1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * cdc-wdm.c 4 * 5 * This driver supports USB CDC WCM Device Management. 6 * 7 * Copyright (c) 2007-2009 Oliver Neukum 8 * 9 * Some code taken from cdc-acm.c 10 * 11 * Released under the GPLv2. 12 * 13 * Many thanks to Carl Nordbeck 14 */ 15 #include <linux/kernel.h> 16 #include <linux/errno.h> 17 #include <linux/ioctl.h> 18 #include <linux/slab.h> 19 #include <linux/module.h> 20 #include <linux/mutex.h> 21 #include <linux/uaccess.h> 22 #include <linux/bitops.h> 23 #include <linux/poll.h> 24 #include <linux/skbuff.h> 25 #include <linux/usb.h> 26 #include <linux/usb/cdc.h> 27 #include <linux/wwan.h> 28 #include <asm/byteorder.h> 29 #include <linux/unaligned.h> 30 #include <linux/usb/cdc-wdm.h> 31 32 #define DRIVER_AUTHOR "Oliver Neukum" 33 #define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management" 34 35 static const struct usb_device_id wdm_ids[] = { 36 { 37 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS | 38 USB_DEVICE_ID_MATCH_INT_SUBCLASS, 39 .bInterfaceClass = USB_CLASS_COMM, 40 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM 41 }, 42 { } 43 }; 44 45 MODULE_DEVICE_TABLE (usb, wdm_ids); 46 47 #define WDM_MINOR_BASE 176 48 49 50 #define WDM_IN_USE 1 51 #define WDM_DISCONNECTING 2 52 #define WDM_RESULT 3 53 #define WDM_READ 4 54 #define WDM_INT_STALL 5 55 #define WDM_POLL_RUNNING 6 56 #define WDM_RESPONDING 7 57 #define WDM_SUSPENDING 8 58 #define WDM_RESETTING 9 59 #define WDM_OVERFLOW 10 60 #define WDM_WWAN_IN_USE 11 61 62 #define WDM_MAX 16 63 64 /* we cannot wait forever at flush() */ 65 #define WDM_FLUSH_TIMEOUT (30 * HZ) 66 67 /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */ 68 #define WDM_DEFAULT_BUFSIZE 256 69 70 static DEFINE_MUTEX(wdm_mutex); 71 static DEFINE_SPINLOCK(wdm_device_list_lock); 72 static LIST_HEAD(wdm_device_list); 73 74 /* --- method tables --- */ 75 76 struct wdm_device { 77 u8 *inbuf; /* buffer for response */ 78 u8 *outbuf; /* buffer for command */ 79 u8 *sbuf; /* buffer for status */ 80 u8 *ubuf; /* buffer for copy to user space */ 81 82 struct urb *command; 83 struct urb *response; 84 struct urb *validity; 85 struct usb_interface *intf; 86 struct usb_ctrlrequest *orq; 87 struct usb_ctrlrequest *irq; 88 spinlock_t iuspin; 89 90 unsigned long flags; 91 u16 bufsize; 92 u16 wMaxCommand; 93 u16 wMaxPacketSize; 94 __le16 inum; 95 int length; 96 int read; 97 int count; 98 dma_addr_t shandle; 99 dma_addr_t ihandle; 100 struct mutex wlock; 101 struct mutex rlock; 102 wait_queue_head_t wait; 103 struct work_struct rxwork; 104 struct work_struct service_outs_intr; 105 int werr; 106 int rerr; 107 int resp_count; 108 109 struct list_head device_list; 110 int (*manage_power)(struct usb_interface *, int); 111 112 enum wwan_port_type wwanp_type; 113 struct wwan_port *wwanp; 114 }; 115 116 static struct usb_driver wdm_driver; 117 118 /* return intfdata if we own the interface, else look up intf in the list */ 119 static struct wdm_device *wdm_find_device(struct usb_interface *intf) 120 { 121 struct wdm_device *desc; 122 123 spin_lock(&wdm_device_list_lock); 124 list_for_each_entry(desc, &wdm_device_list, device_list) 125 if (desc->intf == intf) 126 goto found; 127 desc = NULL; 128 found: 129 spin_unlock(&wdm_device_list_lock); 130 131 return desc; 132 } 133 134 static struct wdm_device *wdm_find_device_by_minor(int minor) 135 { 136 struct wdm_device *desc; 137 138 spin_lock(&wdm_device_list_lock); 139 list_for_each_entry(desc, &wdm_device_list, device_list) 140 if (desc->intf->minor == minor) 141 goto found; 142 desc = NULL; 143 found: 144 spin_unlock(&wdm_device_list_lock); 145 146 return desc; 147 } 148 149 /* --- callbacks --- */ 150 static void wdm_out_callback(struct urb *urb) 151 { 152 struct wdm_device *desc; 153 unsigned long flags; 154 155 desc = urb->context; 156 spin_lock_irqsave(&desc->iuspin, flags); 157 desc->werr = urb->status; 158 spin_unlock_irqrestore(&desc->iuspin, flags); 159 kfree(desc->outbuf); 160 desc->outbuf = NULL; 161 clear_bit(WDM_IN_USE, &desc->flags); 162 wake_up_all(&desc->wait); 163 } 164 165 static void wdm_wwan_rx(struct wdm_device *desc, int length); 166 167 static void wdm_in_callback(struct urb *urb) 168 { 169 unsigned long flags; 170 struct wdm_device *desc = urb->context; 171 int status = urb->status; 172 int length = urb->actual_length; 173 174 spin_lock_irqsave(&desc->iuspin, flags); 175 clear_bit(WDM_RESPONDING, &desc->flags); 176 177 if (status) { 178 switch (status) { 179 case -ENOENT: 180 dev_dbg(&desc->intf->dev, 181 "nonzero urb status received: -ENOENT\n"); 182 goto skip_error; 183 case -ECONNRESET: 184 dev_dbg(&desc->intf->dev, 185 "nonzero urb status received: -ECONNRESET\n"); 186 goto skip_error; 187 case -ESHUTDOWN: 188 dev_dbg(&desc->intf->dev, 189 "nonzero urb status received: -ESHUTDOWN\n"); 190 goto skip_error; 191 case -EPIPE: 192 dev_err(&desc->intf->dev, 193 "nonzero urb status received: -EPIPE\n"); 194 break; 195 default: 196 dev_err(&desc->intf->dev, 197 "Unexpected error %d\n", status); 198 break; 199 } 200 } 201 202 if (test_bit(WDM_WWAN_IN_USE, &desc->flags)) { 203 wdm_wwan_rx(desc, length); 204 goto out; 205 } 206 207 /* 208 * only set a new error if there is no previous error. 