xref: /linux/drivers/usb/gadget/function/u_serial.c (revision 3932b9ca55b0be314a36d3e84faff3e823c081f5)
1 /*
2  * u_serial.c - utilities for USB gadget "serial port"/TTY support
3  *
4  * Copyright (C) 2003 Al Borchers (alborchers@steinerpoint.com)
5  * Copyright (C) 2008 David Brownell
6  * Copyright (C) 2008 by Nokia Corporation
7  *
8  * This code also borrows from usbserial.c, which is
9  * Copyright (C) 1999 - 2002 Greg Kroah-Hartman (greg@kroah.com)
10  * Copyright (C) 2000 Peter Berger (pberger@brimson.com)
11  * Copyright (C) 2000 Al Borchers (alborchers@steinerpoint.com)
12  *
13  * This software is distributed under the terms of the GNU General
14  * Public License ("GPL") as published by the Free Software Foundation,
15  * either version 2 of that License or (at your option) any later version.
16  */
17 
18 /* #define VERBOSE_DEBUG */
19 
20 #include <linux/kernel.h>
21 #include <linux/sched.h>
22 #include <linux/interrupt.h>
23 #include <linux/device.h>
24 #include <linux/delay.h>
25 #include <linux/tty.h>
26 #include <linux/tty_flip.h>
27 #include <linux/slab.h>
28 #include <linux/export.h>
29 #include <linux/module.h>
30 
31 #include "u_serial.h"
32 
33 
34 /*
35  * This component encapsulates the TTY layer glue needed to provide basic
36  * "serial port" functionality through the USB gadget stack.  Each such
37  * port is exposed through a /dev/ttyGS* node.
38  *
39  * After this module has been loaded, the individual TTY port can be requested
40  * (gserial_alloc_line()) and it will stay available until they are removed
41  * (gserial_free_line()). Each one may be connected to a USB function
42  * (gserial_connect), or disconnected (with gserial_disconnect) when the USB
43  * host issues a config change event. Data can only flow when the port is
44  * connected to the host.
45  *
46  * A given TTY port can be made available in multiple configurations.
47  * For example, each one might expose a ttyGS0 node which provides a
48  * login application.  In one case that might use CDC ACM interface 0,
49  * while another configuration might use interface 3 for that.  The
50  * work to handle that (including descriptor management) is not part
51  * of this component.
52  *
53  * Configurations may expose more than one TTY port.  For example, if
54  * ttyGS0 provides login service, then ttyGS1 might provide dialer access
55  * for a telephone or fax link.  And ttyGS2 might be something that just
56  * needs a simple byte stream interface for some messaging protocol that
57  * is managed in userspace ... OBEX, PTP, and MTP have been mentioned.
58  */
59 
60 #define PREFIX	"ttyGS"
61 
62 /*
63  * gserial is the lifecycle interface, used by USB functions
64  * gs_port is the I/O nexus, used by the tty driver
65  * tty_struct links to the tty/filesystem framework
66  *
67  * gserial <---> gs_port ... links will be null when the USB link is
68  * inactive; managed by gserial_{connect,disconnect}().  each gserial
69  * instance can wrap its own USB control protocol.
70  *	gserial->ioport == usb_ep->driver_data ... gs_port
71  *	gs_port->port_usb ... gserial
72  *
73  * gs_port <---> tty_struct ... links will be null when the TTY file
74  * isn't opened; managed by gs_open()/gs_close()
75  *	gserial->port_tty ... tty_struct
76  *	tty_struct->driver_data ... gserial
77  */
78 
79 /* RX and TX queues can buffer QUEUE_SIZE packets before they hit the
80  * next layer of buffering.  For TX that's a circular buffer; for RX
81  * consider it a NOP.  A third layer is provided by the TTY code.
82  */
83 #define QUEUE_SIZE		16
84 #define WRITE_BUF_SIZE		8192		/* TX only */
85 
86 /* circular buffer */
87 struct gs_buf {
88 	unsigned		buf_size;
89 	char			*buf_buf;
90 	char			*buf_get;
91 	char			*buf_put;
92 };
93 
94 /*
95  * The port structure holds info for each port, one for each minor number
96  * (and thus for each /dev/ node).
97  */
98 struct gs_port {
99 	struct tty_port		port;
100 	spinlock_t		port_lock;	/* guard port_* access */
101 
102 	struct gserial		*port_usb;
103 
104 	bool			openclose;	/* open/close in progress */
105 	u8			port_num;
106 
107 	struct list_head	read_pool;
108 	int read_started;
109 	int read_allocated;
110 	struct list_head	read_queue;
111 	unsigned		n_read;
112 	struct tasklet_struct	push;
113 
114 	struct list_head	write_pool;
115 	int write_started;
116 	int write_allocated;
117 	struct gs_buf		port_write_buf;
118 	wait_queue_head_t	drain_wait;	/* wait while writes drain */
119 
120 	/* REVISIT this state ... */
121 	struct usb_cdc_line_coding port_line_coding;	/* 8-N-1 etc */
122 };
123 
124 static struct portmaster {
125 	struct mutex	lock;			/* protect open/close */
126 	struct gs_port	*port;
127 } ports[MAX_U_SERIAL_PORTS];
128 
129 #define GS_CLOSE_TIMEOUT		15		/* seconds */
130 
131 
132 
133 #ifdef VERBOSE_DEBUG
134 #ifndef pr_vdebug
135 #define pr_vdebug(fmt, arg...) \
136 	pr_debug(fmt, ##arg)
137 #endif /* pr_vdebug */
138 #else
139 #ifndef pr_vdebug
140 #define pr_vdebug(fmt, arg...) \
141 	({ if (0) pr_debug(fmt, ##arg); })
142 #endif /* pr_vdebug */
143 #endif
144 
145 /*-------------------------------------------------------------------------*/
146 
147 /* Circular Buffer */
148 
149 /*
150  * gs_buf_alloc
151  *
152  * Allocate a circular buffer and all associated memory.
