1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * drivers/usb/class/usbtmc.c - USB Test & Measurement class driver 4 * 5 * Copyright (C) 2007 Stefan Kopp, Gechingen, Germany 6 * Copyright (C) 2008 Novell, Inc. 7 * Copyright (C) 2008 Greg Kroah-Hartman <gregkh@suse.de> 8 * Copyright (C) 2018 IVI Foundation, Inc. 9 */ 10 11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12 13#include <linux/module.h> 14#include <linux/kernel.h> 15#include <linux/fs.h> 16#include <linux/uaccess.h> 17#include <linux/kref.h> 18#include <linux/slab.h> 19#include <linux/poll.h> 20#include <linux/mutex.h> 21#include <linux/usb.h> 22#include <linux/compat.h> 23#include <linux/usb/tmc.h> 24 25/* Increment API VERSION when changing tmc.h with new flags or ioctls 26 * or when changing a significant behavior of the driver. 27 */ 28#define USBTMC_API_VERSION (3) 29 30#define USBTMC_HEADER_SIZE 12 31#define USBTMC_MINOR_BASE 176 32 33/* Minimum USB timeout (in milliseconds) */ 34#define USBTMC_MIN_TIMEOUT 100 35/* Default USB timeout (in milliseconds) */ 36#define USBTMC_TIMEOUT 5000 37 38/* Max number of urbs used in write transfers */ 39#define MAX_URBS_IN_FLIGHT 16 40/* I/O buffer size used in generic read/write functions */ 41#define USBTMC_BUFSIZE (4096) 42 43/* 44 * Maximum number of read cycles to empty bulk in endpoint during CLEAR and 45 * ABORT_BULK_IN requests. Ends the loop if (for whatever reason) a short 46 * packet is never read. 47 */ 48#define USBTMC_MAX_READS_TO_CLEAR_BULK_IN 100 49 50static const struct usb_device_id usbtmc_devices[] = { 51 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 0), }, 52 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 1), }, 53 { 0, } /* terminating entry */ 54}; 55MODULE_DEVICE_TABLE(usb, usbtmc_devices); 56 57/* 58 * This structure is the capabilities for the device 59 * See section 4.2.1.8 of the USBTMC specification, 60 * and section 4.2.2 of the USBTMC usb488 subclass 61 * specification for details. 62 */ 63struct usbtmc_dev_capabilities { 64 __u8 interface_capabilities; 65 __u8 device_capabilities; 66 __u8 usb488_interface_capabilities; 67 __u8 usb488_device_capabilities; 68}; 69 70/* This structure holds private data for each USBTMC device. One copy is 71 * allocated for each USBTMC device in the driver's probe function. 72 */ 73struct usbtmc_device_data { 74 const struct usb_device_id *id; 75 struct usb_device *usb_dev; 76 struct usb_interface *intf; 77 struct list_head file_list; 78 79 unsigned int bulk_in; 80 unsigned int bulk_out; 81 82 u8 bTag; 83 u8 bTag_last_write; /* needed for abort */ 84 u8 bTag_last_read; /* needed for abort */ 85 86 /* packet size of IN bulk */ 87 u16 wMaxPacketSize; 88 89 /* data for interrupt in endpoint handling */ 90 u8 bNotify1; 91 u8 bNotify2; 92 u16 ifnum; 93 u8 iin_bTag; 94 u8 *iin_buffer; 95 atomic_t iin_data_valid; 96 unsigned int iin_ep; 97 int iin_ep_present; 98 int iin_interval; 99 struct urb *iin_urb; 100 u16 iin_wMaxPacketSize; 101 102 /* coalesced usb488_caps from usbtmc_dev_capabilities */ 103 __u8 usb488_caps; 104 105 bool zombie; /* fd of disconnected device */ 106 107 struct usbtmc_dev_capabilities capabilities; 108 struct kref kref; 109 struct mutex io_mutex; /* only one i/o function running at a time */ 110 wait_queue_head_t waitq; 111 struct fasync_struct *fasync; 112 spinlock_t dev_lock; /* lock for file_list */ 113}; 114#define to_usbtmc_data(d) container_of(d, struct usbtmc_device_data, kref) 115 116/* 117 * This structure holds private data for each USBTMC file handle. 118 */ 119struct usbtmc_file_data { 120 struct usbtmc_device_data *data; 121 struct list_head file_elem; 122 123 u32 timeout; 124 u8 srq_byte; 125 atomic_t srq_asserted; 126 atomic_t closing; 127 u8 bmTransferAttributes; /* member of DEV_DEP_MSG_IN */ 128 129 u8 eom_val; 130 u8 term_char; 131 bool term_char_enabled; 132 bool auto_abort; 133 134 spinlock_t err_lock; /* lock for errors */ 135 136 struct usb_anchor submitted; 137 138 /* data for generic_write */ 139 struct semaphore limit_write_sem; 140 u32 out_transfer_size; 141 int out_status; 142 143 /* data for generic_read */ 144 u32 in_transfer_size; 145 int in_status; 146 int in_urbs_used; 147 struct usb_anchor in_anchor; 148 wait_queue_head_t wait_bulk_in; 149}; 150 151/* Forward declarations */ 152static struct usb_driver usbtmc_driver; 153static void usbtmc_draw_down(struct usbtmc_file_data *file_data); 154 155static void usbtmc_delete(struct kref *kref) 156{ 157 struct usbtmc_device_data *data = to_usbtmc_data(kref); 158 159 usb_put_dev(data->usb_dev); 160 kfree(data); 161} 162 163static int usbtmc_open(struct inode *inode, struct file *filp) 164{ 165 struct usb_interface *intf; 166 struct usbtmc_device_data *data; 167 struct usbtmc_file_data *file_data; 168 169 intf = usb_find_interface(&usbtmc_driver, iminor(inode)); 170 if (!intf) { 171 pr_err("can not find device for minor %d", iminor(inode)); 172 return -ENODEV; 173 } 174 175 file_data = kzalloc(sizeof(*file_data), GFP_KERNEL); 176 if (!file_data) 177 return -ENOMEM; 178 179 spin_lock_init(&file_data->err_lock); 180 sema_init(&file_data->limit_write_sem, MAX_URBS_IN_FLIGHT); 181 init_usb_anchor(&file_data->submitted); 182 init_usb_anchor(&file_data->in_anchor); 183 init_waitqueue_head(&file_data->wait_bulk_in); 184 185 data = usb_get_intfdata(intf); 186 /* Protect reference to data from file structure until release */ 187 kref_get(&data->kref); 188 189 mutex_lock(&data->io_mutex); 190 file_data->data = data; 191 192 atomic_set(&file_data->closing, 0); 193 194 file_data->timeout = USBTMC_TIMEOUT; 195 file_data->term_char = '\n'; 196 file_data->term_char_enabled = 0; 197 file_data->auto_abort = 0; 198 file_data->eom_val = 1; 199 200 INIT_LIST_HEAD(&file_data->file_elem); 201 spin_lock_irq(&data->dev_lock); 202 list_add_tail(&file_data->file_elem, &data->file_list); 203 spin_unlock_irq(&data->dev_lock); 204 mutex_unlock(&data->io_mutex); 205 206 /* Store pointer in file structure's private data field */ 207 filp->private_data = file_data; 208 209 return 0; 210} 211 212/* 213 * usbtmc_flush - called before file handle is closed 214 */ 215static int usbtmc_flush(struct file *file, fl_owner_t id) 216{ 217 struct usbtmc_file_data *file_data; 218 struct usbtmc_device_data *data; 219 220 file_data = file->private_data; 221 if (file_data == NULL) 222 return -ENODEV; 223 224 atomic_set(&file_data->closing, 1); 225 data = file_data->data; 226 227 /* wait for io to stop */ 228 mutex_lock(&data->io_mutex); 229 230 usbtmc_draw_down(file_data); 231 232 spin_lock_irq(&file_data->err_lock); 233 file_data->in_status = 0; 234 file_data->in_transfer_size = 0; 235 file_data->in_urbs_used = 0; 236 file_data->out_status = 0; 237 file_data->out_transfer_size = 0; 238 spin_unlock_irq(&file_data->err_lock); 239 240 wake_up_interruptible_all(&data->waitq); 241 mutex_unlock(&data->io_mutex); 242 243 return 0; 244} 245 246static int usbtmc_release(struct inode *inode, struct file *file) 247{ 248 struct usbtmc_file_data *file_data = file->private_data; 249 250 /* prevent IO _AND_ usbtmc_interrupt */ 251 mutex_lock(&file_data->data->io_mutex); 252 spin_lock_irq(&file_data->data->dev_lock); 253 254 list_del(&file_data->file_elem); 255 256 spin_unlock_irq(&file_data->data->dev_lock); 257 mutex_unlock(&file_data->data->io_mutex); 258 259 kref_put(&file_data->data->kref, usbtmc_delete); 260 file_data->data = NULL; 261 kfree(file_data); 262 return 0; 263} 264 265static int usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data *data, 266 u8 tag) 267{ 268 u8 *buffer; 269 struct device *dev; 270 int rv; 271 int n; 272 int actual; 273 274 dev = &data->intf->dev; 275 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL); 276 if (!buffer) 277 return -ENOMEM; 278 279 rv = usb_control_msg(data->usb_dev, 280 usb_rcvctrlpipe(data->usb_dev, 0), 281 USBTMC_REQUEST_INITIATE_ABORT_BULK_IN, 282 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 283 tag, data->bulk_in, 284 buffer, 2, USB_CTRL_GET_TIMEOUT); 285 286 if (rv < 0) { 287 dev_err(dev, "usb_control_msg returned %d\n", rv); 288 goto exit; 289 } 290 291 dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x with tag %02x\n", 292 buffer[0], buffer[1]); 293 294 if (buffer[0] == USBTMC_STATUS_FAILED) { 295 /* No transfer in progress and the Bulk-OUT FIFO is empty. */ 296 rv = 0; 297 goto exit; 298 } 299 300 if (buffer[0] == USBTMC_STATUS_TRANSFER_NOT_IN_PROGRESS) { 301 /* The device returns this status if either: 302 * - There is a transfer in progress, but the specified bTag 303 * does not match. 304 * - There is no transfer in progress, but the Bulk-OUT FIFO 305 * is not empty. 