1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * drivers/usb/class/usbtmc.c - USB Test & Measurement class driver
4 *
5 * Copyright (C) 2007 Stefan Kopp, Gechingen, Germany
6 * Copyright (C) 2008 Novell, Inc.
7 * Copyright (C) 2008 Greg Kroah-Hartman <gregkh@suse.de>
8 * Copyright (C) 2018 IVI Foundation, Inc.
9 */
10
11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/fs.h>
16 #include <linux/uaccess.h>
17 #include <linux/kref.h>
18 #include <linux/slab.h>
19 #include <linux/poll.h>
20 #include <linux/mutex.h>
21 #include <linux/usb.h>
22 #include <linux/compat.h>
23 #include <linux/usb/tmc.h>
24
25 /* Increment API VERSION when changing tmc.h with new flags or ioctls
26 * or when changing a significant behavior of the driver.
27 */
28 #define USBTMC_API_VERSION (3)
29
30 #define USBTMC_HEADER_SIZE 12
31 #define USBTMC_MINOR_BASE 176
32
33 /* Minimum USB timeout (in milliseconds) */
34 #define USBTMC_MIN_TIMEOUT 100
35 /* Default USB timeout (in milliseconds) */
36 #define USBTMC_TIMEOUT 5000
37
38 /* Max number of urbs used in write transfers */
39 #define MAX_URBS_IN_FLIGHT 16
40 /* I/O buffer size used in generic read/write functions */
41 #define USBTMC_BUFSIZE (4096)
42
43 /*
44 * Maximum number of read cycles to empty bulk in endpoint during CLEAR and
45 * ABORT_BULK_IN requests. Ends the loop if (for whatever reason) a short
46 * packet is never read.
47 */
48 #define USBTMC_MAX_READS_TO_CLEAR_BULK_IN 100
49
50 static const struct usb_device_id usbtmc_devices[] = {
51 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 0), },
52 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 1), },
53 { 0, } /* terminating entry */
54 };
55 MODULE_DEVICE_TABLE(usb, usbtmc_devices);
56
57 /*
58 * This structure is the capabilities for the device
59 * See section 4.2.1.8 of the USBTMC specification,
60 * and section 4.2.2 of the USBTMC usb488 subclass
61 * specification for details.
62 */
63 struct usbtmc_dev_capabilities {
64 __u8 interface_capabilities;
65 __u8 device_capabilities;
66 __u8 usb488_interface_capabilities;
67 __u8 usb488_device_capabilities;
68 };
69
70 /* This structure holds private data for each USBTMC device. One copy is
71 * allocated for each USBTMC device in the driver's probe function.
72 */
73 struct usbtmc_device_data {
74 const struct usb_device_id *id;
75 struct usb_device *usb_dev;
76 struct usb_interface *intf;
77 struct list_head file_list;
78
79 unsigned int bulk_in;
80 unsigned int bulk_out;
81
82 u8 bTag;
83 u8 bTag_last_write; /* needed for abort */
84 u8 bTag_last_read; /* needed for abort */
85
86 /* packet size of IN bulk */
87 u16 wMaxPacketSize;
88
89 /* data for interrupt in endpoint handling */
90 u8 bNotify1;
91 u8 bNotify2;
92 u16 ifnum;
93 u8 iin_bTag;
94 u8 *iin_buffer;
95 atomic_t iin_data_valid;
96 unsigned int iin_ep;
97 int iin_ep_present;
98 int iin_interval;
99 struct urb *iin_urb;
100 u16 iin_wMaxPacketSize;
101
102 /* coalesced usb488_caps from usbtmc_dev_capabilities */
103 __u8 usb488_caps;
104
105 bool zombie; /* fd of disconnected device */
106
107 struct usbtmc_dev_capabilities capabilities;
108 struct kref kref;
109 struct mutex io_mutex; /* only one i/o function running at a time */
110 wait_queue_head_t waitq;
111 struct fasync_struct *fasync;
112 spinlock_t dev_lock; /* lock for file_list */
113 };
114 #define to_usbtmc_data(d) container_of(d, struct usbtmc_device_data, kref)
115
116 /*
117 * This structure holds private data for each USBTMC file handle.
118 */
119 struct usbtmc_file_data {
120 struct usbtmc_device_data *data;
121 struct list_head file_elem;
122
123 u32 timeout;
124 u8 srq_byte;
125 atomic_t srq_asserted;
126 atomic_t closing;
127 u8 bmTransferAttributes; /* member of DEV_DEP_MSG_IN */
128
129 u8 eom_val;
130 u8 term_char;
131 bool term_char_enabled;
132 bool auto_abort;
133
134 spinlock_t err_lock; /* lock for errors */
135
136 struct usb_anchor submitted;
137
138 /* data for generic_write */
139 struct semaphore limit_write_sem;
140 u32 out_transfer_size;
141 int out_status;
142
143 /* data for generic_read */
144 u32 in_transfer_size;
145 int in_status;
146 int in_urbs_used;
147 struct usb_anchor in_anchor;
148 wait_queue_head_t wait_bulk_in;
149 };
150
151 /* Forward declarations */
152 static struct usb_driver usbtmc_driver;
153 static void usbtmc_draw_down(struct usbtmc_file_data *file_data);
154
usbtmc_delete(struct kref * kref)155 static void usbtmc_delete(struct kref *kref)
156 {
157 struct usbtmc_device_data *data = to_usbtmc_data(kref);
158
159 usb_put_dev(data->usb_dev);
160 kfree(data);
161 }
162
usbtmc_open(struct inode * inode,struct file * filp)163 static int usbtmc_open(struct inode *inode, struct file *filp)
164 {
165 struct usb_interface *intf;
166 struct usbtmc_device_data *data;
167 struct usbtmc_file_data *file_data;
168
169 intf = usb_find_interface(&usbtmc_driver, iminor(inode));
170 if (!intf) {
171 pr_err("can not find device for minor %d", iminor(inode));
172 return -ENODEV;
173 }
174
175 file_data = kzalloc_obj(*file_data);
176 if (!file_data)
177 return -ENOMEM;
178
179 spin_lock_init(&file_data->err_lock);
180 sema_init(&file_data->limit_write_sem, MAX_URBS_IN_FLIGHT);
181 init_usb_anchor(&file_data->submitted);
182 init_usb_anchor(&file_data->in_anchor);
183 init_waitqueue_head(&file_data->wait_bulk_in);
184
185 data = usb_get_intfdata(intf);
186 /* Protect reference to data from file structure until release */
187 kref_get(&data->kref);
188
189 mutex_lock(&data->io_mutex);
190 file_data->data = data;
191
192 atomic_set(&file_data->closing, 0);
193
194 file_data->timeout = USBTMC_TIMEOUT;
195 file_data->term_char = '\n';
196 file_data->term_char_enabled = 0;
197 file_data->auto_abort = 0;
198 file_data->eom_val = 1;
199
200 INIT_LIST_HEAD(&file_data->file_elem);
201 spin_lock_irq(&data->dev_lock);
202 list_add_tail(&file_data->file_elem, &data->file_list);
203 spin_unlock_irq(&data->dev_lock);
204 mutex_unlock(&data->io_mutex);
205
206 /* Store pointer in file structure's private data field */
207 filp->private_data = file_data;
208
209 return 0;
210 }
211
212 /*
213 * usbtmc_flush - called before file handle is closed
214 */
usbtmc_flush(struct file * file,fl_owner_t id)215 static int usbtmc_flush(struct file *file, fl_owner_t id)
216 {
217 struct usbtmc_file_data *file_data;
218 struct usbtmc_device_data *data;
219
220 file_data = file->private_data;
221 if (file_data == NULL)
222 return -ENODEV;
223
224 atomic_set(&file_data->closing, 1);
225 data = file_data->data;
226
227 /* wait for io to stop */
228 mutex_lock(&data->io_mutex);
229
230 usbtmc_draw_down(file_data);
231
232 spin_lock_irq(&file_data->err_lock);
233 file_data->in_status = 0;
234 file_data->in_transfer_size = 0;
235 file_data->in_urbs_used = 0;
236 file_data->out_status = 0;
237 file_data->out_transfer_size = 0;
238 spin_unlock_irq(&file_data->err_lock);
239
240 wake_up_interruptible_all(&data->waitq);
241 mutex_unlock(&data->io_mutex);
242
243 return 0;
244 }
245
usbtmc_release(struct inode * inode,struct file * file)246 static int usbtmc_release(struct inode *inode, struct file *file)
247 {
248 struct usbtmc_file_data *file_data = file->private_data;
249
250 /* prevent IO _AND_ usbtmc_interrupt */
251 mutex_lock(&file_data->data->io_mutex);
252 spin_lock_irq(&file_data->data->dev_lock);
253
254 list_del(&file_data->file_elem);
255
256 spin_unlock_irq(&file_data->data->dev_lock);
257
258 /* flush anchored URBs */
259 usbtmc_draw_down(file_data);
260 mutex_unlock(&file_data->data->io_mutex);
261
262 kref_put(&file_data->data->kref, usbtmc_delete);
263 file_data->data = NULL;
264 kfree(file_data);
265 return 0;
266 }
267
usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data * data,u8 tag)268 static int usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data *data,
269 u8 tag)
270 {
271 u8 *buffer;
272 struct device *dev;
273 int rv;
274 int n;
275 int actual;
276
277 dev = &data->intf->dev;
278 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL);
279 if (!buffer)
280 return -ENOMEM;
281
282 rv = usb_control_msg(data->usb_dev,
283 usb_rcvctrlpipe(data->usb_dev, 0),
284 USBTMC_REQUEST_INITIATE_ABORT_BULK_IN,
285 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
286 tag, data->bulk_in,
287 buffer, 2, USB_CTRL_GET_TIMEOUT);
288
289 if (rv < 0) {
290 dev_err(dev, "usb_control_msg returned %d\n", rv);
291 goto exit;
292 }
293
294 dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x with tag %02x\n",
295 buffer[0], buffer[1]);
296
297 if (buffer[0] == USBTMC_STATUS_FAILED) {
298 /* No transfer in progress and the Bulk-OUT FIFO is empty. */
299 rv = 0;
300 goto exit;
301 }
302
303 if (buffer[0] == USBTMC_STATUS_TRANSFER_NOT_IN_PROGRESS) {
304 /* The device returns this status if either:
305 * - There is a transfer in progress, but the specified bTag
306 * does not match.
