1 // SPDX-License-Identifier: GPL-2.0+
2 /**
3 * drivers/usb/class/usbtmc.c - USB Test & Measurement class driver
4 *
5 * Copyright (C) 2007 Stefan Kopp, Gechingen, Germany
6 * Copyright (C) 2008 Novell, Inc.
7 * Copyright (C) 2008 Greg Kroah-Hartman <gregkh@suse.de>
8 * Copyright (C) 2018 IVI Foundation, Inc.
9 */
10
11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/fs.h>
16 #include <linux/uaccess.h>
17 #include <linux/kref.h>
18 #include <linux/slab.h>
19 #include <linux/poll.h>
20 #include <linux/mutex.h>
21 #include <linux/usb.h>
22 #include <linux/compat.h>
23 #include <linux/usb/tmc.h>
24
25 /* Increment API VERSION when changing tmc.h with new flags or ioctls
26 * or when changing a significant behavior of the driver.
27 */
28 #define USBTMC_API_VERSION (2)
29
30 #define USBTMC_HEADER_SIZE 12
31 #define USBTMC_MINOR_BASE 176
32
33 /* Minimum USB timeout (in milliseconds) */
34 #define USBTMC_MIN_TIMEOUT 100
35 /* Default USB timeout (in milliseconds) */
36 #define USBTMC_TIMEOUT 5000
37
38 /* Max number of urbs used in write transfers */
39 #define MAX_URBS_IN_FLIGHT 16
40 /* I/O buffer size used in generic read/write functions */
41 #define USBTMC_BUFSIZE (4096)
42
43 /*
44 * Maximum number of read cycles to empty bulk in endpoint during CLEAR and
45 * ABORT_BULK_IN requests. Ends the loop if (for whatever reason) a short
46 * packet is never read.
47 */
48 #define USBTMC_MAX_READS_TO_CLEAR_BULK_IN 100
49
50 static const struct usb_device_id usbtmc_devices[] = {
51 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 0), },
52 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 1), },
53 { 0, } /* terminating entry */
54 };
55 MODULE_DEVICE_TABLE(usb, usbtmc_devices);
56
57 /*
58 * This structure is the capabilities for the device
59 * See section 4.2.1.8 of the USBTMC specification,
60 * and section 4.2.2 of the USBTMC usb488 subclass
61 * specification for details.
62 */
63 struct usbtmc_dev_capabilities {
64 __u8 interface_capabilities;
65 __u8 device_capabilities;
66 __u8 usb488_interface_capabilities;
67 __u8 usb488_device_capabilities;
68 };
69
70 /* This structure holds private data for each USBTMC device. One copy is
71 * allocated for each USBTMC device in the driver's probe function.
72 */
73 struct usbtmc_device_data {
74 const struct usb_device_id *id;
75 struct usb_device *usb_dev;
76 struct usb_interface *intf;
77 struct list_head file_list;
78
79 unsigned int bulk_in;
80 unsigned int bulk_out;
81
82 u8 bTag;
83 u8 bTag_last_write; /* needed for abort */
84 u8 bTag_last_read; /* needed for abort */
85
86 /* packet size of IN bulk */
87 u16 wMaxPacketSize;
88
89 /* data for interrupt in endpoint handling */
90 u8 bNotify1;
91 u8 bNotify2;
92 u16 ifnum;
93 u8 iin_bTag;
94 u8 *iin_buffer;
95 atomic_t iin_data_valid;
96 unsigned int iin_ep;
97 int iin_ep_present;
98 int iin_interval;
99 struct urb *iin_urb;
100 u16 iin_wMaxPacketSize;
101
102 /* coalesced usb488_caps from usbtmc_dev_capabilities */
103 __u8 usb488_caps;
104
105 bool zombie; /* fd of disconnected device */
106
107 struct usbtmc_dev_capabilities capabilities;
108 struct kref kref;
109 struct mutex io_mutex; /* only one i/o function running at a time */
110 wait_queue_head_t waitq;
111 struct fasync_struct *fasync;
112 spinlock_t dev_lock; /* lock for file_list */
113 };
114 #define to_usbtmc_data(d) container_of(d, struct usbtmc_device_data, kref)
115
116 /*
117 * This structure holds private data for each USBTMC file handle.
118 */
119 struct usbtmc_file_data {
120 struct usbtmc_device_data *data;
121 struct list_head file_elem;
122
123 u32 timeout;
124 u8 srq_byte;
125 atomic_t srq_asserted;
126 atomic_t closing;
127 u8 bmTransferAttributes; /* member of DEV_DEP_MSG_IN */
128
129 u8 eom_val;
130 u8 term_char;
131 bool term_char_enabled;
132 bool auto_abort;
133
134 spinlock_t err_lock; /* lock for errors */
135
136 struct usb_anchor submitted;
137
138 /* data for generic_write */
139 struct semaphore limit_write_sem;
140 u32 out_transfer_size;
141 int out_status;
142
143 /* data for generic_read */
144 u32 in_transfer_size;
145 int in_status;
146 int in_urbs_used;
147 struct usb_anchor in_anchor;
148 wait_queue_head_t wait_bulk_in;
149 };
150
151 /* Forward declarations */
152 static struct usb_driver usbtmc_driver;
153 static void usbtmc_draw_down(struct usbtmc_file_data *file_data);
154
usbtmc_delete(struct kref * kref)155 static void usbtmc_delete(struct kref *kref)
156 {
157 struct usbtmc_device_data *data = to_usbtmc_data(kref);
158
159 usb_put_dev(data->usb_dev);
160 kfree(data);
161 }
162
usbtmc_open(struct inode * inode,struct file * filp)163 static int usbtmc_open(struct inode *inode, struct file *filp)
164 {
165 struct usb_interface *intf;
166 struct usbtmc_device_data *data;
167 struct usbtmc_file_data *file_data;
168
169 intf = usb_find_interface(&usbtmc_driver, iminor(inode));
170 if (!intf) {
171 pr_err("can not find device for minor %d", iminor(inode));
172 return -ENODEV;
173 }
174
175 file_data = kzalloc(sizeof(*file_data), GFP_KERNEL);
176 if (!file_data)
177 return -ENOMEM;
178
179 spin_lock_init(&file_data->err_lock);
180 sema_init(&file_data->limit_write_sem, MAX_URBS_IN_FLIGHT);
181 init_usb_anchor(&file_data->submitted);
182 init_usb_anchor(&file_data->in_anchor);
183 init_waitqueue_head(&file_data->wait_bulk_in);
184
185 data = usb_get_intfdata(intf);
186 /* Protect reference to data from file structure until release */
187 kref_get(&data->kref);
188
189 mutex_lock(&data->io_mutex);
190 file_data->data = data;
191
192 atomic_set(&file_data->closing, 0);
193
194 file_data->timeout = USBTMC_TIMEOUT;
195 file_data->term_char = '\n';
196 file_data->term_char_enabled = 0;
197 file_data->auto_abort = 0;
198 file_data->eom_val = 1;
199
200 INIT_LIST_HEAD(&file_data->file_elem);
201 spin_lock_irq(&data->dev_lock);
202 list_add_tail(&file_data->file_elem, &data->file_list);
203 spin_unlock_irq(&data->dev_lock);
204 mutex_unlock(&data->io_mutex);
205
206 /* Store pointer in file structure's private data field */
207 filp->private_data = file_data;
208
209 return 0;
210 }
211
212 /*
213 * usbtmc_flush - called before file handle is closed
214 */
usbtmc_flush(struct file * file,fl_owner_t id)215 static int usbtmc_flush(struct file *file, fl_owner_t id)
216 {
217 struct usbtmc_file_data *file_data;
218 struct usbtmc_device_data *data;
219
220 file_data = file->private_data;
221 if (file_data == NULL)
222 return -ENODEV;
223
224 atomic_set(&file_data->closing, 1);
225 data = file_data->data;
226
227 /* wait for io to stop */
228 mutex_lock(&data->io_mutex);
229
230 usbtmc_draw_down(file_data);
231
232 spin_lock_irq(&file_data->err_lock);
233 file_data->in_status = 0;
234 file_data->in_transfer_size = 0;
235 file_data->in_urbs_used = 0;
236 file_data->out_status = 0;
237 file_data->out_transfer_size = 0;
238 spin_unlock_irq(&file_data->err_lock);
239
240 wake_up_interruptible_all(&data->waitq);
241 mutex_unlock(&data->io_mutex);
242
243 return 0;
244 }
245
usbtmc_release(struct inode * inode,struct file * file)246 static int usbtmc_release(struct inode *inode, struct file *file)
247 {
248 struct usbtmc_file_data *file_data = file->private_data;
249
250 /* prevent IO _AND_ usbtmc_interrupt */
251 mutex_lock(&file_data->data->io_mutex);
252 spin_lock_irq(&file_data->data->dev_lock);
253
254 list_del(&file_data->file_elem);
255
256 spin_unlock_irq(&file_data->data->dev_lock);
257 mutex_unlock(&file_data->data->io_mutex);
258
259 kref_put(&file_data->data->kref, usbtmc_delete);
260 file_data->data = NULL;
261 kfree(file_data);
262 return 0;
263 }
264
usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data * data,u8 tag)265 static int usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data *data,
266 u8 tag)
267 {
268 u8 *buffer;
269 struct device *dev;
270 int rv;
271 int n;
272 int actual;
273
274 dev = &data->intf->dev;
275 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL);
276 if (!buffer)
277 return -ENOMEM;
278
279 rv = usb_control_msg(data->usb_dev,
280 usb_rcvctrlpipe(data->usb_dev, 0),
281 USBTMC_REQUEST_INITIATE_ABORT_BULK_IN,
282 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
283 tag, data->bulk_in,
284 buffer, 2, USB_CTRL_GET_TIMEOUT);
285
286 if (rv < 0) {
287 dev_err(dev, "usb_control_msg returned %d\n", rv);
288 goto exit;
289 }
290
291 dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x with tag %02x\n",
292 buffer[0], buffer[1]);
293
294 if (buffer[0] == USBTMC_STATUS_FAILED) {
295 /* No transfer in progress and the Bulk-OUT FIFO is empty. */
296 rv = 0;
297 goto exit;
298 }
299
300 if (buffer[0] == USBTMC_STATUS_TRANSFER_NOT_IN_PROGRESS) {
301 /* The device returns this status if either:
302 * - There is a transfer in progress, but the specified bTag
303 * does not match.
304 * - There is no transfer in progress, but the Bulk-OUT FIFO
305 * is not empty.
