xref: /linux/drivers/usb/class/cdc-wdm.c (revision e5c86679d5e864947a52fb31e45a425dea3e7fa9)
1 /*
2  * cdc-wdm.c
3  *
4  * This driver supports USB CDC WCM Device Management.
5  *
6  * Copyright (c) 2007-2009 Oliver Neukum
7  *
8  * Some code taken from cdc-acm.c
9  *
10  * Released under the GPLv2.
11  *
12  * Many thanks to Carl Nordbeck
13  */
14 #include <linux/kernel.h>
15 #include <linux/errno.h>
16 #include <linux/ioctl.h>
17 #include <linux/slab.h>
18 #include <linux/module.h>
19 #include <linux/mutex.h>
20 #include <linux/uaccess.h>
21 #include <linux/bitops.h>
22 #include <linux/poll.h>
23 #include <linux/usb.h>
24 #include <linux/usb/cdc.h>
25 #include <asm/byteorder.h>
26 #include <asm/unaligned.h>
27 #include <linux/usb/cdc-wdm.h>
28 
29 /*
30  * Version Information
31  */
32 #define DRIVER_VERSION "v0.03"
33 #define DRIVER_AUTHOR "Oliver Neukum"
34 #define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
35 
36 static const struct usb_device_id wdm_ids[] = {
37 	{
38 		.match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
39 				 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
40 		.bInterfaceClass = USB_CLASS_COMM,
41 		.bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
42 	},
43 	{ }
44 };
45 
46 MODULE_DEVICE_TABLE (usb, wdm_ids);
47 
48 #define WDM_MINOR_BASE	176
49 
50 
51 #define WDM_IN_USE		1
52 #define WDM_DISCONNECTING	2
53 #define WDM_RESULT		3
54 #define WDM_READ		4
55 #define WDM_INT_STALL		5
56 #define WDM_POLL_RUNNING	6
57 #define WDM_RESPONDING		7
58 #define WDM_SUSPENDING		8
59 #define WDM_RESETTING		9
60 #define WDM_OVERFLOW		10
61 #define WDM_DRAIN_ON_OPEN	11
62 
63 #define WDM_MAX			16
64 
65 /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
66 #define WDM_DEFAULT_BUFSIZE	256
67 
68 static DEFINE_MUTEX(wdm_mutex);
69 static DEFINE_SPINLOCK(wdm_device_list_lock);
70 static LIST_HEAD(wdm_device_list);
71 
72 /* --- method tables --- */
73 
74 struct wdm_device {
75 	u8			*inbuf; /* buffer for response */
76 	u8			*outbuf; /* buffer for command */
77 	u8			*sbuf; /* buffer for status */
78 	u8			*ubuf; /* buffer for copy to user space */
79 
80 	struct urb		*command;
81 	struct urb		*response;
82 	struct urb		*validity;
83 	struct usb_interface	*intf;
84 	struct usb_ctrlrequest	*orq;
85 	struct usb_ctrlrequest	*irq;
86 	spinlock_t		iuspin;
87 
88 	unsigned long		flags;
89 	u16			bufsize;
90 	u16			wMaxCommand;
91 	u16			wMaxPacketSize;
92 	__le16			inum;
93 	int			reslength;
94 	int			length;
95 	int			read;
96 	int			count;
97 	dma_addr_t		shandle;
98 	dma_addr_t		ihandle;
99 	struct mutex		wlock;
100 	struct mutex		rlock;
101 	wait_queue_head_t	wait;
102 	struct work_struct	rxwork;
103 	int			werr;
104 	int			rerr;
105 	int                     resp_count;
106 
107 	struct list_head	device_list;
108 	int			(*manage_power)(struct usb_interface *, int);
109 };
110 
111 static struct usb_driver wdm_driver;
112 
113 /* return intfdata if we own the interface, else look up intf in the list */
114 static struct wdm_device *wdm_find_device(struct usb_interface *intf)
115 {
116 	struct wdm_device *desc;
117 
118 	spin_lock(&wdm_device_list_lock);
119 	list_for_each_entry(desc, &wdm_device_list, device_list)
120 		if (desc->intf == intf)
121 			goto found;
122 	desc = NULL;
123 found:
124 	spin_unlock(&wdm_device_list_lock);
125 
126 	return desc;
127 }
128 
129 static struct wdm_device *wdm_find_device_by_minor(int minor)
130 {
131 	struct wdm_device *desc;
132 
133 	spin_lock(&wdm_device_list_lock);
134 	list_for_each_entry(desc, &wdm_device_list, device_list)
135 		if (desc->intf->minor == minor)
136 			goto found;
137 	desc = NULL;
138 found:
139 	spin_unlock(&wdm_device_list_lock);
140 
141 	return desc;
142 }
143 
144 /* --- callbacks --- */
145 static void wdm_out_callback(struct urb *urb)
146 {
147 	struct wdm_device *desc;
148 	desc = urb->context;
149 	spin_lock(&desc->iuspin);
150 	desc->werr = urb->status;
151 	spin_unlock(&desc->iuspin);
152 	kfree(desc->outbuf);
153 	desc->outbuf = NULL;
154 	clear_bit(WDM_IN_USE, &desc->flags);
155 	wake_up(&desc->wait);
156 }
157 
158 /* forward declaration */
159 static int service_outstanding_interrupt(struct wdm_device *desc);
160 
161 static void wdm_in_callback(struct urb *urb)
162 {
163 	struct wdm_device *desc = urb->context;
164 	int status = urb->status;
165 	int length = urb->actual_length;
166 
167 	spin_lock(&desc->iuspin);
168 	clear_bit(WDM_RESPONDING, &desc->flags);
169 
170 	if (status) {
171 		switch (status) {
172 		case -ENOENT:
173 			dev_dbg(&desc->intf->dev,
174 				"nonzero urb status received: -ENOENT\n");
175 			goto skip_error;
176 		case -ECONNRESET:
177 			dev_dbg(&desc->intf->dev,
178 				"nonzero urb status received: -ECONNRESET\n");
179 			goto skip_error;
180 		case -ESHUTDOWN:
181 			dev_dbg(&desc->intf->dev,
182 				"nonzero urb status received: -ESHUTDOWN\n");
183 			goto skip_error;
184 		case -EPIPE:
185 			dev_dbg(&desc->intf->dev,
186 				"nonzero urb status received: -EPIPE\n");
187 			break;
188 		default:
189 			dev_err(&desc->intf->dev,
190 				"Unexpected error %d\n", status);
191 			break;
192 		}
193 	}
194 
195 	/*
196 	 * only set a new error if there is no previous error.
