xref: /freebsd/sys/dev/usb/usb_request.c (revision 70e0bbedef95258a4dadc996d641a9bebd3f107d)
1 /* $FreeBSD$ */
2 /*-
3  * Copyright (c) 1998 The NetBSD Foundation, Inc. All rights reserved.
4  * Copyright (c) 1998 Lennart Augustsson. All rights reserved.
5  * Copyright (c) 2008 Hans Petter Selasky. All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include <sys/stdint.h>
30 #include <sys/stddef.h>
31 #include <sys/param.h>
32 #include <sys/queue.h>
33 #include <sys/types.h>
34 #include <sys/systm.h>
35 #include <sys/kernel.h>
36 #include <sys/bus.h>
37 #include <sys/module.h>
38 #include <sys/lock.h>
39 #include <sys/mutex.h>
40 #include <sys/condvar.h>
41 #include <sys/sysctl.h>
42 #include <sys/sx.h>
43 #include <sys/unistd.h>
44 #include <sys/callout.h>
45 #include <sys/malloc.h>
46 #include <sys/priv.h>
47 
48 #include <dev/usb/usb.h>
49 #include <dev/usb/usbdi.h>
50 #include <dev/usb/usbdi_util.h>
51 #include <dev/usb/usb_ioctl.h>
52 #include <dev/usb/usbhid.h>
53 
54 #define	USB_DEBUG_VAR usb_debug
55 
56 #include <dev/usb/usb_core.h>
57 #include <dev/usb/usb_busdma.h>
58 #include <dev/usb/usb_request.h>
59 #include <dev/usb/usb_process.h>
60 #include <dev/usb/usb_transfer.h>
61 #include <dev/usb/usb_debug.h>
62 #include <dev/usb/usb_device.h>
63 #include <dev/usb/usb_util.h>
64 #include <dev/usb/usb_dynamic.h>
65 
66 #include <dev/usb/usb_controller.h>
67 #include <dev/usb/usb_bus.h>
68 #include <sys/ctype.h>
69 
70 static int usb_no_cs_fail;
71 
72 SYSCTL_INT(_hw_usb, OID_AUTO, no_cs_fail, CTLFLAG_RW,
73     &usb_no_cs_fail, 0, "USB clear stall failures are ignored, if set");
74 
75 #ifdef USB_DEBUG
76 static int usb_pr_poll_delay = USB_PORT_RESET_DELAY;
77 static int usb_pr_recovery_delay = USB_PORT_RESET_RECOVERY;
78 
79 SYSCTL_INT(_hw_usb, OID_AUTO, pr_poll_delay, CTLFLAG_RW,
80     &usb_pr_poll_delay, 0, "USB port reset poll delay in ms");
81 SYSCTL_INT(_hw_usb, OID_AUTO, pr_recovery_delay, CTLFLAG_RW,
82     &usb_pr_recovery_delay, 0, "USB port reset recovery delay in ms");
83 
84 #ifdef USB_REQ_DEBUG
85 /* The following structures are used in connection to fault injection. */
86 struct usb_ctrl_debug {
87 	int bus_index;		/* target bus */
88 	int dev_index;		/* target address */
89 	int ds_fail;		/* fail data stage */
90 	int ss_fail;		/* fail data stage */
91 	int ds_delay;		/* data stage delay in ms */
92 	int ss_delay;		/* status stage delay in ms */
93 	int bmRequestType_value;
94 	int bRequest_value;
95 };
96 
97 struct usb_ctrl_debug_bits {
98 	uint16_t ds_delay;
99 	uint16_t ss_delay;
100 	uint8_t ds_fail:1;
101 	uint8_t ss_fail:1;
102 	uint8_t enabled:1;
103 };
104 
105 /* The default is to disable fault injection. */
106 
107 static struct usb_ctrl_debug usb_ctrl_debug = {
108 	.bus_index = -1,
109 	.dev_index = -1,
110 	.bmRequestType_value = -1,
111 	.bRequest_value = -1,
112 };
113 
114 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_bus_fail, CTLFLAG_RW,
115     &usb_ctrl_debug.bus_index, 0, "USB controller index to fail");
116 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_dev_fail, CTLFLAG_RW,
117     &usb_ctrl_debug.dev_index, 0, "USB device address to fail");
118 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ds_fail, CTLFLAG_RW,
119     &usb_ctrl_debug.ds_fail, 0, "USB fail data stage");
120 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ss_fail, CTLFLAG_RW,
121     &usb_ctrl_debug.ss_fail, 0, "USB fail status stage");
122 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ds_delay, CTLFLAG_RW,
123     &usb_ctrl_debug.ds_delay, 0, "USB data stage delay in ms");
124 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_ss_delay, CTLFLAG_RW,
125     &usb_ctrl_debug.ss_delay, 0, "USB status stage delay in ms");
126 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_rt_fail, CTLFLAG_RW,
127     &usb_ctrl_debug.bmRequestType_value, 0, "USB bmRequestType to fail");
128 SYSCTL_INT(_hw_usb, OID_AUTO, ctrl_rv_fail, CTLFLAG_RW,
129     &usb_ctrl_debug.bRequest_value, 0, "USB bRequest to fail");
130 
131 /*------------------------------------------------------------------------*
132  *	usbd_get_debug_bits
133  *
134  * This function is only useful in USB host mode.
135  *------------------------------------------------------------------------*/
136 static void
137 usbd_get_debug_bits(struct usb_device *udev, struct usb_device_request *req,
138     struct usb_ctrl_debug_bits *dbg)
139 {
140 	int temp;
141 
142 	memset(dbg, 0, sizeof(*dbg));
143 
144 	/* Compute data stage delay */
145 
146 	temp = usb_ctrl_debug.ds_delay;
147 	if (temp < 0)
148 		temp = 0;
149 	else if (temp > (16*1024))
150 		temp = (16*1024);
151 
152 	dbg->ds_delay = temp;
153 
154 	/* Compute status stage delay */
155 
156 	temp = usb_ctrl_debug.ss_delay;
157 	if (temp < 0)
158 		temp = 0;
159 	else if (temp > (16*1024))
160 		temp = (16*1024);
161 
162 	dbg->ss_delay = temp;
163 
164 	/* Check if this control request should be failed */
165 
166 	if (usbd_get_bus_index(udev) != usb_ctrl_debug.bus_index)
167 		return;
168 
169 	if (usbd_get_device_index(udev) != usb_ctrl_debug.dev_index)
170 		return;
171 
172 	temp = usb_ctrl_debug.bmRequestType_value;
173 
174 	if ((temp != req->bmRequestType) && (temp >= 0) && (temp <= 255))
175 		return;
176 
177 	temp = usb_ctrl_debug.bRequest_value;
178 
179 	if ((temp != req->bRequest) && (temp >= 0) && (temp <= 255))
180 		return;
181 
182 	temp = usb_ctrl_debug.ds_fail;
183 	if (temp)
184 		dbg->ds_fail = 1;
185 
186 	temp = usb_ctrl_debug.ss_fail;
187 	if (temp)
188 		dbg->ss_fail = 1;
189 
190 	dbg->enabled = 1;
191 }
192 #endif	/* USB_REQ_DEBUG */
193 #endif	/* USB_DEBUG */
194 
195 /*------------------------------------------------------------------------*
196  *	usbd_do_request_callback
197  *
198  * This function is the USB callback for generic USB Host control
199  * transfers.
200  *------------------------------------------------------------------------*/
201 void
202 usbd_do_request_callback(struct usb_xfer *xfer, usb_error_t error)
203 {
204 	;				/* workaround for a bug in "indent" */
205 
206 	DPRINTF("st=%u\n", USB_GET_STATE(xfer));
207 
208 	switch (USB_GET_STATE(xfer)) {
209 	case USB_ST_SETUP:
210 		usbd_transfer_submit(xfer);
211 		break;
212 	default:
213 		cv_signal(&xfer->xroot->udev->ctrlreq_cv);
214 		break;
215 	}
216 }
217 
218 /*------------------------------------------------------------------------*
219  *	usb_do_clear_stall_callback
220  *
221  * This function is the USB callback for generic clear stall requests.
222  *------------------------------------------------------------------------*/
223 void
224 usb_do_clear_stall_callback(struct usb_xfer *xfer, usb_error_t error)
225 {
226 	struct usb_device_request req;
227 	struct usb_device *udev;
228 	struct usb_endpoint *ep;
229 	struct usb_endpoint *ep_end;
230 	struct usb_endpoint *ep_first;
231 	uint8_t to;
232 
233 	udev = xfer->xroot->udev;
234 
235 	USB_BUS_LOCK(udev->bus);
236 
237 	/* round robin endpoint clear stall */
238 
239 	ep = udev->ep_curr;
240 	ep_end = udev->endpoints + udev->endpoints_max;
241 	ep_first = udev->endpoints;
242 	to = udev->endpoints_max;
243 
244 	switch (USB_GET_STATE(xfer)) {
245 	case USB_ST_TRANSFERRED:
246 tr_transferred:
247 		/* reset error counter */
248 		udev->clear_stall_errors = 0;
249 
250 		if (ep == NULL)
251 			goto tr_setup;		/* device was unconfigured */
252 		if (ep->edesc &&
253 		    ep->is_stalled) {
254 			ep->toggle_next = 0;
255 			ep->is_stalled = 0;
256 			/* some hardware needs a callback to clear the data toggle */
257 			usbd_clear_stall_locked(udev, ep);
258 			/* start up the current or next transfer, if any */
259 			usb_command_wrapper(&ep->endpoint_q,
260 			    ep->endpoint_q.curr);
261 		}
262 		ep++;
263 
264 	case USB_ST_SETUP:
265 tr_setup:
266 		if (to == 0)
267 			break;			/* no endpoints - nothing to do */
268 		if ((ep < ep_first) || (ep >= ep_end))
269 			ep = ep_first;	/* endpoint wrapped around */
270 		if (ep->edesc &&
271 		    ep->is_stalled) {
272 
273 			/* setup a clear-stall packet */
274 
275 			req.bmRequestType = UT_WRITE_ENDPOINT;
276 			req.bRequest = UR_CLEAR_FEATURE;
277 			USETW(req.wValue, UF_ENDPOINT_HALT);
278 			req.wIndex[0] = ep->edesc->bEndpointAddress;
279 			req.wIndex[1] = 0;
280 			USETW(req.wLength, 0);
281 
282 			/* copy in the transfer */
283 
284 			usbd_copy_in(xfer->frbuffers, 0, &req, sizeof(req));
285 
286 			/* set length */
287 			usbd_xfer_set_frame_len(xfer, 0, sizeof(req));
288 			xfer->nframes = 1;
289 			USB_BUS_UNLOCK(udev->bus);
290 
291 			usbd_transfer_submit(xfer);
292 
293 			USB_BUS_LOCK(udev->bus);
294 			break;
295 		}
296 		ep++;
297 		to--;
298 		goto tr_setup;
299 
300 	default:
301 		if (error == USB_ERR_CANCELLED)
302 			break;
303 
304 		DPRINTF("Clear stall failed.\n");
305 
306 		/*
307 		 * Some VMs like VirtualBox always return failure on
308 		 * clear-stall which we sometimes should just ignore.