306 */ 307 rv = -ENOMSG; 308 goto exit; 309 } 310 311 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 312 dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n", 313 buffer[0]); 314 rv = -EPERM; 315 goto exit; 316 } 317 318 n = 0; 319 320usbtmc_abort_bulk_in_status: 321 dev_dbg(dev, "Reading from bulk in EP\n"); 322 323 /* Data must be present. So use low timeout 300 ms */ 324 actual = 0; 325 rv = usb_bulk_msg(data->usb_dev, 326 usb_rcvbulkpipe(data->usb_dev, 327 data->bulk_in), 328 buffer, USBTMC_BUFSIZE, 329 &actual, 300); 330 331 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1, 332 buffer, actual, true); 333 334 n++; 335 336 if (rv < 0) { 337 dev_err(dev, "usb_bulk_msg returned %d\n", rv); 338 if (rv != -ETIMEDOUT) 339 goto exit; 340 } 341 342 if (actual == USBTMC_BUFSIZE) 343 goto usbtmc_abort_bulk_in_status; 344 345 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) { 346 dev_err(dev, "Couldn't clear device buffer within %d cycles\n", 347 USBTMC_MAX_READS_TO_CLEAR_BULK_IN); 348 rv = -EPERM; 349 goto exit; 350 } 351 352 rv = usb_control_msg(data->usb_dev, 353 usb_rcvctrlpipe(data->usb_dev, 0), 354 USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS, 355 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 356 0, data->bulk_in, buffer, 0x08, 357 USB_CTRL_GET_TIMEOUT); 358 359 if (rv < 0) { 360 dev_err(dev, "usb_control_msg returned %d\n", rv); 361 goto exit; 362 } 363 364 dev_dbg(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]); 365 366 if (buffer[0] == USBTMC_STATUS_SUCCESS) { 367 rv = 0; 368 goto exit; 369 } 370 371 if (buffer[0] != USBTMC_STATUS_PENDING) { 372 dev_err(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]); 373 rv = -EPERM; 374 goto exit; 375 } 376 377 if ((buffer[1] & 1) > 0) { 378 /* The device has 1 or more queued packets the Host can read */ 379 goto usbtmc_abort_bulk_in_status; 380 } 381 382 /* The Host must send CHECK_ABORT_BULK_IN_STATUS at a later time. */ 383 rv = -EAGAIN; 384exit: 385 kfree(buffer); 386 return rv; 387} 388 389static int usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data *data) 390{ 391 return usbtmc_ioctl_abort_bulk_in_tag(data, data->bTag_last_read); 392} 393 394static int usbtmc_ioctl_abort_bulk_out_tag(struct usbtmc_device_data *data, 395 u8 tag) 396{ 397 struct device *dev; 398 u8 *buffer; 399 int rv; 400 int n; 401 402 dev = &data->intf->dev; 403 404 buffer = kmalloc(8, GFP_KERNEL); 405 if (!buffer) 406 return -ENOMEM; 407 408 rv = usb_control_msg(data->usb_dev, 409 usb_rcvctrlpipe(data->usb_dev, 0), 410 USBTMC_REQUEST_INITIATE_ABORT_BULK_OUT, 411 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 412 tag, data->bulk_out, 413 buffer, 2, USB_CTRL_GET_TIMEOUT); 414 415 if (rv < 0) { 416 dev_err(dev, "usb_control_msg returned %d\n", rv); 417 goto exit; 418 } 419 420 dev_dbg(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", buffer[0]); 421 422 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 423 dev_err(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", 424 buffer[0]); 425 rv = -EPERM; 426 goto exit; 427 } 428 429 n = 0; 430 431usbtmc_abort_bulk_out_check_status: 432 /* do not stress device with subsequent requests */ 433 msleep(50); 434 rv = usb_control_msg(data->usb_dev, 435 usb_rcvctrlpipe(data->usb_dev, 0), 436 USBTMC_REQUEST_CHECK_ABORT_BULK_OUT_STATUS, 437 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT, 438 0, data->bulk_out, buffer, 0x08, 439 USB_CTRL_GET_TIMEOUT); 440 n++; 441 if (rv < 0) { 442 dev_err(dev, "usb_control_msg returned %d\n", rv); 443 goto exit; 444 } 445 446 dev_dbg(dev, "CHECK_ABORT_BULK_OUT returned %x\n", buffer[0]); 447 448 if (buffer[0] == USBTMC_STATUS_SUCCESS) 449 goto usbtmc_abort_bulk_out_clear_halt; 450 451 if ((buffer[0] == USBTMC_STATUS_PENDING) && 452 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN)) 453 goto usbtmc_abort_bulk_out_check_status; 454 455 rv = -EPERM; 456 goto exit; 457 458usbtmc_abort_bulk_out_clear_halt: 459 rv = usb_clear_halt(data->usb_dev, 460 usb_sndbulkpipe(data->usb_dev, data->bulk_out)); 461 462 if (rv < 0) { 463 dev_err(dev, "usb_control_msg returned %d\n", rv); 464 goto exit; 465 } 466 rv = 0; 467 468exit: 469 kfree(buffer); 470 return rv; 471} 472 473static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data) 474{ 475 return usbtmc_ioctl_abort_bulk_out_tag(data, data->bTag_last_write); 476} 477 478static int usbtmc_get_stb(struct usbtmc_file_data *file_data, __u8 *stb) 479{ 480 struct usbtmc_device_data *data = file_data->data; 481 struct device *dev = &data->intf->dev; 482 u8 *buffer; 483 u8 tag; 484 int rv; 485 486 dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n", 487 data->iin_ep_present); 488 489 buffer = kmalloc(8, GFP_KERNEL); 490 if (!buffer) 491 return -ENOMEM; 492 493 atomic_set(&data->iin_data_valid, 0); 494 495 rv = usb_control_msg(data->usb_dev, 496 usb_rcvctrlpipe(data->usb_dev, 0), 497 USBTMC488_REQUEST_READ_STATUS_BYTE, 498 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 499 data->iin_bTag, 500 data->ifnum, 501 buffer, 0x03, USB_CTRL_GET_TIMEOUT); 502 if (rv < 0) { 503 dev_err(dev, "stb usb_control_msg returned %d\n", rv); 504 goto exit; 505 } 506 507 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 508 dev_err(dev, "control status returned %x\n", buffer[0]); 509 rv = -EIO; 510 goto exit; 511 } 512 513 if (data->iin_ep_present) { 514 rv = wait_event_interruptible_timeout( 515 data->waitq, 516 atomic_read(&data->iin_data_valid) != 0, 517 file_data->timeout); 518 if (rv < 0) { 519 dev_dbg(dev, "wait interrupted %d\n", rv); 520 goto exit; 521 } 522 523 if (rv == 0) { 524 dev_dbg(dev, "wait timed out\n"); 525 rv = -ETIMEDOUT; 526 goto exit; 527 } 528 529 tag = data->bNotify1 & 0x7f; 530 if (tag != data->iin_bTag) { 531 dev_err(dev, "expected bTag %x got %x\n", 532 data->iin_bTag, tag); 533 } 534 535 *stb = data->bNotify2; 536 } else { 537 *stb = buffer[2]; 538 } 539 540 dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)*stb, rv); 541 542 exit: 543 /* bump interrupt bTag */ 544 data->iin_bTag += 1; 545 if (data->iin_bTag > 127) 546 /* 1 is for SRQ see USBTMC-USB488 subclass spec section 4.3.1 */ 547 data->iin_bTag = 2; 548 549 kfree(buffer); 550 return rv; 551} 552 553static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, 554 void __user *arg) 555{ 556 int srq_asserted = 0; 557 __u8 stb; 558 int rv; 559 560 rv = usbtmc_get_stb(file_data, &stb); 561 562 if (rv > 0) { 563 srq_asserted = atomic_xchg(&file_data->srq_asserted, 564 srq_asserted); 565 if (srq_asserted) 566 stb |= 0x40; /* Set RQS bit */ 567 568 rv = put_user(stb, (__u8 __user *)arg); 569 } 570 return rv; 571 572} 573 574static int usbtmc_ioctl_get_srq_stb(struct usbtmc_file_data *file_data, 575 void __user *arg) 576{ 577 struct usbtmc_device_data *data = file_data->data; 578 struct device *dev = &data->intf->dev; 579 int srq_asserted = 0; 580 __u8 stb = 0; 581 int rv; 582 583 spin_lock_irq(&data->dev_lock); 584 srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted); 585 586 if (srq_asserted) { 587 stb = file_data->srq_byte; 588 spin_unlock_irq(&data->dev_lock); 589 rv = put_user(stb, (__u8 __user *)arg); 590 } else { 591 spin_unlock_irq(&data->dev_lock); 592 rv = -ENOMSG; 593 } 594 595 dev_dbg(dev, "stb:0x%02x with srq received %d\n", (unsigned int)stb, rv); 596 597 return rv; 598} 599 600static int usbtmc488_ioctl_wait_srq(struct usbtmc_file_data *file_data, 601 __u32 __user *arg) 602{ 603 struct usbtmc_device_data *data = file_data->data; 604 struct device *dev = &data->intf->dev; 605 int rv; 606 u32 timeout; 607 unsigned long expire; 608 609 if (!data->iin_ep_present) { 610 dev_dbg(dev, "no interrupt endpoint present\n"); 611 return -EFAULT; 612 } 613 614 if (get_user(timeout, arg)) 615 return -EFAULT; 616 617 expire = msecs_to_jiffies(timeout); 618 619 mutex_unlock(&data->io_mutex); 620 621 rv = wait_event_interruptible_timeout( 622 data->waitq, 623 atomic_read(&file_data->srq_asserted) != 0 || 624 atomic_read(&file_data->closing), 625 expire); 626 627 mutex_lock(&data->io_mutex); 628 629 /* Note! disconnect or close could be called in the meantime */ 630 if (atomic_read(&file_data->closing) || data->zombie) 631 rv = -ENODEV; 632 633 if (rv < 0) { 634 /* dev can be invalid now! */ 635 pr_debug("%s - wait interrupted %d\n", __func__, rv); 636 return rv; 637 } 638 639 if (rv == 0) { 640 dev_dbg(dev, "%s - wait timed out\n", __func__); 641 return -ETIMEDOUT; 642 } 643 644 dev_dbg(dev, "%s - srq asserted\n", __func__); 645 return 0; 646} 647 648static int usbtmc488_ioctl_simple(struct usbtmc_device_data *data, 649 void __user *arg, unsigned int cmd) 650{ 651 struct device *dev = &data->intf->dev; 652 __u8 val; 653 u8 *buffer; 654 u16 wValue; 655 int rv; 656 657 if (!