197 	 * Errors are only cleared during read/open
198 	 */
199 	if (desc->rerr  == 0)
200 		desc->rerr = status;
201 
202 	if (length + desc->length > desc->wMaxCommand) {
203 		/* The buffer would overflow */
204 		set_bit(WDM_OVERFLOW, &desc->flags);
205 	} else {
206 		/* we may already be in overflow */
207 		if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
208 			memmove(desc->ubuf + desc->length, desc->inbuf, length);
209 			desc->length += length;
210 			desc->reslength = length;
211 		}
212 	}
213 
214 	/*
215 	 * Handling devices with the WDM_DRAIN_ON_OPEN flag set:
216 	 * If desc->resp_count is unset, then the urb was submitted
217 	 * without a prior notification.  If the device returned any
218 	 * data, then this implies that it had messages queued without
219 	 * notifying us.  Continue reading until that queue is flushed.
220 	 */
221 	if (!desc->resp_count) {
222 		if (!length) {
223 			/* do not propagate the expected -EPIPE */
224 			desc->rerr = 0;
225 			goto unlock;
226 		}
227 		dev_dbg(&desc->intf->dev, "got %d bytes without notification\n", length);
228 		set_bit(WDM_RESPONDING, &desc->flags);
229 		usb_submit_urb(desc->response, GFP_ATOMIC);
230 	}
231 
232 skip_error:
233 	set_bit(WDM_READ, &desc->flags);
234 	wake_up(&desc->wait);
235 
236 	if (desc->rerr) {
237 		/*
238 		 * Since there was an error, userspace may decide to not read
239 		 * any data after poll'ing.
240 		 * We should respond to further attempts from the device to send
241 		 * data, so that we can get unstuck.
242 		 */
243 		service_outstanding_interrupt(desc);
244 	}
245 
246 unlock:
247 	spin_unlock(&desc->iuspin);
248 }
249 
250 static void wdm_int_callback(struct urb *urb)
251 {
252 	int rv = 0;
253 	int responding;
254 	int status = urb->status;
255 	struct wdm_device *desc;
256 	struct usb_cdc_notification *dr;
257 
258 	desc = urb->context;
259 	dr = (struct usb_cdc_notification *)desc->sbuf;
260 
261 	if (status) {
262 		switch (status) {
263 		case -ESHUTDOWN:
264 		case -ENOENT:
265 		case -ECONNRESET:
266 			return; /* unplug */
267 		case -EPIPE:
268 			set_bit(WDM_INT_STALL, &desc->flags);
269 			dev_err(&desc->intf->dev, "Stall on int endpoint\n");
270 			goto sw; /* halt is cleared in work */
271 		default:
272 			dev_err(&desc->intf->dev,
273 				"nonzero urb status received: %d\n", status);
274 			break;
275 		}
276 	}
277 
278 	if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
279 		dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
280 			urb->actual_length);
281 		goto exit;
282 	}
283 
284 	switch (dr->bNotificationType) {
285 	case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
286 		dev_dbg(&desc->intf->dev,
287 			"NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n",
288 			le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
289 		break;
290 
291 	case USB_CDC_NOTIFY_NETWORK_CONNECTION:
292 
293 		dev_dbg(&desc->intf->dev,
294 			"NOTIFY_NETWORK_CONNECTION %s network\n",
295 			dr->wValue ? "connected to" : "disconnected from");
296 		goto exit;
297 	case USB_CDC_NOTIFY_SPEED_CHANGE:
298 		dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n",
299 			urb->actual_length);
300 		goto exit;
301 	default:
302 		clear_bit(WDM_POLL_RUNNING, &desc->flags);
303 		dev_err(&desc->intf->dev,
304 			"unknown notification %d received: index %d len %d\n",
305 			dr->bNotificationType,
306 			le16_to_cpu(dr->wIndex),
307 			le16_to_cpu(dr->wLength));
308 		goto exit;
309 	}
310 
311 	spin_lock(&desc->iuspin);
312 	responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
313 	if (!desc->resp_count++ && !responding
314 		&& !test_bit(WDM_DISCONNECTING, &desc->flags)
315 		&& !test_bit(WDM_SUSPENDING, &desc->flags)) {
316 		rv = usb_submit_urb(desc->response, GFP_ATOMIC);
317 		dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv);
318 	}
319 	spin_unlock(&desc->iuspin);
320 	if (rv < 0) {
321 		clear_bit(WDM_RESPONDING, &desc->flags);
