xref: /linux/drivers/usb/class/cdc-wdm.c (revision 6fdcba32711044c35c0e1b094cbd8f3f0b4472c9)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * cdc-wdm.c
4  *
5  * This driver supports USB CDC WCM Device Management.
6  *
7  * Copyright (c) 2007-2009 Oliver Neukum
8  *
9  * Some code taken from cdc-acm.c
10  *
11  * Released under the GPLv2.
12  *
13  * Many thanks to Carl Nordbeck
14  */
15 #include <linux/kernel.h>
16 #include <linux/errno.h>
17 #include <linux/ioctl.h>
18 #include <linux/slab.h>
19 #include <linux/module.h>
20 #include <linux/mutex.h>
21 #include <linux/uaccess.h>
22 #include <linux/bitops.h>
23 #include <linux/poll.h>
24 #include <linux/usb.h>
25 #include <linux/usb/cdc.h>
26 #include <asm/byteorder.h>
27 #include <asm/unaligned.h>
28 #include <linux/usb/cdc-wdm.h>
29 
30 #define DRIVER_AUTHOR "Oliver Neukum"
31 #define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
32 
33 static const struct usb_device_id wdm_ids[] = {
34 	{
35 		.match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
36 				 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
37 		.bInterfaceClass = USB_CLASS_COMM,
38 		.bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
39 	},
40 	{ }
41 };
42 
43 MODULE_DEVICE_TABLE (usb, wdm_ids);
44 
45 #define WDM_MINOR_BASE	176
46 
47 
48 #define WDM_IN_USE		1
49 #define WDM_DISCONNECTING	2
50 #define WDM_RESULT		3
51 #define WDM_READ		4
52 #define WDM_INT_STALL		5
53 #define WDM_POLL_RUNNING	6
54 #define WDM_RESPONDING		7
55 #define WDM_SUSPENDING		8
56 #define WDM_RESETTING		9
57 #define WDM_OVERFLOW		10
58 
59 #define WDM_MAX			16
60 
61 /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
62 #define WDM_DEFAULT_BUFSIZE	256
63 
64 static DEFINE_MUTEX(wdm_mutex);
65 static DEFINE_SPINLOCK(wdm_device_list_lock);
66 static LIST_HEAD(wdm_device_list);
67 
68 /* --- method tables --- */
69 
70 struct wdm_device {
71 	u8			*inbuf; /* buffer for response */
72 	u8			*outbuf; /* buffer for command */
73 	u8			*sbuf; /* buffer for status */
74 	u8			*ubuf; /* buffer for copy to user space */
75 
76 	struct urb		*command;
77 	struct urb		*response;
78 	struct urb		*validity;
79 	struct usb_interface	*intf;
80 	struct usb_ctrlrequest	*orq;
81 	struct usb_ctrlrequest	*irq;
82 	spinlock_t		iuspin;
83 
84 	unsigned long		flags;
85 	u16			bufsize;
86 	u16			wMaxCommand;
87 	u16			wMaxPacketSize;
88 	__le16			inum;
89 	int			reslength;
90 	int			length;
91 	int			read;
92 	int			count;
93 	dma_addr_t		shandle;
94 	dma_addr_t		ihandle;
95 	struct mutex		wlock;
96 	struct mutex		rlock;
97 	wait_queue_head_t	wait;
98 	struct work_struct	rxwork;
99 	struct work_struct	service_outs_intr;
100 	int			werr;
101 	int			rerr;
102 	int                     resp_count;
103 
104 	struct list_head	device_list;
105 	int			(*manage_power)(struct usb_interface *, int);
106 };
107 
108 static struct usb_driver wdm_driver;
109 
110 /* return intfdata if we own the interface, else look up intf in the list */
111 static struct wdm_device *wdm_find_device(struct usb_interface *intf)
112 {
113 	struct wdm_device *desc;
114 
115 	spin_lock(&wdm_device_list_lock);
116 	list_for_each_entry(desc, &wdm_device_list, device_list)
117 		if (desc->intf == intf)
118 			goto found;
119 	desc = NULL;
120 found:
121 	spin_unlock(&wdm_device_list_lock);
122 
123 	return desc;
124 }
125 
126 static struct wdm_device *wdm_find_device_by_minor(int minor)
127 {
128 	struct wdm_device *desc;
129 
130 	spin_lock(&wdm_device_list_lock);
131 	list_for_each_entry(desc, &wdm_device_list, device_list)
132 		if (desc->intf->minor == minor)
133 			goto found;
134 	desc = NULL;
135 found:
136 	spin_unlock(&wdm_device_list_lock);
137 
138 	return desc;
139 }
140 
141 /* --- callbacks --- */
142 static void wdm_out_callback(struct urb *urb)
143 {
144 	struct wdm_device *desc;
145 	unsigned long flags;
146 
147 	desc = urb->context;
148 	spin_lock_irqsave(&desc->iuspin, flags);
149 	desc->werr = urb->status;
150 	spin_unlock_irqrestore(&desc->iuspin, flags);
151 	kfree(desc->outbuf);
152 	desc->outbuf = NULL;
153 	clear_bit(WDM_IN_USE, &desc->flags);
154 	wake_up(&desc->wait);
