xref: /illumos-gate/usr/src/uts/common/io/usb/clients/ccid/ccid.c (revision 63f91fbc3c024870d86dc3332a4a0080fb29bc40)
1 /*
2  * This file and its contents are supplied under the terms of the
3  * Common Development and Distribution License ("CDDL"), version 1.0.
4  * You may only use this file in accordance with the terms of version
5  * 1.0 of the CDDL.
6  *
7  * A full copy of the text of the CDDL should have accompanied this
8  * source.  A copy of the CDDL is also available via the Internet at
9  * http://www.illumos.org/license/CDDL.
10  */
11 
12 /*
13  * Copyright 2019, Joyent, Inc.
14  */
15 
16 /*
17  * USB CCID class driver
18  *
19  * Slot Detection
20  * --------------
21  *
22  * A CCID reader has one or more slots, each of which may or may not have a ICC
23  * (integrated circuit card) present. Some readers actually have a card that's
24  * permanently plugged in while other readers allow for cards to be inserted and
25  * removed. We model all CCID readers that don't have removable cards as ones
26  * that are removable, but never fire any events. Readers with removable cards
27  * are required to have an Interrupt-IN pipe.
28  *
29  * Each slot starts in an unknown state. After attaching we always kick off a
30  * discovery. When a change event comes in, that causes us to kick off a
31  * discovery again, though we focus it only on those endpoints that have noted a
32  * change. At attach time we logically mark that every endpoint has changed,
33  * allowing us to figure out what its actual state is. We don't rely on any
34  * initial Interrupt-IN polling to allow for the case where either the hardware
35  * doesn't report it or to better handle the devices without an Interrupt-IN
36  * entry. Just because we open up the Interrupt-IN pipe, hardware is not
37  * obligated to tell us, as the detaching and reattaching of a driver will not
38  * cause a power cycle.
39  *
40  * The Interrupt-IN exception callback may need to restart polling. In addition,
41  * we may fail to start or restart polling due to a transient issue. In cases
42  * where the attempt to start polling has failed, we try again in one second
43  * with a timeout.
44  *
45  * Discovery is run through a taskq. The various slots are checked serially. If
46  * a discovery is running when another change event comes in, we flag ourselves
47  * for a follow up run. This means that it's possible that we end up processing
48  * items early and that the follow up run is ignored.
49  *
50  * Two state flags are used to keep track of this dance: CCID_F_WORKER_REQUESTED
51  * and CCID_F_WORKER_RUNNING. The first is used to indicate that discovery is
52  * desired. The second is to indicate that it is actively running. When
53  * discovery is requested, the caller first checks the current flags. If neither
54  * flag is set, then it knows that it can kick off discovery. Regardless if it
55  * can kick off the taskq, it always sets requested. Once the taskq entry
56  * starts, it removes any DISCOVER_REQUESTED flags and sets DISCOVER_RUNNING. If
57  * at the end of discovery, we find that another request has been made, the
58  * discovery function will kick off another entry in the taskq.
59  *
60  * The one possible problem with this model is that it means that we aren't
61  * throttling the set of incoming requests with respect to taskq dispatches.
62  * However, because these are only driven by an Interrupt-IN pipe, it is hoped
63  * that the frequency will be rather reduced. If it turns out that that's not
64  * the case, we may need to use a timeout or another trick to ensure that only
65  * one discovery per tick or so is initialized. The main reason we don't just do
66  * that off the bat and add a delay is because of contactless cards which may
67  * need to be acted upon in a soft real-time fashion.
68  *
69  * Command Handling
70  * ----------------
71  *
72  * Commands are issued to a CCID reader on a Bulk-OUT pipe. Responses are
73  * generated as a series of one or more messages on a Bulk-IN pipe. To correlate
74  * these commands a sequence number is used. This sequence number is one byte
75  * and can be in the range [ CCID_SEQ_MIN, CCID_SEQ_MAX ]. To keep track of the
76  * allocated IDs we leverage an ID space.
77  *
78  * A CCID reader contains a number of slots. Each slot can be addressed
79  * separately as each slot represents a separate place that a card may be
80  * inserted or not. A given slot may only have a single outstanding command. A
81  * given CCID reader may only have a number of commands outstanding to the CCID
82  * device as a whole based on a value in the class descriptor (see the
83  * ccd_bMacCCIDBusySlots member of the ccid_class_descr_t).
84  *
85  * To simplify the driver, we only support issuing a single command to a CCID
86  * reader at any given time. All commands that are outstanding are queued in a
87  * per-device list ccid_command_queue. The head of the queue is the current
88  * command that we believe is outstanding to the reader or will be shortly. The
89  * command is issued by sending a Bulk-OUT request with a CCID header. Once we
90  * have the Bulk-OUT request acknowledged, we begin sending Bulk-IN messages to
91  * the controller. Once the Bulk-IN message is acknowledged, then we complete
92  * the command and proceed to the next command. This is summarized in the
93  * following state machine:
94  *
95  *              +-----------------------------------------------------+
96  *              |                                                     |
97  *              |                        ccid_command_queue           |
98  *              |                    +---+---+---------+---+---+      |
99  *              v                    | h |   |         |   | t |      |
100  *  +-------------------------+      | e |   |         |   | a |      |
101  *  | ccid_command_dispatch() |<-----| a |   |   ...   |   | i |      |
102  *  +-----------+-------------+      | d |   |         |   | l |      |
103  *              |                    +---+---+---------+---+---+      |
104  *              v                                                     |
105  *  +-------------------------+      +-------------------------+      |
106  *  | usb_pipe_bulk_xfer()    |----->| ccid_dispatch_bulk_cb() |      |
107  *  | ccid_bulkout_pipe       |      +------------+------------+      |
108  *  +-------------------------+                   |                   |
109  *                                                |                   |
110  *              |                                 v                   |
111  *              |                    +-------------------------+      |
112  *              |                    | ccid_bulkin_schedule()  |      |
113  *              v                    +------------+------------+      |
114  *                                                |                   |
115  *     /--------------------\                     |                   |
116  *    /                      \                    v                   |
117  *    |  ###    CCID HW      |       +-------------------------+      |
118  *    |  ###                 |       | usb_pipe_bulk_xfer()    |      |
119  *    |                      | ----> | ccid_bulkin_pipe        |      |
120  *    |                      |       +------------+------------+      |
121  *    \                      /                    |                   |
122  *     \--------------------/                     |                   |
123  *                                                v                   |
124  *                                   +-------------------------+      |
125  *                                   | ccid_reply_bulk_cb()    |      |
126  *                                   +------------+------------+      |
127  *                                                |                   |
128  *                                                |                   |
129  *                                                v                   |
130  *                                   +-------------------------+      |
131  *                                   | ccid_command_complete() +------+
132  *                                   +-------------------------+
133  *
134  *
135  * APDU and TPDU Processing and Parameter Selection
136  * ------------------------------------------------
137  *
138  * Readers provide four different modes for us to be able to transmit data to
139  * and from the card. These are:
140  *
141  *   1. Character Mode
142  *   2. TPDU Mode
143  *   3. Short APDU Mode
144  *   4. Extended APDU Mode
145  *
146  * Readers either support mode 1, mode 2, mode 3, or mode 3 and 4. All readers
147  * that support extended APDUs support short APDUs. At this time, we do not
148  * support character mode or TPDU mode, and we use only short APDUs even for
149  * readers that support extended APDUs.
150  *
151  * The ICC and the reader need to be in agreement in order for them to be able
152  * to exchange information. The ICC indicates what it supports by replying to a
153  * power on command with an ATR (answer to reset). This data can be parsed to
154  * indicate which of two protocols the ICC supports. These protocols are
155  * referred to as:
156  *
157  *  o T=0
158  *  o T=1
159  *
160  * These protocols are defined in the ISO/IEC 7816-3:2006 specification. When a
161  * reader supports an APDU mode, then the driver does not have to worry about
162  * the underlying protocol and can just send an application data unit (APDU).
163  * Otherwise, the driver must take the application data (APDU) and transform it
164  * into the form required by the corresponding protocol.
165  *
166  * There are several parameters that need to be negotiated to ensure that the
167  * protocols work correctly. To negotiate these parameters and to select a
168  * protocol, the driver must construct a PPS (protocol and parameters structure)
169  * request and exchange that with the ICC. A reader may optionally take care of
170  * performing this and indicates its support for this in dwFeatures member of
171  * the USB class descriptor.
172  *
173  * In addition, the reader itself must often be told of these configuration
174  * changes through the means of a CCID_REQUEST_SET_PARAMS command. Once both of
175  * these have been performed, the reader and ICC can communicate to their hearts
176  * desire.
177  *
178  * Both the negotiation and the setting of the parameters can be performed
179  * automatically by the CCID reader. When the reader supports APDU exchanges,
180  * then it must support some aspects of this negotiation. Because of that, we
181  * never consider performing this and only support readers that offer this kind
182  * of automation.
183  *
184  * User I/O Basics
185  * ---------------
186  *
187  * A user performs I/O by writing APDUs (Application Protocol Data Units). A
188  * user issues a system call that ends up in write(9E) (write(2), writev(2),
189  * pwrite(2), pwritev(2), etc.). The user data is consumed by the CCID driver
190  * and a series of commands will then be issued to the device, depending on the
191  * protocol mode. The write(9E) call does not block for this to finish. Once
192  * write(9E) has returned, the user may block in a read(2) related system call
193  * or poll for POLLIN.
194  *
195  * A thread may not call read(9E) without having called write(9E). This model is
196  * due to the limited capability of hardware. Only a single command can be going
197  * on a given slot and due to the fact that many commands change the hardware
198  * state, we do not try to multiplex multiple calls to write() or read().
199  *
200  *
201  * User I/O, Transaction Ends, ICC removals, and Reader Removals
202  * -------------------------------------------------------------
203  *
204  * While the I/O model given to user land is somewhat simple, there are a lot of
205  * tricky pieces to get right because we are in a multi-threaded pre-emptible
206  * system. In general, there are four different levels of state that we need to
207  * keep track of:
208  *
209  *   1. User threads in I/O
210  *   2. Kernel protocol level support (T=1, apdu, etc.).
211  *   3. Slot/ICC state
212  *   4. CCID Reader state
213  *
214  * Of course, each level cares about the state above it. The kernel protocol
215  * level state (2) cares about the User threads in I/O (1). The same is true
216  * with the other levels caring about the levels above it. With this in mind
217  * there are three non-data path things that can go wrong:
218  *
219  *   A. The user can end a transaction (whether through an ioctl or close(9E)).
220  *   B. The ICC can be removed
221  *   C. The CCID device can be removed or reset at a USB level.
222  *
223  * Each of these has implications on the outstanding I/O and other states of
224  * the world. When events of type A occur, we need to clean up states 1 and 2.
225  * Then events of type B occur we need to clean up states 1-3. When events of
226  * type C occur we need to clean up states 1-4. The following discusses how we
227  * should clean up these different states:
228  *
229  * Cleaning up State 1:
230  *
231  *   To clean up the User threads in I/O there are three different cases to
232  *   consider. The first is cleaning up a thread that is in the middle of
233  *   write(9E). The second is cleaning up thread that is blocked in read(9E).
234  *   The third is dealing with threads that are stuck in chpoll(9E).
235  *
236  *   To handle the write case, we have a series of flags that is on the CCID
237  *   slot's I/O structure (ccid_io_t, cs_io on the ccid_slot_t). When a thread
238  *   begins its I/O it will set the CCID_IO_F_PREPARING flag. This flag is used
239  *   to indicate that there is a thread that is performing a write(9E), but it
240  *   is not holding the ccid_mutex because of the operations that it is taking.
241  *   Once it has finished, the thread will remove that flag and instead
242  *   CCID_IO_F_IN_PROGRESS will be set. If we find that the CCID_IO_F_PREPARING
243  *   flag is set, then we will need to wait for it to be removed before
244  *   continuing. The fact that there is an outstanding physical I/O will be
245  *   dealt with when we clean up state 2.
246  *
247  *   To handle the read case, we have a flag on the ccid_minor_t which indicates
248  *   that a thread is blocked on a condition variable (cm_read_cv), waiting for
249  *   the I/O to complete. The way this gets cleaned up varies a bit on each of
250  *   the different cases as each one will trigger a different error to the
251  *   thread. In all cases, the condition variable will be signaled. Then,
252  *   whenever the thread comes out of the condition variable it will always
253  *   check the state to see if it has been woken up because the transaction is
254  *   being closed, the ICC has been removed, or the reader is being
255  *   disconnected. In all such cases, the thread in read will end up receiving
256  *   an error (ECANCELED, ENXIO, and ENODEV respectively).
257  *
258  *   If we have hit the case that this needs to be cleaned up, then the
259  *   CCID_MINOR_F_READ_WAITING flag will be set on the ccid_minor_t's flags
260  *   member (cm_flags). In this case, the broader system must change the
261  *   corresponding system state flag for the appropriate condition, signal the
262  *   read cv, and then wait on an additional cv in the minor, the
263  *   ccid_iowait_cv).
264  *
265  *   Cleaning up the poll state is somewhat simpler. If any of the conditions
266  *   (A-C) occur, then we must flag POLLERR. In addition if B and C occur, then
267  *   we will flag POLLHUP at the same time. This will guarantee that any threads
268  *   in poll(9E) are woken up.
269  *
270  * Cleaning up State 2.
271  *
272  *   While the user I/O thread is a somewhat straightforward, the kernel
273  *   protocol level is a bit more complicated. The core problem is that when a
274  *   user issues a logical I/O through an APDU, that may result in a series of
275  *   one or more protocol level physical commands. The core crux of the issue
276  *   with cleaning up this state is twofold:
277  *
278  *     1. We don't want to block a user thread while I/O is outstanding
279  *     2. We need to take one of several steps to clean up the aforementioned
280  *        I/O
281  *
282  *   To try and deal with that, there are a number of different things that we
283  *   do. The first thing we do is that we clean up the user state based on the
284  *   notes in cleaning up in State 1. Importantly we need to _block_ on this
285  *   activity.
286  *
287  *   Once that is done, we need to proceed to step 2. Since we're doing only
288  *   APDU processing, this is as simple as waiting for that command to complete
289  *   and/or potentially issue an abort or reset.
290  *
291  *   While this is ongoing an additional flag (CCID_SLOT_F_NEED_IO_TEARDOWN)
292  *   will be set on the slot to make sure that we know that we can't issue new
293  *   I/O or that we can't proceed to the next transaction until this phase is
294  *   finished.
295  *
296  * Cleaning up State 3
297  *
298  *   When the ICC is removed, this is not dissimilar to the previous states. To
299  *   handle this we need to first make sure that state 1 and state 2 are
300  *   finished being cleaned up. We will have to _block_ on this from the worker
301  *   thread. The problem is that we have certain values such as the operations
302  *   vector, the ATR data, etc. that we need to make sure are still valid while
303  *   we're in the process of cleaning up state. Once all that is done and the
304  *   worker thread proceeds we will consider processing a new ICC insertion.
305  *   The one good side is that if the ICC was removed, then it should be simpler
306  *   to handle all of the outstanding I/O.
307  *
308  * Cleaning up State 4
309  *
310  *   When the reader is removed, then we need to clean up all the prior states.
311  *   However, this is somewhat simpler than the other cases, as once this
312  *   happens our detach endpoint will be called to clean up all of our
313  *   resources. Therefore, before we call detach, we need to explicitly clean up
314  *   state 1; however, we then at this time leave all the remaining state to be
315  *   cleaned up during detach(9E) as part of normal tear down.
316  */
317 
318 #include <sys/modctl.h>
319 #include <sys/errno.h>
320 #include <sys/conf.h>
321 #include <sys/ddi.h>
322 #include <sys/sunddi.h>
323 #include <sys/cmn_err.h>
324 #include <sys/sysmacros.h>
325 #include <sys/stream.h>
326 #include <sys/strsun.h>
327 #include <sys/strsubr.h>
328 #include <sys/filio.h>
329 
330 #define	USBDRV_MAJOR_VER	2
331 #define	USBDRV_MINOR_VER	0
332 #include <sys/usb/usba.h>
333 #include <sys/usb/usba/usbai_private.h>
334 #include <sys/usb/clients/ccid/ccid.h>
335 #include <sys/usb/clients/ccid/uccid.h>
336 
337 #include <atr.h>
338 
339 /*
340  * Set the amount of parallelism we'll want to have from kernel threads which
341  * are processing CCID requests. This is used to size the number of asynchronous
342  * requests in the pipe policy. A single command can only ever be outstanding to
343  * a single slot. However, multiple slots may potentially be able to be
344  * scheduled in parallel. However, we don't actually support this at all and
345  * we'll only ever issue a single command. This basically covers the ability to
346  * have some other asynchronous operation outstanding if needed.
347  */
348 #define	CCID_NUM_ASYNC_REQS	2
349 
350 /*
351  * This is the number of Bulk-IN requests that we will have cached per CCID
352  * device. While many commands will generate a single response, the commands
353  * also have the ability to generate time extensions, which means that we'll
354  * want to be able to schedule another Bulk-IN request immediately. If we run
355  * out, we will attempt to refill said cache and will not fail commands
356  * needlessly.
357  */
358 #define	CCID_BULK_NALLOCED		16
359 
360 /*
361  * This is a time in seconds for the bulk-out command to run and be submitted.
362  */
363 #define	CCID_BULK_OUT_TIMEOUT	5
364 #define	CCID_BULK_IN_TIMEOUT	5
365 
366 /*
367  * There are two different Interrupt-IN packets that we might receive. The
368  * first, RDR_to_PC_HardwareError, is a fixed four byte packet. However, the
369  * other one, RDR_to_PC_NotifySlotChange, varies in size as it has two bits per
370  * potential slot plus one byte that's always used. The maximum number of slots
371  * in a device is 256. This means there can be up to 64 bytes worth of data plus
372  * the extra byte, so 65 bytes.
373  */
374 #define	CCID_INTR_RESPONSE_SIZE	65
375 
376 /*
377  * Minimum and maximum minor ids. We treat the maximum valid 32-bit minor as
378  * what we can use due to issues in some file systems and the minors that they
379  * can use. We reserved zero as an invalid minor number to make it easier to
380  * tell if things have been initialized or not.
381  */
382 #define	CCID_MINOR_MIN		1
383 #define	CCID_MINOR_MAX		MAXMIN32
384 #define	CCID_MINOR_INVALID	0
385 
386 /*
387  * This value represents the minimum size value that we require in the CCID
388  * class descriptor's dwMaxCCIDMessageLength member. We got to 64 bytes based on
389  * the required size of a bulk transfer packet size. Especially as many CCID
390  * devices are these class of speeds. The specification does require that the
391  * minimum size of the dwMaxCCIDMessageLength member is at least the size of its
392  * bulk endpoint packet size.
393  */
394 #define	CCID_MIN_MESSAGE_LENGTH	64
395 
396 /*
397  * Required forward declarations.
398  */
399 struct ccid;
400 struct ccid_slot;
401 struct ccid_minor;
402 struct ccid_command;
403 
404 /*
405  * This structure is used to map between the global set of minor numbers and the
406  * things represented by them.
407  *
408  * We have two different kinds of  minor nodes. The first are CCID slots. The
409  * second are cloned opens of those slots. Each of these items has a
410  * ccid_minor_idx_t embedded in them that is used to index them in an AVL tree.
411  * Given that the number of entries that should be present here is unlikely to
412  * be terribly large at any given time, it is hoped that an AVL tree will
413  * suffice for now.
414  */
415 typedef struct ccid_minor_idx {
416 	id_t cmi_minor;
417 	avl_node_t cmi_avl;
418 	boolean_t cmi_isslot;
419 	union {
420 		struct ccid_slot *cmi_slot;
421 		struct ccid_minor *cmi_user;
422 	} cmi_data;
423 } ccid_minor_idx_t;
424 
425 typedef enum ccid_minor_flags {
426 	CCID_MINOR_F_WAITING		= 1 << 0,
427 	CCID_MINOR_F_HAS_EXCL		= 1 << 1,
428 	CCID_MINOR_F_TXN_RESET		= 1 << 2,
429 	CCID_MINOR_F_READ_WAITING	= 1 << 3,
430 	CCID_MINOR_F_WRITABLE		= 1 << 4,
431 } ccid_minor_flags_t;
432 
433 typedef struct ccid_minor {
434 	ccid_minor_idx_t	cm_idx;		/* write-once */
435 	cred_t			*cm_opener;	/* write-once */
436 	struct ccid_slot	*cm_slot;	/* write-once */
437 	list_node_t		cm_minor_list;
438 	list_node_t		cm_excl_list;
439 	kcondvar_t		cm_read_cv;
440 	kcondvar_t		cm_iowait_cv;
441 	kcondvar_t		cm_excl_cv;
442 	ccid_minor_flags_t	cm_flags;
443 	struct pollhead		cm_pollhead;
444 } ccid_minor_t;
445 
446 typedef enum ccid_slot_flags {
447 	CCID_SLOT_F_CHANGED		= 1 << 0,
448 	CCID_SLOT_F_INTR_GONE		= 1 << 1,
449 	CCID_SLOT_F_INTR_ADD		= 1 << 2,
450 	CCID_SLOT_F_PRESENT		= 1 << 3,
451 	CCID_SLOT_F_ACTIVE		= 1 << 4,
452 	CCID_SLOT_F_NEED_TXN_RESET	= 1 << 5,
453 	CCID_SLOT_F_NEED_IO_TEARDOWN	= 1 << 6,
454 	CCID_SLOT_F_INTR_OVERCURRENT	= 1 << 7,
455 } ccid_slot_flags_t;
456 
457 #define	CCID_SLOT_F_INTR_MASK	(CCID_SLOT_F_CHANGED | CCID_SLOT_F_INTR_GONE | \
458     CCID_SLOT_F_INTR_ADD)
459 #define	CCID_SLOT_F_WORK_MASK	(CCID_SLOT_F_INTR_MASK | \
460     CCID_SLOT_F_NEED_TXN_RESET | CCID_SLOT_F_INTR_OVERCURRENT)
461 #define	CCID_SLOT_F_NOEXCL_MASK	(CCID_SLOT_F_NEED_TXN_RESET | \
462     CCID_SLOT_F_NEED_IO_TEARDOWN)
463 
464 typedef void (*icc_init_func_t)(struct ccid *, struct ccid_slot *);
465 typedef int (*icc_transmit_func_t)(struct ccid *, struct ccid_slot *);
466 typedef void (*icc_complete_func_t)(struct ccid *, struct ccid_slot *,
467     struct ccid_command *);
468 typedef void (*icc_teardown_func_t)(struct ccid *, struct ccid_slot *, int);
469 typedef void (*icc_fini_func_t)(struct ccid *, struct ccid_slot *);
470 
471 typedef struct ccid_icc {
472 	atr_data_t		*icc_atr_data;
473 	atr_protocol_t		icc_protocols;
474 	atr_protocol_t		icc_cur_protocol;
475 	ccid_params_t		icc_params;
476 	icc_init_func_t		icc_init;
477 	icc_transmit_func_t	icc_tx;
478 	icc_complete_func_t	icc_complete;
479 	icc_teardown_func_t	icc_teardown;
480 	icc_fini_func_t		icc_fini;
481 } ccid_icc_t;
482 
483 /*
484  * Structure used to take care of and map I/O requests and things. This may not
485  * make sense as we develop the T=0 and T=1 code.
486  */
487 typedef enum ccid_io_flags {
488 	/*
489 	 * This flag is used during the period that a thread has started calling
490 	 * into ccid_write(9E), but before it has finished queuing up the write.