309 		 */
310 		if (usb_no_cs_fail)
311 			goto tr_transferred;
312 		if (udev->clear_stall_errors == USB_CS_RESET_LIMIT)
313 			goto tr_setup;
314 
315 		if (error == USB_ERR_TIMEOUT) {
316 			udev->clear_stall_errors = USB_CS_RESET_LIMIT;
317 			DPRINTF("Trying to re-enumerate.\n");
318 			usbd_start_re_enumerate(udev);
319 		} else {
320 			udev->clear_stall_errors++;
321 			if (udev->clear_stall_errors == USB_CS_RESET_LIMIT) {
322 				DPRINTF("Trying to re-enumerate.\n");
323 				usbd_start_re_enumerate(udev);
324 			}
325 		}
326 		goto tr_setup;
327 	}
328 
329 	/* store current endpoint */
330 	udev->ep_curr = ep;
331 	USB_BUS_UNLOCK(udev->bus);
332 }
333 
334 static usb_handle_req_t *
335 usbd_get_hr_func(struct usb_device *udev)
336 {
337 	/* figure out if there is a Handle Request function */
338 	if (udev->flags.usb_mode == USB_MODE_DEVICE)
339 		return (usb_temp_get_desc_p);
340 	else if (udev->parent_hub == NULL)
341 		return (udev->bus->methods->roothub_exec);
342 	else
343 		return (NULL);
344 }
345 
346 /*------------------------------------------------------------------------*
347  *	usbd_do_request_flags and usbd_do_request
348  *
349  * Description of arguments passed to these functions:
350  *
351  * "udev" - this is the "usb_device" structure pointer on which the
352  * request should be performed. It is possible to call this function
353  * in both Host Side mode and Device Side mode.
354  *
355  * "mtx" - if this argument is non-NULL the mutex pointed to by it
356  * will get dropped and picked up during the execution of this
357  * function, hence this function sometimes needs to sleep. If this
358  * argument is NULL it has no effect.
359  *
360  * "req" - this argument must always be non-NULL and points to an
361  * 8-byte structure holding the USB request to be done. The USB
362  * request structure has a bit telling the direction of the USB
363  * request, if it is a read or a write.
364  *
365  * "data" - if the "wLength" part of the structure pointed to by "req"
366  * is non-zero this argument must point to a valid kernel buffer which
367  * can hold at least "wLength" bytes. If "wLength" is zero "data" can
368  * be NULL.
369  *
370  * "flags" - here is a list of valid flags:
371  *
372  *  o USB_SHORT_XFER_OK: allows the data transfer to be shorter than
373  *  specified
374  *
375  *  o USB_DELAY_STATUS_STAGE: allows the status stage to be performed
376  *  at a later point in time. This is tunable by the "hw.usb.ss_delay"
377  *  sysctl. This flag is mostly useful for debugging.
378  *
379  *  o USB_USER_DATA_PTR: treat the "data" pointer like a userland
380  *  pointer.
381  *
382  * "actlen" - if non-NULL the actual transfer length will be stored in
383  * the 16-bit unsigned integer pointed to by "actlen". This
384  * information is mostly useful when the "USB_SHORT_XFER_OK" flag is
385  * used.
386  *
387  * "timeout" - gives the timeout for the control transfer in
388  * milliseconds. A "timeout" value less than 50 milliseconds is
389  * treated like a 50 millisecond timeout. A "timeout" value greater
390  * than 30 seconds is treated like a 30 second timeout. This USB stack
391  * does not allow control requests without a timeout.
392  *
393  * NOTE: This function is thread safe. All calls to
394  * "usbd_do_request_flags" will be serialised by the use of an
395  * internal "sx_lock".
396  *
397  * Returns:
398  *    0: Success
399  * Else: Failure
400  *------------------------------------------------------------------------*/
401 usb_error_t
402 usbd_do_request_flags(struct usb_device *udev, struct mtx *mtx,
403     struct usb_device_request *req, void *data, uint16_t flags,
404     uint16_t *actlen, usb_timeout_t timeout)
405 {
406 #ifdef USB_REQ_DEBUG
407 	struct usb_ctrl_debug_bits dbg;
408 #endif
409 	usb_handle_req_t *hr_func;
410 	struct usb_xfer *xfer;
411 	const void *desc;
412 	int err = 0;
413 	usb_ticks_t start_ticks;
414 	usb_ticks_t delta_ticks;
415 	usb_ticks_t max_ticks;
416 	uint16_t length;
417 	uint16_t temp;
418 	uint16_t acttemp;
419 	uint8_t enum_locked;
420 
421 	if (timeout < 50) {
422 		/* timeout is too small */
423 		timeout = 50;
424 	}
425 	if (timeout > 30000) {
426 		/* timeout is too big */
427 		timeout = 30000;
428 	}
429 	length = UGETW(req->wLength);
430 
431 	enum_locked = usbd_enum_is_locked(udev);
432 
433 	DPRINTFN(5, "udev=%p bmRequestType=0x%02x bRequest=0x%02x "
434 	    "wValue=0x%02x%02x wIndex=0x%02x%02x wLength=0x%02x%02x\n",
435 	    udev, req->bmRequestType, req->bRequest,
436 	    req->wValue[1], req->wValue[0],
437 	    req->wIndex[1], req->wIndex[0],
438 	    req->wLength[1], req->wLength[0]);
439 
440 	/* Check if the device is still alive */
441 	if (udev->state < USB_STATE_POWERED) {
442 		DPRINTF("usb device has gone\n");
443 		return (USB_ERR_NOT_CONFIGURED);
444 	}
445 
446 	/*
447 	 * Set "actlen" to a known value in case the caller does not
448 	 * check the return value:
449 	 */
450 	if (actlen)
451 		*actlen = 0;
452 
453 #if (USB_HAVE_USER_IO == 0)
454 	if (flags & USB_USER_DATA_PTR)
455 		return (USB_ERR_INVAL);
456 #endif
457 	if ((mtx != NULL) && (mtx != &Giant)) {
458 		mtx_unlock(mtx);
459 		mtx_assert(mtx, MA_NOTOWNED);
460 	}
461 
462 	/*
463 	 * We need to allow suspend and resume at this point, else the
464 	 * control transfer will timeout if the device is suspended!