209 * Errors are only cleared during read/open 210 * Avoid propagating -EPIPE (stall) to userspace since it is 211 * better handled as an empty read 212 */ 213 if (desc->rerr == 0 && status != -EPIPE) 214 desc->rerr = status; 215 216 if (length == 0) { 217 dev_dbg(&desc->intf->dev, "received ZLP\n"); 218 goto skip_zlp; 219 } 220 221 if (length + desc->length > desc->wMaxCommand) { 222 /* The buffer would overflow */ 223 set_bit(WDM_OVERFLOW, &desc->flags); 224 } else { 225 /* we may already be in overflow */ 226 if (!test_bit(WDM_OVERFLOW, &desc->flags)) { 227 memmove(desc->ubuf + desc->length, desc->inbuf, length); 228 smp_wmb(); /* against wdm_read() */ 229 WRITE_ONCE(desc->length, desc->length + length); 230 } 231 } 232 skip_error: 233 234 if (desc->rerr) { 235 /* 236 * If there was a ZLP or an error, userspace may decide to not 237 * read any data after poll'ing. 238 * We should respond to further attempts from the device to send 239 * data, so that we can get unstuck. 240 */ 241 skip_zlp: 242 schedule_work(&desc->service_outs_intr); 243 } else { 244 set_bit(WDM_READ, &desc->flags); 245 wake_up(&desc->wait); 246 } 247 out: 248 spin_unlock_irqrestore(&desc->iuspin, flags); 249 } 250 251 static void wdm_int_callback(struct urb *urb) 252 { 253 unsigned long flags; 254 int rv = 0; 255 int responding; 256 int status = urb->status; 257 struct wdm_device *desc; 258 struct usb_cdc_notification *dr; 259 260 desc = urb->context; 261 dr = (struct usb_cdc_notification *)desc->sbuf; 262 263 if (status) { 264 switch (status) { 265 case -ESHUTDOWN: 266 case -ENOENT: 267 case -ECONNRESET: 268 return; /* unplug */ 269 case -EPIPE: 270 set_bit(WDM_INT_STALL, &desc->flags); 271 dev_err(&desc->intf->dev, "Stall on int endpoint\n"); 272 goto sw; /* halt is cleared in work */ 273 default: 274 dev_err_ratelimited(&desc->intf->dev, 275 "nonzero urb status received: %d\n", status); 276 break; 277 } 278 } 279 280 if (urb->actual_length < sizeof(struct usb_cdc_notification)) { 281 dev_err_ratelimited(&desc->intf->dev, "wdm_int_callback - %d bytes\n", 282 urb->actual_length); 283 goto exit; 284 } 285 286 switch (dr->bNotificationType) { 287 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE: 288 dev_dbg(&desc->intf->dev, 289 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n", 290 le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength)); 291 break; 292 293 case USB_CDC_NOTIFY_NETWORK_CONNECTION: 294 295 dev_dbg(&desc->intf->dev, 296 "NOTIFY_NETWORK_CONNECTION %s network\n", 297 dr->wValue ? "connected to" : "disconnected from"); 298 goto exit; 299 case USB_CDC_NOTIFY_SPEED_CHANGE: 300 dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n", 301 urb->actual_length); 302 goto exit; 303 default: 304 clear_bit(WDM_POLL_RUNNING, &desc->flags); 305 dev_err(&desc->intf->dev, 306 "unknown notification %d received: index %d len %d\n", 307 dr->bNotificationType, 308 le16_to_cpu(dr->wIndex), 309 le16_to_cpu(dr->wLength)); 310 goto exit; 311 } 312 313 spin_lock_irqsave(&desc->iuspin, flags); 314 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); 315 if (!desc->resp_count++ && !responding 316 && !test_bit(WDM_DISCONNECTING, &desc->flags) 317 && !test_bit(WDM_SUSPENDING, &desc->flags)) { 318 rv = usb_submit_urb(desc->response, GFP_ATOMIC); 319 dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv); 320 } 321 spin_unlock_irqrestore(&desc->iuspin, flags); 322 if (rv < 0) { 323 clear_bit(WDM_RESPONDING, &desc->flags); 324 if (rv == -EPERM) 325 return; 326 if (rv == -ENOMEM) { 327 sw: 328 rv = schedule_work(&desc->rxwork); 329 if (rv) 330 dev_err(&desc->intf->dev, 331 "Cannot schedule work\n"); 332 } 333 } 334 exit: 335 rv = usb_submit_urb(urb, GFP_ATOMIC); 336 if (rv) 337 dev_err(&desc->intf->dev, 338 "%s - usb_submit_urb failed with result %d\n", 339 __func__, rv); 340 341 } 342 343 static void poison_urbs(struct wdm_device *desc) 344 { 345 /* the order here is essential */ 346 usb_poison_urb(desc->command); 347 usb_poison_urb(desc->validity); 348 usb_poison_urb(desc->response); 349 } 350 351 static void unpoison_urbs(struct wdm_device *desc) 352 { 353 /* 354 * the order here is not essential 355 * it is symmetrical just to be nice 356 */ 