491 	 * This blocks pollout or another thread in write.
492 	 */
493 	CCID_IO_F_PREPARING	= 1 << 0,
494 	/*
495 	 * This flag is used once a ccid_write() ICC tx function has
496 	 * successfully completed. While this is set, the device is not
497 	 * writable; however, it is legal to call ccid_read() and block. This
498 	 * flag will remain set until the actual write is done. This indicates
499 	 * that the transmission protocol has finished.
500 	 */
501 	CCID_IO_F_IN_PROGRESS	= 1 << 1,
502 	/*
503 	 * This flag is used to indicate that the logical I/O has completed in
504 	 * one way or the other and that a reader can consume data. When this
505 	 * flag is set, then POLLIN | POLLRDNORM should be signaled. Until the
506 	 * I/O is consumed via ccid_read(), calls to ccid_write() will fail with
507 	 * EBUSY. When this flag is set, the kernel protocol level should be
508 	 * idle and it should be safe to tear down.
509 	 */
510 	CCID_IO_F_DONE		= 1 << 2,
511 } ccid_io_flags_t;
512 
513 /*
514  * If any of the flags in the POLLOUT group are set, then the device is not
515  * writeable. The same distinction isn't true for POLLIN. We are only readable
516  * if CCID_IO_F_DONE is set. However, you are allowed to call read as soon as
517  * CCID_IO_F_IN_PROGRESS is set.
518  */
519 #define	CCID_IO_F_POLLOUT_FLAGS	(CCID_IO_F_PREPARING | CCID_IO_F_IN_PROGRESS | \
520     CCID_IO_F_DONE)
521 #define	CCID_IO_F_ALL_FLAGS	(CCID_IO_F_PREPARING | CCID_IO_F_IN_PROGRESS | \
522     CCID_IO_F_DONE | CCID_IO_F_ABANDONED)
523 
524 typedef struct ccid_io {
525 	ccid_io_flags_t	ci_flags;
526 	size_t		ci_ilen;
527 	uint8_t		ci_ibuf[CCID_APDU_LEN_MAX];
528 	mblk_t		*ci_omp;
529 	kcondvar_t	ci_cv;
530 	struct ccid_command *ci_command;
531 	int		ci_errno;
532 	mblk_t		*ci_data;
533 } ccid_io_t;
534 
535 typedef struct ccid_slot {
536 	ccid_minor_idx_t	cs_idx;		/* WO */
537 	uint_t			cs_slotno;	/* WO */
538 	struct ccid		*cs_ccid;	/* WO */
539 	ccid_slot_flags_t	cs_flags;
540 	ccid_class_voltage_t	cs_voltage;
541 	mblk_t			*cs_atr;
542 	struct ccid_command	*cs_command;
543 	ccid_minor_t		*cs_excl_minor;
544 	list_t			cs_excl_waiters;
545 	list_t			cs_minors;
546 	ccid_icc_t		cs_icc;
547 	ccid_io_t		cs_io;
548 } ccid_slot_t;
549 
550 typedef enum ccid_attach_state {
551 	CCID_ATTACH_USB_CLIENT	= 1 << 0,
552 	CCID_ATTACH_MUTEX_INIT	= 1 << 1,
553 	CCID_ATTACH_TASKQ	= 1 << 2,
554 	CCID_ATTACH_CMD_LIST	= 1 << 3,
555 	CCID_ATTACH_OPEN_PIPES	= 1 << 4,
556 	CCID_ATTACH_SEQ_IDS	= 1 << 5,
557 	CCID_ATTACH_SLOTS	= 1 << 6,
558 	CCID_ATTACH_HOTPLUG_CB	= 1 << 7,
559 	CCID_ATTACH_INTR_ACTIVE	= 1 << 8,
560 	CCID_ATTACH_MINORS	= 1 << 9,
561 } ccid_attach_state_t;
562 
563 typedef enum ccid_flags {
564 	CCID_F_HAS_INTR		= 1 << 0,
565 	CCID_F_NEEDS_PPS	= 1 << 1,
566 	CCID_F_NEEDS_PARAMS	= 1 << 2,
567 	CCID_F_NEEDS_DATAFREQ	= 1 << 3,
568 	CCID_F_DETACHING	= 1 << 5,
569 	CCID_F_WORKER_REQUESTED	= 1 << 6,
570 	CCID_F_WORKER_RUNNING	= 1 << 7,
571 	CCID_F_DISCONNECTED	= 1 << 8
572 } ccid_flags_t;
573 
574 #define	CCID_F_DEV_GONE_MASK	(CCID_F_DETACHING | CCID_F_DISCONNECTED)
575 #define	CCID_F_WORKER_MASK	(CCID_F_WORKER_REQUESTED | \
576     CCID_F_WORKER_RUNNING)
577 
578 typedef struct ccid_stats {
579 	uint64_t	cst_intr_errs;
580 	uint64_t	cst_intr_restart;
581 	uint64_t	cst_intr_unknown;
582 	uint64_t	cst_intr_slot_change;
583 	uint64_t	cst_intr_hwerr;
584 	uint64_t	cst_intr_inval;
585 	uint64_t	cst_ndiscover;
586 	hrtime_t	cst_lastdiscover;
587 } ccid_stats_t;
588 
589 typedef struct ccid {
590 	dev_info_t		*ccid_dip;
591 	kmutex_t		ccid_mutex;
592 	ccid_attach_state_t	ccid_attach;
593 	ccid_flags_t		ccid_flags;
594 	id_space_t		*ccid_seqs;
595 	ddi_taskq_t		*ccid_taskq;
596 	usb_client_dev_data_t	*ccid_dev_data;
597 	ccid_class_descr_t	ccid_class;		/* WO */
598 	usb_ep_xdescr_t		ccid_bulkin_xdesc;	/* WO */
599 	usb_pipe_handle_t	ccid_bulkin_pipe;	/* WO */
600 	usb_ep_xdescr_t		ccid_bulkout_xdesc;	/* WO */
601 	usb_pipe_handle_t	ccid_bulkout_pipe;	/* WO */
602 	usb_ep_xdescr_t		ccid_intrin_xdesc;	/* WO */
603 	usb_pipe_handle_t	ccid_intrin_pipe;	/* WO */
604 	usb_pipe_handle_t	ccid_control_pipe;	/* WO */
605 	uint_t			ccid_nslots;		/* WO */
606 	size_t			ccid_bufsize;		/* WO */
607 	ccid_slot_t		*ccid_slots;
608 	timeout_id_t		ccid_poll_timeout;
609 	ccid_stats_t		ccid_stats;
610 	list_t			ccid_command_queue;
611 	list_t			ccid_complete_queue;
612 	usb_bulk_req_t		*ccid_bulkin_cache[CCID_BULK_NALLOCED];
613 	uint_t			ccid_bulkin_alloced;
614 	usb_bulk_req_t		*ccid_bulkin_dispatched;
615 } ccid_t;
616 
617 /*
618  * Command structure for an individual CCID command that we issue to a
619  * controller. Note that the command caches a copy of some of the data that's
620  * normally inside the CCID header in host-endian fashion.
621  */
622 typedef enum ccid_command_state {
623 	CCID_COMMAND_ALLOCATED	= 0x0,
624 	CCID_COMMAND_QUEUED,
625 	CCID_COMMAND_DISPATCHED,
626 	CCID_COMMAND_REPLYING,
627 	CCID_COMMAND_COMPLETE,
628 	CCID_COMMAND_TRANSPORT_ERROR,
629 	CCID_COMMAND_CCID_ABORTED
630 } ccid_command_state_t;
631 
632 typedef enum ccid_command_flags {
633 	CCID_COMMAND_F_USER	= 1 << 0,
634 } ccid_command_flags_t;
635 
636 typedef struct ccid_command {
637 	list_node_t		cc_list_node;
638 	kcondvar_t		cc_cv;
639 	uint8_t			cc_mtype;
640 	ccid_response_code_t	cc_rtype;
641 	uint8_t			cc_slot;
642 	ccid_command_state_t	cc_state;
643 	ccid_command_flags_t	cc_flags;
644 	int			cc_usb;
645 	usb_cr_t		cc_usbcr;
646 	size_t			cc_reqlen;
647 	id_t			cc_seq;
648 	usb_bulk_req_t		*cc_ubrp;
649 	ccid_t			*cc_ccid;
650 	hrtime_t		cc_queue_time;
651 	hrtime_t		cc_dispatch_time;
652 	hrtime_t		cc_dispatch_cb_time;
653 	hrtime_t		cc_response_time;
654 	hrtime_t		cc_completion_time;
655 	mblk_t			*cc_response;
656 } ccid_command_t;
657 
658 /*
659  * ddi_soft_state(9F) pointer. This is used for instances of a CCID controller.
660  */
661 static void *ccid_softstate;
662 
663 /*
664  * This is used to keep track of our minor nodes.
665  */
666 static kmutex_t ccid_idxlock;
667 static avl_tree_t ccid_idx;
668 static id_space_t *ccid_minors;
669 
670 /*
671  * Required Forwards
672  */
673 static void ccid_intr_poll_init(ccid_t *);
674 static void ccid_worker_request(ccid_t *);
675 static void ccid_command_dispatch(ccid_t *);
676 static void ccid_command_free(ccid_command_t *);
677 static int ccid_bulkin_schedule(ccid_t *);
678 static void ccid_command_bcopy(ccid_command_t *, const void *, size_t);
679 
680 static int ccid_write_apdu(ccid_t *, ccid_slot_t *);
681 static void ccid_complete_apdu(ccid_t *, ccid_slot_t *, ccid_command_t *);
682 static void ccid_teardown_apdu(ccid_t *, ccid_slot_t *, int);
683 
684 
685 static int
686 ccid_idx_comparator(const void *l, const void *r)
687 {
688 	const ccid_minor_idx_t *lc = l, *rc = r;
689 
690 	if (lc->cmi_minor > rc->cmi_minor)
691 		return (1);
692 	if (lc->cmi_minor < rc->cmi_minor)
693 		return (-1);
694 	return (0);
695 }
696 
697 static void
698 ccid_error(ccid_t *ccid, const char *fmt, ...)
699 {
700 	va_list ap;
701 
702 	va_start(ap, fmt);
703 	if (ccid != NULL) {
704 		vdev_err(ccid->ccid_dip, CE_WARN, fmt, ap);
705 	} else {
706 		vcmn_err(CE_WARN, fmt, ap);
707 	}
708 	va_end(ap);
709 }
710 
711 static void
712 ccid_minor_idx_free(ccid_minor_idx_t *idx)
713 {
714 	ccid_minor_idx_t *ip;
715 
716 	VERIFY3S(idx->cmi_minor, !=, CCID_MINOR_INVALID);
717 	mutex_enter(&ccid_idxlock);
718 	ip = avl_find(&ccid_idx, idx, NULL);
719 	VERIFY3P(idx, ==, ip);
720 	avl_remove(&ccid_idx, idx);
721 	id_free(ccid_minors, idx->cmi_minor);
722 	idx->cmi_minor = CCID_MINOR_INVALID;
723 	mutex_exit(&ccid_idxlock);
724 }
725 
726 static boolean_t
727 ccid_minor_idx_alloc(ccid_minor_idx_t *idx, boolean_t sleep)
728 {
729 	id_t id;
730 
731 	mutex_enter(&ccid_idxlock);
732 	if (sleep) {
733 		id = id_alloc(ccid_minors);
734 	} else {
735 		id = id_alloc_nosleep(ccid_minors);
736 	}
737 	if (id == -1) {
738 		mutex_exit(&ccid_idxlock);
739 		return (B_FALSE);
740 	}
741 	idx->cmi_minor = id;
742 	avl_add(&ccid_idx, idx);
743 	mutex_exit(&ccid_idxlock);
744 
745 	return (B_TRUE);
746 }
747 
748 static ccid_minor_idx_t *
749 ccid_minor_find(minor_t m)
750 {
751 	ccid_minor_idx_t i = { 0 };
752 	ccid_minor_idx_t *ret;
753 
754 	i.cmi_minor = m;
755 	mutex_enter(&ccid_idxlock);
756 	ret = avl_find(&ccid_idx, &i, NULL);
757 	mutex_exit(&ccid_idxlock);
758 
759 	return (ret);
760 }
761 
762 static ccid_minor_idx_t *
763 ccid_minor_find_user(minor_t m)
764 {
765 	ccid_minor_idx_t *idx;
766 
767 	idx = ccid_minor_find(m);
768 	if (idx == NULL) {
769 		return (NULL);
770 	}
771 	VERIFY0(idx->cmi_isslot);
772 	return (idx);
773 }
774 
775 static void
776 ccid_clear_io(ccid_io_t *io)
777 {
778 	freemsg(io->ci_data);
779 	io->ci_data = NULL;
780 	io->ci_errno = 0;
781 	io->ci_flags &= ~CCID_IO_F_DONE;
782 	io->ci_ilen = 0;
783 	bzero(io->ci_ibuf, sizeof (io->ci_ibuf));
784 }
785 
786 /*
787  * Check if the conditions are met to signal the next exclusive holder. For this
788  * to be true, there should be no one holding it. In addition, there must be
789  * someone in the queue waiting. Finally, we want to make sure that the ICC, if
790  * present, is in a state where it could handle these kinds of issues. That
791  * means that we shouldn't have an outstanding I/O question or warm reset
792  * ongoing. However, we must not block this on the condition of an ICC being
793  * present. But, if the reader has been disconnected, don't signal anyone.
794  */
795 static void
796 ccid_slot_excl_maybe_signal(ccid_slot_t *slot)
797 {
798 	ccid_minor_t *cmp;
799 
800 	VERIFY(MUTEX_HELD(&slot->cs_ccid->ccid_mutex));
801 
802 	if ((slot->cs_ccid->ccid_flags & CCID_F_DISCONNECTED) != 0)
803 		return;
804 	if (slot->cs_excl_minor != NULL)
805 		return;
806 	if ((slot->cs_flags & CCID_SLOT_F_NOEXCL_MASK) != 0)
807 		return;
808 	cmp = list_head(&slot->cs_excl_waiters);
809 	if (cmp == NULL)
810 		return;
811 	cv_signal(&cmp->cm_excl_cv);
812 }
813 
814 static void
815 ccid_slot_excl_rele(ccid_slot_t *slot)
816 {
817 	ccid_minor_t *cmp;
818 	ccid_t *ccid = slot->cs_ccid;
819 
820 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
821 	VERIFY3P(slot->cs_excl_minor, !=, NULL);
822 
823 	cmp = slot->cs_excl_minor;
824 
825 	/*
826 	 * If we have an outstanding command left by the user when they've
827 	 * closed the slot, we need to clean up this command. We need to call
828 	 * the protocol specific handler here to determine what to do. If the
829 	 * command has completed, but the user has never called read, then it
830 	 * will simply clean it up. Otherwise it will indicate that there is
831 	 * some amount of external state still ongoing to take care of and clean
832 	 * up later.
833 	 */
834 	if (slot->cs_icc.icc_teardown != NULL) {
835 		slot->cs_icc.icc_teardown(ccid, slot, ECANCELED);
836 	}
837 
838 	/*
839 	 * There may either be a thread blocked in read or in the process of
840 	 * preparing a write. In either case, we need to make sure that they're
841 	 * woken up or finish, before we finish tear down.
842 	 */
843 	while ((cmp->cm_flags & CCID_MINOR_F_READ_WAITING) != 0 ||
844 	    (slot->cs_io.ci_flags & CCID_IO_F_PREPARING) != 0) {
845 		cv_wait(&cmp->cm_iowait_cv, &ccid->ccid_mutex);
846 	}
847 
848 	/*
849 	 * At this point, we hold the lock and there should be no other threads
850 	 * that are past the basic sanity checks. So at this point, note that
851 	 * this minor no longer has exclusive access (causing other read/write
852 	 * calls to fail) and start the process of cleaning up the outstanding
853 	 * I/O on the slot. It is OK that at this point the thread may try to
854 	 * obtain exclusive access again. It will end up blocking on everything
855 	 * else.
856 	 */
857 	cmp->cm_flags &= ~CCID_MINOR_F_HAS_EXCL;
858 	slot->cs_excl_minor = NULL;
859 
860 	/*
861 	 * If at this point, we have an I/O that's noted as being done, but no
862 	 * one blocked in read, then we need to clean that up. The ICC teardown
863 	 * function is only designed to take care of in-flight I/Os.
864 	 */
865 	if ((slot->cs_io.ci_flags & CCID_IO_F_DONE) != 0)
866 		ccid_clear_io(&slot->cs_io);
867 
868 	/*
869 	 * Regardless of when we're polling, we need to go through and error
870 	 * out.
871 	 */
872 	pollwakeup(&cmp->cm_pollhead, POLLERR);
873 
874 	/*
875 	 * If we've been asked to reset the card before handing it off, schedule
876 	 * that. Otherwise, allow the next entry in the queue to get woken up
877 	 * and given access to the card.
878 	 */
879 	if ((cmp->cm_flags & CCID_MINOR_F_TXN_RESET) != 0) {
880 		slot->cs_flags |= CCID_SLOT_F_NEED_TXN_RESET;
881 		ccid_worker_request(ccid);
882 		cmp->cm_flags &= ~CCID_MINOR_F_TXN_RESET;
883 	} else {
884 		ccid_slot_excl_maybe_signal(slot);
885 	}
886 }
887 
888 static int
889 ccid_slot_excl_req(ccid_slot_t *slot, ccid_minor_t *cmp, boolean_t nosleep)
890 {
891 	VERIFY(MUTEX_HELD(&slot->cs_ccid->ccid_mutex));
892 
893 	if (slot->cs_excl_minor == cmp) {
894 		VERIFY((cmp->cm_flags & CCID_MINOR_F_HAS_EXCL) != 0);
895 		return (EEXIST);
896 	}
897 
898 	if ((cmp->cm_flags & CCID_MINOR_F_WAITING) != 0) {
899 		return (EINPROGRESS);
900 	}
901 
902 	/*
903 	 * If we were asked to try and fail quickly, do that before the main
904 	 * loop.
905 	 */
906 	if (nosleep && slot->cs_excl_minor != NULL &&
907 	    (slot->cs_flags & CCID_SLOT_F_NOEXCL_MASK) == 0) {
908 		return (EBUSY);
909 	}
910 
911 	/*
912 	 * Mark that we're waiting in case we race with another thread trying to
913 	 * claim exclusive access for this. Insert ourselves on the wait list.
914 	 * If for some reason we get a signal, then we can't know for certain if
915 	 * we had a signal / cv race. In such a case, we always wake up the
916 	 * next person in the queue (potentially spuriously).
917 	 */
918 	cmp->cm_flags |= CCID_MINOR_F_WAITING;
919 	list_insert_tail(&slot->cs_excl_waiters, cmp);
920 	while (slot->cs_excl_minor != NULL ||
921 	    (slot->cs_flags & CCID_SLOT_F_NOEXCL_MASK) != 0) {
922 		if (cv_wait_sig(&cmp->cm_excl_cv, &slot->cs_ccid->ccid_mutex) ==
923 		    0) {
924 			/*
925 			 * Remove ourselves from the list and try to signal the
926 			 * next thread.
927 			 */
928 			list_remove(&slot->cs_excl_waiters, cmp);
929 			cmp->cm_flags &= ~CCID_MINOR_F_WAITING;
930 			ccid_slot_excl_maybe_signal(slot);
931 			return (EINTR);
932 		}
933 
934 		/*
935 		 * Check if the reader is going away. If so, then we're done
936 		 * here.
937 		 */
938 		if ((slot->cs_ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
939 			list_remove(&slot->cs_excl_waiters, cmp);
940 			cmp->cm_flags &= ~CCID_MINOR_F_WAITING;
941 			return (ENODEV);
942 		}
943 	}
944 
945 	VERIFY0(slot->cs_flags & CCID_SLOT_F_NOEXCL_MASK);
946 	list_remove(&slot->cs_excl_waiters, cmp);
947 
948 	cmp->cm_flags &= ~CCID_MINOR_F_WAITING;
949 	cmp->cm_flags |= CCID_MINOR_F_HAS_EXCL;
950 	slot->cs_excl_minor = cmp;
951 	return (0);
952 }
953 
954 /*
955  * Check whether or not we're in a state that we can signal a POLLIN. To be able
956  * to signal a POLLIN (meaning that we can read) the following must be true:
957  *
958  *   o There is a client that has an exclusive hold open
959  *   o There is a data which is readable by the client (an I/O is done).
960  *
961  * Unlike with pollout, we don't care about the state of the ICC.
962  */
963 static void
964 ccid_slot_pollin_signal(ccid_slot_t *slot)
965 {
966 	ccid_t *ccid = slot->cs_ccid;
967 	ccid_minor_t *cmp = slot->cs_excl_minor;
968 
969 	if (cmp == NULL)
970 		return;
971 
972 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
973 
974 	if ((slot->cs_io.ci_flags & CCID_IO_F_DONE) == 0)
975 		return;
976 
977 	pollwakeup(&cmp->cm_pollhead, POLLIN | POLLRDNORM);
978 }
979 
980 /*
981  * Check whether or not we're in a state that we can signal a POLLOUT. To be
982  * able to signal a POLLOUT (meaning that we can write) the following must be
983  * true:
984  *
985  *   o There is a minor which has an exclusive hold on the device
986  *   o There is no outstanding I/O activity going on, meaning that there is no
987  *     operation in progress and any write data has been consumed.
988  *   o There is an ICC present
989  *   o There is no outstanding I/O cleanup being done, whether a T=1 abort, a
990  *     warm reset, or something else.
991  */
992 static void
993 ccid_slot_pollout_signal(ccid_slot_t *slot)
994 {
995 	ccid_t *ccid = slot->cs_ccid;
996 	ccid_minor_t *cmp = slot->cs_excl_minor;
997 
998 	if (cmp == NULL)
999 		return;
1000 
1001 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
1002 
1003 	if ((slot->cs_io.ci_flags & CCID_IO_F_POLLOUT_FLAGS) != 0 ||
1004 	    (slot->cs_flags & CCID_SLOT_F_ACTIVE) == 0 ||
1005 	    (ccid->ccid_flags & CCID_F_DEV_GONE_MASK) != 0 ||
1006 	    (slot->cs_flags & CCID_SLOT_F_NEED_IO_TEARDOWN) != 0)
1007 		return;
1008 
1009 	pollwakeup(&cmp->cm_pollhead, POLLOUT);
1010 }
1011 
1012 static void
1013 ccid_slot_io_teardown_done(ccid_slot_t *slot)
1014 {
1015 	ccid_t *ccid = slot->cs_ccid;
1016 
1017 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
1018 	slot->cs_flags &= ~CCID_SLOT_F_NEED_IO_TEARDOWN;
1019 	cv_broadcast(&slot->cs_io.ci_cv);
1020 
1021 	ccid_slot_pollout_signal(slot);
1022 }
1023 
1024 /*
1025  * This will probably need to change when we start doing TPDU processing.
1026  */
1027 static size_t
1028 ccid_command_resp_length(ccid_command_t *cc)
1029 {
1030 	uint32_t len;
1031 	const ccid_header_t *cch;
1032 
1033 	VERIFY3P(cc, !=, NULL);
1034 	VERIFY3P(cc->cc_response, !=, NULL);
1035 
1036 	/*
1037 	 * Fetch out an arbitrarily aligned LE uint32_t value from the header.