322 		if (rv == -EPERM)
323 			return;
324 		if (rv == -ENOMEM) {
325 sw:
326 			rv = schedule_work(&desc->rxwork);
327 			if (rv)
328 				dev_err(&desc->intf->dev,
329 					"Cannot schedule work\n");
330 		}
331 	}
332 exit:
333 	rv = usb_submit_urb(urb, GFP_ATOMIC);
334 	if (rv)
335 		dev_err(&desc->intf->dev,
336 			"%s - usb_submit_urb failed with result %d\n",
337 			__func__, rv);
338 
339 }
340 
341 static void kill_urbs(struct wdm_device *desc)
342 {
343 	/* the order here is essential */
344 	usb_kill_urb(desc->command);
345 	usb_kill_urb(desc->validity);
346 	usb_kill_urb(desc->response);
347 }
348 
349 static void free_urbs(struct wdm_device *desc)
350 {
351 	usb_free_urb(desc->validity);
352 	usb_free_urb(desc->response);
353 	usb_free_urb(desc->command);
354 }
355 
356 static void cleanup(struct wdm_device *desc)
357 {
358 	kfree(desc->sbuf);
359 	kfree(desc->inbuf);
360 	kfree(desc->orq);
361 	kfree(desc->irq);
362 	kfree(desc->ubuf);
363 	free_urbs(desc);
364 	kfree(desc);
365 }
366 
367 static ssize_t wdm_write
368 (struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
369 {
370 	u8 *buf;
371 	int rv = -EMSGSIZE, r, we;
372 	struct wdm_device *desc = file->private_data;
373 	struct usb_ctrlrequest *req;
374 
375 	if (count > desc->wMaxCommand)
376 		count = desc->wMaxCommand;
377 
378 	spin_lock_irq(&desc->iuspin);
379 	we = desc->werr;
380 	desc->werr = 0;
381 	spin_unlock_irq(&desc->iuspin);
382 	if (we < 0)
383 		return usb_translate_errors(we);
384 
385 	buf = kmalloc(count, GFP_KERNEL);
386 	if (!buf) {
387 		rv = -ENOMEM;
388 		goto outnl;
389 	}
390 
391 	r = copy_from_user(buf, buffer, count);
392 	if (r > 0) {
393 		rv = -EFAULT;
394 		goto out_free_mem;
395 	}
396 
397 	/* concurrent writes and disconnect */
398 	r = mutex_lock_interruptible(&desc->wlock);
399 	rv = -ERESTARTSYS;
400 	if (r)
401 		goto out_free_mem;
402 
403 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
404 		rv = -ENODEV;
405 		goto out_free_mem_lock;
406 	}
407 
408 	r = usb_autopm_get_interface(desc->intf);
409 	if (r < 0) {
410 		rv = usb_translate_errors(r);
411 		goto out_free_mem_lock;
412 	}
413 
414 	if (!(file->f_flags & O_NONBLOCK))
415 		r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
416 								&desc->flags));
417 	else
418 		if (test_bit(WDM_IN_USE, &desc->flags))
419 			r = -EAGAIN;
420 
421 	if (test_bit(WDM_RESETTING, &desc->flags))
422 		r = -EIO;
423 
424 	if (r < 0) {
425 		rv = r;
426 		goto out_free_mem_pm;
427 	}
428 
429 	req = desc->orq;
430 	usb_fill_control_urb(
431 		desc->command,
432 		interface_to_usbdev(desc->intf),
433 		/* using common endpoint 0 */
434 		usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
435 		(unsigned char *)req,
436 		buf,
437 		count,
438 		wdm_out_callback,
439 		desc
440 	);
441 
442 	req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
443 			     USB_RECIP_INTERFACE);
444 	req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
445 	req->wValue = 0;
446 	req->wIndex = desc->inum; /* already converted */
447 	req->wLength = cpu_to_le16(count);
448 	set_bit(WDM_IN_USE, &desc->flags);
449 	desc->outbuf = buf;
450 
451 	rv = usb_submit_urb(desc->command, GFP_KERNEL);
452 	if (rv < 0) {
453 		desc->outbuf = NULL;
454 		clear_bit(WDM_IN_USE, &desc->flags);
455 		dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
456 		rv = usb_translate_errors(rv);
457 		goto out_free_mem_pm;
458 	} else {
459 		dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n",
460 			le16_to_cpu(req->wIndex));
461 	}
462 
463 	usb_autopm_put_interface(desc->intf);
464 	mutex_unlock(&desc->wlock);
465 outnl:
466 	return rv < 0 ? rv : count;
467 
468 out_free_mem_pm:
469 	usb_autopm_put_interface(desc->intf);
470 out_free_mem_lock:
471 	mutex_unlock(&desc->wlock);
472 out_free_mem:
473 	kfree(buf);
474 	return rv;
475 }
476 
477 /*
478  * Submit the read urb if resp_count is non-zero.