(data->usb488_caps & USBTMC488_CAPABILITY_SIMPLE)) 658 return -EINVAL; 659 660 buffer = kmalloc(8, GFP_KERNEL); 661 if (!buffer) 662 return -ENOMEM; 663 664 if (cmd == USBTMC488_REQUEST_REN_CONTROL) { 665 rv = copy_from_user(&val, arg, sizeof(val)); 666 if (rv) { 667 rv = -EFAULT; 668 goto exit; 669 } 670 wValue = val ? 1 : 0; 671 } else { 672 wValue = 0; 673 } 674 675 rv = usb_control_msg(data->usb_dev, 676 usb_rcvctrlpipe(data->usb_dev, 0), 677 cmd, 678 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 679 wValue, 680 data->ifnum, 681 buffer, 0x01, USB_CTRL_GET_TIMEOUT); 682 if (rv < 0) { 683 dev_err(dev, "simple usb_control_msg failed %d\n", rv); 684 goto exit; 685 } else if (rv != 1) { 686 dev_warn(dev, "simple usb_control_msg returned %d\n", rv); 687 rv = -EIO; 688 goto exit; 689 } 690 691 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 692 dev_err(dev, "simple control status returned %x\n", buffer[0]); 693 rv = -EIO; 694 goto exit; 695 } 696 rv = 0; 697 698 exit: 699 kfree(buffer); 700 return rv; 701} 702 703/* 704 * Sends a TRIGGER Bulk-OUT command message 705 * See the USBTMC-USB488 specification, Table 2. 706 * 707 * Also updates bTag_last_write. 708 */ 709static int usbtmc488_ioctl_trigger(struct usbtmc_file_data *file_data) 710{ 711 struct usbtmc_device_data *data = file_data->data; 712 int retval; 713 u8 *buffer; 714 int actual; 715 716 buffer = kzalloc(USBTMC_HEADER_SIZE, GFP_KERNEL); 717 if (!buffer) 718 return -ENOMEM; 719 720 buffer[0] = 128; 721 buffer[1] = data->bTag; 722 buffer[2] = ~data->bTag; 723 724 retval = usb_bulk_msg(data->usb_dev, 725 usb_sndbulkpipe(data->usb_dev, 726 data->bulk_out), 727 buffer, USBTMC_HEADER_SIZE, 728 &actual, file_data->timeout); 729 730 /* Store bTag (in case we need to abort) */ 731 data->bTag_last_write = data->bTag; 732 733 /* Increment bTag -- and increment again if zero */ 734 data->bTag++; 735 if (!data->bTag) 736 data->bTag++; 737 738 kfree(buffer); 739 if (retval < 0) { 740 dev_err(&data->intf->dev, "%s returned %d\n", 741 __func__, retval); 742 return retval; 743 } 744 745 return 0; 746} 747 748static struct urb *usbtmc_create_urb(void) 749{ 750 const size_t bufsize = USBTMC_BUFSIZE; 751 u8 *dmabuf = NULL; 752 struct urb *urb = usb_alloc_urb(0, GFP_KERNEL); 753 754 if (!urb) 755 return NULL; 756 757 dmabuf = kmalloc(bufsize, GFP_KERNEL); 758 if (!dmabuf) { 759 usb_free_urb(urb); 760 return NULL; 761 } 762 763 urb->transfer_buffer = dmabuf; 764 urb->transfer_buffer_length = bufsize; 765 urb->transfer_flags |= URB_FREE_BUFFER; 766 return urb; 767} 768 769static void usbtmc_read_bulk_cb(struct urb *urb) 770{ 771 struct usbtmc_file_data *file_data = urb->context; 772 int status = urb->status; 773 unsigned long flags; 774 775 /* sync/async unlink faults aren't errors */ 776 if (status) { 777 if (!(/* status == -ENOENT || */ 778 status == -ECONNRESET || 779 status == -EREMOTEIO || /* Short packet */ 780 status == -ESHUTDOWN)) 781 dev_err(&file_data->data->intf->dev, 782 "%s - nonzero read bulk status received: %d\n", 783 __func__, status); 784 785 spin_lock_irqsave(&file_data->err_lock, flags); 786 if (!file_data->in_status) 787 file_data->in_status = status; 788 spin_unlock_irqrestore(&file_data->err_lock, flags); 789 } 790 791 spin_lock_irqsave(&file_data->err_lock, flags); 792 file_data->in_transfer_size += urb->actual_length; 793 dev_dbg(&file_data->data->intf->dev, 794 "%s - total size: %u current: %d status: %d\n", 795 __func__, file_data->in_transfer_size, 796 urb->actual_length, status); 797 spin_unlock_irqrestore(&file_data->err_lock, flags); 798 usb_anchor_urb(urb, &file_data->in_anchor); 799 800 wake_up_interruptible(&file_data->wait_bulk_in); 801 wake_up_interruptible(&file_data->data->waitq); 802} 803 804static inline bool usbtmc_do_transfer(struct usbtmc_file_data *file_data) 805{ 806 bool data_or_error; 807 808 spin_lock_irq(&file_data->err_lock); 809 data_or_error = !usb_anchor_empty(&file_data->in_anchor) 810 || file_data->in_status; 811 spin_unlock_irq(&file_data->err_lock); 812 dev_dbg(&file_data->data->intf->dev, "%s: returns %d\n", __func__, 813 data_or_error); 814 return data_or_error; 815} 816 817static ssize_t usbtmc_generic_read(struct usbtmc_file_data *file_data, 818 void __user *user_buffer, 819 u32 transfer_size, 820 u32 *transferred, 821 u32 flags) 822{ 823 struct usbtmc_device_data *data = file_data->data; 824 struct device *dev = &data->intf->dev; 825 u32 done = 0; 826 u32 remaining; 827 const u32 bufsize = USBTMC_BUFSIZE; 828 int retval = 0; 829 u32 max_transfer_size; 830 unsigned long expire; 831 int bufcount = 1; 832 int again = 0; 833 834 /* mutex already locked */ 835 836 *transferred = done; 837 838 max_transfer_size = transfer_size; 839 840 if (flags & USBTMC_FLAG_IGNORE_TRAILER) { 841 /* The device may send extra alignment bytes (up to 842 * wMaxPacketSize ��� 1) to avoid sending a zero-length 843 * packet 844 */ 845 remaining = transfer_size; 846 if ((max_transfer_size % data->wMaxPacketSize) == 0) 847 max_transfer_size += (data->wMaxPacketSize - 1); 848 } else { 849 /* round down to bufsize to avoid truncated data left */ 850 if (max_transfer_size > bufsize) { 851 max_transfer_size = 852 roundup(max_transfer_size + 1 - bufsize, 853 bufsize); 854 } 855 remaining = max_transfer_size; 856 } 857 858 spin_lock_irq(&file_data->err_lock); 859 860 if (file_data->in_status) { 861 /* return the very first error */ 862 retval = file_data->in_status; 863 spin_unlock_irq(&file_data->err_lock); 864 goto error; 865 } 866 867 if (flags & USBTMC_FLAG_ASYNC) { 868 if (usb_anchor_empty(&file_data->in_anchor)) 869 again = 1; 870 871 if (file_data->in_urbs_used == 0) { 872 file_data->in_transfer_size = 0; 873 file_data->in_status = 0; 874 } 875 } else { 876 file_data->in_transfer_size = 0; 877 file_data->in_status = 0; 878 } 879 880 if (max_transfer_size == 0) { 881 bufcount = 0; 882 } else { 883 bufcount = roundup(max_transfer_size, bufsize) / bufsize; 884 if (bufcount > file_data->in_urbs_used) 885 bufcount -= file_data->in_urbs_used; 886 else 887 bufcount = 0; 888 889 if (bufcount + file_data->in_urbs_used > MAX_URBS_IN_FLIGHT) { 890 bufcount = MAX_URBS_IN_FLIGHT - 891 file_data->in_urbs_used; 892 } 893 } 894 spin_unlock_irq(&file_data->err_lock); 895 896 dev_dbg(dev, "%s: requested=%u flags=0x%X size=%u bufs=%d used=%d\n", 897 __func__, transfer_size, flags, 898 max_transfer_size, bufcount, file_data->in_urbs_used); 899 900 while (bufcount > 0) { 901 u8 *dmabuf = NULL; 902 struct urb *urb = usbtmc_create_urb(); 903 904 if (!urb) { 905 retval = -ENOMEM; 906 goto error; 907 } 908 909 dmabuf = urb->transfer_buffer; 910 911 usb_fill_bulk_urb(urb, data->usb_dev, 912 usb_rcvbulkpipe(data->usb_dev, data->bulk_in), 913 dmabuf, bufsize, 914 usbtmc_read_bulk_cb, file_data); 915 916 usb_anchor_urb(urb, &file_data->submitted); 917 retval = usb_submit_urb(urb, GFP_KERNEL); 918 /* urb is anchored. We can release our reference. */ 919 usb_free_urb(urb); 920 if (unlikely(retval)) { 921 usb_unanchor_urb(urb); 922 goto error; 923 } 924 file_data->in_urbs_used++; 925 bufcount--; 926 } 927 928 if (again) { 929 dev_dbg(dev, "%s: ret=again\n", __func__); 930 return -EAGAIN; 931 } 932 933 if (user_buffer == NULL) 934 return -EINVAL; 935 936 expire = msecs_to_jiffies(file_data->timeout); 937 938 while (max_transfer_size > 0) { 939 u32 this_part; 940 struct urb *urb = NULL; 941 942 if (!(flags & USBTMC_FLAG_ASYNC)) { 943 dev_dbg(dev, "%s: before wait time %lu\n", 944 __func__, expire); 945 retval = wait_event_interruptible_timeout( 946 file_data->wait_bulk_in, 947 usbtmc_do_transfer(file_data), 948 expire); 949 950 dev_dbg(dev, "%s: wait returned %d\n", 951 __func__, retval); 952 953 if (retval <= 0) { 954 if (retval == 0) 955 retval = -ETIMEDOUT; 956 goto error; 957 } 958 } 959 960 urb = usb_get_from_anchor(&file_data->in_anchor); 961 if (!urb) { 962 if (!(flags & USBTMC_FLAG_ASYNC)) { 963 /* synchronous case: must not happen */ 964 retval = -EFAULT; 965 goto error; 966 } 967 968 /* asynchronous case: ready, do not block or wait */ 969 *transferred = done; 970 dev_dbg(dev, "%s: (async) done=%u ret=0\n", 971 __func__, done); 972 return 0; 973 } 974 975 file_data->in_urbs_used--; 976 977 if (max_transfer_size > urb->actual_length) 978 max_transfer_size -= urb->actual_length; 979 else 980 max_transfer_size = 0; 981 982 if (remaining > urb->actual_length) 983 this_part = urb->actual_length; 984 else 985 this_part = remaining; 986 987 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1, 988 urb->transfer_buffer, urb->actual_length, true); 989 990 if (copy_to_user(user_buffer + done, 991 urb->transfer_buffer, this_part)) { 992 usb_free_urb(urb); 993 retval = -EFAULT; 994 goto error; 995 } 996 997 remaining -= this_part; 998 done += this_part; 999 1000 spin_lock_irq(&file_data->err_lock); 1001 if (urb->status) { 1002 /* return the very first error */ 1003 retval = file_data->in_status; 1004 spin_unlock_irq(&file_data->err_lock); 1005 usb_free_urb(urb); 1006 goto error; 1007 } 1008 spin_unlock_irq(&file_data->err_lock); 1009 1010 if (urb->actual_length < bufsize) { 1011 /* short packet or ZLP received => ready */ 1012 usb_free_urb(urb); 1013 retval = 1; 1014 break; 1015 } 1016 1017 if (!