xref: /linux/drivers/usb/class/cdc-wdm.c (revision ca55b2fef3a9373fcfc30f82fd26bc7fccbda732)
1 /*
2  * cdc-wdm.c
3  *
4  * This driver supports USB CDC WCM Device Management.
5  *
6  * Copyright (c) 2007-2009 Oliver Neukum
7  *
8  * Some code taken from cdc-acm.c
9  *
10  * Released under the GPLv2.
11  *
12  * Many thanks to Carl Nordbeck
13  */
14 #include <linux/kernel.h>
15 #include <linux/errno.h>
16 #include <linux/ioctl.h>
17 #include <linux/slab.h>
18 #include <linux/module.h>
19 #include <linux/mutex.h>
20 #include <linux/uaccess.h>
21 #include <linux/bitops.h>
22 #include <linux/poll.h>
23 #include <linux/usb.h>
24 #include <linux/usb/cdc.h>
25 #include <asm/byteorder.h>
26 #include <asm/unaligned.h>
27 #include <linux/usb/cdc-wdm.h>
28 
29 /*
30  * Version Information
31  */
32 #define DRIVER_VERSION "v0.03"
33 #define DRIVER_AUTHOR "Oliver Neukum"
34 #define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
35 
36 static const struct usb_device_id wdm_ids[] = {
37 	{
38 		.match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
39 				 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
40 		.bInterfaceClass = USB_CLASS_COMM,
41 		.bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
42 	},
43 	{ }
44 };
45 
46 MODULE_DEVICE_TABLE (usb, wdm_ids);
47 
48 #define WDM_MINOR_BASE	176
49 
50 
51 #define WDM_IN_USE		1
52 #define WDM_DISCONNECTING	2
53 #define WDM_RESULT		3
54 #define WDM_READ		4
55 #define WDM_INT_STALL		5
56 #define WDM_POLL_RUNNING	6
57 #define WDM_RESPONDING		7
58 #define WDM_SUSPENDING		8
59 #define WDM_RESETTING		9
60 #define WDM_OVERFLOW		10
61 
62 #define WDM_MAX			16
63 
64 /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
65 #define WDM_DEFAULT_BUFSIZE	256
66 
67 static DEFINE_MUTEX(wdm_mutex);
68 static DEFINE_SPINLOCK(wdm_device_list_lock);
69 static LIST_HEAD(wdm_device_list);
70 
71 /* --- method tables --- */
72 
73 struct wdm_device {
74 	u8			*inbuf; /* buffer for response */
75 	u8			*outbuf; /* buffer for command */
76 	u8			*sbuf; /* buffer for status */
77 	u8			*ubuf; /* buffer for copy to user space */
78 
79 	struct urb		*command;
80 	struct urb		*response;
81 	struct urb		*validity;
82 	struct usb_interface	*intf;
83 	struct usb_ctrlrequest	*orq;
84 	struct usb_ctrlrequest	*irq;
85 	spinlock_t		iuspin;
86 
87 	unsigned long		flags;
88 	u16			bufsize;
89 	u16			wMaxCommand;
90 	u16			wMaxPacketSize;
91 	__le16			inum;
92 	int			reslength;
93 	int			length;
94 	int			read;
95 	int			count;
96 	dma_addr_t		shandle;
97 	dma_addr_t		ihandle;
98 	struct mutex		wlock;
99 	struct mutex		rlock;
100 	wait_queue_head_t	wait;
101 	struct work_struct	rxwork;
102 	int			werr;
103 	int			rerr;
104 	int                     resp_count;
105 
106 	struct list_head	device_list;
107 	int			(*manage_power)(struct usb_interface *, int);
108 };
109 
110 static struct usb_driver wdm_driver;
111 
112 /* return intfdata if we own the interface, else look up intf in the list */
113 static struct wdm_device *wdm_find_device(struct usb_interface *intf)
114 {
115 	struct wdm_device *desc;
116 
117 	spin_lock(&wdm_device_list_lock);
118 	list_for_each_entry(desc, &wdm_device_list, device_list)
119 		if (desc->intf == intf)
120 			goto found;
121 	desc = NULL;
122 found:
123 	spin_unlock(&wdm_device_list_lock);
124 
125 	return desc;
126 }
127 
128 static struct wdm_device *wdm_find_device_by_minor(int minor)
129 {
130 	struct wdm_device *desc;
131 
132 	spin_lock(&wdm_device_list_lock);
133 	list_for_each_entry(desc, &wdm_device_list, device_list)
134 		if (desc->intf->minor == minor)
135 			goto found;
136 	desc = NULL;
137 found:
138 	spin_unlock(&wdm_device_list_lock);
139 
140 	return desc;
141 }
142 
143 /* --- callbacks --- */
144 static void wdm_out_callback(struct urb *urb)
145 {
146 	struct wdm_device *desc;
147 	desc = urb->context;
148 	spin_lock(&desc->iuspin);
149 	desc->werr = urb->status;
150 	spin_unlock(&desc->iuspin);
