xref: /linux/drivers/usb/class/usbtmc.c (revision b9b77222d4ff6b5bb8f5d87fca20de0910618bb9)
1 // SPDX-License-Identifier: GPL-2.0+
2 /**
3  * drivers/usb/class/usbtmc.c - USB Test & Measurement class driver
4  *
5  * Copyright (C) 2007 Stefan Kopp, Gechingen, Germany
6  * Copyright (C) 2008 Novell, Inc.
7  * Copyright (C) 2008 Greg Kroah-Hartman <gregkh@suse.de>
8  */
9 
10 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11 
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/fs.h>
15 #include <linux/uaccess.h>
16 #include <linux/kref.h>
17 #include <linux/slab.h>
18 #include <linux/poll.h>
19 #include <linux/mutex.h>
20 #include <linux/usb.h>
21 #include <linux/usb/tmc.h>
22 
23 
24 #define USBTMC_HEADER_SIZE	12
25 #define USBTMC_MINOR_BASE	176
26 
27 /*
28  * Size of driver internal IO buffer. Must be multiple of 4 and at least as
29  * large as wMaxPacketSize (which is usually 512 bytes).
30  */
31 #define USBTMC_SIZE_IOBUFFER	2048
32 
33 /* Default USB timeout (in milliseconds) */
34 #define USBTMC_TIMEOUT		5000
35 
36 /*
37  * Maximum number of read cycles to empty bulk in endpoint during CLEAR and
38  * ABORT_BULK_IN requests. Ends the loop if (for whatever reason) a short
39  * packet is never read.
40  */
41 #define USBTMC_MAX_READS_TO_CLEAR_BULK_IN	100
42 
43 static const struct usb_device_id usbtmc_devices[] = {
44 	{ USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 0), },
45 	{ USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 1), },
46 	{ 0, } /* terminating entry */
47 };
48 MODULE_DEVICE_TABLE(usb, usbtmc_devices);
49 
50 /*
51  * This structure is the capabilities for the device
52  * See section 4.2.1.8 of the USBTMC specification,
53  * and section 4.2.2 of the USBTMC usb488 subclass
54  * specification for details.
55  */
56 struct usbtmc_dev_capabilities {
57 	__u8 interface_capabilities;
58 	__u8 device_capabilities;
59 	__u8 usb488_interface_capabilities;
60 	__u8 usb488_device_capabilities;
61 };
62 
63 /* This structure holds private data for each USBTMC device. One copy is
64  * allocated for each USBTMC device in the driver's probe function.
65  */
66 struct usbtmc_device_data {
67 	const struct usb_device_id *id;
68 	struct usb_device *usb_dev;
69 	struct usb_interface *intf;
70 
71 	unsigned int bulk_in;
72 	unsigned int bulk_out;
73 
74 	u8 bTag;
75 	u8 bTag_last_write;	/* needed for abort */
76 	u8 bTag_last_read;	/* needed for abort */
77 
78 	/* data for interrupt in endpoint handling */
79 	u8             bNotify1;
80 	u8             bNotify2;
81 	u16            ifnum;
82 	u8             iin_bTag;
83 	u8            *iin_buffer;
84 	atomic_t       iin_data_valid;
85 	unsigned int   iin_ep;
86 	int            iin_ep_present;
87 	int            iin_interval;
88 	struct urb    *iin_urb;
89 	u16            iin_wMaxPacketSize;
90 	atomic_t       srq_asserted;
91 
92 	/* coalesced usb488_caps from usbtmc_dev_capabilities */
93 	__u8 usb488_caps;
94 
95 	/* attributes from the USB TMC spec for this device */
96 	u8 TermChar;
97 	bool TermCharEnabled;
98 	bool auto_abort;
99 
100 	bool zombie; /* fd of disconnected device */
101 
102 	struct usbtmc_dev_capabilities	capabilities;
103 	struct kref kref;
104 	struct mutex io_mutex;	/* only one i/o function running at a time */
105 	wait_queue_head_t waitq;
106 	struct fasync_struct *fasync;
107 };
108 #define to_usbtmc_data(d) container_of(d, struct usbtmc_device_data, kref)
109 
110 /* Forward declarations */
111 static struct usb_driver usbtmc_driver;
112 
113 static void usbtmc_delete(struct kref *kref)
114 {
115 	struct usbtmc_device_data *data = to_usbtmc_data(kref);
116 
117 	usb_put_dev(data->usb_dev);
118 	kfree(data);
119 }
120 
121 static int usbtmc_open(struct inode *inode, struct file *filp)
122 {
123 	struct usb_interface *intf;
124 	struct usbtmc_device_data *data;
125 	int retval = 0;
126 
127 	intf = usb_find_interface(&usbtmc_driver, iminor(inode));
128 	if (!intf) {
129 		pr_err("can not find device for minor %d", iminor(inode));
130 		return -ENODEV;
131 	}
132 
133 	data = usb_get_intfdata(intf);
134 	/* Protect reference to data from file structure until release */
135 	kref_get(&data->kref);
136 
137 	/* Store pointer in file structure's private data field */
138 	filp->private_data = data;
139 
140 	return retval;
141 }
142 
143 static int usbtmc_release(struct inode *inode, struct file *file)
144 {
145 	struct usbtmc_device_data *data = file->private_data;
146 
147 	kref_put(&data->kref, usbtmc_delete);
148 	return 0;
149 }
150 
151 static int usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data *data)
152 {
153 	u8 *buffer;
154 	struct device *dev;
155 	int rv;
156 	int n;
157 	int actual;
158 	struct usb_host_interface *current_setting;
159 	int max_size;
160 
161 	dev = &data->intf->dev;
162 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
163 	if (!buffer)
164 		return -ENOMEM;
165 
166 	rv = usb_control_msg(data->usb_dev,
167 			     usb_rcvctrlpipe(data->usb_dev, 0),
168 			     USBTMC_REQUEST_INITIATE_ABORT_BULK_IN,
169 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
170 			     data->bTag_last_read, data->bulk_in,
171 			     buffer, 2, USBTMC_TIMEOUT);
172 
173 	if (rv < 0) {
174 		dev_err(dev, "usb_control_msg returned %d\n", rv);
175 		goto exit;
176 	}
177 
178 	dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x\n", buffer[0]);