306 */
307 rv = -ENOMSG;
308 goto exit;
309 }
310
311 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
312 dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n",
313 buffer[0]);
314 rv = -EPERM;
315 goto exit;
316 }
317
318 n = 0;
319
320 usbtmc_abort_bulk_in_status:
321 dev_dbg(dev, "Reading from bulk in EP\n");
322
323 /* Data must be present. So use low timeout 300 ms */
324 actual = 0;
325 rv = usb_bulk_msg(data->usb_dev,
326 usb_rcvbulkpipe(data->usb_dev,
327 data->bulk_in),
328 buffer, USBTMC_BUFSIZE,
329 &actual, 300);
330
331 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1,
332 buffer, actual, true);
333
334 n++;
335
336 if (rv < 0) {
337 dev_err(dev, "usb_bulk_msg returned %d\n", rv);
338 if (rv != -ETIMEDOUT)
339 goto exit;
340 }
341
342 if (actual == USBTMC_BUFSIZE)
343 goto usbtmc_abort_bulk_in_status;
344
345 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) {
346 dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
347 USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
348 rv = -EPERM;
349 goto exit;
350 }
351
352 rv = usb_control_msg(data->usb_dev,
353 usb_rcvctrlpipe(data->usb_dev, 0),
354 USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS,
355 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
356 0, data->bulk_in, buffer, 0x08,
357 USB_CTRL_GET_TIMEOUT);
358
359 if (rv < 0) {
360 dev_err(dev, "usb_control_msg returned %d\n", rv);
361 goto exit;
362 }
363
364 dev_dbg(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]);
365
366 if (buffer[0] == USBTMC_STATUS_SUCCESS) {
367 rv = 0;
368 goto exit;
369 }
370
371 if (buffer[0] != USBTMC_STATUS_PENDING) {
372 dev_err(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]);
373 rv = -EPERM;
374 goto exit;
375 }
376
377 if ((buffer[1] & 1) > 0) {
378 /* The device has 1 or more queued packets the Host can read */
379 goto usbtmc_abort_bulk_in_status;
380 }
381
382 /* The Host must send CHECK_ABORT_BULK_IN_STATUS at a later time. */
383 rv = -EAGAIN;
384 exit:
385 kfree(buffer);
386 return rv;
387 }
388
usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data * data)389 static int usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data *data)
390 {
391 return usbtmc_ioctl_abort_bulk_in_tag(data, data->bTag_last_read);
392 }
393
usbtmc_ioctl_abort_bulk_out_tag(struct usbtmc_device_data * data,u8 tag)394 static int usbtmc_ioctl_abort_bulk_out_tag(struct usbtmc_device_data *data,
395 u8 tag)
396 {
397 struct device *dev;
398 u8 *buffer;
399 int rv;
400 int n;
401
402 dev = &data->intf->dev;
403
404 buffer = kmalloc(8, GFP_KERNEL);
405 if (!buffer)
406 return -ENOMEM;
407
408 rv = usb_control_msg(data->usb_dev,
409 usb_rcvctrlpipe(data->usb_dev, 0),
410 USBTMC_REQUEST_INITIATE_ABORT_BULK_OUT,
411 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
412 tag, data->bulk_out,
413 buffer, 2, USB_CTRL_GET_TIMEOUT);
414
415 if (rv < 0) {
416 dev_err(dev, "usb_control_msg returned %d\n", rv);
417 goto exit;
418 }
419
420 dev_dbg(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", buffer[0]);
421
422 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
423 dev_err(dev, "INITIATE_ABORT_BULK_OUT returned %x\n",
424 buffer[0]);
425 rv = -EPERM;
426 goto exit;
427 }
428
429 n = 0;
430
431 usbtmc_abort_bulk_out_check_status:
432 /* do not stress device with subsequent requests */
433 msleep(50);
434 rv = usb_control_msg(data->usb_dev,
435 usb_rcvctrlpipe(data->usb_dev, 0),
436 USBTMC_REQUEST_CHECK_ABORT_BULK_OUT_STATUS,
437 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
438 0, data->bulk_out, buffer, 0x08,
439 USB_CTRL_GET_TIMEOUT);
440 n++;
441 if (rv < 0) {
442 dev_err(dev, "usb_control_msg returned %d\n", rv);
443 goto exit;
444 }
445
446 dev_dbg(dev, "CHECK_ABORT_BULK_OUT returned %x\n", buffer[0]);
447
448 if (buffer[0] == USBTMC_STATUS_SUCCESS)
449 goto usbtmc_abort_bulk_out_clear_halt;
450
451 if ((buffer[0] == USBTMC_STATUS_PENDING) &&
452 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN))
453 goto usbtmc_abort_bulk_out_check_status;
454
455 rv = -EPERM;
456 goto exit;
457
458 usbtmc_abort_bulk_out_clear_halt:
459 rv = usb_clear_halt(data->usb_dev,
460 usb_sndbulkpipe(data->usb_dev, data->bulk_out));
461
462 if (rv < 0) {
463 dev_err(dev, "usb_control_msg returned %d\n", rv);
464 goto exit;
465 }
466 rv = 0;
467
468 exit:
469 kfree(buffer);
470 return rv;
471 }
472
usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data * data)473 static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data)
474 {
475 return usbtmc_ioctl_abort_bulk_out_tag(data, data->bTag_last_write);
476 }
477
usbtmc488_ioctl_read_stb(struct usbtmc_file_data * file_data,void __user * arg)478 static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data,
479 void __user *arg)
480 {
481 struct usbtmc_device_data *data = file_data->data;
482 struct device *dev = &data->intf->dev;
483 int srq_asserted = 0;
484 u8 *buffer;
485 u8 tag;
486 __u8 stb;
487 int rv;
488
489 dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n",
490 data->iin_ep_present);
491
492 spin_lock_irq(&data->dev_lock);
493 srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted);
494 if (srq_asserted) {
495 /* a STB with SRQ is already received */
496 stb = file_data->srq_byte;
497 spin_unlock_irq(&data->dev_lock);
498 rv = put_user(stb, (__u8 __user *)arg);
499 dev_dbg(dev, "stb:0x%02x with srq received %d\n",
500 (unsigned int)stb, rv);
501 return rv;
502 }
503 spin_unlock_irq(&data->dev_lock);
504
505 buffer = kmalloc(8, GFP_KERNEL);
506 if (!buffer)
507 return -ENOMEM;
508
509 atomic_set(&data->iin_data_valid, 0);
510
511 rv = usb_control_msg(data->usb_dev,
512 usb_rcvctrlpipe(data->usb_dev, 0),
513 USBTMC488_REQUEST_READ_STATUS_BYTE,
514 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
515 data->iin_bTag,
516 data->ifnum,
517 buffer, 0x03, USB_CTRL_GET_TIMEOUT);
518 if (rv < 0) {
519 dev_err(dev, "stb usb_control_msg returned %d\n", rv);
520 goto exit;
521 }
522
523 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
524 dev_err(dev, "control status returned %x\n", buffer[0]);
525 rv = -EIO;
526 goto exit;
527 }
528
529 if (data->iin_ep_present) {
530 rv = wait_event_interruptible_timeout(
531 data->waitq,
532 atomic_read(&data->iin_data_valid) != 0,
533 file_data->timeout);
534 if (rv < 0) {
535 dev_dbg(dev, "wait interrupted %d\n", rv);
536 goto exit;
537 }
538
539 if (rv == 0) {
540 dev_dbg(dev, "wait timed out\n");
541 rv = -ETIMEDOUT;
542 goto exit;
543 }
544
545 tag = data->bNotify1 & 0x7f;
546 if (tag != data->iin_bTag) {
547 dev_err(dev, "expected bTag %x got %x\n",
548 data->iin_bTag, tag);
549 }
550
551 stb = data->bNotify2;
552 } else {
553 stb = buffer[2];
554 }
555
556 rv = put_user(stb, (__u8 __user *)arg);
557 dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)stb, rv);
558
559 exit:
560 /* bump interrupt bTag */
561 data->iin_bTag += 1;
562 if (data->iin_bTag > 127)
563 /* 1 is for SRQ see USBTMC-USB488 subclass spec section 4.3.1 */
564 data->iin_bTag = 2;
565
566 kfree(buffer);
567 return rv;
568 }
569
usbtmc488_ioctl_wait_srq(struct usbtmc_file_data * file_data,__u32 __user * arg)570 static int usbtmc488_ioctl_wait_srq(struct usbtmc_file_data *file_data,
571 __u32 __user *arg)
572 {
573 struct usbtmc_device_data *data = file_data->data;
574 struct device *dev = &data->intf->dev;
575 int rv;
576 u32 timeout;
577 unsigned long expire;
578
579 if (!data->iin_ep_present) {
580 dev_dbg(dev, "no interrupt endpoint present\n");
581 return -EFAULT;
582 }
583
584 if (get_user(timeout, arg))
585 return -EFAULT;
586
587 expire = msecs_to_jiffies(timeout);
588
589 mutex_unlock(&data->io_mutex);
590
591 rv = wait_event_interruptible_timeout(
592 data->waitq,
593 atomic_read(&file_data->srq_asserted) != 0 ||
594 atomic_read(&file_data->closing),
595 expire);
596
597 mutex_lock(&data->io_mutex);
598
599 /* Note! disconnect or close could be called in the meantime */
600 if (atomic_read(&file_data->closing) || data->zombie)
601 rv = -ENODEV;
602
603 if (rv < 0) {
604 /* dev can be invalid now! */
605 pr_debug("%s - wait interrupted %d\n", __func__, rv);
606 return rv;
607 }
608
609 if (rv == 0) {
610 dev_dbg(dev, "%s - wait timed out\n", __func__);
611 return -ETIMEDOUT;
612 }
613
614 dev_dbg(dev, "%s - srq asserted\n", __func__);
615 return 0;
616 }
617
usbtmc488_ioctl_simple(struct usbtmc_device_data * data,void __user * arg,unsigned int cmd)618 static int usbtmc488_ioctl_simple(struct usbtmc_device_data *data,
619 void __user *arg, unsigned int cmd)
620 {
621 struct device *dev = &data->intf->dev;
622 __u8 val;
623 u8 *buffer;
624 u16 wValue;
625 int rv;
626
627 if (!(data->usb488_caps & USBTMC488_CAPABILITY_SIMPLE))
628 return -EINVAL;
629
630 buffer = kmalloc(8, GFP_KERNEL);
631 if (!buffer)
632 return -ENOMEM;
633
634 if (cmd == USBTMC488_REQUEST_REN_CONTROL) {
635 rv = copy_from_user(&val, arg, sizeof(val));
636 if (rv) {
637 rv = -EFAULT;
638 goto exit;
639 }
640 wValue = val ? 1 : 0;
641 } else {
642 wValue = 0;
643 }
644
645 rv = usb_control_msg(data->usb_dev,
646 usb_rcvctrlpipe(data->usb_dev, 0),
647 cmd,
648 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
649 wValue,
650 data->ifnum,
651 buffer, 0x01, USB_CTRL_GET_TIMEOUT);
652 if (rv < 0) {
653 dev_err(dev, "simple usb_control_msg failed %d\n", rv);
654 goto exit;
655 } else if (rv != 1) {
656 dev_warn(dev, "simple usb_control_msg returned %d\n", rv);
657 rv = -EIO;
658 goto exit;
659 }
660
661 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
662 dev_err(dev, "simple control status returned %x\n", buffer[0]);
663 rv = -EIO;
664 goto exit;
665 }
666 rv = 0;
667
668 exit:
669 kfree(buffer);
670 return rv;
671 }
672
673 /*
674 * Sends a TRIGGER Bulk-OUT command message
675 * See the USBTMC-USB488 specification, Table 2.
676 *
677 * Also updates bTag_last_write.