1038 	 */
1039 	cch = (ccid_header_t *)cc->cc_response->b_rptr;
1040 	bcopy(&cch->ch_length, &len, sizeof (len));
1041 	len = LE_32(len);
1042 	return (len);
1043 }
1044 
1045 static uint8_t
1046 ccid_command_resp_param2(ccid_command_t *cc)
1047 {
1048 	const ccid_header_t *cch;
1049 	uint8_t val;
1050 
1051 	VERIFY3P(cc, !=, NULL);
1052 	VERIFY3P(cc->cc_response, !=, NULL);
1053 
1054 	cch = (ccid_header_t *)cc->cc_response->b_rptr;
1055 	bcopy(&cch->ch_param2, &val, sizeof (val));
1056 	return (val);
1057 }
1058 
1059 /*
1060  * Complete a single command. The way that a command completes depends on the
1061  * kind of command that occurs. If this command is flagged as a user command,
1062  * that implies that it must be handled in a different way from administrative
1063  * commands. User commands are placed into the minor to consume via a read(9E).
1064  * Non-user commands are placed into a completion queue and must be picked up
1065  * via the ccid_command_poll() interface.
1066  */
1067 static void
1068 ccid_command_complete(ccid_command_t *cc)
1069 {
1070 	ccid_t *ccid = cc->cc_ccid;
1071 
1072 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
1073 	cc->cc_completion_time = gethrtime();
1074 	list_remove(&ccid->ccid_command_queue, cc);
1075 
1076 	if (cc->cc_flags & CCID_COMMAND_F_USER) {
1077 		ccid_slot_t *slot;
1078 
1079 		slot = &ccid->ccid_slots[cc->cc_slot];
1080 		ASSERT3P(slot->cs_icc.icc_complete, !=, NULL);
1081 		slot->cs_icc.icc_complete(ccid, slot, cc);
1082 	} else {
1083 		list_insert_tail(&ccid->ccid_complete_queue, cc);
1084 		cv_broadcast(&cc->cc_cv);
1085 	}
1086 
1087 	/*
1088 	 * Finally, we also need to kick off the next command.
1089 	 */
1090 	ccid_command_dispatch(ccid);
1091 }
1092 
1093 static void
1094 ccid_command_state_transition(ccid_command_t *cc, ccid_command_state_t state)
1095 {
1096 	VERIFY(MUTEX_HELD(&cc->cc_ccid->ccid_mutex));
1097 
1098 	cc->cc_state = state;
1099 	cv_broadcast(&cc->cc_cv);
1100 }
1101 
1102 static void
1103 ccid_command_transport_error(ccid_command_t *cc, int usb_status, usb_cr_t cr)
1104 {
1105 	VERIFY(MUTEX_HELD(&cc->cc_ccid->ccid_mutex));
1106 
1107 	ccid_command_state_transition(cc, CCID_COMMAND_TRANSPORT_ERROR);
1108 	cc->cc_usb = usb_status;
1109 	cc->cc_usbcr = cr;
1110 	cc->cc_response = NULL;
1111 
1112 	ccid_command_complete(cc);
1113 }
1114 
1115 static void
1116 ccid_command_status_decode(ccid_command_t *cc,
1117     ccid_reply_command_status_t *comp, ccid_reply_icc_status_t *iccp,
1118     ccid_command_err_t *errp)
1119 {
1120 	ccid_header_t cch;
1121 	size_t mblen;
1122 
1123 	VERIFY3S(cc->cc_state, ==, CCID_COMMAND_COMPLETE);
1124 	VERIFY3P(cc->cc_response, !=, NULL);
1125 	mblen = msgsize(cc->cc_response);
1126 	VERIFY3U(mblen, >=, sizeof (cch));
1127 
1128 	bcopy(cc->cc_response->b_rptr, &cch, sizeof (cch));
1129 	if (comp != NULL) {
1130 		*comp = CCID_REPLY_STATUS(cch.ch_param0);
1131 	}
1132 
1133 	if (iccp != NULL) {
1134 		*iccp = CCID_REPLY_ICC(cch.ch_param0);
1135 	}
1136 
1137 	if (errp != NULL) {
1138 		*errp = cch.ch_param1;
1139 	}
1140 }
1141 
1142 static void
1143 ccid_reply_bulk_cb(usb_pipe_handle_t ph, usb_bulk_req_t *ubrp)
1144 {
1145 	size_t mlen;
1146 	ccid_t *ccid;
1147 	ccid_slot_t *slot;
1148 	ccid_header_t cch;
1149 	ccid_command_t *cc;
1150 
1151 	boolean_t header_valid = B_FALSE;
1152 
1153 	VERIFY(ubrp->bulk_data != NULL);
1154 	mlen = msgsize(ubrp->bulk_data);
1155 	ccid = (ccid_t *)ubrp->bulk_client_private;
1156 	mutex_enter(&ccid->ccid_mutex);
1157 
1158 	/*
1159 	 * Before we do anything else, we should mark that this Bulk-IN request
1160 	 * is no longer being dispatched.
1161 	 */
1162 	VERIFY3P(ubrp, ==, ccid->ccid_bulkin_dispatched);
1163 	ccid->ccid_bulkin_dispatched = NULL;
1164 
1165 	if ((cc = list_head(&ccid->ccid_command_queue)) == NULL) {
1166 		/*
1167 		 * This is certainly an odd case. This means that we got some
1168 		 * response but there are no entries in the queue. Go ahead and
1169 		 * free this. We're done here.
1170 		 */
1171 		mutex_exit(&ccid->ccid_mutex);
1172 		usb_free_bulk_req(ubrp);
1173 		return;
1174 	}
1175 
1176 	if (mlen >= sizeof (ccid_header_t)) {
1177 		bcopy(ubrp->bulk_data->b_rptr, &cch, sizeof (cch));
1178 		header_valid = B_TRUE;
1179 	}
1180 
1181 	/*
1182 	 * If the current command isn't in the replying state, then something is
1183 	 * clearly wrong and this probably isn't intended for the current
1184 	 * command. That said, if we have enough bytes, let's check the sequence
1185 	 * number as that might be indicative of a bug otherwise.
1186 	 */
1187 	if (cc->cc_state != CCID_COMMAND_REPLYING) {
1188 		if (header_valid) {
1189 			VERIFY3S(cch.ch_seq, !=, cc->cc_seq);
1190 		}
1191 		mutex_exit(&ccid->ccid_mutex);
1192 		usb_free_bulk_req(ubrp);
1193 		return;
1194 	}
1195 
1196 	/*
1197 	 * CCID section 6.2.7 says that if we get a short or zero length packet,
1198 	 * then we need to treat that as though the running command was aborted
1199 	 * for some reason. However, section 3.1.3 talks about sending zero
1200 	 * length packets on general principle.  To further complicate things,
1201 	 * we don't have the sequence number.
1202 	 *
1203 	 * If we have an outstanding command still, then we opt to treat the
1204 	 * zero length packet as an abort.
1205 	 */
1206 	if (!header_valid) {
1207 		ccid_command_state_transition(cc, CCID_COMMAND_CCID_ABORTED);
1208 		ccid_command_complete(cc);
1209 		mutex_exit(&ccid->ccid_mutex);
1210 		usb_free_bulk_req(ubrp);
1211 		return;
1212 	}
1213 
1214 	slot = &ccid->ccid_slots[cc->cc_slot];
1215 
1216 	/*
1217 	 * If the sequence or slot number don't match the head of the list or
1218 	 * the response type is unexpected for this command then we should be
1219 	 * very suspect of the hardware at this point. At a minimum we should
1220 	 * fail this command and issue a reset.
1221 	 */
1222 	if (cch.ch_seq != cc->cc_seq ||
1223 	    cch.ch_slot != cc->cc_slot ||
1224 	    cch.ch_mtype != cc->cc_rtype) {
1225 		ccid_command_state_transition(cc, CCID_COMMAND_CCID_ABORTED);
1226 		ccid_command_complete(cc);
1227 		slot->cs_flags |= CCID_SLOT_F_NEED_TXN_RESET;
1228 		ccid_worker_request(ccid);
1229 		mutex_exit(&ccid->ccid_mutex);
1230 		usb_free_bulk_req(ubrp);
1231 		return;
1232 	}
1233 
1234 	/*
1235 	 * Check that we have all the bytes that we were told we'd have. If we
1236 	 * don't, simulate this as an aborted command and issue a reset.
1237 	 */
1238 	if (LE_32(cch.ch_length) + sizeof (ccid_header_t) > mlen) {
1239 		ccid_command_state_transition(cc, CCID_COMMAND_CCID_ABORTED);
1240 		ccid_command_complete(cc);
1241 		slot->cs_flags |= CCID_SLOT_F_NEED_TXN_RESET;
1242 		ccid_worker_request(ccid);
1243 		mutex_exit(&ccid->ccid_mutex);
1244 		usb_free_bulk_req(ubrp);
1245 		return;
1246 	}
1247 
1248 	/*
1249 	 * This response is for us. Before we complete the command check to see
1250 	 * what the state of the command is. If the command indicates that more
1251 	 * time has been requested, then we need to schedule a new Bulk-IN
1252 	 * request.
1253 	 */
1254 	if (CCID_REPLY_STATUS(cch.ch_param0) == CCID_REPLY_STATUS_MORE_TIME) {
1255 		int ret;
1256 
1257 		ret = ccid_bulkin_schedule(ccid);
1258 		if (ret != USB_SUCCESS) {
1259 			ccid_command_transport_error(cc, ret, USB_CR_OK);
1260 			slot->cs_flags |= CCID_SLOT_F_NEED_TXN_RESET;
1261 			ccid_worker_request(ccid);
1262 		}
1263 		mutex_exit(&ccid->ccid_mutex);
1264 		usb_free_bulk_req(ubrp);
1265 		return;
1266 	}
1267 
1268 	/*
1269 	 * Take the message block from the Bulk-IN request and store it on the
1270 	 * command. We want this regardless if it succeeded, failed, or we have
1271 	 * some unexpected status value.
1272 	 */
1273 	cc->cc_response = ubrp->bulk_data;
1274 	ubrp->bulk_data = NULL;
1275 	ccid_command_state_transition(cc, CCID_COMMAND_COMPLETE);
1276 	ccid_command_complete(cc);
1277 	mutex_exit(&ccid->ccid_mutex);
1278 	usb_free_bulk_req(ubrp);
1279 }
1280 
1281 static void
1282 ccid_reply_bulk_exc_cb(usb_pipe_handle_t ph, usb_bulk_req_t *ubrp)
1283 {
1284 	ccid_t *ccid;
1285 	ccid_command_t *cc;
1286 
1287 	ccid = (ccid_t *)ubrp->bulk_client_private;
1288 	mutex_enter(&ccid->ccid_mutex);
1289 
1290 	/*
1291 	 * Before we do anything else, we should mark that this Bulk-IN request
1292 	 * is no longer being dispatched.
1293 	 */
1294 	VERIFY3P(ubrp, ==, ccid->ccid_bulkin_dispatched);
1295 	ccid->ccid_bulkin_dispatched = NULL;
1296 
1297 	/*
1298 	 * While there are many different reasons that the Bulk-IN request could
1299 	 * have failed, each of these are treated as a transport error. If we
1300 	 * have a dispatched command, then we treat this as corresponding to
1301 	 * that command. Otherwise, we drop this.
1302 	 */
1303 	if ((cc = list_head(&ccid->ccid_command_queue)) != NULL) {
1304 		if (cc->cc_state == CCID_COMMAND_REPLYING) {
1305 			ccid_command_transport_error(cc, USB_SUCCESS,
1306 			    ubrp->bulk_completion_reason);
1307 		}
1308 	}
1309 	mutex_exit(&ccid->ccid_mutex);
1310 	usb_free_bulk_req(ubrp);
1311 }
1312 
1313 /*
1314  * Fill the Bulk-IN cache. If we do not entirely fill this, that's fine. If
1315  * there are no scheduled resources then we'll deal with that when we actually
1316  * get there.
1317  */
1318 static void
1319 ccid_bulkin_cache_refresh(ccid_t *ccid)
1320 {
1321 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
1322 	while (ccid->ccid_bulkin_alloced < CCID_BULK_NALLOCED) {
1323 		usb_bulk_req_t *ubrp;
1324 
1325 		if ((ubrp = usb_alloc_bulk_req(ccid->ccid_dip,
1326 		    ccid->ccid_bufsize, 0)) == NULL)
1327 			return;
1328 
1329 		ubrp->bulk_len = ccid->ccid_bufsize;
1330 		ubrp->bulk_timeout = CCID_BULK_IN_TIMEOUT;
1331 		ubrp->bulk_client_private = (usb_opaque_t)ccid;
1332 		ubrp->bulk_attributes = USB_ATTRS_SHORT_XFER_OK |
1333 		    USB_ATTRS_AUTOCLEARING;
1334 		ubrp->bulk_cb = ccid_reply_bulk_cb;
1335 		ubrp->bulk_exc_cb = ccid_reply_bulk_exc_cb;
1336 
1337 		ccid->ccid_bulkin_cache[ccid->ccid_bulkin_alloced] = ubrp;
1338 		ccid->ccid_bulkin_alloced++;
1339 	}
1340 
1341 }
1342 
1343 static usb_bulk_req_t *
1344 ccid_bulkin_cache_get(ccid_t *ccid)
1345 {
1346 	usb_bulk_req_t *ubrp;
1347 
1348 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
1349 
1350 	if (ccid->ccid_bulkin_alloced == 0) {
1351 		ccid_bulkin_cache_refresh(ccid);
1352 		if (ccid->ccid_bulkin_alloced == 0)
1353 			return (NULL);
1354 	}
1355 
1356 	ccid->ccid_bulkin_alloced--;
1357 	ubrp = ccid->ccid_bulkin_cache[ccid->ccid_bulkin_alloced];
1358 	VERIFY3P(ubrp, !=, NULL);
1359 	ccid->ccid_bulkin_cache[ccid->ccid_bulkin_alloced] = NULL;
1360 
1361 	return (ubrp);
1362 }
1363 
1364 /*
1365  * Attempt to schedule a Bulk-In request. Note that only one should ever be
1366  * scheduled at any time.
1367  */
1368 static int
1369 ccid_bulkin_schedule(ccid_t *ccid)
1370 {
1371 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
1372 	if (ccid->ccid_bulkin_dispatched == NULL) {
1373 		usb_bulk_req_t *ubrp;
1374 		int ret;
1375 
1376 		ubrp = ccid_bulkin_cache_get(ccid);
1377 		if (ubrp == NULL) {
1378 			return (USB_NO_RESOURCES);
1379 		}
1380 
1381 		if ((ret = usb_pipe_bulk_xfer(ccid->ccid_bulkin_pipe, ubrp,
1382 		    0)) != USB_SUCCESS) {
1383 			ccid_error(ccid,
1384 			    "!failed to schedule Bulk-In response: %d", ret);
1385 			usb_free_bulk_req(ubrp);
1386 			return (ret);
1387 		}
1388 
1389 		ccid->ccid_bulkin_dispatched = ubrp;
1390 	}
1391 
1392 	return (USB_SUCCESS);
1393 }
1394 
1395 /*
1396  * Make sure that the head of the queue has been dispatched. If a dispatch to
1397  * the device fails, fail the command and try the next one.
1398  */
1399 static void
1400 ccid_command_dispatch(ccid_t *ccid)
1401 {
1402 	ccid_command_t *cc;
1403 
1404 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
1405 	while ((cc = list_head(&ccid->ccid_command_queue)) != NULL) {
1406 		int ret;
1407 
1408 		if ((ccid->ccid_flags & CCID_F_DEV_GONE_MASK) != 0)
1409 			return;
1410 
1411 		/*
1412 		 * Head of the queue is already being processed. We're done
1413 		 * here.
1414 		 */
1415 		if (cc->cc_state > CCID_COMMAND_QUEUED) {
1416 			return;
1417 		}
1418 
1419 		/*
1420 		 * Mark the command as being dispatched to the device. This
1421 		 * prevents anyone else from getting in and confusing things.
1422 		 */
1423 		ccid_command_state_transition(cc, CCID_COMMAND_DISPATCHED);
1424 		cc->cc_dispatch_time = gethrtime();
1425 
1426 		/*
1427 		 * Drop the global lock while we schedule the USB I/O.
1428 		 */
1429 		mutex_exit(&ccid->ccid_mutex);
1430 
1431 		ret = usb_pipe_bulk_xfer(ccid->ccid_bulkout_pipe, cc->cc_ubrp,
1432 		    0);
1433 		mutex_enter(&ccid->ccid_mutex);
1434 		if (ret != USB_SUCCESS) {
1435 			/*
1436 			 * We don't need to free the usb_bulk_req_t here as it
1437 			 * will be taken care of when the command itself is
1438 			 * freed.
1439 			 */
1440 			ccid_error(ccid, "!Bulk pipe dispatch failed: %d\n",
1441 			    ret);
1442 			ccid_command_transport_error(cc, ret, USB_CR_OK);
1443 		}
1444 	}
1445 }
1446 
1447 static int
1448 ccid_command_queue(ccid_t *ccid, ccid_command_t *cc)
1449 {
1450 	id_t seq;
1451 	ccid_header_t *cchead;
1452 
1453 	seq = id_alloc_nosleep(ccid->ccid_seqs);
1454 	if (seq == -1)
1455 		return (ENOMEM);
1456 	cc->cc_seq = seq;
1457 	VERIFY3U(seq, <=, UINT8_MAX);
1458 	cchead = (void *)cc->cc_ubrp->bulk_data->b_rptr;
1459 	cchead->ch_seq = (uint8_t)seq;
1460 
1461 	mutex_enter(&ccid->ccid_mutex);
1462 	/*
1463 	 * Take a shot at filling up our reply cache while we're submitting this
1464 	 * command.
1465 	 */
1466 	ccid_bulkin_cache_refresh(ccid);
1467 	list_insert_tail(&ccid->ccid_command_queue, cc);
1468 	ccid_command_state_transition(cc, CCID_COMMAND_QUEUED);
1469 	cc->cc_queue_time = gethrtime();
1470 	ccid_command_dispatch(ccid);
1471 	mutex_exit(&ccid->ccid_mutex);
1472 
1473 	return (0);
1474 }
1475 
1476 /*
1477  * Normal callback for Bulk-Out requests which represents commands issued to the
1478  * device.
1479  */
1480 static void
1481 ccid_dispatch_bulk_cb(usb_pipe_handle_t ph, usb_bulk_req_t *ubrp)
1482 {
1483 	int ret;
1484 	ccid_command_t *cc = (void *)ubrp->bulk_client_private;
1485 	ccid_t *ccid = cc->cc_ccid;
1486 
1487 	mutex_enter(&ccid->ccid_mutex);
1488 	VERIFY3S(cc->cc_state, ==, CCID_COMMAND_DISPATCHED);
1489 	ccid_command_state_transition(cc, CCID_COMMAND_REPLYING);
1490 	cc->cc_dispatch_cb_time = gethrtime();
1491 
1492 	/*
1493 	 * Since we have successfully sent the command, give it a Bulk-In
1494 	 * response to reply to us with. If that fails, we'll note a transport
1495 	 * error which will kick off the next command if needed.
1496 	 */
1497 	ret = ccid_bulkin_schedule(ccid);
1498 	if (ret != USB_SUCCESS) {
1499 		ccid_command_transport_error(cc, ret, USB_CR_OK);
1500 	}
1501 	mutex_exit(&ccid->ccid_mutex);
1502 }
1503 
1504 /*
1505  * Exception callback for the Bulk-Out requests which represent commands issued
1506  * to the device.
1507  */
1508 static void
1509 ccid_dispatch_bulk_exc_cb(usb_pipe_handle_t ph, usb_bulk_req_t *ubrp)
1510 {
1511 	ccid_command_t *cc = (void *)ubrp->bulk_client_private;
1512 	ccid_t *ccid = cc->cc_ccid;
1513 
1514 	mutex_enter(&ccid->ccid_mutex);
1515 	ccid_command_transport_error(cc, USB_SUCCESS,
1516 	    ubrp->bulk_completion_reason);
1517 	mutex_exit(&ccid->ccid_mutex);
1518 }
1519 
1520 static void
1521 ccid_command_free(ccid_command_t *cc)
1522 {
1523 	VERIFY0(list_link_active(&cc->cc_list_node));
1524 	VERIFY(cc->cc_state == CCID_COMMAND_ALLOCATED ||
1525 	    cc->cc_state >= CCID_COMMAND_COMPLETE);
1526 
1527 	if (cc->cc_response != NULL) {
1528 		freemsgchain(cc->cc_response);
1529 		cc->cc_response = NULL;
1530 	}
1531 
1532 	if (cc->cc_ubrp != NULL) {
1533 		usb_free_bulk_req(cc->cc_ubrp);
1534 		cc->cc_ubrp = NULL;
1535 	}
1536 
1537 	if (cc->cc_seq != 0) {
1538 		id_free(cc->cc_ccid->ccid_seqs, cc->cc_seq);
1539 		cc->cc_seq = 0;
1540 	}
1541 
1542 	cv_destroy(&cc->cc_cv);
1543 	kmem_free(cc, sizeof (ccid_command_t));
1544 }
1545 
1546 /*
1547  * Copy len bytes of data from buf into the allocated message block.
1548  */
1549 static void
1550 ccid_command_bcopy(ccid_command_t *cc, const void *buf, size_t len)
1551 {
1552 	size_t mlen;
1553 
1554 	mlen = msgsize(cc->cc_ubrp->bulk_data);
1555 	VERIFY3U(mlen + len, >=, len);
1556 	VERIFY3U(mlen + len, >=, mlen);
1557 	mlen += len;
1558 	VERIFY3U(mlen, <=, cc->cc_ubrp->bulk_len);
1559 
1560 	bcopy(buf, cc->cc_ubrp->bulk_data->b_wptr, len);
1561 	cc->cc_ubrp->bulk_data->b_wptr += len;
1562 }
1563 
1564 /*
1565  * Allocate a command of a specific size and parameters. This will allocate a
1566  * USB bulk transfer that the caller will copy data to.