307 * - There is no transfer in progress, but the Bulk-OUT FIFO
308 * is not empty.
309 */
310 rv = -ENOMSG;
311 goto exit;
312 }
313
314 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
315 dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n",
316 buffer[0]);
317 rv = -EPERM;
318 goto exit;
319 }
320
321 n = 0;
322
323 usbtmc_abort_bulk_in_status:
324 dev_dbg(dev, "Reading from bulk in EP\n");
325
326 /* Data must be present. So use low timeout 300 ms */
327 actual = 0;
328 rv = usb_bulk_msg(data->usb_dev,
329 usb_rcvbulkpipe(data->usb_dev,
330 data->bulk_in),
331 buffer, USBTMC_BUFSIZE,
332 &actual, 300);
333
334 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1,
335 buffer, actual, true);
336
337 n++;
338
339 if (rv < 0) {
340 dev_err(dev, "usb_bulk_msg returned %d\n", rv);
341 if (rv != -ETIMEDOUT)
342 goto exit;
343 }
344
345 if (actual == USBTMC_BUFSIZE)
346 goto usbtmc_abort_bulk_in_status;
347
348 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) {
349 dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
350 USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
351 rv = -EPERM;
352 goto exit;
353 }
354
355 rv = usb_control_msg(data->usb_dev,
356 usb_rcvctrlpipe(data->usb_dev, 0),
357 USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS,
358 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
359 0, data->bulk_in, buffer, 0x08,
360 USB_CTRL_GET_TIMEOUT);
361
362 if (rv < 0) {
363 dev_err(dev, "usb_control_msg returned %d\n", rv);
364 goto exit;
365 }
366
367 dev_dbg(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]);
368
369 if (buffer[0] == USBTMC_STATUS_SUCCESS) {
370 rv = 0;
371 goto exit;
372 }
373
374 if (buffer[0] != USBTMC_STATUS_PENDING) {
375 dev_err(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]);
376 rv = -EPERM;
377 goto exit;
378 }
379
380 if ((buffer[1] & 1) > 0) {
381 /* The device has 1 or more queued packets the Host can read */
382 goto usbtmc_abort_bulk_in_status;
383 }
384
385 /* The Host must send CHECK_ABORT_BULK_IN_STATUS at a later time. */
386 rv = -EAGAIN;
387 exit:
388 kfree(buffer);
389 return rv;
390 }
391
usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data * data)392 static int usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data *data)
393 {
394 return usbtmc_ioctl_abort_bulk_in_tag(data, data->bTag_last_read);
395 }
396
usbtmc_ioctl_abort_bulk_out_tag(struct usbtmc_device_data * data,u8 tag)397 static int usbtmc_ioctl_abort_bulk_out_tag(struct usbtmc_device_data *data,
398 u8 tag)
399 {
400 struct device *dev;
401 u8 *buffer;
402 int rv;
403 int n;
404
405 dev = &data->intf->dev;
406
407 buffer = kmalloc(8, GFP_KERNEL);
408 if (!buffer)
409 return -ENOMEM;
410
411 rv = usb_control_msg(data->usb_dev,
412 usb_rcvctrlpipe(data->usb_dev, 0),
413 USBTMC_REQUEST_INITIATE_ABORT_BULK_OUT,
414 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
415 tag, data->bulk_out,
416 buffer, 2, USB_CTRL_GET_TIMEOUT);
417
418 if (rv < 0) {
419 dev_err(dev, "usb_control_msg returned %d\n", rv);
420 goto exit;
421 }
422
423 dev_dbg(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", buffer[0]);
424
425 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
426 dev_err(dev, "INITIATE_ABORT_BULK_OUT returned %x\n",
427 buffer[0]);
428 rv = -EPERM;
429 goto exit;
430 }
431
432 n = 0;
433
434 usbtmc_abort_bulk_out_check_status:
435 /* do not stress device with subsequent requests */
436 msleep(50);
437 rv = usb_control_msg(data->usb_dev,
438 usb_rcvctrlpipe(data->usb_dev, 0),
439 USBTMC_REQUEST_CHECK_ABORT_BULK_OUT_STATUS,
440 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
441 0, data->bulk_out, buffer, 0x08,
442 USB_CTRL_GET_TIMEOUT);
443 n++;
444 if (rv < 0) {
445 dev_err(dev, "usb_control_msg returned %d\n", rv);
446 goto exit;
447 }
448
449 dev_dbg(dev, "CHECK_ABORT_BULK_OUT returned %x\n", buffer[0]);
450
451 if (buffer[0] == USBTMC_STATUS_SUCCESS)
452 goto usbtmc_abort_bulk_out_clear_halt;
453
454 if ((buffer[0] == USBTMC_STATUS_PENDING) &&
455 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN))
456 goto usbtmc_abort_bulk_out_check_status;
457
458 rv = -EPERM;
459 goto exit;
460
461 usbtmc_abort_bulk_out_clear_halt:
462 rv = usb_clear_halt(data->usb_dev,
463 usb_sndbulkpipe(data->usb_dev, data->bulk_out));
464
465 if (rv < 0) {
466 dev_err(dev, "usb_control_msg returned %d\n", rv);
467 goto exit;
468 }
469 rv = 0;
470
471 exit:
472 kfree(buffer);
473 return rv;
474 }
475
usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data * data)476 static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data)
477 {
478 return usbtmc_ioctl_abort_bulk_out_tag(data, data->bTag_last_write);
479 }
480
usbtmc_get_stb(struct usbtmc_file_data * file_data,__u8 * stb)481 static int usbtmc_get_stb(struct usbtmc_file_data *file_data, __u8 *stb)
482 {
483 struct usbtmc_device_data *data = file_data->data;
484 struct device *dev = &data->intf->dev;
485 u8 *buffer;
486 u8 tag;
487 int rv;
488 long wait_rv;
489 unsigned long expire;
490
491 dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n",
492 data->iin_ep_present);
493
494 buffer = kmalloc(8, GFP_KERNEL);
495 if (!buffer)
496 return -ENOMEM;
497
498 atomic_set(&data->iin_data_valid, 0);
499
500 rv = usb_control_msg(data->usb_dev,
501 usb_rcvctrlpipe(data->usb_dev, 0),
502 USBTMC488_REQUEST_READ_STATUS_BYTE,
503 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
504 data->iin_bTag,
505 data->ifnum,
506 buffer, 0x03, USB_CTRL_GET_TIMEOUT);
507 if (rv < 0) {
508 dev_err(dev, "stb usb_control_msg returned %d\n", rv);
509 goto exit;
510 }
511
512 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
513 dev_err(dev, "control status returned %x\n", buffer[0]);
514 rv = -EIO;
515 goto exit;
516 }
517
518 if (data->iin_ep_present) {
519 expire = msecs_to_jiffies(file_data->timeout);
520 wait_rv = wait_event_interruptible_timeout(
521 data->waitq,
522 atomic_read(&data->iin_data_valid) != 0,
523 expire);
524 if (wait_rv < 0) {
525 dev_dbg(dev, "wait interrupted %ld\n", wait_rv);
526 rv = wait_rv;
527 goto exit;
528 }
529
530 if (wait_rv == 0) {
531 dev_dbg(dev, "wait timed out\n");
532 rv = -ETIMEDOUT;
533 goto exit;
534 }
535
536 tag = data->bNotify1 & 0x7f;
537 if (tag != data->iin_bTag) {
538 dev_err(dev, "expected bTag %x got %x\n",
539 data->iin_bTag, tag);
540 }
541
542 *stb = data->bNotify2;
543 } else {
544 *stb = buffer[2];
545 }
546
547 dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)*stb, rv);
548
549 rv = 0;
550
551 exit:
552 /* bump interrupt bTag */
553 data->iin_bTag += 1;
554 if (data->iin_bTag > 127)
555 /* 1 is for SRQ see USBTMC-USB488 subclass spec section 4.3.1 */
556 data->iin_bTag = 2;
557
558 kfree(buffer);
559 return rv;
560 }
561
usbtmc488_ioctl_read_stb(struct usbtmc_file_data * file_data,void __user * arg)562 static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data,
563 void __user *arg)
564 {
565 int srq_asserted = 0;
566 __u8 stb;
567 int rv;
568
569 rv = usbtmc_get_stb(file_data, &stb);
570
571 if (rv < 0)
572 return rv;
573
574 srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted);
575 if (srq_asserted)
576 stb |= 0x40; /* Set RQS bit */
577
578 rv = put_user(stb, (__u8 __user *)arg);
579
580 return rv;
581
582 }
583
usbtmc_ioctl_get_srq_stb(struct usbtmc_file_data * file_data,void __user * arg)584 static int usbtmc_ioctl_get_srq_stb(struct usbtmc_file_data *file_data,
585 void __user *arg)
586 {
587 struct usbtmc_device_data *data = file_data->data;
588 struct device *dev = &data->intf->dev;
589 int srq_asserted = 0;
590 __u8 stb = 0;
591 int rv;
592
593 spin_lock_irq(&data->dev_lock);
594 srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted);
595
596 if (srq_asserted) {
597 stb = file_data->srq_byte;
598 spin_unlock_irq(&data->dev_lock);
599 rv = put_user(stb, (__u8 __user *)arg);
600 } else {
601 spin_unlock_irq(&data->dev_lock);
602 rv = -ENOMSG;
603 }
604
605 dev_dbg(dev, "stb:0x%02x with srq received %d\n", (unsigned int)stb, rv);
606
607 return rv;
608 }
609