(flags & USBTMC_FLAG_ASYNC) && 1018 max_transfer_size > (bufsize * file_data->in_urbs_used)) { 1019 /* resubmit, since other buffers still not enough */ 1020 usb_anchor_urb(urb, &file_data->submitted); 1021 retval = usb_submit_urb(urb, GFP_KERNEL); 1022 if (unlikely(retval)) { 1023 usb_unanchor_urb(urb); 1024 usb_free_urb(urb); 1025 goto error; 1026 } 1027 file_data->in_urbs_used++; 1028 } 1029 usb_free_urb(urb); 1030 retval = 0; 1031 } 1032 1033error: 1034 *transferred = done; 1035 1036 dev_dbg(dev, "%s: before kill\n", __func__); 1037 /* Attention: killing urbs can take long time (2 ms) */ 1038 usb_kill_anchored_urbs(&file_data->submitted); 1039 dev_dbg(dev, "%s: after kill\n", __func__); 1040 usb_scuttle_anchored_urbs(&file_data->in_anchor); 1041 file_data->in_urbs_used = 0; 1042 file_data->in_status = 0; /* no spinlock needed here */ 1043 dev_dbg(dev, "%s: done=%u ret=%d\n", __func__, done, retval); 1044 1045 return retval; 1046} 1047 1048static ssize_t usbtmc_ioctl_generic_read(struct usbtmc_file_data *file_data, 1049 void __user *arg) 1050{ 1051 struct usbtmc_message msg; 1052 ssize_t retval = 0; 1053 1054 /* mutex already locked */ 1055 1056 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message))) 1057 return -EFAULT; 1058 1059 retval = usbtmc_generic_read(file_data, msg.message, 1060 msg.transfer_size, &msg.transferred, 1061 msg.flags); 1062 1063 if (put_user(msg.transferred, 1064 &((struct usbtmc_message __user *)arg)->transferred)) 1065 return -EFAULT; 1066 1067 return retval; 1068} 1069 1070static void usbtmc_write_bulk_cb(struct urb *urb) 1071{ 1072 struct usbtmc_file_data *file_data = urb->context; 1073 int wakeup = 0; 1074 unsigned long flags; 1075 1076 spin_lock_irqsave(&file_data->err_lock, flags); 1077 file_data->out_transfer_size += urb->actual_length; 1078 1079 /* sync/async unlink faults aren't errors */ 1080 if (urb->status) { 1081 if (!(urb->status == -ENOENT || 1082 urb->status == -ECONNRESET || 1083 urb->status == -ESHUTDOWN)) 1084 dev_err(&file_data->data->intf->dev, 1085 "%s - nonzero write bulk status received: %d\n", 1086 __func__, urb->status); 1087 1088 if (!file_data->out_status) { 1089 file_data->out_status = urb->status; 1090 wakeup = 1; 1091 } 1092 } 1093 spin_unlock_irqrestore(&file_data->err_lock, flags); 1094 1095 dev_dbg(&file_data->data->intf->dev, 1096 "%s - write bulk total size: %u\n", 1097 __func__, file_data->out_transfer_size); 1098 1099 up(&file_data->limit_write_sem); 1100 if (usb_anchor_empty(&file_data->submitted) || wakeup) 1101 wake_up_interruptible(&file_data->data->waitq); 1102} 1103 1104static ssize_t usbtmc_generic_write(struct usbtmc_file_data *file_data, 1105 const void __user *user_buffer, 1106 u32 transfer_size, 1107 u32 *transferred, 1108 u32 flags) 1109{ 1110 struct usbtmc_device_data *data = file_data->data; 1111 struct device *dev; 1112 u32 done = 0; 1113 u32 remaining; 1114 unsigned long expire; 1115 const u32 bufsize = USBTMC_BUFSIZE; 1116 struct urb *urb = NULL; 1117 int retval = 0; 1118 u32 timeout; 1119 1120 *transferred = 0; 1121 1122 /* Get pointer to private data structure */ 1123 dev = &data->intf->dev; 1124 1125 dev_dbg(dev, "%s: size=%u flags=0x%X sema=%u\n", 1126 __func__, transfer_size, flags, 1127 file_data->limit_write_sem.count); 1128 1129 if (flags & USBTMC_FLAG_APPEND) { 1130 spin_lock_irq(&file_data->err_lock); 1131 retval = file_data->out_status; 1132 spin_unlock_irq(&file_data->err_lock); 1133 if (retval < 0) 1134 return retval; 1135 } else { 1136 spin_lock_irq(&file_data->err_lock); 1137 file_data->out_transfer_size = 0; 1138 file_data->out_status = 0; 1139 spin_unlock_irq(&file_data->err_lock); 1140 } 1141 1142 remaining = transfer_size; 1143 if (remaining > INT_MAX) 1144 remaining = INT_MAX; 1145 1146 timeout = file_data->timeout; 1147 expire = msecs_to_jiffies(timeout); 1148 1149 while (remaining > 0) { 1150 u32 this_part, aligned; 1151 u8 *buffer = NULL; 1152 1153 if (flags & USBTMC_FLAG_ASYNC) { 1154 if (down_trylock(&file_data->limit_write_sem)) { 1155 retval = (done)?(0):(-EAGAIN); 1156 goto exit; 1157 } 1158 } else { 1159 retval = down_timeout(&file_data->limit_write_sem, 1160 expire); 1161 if (retval < 0) { 1162 retval = -ETIMEDOUT; 1163 goto error; 1164 } 1165 } 1166 1167 spin_lock_irq(&file_data->err_lock); 1168 retval = file_data->out_status; 1169 spin_unlock_irq(&file_data->err_lock); 1170 if (retval < 0) { 1171 up(&file_data->limit_write_sem); 1172 goto error; 1173 } 1174 1175 /* prepare next urb to send */ 1176 urb = usbtmc_create_urb(); 1177 if (!urb) { 1178 retval = -ENOMEM; 1179 up(&file_data->limit_write_sem); 1180 goto error; 1181 } 1182 buffer = urb->transfer_buffer; 1183 1184 if (remaining > bufsize) 1185 this_part = bufsize; 1186 else 1187 this_part = remaining; 1188 1189 if (copy_from_user(buffer, user_buffer + done, this_part)) { 1190 retval = -EFAULT; 1191 up(&file_data->limit_write_sem); 1192 goto error; 1193 } 1194 1195 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1196 16, 1, buffer, this_part, true); 1197 1198 /* fill bulk with 32 bit alignment to meet USBTMC specification 1199 * (size + 3 & ~3) rounds up and simplifies user code 1200 */ 1201 aligned = (this_part + 3) & ~3; 1202 dev_dbg(dev, "write(size:%u align:%u done:%u)\n", 1203 (unsigned int)this_part, 1204 (unsigned int)aligned, 1205 (unsigned int)done); 1206 1207 usb_fill_bulk_urb(urb, data->usb_dev, 1208 usb_sndbulkpipe(data->usb_dev, data->bulk_out), 1209 urb->transfer_buffer, aligned, 1210 usbtmc_write_bulk_cb, file_data); 1211 1212 usb_anchor_urb(urb, &file_data->submitted); 1213 retval = usb_submit_urb(urb, GFP_KERNEL); 1214 if (unlikely(retval)) { 1215 usb_unanchor_urb(urb); 1216 up(&file_data->limit_write_sem); 1217 goto error; 1218 } 1219 1220 usb_free_urb(urb); 1221 urb = NULL; /* urb will be finally released by usb driver */ 1222 1223 remaining -= this_part; 1224 done += this_part; 1225 } 1226 1227 /* All urbs are on the fly */ 1228 if (!(flags & USBTMC_FLAG_ASYNC)) { 1229 if (!usb_wait_anchor_empty_timeout(&file_data->submitted, 1230 timeout)) { 1231 retval = -ETIMEDOUT; 1232 goto error; 1233 } 1234 } 1235 1236 retval = 0; 1237 goto exit; 1238 1239error: 1240 usb_kill_anchored_urbs(&file_data->submitted); 1241exit: 1242 usb_free_urb(urb); 1243 1244 spin_lock_irq(&file_data->err_lock); 1245 if (!(flags & USBTMC_FLAG_ASYNC)) 1246 done = file_data->out_transfer_size; 1247 if (!retval && file_data->out_status) 1248 retval = file_data->out_status; 1249 spin_unlock_irq(&file_data->err_lock); 1250 1251 *transferred = done; 1252 1253 dev_dbg(dev, "%s: done=%u, retval=%d, urbstat=%d\n", 1254 __func__, done, retval, file_data->out_status); 1255 1256 return retval; 1257} 1258 1259static ssize_t usbtmc_ioctl_generic_write(struct usbtmc_file_data *file_data, 1260 void __user *arg) 1261{ 1262 struct usbtmc_message msg; 1263 ssize_t retval = 0; 1264 1265 /* mutex already locked */ 1266 1267 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message))) 1268 return -EFAULT; 1269 1270 retval = usbtmc_generic_write(file_data, msg.message, 1271 msg.transfer_size, &msg.transferred, 1272 msg.flags); 1273 1274 if (put_user(msg.transferred, 1275 &((struct usbtmc_message __user *)arg)->transferred)) 1276 return -EFAULT; 1277 1278 return retval; 1279} 1280 1281/* 1282 * Get the generic write result 1283 */ 1284static ssize_t usbtmc_ioctl_write_result(struct usbtmc_file_data *file_data, 1285 void __user *arg) 1286{ 1287 u32 transferred; 1288 int retval; 1289 1290 spin_lock_irq(&file_data->err_lock); 1291 transferred = file_data->out_transfer_size; 1292 retval = file_data->out_status; 1293 spin_unlock_irq(&file_data->err_lock); 1294 1295 if (put_user(transferred, (__u32 __user *)arg)) 1296 return -EFAULT; 1297 1298 return retval; 1299} 1300 1301/* 1302 * Sends a REQUEST_DEV_DEP_MSG_IN message on the Bulk-OUT endpoint. 1303 * @transfer_size: number of bytes to request from the device. 1304 * 1305 * See the USBTMC specification, Table 4. 1306 * 1307 * Also updates bTag_last_write. 