1567  */
1568 static int
1569 ccid_command_alloc(ccid_t *ccid, ccid_slot_t *slot, boolean_t block,
1570     mblk_t *datamp, size_t datasz, uint8_t mtype, uint8_t param0,
1571     uint8_t param1, uint8_t param2, ccid_command_t **ccp)
1572 {
1573 	size_t allocsz;
1574 	int kmflag, usbflag;
1575 	ccid_command_t *cc;
1576 	ccid_header_t *cchead;
1577 	ccid_response_code_t rtype;
1578 
1579 	switch (mtype) {
1580 	case CCID_REQUEST_POWER_ON:
1581 	case CCID_REQUEST_POWER_OFF:
1582 	case CCID_REQUEST_SLOT_STATUS:
1583 	case CCID_REQUEST_GET_PARAMS:
1584 	case CCID_REQUEST_RESET_PARAMS:
1585 	case CCID_REQUEST_ICC_CLOCK:
1586 	case CCID_REQUEST_T0APDU:
1587 	case CCID_REQUEST_MECHANICAL:
1588 	case CCID_REQEUST_ABORT:
1589 		if (datasz != 0)
1590 			return (EINVAL);
1591 		break;
1592 	case CCID_REQUEST_TRANSFER_BLOCK:
1593 	case CCID_REQUEST_ESCAPE:
1594 	case CCID_REQUEST_SECURE:
1595 	case CCID_REQUEST_SET_PARAMS:
1596 	case CCID_REQUEST_DATA_CLOCK:
1597 		break;
1598 	default:
1599 		return (EINVAL);
1600 	}
1601 
1602 	switch (mtype) {
1603 	case CCID_REQUEST_POWER_ON:
1604 	case CCID_REQUEST_SECURE:
1605 	case CCID_REQUEST_TRANSFER_BLOCK:
1606 		rtype = CCID_RESPONSE_DATA_BLOCK;
1607 		break;
1608 
1609 	case CCID_REQUEST_POWER_OFF:
1610 	case CCID_REQUEST_SLOT_STATUS:
1611 	case CCID_REQUEST_ICC_CLOCK:
1612 	case CCID_REQUEST_T0APDU:
1613 	case CCID_REQUEST_MECHANICAL:
1614 	case CCID_REQEUST_ABORT:
1615 		rtype = CCID_RESPONSE_SLOT_STATUS;
1616 		break;
1617 
1618 	case CCID_REQUEST_GET_PARAMS:
1619 	case CCID_REQUEST_RESET_PARAMS:
1620 	case CCID_REQUEST_SET_PARAMS:
1621 		rtype = CCID_RESPONSE_PARAMETERS;
1622 		break;
1623 
1624 	case CCID_REQUEST_ESCAPE:
1625 		rtype = CCID_RESPONSE_ESCAPE;
1626 		break;
1627 
1628 	case CCID_REQUEST_DATA_CLOCK:
1629 		rtype = CCID_RESPONSE_DATA_CLOCK;
1630 		break;
1631 	default:
1632 		return (EINVAL);
1633 	}
1634 
1635 	if (block) {
1636 		kmflag = KM_SLEEP;
1637 		usbflag = USB_FLAGS_SLEEP;
1638 	} else {
1639 		kmflag = KM_NOSLEEP_LAZY;
1640 		usbflag = 0;
1641 	}
1642 
1643 	if (datasz + sizeof (ccid_header_t) < datasz)
1644 		return (EINVAL);
1645 	if (datasz + sizeof (ccid_header_t) > ccid->ccid_bufsize)
1646 		return (EINVAL);
1647 
1648 	cc = kmem_zalloc(sizeof (ccid_command_t), kmflag);
1649 	if (cc == NULL)
1650 		return (ENOMEM);
1651 
1652 	allocsz = datasz + sizeof (ccid_header_t);
1653 	if (datamp == NULL) {
1654 		cc->cc_ubrp = usb_alloc_bulk_req(ccid->ccid_dip, allocsz,
1655 		    usbflag);
1656 	} else {
1657 		cc->cc_ubrp = usb_alloc_bulk_req(ccid->ccid_dip, 0, usbflag);
1658 	}
1659 	if (cc->cc_ubrp == NULL) {
1660 		kmem_free(cc, sizeof (ccid_command_t));
1661 		return (ENOMEM);
1662 	}
1663 
1664 	list_link_init(&cc->cc_list_node);
1665 	cv_init(&cc->cc_cv, NULL, CV_DRIVER, NULL);
1666 	cc->cc_mtype = mtype;
1667 	cc->cc_rtype = rtype;
1668 	cc->cc_slot = slot->cs_slotno;
1669 	cc->cc_reqlen = datasz;
1670 	cc->cc_ccid = ccid;
1671 	cc->cc_state = CCID_COMMAND_ALLOCATED;
1672 
1673 	/*
1674 	 * Fill in bulk request attributes. Note that short transfers out
1675 	 * are not OK.
1676 	 */
1677 	if (datamp != NULL) {
1678 		cc->cc_ubrp->bulk_data = datamp;
1679 	}
1680 	cc->cc_ubrp->bulk_len = allocsz;
1681 	cc->cc_ubrp->bulk_timeout = CCID_BULK_OUT_TIMEOUT;
1682 	cc->cc_ubrp->bulk_client_private = (usb_opaque_t)cc;
1683 	cc->cc_ubrp->bulk_attributes = USB_ATTRS_AUTOCLEARING;
1684 	cc->cc_ubrp->bulk_cb = ccid_dispatch_bulk_cb;
1685 	cc->cc_ubrp->bulk_exc_cb = ccid_dispatch_bulk_exc_cb;
1686 
1687 	/*
1688 	 * Fill in the command header. We fill in everything except the sequence
1689 	 * number, which is done by the actual dispatch code.
1690 	 */
1691 	cchead = (void *)cc->cc_ubrp->bulk_data->b_rptr;
1692 	cchead->ch_mtype = mtype;
1693 	cchead->ch_length = LE_32(datasz);
1694 	cchead->ch_slot = slot->cs_slotno;
1695 	cchead->ch_seq = 0;
1696 	cchead->ch_param0 = param0;
1697 	cchead->ch_param1 = param1;
1698 	cchead->ch_param2 = param2;
1699 	cc->cc_ubrp->bulk_data->b_wptr += sizeof (ccid_header_t);
1700 	*ccp = cc;
1701 
1702 	return (0);
1703 }
1704 
1705 /*
1706  * The rest of the stack is in charge of timing out commands and potentially
1707  * aborting them. At this point in time, there's no specific timeout aspect
1708  * here.
1709  */
1710 static void
1711 ccid_command_poll(ccid_t *ccid, ccid_command_t *cc)
1712 {
1713 	VERIFY0(cc->cc_flags & CCID_COMMAND_F_USER);
1714 
1715 	mutex_enter(&ccid->ccid_mutex);
1716 	while ((cc->cc_state < CCID_COMMAND_COMPLETE) &&
1717 	    (ccid->ccid_flags & CCID_F_DEV_GONE_MASK) == 0) {
1718 		cv_wait(&cc->cc_cv, &ccid->ccid_mutex);
1719 	}
1720 
1721 	/*
1722 	 * Treat this as a consumption and remove it from the completion list.
1723 	 */
1724 #ifdef DEBUG
1725 	ccid_command_t *check;
1726 	for (check = list_head(&ccid->ccid_complete_queue); check != NULL;
1727 	    check = list_next(&ccid->ccid_complete_queue, check)) {
1728 		if (cc == check)
1729 			break;
1730 	}
1731 	ASSERT3P(check, !=, NULL);
1732 #endif
1733 	VERIFY(list_link_active(&cc->cc_list_node));
1734 	list_remove(&ccid->ccid_complete_queue, cc);
1735 	mutex_exit(&ccid->ccid_mutex);
1736 }
1737 
1738 static int
1739 ccid_command_power_off(ccid_t *ccid, ccid_slot_t *cs)
1740 {
1741 	int ret;
1742 	ccid_command_t *cc;
1743 	ccid_reply_icc_status_t cis;
1744 	ccid_reply_command_status_t crs;
1745 
1746 	if ((ret = ccid_command_alloc(ccid, cs, B_TRUE, NULL, 0,
1747 	    CCID_REQUEST_POWER_OFF, 0, 0, 0, &cc)) != 0) {
1748 		return (ret);
1749 	}
1750 
1751 	if ((ret = ccid_command_queue(ccid, cc)) != 0) {
1752 		ccid_command_free(cc);
1753 		return (ret);
1754 	}
1755 
1756 	ccid_command_poll(ccid, cc);
1757 
1758 	if (cc->cc_state != CCID_COMMAND_COMPLETE) {
1759 		ret = EIO;
1760 		goto done;
1761 	}
1762 
1763 	ccid_command_status_decode(cc, &crs, &cis, NULL);
1764 	if (crs == CCID_REPLY_STATUS_FAILED) {
1765 		if (cis == CCID_REPLY_ICC_MISSING) {
1766 			ret = ENXIO;
1767 		} else {
1768 			ret = EIO;
1769 		}
1770 	} else {
1771 		ret = 0;
1772 	}
1773 done:
1774 	ccid_command_free(cc);
1775 	return (ret);
1776 }
1777 
1778 static int
1779 ccid_command_power_on(ccid_t *ccid, ccid_slot_t *cs, ccid_class_voltage_t volt,
1780     mblk_t **atrp)
1781 {
1782 	int ret;
1783 	ccid_command_t *cc;
1784 	ccid_reply_command_status_t crs;
1785 	ccid_reply_icc_status_t cis;
1786 	ccid_command_err_t cce;
1787 
1788 	if (atrp == NULL)
1789 		return (EINVAL);
1790 
1791 	*atrp = NULL;
1792 
1793 	switch (volt) {
1794 	case CCID_CLASS_VOLT_AUTO:
1795 	case CCID_CLASS_VOLT_5_0:
1796 	case CCID_CLASS_VOLT_3_0:
1797 	case CCID_CLASS_VOLT_1_8:
1798 		break;
1799 	default:
1800 		return (EINVAL);
1801 	}
1802 
1803 	if ((ret = ccid_command_alloc(ccid, cs, B_TRUE, NULL, 0,
1804 	    CCID_REQUEST_POWER_ON, volt, 0, 0, &cc)) != 0) {
1805 		return (ret);
1806 	}
1807 
1808 	if ((ret = ccid_command_queue(ccid, cc)) != 0) {
1809 		ccid_command_free(cc);
1810 		return (ret);
1811 	}
1812 
1813 	ccid_command_poll(ccid, cc);
1814 
1815 	if (cc->cc_state != CCID_COMMAND_COMPLETE) {
1816 		ret = EIO;
1817 		goto done;
1818 	}
1819 
1820 	/*
1821 	 * Look for a few specific errors here:
1822 	 *
1823 	 * - ICC_MUTE via a few potential ways
1824 	 * - Bad voltage
1825 	 */
1826 	ccid_command_status_decode(cc, &crs, &cis, &cce);
1827 	if (crs == CCID_REPLY_STATUS_FAILED) {
1828 		if (cis == CCID_REPLY_ICC_MISSING) {
1829 			ret = ENXIO;
1830 		} else if (cis == CCID_REPLY_ICC_INACTIVE &&
1831 		    cce == 7) {
1832 			/*
1833 			 * This means that byte 7 was invalid. In other words,
1834 			 * that the voltage wasn't correct. See Table 6.1-2
1835 			 * 'Errors' in the CCID r1.1.0 spec.
1836 			 */
1837 			ret = ENOTSUP;
1838 		} else {
1839 			ret = EIO;
1840 		}
1841 	} else {
1842 		size_t len;
1843 
1844 		len = ccid_command_resp_length(cc);
1845 		if (len == 0) {
1846 			ret = EINVAL;
1847 			goto done;
1848 		}
1849 
1850 #ifdef	DEBUG
1851 		/*
1852 		 * This should have already been checked by the response
1853 		 * framework, but sanity check this again.
1854 		 */
1855 		size_t mlen = msgsize(cc->cc_response);
1856 		VERIFY3U(mlen, >=, len + sizeof (ccid_header_t));
1857 #endif
1858 
1859 		/*
1860 		 * Munge the message block to have the ATR. We want to make sure
1861 		 * that the write pointer is set to the maximum length that we
1862 		 * got back from the driver (the message block could strictly
1863 		 * speaking be larger, because we got a larger transfer for some
1864 		 * reason).
1865 		 */
1866 		cc->cc_response->b_rptr += sizeof (ccid_header_t);
1867 		cc->cc_response->b_wptr = cc->cc_response->b_rptr + len;
1868 		*atrp = cc->cc_response;
1869 		cc->cc_response = NULL;
1870 		ret = 0;
1871 	}
1872 
1873 done:
1874 	ccid_command_free(cc);
1875 	return (ret);
1876 }
1877 
1878 static int
1879 ccid_command_get_parameters(ccid_t *ccid, ccid_slot_t *slot,
1880     atr_protocol_t *protp, ccid_params_t *paramsp)
1881 {
1882 	int ret;
1883 	uint8_t prot;
1884 	size_t mlen;
1885 	ccid_command_t *cc;
1886 	ccid_reply_command_status_t crs;
1887 	ccid_reply_icc_status_t cis;
1888 	const void *cpbuf;
1889 
1890 	if ((ret = ccid_command_alloc(ccid, slot, B_TRUE, NULL, 0,
1891 	    CCID_REQUEST_GET_PARAMS, 0, 0, 0, &cc)) != 0) {
1892 		return (ret);
1893 	}
1894 
1895 	if ((ret = ccid_command_queue(ccid, cc)) != 0)
1896 		goto done;
1897 
1898 	ccid_command_poll(ccid, cc);
1899 
1900 	if (cc->cc_state != CCID_COMMAND_COMPLETE) {
1901 		ret = EIO;
1902 		goto done;
1903 	}
1904 
1905 	ccid_command_status_decode(cc, &crs, &cis, NULL);
1906 	if (crs != CCID_REPLY_STATUS_COMPLETE) {
1907 		if (cis == CCID_REPLY_ICC_MISSING) {
1908 			ret = ENXIO;
1909 		} else {
1910 			ret = EIO;
1911 		}
1912 		goto done;
1913 	}
1914 
1915 	/*
1916 	 * The protocol is in ch_param2 of the header.
1917 	 */
1918 	prot = ccid_command_resp_param2(cc);
1919 	mlen = ccid_command_resp_length(cc);
1920 	cpbuf = cc->cc_response->b_rptr + sizeof (ccid_header_t);
1921 
1922 	ret = 0;
1923 	switch (prot) {
1924 	case 0:
1925 		if (mlen < sizeof (ccid_params_t0_t)) {
1926 			ret = EOVERFLOW;
1927 			goto done;
1928 		}
1929 		*protp = ATR_P_T0;
1930 		bcopy(cpbuf, &paramsp->ccp_t0, sizeof (ccid_params_t0_t));
1931 		break;
1932 	case 1:
1933 		if (mlen < sizeof (ccid_params_t1_t)) {
1934 			ret = EOVERFLOW;
1935 			goto done;
1936 		}
1937 		*protp = ATR_P_T1;
1938 		bcopy(cpbuf, &paramsp->ccp_t1, sizeof (ccid_params_t1_t));
1939 		break;
1940 	default:
1941 		ret = ECHRNG;
1942 		break;
1943 	}
1944 
1945 done:
1946 	ccid_command_free(cc);
1947 	return (ret);
1948 }
1949 
1950 static void
1951 ccid_hw_error(ccid_t *ccid, ccid_intr_hwerr_t *hwerr)
1952 {
1953 	ccid_slot_t *slot;
1954 
1955 	/* Make sure the slot number is within range. */
1956 	if (hwerr->cih_slot >= ccid->ccid_nslots) {
1957 		ccid->ccid_stats.cst_intr_inval++;
1958 		return;
1959 	}
1960 
1961 	slot = &ccid->ccid_slots[hwerr->cih_slot];
1962 
1963 	/* The only error condition defined by the spec is overcurrent. */
1964 	if (hwerr->cih_code != CCID_INTR_HWERR_OVERCURRENT) {
1965 		ccid->ccid_stats.cst_intr_inval++;
1966 		return;
1967 	}
1968 
1969 	/*
1970 	 * The worker thread will take care of this situation.
1971 	 */
1972 	slot->cs_flags |= CCID_SLOT_F_INTR_OVERCURRENT;
1973 	ccid_worker_request(ccid);
1974 }
1975 
1976 static void
1977 ccid_intr_pipe_cb(usb_pipe_handle_t ph, usb_intr_req_t *uirp)
1978 {
1979 	mblk_t *mp;
1980 	size_t msglen, explen;
1981 	uint_t i;
1982 	boolean_t change;
1983 	ccid_intr_hwerr_t ccid_hwerr;
1984 	ccid_t *ccid = (ccid_t *)uirp->intr_client_private;
1985 
1986 	mp = uirp->intr_data;
1987 	if (mp == NULL)
1988 		goto done;
1989 
1990 	msglen = msgsize(mp);
1991 	if (msglen == 0)
1992 		goto done;
1993 
1994 	switch (mp->b_rptr[0]) {
1995 	case CCID_INTR_CODE_SLOT_CHANGE:
1996 		mutex_enter(&ccid->ccid_mutex);
1997 		ccid->ccid_stats.cst_intr_slot_change++;
1998 
1999 		explen = 1 + ((2 * ccid->ccid_nslots + (NBBY-1)) / NBBY);
2000 		if (msglen < explen) {
2001 			ccid->ccid_stats.cst_intr_inval++;
2002 			mutex_exit(&ccid->ccid_mutex);
2003 			goto done;
2004 		}
2005 
2006 		change = B_FALSE;
2007 		for (i = 0; i < ccid->ccid_nslots; i++) {
2008 			uint_t byte = (i * 2 / NBBY) + 1;
2009 			uint_t shift = i * 2 % NBBY;
2010 			uint_t present = 1 << shift;
2011 			uint_t delta = 2 << shift;
2012 
2013 			if (mp->b_rptr[byte] & delta) {
2014 				ccid_slot_t *slot = &ccid->ccid_slots[i];
2015 
2016 				slot->cs_flags &= ~CCID_SLOT_F_INTR_MASK;
2017 				slot->cs_flags |= CCID_SLOT_F_CHANGED;
2018 				if (mp->b_rptr[byte] & present) {
2019 					slot->cs_flags |= CCID_SLOT_F_INTR_ADD;
2020 				} else {
2021 					slot->cs_flags |= CCID_SLOT_F_INTR_GONE;
2022 				}
2023 				change = B_TRUE;
2024 			}
2025 		}
2026 
2027 		if (change) {
2028 			ccid_worker_request(ccid);
2029 		}
2030 		mutex_exit(&ccid->ccid_mutex);
2031 		break;
2032 	case CCID_INTR_CODE_HW_ERROR:
2033 		mutex_enter(&ccid->ccid_mutex);
2034 		ccid->ccid_stats.cst_intr_hwerr++;
2035 
2036 		if (msglen < sizeof (ccid_intr_hwerr_t)) {
2037 			ccid->ccid_stats.cst_intr_inval++;
2038 			mutex_exit(&ccid->ccid_mutex);
2039 			goto done;
2040 		}
2041 
2042 		bcopy(mp->b_rptr, &ccid_hwerr, sizeof (ccid_intr_hwerr_t));
2043 		ccid_hw_error(ccid, &ccid_hwerr);
2044 
2045 		mutex_exit(&ccid->ccid_mutex);
2046 		break;
2047 	default:
2048 		mutex_enter(&ccid->ccid_mutex);
2049 		ccid->ccid_stats.cst_intr_unknown++;
2050 		mutex_exit(&ccid->ccid_mutex);
2051 		break;
2052 	}
2053 
2054 done:
2055 	usb_free_intr_req(uirp);
2056 }
2057 
2058 static void
2059 ccid_intr_pipe_except_cb(usb_pipe_handle_t ph, usb_intr_req_t *uirp)
2060 {
2061 	ccid_t *ccid = (ccid_t *)uirp->intr_client_private;
2062 
2063 	ccid->ccid_stats.cst_intr_errs++;
2064 	switch (uirp->intr_completion_reason) {
2065 	case USB_CR_PIPE_RESET:
2066 	case USB_CR_NO_RESOURCES:
2067 		ccid->ccid_stats.cst_intr_restart++;
2068 		ccid_intr_poll_init(ccid);
2069 		break;
2070 	default:
2071 		break;
2072 	}
2073 	usb_free_intr_req(uirp);
2074 }
2075 
2076 /*
2077  * Clean up all the state associated with this slot and its ICC.
2078  */
2079 static void
2080 ccid_slot_teardown(ccid_t *ccid, ccid_slot_t *slot, boolean_t signal)
2081 {
2082 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2083 
2084 	if (slot->cs_icc.icc_fini != NULL) {
2085 		slot->cs_icc.icc_fini(ccid, slot);
2086 	}
2087 
2088 	atr_data_reset(slot->cs_icc.icc_atr_data);
2089 	slot->cs_icc.icc_protocols = ATR_P_NONE;
2090 	slot->cs_icc.icc_cur_protocol = ATR_P_NONE;
2091 	slot->cs_icc.icc_init = NULL;
2092 	slot->cs_icc.icc_tx = NULL;
2093 	slot->cs_icc.icc_complete = NULL;
2094 	slot->cs_icc.icc_teardown = NULL;
2095 	slot->cs_icc.icc_fini = NULL;
2096 
2097 	slot->cs_voltage = 0;
2098 	freemsgchain(slot->cs_atr);
2099 	slot->cs_atr = NULL;
2100 
2101 	if (signal && slot->cs_excl_minor != NULL) {
2102 		pollwakeup(&slot->cs_excl_minor->cm_pollhead, POLLHUP);
2103 	}
2104 }
2105 
2106 /*
2107  * Wait for teardown of outstanding user I/O.
2108  */
2109 static void
2110 ccid_slot_io_teardown(ccid_t *ccid, ccid_slot_t *slot)
2111 {
2112 	/*
2113 	 * If there is outstanding user I/O, then we need to go ahead and take
2114 	 * care of that. Once this function returns, the user I/O will have been
2115 	 * dealt with; however, before we can tear down things, we need to make
2116 	 * sure that the logical I/O has been completed.
2117 	 */
2118 	if (slot->cs_icc.icc_teardown != NULL) {
2119 		slot->cs_icc.icc_teardown(ccid, slot, ENXIO);
2120 	}
2121 
2122 	while ((slot->cs_flags & CCID_SLOT_F_NEED_IO_TEARDOWN) != 0) {
2123 		cv_wait(&slot->cs_io.ci_cv, &ccid->ccid_mutex);
2124 	}
2125 }
2126 
2127 /*
2128  * The given CCID slot has been inactivated. Clean up.
2129  */
2130 static void
2131 ccid_slot_inactive(ccid_t *ccid, ccid_slot_t *slot)
2132 {
2133 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2134 
2135 	slot->cs_flags &= ~CCID_SLOT_F_ACTIVE;
2136 
2137 	ccid_slot_io_teardown(ccid, slot);
2138 
2139 	/*
2140 	 * Now that we've finished completely waiting for the logical I/O to be
2141 	 * torn down, it's safe for us to proceed with the rest of the needed
2142 	 * tear down.
2143 	 */
2144 	ccid_slot_teardown(ccid, slot, B_TRUE);
2145 }
2146 
2147 /*
2148  * The given CCID slot has been removed. Clean up.
2149  */
2150 static void
2151 ccid_slot_removed(ccid_t *ccid, ccid_slot_t *slot, boolean_t notify)
2152 {
2153 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2154 	if ((slot->cs_flags & CCID_SLOT_F_PRESENT) == 0) {
2155 		VERIFY0(slot->cs_flags & CCID_SLOT_F_ACTIVE);
2156 		return;
2157 	}
2158 
2159 	/*
2160 	 * This slot is gone, mark the flags accordingly.
2161 	 */
2162 	slot->cs_flags &= ~CCID_SLOT_F_PRESENT;
2163 
2164 	ccid_slot_inactive(ccid, slot);
2165 }
2166 
2167 static void
2168 ccid_slot_setup_functions(ccid_t *ccid, ccid_slot_t *slot)
2169 {
2170 	uint_t bits = CCID_CLASS_F_SHORT_APDU_XCHG | CCID_CLASS_F_EXT_APDU_XCHG;
2171 
2172 	slot->cs_icc.icc_init = NULL;
2173 	slot->cs_icc.icc_tx = NULL;
2174 	slot->cs_icc.icc_complete = NULL;
2175 	slot->cs_icc.icc_teardown = NULL;
2176 	slot->cs_icc.icc_fini = NULL;
2177 
2178 	switch (ccid->ccid_class.ccd_dwFeatures & bits) {
2179 	case CCID_CLASS_F_SHORT_APDU_XCHG:
2180 	case CCID_CLASS_F_EXT_APDU_XCHG:
2181 		/*
2182 		 * Readers with extended APDU support always also support
2183 		 * short APDUs. We only ever use short APDUs.
2184 		 */
2185 		slot->cs_icc.icc_tx = ccid_write_apdu;
2186 		slot->cs_icc.icc_complete = ccid_complete_apdu;
2187 		slot->cs_icc.icc_teardown = ccid_teardown_apdu;
2188 		break;
2189 	default:
2190 		break;
2191 	}
2192 
2193 	/*
2194 	 * When we don't have a supported tx function, we don't want to end
2195 	 * up blocking attach. It's important we attach so that users can try
2196 	 * and determine information about the ICC and reader.