usbtmc488_ioctl_wait_srq(struct usbtmc_file_data * file_data,__u32 __user * arg)610 static int usbtmc488_ioctl_wait_srq(struct usbtmc_file_data *file_data,
611 __u32 __user *arg)
612 {
613 struct usbtmc_device_data *data = file_data->data;
614 struct device *dev = &data->intf->dev;
615 u32 timeout;
616 unsigned long expire;
617 long wait_rv;
618
619 if (!data->iin_ep_present) {
620 dev_dbg(dev, "no interrupt endpoint present\n");
621 return -EFAULT;
622 }
623
624 if (get_user(timeout, arg))
625 return -EFAULT;
626
627 expire = msecs_to_jiffies(timeout);
628
629 mutex_unlock(&data->io_mutex);
630
631 wait_rv = wait_event_interruptible_timeout(
632 data->waitq,
633 atomic_read(&file_data->srq_asserted) != 0 ||
634 atomic_read(&file_data->closing),
635 expire);
636
637 mutex_lock(&data->io_mutex);
638
639 /* Note! disconnect or close could be called in the meantime */
640 if (atomic_read(&file_data->closing) || data->zombie)
641 return -ENODEV;
642
643 if (wait_rv < 0) {
644 dev_dbg(dev, "%s - wait interrupted %ld\n", __func__, wait_rv);
645 return wait_rv;
646 }
647
648 if (wait_rv == 0) {
649 dev_dbg(dev, "%s - wait timed out\n", __func__);
650 return -ETIMEDOUT;
651 }
652
653 dev_dbg(dev, "%s - srq asserted\n", __func__);
654 return 0;
655 }
656
usbtmc488_ioctl_simple(struct usbtmc_device_data * data,void __user * arg,unsigned int cmd)657 static int usbtmc488_ioctl_simple(struct usbtmc_device_data *data,
658 void __user *arg, unsigned int cmd)
659 {
660 struct device *dev = &data->intf->dev;
661 __u8 val;
662 u8 *buffer;
663 u16 wValue;
664 int rv;
665
666 if (!(data->usb488_caps & USBTMC488_CAPABILITY_SIMPLE))
667 return -EINVAL;
668
669 buffer = kmalloc(8, GFP_KERNEL);
670 if (!buffer)
671 return -ENOMEM;
672
673 if (cmd == USBTMC488_REQUEST_REN_CONTROL) {
674 rv = copy_from_user(&val, arg, sizeof(val));
675 if (rv) {
676 rv = -EFAULT;
677 goto exit;
678 }
679 wValue = val ? 1 : 0;
680 } else {
681 wValue = 0;
682 }
683
684 rv = usb_control_msg(data->usb_dev,
685 usb_rcvctrlpipe(data->usb_dev, 0),
686 cmd,
687 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
688 wValue,
689 data->ifnum,
690 buffer, 0x01, USB_CTRL_GET_TIMEOUT);
691 if (rv < 0) {
692 dev_err(dev, "simple usb_control_msg failed %d\n", rv);
693 goto exit;
694 } else if (rv != 1) {
695 dev_warn(dev, "simple usb_control_msg returned %d\n", rv);
696 rv = -EIO;
697 goto exit;
698 }
699
700 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
701 dev_err(dev, "simple control status returned %x\n", buffer[0]);
702 rv = -EIO;
703 goto exit;
704 }
705 rv = 0;
706
707 exit:
708 kfree(buffer);
709 return rv;
710 }
711
712 /*
713 * Sends a TRIGGER Bulk-OUT command message
714 * See the USBTMC-USB488 specification, Table 2.
715 *
716 * Also updates bTag_last_write.
717 */
usbtmc488_ioctl_trigger(struct usbtmc_file_data * file_data)718 static int usbtmc488_ioctl_trigger(struct usbtmc_file_data *file_data)
719 {
720 struct usbtmc_device_data *data = file_data->data;
721 int retval;
722 u8 *buffer;
723 int actual;
724
725 buffer = kzalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
726 if (!buffer)
727 return -ENOMEM;
728
729 buffer[0] = 128;
730 buffer[1] = data->bTag;
731 buffer[2] = ~data->bTag;
732
733 retval = usb_bulk_msg_killable(data->usb_dev,
734 usb_sndbulkpipe(data->usb_dev,
735 data->bulk_out),
736 buffer, USBTMC_HEADER_SIZE,
737 &actual, file_data->timeout);
738
739 /* Store bTag (in case we need to abort) */
740 data->bTag_last_write = data->bTag;
741
742 /* Increment bTag -- and increment again if zero */
743 data->bTag++;
744 if (!data->bTag)
745 data->bTag++;
746
747 kfree(buffer);
748 if (retval < 0) {
749 dev_err(&data->intf->dev, "%s returned %d\n",
750 __func__, retval);
751 return retval;
752 }
753
754 return 0;
755 }
756
usbtmc_create_urb(void)757 static struct urb *usbtmc_create_urb(void)
758 {
759 const size_t bufsize = USBTMC_BUFSIZE;
760 u8 *dmabuf = NULL;
761 struct urb *urb = usb_alloc_urb(0, GFP_KERNEL);
762
763 if (!urb)
764 return NULL;
765
766 dmabuf = kzalloc(bufsize, GFP_KERNEL);
767 if (!dmabuf) {
768 usb_free_urb(urb);
769 return NULL;
770 }
771
772 urb->transfer_buffer = dmabuf;
773 urb->transfer_buffer_length = bufsize;
774 urb->transfer_flags |= URB_FREE_BUFFER;
775 return urb;
776 }
777
usbtmc_read_bulk_cb(struct urb * urb)778 static void usbtmc_read_bulk_cb(struct urb *urb)
779 {
780 struct usbtmc_file_data *file_data = urb->context;
781 int status = urb->status;
782 unsigned long flags;
783
784 /* sync/async unlink faults aren't errors */
785 if (status) {
786 if (!(/* status == -ENOENT || */
787 status == -ECONNRESET ||
788 status == -EREMOTEIO || /* Short packet */
789 status == -ESHUTDOWN))
790 dev_err(&file_data->data->intf->dev,
791 "%s - nonzero read bulk status received: %d\n",
792 __func__, status);
793
794 spin_lock_irqsave(&file_data->err_lock, flags);
795 if (!file_data->in_status)
796 file_data->in_status = status;
797 spin_unlock_irqrestore(&file_data->err_lock, flags);
798 }
799
800 spin_lock_irqsave(&file_data->err_lock, flags);
801 file_data->in_transfer_size += urb->actual_length;
802 dev_dbg(&file_data->data->intf->dev,
803 "%s - total size: %u current: %d status: %d\n",
804 __func__, file_data->in_transfer_size,
805 urb->actual_length, status);
806 spin_unlock_irqrestore(&file_data->err_lock, flags);
807 usb_anchor_urb(urb, &file_data->in_anchor);
808
809 wake_up_interruptible(&file_data->wait_bulk_in);
810 wake_up_interruptible(&file_data->data->waitq);
811 }
812
usbtmc_do_transfer(struct usbtmc_file_data * file_data)813 static inline bool usbtmc_do_transfer(struct usbtmc_file_data *file_data)
814 {
815 bool data_or_error;
816
817 spin_lock_irq(&file_data->err_lock);
818 data_or_error = !usb_anchor_empty(&file_data->in_anchor)
819 || file_data->in_status;
820 spin_unlock_irq(&file_data->err_lock);
821 dev_dbg(&file_data->data->intf->dev, "%s: returns %d\n", __func__,
822 data_or_error);
823 return data_or_error;
824 }
825
usbtmc_generic_read(struct usbtmc_file_data * file_data,void __user * user_buffer,u32 transfer_size,u32 * transferred,u32 flags)826 static ssize_t usbtmc_generic_read(struct usbtmc_file_data *file_data,
827 void __user *user_buffer,
828 u32 transfer_size,
829 u32 *transferred,
830 u32 flags)
831 {
832 struct usbtmc_device_data *data = file_data->data;
833 struct device *dev = &data->intf->dev;
834 u32 done = 0;
835 u32 remaining;
836 const u32 bufsize = USBTMC_BUFSIZE;
837 int retval = 0;
838 u32 max_transfer_size;
839 unsigned long expire;
840 int bufcount = 1;
841 int again = 0;
842 long wait_rv;
843
844 /* mutex already locked */
845
846 *transferred = done;
847
848 max_transfer_size = transfer_size;
849
850 if (flags & USBTMC_FLAG_IGNORE_TRAILER) {
851 /* The device may send extra alignment bytes (up to
852 * wMaxPacketSize – 1) to avoid sending a zero-length
853 * packet
854 */
855 remaining = transfer_size;
856 if ((max_transfer_size % data->wMaxPacketSize) == 0)
857 max_transfer_size += (data->wMaxPacketSize - 1);
858 } else {
859 /* round down to bufsize to avoid truncated data left */
860 if (max_transfer_size > bufsize) {
861 max_transfer_size =
862 roundup(max_transfer_size + 1 - bufsize,
863 bufsize);
864 }
865 remaining = max_transfer_size;
866 }
867
868 spin_lock_irq(&file_data->err_lock);
869
870 if (file_data->in_status) {
871 /* return the very first error */
872 retval = file_data->in_status;
873 spin_unlock_irq(&file_data->err_lock);
874 goto error;
875 }
876
877 if (flags & USBTMC_FLAG_ASYNC) {
878 if (usb_anchor_empty(&file_data->in_anchor))
879 again = 1;
880
881 if (file_data->in_urbs_used == 0) {
882 file_data->in_transfer_size = 0;
883 file_data->in_status = 0;
884 }
885 } else {
886 file_data->in_transfer_size = 0;
887 file_data->in_status = 0;
888 }
889
890 if (max_transfer_size == 0) {
891 bufcount = 0;
892 } else {
893 bufcount = roundup(max_transfer_size, bufsize) / bufsize;
894 if (bufcount > file_data->in_urbs_used)
895 bufcount -= file_data->in_urbs_used;
896 else
897 bufcount = 0;