479  *
480  * Called with desc->iuspin locked
481  */
482 static int service_outstanding_interrupt(struct wdm_device *desc)
483 {
484 	int rv = 0;
485 
486 	/* submit read urb only if the device is waiting for it */
487 	if (!desc->resp_count || !--desc->resp_count)
488 		goto out;
489 
490 	set_bit(WDM_RESPONDING, &desc->flags);
491 	spin_unlock_irq(&desc->iuspin);
492 	rv = usb_submit_urb(desc->response, GFP_KERNEL);
493 	spin_lock_irq(&desc->iuspin);
494 	if (rv) {
495 		dev_err(&desc->intf->dev,
496 			"usb_submit_urb failed with result %d\n", rv);
497 
498 		/* make sure the next notification trigger a submit */
499 		clear_bit(WDM_RESPONDING, &desc->flags);
500 		desc->resp_count = 0;
501 	}
502 out:
503 	return rv;
504 }
505 
506 static ssize_t wdm_read
507 (struct file *file, char __user *buffer, size_t count, loff_t *ppos)
508 {
509 	int rv, cntr;
510 	int i = 0;
511 	struct wdm_device *desc = file->private_data;
512 
513 
514 	rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
515 	if (rv < 0)
516 		return -ERESTARTSYS;
517 
518 	cntr = ACCESS_ONCE(desc->length);
519 	if (cntr == 0) {
520 		desc->read = 0;
521 retry:
522 		if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
523 			rv = -ENODEV;
524 			goto err;
525 		}
526 		if (test_bit(WDM_OVERFLOW, &desc->flags)) {
527 			clear_bit(WDM_OVERFLOW, &desc->flags);
528 			rv = -ENOBUFS;
529 			goto err;
530 		}
531 		i++;
532 		if (file->f_flags & O_NONBLOCK) {
533 			if (!test_bit(WDM_READ, &desc->flags)) {
534 				rv = -EAGAIN;
535 				goto err;
536 			}
537 			rv = 0;
538 		} else {
539 			rv = wait_event_interruptible(desc->wait,
540 				test_bit(WDM_READ, &desc->flags));
541 		}
542 
543 		/* may have happened while we slept */
544 		if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
545 			rv = -ENODEV;
546 			goto err;
547 		}
548 		if (test_bit(WDM_RESETTING, &desc->flags)) {
549 			rv = -EIO;
550 			goto err;
551 		}
552 		usb_mark_last_busy(interface_to_usbdev(desc->intf));
553 		if (rv < 0) {
554 			rv = -ERESTARTSYS;
555 			goto err;
556 		}
557 
558 		spin_lock_irq(&desc->iuspin);
559 
560 		if (desc->rerr) { /* read completed, error happened */
561 			rv = usb_translate_errors(desc->rerr);
562 			desc->rerr = 0;
563 			spin_unlock_irq(&desc->iuspin);
564 			goto err;
565 		}
566 		/*
567 		 * recheck whether we've lost the race
568 		 * against the completion handler
569 		 */
570 		if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
571 			spin_unlock_irq(&desc->iuspin);
572 			goto retry;
573 		}
574 
575 		if (!desc->reslength) { /* zero length read */
576 			dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n");
577 			clear_bit(WDM_READ, &desc->flags);
578 			rv = service_outstanding_interrupt(desc);
579 			spin_unlock_irq(&desc->iuspin);
580 			if (rv < 0)
581 				goto err;
582 			goto retry;
583 		}
584 		cntr = desc->length;
585 		spin_unlock_irq(&desc->iuspin);
586 	}
587 
588 	if (cntr > count)
589 		cntr = count;
590 	rv = copy_to_user(buffer, desc->ubuf, cntr);
591 	if (rv > 0) {
592 		rv = -EFAULT;
593 		goto err;
594 	}
595 
596 	spin_lock_irq(&desc->iuspin);
597 
598 	for (i = 0; i < desc->length - cntr; i++)
599 		desc->ubuf[i] = desc->ubuf[i + cntr];
600 
601 	desc->length -= cntr;
602 	/* in case we had outstanding data */
603 	if (!desc->length) {
604 		clear_bit(WDM_READ, &desc->flags);
605 		service_outstanding_interrupt(desc);
606 	}
607 	spin_unlock_irq(&desc->iuspin);
608 	rv = cntr;
609 
610 err:
611 	mutex_unlock(&desc->rlock);
612 	return rv;
613 }
614 
615 static int wdm_flush(struct file *file, fl_owner_t id)
616 {
617 	struct wdm_device *desc = file->private_data;
618 
619 	wait_event(desc->wait, !test_bit(WDM_IN_USE, &desc->flags));
620 
621 	/* cannot dereference desc->intf if WDM_DISCONNECTING */
622 	if (desc->werr < 0 && !test_bit(WDM_DISCONNECTING, &desc->flags))
623 		dev_err(&desc->intf->dev, "Error in flush path: %d\n",
624 			desc->werr);
625 
626 	return usb_translate_errors(desc->werr);
627 }
628 
629 static unsigned int wdm_poll(struct file *file, struct poll_table_struct *wait)
630 {
631 	struct wdm_device *desc = file->private_data;
632 	unsigned long flags;
633 	unsigned int mask = 0;
634 
635 	spin_lock_irqsave(&desc->iuspin, flags);
636 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
637 		mask = POLLHUP | POLLERR;
638 		spin_unlock_irqrestore(&desc->iuspin, flags);
639 		goto desc_out;
640 	}
641 	if (test_bit(WDM_READ, &desc->flags))
642 		mask = POLLIN | POLLRDNORM;
643 	if (desc->rerr || desc->werr)
644 		mask |= POLLERR;
645 	if (!test_bit(WDM_IN_USE, &desc->flags))
646 		mask |= POLLOUT | POLLWRNORM;
647 	spin_unlock_irqrestore(&desc->iuspin, flags);