357 usb_unpoison_urb(desc->response); 358 usb_unpoison_urb(desc->validity); 359 usb_unpoison_urb(desc->command); 360 } 361 362 static void free_urbs(struct wdm_device *desc) 363 { 364 usb_free_urb(desc->validity); 365 usb_free_urb(desc->response); 366 usb_free_urb(desc->command); 367 } 368 369 static void cleanup(struct wdm_device *desc) 370 { 371 kfree(desc->sbuf); 372 kfree(desc->inbuf); 373 kfree(desc->orq); 374 kfree(desc->irq); 375 kfree(desc->ubuf); 376 free_urbs(desc); 377 kfree(desc); 378 } 379 380 static ssize_t wdm_write 381 (struct file *file, const char __user *buffer, size_t count, loff_t *ppos) 382 { 383 u8 *buf; 384 int rv = -EMSGSIZE, r, we; 385 struct wdm_device *desc = file->private_data; 386 struct usb_ctrlrequest *req; 387 388 if (count > desc->wMaxCommand) 389 count = desc->wMaxCommand; 390 391 spin_lock_irq(&desc->iuspin); 392 we = desc->werr; 393 desc->werr = 0; 394 spin_unlock_irq(&desc->iuspin); 395 if (we < 0) 396 return usb_translate_errors(we); 397 398 buf = memdup_user(buffer, count); 399 if (IS_ERR(buf)) 400 return PTR_ERR(buf); 401 402 /* concurrent writes and disconnect */ 403 r = mutex_lock_interruptible(&desc->wlock); 404 rv = -ERESTARTSYS; 405 if (r) 406 goto out_free_mem; 407 408 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 409 rv = -ENODEV; 410 goto out_free_mem_lock; 411 } 412 413 r = usb_autopm_get_interface(desc->intf); 414 if (r < 0) { 415 rv = usb_translate_errors(r); 416 goto out_free_mem_lock; 417 } 418 419 if (!(file->f_flags & O_NONBLOCK)) 420 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE, 421 &desc->flags)); 422 else 423 if (test_bit(WDM_IN_USE, &desc->flags)) 424 r = -EAGAIN; 425 426 if (test_bit(WDM_RESETTING, &desc->flags)) 427 r = -EIO; 428 429 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 430 r = -ENODEV; 431 432 if (r < 0) { 433 rv = r; 434 goto out_free_mem_pm; 435 } 436 437 req = desc->orq; 438 usb_fill_control_urb( 439 desc->command, 440 interface_to_usbdev(desc->intf), 441 /* using common endpoint 0 */ 442 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0), 443 (unsigned char *)req, 444 buf, 445 count, 446 wdm_out_callback, 447 desc 448 ); 449 450 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS | 451 USB_RECIP_INTERFACE); 452 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND; 453 req->wValue = 0; 454 req->wIndex = desc->inum; /* already converted */ 455 req->wLength = cpu_to_le16(count); 456 set_bit(WDM_IN_USE, &desc->flags); 457 desc->outbuf = buf; 458 459 rv = usb_submit_urb(desc->command, GFP_KERNEL); 460 if (rv < 0) { 461 desc->outbuf = NULL; 462 clear_bit(WDM_IN_USE, &desc->flags); 463 wake_up_all(&desc->wait); /* for wdm_wait_for_response() */ 464 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv); 465 rv = usb_translate_errors(rv); 466 goto out_free_mem_pm; 467 } else { 468 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n", 469 le16_to_cpu(req->wIndex)); 470 } 471 472 usb_autopm_put_interface(desc->intf); 473 mutex_unlock(&desc->wlock); 474 return count; 475 476 out_free_mem_pm: 477 usb_autopm_put_interface(desc->intf); 478 out_free_mem_lock: 479 mutex_unlock(&desc->wlock); 480 out_free_mem: 481 kfree(buf); 482 return rv; 483 } 484 485 /* 486 * Submit the read urb if resp_count is non-zero. 487 * 488 * Called with desc->iuspin locked 489 */ 490 static int service_outstanding_interrupt(struct wdm_device *desc) 491 { 492 int rv = 0; 493 494 /* submit read urb only if the device is waiting for it */ 495 if (!desc->resp_count || !--desc->resp_count) 496 goto out; 497 498 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 499 rv = -ENODEV; 500 goto out; 501 } 502 if (test_bit(WDM_RESETTING, &desc->flags)) { 503 rv = -EIO; 504 goto out; 505 } 506 507 set_bit(WDM_RESPONDING, &desc->flags); 508 spin_unlock_irq(&desc->iuspin); 509 rv = usb_submit_urb(desc->response, GFP_KERNEL); 510 spin_lock_irq(&desc->iuspin); 511 if (rv) { 512 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) 513 dev_err(&desc->intf->dev, 514 "usb_submit_urb failed with result %d\n", rv); 515 516 /* make sure the next notification trigger a submit */ 517 clear_bit(WDM_RESPONDING, &desc->flags); 518 desc->resp_count = 0; 519 } 520 out: 521 return rv; 522 } 523 524 static ssize_t wdm_read 525 (struct file *file, char __user *buffer, size_t count, loff_t *ppos) 526 { 527 int rv, cntr; 528 int i = 0; 529 struct wdm_device *desc = file->private_data; 530 531 532 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */ 533 if (rv < 0) 534 return -ERESTARTSYS; 535 536 cntr = READ_ONCE(desc->length); 537 smp_rmb(); /* against wdm_in_callback() */ 538 if (cntr == 0) { 539 desc->read = 0; 540 retry: 541 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 