898
899 if (bufcount + file_data->in_urbs_used > MAX_URBS_IN_FLIGHT) {
900 bufcount = MAX_URBS_IN_FLIGHT -
901 file_data->in_urbs_used;
902 }
903 }
904 spin_unlock_irq(&file_data->err_lock);
905
906 dev_dbg(dev, "%s: requested=%u flags=0x%X size=%u bufs=%d used=%d\n",
907 __func__, transfer_size, flags,
908 max_transfer_size, bufcount, file_data->in_urbs_used);
909
910 while (bufcount > 0) {
911 u8 *dmabuf = NULL;
912 struct urb *urb = usbtmc_create_urb();
913
914 if (!urb) {
915 retval = -ENOMEM;
916 goto error;
917 }
918
919 dmabuf = urb->transfer_buffer;
920
921 usb_fill_bulk_urb(urb, data->usb_dev,
922 usb_rcvbulkpipe(data->usb_dev, data->bulk_in),
923 dmabuf, bufsize,
924 usbtmc_read_bulk_cb, file_data);
925
926 usb_anchor_urb(urb, &file_data->submitted);
927 retval = usb_submit_urb(urb, GFP_KERNEL);
928 /* urb is anchored. We can release our reference. */
929 usb_free_urb(urb);
930 if (unlikely(retval)) {
931 usb_unanchor_urb(urb);
932 goto error;
933 }
934 file_data->in_urbs_used++;
935 bufcount--;
936 }
937
938 if (again) {
939 dev_dbg(dev, "%s: ret=again\n", __func__);
940 return -EAGAIN;
941 }
942
943 if (user_buffer == NULL)
944 return -EINVAL;
945
946 expire = msecs_to_jiffies(file_data->timeout);
947
948 while (max_transfer_size > 0) {
949 u32 this_part;
950 struct urb *urb = NULL;
951
952 if (!(flags & USBTMC_FLAG_ASYNC)) {
953 dev_dbg(dev, "%s: before wait time %lu\n",
954 __func__, expire);
955 wait_rv = wait_event_interruptible_timeout(
956 file_data->wait_bulk_in,
957 usbtmc_do_transfer(file_data),
958 expire);
959
960 dev_dbg(dev, "%s: wait returned %ld\n",
961 __func__, wait_rv);
962
963 if (wait_rv < 0) {
964 retval = wait_rv;
965 goto error;
966 }
967
968 if (wait_rv == 0) {
969 retval = -ETIMEDOUT;
970 goto error;
971 }
972
973 }
974
975 urb = usb_get_from_anchor(&file_data->in_anchor);
976 if (!urb) {
977 if (!(flags & USBTMC_FLAG_ASYNC)) {
978 /* synchronous case: must not happen */
979 retval = -EFAULT;
980 goto error;
981 }
982
983 /* asynchronous case: ready, do not block or wait */
984 *transferred = done;
985 dev_dbg(dev, "%s: (async) done=%u ret=0\n",
986 __func__, done);
987 return 0;
988 }
989
990 file_data->in_urbs_used--;
991
992 if (max_transfer_size > urb->actual_length)
993 max_transfer_size -= urb->actual_length;
994 else
995 max_transfer_size = 0;
996
997 if (remaining > urb->actual_length)
998 this_part = urb->actual_length;
999 else
1000 this_part = remaining;
1001
1002 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1,
1003 urb->transfer_buffer, urb->actual_length, true);
1004
1005 if (copy_to_user(user_buffer + done,
1006 urb->transfer_buffer, this_part)) {
1007 usb_free_urb(urb);
1008 retval = -EFAULT;
1009 goto error;
1010 }
1011
1012 remaining -= this_part;
1013 done += this_part;
1014
1015 spin_lock_irq(&file_data->err_lock);
1016 if (urb->status) {
1017 /* return the very first error */
1018 retval = file_data->in_status;
1019 spin_unlock_irq(&file_data->err_lock);
1020 usb_free_urb(urb);
1021 goto error;
1022 }
1023 spin_unlock_irq(&file_data->err_lock);
1024
1025 if (urb->actual_length < bufsize) {
1026 /* short packet or ZLP received => ready */
1027 usb_free_urb(urb);
1028 retval = 1;
1029 break;
1030 }
1031
1032 if (!(flags & USBTMC_FLAG_ASYNC) &&
1033 max_transfer_size > (bufsize * file_data->in_urbs_used)) {
1034 /* resubmit, since other buffers still not enough */
1035 usb_anchor_urb(urb, &file_data->submitted);
1036 retval = usb_submit_urb(urb, GFP_KERNEL);
1037 if (unlikely(retval)) {
1038 usb_unanchor_urb(urb);
1039 usb_free_urb(urb);
1040 goto error;
1041 }
1042 file_data->in_urbs_used++;
1043 }
1044 usb_free_urb(urb);
1045 retval = 0;
1046 }
1047
1048 error:
1049 *transferred = done;
1050
1051 dev_dbg(dev, "%s: before kill\n", __func__);
1052 /* Attention: killing urbs can take long time (2 ms) */
1053 usb_kill_anchored_urbs(&file_data->submitted);
1054 dev_dbg(dev, "%s: after kill\n", __func__);
1055 usb_scuttle_anchored_urbs(&file_data->in_anchor);
1056 file_data->in_urbs_used = 0;
1057 file_data->in_status = 0; /* no spinlock needed here */
1058 dev_dbg(dev, "%s: done=%u ret=%d\n", __func__, done, retval);
1059
1060 return retval;
1061 }
1062
usbtmc_ioctl_generic_read(struct usbtmc_file_data * file_data,void __user * arg)1063 static ssize_t usbtmc_ioctl_generic_read(struct usbtmc_file_data *file_data,
1064 void __user *arg)
1065 {
1066 struct usbtmc_message msg;
1067 ssize_t retval = 0;
1068
1069 /* mutex already locked */
1070
1071 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message)))
1072 return -EFAULT;
1073
1074 retval = usbtmc_generic_read(file_data, msg.message,
1075 msg.transfer_size, &msg.transferred,
1076 msg.flags);
1077
1078 if (put_user(msg.transferred,
1079 &((struct usbtmc_message __user *)arg)->transferred))
1080 return -EFAULT;
1081
1082 return retval;
1083 }
1084
usbtmc_write_bulk_cb(struct urb * urb)1085 static void usbtmc_write_bulk_cb(struct urb *urb)
1086 {
1087 struct usbtmc_file_data *file_data = urb->context;
1088 int wakeup = 0;
1089 unsigned long flags;
1090
1091 spin_lock_irqsave(&file_data->err_lock, flags);
1092 file_data->out_transfer_size += urb->actual_length;
1093
1094 /* sync/async unlink faults aren't errors */
1095 if (urb->status) {
1096 if (!(urb->status == -ENOENT ||
1097 urb->status == -ECONNRESET ||
1098 urb->status == -ESHUTDOWN))
1099 dev_err(&file_data->data->intf->dev,
1100 "%s - nonzero write bulk status received: %d\n",
1101 __func__, urb->status);
1102
1103 if (!file_data->out_status) {
1104 file_data->out_status = urb->status;
1105 wakeup = 1;
1106 }
1107 }
1108 spin_unlock_irqrestore(&file_data->err_lock, flags);
1109
1110 dev_dbg(&file_data->data->intf->dev,
1111 "%s - write bulk total size: %u\n",
1112 __func__, file_data->out_transfer_size);
1113
1114 up(&file_data->limit_write_sem);
1115 if (usb_anchor_empty(&file_data->submitted) || wakeup)
1116 wake_up_interruptible(&file_data->data->waitq);
1117 }
1118
usbtmc_generic_write(struct usbtmc_file_data * file_data,const void __user * user_buffer,u32 transfer_size,u32 * transferred,u32 flags)1119 static ssize_t usbtmc_generic_write(struct usbtmc_file_data *file_data,
1120 const void __user *user_buffer,
1121 u32 transfer_size,
1122 u32 *transferred,
1123 u32 flags)
1124 {
1125 struct usbtmc_device_data *data = file_data->data;
1126 struct device *dev;
1127 u32 done = 0;
1128 u32 remaining;
1129 unsigned long expire;
1130 const u32 bufsize = USBTMC_BUFSIZE;
1131 struct urb *urb = NULL;
1132 int retval = 0;
1133 u32 timeout;
1134
1135 *transferred = 0;
1136
1137 /* Get pointer to private data structure */
1138 dev = &data->intf->dev;
1139
1140 dev_dbg(dev, "%s: size=%u flags=0x%X sema=%u\n",
1141 __func__, transfer_size, flags,
1142 file_data->limit_write_sem.count);
1143
1144 if (flags & USBTMC_FLAG_APPEND) {
1145 spin_lock_irq(&file_data->err_lock);
1146 retval = file_data->out_status;
1147 spin_unlock_irq(&file_data->err_lock);
1148 if (retval < 0)
1149 return retval;
1150 } else {
1151 spin_lock_irq(&file_data->err_lock);
1152 file_data->out_transfer_size = 0;
1153 file_data->out_status = 0;
1154 spin_unlock_irq(&file_data->err_lock);
1155 }
1156
1157 remaining = transfer_size;
1158 if (remaining > INT_MAX)
1159 remaining = INT_MAX;
1160
1161 timeout = file_data->timeout;
1162 expire = msecs_to_jiffies(timeout);
1163
1164 while (remaining > 0) {
1165 u32 this_part, aligned;
1166 u8 *buffer = NULL;
1167
1168 if (flags & USBTMC_FLAG_ASYNC) {
1169 if (down_trylock(&file_data->limit_write_sem)) {
1170 retval = (done)?(0):(-EAGAIN);
1171 goto exit;
1172 }
1173 } else {
1174 retval = down_timeout(&file_data->limit_write_sem,
1175 expire);
1176 if (retval < 0) {
1177 retval = -ETIMEDOUT;
1178 goto error;
1179 }
1180 }
1181
1182 spin_lock_irq(&file_data->err_lock);
1183 retval = file_data->out_status;
1184 spin_unlock_irq(&file_data->err_lock);
1185 if (retval < 0) {
1186 up(&file_data->limit_write_sem);
1187 goto error;
1188 }
1189
1190 /* prepare next urb to send */