155 }
156 
157 static void wdm_in_callback(struct urb *urb)
158 {
159 	unsigned long flags;
160 	struct wdm_device *desc = urb->context;
161 	int status = urb->status;
162 	int length = urb->actual_length;
163 
164 	spin_lock_irqsave(&desc->iuspin, flags);
165 	clear_bit(WDM_RESPONDING, &desc->flags);
166 
167 	if (status) {
168 		switch (status) {
169 		case -ENOENT:
170 			dev_dbg(&desc->intf->dev,
171 				"nonzero urb status received: -ENOENT\n");
172 			goto skip_error;
173 		case -ECONNRESET:
174 			dev_dbg(&desc->intf->dev,
175 				"nonzero urb status received: -ECONNRESET\n");
176 			goto skip_error;
177 		case -ESHUTDOWN:
178 			dev_dbg(&desc->intf->dev,
179 				"nonzero urb status received: -ESHUTDOWN\n");
180 			goto skip_error;
181 		case -EPIPE:
182 			dev_err(&desc->intf->dev,
183 				"nonzero urb status received: -EPIPE\n");
184 			break;
185 		default:
186 			dev_err(&desc->intf->dev,
187 				"Unexpected error %d\n", status);
188 			break;
189 		}
190 	}
191 
192 	/*
193 	 * only set a new error if there is no previous error.
194 	 * Errors are only cleared during read/open
195 	 * Avoid propagating -EPIPE (stall) to userspace since it is
196 	 * better handled as an empty read
197 	 */
198 	if (desc->rerr == 0 && status != -EPIPE)
199 		desc->rerr = status;
200 
201 	if (length + desc->length > desc->wMaxCommand) {
202 		/* The buffer would overflow */
203 		set_bit(WDM_OVERFLOW, &desc->flags);
204 	} else {
205 		/* we may already be in overflow */
206 		if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
207 			memmove(desc->ubuf + desc->length, desc->inbuf, length);
208 			desc->length += length;
209 			desc->reslength = length;
210 		}
211 	}
212 skip_error:
213 
214 	if (desc->rerr) {
215 		/*
216 		 * Since there was an error, userspace may decide to not read
217 		 * any data after poll'ing.
218 		 * We should respond to further attempts from the device to send
219 		 * data, so that we can get unstuck.
220 		 */
221 		schedule_work(&desc->service_outs_intr);
222 	} else {
223 		set_bit(WDM_READ, &desc->flags);
224 		wake_up(&desc->wait);
225 	}
226 	spin_unlock_irqrestore(&desc->iuspin, flags);
227 }
228 
229 static void wdm_int_callback(struct urb *urb)
230 {
231 	unsigned long flags;
232 	int rv = 0;
233 	int responding;
234 	int status = urb->status;
235 	struct wdm_device *desc;
236 	struct usb_cdc_notification *dr;
237 
238 	desc = urb->context;
239 	dr = (struct usb_cdc_notification *)desc->sbuf;
240 
241 	if (status) {
242 		switch (status) {
243 		case -ESHUTDOWN:
244 		case -ENOENT:
245 		case -ECONNRESET:
246 			return; /* unplug */
247 		case -EPIPE:
248 			set_bit(WDM_INT_STALL, &desc->flags);
249 			dev_err(&desc->intf->dev, "Stall on int endpoint\n");
250 			goto sw; /* halt is cleared in work */
251 		default:
252 			dev_err(&desc->intf->dev,
253 				"nonzero urb status received: %d\n", status);
254 			break;
255 		}
256 	}
257 
258 	if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
259 		dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
260 			urb->actual_length);
261 		goto exit;
262 	}
263 
264 	switch (dr->bNotificationType) {
265 	case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
266 		dev_dbg(&desc->intf->dev,
267 			"NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n",
268 			le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
269 		break;
270 
271 	case USB_CDC_NOTIFY_NETWORK_CONNECTION:
272 
273 		dev_dbg(&desc->intf->dev,
274 			"NOTIFY_NETWORK_CONNECTION %s network\n",
275 			dr->wValue ? "connected to" : "disconnected from");
276 		goto exit;
277 	case USB_CDC_NOTIFY_SPEED_CHANGE:
278 		dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n",
279 			urb->actual_length);
280 		goto exit;
281 	default:
282 		clear_bit(WDM_POLL_RUNNING, &desc->flags);
283 		dev_err(&desc->intf->dev,
284 			"unknown notification %d received: index %d len %d\n",
285 			dr->bNotificationType,
286 			le16_to_cpu(dr->wIndex),
287 			le16_to_cpu(dr->wLength));
288 		goto exit;
289 	}
290 
291 	spin_lock_irqsave(&desc->iuspin, flags);
292 	responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