678 */
usbtmc488_ioctl_trigger(struct usbtmc_file_data * file_data)679 static int usbtmc488_ioctl_trigger(struct usbtmc_file_data *file_data)
680 {
681 struct usbtmc_device_data *data = file_data->data;
682 int retval;
683 u8 *buffer;
684 int actual;
685
686 buffer = kzalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
687 if (!buffer)
688 return -ENOMEM;
689
690 buffer[0] = 128;
691 buffer[1] = data->bTag;
692 buffer[2] = ~data->bTag;
693
694 retval = usb_bulk_msg(data->usb_dev,
695 usb_sndbulkpipe(data->usb_dev,
696 data->bulk_out),
697 buffer, USBTMC_HEADER_SIZE,
698 &actual, file_data->timeout);
699
700 /* Store bTag (in case we need to abort) */
701 data->bTag_last_write = data->bTag;
702
703 /* Increment bTag -- and increment again if zero */
704 data->bTag++;
705 if (!data->bTag)
706 data->bTag++;
707
708 kfree(buffer);
709 if (retval < 0) {
710 dev_err(&data->intf->dev, "%s returned %d\n",
711 __func__, retval);
712 return retval;
713 }
714
715 return 0;
716 }
717
usbtmc_create_urb(void)718 static struct urb *usbtmc_create_urb(void)
719 {
720 const size_t bufsize = USBTMC_BUFSIZE;
721 u8 *dmabuf = NULL;
722 struct urb *urb = usb_alloc_urb(0, GFP_KERNEL);
723
724 if (!urb)
725 return NULL;
726
727 dmabuf = kmalloc(bufsize, GFP_KERNEL);
728 if (!dmabuf) {
729 usb_free_urb(urb);
730 return NULL;
731 }
732
733 urb->transfer_buffer = dmabuf;
734 urb->transfer_buffer_length = bufsize;
735 urb->transfer_flags |= URB_FREE_BUFFER;
736 return urb;
737 }
738
usbtmc_read_bulk_cb(struct urb * urb)739 static void usbtmc_read_bulk_cb(struct urb *urb)
740 {
741 struct usbtmc_file_data *file_data = urb->context;
742 int status = urb->status;
743 unsigned long flags;
744
745 /* sync/async unlink faults aren't errors */
746 if (status) {
747 if (!(/* status == -ENOENT || */
748 status == -ECONNRESET ||
749 status == -EREMOTEIO || /* Short packet */
750 status == -ESHUTDOWN))
751 dev_err(&file_data->data->intf->dev,
752 "%s - nonzero read bulk status received: %d\n",
753 __func__, status);
754
755 spin_lock_irqsave(&file_data->err_lock, flags);
756 if (!file_data->in_status)
757 file_data->in_status = status;
758 spin_unlock_irqrestore(&file_data->err_lock, flags);
759 }
760
761 spin_lock_irqsave(&file_data->err_lock, flags);
762 file_data->in_transfer_size += urb->actual_length;
763 dev_dbg(&file_data->data->intf->dev,
764 "%s - total size: %u current: %d status: %d\n",
765 __func__, file_data->in_transfer_size,
766 urb->actual_length, status);
767 spin_unlock_irqrestore(&file_data->err_lock, flags);
768 usb_anchor_urb(urb, &file_data->in_anchor);
769
770 wake_up_interruptible(&file_data->wait_bulk_in);
771 wake_up_interruptible(&file_data->data->waitq);
772 }
773
usbtmc_do_transfer(struct usbtmc_file_data * file_data)774 static inline bool usbtmc_do_transfer(struct usbtmc_file_data *file_data)
775 {
776 bool data_or_error;
777
778 spin_lock_irq(&file_data->err_lock);
779 data_or_error = !usb_anchor_empty(&file_data->in_anchor)
780 || file_data->in_status;
781 spin_unlock_irq(&file_data->err_lock);
782 dev_dbg(&file_data->data->intf->dev, "%s: returns %d\n", __func__,
783 data_or_error);
784 return data_or_error;
785 }
786
usbtmc_generic_read(struct usbtmc_file_data * file_data,void __user * user_buffer,u32 transfer_size,u32 * transferred,u32 flags)787 static ssize_t usbtmc_generic_read(struct usbtmc_file_data *file_data,
788 void __user *user_buffer,
789 u32 transfer_size,
790 u32 *transferred,
791 u32 flags)
792 {
793 struct usbtmc_device_data *data = file_data->data;
794 struct device *dev = &data->intf->dev;
795 u32 done = 0;
796 u32 remaining;
797 const u32 bufsize = USBTMC_BUFSIZE;
798 int retval = 0;
799 u32 max_transfer_size;
800 unsigned long expire;
801 int bufcount = 1;
802 int again = 0;
803
804 /* mutex already locked */
805
806 *transferred = done;
807
808 max_transfer_size = transfer_size;
809
810 if (flags & USBTMC_FLAG_IGNORE_TRAILER) {
811 /* The device may send extra alignment bytes (up to
812 * wMaxPacketSize – 1) to avoid sending a zero-length
813 * packet
814 */
815 remaining = transfer_size;
816 if ((max_transfer_size % data->wMaxPacketSize) == 0)
817 max_transfer_size += (data->wMaxPacketSize - 1);
818 } else {
819 /* round down to bufsize to avoid truncated data left */
820 if (max_transfer_size > bufsize) {
821 max_transfer_size =
822 roundup(max_transfer_size + 1 - bufsize,
823 bufsize);
824 }
825 remaining = max_transfer_size;
826 }
827
828 spin_lock_irq(&file_data->err_lock);
829
830 if (file_data->in_status) {
831 /* return the very first error */
832 retval = file_data->in_status;
833 spin_unlock_irq(&file_data->err_lock);
834 goto error;
835 }
836
837 if (flags & USBTMC_FLAG_ASYNC) {
838 if (usb_anchor_empty(&file_data->in_anchor))
839 again = 1;
840
841 if (file_data->in_urbs_used == 0) {
842 file_data->in_transfer_size = 0;
843 file_data->in_status = 0;
844 }
845 } else {
846 file_data->in_transfer_size = 0;
847 file_data->in_status = 0;
848 }
849
850 if (max_transfer_size == 0) {
851 bufcount = 0;
852 } else {
853 bufcount = roundup(max_transfer_size, bufsize) / bufsize;
854 if (bufcount > file_data->in_urbs_used)
855 bufcount -= file_data->in_urbs_used;
856 else
857 bufcount = 0;
858
859 if (bufcount + file_data->in_urbs_used > MAX_URBS_IN_FLIGHT) {
860 bufcount = MAX_URBS_IN_FLIGHT -
861 file_data->in_urbs_used;
862 }
863 }
864 spin_unlock_irq(&file_data->err_lock);
865
866 dev_dbg(dev, "%s: requested=%u flags=0x%X size=%u bufs=%d used=%d\n",
867 __func__, transfer_size, flags,
868 max_transfer_size, bufcount, file_data->in_urbs_used);
869
870 while (bufcount > 0) {
871 u8 *dmabuf = NULL;
872 struct urb *urb = usbtmc_create_urb();
873
874 if (!urb) {
875 retval = -ENOMEM;
876 goto error;
877 }
878
879 dmabuf = urb->transfer_buffer;
880
881 usb_fill_bulk_urb(urb, data->usb_dev,
882 usb_rcvbulkpipe(data->usb_dev, data->bulk_in),
883 dmabuf, bufsize,
884 usbtmc_read_bulk_cb, file_data);
885
886 usb_anchor_urb(urb, &file_data->submitted);
887 retval = usb_submit_urb(urb, GFP_KERNEL);
888 /* urb is anchored. We can release our reference. */
889 usb_free_urb(urb);
890 if (unlikely(retval)) {
891 usb_unanchor_urb(urb);
892 goto error;
893 }
894 file_data->in_urbs_used++;
895 bufcount--;
896 }
897
898 if (again) {
899 dev_dbg(dev, "%s: ret=again\n", __func__);
900 return -EAGAIN;
901 }
902
903 if (user_buffer == NULL)
904 return -EINVAL;
905
906 expire = msecs_to_jiffies(file_data->timeout);
907
908 while (max_transfer_size > 0) {
909 u32 this_part;
910 struct urb *urb = NULL;
911
912 if (!(flags & USBTMC_FLAG_ASYNC)) {
913 dev_dbg(dev, "%s: before wait time %lu\n",
914 __func__, expire);
915 retval = wait_event_interruptible_timeout(
916 file_data->wait_bulk_in,
917 usbtmc_do_transfer(file_data),
918 expire);
919
920 dev_dbg(dev, "%s: wait returned %d\n",
921 __func__, retval);
922
923 if (retval <= 0) {
924 if (retval == 0)
925 retval = -ETIMEDOUT;
926 goto error;
927 }
928 }
929
930 urb = usb_get_from_anchor(&file_data->in_anchor);
931 if (!urb) {
932 if (!(flags & USBTMC_FLAG_ASYNC)) {
933 /* synchronous case: must not happen */
934 retval = -EFAULT;
935 goto error;
936 }
937
938 /* asynchronous case: ready, do not block or wait */
939 *transferred = done;
940 dev_dbg(dev, "%s: (async) done=%u ret=0\n",
941 __func__, done);
942 return 0;
943 }
944
945 file_data->in_urbs_used--;
946
947 if (max_transfer_size > urb->actual_length)
948 max_transfer_size -= urb->actual_length;
949 else
950 max_transfer_size = 0;
951
952 if (remaining > urb->actual_length)
953 this_part = urb->actual_length;
954 else
955 this_part = remaining;
956
957 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1,
958 urb->transfer_buffer, urb->actual_length, true);
959
960 if (copy_to_user(user_buffer + done,
961 urb->transfer_buffer, this_part)) {
962 usb_free_urb(urb);
963 retval = -EFAULT;
964 goto error;
965 }
966
967 remaining -= this_part;
968 done += this_part;
969
970 spin_lock_irq(&file_data->err_lock);
971 if (urb->status) {
972 /* return the very first error */
973 retval = file_data->in_status;
974 spin_unlock_irq(&file_data->err_lock);
975 usb_free_urb(urb);
976 goto error;
977 }
978 spin_unlock_irq(&file_data->err_lock);
979
980 if (urb->actual_length < bufsize) {
981 /* short packet or ZLP received => ready */
982 usb_free_urb(urb);
983 retval = 1;
984 break;
985 }
986
987 if (!(flags & USBTMC_FLAG_ASYNC) &&
