1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * drivers/usb/class/usbtmc.c - USB Test & Measurement class driver 4 * 5 * Copyright (C) 2007 Stefan Kopp, Gechingen, Germany 6 * Copyright (C) 2008 Novell, Inc. 7 * Copyright (C) 2008 Greg Kroah-Hartman <gregkh@suse.de> 8 * Copyright (C) 2018 IVI Foundation, Inc. 9 */ 10 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13 #include <linux/module.h> 14 #include <linux/kernel.h> 15 #include <linux/fs.h> 16 #include <linux/uaccess.h> 17 #include <linux/kref.h> 18 #include <linux/slab.h> 19 #include <linux/poll.h> 20 #include <linux/mutex.h> 21 #include <linux/usb.h> 22 #include <linux/compat.h> 23 #include <linux/usb/tmc.h> 24 25 /* Increment API VERSION when changing tmc.h with new flags or ioctls 26 * or when changing a significant behavior of the driver. 27 */ 28 #define USBTMC_API_VERSION (3) 29 30 #define USBTMC_HEADER_SIZE 12 31 #define USBTMC_MINOR_BASE 176 32 33 /* Minimum USB timeout (in milliseconds) */ 34 #define USBTMC_MIN_TIMEOUT 100 35 /* Default USB timeout (in milliseconds) */ 36 #define USBTMC_TIMEOUT 5000 37 38 /* Max number of urbs used in write transfers */ 39 #define MAX_URBS_IN_FLIGHT 16 40 /* I/O buffer size used in generic read/write functions */ 41 #define USBTMC_BUFSIZE (4096) 42 43 /* 44 * Maximum number of read cycles to empty bulk in endpoint during CLEAR and 45 * ABORT_BULK_IN requests. Ends the loop if (for whatever reason) a short 46 * packet is never read. 47 */ 48 #define USBTMC_MAX_READS_TO_CLEAR_BULK_IN 100 49 50 static const struct usb_device_id usbtmc_devices[] = { 51 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 0), }, 52 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 1), }, 53 { 0, } /* terminating entry */ 54 }; 55 MODULE_DEVICE_TABLE(usb, usbtmc_devices); 56 57 /* 58 * This structure is the capabilities for the device 59 * See section 4.2.1.8 of the USBTMC specification, 60 * and section 4.2.2 of the USBTMC usb488 subclass 61 * specification for details. 62 */ 63 struct usbtmc_dev_capabilities { 64 __u8 interface_capabilities; 65 __u8 device_capabilities; 66 __u8 usb488_interface_capabilities; 67 __u8 usb488_device_capabilities; 68 }; 69 70 /* This structure holds private data for each USBTMC device. One copy is 71 * allocated for each USBTMC device in the driver's probe function. 72 */ 73 struct usbtmc_device_data { 74 const struct usb_device_id *id; 75 struct usb_device *usb_dev; 76 struct usb_interface *intf; 77 struct list_head file_list; 78 79 unsigned int bulk_in; 80 unsigned int bulk_out; 81 82 u8 bTag; 83 u8 bTag_last_write; /* needed for abort */ 84 u8 bTag_last_read; /* needed for abort */ 85 86 /* packet size of IN bulk */ 87 u16 wMaxPacketSize; 88 89 /* data for interrupt in endpoint handling */ 90 u8 bNotify1; 91 u8 bNotify2; 92 u16 ifnum; 93 u8 iin_bTag; 94 u8 *iin_buffer; 95 atomic_t iin_data_valid; 96 unsigned int iin_ep; 97 int iin_ep_present; 98 int iin_interval; 99 struct urb *iin_urb; 100 u16 iin_wMaxPacketSize; 101 102 /* coalesced usb488_caps from usbtmc_dev_capabilities */ 103 __u8 usb488_caps; 104 105 bool zombie; /* fd of disconnected device */ 106 107 struct usbtmc_dev_capabilities capabilities; 108 struct kref kref; 109 struct mutex io_mutex; /* only one i/o function running at a time */ 110 wait_queue_head_t waitq; 111 struct fasync_struct *fasync; 112 spinlock_t dev_lock; /* lock for file_list */ 113 }; 114 #define to_usbtmc_data(d) container_of(d, struct usbtmc_device_data, kref) 115 116 /* 117 * This structure holds private data for each USBTMC file handle. 118 */ 119 struct usbtmc_file_data { 120 struct usbtmc_device_data *data; 121 struct list_head file_elem; 122 123 u32 timeout; 124 u8 srq_byte; 125 atomic_t srq_asserted; 126 atomic_t closing; 127 u8 bmTransferAttributes; /* member of DEV_DEP_MSG_IN */ 128 129 u8 eom_val; 130 u8 term_char; 131 bool term_char_enabled; 132 bool auto_abort; 133 134 spinlock_t err_lock; /* lock for errors */ 135 136 struct usb_anchor submitted; 137 138 /* data for generic_write */ 139 struct semaphore limit_write_sem; 140 u32 out_transfer_size; 141 int out_status; 142 143 /* data for generic_read */ 144 u32 in_transfer_size; 145 int in_status; 146 int in_urbs_used; 147 struct usb_anchor in_anchor; 148 wait_queue_head_t wait_bulk_in; 149 }; 150 151 /* Forward declarations */ 152 static struct usb_driver usbtmc_driver; 153 static void usbtmc_draw_down(struct usbtmc_file_data *file_data); 154 155 static void usbtmc_delete(struct kref *kref) 156 { 157 struct usbtmc_device_data *data = to_usbtmc_data(kref); 158 159 usb_put_dev(data->usb_dev); 160 kfree(data); 161 } 162 163 static int usbtmc_open(struct inode *inode, struct file *filp) 164 { 165 struct usb_interface *intf; 166 struct usbtmc_device_data *data; 167 struct usbtmc_file_data *file_data; 168 169 intf = usb_find_interface(&usbtmc_driver, iminor(inode)); 170 if (!intf) { 171 pr_err("can not find device for minor %d", iminor(inode)); 172 return -ENODEV; 173 } 174 175 file_data = kzalloc(sizeof(*file_data), GFP_KERNEL); 176 if (!file_data) 177 return -ENOMEM; 178 179 spin_lock_init(&file_data->err_lock); 180 sema_init(&file_data->limit_write_sem, MAX_URBS_IN_FLIGHT); 181 init_usb_anchor(&file_data->submitted); 182 init_usb_anchor(&file_data->in_anchor); 183 init_waitqueue_head(&file_data->wait_bulk_in); 184 185 data = usb_get_intfdata(intf); 186 /* Protect reference to data from file structure until release */ 187 kref_get(&data->kref); 188 189 mutex_lock(&data->io_mutex); 190 file_data->data = data; 191 192 atomic_set(&file_data->closing, 0); 193 194 file_data->timeout = USBTMC_TIMEOUT; 195 file_data->term_char = '\n'; 196 file_data->term_char_enabled = 0; 197 file_data->auto_abort = 0; 198 file_data->eom_val = 1; 199 200 INIT_LIST_HEAD(&file_data->file_elem); 201 spin_lock_irq(&data->dev_lock); 202 list_add_tail(&file_data->file_elem, &data->file_list); 203 spin_unlock_irq(&data->dev_lock); 204 mutex_unlock(&data->io_mutex); 205 206 /* Store pointer in file structure's private data field */ 207 filp->private_data = file_data; 208 209 return 0; 210 } 211 212 /* 213 * usbtmc_flush - called before file handle is closed 214 */ 215 static int usbtmc_flush(struct file *file, fl_owner_t id) 216 { 217 struct usbtmc_file_data *file_data; 218 struct usbtmc_device_data *data; 219 220 file_data = file->private_data; 221 if (file_data == NULL) 222 return -ENODEV; 223 224 atomic_set(&file_data->closing, 1); 225 data = file_data->data; 226 227 /* wait for io to stop */ 228 mutex_lock(&data->io_mutex); 229 230 usbtmc_draw_down(file_data); 231 232 spin_lock_irq(&file_data->err_lock); 233 file_data->in_status = 0; 234 file_data->in_transfer_size = 0; 235 file_data->in_urbs_used = 0; 236 file_data->out_status = 0; 237 file_data->out_transfer_size = 0; 238 spin_unlock_irq(&file_data->err_lock); 239 240 wake_up_interruptible_all(&data->waitq); 241 mutex_unlock(&data->io_mutex); 242 243 return 0; 244 } 245 246 static int usbtmc_release(struct inode *inode, struct file *file) 247 { 248 struct usbtmc_file_data *file_data = file->private_data; 249 250 /* prevent IO _AND_ usbtmc_interrupt */ 251 mutex_lock(&file_data->data->io_mutex); 252 spin_lock_irq(&file_data->data->dev_lock); 253 254 list_del(&file_data->file_elem); 255 256 spin_unlock_irq(&file_data->data->dev_lock); 257 mutex_unlock(&file_data->data->io_mutex); 258 259 kref_put(&file_data->data->kref, usbtmc_delete); 260 file_data->data = NULL; 261 kfree(file_data); 262 return 0; 263 } 264 265 static int usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data *data, 266 u8 tag) 267 { 268 u8 *buffer; 269 struct device *dev; 270 int rv; 271 int n; 272 int actual; 273 274 dev = &data->intf->dev; 275 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL); 276 if (!buffer) 277 return -ENOMEM; 278 279 rv = usb_control_msg(data->usb_dev, 280 usb_rcvctrlpipe(data->usb_dev, 0), 281 USBTMC_REQUEST_INITIATE_ABORT_BULK_IN, 282 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 283 tag, data->bulk_in, 284 buffer, 2, USB_CTRL_GET_TIMEOUT); 285 286 if (rv < 0) { 287 dev_err(dev, "usb_control_msg returned %d\n", rv); 288 goto exit; 289 } 290 291 dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x with tag %02x\n", 292 buffer[0], buffer[1]); 293 294 if (buffer[0] == USBTMC_STATUS_FAILED) { 295 /* No transfer in progress and the Bulk-OUT FIFO is empty. */ 296 rv = 0; 297 goto exit; 298 } 299 300 if (buffer[0] == USBTMC_STATUS_TRANSFER_NOT_IN_PROGRESS) { 301 /* The device returns this status if either: 302 * - There is a transfer in progress, but the specified bTag 303 * does not match. 304 * - There is no transfer in progress, but the Bulk-OUT FIFO 305 * is not empty. 