465 	 */
466 	if (enum_locked)
467 		usbd_sr_unlock(udev);
468 
469 	/*
470 	 * Grab the default sx-lock so that serialisation
471 	 * is achieved when multiple threads are involved:
472 	 */
473 	sx_xlock(&udev->ctrl_sx);
474 
475 	hr_func = usbd_get_hr_func(udev);
476 
477 	if (hr_func != NULL) {
478 		DPRINTF("Handle Request function is set\n");
479 
480 		desc = NULL;
481 		temp = 0;
482 
483 		if (!(req->bmRequestType & UT_READ)) {
484 			if (length != 0) {
485 				DPRINTFN(1, "The handle request function "
486 				    "does not support writing data!\n");
487 				err = USB_ERR_INVAL;
488 				goto done;
489 			}
490 		}
491 
492 		/* The root HUB code needs the BUS lock locked */
493 
494 		USB_BUS_LOCK(udev->bus);
495 		err = (hr_func) (udev, req, &desc, &temp);
496 		USB_BUS_UNLOCK(udev->bus);
497 
498 		if (err)
499 			goto done;
500 
501 		if (length > temp) {
502 			if (!(flags & USB_SHORT_XFER_OK)) {
503 				err = USB_ERR_SHORT_XFER;
504 				goto done;
505 			}
506 			length = temp;
507 		}
508 		if (actlen)
509 			*actlen = length;
510 
511 		if (length > 0) {
512 #if USB_HAVE_USER_IO
513 			if (flags & USB_USER_DATA_PTR) {
514 				if (copyout(desc, data, length)) {
515 					err = USB_ERR_INVAL;
516 					goto done;
517 				}
518 			} else
519 #endif
520 				memcpy(data, desc, length);
521 		}
522 		goto done;		/* success */
523 	}
524 
525 	/*
526 	 * Setup a new USB transfer or use the existing one, if any:
527 	 */
528 	usbd_ctrl_transfer_setup(udev);
529 
530 	xfer = udev->ctrl_xfer[0];
531 	if (xfer == NULL) {
532 		/* most likely out of memory */
533 		err = USB_ERR_NOMEM;
534 		goto done;
535 	}
536 
537 #ifdef USB_REQ_DEBUG
538 	/* Get debug bits */
539 	usbd_get_debug_bits(udev, req, &dbg);
540 
541 	/* Check for fault injection */
542 	if (dbg.enabled)
543 		flags |= USB_DELAY_STATUS_STAGE;
544 #endif
545 	USB_XFER_LOCK(xfer);
546 
547 	if (flags & USB_DELAY_STATUS_STAGE)
548 		xfer->flags.manual_status = 1;
549 	else
550 		xfer->flags.manual_status = 0;
551 
552 	if (flags & USB_SHORT_XFER_OK)
553 		xfer->flags.short_xfer_ok = 1;
554 	else
555 		xfer->flags.short_xfer_ok = 0;
556 
557 	xfer->timeout = timeout;
558 
559 	start_ticks = ticks;
560 
561 	max_ticks = USB_MS_TO_TICKS(timeout);
562 
563 	usbd_copy_in(xfer->frbuffers, 0, req, sizeof(*req));
564 
565 	usbd_xfer_set_frame_len(xfer, 0, sizeof(*req));
566 
567 	while (1) {
568 		temp = length;
569 		if (temp > usbd_xfer_max_len(xfer)) {
570 			temp = usbd_xfer_max_len(xfer);
571 		}
572 #ifdef USB_REQ_DEBUG
573 		if (xfer->flags.manual_status) {
574 			if (usbd_xfer_frame_len(xfer, 0) != 0) {
575 				/* Execute data stage separately */
576 				temp = 0;
577 			} else if (temp > 0) {
578 				if (dbg.ds_fail) {
579 					err = USB_ERR_INVAL;
580 					break;
581 				}
582 				if (dbg.ds_delay > 0) {
583 					usb_pause_mtx(
584 					    xfer->xroot->xfer_mtx,
585 				            USB_MS_TO_TICKS(dbg.ds_delay));
586 					/* make sure we don't time out */
587 					start_ticks = ticks;
588 				}
589 			}
590 		}
591 #endif
592 		usbd_xfer_set_frame_len(xfer, 1, temp);
593 
594 		if (temp > 0) {
595 			if (!(req->bmRequestType & UT_READ)) {
596 #if USB_HAVE_USER_IO
597 				if (flags & USB_USER_DATA_PTR) {
598 					USB_XFER_UNLOCK(xfer);
599 					err = usbd_copy_in_user(xfer->frbuffers + 1,
600 					    0, data, temp);
601 					USB_XFER_LOCK(xfer);
602 					if (err) {
603 						err = USB_ERR_INVAL;
604 						break;
605 					}
606 				} else
607 #endif
608 					usbd_copy_in(xfer->frbuffers + 1,
609 					    0, data, temp);
610 			}
611 			usbd_xfer_set_frames(xfer, 2);
612 		} else {
613 			if (usbd_xfer_frame_len(xfer, 0) == 0) {
614 				if (xfer->flags.manual_status) {
615 #ifdef USB_REQ_DEBUG
616 					if (dbg.ss_fail) {
617 						err = USB_ERR_INVAL;
618 						break;
619 					}
620 					if (dbg.ss_delay > 0) {
621 						usb_pause_mtx(
622 						    xfer->xroot->xfer_mtx,
623 						    USB_MS_TO_TICKS(dbg.ss_delay));
624 						/* make sure we don't time out */
625 						start_ticks = ticks;
626 					}
627 #endif
628 					xfer->flags.manual_status = 0;
629 				} else {
630 					break;
631 				}
632 			}
633 			usbd_xfer_set_frames(xfer, 1);
634 		}
635 
636 		usbd_transfer_start(xfer);
637 
638 		while (usbd_transfer_pending(xfer)) {
639 			cv_wait(&udev->ctrlreq_cv,
640 			    xfer->xroot->xfer_mtx);
641 		}
642 
643 		err = xfer->error;
644 
645 		if (err) {
646 			break;
647 		}
648 
649 		/* get actual length of DATA stage */
650 
651 		if (xfer->aframes < 2) {
652 			acttemp = 0;
653 		} else {
654 			acttemp = usbd_xfer_frame_len(xfer, 1);
655 		}
656 
657 		/* check for short packet */
658 
659 		if (temp > acttemp) {
660 			temp = acttemp;
661 			length = temp;
662 		}
663 		if (temp > 0) {
664 			if (req->bmRequestType & UT_READ) {
665 #if USB_HAVE_USER_IO
666 				if (flags & USB_USER_DATA_PTR) {
667 					USB_XFER_UNLOCK(xfer);
668 					err = usbd_copy_out_user(xfer->frbuffers + 1,
669 					    0, data, temp);
670 					USB_XFER_LOCK(xfer);
671 					if (err) {
672 						err = USB_ERR_INVAL;
673 						break;
674 					}
675 				} else
676 #endif
677 					usbd_copy_out(xfer->frbuffers + 1,
678 					    0, data, temp);
679 			}
680 		}
681 		/*
682 		 * Clear "frlengths[0]" so that we don't send the setup
683 		 * packet again:
684 		 */
685 		usbd_xfer_set_frame_len(xfer, 0, 0);
686 
687 		/* update length and data pointer */
688 		length -= temp;
689 		data = USB_ADD_BYTES(data, temp);
690 
691 		if (actlen) {
692 			(*actlen) += temp;
693 		}
694 		/* check for timeout */
695 
696 		delta_ticks = ticks - start_ticks;
697 		if (delta_ticks > max_ticks) {
698 			if (!err) {
699 				err = USB_ERR_TIMEOUT;
700 			}
701 		}
702 		if (err) {
703 			break;
704 		}
705 	}
706 
707 	if (err) {
708 		/*
709 		 * Make sure that the control endpoint is no longer
710 		 * blocked in case of a non-transfer related error:
711 		 */
712 		usbd_transfer_stop(xfer);
713 	}
714 	USB_XFER_UNLOCK(xfer);
715 
716 done:
717 	sx_xunlock(&udev->ctrl_sx);
718 
719 	if (enum_locked)
720 		usbd_sr_lock(udev);
721 
722 	if ((mtx != NULL) && (mtx != &Giant))
723 		mtx_lock(mtx);
724 
725 	return ((usb_error_t)err);
726 }
727 
728 /*------------------------------------------------------------------------*
729  *	usbd_do_request_proc - factored out code
730  *
731  * This function is factored out code. It does basically the same like
732  * usbd_do_request_flags, except it will check the status of the
733  * passed process argument before doing the USB request. If the
734  * process is draining the USB_ERR_IOERROR code will be returned. It
735  * is assumed that the mutex associated with the process is locked
736  * when calling this function.
737  *------------------------------------------------------------------------*/
738 usb_error_t
739 usbd_do_request_proc(struct usb_device *udev, struct usb_process *pproc,
740     struct usb_device_request *req, void *data, uint16_t flags,
741     uint16_t *actlen, usb_timeout_t timeout)
742 {
743 	usb_error_t err;
744 	uint16_t len;
745 
746 	/* get request data length */
747 	len = UGETW(req->wLength);
748 
749 	/* check if the device is being detached */
750 	if (usb_proc_is_gone(pproc)) {
751 		err = USB_ERR_IOERROR;
752 		goto done;
753 	}
754 
755 	/* forward the USB request */
756 	err = usbd_do_request_flags(udev, pproc->up_mtx,
757 	    req, data, flags, actlen, timeout);
758 
759 done:
760 	/* on failure we zero the data */
761 	/* on short packet we zero the unused data */
762 	if ((len != 0) && (req->bmRequestType & UE_DIR_IN)) {
763 		if (err)
764 			memset(data, 0, len);
765 		else if (actlen && *actlen != len)
766 			memset(((uint8_t *)data) + *actlen, 0, len - *actlen);
767 	}
768 	return (err);
769 }
770 
771 /*------------------------------------------------------------------------*
772  *	usbd_req_reset_port
773  *
774  * This function will instruct a USB HUB to perform a reset sequence
775  * on the specified port number.
776  *
777  * Returns:
778  *    0: Success. The USB device should now be at address zero.
779  * Else: Failure. No USB device is present and the USB port should be
780  *       disabled.
781  *------------------------------------------------------------------------*/
782 usb_error_t
783 usbd_req_reset_port(struct usb_device *udev, struct mtx *mtx, uint8_t port)
784 {
785 	struct usb_port_status ps;
786 	usb_error_t err;
787 	uint16_t n;
788 
789 #ifdef USB_DEBUG
790 	uint16_t pr_poll_delay;
791 	uint16_t pr_recovery_delay;
792 
793 #endif
794 	/* clear any leftover port reset changes first */
795 	usbd_req_clear_port_feature(
796 	    udev, mtx, port, UHF_C_PORT_RESET);
797 
798 	/* assert port reset on the given port */
799 	err = usbd_req_set_port_feature(
800 	    udev, mtx, port, UHF_PORT_RESET);
801 
802 	/* check for errors */
803 	if (err)
804 		goto done;
805 #ifdef USB_DEBUG
806 	/* range check input parameters */
807 	pr_poll_delay = usb_pr_poll_delay;
808 	if (pr_poll_delay < 1) {
809 		pr_poll_delay = 1;
810 	} else if (pr_poll_delay > 1000) {
811 		pr_poll_delay = 1000;
812 	}
813 	pr_recovery_delay = usb_pr_recovery_delay;
814 	if (pr_recovery_delay > 1000) {
815 		pr_recovery_delay = 1000;
816 	}
817 #endif
818 	n = 0;
819 	while (1) {
820 		uint16_t status;
821 		uint16_t change;
822 
823 #ifdef USB_DEBUG
824 		/* wait for the device to recover from reset */
825 		usb_pause_mtx(mtx, USB_MS_TO_TICKS(pr_poll_delay));
826 		n += pr_poll_delay;
827 #else
828 		/* wait for the device to recover from reset */
829 		usb_pause_mtx(mtx, USB_MS_TO_TICKS(USB_PORT_RESET_DELAY));
830 		n += USB_PORT_RESET_DELAY;
831 #endif
832 		err = usbd_req_get_port_status(udev, mtx, &ps, port);
833 		if (err) {
834 			goto done;
835 		}
836 		status = UGETW(ps.wPortStatus);
837 		change = UGETW(ps.wPortChange);
838 
839 		/* if the device disappeared, just give up */
840 		if (!(status & UPS_CURRENT_CONNECT_STATUS))
841 			goto done;
842 
843 		/* check if reset is complete */
844 		if (change & UPS_C_PORT_RESET)
845 			break;
846 
847 		/*
848 		 * Some Virtual Machines like VirtualBox 4.x fail to
849 		 * generate a port reset change event. Check if reset
850 		 * is no longer asserted.