988 max_transfer_size > (bufsize * file_data->in_urbs_used)) {
989 /* resubmit, since other buffers still not enough */
990 usb_anchor_urb(urb, &file_data->submitted);
991 retval = usb_submit_urb(urb, GFP_KERNEL);
992 if (unlikely(retval)) {
993 usb_unanchor_urb(urb);
994 usb_free_urb(urb);
995 goto error;
996 }
997 file_data->in_urbs_used++;
998 }
999 usb_free_urb(urb);
1000 retval = 0;
1001 }
1002
1003 error:
1004 *transferred = done;
1005
1006 dev_dbg(dev, "%s: before kill\n", __func__);
1007 /* Attention: killing urbs can take long time (2 ms) */
1008 usb_kill_anchored_urbs(&file_data->submitted);
1009 dev_dbg(dev, "%s: after kill\n", __func__);
1010 usb_scuttle_anchored_urbs(&file_data->in_anchor);
1011 file_data->in_urbs_used = 0;
1012 file_data->in_status = 0; /* no spinlock needed here */
1013 dev_dbg(dev, "%s: done=%u ret=%d\n", __func__, done, retval);
1014
1015 return retval;
1016 }
1017
usbtmc_ioctl_generic_read(struct usbtmc_file_data * file_data,void __user * arg)1018 static ssize_t usbtmc_ioctl_generic_read(struct usbtmc_file_data *file_data,
1019 void __user *arg)
1020 {
1021 struct usbtmc_message msg;
1022 ssize_t retval = 0;
1023
1024 /* mutex already locked */
1025
1026 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message)))
1027 return -EFAULT;
1028
1029 retval = usbtmc_generic_read(file_data, msg.message,
1030 msg.transfer_size, &msg.transferred,
1031 msg.flags);
1032
1033 if (put_user(msg.transferred,
1034 &((struct usbtmc_message __user *)arg)->transferred))
1035 return -EFAULT;
1036
1037 return retval;
1038 }
1039
usbtmc_write_bulk_cb(struct urb * urb)1040 static void usbtmc_write_bulk_cb(struct urb *urb)
1041 {
1042 struct usbtmc_file_data *file_data = urb->context;
1043 int wakeup = 0;
1044 unsigned long flags;
1045
1046 spin_lock_irqsave(&file_data->err_lock, flags);
1047 file_data->out_transfer_size += urb->actual_length;
1048
1049 /* sync/async unlink faults aren't errors */
1050 if (urb->status) {
1051 if (!(urb->status == -ENOENT ||
1052 urb->status == -ECONNRESET ||
1053 urb->status == -ESHUTDOWN))
1054 dev_err(&file_data->data->intf->dev,
1055 "%s - nonzero write bulk status received: %d\n",
1056 __func__, urb->status);
1057
1058 if (!file_data->out_status) {
1059 file_data->out_status = urb->status;
1060 wakeup = 1;
1061 }
1062 }
1063 spin_unlock_irqrestore(&file_data->err_lock, flags);
1064
1065 dev_dbg(&file_data->data->intf->dev,
1066 "%s - write bulk total size: %u\n",
1067 __func__, file_data->out_transfer_size);
1068
1069 up(&file_data->limit_write_sem);
1070 if (usb_anchor_empty(&file_data->submitted) || wakeup)
1071 wake_up_interruptible(&file_data->data->waitq);
1072 }
1073
usbtmc_generic_write(struct usbtmc_file_data * file_data,const void __user * user_buffer,u32 transfer_size,u32 * transferred,u32 flags)1074 static ssize_t usbtmc_generic_write(struct usbtmc_file_data *file_data,
1075 const void __user *user_buffer,
1076 u32 transfer_size,
1077 u32 *transferred,
1078 u32 flags)
1079 {
1080 struct usbtmc_device_data *data = file_data->data;
1081 struct device *dev;
1082 u32 done = 0;
1083 u32 remaining;
1084 unsigned long expire;
1085 const u32 bufsize = USBTMC_BUFSIZE;
1086 struct urb *urb = NULL;
1087 int retval = 0;
1088 u32 timeout;
1089
1090 *transferred = 0;
1091
1092 /* Get pointer to private data structure */
1093 dev = &data->intf->dev;
1094
1095 dev_dbg(dev, "%s: size=%u flags=0x%X sema=%u\n",
1096 __func__, transfer_size, flags,
1097 file_data->limit_write_sem.count);
1098
1099 if (flags & USBTMC_FLAG_APPEND) {
1100 spin_lock_irq(&file_data->err_lock);
1101 retval = file_data->out_status;
1102 spin_unlock_irq(&file_data->err_lock);
1103 if (retval < 0)
1104 return retval;
1105 } else {
1106 spin_lock_irq(&file_data->err_lock);
1107 file_data->out_transfer_size = 0;
1108 file_data->out_status = 0;
1109 spin_unlock_irq(&file_data->err_lock);
1110 }
1111
1112 remaining = transfer_size;
1113 if (remaining > INT_MAX)
1114 remaining = INT_MAX;
1115
1116 timeout = file_data->timeout;
1117 expire = msecs_to_jiffies(timeout);
1118
1119 while (remaining > 0) {
1120 u32 this_part, aligned;
1121 u8 *buffer = NULL;
1122
1123 if (flags & USBTMC_FLAG_ASYNC) {
1124 if (down_trylock(&file_data->limit_write_sem)) {
1125 retval = (done)?(0):(-EAGAIN);
1126 goto exit;
1127 }
1128 } else {
1129 retval = down_timeout(&file_data->limit_write_sem,
1130 expire);
1131 if (retval < 0) {
1132 retval = -ETIMEDOUT;
1133 goto error;
1134 }
1135 }
1136
1137 spin_lock_irq(&file_data->err_lock);
1138 retval = file_data->out_status;
1139 spin_unlock_irq(&file_data->err_lock);
1140 if (retval < 0) {
1141 up(&file_data->limit_write_sem);
1142 goto error;
1143 }
1144
1145 /* prepare next urb to send */
1146 urb = usbtmc_create_urb();
1147 if (!urb) {
1148 retval = -ENOMEM;
1149 up(&file_data->limit_write_sem);
1150 goto error;
1151 }
1152 buffer = urb->transfer_buffer;
1153
1154 if (remaining > bufsize)
1155 this_part = bufsize;
1156 else
1157 this_part = remaining;
1158
1159 if (copy_from_user(buffer, user_buffer + done, this_part)) {
1160 retval = -EFAULT;
1161 up(&file_data->limit_write_sem);
1162 goto error;
1163 }
1164
1165 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1166 16, 1, buffer, this_part, true);
1167
1168 /* fill bulk with 32 bit alignment to meet USBTMC specification
1169 * (size + 3 & ~3) rounds up and simplifies user code
1170 */
1171 aligned = (this_part + 3) & ~3;
1172 dev_dbg(dev, "write(size:%u align:%u done:%u)\n",
1173 (unsigned int)this_part,
1174 (unsigned int)aligned,
1175 (unsigned int)done);
1176
1177 usb_fill_bulk_urb(urb, data->usb_dev,
1178 usb_sndbulkpipe(data->usb_dev, data->bulk_out),
1179 urb->transfer_buffer, aligned,
1180 usbtmc_write_bulk_cb, file_data);
1181
1182 usb_anchor_urb(urb, &file_data->submitted);
1183 retval = usb_submit_urb(urb, GFP_KERNEL);
1184 if (unlikely(retval)) {
1185 usb_unanchor_urb(urb);
1186 up(&file_data->limit_write_sem);
1187 goto error;
1188 }
1189
1190 usb_free_urb(urb);
1191 urb = NULL; /* urb will be finally released by usb driver */
1192
1193 remaining -= this_part;
1194 done += this_part;
1195 }
1196
1197 /* All urbs are on the fly */
1198 if (!(flags & USBTMC_FLAG_ASYNC)) {
1199 if (!usb_wait_anchor_empty_timeout(&file_data->submitted,
1200 timeout)) {
1201 retval = -ETIMEDOUT;
1202 goto error;
1203 }
1204 }
1205
1206 retval = 0;
1207 goto exit;
1208
1209 error:
1210 usb_kill_anchored_urbs(&file_data->submitted);
1211 exit:
1212 usb_free_urb(urb);
1213
1214 spin_lock_irq(&file_data->err_lock);
1215 if (!(flags & USBTMC_FLAG_ASYNC))
1216 done = file_data->out_transfer_size;
1217 if (!retval && file_data->out_status)
1218 retval = file_data->out_status;
1219 spin_unlock_irq(&file_data->err_lock);
1220
1221 *transferred = done;
1222
1223 dev_dbg(dev, "%s: done=%u, retval=%d, urbstat=%d\n",
1224 __func__, done, retval, file_data->out_status);
1225
1226 return retval;
1227 }
1228
usbtmc_ioctl_generic_write(struct usbtmc_file_data * file_data,void __user * arg)1229 static ssize_t usbtmc_ioctl_generic_write(struct usbtmc_file_data *file_data,
1230 void __user *arg)
1231 {
1232 struct usbtmc_message msg;
1233 ssize_t retval = 0;
1234
1235 /* mutex already locked */
1236
1237 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message)))
1238 return -EFAULT;
1239
1240 retval = usbtmc_generic_write(file_data, msg.message,
1241 msg.transfer_size, &msg.transferred,
1242 msg.flags);
1243
1244 if (put_user(msg.transferred,
1245 &((struct usbtmc_message __user *)arg)->transferred))
1246 return -EFAULT;
1247
1248 return retval;
1249 }
1250
1251 /*
1252 * Get the generic write result
1253 */
usbtmc_ioctl_write_result(struct usbtmc_file_data * file_data,void __user * arg)1254 static ssize_t usbtmc_ioctl_write_result(struct usbtmc_file_data *file_data,
1255 void __user *arg)
1256 {
1257 u32 transferred;
1258 int retval;
1259
1260 spin_lock_irq(&file_data->err_lock);
1261 transferred = file_data->out_transfer_size;
1262 retval = file_data->out_status;
1263 spin_unlock_irq(&file_data->err_lock);
1264
1265 if (put_user(transferred, (__u32 __user *)arg))
1266 return -EFAULT;
1267
1268 return retval;
1269 }
1270
1271 /*
1272 * Sends a REQUEST_DEV_DEP_MSG_IN message on the Bulk-OUT endpoint.
1273 * @transfer_size: number of bytes to request from the device.
1274 *
1275 * See the USBTMC specification, Table 4.
1276 *
1277 * Also updates bTag_last_write.