542 rv = -ENODEV; 543 goto err; 544 } 545 if (test_bit(WDM_OVERFLOW, &desc->flags)) { 546 clear_bit(WDM_OVERFLOW, &desc->flags); 547 rv = -ENOBUFS; 548 goto err; 549 } 550 i++; 551 if (file->f_flags & O_NONBLOCK) { 552 if (!test_bit(WDM_READ, &desc->flags)) { 553 rv = -EAGAIN; 554 goto err; 555 } 556 rv = 0; 557 } else { 558 rv = wait_event_interruptible(desc->wait, 559 test_bit(WDM_READ, &desc->flags)); 560 } 561 562 /* may have happened while we slept */ 563 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 564 rv = -ENODEV; 565 goto err; 566 } 567 if (test_bit(WDM_RESETTING, &desc->flags)) { 568 rv = -EIO; 569 goto err; 570 } 571 usb_mark_last_busy(interface_to_usbdev(desc->intf)); 572 if (rv < 0) { 573 rv = -ERESTARTSYS; 574 goto err; 575 } 576 577 spin_lock_irq(&desc->iuspin); 578 579 if (desc->rerr) { /* read completed, error happened */ 580 rv = usb_translate_errors(desc->rerr); 581 desc->rerr = 0; 582 spin_unlock_irq(&desc->iuspin); 583 goto err; 584 } 585 /* 586 * recheck whether we've lost the race 587 * against the completion handler 588 */ 589 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */ 590 spin_unlock_irq(&desc->iuspin); 591 goto retry; 592 } 593 594 cntr = desc->length; 595 spin_unlock_irq(&desc->iuspin); 596 } 597 598 if (cntr > count) 599 cntr = count; 600 rv = copy_to_user(buffer, desc->ubuf, cntr); 601 if (rv > 0) { 602 rv = -EFAULT; 603 goto err; 604 } 605 606 spin_lock_irq(&desc->iuspin); 607 608 for (i = 0; i < desc->length - cntr; i++) 609 desc->ubuf[i] = desc->ubuf[i + cntr]; 610 611 desc->length -= cntr; 612 /* in case we had outstanding data */ 613 if (!desc->length) { 614 clear_bit(WDM_READ, &desc->flags); 615 service_outstanding_interrupt(desc); 616 } 617 spin_unlock_irq(&desc->iuspin); 618 rv = cntr; 619 620 err: 621 mutex_unlock(&desc->rlock); 622 return rv; 623 } 624 625 static int wdm_wait_for_response(struct file *file, long timeout) 626 { 627 struct wdm_device *desc = file->private_data; 628 long rv; /* Use long here because (int) MAX_SCHEDULE_TIMEOUT < 0. */ 629 630 /* 631 * Needs both flags. We cannot do with one because resetting it would 632 * cause a race with write() yet we need to signal a disconnect. 633 */ 634 rv = wait_event_interruptible_timeout(desc->wait, 635 !test_bit(WDM_IN_USE, &desc->flags) || 636 test_bit(WDM_DISCONNECTING, &desc->flags), 637 timeout); 638 639 /* 640 * To report the correct error. This is best effort. 641 * We are inevitably racing with the hardware. 642 */ 643 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 644 return -ENODEV; 645 if (!rv) 646 return -EIO; 647 if (rv < 0) 648 return -EINTR; 649 650 spin_lock_irq(&desc->iuspin); 651 rv = desc->werr; 652 desc->werr = 0; 653 spin_unlock_irq(&desc->iuspin); 654 655 return usb_translate_errors(rv); 656 657 } 658 659 /* 660 * You need to send a signal when you react to malicious or defective hardware. 661 * Also, don't abort when fsync() returned -EINVAL, for older kernels which do 662 * not implement wdm_flush() will return -EINVAL. 663 */ 664 static int wdm_fsync(struct file *file, loff_t start, loff_t end, int datasync) 665 { 666 return wdm_wait_for_response(file, MAX_SCHEDULE_TIMEOUT); 667 } 668 669 /* 670 * Same with wdm_fsync(), except it uses finite timeout in order to react to 671 * malicious or defective hardware which ceased communication after close() was 672 * implicitly called due to process termination. 673 */ 674 static int wdm_flush(struct file *file, fl_owner_t id) 675 { 676 return wdm_wait_for_response(file, WDM_FLUSH_TIMEOUT); 677 } 678 679 static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait) 680 { 681 struct wdm_device *desc = file->private_data; 682 unsigned long flags; 683 __poll_t mask = 0; 684 685 spin_lock_irqsave(&desc->iuspin, flags); 686 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 687 mask = EPOLLHUP | EPOLLERR; 688 spin_unlock_irqrestore(&desc->iuspin, flags); 689 goto desc_out; 690 } 691 if (test_bit(WDM_READ, &desc->flags)) 692 mask = EPOLLIN | EPOLLRDNORM; 693 if (desc->rerr || desc->werr) 694 mask |= EPOLLERR; 695 if (!test_bit(WDM_IN_USE, &desc->flags)) 696 mask |= EPOLLOUT | EPOLLWRNORM; 697 spin_unlock_irqrestore(&desc->iuspin, flags); 698 699 poll_wait(file, &desc->wait, wait); 700 701 desc_out: 702 return mask; 703 } 704 705 static int wdm_open(struct inode *inode, struct file *file) 706 { 707 int minor = iminor(inode); 708 int rv = -ENODEV; 709 struct usb_interface *intf; 710 struct wdm_device *desc; 711 712 mutex_lock(&wdm_mutex); 713 desc = wdm_find_device_by_minor(minor); 714 if (!desc) 715 goto out; 716 717 intf = desc->intf; 718 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 719 goto out; 720 file->private_data = desc; 721 722 if (test_bit(WDM_WWAN_IN_USE, &desc->flags)) { 723 rv = -EBUSY; 724 goto out; 725 } 726 smp_rmb(); /* ordered against wdm_wwan_port_stop() */ 727 rv = usb_autopm_get_interface(desc->intf); 728 if (rv < 0) { 729 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv); 730 goto out; 731 } 732 733 /* using write lock to protect desc->count */ 734 mutex_lock(&desc->wlock); 735 if (!desc->count++) { 736 desc->werr = 0; 737 desc->rerr = 0; 738 rv = usb_submit_urb(desc->validity, GFP_KERNEL); 739 if (rv < 0) { 740 desc->count--; 741 dev_err(&desc->intf->dev, 742 "Error submitting int urb - %d\n", rv); 743 rv = usb_translate_errors(rv); 744 } 745 } else { 746 rv = 0; 747 } 748 mutex_unlock(&desc->wlock); 749 if (desc->count == 1) 750 desc->manage_power(intf, 1); 751 usb_autopm_put_interface(desc->intf); 752 out: 753 mutex_unlock(&wdm_mutex); 754 return rv; 755 } 756 757 static int wdm_release(struct inode *inode, struct file *file) 758 { 759 struct wdm_device *desc = file->private_data; 760 761 mutex_lock(&wdm_mutex); 762 763 /* using write lock to protect desc->count */ 764 mutex_lock(&desc->wlock); 765 desc->count--; 766 mutex_unlock(&desc->wlock); 767 768 if (!desc->count) { 769 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) { 770 dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n"); 771 poison_urbs(desc); 772 spin_lock_irq(&desc->iuspin); 773 desc->resp_count = 0; 774 clear_bit(WDM_RESPONDING, &desc->flags); 775 spin_unlock_irq(&desc->iuspin); 776 desc->manage_power(desc->intf, 0); 777 unpoison_urbs(desc); 778 } else { 779 /* must avoid dev_printk here as desc->intf is invalid */ 780 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__); 781 cleanup(desc); 782 } 783 } 784 mutex_unlock(&wdm_mutex); 785 return 0; 786 } 787 788 static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 789 { 790 struct wdm_device *desc = file->private_data; 791 int rv = 0; 792 793 switch (cmd) { 794 case IOCTL_WDM_MAX_COMMAND: 795 if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand))) 796 rv = -EFAULT; 797 break; 798 default: 799 rv = -ENOTTY; 800 } 801 return rv; 802 } 803 804 static const struct file_operations wdm_fops = { 805 .owner = THIS_MODULE, 806 .read = wdm_read, 807 .write = wdm_write, 808 .fsync = wdm_fsync, 809 .open = wdm_open, 810 .flush = wdm_flush, 811 .release = wdm_release, 812 .poll = wdm_poll, 813 .unlocked_ioctl = wdm_ioctl, 814 .compat_ioctl = compat_ptr_ioctl, 815 .llseek = noop_llseek, 816 }; 817 818 static struct usb_class_driver wdm_class = { 819 .name = "cdc-wdm%d", 820 .fops = &wdm_fops, 821 .minor_base = WDM_MINOR_BASE, 822 }; 823 824 /* --- WWAN framework integration --- */ 825 #ifdef CONFIG_WWAN 826 static int wdm_wwan_port_start(struct wwan_port *port) 827 { 828 struct wdm_device *desc = wwan_port_get_drvdata(port); 829 int rv; 830 831 /* The interface is both exposed via the WWAN framework and as a 832 * legacy usbmisc chardev. If chardev is already open, just fail 833 * to prevent concurrent usage. Otherwise, switch to WWAN mode. 834 */ 835 mutex_lock(&wdm_mutex); 836 if (desc->count) { 837 mutex_unlock(&wdm_mutex); 838 return -EBUSY; 839 } 840 set_bit(WDM_WWAN_IN_USE, &desc->flags); 841 mutex_unlock(&wdm_mutex); 842 843 desc->manage_power(desc->intf, 1); 844 845 /* tx is allowed */ 846 wwan_port_txon(port); 847 848 /* Start getting events */ 849 rv = usb_submit_urb(desc->validity, GFP_KERNEL); 850 if (rv < 0) { 851 wwan_port_txoff(port); 852 desc->manage_power(desc->intf, 0); 853 /* this must be last lest we race with chardev open */ 854 clear_bit(WDM_WWAN_IN_USE, &desc->flags); 855 } 856 857 return rv; 858 } 859 860 static void wdm_wwan_port_stop(struct wwan_port *port) 861 { 862 struct wdm_device *desc = wwan_port_get_drvdata(port); 863 864 /* Stop all transfers and disable WWAN mode */ 865 poison_urbs(desc); 866 desc->manage_power(desc->intf, 0); 867 clear_bit(WDM_READ, &desc->flags); 868 unpoison_urbs(desc); 869 smp_wmb(); /* ordered against wdm_open() */ 870 /* this must be last lest we open a poisoned device */ 871 clear_bit(WDM_WWAN_IN_USE, &desc->flags); 872 } 873 874 static void wdm_wwan_port_tx_complete(struct urb *urb) 875 { 876 struct sk_buff *skb = urb->context; 877 struct wdm_device *desc = skb_shinfo(skb)->destructor_arg; 878 879 usb_autopm_put_interface_async(desc->intf); 880 wwan_port_txon(desc->wwanp); 881 kfree_skb(skb); 882 } 883 884 static int wdm_wwan_port_tx(struct wwan_port *port, struct sk_buff *skb) 885 { 886 struct wdm_device *desc = wwan_port_get_drvdata(port); 887 struct usb_interface *intf = desc->intf; 888 struct usb_ctrlrequest *req = desc->orq; 889 int rv; 890 891 rv = usb_autopm_get_interface(intf); 892 if (rv) 893 return rv; 894 895 usb_fill_control_urb( 896 