1191 urb = usbtmc_create_urb();
1192 if (!urb) {
1193 retval = -ENOMEM;
1194 up(&file_data->limit_write_sem);
1195 goto error;
1196 }
1197 buffer = urb->transfer_buffer;
1198
1199 if (remaining > bufsize)
1200 this_part = bufsize;
1201 else
1202 this_part = remaining;
1203
1204 if (copy_from_user(buffer, user_buffer + done, this_part)) {
1205 retval = -EFAULT;
1206 up(&file_data->limit_write_sem);
1207 goto error;
1208 }
1209
1210 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1211 16, 1, buffer, this_part, true);
1212
1213 /* fill bulk with 32 bit alignment to meet USBTMC specification
1214 * (size + 3 & ~3) rounds up and simplifies user code
1215 */
1216 aligned = (this_part + 3) & ~3;
1217 dev_dbg(dev, "write(size:%u align:%u done:%u)\n",
1218 (unsigned int)this_part,
1219 (unsigned int)aligned,
1220 (unsigned int)done);
1221
1222 usb_fill_bulk_urb(urb, data->usb_dev,
1223 usb_sndbulkpipe(data->usb_dev, data->bulk_out),
1224 urb->transfer_buffer, aligned,
1225 usbtmc_write_bulk_cb, file_data);
1226
1227 usb_anchor_urb(urb, &file_data->submitted);
1228 retval = usb_submit_urb(urb, GFP_KERNEL);
1229 if (unlikely(retval)) {
1230 usb_unanchor_urb(urb);
1231 up(&file_data->limit_write_sem);
1232 goto error;
1233 }
1234
1235 usb_free_urb(urb);
1236 urb = NULL; /* urb will be finally released by usb driver */
1237
1238 remaining -= this_part;
1239 done += this_part;
1240 }
1241
1242 /* All urbs are on the fly */
1243 if (!(flags & USBTMC_FLAG_ASYNC)) {
1244 if (!usb_wait_anchor_empty_timeout(&file_data->submitted,
1245 timeout)) {
1246 retval = -ETIMEDOUT;
1247 goto error;
1248 }
1249 }
1250
1251 retval = 0;
1252 goto exit;
1253
1254 error:
1255 usb_kill_anchored_urbs(&file_data->submitted);
1256 exit:
1257 usb_free_urb(urb);
1258
1259 spin_lock_irq(&file_data->err_lock);
1260 if (!(flags & USBTMC_FLAG_ASYNC))
1261 done = file_data->out_transfer_size;
1262 if (!retval && file_data->out_status)
1263 retval = file_data->out_status;
1264 spin_unlock_irq(&file_data->err_lock);
1265
1266 *transferred = done;
1267
1268 dev_dbg(dev, "%s: done=%u, retval=%d, urbstat=%d\n",
1269 __func__, done, retval, file_data->out_status);
1270
1271 return retval;
1272 }
1273
usbtmc_ioctl_generic_write(struct usbtmc_file_data * file_data,void __user * arg)1274 static ssize_t usbtmc_ioctl_generic_write(struct usbtmc_file_data *file_data,
1275 void __user *arg)
1276 {
1277 struct usbtmc_message msg;
1278 ssize_t retval = 0;
1279
1280 /* mutex already locked */
1281
1282 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message)))
1283 return -EFAULT;
1284
1285 retval = usbtmc_generic_write(file_data, msg.message,
1286 msg.transfer_size, &msg.transferred,
1287 msg.flags);
1288
1289 if (put_user(msg.transferred,
1290 &((struct usbtmc_message __user *)arg)->transferred))
1291 return -EFAULT;
1292
1293 return retval;
1294 }
1295
1296 /*
1297 * Get the generic write result
1298 */
usbtmc_ioctl_write_result(struct usbtmc_file_data * file_data,void __user * arg)1299 static ssize_t usbtmc_ioctl_write_result(struct usbtmc_file_data *file_data,
1300 void __user *arg)
1301 {
1302 u32 transferred;
1303 int retval;
1304
1305 spin_lock_irq(&file_data->err_lock);
1306 transferred = file_data->out_transfer_size;
1307 retval = file_data->out_status;
1308 spin_unlock_irq(&file_data->err_lock);
1309
1310 if (put_user(transferred, (__u32 __user *)arg))
1311 return -EFAULT;
1312
1313 return retval;
1314 }
1315
1316 /*
1317 * Sends a REQUEST_DEV_DEP_MSG_IN message on the Bulk-OUT endpoint.
1318 * @transfer_size: number of bytes to request from the device.
1319 *
1320 * See the USBTMC specification, Table 4.
1321 *
1322 * Also updates bTag_last_write.
1323 */
send_request_dev_dep_msg_in(struct usbtmc_file_data * file_data,u32 transfer_size)1324 static int send_request_dev_dep_msg_in(struct usbtmc_file_data *file_data,
1325 u32 transfer_size)
1326 {
1327 struct usbtmc_device_data *data = file_data->data;
1328 int retval;
1329 u8 *buffer;
1330 int actual;
1331
1332 buffer = kmalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
1333 if (!buffer)
1334 return -ENOMEM;
1335 /* Setup IO buffer for REQUEST_DEV_DEP_MSG_IN message
1336 * Refer to class specs for details
1337 */
1338 buffer[0] = 2;
1339 buffer[1] = data->bTag;
1340 buffer[2] = ~data->bTag;
1341 buffer[3] = 0; /* Reserved */
1342 buffer[4] = transfer_size >> 0;
1343 buffer[5] = transfer_size >> 8;
1344 buffer[6] = transfer_size >> 16;
1345 buffer[7] = transfer_size >> 24;
1346 buffer[8] = file_data->term_char_enabled * 2;
1347 /* Use term character? */
1348 buffer[9] = file_data->term_char;
1349 buffer[10] = 0; /* Reserved */
1350 buffer[11] = 0; /* Reserved */
1351
1352 /* Send bulk URB */
1353 retval = usb_bulk_msg_killable(data->usb_dev,
1354 usb_sndbulkpipe(data->usb_dev,
1355 data->bulk_out),
1356 buffer, USBTMC_HEADER_SIZE,
1357 &actual, file_data->timeout);
1358
1359 /* Store bTag (in case we need to abort) */
1360 data->bTag_last_write = data->bTag;
1361
1362 /* Increment bTag -- and increment again if zero */
1363 data->bTag++;
1364 if (!data->bTag)
1365 data->bTag++;
1366
1367 kfree(buffer);
1368 if (retval < 0)
1369 dev_err(&data->intf->dev, "%s returned %d\n",
1370 __func__, retval);
1371
1372 return retval;
1373 }
1374
usbtmc_read(struct file * filp,char __user * buf,size_t count,loff_t * f_pos)1375 static ssize_t usbtmc_read(struct file *filp, char __user *buf,
1376 size_t count, loff_t *f_pos)
1377 {
1378 struct usbtmc_file_data *file_data;
1379 struct usbtmc_device_data *data;
1380 struct device *dev;
1381 const u32 bufsize = USBTMC_BUFSIZE;
1382 u32 n_characters;
1383 u8 *buffer;
1384 int actual;
1385 u32 done = 0;
1386 u32 remaining;
1387 int retval;
1388
1389 /* Get pointer to private data structure */
1390 file_data = filp->private_data;
1391 data = file_data->data;
1392 dev = &data->intf->dev;
1393
1394 buffer = kmalloc(bufsize, GFP_KERNEL);
1395 if (!buffer)
1396 return -ENOMEM;
1397
1398 retval = mutex_lock_interruptible(&data->io_mutex);
1399 if (retval < 0)
1400 goto exit_nolock;
1401
1402 if (data->zombie) {
1403 retval = -ENODEV;
1404 goto exit;
1405 }
1406
1407 if (count > INT_MAX)
1408 count = INT_MAX;
1409
1410 dev_dbg(dev, "%s(count:%zu)\n", __func__, count);
1411
1412 retval = send_request_dev_dep_msg_in(file_data, count);
1413
1414 if (retval < 0) {
1415 if (file_data->auto_abort)
1416 usbtmc_ioctl_abort_bulk_out(data);
1417 goto exit;
1418 }
1419
1420 /* Loop until we have fetched everything we requested */
1421 remaining = count;
1422 actual = 0;
1423
1424 /* Send bulk URB */
1425 retval = usb_bulk_msg_killable(data->usb_dev,
1426 usb_rcvbulkpipe(data->usb_dev,
1427 data->bulk_in),
1428 buffer, bufsize, &actual,
1429 file_data->timeout);
1430
1431 dev_dbg(dev, "%s: bulk_msg retval(%u), actual(%d)\n",
1432 __func__, retval, actual);
1433
1434 /* Store bTag (in case we need to abort) */
1435 data->bTag_last_read = data->bTag;
1436
1437 if (retval < 0) {
1438 if (file_data->auto_abort)
1439 usbtmc_ioctl_abort_bulk_in(data);
1440 goto exit;
1441 }
1442
1443 /* Sanity checks for the header */
1444 if (actual < USBTMC_HEADER_SIZE) {
1445 dev_err(dev, "Device sent too small first packet: %u < %u\n",
1446 actual, USBTMC_HEADER_SIZE);
1447 if (file_data->auto_abort)
1448 usbtmc_ioctl_abort_bulk_in(data);
1449 goto exit;
1450 }
1451
1452 if (buffer[0] != 2) {
1453 dev_err(dev, "Device sent reply with wrong MsgID: %u != 2\n",
1454 buffer[0]);
1455 if (file_data->auto_abort)
1456 usbtmc_ioctl_abort_bulk_in(data);
1457 goto exit;
1458 }
1459
1460 if (buffer[1] != data->bTag_last_write) {
1461 dev_err(dev, "Device sent reply with wrong bTag: %u != %u\n",
1462 buffer[1], data->bTag_last_write);
1463 if (file_data->auto_abort)
1464 usbtmc_ioctl_abort_bulk_in(data);
1465 goto exit;
1466 }
1467
1468 /* How many characters did the instrument send? */
1469 n_characters = buffer[4] +
1470 (buffer[5] << 8) +
1471 (buffer[6] << 16) +
1472 (buffer[7] << 24);
1473
1474 file_data->bmTransferAttributes = buffer[8];
1475