1278 */
send_request_dev_dep_msg_in(struct usbtmc_file_data * file_data,u32 transfer_size)1279 static int send_request_dev_dep_msg_in(struct usbtmc_file_data *file_data,
1280 u32 transfer_size)
1281 {
1282 struct usbtmc_device_data *data = file_data->data;
1283 int retval;
1284 u8 *buffer;
1285 int actual;
1286
1287 buffer = kmalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
1288 if (!buffer)
1289 return -ENOMEM;
1290 /* Setup IO buffer for REQUEST_DEV_DEP_MSG_IN message
1291 * Refer to class specs for details
1292 */
1293 buffer[0] = 2;
1294 buffer[1] = data->bTag;
1295 buffer[2] = ~data->bTag;
1296 buffer[3] = 0; /* Reserved */
1297 buffer[4] = transfer_size >> 0;
1298 buffer[5] = transfer_size >> 8;
1299 buffer[6] = transfer_size >> 16;
1300 buffer[7] = transfer_size >> 24;
1301 buffer[8] = file_data->term_char_enabled * 2;
1302 /* Use term character? */
1303 buffer[9] = file_data->term_char;
1304 buffer[10] = 0; /* Reserved */
1305 buffer[11] = 0; /* Reserved */
1306
1307 /* Send bulk URB */
1308 retval = usb_bulk_msg(data->usb_dev,
1309 usb_sndbulkpipe(data->usb_dev,
1310 data->bulk_out),
1311 buffer, USBTMC_HEADER_SIZE,
1312 &actual, file_data->timeout);
1313
1314 /* Store bTag (in case we need to abort) */
1315 data->bTag_last_write = data->bTag;
1316
1317 /* Increment bTag -- and increment again if zero */
1318 data->bTag++;
1319 if (!data->bTag)
1320 data->bTag++;
1321
1322 kfree(buffer);
1323 if (retval < 0)
1324 dev_err(&data->intf->dev, "%s returned %d\n",
1325 __func__, retval);
1326
1327 return retval;
1328 }
1329
usbtmc_read(struct file * filp,char __user * buf,size_t count,loff_t * f_pos)1330 static ssize_t usbtmc_read(struct file *filp, char __user *buf,
1331 size_t count, loff_t *f_pos)
1332 {
1333 struct usbtmc_file_data *file_data;
1334 struct usbtmc_device_data *data;
1335 struct device *dev;
1336 const u32 bufsize = USBTMC_BUFSIZE;
1337 u32 n_characters;
1338 u8 *buffer;
1339 int actual;
1340 u32 done = 0;
1341 u32 remaining;
1342 int retval;
1343
1344 /* Get pointer to private data structure */
1345 file_data = filp->private_data;
1346 data = file_data->data;
1347 dev = &data->intf->dev;
1348
1349 buffer = kmalloc(bufsize, GFP_KERNEL);
1350 if (!buffer)
1351 return -ENOMEM;
1352
1353 mutex_lock(&data->io_mutex);
1354 if (data->zombie) {
1355 retval = -ENODEV;
1356 goto exit;
1357 }
1358
1359 if (count > INT_MAX)
1360 count = INT_MAX;
1361
1362 dev_dbg(dev, "%s(count:%zu)\n", __func__, count);
1363
1364 retval = send_request_dev_dep_msg_in(file_data, count);
1365
1366 if (retval < 0) {
1367 if (file_data->auto_abort)
1368 usbtmc_ioctl_abort_bulk_out(data);
1369 goto exit;
1370 }
1371
1372 /* Loop until we have fetched everything we requested */
1373 remaining = count;
1374 actual = 0;
1375
1376 /* Send bulk URB */
1377 retval = usb_bulk_msg(data->usb_dev,
1378 usb_rcvbulkpipe(data->usb_dev,
1379 data->bulk_in),
1380 buffer, bufsize, &actual,
1381 file_data->timeout);
1382
1383 dev_dbg(dev, "%s: bulk_msg retval(%u), actual(%d)\n",
1384 __func__, retval, actual);
1385
1386 /* Store bTag (in case we need to abort) */
1387 data->bTag_last_read = data->bTag;
1388
1389 if (retval < 0) {
1390 if (file_data->auto_abort)
1391 usbtmc_ioctl_abort_bulk_in(data);
1392 goto exit;
1393 }
1394
1395 /* Sanity checks for the header */
1396 if (actual < USBTMC_HEADER_SIZE) {
1397 dev_err(dev, "Device sent too small first packet: %u < %u\n",
1398 actual, USBTMC_HEADER_SIZE);
1399 if (file_data->auto_abort)
1400 usbtmc_ioctl_abort_bulk_in(data);
1401 goto exit;
1402 }
1403
1404 if (buffer[0] != 2) {
1405 dev_err(dev, "Device sent reply with wrong MsgID: %u != 2\n",
1406 buffer[0]);
1407 if (file_data->auto_abort)
1408 usbtmc_ioctl_abort_bulk_in(data);
1409 goto exit;
1410 }
1411
1412 if (buffer[1] != data->bTag_last_write) {
1413 dev_err(dev, "Device sent reply with wrong bTag: %u != %u\n",
1414 buffer[1], data->bTag_last_write);
1415 if (file_data->auto_abort)
1416 usbtmc_ioctl_abort_bulk_in(data);
1417 goto exit;
1418 }
1419
1420 /* How many characters did the instrument send? */
1421 n_characters = buffer[4] +
1422 (buffer[5] << 8) +
1423 (buffer[6] << 16) +
1424 (buffer[7] << 24);
1425
1426 file_data->bmTransferAttributes = buffer[8];
1427
1428 dev_dbg(dev, "Bulk-IN header: N_characters(%u), bTransAttr(%u)\n",
1429 n_characters, buffer[8]);
1430
1431 if (n_characters > remaining) {
1432 dev_err(dev, "Device wants to return more data than requested: %u > %zu\n",
1433 n_characters, count);
1434 if (file_data->auto_abort)
1435 usbtmc_ioctl_abort_bulk_in(data);
1436 goto exit;
1437 }
1438
1439 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1440 16, 1, buffer, actual, true);
1441
1442 remaining = n_characters;
1443
1444 /* Remove the USBTMC header */
1445 actual -= USBTMC_HEADER_SIZE;
1446
1447 /* Remove padding if it exists */
1448 if (actual > remaining)
1449 actual = remaining;
1450
1451 remaining -= actual;
1452
1453 /* Copy buffer to user space */
1454 if (copy_to_user(buf, &buffer[USBTMC_HEADER_SIZE], actual)) {
1455 /* There must have been an addressing problem */
1456 retval = -EFAULT;
1457 goto exit;
1458 }
1459
1460 if ((actual + USBTMC_HEADER_SIZE) == bufsize) {
1461 retval = usbtmc_generic_read(file_data, buf + actual,
1462 remaining,
1463 &done,
1464 USBTMC_FLAG_IGNORE_TRAILER);
1465 if (retval < 0)
1466 goto exit;
1467 }
1468 done += actual;
1469
1470 /* Update file position value */
1471 *f_pos = *f_pos + done;
1472 retval = done;
1473
1474 exit:
1475 mutex_unlock(&data->io_mutex);
1476 kfree(buffer);
1477 return retval;
1478 }
1479
usbtmc_write(struct file * filp,const char __user * buf,size_t count,loff_t * f_pos)1480 static ssize_t usbtmc_write(struct file *filp, const char __user *buf,
1481 size_t count, loff_t *f_pos)
1482 {
1483 struct usbtmc_file_data *file_data;
1484 struct usbtmc_device_data *data;
1485 struct urb *urb = NULL;
1486 ssize_t retval = 0;
1487 u8 *buffer;
1488 u32 remaining, done;
1489 u32 transfersize, aligned, buflen;
1490
1491 file_data = filp->private_data;
1492 data = file_data->data;
1493
1494 mutex_lock(&data->io_mutex);
1495
1496 if (data->zombie) {
1497 retval = -ENODEV;
1498 goto exit;
1499 }
1500
1501 done = 0;
1502
1503 spin_lock_irq(&file_data->err_lock);
1504 file_data->out_transfer_size = 0;
1505 file_data->out_status = 0;
1506 spin_unlock_irq(&file_data->err_lock);
1507
1508 if (!count)
1509 goto exit;
1510
1511 if (down_trylock(&file_data->limit_write_sem)) {
1512 /* previous calls were async */
1513 retval = -EBUSY;
1514 goto exit;
1515 }
1516
1517 urb = usbtmc_create_urb();
1518 if (!urb) {
1519 retval = -ENOMEM;
1520 up(&file_data->limit_write_sem);
1521 goto exit;
1522 }
1523
1524 buffer = urb->transfer_buffer;
1525 buflen = urb->transfer_buffer_length;
1526
1527 if (count > INT_MAX) {
1528 transfersize = INT_MAX;
1529 buffer[8] = 0;
1530 } else {
1531 transfersize = count;
1532 buffer[8] = file_data->eom_val;
1533 }
1534
1535 /* Setup IO buffer for DEV_DEP_MSG_OUT message */
1536 buffer[0] = 1;
1537 buffer[1] = data->bTag;
1538 buffer[2] = ~data->bTag;
1539 buffer[3] = 0; /* Reserved */
1540 buffer[4] = transfersize >> 0;
1541 buffer[5] = transfersize >> 8;
1542 buffer[6] = transfersize >> 16;
1543 buffer[7] = transfersize >> 24;
1544 /* buffer[8] is set above... */
1545 buffer[9] = 0; /* Reserved */
1546 buffer[10] = 0; /* Reserved */
1547 buffer[11] = 0; /* Reserved */
1548
1549 remaining = transfersize;
1550
1551 if (transfersize + USBTMC_HEADER_SIZE > buflen) {
1552 transfersize = buflen - USBTMC_HEADER_SIZE;
1553 aligned = buflen;
1554 } else {
1555 aligned = (transfersize + (USBTMC_HEADER_SIZE + 3)) & ~3;
1556 }
1557
1558 if (copy_from_user(&buffer[USBTMC_HEADER_SIZE], buf, transfersize)) {
1559 retval = -EFAULT;
1560 up(&file_data->limit_write_sem);
1561 goto exit;
1562 }
1563
1564 dev_dbg(&data->intf->dev, "%s(size:%u align:%u)\n", __func__,
1565 (unsigned int)transfersize, (unsigned int)aligned);
1566
1567 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1568 16, 1, buffer, aligned, true);
1569
1570 usb_fill_bulk_urb(urb, data->usb_dev,
1571 usb_sndbulkpipe(data->usb_dev, data->bulk_out),
1572 urb->transfer_buffer, aligned,
1573 usbtmc_write_bulk_cb, file_data);
1574
1575 usb_anchor_urb(urb, &file_data->submitted);
1576 retval = usb_submit_urb(urb, GFP_KERNEL);
1577 if (unlikely(retval)) {
1578 usb_unanchor_urb(urb);
1579 up(&file_data->limit_write_sem);
1580 goto exit;
1581 }
1582
1583 remaining -= transfersize;
1584
1585 data->bTag_last_write = data->bTag;
1586 data->bTag++;
1587
1588 if (!data->bTag)
1589 data->bTag++;
1590
1591 /* call generic_write even when remaining = 0 */