851 		 */
852 		if (!(status & UPS_RESET))
853 			break;
854 
855 		/* check for timeout */
856 		if (n > 1000) {
857 			n = 0;
858 			break;
859 		}
860 	}
861 
862 	/* clear port reset first */
863 	err = usbd_req_clear_port_feature(
864 	    udev, mtx, port, UHF_C_PORT_RESET);
865 	if (err) {
866 		goto done;
867 	}
868 	/* check for timeout */
869 	if (n == 0) {
870 		err = USB_ERR_TIMEOUT;
871 		goto done;
872 	}
873 #ifdef USB_DEBUG
874 	/* wait for the device to recover from reset */
875 	usb_pause_mtx(mtx, USB_MS_TO_TICKS(pr_recovery_delay));
876 #else
877 	/* wait for the device to recover from reset */
878 	usb_pause_mtx(mtx, USB_MS_TO_TICKS(USB_PORT_RESET_RECOVERY));
879 #endif
880 
881 done:
882 	DPRINTFN(2, "port %d reset returning error=%s\n",
883 	    port, usbd_errstr(err));
884 	return (err);
885 }
886 
887 /*------------------------------------------------------------------------*
888  *	usbd_req_warm_reset_port
889  *
890  * This function will instruct an USB HUB to perform a warm reset
891  * sequence on the specified port number. This kind of reset is not
892  * mandatory for LOW-, FULL- and HIGH-speed USB HUBs and is targeted
893  * for SUPER-speed USB HUBs.
894  *
895  * Returns:
896  *    0: Success. The USB device should now be available again.
897  * Else: Failure. No USB device is present and the USB port should be
898  *       disabled.
899  *------------------------------------------------------------------------*/
900 usb_error_t
901 usbd_req_warm_reset_port(struct usb_device *udev, struct mtx *mtx, uint8_t port)
902 {
903 	struct usb_port_status ps;
904 	usb_error_t err;
905 	uint16_t n;
906 
907 #ifdef USB_DEBUG
908 	uint16_t pr_poll_delay;
909 	uint16_t pr_recovery_delay;
910 
911 #endif
912 	err = usbd_req_set_port_feature(udev, mtx, port, UHF_BH_PORT_RESET);
913 	if (err) {
914 		goto done;
915 	}
916 #ifdef USB_DEBUG
917 	/* range check input parameters */
918 	pr_poll_delay = usb_pr_poll_delay;
919 	if (pr_poll_delay < 1) {
920 		pr_poll_delay = 1;
921 	} else if (pr_poll_delay > 1000) {
922 		pr_poll_delay = 1000;
923 	}
924 	pr_recovery_delay = usb_pr_recovery_delay;
925 	if (pr_recovery_delay > 1000) {
926 		pr_recovery_delay = 1000;
927 	}
928 #endif
929 	n = 0;
930 	while (1) {
931 #ifdef USB_DEBUG
932 		/* wait for the device to recover from reset */
933 		usb_pause_mtx(mtx, USB_MS_TO_TICKS(pr_poll_delay));
934 		n += pr_poll_delay;
935 #else
936 		/* wait for the device to recover from reset */
937 		usb_pause_mtx(mtx, USB_MS_TO_TICKS(USB_PORT_RESET_DELAY));
938 		n += USB_PORT_RESET_DELAY;
939 #endif
940 		err = usbd_req_get_port_status(udev, mtx, &ps, port);
941 		if (err) {
942 			goto done;
943 		}
944 		/* if the device disappeared, just give up */
945 		if (!(UGETW(ps.wPortStatus) & UPS_CURRENT_CONNECT_STATUS)) {
946 			goto done;
947 		}
948 		/* check if reset is complete */
949 		if (UGETW(ps.wPortChange) & UPS_C_BH_PORT_RESET) {
950 			break;
951 		}
952 		/* check for timeout */
953 		if (n > 1000) {
954 			n = 0;
955 			break;
956 		}
957 	}
958 
959 	/* clear port reset first */
960 	err = usbd_req_clear_port_feature(
961 	    udev, mtx, port, UHF_C_BH_PORT_RESET);
962 	if (err) {
963 		goto done;
964 	}
965 	/* check for timeout */
966 	if (n == 0) {
967 		err = USB_ERR_TIMEOUT;
968 		goto done;
969 	}
970 #ifdef USB_DEBUG
971 	/* wait for the device to recover from reset */
972 	usb_pause_mtx(mtx, USB_MS_TO_TICKS(pr_recovery_delay));
973 #else
974 	/* wait for the device to recover from reset */
975 	usb_pause_mtx(mtx, USB_MS_TO_TICKS(USB_PORT_RESET_RECOVERY));
976 #endif
977 
978 done:
979 	DPRINTFN(2, "port %d warm reset returning error=%s\n",
980 	    port, usbd_errstr(err));
981 	return (err);
982 }
983 
984 /*------------------------------------------------------------------------*
985  *	usbd_req_get_desc
986  *
987  * This function can be used to retrieve USB descriptors. It contains
988  * some additional logic like zeroing of missing descriptor bytes and
989  * retrying an USB descriptor in case of failure. The "min_len"
990  * argument specifies the minimum descriptor length. The "max_len"
991  * argument specifies the maximum descriptor length. If the real
992  * descriptor length is less than the minimum length the missing
993  * byte(s) will be zeroed. The type field, the second byte of the USB
994  * descriptor, will get forced to the correct type. If the "actlen"
995  * pointer is non-NULL, the actual length of the transfer will get
996  * stored in the 16-bit unsigned integer which it is pointing to. The
997  * first byte of the descriptor will not get updated. If the "actlen"
998  * pointer is NULL the first byte of the descriptor will get updated
999  * to reflect the actual length instead. If "min_len" is not equal to
1000  * "max_len" then this function will try to retrive the beginning of
1001  * the descriptor and base the maximum length on the first byte of the
1002  * descriptor.
1003  *
1004  * Returns:
1005  *    0: Success
1006  * Else: Failure
1007  *------------------------------------------------------------------------*/
1008 usb_error_t
1009 usbd_req_get_desc(struct usb_device *udev,
1010     struct mtx *mtx, uint16_t *actlen, void *desc,
1011     uint16_t min_len, uint16_t max_len,
1012     uint16_t id, uint8_t type, uint8_t index,
1013     uint8_t retries)
1014 {
1015 	struct usb_device_request req;
1016 	uint8_t *buf;
1017 	usb_error_t err;
1018 
1019 	DPRINTFN(4, "id=%d, type=%d, index=%d, max_len=%d\n",
1020 	    id, type, index, max_len);
1021 
1022 	req.bmRequestType = UT_READ_DEVICE;
1023 	req.bRequest = UR_GET_DESCRIPTOR;
1024 	USETW2(req.wValue, type, index);
1025 	USETW(req.wIndex, id);
1026 
1027 	while (1) {
1028 
1029 		if ((min_len < 2) || (max_len < 2)) {
1030 			err = USB_ERR_INVAL;
1031 			goto done;
1032 		}
1033 		USETW(req.wLength, min_len);
1034 
1035 		err = usbd_do_request_flags(udev, mtx, &req,
1036 		    desc, 0, NULL, 1000);
1037 
1038 		if (err) {
1039 			if (!retries) {
1040 				goto done;
1041 			}
1042 			retries--;
1043 
1044 			usb_pause_mtx(mtx, hz / 5);
1045 
1046 			continue;
1047 		}
1048 		buf = desc;
1049 
1050 		if (min_len == max_len) {
1051 
1052 			/* enforce correct length */
1053 			if ((buf[0] > min_len) && (actlen == NULL))
1054 				buf[0] = min_len;
1055 
1056 			/* enforce correct type */
1057 			buf[1] = type;
1058 
1059 			goto done;
1060 		}
1061 		/* range check */
1062 
1063 		if (max_len > buf[0]) {
1064 			max_len = buf[0];
1065 		}
1066 		/* zero minimum data */
1067 
1068 		while (min_len > max_len) {
1069 			min_len--;
1070 			buf[min_len] = 0;
1071 		}
1072 
1073 		/* set new minimum length */
1074 
1075 		min_len = max_len;
1076 	}
1077 done:
1078 	if (actlen != NULL) {
1079 		if (err)
1080 			*actlen = 0;
1081 		else
1082 			*actlen = min_len;
1083 	}
1084 	return (err);
1085 }
1086 
1087 /*------------------------------------------------------------------------*
1088  *	usbd_req_get_string_any
1089  *
1090  * This function will return the string given by "string_index"
1091  * using the first language ID. The maximum length "len" includes
1092  * the terminating zero. The "len" argument should be twice as
1093  * big pluss 2 bytes, compared with the actual maximum string length !