648 
649 	poll_wait(file, &desc->wait, wait);
650 
651 desc_out:
652 	return mask;
653 }
654 
655 static int wdm_open(struct inode *inode, struct file *file)
656 {
657 	int minor = iminor(inode);
658 	int rv = -ENODEV;
659 	struct usb_interface *intf;
660 	struct wdm_device *desc;
661 
662 	mutex_lock(&wdm_mutex);
663 	desc = wdm_find_device_by_minor(minor);
664 	if (!desc)
665 		goto out;
666 
667 	intf = desc->intf;
668 	if (test_bit(WDM_DISCONNECTING, &desc->flags))
669 		goto out;
670 	file->private_data = desc;
671 
672 	rv = usb_autopm_get_interface(desc->intf);
673 	if (rv < 0) {
674 		dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
675 		goto out;
676 	}
677 
678 	/* using write lock to protect desc->count */
679 	mutex_lock(&desc->wlock);
680 	if (!desc->count++) {
681 		desc->werr = 0;
682 		desc->rerr = 0;
683 		rv = usb_submit_urb(desc->validity, GFP_KERNEL);
684 		if (rv < 0) {
685 			desc->count--;
686 			dev_err(&desc->intf->dev,
687 				"Error submitting int urb - %d\n", rv);
688 			rv = usb_translate_errors(rv);
689 		} else if (test_bit(WDM_DRAIN_ON_OPEN, &desc->flags)) {
690 			/*
691 			 * Some devices keep pending messages queued
692 			 * without resending notifications.  We must
693 			 * flush the message queue before we can
694 			 * assume a one-to-one relationship between
695 			 * notifications and messages in the queue
696 			 */
697 			dev_dbg(&desc->intf->dev, "draining queued data\n");
698 			set_bit(WDM_RESPONDING, &desc->flags);
699 			rv = usb_submit_urb(desc->response, GFP_KERNEL);
700 		}
701 	} else {
702 		rv = 0;
703 	}
704 	mutex_unlock(&desc->wlock);
705 	if (desc->count == 1)
706 		desc->manage_power(intf, 1);
707 	usb_autopm_put_interface(desc->intf);
708 out:
709 	mutex_unlock(&wdm_mutex);
710 	return rv;
711 }
712 
713 static int wdm_release(struct inode *inode, struct file *file)
714 {
715 	struct wdm_device *desc = file->private_data;
716 
717 	mutex_lock(&wdm_mutex);
718 
719 	/* using write lock to protect desc->count */
720 	mutex_lock(&desc->wlock);
721 	desc->count--;
722 	mutex_unlock(&desc->wlock);
723 
724 	if (!desc->count) {
725 		if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
726 			dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n");
727 			kill_urbs(desc);
728 			spin_lock_irq(&desc->iuspin);
729 			desc->resp_count = 0;
730 			spin_unlock_irq(&desc->iuspin);
731 			desc->manage_power(desc->intf, 0);
732 		} else {
733 			/* must avoid dev_printk here as desc->intf is invalid */
734 			pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
735 			cleanup(desc);
736 		}
737 	}
738 	mutex_unlock(&wdm_mutex);
739 	return 0;
740 }
741 
742 static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
743 {
744 	struct wdm_device *desc = file->private_data;
745 	int rv = 0;
746 
747 	switch (cmd) {
748 	case IOCTL_WDM_MAX_COMMAND:
749 		if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
750 			rv = -EFAULT;
751 		break;
752 	default:
753 		rv = -ENOTTY;
754 	}
755 	return rv;
756 }
757 
758 static const struct file_operations wdm_fops = {
759 	.owner =	THIS_MODULE,
760 	.read =		wdm_read,
761 	.write =	wdm_write,
762 	.open =		wdm_open,
763 	.flush =	wdm_flush,
764 	.release =	wdm_release,
765 	.poll =		wdm_poll,
766 	.unlocked_ioctl = wdm_ioctl,
767 	.compat_ioctl = wdm_ioctl,
768 	.llseek =	noop_llseek,
769 };
770 
771 static struct usb_class_driver wdm_class = {
772 	.name =		"cdc-wdm%d",
773 	.fops =		&wdm_fops,
774 	.minor_base =	WDM_MINOR_BASE,
775 };
776 
777 /* --- error handling --- */
778 static void wdm_rxwork(struct work_struct *work)
779 {
780 	struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
781 	unsigned long flags;
782 	int rv = 0;
783 	int responding;
784 
785 	spin_lock_irqsave(&desc->iuspin, flags);
786 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
787 		spin_unlock_irqrestore(&desc->iuspin, flags);
788 	} else {
789 		responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
790 		spin_unlock_irqrestore(&desc->iuspin, flags);
791 		if (!responding)
792 			rv = usb_submit_urb(desc->response, GFP_KERNEL);
793 		if (rv < 0 && rv != -EPERM) {
794 			spin_lock_irqsave(&desc->iuspin, flags);
795 			clear_bit(WDM_RESPONDING, &desc->flags);
796 			if (!test_bit(WDM_DISCONNECTING, &desc->flags))
797 				schedule_work(&desc->rxwork);
798 			spin_unlock_irqrestore(&desc->iuspin, flags);
799 		}
800 	}
801 }
802 
803 /* --- hotplug --- */
804 
805 static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
806 		u16 bufsize, int (*manage_power)(struct usb_interface *, int),
807 		bool drain_on_open)
808 {
809 	int rv = -ENOMEM;
810 	struct wdm_device *desc;
811 