1592 retval = usbtmc_generic_write(file_data, buf + transfersize, remaining,
1593 &done, USBTMC_FLAG_APPEND);
1594 /* truncate alignment bytes */
1595 if (done > remaining)
1596 done = remaining;
1597
1598 /*add size of first urb*/
1599 done += transfersize;
1600
1601 if (retval < 0) {
1602 usb_kill_anchored_urbs(&file_data->submitted);
1603
1604 dev_err(&data->intf->dev,
1605 "Unable to send data, error %d\n", (int)retval);
1606 if (file_data->auto_abort)
1607 usbtmc_ioctl_abort_bulk_out(data);
1608 goto exit;
1609 }
1610
1611 retval = done;
1612 exit:
1613 usb_free_urb(urb);
1614 mutex_unlock(&data->io_mutex);
1615 return retval;
1616 }
1617
usbtmc_ioctl_clear(struct usbtmc_device_data * data)1618 static int usbtmc_ioctl_clear(struct usbtmc_device_data *data)
1619 {
1620 struct device *dev;
1621 u8 *buffer;
1622 int rv;
1623 int n;
1624 int actual = 0;
1625
1626 dev = &data->intf->dev;
1627
1628 dev_dbg(dev, "Sending INITIATE_CLEAR request\n");
1629
1630 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL);
1631 if (!buffer)
1632 return -ENOMEM;
1633
1634 rv = usb_control_msg(data->usb_dev,
1635 usb_rcvctrlpipe(data->usb_dev, 0),
1636 USBTMC_REQUEST_INITIATE_CLEAR,
1637 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1638 0, 0, buffer, 1, USB_CTRL_GET_TIMEOUT);
1639 if (rv < 0) {
1640 dev_err(dev, "usb_control_msg returned %d\n", rv);
1641 goto exit;
1642 }
1643
1644 dev_dbg(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
1645
1646 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1647 dev_err(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
1648 rv = -EPERM;
1649 goto exit;
1650 }
1651
1652 n = 0;
1653
1654 usbtmc_clear_check_status:
1655
1656 dev_dbg(dev, "Sending CHECK_CLEAR_STATUS request\n");
1657
1658 rv = usb_control_msg(data->usb_dev,
1659 usb_rcvctrlpipe(data->usb_dev, 0),
1660 USBTMC_REQUEST_CHECK_CLEAR_STATUS,
1661 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1662 0, 0, buffer, 2, USB_CTRL_GET_TIMEOUT);
1663 if (rv < 0) {
1664 dev_err(dev, "usb_control_msg returned %d\n", rv);
1665 goto exit;
1666 }
1667
1668 dev_dbg(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
1669
1670 if (buffer[0] == USBTMC_STATUS_SUCCESS)
1671 goto usbtmc_clear_bulk_out_halt;
1672
1673 if (buffer[0] != USBTMC_STATUS_PENDING) {
1674 dev_err(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
1675 rv = -EPERM;
1676 goto exit;
1677 }
1678
1679 if ((buffer[1] & 1) != 0) {
1680 do {
1681 dev_dbg(dev, "Reading from bulk in EP\n");
1682
1683 actual = 0;
1684 rv = usb_bulk_msg(data->usb_dev,
1685 usb_rcvbulkpipe(data->usb_dev,
1686 data->bulk_in),
1687 buffer, USBTMC_BUFSIZE,
1688 &actual, USB_CTRL_GET_TIMEOUT);
1689
1690 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1691 16, 1, buffer, actual, true);
1692
1693 n++;
1694
1695 if (rv < 0) {
1696 dev_err(dev, "usb_control_msg returned %d\n",
1697 rv);
1698 goto exit;
1699 }
1700 } while ((actual == USBTMC_BUFSIZE) &&
1701 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
1702 } else {
1703 /* do not stress device with subsequent requests */
1704 msleep(50);
1705 n++;
1706 }
1707
1708 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) {
1709 dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
1710 USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
1711 rv = -EPERM;
1712 goto exit;
1713 }
1714
1715 goto usbtmc_clear_check_status;
1716
1717 usbtmc_clear_bulk_out_halt:
1718
1719 rv = usb_clear_halt(data->usb_dev,
1720 usb_sndbulkpipe(data->usb_dev, data->bulk_out));
1721 if (rv < 0) {
1722 dev_err(dev, "usb_clear_halt returned %d\n", rv);
1723 goto exit;
1724 }
1725 rv = 0;
1726
1727 exit:
1728 kfree(buffer);
1729 return rv;
1730 }
1731
usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data * data)1732 static int usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data *data)
1733 {
1734 int rv;
1735
1736 rv = usb_clear_halt(data->usb_dev,
1737 usb_sndbulkpipe(data->usb_dev, data->bulk_out));
1738
1739 if (rv < 0)
1740 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv);
1741 return rv;
1742 }
1743
usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data * data)1744 static int usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data *data)
1745 {
1746 int rv;
1747
1748 rv = usb_clear_halt(data->usb_dev,
1749 usb_rcvbulkpipe(data->usb_dev, data->bulk_in));
1750
1751 if (rv < 0)
1752 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv);
1753 return rv;
1754 }
1755
usbtmc_ioctl_cancel_io(struct usbtmc_file_data * file_data)1756 static int usbtmc_ioctl_cancel_io(struct usbtmc_file_data *file_data)
1757 {
1758 spin_lock_irq(&file_data->err_lock);
1759 file_data->in_status = -ECANCELED;
1760 file_data->out_status = -ECANCELED;
1761 spin_unlock_irq(&file_data->err_lock);
1762 usb_kill_anchored_urbs(&file_data->submitted);
1763 return 0;
1764 }
1765
usbtmc_ioctl_cleanup_io(struct usbtmc_file_data * file_data)1766 static int usbtmc_ioctl_cleanup_io(struct usbtmc_file_data *file_data)
1767 {
1768 usb_kill_anchored_urbs(&file_data->submitted);
1769 usb_scuttle_anchored_urbs(&file_data->in_anchor);
1770 spin_lock_irq(&file_data->err_lock);
1771 file_data->in_status = 0;
1772 file_data->in_transfer_size = 0;
1773 file_data->out_status = 0;
1774 file_data->out_transfer_size = 0;
1775 spin_unlock_irq(&file_data->err_lock);
1776
1777 file_data->in_urbs_used = 0;
1778 return 0;
1779 }
1780
get_capabilities(struct usbtmc_device_data * data)1781 static int get_capabilities(struct usbtmc_device_data *data)
1782 {
1783 struct device *dev = &data->usb_dev->dev;
1784 char *buffer;
1785 int rv = 0;
1786
1787 buffer = kmalloc(0x18, GFP_KERNEL);
1788 if (!buffer)
1789 return -ENOMEM;
1790
1791 rv = usb_control_msg(data->usb_dev, usb_rcvctrlpipe(data->usb_dev, 0),
1792 USBTMC_REQUEST_GET_CAPABILITIES,
1793 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1794 0, 0, buffer, 0x18, USB_CTRL_GET_TIMEOUT);
1795 if (rv < 0) {
1796 dev_err(dev, "usb_control_msg returned %d\n", rv);
1797 goto err_out;
1798 }
1799
1800 dev_dbg(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
1801 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1802 dev_err(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
1803 rv = -EPERM;
1804 goto err_out;
1805 }
1806 dev_dbg(dev, "Interface capabilities are %x\n", buffer[4]);
1807 dev_dbg(dev, "Device capabilities are %x\n", buffer[5]);
1808 dev_dbg(dev, "USB488 interface capabilities are %x\n", buffer[14]);
1809 dev_dbg(dev, "USB488 device capabilities are %x\n", buffer[15]);
1810
1811 data->capabilities.interface_capabilities = buffer[4];
1812 data->capabilities.device_capabilities = buffer[5];
1813 data->capabilities.usb488_interface_capabilities = buffer[14];
1814 data->capabilities.usb488_device_capabilities = buffer[15];
1815 data->usb488_caps = (buffer[14] & 0x07) | ((buffer[15] & 0x0f) << 4);
1816 rv = 0;
1817
1818 err_out:
1819 kfree(buffer);
1820 return rv;
1821 }
1822
1823 #define capability_attribute(name) \
1824 static ssize_t name##_show(struct device *dev, \
1825 struct device_attribute *attr, char *buf) \
1826 { \
1827 struct usb_interface *intf = to_usb_interface(dev); \
1828 struct usbtmc_device_data *data = usb_get_intfdata(intf); \
1829 \
1830 return sprintf(buf, "%d\n", data->capabilities.name); \
1831 } \
1832 static DEVICE_ATTR_RO(name)
1833
1834 capability_attribute(interface_capabilities);
1835 capability_attribute(device_capabilities);
1836 capability_attribute(usb488_interface_capabilities);
1837 capability_attribute(usb488_device_capabilities);
1838
1839 static struct attribute *usbtmc_attrs[] = {
1840 &dev_attr_interface_capabilities.attr,
1841 &dev_attr_device_capabilities.attr,
1842 &dev_attr_usb488_interface_capabilities.attr,
1843 &dev_attr_usb488_device_capabilities.attr,
1844 NULL,
1845 };
1846 ATTRIBUTE_GROUPS(usbtmc);
1847
usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data * data)1848 static int usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data *data)
1849 {
1850 struct device *dev;
1851 u8 *buffer;
1852 int rv;
1853
1854 dev = &data->intf->dev;
1855
1856 buffer = kmalloc(2, GFP_KERNEL);
1857 if (!buffer)
1858 return -ENOMEM;
1859
1860 rv = usb_control_msg(data->usb_dev,
1861 usb_rcvctrlpipe(data->usb_dev, 0),
1862 USBTMC_REQUEST_INDICATOR_PULSE,
1863 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1864 0, 0, buffer, 0x01, USB_CTRL_GET_TIMEOUT);
1865
1866 if (rv < 0) {
1867 dev_err(dev, "usb_control_msg returned %d\n", rv);
1868 goto exit;
1869 }
1870
1871 dev_dbg(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1872
1873 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1874 dev_err(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1875 rv = -EPERM;
