)
1 /* $FreeBSD$ */
2 /*-
3  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4  *
5  * Copyright (c) 1998 The NetBSD Foundation, Inc. All rights reserved.
6  * Copyright (c) 1998 Lennart Augustsson. All rights reserved.
7  * Copyright (c) 2008 Hans Petter Selasky. All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  */
30 
31 #ifdef USB_GLOBAL_INCLUDE_FILE
32 #include USB_GLOBAL_INCLUDE_FILE
33 #else
34 #include <sys/stdint.h>
35 #include <sys/stddef.h>
36 #include <sys/param.h>
37 #include <sys/queue.h>
38 #include <sys/types.h>
39 #include <sys/systm.h>
40 #include <sys/kernel.h>
41 #include <sys/bus.h>
42 #include <sys/module.h>
43 #include <sys/lock.h>
44 #include <sys/mutex.h>
45 #include <sys/condvar.h>
46 #include <sys/sysctl.h>
47 #include <sys/sx.h>
48 #include <sys/unistd.h>
49 #include <sys/callout.h>
50 #include <sys/malloc.h>
51 #include <sys/priv.h>
52 
53 #include <dev/usb/usb.h>
54 #include <dev/usb/usbdi.h>
55 #include <dev/usb/usbdi_util.h>
56 #include <dev/usb/usbhid.h>
57 
58 #define	USB_DEBUG_VAR usb_debug
59 
60 #include <dev/usb/usb_core.h>
61 #include <dev/usb/usb_busdma.h>
62 #include <dev/usb/usb_request.h>
63 #include <dev/usb/usb_process.h>
64 #include <dev/usb/usb_transfer.h>
65 #include <dev/usb/usb_debug.h>
66 #include <dev/usb/usb_device.h>
67 #include <dev/usb/usb_util.h>
68 #include <dev/usb/usb_dynamic.h>
69 
70 #include <dev/usb/usb_controller.h>
71 #include <dev/usb/usb_bus.h>
72 #include <sys/ctype.h>
73 #endif			/* USB_GLOBAL_INCLUDE_FILE */
74 
75 static int usb_no_cs_fail;
76 
77 SYSCTL_INT(_hw_usb, OID_AUTO, no_cs_fail, CTLFLAG_RWTUN,
78     &usb_no_cs_fail, 0, "USB clear stall failures are ignored, if set");
79 
80 static int usb_full_ddesc;
81 
82 SYSCTL_INT(_hw_usb, OID_AUTO, full_ddesc, CTLFLAG_RWTUN,
83     &usb_full_ddesc, 0, "USB always read complete device descriptor, if set");
84 
85 #ifdef USB_DEBUG
86 #ifdef USB_REQ_DEBUG
87 /* The following structures are used in connection to fault injection. */
88 struct usb_ctrl_debug {
89 	int bus_index;		/* target bus */
90 	int dev_index;		/* target address */
91 	int ds_fail;		/* fail data stage */
92 	int ss_fail;		/* fail status stage */
93 	int ds_delay;		/* data stage delay in ms */
94 	int ss_delay;		/* status stage delay in ms */
95 	int bmRequestType_value;
96 	int bRequest_value;
97 };
98 
99 struct usb_ctrl_debug_bits {
100 	uint16_t ds_delay;
101 	uint16_t ss_delay;
102 	uint8_t ds_fail:1;
103 	uint8_t ss_fail:1;
104 	uint8_t enabled:1;
105 };
106 
107 /* The default is to disable fault injection. */
108 
109 static struct usb_ctrl_debug usb_ctrl_debug = {
110 	.bus_index = -1,
111 	.dev_index = -1,
112 	.bmRequestType_value = -1,
113 	.bRequest_value = -1,
114 };
115 
116 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_bus_fail, CTLFLAG_RWTUN,
117     &usb_ctrl_debug.bus_index, 0, "USB controller index to fail");
118 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_dev_fail, CTLFLAG_RWTUN,
119     &usb_ctrl_debug.dev_index, 0, "USB device address to fail");
120 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ds_fail, CTLFLAG_RWTUN,
121     &usb_ctrl_debug.ds_fail, 0, "USB fail data stage");
122 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ss_fail, CTLFLAG_RWTUN,
123     &usb_ctrl_debug.ss_fail, 0, "USB fail status stage");
124 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ds_delay, CTLFLAG_RWTUN,
125     &usb_ctrl_debug.ds_delay, 0, "USB data stage delay in ms");
126 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ss_delay, CTLFLAG_RWTUN,
127     &usb_ctrl_debug.ss_delay, 0, "USB status stage delay in ms");
128 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_rt_fail, CTLFLAG_RWTUN,
129     &usb_ctrl_debug.bmRequestType_value, 0, "USB bmRequestType to fail");
130 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_rv_fail, CTLFLAG_RWTUN,
131     &usb_ctrl_debug.bRequest_value, 0, "USB bRequest to fail");
132 
133 /*------------------------------------------------------------------------*
134  *	usbd_get_debug_bits
135  *
136  * This function is only useful in USB host mode.
137  *------------------------------------------------------------------------*/
138 static void
139 usbd_get_debug_bits(struct usb_device *udev, struct usb_device_request *req,
140     struct usb_ctrl_debug_bits *dbg)
141 {
142 	int temp;
143 
144 	memset(dbg, 0, sizeof(*dbg));
145 
146 	/* Compute data stage delay */
147 
148 	temp = usb_ctrl_debug.ds_delay;
149 	if (temp < 0)
150 		temp = 0;
151 	else if (temp > (16*1024))
152 		temp = (16*1024);
153 
154 	dbg->ds_delay = temp;
155 
156 	/* Compute status stage delay */
157 
158 	temp = usb_ctrl_debug.ss_delay;
159 	if (temp < 0)
160 		temp = 0;
161 	else if (temp > (16*1024))
162 		temp = (16*1024);
163 
164 	dbg->ss_delay = temp;
165 
166 	/* Check if this control request should be failed */
167 
168 	if (usbd_get_bus_index(udev) != usb_ctrl_debug.bus_index)
169 		return;
170 
171 	if (usbd_get_device_index(udev) != usb_ctrl_debug.dev_index)
172 		return;
173 
174 	temp = usb_ctrl_debug.bmRequestType_value;
175 
176 	if ((temp != req->bmRequestType) && (temp >= 0) && (temp <= 255))
177 		return;
178 
179 	temp = usb_ctrl_debug.bRequest_value;
180 
181 	if ((temp != req->bRequest) && (temp >= 0) && (temp <= 255))
182 		return;
183 
184 	temp = usb_ctrl_debug.ds_fail;
185 	if (temp)
186 		dbg->ds_fail = 1;
187 
188 	temp = usb_ctrl_debug.ss_fail;
189 	if (temp)
190 		dbg->ss_fail = 1;
191 
192 	dbg->enabled = 1;
193 }
194 #endif	/* USB_REQ_DEBUG */
195 #endif	/* USB_DEBUG */
196 
197 /*------------------------------------------------------------------------*
198  *	usbd_do_request_callback
199  *
200  * This function is the USB callback for generic USB Host control
201  * transfers.
202  *------------------------------------------------------------------------*/
203 void
204 usbd_do_request_callback(struct usb_xfer *xfer, usb_error_t error)
205 {
206 	;				/* workaround for a bug in "indent" */
207 
208 	DPRINTF("st=%u\n", USB_GET_STATE(xfer));
209 
210 	switch (USB_GET_STATE(xfer)) {
211 	case USB_ST_SETUP:
212 		usbd_transfer_submit(xfer);
213 		break;
214 	default:
215 		cv_signal(&xfer->xroot->udev->ctrlreq_cv);
216 		break;
217 	}
218 }
219 
220 /*------------------------------------------------------------------------*
221  *	usb_do_clear_stall_callback
222  *
223  * This function is the USB callback for generic clear stall requests.
224  *------------------------------------------------------------------------*/
225 void
226 usb_do_clear_stall_callback(struct usb_xfer *xfer, usb_error_t error)
227 {
228 	struct usb_device_request req;
229 	struct usb_device *udev;
230 	struct usb_endpoint *ep;
231 	struct usb_endpoint *ep_end;
232 	struct usb_endpoint *ep_first;
233 	usb_stream_t x;
234 	uint8_t to;
235 
236 	udev = xfer->xroot->udev;
237 
238 	USB_BUS_LOCK(udev->bus);
239 
240 	/* round robin endpoint clear stall */
241 
242 	ep = udev->ep_curr;
243 	ep_end = udev->endpoints + udev->endpoints_max;
244 	ep_first = udev->endpoints;
245 	to = udev->endpoints_max;
246 
247 	switch (USB_GET_STATE(xfer)) {
248 	case USB_ST_TRANSFERRED:
249 tr_transferred:
250 		/* reset error counter */
251 		udev->clear_stall_errors = 0;
252 
253 		if (ep == NULL)
254 			goto tr_setup;		/* device was unconfigured */
255 		if (ep->edesc &&
256 		    ep->is_stalled) {
257 			ep->toggle_next = 0;
258 			ep->is_stalled = 0;
259 			/* some hardware needs a callback to clear the data toggle */
260 			usbd_clear_stall_locked(udev, ep);
261 			for (x = 0; x != USB_MAX_EP_STREAMS; x++) {
262 				/* start the current or next transfer, if any */
263 				usb_command_wrapper(&ep->endpoint_q[x],
264 				    ep->endpoint_q[x].curr);
265 			}
266 		}
267 		ep++;
268 
269 	case USB_ST_SETUP:
270 tr_setup:
271 		if (to == 0)
272 			break;			/* no endpoints - nothing to do */
273 		if ((ep < ep_first) || (ep >= ep_end))
274 			ep = ep_first;	/* endpoint wrapped around */
275 		if (ep->edesc &&
276 		    ep->is_stalled) {
277 
278 			/* setup a clear-stall packet */
279 
280 			req.bmRequestType = UT_WRITE_ENDPOINT;
281 			req.bRequest = UR_CLEAR_FEATURE;
282 			USETW(req.wValue, UF_ENDPOINT_HALT);
283 			req.wIndex[0] = ep->edesc->bEndpointAddress;
284 			req.wIndex[1] = 0;
285 			USETW(req.wLength, 0);
286 
287 			/* copy in the transfer */
288 
289 			usbd_copy_in(xfer->frbuffers, 0, &req, sizeof(req));
290 
291 			/* set length */
292 			usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
293 			xfer->nframes = 1;
294 			USB_BUS_UNLOCK(udev->bus);
295 
296 			usbd_transfer_submit(xfer);
297 
298 			USB_BUS_LOCK(udev->bus);
299 			break;
300 		}
301 		ep++;
302 		to--;
303 		goto tr_setup;
304 
305 	default:
306 		if (error == USB_ERR_CANCELLED)
307 			break;
308 
309 		DPRINTF("Clear stall failed.\n");
310 
311 		/*
312 		 * Some VMs like VirtualBox always return failure on
313 		 * clear-stall which we sometimes should just ignore.