153  */
154 static int gs_buf_alloc(struct gs_buf *gb, unsigned size)
155 {
156 	gb->buf_buf = kmalloc(size, GFP_KERNEL);
157 	if (gb->buf_buf == NULL)
158 		return -ENOMEM;
159 
160 	gb->buf_size = size;
161 	gb->buf_put = gb->buf_buf;
162 	gb->buf_get = gb->buf_buf;
163 
164 	return 0;
165 }
166 
167 /*
168  * gs_buf_free
169  *
170  * Free the buffer and all associated memory.
171  */
172 static void gs_buf_free(struct gs_buf *gb)
173 {
174 	kfree(gb->buf_buf);
175 	gb->buf_buf = NULL;
176 }
177 
178 /*
179  * gs_buf_clear
180  *
181  * Clear out all data in the circular buffer.
182  */
183 static void gs_buf_clear(struct gs_buf *gb)
184 {
185 	gb->buf_get = gb->buf_put;
186 	/* equivalent to a get of all data available */
187 }
188 
189 /*
190  * gs_buf_data_avail
191  *
192  * Return the number of bytes of data written into the circular
193  * buffer.
194  */
195 static unsigned gs_buf_data_avail(struct gs_buf *gb)
196 {
197 	return (gb->buf_size + gb->buf_put - gb->buf_get) % gb->buf_size;
198 }
199 
200 /*
201  * gs_buf_space_avail
202  *
203  * Return the number of bytes of space available in the circular
204  * buffer.
205  */
206 static unsigned gs_buf_space_avail(struct gs_buf *gb)
207 {
208 	return (gb->buf_size + gb->buf_get - gb->buf_put - 1) % gb->buf_size;
209 }
210 
211 /*
212  * gs_buf_put
213  *
214  * Copy data data from a user buffer and put it into the circular buffer.
215  * Restrict to the amount of space available.
216  *
217  * Return the number of bytes copied.
218  */
219 static unsigned
220 gs_buf_put(struct gs_buf *gb, const char *buf, unsigned count)
221 {
222 	unsigned len;
223 
224 	len  = gs_buf_space_avail(gb);
225 	if (count > len)
226 		count = len;
227 
228 	if (count == 0)
229 		return 0;
230 
231 	len = gb->buf_buf + gb->buf_size - gb->buf_put;
232 	if (count > len) {
233 		memcpy(gb->buf_put, buf, len);
234 		memcpy(gb->buf_buf, buf+len, count - len);
235 		gb->buf_put = gb->buf_buf + count - len;
236 	} else {
237 		memcpy(gb->buf_put, buf, count);
238 		if (count < len)
239 			gb->buf_put += count;
240 		else /* count == len */
241 			gb->buf_put = gb->buf_buf;
242 	}
243 
244 	return count;
245 }
246 
247 /*
248  * gs_buf_get
249  *
250  * Get data from the circular buffer and copy to the given buffer.
251  * Restrict to the amount of data available.
252  *
253  * Return the number of bytes copied.
254  */
255 static unsigned
256 gs_buf_get(struct gs_buf *gb, char *buf, unsigned count)
257 {
258 	unsigned len;
259 
260 	len = gs_buf_data_avail(gb);
261 	if (count > len)
262 		count = len;
263 
264 	if (count == 0)
265 		return 0;
266 
267 	len = gb->buf_buf + gb->buf_size - gb->buf_get;
268 	if (count > len) {
269 		memcpy(buf, gb->buf_get, len);
270 		memcpy(buf+len, gb->buf_buf, count - len);
271 		gb->buf_get = gb->buf_buf + count - len;
272 	} else {
273 		memcpy(buf, gb->buf_get, count);
274 		if (count < len)
275 			gb->buf_get += count;
276 		else /* count == len */
277 			gb->buf_get = gb->buf_buf;
278 	}
279 
280 	return count;
281 }
282 
283 /*-------------------------------------------------------------------------*/
284 
285 /* I/O glue between TTY (upper) and USB function (lower) driver layers */
286 
287 /*
288  * gs_alloc_req
289  *
290  * Allocate a usb_request and its buffer.  Returns a pointer to the
291  * usb_request or NULL if there is an error.
292  */
293 struct usb_request *
294 gs_alloc_req(struct usb_ep *ep, unsigned len, gfp_t kmalloc_flags)
295 {
296 	struct usb_request *req;
297 
298 	req = usb_ep_alloc_request(ep, kmalloc_flags);
299 
300 	if (req != NULL) {
301 		req->length = len;
302 		req->buf = kmalloc(len, kmalloc_flags);
303 		if (req->buf == NULL) {
304 			usb_ep_free_request(ep, req);
305 			return NULL;
306 		}
307 	}
308 
309 	return req;
310 }
311 EXPORT_SYMBOL_GPL(gs_alloc_req);
312 
313 /*
314  * gs_free_req
315  *
316  * Free a usb_request and its buffer.
317  */
318 void gs_free_req(struct usb_ep *ep, struct usb_request *req)
319 {
320 	kfree(req->buf);
321 	usb_ep_free_request(ep, req);
322 }
323 EXPORT_SYMBOL_GPL(gs_free_req);
324 
325 /*
326  * gs_send_packet
327  *
328  * If there is data to send, a packet is built in the given
329  * buffer and the size is returned.  If there is no data to
330  * send, 0 is returned.
331  *
332  * Called with port_lock held.
333  */
334 static unsigned
335 gs_send_packet(struct gs_port *port, char *packet, unsigned size)
336 {
337 	unsigned len;
338 
339 	len = gs_buf_data_avail(&port->port_write_buf);
340 	if (len < size)
341 		size = len;
342 	if (size != 0)
343 		size = gs_buf_get(&port->port_write_buf, packet, size);
344 	return size;
345 }
346 
347 /*
348  * gs_start_tx
349  *
350  * This function finds available write requests, calls
351  * gs_send_packet to fill these packets with data, and
352  * continues until either there are no more write requests
353  * available or no more data to send.  This function is
354  * run whenever data arrives or write requests are available.