293 	if (!desc->resp_count++ && !responding
294 		&& !test_bit(WDM_DISCONNECTING, &desc->flags)
295 		&& !test_bit(WDM_SUSPENDING, &desc->flags)) {
296 		rv = usb_submit_urb(desc->response, GFP_ATOMIC);
297 		dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv);
298 	}
299 	spin_unlock_irqrestore(&desc->iuspin, flags);
300 	if (rv < 0) {
301 		clear_bit(WDM_RESPONDING, &desc->flags);
302 		if (rv == -EPERM)
303 			return;
304 		if (rv == -ENOMEM) {
305 sw:
306 			rv = schedule_work(&desc->rxwork);
307 			if (rv)
308 				dev_err(&desc->intf->dev,
309 					"Cannot schedule work\n");
310 		}
311 	}
312 exit:
313 	rv = usb_submit_urb(urb, GFP_ATOMIC);
314 	if (rv)
315 		dev_err(&desc->intf->dev,
316 			"%s - usb_submit_urb failed with result %d\n",
317 			__func__, rv);
318 
319 }
320 
321 static void kill_urbs(struct wdm_device *desc)
322 {
323 	/* the order here is essential */
324 	usb_kill_urb(desc->command);
325 	usb_kill_urb(desc->validity);
326 	usb_kill_urb(desc->response);
327 }
328 
329 static void free_urbs(struct wdm_device *desc)
330 {
331 	usb_free_urb(desc->validity);
332 	usb_free_urb(desc->response);
333 	usb_free_urb(desc->command);
334 }
335 
336 static void cleanup(struct wdm_device *desc)
337 {
338 	kfree(desc->sbuf);
339 	kfree(desc->inbuf);
340 	kfree(desc->orq);
341 	kfree(desc->irq);
342 	kfree(desc->ubuf);
343 	free_urbs(desc);
344 	kfree(desc);
345 }
346 
347 static ssize_t wdm_write
348 (struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
349 {
350 	u8 *buf;
351 	int rv = -EMSGSIZE, r, we;
352 	struct wdm_device *desc = file->private_data;
353 	struct usb_ctrlrequest *req;
354 
355 	if (count > desc->wMaxCommand)
356 		count = desc->wMaxCommand;
357 
358 	spin_lock_irq(&desc->iuspin);
359 	we = desc->werr;
360 	desc->werr = 0;
361 	spin_unlock_irq(&desc->iuspin);
362 	if (we < 0)
363 		return usb_translate_errors(we);
364 
365 	buf = memdup_user(buffer, count);
366 	if (IS_ERR(buf))
367 		return PTR_ERR(buf);
368 
369 	/* concurrent writes and disconnect */
370 	r = mutex_lock_interruptible(&desc->wlock);
371 	rv = -ERESTARTSYS;
372 	if (r)
373 		goto out_free_mem;
374 
375 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
376 		rv = -ENODEV;
377 		goto out_free_mem_lock;
378 	}
379 
380 	r = usb_autopm_get_interface(desc->intf);
381 	if (r < 0) {
382 		rv = usb_translate_errors(r);
383 		goto out_free_mem_lock;
384 	}
385 
386 	if (!(file->f_flags & O_NONBLOCK))
387 		r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
388 								&desc->flags));
389 	else
390 		if (test_bit(WDM_IN_USE, &desc->flags))
391 			r = -EAGAIN;
392 
393 	if (test_bit(WDM_RESETTING, &desc->flags))
394 		r = -EIO;
395 
396 	if (r < 0) {
397 		rv = r;
398 		goto out_free_mem_pm;
399 	}
400 
401 	req = desc->orq;
402 	usb_fill_control_urb(
403 		desc->command,
404 		interface_to_usbdev(desc->intf),
405 		/* using common endpoint 0 */
406 		usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
407 		(unsigned char *)req,
408 		buf,
409 		count,
410 		wdm_out_callback,
411 		desc
412 	);
413 
414 	req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
415 			     USB_RECIP_INTERFACE);
416 	req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
417 	req->wValue = 0;
418 	req->wIndex = desc->inum; /* already converted */
419 	req->wLength = cpu_to_le16(count);
420 	set_bit(WDM_IN_USE, &desc->flags);
421 	desc->outbuf = buf;
422 
423 	rv = usb_submit_urb(desc->command, GFP_KERNEL);
424 	if (rv < 0) {
425 		desc->outbuf = NULL;
426 		clear_bit(WDM_IN_USE, &desc->flags);
427 		dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
428 		rv = usb_translate_errors(rv);
429 		goto out_free_mem_pm;
430 	} else {
431 		dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n",
432 			le16_to_cpu(req->wIndex));
433 	}
434 
435 	usb_autopm_put_interface(desc->intf);
436 	mutex_unlock(&desc->wlock);
437 	return count;
438 
439 out_free_mem_pm:
440 	usb_autopm_put_interface(desc->intf);
441 out_free_mem_lock:
442 	mutex_unlock(&desc->wlock);
443 out_free_mem:
444 	kfree(buf);
445 	return rv;
446 }
447 
448 /*
449  * Submit the read urb if resp_count is non-zero.