314 		 */
315 		if (usb_no_cs_fail)
316 			goto tr_transferred;
317 		if (udev->clear_stall_errors == USB_CS_RESET_LIMIT)
318 			goto tr_setup;
319 
320 		if (error == USB_ERR_TIMEOUT) {
321 			udev->clear_stall_errors = USB_CS_RESET_LIMIT;
322 			DPRINTF("Trying to re-enumerate.\n");
323 			usbd_start_re_enumerate(udev);
324 		} else {
325 			udev->clear_stall_errors++;
326 			if (udev->clear_stall_errors == USB_CS_RESET_LIMIT) {
327 				DPRINTF("Trying to re-enumerate.\n");
328 				usbd_start_re_enumerate(udev);
329 			}
330 		}
331 		goto tr_setup;
332 	}
333 
334 	/* store current endpoint */
335 	udev->ep_curr = ep;
336 	USB_BUS_UNLOCK(udev->bus);
337 }
338 
339 static usb_handle_req_t *
340 usbd_get_hr_func(struct usb_device *udev)
341 {
342 	/* figure out if there is a Handle Request function */
343 	if (udev->flags.usb_mode == USB_MODE_DEVICE)
344 		return (usb_temp_get_desc_p);
345 	else if (udev->parent_hub == NULL)
346 		return (udev->bus->methods->roothub_exec);
347 	else
348 		return (NULL);
349 }
350 
351 /*------------------------------------------------------------------------*
352  *	usbd_do_request_flags and usbd_do_request
353  *
354  * Description of arguments passed to these functions:
355  *
356  * "udev" - this is the "usb_device" structure pointer on which the
357  * request should be performed. It is possible to call this function
358  * in both Host Side mode and Device Side mode.
359  *
360  * "mtx" - if this argument is non-NULL the mutex pointed to by it
361  * will get dropped and picked up during the execution of this
362  * function, hence this function sometimes needs to sleep. If this
363  * argument is NULL it has no effect.
364  *
365  * "req" - this argument must always be non-NULL and points to an
366  * 8-byte structure holding the USB request to be done. The USB
367  * request structure has a bit telling the direction of the USB
368  * request, if it is a read or a write.
369  *
370  * "data" - if the "wLength" part of the structure pointed to by "req"
371  * is non-zero this argument must point to a valid kernel buffer which
372  * can hold at least "wLength" bytes. If "wLength" is zero "data" can
373  * be NULL.
374  *
375  * "flags" - here is a list of valid flags:
376  *
377  *  o USB_SHORT_XFER_OK: allows the data transfer to be shorter than
378  *  specified
379  *
380  *  o USB_DELAY_STATUS_STAGE: allows the status stage to be performed
381  *  at a later point in time. This is tunable by the "hw.usb.ss_delay"
382  *  sysctl. This flag is mostly useful for debugging.
383  *
384  *  o USB_USER_DATA_PTR: treat the "data" pointer like a userland
385  *  pointer.
386  *
387  * "actlen" - if non-NULL the actual transfer length will be stored in
388  * the 16-bit unsigned integer pointed to by "actlen". This
389  * information is mostly useful when the "USB_SHORT_XFER_OK" flag is
390  * used.
391  *
392  * "timeout" - gives the timeout for the control transfer in
393  * milliseconds. A "timeout" value less than 50 milliseconds is
394  * treated like a 50 millisecond timeout. A "timeout" value greater
395  * than 30 seconds is treated like a 30 second timeout. This USB stack
396  * does not allow control requests without a timeout.
397  *
398  * NOTE: This function is thread safe. All calls to "usbd_do_request_flags"
399  * will be serialized by the use of the USB device enumeration lock.
400  *
401  * Returns:
402  *    0: Success
403  * Else: Failure
404  *------------------------------------------------------------------------*/
405 usb_error_t
406 usbd_do_request_flags(struct usb_device *udev, struct mtx *mtx,
407     struct usb_device_request *req, void *data, uint16_t flags,
408     uint16_t *actlen, usb_timeout_t timeout)
409 {
410 #ifdef USB_REQ_DEBUG
411 	struct usb_ctrl_debug_bits dbg;
412 #endif
413 	usb_handle_req_t *hr_func;
414 	struct usb_xfer *xfer;
415 	const void *desc;
416 	int err = 0;
417 	usb_ticks_t start_ticks;
418 	usb_ticks_t delta_ticks;
419 	usb_ticks_t max_ticks;
420 	uint16_t length;
421 	uint16_t temp;
422 	uint16_t acttemp;
423 	uint8_t do_unlock;
424 
425 	if (timeout < 50) {
426 		/* timeout is too small */
427 		timeout = 50;
428 	}
429 	if (timeout > 30000) {
430 		/* timeout is too big */
431 		timeout = 30000;
432 	}
433 	length = UGETW(req->wLength);
434 
435 	DPRINTFN(5, "udev=%p bmRequestType=0x%02x bRequest=0x%02x "
436 	    "wValue=0x%02x%02x wIndex=0x%02x%02x wLength=0x%02x%02x\n",
437 	    udev, req->bmRequestType, req->bRequest,
438 	    req->wValue[1], req->wValue[0],
439 	    req->wIndex[1], req->wIndex[0],
440 	    req->wLength[1], req->wLength[0]);
441 
442 	/* Check if the device is still alive */
443 	if (udev->state < USB_STATE_POWERED) {
444 		DPRINTF("usb device has gone\n");
445 		return (USB_ERR_NOT_CONFIGURED);
446 	}
447 
448 	/*
449 	 * Set "actlen" to a known value in case the caller does not
450 	 * check the return value:
451 	 */
452 	if (actlen)
453 		*actlen = 0;
454 
455 #if (USB_HAVE_USER_IO == 0)
456 	if (flags & USB_USER_DATA_PTR)
457 		return (USB_ERR_INVAL);
458 #endif
459 	if ((mtx != NULL) && (mtx != &Giant)) {
460 		USB_MTX_UNLOCK(mtx);
461 		USB_MTX_ASSERT(mtx, MA_NOTOWNED);
462 	}
463 
464 	/*
465 	 * Serialize access to this function:
466 	 */
467 	do_unlock = usbd_ctrl_lock(udev);
468 
469 	hr_func = usbd_get_hr_func(udev);
470 
471 	if (hr_func != NULL) {
472 		DPRINTF("Handle Request function is set\n");
473 
474 		desc = NULL;
475 		temp = 0;
476 
477 		if (!(req->bmRequestType & UT_READ)) {
478 			if (length != 0) {
479 				DPRINTFN(1, "The handle request function "
480 				    "does not support writing data!\n");
481 				err = USB_ERR_INVAL;
482 				goto done;
483 			}
484 		}
485 
486 		/* The root HUB code needs the BUS lock locked */
487 
488 		USB_BUS_LOCK(udev->bus);
489 		err = (hr_func) (udev, req, &desc, &temp);
490 		USB_BUS_UNLOCK(udev->bus);
491 
492 		if (err)
493 			goto done;
494 
495 		if (length > temp) {
496 			if (!(flags & USB_SHORT_XFER_OK)) {
497 				err = USB_ERR_SHORT_XFER;
498 				goto done;
499 			}
500 			length = temp;
501 		}
502 		if (actlen)
503 			*actlen = length;
504 
505 		if (length > 0) {
506 #if USB_HAVE_USER_IO
507 			if (flags & USB_USER_DATA_PTR) {
508 				if (copyout(desc, data, length)) {
509 					err = USB_ERR_INVAL;
510 					goto done;
511 				}
512 			} else
513 #endif
514 				memcpy(data, desc, length);
515 		}
516 		goto done;		/* success */
517 	}
518 
519 	/*
520 	 * Setup a new USB transfer or use the existing one, if any:
521 	 */
522 	usbd_ctrl_transfer_setup(udev);
523 
524 	xfer = udev->ctrl_xfer[0];
525 	if (xfer == NULL) {
526 		/* most likely out of memory */
527 		err = USB_ERR_NOMEM;
528 		goto done;
529 	}
530 
531 #ifdef USB_REQ_DEBUG
532 	/* Get debug bits */
533 	usbd_get_debug_bits(udev, req, &dbg);
534 
535 	/* Check for fault injection */
536 	if (dbg.enabled)
537 		flags |= USB_DELAY_STATUS_STAGE;
538 #endif
539 	USB_XFER_LOCK(xfer);
540 
541 	if (flags & USB_DELAY_STATUS_STAGE)
542 		xfer->flags.manual_status = 1;
543 	else
544 		xfer->flags.manual_status = 0;
545 
546 	if (flags & USB_SHORT_XFER_OK)
547 		xfer->flags.short_xfer_ok = 1;
548 	else
549 		xfer->flags.short_xfer_ok = 0;
550 
551 	xfer->timeout = timeout;
552 
553 	start_ticks = ticks;
554 
555 	max_ticks = USB_MS_TO_TICKS(timeout);
556 
557 	usbd_copy_in(xfer->frbuffers, 0, req, sizeof(*req));
558 
559 	usbd_xfer_set_frame_len(xfer, 0, sizeof(*req));
560 
561 	while (1) {
562 		temp = length;
563 		if (temp > usbd_xfer_max_len(xfer)) {
564 			temp = usbd_xfer_max_len(xfer);
565 		}
566 #ifdef USB_REQ_DEBUG
567 		if (xfer->flags.manual_status) {
568 			if (usbd_xfer_frame_len(xfer, 0) != 0) {
569 				/* Execute data stage separately */
570 				temp = 0;
571 			} else if (temp > 0) {
572 				if (dbg.ds_fail) {
573 					err = USB_ERR_INVAL;
574 					break;
575 				}
576 				if (dbg.ds_delay > 0) {
577 					usb_pause_mtx(
578 					    xfer->xroot->xfer_mtx,
579 				            USB_MS_TO_TICKS(dbg.ds_delay));
580 					/* make sure we don't time out */