355  *
356  * Context: caller owns port_lock; port_usb is non-null.
357  */
358 static int gs_start_tx(struct gs_port *port)
359 /*
360 __releases(&port->port_lock)
361 __acquires(&port->port_lock)
362 */
363 {
364 	struct list_head	*pool = &port->write_pool;
365 	struct usb_ep		*in = port->port_usb->in;
366 	int			status = 0;
367 	bool			do_tty_wake = false;
368 
369 	while (!list_empty(pool)) {
370 		struct usb_request	*req;
371 		int			len;
372 
373 		if (port->write_started >= QUEUE_SIZE)
374 			break;
375 
376 		req = list_entry(pool->next, struct usb_request, list);
377 		len = gs_send_packet(port, req->buf, in->maxpacket);
378 		if (len == 0) {
379 			wake_up_interruptible(&port->drain_wait);
380 			break;
381 		}
382 		do_tty_wake = true;
383 
384 		req->length = len;
385 		list_del(&req->list);
386 		req->zero = (gs_buf_data_avail(&port->port_write_buf) == 0);
387 
388 		pr_vdebug(PREFIX "%d: tx len=%d, 0x%02x 0x%02x 0x%02x ...\n",
389 				port->port_num, len, *((u8 *)req->buf),
390 				*((u8 *)req->buf+1), *((u8 *)req->buf+2));
391 
392 		/* Drop lock while we call out of driver; completions
393 		 * could be issued while we do so.  Disconnection may
394 		 * happen too; maybe immediately before we queue this!
395 		 *
396 		 * NOTE that we may keep sending data for a while after
397 		 * the TTY closed (dev->ioport->port_tty is NULL).
398 		 */
399 		spin_unlock(&port->port_lock);
400 		status = usb_ep_queue(in, req, GFP_ATOMIC);
401 		spin_lock(&port->port_lock);
402 
403 		if (status) {
404 			pr_debug("%s: %s %s err %d\n",
405 					__func__, "queue", in->name, status);
406 			list_add(&req->list, pool);
407 			break;
408 		}
409 
410 		port->write_started++;
411 
412 		/* abort immediately after disconnect */
413 		if (!port->port_usb)
414 			break;
415 	}
416 
417 	if (do_tty_wake && port->port.tty)
418 		tty_wakeup(port->port.tty);
419 	return status;
420 }
421 
422 /*
423  * Context: caller owns port_lock, and port_usb is set
424  */
425 static unsigned gs_start_rx(struct gs_port *port)
426 /*
427 __releases(&port->port_lock)
428 __acquires(&port->port_lock)
429 */
430 {
431 	struct list_head	*pool = &port->read_pool;
432 	struct usb_ep		*out = port->port_usb->out;
433 
434 	while (!list_empty(pool)) {
435 		struct usb_request	*req;
436 		int			status;
437 		struct tty_struct	*tty;
438 
439 		/* no more rx if closed */
440 		tty = port->port.tty;
441 		if (!tty)
442 			break;
443 
444 		if (port->read_started >= QUEUE_SIZE)
445 			break;
446 
447 		req = list_entry(pool->next, struct usb_request, list);
448 		list_del(&req->list);
449 		req->length = out->maxpacket;
450 
451 		/* drop lock while we call out; the controller driver
452 		 * may need to call us back (e.g. for disconnect)
453 		 */
454 		spin_unlock(&port->port_lock);
455 		status = usb_ep_queue(out, req, GFP_ATOMIC);
456 		spin_lock(&port->port_lock);
457 
458 		if (status) {
459 			pr_debug("%s: %s %s err %d\n",
460 					__func__, "queue", out->name, status);
461 			list_add(&req->list, pool);
462 			break;
463 		}
464 		port->read_started++;
465 
466 		/* abort immediately after disconnect */
467 		if (!port->port_usb)
468 			break;
469 	}
470 	return port->read_started;
471 }
472 
473 /*
474  * RX tasklet takes data out of the RX queue and hands it up to the TTY
475  * layer until it refuses to take any more data (or is throttled back).
476  * Then it issues reads for any further data.
477  *
478  * If the RX queue becomes full enough that no usb_request is queued,
479  * the OUT endpoint may begin NAKing as soon as its FIFO fills up.
480  * So QUEUE_SIZE packets plus however many the FIFO holds (usually two)
481  * can be buffered before the TTY layer's buffers (currently 64 KB).
482  */
483 static void gs_rx_push(unsigned long _port)
484 {
485 	struct gs_port		*port = (void *)_port;
486 	struct tty_struct	*tty;
487 	struct list_head	*queue = &port->read_queue;
488 	bool			disconnect = false;
489 	bool			do_push = false;
490 
491 	/* hand any queued data to the tty */
492 	spin_lock_irq(&port->port_lock);
493 	tty = port->port.tty;
494 	while (!list_empty(queue)) {
495 		struct usb_request	*req;
496 
497 		req = list_first_entry(queue, struct usb_request, list);
498 
499 		/* leave data queued if tty was rx throttled */
500 		if (tty && test_bit(TTY_THROTTLED, &tty->flags))
501 			break;
502 
503 		switch (req->status) {
504 		case -ESHUTDOWN:
505 			disconnect = true;
506 			pr_vdebug(PREFIX "%d: shutdown\n", port->port_num);
507 			break;
508 
509 		default:
510 			/* presumably a transient fault */
511 			pr_warning(PREFIX "%d: unexpected RX status %d\n",
512 					port->port_num, req->status);
513 			/* FALLTHROUGH */
514 		case 0:
515 			/* normal completion */
516 			break;
517 		}
518 
519 		/* push data to (open) tty */
520 		if (req->actual) {
521 			char		*packet = req->buf;
522 			unsigned	size = req->actual;
523 			unsigned	n;
524 			int		count;
525 
526 			/* we may have pushed part of this packet already... */
527 			n = port->n_read;
528 			if (n) {
529 				packet += n;
530 				size -= n;
531 			}
532 
533 			count = tty_insert_flip_string(&port->port, packet,
534 					size);
535 			if (count)
536 				do_push = true;
537 			if (count != size) {
538 				/* stop pushing; TTY layer can't handle more */
539 				port->n_read += count;
540 				pr_vdebug(PREFIX "%d: rx block %d/%d\n",
541 						port->port_num,
542 						count, req->actual);
543 				break;
544 			}
545 			port->n_read = 0;
546 		}
547 
548 		list_move(&req->list, &port->read_pool);
549 		port->read_started--;
550 	}
551 
552 	/* Push from tty to ldisc; this is handled by a workqueue,
553 	 * so we won't get callbacks and can hold port_lock
554 	 */
555 	if (do_push)
556 		tty_flip_buffer_push(&port->port);
557 
558 
559 	/* We want our data queue to become empty ASAP, keeping data
560 	 * in the tty and ldisc (not here).  If we couldn't push any
561 	 * this time around, there may be trouble unless there's an
562 	 * implicit tty_unthrottle() call on its way...