2197 	 */
2198 	if (slot->cs_icc.icc_tx == NULL) {
2199 		ccid_error(ccid, "!CCID does not support I/O transfers to ICC");
2200 	}
2201 }
2202 
2203 /*
2204  * We have an ICC present in a slot. We require that the reader does all
2205  * protocol and parameter related initializations for us. Just parse the ATR
2206  * for our own use and use GET_PARAMS to query the parameters the reader set
2207  * up for us.
2208  */
2209 static boolean_t
2210 ccid_slot_params_init(ccid_t *ccid, ccid_slot_t *slot, mblk_t *atr)
2211 {
2212 	int ret;
2213 	atr_parsecode_t p;
2214 	atr_protocol_t prot;
2215 	atr_data_t *data;
2216 
2217 	/*
2218 	 * Use the slot's atr data structure. This is only used when we're in
2219 	 * the worker context, so it should be safe to access in a lockless
2220 	 * fashion.
2221 	 */
2222 	data = slot->cs_icc.icc_atr_data;
2223 	atr_data_reset(data);
2224 	if ((p = atr_parse(atr->b_rptr, msgsize(atr), data)) != ATR_CODE_OK) {
2225 		ccid_error(ccid, "!failed to parse ATR data from slot %d: %s",
2226 		    slot->cs_slotno, atr_strerror(p));
2227 		return (B_FALSE);
2228 	}
2229 
2230 	if ((ret = ccid_command_get_parameters(ccid, slot, &prot,
2231 	    &slot->cs_icc.icc_params)) != 0) {
2232 		ccid_error(ccid, "!failed to get parameters for slot %u: %d",
2233 		    slot->cs_slotno, ret);
2234 		return (B_FALSE);
2235 	}
2236 
2237 	slot->cs_icc.icc_protocols = atr_supported_protocols(data);
2238 	slot->cs_icc.icc_cur_protocol = prot;
2239 
2240 	if ((ccid->ccid_flags & (CCID_F_NEEDS_PPS | CCID_F_NEEDS_PARAMS |
2241 	    CCID_F_NEEDS_DATAFREQ)) != 0) {
2242 		ccid_error(ccid, "!CCID reader does not support required "
2243 		    "protocol/parameter setup automation");
2244 		return (B_FALSE);
2245 	}
2246 
2247 	return (B_TRUE);
2248 }
2249 
2250 /*
2251  * Set up the ICC function parameters and initialize the ICC engine.
2252  */
2253 static boolean_t
2254 ccid_slot_prot_init(ccid_t *ccid, ccid_slot_t *slot)
2255 {
2256 	ccid_slot_setup_functions(ccid, slot);
2257 
2258 	if (slot->cs_icc.icc_init != NULL) {
2259 		slot->cs_icc.icc_init(ccid, slot);
2260 	}
2261 
2262 	return (B_TRUE);
2263 }
2264 
2265 static int
2266 ccid_slot_power_on(ccid_t *ccid, ccid_slot_t *slot, ccid_class_voltage_t volts,
2267     mblk_t **atr)
2268 {
2269 	int ret;
2270 
2271 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2272 
2273 	mutex_exit(&ccid->ccid_mutex);
2274 	if ((ret = ccid_command_power_on(ccid, slot, volts, atr)) != 0) {
2275 		/*
2276 		 * If we got ENXIO, then we know that there is no ICC
2277 		 * present. This could happen for a number of reasons.
2278 		 * For example, we could have just started up and no
2279 		 * card was plugged in (we default to assuming that one
2280 		 * is). Also, some readers won't really tell us that
2281 		 * nothing is there until after the power on fails,
2282 		 * hence why we don't bother with doing a status check
2283 		 * and just try to power on.
2284 		 */
2285 		if (ret == ENXIO) {
2286 			mutex_enter(&ccid->ccid_mutex);
2287 			slot->cs_flags &= ~CCID_SLOT_F_PRESENT;
2288 			return (ret);
2289 		}
2290 
2291 		/*
2292 		 * If we fail to power off the card, check to make sure
2293 		 * it hasn't been removed.
2294 		 */
2295 		if (ccid_command_power_off(ccid, slot) == ENXIO) {
2296 			mutex_enter(&ccid->ccid_mutex);
2297 			slot->cs_flags &= ~CCID_SLOT_F_PRESENT;
2298 			return (ENXIO);
2299 		}
2300 
2301 		mutex_enter(&ccid->ccid_mutex);
2302 		return (ret);
2303 	}
2304 
2305 	if (!ccid_slot_params_init(ccid, slot, *atr)) {
2306 		ccid_error(ccid, "!failed to set slot paramters for ICC");
2307 		mutex_enter(&ccid->ccid_mutex);
2308 		return (ENOTSUP);
2309 	}
2310 
2311 	if (!ccid_slot_prot_init(ccid, slot)) {
2312 		ccid_error(ccid, "!failed to setup protocol for ICC");
2313 		mutex_enter(&ccid->ccid_mutex);
2314 		return (ENOTSUP);
2315 	}
2316 
2317 	mutex_enter(&ccid->ccid_mutex);
2318 	return (0);
2319 }
2320 
2321 static int
2322 ccid_slot_power_off(ccid_t *ccid, ccid_slot_t *slot)
2323 {
2324 	int ret;
2325 
2326 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2327 
2328 	ccid_slot_io_teardown(ccid, slot);
2329 
2330 	/*
2331 	 * Now that we've finished completely waiting for the logical I/O to be
2332 	 * torn down, try and power off the ICC.
2333 	 */
2334 	mutex_exit(&ccid->ccid_mutex);
2335 	ret = ccid_command_power_off(ccid, slot);
2336 	mutex_enter(&ccid->ccid_mutex);
2337 
2338 	if (ret != 0)
2339 		return (ret);
2340 
2341 	ccid_slot_inactive(ccid, slot);
2342 
2343 	return (ret);
2344 }
2345 
2346 static int
2347 ccid_slot_inserted(ccid_t *ccid, ccid_slot_t *slot)
2348 {
2349 	uint_t nvolts = 4;
2350 	uint_t cvolt = 0;
2351 	mblk_t *atr = NULL;
2352 	ccid_class_voltage_t volts[4] = { CCID_CLASS_VOLT_AUTO,
2353 	    CCID_CLASS_VOLT_5_0, CCID_CLASS_VOLT_3_0, CCID_CLASS_VOLT_1_8 };
2354 
2355 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2356 	if ((ccid->ccid_flags & CCID_F_DEV_GONE_MASK) != 0) {
2357 		return (0);
2358 	}
2359 
2360 	if ((slot->cs_flags & CCID_SLOT_F_ACTIVE) != 0) {
2361 		return (0);
2362 	}
2363 
2364 	slot->cs_flags |= CCID_SLOT_F_PRESENT;
2365 
2366 	/*
2367 	 * Now, we need to activate this ccid device before we can do anything
2368 	 * with it. First, power on the device. There are two hardware features
2369 	 * which may be at play. There may be automatic voltage detection and
2370 	 * automatic activation on insertion. In theory, when either of those
2371 	 * are present, we should always try to use the auto voltage.
2372 	 *
2373 	 * What's less clear in the specification is if the Auto-Voltage
2374 	 * property is present is if we should try manual voltages or not. For
2375 	 * the moment we do.
2376 	 */
2377 	if ((ccid->ccid_class.ccd_dwFeatures &
2378 	    (CCID_CLASS_F_AUTO_ICC_ACTIVATE | CCID_CLASS_F_AUTO_ICC_VOLTAGE)) ==
2379 	    0) {
2380 		/* Skip auto-voltage */
2381 		cvolt++;
2382 	}
2383 
2384 	for (; cvolt < nvolts; cvolt++) {
2385 		int ret;
2386 
2387 		if (volts[cvolt] != CCID_CLASS_VOLT_AUTO &&
2388 		    (ccid->ccid_class.ccd_bVoltageSupport & volts[cvolt]) ==
2389 		    0) {
2390 			continue;
2391 		}
2392 
2393 		ret = ccid_slot_power_on(ccid, slot, volts[cvolt], &atr);
2394 		if (ret != 0) {
2395 			freemsg(atr);
2396 			atr = NULL;
2397 			continue;
2398 		}
2399 
2400 		break;
2401 	}
2402 
2403 	if (cvolt >= nvolts) {
2404 		ccid_error(ccid, "!failed to activate and power on ICC, no "
2405 		    "supported voltages found");
2406 		goto notsup;
2407 	}
2408 
2409 	slot->cs_voltage = volts[cvolt];
2410 	slot->cs_atr = atr;
2411 	slot->cs_flags |= CCID_SLOT_F_ACTIVE;
2412 
2413 	ccid_slot_pollout_signal(slot);
2414 
2415 	return (0);
2416 
2417 notsup:
2418 	freemsg(atr);
2419 	ccid_slot_teardown(ccid, slot, B_FALSE);
2420 	return (ENOTSUP);
2421 }
2422 
2423 static int
2424 ccid_slot_warm_reset(ccid_t *ccid, ccid_slot_t *slot)
2425 {
2426 	int ret;
2427 	mblk_t *atr;
2428 	ccid_class_voltage_t voltage;
2429 
2430 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2431 
2432 	ccid_slot_io_teardown(ccid, slot);
2433 
2434 	voltage = slot->cs_voltage;
2435 
2436 	ccid_slot_teardown(ccid, slot, B_FALSE);
2437 
2438 	ret = ccid_slot_power_on(ccid, slot, voltage, &atr);
2439 	if (ret != 0) {
2440 		freemsg(atr);
2441 		return (ret);
2442 	}
2443 
2444 	slot->cs_voltage = voltage;
2445 	slot->cs_atr = atr;
2446 
2447 	return (ret);
2448 }
2449 
2450 static boolean_t
2451 ccid_slot_reset(ccid_t *ccid, ccid_slot_t *slot)
2452 {
2453 	int ret;
2454 
2455 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2456 	VERIFY(slot->cs_flags & CCID_SLOT_F_NEED_TXN_RESET);
2457 	VERIFY(ccid->ccid_flags & CCID_F_WORKER_RUNNING);
2458 
2459 	if (ccid->ccid_flags & CCID_F_DEV_GONE_MASK)
2460 		return (B_TRUE);
2461 
2462 	/*
2463 	 * Power off the ICC. This will wait for logical I/O if needed.
2464 	 */
2465 	ret = ccid_slot_power_off(ccid, slot);
2466 
2467 	/*
2468 	 * If we failed to power off the ICC because the ICC is removed, then
2469 	 * just return that we failed, so that we can let the next lap clean
2470 	 * things up by noting that the ICC has been removed.
2471 	 */
2472 	if (ret != 0 && ret == ENXIO) {
2473 		return (B_FALSE);
2474 	}
2475 
2476 	if (ret != 0) {
2477 		ccid_error(ccid, "!failed to reset slot %d for next txn: %d; "
2478 		    "taking another lap", slot->cs_slotno, ret);
2479 		return (B_FALSE);
2480 	}
2481 
2482 	/*
2483 	 * Mimic a slot insertion to power this back on. Don't worry about
2484 	 * success or failure, because as far as we care for resetting it, we've
2485 	 * done our duty once we've powered it off successfully.
2486 	 */
2487 	(void) ccid_slot_inserted(ccid, slot);
2488 
2489 	return (B_TRUE);
2490 }
2491 
2492 /*
2493  * We've been asked to perform some amount of work on the various slots that we
2494  * have. This may be because the slot needs to be reset due to the completion of
2495  * a transaction or it may be because an ICC inside of the slot has been
2496  * removed.
2497  */
2498 static void
2499 ccid_worker(void *arg)
2500 {
2501 	uint_t i;
2502 	ccid_t *ccid = arg;
2503 
2504 	mutex_enter(&ccid->ccid_mutex);
2505 	ccid->ccid_stats.cst_ndiscover++;
2506 	ccid->ccid_stats.cst_lastdiscover = gethrtime();
2507 	ccid->ccid_flags |= CCID_F_WORKER_RUNNING;
2508 	ccid->ccid_flags &= ~CCID_F_WORKER_REQUESTED;
2509 
2510 	for (i = 0; i < ccid->ccid_nslots; i++) {
2511 		ccid_slot_t *slot = &ccid->ccid_slots[i];
2512 		uint_t flags;
2513 
2514 		VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2515 
2516 		if ((ccid->ccid_flags & CCID_F_DEV_GONE_MASK) != 0) {
2517 			ccid->ccid_flags &= ~CCID_F_WORKER_MASK;
2518 			mutex_exit(&ccid->ccid_mutex);
2519 			return;
2520 		}
2521 
2522 		/*
2523 		 * Snapshot the flags before we start processing the worker. At
2524 		 * this time we clear out all of the change flags as we'll be
2525 		 * operating on the device. We do not clear the
2526 		 * CCID_SLOT_F_NEED_TXN_RESET flag, as we want to make sure that
2527 		 * this is maintained until we're done here.
2528 		 */
2529 		flags = slot->cs_flags & CCID_SLOT_F_WORK_MASK;
2530 		slot->cs_flags &= ~CCID_SLOT_F_INTR_MASK;
2531 
2532 		if ((flags & CCID_SLOT_F_INTR_OVERCURRENT) != 0) {
2533 			ccid_slot_inactive(ccid, slot);
2534 		}
2535 
2536 		if ((flags & CCID_SLOT_F_CHANGED) != 0) {
2537 			if (flags & CCID_SLOT_F_INTR_GONE) {
2538 				ccid_slot_removed(ccid, slot, B_TRUE);
2539 			} else {
2540 				(void) ccid_slot_inserted(ccid, slot);
2541 				if ((slot->cs_flags & CCID_SLOT_F_ACTIVE) !=
2542 				    0) {
2543 					ccid_slot_excl_maybe_signal(slot);
2544 				}
2545 			}
2546 			VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2547 		}
2548 
2549 		if ((flags & CCID_SLOT_F_NEED_TXN_RESET) != 0) {
2550 			/*
2551 			 * If the CCID_SLOT_F_PRESENT flag is set, then we
2552 			 * should attempt to power off and power on the ICC in
2553 			 * an attempt to reset it. If this fails, trigger
2554 			 * another worker that needs to operate.
2555 			 */
2556 			if ((slot->cs_flags & CCID_SLOT_F_PRESENT) != 0) {
2557 				if (!ccid_slot_reset(ccid, slot)) {
2558 					ccid_worker_request(ccid);
2559 					continue;
2560 				}
2561 			}
2562 
2563 			VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2564 			slot->cs_flags &= ~CCID_SLOT_F_NEED_TXN_RESET;
2565 			/*
2566 			 * Try to signal the next thread waiting for exclusive
2567 			 * access.
2568 			 */
2569 			ccid_slot_excl_maybe_signal(slot);
2570 		}
2571 	}
2572 
2573 	/*
2574 	 * If we have a request to operate again, delay before we consider this,
2575 	 * to make sure we don't do too much work ourselves.
2576 	 */
2577 	if ((ccid->ccid_flags & CCID_F_WORKER_REQUESTED) != 0) {
2578 		mutex_exit(&ccid->ccid_mutex);
2579 		delay(drv_usectohz(1000) * 10);
2580 		mutex_enter(&ccid->ccid_mutex);
2581 	}
2582 
2583 	ccid->ccid_flags &= ~CCID_F_WORKER_RUNNING;
2584 	if ((ccid->ccid_flags & CCID_F_DEV_GONE_MASK) != 0) {
2585 		ccid->ccid_flags &= ~CCID_F_WORKER_REQUESTED;
2586 		mutex_exit(&ccid->ccid_mutex);
2587 		return;
2588 	}
2589 
2590 	if ((ccid->ccid_flags & CCID_F_WORKER_REQUESTED) != 0) {
2591 		(void) ddi_taskq_dispatch(ccid->ccid_taskq, ccid_worker, ccid,
2592 		    DDI_SLEEP);
2593 	}
2594 	mutex_exit(&ccid->ccid_mutex);
2595 }
2596 
2597 static void
2598 ccid_worker_request(ccid_t *ccid)
2599 {
2600 	boolean_t run;
2601 
2602 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
2603 	if ((ccid->ccid_flags & CCID_F_DEV_GONE_MASK) != 0) {
2604 		return;
2605 	}
2606 
2607 	run = (ccid->ccid_flags & CCID_F_WORKER_MASK) == 0;
2608 	ccid->ccid_flags |= CCID_F_WORKER_REQUESTED;
2609 	if (run) {
2610 		mutex_exit(&ccid->ccid_mutex);
2611 		(void) ddi_taskq_dispatch(ccid->ccid_taskq, ccid_worker, ccid,
2612 		    DDI_SLEEP);
2613 		mutex_enter(&ccid->ccid_mutex);
2614 	}
2615 }
2616 
2617 static void
2618 ccid_intr_restart_timeout(void *arg)
2619 {
2620 	ccid_t *ccid = arg;
2621 
2622 	mutex_enter(&ccid->ccid_mutex);
2623 	if ((ccid->ccid_flags & CCID_F_DEV_GONE_MASK) != 0) {
2624 		ccid->ccid_poll_timeout = NULL;
2625 		mutex_exit(&ccid->ccid_mutex);
2626 	}
2627 	mutex_exit(&ccid->ccid_mutex);
2628 
2629 	ccid_intr_poll_init(ccid);
2630 }
2631 
2632 /*
2633  * Search for the current class descriptor from the configuration cloud and
2634  * parse it for our use. We do this by first finding the current interface
2635  * descriptor and expecting it to be one of the next descriptors.
2636  */
2637 static boolean_t
2638 ccid_parse_class_desc(ccid_t *ccid)
2639 {
2640 	uint_t i;
2641 	size_t len, tlen;
2642 	usb_client_dev_data_t *dp;
2643 	usb_alt_if_data_t *alt;
2644 
2645 	/*
2646 	 * Establish the target length we're looking for from usb_parse_data().
2647 	 * Note that we cannot use the sizeof (ccid_class_descr_t) for this
2648 	 * because that function does not know how to account for the padding at
2649 	 * the end of the target structure (which is reasonble). So we manually
2650 	 * figure out the number of bytes it should in theory write.
2651 	 */
2652 	tlen = offsetof(ccid_class_descr_t, ccd_bMaxCCIDBusySlots) +
2653 	    sizeof (ccid->ccid_class.ccd_bMaxCCIDBusySlots);
2654 	dp = ccid->ccid_dev_data;
2655 	alt = &dp->dev_curr_cfg->cfg_if[dp->dev_curr_if].if_alt[0];
2656 	for (i = 0; i < alt->altif_n_cvs; i++) {
2657 		usb_cvs_data_t *cvs = &alt->altif_cvs[i];
2658 		if (cvs->cvs_buf == NULL)
2659 			continue;
2660 		if (cvs->cvs_buf_len != CCID_DESCR_LENGTH)
2661 			continue;
2662 		if (cvs->cvs_buf[1] != CCID_DESCR_TYPE)
2663 			continue;
2664 		if ((len = usb_parse_data("ccscc3lcllc5lccscc", cvs->cvs_buf,
2665 		    cvs->cvs_buf_len, &ccid->ccid_class,
2666 		    sizeof (ccid->ccid_class))) >= tlen) {
2667 			return (B_TRUE);
2668 		}
2669 		ccid_error(ccid, "!failed to parse CCID class descriptor from "
2670 		    "cvs %u, expected %lu bytes, received %lu", i, tlen, len);
2671 	}
2672 
2673 	ccid_error(ccid, "!failed to find matching CCID class descriptor");
2674 	return (B_FALSE);
2675 }
2676 
2677 /*
2678  * Verify whether or not we can support this CCID reader.
2679  */
2680 static boolean_t
2681 ccid_supported(ccid_t *ccid)
2682 {
2683 	usb_client_dev_data_t *dp;
2684 	usb_alt_if_data_t *alt;
2685 	ccid_class_features_t feat;
2686 	uint_t bits;
2687 	uint16_t ver = ccid->ccid_class.ccd_bcdCCID;
2688 
2689 	if (CCID_VERSION_MAJOR(ver) != CCID_VERSION_ONE) {
2690 		ccid_error(ccid, "!refusing to attach to CCID with unsupported "
2691 		    "version %x.%2x", CCID_VERSION_MAJOR(ver),
2692 		    CCID_VERSION_MINOR(ver));
2693 		return (B_FALSE);
2694 	}
2695 
2696 	/*
2697 	 * Check the number of endpoints. This should have either two or three.
2698 	 * If three, that means we should expect an interrupt-IN endpoint.
2699 	 * Otherwise, we shouldn't. Any other value indicates something weird
2700 	 * that we should ignore.
2701 	 */
2702 	dp = ccid->ccid_dev_data;
2703 	alt = &dp->dev_curr_cfg->cfg_if[dp->dev_curr_if].if_alt[0];
2704 	switch (alt->altif_descr.bNumEndpoints) {
2705 	case 2:
2706 		ccid->ccid_flags &= ~CCID_F_HAS_INTR;
2707 		break;
2708 	case 3:
2709 		ccid->ccid_flags |= CCID_F_HAS_INTR;
2710 		break;
2711 	default:
2712 		ccid_error(ccid, "!refusing to attach to CCID with unsupported "
2713 		    "number of endpoints: %d", alt->altif_descr.bNumEndpoints);
2714 		return (B_FALSE);
2715 	}
2716 
2717 	/*
2718 	 * Try and determine the appropriate buffer size. This can be a little
2719 	 * tricky. The class descriptor tells us the maximum size that the
2720 	 * reader accepts. While it may be tempting to try and use a larger
2721 	 * value such as the maximum size, the readers really don't like
2722 	 * receiving bulk transfers that large. However, there are also reports
2723 	 * of readers that will overwrite to a fixed minimum size. Until we see
2724 	 * such a thing in the wild there's probably no point in trying to deal
2725 	 * with it here.
2726 	 */
2727 	ccid->ccid_bufsize = ccid->ccid_class.ccd_dwMaxCCIDMessageLength;
2728 	if (ccid->ccid_bufsize < CCID_MIN_MESSAGE_LENGTH) {
2729 		ccid_error(ccid, "!CCID reader maximum CCID message length (%u)"
2730 		    " is less than minimum packet length (%u)",
2731 		    ccid->ccid_bufsize, CCID_MIN_MESSAGE_LENGTH);
2732 		return (B_FALSE);
2733 	}
2734 
2735 	/*
2736 	 * At this time, we do not require that the system have automatic ICC
2737 	 * activation or automatic ICC voltage. These are handled automatically
2738 	 * by the system.
2739 	 */
2740 	feat = ccid->ccid_class.ccd_dwFeatures;
2741 
2742 	/*
2743 	 * Check the number of data rates that are supported by the reader. If
2744 	 * the reader has a non-zero value and we don't support automatic
2745 	 * negotiation then warn about that.
2746 	 */
2747 	if (ccid->ccid_class.ccd_bNumDataRatesSupported != 0 &&
2748 	    (feat & CCID_CLASS_F_AUTO_BAUD) == 0) {
2749 		ccid_error(ccid, "!CCID reader only supports fixed clock rates,"
2750 		    " data will be limited to default values");
2751 	}
2752 
2753 	/*
2754 	 * Check which automatic features the reader provides and which features
2755 	 * it does not. Missing features will require additional work before a
2756 	 * card can be activated. Note, this also applies to APDU based readers
2757 	 * which may need to have various aspects of the device negotiated.