desc->command, 897 interface_to_usbdev(intf), 898 usb_sndctrlpipe(interface_to_usbdev(intf), 0), 899 (unsigned char *)req, 900 skb->data, 901 skb->len, 902 wdm_wwan_port_tx_complete, 903 skb 904 ); 905 906 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE); 907 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND; 908 req->wValue = 0; 909 req->wIndex = desc->inum; /* already converted */ 910 req->wLength = cpu_to_le16(skb->len); 911 912 skb_shinfo(skb)->destructor_arg = desc; 913 914 rv = usb_submit_urb(desc->command, GFP_KERNEL); 915 if (rv) 916 usb_autopm_put_interface(intf); 917 else /* One transfer at a time, stop TX until URB completion */ 918 wwan_port_txoff(port); 919 920 return rv; 921 } 922 923 static const struct wwan_port_ops wdm_wwan_port_ops = { 924 .start = wdm_wwan_port_start, 925 .stop = wdm_wwan_port_stop, 926 .tx = wdm_wwan_port_tx, 927 }; 928 929 static void wdm_wwan_init(struct wdm_device *desc) 930 { 931 struct usb_interface *intf = desc->intf; 932 struct wwan_port *port; 933 934 /* Only register to WWAN core if protocol/type is known */ 935 if (desc->wwanp_type == WWAN_PORT_UNKNOWN) { 936 dev_info(&intf->dev, "Unknown control protocol\n"); 937 return; 938 } 939 940 port = wwan_create_port(&intf->dev, desc->wwanp_type, &wdm_wwan_port_ops, 941 NULL, desc); 942 if (IS_ERR(port)) { 943 dev_err(&intf->dev, "%s: Unable to create WWAN port\n", 944 dev_name(intf->usb_dev)); 945 return; 946 } 947 948 desc->wwanp = port; 949 } 950 951 static void wdm_wwan_deinit(struct wdm_device *desc) 952 { 953 if (!desc->wwanp) 954 return; 955 956 wwan_remove_port(desc->wwanp); 957 desc->wwanp = NULL; 958 } 959 960 static void wdm_wwan_rx(struct wdm_device *desc, int length) 961 { 962 struct wwan_port *port = desc->wwanp; 963 struct sk_buff *skb; 964 965 /* Forward data to WWAN port */ 966 skb = alloc_skb(length, GFP_ATOMIC); 967 if (!skb) 968 return; 969 970 skb_put_data(skb, desc->inbuf, length); 971 wwan_port_rx(port, skb); 972 973 /* inbuf has been copied, it is safe to check for outstanding data */ 974 schedule_work(&desc->service_outs_intr); 975 } 976 #else /* CONFIG_WWAN */ 977 static void wdm_wwan_init(struct wdm_device *desc) {} 978 static void wdm_wwan_deinit(struct wdm_device *desc) {} 979 static void wdm_wwan_rx(struct wdm_device *desc, int length) {} 980 #endif /* CONFIG_WWAN */ 981 982 /* --- error handling --- */ 983 static void wdm_rxwork(struct work_struct *work) 984 { 985 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork); 986 unsigned long flags; 987 int rv = 0; 988 int responding; 989 990 spin_lock_irqsave(&desc->iuspin, flags); 991 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 992 spin_unlock_irqrestore(&desc->iuspin, flags); 993 } else { 994 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); 995 spin_unlock_irqrestore(&desc->iuspin, flags); 996 if (!responding) 997 rv = usb_submit_urb(desc->response, GFP_KERNEL); 998 if (rv < 0 && rv != -EPERM) { 999 spin_lock_irqsave(&desc->iuspin, flags); 1000 clear_bit(WDM_RESPONDING, &desc->flags); 1001 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) 1002 schedule_work(&desc->rxwork); 1003 spin_unlock_irqrestore(&desc->iuspin, flags); 1004 } 1005 } 1006 } 1007 1008 static void service_interrupt_work(struct work_struct *work) 1009 { 1010 struct wdm_device *desc; 1011 1012 desc = container_of(work, struct wdm_device, service_outs_intr); 1013 1014 spin_lock_irq(&desc->iuspin); 1015 service_outstanding_interrupt(desc); 1016 if (!desc->resp_count && (desc->length || desc->rerr)) { 1017 set_bit(WDM_READ, &desc->flags); 1018 wake_up(&desc->wait); 1019 } 1020 spin_unlock_irq(&desc->iuspin); 1021 } 1022 1023 /* --- hotplug --- */ 1024 1025 static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep, 1026 u16 bufsize, enum wwan_port_type type, 1027 int (*manage_power)(struct usb_interface *, int)) 1028 { 1029 int rv = -ENOMEM; 1030 struct wdm_device *desc; 1031 1032 desc = kzalloc_obj(struct wdm_device); 1033 if (!desc) 1034 goto out; 1035 INIT_LIST_HEAD(&desc->device_list); 1036 mutex_init(&desc->rlock); 1037 mutex_init(&desc->wlock); 1038 spin_lock_init(&desc->iuspin); 1039 init_waitqueue_head(&desc->wait); 1040 desc->wMaxCommand = bufsize; 1041 /* this will be expanded and needed in hardware endianness */ 1042 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber); 1043 desc->intf = intf; 1044 desc->wwanp_type = type; 1045 INIT_WORK(&desc->rxwork, wdm_rxwork); 1046 INIT_WORK(&desc->service_outs_intr, service_interrupt_work); 1047 1048 if (!usb_endpoint_is_int_in(ep)) { 1049 rv = -EINVAL; 1050 goto err; 1051 } 1052 1053 desc->wMaxPacketSize = usb_endpoint_maxp(ep); 1054 1055 desc->orq = kmalloc_obj(struct usb_ctrlrequest); 1056 if (!desc->orq) 1057 