563 	 *
564 	 * REVISIT we should probably add a timer to keep the tasklet
565 	 * from starving ... but it's not clear that case ever happens.
566 	 */
567 	if (!list_empty(queue) && tty) {
568 		if (!test_bit(TTY_THROTTLED, &tty->flags)) {
569 			if (do_push)
570 				tasklet_schedule(&port->push);
571 			else
572 				pr_warning(PREFIX "%d: RX not scheduled?\n",
573 					port->port_num);
574 		}
575 	}
576 
577 	/* If we're still connected, refill the USB RX queue. */
578 	if (!disconnect && port->port_usb)
579 		gs_start_rx(port);
580 
581 	spin_unlock_irq(&port->port_lock);
582 }
583 
584 static void gs_read_complete(struct usb_ep *ep, struct usb_request *req)
585 {
586 	struct gs_port	*port = ep->driver_data;
587 
588 	/* Queue all received data until the tty layer is ready for it. */
589 	spin_lock(&port->port_lock);
590 	list_add_tail(&req->list, &port->read_queue);
591 	tasklet_schedule(&port->push);
592 	spin_unlock(&port->port_lock);
593 }
594 
595 static void gs_write_complete(struct usb_ep *ep, struct usb_request *req)
596 {
597 	struct gs_port	*port = ep->driver_data;
598 
599 	spin_lock(&port->port_lock);
600 	list_add(&req->list, &port->write_pool);
601 	port->write_started--;
602 
603 	switch (req->status) {
604 	default:
605 		/* presumably a transient fault */
606 		pr_warning("%s: unexpected %s status %d\n",
607 				__func__, ep->name, req->status);
608 		/* FALL THROUGH */
609 	case 0:
610 		/* normal completion */
611 		gs_start_tx(port);
612 		break;
613 
614 	case -ESHUTDOWN:
615 		/* disconnect */
616 		pr_vdebug("%s: %s shutdown\n", __func__, ep->name);
617 		break;
618 	}
619 
620 	spin_unlock(&port->port_lock);
621 }
622 
623 static void gs_free_requests(struct usb_ep *ep, struct list_head *head,
624 							 int *allocated)
625 {
626 	struct usb_request	*req;
627 
628 	while (!list_empty(head)) {
629 		req = list_entry(head->next, struct usb_request, list);
630 		list_del(&req->list);
631 		gs_free_req(ep, req);
632 		if (allocated)
633 			(*allocated)--;
634 	}
635 }
636 
637 static int gs_alloc_requests(struct usb_ep *ep, struct list_head *head,
638 		void (*fn)(struct usb_ep *, struct usb_request *),
639 		int *allocated)
640 {
641 	int			i;
642 	struct usb_request	*req;
643 	int n = allocated ? QUEUE_SIZE - *allocated : QUEUE_SIZE;
644 
645 	/* Pre-allocate up to QUEUE_SIZE transfers, but if we can't
646 	 * do quite that many this time, don't fail ... we just won't
647 	 * be as speedy as we might otherwise be.
648 	 */
649 	for (i = 0; i < n; i++) {
650 		req = gs_alloc_req(ep, ep->maxpacket, GFP_ATOMIC);
651 		if (!req)
652 			return list_empty(head) ? -ENOMEM : 0;
653 		req->complete = fn;
654 		list_add_tail(&req->list, head);
655 		if (allocated)
656 			(*allocated)++;
657 	}
658 	return 0;
659 }
660 
661 /**
662  * gs_start_io - start USB I/O streams
663  * @dev: encapsulates endpoints to use
664  * Context: holding port_lock; port_tty and port_usb are non-null
665  *
666  * We only start I/O when something is connected to both sides of
667  * this port.  If nothing is listening on the host side, we may
668  * be pointlessly filling up our TX buffers and FIFO.
669  */
670 static int gs_start_io(struct gs_port *port)
671 {
672 	struct list_head	*head = &port->read_pool;
673 	struct usb_ep		*ep = port->port_usb->out;
674 	int			status;
675 	unsigned		started;
676 
677 	/* Allocate RX and TX I/O buffers.  We can't easily do this much
678 	 * earlier (with GFP_KERNEL) because the requests are coupled to
679 	 * endpoints, as are the packet sizes we'll be using.  Different
680 	 * configurations may use different endpoints with a given port;
681 	 * and high speed vs full speed changes packet sizes too.