581 					start_ticks = ticks;
582 				}
583 			}
584 		}
585 #endif
586 		usbd_xfer_set_frame_len(xfer, 1, temp);
587 
588 		if (temp > 0) {
589 			if (!(req->bmRequestType & UT_READ)) {
590 #if USB_HAVE_USER_IO
591 				if (flags & USB_USER_DATA_PTR) {
592 					USB_XFER_UNLOCK(xfer);
593 					err = usbd_copy_in_user(xfer->frbuffers + 1,
594 					    0, data, temp);
595 					USB_XFER_LOCK(xfer);
596 					if (err) {
597 						err = USB_ERR_INVAL;
598 						break;
599 					}
600 				} else
601 #endif
602 					usbd_copy_in(xfer->frbuffers + 1,
603 					    0, data, temp);
604 			}
605 			usbd_xfer_set_frames(xfer, 2);
606 		} else {
607 			if (usbd_xfer_frame_len(xfer, 0) == 0) {
608 				if (xfer->flags.manual_status) {
609 #ifdef USB_REQ_DEBUG
610 					if (dbg.ss_fail) {
611 						err = USB_ERR_INVAL;
612 						break;
613 					}
614 					if (dbg.ss_delay > 0) {
615 						usb_pause_mtx(
616 						    xfer->xroot->xfer_mtx,
617 						    USB_MS_TO_TICKS(dbg.ss_delay));
618 						/* make sure we don't time out */
619 						start_ticks = ticks;
620 					}
621 #endif
622 					xfer->flags.manual_status = 0;
623 				} else {
624 					break;
625 				}
626 			}
627 			usbd_xfer_set_frames(xfer, 1);
628 		}
629 
630 		usbd_transfer_start(xfer);
631 
632 		while (usbd_transfer_pending(xfer)) {
633 			cv_wait(&udev->ctrlreq_cv,
634 			    xfer->xroot->xfer_mtx);
635 		}
636 
637 		err = xfer->error;
638 
639 		if (err) {
640 			break;
641 		}
642 
643 		/* get actual length of DATA stage */
644 
645 		if (xfer->aframes < 2) {
646 			acttemp = 0;
647 		} else {
648 			acttemp = usbd_xfer_frame_len(xfer, 1);
649 		}
650 
651 		/* check for short packet */
652 
653 		if (temp > acttemp) {
654 			temp = acttemp;
655 			length = temp;
656 		}
657 		if (temp > 0) {
658 			if (req->bmRequestType & UT_READ) {
659 #if USB_HAVE_USER_IO
660 				if (flags & USB_USER_DATA_PTR) {
661 					USB_XFER_UNLOCK(xfer);
662 					err = usbd_copy_out_user(xfer->frbuffers + 1,
663 					    0, data, temp);
664 					USB_XFER_LOCK(xfer);
665 					if (err) {
666 						err = USB_ERR_INVAL;
667 						break;
668 					}
669 				} else
670 #endif
671 					usbd_copy_out(xfer->frbuffers + 1,
672 					    0, data, temp);
673 			}
674 		}
675 		/*
676 		 * Clear "frlengths[0]" so that we don't send the setup
677 		 * packet again:
678 		 */
679 		usbd_xfer_set_frame_len(xfer, 0, 0);
680 
681 		/* update length and data pointer */
682 		length -= temp;
683 		data = USB_ADD_BYTES(data, temp);
684 
685 		if (actlen) {
686 			(*actlen) += temp;
687 		}
688 		/* check for timeout */
689 
690 		delta_ticks = ticks - start_ticks;
691 		if (delta_ticks > max_ticks) {
692 			if (!err) {
693 				err = USB_ERR_TIMEOUT;
694 			}
695 		}
696 		if (err) {
697 			break;
698 		}
699 	}
700 
701 	if (err) {
702 		/*
703 		 * Make sure that the control endpoint is no longer
704 		 * blocked in case of a non-transfer related error:
705 		 */
706 		usbd_transfer_stop(xfer);
707 	}
708 	USB_XFER_UNLOCK(xfer);
709 
710 done:
711 	if (do_unlock)
712 		usbd_ctrl_unlock(udev);
713 
714 	if ((mtx != NULL) && (mtx != &Giant))
715 		USB_MTX_LOCK(mtx);
716 
717 	switch (err) {
718 	case USB_ERR_NORMAL_COMPLETION:
719 	case USB_ERR_SHORT_XFER:
720 	case USB_ERR_STALLED:
721 	case USB_ERR_CANCELLED:
722 		break;
723 	default:
724 		DPRINTF("I/O error - waiting a bit for TT cleanup\n");
725 		usb_pause_mtx(mtx, hz / 16);
726 		break;
727 	}
728 	return ((usb_error_t)err);
729 }
730 
731 /*------------------------------------------------------------------------*
732  *	usbd_do_request_proc - factored out code
733  *
734  * This function is factored out code. It does basically the same like
735  * usbd_do_request_flags, except it will check the status of the
736  * passed process argument before doing the USB request. If the
737  * process is draining the USB_ERR_IOERROR code will be returned. It
738  * is assumed that the mutex associated with the process is locked
739  * when calling this function.
740  *------------------------------------------------------------------------*/
741 usb_error_t
742 usbd_do_request_proc(struct usb_device *udev, struct usb_process *pproc,
743     struct usb_device_request *req, void *data, uint16_t flags,
744     uint16_t *actlen, usb_timeout_t timeout)
745 {
746 	usb_error_t err;
747 	uint16_t len;
748 
749 	/* get request data length */
750 	len = UGETW(req->wLength);
751 
752 	/* check if the device is being detached */
753 	if (usb_proc_is_gone(pproc)) {
754 		err = USB_ERR_IOERROR;
755 		goto done;
756 	}
757 
758 	/* forward the USB request */
759 	err = usbd_do_request_flags(udev, pproc->up_mtx,
760 	    req, data, flags, actlen, timeout);
761 
762 done:
763 	/* on failure we zero the data */
764 	/* on short packet we zero the unused data */
765 	if ((len != 0) && (req->bmRequestType & UE_DIR_IN)) {
766 		if (err)
767 			memset(data, 0, len);
768 		else if (actlen && *actlen != len)
769 			memset(((uint8_t *)data) + *actlen, 0, len - *actlen);
770 	}
771 	return (err);
772 }
773 
774 /*------------------------------------------------------------------------*
775  *	usbd_req_reset_port
776  *
777  * This function will instruct a USB HUB to perform a reset sequence
778  * on the specified port number.
779  *
780  * Returns:
781  *    0: Success. The USB device should now be at address zero.
782  * Else: Failure. No USB device is present and the USB port should be
783  *       disabled.
784  *------------------------------------------------------------------------*/
785 usb_error_t
786 usbd_req_reset_port(struct usb_device *udev, struct mtx *mtx, uint8_t port)
787 {
788 	struct usb_port_status ps;
789 	usb_error_t err;
790 	uint16_t n;
791 	uint16_t status;
792 	uint16_t change;
793 
794 	DPRINTF("\n");
795 
796 	/* clear any leftover port reset changes first */
797 	usbd_req_clear_port_feature(
798 	    udev, mtx, port, UHF_C_PORT_RESET);
799 
800 	/* assert port reset on the given port */
801 	err = usbd_req_set_port_feature(
802 	    udev, mtx, port, UHF_PORT_RESET);
803 
804 	/* check for errors */
805 	if (err)
806 		goto done;
807 	n = 0;
808 	while (1) {
809 		/* wait for the device to recover from reset */
810 		usb_pause_mtx(mtx, USB_MS_TO_TICKS(usb_port_reset_delay));
811 		n += usb_port_reset_delay;
812 		err = usbd_req_get_port_status(udev, mtx, &ps, port);
813 		if (err)
814 			goto done;
815 
816 		status = UGETW(ps.wPortStatus);
817 		change = UGETW(ps.wPortChange);
818 
819 		/* if the device disappeared, just give up */
820 		if (!(status & UPS_CURRENT_CONNECT_STATUS))
821 			goto done;
822 
823 		/* check if reset is complete */
824 		if (change & UPS_C_PORT_RESET)
825 			break;
826 
827 		/*
828 		 * Some Virtual Machines like VirtualBox 4.x fail to
829 		 * generate a port reset change event. Check if reset
830 		 * is no longer asserted.
831 		 */
832 		if (!(status & UPS_RESET))
833 			break;
834 
835 		/* check for timeout */
836 		if (n > 1000) {
837 			n = 0;
838 			break;
839 		}
840 	}
841 
842 	/* clear port reset first */
843 	err = usbd_req_clear_port_feature(
844 	    udev, mtx, port, UHF_C_PORT_RESET);
845 	if (err)
846 		goto done;
847 
848 	/* check for timeout */
849 	if (n == 0) {
850 		err = USB_ERR_TIMEOUT;
851 		goto done;
852 	}
853 	/* wait for the device to recover from reset */
854 	usb_pause_mtx(mtx, USB_MS_TO_TICKS(usb_port_reset_recovery));
855 
856 done:
857 	DPRINTFN(2, "port %d reset returning error=%s\n",
858 	    port, usbd_errstr(err));
859 	return (err);
860 }
861 
862 /*------------------------------------------------------------------------*
863  *	usbd_req_warm_reset_port
864  *
865  * This function will instruct an USB HUB to perform a warm reset
866  * sequence on the specified port number. This kind of reset is not
867  * mandatory for LOW-, FULL- and HIGH-speed USB HUBs and is targeted
868  * for SUPER-speed USB HUBs.
869  *
870  * Returns:
871  *    0: Success. The USB device should now be available again.
872  * Else: Failure. No USB device is present and the USB port should be
873  *       disabled.