179 
180 	if (buffer[0] == USBTMC_STATUS_FAILED) {
181 		rv = 0;
182 		goto exit;
183 	}
184 
185 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
186 		dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n",
187 			buffer[0]);
188 		rv = -EPERM;
189 		goto exit;
190 	}
191 
192 	max_size = 0;
193 	current_setting = data->intf->cur_altsetting;
194 	for (n = 0; n < current_setting->desc.bNumEndpoints; n++)
195 		if (current_setting->endpoint[n].desc.bEndpointAddress ==
196 			data->bulk_in)
197 			max_size = usb_endpoint_maxp(&current_setting->endpoint[n].desc);
198 
199 	if (max_size == 0) {
200 		dev_err(dev, "Couldn't get wMaxPacketSize\n");
201 		rv = -EPERM;
202 		goto exit;
203 	}
204 
205 	dev_dbg(&data->intf->dev, "wMaxPacketSize is %d\n", max_size);
206 
207 	n = 0;
208 
209 	do {
210 		dev_dbg(dev, "Reading from bulk in EP\n");
211 
212 		rv = usb_bulk_msg(data->usb_dev,
213 				  usb_rcvbulkpipe(data->usb_dev,
214 						  data->bulk_in),
215 				  buffer, USBTMC_SIZE_IOBUFFER,
216 				  &actual, USBTMC_TIMEOUT);
217 
218 		n++;
219 
220 		if (rv < 0) {
221 			dev_err(dev, "usb_bulk_msg returned %d\n", rv);
222 			goto exit;
223 		}
224 	} while ((actual == max_size) &&
225 		 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
226 
227 	if (actual == max_size) {
228 		dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
229 			USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
230 		rv = -EPERM;
231 		goto exit;
232 	}
233 
234 	n = 0;
235 
236 usbtmc_abort_bulk_in_status:
237 	rv = usb_control_msg(data->usb_dev,
238 			     usb_rcvctrlpipe(data->usb_dev, 0),
239 			     USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS,
240 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
241 			     0, data->bulk_in, buffer, 0x08,
242 			     USBTMC_TIMEOUT);
243 
244 	if (rv < 0) {
245 		dev_err(dev, "usb_control_msg returned %d\n", rv);
246 		goto exit;
247 	}
248 
249 	dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x\n", buffer[0]);
250 
251 	if (buffer[0] == USBTMC_STATUS_SUCCESS) {
252 		rv = 0;
253 		goto exit;
254 	}
255 
256 	if (buffer[0] != USBTMC_STATUS_PENDING) {
257 		dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n", buffer[0]);
258 		rv = -EPERM;
259 		goto exit;
260 	}
261 
262 	if (buffer[1] == 1)
263 		do {
264 			dev_dbg(dev, "Reading from bulk in EP\n");
265 
266 			rv = usb_bulk_msg(data->usb_dev,
267 					  usb_rcvbulkpipe(data->usb_dev,
268 							  data->bulk_in),
269 					  buffer, USBTMC_SIZE_IOBUFFER,
270 					  &actual, USBTMC_TIMEOUT);
271 
272 			n++;
273 
274 			if (rv < 0) {
275 				dev_err(dev, "usb_bulk_msg returned %d\n", rv);
276 				goto exit;
277 			}
278 		} while ((actual == max_size) &&
279 			 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
280 
281 	if (actual == max_size) {
282 		dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
283 			USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
284 		rv = -EPERM;
285 		goto exit;
286 	}
287 
288 	goto usbtmc_abort_bulk_in_status;
289 
290 exit:
291 	kfree(buffer);
292 	return rv;
293 
294 }
295 
296 static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data)
297 {
298 	struct device *dev;
299 	u8 *buffer;
300 	int rv;
301 	int n;
302 
303 	dev = &data->intf->dev;
304 
305 	buffer = kmalloc(8, GFP_KERNEL);
306 	if (!buffer)
307 		return -ENOMEM;
308 
309 	rv = usb_control_msg(data->usb_dev,
310 			     usb_rcvctrlpipe(data->usb_dev, 0),
311 			     USBTMC_REQUEST_INITIATE_ABORT_BULK_OUT,
312 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
313 			     data->bTag_last_write, data->bulk_out,
314 			     buffer, 2, USBTMC_TIMEOUT);
315 
316 	if (rv < 0) {
317 		dev_err(dev, "usb_control_msg returned %d\n", rv);
318 		goto exit;
319 	}
320 
321 	dev_dbg(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", buffer[0]);
322 
323 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
324 		dev_err(dev, "INITIATE_ABORT_BULK_OUT returned %x\n",
325 			buffer[0]);
326 		rv = -EPERM;
327 		goto exit;
328 	}
329 
330 	n = 0;
331 
332 usbtmc_abort_bulk_out_check_status:
333 	rv = usb_control_msg(data->usb_dev,
334 			     usb_rcvctrlpipe(data->usb_dev, 0),
335 			     USBTMC_REQUEST_CHECK_ABORT_BULK_OUT_STATUS,
336 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
337 			     0, data->bulk_out, buffer, 0x08,
338 			     USBTMC_TIMEOUT);
339 	n++;
340 	if (rv < 0) {
341 		dev_err(dev, "usb_control_msg returned %d\n", rv);
342 		goto exit;
343 	}
344 
345 	dev_dbg(dev, "CHECK_ABORT_BULK_OUT returned %x\n", buffer[0]);
346 
347 	if (buffer[0] == USBTMC_STATUS_SUCCESS)
348 		goto usbtmc_abort_bulk_out_clear_halt;
349 
350 	if ((buffer[0] == USBTMC_STATUS_PENDING) &&
351 	    (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN))
352 		goto usbtmc_abort_bulk_out_check_status;
353 
354 	rv = -EPERM;
355 	goto exit;
356 
357 usbtmc_abort_bulk_out_clear_halt:
358 	rv = usb_clear_halt(data->usb_dev,
359 			    usb_sndbulkpipe(data->usb_dev, data->bulk_out));
360 
361 	if (rv < 0) {
362 		dev_err(dev, "usb_control_msg returned %d\n", rv);
363 		goto exit;
364 	}
365 	rv = 0;
366 
367 exit:
368 	kfree(buffer);
369 	return rv;
370 }
371 
372 static int usbtmc488_ioctl_read_stb(struct usbtmc_device_data *data,
373 				void __user *arg)
374 {
375 	struct device *dev = &data->intf->dev;
376 	u8 *buffer;
377 	u8 tag;