682 	 */
683 	status = gs_alloc_requests(ep, head, gs_read_complete,
684 		&port->read_allocated);
685 	if (status)
686 		return status;
687 
688 	status = gs_alloc_requests(port->port_usb->in, &port->write_pool,
689 			gs_write_complete, &port->write_allocated);
690 	if (status) {
691 		gs_free_requests(ep, head, &port->read_allocated);
692 		return status;
693 	}
694 
695 	/* queue read requests */
696 	port->n_read = 0;
697 	started = gs_start_rx(port);
698 
699 	/* unblock any pending writes into our circular buffer */
700 	if (started) {
701 		tty_wakeup(port->port.tty);
702 	} else {
703 		gs_free_requests(ep, head, &port->read_allocated);
704 		gs_free_requests(port->port_usb->in, &port->write_pool,
705 			&port->write_allocated);
706 		status = -EIO;
707 	}
708 
709 	return status;
710 }
711 
712 /*-------------------------------------------------------------------------*/
713 
714 /* TTY Driver */
715 
716 /*
717  * gs_open sets up the link between a gs_port and its associated TTY.
718  * That link is broken *only* by TTY close(), and all driver methods
719  * know that.
720  */
721 static int gs_open(struct tty_struct *tty, struct file *file)
722 {
723 	int		port_num = tty->index;
724 	struct gs_port	*port;
725 	int		status;
726 
727 	do {
728 		mutex_lock(&ports[port_num].lock);
729 		port = ports[port_num].port;
730 		if (!port)
731 			status = -ENODEV;
732 		else {
733 			spin_lock_irq(&port->port_lock);
734 
735 			/* already open?  Great. */
736 			if (port->port.count) {
737 				status = 0;
738 				port->port.count++;
739 
740 			/* currently opening/closing? wait ... */
741 			} else if (port->openclose) {
742 				status = -EBUSY;
743 
744 			/* ... else we do the work */
745 			} else {
746 				status = -EAGAIN;
747 				port->openclose = true;
748 			}
749 			spin_unlock_irq(&port->port_lock);
750 		}
751 		mutex_unlock(&ports[port_num].lock);
752 
753 		switch (status) {
754 		default:
755 			/* fully handled */
756 			return status;
757 		case -EAGAIN:
758 			/* must do the work */
759 			break;
760 		case -EBUSY:
761 			/* wait for EAGAIN task to finish */
762 			msleep(1);
763 			/* REVISIT could have a waitchannel here, if
764 			 * concurrent open performance is important
765 			 */
766 			break;
767 		}
768 	} while (status != -EAGAIN);
769 
770 	/* Do the "real open" */
771 	spin_lock_irq(&port->port_lock);
772 
773 	/* allocate circular buffer on first open */
774 	if (port->port_write_buf.buf_buf == NULL) {
775 
776 		spin_unlock_irq(&port->port_lock);
777 		status = gs_buf_alloc(&port->port_write_buf, WRITE_BUF_SIZE);
778 		spin_lock_irq(&port->port_lock);
779 
780 		if (status) {
781 			pr_debug("gs_open: ttyGS%d (%p,%p) no buffer\n",
782 				port->port_num, tty, file);
783 			port->openclose = false;
784 			goto exit_unlock_port;
785 		}
786 	}
787 
788 	/* REVISIT if REMOVED (ports[].port NULL), abort the open
789 	 * to let rmmod work faster (but this way isn't wrong).
790 	 */
791 
792 	/* REVISIT maybe wait for "carrier detect" */
793 
794 	tty->driver_data = port;
795 	port->port.tty = tty;
796 
797 	port->port.count = 1;
798 	port->openclose = false;
799 
800 	/* if connected, start the I/O stream */
801 	if (port->port_usb) {
802 		struct gserial	*gser = port->port_usb;
803 
804 		pr_debug("gs_open: start ttyGS%d\n", port->port_num);
805 		gs_start_io(port);
806 
807 		if (gser->connect)
808 			gser->connect(gser);
809 	}
810 
811 	pr_debug("gs_open: ttyGS%d (%p,%p)\n", port->port_num, tty, file);
812 
813 	status = 0;
814 
815 exit_unlock_port:
816 	spin_unlock_irq(&port->port_lock);
817 	return status;
818 }
819 
820 static int gs_writes_finished(struct gs_port *p)
821 {
822 	int cond;
823 
824 	/* return true on disconnect or empty buffer */
825 	spin_lock_irq(&p->port_lock);
826 	cond = (p->port_usb == NULL) || !gs_buf_data_avail(&p->port_write_buf);
827 	spin_unlock_irq(&p->port_lock);
828 
829 	return cond;
830 }
831 
832 static void gs_close(struct tty_struct *tty, struct file *file)
833 {
834 	struct gs_port *port = tty->driver_data;
835 	struct gserial	*gser;
836 
837 	spin_lock_irq(&port->port_lock);
838 
839 	if (port->port.count != 1) {
840 		if (port->port.count == 0)
841 			WARN_ON(1);
842 		else
843 			--port->port.count;
844 		goto exit;
845 	}
846 
847 	pr_debug("gs_close: ttyGS%d (%p,%p) ...\n", port->port_num, tty, file);
848 
849 	/* mark port as closing but in use; we can drop port lock
850 	 * and sleep if necessary
851 	 */
852 	port->openclose = true;
853 	port->port.count = 0;
854 
855 	gser = port->port_usb;
856 	if (gser && gser->disconnect)
857 		gser->disconnect(gser);
858 
859 	/* wait for circular write buffer to drain, disconnect, or at
860 	 * most GS_CLOSE_TIMEOUT seconds; then discard the rest
861 	 */
862 	if (gs_buf_data_avail(&port->port_write_buf) > 0 && gser) {
863 		spin_unlock_irq(&port->port_lock);
864 		wait_event_interruptible_timeout(port->drain_wait,
865 					gs_writes_finished(port),
866 					GS_CLOSE_TIMEOUT * HZ);
867 		spin_lock_irq(&port->port_lock);
868 		gser = port->port_usb;
869 	}
870 
871 	/* Iff we're disconnected, there can be no I/O in flight so it's
872 	 * ok to free the circular buffer; else just scrub it.  And don't
873 	 * let the push tasklet fire again until we're re-opened.