151 	kfree(desc->outbuf);
152 	desc->outbuf = NULL;
153 	clear_bit(WDM_IN_USE, &desc->flags);
154 	wake_up(&desc->wait);
155 }
156 
157 static void wdm_in_callback(struct urb *urb)
158 {
159 	struct wdm_device *desc = urb->context;
160 	int status = urb->status;
161 	int length = urb->actual_length;
162 
163 	spin_lock(&desc->iuspin);
164 	clear_bit(WDM_RESPONDING, &desc->flags);
165 
166 	if (status) {
167 		switch (status) {
168 		case -ENOENT:
169 			dev_dbg(&desc->intf->dev,
170 				"nonzero urb status received: -ENOENT");
171 			goto skip_error;
172 		case -ECONNRESET:
173 			dev_dbg(&desc->intf->dev,
174 				"nonzero urb status received: -ECONNRESET");
175 			goto skip_error;
176 		case -ESHUTDOWN:
177 			dev_dbg(&desc->intf->dev,
178 				"nonzero urb status received: -ESHUTDOWN");
179 			goto skip_error;
180 		case -EPIPE:
181 			dev_err(&desc->intf->dev,
182 				"nonzero urb status received: -EPIPE\n");
183 			break;
184 		default:
185 			dev_err(&desc->intf->dev,
186 				"Unexpected error %d\n", status);
187 			break;
188 		}
189 	}
190 
191 	desc->rerr = status;
192 	if (length + desc->length > desc->wMaxCommand) {
193 		/* The buffer would overflow */
194 		set_bit(WDM_OVERFLOW, &desc->flags);
195 	} else {
196 		/* we may already be in overflow */
197 		if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
198 			memmove(desc->ubuf + desc->length, desc->inbuf, length);
199 			desc->length += length;
200 			desc->reslength = length;
201 		}
202 	}
203 skip_error:
204 	wake_up(&desc->wait);
205 
206 	set_bit(WDM_READ, &desc->flags);
207 	spin_unlock(&desc->iuspin);
208 }
209 
210 static void wdm_int_callback(struct urb *urb)
211 {
212 	int rv = 0;
213 	int responding;
214 	int status = urb->status;
215 	struct wdm_device *desc;
216 	struct usb_cdc_notification *dr;
217 
218 	desc = urb->context;
219 	dr = (struct usb_cdc_notification *)desc->sbuf;
220 
221 	if (status) {
222 		switch (status) {
223 		case -ESHUTDOWN:
224 		case -ENOENT:
225 		case -ECONNRESET:
226 			return; /* unplug */
227 		case -EPIPE:
228 			set_bit(WDM_INT_STALL, &desc->flags);
229 			dev_err(&desc->intf->dev, "Stall on int endpoint\n");
230 			goto sw; /* halt is cleared in work */
231 		default:
232 			dev_err(&desc->intf->dev,
233 				"nonzero urb status received: %d\n", status);
234 			break;
235 		}
236 	}
237 
238 	if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
239 		dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
240 			urb->actual_length);
241 		goto exit;
242 	}
243 
244 	switch (dr->bNotificationType) {
245 	case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
246 		dev_dbg(&desc->intf->dev,
247 			"NOTIFY_RESPONSE_AVAILABLE received: index %d len %d",
248 			le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
249 		break;
250 
251 	case USB_CDC_NOTIFY_NETWORK_CONNECTION:
252 
253 		dev_dbg(&desc->intf->dev,
254 			"NOTIFY_NETWORK_CONNECTION %s network",
255 			dr->wValue ? "connected to" : "disconnected from");
256 		goto exit;
257 	case USB_CDC_NOTIFY_SPEED_CHANGE:
258 		dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)",
259 			urb->actual_length);
260 		goto exit;
261 	default:
262 		clear_bit(WDM_POLL_RUNNING, &desc->flags);
263 		dev_err(&desc->intf->dev,
264 			"unknown notification %d received: index %d len %d\n",
265 			dr->bNotificationType,
266 			le16_to_cpu(dr->wIndex),
267 			le16_to_cpu(dr->wLength));
268 		goto exit;
269 	}
270 
271 	spin_lock(&desc->iuspin);
272 	responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
273 	if (!desc->resp_count++ && !responding
274 		&& !test_bit(WDM_DISCONNECTING, &desc->flags)
275 		&& !test_bit(WDM_SUSPENDING, &desc->flags)) {
276 		rv = usb_submit_urb(desc->response, GFP_ATOMIC);
277 		dev_dbg(&desc->intf->dev, "%s: usb_submit_urb %d",
278 			__func__, rv);
279 	}
280 	spin_unlock(&desc->iuspin);
281 	if (rv < 0) {
282 		clear_bit(WDM_RESPONDING, &desc->flags);
283 		if (rv == -EPERM)