450  *
451  * Called with desc->iuspin locked
452  */
453 static int service_outstanding_interrupt(struct wdm_device *desc)
454 {
455 	int rv = 0;
456 
457 	/* submit read urb only if the device is waiting for it */
458 	if (!desc->resp_count || !--desc->resp_count)
459 		goto out;
460 
461 	set_bit(WDM_RESPONDING, &desc->flags);
462 	spin_unlock_irq(&desc->iuspin);
463 	rv = usb_submit_urb(desc->response, GFP_KERNEL);
464 	spin_lock_irq(&desc->iuspin);
465 	if (rv) {
466 		dev_err(&desc->intf->dev,
467 			"usb_submit_urb failed with result %d\n", rv);
468 
469 		/* make sure the next notification trigger a submit */
470 		clear_bit(WDM_RESPONDING, &desc->flags);
471 		desc->resp_count = 0;
472 	}
473 out:
474 	return rv;
475 }
476 
477 static ssize_t wdm_read
478 (struct file *file, char __user *buffer, size_t count, loff_t *ppos)
479 {
480 	int rv, cntr;
481 	int i = 0;
482 	struct wdm_device *desc = file->private_data;
483 
484 
485 	rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
486 	if (rv < 0)
487 		return -ERESTARTSYS;
488 
489 	cntr = READ_ONCE(desc->length);
490 	if (cntr == 0) {
491 		desc->read = 0;
492 retry:
493 		if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
494 			rv = -ENODEV;
495 			goto err;
496 		}
497 		if (test_bit(WDM_OVERFLOW, &desc->flags)) {
498 			clear_bit(WDM_OVERFLOW, &desc->flags);
499 			rv = -ENOBUFS;
500 			goto err;
501 		}
502 		i++;
503 		if (file->f_flags & O_NONBLOCK) {
504 			if (!test_bit(WDM_READ, &desc->flags)) {
505 				rv = -EAGAIN;
506 				goto err;
507 			}
508 			rv = 0;
509 		} else {
510 			rv = wait_event_interruptible(desc->wait,
511 				test_bit(WDM_READ, &desc->flags));
512 		}
513 
514 		/* may have happened while we slept */
515 		if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
516 			rv = -ENODEV;
517 			goto err;
518 		}
519 		if (test_bit(WDM_RESETTING, &desc->flags)) {
520 			rv = -EIO;
521 			goto err;
522 		}
523 		usb_mark_last_busy(interface_to_usbdev(desc->intf));
524 		if (rv < 0) {
525 			rv = -ERESTARTSYS;
526 			goto err;
527 		}
528 
529 		spin_lock_irq(&desc->iuspin);
530 
531 		if (desc->rerr) { /* read completed, error happened */
532 			rv = usb_translate_errors(desc->rerr);
533 			desc->rerr = 0;
534 			spin_unlock_irq(&desc->iuspin);
535 			goto err;
536 		}
537 		/*
538 		 * recheck whether we've lost the race
539 		 * against the completion handler
540 		 */
541 		if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
542 			spin_unlock_irq(&desc->iuspin);
543 			goto retry;
544 		}
545 
546 		if (!desc->reslength) { /* zero length read */
547 			dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n");
548 			clear_bit(WDM_READ, &desc->flags);
549 			rv = service_outstanding_interrupt(desc);
550 			spin_unlock_irq(&desc->iuspin);
551 			if (rv < 0)
552 				goto err;
553 			goto retry;
554 		}
555 		cntr = desc->length;
556 		spin_unlock_irq(&desc->iuspin);
557 	}
558 
559 	if (cntr > count)
560 		cntr = count;
561 	rv = copy_to_user(buffer, desc->ubuf, cntr);
562 	if (rv > 0) {
563 		rv = -EFAULT;
564 		goto err;
565 	}
566 
567 	spin_lock_irq(&desc->iuspin);
568 
569 	for (i = 0; i < desc->length - cntr; i++)
570 		desc->ubuf[i] = desc->ubuf[i + cntr];
571 
572 	desc->length -= cntr;
573 	/* in case we had outstanding data */
574 	if (!desc->length) {
575 		clear_bit(WDM_READ, &desc->flags);
576 		service_outstanding_interrupt(desc);
577 	}
578 	spin_unlock_irq(&desc->iuspin);
579 	rv = cntr;
580 
581 err:
582 	mutex_unlock(&desc->rlock);
583 	return rv;
584 }
585 
586 static int wdm_flush(struct file *file, fl_owner_t id)
587 {
588 	struct wdm_device *desc = file->private_data;
589 
590 	wait_event(desc->wait,
591 			/*
592 			 * needs both flags. We cannot do with one
593 			 * because resetting it would cause a race
594 			 * with write() yet we need to signal
595 			 * a disconnect
596 			 */
597 			!test_bit(WDM_IN_USE, &desc->flags) ||