812 	desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
813 	if (!desc)
814 		goto out;
815 	INIT_LIST_HEAD(&desc->device_list);
816 	mutex_init(&desc->rlock);
817 	mutex_init(&desc->wlock);
818 	spin_lock_init(&desc->iuspin);
819 	init_waitqueue_head(&desc->wait);
820 	desc->wMaxCommand = bufsize;
821 	/* this will be expanded and needed in hardware endianness */
822 	desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
823 	desc->intf = intf;
824 	INIT_WORK(&desc->rxwork, wdm_rxwork);
825 
826 	rv = -EINVAL;
827 	if (!usb_endpoint_is_int_in(ep))
828 		goto err;
829 
830 	desc->wMaxPacketSize = usb_endpoint_maxp(ep);
831 
832 	desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
833 	if (!desc->orq)
834 		goto err;
835 	desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
836 	if (!desc->irq)
837 		goto err;
838 
839 	desc->validity = usb_alloc_urb(0, GFP_KERNEL);
840 	if (!desc->validity)
841 		goto err;
842 
843 	desc->response = usb_alloc_urb(0, GFP_KERNEL);
844 	if (!desc->response)
845 		goto err;
846 
847 	desc->command = usb_alloc_urb(0, GFP_KERNEL);
848 	if (!desc->command)
849 		goto err;
850 
851 	desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
852 	if (!desc->ubuf)
853 		goto err;
854 
855 	desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
856 	if (!desc->sbuf)
857 		goto err;
858 
859 	desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
860 	if (!desc->inbuf)
861 		goto err;
862 
863 	usb_fill_int_urb(
864 		desc->validity,
865 		interface_to_usbdev(intf),
866 		usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
867 		desc->sbuf,
868 		desc->wMaxPacketSize,
869 		wdm_int_callback,
870 		desc,
871 		ep->bInterval
872 	);
873 
874 	desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
875 	desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
876 	desc->irq->wValue = 0;
877 	desc->irq->wIndex = desc->inum; /* already converted */
878 	desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
879 
880 	usb_fill_control_urb(
881 		desc->response,
882 		interface_to_usbdev(intf),
883 		/* using common endpoint 0 */
884 		usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
885 		(unsigned char *)desc->irq,
886 		desc->inbuf,
887 		desc->wMaxCommand,
888 		wdm_in_callback,
889 		desc
890 	);
891 
892 	desc->manage_power = manage_power;
893 
894 	/*
895 	 * "drain_on_open" enables a hack to work around a firmware
896 	 * issue observed on network functions, in particular MBIM
897 	 * functions.
898 	 *
899 	 * Quoting section 7 of the CDC-WMC r1.1 specification:
900 	 *
901 	 *  "The firmware shall interpret GetEncapsulatedResponse as a
902 	 *   request to read response bytes. The firmware shall send
903 	 *   the next wLength bytes from the response. The firmware
904 	 *   shall allow the host to retrieve data using any number of
905 	 *   GetEncapsulatedResponse requests. The firmware shall
906 	 *   return a zero- length reply if there are no data bytes
907 	 *   available.
908 	 *
909 	 *   The firmware shall send ResponseAvailable notifications
910 	 *   periodically, using any appropriate algorithm, to inform
911 	 *   the host that there is data available in the reply
912 	 *   buffer. The firmware is allowed to send ResponseAvailable
913 	 *   notifications even if there is no data available, but
914 	 *   this will obviously reduce overall performance."
915 	 *
916 	 * These requirements, although they make equally sense, are
917 	 * often not implemented by network functions. Some firmwares
918 	 * will queue data indefinitely, without ever resending a
919 	 * notification. The result is that the driver and firmware
920 	 * loses "syncronization" if the driver ever fails to respond
921 	 * to a single notification, something which easily can happen
922 	 * on release(). When this happens, the driver will appear to
923 	 * never receive notifications for the most current data. Each
924 	 * notification will only cause a single read, which returns
925 	 * the oldest data in the firmware's queue.
926 	 *
927 	 * The "drain_on_open" hack resolves the situation by draining
928 	 * data from the firmware until none is returned, without a
929 	 * prior notification.
930 	 *
931 	 * This will inevitably race with the firmware, risking that
932 	 * we read data from the device before handling the associated
933 	 * notification. To make things worse, some of the devices
934 	 * needing the hack do not implement the "return zero if no
935 	 * data is available" requirement either. Instead they return
936 	 * an error on the subsequent read in this case.  This means
937 	 * that "winning" the race can cause an unexpected EIO to
938 	 * userspace.