874  *------------------------------------------------------------------------*/
875 usb_error_t
876 usbd_req_warm_reset_port(struct usb_device *udev, struct mtx *mtx,
877     uint8_t port)
878 {
879 	struct usb_port_status ps;
880 	usb_error_t err;
881 	uint16_t n;
882 	uint16_t status;
883 	uint16_t change;
884 
885 	DPRINTF("\n");
886 
887 	err = usbd_req_get_port_status(udev, mtx, &ps, port);
888 	if (err)
889 		goto done;
890 
891 	status = UGETW(ps.wPortStatus);
892 
893 	switch (UPS_PORT_LINK_STATE_GET(status)) {
894 	case UPS_PORT_LS_U3:
895 	case UPS_PORT_LS_COMP_MODE:
896 	case UPS_PORT_LS_LOOPBACK:
897 	case UPS_PORT_LS_SS_INA:
898 		break;
899 	default:
900 		DPRINTF("Wrong state for warm reset\n");
901 		return (0);
902 	}
903 
904 	/* clear any leftover warm port reset changes first */
905 	usbd_req_clear_port_feature(udev, mtx,
906 	    port, UHF_C_BH_PORT_RESET);
907 
908 	/* set warm port reset */
909 	err = usbd_req_set_port_feature(udev, mtx,
910 	    port, UHF_BH_PORT_RESET);
911 	if (err)
912 		goto done;
913 
914 	n = 0;
915 	while (1) {
916 		/* wait for the device to recover from reset */
917 		usb_pause_mtx(mtx, USB_MS_TO_TICKS(usb_port_reset_delay));
918 		n += usb_port_reset_delay;
919 		err = usbd_req_get_port_status(udev, mtx, &ps, port);
920 		if (err)
921 			goto done;
922 
923 		status = UGETW(ps.wPortStatus);
924 		change = UGETW(ps.wPortChange);
925 
926 		/* if the device disappeared, just give up */
927 		if (!(status & UPS_CURRENT_CONNECT_STATUS))
928 			goto done;
929 
930 		/* check if reset is complete */
931 		if (change & UPS_C_BH_PORT_RESET)
932 			break;
933 
934 		/* check for timeout */
935 		if (n > 1000) {
936 			n = 0;
937 			break;
938 		}
939 	}
940 
941 	/* clear port reset first */
942 	err = usbd_req_clear_port_feature(
943 	    udev, mtx, port, UHF_C_BH_PORT_RESET);
944 	if (err)
945 		goto done;
946 
947 	/* check for timeout */
948 	if (n == 0) {
949 		err = USB_ERR_TIMEOUT;
950 		goto done;
951 	}
952 	/* wait for the device to recover from reset */
953 	usb_pause_mtx(mtx, USB_MS_TO_TICKS(usb_port_reset_recovery));
954 
955 done:
956 	DPRINTFN(2, "port %d warm reset returning error=%s\n",
957 	    port, usbd_errstr(err));
958 	return (err);
959 }
960 
961 /*------------------------------------------------------------------------*
962  *	usbd_req_get_desc
963  *
964  * This function can be used to retrieve USB descriptors. It contains
965  * some additional logic like zeroing of missing descriptor bytes and
966  * retrying an USB descriptor in case of failure. The "min_len"
967  * argument specifies the minimum descriptor length. The "max_len"
968  * argument specifies the maximum descriptor length. If the real
969  * descriptor length is less than the minimum length the missing
970  * byte(s) will be zeroed. The type field, the second byte of the USB
971  * descriptor, will get forced to the correct type. If the "actlen"
972  * pointer is non-NULL, the actual length of the transfer will get
973  * stored in the 16-bit unsigned integer which it is pointing to. The
974  * first byte of the descriptor will not get updated. If the "actlen"
975  * pointer is NULL the first byte of the descriptor will get updated
976  * to reflect the actual length instead. If "min_len" is not equal to
977  * "max_len" then this function will try to retrive the beginning of
978  * the descriptor and base the maximum length on the first byte of the
979  * descriptor.
980  *
981  * Returns:
982  *    0: Success
983  * Else: Failure
984  *------------------------------------------------------------------------*/
985 usb_error_t
986 usbd_req_get_desc(struct usb_device *udev,
987     struct mtx *mtx, uint16_t *actlen, void *desc,
988     uint16_t min_len, uint16_t max_len,
989     uint16_t id, uint8_t type, uint8_t index,
990     uint8_t retries)
991 {
992 	struct usb_device_request req;
993 	uint8_t *buf = desc;
994 	usb_error_t err;
995 
996 	DPRINTFN(4, "id=%d, type=%d, index=%d, max_len=%d\n",
997 	    id, type, index, max_len);
998 
999 	req.bmRequestType = UT_READ_DEVICE;
1000 	req.bRequest = UR_GET_DESCRIPTOR;
1001 	USETW2(req.wValue, type, index);
1002 	USETW(req.wIndex, id);
1003 
1004 	while (1) {
1005 
1006 		if ((min_len < 2) || (max_len < 2)) {
1007 			err = USB_ERR_INVAL;
1008 			goto done;
1009 		}
1010 		USETW(req.wLength, min_len);
1011 
1012 		err = usbd_do_request_flags(udev, mtx, &req,
1013 		    desc, 0, NULL, 500 /* ms */);
1014 
1015 		if (err != 0 && err != USB_ERR_TIMEOUT &&
1016 		    min_len != max_len) {
1017 			/* clear descriptor data */
1018 			memset(desc, 0, max_len);
1019 
1020 			/* try to read full descriptor length */
1021 			USETW(req.wLength, max_len);
1022 
1023 			err = usbd_do_request_flags(udev, mtx, &req,
1024 			    desc, USB_SHORT_XFER_OK, NULL, 500 /* ms */);
1025 
1026 			if (err == 0) {
1027 				/* verify length */
1028 				if (buf[0] > max_len)
1029 					buf[0] = max_len;
1030 				else if (buf[0] < 2)
1031 					err = USB_ERR_INVAL;
1032 
1033 				min_len = buf[0];
1034 
1035 				/* enforce descriptor type */
1036 				buf[1] = type;
1037 				goto done;
1038 			}
1039 		}
1040 
1041 		if (err) {
1042 			if (!retries) {
1043 				goto done;
1044 			}
1045 			retries--;
1046 
1047 			usb_pause_mtx(mtx, hz / 5);
1048 
1049 			continue;
1050 		}
1051 
1052 		if (min_len == max_len) {
1053 
1054 			/* enforce correct length */
1055 			if ((buf[0] > min_len) && (actlen == NULL))
1056 				buf[0] = min_len;
1057 
1058 			/* enforce correct type */
1059 			buf[1] = type;
1060 
1061 			goto done;
1062 		}
1063 		/* range check */
1064 
1065 		if (max_len > buf[0]) {
1066 			max_len = buf[0];
1067 		}
1068 		/* zero minimum data */
1069 
1070 		while (min_len > max_len) {
1071 			min_len--;
1072 			buf[min_len] = 0;
1073 		}
1074 
1075 		/* set new minimum length */
1076 
1077 		min_len = max_len;
1078 	}
1079 done:
1080 	if (actlen != NULL) {
1081 		if (err)
1082 			*actlen = 0;
1083 		else
1084 			*actlen = min_len;
1085 	}
1086 	return (err);
1087 }
1088 
1089 /*------------------------------------------------------------------------*
1090  *	usbd_req_get_string_any
1091  *
1092  * This function will return the string given by "string_index"
1093  * using the first language ID. The maximum length "len" includes
1094  * the terminating zero. The "len" argument should be twice as
1095  * big pluss 2 bytes, compared with the actual maximum string length !
1096  *
1097  * Returns:
1098  *    0: Success
1099  * Else: Failure
1100  *------------------------------------------------------------------------*/
1101 usb_error_t
1102 usbd_req_get_string_any(struct usb_device *udev, struct mtx *mtx, char *buf,
1103     uint16_t len, uint8_t string_index)
1104 {
1105 	char *s;
1106 	uint8_t *temp;
1107 	uint16_t i;
1108 	uint16_t n;
1109 	uint16_t c;
1110 	uint8_t swap;
1111 	usb_error_t err;
1112 
1113 	if (len == 0) {
1114 		/* should not happen */
1115 		return (USB_ERR_NORMAL_COMPLETION);
1116 	}
1117 	if (string_index == 0) {
1118 		/* this is the language table */
1119 		buf[0] = 0;
1120 		return (USB_ERR_INVAL);
1121 	}
1122 	if (udev->flags.no_strings) {
1123 		buf[0] = 0;
1124 		return (USB_ERR_STALLED);
1125 	}
1126 	err = usbd_req_get_string_desc
1127 	    (udev, mtx, buf, len, udev->langid, string_index);
1128 	if (err) {
1129 		buf[0] = 0;
1130 		return (err);
1131 	}
1132 	temp = (uint8_t *)buf;
1133 
1134 	if (temp[0] < 2) {
1135 		/* string length is too short */
1136 		buf[0] = 0;
1137 		return (USB_ERR_INVAL);
1138 	}
1139 	/* reserve one byte for terminating zero */
1140 	len--;
1141 
1142 	/* find maximum length */
1143 	s = buf;
1144 	n = (temp[0] / 2) - 1;
1145 	if (n > len) {
1146 		n = len;
1147 	}
1148 	/* skip descriptor header */
1149 	temp += 2;
1150 
1151 	/* reset swap state */
1152 	swap = 3;
1153 
1154 	/* convert and filter */
1155 	for (i = 0; (i != n); i++) {
1156 		c = UGETW(temp + (2 * i));
1157 
1158 		/* convert from Unicode, handle buggy strings */
1159 		if (((c & 0xff00) == 0) && (swap & 1)) {
1160 			/* Little Endian, default */
1161 			*s = c;
1162 			swap = 1;
1163 		} else if (((c & 0x00ff) == 0) && (swap & 2)) {
1164 			/* Big Endian */
1165 			*s = c >> 8;
1166 			swap = 2;
1167 		} else {
1168 			/* silently skip bad character */
1169 			continue;
1170 		}
1171 
1172 		/*
1173 		 * Filter by default - We only allow alphanumerical
1174 		 * and a few more to avoid any problems with scripts
1175 		 * and daemons.
1176 		 */
1177 		if (isalpha(*s) ||
1178 		    isdigit(*s) ||
1179 		    *s == '-' ||
1180 		    *s == '+' ||
1181 		    *s == ' ' ||
1182 		    *s == '.' ||
1183 		    *s == ',' ||
1184 		    *s == ':' ||
1185 		    *s == '/' ||
1186 		    *s == '(' ||
1187 		    *s == ')') {
1188 			/* allowed */
1189 			s++;
1190 		}
1191 		/* silently skip bad character */
1192 	}
1193 	*s = 0;				/* zero terminate resulting string */
1194 	return (USB_ERR_NORMAL_COMPLETION);
1195 }
1196 
1197 /*------------------------------------------------------------------------*
1198  *	usbd_req_get_string_desc
1199  *
1200  * If you don't know the language ID, consider using
1201  * "usbd_req_get_string_any()".
1202  *
1203  * Returns:
1204  *    0: Success
1205  * Else: Failure
1206  *------------------------------------------------------------------------*/
1207 usb_error_t
1208 usbd_req_get_string_desc(struct usb_device *udev, struct mtx *mtx, void *sdesc,
1209     uint16_t max_len, uint16_t lang_id,
1210     uint8_t string_index)
1211 {
1212 	return (usbd_req_get_desc(udev, mtx, NULL, sdesc, 2, max_len, lang_id,
1213 	    UDESC_STRING, string_index, 0));
1214 }
1215 
1216 /*------------------------------------------------------------------------*
1217  *	usbd_req_get_config_desc_ptr
1218  *
1219  * This function is used in device side mode to retrieve the pointer
1220  * to the generated config descriptor. This saves allocating space for
1221  * an additional config descriptor when setting the configuration.