306 */ 307 rv = -ENOMSG; 308 goto exit; 309 } 310 311 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 312 dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n", 313 buffer[0]); 314 rv = -EPERM; 315 goto exit; 316 } 317 318 n = 0; 319 320 usbtmc_abort_bulk_in_status: 321 dev_dbg(dev, "Reading from bulk in EP\n"); 322 323 /* Data must be present. So use low timeout 300 ms */ 324 actual = 0; 325 rv = usb_bulk_msg(data->usb_dev, 326 usb_rcvbulkpipe(data->usb_dev, 327 data->bulk_in), 328 buffer, USBTMC_BUFSIZE, 329 &actual, 300); 330 331 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1, 332 buffer, actual, true); 333 334 n++; 335 336 if (rv < 0) { 337 dev_err(dev, "usb_bulk_msg returned %d\n", rv); 338 if (rv != -ETIMEDOUT) 339 goto exit; 340 } 341 342 if (actual == USBTMC_BUFSIZE) 343 goto usbtmc_abort_bulk_in_status; 344 345 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) { 346 dev_err(dev, "Couldn't clear device buffer within %d cycles\n", 347 USBTMC_MAX_READS_TO_CLEAR_BULK_IN); 348 rv = -EPERM; 349 goto exit; 350 } 351 352 rv = usb_control_msg(data->usb_dev, 353 usb_rcvctrlpipe(data->usb_dev, 0), 354 USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS, 355 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 356 0, data->bulk_in, buffer, 0x08, 357 USB_CTRL_GET_TIMEOUT); 358 359 if (rv < 0) { 360 dev_err(dev, "usb_control_msg returned %d\n", rv); 361 goto exit; 362 } 363 364 dev_dbg(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]); 365 366 if (buffer[0] == USBTMC_STATUS_SUCCESS) { 367 rv = 0; 368 goto exit; 369 } 370 371 if (buffer[0] != USBTMC_STATUS_PENDING) { 372 dev_err(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]); 373 rv = -EPERM; 374 goto exit; 375 } 376 377 if ((buffer[1] & 1) > 0) { 378 /* The device has 1 or more queued packets the Host can read */ 379 goto usbtmc_abort_bulk_in_status; 380 } 381 382 /* The Host must send CHECK_ABORT_BULK_IN_STATUS at a later time. */ 383 rv = -EAGAIN; 384 exit: 385 kfree(buffer); 386 return rv; 387 } 388 389 static int usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data *data) 390 { 391 return usbtmc_ioctl_abort_bulk_in_tag(data, data->bTag_last_read); 392 } 393 394 static int usbtmc_ioctl_abort_bulk_out_tag(struct usbtmc_device_data *data, 395 u8 tag) 396 { 397 struct device *dev; 398 u8 *buffer; 399 int rv; 400 int n; 401 402 dev = &data->intf->dev; 403 404 buffer = kmalloc(8, GFP_KERNEL); 405 if (!buffer) 406 return -ENOMEM; 407 408 rv = usb_control_msg(data->usb_dev, 409 usb_rcvctrlpipe(data->usb_dev, 0), 410 USBTMC_REQUEST_INITIATE_ABORT_BULK_OUT, 411 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 412 tag, data->bulk_out, 413 buffer, 2, USB_CTRL_GET_TIMEOUT); 414 415 if (rv < 0) { 416 dev_err(dev, "usb_control_msg returned %d\n", rv); 417 goto exit; 418 } 419 420 dev_dbg(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", buffer[0]); 421 422 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 423 dev_err(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", 424 buffer[0]); 425 rv = -EPERM; 426 goto exit; 427 } 428 429 n = 0; 430 431 usbtmc_abort_bulk_out_check_status: 432 /* do not stress device with subsequent requests */ 433 msleep(50); 434 rv = usb_control_msg(data->usb_dev, 435 usb_rcvctrlpipe(data->usb_dev, 0), 436 USBTMC_REQUEST_CHECK_ABORT_BULK_OUT_STATUS, 437 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 438 0, data->bulk_out, buffer, 0x08, 439 USB_CTRL_GET_TIMEOUT); 440 n++; 441 if (rv < 0) { 442 dev_err(dev, "usb_control_msg returned %d\n", rv); 443 goto exit; 444 } 445 446 dev_dbg(dev, "CHECK_ABORT_BULK_OUT returned %x\n", buffer[0]); 447 448 if (buffer[0] == USBTMC_STATUS_SUCCESS) 449 goto usbtmc_abort_bulk_out_clear_halt; 450 451 if ((buffer[0] == USBTMC_STATUS_PENDING) && 452 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN)) 453 goto usbtmc_abort_bulk_out_check_status; 454 455 rv = -EPERM; 456 goto exit; 457 458 usbtmc_abort_bulk_out_clear_halt: 459 rv = usb_clear_halt(data->usb_dev, 460 usb_sndbulkpipe(data->usb_dev, data->bulk_out)); 461 462 if (rv < 0) { 463 dev_err(dev, "usb_control_msg returned %d\n", rv); 464 goto exit; 465 } 466 rv = 0; 467 468 exit: 469 kfree(buffer); 470 return rv; 471 } 472 473 static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data) 474 { 475 return usbtmc_ioctl_abort_bulk_out_tag(data, data->bTag_last_write); 476 } 477 478 static int usbtmc_get_stb(struct usbtmc_file_data *file_data, __u8 *stb) 479 { 480 struct usbtmc_device_data *data = file_data->data; 481 struct device *dev = &data->intf->dev; 482 u8 *buffer; 483 u8 tag; 484 int rv; 485 486 dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n", 487 data->iin_ep_present); 488 489 buffer = kmalloc(8, GFP_KERNEL); 490 if (!buffer) 491 return -ENOMEM; 492 493 atomic_set(&data->iin_data_valid, 0); 494 495 rv = usb_control_msg(data->usb_dev, 496 usb_rcvctrlpipe(data->usb_dev, 0), 497 USBTMC488_REQUEST_READ_STATUS_BYTE, 498 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 499 data->iin_bTag, 500 data->ifnum, 501 buffer, 0x03, USB_CTRL_GET_TIMEOUT); 502 if (rv < 0) { 503 dev_err(dev, "stb usb_control_msg returned %d\n", rv); 504 goto exit; 505 } 506 507 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 508 dev_err(dev, "control status returned %x\n", buffer[0]); 509 rv = -EIO; 510 goto exit; 511 } 512 513 if (data->iin_ep_present) { 514 rv = wait_event_interruptible_timeout( 515 data->waitq, 516 atomic_read(&data->iin_data_valid) != 0, 517 file_data->timeout); 518 if (rv < 0) { 519 dev_dbg(dev, "wait interrupted %d\n", rv); 520 goto exit; 521 } 522 523 if (rv == 0) { 524 dev_dbg(dev, "wait timed out\n"); 525 rv = -ETIMEDOUT; 526 goto exit; 527 } 528 529 tag = data->bNotify1 & 0x7f; 530 if (tag != data->iin_bTag) { 531 dev_err(dev, "expected bTag %x got %x\n", 532 data->iin_bTag, tag); 533 } 534 535 *stb = data->bNotify2; 536 } else { 537 *stb = buffer[2]; 538 } 539 540 dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)*stb, rv); 541 542 exit: 543 /* bump interrupt bTag */ 544 data->iin_bTag += 1; 545 if (data->iin_bTag > 127) 546 /* 1 is for SRQ see USBTMC-USB488 subclass spec section 4.3.1 */ 547 data->iin_bTag = 2; 548 549 kfree(buffer); 550 return rv; 551 } 552 553 static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, 554 void __user *arg) 555 { 556 int srq_asserted = 0; 557 __u8 stb; 558 int rv; 559 560 rv = usbtmc_get_stb(file_data, &stb); 561 562 if (rv > 0) { 563 srq_asserted = atomic_xchg(&file_data->srq_asserted, 564 srq_asserted); 565 if (srq_asserted) 566 stb |= 0x40; /* Set RQS bit */ 567 568 rv = put_user(stb, (__u8 __user *)arg); 569 } 570 return rv; 571 572 } 573 574 static int usbtmc_ioctl_get_srq_stb(struct usbtmc_file_data *file_data, 575 void __user *arg) 576 { 577 struct usbtmc_device_data *data = file_data->data; 578 struct device *dev = &data->intf->dev; 579 int srq_asserted = 0; 580 __u8 stb = 0; 581 int rv; 582 583 spin_lock_irq(&data->dev_lock); 584 srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted); 585 586 if (srq_asserted) { 587 stb = file_data->srq_byte; 588 spin_unlock_irq(&data->dev_lock); 589 rv = put_user(stb, (__u8 __user *)arg); 590 } else { 591 spin_unlock_irq(&data->dev_lock); 592 rv = -ENOMSG; 593 } 594 595 dev_dbg(dev, "stb:0x%02x with srq received %d\n", (unsigned int)stb, rv); 596 597 return rv; 598 } 599 600 static int usbtmc488_ioctl_wait_srq(struct usbtmc_file_data *file_data, 601 __u32 __user *arg) 602 { 603 struct usbtmc_device_data *data = file_data->data; 604 struct device *dev = &data->intf->dev; 605 int rv; 606 u32 timeout; 607 unsigned long expire; 608 609 if (!data->iin_ep_present) { 610 dev_dbg(dev, "no interrupt endpoint present\n"); 611 return -EFAULT; 612 } 613 614 if (get_user(timeout, arg)) 615 return -EFAULT; 616 617 expire = msecs_to_jiffies(timeout); 618 619 mutex_unlock(&data->io_mutex); 620 621 rv = wait_event_interruptible_timeout( 622 data->waitq, 623 atomic_read(&file_data->srq_asserted) != 0 || 624 atomic_read(&file_data->closing), 625 expire); 626 627 mutex_lock(&data->io_mutex); 628 629 /* Note! disconnect or close could be called in the meantime */ 630 if (atomic_read(&file_data->closing) || data->zombie) 631 rv = -ENODEV; 632 633 if (rv < 0) { 634 /* dev can be invalid now! */ 635 pr_debug("%s - wait interrupted %d\n", __func__, rv); 636 return rv; 637 } 638 639 if (rv == 0) { 640 dev_dbg(dev, "%s - wait timed out\n", __func__); 641 return -ETIMEDOUT; 642 } 643 644 dev_dbg(dev, "%s - srq asserted\n", __func__); 645 return 0; 646 } 647 648 static int usbtmc488_ioctl_simple(struct usbtmc_device_data *data, 649 void __user *arg, unsigned int cmd) 650 { 651 struct device *dev = &data->intf->dev; 652 __u8 val; 653 u8 *buffer; 654 u16 wValue; 655 int rv; 656 657 if (!