939 	 *
940 	 * "winning" the race is more likely on resume() than on
941 	 * open(), and the unexpected error is more harmful in the
942 	 * middle of an open session. The hack is therefore only
943 	 * applied on open(), and not on resume() where it logically
944 	 * would be equally necessary. So we define open() as the only
945 	 * driver <-> device "syncronization point".  Should we happen
946 	 * to lose a notification after open(), then syncronization
947 	 * will be lost until release()
948 	 *
949 	 * The hack should not be enabled for CDC WDM devices
950 	 * conforming to the CDC-WMC r1.1 specification.  This is
951 	 * ensured by setting drain_on_open to false in wdm_probe().
952 	 */
953 	if (drain_on_open)
954 		set_bit(WDM_DRAIN_ON_OPEN, &desc->flags);
955 
956 	spin_lock(&wdm_device_list_lock);
957 	list_add(&desc->device_list, &wdm_device_list);
958 	spin_unlock(&wdm_device_list_lock);
959 
960 	rv = usb_register_dev(intf, &wdm_class);
961 	if (rv < 0)
962 		goto err;
963 	else
964 		dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
965 out:
966 	return rv;
967 err:
968 	spin_lock(&wdm_device_list_lock);
969 	list_del(&desc->device_list);
970 	spin_unlock(&wdm_device_list_lock);
971 	cleanup(desc);
972 	return rv;
973 }
974 
975 static int wdm_manage_power(struct usb_interface *intf, int on)
976 {
977 	/* need autopm_get/put here to ensure the usbcore sees the new value */
978 	int rv = usb_autopm_get_interface(intf);
979 
980 	intf->needs_remote_wakeup = on;
981 	if (!rv)
982 		usb_autopm_put_interface(intf);
983 	return 0;
984 }
985 
986 static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
987 {
988 	int rv = -EINVAL;
989 	struct usb_host_interface *iface;
990 	struct usb_endpoint_descriptor *ep;
991 	struct usb_cdc_parsed_header hdr;
992 	u8 *buffer = intf->altsetting->extra;
993 	int buflen = intf->altsetting->extralen;
994 	u16 maxcom = WDM_DEFAULT_BUFSIZE;
995 
996 	if (!buffer)
997 		goto err;
998 
999 	cdc_parse_cdc_header(&hdr, intf, buffer, buflen);
1000 
1001 	if (hdr.usb_cdc_dmm_desc)
1002 		maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand);
1003 
1004 	iface = intf->cur_altsetting;
1005 	if (iface->desc.bNumEndpoints != 1)
1006 		goto err;
1007 	ep = &iface->endpoint[0].desc;
1008 
1009 	rv = wdm_create(intf, ep, maxcom, &wdm_manage_power, false);
1010 
1011 err:
1012 	return rv;
1013 }
1014 
1015 /**
1016  * usb_cdc_wdm_register - register a WDM subdriver
1017  * @intf: usb interface the subdriver will associate with
1018  * @ep: interrupt endpoint to monitor for notifications
1019  * @bufsize: maximum message size to support for read/write
1020  *
1021  * Create WDM usb class character device and associate it with intf
1022  * without binding, allowing another driver to manage the interface.
1023  *
1024  * The subdriver will manage the given interrupt endpoint exclusively
1025  * and will issue control requests referring to the given intf. It
1026  * will otherwise avoid interferring, and in particular not do
1027  * usb_set_intfdata/usb_get_intfdata on intf.
1028  *
1029  * The return value is a pointer to the subdriver's struct usb_driver.
1030  * The registering driver is responsible for calling this subdriver's
1031  * disconnect, suspend, resume, pre_reset and post_reset methods from
1032  * its own.
1033  */
1034 struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
1035 					struct usb_endpoint_descriptor *ep,
1036 					int bufsize,
1037 					int (*manage_power)(struct usb_interface *, int))
1038 {
1039 	int rv = -EINVAL;
1040 
1041 	rv = wdm_create(intf, ep, bufsize, manage_power, true);
1042 	if (rv < 0)
1043 		goto err;
1044 
1045 	return &wdm_driver;
1046 err:
1047 	return ERR_PTR(rv);
1048 }
1049 EXPORT_SYMBOL(usb_cdc_wdm_register);
1050 
1051 static void wdm_disconnect(struct usb_interface *intf)
1052 {
1053 	struct wdm_device *desc;
1054 	unsigned long flags;
1055 
1056 	usb_deregister_dev(intf, &wdm_class);
1057 	desc = wdm_find_device(intf);
1058 	mutex_lock(&wdm_mutex);
1059 
1060 	/* the spinlock makes sure no new urbs are generated in the callbacks */
1061 	spin_lock_irqsave(&desc->iuspin, flags);
1062 	set_bit(WDM_DISCONNECTING, &desc->flags);
1063 	set_bit(WDM_READ, &desc->flags);