1222  *
1223  * Returns:
1224  *    0: Success
1225  * Else: Failure
1226  *------------------------------------------------------------------------*/
1227 usb_error_t
1228 usbd_req_get_descriptor_ptr(struct usb_device *udev,
1229     struct usb_config_descriptor **ppcd, uint16_t wValue)
1230 {
1231 	struct usb_device_request req;
1232 	usb_handle_req_t *hr_func;
1233 	const void *ptr;
1234 	uint16_t len;
1235 	usb_error_t err;
1236 
1237 	req.bmRequestType = UT_READ_DEVICE;
1238 	req.bRequest = UR_GET_DESCRIPTOR;
1239 	USETW(req.wValue, wValue);
1240 	USETW(req.wIndex, 0);
1241 	USETW(req.wLength, 0);
1242 
1243 	ptr = NULL;
1244 	len = 0;
1245 
1246 	hr_func = usbd_get_hr_func(udev);
1247 
1248 	if (hr_func == NULL)
1249 		err = USB_ERR_INVAL;
1250 	else {
1251 		USB_BUS_LOCK(udev->bus);
1252 		err = (hr_func) (udev, &req, &ptr, &len);
1253 		USB_BUS_UNLOCK(udev->bus);
1254 	}
1255 
1256 	if (err)
1257 		ptr = NULL;
1258 	else if (ptr == NULL)
1259 		err = USB_ERR_INVAL;
1260 
1261 	*ppcd = __DECONST(struct usb_config_descriptor *, ptr);
1262 
1263 	return (err);
1264 }
1265 
1266 /*------------------------------------------------------------------------*
1267  *	usbd_req_get_config_desc
1268  *
1269  * Returns:
1270  *    0: Success
1271  * Else: Failure
1272  *------------------------------------------------------------------------*/
1273 usb_error_t
1274 usbd_req_get_config_desc(struct usb_device *udev, struct mtx *mtx,
1275     struct usb_config_descriptor *d, uint8_t conf_index)
1276 {
1277 	usb_error_t err;
1278 
1279 	DPRINTFN(4, "confidx=%d\n", conf_index);
1280 
1281 	err = usbd_req_get_desc(udev, mtx, NULL, d, sizeof(*d),
1282 	    sizeof(*d), 0, UDESC_CONFIG, conf_index, 0);
1283 	if (err) {
1284 		goto done;
1285 	}
1286 	/* Extra sanity checking */
1287 	if (UGETW(d->wTotalLength) < (uint16_t)sizeof(*d)) {
1288 		err = USB_ERR_INVAL;
1289 	}
1290 done:
1291 	return (err);
1292 }
1293 
1294 /*------------------------------------------------------------------------*
1295  *	usbd_alloc_config_desc
1296  *
1297  * This function is used to allocate a zeroed configuration
1298  * descriptor.
1299  *
1300  * Returns:
1301  * NULL: Failure
1302  * Else: Success
1303  *------------------------------------------------------------------------*/
1304 void *
1305 usbd_alloc_config_desc(struct usb_device *udev, uint32_t size)
1306 {
1307 	if (size > USB_CONFIG_MAX) {
1308 		DPRINTF("Configuration descriptor too big\n");
1309 		return (NULL);
1310 	}
1311 #if (USB_HAVE_FIXED_CONFIG == 0)
1312 	return (malloc(size, M_USBDEV, M_ZERO | M_WAITOK));
1313 #else
1314 	memset(udev->config_data, 0, sizeof(udev->config_data));
1315 	return (udev->config_data);
1316 #endif
1317 }
1318 
1319 /*------------------------------------------------------------------------*
1320  *	usbd_alloc_config_desc
1321  *
1322  * This function is used to free a configuration descriptor.
1323  *------------------------------------------------------------------------*/
1324 void
1325 usbd_free_config_desc(struct usb_device *udev, void *ptr)
1326 {
1327 #if (USB_HAVE_FIXED_CONFIG == 0)
1328 	free(ptr, M_USBDEV);
1329 #endif
1330 }
1331 
1332 /*------------------------------------------------------------------------*
1333  *	usbd_req_get_config_desc_full
1334  *
1335  * This function gets the complete USB configuration descriptor and
1336  * ensures that "wTotalLength" is correct. The returned configuration
1337  * descriptor is freed by calling "usbd_free_config_desc()".
1338  *
1339  * Returns:
1340  *    0: Success
1341  * Else: Failure
1342  *------------------------------------------------------------------------*/
1343 usb_error_t
1344 usbd_req_get_config_desc_full(struct usb_device *udev, struct mtx *mtx,
1345     struct usb_config_descriptor **ppcd, uint8_t index)
1346 {
1347 	struct usb_config_descriptor cd;
1348 	struct usb_config_descriptor *cdesc;
1349 	uint32_t len;
1350 	usb_error_t err;
1351 
1352 	DPRINTFN(4, "index=%d\n", index);
1353 
1354 	*ppcd = NULL;
1355 
1356 	err = usbd_req_get_config_desc(udev, mtx, &cd, index);
1357 	if (err)
1358 		return (err);
1359 
1360 	/* get full descriptor */
1361 	len = UGETW(cd.wTotalLength);
1362 	if (len < (uint32_t)sizeof(*cdesc)) {
1363 		/* corrupt descriptor */
1364 		return (USB_ERR_INVAL);
1365 	} else if (len > USB_CONFIG_MAX) {
1366 		DPRINTF("Configuration descriptor was truncated\n");
1367 		len = USB_CONFIG_MAX;
1368 	}
1369 	cdesc = usbd_alloc_config_desc(udev, len);
1370 	if (cdesc == NULL)
1371 		return (USB_ERR_NOMEM);
1372 	err = usbd_req_get_desc(udev, mtx, NULL, cdesc, len, len, 0,
1373 	    UDESC_CONFIG, index, 3);
1374 	if (err) {
1375 		usbd_free_config_desc(udev, cdesc);
1376 		return (err);
1377 	}
1378 	/* make sure that the device is not fooling us: */
1379 	USETW(cdesc->wTotalLength, len);
1380 
1381 	*ppcd = cdesc;
1382 
1383 	return (0);			/* success */
1384 }
1385 
1386 /*------------------------------------------------------------------------*
1387  *	usbd_req_get_device_desc
1388  *
1389  * Returns:
1390  *    0: Success
1391  * Else: Failure
1392  *------------------------------------------------------------------------*/
1393 usb_error_t
1394 usbd_req_get_device_desc(struct usb_device *udev, struct mtx *mtx,
1395     struct usb_device_descriptor *d)
1396 {
1397 	DPRINTFN(4, "\n");
1398 	return (usbd_req_get_desc(udev, mtx, NULL, d, sizeof(*d),
1399 	    sizeof(*d), 0, UDESC_DEVICE, 0, 3));
1400 }
1401 
1402 /*------------------------------------------------------------------------*
1403  *	usbd_req_get_alt_interface_no
1404  *
1405  * Returns:
1406  *    0: Success
1407  * Else: Failure
1408  *------------------------------------------------------------------------*/
1409 usb_error_t
1410 usbd_req_get_alt_interface_no(struct usb_device *udev, struct mtx *mtx,
1411     uint8_t *alt_iface_no, uint8_t iface_index)
1412 {
1413 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1414 	struct usb_device_request req;
1415 
1416 	if ((iface == NULL) || (iface->idesc == NULL))
1417 		return (USB_ERR_INVAL);
1418 
1419 	req.bmRequestType = UT_READ_INTERFACE;
1420 	req.bRequest = UR_GET_INTERFACE;
1421 	USETW(req.wValue, 0);
1422 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1423 	req.wIndex[1] = 0;
1424 	USETW(req.wLength, 1);
1425 	return (usbd_do_request(udev, mtx, &req, alt_iface_no));
1426 }
1427 
1428 /*------------------------------------------------------------------------*
1429  *	usbd_req_set_alt_interface_no
1430  *
1431  * Returns:
1432  *    0: Success
1433  * Else: Failure
1434  *------------------------------------------------------------------------*/
1435 usb_error_t
1436 usbd_req_set_alt_interface_no(struct usb_device *udev, struct mtx *mtx,
1437     uint8_t iface_index, uint8_t alt_no)
1438 {
1439 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1440 	struct usb_device_request req;
1441 
1442 	if ((iface == NULL) || (iface->idesc == NULL))
1443 		return (USB_ERR_INVAL);
1444 
1445 	req.bmRequestType = UT_WRITE_INTERFACE;
1446 	req.bRequest = UR_SET_INTERFACE;
1447 	req.wValue[0] = alt_no;
1448 	req.wValue[1] = 0;
1449 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1450 	req.wIndex[1] = 0;
1451 	USETW(req.wLength, 0);
1452 	return (usbd_do_request(udev, mtx, &req, 0));
1453 }
1454 
1455 /*------------------------------------------------------------------------*
1456  *	usbd_req_get_device_status
1457  *
1458  * Returns:
1459  *    0: Success
1460  * Else: Failure
1461  *------------------------------------------------------------------------*/
1462 usb_error_t
1463 usbd_req_get_device_status(struct usb_device *udev, struct mtx *mtx,
1464     struct usb_status *st)
1465 {
1466 	struct usb_device_request req;
1467 
1468 	req.bmRequestType = UT_READ_DEVICE;
1469 	req.bRequest = UR_GET_STATUS;
1470 	USETW(req.wValue, 0);
1471 	USETW(req.wIndex, 0);
1472 	USETW(req.wLength, sizeof(*st));
1473 	return (usbd_do_request(udev, mtx, &req, st));
1474 }
1475 
1476 /*------------------------------------------------------------------------*
1477  *	usbd_req_get_hub_descriptor
1478  *
1479  * Returns:
1480  *    0: Success
1481  * Else: Failure
1482  *------------------------------------------------------------------------*/
1483 usb_error_t
1484 usbd_req_get_hub_descriptor(struct usb_device *udev, struct mtx *mtx,
1485     struct usb_hub_descriptor *hd, uint8_t nports)
1486 {
1487 	struct usb_device_request req;
1488 	uint16_t len = (nports + 7 + (8 * 8)) / 8;
1489 
1490 	req.bmRequestType = UT_READ_CLASS_DEVICE;
1491 	req.bRequest = UR_GET_DESCRIPTOR;
1492 	USETW2(req.wValue, UDESC_HUB, 0);
1493 	USETW(req.wIndex, 0);
1494 	USETW(req.wLength, len);
1495 	return (usbd_do_request(udev, mtx, &req, hd));
1496 }
1497 
1498 /*------------------------------------------------------------------------*
1499  *	usbd_req_get_ss_hub_descriptor
1500  *
1501  * Returns:
1502  *    0: Success
1503  * Else: Failure
1504  *------------------------------------------------------------------------*/
1505 usb_error_t
1506 usbd_req_get_ss_hub_descriptor(struct usb_device *udev, struct mtx *mtx,
1507     struct usb_hub_ss_descriptor *hd, uint8_t nports)
1508 {
1509 	struct usb_device_request req;
1510 	uint16_t len = sizeof(*hd) - 32 + 1 + ((nports + 7) / 8);
1511 
1512 	req.bmRequestType = UT_READ_CLASS_DEVICE;
1513 	req.bRequest = UR_GET_DESCRIPTOR;
1514 	USETW2(req.wValue, UDESC_SS_HUB, 0);
1515 	USETW(req.wIndex, 0);
1516 	USETW(req.wLength, len);
1517 	return (usbd_do_request(udev, mtx, &req, hd));
1518 }
1519 
1520 /*------------------------------------------------------------------------*
1521  *	usbd_req_get_hub_status
1522  *
1523  * Returns:
1524  *    0: Success
1525  * Else: Failure
1526  *------------------------------------------------------------------------*/
1527 usb_error_t
1528 usbd_req_get_hub_status(struct usb_device *udev, struct mtx *mtx,
1529     struct usb_hub_status *st)
1530 {
1531 	struct usb_device_request req;
1532 
1533 	req.bmRequestType = UT_READ_CLASS_DEVICE;
1534 	req.bRequest = UR_GET_STATUS;
1535 	USETW(req.wValue, 0);
1536 	USETW(req.wIndex, 0);
1537 	USETW(req.wLength, sizeof(struct usb_hub_status));
1538 	return (usbd_do_request(udev, mtx, &req, st));
1539 }
1540 
1541 /*------------------------------------------------------------------------*
1542  *	usbd_req_set_address
1543  *
1544  * This function is used to set the address for an USB device. After
1545  * port reset the USB device will respond at address zero.