598 			test_bit(WDM_DISCONNECTING, &desc->flags));
599 
600 	/* cannot dereference desc->intf if WDM_DISCONNECTING */
601 	if (test_bit(WDM_DISCONNECTING, &desc->flags))
602 		return -ENODEV;
603 	if (desc->werr < 0)
604 		dev_err(&desc->intf->dev, "Error in flush path: %d\n",
605 			desc->werr);
606 
607 	return usb_translate_errors(desc->werr);
608 }
609 
610 static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait)
611 {
612 	struct wdm_device *desc = file->private_data;
613 	unsigned long flags;
614 	__poll_t mask = 0;
615 
616 	spin_lock_irqsave(&desc->iuspin, flags);
617 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
618 		mask = EPOLLHUP | EPOLLERR;
619 		spin_unlock_irqrestore(&desc->iuspin, flags);
620 		goto desc_out;
621 	}
622 	if (test_bit(WDM_READ, &desc->flags))
623 		mask = EPOLLIN | EPOLLRDNORM;
624 	if (desc->rerr || desc->werr)
625 		mask |= EPOLLERR;
626 	if (!test_bit(WDM_IN_USE, &desc->flags))
627 		mask |= EPOLLOUT | EPOLLWRNORM;
628 	spin_unlock_irqrestore(&desc->iuspin, flags);
629 
630 	poll_wait(file, &desc->wait, wait);
631 
632 desc_out:
633 	return mask;
634 }
635 
636 static int wdm_open(struct inode *inode, struct file *file)
637 {
638 	int minor = iminor(inode);
639 	int rv = -ENODEV;
640 	struct usb_interface *intf;
641 	struct wdm_device *desc;
642 
643 	mutex_lock(&wdm_mutex);
644 	desc = wdm_find_device_by_minor(minor);
645 	if (!desc)
646 		goto out;
647 
648 	intf = desc->intf;
649 	if (test_bit(WDM_DISCONNECTING, &desc->flags))
650 		goto out;
651 	file->private_data = desc;
652 
653 	rv = usb_autopm_get_interface(desc->intf);
654 	if (rv < 0) {
655 		dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
656 		goto out;
657 	}
658 
659 	/* using write lock to protect desc->count */
660 	mutex_lock(&desc->wlock);
661 	if (!desc->count++) {
662 		desc->werr = 0;
663 		desc->rerr = 0;
664 		rv = usb_submit_urb(desc->validity, GFP_KERNEL);
665 		if (rv < 0) {
666 			desc->count--;
667 			dev_err(&desc->intf->dev,
668 				"Error submitting int urb - %d\n", rv);
669 			rv = usb_translate_errors(rv);
670 		}
671 	} else {
672 		rv = 0;
673 	}
674 	mutex_unlock(&desc->wlock);
675 	if (desc->count == 1)
676 		desc->manage_power(intf, 1);
677 	usb_autopm_put_interface(desc->intf);
678 out:
679 	mutex_unlock(&wdm_mutex);
680 	return rv;
681 }
682 
683 static int wdm_release(struct inode *inode, struct file *file)
684 {
685 	struct wdm_device *desc = file->private_data;
686 
687 	mutex_lock(&wdm_mutex);
688 
689 	/* using write lock to protect desc->count */
690 	mutex_lock(&desc->wlock);
691 	desc->count--;
692 	mutex_unlock(&desc->wlock);
693 
694 	if (!desc->count) {
695 		if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
696 			dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n");
697 			kill_urbs(desc);
698 			spin_lock_irq(&desc->iuspin);
699 			desc->resp_count = 0;
700 			spin_unlock_irq(&desc->iuspin);
701 			desc->manage_power(desc->intf, 0);
702 		} else {
703 			/* must avoid dev_printk here as desc->intf is invalid */
704 			pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
705 			cleanup(desc);
706 		}
707 	}
708 	mutex_unlock(&wdm_mutex);
709 	return 0;
710 }
711 
712 static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
713 {
714 	struct wdm_device *desc = file->private_data;
715 	int rv = 0;
716 
717 	switch (cmd) {
718 	case IOCTL_WDM_MAX_COMMAND:
719 		if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
720 			rv = -EFAULT;
721 		break;
722 	default:
723 		rv = -ENOTTY;
724 	}
725 	return rv;
726 }
727 
728 static const struct file_operations wdm_fops = {
729 	.owner =	THIS_MODULE,
730 	.read =		wdm_read,
731 	.write =	wdm_write,
732 	.open =		wdm_open,
733 	.flush =	wdm_flush,
734 	.release =	wdm_release,
735 	.poll =		wdm_poll,
736 	.unlocked_ioctl = wdm_ioctl,
737 	.compat_ioctl = compat_ptr_ioctl,
738 	.llseek =	noop_llseek,
739 };