1876 goto exit;
1877 }
1878 rv = 0;
1879
1880 exit:
1881 kfree(buffer);
1882 return rv;
1883 }
1884
usbtmc_ioctl_request(struct usbtmc_device_data * data,void __user * arg)1885 static int usbtmc_ioctl_request(struct usbtmc_device_data *data,
1886 void __user *arg)
1887 {
1888 struct device *dev = &data->intf->dev;
1889 struct usbtmc_ctrlrequest request;
1890 u8 *buffer = NULL;
1891 int rv;
1892 unsigned long res;
1893
1894 res = copy_from_user(&request, arg, sizeof(struct usbtmc_ctrlrequest));
1895 if (res)
1896 return -EFAULT;
1897
1898 if (request.req.wLength > USBTMC_BUFSIZE)
1899 return -EMSGSIZE;
1900
1901 if (request.req.wLength) {
1902 buffer = kmalloc(request.req.wLength, GFP_KERNEL);
1903 if (!buffer)
1904 return -ENOMEM;
1905
1906 if ((request.req.bRequestType & USB_DIR_IN) == 0) {
1907 /* Send control data to device */
1908 res = copy_from_user(buffer, request.data,
1909 request.req.wLength);
1910 if (res) {
1911 rv = -EFAULT;
1912 goto exit;
1913 }
1914 }
1915 }
1916
1917 rv = usb_control_msg(data->usb_dev,
1918 usb_rcvctrlpipe(data->usb_dev, 0),
1919 request.req.bRequest,
1920 request.req.bRequestType,
1921 request.req.wValue,
1922 request.req.wIndex,
1923 buffer, request.req.wLength, USB_CTRL_GET_TIMEOUT);
1924
1925 if (rv < 0) {
1926 dev_err(dev, "%s failed %d\n", __func__, rv);
1927 goto exit;
1928 }
1929
1930 if (rv && (request.req.bRequestType & USB_DIR_IN)) {
1931 /* Read control data from device */
1932 res = copy_to_user(request.data, buffer, rv);
1933 if (res)
1934 rv = -EFAULT;
1935 }
1936
1937 exit:
1938 kfree(buffer);
1939 return rv;
1940 }
1941
1942 /*
1943 * Get the usb timeout value
1944 */
usbtmc_ioctl_get_timeout(struct usbtmc_file_data * file_data,void __user * arg)1945 static int usbtmc_ioctl_get_timeout(struct usbtmc_file_data *file_data,
1946 void __user *arg)
1947 {
1948 u32 timeout;
1949
1950 timeout = file_data->timeout;
1951
1952 return put_user(timeout, (__u32 __user *)arg);
1953 }
1954
1955 /*
1956 * Set the usb timeout value
1957 */
usbtmc_ioctl_set_timeout(struct usbtmc_file_data * file_data,void __user * arg)1958 static int usbtmc_ioctl_set_timeout(struct usbtmc_file_data *file_data,
1959 void __user *arg)
1960 {
1961 u32 timeout;
1962
1963 if (get_user(timeout, (__u32 __user *)arg))
1964 return -EFAULT;
1965
1966 /* Note that timeout = 0 means
1967 * MAX_SCHEDULE_TIMEOUT in usb_control_msg
1968 */
1969 if (timeout < USBTMC_MIN_TIMEOUT)
1970 return -EINVAL;
1971
1972 file_data->timeout = timeout;
1973
1974 return 0;
1975 }
1976
1977 /*
1978 * enables/disables sending EOM on write
1979 */
usbtmc_ioctl_eom_enable(struct usbtmc_file_data * file_data,void __user * arg)1980 static int usbtmc_ioctl_eom_enable(struct usbtmc_file_data *file_data,
1981 void __user *arg)
1982 {
1983 u8 eom_enable;
1984
1985 if (copy_from_user(&eom_enable, arg, sizeof(eom_enable)))
1986 return -EFAULT;
1987
1988 if (eom_enable > 1)
1989 return -EINVAL;
1990
1991 file_data->eom_val = eom_enable;
1992
1993 return 0;
1994 }
1995
1996 /*
1997 * Configure termination character for read()
1998 */
usbtmc_ioctl_config_termc(struct usbtmc_file_data * file_data,void __user * arg)1999 static int usbtmc_ioctl_config_termc(struct usbtmc_file_data *file_data,
2000 void __user *arg)
2001 {
2002 struct usbtmc_termchar termc;
2003
2004 if (copy_from_user(&termc, arg, sizeof(termc)))
2005 return -EFAULT;
2006
2007 if ((termc.term_char_enabled > 1) ||
2008 (termc.term_char_enabled &&
2009 !(file_data->data->capabilities.device_capabilities & 1)))
2010 return -EINVAL;
2011
2012 file_data->term_char = termc.term_char;
2013 file_data->term_char_enabled = termc.term_char_enabled;
2014
2015 return 0;
2016 }
2017
usbtmc_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2018 static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2019 {
2020 struct usbtmc_file_data *file_data;
2021 struct usbtmc_device_data *data;
2022 int retval = -EBADRQC;
2023 __u8 tmp_byte;
2024
2025 file_data = file->private_data;
2026 data = file_data->data;
2027
2028 mutex_lock(&data->io_mutex);
2029 if (data->zombie) {
2030 retval = -ENODEV;
2031 goto skip_io_on_zombie;
2032 }
2033
2034 switch (cmd) {
2035 case USBTMC_IOCTL_CLEAR_OUT_HALT:
2036 retval = usbtmc_ioctl_clear_out_halt(data);
2037 break;
2038
2039 case USBTMC_IOCTL_CLEAR_IN_HALT:
2040 retval = usbtmc_ioctl_clear_in_halt(data);
2041 break;
2042
2043 case USBTMC_IOCTL_INDICATOR_PULSE:
2044 retval = usbtmc_ioctl_indicator_pulse(data);
2045 break;
2046
2047 case USBTMC_IOCTL_CLEAR:
2048 retval = usbtmc_ioctl_clear(data);
2049 break;
2050
2051 case USBTMC_IOCTL_ABORT_BULK_OUT:
2052 retval = usbtmc_ioctl_abort_bulk_out(data);
2053 break;
2054
2055 case USBTMC_IOCTL_ABORT_BULK_IN:
2056 retval = usbtmc_ioctl_abort_bulk_in(data);
2057 break;
2058
2059 case USBTMC_IOCTL_CTRL_REQUEST:
2060 retval = usbtmc_ioctl_request(data, (void __user *)arg);
2061 break;
2062
2063 case USBTMC_IOCTL_GET_TIMEOUT:
2064 retval = usbtmc_ioctl_get_timeout(file_data,
2065 (void __user *)arg);
2066 break;
2067
2068 case USBTMC_IOCTL_SET_TIMEOUT:
2069 retval = usbtmc_ioctl_set_timeout(file_data,
2070 (void __user *)arg);
2071 break;
2072
2073 case USBTMC_IOCTL_EOM_ENABLE:
2074 retval = usbtmc_ioctl_eom_enable(file_data,
2075 (void __user *)arg);
2076 break;
2077
2078 case USBTMC_IOCTL_CONFIG_TERMCHAR:
2079 retval = usbtmc_ioctl_config_termc(file_data,
2080 (void __user *)arg);
2081 break;
2082
2083 case USBTMC_IOCTL_WRITE:
2084 retval = usbtmc_ioctl_generic_write(file_data,
2085 (void __user *)arg);
2086 break;
2087
2088 case USBTMC_IOCTL_READ:
2089 retval = usbtmc_ioctl_generic_read(file_data,
2090 (void __user *)arg);
2091 break;
2092
2093 case USBTMC_IOCTL_WRITE_RESULT:
2094 retval = usbtmc_ioctl_write_result(file_data,
2095 (void __user *)arg);
2096 break;
2097
2098 case USBTMC_IOCTL_API_VERSION:
2099 retval = put_user(USBTMC_API_VERSION,
2100 (__u32 __user *)arg);
2101 break;
2102
2103 case USBTMC488_IOCTL_GET_CAPS:
2104 retval = put_user(data->usb488_caps,
2105 (unsigned char __user *)arg);
2106 break;
2107
2108 case USBTMC488_IOCTL_READ_STB:
2109 retval = usbtmc488_ioctl_read_stb(file_data,
2110 (void __user *)arg);
2111 break;
2112
2113 case USBTMC488_IOCTL_REN_CONTROL:
2114 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2115 USBTMC488_REQUEST_REN_CONTROL);
2116 break;
2117
2118 case USBTMC488_IOCTL_GOTO_LOCAL:
2119 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2120 USBTMC488_REQUEST_GOTO_LOCAL);
2121 break;
2122
2123 case USBTMC488_IOCTL_LOCAL_LOCKOUT:
2124 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2125 USBTMC488_REQUEST_LOCAL_LOCKOUT);
2126 break;
2127
2128 case USBTMC488_IOCTL_TRIGGER:
2129 retval = usbtmc488_ioctl_trigger(file_data);
2130 break;
2131
2132 case USBTMC488_IOCTL_WAIT_SRQ:
2133 retval = usbtmc488_ioctl_wait_srq(file_data,
2134 (__u32 __user *)arg);
2135 break;
2136
2137 case USBTMC_IOCTL_MSG_IN_ATTR:
2138 retval = put_user(file_data->bmTransferAttributes,
2139 (__u8 __user *)arg);
2140 break;
2141
2142 case USBTMC_IOCTL_AUTO_ABORT:
2143 retval = get_user(tmp_byte, (unsigned char __user *)arg);
2144 if (retval == 0)
2145 file_data->auto_abort = !!tmp_byte;
2146 break;
2147
2148 case USBTMC_IOCTL_CANCEL_IO:
2149 retval = usbtmc_ioctl_cancel_io(file_data);
2150 break;
2151
2152 case USBTMC_IOCTL_CLEANUP_IO:
2153 retval = usbtmc_ioctl_cleanup_io(file_data);
2154 break;
2155 }
2156
2157 skip_io_on_zombie:
2158 mutex_unlock(&data->io_mutex);
2159 return retval;
2160 }
2161
usbtmc_fasync(int fd,struct file * file,int on)2162 static int usbtmc_fasync(int fd, struct file *file, int on)
2163 {
2164 struct usbtmc_file_data *file_data = file->private_data;
2165
2166 return fasync_helper(fd, file, on, &file_data->data->fasync);
2167 }
2168
usbtmc_poll(struct file * file,poll_table * wait)2169 static __poll_t usbtmc_poll(struct file *file, poll_table *wait)
2170 {
2171 struct usbtmc_file_data *file_data = file->private_data;
2172 struct usbtmc_device_data *data = file_data->data;
2173 __poll_t mask;
2174
2175 mutex_lock(&data->io_mutex);
2176
2177 if (data->zombie) {
2178 mask = EPOLLHUP | EPOLLERR;
2179 goto no_poll;
2180 }
2181
2182 poll_wait(file, &data->waitq, wait);
2183
2184 /* Note that EPOLLPRI is now assigned to SRQ, and
2185 * EPOLLIN|EPOLLRDNORM to normal read data.
2186 */
2187 mask = 0;
2188 if (atomic_read(&file_data->srq_asserted))
2189 mask |= EPOLLPRI;
2190
2191 /* Note that the anchor submitted includes all urbs for BULK IN
2192 * and OUT. So EPOLLOUT is signaled when BULK OUT is empty and
2193 * all BULK IN urbs are completed and moved to in_anchor.