(data->usb488_caps & USBTMC488_CAPABILITY_SIMPLE)) 658 return -EINVAL; 659 660 buffer = kmalloc(8, GFP_KERNEL); 661 if (!buffer) 662 return -ENOMEM; 663 664 if (cmd == USBTMC488_REQUEST_REN_CONTROL) { 665 rv = copy_from_user(&val, arg, sizeof(val)); 666 if (rv) { 667 rv = -EFAULT; 668 goto exit; 669 } 670 wValue = val ? 1 : 0; 671 } else { 672 wValue = 0; 673 } 674 675 rv = usb_control_msg(data->usb_dev, 676 usb_rcvctrlpipe(data->usb_dev, 0), 677 cmd, 678 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 679 wValue, 680 data->ifnum, 681 buffer, 0x01, USB_CTRL_GET_TIMEOUT); 682 if (rv < 0) { 683 dev_err(dev, "simple usb_control_msg failed %d\n", rv); 684 goto exit; 685 } else if (rv != 1) { 686 dev_warn(dev, "simple usb_control_msg returned %d\n", rv); 687 rv = -EIO; 688 goto exit; 689 } 690 691 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 692 dev_err(dev, "simple control status returned %x\n", buffer[0]); 693 rv = -EIO; 694 goto exit; 695 } 696 rv = 0; 697 698 exit: 699 kfree(buffer); 700 return rv; 701 } 702 703 /* 704 * Sends a TRIGGER Bulk-OUT command message 705 * See the USBTMC-USB488 specification, Table 2. 706 * 707 * Also updates bTag_last_write. 708 */ 709 static int usbtmc488_ioctl_trigger(struct usbtmc_file_data *file_data) 710 { 711 struct usbtmc_device_data *data = file_data->data; 712 int retval; 713 u8 *buffer; 714 int actual; 715 716 buffer = kzalloc(USBTMC_HEADER_SIZE, GFP_KERNEL); 717 if (!buffer) 718 return -ENOMEM; 719 720 buffer[0] = 128; 721 buffer[1] = data->bTag; 722 buffer[2] = ~data->bTag; 723 724 retval = usb_bulk_msg(data->usb_dev, 725 usb_sndbulkpipe(data->usb_dev, 726 data->bulk_out), 727 buffer, USBTMC_HEADER_SIZE, 728 &actual, file_data->timeout); 729 730 /* Store bTag (in case we need to abort) */ 731 data->bTag_last_write = data->bTag; 732 733 /* Increment bTag -- and increment again if zero */ 734 data->bTag++; 735 if (!data->bTag) 736 data->bTag++; 737 738 kfree(buffer); 739 if (retval < 0) { 740 dev_err(&data->intf->dev, "%s returned %d\n", 741 __func__, retval); 742 return retval; 743 } 744 745 return 0; 746 } 747 748 static struct urb *usbtmc_create_urb(void) 749 { 750 const size_t bufsize = USBTMC_BUFSIZE; 751 u8 *dmabuf = NULL; 752 struct urb *urb = usb_alloc_urb(0, GFP_KERNEL); 753 754 if (!urb) 755 return NULL; 756 757 dmabuf = kmalloc(bufsize, GFP_KERNEL); 758 if (!dmabuf) { 759 usb_free_urb(urb); 760 return NULL; 761 } 762 763 urb->transfer_buffer = dmabuf; 764 urb->transfer_buffer_length = bufsize; 765 urb->transfer_flags |= URB_FREE_BUFFER; 766 return urb; 767 } 768 769 static void usbtmc_read_bulk_cb(struct urb *urb) 770 { 771 struct usbtmc_file_data *file_data = urb->context; 772 int status = urb->status; 773 unsigned long flags; 774 775 /* sync/async unlink faults aren't errors */ 776 if (status) { 777 if (!(/* status == -ENOENT || */ 778 status == -ECONNRESET || 779 status == -EREMOTEIO || /* Short packet */ 780 status == -ESHUTDOWN)) 781 dev_err(&file_data->data->intf->dev, 782 "%s - nonzero read bulk status received: %d\n", 783 __func__, status); 784 785 spin_lock_irqsave(&file_data->err_lock, flags); 786 if (!file_data->in_status) 787 file_data->in_status = status; 788 spin_unlock_irqrestore(&file_data->err_lock, flags); 789 } 790 791 spin_lock_irqsave(&file_data->err_lock, flags); 792 file_data->in_transfer_size += urb->actual_length; 793 dev_dbg(&file_data->data->intf->dev, 794 "%s - total size: %u current: %d status: %d\n", 795 __func__, file_data->in_transfer_size, 796 urb->actual_length, status); 797 spin_unlock_irqrestore(&file_data->err_lock, flags); 798 usb_anchor_urb(urb, &file_data->in_anchor); 799 800 wake_up_interruptible(&file_data->wait_bulk_in); 801 wake_up_interruptible(&file_data->data->waitq); 802 } 803 804 static inline bool usbtmc_do_transfer(struct usbtmc_file_data *file_data) 805 { 806 bool data_or_error; 807 808 spin_lock_irq(&file_data->err_lock); 809 data_or_error = !usb_anchor_empty(&file_data->in_anchor) 810 || file_data->in_status; 811 spin_unlock_irq(&file_data->err_lock); 812 dev_dbg(&file_data->data->intf->dev, "%s: returns %d\n", __func__, 813 data_or_error); 814 return data_or_error; 815 } 816 817 static ssize_t usbtmc_generic_read(struct usbtmc_file_data *file_data, 818 void __user *user_buffer, 819 u32 transfer_size, 820 u32 *transferred, 821 u32 flags) 822 { 823 struct usbtmc_device_data *data = file_data->data; 824 struct device *dev = &data->intf->dev; 825 u32 done = 0; 826 u32 remaining; 827 const u32 bufsize = USBTMC_BUFSIZE; 828 int retval = 0; 829 u32 max_transfer_size; 830 unsigned long expire; 831 int bufcount = 1; 832 int again = 0; 833 834 /* mutex already locked */ 835 836 *transferred = done; 837 838 max_transfer_size = transfer_size; 839 840 if (flags & USBTMC_FLAG_IGNORE_TRAILER) { 841 /* The device may send extra alignment bytes (up to 842 * wMaxPacketSize – 1) to avoid sending a zero-length 843 * packet 844 */ 845 remaining = transfer_size; 846 if ((max_transfer_size % data->wMaxPacketSize) == 0) 847 max_transfer_size += (data->wMaxPacketSize - 1); 848 } else { 849 /* round down to bufsize to avoid truncated data left */ 850 if (max_transfer_size > bufsize) { 851 max_transfer_size = 852 roundup(max_transfer_size + 1 - bufsize, 853 bufsize); 854 } 855 remaining = max_transfer_size; 856 } 857 858 spin_lock_irq(&file_data->err_lock); 859 860 if (file_data->in_status) { 861 /* return the very first error */ 862 retval = file_data->in_status; 863 spin_unlock_irq(&file_data->err_lock); 864 goto error; 865 } 866 867 if (flags & USBTMC_FLAG_ASYNC) { 868 if (usb_anchor_empty(&file_data->in_anchor)) 869 again = 1; 870 871 if (file_data->in_urbs_used == 0) { 872 file_data->in_transfer_size = 0; 873 file_data->in_status = 0; 874 } 875 } else { 876 file_data->in_transfer_size = 0; 877 file_data->in_status = 0; 878 } 879 880 if (max_transfer_size == 0) { 881 bufcount = 0; 882 } else { 883 bufcount = roundup(max_transfer_size, bufsize) / bufsize; 884 if (bufcount > file_data->in_urbs_used) 885 bufcount -= file_data->in_urbs_used; 886 else 887 bufcount = 0; 888 889 if (bufcount + file_data->in_urbs_used > MAX_URBS_IN_FLIGHT) { 890 bufcount = MAX_URBS_IN_FLIGHT - 891 file_data->in_urbs_used; 892 } 893 } 894 spin_unlock_irq(&file_data->err_lock); 895 896 dev_dbg(dev, "%s: requested=%u flags=0x%X size=%u bufs=%d used=%d\n", 897 __func__, transfer_size, flags, 898 max_transfer_size, bufcount, file_data->in_urbs_used); 899 900 while (bufcount > 0) { 901 u8 *dmabuf = NULL; 902 struct urb *urb = usbtmc_create_urb(); 903 904 if (!urb) { 905 retval = -ENOMEM; 906 goto error; 907 } 908 909 dmabuf = urb->transfer_buffer; 910 911 usb_fill_bulk_urb(urb, data->usb_dev, 912 usb_rcvbulkpipe(data->usb_dev, data->bulk_in), 913 dmabuf, bufsize, 914 usbtmc_read_bulk_cb, file_data); 915 916 usb_anchor_urb(urb, &file_data->submitted); 917 retval = usb_submit_urb(urb, GFP_KERNEL); 918 /* urb is anchored. We can release our reference. */ 919 usb_free_urb(urb); 920 if (unlikely(retval)) { 921 usb_unanchor_urb(urb); 922 goto error; 923 } 924 file_data->in_urbs_used++; 925 bufcount--; 926 } 927 928 if (again) { 929 dev_dbg(dev, "%s: ret=again\n", __func__); 930 return -EAGAIN; 931 } 932 933 if (user_buffer == NULL) 934 return -EINVAL; 935 936 expire = msecs_to_jiffies(file_data->timeout); 937 938 while (max_transfer_size > 0) { 939 u32 this_part; 940 struct urb *urb = NULL; 941 942 if (!(flags & USBTMC_FLAG_ASYNC)) { 943 dev_dbg(dev, "%s: before wait time %lu\n", 944 __func__, expire); 945 retval = wait_event_interruptible_timeout( 946 file_data->wait_bulk_in, 947 usbtmc_do_transfer(file_data), 948 expire); 949 950 dev_dbg(dev, "%s: wait returned %d\n", 951 __func__, retval); 952 953 if (retval <= 0) { 954 if (retval == 0) 955 retval = -ETIMEDOUT; 956 goto error; 957 } 958 } 959 960 urb = usb_get_from_anchor(&file_data->in_anchor); 961 if (!urb) { 962 if (!(flags & USBTMC_FLAG_ASYNC)) { 963 /* synchronous case: must not happen */ 964 retval = -EFAULT; 965 goto error; 966 } 967 968 /* asynchronous case: ready, do not block or wait */ 969 *transferred = done; 970 dev_dbg(dev, "%s: (async) done=%u ret=0\n", 971 __func__, done); 972 return 0; 973 } 974 975 file_data->in_urbs_used--; 976 977 if (max_transfer_size > urb->actual_length) 978 max_transfer_size -= urb->actual_length; 979 else 980 max_transfer_size = 0; 981 982 if (remaining > urb->actual_length) 983 this_part = urb->actual_length; 984 else 985 this_part = remaining; 986 987 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1, 988 urb->transfer_buffer, urb->actual_length, true); 989 990 if (copy_to_user(user_buffer + done, 991 urb->transfer_buffer, this_part)) { 992 usb_free_urb(urb); 993 retval = -EFAULT; 994 goto error; 995 } 996 997 remaining -= this_part; 998 done += this_part; 999 1000 spin_lock_irq(&file_data->err_lock); 1001 if (urb->status) { 1002 /* return the very first error */ 1003 retval = file_data->in_status; 1004 spin_unlock_irq(&file_data->err_lock); 1005 usb_free_urb(urb); 1006 goto error; 1007 } 1008 spin_unlock_irq(&file_data->err_lock); 1009 1010 if (urb->actual_length < bufsize) { 1011 /* short packet or ZLP received => ready */ 1012 usb_free_urb(urb); 1013 retval = 1; 1014 break; 1015 } 1016 1017 if (!