740 
741 static struct usb_class_driver wdm_class = {
742 	.name =		"cdc-wdm%d",
743 	.fops =		&wdm_fops,
744 	.minor_base =	WDM_MINOR_BASE,
745 };
746 
747 /* --- error handling --- */
748 static void wdm_rxwork(struct work_struct *work)
749 {
750 	struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
751 	unsigned long flags;
752 	int rv = 0;
753 	int responding;
754 
755 	spin_lock_irqsave(&desc->iuspin, flags);
756 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
757 		spin_unlock_irqrestore(&desc->iuspin, flags);
758 	} else {
759 		responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
760 		spin_unlock_irqrestore(&desc->iuspin, flags);
761 		if (!responding)
762 			rv = usb_submit_urb(desc->response, GFP_KERNEL);
763 		if (rv < 0 && rv != -EPERM) {
764 			spin_lock_irqsave(&desc->iuspin, flags);
765 			clear_bit(WDM_RESPONDING, &desc->flags);
766 			if (!test_bit(WDM_DISCONNECTING, &desc->flags))
767 				schedule_work(&desc->rxwork);
768 			spin_unlock_irqrestore(&desc->iuspin, flags);
769 		}
770 	}
771 }
772 
773 static void service_interrupt_work(struct work_struct *work)
774 {
775 	struct wdm_device *desc;
776 
777 	desc = container_of(work, struct wdm_device, service_outs_intr);
778 
779 	spin_lock_irq(&desc->iuspin);
780 	service_outstanding_interrupt(desc);
781 	if (!desc->resp_count) {
782 		set_bit(WDM_READ, &desc->flags);
783 		wake_up(&desc->wait);
784 	}
785 	spin_unlock_irq(&desc->iuspin);
786 }
787 
788 /* --- hotplug --- */
789 
790 static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
791 		u16 bufsize, int (*manage_power)(struct usb_interface *, int))
792 {
793 	int rv = -ENOMEM;
794 	struct wdm_device *desc;
795 
796 	desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
797 	if (!desc)
798 		goto out;
799 	INIT_LIST_HEAD(&desc->device_list);
800 	mutex_init(&desc->rlock);
801 	mutex_init(&desc->wlock);
802 	spin_lock_init(&desc->iuspin);
803 	init_waitqueue_head(&desc->wait);
804 	desc->wMaxCommand = bufsize;
805 	/* this will be expanded and needed in hardware endianness */
806 	desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
807 	desc->intf = intf;
808 	INIT_WORK(&desc->rxwork, wdm_rxwork);
809 	INIT_WORK(&desc->service_outs_intr, service_interrupt_work);
810 
811 	rv = -EINVAL;
812 	if (!usb_endpoint_is_int_in(ep))
813 		goto err;
814 
815 	desc->wMaxPacketSize = usb_endpoint_maxp(ep);
816 
817 	desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
818 	if (!desc->orq)
819 		goto err;
820 	desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
821 	if (!desc->irq)
822 		goto err;
823 
824 	desc->validity = usb_alloc_urb(0, GFP_KERNEL);
825 	if (!desc->validity)
826 		goto err;
827 
828 	desc->response = usb_alloc_urb(0, GFP_KERNEL);
829 	if (!desc->response)
830 		goto err;
831 
832 	desc->command = usb_alloc_urb(0, GFP_KERNEL);
833 	if (!desc->command)
834 		goto err;
835 
836 	desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
837 	if (!desc->ubuf)
838 		goto err;
839 
840 	desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
841 	if (!desc->sbuf)
842 		goto err;
843 
844 	desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
845 	if (!desc->inbuf)
846 		goto err;
847 
848 	usb_fill_int_urb(
849 		desc->validity,
850 		interface_to_usbdev(intf),
851 		usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
852 		desc->sbuf,
853 		desc->wMaxPacketSize,
854 		wdm_int_callback,
855 		desc,
856 		ep->bInterval
857 	);
858 
859 	desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
860 	desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
861 	desc->irq->wValue = 0;
862 	desc->irq->wIndex = desc->inum; /* already converted */
863 	desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
864 
865 	usb_fill_control_urb(
866 		desc->response,
867 		interface_to_usbdev(intf),
868 		/* using common endpoint 0 */
869 		usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