378 	__u8 stb;
379 	int rv;
380 
381 	dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n",
382 		data->iin_ep_present);
383 
384 	buffer = kmalloc(8, GFP_KERNEL);
385 	if (!buffer)
386 		return -ENOMEM;
387 
388 	atomic_set(&data->iin_data_valid, 0);
389 
390 	/* must issue read_stb before using poll or select */
391 	atomic_set(&data->srq_asserted, 0);
392 
393 	rv = usb_control_msg(data->usb_dev,
394 			usb_rcvctrlpipe(data->usb_dev, 0),
395 			USBTMC488_REQUEST_READ_STATUS_BYTE,
396 			USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
397 			data->iin_bTag,
398 			data->ifnum,
399 			buffer, 0x03, USBTMC_TIMEOUT);
400 	if (rv < 0) {
401 		dev_err(dev, "stb usb_control_msg returned %d\n", rv);
402 		goto exit;
403 	}
404 
405 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
406 		dev_err(dev, "control status returned %x\n", buffer[0]);
407 		rv = -EIO;
408 		goto exit;
409 	}
410 
411 	if (data->iin_ep_present) {
412 		rv = wait_event_interruptible_timeout(
413 			data->waitq,
414 			atomic_read(&data->iin_data_valid) != 0,
415 			USBTMC_TIMEOUT);
416 		if (rv < 0) {
417 			dev_dbg(dev, "wait interrupted %d\n", rv);
418 			goto exit;
419 		}
420 
421 		if (rv == 0) {
422 			dev_dbg(dev, "wait timed out\n");
423 			rv = -ETIME;
424 			goto exit;
425 		}
426 
427 		tag = data->bNotify1 & 0x7f;
428 		if (tag != data->iin_bTag) {
429 			dev_err(dev, "expected bTag %x got %x\n",
430 				data->iin_bTag, tag);
431 		}
432 
433 		stb = data->bNotify2;
434 	} else {
435 		stb = buffer[2];
436 	}
437 
438 	rv = copy_to_user(arg, &stb, sizeof(stb));
439 	if (rv)
440 		rv = -EFAULT;
441 
442  exit:
443 	/* bump interrupt bTag */
444 	data->iin_bTag += 1;
445 	if (data->iin_bTag > 127)
446 		/* 1 is for SRQ see USBTMC-USB488 subclass spec section 4.3.1 */
447 		data->iin_bTag = 2;
448 
449 	kfree(buffer);
450 	return rv;
451 }
452 
453 static int usbtmc488_ioctl_simple(struct usbtmc_device_data *data,
454 				void __user *arg, unsigned int cmd)
455 {
456 	struct device *dev = &data->intf->dev;
457 	__u8 val;
458 	u8 *buffer;
459 	u16 wValue;
460 	int rv;
461 
462 	if (!(data->usb488_caps & USBTMC488_CAPABILITY_SIMPLE))
463 		return -EINVAL;
464 
465 	buffer = kmalloc(8, GFP_KERNEL);
466 	if (!buffer)
467 		return -ENOMEM;
468 
469 	if (cmd == USBTMC488_REQUEST_REN_CONTROL) {
470 		rv = copy_from_user(&val, arg, sizeof(val));
471 		if (rv) {
472 			rv = -EFAULT;
473 			goto exit;
474 		}
475 		wValue = val ? 1 : 0;
476 	} else {
477 		wValue = 0;
478 	}
479 
480 	rv = usb_control_msg(data->usb_dev,
481 			usb_rcvctrlpipe(data->usb_dev, 0),
482 			cmd,
483 			USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
484 			wValue,
485 			data->ifnum,
486 			buffer, 0x01, USBTMC_TIMEOUT);
487 	if (rv < 0) {
488 		dev_err(dev, "simple usb_control_msg failed %d\n", rv);
489 		goto exit;
490 	} else if (rv != 1) {
491 		dev_warn(dev, "simple usb_control_msg returned %d\n", rv);
492 		rv = -EIO;
493 		goto exit;
494 	}
495 
496 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
497 		dev_err(dev, "simple control status returned %x\n", buffer[0]);
498 		rv = -EIO;
499 		goto exit;
500 	}
501 	rv = 0;
502 
503  exit:
504 	kfree(buffer);
505 	return rv;
506 }
507 
508 /*
509  * Sends a REQUEST_DEV_DEP_MSG_IN message on the Bulk-OUT endpoint.
510  * @transfer_size: number of bytes to request from the device.
511  *
512  * See the USBTMC specification, Table 4.
513  *
514  * Also updates bTag_last_write.
515  */
516 static int send_request_dev_dep_msg_in(struct usbtmc_device_data *data, size_t transfer_size)
517 {
518 	int retval;
519 	u8 *buffer;
520 	int actual;
521 
522 	buffer = kmalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
523 	if (!buffer)
524 		return -ENOMEM;
525 	/* Setup IO buffer for REQUEST_DEV_DEP_MSG_IN message
526 	 * Refer to class specs for details
527 	 */
528 	buffer[0] = 2;
529 	buffer[1] = data->bTag;
530 	buffer[2] = ~data->bTag;
531 	buffer[3] = 0; /* Reserved */
532 	buffer[4] = transfer_size >> 0;
533 	buffer[5] = transfer_size >> 8;
534 	buffer[6] = transfer_size >> 16;
535 	buffer[7] = transfer_size >> 24;
536 	buffer[8] = data->TermCharEnabled * 2;
537 	/* Use term character? */
538 	buffer[9] = data->TermChar;
539 	buffer[10] = 0; /* Reserved */
540 	buffer[11] = 0; /* Reserved */
541 
542 	/* Send bulk URB */
543 	retval = usb_bulk_msg(data->usb_dev,
544 			      usb_sndbulkpipe(data->usb_dev,
545 					      data->bulk_out),
546 			      buffer, USBTMC_HEADER_SIZE, &actual, USBTMC_TIMEOUT);
547 
548 	/* Store bTag (in case we need to abort) */
549 	data->bTag_last_write = data->bTag;
550 
551 	/* Increment bTag -- and increment again if zero */
552 	data->bTag++;
553 	if (!data->bTag)
554 		data->bTag++;
555 
556 	kfree(buffer);
557 	if (retval < 0) {
558 		dev_err(&data->intf->dev, "usb_bulk_msg in send_request_dev_dep_msg_in() returned %d\n", retval);
559 		return retval;
560 	}
561 
562 	return 0;
563 }
564 
565 static ssize_t usbtmc_read(struct file *filp, char __user *buf,
566 			   size_t count, loff_t *f_pos)
567 {
568 	struct usbtmc_device_data *data;
569 	struct device *dev;
570 	u32 n_characters;
571 	u8 *buffer;
572 	int actual;
573 	size_t done;
574 	size_t remaining;
575 	int retval;
576 	size_t this_part;
577 
578 	/* Get pointer to private data structure */
579 	data = filp->private_data;
580 	dev = &data->intf->dev;