1546  *
1547  * Returns:
1548  *    0: Success
1549  * Else: Failure
1550  *------------------------------------------------------------------------*/
1551 usb_error_t
1552 usbd_req_set_address(struct usb_device *udev, struct mtx *mtx, uint16_t addr)
1553 {
1554 	struct usb_device_request req;
1555 	usb_error_t err;
1556 
1557 	DPRINTFN(6, "setting device address=%d\n", addr);
1558 
1559 	req.bmRequestType = UT_WRITE_DEVICE;
1560 	req.bRequest = UR_SET_ADDRESS;
1561 	USETW(req.wValue, addr);
1562 	USETW(req.wIndex, 0);
1563 	USETW(req.wLength, 0);
1564 
1565 	err = USB_ERR_INVAL;
1566 
1567 	/* check if USB controller handles set address */
1568 	if (udev->bus->methods->set_address != NULL)
1569 		err = (udev->bus->methods->set_address) (udev, mtx, addr);
1570 
1571 	if (err != USB_ERR_INVAL)
1572 		goto done;
1573 
1574 	/* Setting the address should not take more than 1 second ! */
1575 	err = usbd_do_request_flags(udev, mtx, &req, NULL,
1576 	    USB_DELAY_STATUS_STAGE, NULL, 1000);
1577 
1578 done:
1579 	/* allow device time to set new address */
1580 	usb_pause_mtx(mtx,
1581 	    USB_MS_TO_TICKS(usb_set_address_settle));
1582 
1583 	return (err);
1584 }
1585 
1586 /*------------------------------------------------------------------------*
1587  *	usbd_req_get_port_status
1588  *
1589  * Returns:
1590  *    0: Success
1591  * Else: Failure
1592  *------------------------------------------------------------------------*/
1593 usb_error_t
1594 usbd_req_get_port_status(struct usb_device *udev, struct mtx *mtx,
1595     struct usb_port_status *ps, uint8_t port)
1596 {
1597 	struct usb_device_request req;
1598 
1599 	req.bmRequestType = UT_READ_CLASS_OTHER;
1600 	req.bRequest = UR_GET_STATUS;
1601 	USETW(req.wValue, 0);
1602 	req.wIndex[0] = port;
1603 	req.wIndex[1] = 0;
1604 	USETW(req.wLength, sizeof *ps);
1605 	return (usbd_do_request(udev, mtx, &req, ps));
1606 }
1607 
1608 /*------------------------------------------------------------------------*
1609  *	usbd_req_clear_hub_feature
1610  *
1611  * Returns:
1612  *    0: Success
1613  * Else: Failure
1614  *------------------------------------------------------------------------*/
1615 usb_error_t
1616 usbd_req_clear_hub_feature(struct usb_device *udev, struct mtx *mtx,
1617     uint16_t sel)
1618 {
1619 	struct usb_device_request req;
1620 
1621 	req.bmRequestType = UT_WRITE_CLASS_DEVICE;
1622 	req.bRequest = UR_CLEAR_FEATURE;
1623 	USETW(req.wValue, sel);
1624 	USETW(req.wIndex, 0);
1625 	USETW(req.wLength, 0);
1626 	return (usbd_do_request(udev, mtx, &req, 0));
1627 }
1628 
1629 /*------------------------------------------------------------------------*
1630  *	usbd_req_set_hub_feature
1631  *
1632  * Returns:
1633  *    0: Success
1634  * Else: Failure
1635  *------------------------------------------------------------------------*/
1636 usb_error_t
1637 usbd_req_set_hub_feature(struct usb_device *udev, struct mtx *mtx,
1638     uint16_t sel)
1639 {
1640 	struct usb_device_request req;
1641 
1642 	req.bmRequestType = UT_WRITE_CLASS_DEVICE;
1643 	req.bRequest = UR_SET_FEATURE;
1644 	USETW(req.wValue, sel);
1645 	USETW(req.wIndex, 0);
1646 	USETW(req.wLength, 0);
1647 	return (usbd_do_request(udev, mtx, &req, 0));
1648 }
1649 
1650 /*------------------------------------------------------------------------*
1651  *	usbd_req_set_hub_u1_timeout
1652  *
1653  * Returns:
1654  *    0: Success
1655  * Else: Failure
1656  *------------------------------------------------------------------------*/
1657 usb_error_t
1658 usbd_req_set_hub_u1_timeout(struct usb_device *udev, struct mtx *mtx,
1659     uint8_t port, uint8_t timeout)
1660 {
1661 	struct usb_device_request req;
1662 
1663 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1664 	req.bRequest = UR_SET_FEATURE;
1665 	USETW(req.wValue, UHF_PORT_U1_TIMEOUT);
1666 	req.wIndex[0] = port;
1667 	req.wIndex[1] = timeout;
1668 	USETW(req.wLength, 0);
1669 	return (usbd_do_request(udev, mtx, &req, 0));
1670 }
1671 
1672 /*------------------------------------------------------------------------*
1673  *	usbd_req_set_hub_u2_timeout
1674  *
1675  * Returns:
1676  *    0: Success
1677  * Else: Failure
1678  *------------------------------------------------------------------------*/
1679 usb_error_t
1680 usbd_req_set_hub_u2_timeout(struct usb_device *udev, struct mtx *mtx,
1681     uint8_t port, uint8_t timeout)
1682 {
1683 	struct usb_device_request req;
1684 
1685 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1686 	req.bRequest = UR_SET_FEATURE;
1687 	USETW(req.wValue, UHF_PORT_U2_TIMEOUT);
1688 	req.wIndex[0] = port;
1689 	req.wIndex[1] = timeout;
1690 	USETW(req.wLength, 0);
1691 	return (usbd_do_request(udev, mtx, &req, 0));
1692 }
1693 
1694 /*------------------------------------------------------------------------*
1695  *	usbd_req_set_hub_depth
1696  *
1697  * Returns:
1698  *    0: Success
1699  * Else: Failure
1700  *------------------------------------------------------------------------*/
1701 usb_error_t
1702 usbd_req_set_hub_depth(struct usb_device *udev, struct mtx *mtx,
1703     uint16_t depth)
1704 {
1705 	struct usb_device_request req;
1706 
1707 	req.bmRequestType = UT_WRITE_CLASS_DEVICE;
1708 	req.bRequest = UR_SET_HUB_DEPTH;
1709 	USETW(req.wValue, depth);
1710 	USETW(req.wIndex, 0);
1711 	USETW(req.wLength, 0);
1712 	return (usbd_do_request(udev, mtx, &req, 0));
1713 }
1714 
1715 /*------------------------------------------------------------------------*
1716  *	usbd_req_clear_port_feature
1717  *
1718  * Returns:
1719  *    0: Success
1720  * Else: Failure
1721  *------------------------------------------------------------------------*/
1722 usb_error_t
1723 usbd_req_clear_port_feature(struct usb_device *udev, struct mtx *mtx,
1724     uint8_t port, uint16_t sel)
1725 {
1726 	struct usb_device_request req;
1727 
1728 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1729 	req.bRequest = UR_CLEAR_FEATURE;
1730 	USETW(req.wValue, sel);
1731 	req.wIndex[0] = port;
1732 	req.wIndex[1] = 0;
1733 	USETW(req.wLength, 0);
1734 	return (usbd_do_request(udev, mtx, &req, 0));
1735 }
1736 
1737 /*------------------------------------------------------------------------*
1738  *	usbd_req_set_port_feature
1739  *
1740  * Returns:
1741  *    0: Success
1742  * Else: Failure
1743  *------------------------------------------------------------------------*/
1744 usb_error_t
1745 usbd_req_set_port_feature(struct usb_device *udev, struct mtx *mtx,
1746     uint8_t port, uint16_t sel)
1747 {
1748 	struct usb_device_request req;
1749 
1750 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1751 	req.bRequest = UR_SET_FEATURE;
1752 	USETW(req.wValue, sel);
1753 	req.wIndex[0] = port;
1754 	req.wIndex[1] = 0;
1755 	USETW(req.wLength, 0);
1756 	return (usbd_do_request(udev, mtx, &req, 0));
1757 }
1758 
1759 /*------------------------------------------------------------------------*
1760  *	usbd_req_set_protocol
1761  *
1762  * Returns:
1763  *    0: Success
1764  * Else: Failure
1765  *------------------------------------------------------------------------*/
1766 usb_error_t
1767 usbd_req_set_protocol(struct usb_device *udev, struct mtx *mtx,
1768     uint8_t iface_index, uint16_t report)
1769 {
1770 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1771 	struct usb_device_request req;
1772 
1773 	if ((iface == NULL) || (iface->idesc == NULL)) {
1774 		return (USB_ERR_INVAL);
1775 	}
1776 	DPRINTFN(5, "iface=%p, report=%d, endpt=%d\n",
1777 	    iface, report, iface->idesc->bInterfaceNumber);
1778 
1779 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1780 	req.bRequest = UR_SET_PROTOCOL;
1781 	USETW(req.wValue, report);
1782 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1783 	req.wIndex[1] = 0;
1784 	USETW(req.wLength, 0);
1785 	return (usbd_do_request(udev, mtx, &req, 0));
1786 }
1787 
1788 /*------------------------------------------------------------------------*
1789  *	usbd_req_set_report
1790  *
1791  * Returns:
1792  *    0: Success
1793  * Else: Failure
1794  *------------------------------------------------------------------------*/
1795 usb_error_t
1796 usbd_req_set_report(struct usb_device *udev, struct mtx *mtx, void *data, uint16_t len,
1797     uint8_t iface_index, uint8_t type, uint8_t id)
1798 {
1799 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1800 	struct usb_device_request req;
1801 
1802 	if ((iface == NULL) || (iface->idesc == NULL)) {