1064 	/* to terminate pending flushes */
1065 	clear_bit(WDM_IN_USE, &desc->flags);
1066 	spin_unlock_irqrestore(&desc->iuspin, flags);
1067 	wake_up_all(&desc->wait);
1068 	mutex_lock(&desc->rlock);
1069 	mutex_lock(&desc->wlock);
1070 	kill_urbs(desc);
1071 	cancel_work_sync(&desc->rxwork);
1072 	mutex_unlock(&desc->wlock);
1073 	mutex_unlock(&desc->rlock);
1074 
1075 	/* the desc->intf pointer used as list key is now invalid */
1076 	spin_lock(&wdm_device_list_lock);
1077 	list_del(&desc->device_list);
1078 	spin_unlock(&wdm_device_list_lock);
1079 
1080 	if (!desc->count)
1081 		cleanup(desc);
1082 	else
1083 		dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count);
1084 	mutex_unlock(&wdm_mutex);
1085 }
1086 
1087 #ifdef CONFIG_PM
1088 static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
1089 {
1090 	struct wdm_device *desc = wdm_find_device(intf);
1091 	int rv = 0;
1092 
1093 	dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1094 
1095 	/* if this is an autosuspend the caller does the locking */
1096 	if (!PMSG_IS_AUTO(message)) {
1097 		mutex_lock(&desc->rlock);
1098 		mutex_lock(&desc->wlock);
1099 	}
1100 	spin_lock_irq(&desc->iuspin);
1101 
1102 	if (PMSG_IS_AUTO(message) &&
1103 			(test_bit(WDM_IN_USE, &desc->flags)
1104 			|| test_bit(WDM_RESPONDING, &desc->flags))) {
1105 		spin_unlock_irq(&desc->iuspin);
1106 		rv = -EBUSY;
1107 	} else {
1108 
1109 		set_bit(WDM_SUSPENDING, &desc->flags);
1110 		spin_unlock_irq(&desc->iuspin);
1111 		/* callback submits work - order is essential */
1112 		kill_urbs(desc);
1113 		cancel_work_sync(&desc->rxwork);
1114 	}
1115 	if (!PMSG_IS_AUTO(message)) {
1116 		mutex_unlock(&desc->wlock);
1117 		mutex_unlock(&desc->rlock);
1118 	}
1119 
1120 	return rv;
1121 }
1122 #endif
1123 
1124 static int recover_from_urb_loss(struct wdm_device *desc)
1125 {
1126 	int rv = 0;
1127 
1128 	if (desc->count) {
1129 		rv = usb_submit_urb(desc->validity, GFP_NOIO);
1130 		if (rv < 0)
1131 			dev_err(&desc->intf->dev,
1132 				"Error resume submitting int urb - %d\n", rv);
1133 	}
1134 	return rv;
1135 }
1136 
1137 #ifdef CONFIG_PM
1138 static int wdm_resume(struct usb_interface *intf)
1139 {
1140 	struct wdm_device *desc = wdm_find_device(intf);
1141 	int rv;
1142 
1143 	dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1144 
1145 	clear_bit(WDM_SUSPENDING, &desc->flags);
1146 	rv = recover_from_urb_loss(desc);
1147 
1148 	return rv;
1149 }
1150 #endif
1151 
1152 static int wdm_pre_reset(struct usb_interface *intf)
1153 {
1154 	struct wdm_device *desc = wdm_find_device(intf);
1155 
1156 	/*
1157 	 * we notify everybody using poll of
1158 	 * an exceptional situation
1159 	 * must be done before recovery lest a spontaneous
1160 	 * message from the device is lost
1161 	 */
1162 	spin_lock_irq(&desc->iuspin);
1163 	set_bit(WDM_RESETTING, &desc->flags);	/* inform read/write */
1164 	set_bit(WDM_READ, &desc->flags);	/* unblock read */
1165 	clear_bit(WDM_IN_USE, &desc->flags);	/* unblock write */
1166 	desc->rerr = -EINTR;
1167 	spin_unlock_irq(&desc->iuspin);
1168 	wake_up_all(&desc->wait);
1169 	mutex_lock(&desc->rlock);
1170 	mutex_lock(&desc->wlock);
1171 	kill_urbs(desc);
1172 	cancel_work_sync(&desc->rxwork);
1173 	return 0;
1174 }
1175 
1176 static int wdm_post_reset(struct usb_interface *intf)
1177 {
1178 	struct wdm_device *desc = wdm_find_device(intf);
1179 	int rv;
1180 
1181 	clear_bit(WDM_OVERFLOW, &desc->flags);
1182 	clear_bit(WDM_RESETTING, &desc->flags);
1183 	rv = recover_from_urb_loss(desc);
1184 	mutex_unlock(&desc->wlock);
1185 	mutex_unlock(&desc->rlock);
1186 	return 0;
1187 }
1188 
1189 static struct usb_driver wdm_driver = {
1190 	.name =		"cdc_wdm",
1191 	.probe =	wdm_probe,
1192 	.disconnect =	wdm_disconnect,
1193 #ifdef CONFIG_PM
1194 	.suspend =	wdm_suspend,
1195 	.resume =	wdm_resume,
1196 	.reset_resume =	wdm_resume,
1197 #endif
1198 	.pre_reset =	wdm_pre_reset,
1199 	.post_reset =	wdm_post_reset,
1200 	.id_table =	wdm_ids,
1201 	.supports_autosuspend = 1,
1202 	.disable_hub_initiated_lpm = 1,
1203 };
1204 
1205 module_usb_driver(wdm_driver);
1206 
1207 MODULE_AUTHOR(DRIVER_AUTHOR);
1208 MODULE_DESCRIPTION(DRIVER_DESC);
1209 MODULE_LICENSE("GPL");
1210