284 			return;
285 		if (rv == -ENOMEM) {
286 sw:
287 			rv = schedule_work(&desc->rxwork);
288 			if (rv)
289 				dev_err(&desc->intf->dev,
290 					"Cannot schedule work\n");
291 		}
292 	}
293 exit:
294 	rv = usb_submit_urb(urb, GFP_ATOMIC);
295 	if (rv)
296 		dev_err(&desc->intf->dev,
297 			"%s - usb_submit_urb failed with result %d\n",
298 			__func__, rv);
299 
300 }
301 
302 static void kill_urbs(struct wdm_device *desc)
303 {
304 	/* the order here is essential */
305 	usb_kill_urb(desc->command);
306 	usb_kill_urb(desc->validity);
307 	usb_kill_urb(desc->response);
308 }
309 
310 static void free_urbs(struct wdm_device *desc)
311 {
312 	usb_free_urb(desc->validity);
313 	usb_free_urb(desc->response);
314 	usb_free_urb(desc->command);
315 }
316 
317 static void cleanup(struct wdm_device *desc)
318 {
319 	kfree(desc->sbuf);
320 	kfree(desc->inbuf);
321 	kfree(desc->orq);
322 	kfree(desc->irq);
323 	kfree(desc->ubuf);
324 	free_urbs(desc);
325 	kfree(desc);
326 }
327 
328 static ssize_t wdm_write
329 (struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
330 {
331 	u8 *buf;
332 	int rv = -EMSGSIZE, r, we;
333 	struct wdm_device *desc = file->private_data;
334 	struct usb_ctrlrequest *req;
335 
336 	if (count > desc->wMaxCommand)
337 		count = desc->wMaxCommand;
338 
339 	spin_lock_irq(&desc->iuspin);
340 	we = desc->werr;
341 	desc->werr = 0;
342 	spin_unlock_irq(&desc->iuspin);
343 	if (we < 0)
344 		return usb_translate_errors(we);
345 
346 	buf = kmalloc(count, GFP_KERNEL);
347 	if (!buf) {
348 		rv = -ENOMEM;
349 		goto outnl;
350 	}
351 
352 	r = copy_from_user(buf, buffer, count);
353 	if (r > 0) {
354 		rv = -EFAULT;
355 		goto out_free_mem;
356 	}
357 
358 	/* concurrent writes and disconnect */
359 	r = mutex_lock_interruptible(&desc->wlock);
360 	rv = -ERESTARTSYS;
361 	if (r)
362 		goto out_free_mem;
363 
364 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
365 		rv = -ENODEV;
366 		goto out_free_mem_lock;
367 	}
368 
369 	r = usb_autopm_get_interface(desc->intf);
370 	if (r < 0) {
371 		rv = usb_translate_errors(r);
372 		goto out_free_mem_lock;
373 	}
374 
375 	if (!(file->f_flags & O_NONBLOCK))
376 		r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
377 								&desc->flags));
378 	else
379 		if (test_bit(WDM_IN_USE, &desc->flags))
380 			r = -EAGAIN;
381 
382 	if (test_bit(WDM_RESETTING, &desc->flags))
383 		r = -EIO;
384 
385 	if (r < 0) {
386 		rv = r;
387 		goto out_free_mem_pm;
388 	}
389 
390 	req = desc->orq;
391 	usb_fill_control_urb(
392 		desc->command,
393 		interface_to_usbdev(desc->intf),
394 		/* using common endpoint 0 */
395 		usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
396 		(unsigned char *)req,
397 		buf,
398 		count,
399 		wdm_out_callback,
400 		desc
401 	);
402 
403 	req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
404 			     USB_RECIP_INTERFACE);
405 	req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
406 	req->wValue = 0;
407 	req->wIndex = desc->inum; /* already converted */
408 	req->wLength = cpu_to_le16(count);
409 	set_bit(WDM_IN_USE, &desc->flags);
410 	desc->outbuf = buf;
411 
412 	rv = usb_submit_urb(desc->command, GFP_KERNEL);
413 	if (rv < 0) {
414 		desc->outbuf = NULL;
415 		clear_bit(WDM_IN_USE, &desc->flags);
416 		dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
417 		rv = usb_translate_errors(rv);
418 		goto out_free_mem_pm;
419 	} else {
420 		dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d",
421 			le16_to_cpu(req->wIndex));
422 	}
423 
424 	usb_autopm_put_interface(desc->intf);
425 	mutex_unlock(&desc->wlock);
426 outnl:
427 	return rv < 0 ? rv : count;
428 
429 out_free_mem_pm:
430 	usb_autopm_put_interface(desc->intf);
431 out_free_mem_lock:
432 	mutex_unlock(&desc->wlock);
433 out_free_mem:
434 	kfree(buf);
435 	return rv;
436 }
437 
438 /*
439  * clear WDM_READ flag and possibly submit the read urb if resp_count
440  * is non-zero.