581 
582 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
583 	if (!buffer)
584 		return -ENOMEM;
585 
586 	mutex_lock(&data->io_mutex);
587 	if (data->zombie) {
588 		retval = -ENODEV;
589 		goto exit;
590 	}
591 
592 	dev_dbg(dev, "usb_bulk_msg_in: count(%zu)\n", count);
593 
594 	retval = send_request_dev_dep_msg_in(data, count);
595 
596 	if (retval < 0) {
597 		if (data->auto_abort)
598 			usbtmc_ioctl_abort_bulk_out(data);
599 		goto exit;
600 	}
601 
602 	/* Loop until we have fetched everything we requested */
603 	remaining = count;
604 	this_part = remaining;
605 	done = 0;
606 
607 	while (remaining > 0) {
608 		/* Send bulk URB */
609 		retval = usb_bulk_msg(data->usb_dev,
610 				      usb_rcvbulkpipe(data->usb_dev,
611 						      data->bulk_in),
612 				      buffer, USBTMC_SIZE_IOBUFFER, &actual,
613 				      USBTMC_TIMEOUT);
614 
615 		dev_dbg(dev, "usb_bulk_msg: retval(%u), done(%zu), remaining(%zu), actual(%d)\n", retval, done, remaining, actual);
616 
617 		/* Store bTag (in case we need to abort) */
618 		data->bTag_last_read = data->bTag;
619 
620 		if (retval < 0) {
621 			dev_dbg(dev, "Unable to read data, error %d\n", retval);
622 			if (data->auto_abort)
623 				usbtmc_ioctl_abort_bulk_in(data);
624 			goto exit;
625 		}
626 
627 		/* Parse header in first packet */
628 		if (done == 0) {
629 			/* Sanity checks for the header */
630 			if (actual < USBTMC_HEADER_SIZE) {
631 				dev_err(dev, "Device sent too small first packet: %u < %u\n", actual, USBTMC_HEADER_SIZE);
632 				if (data->auto_abort)
633 					usbtmc_ioctl_abort_bulk_in(data);
634 				goto exit;
635 			}
636 
637 			if (buffer[0] != 2) {
638 				dev_err(dev, "Device sent reply with wrong MsgID: %u != 2\n", buffer[0]);
639 				if (data->auto_abort)
640 					usbtmc_ioctl_abort_bulk_in(data);
641 				goto exit;
642 			}
643 
644 			if (buffer[1] != data->bTag_last_write) {
645 				dev_err(dev, "Device sent reply with wrong bTag: %u != %u\n", buffer[1], data->bTag_last_write);
646 				if (data->auto_abort)
647 					usbtmc_ioctl_abort_bulk_in(data);
648 				goto exit;
649 			}
650 
651 			/* How many characters did the instrument send? */
652 			n_characters = buffer[4] +
653 				       (buffer[5] << 8) +
654 				       (buffer[6] << 16) +
655 				       (buffer[7] << 24);
656 
657 			if (n_characters > this_part) {
658 				dev_err(dev, "Device wants to return more data than requested: %u > %zu\n", n_characters, count);
659 				if (data->auto_abort)
660 					usbtmc_ioctl_abort_bulk_in(data);
661 				goto exit;
662 			}
663 
664 			/* Remove the USBTMC header */
665 			actual -= USBTMC_HEADER_SIZE;
666 
667 			/* Check if the message is smaller than requested */
668 			if (remaining > n_characters)
669 				remaining = n_characters;
670 			/* Remove padding if it exists */
671 			if (actual > remaining)
672 				actual = remaining;
673 
674 			dev_dbg(dev, "Bulk-IN header: N_characters(%u), bTransAttr(%u)\n", n_characters, buffer[8]);
675 
676 			remaining -= actual;
677 
678 			/* Terminate if end-of-message bit received from device */
679 			if ((buffer[8] & 0x01) && (actual >= n_characters))
680 				remaining = 0;
681 
682 			dev_dbg(dev, "Bulk-IN header: remaining(%zu), buf(%p), buffer(%p) done(%zu)\n", remaining,buf,buffer,done);
683 
684 
685 			/* Copy buffer to user space */
686 			if (copy_to_user(buf + done, &buffer[USBTMC_HEADER_SIZE], actual)) {
687 				/* There must have been an addressing problem */
688 				retval = -EFAULT;
689 				goto exit;
690 			}
691 			done += actual;
692 		}
693 		else  {
694 			if (actual > remaining)
695 				actual = remaining;
696 
697 			remaining -= actual;
698 
699 			dev_dbg(dev, "Bulk-IN header cont: actual(%u), done(%zu), remaining(%zu), buf(%p), buffer(%p)\n", actual, done, remaining,buf,buffer);
700 
701 			/* Copy buffer to user space */
702 			if (copy_to_user(buf + done, buffer, actual)) {
703 				/* There must have been an addressing problem */
704 				retval = -EFAULT;
705 				goto exit;
706 			}
707 			done += actual;
708 		}
709 	}
710 
711 	/* Update file position value */
712 	*f_pos = *f_pos + done;
713 	retval = done;
714 
715 exit:
716 	mutex_unlock(&data->io_mutex);
717 	kfree(buffer);
718 	return retval;
719 }
720 
721 static ssize_t usbtmc_write(struct file *filp, const char __user *buf,
722 			    size_t count, loff_t *f_pos)
723 {
724 	struct usbtmc_device_data *data;
725 	u8 *buffer;
726 	int retval;
727 	int actual;
728 	unsigned long int n_bytes;
729 	int remaining;
730 	int done;
731 	int this_part;
732 
733 	data = filp->private_data;
734 
735 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
736 	if (!buffer)
737 		return -ENOMEM;
738 
739 	mutex_lock(&data->io_mutex);
740 	if (data->zombie) {
741 		retval = -ENODEV;
742 		goto exit;
743 	}
744 
745 	remaining = count;
746 	done = 0;
747 
748 	while (remaining > 0) {
749 		if (remaining > USBTMC_SIZE_IOBUFFER - USBTMC_HEADER_SIZE) {
750 			this_part = USBTMC_SIZE_IOBUFFER - USBTMC_HEADER_SIZE;
751 			buffer[8] = 0;
752 		} else {
753 			this_part = remaining;
754 			buffer[8] = 1;
755 		}
756 
757 		/* Setup IO buffer for DEV_DEP_MSG_OUT message */
758 		buffer[0] = 1;
759 		buffer[1] = data->bTag;
760 		buffer[2] = ~data->bTag;
761 		buffer[3] = 0; /* Reserved */
762 		buffer[4] = this_part >> 0;
763 		buffer[5] = this_part >> 8;
764 		buffer[6] = this_part >> 16;