(flags & USBTMC_FLAG_ASYNC) && 1018 max_transfer_size > (bufsize * file_data->in_urbs_used)) { 1019 /* resubmit, since other buffers still not enough */ 1020 usb_anchor_urb(urb, &file_data->submitted); 1021 retval = usb_submit_urb(urb, GFP_KERNEL); 1022 if (unlikely(retval)) { 1023 usb_unanchor_urb(urb); 1024 usb_free_urb(urb); 1025 goto error; 1026 } 1027 file_data->in_urbs_used++; 1028 } 1029 usb_free_urb(urb); 1030 retval = 0; 1031 } 1032 1033 error: 1034 *transferred = done; 1035 1036 dev_dbg(dev, "%s: before kill\n", __func__); 1037 /* Attention: killing urbs can take long time (2 ms) */ 1038 usb_kill_anchored_urbs(&file_data->submitted); 1039 dev_dbg(dev, "%s: after kill\n", __func__); 1040 usb_scuttle_anchored_urbs(&file_data->in_anchor); 1041 file_data->in_urbs_used = 0; 1042 file_data->in_status = 0; /* no spinlock needed here */ 1043 dev_dbg(dev, "%s: done=%u ret=%d\n", __func__, done, retval); 1044 1045 return retval; 1046 } 1047 1048 static ssize_t usbtmc_ioctl_generic_read(struct usbtmc_file_data *file_data, 1049 void __user *arg) 1050 { 1051 struct usbtmc_message msg; 1052 ssize_t retval = 0; 1053 1054 /* mutex already locked */ 1055 1056 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message))) 1057 return -EFAULT; 1058 1059 retval = usbtmc_generic_read(file_data, msg.message, 1060 msg.transfer_size, &msg.transferred, 1061 msg.flags); 1062 1063 if (put_user(msg.transferred, 1064 &((struct usbtmc_message __user *)arg)->transferred)) 1065 return -EFAULT; 1066 1067 return retval; 1068 } 1069 1070 static void usbtmc_write_bulk_cb(struct urb *urb) 1071 { 1072 struct usbtmc_file_data *file_data = urb->context; 1073 int wakeup = 0; 1074 unsigned long flags; 1075 1076 spin_lock_irqsave(&file_data->err_lock, flags); 1077 file_data->out_transfer_size += urb->actual_length; 1078 1079 /* sync/async unlink faults aren't errors */ 1080 if (urb->status) { 1081 if (!(urb->status == -ENOENT || 1082 urb->status == -ECONNRESET || 1083 urb->status == -ESHUTDOWN)) 1084 dev_err(&file_data->data->intf->dev, 1085 "%s - nonzero write bulk status received: %d\n", 1086 __func__, urb->status); 1087 1088 if (!file_data->out_status) { 1089 file_data->out_status = urb->status; 1090 wakeup = 1; 1091 } 1092 } 1093 spin_unlock_irqrestore(&file_data->err_lock, flags); 1094 1095 dev_dbg(&file_data->data->intf->dev, 1096 "%s - write bulk total size: %u\n", 1097 __func__, file_data->out_transfer_size); 1098 1099 up(&file_data->limit_write_sem); 1100 if (usb_anchor_empty(&file_data->submitted) || wakeup) 1101 wake_up_interruptible(&file_data->data->waitq); 1102 } 1103 1104 static ssize_t usbtmc_generic_write(struct usbtmc_file_data *file_data, 1105 const void __user *user_buffer, 1106 u32 transfer_size, 1107 u32 *transferred, 1108 u32 flags) 1109 { 1110 struct usbtmc_device_data *data = file_data->data; 1111 struct device *dev; 1112 u32 done = 0; 1113 u32 remaining; 1114 unsigned long expire; 1115 const u32 bufsize = USBTMC_BUFSIZE; 1116 struct urb *urb = NULL; 1117 int retval = 0; 1118 u32 timeout; 1119 1120 *transferred = 0; 1121 1122 /* Get pointer to private data structure */ 1123 dev = &data->intf->dev; 1124 1125 dev_dbg(dev, "%s: size=%u flags=0x%X sema=%u\n", 1126 __func__, transfer_size, flags, 1127 file_data->limit_write_sem.count); 1128 1129 if (flags & USBTMC_FLAG_APPEND) { 1130 spin_lock_irq(&file_data->err_lock); 1131 retval = file_data->out_status; 1132 spin_unlock_irq(&file_data->err_lock); 1133 if (retval < 0) 1134 return retval; 1135 } else { 1136 spin_lock_irq(&file_data->err_lock); 1137 file_data->out_transfer_size = 0; 1138 file_data->out_status = 0; 1139 spin_unlock_irq(&file_data->err_lock); 1140 } 1141 1142 remaining = transfer_size; 1143 if (remaining > INT_MAX) 1144 remaining = INT_MAX; 1145 1146 timeout = file_data->timeout; 1147 expire = msecs_to_jiffies(timeout); 1148 1149 while (remaining > 0) { 1150 u32 this_part, aligned; 1151 u8 *buffer = NULL; 1152 1153 if (flags & USBTMC_FLAG_ASYNC) { 1154 if (down_trylock(&file_data->limit_write_sem)) { 1155 retval = (done)?(0):(-EAGAIN); 1156 goto exit; 1157 } 1158 } else { 1159 retval = down_timeout(&file_data->limit_write_sem, 1160 expire); 1161 if (retval < 0) { 1162 retval = -ETIMEDOUT; 1163 goto error; 1164 } 1165 } 1166 1167 spin_lock_irq(&file_data->err_lock); 1168 retval = file_data->out_status; 1169 spin_unlock_irq(&file_data->err_lock); 1170 if (retval < 0) { 1171 up(&file_data->limit_write_sem); 1172 goto error; 1173 } 1174 1175 /* prepare next urb to send */ 1176 urb = usbtmc_create_urb(); 1177 if (!urb) { 1178 retval = -ENOMEM; 1179 up(&file_data->limit_write_sem); 1180 goto error; 1181 } 1182 buffer = urb->transfer_buffer; 1183 1184 if (remaining > bufsize) 1185 this_part = bufsize; 1186 else 1187 this_part = remaining; 1188 1189 if (copy_from_user(buffer, user_buffer + done, this_part)) { 1190 retval = -EFAULT; 1191 up(&file_data->limit_write_sem); 1192 goto error; 1193 } 1194 1195 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1196 16, 1, buffer, this_part, true); 1197 1198 /* fill bulk with 32 bit alignment to meet USBTMC specification 1199 * (size + 3 & ~3) rounds up and simplifies user code 1200 */ 1201 aligned = (this_part + 3) & ~3; 1202 dev_dbg(dev, "write(size:%u align:%u done:%u)\n", 1203 (unsigned int)this_part, 1204 (unsigned int)aligned, 1205 (unsigned int)done); 1206 1207 usb_fill_bulk_urb(urb, data->usb_dev, 1208 usb_sndbulkpipe(data->usb_dev, data->bulk_out), 1209 urb->transfer_buffer, aligned, 1210 usbtmc_write_bulk_cb, file_data); 1211 1212 usb_anchor_urb(urb, &file_data->submitted); 1213 retval = usb_submit_urb(urb, GFP_KERNEL); 1214 if (unlikely(retval)) { 1215 usb_unanchor_urb(urb); 1216 up(&file_data->limit_write_sem); 1217 goto error; 1218 } 1219 1220 usb_free_urb(urb); 1221 urb = NULL; /* urb will be finally released by usb driver */ 1222 1223 remaining -= this_part; 1224 done += this_part; 1225 } 1226 1227 /* All urbs are on the fly */ 1228 if (!(flags & USBTMC_FLAG_ASYNC)) { 1229 if (!usb_wait_anchor_empty_timeout(&file_data->submitted, 1230 timeout)) { 1231 retval = -ETIMEDOUT; 1232 goto error; 1233 } 1234 } 1235 1236 retval = 0; 1237 goto exit; 1238 1239 error: 1240 usb_kill_anchored_urbs(&file_data->submitted); 1241 exit: 1242 usb_free_urb(urb); 1243 1244 spin_lock_irq(&file_data->err_lock); 1245 if (!(flags & USBTMC_FLAG_ASYNC)) 1246 done = file_data->out_transfer_size; 1247 if (!retval && file_data->out_status) 1248 retval = file_data->out_status; 1249 spin_unlock_irq(&file_data->err_lock); 1250 1251 *transferred = done; 1252 1253 dev_dbg(dev, "%s: done=%u, retval=%d, urbstat=%d\n", 1254 __func__, done, retval, file_data->out_status); 1255 1256 return retval; 1257 } 1258 1259 static ssize_t usbtmc_ioctl_generic_write(struct usbtmc_file_data *file_data, 1260 void __user *arg) 1261 { 1262 struct usbtmc_message msg; 1263 ssize_t retval = 0; 1264 1265 /* mutex already locked */ 1266 1267 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message))) 1268 return -EFAULT; 1269 1270 retval = usbtmc_generic_write(file_data, msg.message, 1271 msg.transfer_size, &msg.transferred, 1272 msg.flags); 1273 1274 if (put_user(msg.transferred, 1275 &((struct usbtmc_message __user *)arg)->transferred)) 1276 return -EFAULT; 1277 1278 return retval; 1279 } 1280 1281 /* 1282 * Get the generic write result 1283 */ 1284 static ssize_t usbtmc_ioctl_write_result(struct usbtmc_file_data *file_data, 1285 void __user *arg) 1286 { 1287 u32 transferred; 1288 int retval; 1289 1290 spin_lock_irq(&file_data->err_lock); 1291 transferred = file_data->out_transfer_size; 1292 retval = file_data->out_status; 1293 spin_unlock_irq(&file_data->err_lock); 1294 1295 if (put_user(transferred, (__u32 __user *)arg)) 1296 return -EFAULT; 1297 1298 return retval; 1299 } 1300 1301 /* 1302 * Sends a REQUEST_DEV_DEP_MSG_IN message on the Bulk-OUT endpoint. 1303 * @transfer_size: number of bytes to request from the device. 1304 * 1305 * See the USBTMC specification, Table 4. 1306 * 1307 * Also updates bTag_last_write. 