1803 		return (USB_ERR_INVAL);
1804 	}
1805 	DPRINTFN(5, "len=%d\n", len);
1806 
1807 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1808 	req.bRequest = UR_SET_REPORT;
1809 	USETW2(req.wValue, type, id);
1810 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1811 	req.wIndex[1] = 0;
1812 	USETW(req.wLength, len);
1813 	return (usbd_do_request(udev, mtx, &req, data));
1814 }
1815 
1816 /*------------------------------------------------------------------------*
1817  *	usbd_req_get_report
1818  *
1819  * Returns:
1820  *    0: Success
1821  * Else: Failure
1822  *------------------------------------------------------------------------*/
1823 usb_error_t
1824 usbd_req_get_report(struct usb_device *udev, struct mtx *mtx, void *data,
1825     uint16_t len, uint8_t iface_index, uint8_t type, uint8_t id)
1826 {
1827 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1828 	struct usb_device_request req;
1829 
1830 	if ((iface == NULL) || (iface->idesc == NULL)) {
1831 		return (USB_ERR_INVAL);
1832 	}
1833 	DPRINTFN(5, "len=%d\n", len);
1834 
1835 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
1836 	req.bRequest = UR_GET_REPORT;
1837 	USETW2(req.wValue, type, id);
1838 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1839 	req.wIndex[1] = 0;
1840 	USETW(req.wLength, len);
1841 	return (usbd_do_request(udev, mtx, &req, data));
1842 }
1843 
1844 /*------------------------------------------------------------------------*
1845  *	usbd_req_set_idle
1846  *
1847  * Returns:
1848  *    0: Success
1849  * Else: Failure
1850  *------------------------------------------------------------------------*/
1851 usb_error_t
1852 usbd_req_set_idle(struct usb_device *udev, struct mtx *mtx,
1853     uint8_t iface_index, uint8_t duration, uint8_t id)
1854 {
1855 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1856 	struct usb_device_request req;
1857 
1858 	if ((iface == NULL) || (iface->idesc == NULL)) {
1859 		return (USB_ERR_INVAL);
1860 	}
1861 	DPRINTFN(5, "%d %d\n", duration, id);
1862 
1863 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1864 	req.bRequest = UR_SET_IDLE;
1865 	USETW2(req.wValue, duration, id);
1866 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1867 	req.wIndex[1] = 0;
1868 	USETW(req.wLength, 0);
1869 	return (usbd_do_request(udev, mtx, &req, 0));
1870 }
1871 
1872 /*------------------------------------------------------------------------*
1873  *	usbd_req_get_report_descriptor
1874  *
1875  * Returns:
1876  *    0: Success
1877  * Else: Failure
1878  *------------------------------------------------------------------------*/
1879 usb_error_t
1880 usbd_req_get_report_descriptor(struct usb_device *udev, struct mtx *mtx,
1881     void *d, uint16_t size, uint8_t iface_index)
1882 {
1883 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1884 	struct usb_device_request req;
1885 
1886 	if ((iface == NULL) || (iface->idesc == NULL)) {
1887 		return (USB_ERR_INVAL);
1888 	}
1889 	req.bmRequestType = UT_READ_INTERFACE;
1890 	req.bRequest = UR_GET_DESCRIPTOR;
1891 	USETW2(req.wValue, UDESC_REPORT, 0);	/* report id should be 0 */
1892 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1893 	req.wIndex[1] = 0;
1894 	USETW(req.wLength, size);
1895 	return (usbd_do_request(udev, mtx, &req, d));
1896 }
1897 
1898 /*------------------------------------------------------------------------*
1899  *	usbd_req_set_config
1900  *
1901  * This function is used to select the current configuration number in
1902  * both USB device side mode and USB host side mode. When setting the
1903  * configuration the function of the interfaces can change.
1904  *
1905  * Returns:
1906  *    0: Success
1907  * Else: Failure
1908  *------------------------------------------------------------------------*/
1909 usb_error_t
1910 usbd_req_set_config(struct usb_device *udev, struct mtx *mtx, uint8_t conf)
1911 {
1912 	struct usb_device_request req;
1913 
1914 	DPRINTF("setting config %d\n", conf);
1915 
1916 	/* do "set configuration" request */
1917 
1918 	req.bmRequestType = UT_WRITE_DEVICE;
1919 	req.bRequest = UR_SET_CONFIG;
1920 	req.wValue[0] = conf;
1921 	req.wValue[1] = 0;
1922 	USETW(req.wIndex, 0);
1923 	USETW(req.wLength, 0);
1924 	return (usbd_do_request(udev, mtx, &req, 0));
1925 }
1926 
1927 /*------------------------------------------------------------------------*
1928  *	usbd_req_get_config
1929  *
1930  * Returns:
1931  *    0: Success
1932  * Else: Failure
1933  *------------------------------------------------------------------------*/
1934 usb_error_t
1935 usbd_req_get_config(struct usb_device *udev, struct mtx *mtx, uint8_t *pconf)
1936 {
1937 	struct usb_device_request req;
1938 
1939 	req.bmRequestType = UT_READ_DEVICE;
1940 	req.bRequest = UR_GET_CONFIG;
1941 	USETW(req.wValue, 0);
1942 	USETW(req.wIndex, 0);
1943 	USETW(req.wLength, 1);
1944 	return (usbd_do_request(udev, mtx, &req, pconf));
1945 }
1946 
1947 /*------------------------------------------------------------------------*
1948  *	usbd_setup_device_desc
1949  *------------------------------------------------------------------------*/
1950 usb_error_t
1951 usbd_setup_device_desc(struct usb_device *udev, struct mtx *mtx)
1952 {
1953 	usb_error_t err;
1954 
1955 	/*
1956 	 * Get the first 8 bytes of the device descriptor !
1957 	 *
1958 	 * NOTE: "usbd_do_request()" will check the device descriptor
1959 	 * next time we do a request to see if the maximum packet size
1960 	 * changed! The 8 first bytes of the device descriptor
1961 	 * contains the maximum packet size to use on control endpoint
1962 	 * 0. If this value is different from "USB_MAX_IPACKET" a new
1963 	 * USB control request will be setup!
1964 	 */
1965 	switch (udev->speed) {
1966 	case USB_SPEED_FULL:
1967 		if (usb_full_ddesc != 0) {
1968 			/* get full device descriptor */
1969 			err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
1970 			if (err == 0)
1971 				break;
1972 		}
1973 
1974 		/* get partial device descriptor, some devices crash on this */
1975 		err = usbd_req_get_desc(udev, mtx, NULL, &udev->ddesc,
1976 		    USB_MAX_IPACKET, USB_MAX_IPACKET, 0, UDESC_DEVICE, 0, 0);
1977 		if (err != 0)
1978 			break;
1979 
1980 		/* get the full device descriptor */
1981 		err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
1982 		break;
1983 
1984 	default:
1985 		DPRINTF("Minimum bMaxPacketSize is large enough "
1986 		    "to hold the complete device descriptor or "
1987 		    "only one bMaxPacketSize choice\n");
1988 
1989 		/* get the full device descriptor */
1990 		err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
1991 
1992 		/* try one more time, if error */
1993 		if (err != 0)
1994 			err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
1995 		break;
1996 	}
1997 
1998 	if (err != 0) {
1999 		DPRINTFN(0, "getting device descriptor "
2000 		    "at addr %d failed, %s\n", udev->address,
2001 		    usbd_errstr(err));
2002 		return (err);
2003 	}
2004 
2005 	DPRINTF("adding unit addr=%d, rev=%02x, class=%d, "
2006 	    "subclass=%d, protocol=%d, maxpacket=%d, len=%d, speed=%d\n",
2007 	    udev->address, UGETW(udev->ddesc.bcdUSB),
2008 	    udev->ddesc.bDeviceClass,
2009 	    udev->ddesc.bDeviceSubClass,
2010 	    udev->ddesc.bDeviceProtocol,
2011 	    udev->ddesc.bMaxPacketSize,
2012 	    udev->ddesc.bLength,
2013 	    udev->speed);
2014 
2015 	return (err);
2016 }
2017 
2018 /*------------------------------------------------------------------------*
2019  *	usbd_req_re_enumerate
2020  *
2021  * NOTE: After this function returns the hardware is in the
2022  * unconfigured state! The application is responsible for setting a
2023  * new configuration.
2024  *
2025  * Returns:
2026  *    0: Success
2027  * Else: Failure
2028  *------------------------------------------------------------------------*/
2029 usb_error_t
2030 usbd_req_re_enumerate(struct usb_device *udev, struct mtx *mtx)
2031 {
2032 	struct usb_device *parent_hub;
2033 	usb_error_t err;
2034 	uint8_t old_addr;
2035 	uint8_t do_retry = 1;
2036 
2037 	if (udev->flags.usb_mode != USB_MODE_HOST) {
2038 		return (USB_ERR_INVAL);
2039 	}
2040 	old_addr = udev->address;
2041 	parent_hub = udev->parent_hub;
2042 	if (parent_hub == NULL) {
2043 		return (USB_ERR_INVAL);
2044 	}
2045 retry:
2046 #if USB_HAVE_TT_SUPPORT
2047 	/*
2048 	 * Try to reset the High Speed parent HUB of a LOW- or FULL-
2049 	 * speed device, if any.