1476 dev_dbg(dev, "Bulk-IN header: N_characters(%u), bTransAttr(%u)\n",
1477 n_characters, buffer[8]);
1478
1479 if (n_characters > remaining) {
1480 dev_err(dev, "Device wants to return more data than requested: %u > %zu\n",
1481 n_characters, count);
1482 if (file_data->auto_abort)
1483 usbtmc_ioctl_abort_bulk_in(data);
1484 goto exit;
1485 }
1486
1487 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1488 16, 1, buffer, actual, true);
1489
1490 remaining = n_characters;
1491
1492 /* Remove the USBTMC header */
1493 actual -= USBTMC_HEADER_SIZE;
1494
1495 /* Remove padding if it exists */
1496 if (actual > remaining)
1497 actual = remaining;
1498
1499 remaining -= actual;
1500
1501 /* Copy buffer to user space */
1502 if (copy_to_user(buf, &buffer[USBTMC_HEADER_SIZE], actual)) {
1503 /* There must have been an addressing problem */
1504 retval = -EFAULT;
1505 goto exit;
1506 }
1507
1508 if ((actual + USBTMC_HEADER_SIZE) == bufsize) {
1509 retval = usbtmc_generic_read(file_data, buf + actual,
1510 remaining,
1511 &done,
1512 USBTMC_FLAG_IGNORE_TRAILER);
1513 if (retval < 0)
1514 goto exit;
1515 }
1516 done += actual;
1517
1518 /* Update file position value */
1519 *f_pos = *f_pos + done;
1520 retval = done;
1521
1522 exit:
1523 mutex_unlock(&data->io_mutex);
1524 exit_nolock:
1525 kfree(buffer);
1526 return retval;
1527 }
1528
usbtmc_write(struct file * filp,const char __user * buf,size_t count,loff_t * f_pos)1529 static ssize_t usbtmc_write(struct file *filp, const char __user *buf,
1530 size_t count, loff_t *f_pos)
1531 {
1532 struct usbtmc_file_data *file_data;
1533 struct usbtmc_device_data *data;
1534 struct urb *urb = NULL;
1535 ssize_t retval = 0;
1536 u8 *buffer;
1537 u32 remaining, done;
1538 u32 transfersize, aligned, buflen;
1539
1540 file_data = filp->private_data;
1541 data = file_data->data;
1542
1543 mutex_lock(&data->io_mutex);
1544
1545 if (data->zombie) {
1546 retval = -ENODEV;
1547 goto exit;
1548 }
1549
1550 done = 0;
1551
1552 spin_lock_irq(&file_data->err_lock);
1553 file_data->out_transfer_size = 0;
1554 file_data->out_status = 0;
1555 spin_unlock_irq(&file_data->err_lock);
1556
1557 if (!count)
1558 goto exit;
1559
1560 if (down_trylock(&file_data->limit_write_sem)) {
1561 /* previous calls were async */
1562 retval = -EBUSY;
1563 goto exit;
1564 }
1565
1566 urb = usbtmc_create_urb();
1567 if (!urb) {
1568 retval = -ENOMEM;
1569 up(&file_data->limit_write_sem);
1570 goto exit;
1571 }
1572
1573 buffer = urb->transfer_buffer;
1574 buflen = urb->transfer_buffer_length;
1575
1576 if (count > INT_MAX) {
1577 transfersize = INT_MAX;
1578 buffer[8] = 0;
1579 } else {
1580 transfersize = count;
1581 buffer[8] = file_data->eom_val;
1582 }
1583
1584 /* Setup IO buffer for DEV_DEP_MSG_OUT message */
1585 buffer[0] = 1;
1586 buffer[1] = data->bTag;
1587 buffer[2] = ~data->bTag;
1588 buffer[3] = 0; /* Reserved */
1589 buffer[4] = transfersize >> 0;
1590 buffer[5] = transfersize >> 8;
1591 buffer[6] = transfersize >> 16;
1592 buffer[7] = transfersize >> 24;
1593 /* buffer[8] is set above... */
1594 buffer[9] = 0; /* Reserved */
1595 buffer[10] = 0; /* Reserved */
1596 buffer[11] = 0; /* Reserved */
1597
1598 remaining = transfersize;
1599
1600 if (transfersize + USBTMC_HEADER_SIZE > buflen) {
1601 transfersize = buflen - USBTMC_HEADER_SIZE;
1602 aligned = buflen;
1603 } else {
1604 aligned = (transfersize + (USBTMC_HEADER_SIZE + 3)) & ~3;
1605 }
1606
1607 if (copy_from_user(&buffer[USBTMC_HEADER_SIZE], buf, transfersize)) {
1608 retval = -EFAULT;
1609 up(&file_data->limit_write_sem);
1610 goto exit;
1611 }
1612
1613 dev_dbg(&data->intf->dev, "%s(size:%u align:%u)\n", __func__,
1614 (unsigned int)transfersize, (unsigned int)aligned);
1615
1616 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1617 16, 1, buffer, aligned, true);
1618
1619 usb_fill_bulk_urb(urb, data->usb_dev,
1620 usb_sndbulkpipe(data->usb_dev, data->bulk_out),
1621 urb->transfer_buffer, aligned,
1622 usbtmc_write_bulk_cb, file_data);
1623
1624 usb_anchor_urb(urb, &file_data->submitted);
1625 retval = usb_submit_urb(urb, GFP_KERNEL);
1626 if (unlikely(retval)) {
1627 usb_unanchor_urb(urb);
1628 up(&file_data->limit_write_sem);
1629 goto exit;
1630 }
1631
1632 remaining -= transfersize;
1633
1634 data->bTag_last_write = data->bTag;
1635 data->bTag++;
1636
1637 if (!data->bTag)
1638 data->bTag++;
1639
1640 /* call generic_write even when remaining = 0 */
1641 retval = usbtmc_generic_write(file_data, buf + transfersize, remaining,
1642 &done, USBTMC_FLAG_APPEND);
1643 /* truncate alignment bytes */
1644 if (done > remaining)
1645 done = remaining;
1646
1647 /*add size of first urb*/
1648 done += transfersize;
1649
1650 if (retval < 0) {
1651 usb_kill_anchored_urbs(&file_data->submitted);
1652
1653 dev_err(&data->intf->dev,
1654 "Unable to send data, error %d\n", (int)retval);
1655 if (file_data->auto_abort)
1656 usbtmc_ioctl_abort_bulk_out(data);
1657 goto exit;
1658 }
1659
1660 retval = done;
1661 exit:
1662 usb_free_urb(urb);
1663 mutex_unlock(&data->io_mutex);
1664 return retval;
1665 }
1666
usbtmc_ioctl_clear(struct usbtmc_device_data * data)1667 static int usbtmc_ioctl_clear(struct usbtmc_device_data *data)
1668 {
1669 struct device *dev;
1670 u8 *buffer;
1671 int rv;
1672 int n;
1673 int actual = 0;
1674
1675 dev = &data->intf->dev;
1676
1677 dev_dbg(dev, "Sending INITIATE_CLEAR request\n");
1678
1679 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL);
1680 if (!buffer)
1681 return -ENOMEM;
1682
1683 rv = usb_control_msg(data->usb_dev,
1684 usb_rcvctrlpipe(data->usb_dev, 0),
1685 USBTMC_REQUEST_INITIATE_CLEAR,
1686 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1687 0, 0, buffer, 1, USB_CTRL_GET_TIMEOUT);
1688 if (rv < 0) {
1689 dev_err(dev, "usb_control_msg returned %d\n", rv);
1690 goto exit;
1691 }
1692
1693 dev_dbg(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
1694
1695 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1696 dev_err(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
1697 rv = -EPERM;
1698 goto exit;
1699 }
1700
1701 n = 0;
1702
1703 usbtmc_clear_check_status:
1704
1705 dev_dbg(dev, "Sending CHECK_CLEAR_STATUS request\n");
1706
1707 rv = usb_control_msg(data->usb_dev,
1708 usb_rcvctrlpipe(data->usb_dev, 0),
1709 USBTMC_REQUEST_CHECK_CLEAR_STATUS,
1710 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1711 0, 0, buffer, 2, USB_CTRL_GET_TIMEOUT);
1712 if (rv < 0) {
1713 dev_err(dev, "usb_control_msg returned %d\n", rv);
1714 goto exit;
1715 }
1716
1717 dev_dbg(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
1718
1719 if (buffer[0] == USBTMC_STATUS_SUCCESS)
1720 goto usbtmc_clear_bulk_out_halt;
1721
1722 if (buffer[0] != USBTMC_STATUS_PENDING) {
1723 dev_err(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
1724 rv = -EPERM;
1725 goto exit;
1726 }
1727
1728 if ((buffer[1] & 1) != 0) {
1729 do {
1730 dev_dbg(dev, "Reading from bulk in EP\n");
1731
1732 actual = 0;
1733 rv = usb_bulk_msg(data->usb_dev,
1734 usb_rcvbulkpipe(data->usb_dev,
1735 data->bulk_in),
1736 buffer, USBTMC_BUFSIZE,
1737 &actual, USB_CTRL_GET_TIMEOUT);
1738
1739 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1740 16, 1, buffer, actual, true);
1741
1742 n++;
1743
1744 if (rv < 0) {
1745 dev_err(dev, "usb_control_msg returned %d\n",
1746 rv);
1747 goto exit;
1748 }
1749 } while ((actual == USBTMC_BUFSIZE) &&
1750 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
1751 } else {
1752 /* do not stress device with subsequent requests */
1753 msleep(50);
1754 n++;
1755 }
1756
1757 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) {
1758 dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
1759 USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
1760 rv = -EPERM;
1761 goto exit;
1762 }
1763
1764 goto usbtmc_clear_check_status;
1765
1766 usbtmc_clear_bulk_out_halt:
1767
1768 rv = usb_clear_halt(data->usb_dev,
1769 usb_sndbulkpipe(data->usb_dev, data->bulk_out));
1770 if (rv < 0) {
1771 dev_err(dev, "usb_clear_halt returned %d\n", rv);