1308 */ 1309 static int send_request_dev_dep_msg_in(struct usbtmc_file_data *file_data, 1310 u32 transfer_size) 1311 { 1312 struct usbtmc_device_data *data = file_data->data; 1313 int retval; 1314 u8 *buffer; 1315 int actual; 1316 1317 buffer = kmalloc(USBTMC_HEADER_SIZE, GFP_KERNEL); 1318 if (!buffer) 1319 return -ENOMEM; 1320 /* Setup IO buffer for REQUEST_DEV_DEP_MSG_IN message 1321 * Refer to class specs for details 1322 */ 1323 buffer[0] = 2; 1324 buffer[1] = data->bTag; 1325 buffer[2] = ~data->bTag; 1326 buffer[3] = 0; /* Reserved */ 1327 buffer[4] = transfer_size >> 0; 1328 buffer[5] = transfer_size >> 8; 1329 buffer[6] = transfer_size >> 16; 1330 buffer[7] = transfer_size >> 24; 1331 buffer[8] = file_data->term_char_enabled * 2; 1332 /* Use term character? */ 1333 buffer[9] = file_data->term_char; 1334 buffer[10] = 0; /* Reserved */ 1335 buffer[11] = 0; /* Reserved */ 1336 1337 /* Send bulk URB */ 1338 retval = usb_bulk_msg(data->usb_dev, 1339 usb_sndbulkpipe(data->usb_dev, 1340 data->bulk_out), 1341 buffer, USBTMC_HEADER_SIZE, 1342 &actual, file_data->timeout); 1343 1344 /* Store bTag (in case we need to abort) */ 1345 data->bTag_last_write = data->bTag; 1346 1347 /* Increment bTag -- and increment again if zero */ 1348 data->bTag++; 1349 if (!data->bTag) 1350 data->bTag++; 1351 1352 kfree(buffer); 1353 if (retval < 0) 1354 dev_err(&data->intf->dev, "%s returned %d\n", 1355 __func__, retval); 1356 1357 return retval; 1358 } 1359 1360 static ssize_t usbtmc_read(struct file *filp, char __user *buf, 1361 size_t count, loff_t *f_pos) 1362 { 1363 struct usbtmc_file_data *file_data; 1364 struct usbtmc_device_data *data; 1365 struct device *dev; 1366 const u32 bufsize = USBTMC_BUFSIZE; 1367 u32 n_characters; 1368 u8 *buffer; 1369 int actual; 1370 u32 done = 0; 1371 u32 remaining; 1372 int retval; 1373 1374 /* Get pointer to private data structure */ 1375 file_data = filp->private_data; 1376 data = file_data->data; 1377 dev = &data->intf->dev; 1378 1379 buffer = kmalloc(bufsize, GFP_KERNEL); 1380 if (!buffer) 1381 return -ENOMEM; 1382 1383 mutex_lock(&data->io_mutex); 1384 if (data->zombie) { 1385 retval = -ENODEV; 1386 goto exit; 1387 } 1388 1389 if (count > INT_MAX) 1390 count = INT_MAX; 1391 1392 dev_dbg(dev, "%s(count:%zu)\n", __func__, count); 1393 1394 retval = send_request_dev_dep_msg_in(file_data, count); 1395 1396 if (retval < 0) { 1397 if (file_data->auto_abort) 1398 usbtmc_ioctl_abort_bulk_out(data); 1399 goto exit; 1400 } 1401 1402 /* Loop until we have fetched everything we requested */ 1403 remaining = count; 1404 actual = 0; 1405 1406 /* Send bulk URB */ 1407 retval = usb_bulk_msg(data->usb_dev, 1408 usb_rcvbulkpipe(data->usb_dev, 1409 data->bulk_in), 1410 buffer, bufsize, &actual, 1411 file_data->timeout); 1412 1413 dev_dbg(dev, "%s: bulk_msg retval(%u), actual(%d)\n", 1414 __func__, retval, actual); 1415 1416 /* Store bTag (in case we need to abort) */ 1417 data->bTag_last_read = data->bTag; 1418 1419 if (retval < 0) { 1420 if (file_data->auto_abort) 1421 usbtmc_ioctl_abort_bulk_in(data); 1422 goto exit; 1423 } 1424 1425 /* Sanity checks for the header */ 1426 if (actual < USBTMC_HEADER_SIZE) { 1427 dev_err(dev, "Device sent too small first packet: %u < %u\n", 1428 actual, USBTMC_HEADER_SIZE); 1429 if (file_data->auto_abort) 1430 usbtmc_ioctl_abort_bulk_in(data); 1431 goto exit; 1432 } 1433 1434 if (buffer[0] != 2) { 1435 dev_err(dev, "Device sent reply with wrong MsgID: %u != 2\n", 1436 buffer[0]); 1437 if (file_data->auto_abort) 1438 usbtmc_ioctl_abort_bulk_in(data); 1439 goto exit; 1440 } 1441 1442 if (buffer[1] != data->bTag_last_write) { 1443 dev_err(dev, "Device sent reply with wrong bTag: %u != %u\n", 1444 buffer[1], data->bTag_last_write); 1445 if (file_data->auto_abort) 1446 usbtmc_ioctl_abort_bulk_in(data); 1447 goto exit; 1448 } 1449 1450 /* How many characters did the instrument send? */ 1451 n_characters = buffer[4] + 1452 (buffer[5] << 8) + 1453 (buffer[6] << 16) + 1454 (buffer[7] << 24); 1455 1456 file_data->bmTransferAttributes = buffer[8]; 1457 1458 dev_dbg(dev, "Bulk-IN header: N_characters(%u), bTransAttr(%u)\n", 1459 n_characters, buffer[8]); 1460 1461 if (n_characters > remaining) { 1462 dev_err(dev, "Device wants to return more data than requested: %u > %zu\n", 1463 n_characters, count); 1464 if (file_data->auto_abort) 1465 usbtmc_ioctl_abort_bulk_in(data); 1466 goto exit; 1467 } 1468 1469 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1470 16, 1, buffer, actual, true); 1471 1472 remaining = n_characters; 1473 1474 /* Remove the USBTMC header */ 1475 actual -= USBTMC_HEADER_SIZE; 1476 1477 /* Remove padding if it exists */ 1478 if (actual > remaining) 1479 actual = remaining; 1480 1481 remaining -= actual; 1482 1483 /* Copy buffer to user space */ 1484 if (copy_to_user(buf, &buffer[USBTMC_HEADER_SIZE], actual)) { 1485 /* There must have been an addressing problem */ 1486 retval = -EFAULT; 1487 goto exit; 1488 } 1489 1490 if ((actual + USBTMC_HEADER_SIZE) == bufsize) { 1491 retval = usbtmc_generic_read(file_data, buf + actual, 1492 remaining, 1493 &done, 1494 USBTMC_FLAG_IGNORE_TRAILER); 1495 if (retval < 0) 1496 goto exit; 1497 } 1498 done += actual; 1499 1500 /* Update file position value */ 1501 *f_pos = *f_pos + done; 1502 retval = done; 1503 1504 exit: 1505 mutex_unlock(&data->io_mutex); 1506 kfree(buffer); 1507 return retval; 1508 } 1509 1510 static ssize_t usbtmc_write(struct file *filp, const char __user *buf, 1511 size_t count, loff_t *f_pos) 1512 { 1513 struct usbtmc_file_data *file_data; 1514 struct usbtmc_device_data *data; 1515 struct urb *urb = NULL; 1516 ssize_t retval = 0; 1517 u8 *buffer; 1518 u32 remaining, done; 1519 u32 transfersize, aligned, buflen; 1520 1521 file_data = filp->private_data; 1522 data = file_data->data; 1523 1524 mutex_lock(&data->io_mutex); 1525 1526 if (data->zombie) { 1527 retval = -ENODEV; 1528 goto exit; 1529 } 1530 1531 done = 0; 1532 1533 spin_lock_irq(&file_data->err_lock); 1534 file_data->out_transfer_size = 0; 1535 file_data->out_status = 0; 1536 spin_unlock_irq(&file_data->err_lock); 1537 1538 if (!count) 1539 goto exit; 1540 1541 if (down_trylock(&file_data->limit_write_sem)) { 1542 /* previous calls were async */ 1543 retval = -EBUSY; 1544 goto exit; 1545 } 1546 1547 urb = usbtmc_create_urb(); 1548 if (!urb) { 1549 retval = -ENOMEM; 1550 up(&file_data->limit_write_sem); 1551 goto exit; 1552 } 1553 1554 buffer = urb->transfer_buffer; 1555 buflen = urb->transfer_buffer_length; 1556 1557 if (count > INT_MAX) { 1558 transfersize = INT_MAX; 1559 buffer[8] = 0; 1560 } else { 1561 transfersize = count; 1562 buffer[8] = file_data->eom_val; 1563 } 1564 1565 /* Setup IO buffer for DEV_DEP_MSG_OUT message */ 1566 buffer[0] = 1; 1567 buffer[1] = data->bTag; 1568 buffer[2] = ~data->bTag; 1569 buffer[3] = 0; /* Reserved */ 1570 buffer[4] = transfersize >> 0; 1571 buffer[5] = transfersize >> 8; 1572 buffer[6] = transfersize >> 16; 1573 buffer[7] = transfersize >> 24; 1574 /* buffer[8] is set above... */ 1575 buffer[9] = 0; /* Reserved */ 1576 buffer[10] = 0; /* Reserved */ 1577 buffer[11] = 0; /* Reserved */ 1578 1579 remaining = transfersize; 1580 1581 if (transfersize + USBTMC_HEADER_SIZE > buflen) { 1582 transfersize = buflen - USBTMC_HEADER_SIZE; 1583 aligned = buflen; 1584 } else { 1585 aligned = (transfersize + (USBTMC_HEADER_SIZE + 3)) & ~3; 1586 } 1587 1588 if (copy_from_user(&buffer[USBTMC_HEADER_SIZE], buf, transfersize)) { 1589 retval = -EFAULT; 1590 up(&file_data->limit_write_sem); 1591 goto exit; 1592 } 1593 1594 dev_dbg(&data->intf->dev, "%s(size:%u align:%u)\n", __func__, 1595 (unsigned int)transfersize, (unsigned int)aligned); 1596 1597 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1598 16, 1, buffer, aligned, true); 1599 1600 usb_fill_bulk_urb(urb, data->usb_dev, 1601 usb_sndbulkpipe(data->usb_dev, data->bulk_out), 1602 urb->transfer_buffer, aligned, 1603 usbtmc_write_bulk_cb, file_data); 1604 1605 usb_anchor_urb(urb, &file_data->submitted); 1606 retval = usb_submit_urb(urb, GFP_KERNEL); 1607 if (unlikely(retval)) { 1608 usb_unanchor_urb(urb); 1609 up(&file_data->limit_write_sem); 1610 goto exit; 1611 } 1612 1613 remaining -= transfersize; 1614 1615 data->bTag_last_write = data->bTag; 1616 data->bTag++; 1617 1618 if (!data->bTag) 1619 data->bTag++; 1620 1621 /* call generic_write even when remaining = 0 */ 1622 retval = usbtmc_generic_write(file_data, buf + transfersize, remaining, 1623 &done, USBTMC_FLAG_APPEND); 1624 /* truncate alignment bytes */ 1625 if (done > remaining) 1626 done = remaining; 1627 1628 /*add size of first urb*/ 1629 done += transfersize; 1630 1631 if (retval < 0) { 1632 usb_kill_anchored_urbs(&file_data->submitted); 1633 1634 dev_err(&data->intf->dev, 1635 "Unable to send data, error %d\n", (int)retval); 1636 if (file_data->auto_abort) 1637 usbtmc_ioctl_abort_bulk_out(data); 1638 goto exit; 1639 } 1640 1641 retval = done; 