2194 */
2195 if (usb_anchor_empty(&file_data->submitted))
2196 mask |= (EPOLLOUT | EPOLLWRNORM);
2197 if (!usb_anchor_empty(&file_data->in_anchor))
2198 mask |= (EPOLLIN | EPOLLRDNORM);
2199
2200 spin_lock_irq(&file_data->err_lock);
2201 if (file_data->in_status || file_data->out_status)
2202 mask |= EPOLLERR;
2203 spin_unlock_irq(&file_data->err_lock);
2204
2205 dev_dbg(&data->intf->dev, "poll mask = %x\n", mask);
2206
2207 no_poll:
2208 mutex_unlock(&data->io_mutex);
2209 return mask;
2210 }
2211
2212 static const struct file_operations fops = {
2213 .owner = THIS_MODULE,
2214 .read = usbtmc_read,
2215 .write = usbtmc_write,
2216 .open = usbtmc_open,
2217 .release = usbtmc_release,
2218 .flush = usbtmc_flush,
2219 .unlocked_ioctl = usbtmc_ioctl,
2220 #ifdef CONFIG_COMPAT
2221 .compat_ioctl = usbtmc_ioctl,
2222 #endif
2223 .fasync = usbtmc_fasync,
2224 .poll = usbtmc_poll,
2225 .llseek = default_llseek,
2226 };
2227
2228 static struct usb_class_driver usbtmc_class = {
2229 .name = "usbtmc%d",
2230 .fops = &fops,
2231 .minor_base = USBTMC_MINOR_BASE,
2232 };
2233
usbtmc_interrupt(struct urb * urb)2234 static void usbtmc_interrupt(struct urb *urb)
2235 {
2236 struct usbtmc_device_data *data = urb->context;
2237 struct device *dev = &data->intf->dev;
2238 int status = urb->status;
2239 int rv;
2240
2241 dev_dbg(&data->intf->dev, "int status: %d len %d\n",
2242 status, urb->actual_length);
2243
2244 switch (status) {
2245 case 0: /* SUCCESS */
2246 /* check for valid STB notification */
2247 if (data->iin_buffer[0] > 0x81) {
2248 data->bNotify1 = data->iin_buffer[0];
2249 data->bNotify2 = data->iin_buffer[1];
2250 atomic_set(&data->iin_data_valid, 1);
2251 wake_up_interruptible(&data->waitq);
2252 goto exit;
2253 }
2254 /* check for SRQ notification */
2255 if (data->iin_buffer[0] == 0x81) {
2256 unsigned long flags;
2257 struct list_head *elem;
2258
2259 if (data->fasync)
2260 kill_fasync(&data->fasync,
2261 SIGIO, POLL_PRI);
2262
2263 spin_lock_irqsave(&data->dev_lock, flags);
2264 list_for_each(elem, &data->file_list) {
2265 struct usbtmc_file_data *file_data;
2266
2267 file_data = list_entry(elem,
2268 struct usbtmc_file_data,
2269 file_elem);
2270 file_data->srq_byte = data->iin_buffer[1];
2271 atomic_set(&file_data->srq_asserted, 1);
2272 }
2273 spin_unlock_irqrestore(&data->dev_lock, flags);
2274
2275 dev_dbg(dev, "srq received bTag %x stb %x\n",
2276 (unsigned int)data->iin_buffer[0],
2277 (unsigned int)data->iin_buffer[1]);
2278 wake_up_interruptible_all(&data->waitq);
2279 goto exit;
2280 }
2281 dev_warn(dev, "invalid notification: %x\n",
2282 data->iin_buffer[0]);
2283 break;
2284 case -EOVERFLOW:
2285 dev_err(dev, "overflow with length %d, actual length is %d\n",
2286 data->iin_wMaxPacketSize, urb->actual_length);
2287 /* fall through */
2288 case -ECONNRESET:
2289 case -ENOENT:
2290 case -ESHUTDOWN:
2291 case -EILSEQ:
2292 case -ETIME:
2293 case -EPIPE:
2294 /* urb terminated, clean up */
2295 dev_dbg(dev, "urb terminated, status: %d\n", status);
2296 return;
2297 default:
2298 dev_err(dev, "unknown status received: %d\n", status);
2299 }
2300 exit:
2301 rv = usb_submit_urb(urb, GFP_ATOMIC);
2302 if (rv)
2303 dev_err(dev, "usb_submit_urb failed: %d\n", rv);
2304 }
2305
usbtmc_free_int(struct usbtmc_device_data * data)2306 static void usbtmc_free_int(struct usbtmc_device_data *data)
2307 {
2308 if (!data->iin_ep_present || !data->iin_urb)
2309 return;
2310 usb_kill_urb(data->iin_urb);
2311 kfree(data->iin_buffer);
2312 data->iin_buffer = NULL;
2313 usb_free_urb(data->iin_urb);
2314 data->iin_urb = NULL;
2315 kref_put(&data->kref, usbtmc_delete);
2316 }
2317
usbtmc_probe(struct usb_interface * intf,const struct usb_device_id * id)2318 static int usbtmc_probe(struct usb_interface *intf,
2319 const struct usb_device_id *id)
2320 {
2321 struct usbtmc_device_data *data;
2322 struct usb_host_interface *iface_desc;
2323 struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in;
2324 int retcode;
2325
2326 dev_dbg(&intf->dev, "%s called\n", __func__);
2327
2328 data = kzalloc(sizeof(*data), GFP_KERNEL);
2329 if (!data)
2330 return -ENOMEM;
2331
2332 data->intf = intf;
2333 data->id = id;
2334 data->usb_dev = usb_get_dev(interface_to_usbdev(intf));
2335 usb_set_intfdata(intf, data);
2336 kref_init(&data->kref);
2337 mutex_init(&data->io_mutex);
2338 init_waitqueue_head(&data->waitq);
2339 atomic_set(&data->iin_data_valid, 0);
2340 INIT_LIST_HEAD(&data->file_list);
2341 spin_lock_init(&data->dev_lock);
2342
2343 data->zombie = 0;
2344
2345 /* Initialize USBTMC bTag and other fields */
2346 data->bTag = 1;
2347 /* 2 <= bTag <= 127 USBTMC-USB488 subclass specification 4.3.1 */
2348 data->iin_bTag = 2;
2349
2350 /* USBTMC devices have only one setting, so use that */
2351 iface_desc = data->intf->cur_altsetting;
2352 data->ifnum = iface_desc->desc.bInterfaceNumber;
2353
2354 /* Find bulk endpoints */
2355 retcode = usb_find_common_endpoints(iface_desc,
2356 &bulk_in, &bulk_out, NULL, NULL);
2357 if (retcode) {
2358 dev_err(&intf->dev, "bulk endpoints not found\n");
2359 goto err_put;
2360 }
2361
2362 retcode = -EINVAL;
2363 data->bulk_in = bulk_in->bEndpointAddress;
2364 data->wMaxPacketSize = usb_endpoint_maxp(bulk_in);
2365 if (!data->wMaxPacketSize)
2366 goto err_put;
2367 dev_dbg(&intf->dev, "Found bulk in endpoint at %u\n", data->bulk_in);
2368
2369 data->bulk_out = bulk_out->bEndpointAddress;
2370 dev_dbg(&intf->dev, "Found Bulk out endpoint at %u\n", data->bulk_out);
2371
2372 /* Find int endpoint */
2373 retcode = usb_find_int_in_endpoint(iface_desc, &int_in);
2374 if (!retcode) {
2375 data->iin_ep_present = 1;
2376 data->iin_ep = int_in->bEndpointAddress;
2377 data->iin_wMaxPacketSize = usb_endpoint_maxp(int_in);
2378 data->iin_interval = int_in->bInterval;
2379 dev_dbg(&intf->dev, "Found Int in endpoint at %u\n",
2380 data->iin_ep);
2381 }
2382
2383 retcode = get_capabilities(data);
2384 if (retcode)
2385 dev_err(&intf->dev, "can't read capabilities\n");
2386
2387 if (data->iin_ep_present) {
2388 /* allocate int urb */
2389 data->iin_urb = usb_alloc_urb(0, GFP_KERNEL);
2390 if (!data->iin_urb) {
2391 retcode = -ENOMEM;
2392 goto error_register;
2393 }
2394
2395 /* Protect interrupt in endpoint data until iin_urb is freed */
2396 kref_get(&data->kref);
2397
2398 /* allocate buffer for interrupt in */
2399 data->iin_buffer = kmalloc(data->iin_wMaxPacketSize,
2400 GFP_KERNEL);
2401 if (!data->iin_buffer) {
2402 retcode = -ENOMEM;
2403 goto error_register;
2404 }
2405
2406 /* fill interrupt urb */
2407 usb_fill_int_urb(data->iin_urb, data->usb_dev,
2408 usb_rcvintpipe(data->usb_dev, data->iin_ep),
2409 data->iin_buffer, data->iin_wMaxPacketSize,
2410 usbtmc_interrupt,
2411 data, data->iin_interval);
2412
2413 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL);
2414 if (retcode) {
2415 dev_err(&intf->dev, "Failed to submit iin_urb\n");
2416 goto error_register;
2417 }
2418 }
2419
2420 retcode = usb_register_dev(intf, &usbtmc_class);
2421 if (retcode) {
2422 dev_err(&intf->dev, "Not able to get a minor (base %u, slice default): %d\n",
2423 USBTMC_MINOR_BASE,
2424 retcode);
2425 goto error_register;
2426 }
2427 dev_dbg(&intf->dev, "Using minor number %d\n", intf->minor);
2428
2429 return 0;
2430
2431 error_register:
2432 usbtmc_free_int(data);
2433 err_put:
2434 kref_put(&data->kref, usbtmc_delete);
2435 return retcode;
2436 }
2437
usbtmc_disconnect(struct usb_interface * intf)2438 static void usbtmc_disconnect(struct usb_interface *intf)
2439 {
2440 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2441 struct list_head *elem;
2442
2443 usb_deregister_dev(intf, &usbtmc_class);
2444 mutex_lock(&data->io_mutex);
2445 data->zombie = 1;
2446 wake_up_interruptible_all(&data->waitq);
2447 list_for_each(elem, &data->file_list) {
2448 struct usbtmc_file_data *file_data;
2449
2450 file_data = list_entry(elem,
2451 struct usbtmc_file_data,
2452 file_elem);
2453 usb_kill_anchored_urbs(&file_data->submitted);
2454 usb_scuttle_anchored_urbs(&file_data->in_anchor);
2455 }
2456 mutex_unlock(&data->io_mutex);
2457 usbtmc_free_int(data);
2458 kref_put(&data->kref, usbtmc_delete);
2459 }
2460
usbtmc_draw_down(struct usbtmc_file_data * file_data)2461 static void usbtmc_draw_down(struct usbtmc_file_data *file_data)
2462 {
2463 int time;
2464
2465 time = usb_wait_anchor_empty_timeout(&file_data->submitted, 1000);
2466 if (!time)
2467 usb_kill_anchored_urbs(&file_data->submitted);
2468 usb_scuttle_anchored_urbs(&file_data->in_anchor);
2469 }
2470
usbtmc_suspend(struct usb_interface * intf,pm_message_t message)2471 static int usbtmc_suspend(struct usb_interface *intf, pm_message_t message)
2472 {
2473 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2474 struct list_head *elem;
2475
2476 if (!data)
2477 return 0;
2478
2479 mutex_lock(&data->io_mutex);
2480 list_for_each(elem, &data->file_list) {
2481 struct usbtmc_file_data *file_data;
2482
2483 file_data = list_entry(elem,
2484 struct usbtmc_file_data,
2485 file_elem);
2486 usbtmc_draw_down(file_data);
2487 }
2488
2489 if (data->iin_ep_present && data->iin_urb)
2490 usb_kill_urb(data->iin_urb);
2491
2492 mutex_unlock(&data->io_mutex);
2493 return 0;
2494 }
2495
usbtmc_resume(struct usb_interface * intf)2496 static int usbtmc_resume(struct usb_interface *intf)
2497 {
2498 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2499 int retcode = 0;
2500
2501 if (data->iin_ep_present && data->iin_urb)
2502 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL);
2503 if (retcode)
2504 dev_err(&intf->dev, "Failed to submit iin_urb\n");
2505
2506 return retcode;
2507 }
2508
usbtmc_pre_reset(struct usb_interface * intf)2509 static int usbtmc_pre_reset(struct usb_interface *intf)
2510 {
2511 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2512 struct list_head *elem;
2513
2514 if (!data)
2515 return 0;
2516
2517 mutex_lock(&data->io_mutex);
2518
2519 list_for_each(elem, &data->file_list) {
2520 struct usbtmc_file_data *file_data;
2521
2522 file_data = list_entry(elem,
2523 struct usbtmc_file_data,
2524 file_elem);
2525 usbtmc_ioctl_cancel_io(file_data);
2526 }
2527
2528 return 0;
2529 }
2530
usbtmc_post_reset(struct usb_interface * intf)2531 static int usbtmc_post_reset(struct usb_interface *intf)
2532 {
2533 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2534
2535 mutex_unlock(&data->io_mutex);
2536
2537 return 0;
2538 }
2539
2540 static struct usb_driver usbtmc_driver = {
2541 .name = "usbtmc",
2542 .id_table = usbtmc_devices,
2543 .probe = usbtmc_probe,
2544 .disconnect = usbtmc_disconnect,
2545 .suspend = usbtmc_suspend,
2546 .resume = usbtmc_resume,
2547 .pre_reset = usbtmc_pre_reset,
2548 .post_reset = usbtmc_post_reset,
2549 .dev_groups = usbtmc_groups,
2550 };
2551
2552 module_usb_driver(usbtmc_driver);
2553
2554 MODULE_LICENSE("GPL");
2555