874 	 */
875 	if (gser == NULL)
876 		gs_buf_free(&port->port_write_buf);
877 	else
878 		gs_buf_clear(&port->port_write_buf);
879 
880 	tty->driver_data = NULL;
881 	port->port.tty = NULL;
882 
883 	port->openclose = false;
884 
885 	pr_debug("gs_close: ttyGS%d (%p,%p) done!\n",
886 			port->port_num, tty, file);
887 
888 	wake_up(&port->port.close_wait);
889 exit:
890 	spin_unlock_irq(&port->port_lock);
891 }
892 
893 static int gs_write(struct tty_struct *tty, const unsigned char *buf, int count)
894 {
895 	struct gs_port	*port = tty->driver_data;
896 	unsigned long	flags;
897 	int		status;
898 
899 	pr_vdebug("gs_write: ttyGS%d (%p) writing %d bytes\n",
900 			port->port_num, tty, count);
901 
902 	spin_lock_irqsave(&port->port_lock, flags);
903 	if (count)
904 		count = gs_buf_put(&port->port_write_buf, buf, count);
905 	/* treat count == 0 as flush_chars() */
906 	if (port->port_usb)
907 		status = gs_start_tx(port);
908 	spin_unlock_irqrestore(&port->port_lock, flags);
909 
910 	return count;
911 }
912 
913 static int gs_put_char(struct tty_struct *tty, unsigned char ch)
914 {
915 	struct gs_port	*port = tty->driver_data;
916 	unsigned long	flags;
917 	int		status;
918 
919 	pr_vdebug("gs_put_char: (%d,%p) char=0x%x, called from %pf\n",
920 		port->port_num, tty, ch, __builtin_return_address(0));
921 
922 	spin_lock_irqsave(&port->port_lock, flags);
923 	status = gs_buf_put(&port->port_write_buf, &ch, 1);
924 	spin_unlock_irqrestore(&port->port_lock, flags);
925 
926 	return status;
927 }
928 
929 static void gs_flush_chars(struct tty_struct *tty)
930 {
931 	struct gs_port	*port = tty->driver_data;
932 	unsigned long	flags;
933 
934 	pr_vdebug("gs_flush_chars: (%d,%p)\n", port->port_num, tty);
935 
936 	spin_lock_irqsave(&port->port_lock, flags);
937 	if (port->port_usb)
938 		gs_start_tx(port);
939 	spin_unlock_irqrestore(&port->port_lock, flags);
940 }
941 
942 static int gs_write_room(struct tty_struct *tty)
943 {
944 	struct gs_port	*port = tty->driver_data;
945 	unsigned long	flags;
946 	int		room = 0;
947 
948 	spin_lock_irqsave(&port->port_lock, flags);
949 	if (port->port_usb)
950 		room = gs_buf_space_avail(&port->port_write_buf);
951 	spin_unlock_irqrestore(&port->port_lock, flags);
952 
953 	pr_vdebug("gs_write_room: (%d,%p) room=%d\n",
954 		port->port_num, tty, room);
955 
956 	return room;
957 }
958 
959 static int gs_chars_in_buffer(struct tty_struct *tty)
960 {
961 	struct gs_port	*port = tty->driver_data;
962 	unsigned long	flags;
963 	int		chars = 0;
964 
965 	spin_lock_irqsave(&port->port_lock, flags);
966 	chars = gs_buf_data_avail(&port->port_write_buf);
967 	spin_unlock_irqrestore(&port->port_lock, flags);
968 
969 	pr_vdebug("gs_chars_in_buffer: (%d,%p) chars=%d\n",
970 		port->port_num, tty, chars);
971 
972 	return chars;
973 }
974 
975 /* undo side effects of setting TTY_THROTTLED */
976 static void gs_unthrottle(struct tty_struct *tty)
977 {
978 	struct gs_port		*port = tty->driver_data;
979 	unsigned long		flags;
980 
981 	spin_lock_irqsave(&port->port_lock, flags);
982 	if (port->port_usb) {
983 		/* Kickstart read queue processing.  We don't do xon/xoff,
984 		 * rts/cts, or other handshaking with the host, but if the
985 		 * read queue backs up enough we'll be NAKing OUT packets.
986 		 */
987 		tasklet_schedule(&port->push);
988 		pr_vdebug(PREFIX "%d: unthrottle\n", port->port_num);
989 	}
990 	spin_unlock_irqrestore(&port->port_lock, flags);
991 }
992 
993 static int gs_break_ctl(struct tty_struct *tty, int duration)
994 {
995 	struct gs_port	*port = tty->driver_data;
996 	int		status = 0;
997 	struct gserial	*gser;
998 
999 	pr_vdebug("gs_break_ctl: ttyGS%d, send break (%d) \n",
1000 			port->port_num, duration);
1001 
1002 	spin_lock_irq(&port->port_lock);
1003 	gser = port->port_usb;
1004 	if (gser && gser->send_break)
1005 		status = gser->send_break(gser, duration);
1006 	spin_unlock_irq(&port->port_lock);
1007 
1008 	return status;
1009 }
1010 
1011 static const struct tty_operations gs_tty_ops = {
1012 	.open =			gs_open,
1013 	.close =		gs_close,
1014 	.write =		gs_write,
1015 	.put_char =		gs_put_char,
1016 	.flush_chars =		gs_flush_chars,
1017 	.write_room =		gs_write_room,
1018 	.chars_in_buffer =	gs_chars_in_buffer,
1019 	.unthrottle =		gs_unthrottle,
1020 	.break_ctl =		gs_break_ctl,
1021 };
1022 
1023 /*-------------------------------------------------------------------------*/
1024 
1025 static struct tty_driver *gs_tty_driver;
1026 
1027 static int
1028 gs_port_alloc(unsigned port_num, struct usb_cdc_line_coding *coding)
1029 {
1030 	struct gs_port	*port;
1031 	int		ret = 0;
1032 
1033 	mutex_lock(&ports[port_num].lock);
1034 	if (ports[port_num].port) {
1035 		ret = -EBUSY;
1036 		goto out;
1037 	}
1038 
1039 	port = kzalloc(sizeof(struct gs_port), GFP_KERNEL);
1040 	if (port == NULL) {
1041 		ret = -ENOMEM;