1772 goto exit;
1773 }
1774 rv = 0;
1775
1776 exit:
1777 kfree(buffer);
1778 return rv;
1779 }
1780
usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data * data)1781 static int usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data *data)
1782 {
1783 int rv;
1784
1785 rv = usb_clear_halt(data->usb_dev,
1786 usb_sndbulkpipe(data->usb_dev, data->bulk_out));
1787
1788 if (rv < 0)
1789 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv);
1790 return rv;
1791 }
1792
usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data * data)1793 static int usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data *data)
1794 {
1795 int rv;
1796
1797 rv = usb_clear_halt(data->usb_dev,
1798 usb_rcvbulkpipe(data->usb_dev, data->bulk_in));
1799
1800 if (rv < 0)
1801 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv);
1802 return rv;
1803 }
1804
usbtmc_ioctl_cancel_io(struct usbtmc_file_data * file_data)1805 static int usbtmc_ioctl_cancel_io(struct usbtmc_file_data *file_data)
1806 {
1807 spin_lock_irq(&file_data->err_lock);
1808 file_data->in_status = -ECANCELED;
1809 file_data->out_status = -ECANCELED;
1810 spin_unlock_irq(&file_data->err_lock);
1811 usb_kill_anchored_urbs(&file_data->submitted);
1812 return 0;
1813 }
1814
usbtmc_ioctl_cleanup_io(struct usbtmc_file_data * file_data)1815 static int usbtmc_ioctl_cleanup_io(struct usbtmc_file_data *file_data)
1816 {
1817 usb_kill_anchored_urbs(&file_data->submitted);
1818 usb_scuttle_anchored_urbs(&file_data->in_anchor);
1819 spin_lock_irq(&file_data->err_lock);
1820 file_data->in_status = 0;
1821 file_data->in_transfer_size = 0;
1822 file_data->out_status = 0;
1823 file_data->out_transfer_size = 0;
1824 spin_unlock_irq(&file_data->err_lock);
1825
1826 file_data->in_urbs_used = 0;
1827 return 0;
1828 }
1829
get_capabilities(struct usbtmc_device_data * data)1830 static int get_capabilities(struct usbtmc_device_data *data)
1831 {
1832 struct device *dev = &data->usb_dev->dev;
1833 char *buffer;
1834 int rv = 0;
1835
1836 buffer = kmalloc(0x18, GFP_KERNEL);
1837 if (!buffer)
1838 return -ENOMEM;
1839
1840 rv = usb_control_msg(data->usb_dev, usb_rcvctrlpipe(data->usb_dev, 0),
1841 USBTMC_REQUEST_GET_CAPABILITIES,
1842 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1843 0, 0, buffer, 0x18, USB_CTRL_GET_TIMEOUT);
1844 if (rv < 0) {
1845 dev_err(dev, "usb_control_msg returned %d\n", rv);
1846 goto err_out;
1847 }
1848
1849 dev_dbg(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
1850 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1851 dev_err(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
1852 rv = -EPERM;
1853 goto err_out;
1854 }
1855 dev_dbg(dev, "Interface capabilities are %x\n", buffer[4]);
1856 dev_dbg(dev, "Device capabilities are %x\n", buffer[5]);
1857 dev_dbg(dev, "USB488 interface capabilities are %x\n", buffer[14]);
1858 dev_dbg(dev, "USB488 device capabilities are %x\n", buffer[15]);
1859
1860 data->capabilities.interface_capabilities = buffer[4];
1861 data->capabilities.device_capabilities = buffer[5];
1862 data->capabilities.usb488_interface_capabilities = buffer[14];
1863 data->capabilities.usb488_device_capabilities = buffer[15];
1864 data->usb488_caps = (buffer[14] & 0x07) | ((buffer[15] & 0x0f) << 4);
1865 rv = 0;
1866
1867 err_out:
1868 kfree(buffer);
1869 return rv;
1870 }
1871
1872 #define capability_attribute(name) \
1873 static ssize_t name##_show(struct device *dev, \
1874 struct device_attribute *attr, char *buf) \
1875 { \
1876 struct usb_interface *intf = to_usb_interface(dev); \
1877 struct usbtmc_device_data *data = usb_get_intfdata(intf); \
1878 \
1879 return sprintf(buf, "%d\n", data->capabilities.name); \
1880 } \
1881 static DEVICE_ATTR_RO(name)
1882
1883 capability_attribute(interface_capabilities);
1884 capability_attribute(device_capabilities);
1885 capability_attribute(usb488_interface_capabilities);
1886 capability_attribute(usb488_device_capabilities);
1887
1888 static struct attribute *usbtmc_attrs[] = {
1889 &dev_attr_interface_capabilities.attr,
1890 &dev_attr_device_capabilities.attr,
1891 &dev_attr_usb488_interface_capabilities.attr,
1892 &dev_attr_usb488_device_capabilities.attr,
1893 NULL,
1894 };
1895 ATTRIBUTE_GROUPS(usbtmc);
1896
usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data * data)1897 static int usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data *data)
1898 {
1899 struct device *dev;
1900 u8 *buffer;
1901 int rv;
1902
1903 dev = &data->intf->dev;
1904
1905 buffer = kmalloc(2, GFP_KERNEL);
1906 if (!buffer)
1907 return -ENOMEM;
1908
1909 rv = usb_control_msg(data->usb_dev,
1910 usb_rcvctrlpipe(data->usb_dev, 0),
1911 USBTMC_REQUEST_INDICATOR_PULSE,
1912 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1913 0, 0, buffer, 0x01, USB_CTRL_GET_TIMEOUT);
1914
1915 if (rv < 0) {
1916 dev_err(dev, "usb_control_msg returned %d\n", rv);
1917 goto exit;
1918 }
1919
1920 dev_dbg(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1921
1922 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1923 dev_err(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1924 rv = -EPERM;
1925 goto exit;
1926 }
1927 rv = 0;
1928
1929 exit:
1930 kfree(buffer);
1931 return rv;
1932 }
1933
usbtmc_ioctl_request(struct usbtmc_device_data * data,void __user * arg)1934 static int usbtmc_ioctl_request(struct usbtmc_device_data *data,
1935 void __user *arg)
1936 {
1937 struct device *dev = &data->intf->dev;
1938 struct usbtmc_ctrlrequest request;
1939 u8 *buffer = NULL;
1940 int rv;
1941 unsigned int is_in, pipe;
1942
1943 if (copy_from_user(&request, arg, sizeof(struct usbtmc_ctrlrequest)))
1944 return -EFAULT;
1945
1946 if (request.req.wLength > USBTMC_BUFSIZE)
1947 return -EMSGSIZE;
1948 if (request.req.wLength == 0) /* Length-0 requests are never IN */
1949 request.req.bRequestType &= ~USB_DIR_IN;
1950
1951 is_in = request.req.bRequestType & USB_DIR_IN;
1952
1953 if (request.req.wLength) {
1954 buffer = kmalloc(request.req.wLength, GFP_KERNEL);
1955 if (!buffer)
1956 return -ENOMEM;
1957
1958 if (!is_in) {
1959 /* Send control data to device */
1960 if (copy_from_user(buffer, request.data,
1961 request.req.wLength)) {
1962 rv = -EFAULT;
1963 goto exit;
1964 }
1965 }
1966 }
1967
1968 if (is_in)
1969 pipe = usb_rcvctrlpipe(data->usb_dev, 0);
1970 else
1971 pipe = usb_sndctrlpipe(data->usb_dev, 0);
1972 rv = usb_control_msg(data->usb_dev,
1973 pipe,
1974 request.req.bRequest,
1975 request.req.bRequestType,
1976 request.req.wValue,
1977 request.req.wIndex,
1978 buffer, request.req.wLength, USB_CTRL_GET_TIMEOUT);
1979
1980 if (rv < 0) {
1981 dev_err(dev, "%s failed %d\n", __func__, rv);
1982 goto exit;
1983 }
1984
1985 if (rv && is_in) {
1986 /* Read control data from device */
1987 if (copy_to_user(request.data, buffer, rv))
1988 rv = -EFAULT;
1989 }
1990
1991 exit:
1992 kfree(buffer);
1993 return rv;
1994 }
1995
1996 /*
1997 * Get the usb timeout value
1998 */
usbtmc_ioctl_get_timeout(struct usbtmc_file_data * file_data,void __user * arg)1999 static int usbtmc_ioctl_get_timeout(struct usbtmc_file_data *file_data,
2000 void __user *arg)
2001 {
2002 u32 timeout;
2003
2004 timeout = file_data->timeout;
2005
2006 return put_user(timeout, (__u32 __user *)arg);
2007 }
2008
2009 /*
2010 * Set the usb timeout value
2011 */
usbtmc_ioctl_set_timeout(struct usbtmc_file_data * file_data,void __user * arg)2012 static int usbtmc_ioctl_set_timeout(struct usbtmc_file_data *file_data,
2013 void __user *arg)
2014 {
2015 u32 timeout;
2016
2017 if (get_user(timeout, (__u32 __user *)arg))
2018 return -EFAULT;
2019
2020 /* Note that timeout = 0 means
2021 * MAX_SCHEDULE_TIMEOUT in usb_control_msg
2022 */
2023 if (timeout < USBTMC_MIN_TIMEOUT)
2024 return -EINVAL;
2025
2026 file_data->timeout = timeout;
2027
2028 return 0;
2029 }
2030
2031 /*
2032 * enables/disables sending EOM on write
2033 */
usbtmc_ioctl_eom_enable(struct usbtmc_file_data * file_data,void __user * arg)2034 static int usbtmc_ioctl_eom_enable(struct usbtmc_file_data *file_data,