1094  *
1095  * Returns:
1096  *    0: Success
1097  * Else: Failure
1098  *------------------------------------------------------------------------*/
1099 usb_error_t
1100 usbd_req_get_string_any(struct usb_device *udev, struct mtx *mtx, char *buf,
1101     uint16_t len, uint8_t string_index)
1102 {
1103 	char *s;
1104 	uint8_t *temp;
1105 	uint16_t i;
1106 	uint16_t n;
1107 	uint16_t c;
1108 	uint8_t swap;
1109 	usb_error_t err;
1110 
1111 	if (len == 0) {
1112 		/* should not happen */
1113 		return (USB_ERR_NORMAL_COMPLETION);
1114 	}
1115 	if (string_index == 0) {
1116 		/* this is the language table */
1117 		buf[0] = 0;
1118 		return (USB_ERR_INVAL);
1119 	}
1120 	if (udev->flags.no_strings) {
1121 		buf[0] = 0;
1122 		return (USB_ERR_STALLED);
1123 	}
1124 	err = usbd_req_get_string_desc
1125 	    (udev, mtx, buf, len, udev->langid, string_index);
1126 	if (err) {
1127 		buf[0] = 0;
1128 		return (err);
1129 	}
1130 	temp = (uint8_t *)buf;
1131 
1132 	if (temp[0] < 2) {
1133 		/* string length is too short */
1134 		buf[0] = 0;
1135 		return (USB_ERR_INVAL);
1136 	}
1137 	/* reserve one byte for terminating zero */
1138 	len--;
1139 
1140 	/* find maximum length */
1141 	s = buf;
1142 	n = (temp[0] / 2) - 1;
1143 	if (n > len) {
1144 		n = len;
1145 	}
1146 	/* skip descriptor header */
1147 	temp += 2;
1148 
1149 	/* reset swap state */
1150 	swap = 3;
1151 
1152 	/* convert and filter */
1153 	for (i = 0; (i != n); i++) {
1154 		c = UGETW(temp + (2 * i));
1155 
1156 		/* convert from Unicode, handle buggy strings */
1157 		if (((c & 0xff00) == 0) && (swap & 1)) {
1158 			/* Little Endian, default */
1159 			*s = c;
1160 			swap = 1;
1161 		} else if (((c & 0x00ff) == 0) && (swap & 2)) {
1162 			/* Big Endian */
1163 			*s = c >> 8;
1164 			swap = 2;
1165 		} else {
1166 			/* silently skip bad character */
1167 			continue;
1168 		}
1169 
1170 		/*
1171 		 * Filter by default - We only allow alphanumerical
1172 		 * and a few more to avoid any problems with scripts
1173 		 * and daemons.
1174 		 */
1175 		if (isalpha(*s) ||
1176 		    isdigit(*s) ||
1177 		    *s == '-' ||
1178 		    *s == '+' ||
1179 		    *s == ' ' ||
1180 		    *s == '.' ||
1181 		    *s == ',') {
1182 			/* allowed */
1183 			s++;
1184 		}
1185 		/* silently skip bad character */
1186 	}
1187 	*s = 0;				/* zero terminate resulting string */
1188 	return (USB_ERR_NORMAL_COMPLETION);
1189 }
1190 
1191 /*------------------------------------------------------------------------*
1192  *	usbd_req_get_string_desc
1193  *
1194  * If you don't know the language ID, consider using
1195  * "usbd_req_get_string_any()".
1196  *
1197  * Returns:
1198  *    0: Success
1199  * Else: Failure
1200  *------------------------------------------------------------------------*/
1201 usb_error_t
1202 usbd_req_get_string_desc(struct usb_device *udev, struct mtx *mtx, void *sdesc,
1203     uint16_t max_len, uint16_t lang_id,
1204     uint8_t string_index)
1205 {
1206 	return (usbd_req_get_desc(udev, mtx, NULL, sdesc, 2, max_len, lang_id,
1207 	    UDESC_STRING, string_index, 0));
1208 }
1209 
1210 /*------------------------------------------------------------------------*
1211  *	usbd_req_get_config_desc_ptr
1212  *
1213  * This function is used in device side mode to retrieve the pointer
1214  * to the generated config descriptor. This saves allocating space for
1215  * an additional config descriptor when setting the configuration.
1216  *
1217  * Returns:
1218  *    0: Success
1219  * Else: Failure
1220  *------------------------------------------------------------------------*/
1221 usb_error_t
1222 usbd_req_get_descriptor_ptr(struct usb_device *udev,
1223     struct usb_config_descriptor **ppcd, uint16_t wValue)
1224 {
1225 	struct usb_device_request req;
1226 	usb_handle_req_t *hr_func;
1227 	const void *ptr;
1228 	uint16_t len;
1229 	usb_error_t err;
1230 
1231 	req.bmRequestType = UT_READ_DEVICE;
1232 	req.bRequest = UR_GET_DESCRIPTOR;
1233 	USETW(req.wValue, wValue);
1234 	USETW(req.wIndex, 0);
1235 	USETW(req.wLength, 0);
1236 
1237 	ptr = NULL;
1238 	len = 0;
1239 
1240 	hr_func = usbd_get_hr_func(udev);
1241 
1242 	if (hr_func == NULL)
1243 		err = USB_ERR_INVAL;
1244 	else {
1245 		USB_BUS_LOCK(udev->bus);
1246 		err = (hr_func) (udev, &req, &ptr, &len);
1247 		USB_BUS_UNLOCK(udev->bus);
1248 	}
1249 
1250 	if (err)
1251 		ptr = NULL;
1252 	else if (ptr == NULL)
1253 		err = USB_ERR_INVAL;
1254 
1255 	*ppcd = __DECONST(struct usb_config_descriptor *, ptr);
1256 
1257 	return (err);
1258 }
1259 
1260 /*------------------------------------------------------------------------*
1261  *	usbd_req_get_config_desc
1262  *
1263  * Returns:
1264  *    0: Success
1265  * Else: Failure
1266  *------------------------------------------------------------------------*/
1267 usb_error_t
1268 usbd_req_get_config_desc(struct usb_device *udev, struct mtx *mtx,
1269     struct usb_config_descriptor *d, uint8_t conf_index)
1270 {
1271 	usb_error_t err;
1272 
1273 	DPRINTFN(4, "confidx=%d\n", conf_index);
1274 
1275 	err = usbd_req_get_desc(udev, mtx, NULL, d, sizeof(*d),
1276 	    sizeof(*d), 0, UDESC_CONFIG, conf_index, 0);
1277 	if (err) {
1278 		goto done;
1279 	}
1280 	/* Extra sanity checking */
1281 	if (UGETW(d->wTotalLength) < sizeof(*d)) {
1282 		err = USB_ERR_INVAL;
1283 	}
1284 done:
1285 	return (err);
1286 }
1287 
1288 /*------------------------------------------------------------------------*
1289  *	usbd_req_get_config_desc_full
1290  *
1291  * This function gets the complete USB configuration descriptor and
1292  * ensures that "wTotalLength" is correct.
1293  *
1294  * Returns:
1295  *    0: Success
1296  * Else: Failure
1297  *------------------------------------------------------------------------*/
1298 usb_error_t
1299 usbd_req_get_config_desc_full(struct usb_device *udev, struct mtx *mtx,
1300     struct usb_config_descriptor **ppcd, struct malloc_type *mtype,
1301     uint8_t index)
1302 {
1303 	struct usb_config_descriptor cd;
1304 	struct usb_config_descriptor *cdesc;
1305 	uint16_t len;
1306 	usb_error_t err;
1307 
1308 	DPRINTFN(4, "index=%d\n", index);
1309 
1310 	*ppcd = NULL;
1311 
1312 	err = usbd_req_get_config_desc(udev, mtx, &cd, index);
1313 	if (err) {
1314 		return (err);
1315 	}
1316 	/* get full descriptor */
1317 	len = UGETW(cd.wTotalLength);
1318 	if (len < sizeof(*cdesc)) {
1319 		/* corrupt descriptor */
1320 		return (USB_ERR_INVAL);
1321 	}
1322 	cdesc = malloc(len, mtype, M_WAITOK);
1323 	if (cdesc == NULL) {
1324 		return (USB_ERR_NOMEM);
1325 	}
1326 	err = usbd_req_get_desc(udev, mtx, NULL, cdesc, len, len, 0,
1327 	    UDESC_CONFIG, index, 3);
1328 	if (err) {
1329 		free(cdesc, mtype);
1330 		return (err);
1331 	}
1332 	/* make sure that the device is not fooling us: */
1333 	USETW(cdesc->wTotalLength, len);
1334 
1335 	*ppcd = cdesc;
1336 
1337 	return (0);			/* success */
1338 }
1339 
1340 /*------------------------------------------------------------------------*
1341  *	usbd_req_get_device_desc
1342  *
1343  * Returns:
1344  *    0: Success
1345  * Else: Failure
1346  *------------------------------------------------------------------------*/
1347 usb_error_t
1348 usbd_req_get_device_desc(struct usb_device *udev, struct mtx *mtx,
1349     struct usb_device_descriptor *d)
1350 {
1351 	DPRINTFN(4, "\n");
1352 	return (usbd_req_get_desc(udev, mtx, NULL, d, sizeof(*d),
1353 	    sizeof(*d), 0, UDESC_DEVICE, 0, 3));
1354 }
1355 
1356 /*------------------------------------------------------------------------*
1357  *	usbd_req_get_alt_interface_no
1358  *
1359  * Returns:
1360  *    0: Success
1361  * Else: Failure
1362  *------------------------------------------------------------------------*/
1363 usb_error_t
1364 usbd_req_get_alt_interface_no(struct usb_device *udev, struct mtx *mtx,
1365     uint8_t *alt_iface_no, uint8_t iface_index)
1366 {
1367 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1368 	struct usb_device_request req;
1369 
1370 	if ((iface == NULL) || (iface->idesc == NULL))
1371 		return (USB_ERR_INVAL);
1372 
1373 	req.bmRequestType = UT_READ_INTERFACE;
1374 	req.bRequest = UR_GET_INTERFACE;
1375 	USETW(req.wValue, 0);
1376 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1377 	req.wIndex[1] = 0;
1378 	USETW(req.wLength, 1);
1379 	return (usbd_do_request(udev, mtx, &req, alt_iface_no));
1380 }
1381 
1382 /*------------------------------------------------------------------------*
1383  *	usbd_req_set_alt_interface_no
1384  *
1385  * Returns:
1386  *    0: Success
1387  * Else: Failure
1388  *------------------------------------------------------------------------*/
1389 usb_error_t
1390 usbd_req_set_alt_interface_no(struct usb_device *udev, struct mtx *mtx,