goto err; 1058 desc->irq = kmalloc_obj(struct usb_ctrlrequest); 1059 if (!desc->irq) 1060 goto err; 1061 1062 desc->validity = usb_alloc_urb(0, GFP_KERNEL); 1063 if (!desc->validity) 1064 goto err; 1065 1066 desc->response = usb_alloc_urb(0, GFP_KERNEL); 1067 if (!desc->response) 1068 goto err; 1069 1070 desc->command = usb_alloc_urb(0, GFP_KERNEL); 1071 if (!desc->command) 1072 goto err; 1073 1074 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL); 1075 if (!desc->ubuf) 1076 goto err; 1077 1078 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL); 1079 if (!desc->sbuf) 1080 goto err; 1081 1082 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL); 1083 if (!desc->inbuf) 1084 goto err; 1085 1086 usb_fill_int_urb( 1087 desc->validity, 1088 interface_to_usbdev(intf), 1089 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress), 1090 desc->sbuf, 1091 desc->wMaxPacketSize, 1092 wdm_int_callback, 1093 desc, 1094 ep->bInterval 1095 ); 1096 1097 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE); 1098 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE; 1099 desc->irq->wValue = 0; 1100 desc->irq->wIndex = desc->inum; /* already converted */ 1101 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand); 1102 1103 usb_fill_control_urb( 1104 desc->response, 1105 interface_to_usbdev(intf), 1106 /* using common endpoint 0 */ 1107 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0), 1108 (unsigned char *)desc->irq, 1109 desc->inbuf, 1110 desc->wMaxCommand, 1111 wdm_in_callback, 1112 desc 1113 ); 1114 1115 desc->manage_power = manage_power; 1116 1117 spin_lock(&wdm_device_list_lock); 1118 list_add(&desc->device_list, &wdm_device_list); 1119 spin_unlock(&wdm_device_list_lock); 1120 1121 rv = usb_register_dev(intf, &wdm_class); 1122 if (rv < 0) 1123 goto err; 1124 else 1125 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev)); 1126 1127 wdm_wwan_init(desc); 1128 1129 out: 1130 return rv; 1131 err: 1132 spin_lock(&wdm_device_list_lock); 1133 list_del(&desc->device_list); 1134 spin_unlock(&wdm_device_list_lock); 1135 cleanup(desc); 1136 return rv; 1137 } 1138 1139 static int wdm_manage_power(struct usb_interface *intf, int on) 1140 { 1141 /* need autopm_get/put here to ensure the usbcore sees the new value */ 1142 int rv = usb_autopm_get_interface(intf); 1143 1144 intf->needs_remote_wakeup = on; 1145 if (!rv) 1146 usb_autopm_put_interface(intf); 1147 return 0; 1148 } 1149 1150 static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id) 1151 { 1152 int rv = -EINVAL; 1153 struct usb_host_interface *iface; 1154 struct usb_endpoint_descriptor *ep; 1155 struct usb_cdc_parsed_header hdr; 1156 u8 *buffer = intf->altsetting->extra; 1157 int buflen = intf->altsetting->extralen; 1158 u16 maxcom = WDM_DEFAULT_BUFSIZE; 1159 1160 if (!buffer) 1161 goto err; 1162 1163 cdc_parse_cdc_header(&hdr, intf, buffer, buflen); 1164 1165 if (hdr.usb_cdc_dmm_desc) 1166 maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand); 1167 1168 iface = intf->cur_altsetting; 1169 if (iface->desc.bNumEndpoints != 1) 1170 goto err; 1171 ep = &iface->endpoint[0].desc; 1172 1173 rv = wdm_create(intf, ep, maxcom, WWAN_PORT_UNKNOWN, &wdm_manage_power); 1174 1175 err: 1176 return rv; 1177 } 1178 1179 /** 1180 * usb_cdc_wdm_register - register a WDM subdriver 1181 * @intf: usb interface the subdriver will associate with 1182 * @ep: interrupt endpoint to monitor for notifications 1183 * @bufsize: maximum message size to support for read/write 1184 * @type: Type/protocol of the transported data (MBIM, QMI...) 1185 * @manage_power: call-back invoked during open and release to 1186 * manage the device's power 1187 * Create WDM usb class character device and associate it with intf 1188 * without binding, allowing another driver to manage the interface. 1189 * 1190 * The subdriver will manage the given interrupt endpoint exclusively 1191 * and will issue control requests referring to the given intf. It 1192 * will otherwise avoid interferring, and in particular not do 1193 * usb_set_intfdata/usb_get_intfdata on intf. 1194 * 1195 * The return value is a pointer to the subdriver's struct usb_driver. 