870 		(unsigned char *)desc->irq,
871 		desc->inbuf,
872 		desc->wMaxCommand,
873 		wdm_in_callback,
874 		desc
875 	);
876 
877 	desc->manage_power = manage_power;
878 
879 	spin_lock(&wdm_device_list_lock);
880 	list_add(&desc->device_list, &wdm_device_list);
881 	spin_unlock(&wdm_device_list_lock);
882 
883 	rv = usb_register_dev(intf, &wdm_class);
884 	if (rv < 0)
885 		goto err;
886 	else
887 		dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
888 out:
889 	return rv;
890 err:
891 	spin_lock(&wdm_device_list_lock);
892 	list_del(&desc->device_list);
893 	spin_unlock(&wdm_device_list_lock);
894 	cleanup(desc);
895 	return rv;
896 }
897 
898 static int wdm_manage_power(struct usb_interface *intf, int on)
899 {
900 	/* need autopm_get/put here to ensure the usbcore sees the new value */
901 	int rv = usb_autopm_get_interface(intf);
902 
903 	intf->needs_remote_wakeup = on;
904 	if (!rv)
905 		usb_autopm_put_interface(intf);
906 	return 0;
907 }
908 
909 static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
910 {
911 	int rv = -EINVAL;
912 	struct usb_host_interface *iface;
913 	struct usb_endpoint_descriptor *ep;
914 	struct usb_cdc_parsed_header hdr;
915 	u8 *buffer = intf->altsetting->extra;
916 	int buflen = intf->altsetting->extralen;
917 	u16 maxcom = WDM_DEFAULT_BUFSIZE;
918 
919 	if (!buffer)
920 		goto err;
921 
922 	cdc_parse_cdc_header(&hdr, intf, buffer, buflen);
923 
924 	if (hdr.usb_cdc_dmm_desc)
925 		maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand);
926 
927 	iface = intf->cur_altsetting;
928 	if (iface->desc.bNumEndpoints != 1)
929 		goto err;
930 	ep = &iface->endpoint[0].desc;
931 
932 	rv = wdm_create(intf, ep, maxcom, &wdm_manage_power);
933 
934 err:
935 	return rv;
936 }
937 
938 /**
939  * usb_cdc_wdm_register - register a WDM subdriver
940  * @intf: usb interface the subdriver will associate with
941  * @ep: interrupt endpoint to monitor for notifications
942  * @bufsize: maximum message size to support for read/write
943  *
944  * Create WDM usb class character device and associate it with intf
945  * without binding, allowing another driver to manage the interface.
946  *
947  * The subdriver will manage the given interrupt endpoint exclusively
948  * and will issue control requests referring to the given intf. It
949  * will otherwise avoid interferring, and in particular not do
950  * usb_set_intfdata/usb_get_intfdata on intf.
951  *
952  * The return value is a pointer to the subdriver's struct usb_driver.
953  * The registering driver is responsible for calling this subdriver's
954  * disconnect, suspend, resume, pre_reset and post_reset methods from
955  * its own.
956  */
957 struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
958 					struct usb_endpoint_descriptor *ep,
959 					int bufsize,
960 					int (*manage_power)(struct usb_interface *, int))
961 {
962 	int rv;
963 
964 	rv = wdm_create(intf, ep, bufsize, manage_power);
965 	if (rv < 0)
966 		goto err;
967 
968 	return &wdm_driver;
969 err:
970 	return ERR_PTR(rv);
971 }
972 EXPORT_SYMBOL(usb_cdc_wdm_register);
973 
974 static void wdm_disconnect(struct usb_interface *intf)
975 {
976 	struct wdm_device *desc;
977 	unsigned long flags;
978 
979 	usb_deregister_dev(intf, &wdm_class);
980 	desc = wdm_find_device(intf);
981 	mutex_lock(&wdm_mutex);
982 
983 	/* the spinlock makes sure no new urbs are generated in the callbacks */
984 	spin_lock_irqsave(&desc->iuspin, flags);
985 	set_bit(WDM_DISCONNECTING, &desc->flags);
986 	set_bit(WDM_READ, &desc->flags);
987 	spin_unlock_irqrestore(&desc->iuspin, flags);
988 	wake_up_all(&desc->wait);
989 	mutex_lock(&desc->rlock);
990 	mutex_lock(&desc->wlock);
991 	kill_urbs(desc);
992 	cancel_work_sync(&desc->rxwork);
993 	cancel_work_sync(&desc->service_outs_intr);
994 	mutex_unlock(&desc->wlock);
995 	mutex_unlock(&desc->rlock);
996 