765 		buffer[7] = this_part >> 24;
766 		/* buffer[8] is set above... */
767 		buffer[9] = 0; /* Reserved */
768 		buffer[10] = 0; /* Reserved */
769 		buffer[11] = 0; /* Reserved */
770 
771 		if (copy_from_user(&buffer[USBTMC_HEADER_SIZE], buf + done, this_part)) {
772 			retval = -EFAULT;
773 			goto exit;
774 		}
775 
776 		n_bytes = roundup(USBTMC_HEADER_SIZE + this_part, 4);
777 		memset(buffer + USBTMC_HEADER_SIZE + this_part, 0, n_bytes - (USBTMC_HEADER_SIZE + this_part));
778 
779 		do {
780 			retval = usb_bulk_msg(data->usb_dev,
781 					      usb_sndbulkpipe(data->usb_dev,
782 							      data->bulk_out),
783 					      buffer, n_bytes,
784 					      &actual, USBTMC_TIMEOUT);
785 			if (retval != 0)
786 				break;
787 			n_bytes -= actual;
788 		} while (n_bytes);
789 
790 		data->bTag_last_write = data->bTag;
791 		data->bTag++;
792 
793 		if (!data->bTag)
794 			data->bTag++;
795 
796 		if (retval < 0) {
797 			dev_err(&data->intf->dev,
798 				"Unable to send data, error %d\n", retval);
799 			if (data->auto_abort)
800 				usbtmc_ioctl_abort_bulk_out(data);
801 			goto exit;
802 		}
803 
804 		remaining -= this_part;
805 		done += this_part;
806 	}
807 
808 	retval = count;
809 exit:
810 	mutex_unlock(&data->io_mutex);
811 	kfree(buffer);
812 	return retval;
813 }
814 
815 static int usbtmc_ioctl_clear(struct usbtmc_device_data *data)
816 {
817 	struct usb_host_interface *current_setting;
818 	struct usb_endpoint_descriptor *desc;
819 	struct device *dev;
820 	u8 *buffer;
821 	int rv;
822 	int n;
823 	int actual = 0;
824 	int max_size;
825 
826 	dev = &data->intf->dev;
827 
828 	dev_dbg(dev, "Sending INITIATE_CLEAR request\n");
829 
830 	buffer = kmalloc(USBTMC_SIZE_IOBUFFER, GFP_KERNEL);
831 	if (!buffer)
832 		return -ENOMEM;
833 
834 	rv = usb_control_msg(data->usb_dev,
835 			     usb_rcvctrlpipe(data->usb_dev, 0),
836 			     USBTMC_REQUEST_INITIATE_CLEAR,
837 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
838 			     0, 0, buffer, 1, USBTMC_TIMEOUT);
839 	if (rv < 0) {
840 		dev_err(dev, "usb_control_msg returned %d\n", rv);
841 		goto exit;
842 	}
843 
844 	dev_dbg(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
845 
846 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
847 		dev_err(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
848 		rv = -EPERM;
849 		goto exit;
850 	}
851 
852 	max_size = 0;
853 	current_setting = data->intf->cur_altsetting;
854 	for (n = 0; n < current_setting->desc.bNumEndpoints; n++) {
855 		desc = &current_setting->endpoint[n].desc;
856 		if (desc->bEndpointAddress == data->bulk_in)
857 			max_size = usb_endpoint_maxp(desc);
858 	}
859 
860 	if (max_size == 0) {
861 		dev_err(dev, "Couldn't get wMaxPacketSize\n");
862 		rv = -EPERM;
863 		goto exit;
864 	}
865 
866 	dev_dbg(dev, "wMaxPacketSize is %d\n", max_size);
867 
868 	n = 0;
869 
870 usbtmc_clear_check_status:
871 
872 	dev_dbg(dev, "Sending CHECK_CLEAR_STATUS request\n");
873 
874 	rv = usb_control_msg(data->usb_dev,
875 			     usb_rcvctrlpipe(data->usb_dev, 0),
876 			     USBTMC_REQUEST_CHECK_CLEAR_STATUS,
877 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
878 			     0, 0, buffer, 2, USBTMC_TIMEOUT);
879 	if (rv < 0) {
880 		dev_err(dev, "usb_control_msg returned %d\n", rv);
881 		goto exit;
882 	}
883 
884 	dev_dbg(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
885 
886 	if (buffer[0] == USBTMC_STATUS_SUCCESS)
887 		goto usbtmc_clear_bulk_out_halt;
888 
889 	if (buffer[0] != USBTMC_STATUS_PENDING) {
890 		dev_err(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
891 		rv = -EPERM;
892 		goto exit;
893 	}
894 
895 	if (buffer[1] == 1)
896 		do {
897 			dev_dbg(dev, "Reading from bulk in EP\n");
898 
899 			rv = usb_bulk_msg(data->usb_dev,
900 					  usb_rcvbulkpipe(data->usb_dev,
901 							  data->bulk_in),
902 					  buffer, USBTMC_SIZE_IOBUFFER,
903 					  &actual, USBTMC_TIMEOUT);
904 			n++;
905 
906 			if (rv < 0) {
907 				dev_err(dev, "usb_control_msg returned %d\n",
908 					rv);
909 				goto exit;
910 			}
911 		} while ((actual == max_size) &&
912 			  (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
913 
914 	if (actual == max_size) {
915 		dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
916 			USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
917 		rv = -EPERM;
918 		goto exit;
919 	}
920 
921 	goto usbtmc_clear_check_status;
922 
923 usbtmc_clear_bulk_out_halt:
924 
925 	rv = usb_clear_halt(data->usb_dev,
926 			    usb_sndbulkpipe(data->usb_dev, data->bulk_out));
927 	if (rv < 0) {
928 		dev_err(dev, "usb_control_msg returned %d\n", rv);
929 		goto exit;
930 	}
931 	rv = 0;
932 
933 exit:
934 	kfree(buffer);
935 	return rv;
936 }
937 
938 static int usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data *data)
939 {
940 	int rv;
941 
942 	rv = usb_clear_halt(data->usb_dev,
943 			    usb_sndbulkpipe(data->usb_dev, data->bulk_out));
944 
945 	if (rv < 0) {
946 		dev_err(&data->usb_dev->dev, "usb_control_msg returned %d\n",
947 			rv);
948 		return rv;
949 	}
950 	return 0;
951 }
952 
953 static int usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data *data)
954 {
955 	int rv;
956 
957 	rv = usb_clear_halt(data->usb_dev,
958 			    usb_rcvbulkpipe(data->usb_dev, data->bulk_in));
959 
960 	if (rv < 0) {
961 		dev_err(&data->usb_dev->dev, "usb_control_msg returned %d\n",