1196 * The registering driver is responsible for calling this subdriver's 1197 * disconnect, suspend, resume, pre_reset and post_reset methods from 1198 * its own. 1199 */ 1200 struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf, 1201 struct usb_endpoint_descriptor *ep, 1202 int bufsize, enum wwan_port_type type, 1203 int (*manage_power)(struct usb_interface *, int)) 1204 { 1205 int rv; 1206 1207 rv = wdm_create(intf, ep, bufsize, type, manage_power); 1208 if (rv < 0) 1209 goto err; 1210 1211 return &wdm_driver; 1212 err: 1213 return ERR_PTR(rv); 1214 } 1215 EXPORT_SYMBOL(usb_cdc_wdm_register); 1216 1217 static void wdm_disconnect(struct usb_interface *intf) 1218 { 1219 struct wdm_device *desc; 1220 unsigned long flags; 1221 1222 usb_deregister_dev(intf, &wdm_class); 1223 desc = wdm_find_device(intf); 1224 mutex_lock(&wdm_mutex); 1225 1226 wdm_wwan_deinit(desc); 1227 1228 /* the spinlock makes sure no new urbs are generated in the callbacks */ 1229 spin_lock_irqsave(&desc->iuspin, flags); 1230 set_bit(WDM_DISCONNECTING, &desc->flags); 1231 set_bit(WDM_READ, &desc->flags); 1232 spin_unlock_irqrestore(&desc->iuspin, flags); 1233 wake_up_all(&desc->wait); 1234 mutex_lock(&desc->rlock); 1235 mutex_lock(&desc->wlock); 1236 poison_urbs(desc); 1237 cancel_work_sync(&desc->rxwork); 1238 cancel_work_sync(&desc->service_outs_intr); 1239 mutex_unlock(&desc->wlock); 1240 mutex_unlock(&desc->rlock); 1241 1242 /* the desc->intf pointer used as list key is now invalid */ 1243 spin_lock(&wdm_device_list_lock); 1244 list_del(&desc->device_list); 1245 spin_unlock(&wdm_device_list_lock); 1246 1247 if (!desc->count) 1248 cleanup(desc); 1249 else 1250 dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count); 1251 mutex_unlock(&wdm_mutex); 1252 } 1253 1254 #ifdef CONFIG_PM 1255 static int wdm_suspend(struct usb_interface *intf, pm_message_t message) 1256 { 1257 struct wdm_device *desc = wdm_find_device(intf); 1258 int rv = 0; 1259 1260 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor); 1261 1262 /* if this is an autosuspend the caller does the locking */ 1263 if (!PMSG_IS_AUTO(message)) { 1264 mutex_lock(&desc->rlock); 1265 mutex_lock(&desc->wlock); 1266 } 1267 spin_lock_irq(&desc->iuspin); 1268 1269 if (PMSG_IS_AUTO(message) && 1270 (test_bit(WDM_IN_USE, &desc->flags) 1271 || test_bit(WDM_RESPONDING, &desc->flags))) { 1272 spin_unlock_irq(&desc->iuspin); 1273 rv = -EBUSY; 1274 } else { 1275 1276 set_bit(WDM_SUSPENDING, &desc->flags); 1277 spin_unlock_irq(&desc->iuspin); 1278 /* callback submits work - order is essential */ 1279 poison_urbs(desc); 1280 cancel_work_sync(&desc->rxwork); 1281 cancel_work_sync(&desc->service_outs_intr); 1282 unpoison_urbs(desc); 1283 } 1284 if (!PMSG_IS_AUTO(message)) { 1285 mutex_unlock(&desc->wlock); 1286 mutex_unlock(&desc->rlock); 1287 } 1288 1289 return rv; 1290 } 1291 #endif 1292 1293 static int recover_from_urb_loss(struct wdm_device *desc) 1294 { 1295 int rv = 0; 1296 1297 if (desc->count) { 1298 rv = usb_submit_urb(desc->validity, GFP_NOIO); 1299 if (rv < 0) 1300 dev_err(&desc->intf->dev, 1301 "Error resume submitting int urb - %d\n", rv); 1302 } 1303 return rv; 1304 } 1305 1306 #ifdef CONFIG_PM 1307 static int wdm_resume(struct usb_interface *intf) 1308 { 1309 struct wdm_device *desc = wdm_find_device(intf); 1310 int rv; 1311 1312 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor); 1313 1314 clear_bit(WDM_SUSPENDING, &desc->flags); 1315 rv = recover_from_urb_loss(desc); 1316 1317 return rv; 1318 } 1319 #endif 1320 1321 static int wdm_pre_reset(struct usb_interface *intf) 1322 { 1323 struct wdm_device *desc = wdm_find_device(intf); 1324 1325 /* 1326 * we notify everybody using poll of 1327 * an exceptional situation 1328 * must be done before recovery lest a spontaneous 1329 * message from the device is lost 1330 */ 1331 spin_lock_irq(&desc->iuspin); 1332 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */ 1333 set_bit(WDM_READ, &desc->flags); /* unblock read */ 1334 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */ 1335 desc->rerr = -EINTR; 1336 spin_unlock_irq(&desc->iuspin); 1337 wake_up_all(&desc->wait); 1338 mutex_lock(&desc->rlock); 1339 mutex_lock(&desc->wlock); 1340 poison_urbs(desc); 1341 cancel_work_sync(&desc->rxwork); 1342 cancel_work_sync(&desc->service_outs_intr); 1343 return 0; 1344 } 1345 1346 static int wdm_post_reset(struct usb_interface *intf) 1347 { 1348 struct wdm_device *desc = wdm_find_device(intf); 1349 int rv; 1350 1351 unpoison_urbs(desc); 1352 clear_bit(WDM_OVERFLOW, &desc->flags); 1353 clear_bit(WDM_RESETTING, &desc->flags); 1354 rv = recover_from_urb_loss(desc); 1355 mutex_unlock(&desc->wlock); 1356 mutex_unlock(&desc->rlock); 1357 return rv; 1358 } 1359 1360 static struct usb_driver wdm_driver = { 1361 .name = "cdc_wdm", 1362 .probe = wdm_probe, 1363 .disconnect = wdm_disconnect, 1364 #ifdef CONFIG_PM 1365 .suspend = wdm_suspend, 1366 .resume = wdm_resume, 1367 .reset_resume = wdm_resume, 1368 #endif 1369 .pre_reset = wdm_pre_reset, 1370 .post_reset = wdm_post_reset, 1371 .id_table = wdm_ids, 1372 .supports_autosuspend = 1, 1373 .disable_hub_initiated_lpm = 1, 1374 }; 1375 1376 module_usb_driver(wdm_driver); 1377 1378 MODULE_AUTHOR(DRIVER_AUTHOR); 1379 MODULE_DESCRIPTION(DRIVER_DESC); 1380 MODULE_LICENSE("GPL"); 1381