1308 */ 1309static int send_request_dev_dep_msg_in(struct usbtmc_file_data *file_data, 1310 u32 transfer_size) 1311{ 1312 struct usbtmc_device_data *data = file_data->data; 1313 int retval; 1314 u8 *buffer; 1315 int actual; 1316 1317 buffer = kmalloc(USBTMC_HEADER_SIZE, GFP_KERNEL); 1318 if (!buffer) 1319 return -ENOMEM; 1320 /* Setup IO buffer for REQUEST_DEV_DEP_MSG_IN message 1321 * Refer to class specs for details 1322 */ 1323 buffer[0] = 2; 1324 buffer[1] = data->bTag; 1325 buffer[2] = ~data->bTag; 1326 buffer[3] = 0; /* Reserved */ 1327 buffer[4] = transfer_size >> 0; 1328 buffer[5] = transfer_size >> 8; 1329 buffer[6] = transfer_size >> 16; 1330 buffer[7] = transfer_size >> 24; 1331 buffer[8] = file_data->term_char_enabled * 2; 1332 /* Use term character? */ 1333 buffer[9] = file_data->term_char; 1334 buffer[10] = 0; /* Reserved */ 1335 buffer[11] = 0; /* Reserved */ 1336 1337 /* Send bulk URB */ 1338 retval = usb_bulk_msg(data->usb_dev, 1339 usb_sndbulkpipe(data->usb_dev, 1340 data->bulk_out), 1341 buffer, USBTMC_HEADER_SIZE, 1342 &actual, file_data->timeout); 1343 1344 /* Store bTag (in case we need to abort) */ 1345 data->bTag_last_write = data->bTag; 1346 1347 /* Increment bTag -- and increment again if zero */ 1348 data->bTag++; 1349 if (!data->bTag) 1350 data->bTag++; 1351 1352 kfree(buffer); 1353 if (retval < 0) 1354 dev_err(&data->intf->dev, "%s returned %d\n", 1355 __func__, retval); 1356 1357 return retval; 1358} 1359 1360static ssize_t usbtmc_read(struct file *filp, char __user *buf, 1361 size_t count, loff_t *f_pos) 1362{ 1363 struct usbtmc_file_data *file_data; 1364 struct usbtmc_device_data *data; 1365 struct device *dev; 1366 const u32 bufsize = USBTMC_BUFSIZE; 1367 u32 n_characters; 1368 u8 *buffer; 1369 int actual; 1370 u32 done = 0; 1371 u32 remaining; 1372 int retval; 1373 1374 /* Get pointer to private data structure */ 1375 file_data = filp->private_data; 1376 data = file_data->data; 1377 dev = &data->intf->dev; 1378 1379 buffer = kmalloc(bufsize, GFP_KERNEL); 1380 if (!buffer) 1381 return -ENOMEM; 1382 1383 mutex_lock(&data->io_mutex); 1384 if (data->zombie) { 1385 retval = -ENODEV; 1386 goto exit; 1387 } 1388 1389 if (count > INT_MAX) 1390 count = INT_MAX; 1391 1392 dev_dbg(dev, "%s(count:%zu)\n", __func__, count); 1393 1394 retval = send_request_dev_dep_msg_in(file_data, count); 1395 1396 if (retval < 0) { 1397 if (file_data->auto_abort) 1398 usbtmc_ioctl_abort_bulk_out(data); 1399 goto exit; 1400 } 1401 1402 /* Loop until we have fetched everything we requested */ 1403 remaining = count; 1404 actual = 0; 1405 1406 /* Send bulk URB */ 1407 retval = usb_bulk_msg(data->usb_dev, 1408 usb_rcvbulkpipe(data->usb_dev, 1409 data->bulk_in), 1410 buffer, bufsize, &actual, 1411 file_data->timeout); 1412 1413 dev_dbg(dev, "%s: bulk_msg retval(%u), actual(%d)\n", 1414 __func__, retval, actual); 1415 1416 /* Store bTag (in case we need to abort) */ 1417 data->bTag_last_read = data->bTag; 1418 1419 if (retval < 0) { 1420 if (file_data->auto_abort) 1421 usbtmc_ioctl_abort_bulk_in(data); 1422 goto exit; 1423 } 1424 1425 /* Sanity checks for the header */ 1426 if (actual < USBTMC_HEADER_SIZE) { 1427 dev_err(dev, "Device sent too small first packet: %u < %u\n", 1428 actual, USBTMC_HEADER_SIZE); 1429 if (file_data->auto_abort) 1430 usbtmc_ioctl_abort_bulk_in(data); 1431 goto exit; 1432 } 1433 1434 if (buffer[0] != 2) { 1435 dev_err(dev, "Device sent reply with wrong MsgID: %u != 2\n", 1436 buffer[0]); 1437 if (file_data->auto_abort) 1438 usbtmc_ioctl_abort_bulk_in(data); 1439 goto exit; 1440 } 1441 1442 if (buffer[1] != data->bTag_last_write) { 1443 dev_err(dev, "Device sent reply with wrong bTag: %u != %u\n", 1444 buffer[1], data->bTag_last_write); 1445 if (file_data->auto_abort) 1446 usbtmc_ioctl_abort_bulk_in(data); 1447 goto exit; 1448 } 1449 1450 /* How many characters did the instrument send? */ 1451 n_characters = buffer[4] + 1452 (buffer[5] << 8) + 1453 (buffer[6] << 16) + 1454 (buffer[7] << 24); 1455 1456 file_data->bmTransferAttributes = buffer[8]; 1457 1458 dev_dbg(dev, "Bulk-IN header: N_characters(%u), bTransAttr(%u)\n", 1459 n_characters, buffer[8]); 1460 1461 if (n_characters > remaining) { 1462 dev_err(dev, "Device wants to return more data than requested: %u > %zu\n", 1463 n_characters, count); 1464 if (file_data->auto_abort) 1465 usbtmc_ioctl_abort_bulk_in(data); 1466 goto exit; 1467 } 1468 1469 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1470 16, 1, buffer, actual, true); 1471 1472 remaining = n_characters; 1473 1474 /* Remove the USBTMC header */ 1475 actual -= USBTMC_HEADER_SIZE; 1476 1477 /* Remove padding if it exists */ 1478 if (actual > remaining) 1479 actual = remaining; 1480 1481 remaining -= actual; 1482 1483 /* Copy buffer to user space */ 1484 if (copy_to_user(buf, &buffer[USBTMC_HEADER_SIZE], actual)) { 1485 /* There must have been an addressing problem */ 1486 retval = -EFAULT; 1487 goto exit; 1488 } 1489 1490 if ((actual + USBTMC_HEADER_SIZE) == bufsize) { 1491 retval = usbtmc_generic_read(file_data, buf + actual, 1492 remaining, 1493 &done, 1494 USBTMC_FLAG_IGNORE_TRAILER); 1495 if (retval < 0) 1496 goto exit; 1497 } 1498 done += actual; 1499 1500 /* Update file position value */ 1501 *f_pos = *f_pos + done; 1502 retval = done; 1503 1504exit: 1505 mutex_unlock(&data->io_mutex); 1506 kfree(buffer); 1507 return retval; 1508} 1509 1510static ssize_t usbtmc_write(struct file *filp, const char __user *buf, 1511 size_t count, loff_t *f_pos) 1512{ 1513 struct usbtmc_file_data *file_data; 1514 struct usbtmc_device_data *data; 1515 struct urb *urb = NULL; 1516 ssize_t retval = 0; 1517 u8 *buffer; 1518 u32 remaining, done; 1519 u32 transfersize, aligned, buflen; 1520 1521 file_data = filp->private_data; 1522 data = file_data->data; 1523 1524 mutex_lock(&data->io_mutex); 1525 1526 if (data->zombie) { 1527 retval = -ENODEV; 1528 goto exit; 1529 } 1530 1531 done = 0; 1532 1533 spin_lock_irq(&file_data->err_lock); 1534 file_data->out_transfer_size = 0; 1535 file_data->out_status = 0; 1536 spin_unlock_irq(&file_data->err_lock); 1537 1538 if (!count) 1539 goto exit; 1540 1541 if (down_trylock(&file_data->limit_write_sem)) { 1542 /* previous calls were async */ 1543 retval = -EBUSY; 1544 goto exit; 1545 } 1546 1547 urb = usbtmc_create_urb(); 1548 if (!urb) { 1549 retval = -ENOMEM; 1550 up(&file_data->limit_write_sem); 1551 goto exit; 1552 } 1553 1554 buffer = urb->transfer_buffer; 1555 buflen = urb->transfer_buffer_length; 1556 1557 if (count > INT_MAX) { 1558 transfersize = INT_MAX; 1559 buffer[8] = 0; 1560 } else { 1561 transfersize = count; 1562 buffer[8] = file_data->eom_val; 1563 } 1564 1565 /* Setup IO buffer for DEV_DEP_MSG_OUT message */ 1566 buffer[0] = 1; 1567 buffer[1] = data->bTag; 1568 buffer[2] = ~data->bTag; 1569 buffer[3] = 0; /* Reserved */ 1570 buffer[4] = transfersize >> 0; 1571 buffer[5] = transfersize >> 8; 1572 buffer[6] = transfersize >> 16; 1573 buffer[7] = transfersize >> 24; 1574 /* buffer[8] is set above... */ 1575 buffer[9] = 0; /* Reserved */ 1576 buffer[10] = 0; /* Reserved */ 1577 buffer[11] = 0; /* Reserved */ 1578 1579 remaining = transfersize; 1580 1581 if (transfersize + USBTMC_HEADER_SIZE > buflen) { 1582 transfersize = buflen - USBTMC_HEADER_SIZE; 1583 aligned = buflen; 1584 } else { 1585 aligned = (transfersize + (USBTMC_HEADER_SIZE + 3)) & ~3; 1586 } 1587 1588 if (copy_from_user(&buffer[USBTMC_HEADER_SIZE], buf, transfersize)) { 1589 retval = -EFAULT; 1590 up(&file_data->limit_write_sem); 1591 goto exit; 1592 } 1593 1594 dev_dbg(&data->intf->dev, "%s(size:%u align:%u)\n", __func__, 1595 (unsigned int)transfersize, (unsigned int)aligned); 1596 1597 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1598 16, 1, buffer, aligned, true); 1599 1600 usb_fill_bulk_urb(urb, data->usb_dev, 1601 usb_sndbulkpipe(data->usb_dev, data->bulk_out), 1602 urb->transfer_buffer, aligned, 1603 usbtmc_write_bulk_cb, file_data); 1604 1605 usb_anchor_urb(urb, &file_data->submitted); 1606 retval = usb_submit_urb(urb, GFP_KERNEL); 1607 if (unlikely(retval)) { 1608 usb_unanchor_urb(urb); 1609 up(&file_data->limit_write_sem); 1610 goto exit; 1611 } 1612 1613 remaining -= transfersize; 1614 1615 data->bTag_last_write = data->bTag; 1616 data->bTag++; 1617 1618 if (!data->bTag) 1619 data->bTag++; 1620 1621 /* call generic_write even when remaining = 0 */ 1622 retval = usbtmc_generic_write(file_data, buf + transfersize, remaining, 1623 &done, USBTMC_FLAG_APPEND); 1624 /* truncate alignment bytes */ 1625 if (done > remaining) 1626 done = remaining; 1627 1628 /*add size of first urb*/ 1629 done += transfersize; 1630 1631 if (retval < 0) { 1632 usb_kill_anchored_urbs(&file_data->submitted); 1633 1634 dev_err(&data->intf->dev, 1635 "Unable to send data, error %d\n", (int)retval); 1636 if (file_data->auto_abort) 1637 usbtmc_ioctl_abort_bulk_out(data); 1638 goto exit; 1639 } 1640 1641 retval = done; 1642exit: 1643 usb_free_urb(urb); 1644 mutex_unlock(&data->io_mutex); 1645 return retval; 1646} 1647 1648static int