2758 	 */
2759 
2760 	/*
2761 	 * The footnote for these two bits in CCID r1.1.0 indicates that
2762 	 * when neither are missing we have to do the PPS negotiation
2763 	 * ourselves.
2764 	 */
2765 	bits = CCID_CLASS_F_AUTO_PARAM_NEG | CCID_CLASS_F_AUTO_PPS;
2766 	if ((feat & bits) == 0) {
2767 		ccid->ccid_flags |= CCID_F_NEEDS_PPS;
2768 	}
2769 
2770 	if ((feat & CCID_CLASS_F_AUTO_PARAM_NEG) == 0) {
2771 		ccid->ccid_flags |= CCID_F_NEEDS_PARAMS;
2772 	}
2773 
2774 	bits = CCID_CLASS_F_AUTO_BAUD | CCID_CLASS_F_AUTO_ICC_CLOCK;
2775 	if ((feat & bits) != bits) {
2776 		ccid->ccid_flags |= CCID_F_NEEDS_DATAFREQ;
2777 	}
2778 
2779 	return (B_TRUE);
2780 }
2781 
2782 static boolean_t
2783 ccid_open_pipes(ccid_t *ccid)
2784 {
2785 	int ret;
2786 	usb_ep_data_t *ep;
2787 	usb_client_dev_data_t *data;
2788 	usb_pipe_policy_t policy;
2789 
2790 	data = ccid->ccid_dev_data;
2791 
2792 	/*
2793 	 * First fill all the descriptors.
2794 	 */
2795 	ep = usb_lookup_ep_data(ccid->ccid_dip, data, data->dev_curr_if, 0, 0,
2796 	    USB_EP_ATTR_BULK, USB_EP_DIR_IN);
2797 	if (ep == NULL) {
2798 		ccid_error(ccid, "!failed to find CCID Bulk-IN endpoint");
2799 		return (B_FALSE);
2800 	}
2801 
2802 	if ((ret = usb_ep_xdescr_fill(USB_EP_XDESCR_CURRENT_VERSION,
2803 	    ccid->ccid_dip, ep, &ccid->ccid_bulkin_xdesc)) != USB_SUCCESS) {
2804 		ccid_error(ccid, "!failed to fill Bulk-IN xdescr: %d", ret);
2805 		return (B_FALSE);
2806 	}
2807 
2808 	ep = usb_lookup_ep_data(ccid->ccid_dip, data, data->dev_curr_if, 0, 0,
2809 	    USB_EP_ATTR_BULK, USB_EP_DIR_OUT);
2810 	if (ep == NULL) {
2811 		ccid_error(ccid, "!failed to find CCID Bulk-OUT endpoint");
2812 		return (B_FALSE);
2813 	}
2814 
2815 	if ((ret = usb_ep_xdescr_fill(USB_EP_XDESCR_CURRENT_VERSION,
2816 	    ccid->ccid_dip, ep, &ccid->ccid_bulkout_xdesc)) != USB_SUCCESS) {
2817 		ccid_error(ccid, "!failed to fill Bulk-OUT xdescr: %d", ret);
2818 		return (B_FALSE);
2819 	}
2820 
2821 	if (ccid->ccid_flags & CCID_F_HAS_INTR) {
2822 		ep = usb_lookup_ep_data(ccid->ccid_dip, data, data->dev_curr_if,
2823 		    0, 0, USB_EP_ATTR_INTR, USB_EP_DIR_IN);
2824 		if (ep == NULL) {
2825 			ccid_error(ccid, "!failed to find CCID Intr-IN "
2826 			    "endpoint");
2827 			return (B_FALSE);
2828 		}
2829 
2830 		if ((ret = usb_ep_xdescr_fill(USB_EP_XDESCR_CURRENT_VERSION,
2831 		    ccid->ccid_dip, ep, &ccid->ccid_intrin_xdesc)) !=
2832 		    USB_SUCCESS) {
2833 			ccid_error(ccid, "!failed to fill Intr-OUT xdescr: %d",
2834 			    ret);
2835 			return (B_FALSE);
2836 		}
2837 	}
2838 
2839 	/*
2840 	 * Now open up the pipes.
2841 	 */
2842 	bzero(&policy, sizeof (policy));
2843 	policy.pp_max_async_reqs = CCID_NUM_ASYNC_REQS;
2844 
2845 	if ((ret = usb_pipe_xopen(ccid->ccid_dip, &ccid->ccid_bulkin_xdesc,
2846 	    &policy, USB_FLAGS_SLEEP, &ccid->ccid_bulkin_pipe)) !=
2847 	    USB_SUCCESS) {
2848 		ccid_error(ccid, "!failed to open Bulk-IN pipe: %d\n", ret);
2849 		return (B_FALSE);
2850 	}
2851 
2852 	if ((ret = usb_pipe_xopen(ccid->ccid_dip, &ccid->ccid_bulkout_xdesc,
2853 	    &policy, USB_FLAGS_SLEEP, &ccid->ccid_bulkout_pipe)) !=
2854 	    USB_SUCCESS) {
2855 		ccid_error(ccid, "!failed to open Bulk-OUT pipe: %d\n", ret);
2856 		usb_pipe_close(ccid->ccid_dip, ccid->ccid_bulkin_pipe,
2857 		    USB_FLAGS_SLEEP, NULL, NULL);
2858 		ccid->ccid_bulkin_pipe = NULL;
2859 		return (B_FALSE);
2860 	}
2861 
2862 	if (ccid->ccid_flags & CCID_F_HAS_INTR) {
2863 		if ((ret = usb_pipe_xopen(ccid->ccid_dip,
2864 		    &ccid->ccid_intrin_xdesc, &policy, USB_FLAGS_SLEEP,
2865 		    &ccid->ccid_intrin_pipe)) != USB_SUCCESS) {
2866 			ccid_error(ccid, "!failed to open Intr-IN pipe: %d\n",
2867 			    ret);
2868 			usb_pipe_close(ccid->ccid_dip, ccid->ccid_bulkin_pipe,
2869 			    USB_FLAGS_SLEEP, NULL, NULL);
2870 			ccid->ccid_bulkin_pipe = NULL;
2871 			usb_pipe_close(ccid->ccid_dip, ccid->ccid_bulkout_pipe,
2872 			    USB_FLAGS_SLEEP, NULL, NULL);
2873 			ccid->ccid_bulkout_pipe = NULL;
2874 			return (B_FALSE);
2875 		}
2876 	}
2877 
2878 	ccid->ccid_control_pipe = data->dev_default_ph;
2879 	return (B_TRUE);
2880 }
2881 
2882 static void
2883 ccid_slots_fini(ccid_t *ccid)
2884 {
2885 	uint_t i;
2886 
2887 	for (i = 0; i < ccid->ccid_nslots; i++) {
2888 		VERIFY3U(ccid->ccid_slots[i].cs_slotno, ==, i);
2889 
2890 		if (ccid->ccid_slots[i].cs_command != NULL) {
2891 			ccid_command_free(ccid->ccid_slots[i].cs_command);
2892 			ccid->ccid_slots[i].cs_command = NULL;
2893 		}
2894 
2895 		cv_destroy(&ccid->ccid_slots[i].cs_io.ci_cv);
2896 		freemsgchain(ccid->ccid_slots[i].cs_atr);
2897 		atr_data_free(ccid->ccid_slots[i].cs_icc.icc_atr_data);
2898 		list_destroy(&ccid->ccid_slots[i].cs_minors);
2899 		list_destroy(&ccid->ccid_slots[i].cs_excl_waiters);
2900 	}
2901 
2902 	ddi_remove_minor_node(ccid->ccid_dip, NULL);
2903 	kmem_free(ccid->ccid_slots, sizeof (ccid_slot_t) * ccid->ccid_nslots);
2904 	ccid->ccid_nslots = 0;
2905 	ccid->ccid_slots = NULL;
2906 }
2907 
2908 static boolean_t
2909 ccid_slots_init(ccid_t *ccid)
2910 {
2911 	uint_t i;
2912 
2913 	/*
2914 	 * The class descriptor has the maximum index that one can index into.
2915 	 * We therefore have to add one to determine the actual number of slots
2916 	 * that exist.
2917 	 */
2918 	ccid->ccid_nslots = ccid->ccid_class.ccd_bMaxSlotIndex + 1;
2919 	ccid->ccid_slots = kmem_zalloc(sizeof (ccid_slot_t) * ccid->ccid_nslots,
2920 	    KM_SLEEP);
2921 	for (i = 0; i < ccid->ccid_nslots; i++) {
2922 		ccid_slot_t *slot = &ccid->ccid_slots[i];
2923 
2924 		/*
2925 		 * We initialize every possible slot as having changed to make
2926 		 * sure that we have a chance to discover it. See the slot
2927 		 * detection section in the big theory statement for more info.
2928 		 */
2929 		slot->cs_flags |= CCID_SLOT_F_CHANGED;
2930 		slot->cs_slotno = i;
2931 		slot->cs_ccid = ccid;
2932 		slot->cs_icc.icc_atr_data = atr_data_alloc();
2933 		slot->cs_idx.cmi_minor = CCID_MINOR_INVALID;
2934 		slot->cs_idx.cmi_isslot = B_TRUE;
2935 		slot->cs_idx.cmi_data.cmi_slot = slot;
2936 		cv_init(&slot->cs_io.ci_cv, NULL, CV_DRIVER, NULL);
2937 		list_create(&slot->cs_minors, sizeof (ccid_minor_t),
2938 		    offsetof(ccid_minor_t, cm_minor_list));
2939 		list_create(&slot->cs_excl_waiters, sizeof (ccid_minor_t),
2940 		    offsetof(ccid_minor_t, cm_excl_list));
2941 	}
2942 
2943 	return (B_TRUE);
2944 }
2945 
2946 static void
2947 ccid_minors_fini(ccid_t *ccid)
2948 {
2949 	uint_t i;
2950 
2951 	ddi_remove_minor_node(ccid->ccid_dip, NULL);
2952 	for (i = 0; i < ccid->ccid_nslots; i++) {
2953 		if (ccid->ccid_slots[i].cs_idx.cmi_minor == CCID_MINOR_INVALID)
2954 			continue;
2955 		ccid_minor_idx_free(&ccid->ccid_slots[i].cs_idx);
2956 	}
2957 }
2958 
2959 static boolean_t
2960 ccid_minors_init(ccid_t *ccid)
2961 {
2962 	uint_t i;
2963 
2964 	for (i = 0; i < ccid->ccid_nslots; i++) {
2965 		char buf[32];
2966 
2967 		(void) ccid_minor_idx_alloc(&ccid->ccid_slots[i].cs_idx,
2968 		    B_TRUE);
2969 
2970 		(void) snprintf(buf, sizeof (buf), "slot%u", i);
2971 		if (ddi_create_minor_node(ccid->ccid_dip, buf, S_IFCHR,
2972 		    ccid->ccid_slots[i].cs_idx.cmi_minor,
2973 		    DDI_NT_CCID_ATTACHMENT_POINT, 0) != DDI_SUCCESS) {
2974 			ccid_minors_fini(ccid);
2975 			return (B_FALSE);
2976 		}
2977 	}
2978 
2979 	return (B_TRUE);
2980 }
2981 
2982 static void
2983 ccid_intr_poll_fini(ccid_t *ccid)
2984 {
2985 	if (ccid->ccid_flags & CCID_F_HAS_INTR) {
2986 		timeout_id_t tid;
2987 
2988 		mutex_enter(&ccid->ccid_mutex);
2989 		tid = ccid->ccid_poll_timeout;
2990 		ccid->ccid_poll_timeout = NULL;
2991 		mutex_exit(&ccid->ccid_mutex);
2992 		(void) untimeout(tid);
2993 		usb_pipe_stop_intr_polling(ccid->ccid_intrin_pipe,
2994 		    USB_FLAGS_SLEEP);
2995 	} else {
2996 		VERIFY3P(ccid->ccid_intrin_pipe, ==, NULL);
2997 	}
2998 }
2999 
3000 static void
3001 ccid_intr_poll_init(ccid_t *ccid)
3002 {
3003 	int ret;
3004 	usb_intr_req_t *uirp;
3005 
3006 	uirp = usb_alloc_intr_req(ccid->ccid_dip, 0, USB_FLAGS_SLEEP);
3007 	uirp->intr_client_private = (usb_opaque_t)ccid;
3008 	uirp->intr_attributes = USB_ATTRS_SHORT_XFER_OK |
3009 	    USB_ATTRS_AUTOCLEARING;
3010 	uirp->intr_len = CCID_INTR_RESPONSE_SIZE;
3011 	uirp->intr_cb = ccid_intr_pipe_cb;
3012 	uirp->intr_exc_cb = ccid_intr_pipe_except_cb;
3013 
3014 	mutex_enter(&ccid->ccid_mutex);
3015 	if (ccid->ccid_flags & CCID_F_DEV_GONE_MASK) {
3016 		mutex_exit(&ccid->ccid_mutex);
3017 		usb_free_intr_req(uirp);
3018 		return;
3019 	}
3020 
3021 	if ((ret = usb_pipe_intr_xfer(ccid->ccid_intrin_pipe, uirp,
3022 	    USB_FLAGS_SLEEP)) != USB_SUCCESS) {
3023 		ccid_error(ccid, "!failed to start polling on CCID Intr-IN "
3024 		    "pipe: %d", ret);
3025 		ccid->ccid_poll_timeout = timeout(ccid_intr_restart_timeout,
3026 		    ccid, drv_usectohz(1000000));
3027 		usb_free_intr_req(uirp);
3028 	}
3029 	mutex_exit(&ccid->ccid_mutex);
3030 }
3031 
3032 static void
3033 ccid_cleanup_bulkin(ccid_t *ccid)
3034 {
3035 	uint_t i;
3036 
3037 	VERIFY3P(ccid->ccid_bulkin_dispatched, ==, NULL);
3038 	for (i = 0; i < ccid->ccid_bulkin_alloced; i++) {
3039 		VERIFY3P(ccid->ccid_bulkin_cache[i], !=, NULL);
3040 		usb_free_bulk_req(ccid->ccid_bulkin_cache[i]);
3041 		ccid->ccid_bulkin_cache[i] = NULL;
3042 	}
3043 
3044 #ifdef	DEBUG
3045 	for (i = 0; i < CCID_BULK_NALLOCED; i++) {
3046 		VERIFY3P(ccid->ccid_bulkin_cache[i], ==, NULL);
3047 	}
3048 #endif
3049 	ccid->ccid_bulkin_alloced = 0;
3050 }
3051 
3052 static int
3053 ccid_disconnect_cb(dev_info_t *dip)
3054 {
3055 	int inst;
3056 	ccid_t *ccid;
3057 	uint_t i;
3058 
3059 	if (dip == NULL)
3060 		goto done;
3061 
3062 	inst = ddi_get_instance(dip);
3063 	ccid = ddi_get_soft_state(ccid_softstate, inst);
3064 	if (ccid == NULL)
3065 		goto done;
3066 	VERIFY3P(dip, ==, ccid->ccid_dip);
3067 
3068 	mutex_enter(&ccid->ccid_mutex);
3069 	/*
3070 	 * First, set the disconnected flag. This will make sure that anyone
3071 	 * that tries to make additional operations will be kicked out. This
3072 	 * flag is checked by detach and by users.
3073 	 */
3074 	ccid->ccid_flags |= CCID_F_DISCONNECTED;
3075 
3076 	/*
3077 	 * Now, go through any threads that are blocked on a minor for exclusive
3078 	 * access. They should be woken up and they'll fail due to the fact that
3079 	 * we've set the disconnected flag above.
3080 	 */
3081 	for (i = 0; i < ccid->ccid_nslots; i++) {
3082 		ccid_minor_t *cmp;
3083 		ccid_slot_t *slot = &ccid->ccid_slots[i];
3084 
3085 		for (cmp = list_head(&slot->cs_excl_waiters); cmp != NULL;
3086 		    cmp = list_next(&slot->cs_excl_waiters, cmp)) {
3087 			cv_signal(&cmp->cm_excl_cv);
3088 		}
3089 	}
3090 
3091 	/*
3092 	 * Finally, we need to basically wake up anyone blocked in read and make
3093 	 * sure that they don't wait there forever and make sure that anyone
3094 	 * polling gets a POLLHUP. We can't really distinguish between this and
3095 	 * an ICC being removed. It will be discovered when someone tries to do
3096 	 * an operation and they receive an ENODEV. We only need to do this on
3097 	 * minors that have exclusive access. Don't worry about them finishing
3098 	 * up, this'll be done as part of detach.
3099 	 */
3100 	for (i = 0; i < ccid->ccid_nslots; i++) {
3101 		ccid_slot_t *slot = &ccid->ccid_slots[i];
3102 		if (slot->cs_excl_minor == NULL)
3103 			continue;
3104 
3105 		pollwakeup(&slot->cs_excl_minor->cm_pollhead,
3106 		    POLLHUP | POLLERR);
3107 		cv_signal(&slot->cs_excl_minor->cm_read_cv);
3108 	}
3109 
3110 	/*
3111 	 * If there are outstanding commands, they will ultimately be cleaned
3112 	 * up as the USB commands themselves time out. We will get notified
3113 	 * through the various bulk xfer exception callbacks, which will induce
3114 	 * the cleanup through ccid_command_transport_error(). This will also
3115 	 * take care of commands waiting for I/O teardown.
3116 	 */
3117 	mutex_exit(&ccid->ccid_mutex);
3118 
3119 done:
3120 	return (USB_SUCCESS);
3121 }
3122 
3123 static usb_event_t ccid_usb_events = {
3124 	ccid_disconnect_cb,
3125 	NULL,
3126 	NULL,
3127 	NULL
3128 };
3129 
3130 static void
3131 ccid_cleanup(dev_info_t *dip)
3132 {
3133 	int inst;
3134 	ccid_t *ccid;
3135 
3136 	if (dip == NULL)
3137 		return;
3138 
3139 	inst = ddi_get_instance(dip);
3140 	ccid = ddi_get_soft_state(ccid_softstate, inst);
3141 	if (ccid == NULL)
3142 		return;
3143 	VERIFY3P(dip, ==, ccid->ccid_dip);
3144 
3145 	/*
3146 	 * Make sure we set the detaching flag so anything running in the
3147 	 * background knows to stop.
3148 	 */
3149 	mutex_enter(&ccid->ccid_mutex);
3150 	ccid->ccid_flags |= CCID_F_DETACHING;
3151 	mutex_exit(&ccid->ccid_mutex);
3152 
3153 	if ((ccid->ccid_attach & CCID_ATTACH_MINORS) != 0) {
3154 		ccid_minors_fini(ccid);
3155 		ccid->ccid_attach &= ~CCID_ATTACH_MINORS;
3156 	}
3157 
3158 	if ((ccid->ccid_attach & CCID_ATTACH_INTR_ACTIVE) != 0) {
3159 		ccid_intr_poll_fini(ccid);
3160 		ccid->ccid_attach &= ~CCID_ATTACH_INTR_ACTIVE;
3161 	}
3162 
3163 	/*
3164 	 * At this point, we have shut down the interrupt pipe, the last place
3165 	 * aside from a user that could have kicked off I/O. So finally wait for
3166 	 * any worker threads.
3167 	 */
3168 	if (ccid->ccid_taskq != NULL) {
3169 		ddi_taskq_wait(ccid->ccid_taskq);
3170 		mutex_enter(&ccid->ccid_mutex);
3171 		VERIFY0(ccid->ccid_flags & CCID_F_WORKER_MASK);
3172 		mutex_exit(&ccid->ccid_mutex);
3173 	}
3174 
3175 	if ((ccid->ccid_attach & CCID_ATTACH_HOTPLUG_CB) != 0) {
3176 		usb_unregister_event_cbs(dip, &ccid_usb_events);
3177 		ccid->ccid_attach &= ~CCID_ATTACH_HOTPLUG_CB;
3178 	}
3179 
3180 	if ((ccid->ccid_attach & CCID_ATTACH_SLOTS) != 0) {
3181 		ccid_slots_fini(ccid);
3182 		ccid->ccid_attach &= ~CCID_ATTACH_SLOTS;
3183 	}
3184 
3185 	if ((ccid->ccid_attach & CCID_ATTACH_SEQ_IDS) != 0) {
3186 		id_space_destroy(ccid->ccid_seqs);
3187 		ccid->ccid_seqs = NULL;
3188 		ccid->ccid_attach &= ~CCID_ATTACH_SEQ_IDS;
3189 	}
3190 
3191 	if ((ccid->ccid_attach & CCID_ATTACH_OPEN_PIPES) != 0) {
3192 		usb_pipe_close(dip, ccid->ccid_bulkin_pipe, USB_FLAGS_SLEEP,
3193 		    NULL, NULL);
3194 		ccid->ccid_bulkin_pipe = NULL;
3195 		usb_pipe_close(dip, ccid->ccid_bulkout_pipe, USB_FLAGS_SLEEP,
3196 		    NULL, NULL);
3197 		ccid->ccid_bulkout_pipe = NULL;
3198 		if ((ccid->ccid_flags & CCID_F_HAS_INTR) != 0) {
3199 			usb_pipe_close(dip, ccid->ccid_intrin_pipe,
3200 			    USB_FLAGS_SLEEP, NULL, NULL);
3201 			ccid->ccid_intrin_pipe = NULL;
3202 		} else {
3203 			VERIFY3P(ccid->ccid_intrin_pipe, ==, NULL);
3204 		}
3205 		ccid->ccid_control_pipe = NULL;
3206 		ccid->ccid_attach &= ~CCID_ATTACH_OPEN_PIPES;
3207 	}
3208 
3209 	/*
3210 	 * Now that all of the pipes are closed. If we happened to have any
3211 	 * cached bulk requests, we should free them.