441  *
442  * Called with desc->iuspin locked
443  */
444 static int clear_wdm_read_flag(struct wdm_device *desc)
445 {
446 	int rv = 0;
447 
448 	clear_bit(WDM_READ, &desc->flags);
449 
450 	/* submit read urb only if the device is waiting for it */
451 	if (!desc->resp_count || !--desc->resp_count)
452 		goto out;
453 
454 	set_bit(WDM_RESPONDING, &desc->flags);
455 	spin_unlock_irq(&desc->iuspin);
456 	rv = usb_submit_urb(desc->response, GFP_KERNEL);
457 	spin_lock_irq(&desc->iuspin);
458 	if (rv) {
459 		dev_err(&desc->intf->dev,
460 			"usb_submit_urb failed with result %d\n", rv);
461 
462 		/* make sure the next notification trigger a submit */
463 		clear_bit(WDM_RESPONDING, &desc->flags);
464 		desc->resp_count = 0;
465 	}
466 out:
467 	return rv;
468 }
469 
470 static ssize_t wdm_read
471 (struct file *file, char __user *buffer, size_t count, loff_t *ppos)
472 {
473 	int rv, cntr;
474 	int i = 0;
475 	struct wdm_device *desc = file->private_data;
476 
477 
478 	rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
479 	if (rv < 0)
480 		return -ERESTARTSYS;
481 
482 	cntr = ACCESS_ONCE(desc->length);
483 	if (cntr == 0) {
484 		desc->read = 0;
485 retry:
486 		if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
487 			rv = -ENODEV;
488 			goto err;
489 		}
490 		if (test_bit(WDM_OVERFLOW, &desc->flags)) {
491 			clear_bit(WDM_OVERFLOW, &desc->flags);
492 			rv = -ENOBUFS;
493 			goto err;
494 		}
495 		i++;
496 		if (file->f_flags & O_NONBLOCK) {
497 			if (!test_bit(WDM_READ, &desc->flags)) {
498 				rv = cntr ? cntr : -EAGAIN;
499 				goto err;
500 			}
501 			rv = 0;
502 		} else {
503 			rv = wait_event_interruptible(desc->wait,
504 				test_bit(WDM_READ, &desc->flags));
505 		}
506 
507 		/* may have happened while we slept */
508 		if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
509 			rv = -ENODEV;
510 			goto err;
511 		}
512 		if (test_bit(WDM_RESETTING, &desc->flags)) {
513 			rv = -EIO;
514 			goto err;
515 		}
516 		usb_mark_last_busy(interface_to_usbdev(desc->intf));
517 		if (rv < 0) {
518 			rv = -ERESTARTSYS;
519 			goto err;
520 		}
521 
522 		spin_lock_irq(&desc->iuspin);
523 
524 		if (desc->rerr) { /* read completed, error happened */
525 			rv = usb_translate_errors(desc->rerr);
526 			desc->rerr = 0;
527 			spin_unlock_irq(&desc->iuspin);
528 			goto err;
529 		}
530 		/*
531 		 * recheck whether we've lost the race
532 		 * against the completion handler
533 		 */
534 		if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
535 			spin_unlock_irq(&desc->iuspin);
536 			goto retry;
537 		}
538 
539 		if (!desc->reslength) { /* zero length read */
540 			dev_dbg(&desc->intf->dev, "%s: zero length - clearing WDM_READ\n", __func__);
541 			rv = clear_wdm_read_flag(desc);
542 			spin_unlock_irq(&desc->iuspin);
543 			if (rv < 0)
544 				goto err;
545 			goto retry;
546 		}
547 		cntr = desc->length;
548 		spin_unlock_irq(&desc->iuspin);
549 	}
550 
551 	if (cntr > count)
552 		cntr = count;
553 	rv = copy_to_user(buffer, desc->ubuf, cntr);
554 	if (rv > 0) {
555 		rv = -EFAULT;
556 		goto err;
557 	}
558 
559 	spin_lock_irq(&desc->iuspin);
560 
561 	for (i = 0; i < desc->length - cntr; i++)
562 		desc->ubuf[i] = desc->ubuf[i + cntr];
563 
564 	desc->length -= cntr;
565 	/* in case we had outstanding data */
566 	if (!desc->length)
567 		clear_wdm_read_flag(desc);
568 	spin_unlock_irq(&desc->iuspin);
569 	rv = cntr;
570 
571 err:
572 	mutex_unlock(&desc->rlock);
573 	return rv;
574 }
575 
576 static int wdm_flush(struct file *file, fl_owner_t id)
577 {
578 	struct wdm_device *desc = file->private_data;
579 
580 	wait_event(desc->wait, !test_bit(WDM_IN_USE, &desc->flags));
581 
582 	/* cannot dereference desc->intf if WDM_DISCONNECTING */
583 	if (desc->werr < 0 && !test_bit(WDM_DISCONNECTING, &desc->flags))