1042 		goto out;
1043 	}
1044 
1045 	tty_port_init(&port->port);
1046 	spin_lock_init(&port->port_lock);
1047 	init_waitqueue_head(&port->drain_wait);
1048 
1049 	tasklet_init(&port->push, gs_rx_push, (unsigned long) port);
1050 
1051 	INIT_LIST_HEAD(&port->read_pool);
1052 	INIT_LIST_HEAD(&port->read_queue);
1053 	INIT_LIST_HEAD(&port->write_pool);
1054 
1055 	port->port_num = port_num;
1056 	port->port_line_coding = *coding;
1057 
1058 	ports[port_num].port = port;
1059 out:
1060 	mutex_unlock(&ports[port_num].lock);
1061 	return ret;
1062 }
1063 
1064 static int gs_closed(struct gs_port *port)
1065 {
1066 	int cond;
1067 
1068 	spin_lock_irq(&port->port_lock);
1069 	cond = (port->port.count == 0) && !port->openclose;
1070 	spin_unlock_irq(&port->port_lock);
1071 	return cond;
1072 }
1073 
1074 static void gserial_free_port(struct gs_port *port)
1075 {
1076 	tasklet_kill(&port->push);
1077 	/* wait for old opens to finish */
1078 	wait_event(port->port.close_wait, gs_closed(port));
1079 	WARN_ON(port->port_usb != NULL);
1080 	tty_port_destroy(&port->port);
1081 	kfree(port);
1082 }
1083 
1084 void gserial_free_line(unsigned char port_num)
1085 {
1086 	struct gs_port	*port;
1087 
1088 	mutex_lock(&ports[port_num].lock);
1089 	if (WARN_ON(!ports[port_num].port)) {
1090 		mutex_unlock(&ports[port_num].lock);
1091 		return;
1092 	}
1093 	port = ports[port_num].port;
1094 	ports[port_num].port = NULL;
1095 	mutex_unlock(&ports[port_num].lock);
1096 
1097 	gserial_free_port(port);
1098 	tty_unregister_device(gs_tty_driver, port_num);
1099 }
1100 EXPORT_SYMBOL_GPL(gserial_free_line);
1101 
1102 int gserial_alloc_line(unsigned char *line_num)
1103 {
1104 	struct usb_cdc_line_coding	coding;
1105 	struct device			*tty_dev;
1106 	int				ret;
1107 	int				port_num;
1108 
1109 	coding.dwDTERate = cpu_to_le32(9600);
1110 	coding.bCharFormat = 8;
1111 	coding.bParityType = USB_CDC_NO_PARITY;
1112 	coding.bDataBits = USB_CDC_1_STOP_BITS;
1113 
1114 	for (port_num = 0; port_num < MAX_U_SERIAL_PORTS; port_num++) {
1115 		ret = gs_port_alloc(port_num, &coding);
1116 		if (ret == -EBUSY)
1117 			continue;
1118 		if (ret)
1119 			return ret;
1120 		break;
1121 	}
1122 	if (ret)
1123 		return ret;
1124 
1125 	/* ... and sysfs class devices, so mdev/udev make /dev/ttyGS* */
1126 
1127 	tty_dev = tty_port_register_device(&ports[port_num].port->port,
1128 			gs_tty_driver, port_num, NULL);
1129 	if (IS_ERR(tty_dev)) {
1130 		struct gs_port	*port;
1131 		pr_err("%s: failed to register tty for port %d, err %ld\n",
1132 				__func__, port_num, PTR_ERR(tty_dev));
1133 
1134 		ret = PTR_ERR(tty_dev);
1135 		port = ports[port_num].port;
1136 		ports[port_num].port = NULL;
1137 		gserial_free_port(port);
1138 		goto err;
1139 	}
1140 	*line_num = port_num;
1141 err:
1142 	return ret;
1143 }
1144 EXPORT_SYMBOL_GPL(gserial_alloc_line);
1145 
1146 /**
1147  * gserial_connect - notify TTY I/O glue that USB link is active
1148  * @gser: the function, set up with endpoints and descriptors
1149  * @port_num: which port is active
1150  * Context: any (usually from irq)
1151  *
1152  * This is called activate endpoints and let the TTY layer know that
1153  * the connection is active ... not unlike "carrier detect".  It won't
1154  * necessarily start I/O queues; unless the TTY is held open by any
1155  * task, there would be no point.  However, the endpoints will be
1156  * activated so the USB host can perform I/O, subject to basic USB
1157  * hardware flow control.
1158  *
1159  * Caller needs to have set up the endpoints and USB function in @dev
1160  * before calling this, as well as the appropriate (speed-specific)
1161  * endpoint descriptors, and also have allocate @port_num by calling
1162  * @gserial_alloc_line().
1163  *
1164  * Returns negative errno or zero.
1165  * On success, ep->driver_data will be overwritten.
1166  */
1167 int gserial_connect(struct gserial *gser, u8 port_num)
1168 {
1169 	struct gs_port	*port;
1170 	unsigned long	flags;
1171 	int		status;
1172 
1173 	if (port_num >= MAX_U_SERIAL_PORTS)
1174 		return -ENXIO;
1175 
1176 	port = ports[port_num].port;
1177 	if (!port) {
1178 		pr_err("serial line %d not allocated.\n", port_num);
1179 		return -EINVAL;
1180 	}
1181 	if (port->port_usb) {
1182 		pr_err("serial line %d is in use.\n", port_num);
1183 		return -EBUSY;
1184 	}
1185 
1186 	/* activate the endpoints */
1187 	status = usb_ep_enable(gser->in);
1188 	if (status < 0)
1189 		return status;
1190 	gser->in->driver_data = port;
1191 
1192 	status = usb_ep_enable(gser->out);
1193 	if (status < 0)
1194 		goto fail_out;
1195 	gser->out->driver_data = port;
1196 
1197 	/* then tell the tty glue that I/O can work */
1198 	spin_lock_irqsave(&port->port_lock, flags);
1199 	gser->ioport = port;
1200 	port->port_usb = gser;
1201 
1202 	/* REVISIT unclear how best to handle this state...