1391     uint8_t iface_index, uint8_t alt_no)
1392 {
1393 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1394 	struct usb_device_request req;
1395 
1396 	if ((iface == NULL) || (iface->idesc == NULL))
1397 		return (USB_ERR_INVAL);
1398 
1399 	req.bmRequestType = UT_WRITE_INTERFACE;
1400 	req.bRequest = UR_SET_INTERFACE;
1401 	req.wValue[0] = alt_no;
1402 	req.wValue[1] = 0;
1403 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1404 	req.wIndex[1] = 0;
1405 	USETW(req.wLength, 0);
1406 	return (usbd_do_request(udev, mtx, &req, 0));
1407 }
1408 
1409 /*------------------------------------------------------------------------*
1410  *	usbd_req_get_device_status
1411  *
1412  * Returns:
1413  *    0: Success
1414  * Else: Failure
1415  *------------------------------------------------------------------------*/
1416 usb_error_t
1417 usbd_req_get_device_status(struct usb_device *udev, struct mtx *mtx,
1418     struct usb_status *st)
1419 {
1420 	struct usb_device_request req;
1421 
1422 	req.bmRequestType = UT_READ_DEVICE;
1423 	req.bRequest = UR_GET_STATUS;
1424 	USETW(req.wValue, 0);
1425 	USETW(req.wIndex, 0);
1426 	USETW(req.wLength, sizeof(*st));
1427 	return (usbd_do_request(udev, mtx, &req, st));
1428 }
1429 
1430 /*------------------------------------------------------------------------*
1431  *	usbd_req_get_hub_descriptor
1432  *
1433  * Returns:
1434  *    0: Success
1435  * Else: Failure
1436  *------------------------------------------------------------------------*/
1437 usb_error_t
1438 usbd_req_get_hub_descriptor(struct usb_device *udev, struct mtx *mtx,
1439     struct usb_hub_descriptor *hd, uint8_t nports)
1440 {
1441 	struct usb_device_request req;
1442 	uint16_t len = (nports + 7 + (8 * 8)) / 8;
1443 
1444 	req.bmRequestType = UT_READ_CLASS_DEVICE;
1445 	req.bRequest = UR_GET_DESCRIPTOR;
1446 	USETW2(req.wValue, UDESC_HUB, 0);
1447 	USETW(req.wIndex, 0);
1448 	USETW(req.wLength, len);
1449 	return (usbd_do_request(udev, mtx, &req, hd));
1450 }
1451 
1452 /*------------------------------------------------------------------------*
1453  *	usbd_req_get_ss_hub_descriptor
1454  *
1455  * Returns:
1456  *    0: Success
1457  * Else: Failure
1458  *------------------------------------------------------------------------*/
1459 usb_error_t
1460 usbd_req_get_ss_hub_descriptor(struct usb_device *udev, struct mtx *mtx,
1461     struct usb_hub_ss_descriptor *hd, uint8_t nports)
1462 {
1463 	struct usb_device_request req;
1464 	uint16_t len = sizeof(*hd) - 32 + 1 + ((nports + 7) / 8);
1465 
1466 	req.bmRequestType = UT_READ_CLASS_DEVICE;
1467 	req.bRequest = UR_GET_DESCRIPTOR;
1468 	USETW2(req.wValue, UDESC_SS_HUB, 0);
1469 	USETW(req.wIndex, 0);
1470 	USETW(req.wLength, len);
1471 	return (usbd_do_request(udev, mtx, &req, hd));
1472 }
1473 
1474 /*------------------------------------------------------------------------*
1475  *	usbd_req_get_hub_status
1476  *
1477  * Returns:
1478  *    0: Success
1479  * Else: Failure
1480  *------------------------------------------------------------------------*/
1481 usb_error_t
1482 usbd_req_get_hub_status(struct usb_device *udev, struct mtx *mtx,
1483     struct usb_hub_status *st)
1484 {
1485 	struct usb_device_request req;
1486 
1487 	req.bmRequestType = UT_READ_CLASS_DEVICE;
1488 	req.bRequest = UR_GET_STATUS;
1489 	USETW(req.wValue, 0);
1490 	USETW(req.wIndex, 0);
1491 	USETW(req.wLength, sizeof(struct usb_hub_status));
1492 	return (usbd_do_request(udev, mtx, &req, st));
1493 }
1494 
1495 /*------------------------------------------------------------------------*
1496  *	usbd_req_set_address
1497  *
1498  * This function is used to set the address for an USB device. After
1499  * port reset the USB device will respond at address zero.
1500  *
1501  * Returns:
1502  *    0: Success
1503  * Else: Failure
1504  *------------------------------------------------------------------------*/
1505 usb_error_t
1506 usbd_req_set_address(struct usb_device *udev, struct mtx *mtx, uint16_t addr)
1507 {
1508 	struct usb_device_request req;
1509 	usb_error_t err;
1510 
1511 	DPRINTFN(6, "setting device address=%d\n", addr);
1512 
1513 	req.bmRequestType = UT_WRITE_DEVICE;
1514 	req.bRequest = UR_SET_ADDRESS;
1515 	USETW(req.wValue, addr);
1516 	USETW(req.wIndex, 0);
1517 	USETW(req.wLength, 0);
1518 
1519 	err = USB_ERR_INVAL;
1520 
1521 	/* check if USB controller handles set address */
1522 	if (udev->bus->methods->set_address != NULL)
1523 		err = (udev->bus->methods->set_address) (udev, mtx, addr);
1524 
1525 	if (err != USB_ERR_INVAL)
1526 		goto done;
1527 
1528 	/* Setting the address should not take more than 1 second ! */
1529 	err = usbd_do_request_flags(udev, mtx, &req, NULL,
1530 	    USB_DELAY_STATUS_STAGE, NULL, 1000);
1531 
1532 done:
1533 	/* allow device time to set new address */
1534 	usb_pause_mtx(mtx,
1535 	    USB_MS_TO_TICKS(USB_SET_ADDRESS_SETTLE));
1536 
1537 	return (err);
1538 }
1539 
1540 /*------------------------------------------------------------------------*
1541  *	usbd_req_get_port_status
1542  *
1543  * Returns:
1544  *    0: Success
1545  * Else: Failure
1546  *------------------------------------------------------------------------*/
1547 usb_error_t
1548 usbd_req_get_port_status(struct usb_device *udev, struct mtx *mtx,
1549     struct usb_port_status *ps, uint8_t port)
1550 {
1551 	struct usb_device_request req;
1552 
1553 	req.bmRequestType = UT_READ_CLASS_OTHER;
1554 	req.bRequest = UR_GET_STATUS;
1555 	USETW(req.wValue, 0);
1556 	req.wIndex[0] = port;
1557 	req.wIndex[1] = 0;
1558 	USETW(req.wLength, sizeof *ps);
1559 	return (usbd_do_request(udev, mtx, &req, ps));
1560 }
1561 
1562 /*------------------------------------------------------------------------*
1563  *	usbd_req_clear_hub_feature
1564  *
1565  * Returns:
1566  *    0: Success
1567  * Else: Failure
1568  *------------------------------------------------------------------------*/
1569 usb_error_t
1570 usbd_req_clear_hub_feature(struct usb_device *udev, struct mtx *mtx,
1571     uint16_t sel)
1572 {
1573 	struct usb_device_request req;
1574 
1575 	req.bmRequestType = UT_WRITE_CLASS_DEVICE;
1576 	req.bRequest = UR_CLEAR_FEATURE;
1577 	USETW(req.wValue, sel);
1578 	USETW(req.wIndex, 0);
1579 	USETW(req.wLength, 0);
1580 	return (usbd_do_request(udev, mtx, &req, 0));
1581 }
1582 
1583 /*------------------------------------------------------------------------*
1584  *	usbd_req_set_hub_feature
1585  *
1586  * Returns:
1587  *    0: Success
1588  * Else: Failure
1589  *------------------------------------------------------------------------*/
1590 usb_error_t
1591 usbd_req_set_hub_feature(struct usb_device *udev, struct mtx *mtx,
1592     uint16_t sel)
1593 {
1594 	struct usb_device_request req;
1595 
1596 	req.bmRequestType = UT_WRITE_CLASS_DEVICE;
1597 	req.bRequest = UR_SET_FEATURE;
1598 	USETW(req.wValue, sel);
1599 	USETW(req.wIndex, 0);
1600 	USETW(req.wLength, 0);
1601 	return (usbd_do_request(udev, mtx, &req, 0));
1602 }
1603 
1604 /*------------------------------------------------------------------------*
1605  *	usbd_req_set_hub_u1_timeout
1606  *
1607  * Returns:
1608  *    0: Success
1609  * Else: Failure
1610  *------------------------------------------------------------------------*/
1611 usb_error_t
1612 usbd_req_set_hub_u1_timeout(struct usb_device *udev, struct mtx *mtx,
1613     uint8_t port, uint8_t timeout)
1614 {
1615 	struct usb_device_request req;
1616 
1617 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1618 	req.bRequest = UR_SET_FEATURE;
1619 	USETW(req.wValue, UHF_PORT_U1_TIMEOUT);
1620 	req.wIndex[0] = port;
1621 	req.wIndex[1] = timeout;
1622 	USETW(req.wLength, 0);
1623 	return (usbd_do_request(udev, mtx, &req, 0));
1624 }
1625 
1626 /*------------------------------------------------------------------------*
1627  *	usbd_req_set_hub_u2_timeout
1628  *
1629  * Returns:
1630  *    0: Success
1631  * Else: Failure
1632  *------------------------------------------------------------------------*/
1633 usb_error_t
1634 usbd_req_set_hub_u2_timeout(struct usb_device *udev, struct mtx *mtx,
1635     uint8_t port, uint8_t timeout)
1636 {
1637 	struct usb_device_request req;
1638 
1639 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1640 	req.bRequest = UR_SET_FEATURE;
1641 	USETW(req.wValue, UHF_PORT_U2_TIMEOUT);
1642 	req.wIndex[0] = port;
1643 	req.wIndex[1] = timeout;
1644 	USETW(req.wLength, 0);
1645 	return (usbd_do_request(udev, mtx, &req, 0));
1646 }
1647 
1648 /*------------------------------------------------------------------------*
1649  *	usbd_req_set_hub_depth
1650  *
1651  * Returns:
1652  *    0: Success
1653  * Else: Failure
1654  *------------------------------------------------------------------------*/