962 			rv);
963 		return rv;
964 	}
965 	return 0;
966 }
967 
968 static int get_capabilities(struct usbtmc_device_data *data)
969 {
970 	struct device *dev = &data->usb_dev->dev;
971 	char *buffer;
972 	int rv = 0;
973 
974 	buffer = kmalloc(0x18, GFP_KERNEL);
975 	if (!buffer)
976 		return -ENOMEM;
977 
978 	rv = usb_control_msg(data->usb_dev, usb_rcvctrlpipe(data->usb_dev, 0),
979 			     USBTMC_REQUEST_GET_CAPABILITIES,
980 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
981 			     0, 0, buffer, 0x18, USBTMC_TIMEOUT);
982 	if (rv < 0) {
983 		dev_err(dev, "usb_control_msg returned %d\n", rv);
984 		goto err_out;
985 	}
986 
987 	dev_dbg(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
988 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
989 		dev_err(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
990 		rv = -EPERM;
991 		goto err_out;
992 	}
993 	dev_dbg(dev, "Interface capabilities are %x\n", buffer[4]);
994 	dev_dbg(dev, "Device capabilities are %x\n", buffer[5]);
995 	dev_dbg(dev, "USB488 interface capabilities are %x\n", buffer[14]);
996 	dev_dbg(dev, "USB488 device capabilities are %x\n", buffer[15]);
997 
998 	data->capabilities.interface_capabilities = buffer[4];
999 	data->capabilities.device_capabilities = buffer[5];
1000 	data->capabilities.usb488_interface_capabilities = buffer[14];
1001 	data->capabilities.usb488_device_capabilities = buffer[15];
1002 	data->usb488_caps = (buffer[14] & 0x07) | ((buffer[15] & 0x0f) << 4);
1003 	rv = 0;
1004 
1005 err_out:
1006 	kfree(buffer);
1007 	return rv;
1008 }
1009 
1010 #define capability_attribute(name)					\
1011 static ssize_t name##_show(struct device *dev,				\
1012 			   struct device_attribute *attr, char *buf)	\
1013 {									\
1014 	struct usb_interface *intf = to_usb_interface(dev);		\
1015 	struct usbtmc_device_data *data = usb_get_intfdata(intf);	\
1016 									\
1017 	return sprintf(buf, "%d\n", data->capabilities.name);		\
1018 }									\
1019 static DEVICE_ATTR_RO(name)
1020 
1021 capability_attribute(interface_capabilities);
1022 capability_attribute(device_capabilities);
1023 capability_attribute(usb488_interface_capabilities);
1024 capability_attribute(usb488_device_capabilities);
1025 
1026 static struct attribute *capability_attrs[] = {
1027 	&dev_attr_interface_capabilities.attr,
1028 	&dev_attr_device_capabilities.attr,
1029 	&dev_attr_usb488_interface_capabilities.attr,
1030 	&dev_attr_usb488_device_capabilities.attr,
1031 	NULL,
1032 };
1033 
1034 static const struct attribute_group capability_attr_grp = {
1035 	.attrs = capability_attrs,
1036 };
1037 
1038 static ssize_t TermChar_show(struct device *dev,
1039 			     struct device_attribute *attr, char *buf)
1040 {
1041 	struct usb_interface *intf = to_usb_interface(dev);
1042 	struct usbtmc_device_data *data = usb_get_intfdata(intf);
1043 
1044 	return sprintf(buf, "%c\n", data->TermChar);
1045 }
1046 
1047 static ssize_t TermChar_store(struct device *dev,
1048 			      struct device_attribute *attr,
1049 			      const char *buf, size_t count)
1050 {
1051 	struct usb_interface *intf = to_usb_interface(dev);
1052 	struct usbtmc_device_data *data = usb_get_intfdata(intf);
1053 
1054 	if (count < 1)
1055 		return -EINVAL;
1056 	data->TermChar = buf[0];
1057 	return count;
1058 }
1059 static DEVICE_ATTR_RW(TermChar);
1060 
1061 #define data_attribute(name)						\
1062 static ssize_t name##_show(struct device *dev,				\
1063 			   struct device_attribute *attr, char *buf)	\
1064 {									\
1065 	struct usb_interface *intf = to_usb_interface(dev);		\
1066 	struct usbtmc_device_data *data = usb_get_intfdata(intf);	\
1067 									\
1068 	return sprintf(buf, "%d\n", data->name);			\
1069 }									\
1070 static ssize_t name##_store(struct device *dev,				\
1071 			    struct device_attribute *attr,		\
1072 			    const char *buf, size_t count)		\
1073 {									\
1074 	struct usb_interface *intf = to_usb_interface(dev);		\
1075 	struct usbtmc_device_data *data = usb_get_intfdata(intf);	\
1076 	ssize_t result;							\
1077 	unsigned val;							\
1078 									\
1079 	result = sscanf(buf, "%u\n", &val);				\
1080 	if (result != 1)						\
1081 		result = -EINVAL;					\
1082 	data->name = val;						\
1083 	if (result < 0)							\
1084 		return result;						\
1085 	else								\
1086 		return count;						\
1087 }									\
1088 static DEVICE_ATTR_RW(name)
1089 
1090 data_attribute(TermCharEnabled);
1091 data_attribute(auto_abort);
1092 
1093 static struct attribute *data_attrs[] = {
1094 	&dev_attr_TermChar.attr,
1095 	&dev_attr_TermCharEnabled.attr,
1096 	&dev_attr_auto_abort.attr,
1097 	NULL,
1098 };
1099 
1100 static const struct attribute_group data_attr_grp = {
1101 	.attrs = data_attrs,
1102 };
1103 
1104 static int usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data *data)
1105 {
1106 	struct device *dev;
1107 	u8 *buffer;
1108 	int rv;
1109 
1110 	dev = &data->intf->dev;
1111 
1112 	buffer = kmalloc(2, GFP_KERNEL);
1113 	if (!buffer)
1114 		return -ENOMEM;
1115 
1116 	rv = usb_control_msg(data->usb_dev,
1117 			     usb_rcvctrlpipe(data->usb_dev, 0),
1118 			     USBTMC_REQUEST_INDICATOR_PULSE,
1119 			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1120 			     0, 0, buffer, 0x01, USBTMC_TIMEOUT);
1121 
1122 	if (rv < 0) {
1123 		dev_err(dev, "usb_control_msg returned %d\n", rv);