997 	/* the desc->intf pointer used as list key is now invalid */
998 	spin_lock(&wdm_device_list_lock);
999 	list_del(&desc->device_list);
1000 	spin_unlock(&wdm_device_list_lock);
1001 
1002 	if (!desc->count)
1003 		cleanup(desc);
1004 	else
1005 		dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count);
1006 	mutex_unlock(&wdm_mutex);
1007 }
1008 
1009 #ifdef CONFIG_PM
1010 static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
1011 {
1012 	struct wdm_device *desc = wdm_find_device(intf);
1013 	int rv = 0;
1014 
1015 	dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1016 
1017 	/* if this is an autosuspend the caller does the locking */
1018 	if (!PMSG_IS_AUTO(message)) {
1019 		mutex_lock(&desc->rlock);
1020 		mutex_lock(&desc->wlock);
1021 	}
1022 	spin_lock_irq(&desc->iuspin);
1023 
1024 	if (PMSG_IS_AUTO(message) &&
1025 			(test_bit(WDM_IN_USE, &desc->flags)
1026 			|| test_bit(WDM_RESPONDING, &desc->flags))) {
1027 		spin_unlock_irq(&desc->iuspin);
1028 		rv = -EBUSY;
1029 	} else {
1030 
1031 		set_bit(WDM_SUSPENDING, &desc->flags);
1032 		spin_unlock_irq(&desc->iuspin);
1033 		/* callback submits work - order is essential */
1034 		kill_urbs(desc);
1035 		cancel_work_sync(&desc->rxwork);
1036 		cancel_work_sync(&desc->service_outs_intr);
1037 	}
1038 	if (!PMSG_IS_AUTO(message)) {
1039 		mutex_unlock(&desc->wlock);
1040 		mutex_unlock(&desc->rlock);
1041 	}
1042 
1043 	return rv;
1044 }
1045 #endif
1046 
1047 static int recover_from_urb_loss(struct wdm_device *desc)
1048 {
1049 	int rv = 0;
1050 
1051 	if (desc->count) {
1052 		rv = usb_submit_urb(desc->validity, GFP_NOIO);
1053 		if (rv < 0)
1054 			dev_err(&desc->intf->dev,
1055 				"Error resume submitting int urb - %d\n", rv);
1056 	}
1057 	return rv;
1058 }
1059 
1060 #ifdef CONFIG_PM
1061 static int wdm_resume(struct usb_interface *intf)
1062 {
1063 	struct wdm_device *desc = wdm_find_device(intf);
1064 	int rv;
1065 
1066 	dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1067 
1068 	clear_bit(WDM_SUSPENDING, &desc->flags);
1069 	rv = recover_from_urb_loss(desc);
1070 
1071 	return rv;
1072 }
1073 #endif
1074 
1075 static int wdm_pre_reset(struct usb_interface *intf)
1076 {
1077 	struct wdm_device *desc = wdm_find_device(intf);
1078 
1079 	/*
1080 	 * we notify everybody using poll of
1081 	 * an exceptional situation
1082 	 * must be done before recovery lest a spontaneous
1083 	 * message from the device is lost
1084 	 */
1085 	spin_lock_irq(&desc->iuspin);
1086 	set_bit(WDM_RESETTING, &desc->flags);	/* inform read/write */
1087 	set_bit(WDM_READ, &desc->flags);	/* unblock read */
1088 	clear_bit(WDM_IN_USE, &desc->flags);	/* unblock write */
1089 	desc->rerr = -EINTR;
1090 	spin_unlock_irq(&desc->iuspin);
1091 	wake_up_all(&desc->wait);
1092 	mutex_lock(&desc->rlock);
1093 	mutex_lock(&desc->wlock);
1094 	kill_urbs(desc);
1095 	cancel_work_sync(&desc->rxwork);
1096 	cancel_work_sync(&desc->service_outs_intr);
1097 	return 0;
1098 }
1099 
1100 static int wdm_post_reset(struct usb_interface *intf)
1101 {
1102 	struct wdm_device *desc = wdm_find_device(intf);
1103 	int rv;
1104 
1105 	clear_bit(WDM_OVERFLOW, &desc->flags);
1106 	clear_bit(WDM_RESETTING, &desc->flags);
1107 	rv = recover_from_urb_loss(desc);
1108 	mutex_unlock(&desc->wlock);
1109 	mutex_unlock(&desc->rlock);
1110 	return rv;
1111 }
1112 
1113 static struct usb_driver wdm_driver = {
1114 	.name =		"cdc_wdm",
1115 	.probe =	wdm_probe,
1116 	.disconnect =	wdm_disconnect,
1117 #ifdef CONFIG_PM
1118 	.suspend =	wdm_suspend,
1119 	.resume =	wdm_resume,
1120 	.reset_resume =	wdm_resume,
1121 #endif
1122 	.pre_reset =	wdm_pre_reset,
1123 	.post_reset =	wdm_post_reset,
1124 	.id_table =	wdm_ids,
1125 	.supports_autosuspend = 1,
1126 	.disable_hub_initiated_lpm = 1,
1127 };
1128 
1129 module_usb_driver(wdm_driver);
1130 
1131 MODULE_AUTHOR(DRIVER_AUTHOR);
1132 MODULE_DESCRIPTION(DRIVER_DESC);
1133 MODULE_LICENSE("GPL");
1134