584 		dev_err(&desc->intf->dev, "Error in flush path: %d\n",
585 			desc->werr);
586 
587 	return usb_translate_errors(desc->werr);
588 }
589 
590 static unsigned int wdm_poll(struct file *file, struct poll_table_struct *wait)
591 {
592 	struct wdm_device *desc = file->private_data;
593 	unsigned long flags;
594 	unsigned int mask = 0;
595 
596 	spin_lock_irqsave(&desc->iuspin, flags);
597 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
598 		mask = POLLHUP | POLLERR;
599 		spin_unlock_irqrestore(&desc->iuspin, flags);
600 		goto desc_out;
601 	}
602 	if (test_bit(WDM_READ, &desc->flags))
603 		mask = POLLIN | POLLRDNORM;
604 	if (desc->rerr || desc->werr)
605 		mask |= POLLERR;
606 	if (!test_bit(WDM_IN_USE, &desc->flags))
607 		mask |= POLLOUT | POLLWRNORM;
608 	spin_unlock_irqrestore(&desc->iuspin, flags);
609 
610 	poll_wait(file, &desc->wait, wait);
611 
612 desc_out:
613 	return mask;
614 }
615 
616 static int wdm_open(struct inode *inode, struct file *file)
617 {
618 	int minor = iminor(inode);
619 	int rv = -ENODEV;
620 	struct usb_interface *intf;
621 	struct wdm_device *desc;
622 
623 	mutex_lock(&wdm_mutex);
624 	desc = wdm_find_device_by_minor(minor);
625 	if (!desc)
626 		goto out;
627 
628 	intf = desc->intf;
629 	if (test_bit(WDM_DISCONNECTING, &desc->flags))
630 		goto out;
631 	file->private_data = desc;
632 
633 	rv = usb_autopm_get_interface(desc->intf);
634 	if (rv < 0) {
635 		dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
636 		goto out;
637 	}
638 
639 	/* using write lock to protect desc->count */
640 	mutex_lock(&desc->wlock);
641 	if (!desc->count++) {
642 		desc->werr = 0;
643 		desc->rerr = 0;
644 		rv = usb_submit_urb(desc->validity, GFP_KERNEL);
645 		if (rv < 0) {
646 			desc->count--;
647 			dev_err(&desc->intf->dev,
648 				"Error submitting int urb - %d\n", rv);
649 			rv = usb_translate_errors(rv);
650 		}
651 	} else {
652 		rv = 0;
653 	}
654 	mutex_unlock(&desc->wlock);
655 	if (desc->count == 1)
656 		desc->manage_power(intf, 1);
657 	usb_autopm_put_interface(desc->intf);
658 out:
659 	mutex_unlock(&wdm_mutex);
660 	return rv;
661 }
662 
663 static int wdm_release(struct inode *inode, struct file *file)
664 {
665 	struct wdm_device *desc = file->private_data;
666 
667 	mutex_lock(&wdm_mutex);
668 
669 	/* using write lock to protect desc->count */
670 	mutex_lock(&desc->wlock);
671 	desc->count--;
672 	mutex_unlock(&desc->wlock);
673 
674 	if (!desc->count) {
675 		if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
676 			dev_dbg(&desc->intf->dev, "wdm_release: cleanup");
677 			kill_urbs(desc);
678 			spin_lock_irq(&desc->iuspin);
679 			desc->resp_count = 0;
680 			spin_unlock_irq(&desc->iuspin);
681 			desc->manage_power(desc->intf, 0);
682 		} else {
683 			/* must avoid dev_printk here as desc->intf is invalid */
684 			pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
685 			cleanup(desc);
686 		}
687 	}
688 	mutex_unlock(&wdm_mutex);
689 	return 0;
690 }
691 
692 static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
693 {
694 	struct wdm_device *desc = file->private_data;
695 	int rv = 0;
696 
697 	switch (cmd) {
698 	case IOCTL_WDM_MAX_COMMAND:
699 		if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
700 			rv = -EFAULT;
701 		break;
702 	default:
703 		rv = -ENOTTY;
704 	}
705 	return rv;
706 }
707 
708 static const struct file_operations wdm_fops = {
709 	.owner =	THIS_MODULE,
710 	.read =		wdm_read,
711 	.write =	wdm_write,
712 	.open =		wdm_open,
713 	.flush =	wdm_flush,
714 	.release =	wdm_release,
715 	.poll =		wdm_poll,
716 	.unlocked_ioctl = wdm_ioctl,
717 	.compat_ioctl = wdm_ioctl,
718 	.llseek =	noop_llseek,
719 };
720 
721 static struct usb_class_driver wdm_class = {
722 	.name =		"cdc-wdm%d",
723 	.fops =		&wdm_fops,
724 	.minor_base =	WDM_MINOR_BASE,
725 };
726 
727 /* --- error handling --- */