3212 	 */
3213 	ccid_cleanup_bulkin(ccid);
3214 
3215 	if (ccid->ccid_attach & CCID_ATTACH_CMD_LIST) {
3216 		ccid_command_t *cc;
3217 
3218 		while ((cc = list_remove_head(&ccid->ccid_command_queue)) !=
3219 		    NULL) {
3220 			ccid_command_free(cc);
3221 		}
3222 		list_destroy(&ccid->ccid_command_queue);
3223 
3224 		while ((cc = list_remove_head(&ccid->ccid_complete_queue)) !=
3225 		    NULL) {
3226 			ccid_command_free(cc);
3227 		}
3228 		list_destroy(&ccid->ccid_complete_queue);
3229 	}
3230 
3231 	if ((ccid->ccid_attach & CCID_ATTACH_TASKQ) != 0) {
3232 		ddi_taskq_destroy(ccid->ccid_taskq);
3233 		ccid->ccid_taskq = NULL;
3234 		ccid->ccid_attach &= ~CCID_ATTACH_TASKQ;
3235 	}
3236 
3237 	if ((ccid->ccid_attach & CCID_ATTACH_MUTEX_INIT) != 0) {
3238 		mutex_destroy(&ccid->ccid_mutex);
3239 		ccid->ccid_attach &= ~CCID_ATTACH_MUTEX_INIT;
3240 	}
3241 
3242 	if ((ccid->ccid_attach & CCID_ATTACH_USB_CLIENT) != 0) {
3243 		usb_client_detach(dip, ccid->ccid_dev_data);
3244 		ccid->ccid_dev_data = NULL;
3245 		ccid->ccid_attach &= ~CCID_ATTACH_USB_CLIENT;
3246 	}
3247 
3248 	ASSERT0(ccid->ccid_attach);
3249 	ddi_soft_state_free(ccid_softstate, inst);
3250 }
3251 
3252 static int
3253 ccid_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
3254 {
3255 	ccid_t *ccid;
3256 	int inst, ret;
3257 	char buf[64];
3258 
3259 	if (cmd != DDI_ATTACH)
3260 		return (DDI_FAILURE);
3261 
3262 	inst = ddi_get_instance(dip);
3263 	if (ddi_soft_state_zalloc(ccid_softstate, inst) != DDI_SUCCESS) {
3264 		ccid_error(NULL, "!failed to allocate soft state for ccid "
3265 		    "instance %d", inst);
3266 		return (DDI_FAILURE);
3267 	}
3268 
3269 	ccid = ddi_get_soft_state(ccid_softstate, inst);
3270 	ccid->ccid_dip = dip;
3271 
3272 	if ((ret = usb_client_attach(dip, USBDRV_VERSION, 0)) != USB_SUCCESS) {
3273 		ccid_error(ccid, "!failed to attach to usb client: %d", ret);
3274 		goto cleanup;
3275 	}
3276 	ccid->ccid_attach |= CCID_ATTACH_USB_CLIENT;
3277 
3278 	if ((ret = usb_get_dev_data(dip, &ccid->ccid_dev_data, USB_PARSE_LVL_IF,
3279 	    0)) != USB_SUCCESS) {
3280 		ccid_error(ccid, "!failed to get usb device data: %d", ret);
3281 		goto cleanup;
3282 	}
3283 
3284 	mutex_init(&ccid->ccid_mutex, NULL, MUTEX_DRIVER,
3285 	    ccid->ccid_dev_data->dev_iblock_cookie);
3286 	ccid->ccid_attach |= CCID_ATTACH_MUTEX_INIT;
3287 
3288 	(void) snprintf(buf, sizeof (buf), "ccid%d_taskq", inst);
3289 	ccid->ccid_taskq = ddi_taskq_create(dip, buf, 1, TASKQ_DEFAULTPRI, 0);
3290 	if (ccid->ccid_taskq == NULL) {
3291 		ccid_error(ccid, "!failed to create CCID taskq");
3292 		goto cleanup;
3293 	}
3294 	ccid->ccid_attach |= CCID_ATTACH_TASKQ;
3295 
3296 	list_create(&ccid->ccid_command_queue, sizeof (ccid_command_t),
3297 	    offsetof(ccid_command_t, cc_list_node));
3298 	list_create(&ccid->ccid_complete_queue, sizeof (ccid_command_t),
3299 	    offsetof(ccid_command_t, cc_list_node));
3300 
3301 	if (!ccid_parse_class_desc(ccid)) {
3302 		ccid_error(ccid, "!failed to parse CCID class descriptor");
3303 		goto cleanup;
3304 	}
3305 
3306 	if (!ccid_supported(ccid)) {
3307 		ccid_error(ccid,
3308 		    "!CCID reader is not supported, not attaching");
3309 		goto cleanup;
3310 	}
3311 
3312 	if (!ccid_open_pipes(ccid)) {
3313 		ccid_error(ccid, "!failed to open CCID pipes, not attaching");
3314 		goto cleanup;
3315 	}
3316 	ccid->ccid_attach |= CCID_ATTACH_OPEN_PIPES;
3317 
3318 	(void) snprintf(buf, sizeof (buf), "ccid%d_seqs", inst);
3319 	if ((ccid->ccid_seqs = id_space_create(buf, CCID_SEQ_MIN,
3320 	    CCID_SEQ_MAX + 1)) == NULL) {
3321 		ccid_error(ccid, "!failed to create CCID sequence id space");
3322 		goto cleanup;
3323 	}
3324 	ccid->ccid_attach |= CCID_ATTACH_SEQ_IDS;
3325 
3326 	if (!ccid_slots_init(ccid)) {
3327 		ccid_error(ccid, "!failed to initialize CCID slot structures");
3328 		goto cleanup;
3329 	}
3330 	ccid->ccid_attach |= CCID_ATTACH_SLOTS;
3331 
3332 	if (usb_register_event_cbs(dip, &ccid_usb_events, 0) != USB_SUCCESS) {
3333 		ccid_error(ccid, "!failed to register USB hotplug callbacks");
3334 		goto cleanup;
3335 	}
3336 	ccid->ccid_attach |= CCID_ATTACH_HOTPLUG_CB;
3337 
3338 	/*
3339 	 * Before we enable the interrupt pipe, take a shot at priming our
3340 	 * bulkin_cache.
3341 	 */
3342 	mutex_enter(&ccid->ccid_mutex);
3343 	ccid_bulkin_cache_refresh(ccid);
3344 	mutex_exit(&ccid->ccid_mutex);
3345 
3346 	if (ccid->ccid_flags & CCID_F_HAS_INTR) {
3347 		ccid_intr_poll_init(ccid);
3348 	}
3349 	ccid->ccid_attach |= CCID_ATTACH_INTR_ACTIVE;
3350 
3351 	/*
3352 	 * Create minor nodes for each slot.
3353 	 */
3354 	if (!ccid_minors_init(ccid)) {
3355 		ccid_error(ccid, "!failed to create minor nodes");
3356 		goto cleanup;
3357 	}
3358 	ccid->ccid_attach |= CCID_ATTACH_MINORS;
3359 
3360 	mutex_enter(&ccid->ccid_mutex);
3361 	ccid_worker_request(ccid);
3362 	mutex_exit(&ccid->ccid_mutex);
3363 
3364 	return (DDI_SUCCESS);
3365 
3366 cleanup:
3367 	ccid_cleanup(dip);
3368 	return (DDI_FAILURE);
3369 }
3370 
3371 static int
3372 ccid_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **outp)
3373 {
3374 	return (DDI_FAILURE);
3375 }
3376 
3377 static int
3378 ccid_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
3379 {
3380 	int inst;
3381 	ccid_t *ccid;
3382 
3383 	if (cmd != DDI_DETACH)
3384 		return (DDI_FAILURE);
3385 
3386 	inst = ddi_get_instance(dip);
3387 	ccid = ddi_get_soft_state(ccid_softstate, inst);
3388 	VERIFY3P(ccid, !=, NULL);
3389 	VERIFY3P(dip, ==, ccid->ccid_dip);
3390 
3391 	mutex_enter(&ccid->ccid_mutex);
3392 
3393 	/*
3394 	 * If the device hasn't been disconnected from a USB sense, refuse to
3395 	 * detach. Otherwise, there's no way to guarantee that the ccid
3396 	 * driver will be attached when a user hotplugs an ICC.
3397 	 */
3398 	if ((ccid->ccid_flags & CCID_F_DISCONNECTED) == 0) {
3399 		mutex_exit(&ccid->ccid_mutex);
3400 		return (DDI_FAILURE);
3401 	}
3402 
3403 	if (!list_is_empty(&ccid->ccid_command_queue) ||
3404 	    !list_is_empty(&ccid->ccid_complete_queue)) {
3405 		mutex_exit(&ccid->ccid_mutex);
3406 		return (DDI_FAILURE);
3407 	}
3408 	mutex_exit(&ccid->ccid_mutex);
3409 
3410 	ccid_cleanup(dip);
3411 	return (DDI_SUCCESS);
3412 }
3413 
3414 static void
3415 ccid_minor_free(ccid_minor_t *cmp)
3416 {
3417 	VERIFY3U(cmp->cm_idx.cmi_minor, ==, CCID_MINOR_INVALID);
3418 	crfree(cmp->cm_opener);
3419 	cv_destroy(&cmp->cm_iowait_cv);
3420 	cv_destroy(&cmp->cm_read_cv);
3421 	cv_destroy(&cmp->cm_excl_cv);
3422 	kmem_free(cmp, sizeof (ccid_minor_t));
3423 
3424 }
3425 
3426 static int
3427 ccid_open(dev_t *devp, int flag, int otyp, cred_t *credp)
3428 {
3429 	ccid_minor_idx_t *idx;
3430 	ccid_minor_t *cmp;
3431 	ccid_slot_t *slot;
3432 
3433 	/*
3434 	 * Always check the zone first, to make sure we lie about it existing.
3435 	 */
3436 	if (crgetzoneid(credp) != GLOBAL_ZONEID)
3437 		return (ENOENT);
3438 
3439 	if ((otyp & (FNDELAY | FEXCL)) != 0)
3440 		return (EINVAL);
3441 
3442 	if (drv_priv(credp) != 0)
3443 		return (EPERM);
3444 
3445 	if (otyp != OTYP_CHR)
3446 		return (ENOTSUP);
3447 
3448 	if ((flag & FREAD) != FREAD)
3449 		return (EINVAL);
3450 
3451 	idx = ccid_minor_find(getminor(*devp));
3452 	if (idx == NULL) {
3453 		return (ENOENT);
3454 	}
3455 
3456 	/*
3457 	 * We don't expect anyone to be able to get a non-slot related minor. If
3458 	 * that somehow happens, guard against it and error out.
3459 	 */
3460 	if (!idx->cmi_isslot) {
3461 		return (ENOENT);
3462 	}
3463 
3464 	slot = idx->cmi_data.cmi_slot;
3465 
3466 	mutex_enter(&slot->cs_ccid->ccid_mutex);
3467 	if ((slot->cs_ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
3468 		mutex_exit(&slot->cs_ccid->ccid_mutex);
3469 		return (ENODEV);
3470 	}
3471 	mutex_exit(&slot->cs_ccid->ccid_mutex);
3472 
3473 	cmp = kmem_zalloc(sizeof (ccid_minor_t), KM_SLEEP);
3474 
3475 	cmp->cm_idx.cmi_minor = CCID_MINOR_INVALID;
3476 	cmp->cm_idx.cmi_isslot = B_FALSE;
3477 	cmp->cm_idx.cmi_data.cmi_user = cmp;
3478 	if (!ccid_minor_idx_alloc(&cmp->cm_idx, B_FALSE)) {
3479 		kmem_free(cmp, sizeof (ccid_minor_t));
3480 		return (ENOSPC);
3481 	}
3482 	cv_init(&cmp->cm_excl_cv, NULL, CV_DRIVER, NULL);
3483 	cv_init(&cmp->cm_read_cv, NULL, CV_DRIVER, NULL);
3484 	cv_init(&cmp->cm_iowait_cv, NULL, CV_DRIVER, NULL);
3485 	cmp->cm_opener = crdup(credp);
3486 	cmp->cm_slot = slot;
3487 	*devp = makedevice(getmajor(*devp), cmp->cm_idx.cmi_minor);
3488 
3489 	if ((flag & FWRITE) == FWRITE) {
3490 		cmp->cm_flags |= CCID_MINOR_F_WRITABLE;
3491 	}
3492 
3493 	mutex_enter(&slot->cs_ccid->ccid_mutex);
3494 	list_insert_tail(&slot->cs_minors, cmp);
3495 	mutex_exit(&slot->cs_ccid->ccid_mutex);
3496 
3497 	return (0);
3498 }
3499 
3500 /*
3501  * Copy a command which may have a message block chain out to the user.
3502  */
3503 static int
3504 ccid_read_copyout(struct uio *uiop, const mblk_t *mp)
3505 {
3506 	offset_t off;
3507 
3508 	off = uiop->uio_loffset;
3509 	VERIFY3P(mp->b_next, ==, NULL);
3510 
3511 	for (; mp != NULL; mp = mp->b_cont) {
3512 		int ret;
3513 
3514 		if (MBLKL(mp) == 0)
3515 			continue;
3516 
3517 		ret = uiomove(mp->b_rptr, MBLKL(mp), UIO_READ, uiop);
3518 		if (ret != 0) {
3519 			return (EFAULT);
3520 		}
3521 	}
3522 
3523 	uiop->uio_loffset = off;
3524 	return (0);
3525 }
3526 
3527 /*
3528  * Called to indicate that we are ready for a user to consume the I/O.
3529  */
3530 static void
3531 ccid_user_io_done(ccid_t *ccid, ccid_slot_t *slot)
3532 {
3533 	ccid_minor_t *cmp;
3534 
3535 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
3536 
3537 	slot->cs_io.ci_flags &= ~CCID_IO_F_IN_PROGRESS;
3538 	slot->cs_io.ci_flags |= CCID_IO_F_DONE;
3539 	cmp = slot->cs_excl_minor;
3540 	if (cmp != NULL) {
3541 		ccid_slot_pollin_signal(slot);
3542 		cv_signal(&cmp->cm_read_cv);
3543 	}
3544 }
3545 
3546 /*
3547  * This is called in a few different sitautions. It's called when an exclusive
3548  * hold is being released by a user on the slot. It's also called when the ICC
3549  * is removed, the reader has been unplugged, or the ICC is being reset. In all
3550  * these cases we need to make sure that I/O is taken care of and we won't be
3551  * leaving behind vestigial garbage.
3552  */
3553 static void
3554 ccid_teardown_apdu(ccid_t *ccid, ccid_slot_t *slot, int error)
3555 {
3556 
3557 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
3558 
3559 	/*
3560 	 * If no I/O is in progress, then there's nothing to do at our end.
3561 	 */
3562 	if ((slot->cs_io.ci_flags & CCID_IO_F_IN_PROGRESS) == 0) {
3563 		return;
3564 	}
3565 
3566 	slot->cs_io.ci_errno = error;
3567 	ccid_user_io_done(ccid, slot);
3568 
3569 	/*
3570 	 * There is still I/O going on. We need to mark this on the slot such
3571 	 * that no one can gain ownership of it or issue commands. This will
3572 	 * block hand off of a slot.
3573 	 */
3574 	slot->cs_flags |= CCID_SLOT_F_NEED_IO_TEARDOWN;
3575 }
3576 
3577 /*
3578  * This function is called in response to a CCID command completing.
3579  */
3580 static void
3581 ccid_complete_apdu(ccid_t *ccid, ccid_slot_t *slot, ccid_command_t *cc)
3582 {
3583 	ccid_reply_command_status_t crs;
3584 	ccid_reply_icc_status_t cis;
3585 	ccid_command_err_t cce;
3586 
3587 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
3588 	VERIFY3P(slot->cs_io.ci_command, ==, cc);
3589 
3590 	/*
3591 	 * This completion could be called due to the fact that a user is no
3592 	 * longer present, but we still have outstanding work to do in the
3593 	 * stack. As such, we need to go through and check if the flag was set
3594 	 * on the slot during teardown and if so, clean it up now.
3595 	 */
3596 	if ((slot->cs_flags & CCID_SLOT_F_NEED_IO_TEARDOWN) != 0) {
3597 		ccid_command_free(cc);
3598 		slot->cs_io.ci_command = NULL;
3599 		ccid_slot_io_teardown_done(slot);
3600 		return;
3601 	}
3602 
3603 	/*
3604 	 * Process this command and figure out what we should logically be
3605 	 * returning to the user.
3606 	 */
3607 	if (cc->cc_state != CCID_COMMAND_COMPLETE) {
3608 		slot->cs_io.ci_errno = EIO;
3609 		slot->cs_flags |= CCID_SLOT_F_NEED_TXN_RESET;
3610 		ccid_worker_request(ccid);
3611 		goto consume;
3612 	}
3613 
3614 	ccid_command_status_decode(cc, &crs, &cis, &cce);
3615 	if (crs == CCID_REPLY_STATUS_COMPLETE) {
3616 		mblk_t *mp;
3617 
3618 		mp = cc->cc_response;
3619 		cc->cc_response = NULL;
3620 		mp->b_rptr += sizeof (ccid_header_t);
3621 		slot->cs_io.ci_errno = 0;
3622 		slot->cs_io.ci_data = mp;
3623 	} else if (cis == CCID_REPLY_ICC_MISSING) {
3624 		slot->cs_io.ci_errno = ENXIO;
3625 	} else {
3626 		/*
3627 		 * There are a few more semantic things we can do
3628 		 * with the errors here that we're throwing out and
3629 		 * lumping as EIO. Oh well.
3630 		 */
3631 		slot->cs_io.ci_errno = EIO;
3632 	}
3633 
3634 	/*
3635 	 * Now, we can go ahead and wake up a reader to process this command.
3636 	 */
3637 consume:
3638 	slot->cs_io.ci_command = NULL;
3639 	ccid_command_free(cc);
3640 	ccid_user_io_done(ccid, slot);
3641 }
3642 
3643 /*
3644  * We have the user buffer in the CCID slot. Given that, transform it into
3645  * something that we can send to the device. For APDU's this is simply creating
3646  * a transfer command and copying it into that buffer.
3647  */
3648 static int
3649 ccid_write_apdu(ccid_t *ccid, ccid_slot_t *slot)
3650 {
3651 	int ret;
3652 	ccid_command_t *cc;
3653 
3654 	VERIFY(MUTEX_HELD(&ccid->ccid_mutex));
3655 
3656 	if ((ret = ccid_command_alloc(ccid, slot, B_FALSE, NULL,
3657 	    slot->cs_io.ci_ilen, CCID_REQUEST_TRANSFER_BLOCK, 0, 0, 0,
3658 	    &cc)) != 0) {
3659 		return (ret);
3660 	}
3661 
3662 	cc->cc_flags |= CCID_COMMAND_F_USER;
3663 	ccid_command_bcopy(cc, slot->cs_io.ci_ibuf, slot->cs_io.ci_ilen);
3664 
3665 	slot->cs_io.ci_command = cc;
3666 	mutex_exit(&ccid->ccid_mutex);
3667 
3668 	if ((ret = ccid_command_queue(ccid, cc)) != 0) {
3669 		mutex_enter(&ccid->ccid_mutex);
3670 		slot->cs_io.ci_command = NULL;
3671 		ccid_command_free(cc);
3672 		return (ret);
3673 	}
3674 
3675 	mutex_enter(&ccid->ccid_mutex);
3676 
3677 	return (0);
3678 }
3679 
3680 static int
3681 ccid_read(dev_t dev, struct uio *uiop, cred_t *credp)
3682 {
3683 	int ret;
3684 	ccid_minor_idx_t *idx;
3685 	ccid_minor_t *cmp;
3686 	ccid_slot_t *slot;
3687 	ccid_t *ccid;
3688 	boolean_t done;
3689 
3690 	if (uiop->uio_resid <= 0) {
3691 		return (EINVAL);
3692 	}
3693 
3694 	if ((idx = ccid_minor_find_user(getminor(dev))) == NULL) {
3695 		return (ENOENT);
3696 	}
3697 
3698 	cmp = idx->cmi_data.cmi_user;
3699 	slot = cmp->cm_slot;
3700 	ccid = slot->cs_ccid;
3701 
3702 	mutex_enter(&ccid->ccid_mutex);
3703 	if ((ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
3704 		mutex_exit(&ccid->ccid_mutex);
3705 		return (ENODEV);
3706 	}
3707 
3708 	/*
3709 	 * First, check if we have exclusive access. If not, we're done.
3710 	 */
3711 	if ((cmp->cm_flags & CCID_MINOR_F_HAS_EXCL) == 0) {
3712 		mutex_exit(&ccid->ccid_mutex);
3713 		return (EACCES);
3714 	}
3715 
3716 	/*
3717 	 * While it's tempting to mirror ccid_write() here and check if we have
3718 	 * a tx or rx function, that actually has no relevance on read. The only
3719 	 * thing that matters is whether or not we actually have an I/O.
3720 	 */
3721 
3722 	/*
3723 	 * If there's been no write I/O issued, then this read is not allowed.
3724 	 * While this may seem like a silly constraint, it certainly simplifies
3725 	 * a lot of the surrounding logic and fits with the current consumer
3726 	 * model.
3727 	 */
3728 	if ((slot->cs_io.ci_flags & (CCID_IO_F_IN_PROGRESS | CCID_IO_F_DONE)) ==
3729 	    0) {
3730 		mutex_exit(&ccid->ccid_mutex);
3731 		return (ENODATA);
3732 	}
3733 
3734 	/*
3735 	 * If another thread is already blocked in read, then don't allow us
3736 	 * in. We only want to allow one thread to attempt to consume a read,
3737 	 * just as we only allow one thread to initiate a write.
3738 	 */
3739 	if ((cmp->cm_flags & CCID_MINOR_F_READ_WAITING) != 0) {
3740 		mutex_exit(&ccid->ccid_mutex);
3741 		return (EBUSY);
3742 	}
3743 
3744 	/*
3745 	 * Check if an I/O has completed. Once it has, call the protocol
3746 	 * specific code. Note that the lock may be dropped after polling. In
3747 	 * such a case we will have to logically recheck several conditions.
3748 	 *
3749 	 * Note, we don't really care if the slot is active or not as I/O could
3750 	 * have been in flight while the slot was inactive.
3751 	 */
3752 	while ((slot->cs_io.ci_flags & CCID_IO_F_DONE) == 0) {
3753 		if (uiop->uio_fmode & FNONBLOCK) {
3754 			mutex_exit(&ccid->ccid_mutex);
3755 			return (EWOULDBLOCK);
3756 		}
3757 
3758 		/*
3759 		 * While we perform a cv_wait_sig() we'll end up dropping the
3760 		 * CCID mutex. This means that we need to notify the rest of the
3761 		 * driver that a thread is blocked in read. This is used not
3762 		 * only for excluding multiple threads trying to read from the
3763 		 * device, but more importantly so that we know that if the ICC
3764 		 * or reader are removed, that we need to wake up this thread.
3765 		 */
3766 		cmp->cm_flags |= CCID_MINOR_F_READ_WAITING;
3767 		ret = cv_wait_sig(&cmp->cm_read_cv, &ccid->ccid_mutex);
3768 		cmp->cm_flags &= ~CCID_MINOR_F_READ_WAITING;
3769 		cv_signal(&cmp->cm_iowait_cv);
3770 
3771 		if (ret == 0) {
3772 			mutex_exit(&ccid->ccid_mutex);
3773 			return (EINTR);
3774 		}
3775 
3776 		/*
3777 		 * Check if the reader has been removed. We do not need to check
3778 		 * for other conditions, as we'll end up being told that the I/O
3779 		 * is done and that the error has been set.
3780 		 */
3781 		if ((ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
3782 			mutex_exit(&ccid->ccid_mutex);
3783 			return (ENODEV);
3784 		}
3785 	}
3786 
3787 	/*
3788 	 * We'll either have an error or data available for the user at this
3789 	 * point that we can copy out. We need to make sure that it's not too
3790 	 * large. The data should have already been adjusted such that we only
3791 	 * have data payloads.
3792 	 */
3793 	done = B_FALSE;
3794 	if (slot->cs_io.ci_errno == 0) {
3795 		size_t mlen;
3796 
3797 		mlen = msgsize(slot->cs_io.ci_data);
3798 		if (mlen > uiop->uio_resid) {
3799 			ret = EOVERFLOW;
3800 		} else {
3801 			ret = ccid_read_copyout(uiop, slot->cs_io.ci_data);
3802 			if (ret == 0) {
3803 				done = B_TRUE;
3804 			}
3805 		}
3806 	} else {
3807 		ret = slot->cs_io.ci_errno;
3808 		done = B_TRUE;
3809 	}
3810 
3811 	if (done) {
3812 		ccid_clear_io(&slot->cs_io);
3813 		ccid_slot_pollout_signal(slot);
3814 	}
3815 
3816 	mutex_exit(&ccid->ccid_mutex);
3817 
3818 	return (ret);
3819 }
3820 
3821 static int
3822 ccid_write(dev_t dev, struct uio *uiop, cred_t *credp)
3823 {
3824 	int ret;
3825 	ccid_minor_idx_t *idx;
3826 	ccid_minor_t *cmp;
3827 	ccid_slot_t *slot;
3828 	ccid_t *ccid;
3829 	size_t len, cbytes;
3830 
3831 	if (uiop->uio_resid > CCID_APDU_LEN_MAX) {
3832 		return (E2BIG);
3833 	}
3834 
3835 	if (uiop->uio_resid <= 0) {
3836 		return (EINVAL);
3837 	}
3838 
3839 	len = uiop->uio_resid;
3840 	idx = ccid_minor_find_user(getminor(dev));
3841 	if (idx == NULL) {
3842 		return (ENOENT);
3843 	}
3844 
3845 	cmp = idx->cmi_data.cmi_user;
3846 	slot = cmp->cm_slot;
3847 	ccid = slot->cs_ccid;
3848 
3849 	/*
3850 	 * Now that we have the slot, verify whether or not we can perform this
3851 	 * I/O.