1124 		goto exit;
1125 	}
1126 
1127 	dev_dbg(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1128 
1129 	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1130 		dev_err(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1131 		rv = -EPERM;
1132 		goto exit;
1133 	}
1134 	rv = 0;
1135 
1136 exit:
1137 	kfree(buffer);
1138 	return rv;
1139 }
1140 
1141 static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1142 {
1143 	struct usbtmc_device_data *data;
1144 	int retval = -EBADRQC;
1145 
1146 	data = file->private_data;
1147 	mutex_lock(&data->io_mutex);
1148 	if (data->zombie) {
1149 		retval = -ENODEV;
1150 		goto skip_io_on_zombie;
1151 	}
1152 
1153 	switch (cmd) {
1154 	case USBTMC_IOCTL_CLEAR_OUT_HALT:
1155 		retval = usbtmc_ioctl_clear_out_halt(data);
1156 		break;
1157 
1158 	case USBTMC_IOCTL_CLEAR_IN_HALT:
1159 		retval = usbtmc_ioctl_clear_in_halt(data);
1160 		break;
1161 
1162 	case USBTMC_IOCTL_INDICATOR_PULSE:
1163 		retval = usbtmc_ioctl_indicator_pulse(data);
1164 		break;
1165 
1166 	case USBTMC_IOCTL_CLEAR:
1167 		retval = usbtmc_ioctl_clear(data);
1168 		break;
1169 
1170 	case USBTMC_IOCTL_ABORT_BULK_OUT:
1171 		retval = usbtmc_ioctl_abort_bulk_out(data);
1172 		break;
1173 
1174 	case USBTMC_IOCTL_ABORT_BULK_IN:
1175 		retval = usbtmc_ioctl_abort_bulk_in(data);
1176 		break;
1177 
1178 	case USBTMC488_IOCTL_GET_CAPS:
1179 		retval = copy_to_user((void __user *)arg,
1180 				&data->usb488_caps,
1181 				sizeof(data->usb488_caps));
1182 		if (retval)
1183 			retval = -EFAULT;
1184 		break;
1185 
1186 	case USBTMC488_IOCTL_READ_STB:
1187 		retval = usbtmc488_ioctl_read_stb(data, (void __user *)arg);
1188 		break;
1189 
1190 	case USBTMC488_IOCTL_REN_CONTROL:
1191 		retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
1192 						USBTMC488_REQUEST_REN_CONTROL);
1193 		break;
1194 
1195 	case USBTMC488_IOCTL_GOTO_LOCAL:
1196 		retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
1197 						USBTMC488_REQUEST_GOTO_LOCAL);
1198 		break;
1199 
1200 	case USBTMC488_IOCTL_LOCAL_LOCKOUT:
1201 		retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
1202 						USBTMC488_REQUEST_LOCAL_LOCKOUT);
1203 		break;
1204 	}
1205 
1206 skip_io_on_zombie:
1207 	mutex_unlock(&data->io_mutex);
1208 	return retval;
1209 }
1210 
1211 static int usbtmc_fasync(int fd, struct file *file, int on)
1212 {
1213 	struct usbtmc_device_data *data = file->private_data;
1214 
1215 	return fasync_helper(fd, file, on, &data->fasync);
1216 }
1217 
1218 static __poll_t usbtmc_poll(struct file *file, poll_table *wait)
1219 {
1220 	struct usbtmc_device_data *data = file->private_data;
1221 	__poll_t mask;
1222 
1223 	mutex_lock(&data->io_mutex);
1224 
1225 	if (data->zombie) {
1226 		mask = EPOLLHUP | EPOLLERR;
1227 		goto no_poll;
1228 	}
1229 
1230 	poll_wait(file, &data->waitq, wait);
1231 
1232 	mask = (atomic_read(&data->srq_asserted)) ? EPOLLIN | EPOLLRDNORM : 0;
1233 
1234 no_poll:
1235 	mutex_unlock(&data->io_mutex);
1236 	return mask;
1237 }
1238 
1239 static const struct file_operations fops = {
1240 	.owner		= THIS_MODULE,
1241 	.read		= usbtmc_read,
1242 	.write		= usbtmc_write,
1243 	.open		= usbtmc_open,
1244 	.release	= usbtmc_release,
1245 	.unlocked_ioctl	= usbtmc_ioctl,
1246 	.fasync         = usbtmc_fasync,
1247 	.poll           = usbtmc_poll,
1248 	.llseek		= default_llseek,
1249 };
1250 
1251 static struct usb_class_driver usbtmc_class = {
1252 	.name =		"usbtmc%d",
1253 	.fops =		&fops,
1254 	.minor_base =	USBTMC_MINOR_BASE,
1255 };
1256 
1257 static void usbtmc_interrupt(struct urb *urb)
1258 {
1259 	struct usbtmc_device_data *data = urb->context;
1260 	struct device *dev = &data->intf->dev;
1261 	int status = urb->status;
1262 	int rv;
1263 
1264 	dev_dbg(&data->intf->dev, "int status: %d len %d\n",
1265 		status, urb->actual_length);
1266 
1267 	switch (status) {
1268 	case 0: /* SUCCESS */
1269 		/* check for valid STB notification */
1270 		if (data->iin_buffer[0] > 0x81) {
1271 			data->bNotify1 = data->iin_buffer[0];
1272 			data->bNotify2 = data->iin_buffer[1];
1273 			atomic_set(&data->iin_data_valid, 1);
1274 			wake_up_interruptible(&data->waitq);
1275 			goto exit;
1276 		}
1277 		/* check for SRQ notification */
1278 		if (data->iin_buffer[0] == 0x81) {
1279 			if (data->fasync)
1280 				kill_fasync(&data->fasync,
1281 					SIGIO, POLL_IN);
1282 
1283 			atomic_set(&data->srq_asserted, 1);
1284 			wake_up_interruptible(&data->waitq);
1285 			goto exit;
1286 		}
1287 		dev_warn(dev, "invalid notification: %x\n", data->iin_buffer[0]);
1288 		break;
1289 	case -EOVERFLOW:
1290 		dev_err(dev, "overflow with length %d, actual length is %d\n",
1291 			data->iin_wMaxPacketSize, urb->actual_length);
1292 		/* fall through */
1293 	case -ECONNRESET:
1294 	case -ENOENT:
1295 	case -ESHUTDOWN:
1296 	case -EILSEQ:
1297 	case -ETIME:
1298 		/* urb terminated, clean up */
1299 		dev_dbg(dev, "urb terminated, status: %d\n", status);
1300 		return;
1301 	default:
1302 		dev_err(dev, "unknown status received: %d\n", status);
1303 	}
1304 exit:
1305 	rv = usb_submit_urb(urb, GFP_ATOMIC);
1306 	if (rv)
1307 		dev_err(dev, "usb_submit_urb failed: %d\n", rv);
1308 }
1309 
1310 static void usbtmc_free_int(struct usbtmc_device_data *data)
1311 {
1312 	if (!data->iin_ep_present || !data->iin_urb)
1313 		return;
1314 	usb_kill_urb(data->iin_urb);