1642 exit: 1643 usb_free_urb(urb); 1644 mutex_unlock(&data->io_mutex); 1645 return retval; 1646 } 1647 1648 static int usbtmc_ioctl_clear(struct usbtmc_device_data *data) 1649 { 1650 struct device *dev; 1651 u8 *buffer; 1652 int rv; 1653 int n; 1654 int actual = 0; 1655 1656 dev = &data->intf->dev; 1657 1658 dev_dbg(dev, "Sending INITIATE_CLEAR request\n"); 1659 1660 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL); 1661 if (!buffer) 1662 return -ENOMEM; 1663 1664 rv = usb_control_msg(data->usb_dev, 1665 usb_rcvctrlpipe(data->usb_dev, 0), 1666 USBTMC_REQUEST_INITIATE_CLEAR, 1667 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1668 0, 0, buffer, 1, USB_CTRL_GET_TIMEOUT); 1669 if (rv < 0) { 1670 dev_err(dev, "usb_control_msg returned %d\n", rv); 1671 goto exit; 1672 } 1673 1674 dev_dbg(dev, "INITIATE_CLEAR returned %x\n", buffer[0]); 1675 1676 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 1677 dev_err(dev, "INITIATE_CLEAR returned %x\n", buffer[0]); 1678 rv = -EPERM; 1679 goto exit; 1680 } 1681 1682 n = 0; 1683 1684 usbtmc_clear_check_status: 1685 1686 dev_dbg(dev, "Sending CHECK_CLEAR_STATUS request\n"); 1687 1688 rv = usb_control_msg(data->usb_dev, 1689 usb_rcvctrlpipe(data->usb_dev, 0), 1690 USBTMC_REQUEST_CHECK_CLEAR_STATUS, 1691 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1692 0, 0, buffer, 2, USB_CTRL_GET_TIMEOUT); 1693 if (rv < 0) { 1694 dev_err(dev, "usb_control_msg returned %d\n", rv); 1695 goto exit; 1696 } 1697 1698 dev_dbg(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]); 1699 1700 if (buffer[0] == USBTMC_STATUS_SUCCESS) 1701 goto usbtmc_clear_bulk_out_halt; 1702 1703 if (buffer[0] != USBTMC_STATUS_PENDING) { 1704 dev_err(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]); 1705 rv = -EPERM; 1706 goto exit; 1707 } 1708 1709 if ((buffer[1] & 1) != 0) { 1710 do { 1711 dev_dbg(dev, "Reading from bulk in EP\n"); 1712 1713 actual = 0; 1714 rv = usb_bulk_msg(data->usb_dev, 1715 usb_rcvbulkpipe(data->usb_dev, 1716 data->bulk_in), 1717 buffer, USBTMC_BUFSIZE, 1718 &actual, USB_CTRL_GET_TIMEOUT); 1719 1720 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1721 16, 1, buffer, actual, true); 1722 1723 n++; 1724 1725 if (rv < 0) { 1726 dev_err(dev, "usb_control_msg returned %d\n", 1727 rv); 1728 goto exit; 1729 } 1730 } while ((actual == USBTMC_BUFSIZE) && 1731 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN)); 1732 } else { 1733 /* do not stress device with subsequent requests */ 1734 msleep(50); 1735 n++; 1736 } 1737 1738 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) { 1739 dev_err(dev, "Couldn't clear device buffer within %d cycles\n", 1740 USBTMC_MAX_READS_TO_CLEAR_BULK_IN); 1741 rv = -EPERM; 1742 goto exit; 1743 } 1744 1745 goto usbtmc_clear_check_status; 1746 1747 usbtmc_clear_bulk_out_halt: 1748 1749 rv = usb_clear_halt(data->usb_dev, 1750 usb_sndbulkpipe(data->usb_dev, data->bulk_out)); 1751 if (rv < 0) { 1752 dev_err(dev, "usb_clear_halt returned %d\n", rv); 1753 goto exit; 1754 } 1755 rv = 0; 1756 1757 exit: 1758 kfree(buffer); 1759 return rv; 1760 } 1761 1762 static int usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data *data) 1763 { 1764 int rv; 1765 1766 rv = usb_clear_halt(data->usb_dev, 1767 usb_sndbulkpipe(data->usb_dev, data->bulk_out)); 1768 1769 if (rv < 0) 1770 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv); 1771 return rv; 1772 } 1773 1774 static int usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data *data) 1775 { 1776 int rv; 1777 1778 rv = usb_clear_halt(data->usb_dev, 1779 usb_rcvbulkpipe(data->usb_dev, data->bulk_in)); 1780 1781 if (rv < 0) 1782 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv); 1783 return rv; 1784 } 1785 1786 static int usbtmc_ioctl_cancel_io(struct usbtmc_file_data *file_data) 1787 { 1788 spin_lock_irq(&file_data->err_lock); 1789 file_data->in_status = -ECANCELED; 1790 file_data->out_status = -ECANCELED; 1791 spin_unlock_irq(&file_data->err_lock); 1792 usb_kill_anchored_urbs(&file_data->submitted); 1793 return 0; 1794 } 1795 1796 static int usbtmc_ioctl_cleanup_io(struct usbtmc_file_data *file_data) 1797 { 1798 usb_kill_anchored_urbs(&file_data->submitted); 1799 usb_scuttle_anchored_urbs(&file_data->in_anchor); 1800 spin_lock_irq(&file_data->err_lock); 1801 file_data->in_status = 0; 1802 file_data->in_transfer_size = 0; 1803 file_data->out_status = 0; 1804 file_data->out_transfer_size = 0; 1805 spin_unlock_irq(&file_data->err_lock); 1806 1807 file_data->in_urbs_used = 0; 1808 return 0; 1809 } 1810 1811 static int get_capabilities(struct usbtmc_device_data *data) 1812 { 1813 struct device *dev = &data->usb_dev->dev; 1814 char *buffer; 1815 int rv = 0; 1816 1817 buffer = kmalloc(0x18, GFP_KERNEL); 1818 if (!buffer) 1819 return -ENOMEM; 1820 1821 rv = usb_control_msg(data->usb_dev, usb_rcvctrlpipe(data->usb_dev, 0), 1822 USBTMC_REQUEST_GET_CAPABILITIES, 1823 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1824 0, 0, buffer, 0x18, USB_CTRL_GET_TIMEOUT); 1825 if (rv < 0) { 1826 dev_err(dev, "usb_control_msg returned %d\n", rv); 1827 goto err_out; 1828 } 1829 1830 dev_dbg(dev, "GET_CAPABILITIES returned %x\n", buffer[0]); 1831 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 1832 dev_err(dev, "GET_CAPABILITIES returned %x\n", buffer[0]); 1833 rv = -EPERM; 1834 goto err_out; 1835 } 1836 dev_dbg(dev, "Interface capabilities are %x\n", buffer[4]); 1837 dev_dbg(dev, "Device capabilities are %x\n", buffer[5]); 1838 dev_dbg(dev, "USB488 interface capabilities are %x\n", buffer[14]); 1839 dev_dbg(dev, "USB488 device capabilities are %x\n", buffer[15]); 1840 1841 data->capabilities.interface_capabilities = buffer[4]; 1842 data->capabilities.device_capabilities = buffer[5]; 1843 data->capabilities.usb488_interface_capabilities = buffer[14]; 1844 data->capabilities.usb488_device_capabilities = buffer[15]; 1845 data->usb488_caps = (buffer[14] & 0x07) | ((buffer[15] & 0x0f) << 4); 1846 rv = 0; 1847 1848 err_out: 1849 kfree(buffer); 1850 return rv; 1851 } 1852 1853 #define capability_attribute(name) \ 1854 static ssize_t name##_show(struct device *dev, \ 1855 struct device_attribute *attr, char *buf) \ 1856 { \ 1857 struct usb_interface *intf = to_usb_interface(dev); \ 1858 struct usbtmc_device_data *data = usb_get_intfdata(intf); \ 1859 \ 1860 return sprintf(buf, "%d\n", data->capabilities.name); \ 1861 } \ 1862 static DEVICE_ATTR_RO(name) 1863 1864 capability_attribute(interface_capabilities); 1865 capability_attribute(device_capabilities); 1866 capability_attribute(usb488_interface_capabilities); 1867 capability_attribute(usb488_device_capabilities); 1868 1869 static struct attribute *usbtmc_attrs[] = { 1870 &dev_attr_interface_capabilities.attr, 1871 &dev_attr_device_capabilities.attr, 1872 &dev_attr_usb488_interface_capabilities.attr, 1873 &dev_attr_usb488_device_capabilities.attr, 1874 NULL, 1875 }; 1876 ATTRIBUTE_GROUPS(usbtmc); 1877 1878 static int usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data *data) 1879 { 1880 struct device *dev; 1881 u8 *buffer; 1882 int rv; 1883 1884 dev = &data->intf->dev; 1885 1886 buffer = kmalloc(2, GFP_KERNEL); 1887 if (!buffer) 1888 return -ENOMEM; 1889 1890 rv = usb_control_msg(data->usb_dev, 1891 usb_rcvctrlpipe(data->usb_dev, 0), 1892 USBTMC_REQUEST_INDICATOR_PULSE, 1893 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1894 0, 0, buffer, 0x01, USB_CTRL_GET_TIMEOUT); 1895 1896 if (rv < 0) { 1897 dev_err(dev, "usb_control_msg returned %d\n", rv); 1898 goto exit; 1899 } 1900 1901 dev_dbg(dev, "INDICATOR_PULSE returned %x\n", buffer[0]); 1902 1903 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 1904 dev_err(dev, "INDICATOR_PULSE returned %x\n", buffer[0]); 1905 rv = -EPERM; 1906 goto exit; 1907 } 1908 rv = 0; 1909 1910 exit: 1911 kfree(buffer); 1912 return rv; 1913 } 1914 1915 static int usbtmc_ioctl_request(struct usbtmc_device_data *data, 1916 void __user *arg) 1917 { 1918 struct device *dev = &data->intf->dev; 1919 struct usbtmc_ctrlrequest request; 1920 u8 *buffer = NULL; 1921 int rv; 1922 unsigned long res; 1923 1924 res = copy_from_user(&request, arg, sizeof(struct usbtmc_ctrlrequest)); 1925 if (res) 1926 return -EFAULT; 1927 1928 if (request.req.wLength > USBTMC_BUFSIZE) 1929 return -EMSGSIZE; 1930 1931 if (request.req.wLength) { 1932 buffer = kmalloc(request.req.wLength, GFP_KERNEL); 1933 if (!buffer) 1934 return -ENOMEM; 1935 1936 if ((request.req.bRequestType & USB_DIR_IN) == 0) { 1937 /* Send control data to device */ 1938 res = copy_from_user(buffer, request.data, 1939 request.req.wLength); 1940 if (res) { 1941 rv = -EFAULT; 1942 goto exit; 1943 } 1944 } 1945 } 1946 1947 rv = usb_control_msg(data->usb_dev, 1948 usb_rcvctrlpipe(data->usb_dev, 0), 1949 request.req.bRequest, 