usbtmc_ioctl_clear(struct usbtmc_device_data *data) 1649{ 1650 struct device *dev; 1651 u8 *buffer; 1652 int rv; 1653 int n; 1654 int actual = 0; 1655 1656 dev = &data->intf->dev; 1657 1658 dev_dbg(dev, "Sending INITIATE_CLEAR request\n"); 1659 1660 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL); 1661 if (!buffer) 1662 return -ENOMEM; 1663 1664 rv = usb_control_msg(data->usb_dev, 1665 usb_rcvctrlpipe(data->usb_dev, 0), 1666 USBTMC_REQUEST_INITIATE_CLEAR, 1667 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1668 0, 0, buffer, 1, USB_CTRL_GET_TIMEOUT); 1669 if (rv < 0) { 1670 dev_err(dev, "usb_control_msg returned %d\n", rv); 1671 goto exit; 1672 } 1673 1674 dev_dbg(dev, "INITIATE_CLEAR returned %x\n", buffer[0]); 1675 1676 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 1677 dev_err(dev, "INITIATE_CLEAR returned %x\n", buffer[0]); 1678 rv = -EPERM; 1679 goto exit; 1680 } 1681 1682 n = 0; 1683 1684usbtmc_clear_check_status: 1685 1686 dev_dbg(dev, "Sending CHECK_CLEAR_STATUS request\n"); 1687 1688 rv = usb_control_msg(data->usb_dev, 1689 usb_rcvctrlpipe(data->usb_dev, 0), 1690 USBTMC_REQUEST_CHECK_CLEAR_STATUS, 1691 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1692 0, 0, buffer, 2, USB_CTRL_GET_TIMEOUT); 1693 if (rv < 0) { 1694 dev_err(dev, "usb_control_msg returned %d\n", rv); 1695 goto exit; 1696 } 1697 1698 dev_dbg(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]); 1699 1700 if (buffer[0] == USBTMC_STATUS_SUCCESS) 1701 goto usbtmc_clear_bulk_out_halt; 1702 1703 if (buffer[0] != USBTMC_STATUS_PENDING) { 1704 dev_err(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]); 1705 rv = -EPERM; 1706 goto exit; 1707 } 1708 1709 if ((buffer[1] & 1) != 0) { 1710 do { 1711 dev_dbg(dev, "Reading from bulk in EP\n"); 1712 1713 actual = 0; 1714 rv = usb_bulk_msg(data->usb_dev, 1715 usb_rcvbulkpipe(data->usb_dev, 1716 data->bulk_in), 1717 buffer, USBTMC_BUFSIZE, 1718 &actual, USB_CTRL_GET_TIMEOUT); 1719 1720 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 1721 16, 1, buffer, actual, true); 1722 1723 n++; 1724 1725 if (rv < 0) { 1726 dev_err(dev, "usb_control_msg returned %d\n", 1727 rv); 1728 goto exit; 1729 } 1730 } while ((actual == USBTMC_BUFSIZE) && 1731 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN)); 1732 } else { 1733 /* do not stress device with subsequent requests */ 1734 msleep(50); 1735 n++; 1736 } 1737 1738 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) { 1739 dev_err(dev, "Couldn't clear device buffer within %d cycles\n", 1740 USBTMC_MAX_READS_TO_CLEAR_BULK_IN); 1741 rv = -EPERM; 1742 goto exit; 1743 } 1744 1745 goto usbtmc_clear_check_status; 1746 1747usbtmc_clear_bulk_out_halt: 1748 1749 rv = usb_clear_halt(data->usb_dev, 1750 usb_sndbulkpipe(data->usb_dev, data->bulk_out)); 1751 if (rv < 0) { 1752 dev_err(dev, "usb_clear_halt returned %d\n", rv); 1753 goto exit; 1754 } 1755 rv = 0; 1756 1757exit: 1758 kfree(buffer); 1759 return rv; 1760} 1761 1762static int usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data *data) 1763{ 1764 int rv; 1765 1766 rv = usb_clear_halt(data->usb_dev, 1767 usb_sndbulkpipe(data->usb_dev, data->bulk_out)); 1768 1769 if (rv < 0) 1770 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv); 1771 return rv; 1772} 1773 1774static int usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data *data) 1775{ 1776 int rv; 1777 1778 rv = usb_clear_halt(data->usb_dev, 1779 usb_rcvbulkpipe(data->usb_dev, data->bulk_in)); 1780 1781 if (rv < 0) 1782 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv); 1783 return rv; 1784} 1785 1786static int usbtmc_ioctl_cancel_io(struct usbtmc_file_data *file_data) 1787{ 1788 spin_lock_irq(&file_data->err_lock); 1789 file_data->in_status = -ECANCELED; 1790 file_data->out_status = -ECANCELED; 1791 spin_unlock_irq(&file_data->err_lock); 1792 usb_kill_anchored_urbs(&file_data->submitted); 1793 return 0; 1794} 1795 1796static int usbtmc_ioctl_cleanup_io(struct usbtmc_file_data *file_data) 1797{ 1798 usb_kill_anchored_urbs(&file_data->submitted); 1799 usb_scuttle_anchored_urbs(&file_data->in_anchor); 1800 spin_lock_irq(&file_data->err_lock); 1801 file_data->in_status = 0; 1802 file_data->in_transfer_size = 0; 1803 file_data->out_status = 0; 1804 file_data->out_transfer_size = 0; 1805 spin_unlock_irq(&file_data->err_lock); 1806 1807 file_data->in_urbs_used = 0; 1808 return 0; 1809} 1810 1811static int get_capabilities(struct usbtmc_device_data *data) 1812{ 1813 struct device *dev = &data->usb_dev->dev; 1814 char *buffer; 1815 int rv = 0; 1816 1817 buffer = kmalloc(0x18, GFP_KERNEL); 1818 if (!buffer) 1819 return -ENOMEM; 1820 1821 rv = usb_control_msg(data->usb_dev, usb_rcvctrlpipe(data->usb_dev, 0), 1822 USBTMC_REQUEST_GET_CAPABILITIES, 1823 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1824 0, 0, buffer, 0x18, USB_CTRL_GET_TIMEOUT); 1825 if (rv < 0) { 1826 dev_err(dev, "usb_control_msg returned %d\n", rv); 1827 goto err_out; 1828 } 1829 1830 dev_dbg(dev, "GET_CAPABILITIES returned %x\n", buffer[0]); 1831 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 1832 dev_err(dev, "GET_CAPABILITIES returned %x\n", buffer[0]); 1833 rv = -EPERM; 1834 goto err_out; 1835 } 1836 dev_dbg(dev, "Interface capabilities are %x\n", buffer[4]); 1837 dev_dbg(dev, "Device capabilities are %x\n", buffer[5]); 1838 dev_dbg(dev, "USB488 interface capabilities are %x\n", buffer[14]); 1839 dev_dbg(dev, "USB488 device capabilities are %x\n", buffer[15]); 1840 1841 data->capabilities.interface_capabilities = buffer[4]; 1842 data->capabilities.device_capabilities = buffer[5]; 1843 data->capabilities.usb488_interface_capabilities = buffer[14]; 1844 data->capabilities.usb488_device_capabilities = buffer[15]; 1845 data->usb488_caps = (buffer[14] & 0x07) | ((buffer[15] & 0x0f) << 4); 1846 rv = 0; 1847 1848err_out: 1849 kfree(buffer); 1850 return rv; 1851} 1852 1853#define capability_attribute(name) \ 1854static ssize_t name##_show(struct device *dev, \ 1855 struct device_attribute *attr, char *buf) \ 1856{ \ 1857 struct usb_interface *intf = to_usb_interface(dev); \ 1858 struct usbtmc_device_data *data = usb_get_intfdata(intf); \ 1859 \ 1860 return sprintf(buf, "%d\n", data->capabilities.name); \ 1861} \ 1862static DEVICE_ATTR_RO(name) 1863 1864capability_attribute(interface_capabilities); 1865capability_attribute(device_capabilities); 1866capability_attribute(usb488_interface_capabilities); 1867capability_attribute(usb488_device_capabilities); 1868 1869static struct attribute *usbtmc_attrs[] = { 1870 &dev_attr_interface_capabilities.attr, 1871 &dev_attr_device_capabilities.attr, 1872 &dev_attr_usb488_interface_capabilities.attr, 1873 &dev_attr_usb488_device_capabilities.attr, 1874 NULL, 1875}; 1876ATTRIBUTE_GROUPS(usbtmc); 1877 1878static int usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data *data) 1879{ 1880 struct device *dev; 1881 u8 *buffer; 1882 int rv; 1883 1884 dev = &data->intf->dev; 1885 1886 buffer = kmalloc(2, GFP_KERNEL); 1887 if (!buffer) 1888 return -ENOMEM; 1889 1890 rv = usb_control_msg(data->usb_dev, 1891 usb_rcvctrlpipe(data->usb_dev, 0), 1892 USBTMC_REQUEST_INDICATOR_PULSE, 1893 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE, 1894 0, 0, buffer, 0x01, USB_CTRL_GET_TIMEOUT); 1895 1896 if (rv < 0) { 1897 dev_err(dev, "usb_control_msg returned %d\n", rv); 1898 goto exit; 1899 } 1900 1901 dev_dbg(dev, "INDICATOR_PULSE returned %x\n", buffer[0]); 1902 1903 if (buffer[0] != USBTMC_STATUS_SUCCESS) { 1904 dev_err(dev, "INDICATOR_PULSE returned %x\n", buffer[0]); 1905 rv = -EPERM; 1906 goto exit; 1907 } 1908 rv = 0; 1909 1910exit: 1911 kfree(buffer); 1912 return rv; 1913} 1914 1915static int usbtmc_ioctl_request(struct usbtmc_device_data *data, 1916 void __user *arg) 1917{ 1918 struct device *dev = &data->intf->dev; 1919 struct usbtmc_ctrlrequest request; 1920 u8 *buffer = NULL; 1921 int rv; 1922 unsigned int is_in, pipe; 1923 unsigned long res; 1924 1925 res = copy_from_user(&request, arg, sizeof(struct usbtmc_ctrlrequest)); 1926 if (res) 1927 return -EFAULT; 1928 1929 if (request.req.wLength > USBTMC_BUFSIZE) 1930 return -EMSGSIZE; 1931 if (request.req.wLength == 0) /* Length-0 requests are never IN */ 1932 request.req.bRequestType &= ~USB_DIR_IN; 1933 1934 is_in = request.req.bRequestType & USB_DIR_IN; 1935 1936 if (request.req.wLength) { 1937 buffer = kmalloc(request.req.wLength, GFP_KERNEL); 1938 if (!buffer) 1939 return -ENOMEM; 1940 1941 if (!is_in) { 1942 /* Send control data to device */ 1943 res = copy_from_user(buffer, request.data, 1944 request.req.wLength); 1945 if (res) { 1946 rv = -EFAULT; 1947 goto exit; 1948 } 1949 } 1950 } 1951 1952 if (is_in) 1953 pipe = usb_rcvctrlpipe(data->usb_dev, 0); 1954 else 1955 pipe = usb_sndctrlpipe(data->usb_dev, 0); 1956 rv = usb_control_msg(data->usb_dev, 1957 pipe, 1958 request.req.bRequest, 1959 request.req.bRequestType, 1960 request.req.wValue, 1961 request.req.wIndex, 1962 buffer, request.req.wLength, USB_CTRL_GET_TIMEOUT); 1963 1964 if (rv < 0) { 1965 dev_err(dev, "%s failed %d\n", __func__, rv); 1966 goto exit; 1967 } 1968 1969 if (rv && is_in) { 1970 /* Read control data from device */ 1971 res = copy_to_user(request.data, buffer, rv); 1972 if (res) 1973 rv = -EFAULT; 1974 } 1975 1976 exit: 1977 kfree(buffer); 1978 return rv; 1979} 1980 1981/* 1982 * Get the usb timeout value 1983 */ 1984static int usbtmc_ioctl_get_timeout(struct usbtmc_file_data *file_data, 1985 void __user *arg) 1986{ 1987 u32 timeout; 1988 1989 timeout = file_data->timeout; 1990 1991 return put_user(timeout, (__u32 __user *)arg); 1992} 1993 1994/* 1995 * Set the usb timeout value 1996 */ 1997static int usbtmc_ioctl_set_timeout(struct usbtmc_file_data *file_data, 1998 void __user *arg) 1999{ 2000 u32 timeout; 2001 2002 if (get_user(timeout, (__u32 __user *)arg)) 2003 return -EFAULT; 2004 2005 /* Note that timeout = 0 means 2006 * MAX_SCHEDULE_TIMEOUT in usb_control_msg 2007 */ 2008 if (timeout < USBTMC_MIN_TIMEOUT) 2009 return -EINVAL; 2010 2011 file_data->timeout = timeout; 2012 2013 return 0; 2014} 2015 2016/* 2017 * enables/disables sending EOM on write 2018 */ 2019static int usbtmc_ioctl_eom_enable(struct usbtmc_file_data *file_data, 2020 void __user *arg) 2021{ 2022 u8 eom_enable; 2023 2024 if (copy_from_user(&eom_enable, arg, sizeof(eom_enable))) 2025 return -EFAULT; 2026 2027 if (eom_enable > 1) 2028 return -EINVAL; 2029 2030 file_data->eom_val = eom_enable; 2031 2032 return 0; 2033} 2034 2035/* 2036 * Configure termination character for read() 2037 */ 2038static int usbtmc_ioctl_config_termc(struct usbtmc_file_data *file_data, 2039 void __user *arg) 2040{ 2041 struct usbtmc_termchar termc; 2042 2043 if (copy_from_user(&termc, arg, sizeof(termc))) 2044 return -EFAULT; 2045 2046 if ((termc.term_char_enabled > 1) || 2047 (termc.term_char_enabled && 2048 !(file_data->data->capabilities.device_capabilities & 1))) 2049 return -EINVAL; 2050 2051 file_data->term_char = termc.term_char; 2052 file_data->term_char_enabled = termc.term_char_enabled; 2053 2054 return 0; 2055} 2056 2057static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2058{ 2059 struct usbtmc_file_data *file_data; 2060 struct usbtmc_device_data *data; 2061 int retval = -EBADRQC; 2062 __u8 tmp_byte; 2063 2064 file_data = file->private_data; 2065 data = file_data->data; 2066 2067 mutex_lock(&data->io_mutex); 2068 if (data->zombie) { 2069 retval = -ENODEV; 2070 goto skip_io_on_zombie; 2071 } 2072 2073 switch (cmd) { 2074 case USBTMC_IOCTL_CLEAR_OUT_HALT: 2075 retval = usbtmc_ioctl_clear_out_halt(data); 2076 break; 2077 2078 case USBTMC_IOCTL_CLEAR_IN_HALT: 2079 retval = usbtmc_ioctl_clear_in_halt(data); 2080 break; 2081 2082 case USBTMC_IOCTL_INDICATOR_PULSE: 2083 retval = usbtmc_ioctl_indicator_pulse(data); 2084 break; 2085 2086 case USBTMC_IOCTL_CLEAR: 2087 retval = usbtmc_ioctl_clear(data); 2088 break; 2089 2090 case USBTMC_IOCTL_ABORT_BULK_OUT: 2091 retval = usbtmc_ioctl_abort_bulk_out(data); 2092 break; 2093 2094 case USBTMC_IOCTL_ABORT_BULK_IN: 2095 retval = usbtmc_ioctl_abort_bulk_in(data); 2096 break; 2097 2098 case USBTMC_IOCTL_CTRL_REQUEST: 2099 retval = usbtmc_ioctl_request(data, (void __user *)arg); 2100 break; 2101 2102 case USBTMC_IOCTL_GET_TIMEOUT: 2103 retval = usbtmc_ioctl_get_timeout(file_data, 2104 (void __user *)arg); 2105 break; 2106 2107 case USBTMC_IOCTL_SET_TIMEOUT: 2108 retval = usbtmc_ioctl_set_timeout(file_data, 2109 (void __user *)arg); 2110 break; 2111 2112 case USBTMC_IOCTL_EOM_ENABLE: 2113 retval = usbtmc_ioctl_eom_enable(file_data, 2114 (void __user *)arg); 2115 break; 2116 2117 case USBTMC_IOCTL_CONFIG_TERMCHAR: 2118 retval = usbtmc_ioctl_config_termc(file_data, 2119 (void __user *)arg); 2120 break; 2121 2122 case USBTMC_IOCTL_WRITE: 2123 retval = usbtmc_ioctl_generic_write(file_data, 2124 (void __user *)arg); 2125 break; 2126 2127 case USBTMC_IOCTL_READ: 2128 retval = usbtmc_ioctl_generic_read(file_data, 2129 (void __user *)arg); 2130 break; 2131 2132 case USBTMC_IOCTL_WRITE_RESULT: 2133 retval = usbtmc_ioctl_write_result(file_data, 2134 (void __user *)arg); 2135 break; 2136 2137 case USBTMC_IOCTL_API_VERSION: 2138 retval = put_user(USBTMC_API_VERSION, 2139 (__u32 __user *)arg); 2140 break; 2141 2142 case USBTMC488_IOCTL_GET_CAPS: 2143 retval = put_user(data->usb488_caps, 2144 (unsigned char __user *)arg); 2145 break; 2146 2147 case USBTMC488_IOCTL_READ_STB: 2148 retval = usbtmc488_ioctl_read_stb(file_data, 2149 (void __user *)arg); 2150 break; 2151 2152 case USBTMC488_IOCTL_REN_CONTROL: 2153 retval = usbtmc488_ioctl_simple(data, (void __user *)arg, 2154 USBTMC488_REQUEST_REN_CONTROL); 2155 break; 2156 2157 case USBTMC488_IOCTL_GOTO_LOCAL: 2158 retval = usbtmc488_ioctl_simple(data, (void __user *)arg, 2159 USBTMC488_REQUEST_GOTO_LOCAL); 2160 break; 2161 2162 case USBTMC488_IOCTL_LOCAL_LOCKOUT: 2163 retval = usbtmc488_ioctl_simple(data, (void __user *)arg, 2164 USBTMC488_REQUEST_LOCAL_LOCKOUT); 2165 break; 2166 2167 case USBTMC488_IOCTL_TRIGGER: 2168 retval = usbtmc488_ioctl_trigger(file_data); 2169 break; 2170 2171 case USBTMC488_IOCTL_WAIT_SRQ: 2172 retval = usbtmc488_ioctl_wait_srq(file_data, 2173 (__u32 __user *)arg); 2174 break; 2175 2176 case USBTMC_IOCTL_MSG_IN_ATTR: 2177 retval = put_user(file_data->bmTransferAttributes, 2178 (__u8 __user *)arg); 2179 break; 2180 2181 case USBTMC_IOCTL_AUTO_ABORT: 2182 retval = get_user(tmp_byte, (unsigned char __user *)arg); 2183 if (retval == 0) 2184 file_data->auto_abort = !!tmp_byte; 2185 break; 2186 2187 case USBTMC_IOCTL_GET_STB: 2188 retval = usbtmc_get_stb(file_data, &tmp_byte); 2189 if (retval > 0) 2190 retval = put_user(tmp_byte, (__u8 __user *)arg); 2191 break; 2192 2193 case USBTMC_IOCTL_GET_SRQ_STB: 2194 retval = usbtmc_ioctl_get_srq_stb(file_data, 2195 (void __user *)arg); 2196 break; 2197 2198 case USBTMC_IOCTL_CANCEL_IO: 2199 retval = usbtmc_ioctl_cancel_io(file_data); 2200 break; 2201 2202 case USBTMC_IOCTL_CLEANUP_IO: 2203 retval = usbtmc_ioctl_cleanup_io(file_data); 2204 break; 2205 } 2206 2207skip_io_on_zombie: 2208 mutex_unlock(&data->io_mutex); 2209 return retval; 2210} 2211 2212static int usbtmc_fasync(int fd, struct file *file, int on) 2213{ 2214 struct usbtmc_file_data *file_data = file->private_data; 2215 2216 return fasync_helper(fd, file, on, &file_data->data->fasync); 2217} 2218 2219static __poll_t usbtmc_poll(struct file *file, poll_table *wait) 2220{ 2221 struct usbtmc_file_data *file_data = file->private_data; 2222 struct usbtmc_device_data *data = file_data->data; 2223 __poll_t mask; 2224 2225 mutex_lock(&data->io_mutex); 2226 2227 if (data->zombie) { 2228 mask = EPOLLHUP | EPOLLERR; 2229 goto no_poll; 2230 } 2231 2232 poll_wait(file, &data->waitq, wait); 2233 2234 /* Note that EPOLLPRI is now assigned to SRQ, and 2235 * EPOLLIN|EPOLLRDNORM to normal read data. 2236 */ 2237 mask = 0; 2238 if (atomic_read(&file_data->srq_asserted)) 2239 mask |= EPOLLPRI; 2240 2241 /* Note that the anchor submitted includes all urbs for BULK IN 2242 * and OUT. So EPOLLOUT is signaled when BULK OUT is empty and 2243 * all BULK IN urbs are completed and moved to in_anchor. 2244 */ 2245 if (usb_anchor_empty(&file_data->submitted)) 2246 mask |= (EPOLLOUT | EPOLLWRNORM); 2247 if (!usb_anchor_empty(&file_data->in_anchor)) 2248 mask |= (EPOLLIN | EPOLLRDNORM); 2249 2250 spin_lock_irq(&file_data->err_lock); 2251 if (file_data->in_status || file_data->out_status) 2252 mask |= EPOLLERR; 2253 spin_unlock_irq(&file_data->err_lock); 2254 2255 dev_dbg(&data->intf->dev, "poll mask = %x\n", mask); 2256 2257no_poll: 2258 mutex_unlock(&data->io_mutex); 2259 return mask; 2260} 2261 2262static const struct file_operations fops = { 2263 .owner = THIS_MODULE, 2264 .read = usbtmc_read, 2265 .write = usbtmc_write, 2266 .open = usbtmc_open, 2267 .release = usbtmc_release, 2268 .flush = usbtmc_flush, 2269 .unlocked_ioctl = usbtmc_ioctl, 2270 .compat_ioctl = compat_ptr_ioctl, 2271 .fasync = usbtmc_fasync, 2272 .poll = usbtmc_poll, 2273 .llseek = default_llseek, 2274}; 2275 2276static struct usb_class_driver usbtmc_class = { 2277 .name = "usbtmc%d", 2278 .fops = &fops, 2279 .minor_base = USBTMC_MINOR_BASE, 2280}; 2281 2282static void usbtmc_interrupt(struct urb *urb) 2283{ 2284 struct usbtmc_device_data *data = urb->context; 2285 struct device *dev = &data->intf->dev; 2286 int status = urb->status; 2287 int rv; 2288 2289 dev_dbg(&data->intf->dev, "int status: %d len %d\n", 2290 status, urb->actual_length); 2291 2292 switch (status) { 2293 case 