1315 	kfree(data->iin_buffer);
1316 	usb_free_urb(data->iin_urb);
1317 	kref_put(&data->kref, usbtmc_delete);
1318 }
1319 
1320 static int usbtmc_probe(struct usb_interface *intf,
1321 			const struct usb_device_id *id)
1322 {
1323 	struct usbtmc_device_data *data;
1324 	struct usb_host_interface *iface_desc;
1325 	struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in;
1326 	int retcode;
1327 
1328 	dev_dbg(&intf->dev, "%s called\n", __func__);
1329 
1330 	data = kzalloc(sizeof(*data), GFP_KERNEL);
1331 	if (!data)
1332 		return -ENOMEM;
1333 
1334 	data->intf = intf;
1335 	data->id = id;
1336 	data->usb_dev = usb_get_dev(interface_to_usbdev(intf));
1337 	usb_set_intfdata(intf, data);
1338 	kref_init(&data->kref);
1339 	mutex_init(&data->io_mutex);
1340 	init_waitqueue_head(&data->waitq);
1341 	atomic_set(&data->iin_data_valid, 0);
1342 	atomic_set(&data->srq_asserted, 0);
1343 	data->zombie = 0;
1344 
1345 	/* Initialize USBTMC bTag and other fields */
1346 	data->bTag	= 1;
1347 	data->TermCharEnabled = 0;
1348 	data->TermChar = '\n';
1349 	/*  2 <= bTag <= 127   USBTMC-USB488 subclass specification 4.3.1 */
1350 	data->iin_bTag = 2;
1351 
1352 	/* USBTMC devices have only one setting, so use that */
1353 	iface_desc = data->intf->cur_altsetting;
1354 	data->ifnum = iface_desc->desc.bInterfaceNumber;
1355 
1356 	/* Find bulk endpoints */
1357 	retcode = usb_find_common_endpoints(iface_desc,
1358 			&bulk_in, &bulk_out, NULL, NULL);
1359 	if (retcode) {
1360 		dev_err(&intf->dev, "bulk endpoints not found\n");
1361 		goto err_put;
1362 	}
1363 
1364 	data->bulk_in = bulk_in->bEndpointAddress;
1365 	dev_dbg(&intf->dev, "Found bulk in endpoint at %u\n", data->bulk_in);
1366 
1367 	data->bulk_out = bulk_out->bEndpointAddress;
1368 	dev_dbg(&intf->dev, "Found Bulk out endpoint at %u\n", data->bulk_out);
1369 
1370 	/* Find int endpoint */
1371 	retcode = usb_find_int_in_endpoint(iface_desc, &int_in);
1372 	if (!retcode) {
1373 		data->iin_ep_present = 1;
1374 		data->iin_ep = int_in->bEndpointAddress;
1375 		data->iin_wMaxPacketSize = usb_endpoint_maxp(int_in);
1376 		data->iin_interval = int_in->bInterval;
1377 		dev_dbg(&intf->dev, "Found Int in endpoint at %u\n",
1378 				data->iin_ep);
1379 	}
1380 
1381 	retcode = get_capabilities(data);
1382 	if (retcode)
1383 		dev_err(&intf->dev, "can't read capabilities\n");
1384 	else
1385 		retcode = sysfs_create_group(&intf->dev.kobj,
1386 					     &capability_attr_grp);
1387 
1388 	if (data->iin_ep_present) {
1389 		/* allocate int urb */
1390 		data->iin_urb = usb_alloc_urb(0, GFP_KERNEL);
1391 		if (!data->iin_urb) {
1392 			retcode = -ENOMEM;
1393 			goto error_register;
1394 		}
1395 
1396 		/* Protect interrupt in endpoint data until iin_urb is freed */
1397 		kref_get(&data->kref);
1398 
1399 		/* allocate buffer for interrupt in */
1400 		data->iin_buffer = kmalloc(data->iin_wMaxPacketSize,
1401 					GFP_KERNEL);
1402 		if (!data->iin_buffer) {
1403 			retcode = -ENOMEM;
1404 			goto error_register;
1405 		}
1406 
1407 		/* fill interrupt urb */
1408 		usb_fill_int_urb(data->iin_urb, data->usb_dev,
1409 				usb_rcvintpipe(data->usb_dev, data->iin_ep),
1410 				data->iin_buffer, data->iin_wMaxPacketSize,
1411 				usbtmc_interrupt,
1412 				data, data->iin_interval);
1413 
1414 		retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL);
1415 		if (retcode) {
1416 			dev_err(&intf->dev, "Failed to submit iin_urb\n");
1417 			goto error_register;
1418 		}
1419 	}
1420 
1421 	retcode = sysfs_create_group(&intf->dev.kobj, &data_attr_grp);
1422 
1423 	retcode = usb_register_dev(intf, &usbtmc_class);
1424 	if (retcode) {
1425 		dev_err(&intf->dev, "Not able to get a minor"
1426 			" (base %u, slice default): %d\n", USBTMC_MINOR_BASE,
1427 			retcode);
1428 		goto error_register;
1429 	}
1430 	dev_dbg(&intf->dev, "Using minor number %d\n", intf->minor);
1431 
1432 	return 0;
1433 
1434 error_register:
1435 	sysfs_remove_group(&intf->dev.kobj, &capability_attr_grp);
1436 	sysfs_remove_group(&intf->dev.kobj, &data_attr_grp);
1437 	usbtmc_free_int(data);
1438 err_put:
1439 	kref_put(&data->kref, usbtmc_delete);
1440 	return retcode;
1441 }
1442 
1443 static void usbtmc_disconnect(struct usb_interface *intf)
1444 {
1445 	struct usbtmc_device_data *data;
1446 
1447 	dev_dbg(&intf->dev, "usbtmc_disconnect called\n");
1448 
1449 	data = usb_get_intfdata(intf);
1450 	usb_deregister_dev(intf, &usbtmc_class);
1451 	sysfs_remove_group(&intf->dev.kobj, &capability_attr_grp);
1452 	sysfs_remove_group(&intf->dev.kobj, &data_attr_grp);
1453 	mutex_lock(&data->io_mutex);
1454 	data->zombie = 1;
1455 	wake_up_all(&data->waitq);
1456 	mutex_unlock(&data->io_mutex);
1457 	usbtmc_free_int(data);
1458 	kref_put(&data->kref, usbtmc_delete);
1459 }
1460 
1461 static int usbtmc_suspend(struct usb_interface *intf, pm_message_t message)
1462 {
1463 	/* this driver does not have pending URBs */
1464 	return 0;
1465 }
1466 
1467 static int usbtmc_resume(struct usb_interface *intf)
1468 {
1469 	return 0;
1470 }
1471 
1472 static struct usb_driver usbtmc_driver = {
1473 	.name		= "usbtmc",
1474 	.id_table	= usbtmc_devices,
1475 	.probe		= usbtmc_probe,
1476 	.disconnect	= usbtmc_disconnect,
1477 	.suspend	= usbtmc_suspend,
1478 	.resume		= usbtmc_resume,
1479 };
1480 
1481 module_usb_driver(usbtmc_driver);
1482 
1483 MODULE_LICENSE("GPL");
1484