3852 	 */
3853 	mutex_enter(&ccid->ccid_mutex);
3854 	if ((ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
3855 		mutex_exit(&ccid->ccid_mutex);
3856 		return (ENODEV);
3857 	}
3858 
3859 	/*
3860 	 * Check that we are open for writing, have exclusive access, and
3861 	 * there's a card present. If not, error out.
3862 	 */
3863 	if ((cmp->cm_flags & (CCID_MINOR_F_WRITABLE | CCID_MINOR_F_HAS_EXCL)) !=
3864 	    (CCID_MINOR_F_WRITABLE | CCID_MINOR_F_HAS_EXCL)) {
3865 		mutex_exit(&ccid->ccid_mutex);
3866 		return (EACCES);
3867 	}
3868 
3869 	if ((slot->cs_flags & CCID_SLOT_F_ACTIVE) == 0) {
3870 		mutex_exit(&ccid->ccid_mutex);
3871 		return (ENXIO);
3872 	}
3873 
3874 	/*
3875 	 * Make sure that we have a supported transmit function.
3876 	 */
3877 	if (slot->cs_icc.icc_tx == NULL) {
3878 		mutex_exit(&ccid->ccid_mutex);
3879 		return (ENOTSUP);
3880 	}
3881 
3882 	/*
3883 	 * See if another command is in progress. If so, try to claim it.
3884 	 * Otherwise, fail with EBUSY. Note, we only fail for commands that are
3885 	 * user initiated. There may be other commands that are ongoing in the
3886 	 * system.
3887 	 */
3888 	if ((slot->cs_io.ci_flags & CCID_IO_F_POLLOUT_FLAGS) != 0) {
3889 		mutex_exit(&ccid->ccid_mutex);
3890 		return (EBUSY);
3891 	}
3892 
3893 	/*
3894 	 * Use uiocopy and not uiomove. This way if we fail for whatever reason,
3895 	 * we don't have to worry about restoring the original buffer.
3896 	 */
3897 	if (uiocopy(slot->cs_io.ci_ibuf, len, UIO_WRITE, uiop, &cbytes) != 0) {
3898 		mutex_exit(&ccid->ccid_mutex);
3899 		return (EFAULT);
3900 	}
3901 
3902 	slot->cs_io.ci_ilen = len;
3903 	slot->cs_io.ci_flags |= CCID_IO_F_PREPARING;
3904 	slot->cs_io.ci_omp = NULL;
3905 
3906 	/*
3907 	 * Now that we're here, go ahead and call the actual tx function.
3908 	 */
3909 	if ((ret = slot->cs_icc.icc_tx(ccid, slot)) != 0) {
3910 		/*
3911 		 * The command wasn't actually transmitted. In this case we need
3912 		 * to reset the copied in data and signal anyone who is polling
3913 		 * that this is writeable again. We don't have to worry about
3914 		 * readers at this point, as they won't get in unless
3915 		 * CCID_IO_F_IN_PROGRESS has been set.
3916 		 */
3917 		slot->cs_io.ci_ilen = 0;
3918 		bzero(slot->cs_io.ci_ibuf, sizeof (slot->cs_io.ci_ibuf));
3919 		slot->cs_io.ci_flags &= ~CCID_IO_F_PREPARING;
3920 
3921 		ccid_slot_pollout_signal(slot);
3922 	} else {
3923 		slot->cs_io.ci_flags &= ~CCID_IO_F_PREPARING;
3924 		slot->cs_io.ci_flags |= CCID_IO_F_IN_PROGRESS;
3925 		uiop->uio_resid -= cbytes;
3926 	}
3927 	/*
3928 	 * Notify a waiter that we've moved on.
3929 	 */
3930 	cv_signal(&slot->cs_excl_minor->cm_iowait_cv);
3931 	mutex_exit(&ccid->ccid_mutex);
3932 
3933 	return (ret);
3934 }
3935 
3936 static int
3937 ccid_ioctl_status(ccid_slot_t *slot, intptr_t arg, int mode)
3938 {
3939 	uccid_cmd_status_t ucs;
3940 	ccid_t *ccid = slot->cs_ccid;
3941 
3942 	if (ddi_copyin((void *)arg, &ucs, sizeof (ucs), mode & FKIOCTL) != 0)
3943 		return (EFAULT);
3944 
3945 	if (ucs.ucs_version != UCCID_VERSION_ONE)
3946 		return (EINVAL);
3947 
3948 	ucs.ucs_status = 0;
3949 	ucs.ucs_instance = ddi_get_instance(slot->cs_ccid->ccid_dip);
3950 	ucs.ucs_slot = slot->cs_slotno;
3951 
3952 	mutex_enter(&slot->cs_ccid->ccid_mutex);
3953 	if ((slot->cs_ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
3954 		mutex_exit(&slot->cs_ccid->ccid_mutex);
3955 		return (ENODEV);
3956 	}
3957 
3958 	if ((slot->cs_flags & CCID_SLOT_F_PRESENT) != 0)
3959 		ucs.ucs_status |= UCCID_STATUS_F_CARD_PRESENT;
3960 	if ((slot->cs_flags & CCID_SLOT_F_ACTIVE) != 0)
3961 		ucs.ucs_status |= UCCID_STATUS_F_CARD_ACTIVE;
3962 
3963 	if (slot->cs_atr != NULL) {
3964 		ucs.ucs_atrlen = MIN(UCCID_ATR_MAX, MBLKL(slot->cs_atr));
3965 		bcopy(slot->cs_atr->b_rptr, ucs.ucs_atr, ucs.ucs_atrlen);
3966 	} else {
3967 		bzero(ucs.ucs_atr, sizeof (ucs.ucs_atr));
3968 		ucs.ucs_atrlen = 0;
3969 	}
3970 
3971 	bcopy(&ccid->ccid_class, &ucs.ucs_class, sizeof (ucs.ucs_class));
3972 
3973 	if (ccid->ccid_dev_data->dev_product != NULL) {
3974 		(void) strlcpy(ucs.ucs_product,
3975 		    ccid->ccid_dev_data->dev_product, sizeof (ucs.ucs_product));
3976 		ucs.ucs_status |= UCCID_STATUS_F_PRODUCT_VALID;
3977 	} else {
3978 		ucs.ucs_product[0] = '\0';
3979 	}
3980 
3981 	if (ccid->ccid_dev_data->dev_serial != NULL) {
3982 		(void) strlcpy(ucs.ucs_serial, ccid->ccid_dev_data->dev_serial,
3983 		    sizeof (ucs.ucs_serial));
3984 		ucs.ucs_status |= UCCID_STATUS_F_SERIAL_VALID;
3985 	} else {
3986 		ucs.ucs_serial[0] = '\0';
3987 	}
3988 	mutex_exit(&slot->cs_ccid->ccid_mutex);
3989 
3990 	if ((slot->cs_flags & CCID_SLOT_F_ACTIVE) != 0) {
3991 		ucs.ucs_status |= UCCID_STATUS_F_PARAMS_VALID;
3992 		ucs.ucs_prot = (uccid_prot_t)slot->cs_icc.icc_cur_protocol;
3993 		ucs.ucs_params = slot->cs_icc.icc_params;
3994 	}
3995 
3996 	if (ddi_copyout(&ucs, (void *)arg, sizeof (ucs), mode & FKIOCTL) != 0)
3997 		return (EFAULT);
3998 
3999 	return (0);
4000 }
4001 
4002 static int
4003 ccid_ioctl_txn_begin(ccid_slot_t *slot, ccid_minor_t *cmp, intptr_t arg,
4004     int mode)
4005 {
4006 	int ret;
4007 	uccid_cmd_txn_begin_t uct;
4008 	boolean_t nowait;
4009 
4010 	if (ddi_copyin((void *)arg, &uct, sizeof (uct), mode & FKIOCTL) != 0)
4011 		return (EFAULT);
4012 
4013 	if (uct.uct_version != UCCID_VERSION_ONE)
4014 		return (EINVAL);
4015 
4016 	if ((uct.uct_flags & ~UCCID_TXN_DONT_BLOCK) != 0)
4017 		return (EINVAL);
4018 	nowait = (uct.uct_flags & UCCID_TXN_DONT_BLOCK) != 0;
4019 
4020 	mutex_enter(&slot->cs_ccid->ccid_mutex);
4021 	if ((slot->cs_ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
4022 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4023 		return (ENODEV);
4024 	}
4025 
4026 	if ((cmp->cm_flags & CCID_MINOR_F_WRITABLE) == 0) {
4027 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4028 		return (EBADF);
4029 	}
4030 
4031 	ret = ccid_slot_excl_req(slot, cmp, nowait);
4032 	mutex_exit(&slot->cs_ccid->ccid_mutex);
4033 
4034 	return (ret);
4035 }
4036 
4037 static int
4038 ccid_ioctl_txn_end(ccid_slot_t *slot, ccid_minor_t *cmp, intptr_t arg, int mode)
4039 {
4040 	uccid_cmd_txn_end_t uct;
4041 
4042 	if (ddi_copyin((void *)arg, &uct, sizeof (uct), mode & FKIOCTL) != 0) {
4043 		return (EFAULT);
4044 	}
4045 
4046 	if (uct.uct_version != UCCID_VERSION_ONE) {
4047 		return (EINVAL);
4048 	}
4049 
4050 	mutex_enter(&slot->cs_ccid->ccid_mutex);
4051 	if ((slot->cs_ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
4052 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4053 		return (ENODEV);
4054 	}
4055 
4056 	if (slot->cs_excl_minor != cmp) {
4057 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4058 		return (EINVAL);
4059 	}
4060 	VERIFY3S(cmp->cm_flags & CCID_MINOR_F_HAS_EXCL, !=, 0);
4061 
4062 	/*
4063 	 * Require exactly one of the flags to be set.
4064 	 */
4065 	switch (uct.uct_flags) {
4066 	case UCCID_TXN_END_RESET:
4067 		cmp->cm_flags |= CCID_MINOR_F_TXN_RESET;
4068 
4069 	case UCCID_TXN_END_RELEASE:
4070 		break;
4071 
4072 	default:
4073 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4074 		return (EINVAL);
4075 	}
4076 
4077 	ccid_slot_excl_rele(slot);
4078 	mutex_exit(&slot->cs_ccid->ccid_mutex);
4079 
4080 	return (0);
4081 }
4082 
4083 static int
4084 ccid_ioctl_fionread(ccid_slot_t *slot, ccid_minor_t *cmp, intptr_t arg,
4085     int mode)
4086 {
4087 	int data;
4088 
4089 	mutex_enter(&slot->cs_ccid->ccid_mutex);
4090 	if ((slot->cs_ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
4091 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4092 		return (ENODEV);
4093 	}
4094 
4095 	if ((cmp->cm_flags & CCID_MINOR_F_HAS_EXCL) == 0) {
4096 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4097 		return (EACCES);
4098 	}
4099 
4100 	if ((cmp->cm_flags & CCID_MINOR_F_WRITABLE) == 0) {
4101 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4102 		return (EBADF);
4103 	}
4104 
4105 	if ((slot->cs_io.ci_flags & CCID_IO_F_DONE) != 0) {
4106 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4107 		return (ENODATA);
4108 	}
4109 
4110 	/*
4111 	 * If there's an error, claim that there's at least one byte to read
4112 	 * even if it means we'll get the error and consume it. FIONREAD only
4113 	 * allows up to an int of data. Realistically because we don't allow
4114 	 * extended APDUs, the amount of data here should be always less than
4115 	 * INT_MAX.
4116 	 */
4117 	if (slot->cs_io.ci_errno != 0) {
4118 		data = 1;
4119 	} else {
4120 		size_t s = msgsize(slot->cs_io.ci_data);
4121 		data = MIN(s, INT_MAX);
4122 	}
4123 
4124 	if (ddi_copyout(&data, (void *)arg, sizeof (data), mode & FKIOCTL) !=
4125 	    0) {
4126 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4127 		return (EFAULT);
4128 	}
4129 
4130 	mutex_exit(&slot->cs_ccid->ccid_mutex);
4131 	return (0);
4132 }
4133 
4134 static int
4135 ccid_ioctl_icc_modify(ccid_slot_t *slot, ccid_minor_t *cmp, intptr_t arg,
4136     int mode)
4137 {
4138 	int ret = 0;
4139 	uccid_cmd_icc_modify_t uci;
4140 	ccid_t *ccid;
4141 
4142 	if (ddi_copyin((void *)arg, &uci, sizeof (uci), mode & FKIOCTL) != 0) {
4143 		return (EFAULT);
4144 	}
4145 
4146 	if (uci.uci_version != UCCID_VERSION_ONE) {
4147 		return (EINVAL);
4148 	}
4149 
4150 	switch (uci.uci_action) {
4151 	case UCCID_ICC_POWER_ON:
4152 	case UCCID_ICC_POWER_OFF:
4153 	case UCCID_ICC_WARM_RESET:
4154 		break;
4155 	default:
4156 		return (EINVAL);
4157 	}
4158 
4159 	ccid = slot->cs_ccid;
4160 	mutex_enter(&ccid->ccid_mutex);
4161 	if ((slot->cs_ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
4162 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4163 		return (ENODEV);
4164 	}
4165 
4166 	if ((cmp->cm_flags & CCID_MINOR_F_WRITABLE) == 0) {
4167 		mutex_exit(&slot->cs_ccid->ccid_mutex);
4168 		return (EBADF);
4169 	}
4170 
4171 	switch (uci.uci_action) {
4172 	case UCCID_ICC_WARM_RESET:
4173 		ret = ccid_slot_warm_reset(ccid, slot);
4174 		break;
4175 
4176 	case UCCID_ICC_POWER_OFF:
4177 		ret = ccid_slot_power_off(ccid, slot);
4178 		break;
4179 
4180 	case UCCID_ICC_POWER_ON:
4181 		ret = ccid_slot_inserted(ccid, slot);
4182 		break;
4183 	}
4184 
4185 	mutex_exit(&ccid->ccid_mutex);
4186 
4187 	return (ret);
4188 }
4189 
4190 static int
4191 ccid_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *credp,
4192     int *rvalp)
4193 {
4194 	ccid_minor_idx_t *idx;
4195 	ccid_slot_t *slot;
4196 	ccid_minor_t *cmp;
4197 
4198 	idx = ccid_minor_find_user(getminor(dev));
4199 	if (idx == NULL) {
4200 		return (ENOENT);
4201 	}
4202 
4203 	cmp = idx->cmi_data.cmi_user;
4204 	slot = cmp->cm_slot;
4205 
4206 	switch (cmd) {
4207 	case UCCID_CMD_TXN_BEGIN:
4208 		return (ccid_ioctl_txn_begin(slot, cmp, arg, mode));
4209 	case UCCID_CMD_TXN_END:
4210 		return (ccid_ioctl_txn_end(slot, cmp, arg, mode));
4211 	case UCCID_CMD_STATUS:
4212 		return (ccid_ioctl_status(slot, arg, mode));
4213 	case FIONREAD:
4214 		return (ccid_ioctl_fionread(slot, cmp, arg, mode));
4215 	case UCCID_CMD_ICC_MODIFY:
4216 		return (ccid_ioctl_icc_modify(slot, cmp, arg, mode));
4217 	default:
4218 		break;
4219 	}
4220 
4221 	return (ENOTTY);
4222 }
4223 
4224 static int
4225 ccid_chpoll(dev_t dev, short events, int anyyet, short *reventsp,
4226     struct pollhead **phpp)
4227 {
4228 	short ready = 0;
4229 	ccid_minor_idx_t *idx;
4230 	ccid_minor_t *cmp;
4231 	ccid_slot_t *slot;
4232 	ccid_t *ccid;
4233 
4234 	idx = ccid_minor_find_user(getminor(dev));
4235 	if (idx == NULL) {
4236 		return (ENOENT);
4237 	}
4238 
4239 	cmp = idx->cmi_data.cmi_user;
4240 	slot = cmp->cm_slot;
4241 	ccid = slot->cs_ccid;
4242 
4243 	mutex_enter(&ccid->ccid_mutex);
4244 	if ((ccid->ccid_flags & CCID_F_DISCONNECTED) != 0) {
4245 		mutex_exit(&ccid->ccid_mutex);
4246 		return (ENODEV);
4247 	}
4248 
4249 	if (!(cmp->cm_flags & CCID_MINOR_F_HAS_EXCL) != 0) {
4250 		mutex_exit(&ccid->ccid_mutex);
4251 		return (EACCES);
4252 	}
4253 
4254 	/*
4255 	 * If the CCID_IO_F_DONE flag is set, then we're always
4256 	 * readable. However, flags are insufficient to be writeable.
4257 	 */
4258 	if ((slot->cs_io.ci_flags & CCID_IO_F_DONE) != 0) {
4259 		ready |= POLLIN | POLLRDNORM;
4260 	} else if ((slot->cs_flags & CCID_SLOT_F_ACTIVE) != 0 &&
4261 	    (slot->cs_io.ci_flags & CCID_IO_F_POLLOUT_FLAGS) == 0 &&
4262 	    slot->cs_icc.icc_tx != NULL) {
4263 		ready |= POLLOUT;
4264 	}
4265 
4266 	if ((slot->cs_flags & CCID_SLOT_F_PRESENT) == 0) {
4267 		ready |= POLLHUP;
4268 	}
4269 
4270 	*reventsp = ready & events;
4271 	if ((*reventsp == 0 && !anyyet) || (events & POLLET)) {
4272 		*phpp = &cmp->cm_pollhead;
4273 	}
4274 
4275 	mutex_exit(&ccid->ccid_mutex);
4276 
4277 	return (0);
4278 }
4279 
4280 static int
4281 ccid_close(dev_t dev, int flag, int otyp, cred_t *credp)
4282 {
4283 	ccid_minor_idx_t *idx;
4284 	ccid_minor_t *cmp;
4285 	ccid_slot_t *slot;
4286 
4287 	idx = ccid_minor_find_user(getminor(dev));
4288 	if (idx == NULL) {
4289 		return (ENOENT);
4290 	}
4291 
4292 	/*
4293 	 * First tear down the global index entry.
4294 	 */
4295 	cmp = idx->cmi_data.cmi_user;
4296 	slot = cmp->cm_slot;
4297 	ccid_minor_idx_free(idx);
4298 
4299 	/*
4300 	 * If the minor node was closed without an explicit transaction end,
4301 	 * then we need to assume that the reader's ICC is in an arbitrary
4302 	 * state. For example, the ICC could have a specific PIV applet
4303 	 * selected. In such a case, the only safe thing to do is to force a
4304 	 * reset.
4305 	 */
4306 	mutex_enter(&slot->cs_ccid->ccid_mutex);
4307 	if ((cmp->cm_flags & CCID_MINOR_F_HAS_EXCL) != 0) {
4308 		cmp->cm_flags |= CCID_MINOR_F_TXN_RESET;
4309 		ccid_slot_excl_rele(slot);
4310 	}
4311 
4312 	list_remove(&slot->cs_minors, cmp);
4313 	mutex_exit(&slot->cs_ccid->ccid_mutex);
4314 
4315 	pollhead_clean(&cmp->cm_pollhead);
4316 	ccid_minor_free(cmp);
4317 
4318 	return (0);
4319 }
4320 
4321 static struct cb_ops ccid_cb_ops = {
4322 	ccid_open,		/* cb_open */
4323 	ccid_close,		/* cb_close */
4324 	nodev,			/* cb_strategy */
4325 	nodev,			/* cb_print */
4326 	nodev,			/* cb_dump */
4327 	ccid_read,		/* cb_read */
4328 	ccid_write,		/* cb_write */
4329 	ccid_ioctl,		/* cb_ioctl */
4330 	nodev,			/* cb_devmap */
4331 	nodev,			/* cb_mmap */
4332 	nodev,			/* cb_segmap */
4333 	ccid_chpoll,		/* cb_chpoll */
4334 	ddi_prop_op,		/* cb_prop_op */
4335 	NULL,			/* cb_stream */
4336 	D_MP,			/* cb_flag */
4337 	CB_REV,			/* cb_rev */
4338 	nodev,			/* cb_aread */
4339 	nodev			/* cb_awrite */
4340 };
4341 
4342 static struct dev_ops ccid_dev_ops = {
4343 	DEVO_REV,		/* devo_rev */
4344 	0,			/* devo_refcnt */
4345 	ccid_getinfo,		/* devo_getinfo */
4346 	nulldev,		/* devo_identify */
4347 	nulldev,		/* devo_probe */
4348 	ccid_attach,		/* devo_attach */
4349 	ccid_detach,		/* devo_detach */
4350 	nodev,			/* devo_reset */
4351 	&ccid_cb_ops,		/* devo_cb_ops */
4352 	NULL,			/* devo_bus_ops */
4353 	NULL,			/* devo_power */
4354 	ddi_quiesce_not_supported /* devo_quiesce */
4355 };
4356 
4357 static struct modldrv ccid_modldrv = {
4358 	&mod_driverops,
4359 	"USB CCID",
4360 	&ccid_dev_ops
4361 };
4362 
4363 static struct modlinkage ccid_modlinkage = {
4364 	MODREV_1,
4365 	{ &ccid_modldrv, NULL }
4366 };
4367 
4368 int
4369 _init(void)
4370 {
4371 	int ret;
4372 
4373 	if ((ret = ddi_soft_state_init(&ccid_softstate, sizeof (ccid_t),
4374 	    0)) != 0) {
4375 		return (ret);
4376 	}
4377 
4378 	if ((ccid_minors = id_space_create("ccid_minors", CCID_MINOR_MIN,
4379 	    INT_MAX)) == NULL) {
4380 		ddi_soft_state_fini(&ccid_softstate);
4381 		return (ret);
4382 	}
4383 
4384 	if ((ret = mod_install(&ccid_modlinkage)) != 0) {
4385 		id_space_destroy(ccid_minors);
4386 		ccid_minors = NULL;
4387 		ddi_soft_state_fini(&ccid_softstate);
4388 		return (ret);
4389 	}
4390 
4391 	mutex_init(&ccid_idxlock, NULL, MUTEX_DRIVER, NULL);
4392 	avl_create(&ccid_idx, ccid_idx_comparator, sizeof (ccid_minor_idx_t),
4393 	    offsetof(ccid_minor_idx_t, cmi_avl));
4394 
4395 	return (ret);
4396 }
4397 
4398 int
4399 _info(struct modinfo *modinfop)
4400 {
4401 	return (mod_info(&ccid_modlinkage, modinfop));
4402 }
4403 
4404 int
4405 _fini(void)
4406 {
4407 	int ret;
4408 
4409 	if ((ret = mod_remove(&ccid_modlinkage)) != 0) {
4410 		return (ret);
4411 	}
4412 
4413 	avl_destroy(&ccid_idx);
4414 	mutex_destroy(&ccid_idxlock);
4415 	id_space_destroy(ccid_minors);
4416 	ccid_minors = NULL;
4417 	ddi_soft_state_fini(&ccid_softstate);
4418 
4419 	return (ret);
4420 }
4421