728 static void wdm_rxwork(struct work_struct *work)
729 {
730 	struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
731 	unsigned long flags;
732 	int rv = 0;
733 	int responding;
734 
735 	spin_lock_irqsave(&desc->iuspin, flags);
736 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
737 		spin_unlock_irqrestore(&desc->iuspin, flags);
738 	} else {
739 		responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
740 		spin_unlock_irqrestore(&desc->iuspin, flags);
741 		if (!responding)
742 			rv = usb_submit_urb(desc->response, GFP_KERNEL);
743 		if (rv < 0 && rv != -EPERM) {
744 			spin_lock_irqsave(&desc->iuspin, flags);
745 			clear_bit(WDM_RESPONDING, &desc->flags);
746 			if (!test_bit(WDM_DISCONNECTING, &desc->flags))
747 				schedule_work(&desc->rxwork);
748 			spin_unlock_irqrestore(&desc->iuspin, flags);
749 		}
750 	}
751 }
752 
753 /* --- hotplug --- */
754 
755 static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
756 		u16 bufsize, int (*manage_power)(struct usb_interface *, int))
757 {
758 	int rv = -ENOMEM;
759 	struct wdm_device *desc;
760 
761 	desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
762 	if (!desc)
763 		goto out;
764 	INIT_LIST_HEAD(&desc->device_list);
765 	mutex_init(&desc->rlock);
766 	mutex_init(&desc->wlock);
767 	spin_lock_init(&desc->iuspin);
768 	init_waitqueue_head(&desc->wait);
769 	desc->wMaxCommand = bufsize;
770 	/* this will be expanded and needed in hardware endianness */
771 	desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
772 	desc->intf = intf;
773 	INIT_WORK(&desc->rxwork, wdm_rxwork);
774 
775 	rv = -EINVAL;
776 	if (!usb_endpoint_is_int_in(ep))
777 		goto err;
778 
779 	desc->wMaxPacketSize = usb_endpoint_maxp(ep);
780 
781 	desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
782 	if (!desc->orq)
783 		goto err;
784 	desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
785 	if (!desc->irq)
786 		goto err;
787 
788 	desc->validity = usb_alloc_urb(0, GFP_KERNEL);
789 	if (!desc->validity)
790 		goto err;
791 
792 	desc->response = usb_alloc_urb(0, GFP_KERNEL);
793 	if (!desc->response)
794 		goto err;
795 
796 	desc->command = usb_alloc_urb(0, GFP_KERNEL);
797 	if (!desc->command)
798 		goto err;
799 
800 	desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
801 	if (!desc->ubuf)
802 		goto err;
803 
804 	desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
805 	if (!desc->sbuf)
806 		goto err;
807 
808 	desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
809 	if (!desc->inbuf)
810 		goto err;
811 
812 	usb_fill_int_urb(
813 		desc->validity,
814 		interface_to_usbdev(intf),
815 		usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
816 		desc->sbuf,
817 		desc->wMaxPacketSize,
818 		wdm_int_callback,
819 		desc,
820 		ep->bInterval
821 	);
822 
823 	desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
824 	desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
825 	desc->irq->wValue = 0;
826 	desc->irq->wIndex = desc->inum; /* already converted */
827 	desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
828 
829 	usb_fill_control_urb(
830 		desc->response,
831 		interface_to_usbdev(intf),
832 		/* using common endpoint 0 */
833 		usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
834 		(unsigned char *)desc->irq,
835 		desc->inbuf,
836 		desc->wMaxCommand,
837 		wdm_in_callback,
838 		desc
839 	);
840 
841 	desc->manage_power = manage_power;
842 
843 	spin_lock(&wdm_device_list_lock);
844 	list_add(&desc->device_list, &wdm_device_list);
845 	spin_unlock(&wdm_device_list_lock);
846 
847 	rv = usb_register_dev(intf, &wdm_class);
848 	if (rv < 0)
849 		goto err;
850 	else
851 		dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
852 out:
853 	return rv;
854 err:
855 	spin_lock(&wdm_device_list_lock);
856 	list_del(&desc->device_list);