1203 	 * we don't really couple it with the Linux TTY.
1204 	 */
1205 	gser->port_line_coding = port->port_line_coding;
1206 
1207 	/* REVISIT if waiting on "carrier detect", signal. */
1208 
1209 	/* if it's already open, start I/O ... and notify the serial
1210 	 * protocol about open/close status (connect/disconnect).
1211 	 */
1212 	if (port->port.count) {
1213 		pr_debug("gserial_connect: start ttyGS%d\n", port->port_num);
1214 		gs_start_io(port);
1215 		if (gser->connect)
1216 			gser->connect(gser);
1217 	} else {
1218 		if (gser->disconnect)
1219 			gser->disconnect(gser);
1220 	}
1221 
1222 	spin_unlock_irqrestore(&port->port_lock, flags);
1223 
1224 	return status;
1225 
1226 fail_out:
1227 	usb_ep_disable(gser->in);
1228 	gser->in->driver_data = NULL;
1229 	return status;
1230 }
1231 EXPORT_SYMBOL_GPL(gserial_connect);
1232 /**
1233  * gserial_disconnect - notify TTY I/O glue that USB link is inactive
1234  * @gser: the function, on which gserial_connect() was called
1235  * Context: any (usually from irq)
1236  *
1237  * This is called to deactivate endpoints and let the TTY layer know
1238  * that the connection went inactive ... not unlike "hangup".
1239  *
1240  * On return, the state is as if gserial_connect() had never been called;
1241  * there is no active USB I/O on these endpoints.
1242  */
1243 void gserial_disconnect(struct gserial *gser)
1244 {
1245 	struct gs_port	*port = gser->ioport;
1246 	unsigned long	flags;
1247 
1248 	if (!port)
1249 		return;
1250 
1251 	/* tell the TTY glue not to do I/O here any more */
1252 	spin_lock_irqsave(&port->port_lock, flags);
1253 
1254 	/* REVISIT as above: how best to track this? */
1255 	port->port_line_coding = gser->port_line_coding;
1256 
1257 	port->port_usb = NULL;
1258 	gser->ioport = NULL;
1259 	if (port->port.count > 0 || port->openclose) {
1260 		wake_up_interruptible(&port->drain_wait);
1261 		if (port->port.tty)
1262 			tty_hangup(port->port.tty);
1263 	}
1264 	spin_unlock_irqrestore(&port->port_lock, flags);
1265 
1266 	/* disable endpoints, aborting down any active I/O */
1267 	usb_ep_disable(gser->out);
1268 	gser->out->driver_data = NULL;
1269 
1270 	usb_ep_disable(gser->in);
1271 	gser->in->driver_data = NULL;
1272 
1273 	/* finally, free any unused/unusable I/O buffers */
1274 	spin_lock_irqsave(&port->port_lock, flags);
1275 	if (port->port.count == 0 && !port->openclose)
1276 		gs_buf_free(&port->port_write_buf);
1277 	gs_free_requests(gser->out, &port->read_pool, NULL);
1278 	gs_free_requests(gser->out, &port->read_queue, NULL);
1279 	gs_free_requests(gser->in, &port->write_pool, NULL);
1280 
1281 	port->read_allocated = port->read_started =
1282 		port->write_allocated = port->write_started = 0;
1283 
1284 	spin_unlock_irqrestore(&port->port_lock, flags);
1285 }
1286 EXPORT_SYMBOL_GPL(gserial_disconnect);
1287 
1288 static int userial_init(void)
1289 {
1290 	unsigned			i;
1291 	int				status;
1292 
1293 	gs_tty_driver = alloc_tty_driver(MAX_U_SERIAL_PORTS);
1294 	if (!gs_tty_driver)
1295 		return -ENOMEM;
1296 
1297 	gs_tty_driver->driver_name = "g_serial";
1298 	gs_tty_driver->name = PREFIX;
1299 	/* uses dynamically assigned dev_t values */
1300 
1301 	gs_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1302 	gs_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1303 	gs_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1304 	gs_tty_driver->init_termios = tty_std_termios;
1305 
1306 	/* 9600-8-N-1 ... matches defaults expected by "usbser.sys" on
1307 	 * MS-Windows.  Otherwise, most of these flags shouldn't affect
1308 	 * anything unless we were to actually hook up to a serial line.
1309 	 */
1310 	gs_tty_driver->init_termios.c_cflag =
1311 			B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1312 	gs_tty_driver->init_termios.c_ispeed = 9600;
1313 	gs_tty_driver->init_termios.c_ospeed = 9600;
1314 
1315 	tty_set_operations(gs_tty_driver, &gs_tty_ops);
1316 	for (i = 0; i < MAX_U_SERIAL_PORTS; i++)
1317 		mutex_init(&ports[i].lock);
1318 
1319 	/* export the driver ... */
1320 	status = tty_register_driver(gs_tty_driver);
1321 	if (status) {
1322 		pr_err("%s: cannot register, err %d\n",
1323 				__func__, status);
1324 		goto fail;
1325 	}
1326 
1327 	pr_debug("%s: registered %d ttyGS* device%s\n", __func__,
1328 			MAX_U_SERIAL_PORTS,
1329 			(MAX_U_SERIAL_PORTS == 1) ? "" : "s");
1330 
1331 	return status;
1332 fail:
1333 	put_tty_driver(gs_tty_driver);
1334 	gs_tty_driver = NULL;
1335 	return status;
1336 }
1337 module_init(userial_init);
1338 
1339 static void userial_cleanup(void)
1340 {
1341 	tty_unregister_driver(gs_tty_driver);
1342 	put_tty_driver(gs_tty_driver);
1343 	gs_tty_driver = NULL;
1344 }
1345 module_exit(userial_cleanup);
1346 
1347 MODULE_LICENSE("GPL");
1348