0: /* SUCCESS */ 2294 /* check for valid STB notification */ 2295 if (data->iin_buffer[0] > 0x81) { 2296 data->bNotify1 = data->iin_buffer[0]; 2297 data->bNotify2 = data->iin_buffer[1]; 2298 atomic_set(&data->iin_data_valid, 1); 2299 wake_up_interruptible(&data->waitq); 2300 goto exit; 2301 } 2302 /* check for SRQ notification */ 2303 if (data->iin_buffer[0] == 0x81) { 2304 unsigned long flags; 2305 struct list_head *elem; 2306 2307 if (data->fasync) 2308 kill_fasync(&data->fasync, 2309 SIGIO, POLL_PRI); 2310 2311 spin_lock_irqsave(&data->dev_lock, flags); 2312 list_for_each(elem, &data->file_list) { 2313 struct usbtmc_file_data *file_data; 2314 2315 file_data = list_entry(elem, 2316 struct usbtmc_file_data, 2317 file_elem); 2318 file_data->srq_byte = data->iin_buffer[1]; 2319 atomic_set(&file_data->srq_asserted, 1); 2320 } 2321 spin_unlock_irqrestore(&data->dev_lock, flags); 2322 2323 dev_dbg(dev, "srq received bTag %x stb %x\n", 2324 (unsigned int)data->iin_buffer[0], 2325 (unsigned int)data->iin_buffer[1]); 2326 wake_up_interruptible_all(&data->waitq); 2327 goto exit; 2328 } 2329 dev_warn(dev, "invalid notification: %x\n", 2330 data->iin_buffer[0]); 2331 break; 2332 case -EOVERFLOW: 2333 dev_err(dev, "overflow with length %d, actual length is %d\n", 2334 data->iin_wMaxPacketSize, urb->actual_length); 2335 fallthrough; 2336 default: 2337 /* urb terminated, clean up */ 2338 dev_dbg(dev, "urb terminated, status: %d\n", status); 2339 return; 2340 } 2341exit: 2342 rv = usb_submit_urb(urb, GFP_ATOMIC); 2343 if (rv) 2344 dev_err(dev, "usb_submit_urb failed: %d\n", rv); 2345} 2346 2347static void usbtmc_free_int(struct usbtmc_device_data *data) 2348{ 2349 if (!data->iin_ep_present || !data->iin_urb) 2350 return; 2351 usb_kill_urb(data->iin_urb); 2352 kfree(data->iin_buffer); 2353 data->iin_buffer = NULL; 2354 usb_free_urb(data->iin_urb); 2355 data->iin_urb = NULL; 2356 kref_put(&data->kref, usbtmc_delete); 2357} 2358 2359static int usbtmc_probe(struct usb_interface *intf, 2360 const struct usb_device_id *id) 2361{ 2362 struct usbtmc_device_data *data; 2363 struct usb_host_interface *iface_desc; 2364 struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in; 2365 int retcode; 2366 2367 dev_dbg(&intf->dev, "%s called\n", __func__); 2368 2369 data = kzalloc(sizeof(*data), GFP_KERNEL); 2370 if (!data) 2371 return -ENOMEM; 2372 2373 data->intf = intf; 2374 data->id = id; 2375 data->usb_dev = usb_get_dev(interface_to_usbdev(intf)); 2376 usb_set_intfdata(intf, data); 2377 kref_init(&data->kref); 2378 mutex_init(&data->io_mutex); 2379 init_waitqueue_head(&data->waitq); 2380 atomic_set(&data->iin_data_valid, 0); 2381 INIT_LIST_HEAD(&data->file_list); 2382 spin_lock_init(&data->dev_lock); 2383 2384 data->zombie = 0; 2385 2386 /* Initialize USBTMC bTag and other fields */ 2387 data->bTag = 1; 2388 /* 2 <= bTag <= 127 USBTMC-USB488 subclass specification 4.3.1 */ 2389 data->iin_bTag = 2; 2390 2391 /* USBTMC devices have only one setting, so use that */ 2392 iface_desc = data->intf->cur_altsetting; 2393 data->ifnum = iface_desc->desc.bInterfaceNumber; 2394 2395 /* Find bulk endpoints */ 2396 retcode = usb_find_common_endpoints(iface_desc, 2397 &bulk_in, &bulk_out, NULL, NULL); 2398 if (retcode) { 2399 dev_err(&intf->dev, "bulk endpoints not found\n"); 2400 goto err_put; 2401 } 2402 2403 retcode = -EINVAL; 2404 data->bulk_in = bulk_in->bEndpointAddress; 2405 data->wMaxPacketSize = usb_endpoint_maxp(bulk_in); 2406 if (!data->wMaxPacketSize) 2407 goto err_put; 2408 dev_dbg(&intf->dev, "Found bulk in endpoint at %u\n", data->bulk_in); 2409 2410 data->bulk_out = bulk_out->bEndpointAddress; 2411 dev_dbg(&intf->dev, "Found Bulk out endpoint at %u\n", data->bulk_out); 2412 2413 /* Find int endpoint */ 2414 retcode = usb_find_int_in_endpoint(iface_desc, &int_in); 2415 if (!retcode) { 2416 data->iin_ep_present = 1; 2417 data->iin_ep = int_in->bEndpointAddress; 2418 data->iin_wMaxPacketSize = usb_endpoint_maxp(int_in); 2419 data->iin_interval = int_in->bInterval; 2420 dev_dbg(&intf->dev, "Found Int in endpoint at %u\n", 2421 data->iin_ep); 2422 } 2423 2424 retcode = get_capabilities(data); 2425 if (retcode) 2426 dev_err(&intf->dev, "can't read capabilities\n"); 2427 2428 if (data->iin_ep_present) { 2429 /* allocate int urb */ 2430 data->iin_urb = usb_alloc_urb(0, GFP_KERNEL); 2431 if (!data->iin_urb) { 2432 retcode = -ENOMEM; 2433 goto error_register; 2434 } 2435 2436 /* Protect interrupt in endpoint data until iin_urb is freed */ 2437 kref_get(&data->kref); 2438 2439 /* allocate buffer for interrupt in */ 2440 data->iin_buffer = kmalloc(data->iin_wMaxPacketSize, 2441 GFP_KERNEL); 2442 if (!data->iin_buffer) { 2443 retcode = -ENOMEM; 2444 goto error_register; 2445 } 2446 2447 /* fill interrupt urb */ 2448 usb_fill_int_urb(data->iin_urb, data->usb_dev, 2449 usb_rcvintpipe(data->usb_dev, data->iin_ep), 2450 data->iin_buffer, data->iin_wMaxPacketSize, 2451 usbtmc_interrupt, 2452 data, data->iin_interval); 2453 2454 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL); 2455 if (retcode) { 2456 dev_err(&intf->dev, "Failed to submit iin_urb\n"); 2457 goto error_register; 2458 } 2459 } 2460 2461 retcode = usb_register_dev(intf, &usbtmc_class); 2462 if (retcode) { 2463 dev_err(&intf->dev, "Not able to get a minor (base %u, slice default): %d\n", 2464 USBTMC_MINOR_BASE, 2465 retcode); 2466 goto error_register; 2467 } 2468 dev_dbg(&intf->dev, "Using minor number %d\n", intf->minor); 2469 2470 return 0; 2471 2472error_register: 2473 usbtmc_free_int(data); 2474err_put: 2475 kref_put(&data->kref, usbtmc_delete); 2476 return retcode; 2477} 2478 2479static void usbtmc_disconnect(struct usb_interface *intf) 2480{ 2481 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2482 struct list_head *elem; 2483 2484 usb_deregister_dev(intf, &usbtmc_class); 2485 mutex_lock(&data->io_mutex); 2486 data->zombie = 1; 2487 wake_up_interruptible_all(&data->waitq); 2488 list_for_each(elem, &data->file_list) { 2489 struct usbtmc_file_data *file_data; 2490 2491 file_data = list_entry(elem, 2492 struct usbtmc_file_data, 2493 file_elem); 2494 usb_kill_anchored_urbs(&file_data->submitted); 2495 usb_scuttle_anchored_urbs(&file_data->in_anchor); 2496 } 2497 mutex_unlock(&data->io_mutex); 2498 usbtmc_free_int(data); 2499 kref_put(&data->kref, usbtmc_delete); 2500} 2501 2502static void usbtmc_draw_down(struct usbtmc_file_data *file_data) 2503{ 2504 int time; 2505 2506 time = usb_wait_anchor_empty_timeout(&file_data->submitted, 1000); 2507 if (!time) 2508 usb_kill_anchored_urbs(&file_data->submitted); 2509 usb_scuttle_anchored_urbs(&file_data->in_anchor); 2510} 2511 2512static int usbtmc_suspend(struct usb_interface *intf, pm_message_t message) 2513{ 2514 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2515 struct list_head *elem; 2516 2517 if (!data) 2518 return 0; 2519 2520 mutex_lock(&data->io_mutex); 2521 list_for_each(elem, &data->file_list) { 2522 struct usbtmc_file_data *file_data; 2523 2524 file_data = list_entry(elem, 2525 struct usbtmc_file_data, 2526 file_elem); 2527 usbtmc_draw_down(file_data); 2528 } 2529 2530 if (data->iin_ep_present && data->iin_urb) 2531 usb_kill_urb(data->iin_urb); 2532 2533 mutex_unlock(&data->io_mutex); 2534 return 0; 2535} 2536 2537static int usbtmc_resume(struct usb_interface *intf) 2538{ 2539 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2540 int retcode = 0; 2541 2542 if (data->iin_ep_present && data->iin_urb) 2543 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL); 2544 if (retcode) 2545 dev_err(&intf->dev, "Failed to submit iin_urb\n"); 2546 2547 return retcode; 2548} 2549 2550static int usbtmc_pre_reset(struct usb_interface *intf) 2551{ 2552 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2553 struct list_head *elem; 2554 2555 if (!data) 2556 return 0; 2557 2558 mutex_lock(&data->io_mutex); 2559 2560 list_for_each(elem, &data->file_list) { 2561 struct usbtmc_file_data *file_data; 2562 2563 file_data = list_entry(elem, 2564 struct usbtmc_file_data, 2565 file_elem); 2566 usbtmc_ioctl_cancel_io(file_data); 2567 } 2568 2569 return 0; 2570} 2571 2572static int usbtmc_post_reset(struct usb_interface *intf) 2573{ 2574 struct usbtmc_device_data *data = usb_get_intfdata(intf); 2575 2576 mutex_unlock(&data->io_mutex); 2577 2578 return 0; 2579} 2580 2581static struct usb_driver usbtmc_driver = { 2582 .name = "usbtmc", 2583 .id_table = usbtmc_devices, 2584 .probe = usbtmc_probe, 2585 .disconnect = usbtmc_disconnect, 2586 .suspend = usbtmc_suspend, 2587 .resume = usbtmc_resume, 2588 .pre_reset = usbtmc_pre_reset, 2589 .post_reset = usbtmc_post_reset, 2590 .dev_groups = usbtmc_groups, 2591}; 2592 2593module_usb_driver(usbtmc_driver); 2594 2595MODULE_LICENSE("GPL"); 2596