857 	spin_unlock(&wdm_device_list_lock);
858 	cleanup(desc);
859 	return rv;
860 }
861 
862 static int wdm_manage_power(struct usb_interface *intf, int on)
863 {
864 	/* need autopm_get/put here to ensure the usbcore sees the new value */
865 	int rv = usb_autopm_get_interface(intf);
866 
867 	intf->needs_remote_wakeup = on;
868 	if (!rv)
869 		usb_autopm_put_interface(intf);
870 	return 0;
871 }
872 
873 static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
874 {
875 	int rv = -EINVAL;
876 	struct usb_host_interface *iface;
877 	struct usb_endpoint_descriptor *ep;
878 	struct usb_cdc_dmm_desc *dmhd;
879 	u8 *buffer = intf->altsetting->extra;
880 	int buflen = intf->altsetting->extralen;
881 	u16 maxcom = WDM_DEFAULT_BUFSIZE;
882 
883 	if (!buffer)
884 		goto err;
885 	while (buflen > 2) {
886 		if (buffer[1] != USB_DT_CS_INTERFACE) {
887 			dev_err(&intf->dev, "skipping garbage\n");
888 			goto next_desc;
889 		}
890 
891 		switch (buffer[2]) {
892 		case USB_CDC_HEADER_TYPE:
893 			break;
894 		case USB_CDC_DMM_TYPE:
895 			dmhd = (struct usb_cdc_dmm_desc *)buffer;
896 			maxcom = le16_to_cpu(dmhd->wMaxCommand);
897 			dev_dbg(&intf->dev,
898 				"Finding maximum buffer length: %d", maxcom);
899 			break;
900 		default:
901 			dev_err(&intf->dev,
902 				"Ignoring extra header, type %d, length %d\n",
903 				buffer[2], buffer[0]);
904 			break;
905 		}
906 next_desc:
907 		buflen -= buffer[0];
908 		buffer += buffer[0];
909 	}
910 
911 	iface = intf->cur_altsetting;
912 	if (iface->desc.bNumEndpoints != 1)
913 		goto err;
914 	ep = &iface->endpoint[0].desc;
915 
916 	rv = wdm_create(intf, ep, maxcom, &wdm_manage_power);
917 
918 err:
919 	return rv;
920 }
921 
922 /**
923  * usb_cdc_wdm_register - register a WDM subdriver
924  * @intf: usb interface the subdriver will associate with
925  * @ep: interrupt endpoint to monitor for notifications
926  * @bufsize: maximum message size to support for read/write
927  *
928  * Create WDM usb class character device and associate it with intf
929  * without binding, allowing another driver to manage the interface.
930  *
931  * The subdriver will manage the given interrupt endpoint exclusively
932  * and will issue control requests referring to the given intf. It
933  * will otherwise avoid interferring, and in particular not do
934  * usb_set_intfdata/usb_get_intfdata on intf.
935  *
936  * The return value is a pointer to the subdriver's struct usb_driver.
937  * The registering driver is responsible for calling this subdriver's
938  * disconnect, suspend, resume, pre_reset and post_reset methods from
939  * its own.
940  */
941 struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
942 					struct usb_endpoint_descriptor *ep,
943 					int bufsize,
944 					int (*manage_power)(struct usb_interface *, int))
945 {
946 	int rv = -EINVAL;
947 
948 	rv = wdm_create(intf, ep, bufsize, manage_power);
949 	if (rv < 0)
950 		goto err;
951 
952 	return &wdm_driver;
953 err:
954 	return ERR_PTR(rv);
955 }
956 EXPORT_SYMBOL(usb_cdc_wdm_register);
957 
958 static void wdm_disconnect(struct usb_interface *intf)
959 {
960 	struct wdm_device *desc;
961 	unsigned long flags;
962 
963 	usb_deregister_dev(intf, &wdm_class);
964 	desc = wdm_find_device(intf);
965 	mutex_lock(&wdm_mutex);
966 
967 	/* the spinlock makes sure no new urbs are generated in the callbacks */
968 	spin_lock_irqsave(&desc->iuspin, flags);
969 	set_bit(WDM_DISCONNECTING, &desc->flags);
970 	set_bit(WDM_READ, &desc->flags);
971 	/* to terminate pending flushes */
972 	clear_bit(WDM_IN_USE, &desc->flags);
973 	spin_unlock_irqrestore(&desc->iuspin, flags);
974 	wake_up_all(&desc->wait);
975 	mutex_lock(&desc->rlock);
976 	mutex_lock(&desc->wlock);
977 	kill_urbs(desc);
978 	cancel_work_sync(&desc->rxwork);
979 	mutex_unlock(&desc->wlock);
980 	mutex_unlock(&desc->rlock);
981 