1655 usb_error_t
1656 usbd_req_set_hub_depth(struct usb_device *udev, struct mtx *mtx,
1657     uint16_t depth)
1658 {
1659 	struct usb_device_request req;
1660 
1661 	req.bmRequestType = UT_WRITE_CLASS_DEVICE;
1662 	req.bRequest = UR_SET_HUB_DEPTH;
1663 	USETW(req.wValue, depth);
1664 	USETW(req.wIndex, 0);
1665 	USETW(req.wLength, 0);
1666 	return (usbd_do_request(udev, mtx, &req, 0));
1667 }
1668 
1669 /*------------------------------------------------------------------------*
1670  *	usbd_req_clear_port_feature
1671  *
1672  * Returns:
1673  *    0: Success
1674  * Else: Failure
1675  *------------------------------------------------------------------------*/
1676 usb_error_t
1677 usbd_req_clear_port_feature(struct usb_device *udev, struct mtx *mtx,
1678     uint8_t port, uint16_t sel)
1679 {
1680 	struct usb_device_request req;
1681 
1682 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1683 	req.bRequest = UR_CLEAR_FEATURE;
1684 	USETW(req.wValue, sel);
1685 	req.wIndex[0] = port;
1686 	req.wIndex[1] = 0;
1687 	USETW(req.wLength, 0);
1688 	return (usbd_do_request(udev, mtx, &req, 0));
1689 }
1690 
1691 /*------------------------------------------------------------------------*
1692  *	usbd_req_set_port_feature
1693  *
1694  * Returns:
1695  *    0: Success
1696  * Else: Failure
1697  *------------------------------------------------------------------------*/
1698 usb_error_t
1699 usbd_req_set_port_feature(struct usb_device *udev, struct mtx *mtx,
1700     uint8_t port, uint16_t sel)
1701 {
1702 	struct usb_device_request req;
1703 
1704 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
1705 	req.bRequest = UR_SET_FEATURE;
1706 	USETW(req.wValue, sel);
1707 	req.wIndex[0] = port;
1708 	req.wIndex[1] = 0;
1709 	USETW(req.wLength, 0);
1710 	return (usbd_do_request(udev, mtx, &req, 0));
1711 }
1712 
1713 /*------------------------------------------------------------------------*
1714  *	usbd_req_set_protocol
1715  *
1716  * Returns:
1717  *    0: Success
1718  * Else: Failure
1719  *------------------------------------------------------------------------*/
1720 usb_error_t
1721 usbd_req_set_protocol(struct usb_device *udev, struct mtx *mtx,
1722     uint8_t iface_index, uint16_t report)
1723 {
1724 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1725 	struct usb_device_request req;
1726 
1727 	if ((iface == NULL) || (iface->idesc == NULL)) {
1728 		return (USB_ERR_INVAL);
1729 	}
1730 	DPRINTFN(5, "iface=%p, report=%d, endpt=%d\n",
1731 	    iface, report, iface->idesc->bInterfaceNumber);
1732 
1733 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1734 	req.bRequest = UR_SET_PROTOCOL;
1735 	USETW(req.wValue, report);
1736 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1737 	req.wIndex[1] = 0;
1738 	USETW(req.wLength, 0);
1739 	return (usbd_do_request(udev, mtx, &req, 0));
1740 }
1741 
1742 /*------------------------------------------------------------------------*
1743  *	usbd_req_set_report
1744  *
1745  * Returns:
1746  *    0: Success
1747  * Else: Failure
1748  *------------------------------------------------------------------------*/
1749 usb_error_t
1750 usbd_req_set_report(struct usb_device *udev, struct mtx *mtx, void *data, uint16_t len,
1751     uint8_t iface_index, uint8_t type, uint8_t id)
1752 {
1753 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1754 	struct usb_device_request req;
1755 
1756 	if ((iface == NULL) || (iface->idesc == NULL)) {
1757 		return (USB_ERR_INVAL);
1758 	}
1759 	DPRINTFN(5, "len=%d\n", len);
1760 
1761 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1762 	req.bRequest = UR_SET_REPORT;
1763 	USETW2(req.wValue, type, id);
1764 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1765 	req.wIndex[1] = 0;
1766 	USETW(req.wLength, len);
1767 	return (usbd_do_request(udev, mtx, &req, data));
1768 }
1769 
1770 /*------------------------------------------------------------------------*
1771  *	usbd_req_get_report
1772  *
1773  * Returns:
1774  *    0: Success
1775  * Else: Failure
1776  *------------------------------------------------------------------------*/
1777 usb_error_t
1778 usbd_req_get_report(struct usb_device *udev, struct mtx *mtx, void *data,
1779     uint16_t len, uint8_t iface_index, uint8_t type, uint8_t id)
1780 {
1781 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1782 	struct usb_device_request req;
1783 
1784 	if ((iface == NULL) || (iface->idesc == NULL)) {
1785 		return (USB_ERR_INVAL);
1786 	}
1787 	DPRINTFN(5, "len=%d\n", len);
1788 
1789 	req.bmRequestType = UT_READ_CLASS_INTERFACE;
1790 	req.bRequest = UR_GET_REPORT;
1791 	USETW2(req.wValue, type, id);
1792 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1793 	req.wIndex[1] = 0;
1794 	USETW(req.wLength, len);
1795 	return (usbd_do_request(udev, mtx, &req, data));
1796 }
1797 
1798 /*------------------------------------------------------------------------*
1799  *	usbd_req_set_idle
1800  *
1801  * Returns:
1802  *    0: Success
1803  * Else: Failure
1804  *------------------------------------------------------------------------*/
1805 usb_error_t
1806 usbd_req_set_idle(struct usb_device *udev, struct mtx *mtx,
1807     uint8_t iface_index, uint8_t duration, uint8_t id)
1808 {
1809 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1810 	struct usb_device_request req;
1811 
1812 	if ((iface == NULL) || (iface->idesc == NULL)) {
1813 		return (USB_ERR_INVAL);
1814 	}
1815 	DPRINTFN(5, "%d %d\n", duration, id);
1816 
1817 	req.bmRequestType = UT_WRITE_CLASS_INTERFACE;
1818 	req.bRequest = UR_SET_IDLE;
1819 	USETW2(req.wValue, duration, id);
1820 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1821 	req.wIndex[1] = 0;
1822 	USETW(req.wLength, 0);
1823 	return (usbd_do_request(udev, mtx, &req, 0));
1824 }
1825 
1826 /*------------------------------------------------------------------------*
1827  *	usbd_req_get_report_descriptor
1828  *
1829  * Returns:
1830  *    0: Success
1831  * Else: Failure
1832  *------------------------------------------------------------------------*/
1833 usb_error_t
1834 usbd_req_get_report_descriptor(struct usb_device *udev, struct mtx *mtx,
1835     void *d, uint16_t size, uint8_t iface_index)
1836 {
1837 	struct usb_interface *iface = usbd_get_iface(udev, iface_index);
1838 	struct usb_device_request req;
1839 
1840 	if ((iface == NULL) || (iface->idesc == NULL)) {
1841 		return (USB_ERR_INVAL);
1842 	}
1843 	req.bmRequestType = UT_READ_INTERFACE;
1844 	req.bRequest = UR_GET_DESCRIPTOR;
1845 	USETW2(req.wValue, UDESC_REPORT, 0);	/* report id should be 0 */
1846 	req.wIndex[0] = iface->idesc->bInterfaceNumber;
1847 	req.wIndex[1] = 0;
1848 	USETW(req.wLength, size);
1849 	return (usbd_do_request(udev, mtx, &req, d));
1850 }
1851 
1852 /*------------------------------------------------------------------------*
1853  *	usbd_req_set_config
1854  *
1855  * This function is used to select the current configuration number in
1856  * both USB device side mode and USB host side mode. When setting the
1857  * configuration the function of the interfaces can change.
1858  *
1859  * Returns:
1860  *    0: Success
1861  * Else: Failure
1862  *------------------------------------------------------------------------*/
1863 usb_error_t
1864 usbd_req_set_config(struct usb_device *udev, struct mtx *mtx, uint8_t conf)
1865 {
1866 	struct usb_device_request req;
1867 
1868 	DPRINTF("setting config %d\n", conf);
1869 
1870 	/* do "set configuration" request */
1871 
1872 	req.bmRequestType = UT_WRITE_DEVICE;
1873 	req.bRequest = UR_SET_CONFIG;
1874 	req.wValue[0] = conf;
1875 	req.wValue[1] = 0;
1876 	USETW(req.wIndex, 0);
1877 	USETW(req.wLength, 0);
1878 	return (usbd_do_request(udev, mtx, &req, 0));
1879 }
1880 
1881 /*------------------------------------------------------------------------*
1882  *	usbd_req_get_config
1883  *
1884  * Returns:
1885  *    0: Success
1886  * Else: Failure
1887  *------------------------------------------------------------------------*/
1888 usb_error_t
1889 usbd_req_get_config(struct usb_device *udev, struct mtx *mtx, uint8_t *pconf)
1890 {
1891 	struct usb_device_request req;
1892 
1893 	req.bmRequestType = UT_READ_DEVICE;
1894 	req.bRequest = UR_GET_CONFIG;
1895 	USETW(req.wValue, 0);
1896 	USETW(req.wIndex, 0);
1897 	USETW(req.wLength, 1);
1898 	return (usbd_do_request(udev, mtx, &req, pconf));
1899 }
1900 
1901 /*------------------------------------------------------------------------*
1902  *	usbd_setup_device_desc
1903  *------------------------------------------------------------------------*/
1904 usb_error_t
1905 usbd_setup_device_desc(struct usb_device *udev, struct mtx *mtx)
1906 {
1907 	usb_error_t err;
1908 
1909 	/*
1910 	 * Get the first 8 bytes of the device descriptor !