2050 	 */
2051 	if (udev->parent_hs_hub != NULL &&
2052 	    udev->speed != USB_SPEED_HIGH) {
2053 		DPRINTF("Trying to reset parent High Speed TT.\n");
2054 		if (udev->parent_hs_hub == parent_hub &&
2055 		    (uhub_count_active_host_ports(parent_hub, USB_SPEED_LOW) +
2056 		     uhub_count_active_host_ports(parent_hub, USB_SPEED_FULL)) == 1) {
2057 			/* we can reset the whole TT */
2058 			err = usbd_req_reset_tt(parent_hub, NULL,
2059 			    udev->hs_port_no);
2060 		} else {
2061 			/* only reset a particular device and endpoint */
2062 			err = usbd_req_clear_tt_buffer(udev->parent_hs_hub, NULL,
2063 			    udev->hs_port_no, old_addr, UE_CONTROL, 0);
2064 		}
2065 		if (err) {
2066 			DPRINTF("Resetting parent High "
2067 			    "Speed TT failed (%s).\n",
2068 			    usbd_errstr(err));
2069 		}
2070 	}
2071 #endif
2072 	/* Try to warm reset first */
2073 	if (parent_hub->speed == USB_SPEED_SUPER)
2074 		usbd_req_warm_reset_port(parent_hub, mtx, udev->port_no);
2075 
2076 	/* Try to reset the parent HUB port. */
2077 	err = usbd_req_reset_port(parent_hub, mtx, udev->port_no);
2078 	if (err) {
2079 		DPRINTFN(0, "addr=%d, port reset failed, %s\n",
2080 		    old_addr, usbd_errstr(err));
2081 		goto done;
2082 	}
2083 
2084 	/*
2085 	 * After that the port has been reset our device should be at
2086 	 * address zero:
2087 	 */
2088 	udev->address = USB_START_ADDR;
2089 
2090 	/* reset "bMaxPacketSize" */
2091 	udev->ddesc.bMaxPacketSize = USB_MAX_IPACKET;
2092 
2093 	/* reset USB state */
2094 	usb_set_device_state(udev, USB_STATE_POWERED);
2095 
2096 	/*
2097 	 * Restore device address:
2098 	 */
2099 	err = usbd_req_set_address(udev, mtx, old_addr);
2100 	if (err) {
2101 		/* XXX ignore any errors! */
2102 		DPRINTFN(0, "addr=%d, set address failed! (%s, ignored)\n",
2103 		    old_addr, usbd_errstr(err));
2104 	}
2105 	/*
2106 	 * Restore device address, if the controller driver did not
2107 	 * set a new one:
2108 	 */
2109 	if (udev->address == USB_START_ADDR)
2110 		udev->address = old_addr;
2111 
2112 	/* setup the device descriptor and the initial "wMaxPacketSize" */
2113 	err = usbd_setup_device_desc(udev, mtx);
2114 
2115 done:
2116 	if (err && do_retry) {
2117 		/* give the USB firmware some time to load */
2118 		usb_pause_mtx(mtx, hz / 2);
2119 		/* no more retries after this retry */
2120 		do_retry = 0;
2121 		/* try again */
2122 		goto retry;
2123 	}
2124 	/* restore address */
2125 	if (udev->address == USB_START_ADDR)
2126 		udev->address = old_addr;
2127 	/* update state, if successful */
2128 	if (err == 0)
2129 		usb_set_device_state(udev, USB_STATE_ADDRESSED);
2130 	return (err);
2131 }
2132 
2133 /*------------------------------------------------------------------------*
2134  *	usbd_req_clear_device_feature
2135  *
2136  * Returns:
2137  *    0: Success
2138  * Else: Failure
2139  *------------------------------------------------------------------------*/
2140 usb_error_t
2141 usbd_req_clear_device_feature(struct usb_device *udev, struct mtx *mtx,
2142     uint16_t sel)
2143 {
2144 	struct usb_device_request req;
2145 
2146 	req.bmRequestType = UT_WRITE_DEVICE;
2147 	req.bRequest = UR_CLEAR_FEATURE;
2148 	USETW(req.wValue, sel);
2149 	USETW(req.wIndex, 0);
2150 	USETW(req.wLength, 0);
2151 	return (usbd_do_request(udev, mtx, &req, 0));
2152 }
2153 
2154 /*------------------------------------------------------------------------*
2155  *	usbd_req_set_device_feature
2156  *
2157  * Returns:
2158  *    0: Success
2159  * Else: Failure
2160  *------------------------------------------------------------------------*/
2161 usb_error_t
2162 usbd_req_set_device_feature(struct usb_device *udev, struct mtx *mtx,
2163     uint16_t sel)
2164 {
2165 	struct usb_device_request req;
2166 
2167 	req.bmRequestType = UT_WRITE_DEVICE;
2168 	req.bRequest = UR_SET_FEATURE;
2169 	USETW(req.wValue, sel);
2170 	USETW(req.wIndex, 0);
2171 	USETW(req.wLength, 0);
2172 	return (usbd_do_request(udev, mtx, &req, 0));
2173 }
2174 
2175 /*------------------------------------------------------------------------*
2176  *	usbd_req_reset_tt
2177  *
2178  * Returns:
2179  *    0: Success
2180  * Else: Failure
2181  *------------------------------------------------------------------------*/
2182 usb_error_t
2183 usbd_req_reset_tt(struct usb_device *udev, struct mtx *mtx,
2184     uint8_t port)
2185 {
2186 	struct usb_device_request req;
2187 
2188 	/* For single TT HUBs the port should be 1 */
2189 
2190 	if (udev->ddesc.bDeviceClass == UDCLASS_HUB &&
2191 	    udev->ddesc.bDeviceProtocol == UDPROTO_HSHUBSTT)
2192 		port = 1;
2193 
2194 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
2195 	req.bRequest = UR_RESET_TT;
2196 	USETW(req.wValue, 0);
2197 	req.wIndex[0] = port;
2198 	req.wIndex[1] = 0;
2199 	USETW(req.wLength, 0);
2200 	return (usbd_do_request(udev, mtx, &req, 0));
2201 }
2202 
2203 /*------------------------------------------------------------------------*
2204  *	usbd_req_clear_tt_buffer
2205  *
2206  * For single TT HUBs the port should be 1.
2207  *
2208  * Returns:
2209  *    0: Success
2210  * Else: Failure
2211  *------------------------------------------------------------------------*/
2212 usb_error_t
2213 usbd_req_clear_tt_buffer(struct usb_device *udev, struct mtx *mtx,
2214     uint8_t port, uint8_t addr, uint8_t type, uint8_t endpoint)
2215 {
2216 	struct usb_device_request req;
2217 	uint16_t wValue;
2218 
2219 	/* For single TT HUBs the port should be 1 */
2220 
2221 	if (udev->ddesc.bDeviceClass == UDCLASS_HUB &&
2222 	    udev->ddesc.bDeviceProtocol == UDPROTO_HSHUBSTT)
2223 		port = 1;
2224 
2225 	wValue = (endpoint & 0xF) | ((addr & 0x7F) << 4) |
2226 	    ((endpoint & 0x80) << 8) | ((type & 3) << 12);
2227 
2228 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
2229 	req.bRequest = UR_CLEAR_TT_BUFFER;
2230 	USETW(req.wValue, wValue);
2231 	req.wIndex[0] = port;
2232 	req.wIndex[1] = 0;
2233 	USETW(req.wLength, 0);
2234 	return (usbd_do_request(udev, mtx, &req, 0));
2235 }
2236 
2237 /*------------------------------------------------------------------------*
2238  *	usbd_req_set_port_link_state
2239  *
2240  * USB 3.0 specific request
2241  *
2242  * Returns:
2243  *    0: Success
2244  * Else: Failure
2245  *------------------------------------------------------------------------*/
2246 usb_error_t
2247 usbd_req_set_port_link_state(struct usb_device *udev, struct mtx *mtx,
2248     uint8_t port, uint8_t link_state)
2249 {
2250 	struct usb_device_request req;
2251 
2252 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
2253 	req.bRequest = UR_SET_FEATURE;
2254 	USETW(req.wValue, UHF_PORT_LINK_STATE);
2255 	req.wIndex[0] = port;
2256 	req.wIndex[1] = link_state;
2257 	USETW(req.wLength, 0);
2258 	return (usbd_do_request(udev, mtx, &req, 0));
2259 }
2260 
2261 /*------------------------------------------------------------------------*
2262  *		usbd_req_set_lpm_info
2263  *
2264  * USB 2.0 specific request for Link Power Management.
2265  *
2266  * Returns:
2267  * 0:				Success
2268  * USB_ERR_PENDING_REQUESTS:	NYET
2269  * USB_ERR_TIMEOUT:		TIMEOUT
2270  * USB_ERR_STALL:		STALL
2271  * Else:			Failure
2272  *------------------------------------------------------------------------*/
2273 usb_error_t
2274 usbd_req_set_lpm_info(struct usb_device *udev, struct mtx *mtx,
2275     uint8_t port, uint8_t besl, uint8_t addr, uint8_t rwe)
2276 {
2277 	struct usb_device_request req;
2278 	usb_error_t err;
2279 	uint8_t buf[1];
2280 
2281 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
2282 	req.bRequest = UR_SET_AND_TEST;
2283 	USETW(req.wValue, UHF_PORT_L1);
2284 	req.wIndex[0] = (port & 0xF) | ((besl & 0xF) << 4);
2285 	req.wIndex[1] = (addr & 0x7F) | (rwe ? 0x80 : 0x00);
2286 	USETW(req.wLength, sizeof(buf));
2287 
2288 	/* set default value in case of short transfer */
2289 	buf[0] = 0x00;
2290 
2291 	err = usbd_do_request(udev, mtx, &req, buf);
2292 	if (err)
2293 		return (err);
2294 
2295 	switch (buf[0]) {
2296 	case 0x00:	/* SUCCESS */
2297 		break;
2298 	case 0x10:	/* NYET */
2299 		err = USB_ERR_PENDING_REQUESTS;
2300 		break;
2301 	case 0x11:	/* TIMEOUT */
2302 		err = USB_ERR_TIMEOUT;
2303 		break;
2304 	case 0x30:	/* STALL */
2305 		err = USB_ERR_STALLED;
2306 		break;
2307 	default:	/* reserved */
2308 		err = USB_ERR_IOERROR;
2309 		break;
2310 	}
2311 	return (err);
2312 }
2313 
2314