982 	/* the desc->intf pointer used as list key is now invalid */
983 	spin_lock(&wdm_device_list_lock);
984 	list_del(&desc->device_list);
985 	spin_unlock(&wdm_device_list_lock);
986 
987 	if (!desc->count)
988 		cleanup(desc);
989 	else
990 		dev_dbg(&intf->dev, "%s: %d open files - postponing cleanup\n", __func__, desc->count);
991 	mutex_unlock(&wdm_mutex);
992 }
993 
994 #ifdef CONFIG_PM
995 static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
996 {
997 	struct wdm_device *desc = wdm_find_device(intf);
998 	int rv = 0;
999 
1000 	dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1001 
1002 	/* if this is an autosuspend the caller does the locking */
1003 	if (!PMSG_IS_AUTO(message)) {
1004 		mutex_lock(&desc->rlock);
1005 		mutex_lock(&desc->wlock);
1006 	}
1007 	spin_lock_irq(&desc->iuspin);
1008 
1009 	if (PMSG_IS_AUTO(message) &&
1010 			(test_bit(WDM_IN_USE, &desc->flags)
1011 			|| test_bit(WDM_RESPONDING, &desc->flags))) {
1012 		spin_unlock_irq(&desc->iuspin);
1013 		rv = -EBUSY;
1014 	} else {
1015 
1016 		set_bit(WDM_SUSPENDING, &desc->flags);
1017 		spin_unlock_irq(&desc->iuspin);
1018 		/* callback submits work - order is essential */
1019 		kill_urbs(desc);
1020 		cancel_work_sync(&desc->rxwork);
1021 	}
1022 	if (!PMSG_IS_AUTO(message)) {
1023 		mutex_unlock(&desc->wlock);
1024 		mutex_unlock(&desc->rlock);
1025 	}
1026 
1027 	return rv;
1028 }
1029 #endif
1030 
1031 static int recover_from_urb_loss(struct wdm_device *desc)
1032 {
1033 	int rv = 0;
1034 
1035 	if (desc->count) {
1036 		rv = usb_submit_urb(desc->validity, GFP_NOIO);
1037 		if (rv < 0)
1038 			dev_err(&desc->intf->dev,
1039 				"Error resume submitting int urb - %d\n", rv);
1040 	}
1041 	return rv;
1042 }
1043 
1044 #ifdef CONFIG_PM
1045 static int wdm_resume(struct usb_interface *intf)
1046 {
1047 	struct wdm_device *desc = wdm_find_device(intf);
1048 	int rv;
1049 
1050 	dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1051 
1052 	clear_bit(WDM_SUSPENDING, &desc->flags);
1053 	rv = recover_from_urb_loss(desc);
1054 
1055 	return rv;
1056 }
1057 #endif
1058 
1059 static int wdm_pre_reset(struct usb_interface *intf)
1060 {
1061 	struct wdm_device *desc = wdm_find_device(intf);
1062 
1063 	/*
1064 	 * we notify everybody using poll of
1065 	 * an exceptional situation
1066 	 * must be done before recovery lest a spontaneous
1067 	 * message from the device is lost
1068 	 */
1069 	spin_lock_irq(&desc->iuspin);
1070 	set_bit(WDM_RESETTING, &desc->flags);	/* inform read/write */
1071 	set_bit(WDM_READ, &desc->flags);	/* unblock read */
1072 	clear_bit(WDM_IN_USE, &desc->flags);	/* unblock write */
1073 	desc->rerr = -EINTR;
1074 	spin_unlock_irq(&desc->iuspin);
1075 	wake_up_all(&desc->wait);
1076 	mutex_lock(&desc->rlock);
1077 	mutex_lock(&desc->wlock);
1078 	kill_urbs(desc);
1079 	cancel_work_sync(&desc->rxwork);
1080 	return 0;
1081 }
1082 
1083 static int wdm_post_reset(struct usb_interface *intf)
1084 {
1085 	struct wdm_device *desc = wdm_find_device(intf);
1086 	int rv;
1087 
1088 	clear_bit(WDM_OVERFLOW, &desc->flags);
1089 	clear_bit(WDM_RESETTING, &desc->flags);
1090 	rv = recover_from_urb_loss(desc);
1091 	mutex_unlock(&desc->wlock);
1092 	mutex_unlock(&desc->rlock);
1093 	return 0;
1094 }
1095 
1096 static struct usb_driver wdm_driver = {
1097 	.name =		"cdc_wdm",
1098 	.probe =	wdm_probe,
1099 	.disconnect =	wdm_disconnect,
1100 #ifdef CONFIG_PM
1101 	.suspend =	wdm_suspend,
1102 	.resume =	wdm_resume,
1103 	.reset_resume =	wdm_resume,
1104 #endif
1105 	.pre_reset =	wdm_pre_reset,
1106 	.post_reset =	wdm_post_reset,
1107 	.id_table =	wdm_ids,
1108 	.supports_autosuspend = 1,
1109 	.disable_hub_initiated_lpm = 1,
1110 };
1111 
1112 module_usb_driver(wdm_driver);
1113 
1114 MODULE_AUTHOR(DRIVER_AUTHOR);
1115 MODULE_DESCRIPTION(DRIVER_DESC);
1116 MODULE_LICENSE("GPL");
1117