1911 	 *
1912 	 * NOTE: "usbd_do_request()" will check the device descriptor
1913 	 * next time we do a request to see if the maximum packet size
1914 	 * changed! The 8 first bytes of the device descriptor
1915 	 * contains the maximum packet size to use on control endpoint
1916 	 * 0. If this value is different from "USB_MAX_IPACKET" a new
1917 	 * USB control request will be setup!
1918 	 */
1919 	switch (udev->speed) {
1920 	case USB_SPEED_FULL:
1921 	case USB_SPEED_LOW:
1922 		err = usbd_req_get_desc(udev, mtx, NULL, &udev->ddesc,
1923 		    USB_MAX_IPACKET, USB_MAX_IPACKET, 0, UDESC_DEVICE, 0, 0);
1924 		if (err != 0) {
1925 			DPRINTFN(0, "getting device descriptor "
1926 			    "at addr %d failed, %s\n", udev->address,
1927 			    usbd_errstr(err));
1928 			return (err);
1929 		}
1930 		break;
1931 	default:
1932 		DPRINTF("Minimum MaxPacketSize is large enough "
1933 		    "to hold the complete device descriptor\n");
1934 		break;
1935 	}
1936 
1937 	/* get the full device descriptor */
1938 	err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
1939 
1940 	/* try one more time, if error */
1941 	if (err)
1942 		err = usbd_req_get_device_desc(udev, mtx, &udev->ddesc);
1943 
1944 	if (err) {
1945 		DPRINTF("addr=%d, getting full desc failed\n",
1946 		    udev->address);
1947 		return (err);
1948 	}
1949 
1950 	DPRINTF("adding unit addr=%d, rev=%02x, class=%d, "
1951 	    "subclass=%d, protocol=%d, maxpacket=%d, len=%d, speed=%d\n",
1952 	    udev->address, UGETW(udev->ddesc.bcdUSB),
1953 	    udev->ddesc.bDeviceClass,
1954 	    udev->ddesc.bDeviceSubClass,
1955 	    udev->ddesc.bDeviceProtocol,
1956 	    udev->ddesc.bMaxPacketSize,
1957 	    udev->ddesc.bLength,
1958 	    udev->speed);
1959 
1960 	return (err);
1961 }
1962 
1963 /*------------------------------------------------------------------------*
1964  *	usbd_req_re_enumerate
1965  *
1966  * NOTE: After this function returns the hardware is in the
1967  * unconfigured state! The application is responsible for setting a
1968  * new configuration.
1969  *
1970  * Returns:
1971  *    0: Success
1972  * Else: Failure
1973  *------------------------------------------------------------------------*/
1974 usb_error_t
1975 usbd_req_re_enumerate(struct usb_device *udev, struct mtx *mtx)
1976 {
1977 	struct usb_device *parent_hub;
1978 	usb_error_t err;
1979 	uint8_t old_addr;
1980 	uint8_t do_retry = 1;
1981 
1982 	if (udev->flags.usb_mode != USB_MODE_HOST) {
1983 		return (USB_ERR_INVAL);
1984 	}
1985 	old_addr = udev->address;
1986 	parent_hub = udev->parent_hub;
1987 	if (parent_hub == NULL) {
1988 		return (USB_ERR_INVAL);
1989 	}
1990 retry:
1991 	/*
1992 	 * Try to reset the High Speed parent HUB of a LOW- or FULL-
1993 	 * speed device, if any.
1994 	 */
1995 	if (udev->parent_hs_hub != NULL &&
1996 	    udev->speed != USB_SPEED_HIGH) {
1997 		DPRINTF("Trying to reset parent High Speed TT.\n");
1998 		err = usbd_req_reset_tt(udev->parent_hs_hub, NULL,
1999 		    udev->hs_port_no);
2000 		if (err) {
2001 			DPRINTF("Resetting parent High "
2002 			    "Speed TT failed (%s).\n",
2003 			    usbd_errstr(err));
2004 		}
2005 	}
2006 
2007 	/* Try to reset the parent HUB port. */
2008 	err = usbd_req_reset_port(parent_hub, mtx, udev->port_no);
2009 	if (err) {
2010 		DPRINTFN(0, "addr=%d, port reset failed, %s\n",
2011 		    old_addr, usbd_errstr(err));
2012 		goto done;
2013 	}
2014 
2015 	/*
2016 	 * After that the port has been reset our device should be at
2017 	 * address zero:
2018 	 */
2019 	udev->address = USB_START_ADDR;
2020 
2021 	/* reset "bMaxPacketSize" */
2022 	udev->ddesc.bMaxPacketSize = USB_MAX_IPACKET;
2023 
2024 	/* reset USB state */
2025 	usb_set_device_state(udev, USB_STATE_POWERED);
2026 
2027 	/*
2028 	 * Restore device address:
2029 	 */
2030 	err = usbd_req_set_address(udev, mtx, old_addr);
2031 	if (err) {
2032 		/* XXX ignore any errors! */
2033 		DPRINTFN(0, "addr=%d, set address failed! (%s, ignored)\n",
2034 		    old_addr, usbd_errstr(err));
2035 	}
2036 	/*
2037 	 * Restore device address, if the controller driver did not
2038 	 * set a new one:
2039 	 */
2040 	if (udev->address == USB_START_ADDR)
2041 		udev->address = old_addr;
2042 
2043 	/* setup the device descriptor and the initial "wMaxPacketSize" */
2044 	err = usbd_setup_device_desc(udev, mtx);
2045 
2046 done:
2047 	if (err && do_retry) {
2048 		/* give the USB firmware some time to load */
2049 		usb_pause_mtx(mtx, hz / 2);
2050 		/* no more retries after this retry */
2051 		do_retry = 0;
2052 		/* try again */
2053 		goto retry;
2054 	}
2055 	/* restore address */
2056 	if (udev->address == USB_START_ADDR)
2057 		udev->address = old_addr;
2058 	/* update state, if successful */
2059 	if (err == 0)
2060 		usb_set_device_state(udev, USB_STATE_ADDRESSED);
2061 	return (err);
2062 }
2063 
2064 /*------------------------------------------------------------------------*
2065  *	usbd_req_clear_device_feature
2066  *
2067  * Returns:
2068  *    0: Success
2069  * Else: Failure
2070  *------------------------------------------------------------------------*/
2071 usb_error_t
2072 usbd_req_clear_device_feature(struct usb_device *udev, struct mtx *mtx,
2073     uint16_t sel)
2074 {
2075 	struct usb_device_request req;
2076 
2077 	req.bmRequestType = UT_WRITE_DEVICE;
2078 	req.bRequest = UR_CLEAR_FEATURE;
2079 	USETW(req.wValue, sel);
2080 	USETW(req.wIndex, 0);
2081 	USETW(req.wLength, 0);
2082 	return (usbd_do_request(udev, mtx, &req, 0));
2083 }
2084 
2085 /*------------------------------------------------------------------------*
2086  *	usbd_req_set_device_feature
2087  *
2088  * Returns:
2089  *    0: Success
2090  * Else: Failure
2091  *------------------------------------------------------------------------*/
2092 usb_error_t
2093 usbd_req_set_device_feature(struct usb_device *udev, struct mtx *mtx,
2094     uint16_t sel)
2095 {
2096 	struct usb_device_request req;
2097 
2098 	req.bmRequestType = UT_WRITE_DEVICE;
2099 	req.bRequest = UR_SET_FEATURE;
2100 	USETW(req.wValue, sel);
2101 	USETW(req.wIndex, 0);
2102 	USETW(req.wLength, 0);
2103 	return (usbd_do_request(udev, mtx, &req, 0));
2104 }
2105 
2106 /*------------------------------------------------------------------------*
2107  *	usbd_req_reset_tt
2108  *
2109  * Returns:
2110  *    0: Success
2111  * Else: Failure
2112  *------------------------------------------------------------------------*/
2113 usb_error_t
2114 usbd_req_reset_tt(struct usb_device *udev, struct mtx *mtx,
2115     uint8_t port)
2116 {
2117 	struct usb_device_request req;
2118 
2119 	/* For single TT HUBs the port should be 1 */
2120 
2121 	if (udev->ddesc.bDeviceClass == UDCLASS_HUB &&
2122 	    udev->ddesc.bDeviceProtocol == UDPROTO_HSHUBSTT)
2123 		port = 1;
2124 
2125 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
2126 	req.bRequest = UR_RESET_TT;
2127 	USETW(req.wValue, 0);
2128 	req.wIndex[0] = port;
2129 	req.wIndex[1] = 0;
2130 	USETW(req.wLength, 0);
2131 	return (usbd_do_request(udev, mtx, &req, 0));
2132 }
2133 
2134 /*------------------------------------------------------------------------*
2135  *	usbd_req_clear_tt_buffer
2136  *
2137  * For single TT HUBs the port should be 1.
2138  *
2139  * Returns:
2140  *    0: Success
2141  * Else: Failure
2142  *------------------------------------------------------------------------*/
2143 usb_error_t
2144 usbd_req_clear_tt_buffer(struct usb_device *udev, struct mtx *mtx,
2145     uint8_t port, uint8_t addr, uint8_t type, uint8_t endpoint)
2146 {
2147 	struct usb_device_request req;
2148 	uint16_t wValue;
2149 
2150 	/* For single TT HUBs the port should be 1 */
2151 
2152 	if (udev->ddesc.bDeviceClass == UDCLASS_HUB &&
2153 	    udev->ddesc.bDeviceProtocol == UDPROTO_HSHUBSTT)
2154 		port = 1;
2155 
2156 	wValue = (endpoint & 0xF) | ((addr & 0x7F) << 4) |
2157 	    ((endpoint & 0x80) << 8) | ((type & 3) << 12);
2158 
2159 	req.bmRequestType = UT_WRITE_CLASS_OTHER;
2160 	req.bRequest = UR_CLEAR_TT_BUFFER;
2161 	USETW(req.wValue, wValue);
2162 	req.wIndex[0] = port;
2163 	req.wIndex[1] = 0;
2164 	USETW(req.wLength, 0);
2165 	return (usbd_do_request(udev, mtx, &req, 0));
2166 }
2167