1950 request.req.bRequestType, 1951 request.req.wValue, 1952 request.req.wIndex, 1953 buffer, request.req.wLength, USB_CTRL_GET_TIMEOUT); 1954 1955 if (rv < 0) { 1956 dev_err(dev, "%s failed %d\n", __func__, rv); 1957 goto exit; 1958 } 1959 1960 if (rv && (request.req.bRequestType & USB_DIR_IN)) { 1961 /* Read control data from device */ 1962 res = copy_to_user(request.data, buffer, rv); 1963 if (res) 1964 rv = -EFAULT; 1965 } 1966 1967 exit: 1968 kfree(buffer); 1969 return rv; 1970 } 1971 1972 /* 1973 * Get the usb timeout value 1974 */ 1975 static int usbtmc_ioctl_get_timeout(struct usbtmc_file_data *file_data, 1976 void __user *arg) 1977 { 1978 u32 timeout; 1979 1980 timeout = file_data->timeout; 1981 1982 return put_user(timeout, (__u32 __user *)arg); 1983 } 1984 1985 /* 1986 * Set the usb timeout value 1987 */ 1988 static int usbtmc_ioctl_set_timeout(struct usbtmc_file_data *file_data, 1989 void __user *arg) 1990 { 1991 u32 timeout; 1992 1993 if (get_user(timeout, (__u32 __user *)arg)) 1994 return -EFAULT; 1995 1996 /* Note that timeout = 0 means 1997 * MAX_SCHEDULE_TIMEOUT in usb_control_msg 1998 */ 1999 if (timeout < USBTMC_MIN_TIMEOUT) 2000 return -EINVAL; 2001 2002 file_data->timeout = timeout; 2003 2004 return 0; 2005 } 2006 2007 /* 2008 * enables/disables sending EOM on write 2009 */ 2010 static int usbtmc_ioctl_eom_enable(struct usbtmc_file_data *file_data, 2011 void __user *arg) 2012 { 2013 u8 eom_enable; 2014 2015 if (copy_from_user(&eom_enable, arg, sizeof(eom_enable))) 2016 return -EFAULT; 2017 2018 if (eom_enable > 1) 2019 return -EINVAL; 2020 2021 file_data->eom_val = eom_enable; 2022 2023 return 0; 2024 } 2025 2026 /* 2027 * Configure termination character for read() 2028 */ 2029 static int usbtmc_ioctl_config_termc(struct usbtmc_file_data *file_data, 2030 void __user *arg) 2031 { 2032 struct usbtmc_termchar termc; 2033 2034 if (copy_from_user(&termc, arg, sizeof(termc))) 2035 return -EFAULT; 2036 2037 if ((termc.term_char_enabled > 1) || 2038 (termc.term_char_enabled && 2039 !(file_data->data->capabilities.device_capabilities & 1))) 2040 return -EINVAL; 2041 2042 file_data->term_char = termc.term_char; 2043 file_data->term_char_enabled = termc.term_char_enabled; 2044 2045 return 0; 2046 } 2047 2048 static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2049 { 2050 struct usbtmc_file_data *file_data; 2051 struct usbtmc_device_data *data; 2052 int retval = -EBADRQC; 2053 __u8 tmp_byte; 2054 2055 file_data = file->private_data; 2056 data = file_data->data; 2057 2058 mutex_lock(&data->io_mutex); 2059 if (data->zombie) { 2060 retval = -ENODEV; 2061 goto skip_io_on_zombie; 2062 } 2063 2064 switch (cmd) { 2065 case USBTMC_IOCTL_CLEAR_OUT_HALT: 2066 retval = usbtmc_ioctl_clear_out_halt(data); 2067 break; 2068 2069 case USBTMC_IOCTL_CLEAR_IN_HALT: 2070 retval = usbtmc_ioctl_clear_in_halt(data); 2071 break; 2072 2073 case USBTMC_IOCTL_INDICATOR_PULSE: 2074 retval = usbtmc_ioctl_indicator_pulse(data); 2075 break; 2076 2077 case USBTMC_IOCTL_CLEAR: 2078 retval = usbtmc_ioctl_clear(data); 2079 break; 2080 2081 case USBTMC_IOCTL_ABORT_BULK_OUT: 2082 retval = usbtmc_ioctl_abort_bulk_out(data); 2083 break; 2084 2085 case USBTMC_IOCTL_ABORT_BULK_IN: 2086 retval = usbtmc_ioctl_abort_bulk_in(data); 2087 break; 2088 2089 case USBTMC_IOCTL_CTRL_REQUEST: 2090 retval = usbtmc_ioctl_request(data, (void __user *)arg); 2091 break; 2092 2093 case USBTMC_IOCTL_GET_TIMEOUT: 2094 retval = usbtmc_ioctl_get_timeout(file_data, 2095 (void __user *)arg); 2096 break; 2097 2098 case USBTMC_IOCTL_SET_TIMEOUT: 2099 retval = usbtmc_ioctl_set_timeout(file_data, 2100 (void __user *)arg); 2101 break; 2102 2103 case USBTMC_IOCTL_EOM_ENABLE: 2104 retval = usbtmc_ioctl_eom_enable(file_data, 2105 (void __user *)arg); 2106 break; 2107 2108 case USBTMC_IOCTL_CONFIG_TERMCHAR: 2109 retval = usbtmc_ioctl_config_termc(file_data, 2110 (void __user *)arg); 2111 break; 2112 2113 case USBTMC_IOCTL_WRITE: 2114 retval = usbtmc_ioctl_generic_write(file_data, 2115 (void __user *)arg); 2116 break; 2117 2118 case USBTMC_IOCTL_READ: 2119 retval = usbtmc_ioctl_generic_read(file_data, 2120 (void __user *)arg); 2121 break; 2122 2123 case USBTMC_IOCTL_WRITE_RESULT: 2124 retval = usbtmc_ioctl_write_result(file_data, 2125 (void __user *)arg); 2126 break; 2127 2128 case USBTMC_IOCTL_API_VERSION: 2129 retval = put_user(USBTMC_API_VERSION, 2130 (__u32 __user *)arg); 2131 break; 2132 2133 case USBTMC488_IOCTL_GET_CAPS: 2134 retval = put_user(data->usb488_caps, 2135 (unsigned char __user *)arg); 2136 break; 2137 2138 case USBTMC488_IOCTL_READ_STB: 2139 retval = usbtmc488_ioctl_read_stb(file_data, 2140 (void __user *)arg); 2141 break; 2142 2143 case USBTMC488_IOCTL_REN_CONTROL: 2144 retval = usbtmc488_ioctl_simple(data, (void __user *)arg, 2145 USBTMC488_REQUEST_REN_CONTROL); 2146 break; 2147 2148 case USBTMC488_IOCTL_GOTO_LOCAL: 2149 retval = usbtmc488_ioctl_simple(data, (void __user *)arg, 2150 USBTMC488_REQUEST_GOTO_LOCAL); 2151 break; 2152 2153 case USBTMC488_IOCTL_LOCAL_LOCKOUT: 2154 retval = usbtmc488_ioctl_simple(data, (void __user *)arg, 2155 USBTMC488_REQUEST_LOCAL_LOCKOUT); 2156 break; 2157 2158 case USBTMC488_IOCTL_TRIGGER: 2159 retval = usbtmc488_ioctl_trigger(file_data); 2160 break; 2161 2162 case USBTMC488_IOCTL_WAIT_SRQ: 2163 retval = usbtmc488_ioctl_wait_srq(file_data, 2164 (__u32 __user *)arg); 2165 break; 2166 2167 case USBTMC_IOCTL_MSG_IN_ATTR: 2168 retval = put_user(file_data->bmTransferAttributes, 2169 (__u8 __user *)arg); 2170 break; 2171 2172 case USBTMC_IOCTL_AUTO_ABORT: 2173 retval = get_user(tmp_byte, (unsigned char __user *)arg); 2174 if (retval == 0) 2175 file_data->auto_abort = !!tmp_byte; 2176 break; 2177 2178 case USBTMC_IOCTL_GET_STB: 2179 retval = usbtmc_get_stb(file_data, &tmp_byte); 2180 if (retval > 0) 2181 retval = put_user(tmp_byte, (__u8 __user *)arg); 2182 break; 2183 2184 case USBTMC_IOCTL_GET_SRQ_STB: 2185 retval = usbtmc_ioctl_get_srq_stb(file_data, 2186 (void __user *)arg); 2187 break; 2188 2189 case USBTMC_IOCTL_CANCEL_IO: 2190 retval = usbtmc_ioctl_cancel_io(file_data); 2191 break; 2192 2193 case USBTMC_IOCTL_CLEANUP_IO: 2194 retval = usbtmc_ioctl_cleanup_io(file_data); 2195 break; 2196 } 2197 2198 skip_io_on_zombie: 2199 mutex_unlock(&data->io_mutex); 2200 return retval; 2201 } 2202 2203 static int usbtmc_fasync(int fd, struct file *file, int on) 2204 { 2205 struct usbtmc_file_data *file_data = file->private_data; 2206 2207 return fasync_helper(fd, file, on, &file_data->data->fasync); 2208 } 2209 2210 static __poll_t usbtmc_poll(struct file *file, poll_table *wait) 2211 { 2212 struct usbtmc_file_data *file_data = file->private_data; 2213 struct usbtmc_device_data *data = file_data->data; 2214 __poll_t mask; 2215 2216 mutex_lock(&data->io_mutex); 2217 2218 if (data->zombie) { 2219 mask = EPOLLHUP | EPOLLERR; 2220 goto no_poll; 2221 } 2222 2223 poll_wait(file, &data->waitq, wait); 2224 2225 /* Note that EPOLLPRI is now assigned to SRQ, and 2226 * EPOLLIN|EPOLLRDNORM to normal read data. 2227 */ 2228 mask = 0; 2229 if (atomic_read(&file_data->srq_asserted)) 2230 mask |= EPOLLPRI; 2231 2232 /* Note that the anchor submitted includes all urbs for BULK IN 2233 * and OUT. So EPOLLOUT is signaled when BULK OUT is empty and 2234 * all BULK IN urbs are completed and moved to in_anchor. 2235 */ 2236 if (usb_anchor_empty(&file_data->submitted)) 2237 mask |= (EPOLLOUT | EPOLLWRNORM); 2238 if (!usb_anchor_empty(&file_data->in_anchor)) 2239 mask |= (EPOLLIN | EPOLLRDNORM); 2240 2241 spin_lock_irq(&file_data->err_lock); 2242 if (file_data->in_status || file_data->out_status) 2243 mask |= EPOLLERR; 2244 spin_unlock_irq(&file_data->err_lock); 2245 2246 dev_dbg(&data->intf->dev, "poll mask = %x\n", mask); 2247 2248 no_poll: 2249 mutex_unlock(&data->io_mutex); 2250 return mask; 2251 } 2252 2253 static const struct file_operations fops = { 2254 .owner = THIS_MODULE, 2255 .read = usbtmc_read, 2256 .write = usbtmc_write, 2257 .open = usbtmc_open, 2258 .release = usbtmc_release, 2259 .flush = usbtmc_flush, 2260 .unlocked_ioctl = usbtmc_ioctl, 2261 .compat_ioctl = compat_ptr_ioctl, 2262 .fasync = usbtmc_fasync, 2263 .poll = usbtmc_poll, 2264 .llseek = default_llseek, 2265 }; 2266 2267 static struct usb_class_driver usbtmc_class = { 2268 .name = "usbtmc%d", 2269 .fops = &fops, 2270 .minor_base = USBTMC_MINOR_BASE, 2271 }; 2272 2273 static void usbtmc_interrupt(struct urb *urb) 2274 { 2275 struct usbtmc_device_data *data = urb->context; 2276 struct device *dev = &data->intf->dev; 2277 int status = urb->status; 2278 int rv; 2279 2280 dev_dbg(&data->intf->dev, "int status: %d len %d\n", 2281 status, urb->actual_length); 2282 2283 switch (status) { 2284 case 0: /* SUCCESS */ 2285 /* check for valid STB notification */ 2286 if (data->iin_buffer[0] > 0x81) { 2287 data->bNotify1 = data->iin_buffer[0]; 2288 data->bNotify2 = data->iin_buffer[1]; 2289 atomic_set(&data->iin_data_valid, 1); 2290 wake_up_interruptible(&data->waitq); 2291 goto exit; 2292 } 2293 /* check for SRQ notification */ 2294 if (data->iin_buffer[0] == 0x81) { 2295 unsigned long flags; 2296 struct list_head *elem; 2297 2298 if (data->fasync) 2299 kill_fasync(&data->fasync, 2300 SIGIO, POLL_PRI); 2301 2302 spin_lock_irqsave(&data->dev_lock, flags); 2303 list_for_each(elem, &data->file_list) { 2304 struct usbtmc_file_data *file_data; 2305 2306 file_data = list_entry(elem, 2307 struct usbtmc_file_data, 2308 file_elem); 2309 file_data->srq_byte = data->iin_buffer[1]; 2310 atomic_set(&file_data->srq_asserted, 1); 2311 } 2312 spin_unlock_irqrestore(&data->dev_lock, flags); 2313 2314 dev_dbg(dev, "srq received bTag %x stb %x\n", 2315 (unsigned int)data->iin_buffer[0], 2316 (unsigned int)data->iin_buffer[1]); 2317 wake_up_interruptible_all(&data->waitq); 2318 goto exit; 2319 } 2320 dev_warn(dev, "invalid notification: %x\n", 2321 data->iin_buffer[0]); 2322 break; 2323 case -EOVERFLOW: 2324 dev_err(dev, "overflow with length %d, actual length is %d\n", 2325 data->iin_wMaxPacketSize, urb->actual_length); 2326 fallthrough; 2327 default: 2328 /* urb terminated, clean up */ 2329 dev_dbg(dev, "urb terminated, status: %d\n", status); 2330 return; 2331 } 2332 exit: 2333 rv = usb_submit_urb(urb, GFP_ATOMIC); 2334 if (rv) 2335 dev_err(dev, "usb_submit_urb failed: %d\n", rv); 2336 } 2337 2338 static void usbtmc_free_int(struct usbtmc_device_data *data) 2339 { 2340 if (!data->iin_ep_present || !data->iin_urb) 2341 return; 2342 usb_kill_urb(data->iin_urb); 2343 kfree(data->iin_buffer); 2344 data->iin_buffer = NULL; 2345 usb_free_urb(data->iin_urb); 2346 data->iin_urb = NULL; 2347 kref_put(&data->kref, usbtmc_delete); 2348 } 2349 2350 static int usbtmc_probe(struct usb_interface *intf, 2351 const struct usb_device_id *id) 2352 { 2353 struct usbtmc_device_data *data; 2354 struct usb_host_interface *iface_desc; 2355 struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in; 2356 int retcode; 2357 2358 dev_dbg(&intf->dev, "%s called\n", __func__); 2359 2360 data = kzalloc(sizeof(*data), GFP_KERNEL); 2361 if (!data) 2362 return -ENOMEM; 2363 2364 data->intf = intf; 2365 data->id = id; 2366 data->usb_dev = usb_get_dev(interface_to_usbdev(intf)); 2367 usb_set_intfdata(intf, data); 2368 kref_init(&data->kref); 2369 mutex_init(&data->io_mutex); 2370 init_waitqueue_head(&data->waitq); 2371 atomic_set(&data->iin_data_valid, 0); 2372 INIT_LIST_HEAD(&data->file_list); 2373 spin_lock_init(&data->dev_lock); 2374 2375 data->zombie = 0; 2376 2377 /* Initialize USBTMC bTag and other fields */ 2378 data->bTag = 1; 2379 /* 2 <= bTag <= 127 USBTMC-USB488 subclass specification 4.3.1 */ 2380 data->iin_bTag = 2; 2381 2382 /* USBTMC devices have only one setting, so use that */ 2383 iface_desc = data->intf->cur_altsetting; 2384 data->ifnum = iface_desc->desc.bInterfaceNumber; 2385 2386 /* Find bulk endpoints */ 2387 retcode = usb_find_common_endpoints(iface_desc, 2388 &bulk_in, &bulk_out, NULL, NULL); 2389 if (retcode) { 2390 dev_err(&intf->dev, "bulk endpoints not found\n"); 2391 goto err_put; 2392 } 2393 2394 retcode = -EINVAL; 2395 data->bulk_in = bulk_in->bEndpointAddress; 2396 data->wMaxPacketSize = usb_endpoint_maxp(bulk_in); 2397 if (!data->wMaxPacketSize) 2398 goto err_put; 2399 dev_dbg(&intf->dev, "Found bulk in endpoint at %u\n", data->bulk_in); 2400 2401 data->bulk_out = bulk_out->bEndpointAddress; 2402 dev_dbg(&intf->dev, "Found Bulk out endpoint at %u\n", data->bulk_out); 2403 2404 /* Find int endpoint */ 2405 retcode = usb_find_int_in_endpoint(iface_desc, &int_in); 2406 if (!retcode) { 2407 data->iin_ep_present = 1; 2408 data->iin_ep = int_in->bEndpointAddress; 2409 data->iin_wMaxPacketSize = usb_endpoint_maxp(int_in); 2410 data->iin_interval = int_in->bInterval; 2411 dev_dbg(&intf->dev, "Found Int in endpoint at %u\n", 2412 data->iin_ep); 2413 } 2414 2415 retcode = get_capabilities(data); 2416 if (retcode) 2417 dev_err(&intf->dev, "can't read capabilities\n"); 2418 2419 if (data->iin_ep_present) { 2420 /* allocate int urb */ 2421 data->iin_urb = usb_alloc_urb(0, GFP_KERNEL); 2422 if (!data->iin_urb) { 2423 retcode = -ENOMEM; 2424 goto error_register; 2425 } 2426 2427 /* Protect interrupt in endpoint data until iin_urb is freed */ 2428 kref_get(&data->kref); 2429 2430 /* allocate buffer for interrupt in */ 2431 data->iin_buffer = kmalloc(data->iin_wMaxPacketSize, 2432 GFP_KERNEL); 2433 if (!data->iin_buffer) { 2434 retcode = -ENOMEM; 2435 goto error_register; 2436 } 2437 2438 /* fill interrupt urb */ 2439 usb_fill_int_urb(data->iin_urb, data->usb_dev, 2440 usb_rcvintpipe(data->usb_dev, data->iin_ep), 2441 data->iin_buffer, data->iin_wMaxPacketSize, 2442 usbtmc_interrupt, 2443 data, data->iin_interval); 2444 2445 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL); 2446 if (retcode) { 2447 dev_err(&intf->dev, "Failed to submit iin_urb\n"); 2448 goto error_register; 2449 } 2450 } 2451 2452 retcode = usb_register_dev(intf, &usbtmc_class); 2453 if (retcode) { 2454 dev_err(&intf->dev, "Not able to get a minor (base %u, slice default): %d\n", 2455 USBTMC_MINOR_BASE, 2456 retcode); 2457 goto error_register; 2458 } 2459 dev_dbg(&intf->dev, "Using minor number %d\n", intf->minor); 2460 2461 return 0; 2462 2463 error_register: 2464 usbtmc_free_int(data); 2465 err_put: 2466 kref_put(&data->kref, usbtmc_delete); 2467 return retcode; 2468 } 2469 2470 static void usbtmc_disconnect(struct usb_interface *intf) 2471 { 2472 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2473 struct list_head *elem; 2474 2475 usb_deregister_dev(intf, &usbtmc_class); 2476 mutex_lock(&data->io_mutex); 2477 data->zombie = 1; 2478 wake_up_interruptible_all(&data->waitq); 2479 list_for_each(elem, &data->file_list) { 2480 struct usbtmc_file_data *file_data; 2481 2482 file_data = list_entry(elem, 2483 struct usbtmc_file_data, 2484 file_elem); 2485 usb_kill_anchored_urbs(&file_data->submitted); 2486 usb_scuttle_anchored_urbs(&file_data->in_anchor); 2487 } 2488 mutex_unlock(&data->io_mutex); 2489 usbtmc_free_int(data); 2490 kref_put(&data->kref, usbtmc_delete); 2491 } 2492 2493 static void usbtmc_draw_down(struct usbtmc_file_data *file_data) 2494 { 2495 int time; 2496 2497 time = usb_wait_anchor_empty_timeout(&file_data->submitted, 1000); 2498 if (!time) 2499 usb_kill_anchored_urbs(&file_data->submitted); 2500 usb_scuttle_anchored_urbs(&file_data->in_anchor); 2501 } 2502 2503 static int usbtmc_suspend(struct usb_interface *intf, pm_message_t message) 2504 { 2505 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2506 struct list_head *elem; 2507 2508 if (!data) 2509 return 0; 2510 2511 mutex_lock(&data->io_mutex); 2512 list_for_each(elem, &data->file_list) { 2513 struct usbtmc_file_data *file_data; 2514 2515 file_data = list_entry(elem, 2516 struct usbtmc_file_data, 2517 file_elem); 2518 usbtmc_draw_down(file_data); 2519 } 2520 2521 if (data->iin_ep_present && data->iin_urb) 2522 usb_kill_urb(data->iin_urb); 2523 2524 mutex_unlock(&data->io_mutex); 2525 return 0; 2526 } 2527 2528 static int usbtmc_resume(struct usb_interface *intf) 2529 { 2530 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2531 int retcode = 0; 2532 2533 if (data->iin_ep_present && data->iin_urb) 2534 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL); 2535 if (retcode) 2536 dev_err(&intf->dev, "Failed to submit iin_urb\n"); 2537 2538 return retcode; 2539 } 2540 2541 static int usbtmc_pre_reset(struct usb_interface *intf) 2542 { 2543 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2544 struct list_head *elem; 2545 2546 if (!data) 2547 return 0; 2548 2549 mutex_lock(&data->io_mutex); 2550 2551 list_for_each(elem, &data->file_list) { 2552 struct usbtmc_file_data *file_data; 2553 2554 file_data = list_entry(elem, 2555 struct usbtmc_file_data, 2556 file_elem); 2557 usbtmc_ioctl_cancel_io(file_data); 2558 } 2559 2560 return 0; 2561 } 2562 2563 static int usbtmc_post_reset(struct usb_interface *intf) 2564 { 2565 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2566 2567 mutex_unlock(&data->io_mutex); 2568 2569 return 0; 2570 } 2571 2572 static struct usb_driver usbtmc_driver = { 2573 .name = "usbtmc", 2574 .id_table = usbtmc_devices, 2575 .probe = usbtmc_probe, 2576 .disconnect = usbtmc_disconnect, 2577 .suspend = usbtmc_suspend, 2578 .resume = usbtmc_resume, 2579 .pre_reset = usbtmc_pre_reset, 2580 .post_reset = usbtmc_post_reset, 2581 .dev_groups = usbtmc_groups, 2582 }; 2583 2584 module_usb_driver(usbtmc_driver); 2585 2586 MODULE_LICENSE("GPL"); 2587