2035 void __user *arg)
2036 {
2037 u8 eom_enable;
2038
2039 if (copy_from_user(&eom_enable, arg, sizeof(eom_enable)))
2040 return -EFAULT;
2041
2042 if (eom_enable > 1)
2043 return -EINVAL;
2044
2045 file_data->eom_val = eom_enable;
2046
2047 return 0;
2048 }
2049
2050 /*
2051 * Configure termination character for read()
2052 */
usbtmc_ioctl_config_termc(struct usbtmc_file_data * file_data,void __user * arg)2053 static int usbtmc_ioctl_config_termc(struct usbtmc_file_data *file_data,
2054 void __user *arg)
2055 {
2056 struct usbtmc_termchar termc;
2057
2058 if (copy_from_user(&termc, arg, sizeof(termc)))
2059 return -EFAULT;
2060
2061 if ((termc.term_char_enabled > 1) ||
2062 (termc.term_char_enabled &&
2063 !(file_data->data->capabilities.device_capabilities & 1)))
2064 return -EINVAL;
2065
2066 file_data->term_char = termc.term_char;
2067 file_data->term_char_enabled = termc.term_char_enabled;
2068
2069 return 0;
2070 }
2071
usbtmc_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2072 static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2073 {
2074 struct usbtmc_file_data *file_data;
2075 struct usbtmc_device_data *data;
2076 int retval = -EBADRQC;
2077 __u8 tmp_byte;
2078
2079 file_data = file->private_data;
2080 data = file_data->data;
2081
2082 mutex_lock(&data->io_mutex);
2083 if (data->zombie) {
2084 retval = -ENODEV;
2085 goto skip_io_on_zombie;
2086 }
2087
2088 switch (cmd) {
2089 case USBTMC_IOCTL_CLEAR_OUT_HALT:
2090 retval = usbtmc_ioctl_clear_out_halt(data);
2091 break;
2092
2093 case USBTMC_IOCTL_CLEAR_IN_HALT:
2094 retval = usbtmc_ioctl_clear_in_halt(data);
2095 break;
2096
2097 case USBTMC_IOCTL_INDICATOR_PULSE:
2098 retval = usbtmc_ioctl_indicator_pulse(data);
2099 break;
2100
2101 case USBTMC_IOCTL_CLEAR:
2102 retval = usbtmc_ioctl_clear(data);
2103 break;
2104
2105 case USBTMC_IOCTL_ABORT_BULK_OUT:
2106 retval = usbtmc_ioctl_abort_bulk_out(data);
2107 break;
2108
2109 case USBTMC_IOCTL_ABORT_BULK_IN:
2110 retval = usbtmc_ioctl_abort_bulk_in(data);
2111 break;
2112
2113 case USBTMC_IOCTL_CTRL_REQUEST:
2114 retval = usbtmc_ioctl_request(data, (void __user *)arg);
2115 break;
2116
2117 case USBTMC_IOCTL_GET_TIMEOUT:
2118 retval = usbtmc_ioctl_get_timeout(file_data,
2119 (void __user *)arg);
2120 break;
2121
2122 case USBTMC_IOCTL_SET_TIMEOUT:
2123 retval = usbtmc_ioctl_set_timeout(file_data,
2124 (void __user *)arg);
2125 break;
2126
2127 case USBTMC_IOCTL_EOM_ENABLE:
2128 retval = usbtmc_ioctl_eom_enable(file_data,
2129 (void __user *)arg);
2130 break;
2131
2132 case USBTMC_IOCTL_CONFIG_TERMCHAR:
2133 retval = usbtmc_ioctl_config_termc(file_data,
2134 (void __user *)arg);
2135 break;
2136
2137 case USBTMC_IOCTL_WRITE:
2138 retval = usbtmc_ioctl_generic_write(file_data,
2139 (void __user *)arg);
2140 break;
2141
2142 case USBTMC_IOCTL_READ:
2143 retval = usbtmc_ioctl_generic_read(file_data,
2144 (void __user *)arg);
2145 break;
2146
2147 case USBTMC_IOCTL_WRITE_RESULT:
2148 retval = usbtmc_ioctl_write_result(file_data,
2149 (void __user *)arg);
2150 break;
2151
2152 case USBTMC_IOCTL_API_VERSION:
2153 retval = put_user(USBTMC_API_VERSION,
2154 (__u32 __user *)arg);
2155 break;
2156
2157 case USBTMC488_IOCTL_GET_CAPS:
2158 retval = put_user(data->usb488_caps,
2159 (unsigned char __user *)arg);
2160 break;
2161
2162 case USBTMC488_IOCTL_READ_STB:
2163 retval = usbtmc488_ioctl_read_stb(file_data,
2164 (void __user *)arg);
2165 break;
2166
2167 case USBTMC488_IOCTL_REN_CONTROL:
2168 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2169 USBTMC488_REQUEST_REN_CONTROL);
2170 break;
2171
2172 case USBTMC488_IOCTL_GOTO_LOCAL:
2173 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2174 USBTMC488_REQUEST_GOTO_LOCAL);
2175 break;
2176
2177 case USBTMC488_IOCTL_LOCAL_LOCKOUT:
2178 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2179 USBTMC488_REQUEST_LOCAL_LOCKOUT);
2180 break;
2181
2182 case USBTMC488_IOCTL_TRIGGER:
2183 retval = usbtmc488_ioctl_trigger(file_data);
2184 break;
2185
2186 case USBTMC488_IOCTL_WAIT_SRQ:
2187 retval = usbtmc488_ioctl_wait_srq(file_data,
2188 (__u32 __user *)arg);
2189 break;
2190
2191 case USBTMC_IOCTL_MSG_IN_ATTR:
2192 retval = put_user(file_data->bmTransferAttributes,
2193 (__u8 __user *)arg);
2194 break;
2195
2196 case USBTMC_IOCTL_AUTO_ABORT:
2197 retval = get_user(tmp_byte, (unsigned char __user *)arg);
2198 if (retval == 0)
2199 file_data->auto_abort = !!tmp_byte;
2200 break;
2201
2202 case USBTMC_IOCTL_GET_STB:
2203 retval = usbtmc_get_stb(file_data, &tmp_byte);
2204 if (!retval)
2205 retval = put_user(tmp_byte, (__u8 __user *)arg);
2206 break;
2207
2208 case USBTMC_IOCTL_GET_SRQ_STB:
2209 retval = usbtmc_ioctl_get_srq_stb(file_data,
2210 (void __user *)arg);
2211 break;
2212
2213 case USBTMC_IOCTL_CANCEL_IO:
2214 retval = usbtmc_ioctl_cancel_io(file_data);
2215 break;
2216
2217 case USBTMC_IOCTL_CLEANUP_IO:
2218 retval = usbtmc_ioctl_cleanup_io(file_data);
2219 break;
2220 }
2221
2222 skip_io_on_zombie:
2223 mutex_unlock(&data->io_mutex);
2224 return retval;
2225 }
2226
usbtmc_fasync(int fd,struct file * file,int on)2227 static int usbtmc_fasync(int fd, struct file *file, int on)
2228 {
2229 struct usbtmc_file_data *file_data = file->private_data;
2230
2231 return fasync_helper(fd, file, on, &file_data->data->fasync);
2232 }
2233
usbtmc_poll(struct file * file,poll_table * wait)2234 static __poll_t usbtmc_poll(struct file *file, poll_table *wait)
2235 {
2236 struct usbtmc_file_data *file_data = file->private_data;
2237 struct usbtmc_device_data *data = file_data->data;
2238 __poll_t mask;
2239
2240 mutex_lock(&data->io_mutex);
2241
2242 if (data->zombie) {
2243 mask = EPOLLHUP | EPOLLERR;
2244 goto no_poll;
2245 }
2246
2247 poll_wait(file, &data->waitq, wait);
2248
2249 /* Note that EPOLLPRI is now assigned to SRQ, and
2250 * EPOLLIN|EPOLLRDNORM to normal read data.
2251 */
2252 mask = 0;
2253 if (atomic_read(&file_data->srq_asserted))
2254 mask |= EPOLLPRI;
2255
2256 /* Note that the anchor submitted includes all urbs for BULK IN
2257 * and OUT. So EPOLLOUT is signaled when BULK OUT is empty and
2258 * all BULK IN urbs are completed and moved to in_anchor.
2259 */
2260 if (usb_anchor_empty(&file_data->submitted))
2261 mask |= (EPOLLOUT | EPOLLWRNORM);
2262 if (!usb_anchor_empty(&file_data->in_anchor))
2263 mask |= (EPOLLIN | EPOLLRDNORM);
2264
2265 spin_lock_irq(&file_data->err_lock);
2266 if (file_data->in_status || file_data->out_status)
2267 mask |= EPOLLERR;
2268 spin_unlock_irq(&file_data->err_lock);
2269
2270 dev_dbg(&data->intf->dev, "poll mask = %x\n", mask);
2271
2272 no_poll:
2273 mutex_unlock(&data->io_mutex);
2274 return mask;
2275 }
2276
2277 static const struct file_operations fops = {
2278 .owner = THIS_MODULE,
2279 .read = usbtmc_read,
2280 .write = usbtmc_write,
2281 .open = usbtmc_open,
2282 .release = usbtmc_release,
2283 .flush = usbtmc_flush,
2284 .unlocked_ioctl = usbtmc_ioctl,
2285 .compat_ioctl = compat_ptr_ioctl,
2286 .fasync = usbtmc_fasync,
2287 .poll = usbtmc_poll,
2288 .llseek = default_llseek,
2289 };
2290
2291 static struct usb_class_driver usbtmc_class = {
2292 .name = "usbtmc%d",
2293 .fops = &fops,
2294 .minor_base = USBTMC_MINOR_BASE,
2295 };
2296
usbtmc_interrupt(struct urb * urb)2297 static void usbtmc_interrupt(struct urb *urb)
2298 {
2299 struct usbtmc_device_data *data = urb->context;
2300 struct device *dev = &data->intf->dev;
2301 int status = urb->status;
2302 int rv;
2303
2304 dev_dbg(&data->intf->dev, "int status: %d len %d\n",
2305 status, urb->actual_length);
2306
2307 switch (status) {
2308 case 0: /* SUCCESS */
2309 /* check for valid STB notification */
2310 if (data->iin_buffer[0] > 0x81) {
2311 data->bNotify1 = data->iin_buffer[0];
2312 data->bNotify2 = data->iin_buffer[1];
2313 atomic_set(&data->iin_data_valid, 1);
2314 wake_up_interruptible(&data->waitq);
2315 goto exit;
2316 }
2317 /* check for SRQ notification */
2318 if (data->iin_buffer[0] == 0x81) {
2319 unsigned long flags;
2320 struct list_head *elem;
2321
2322 if (data->fasync)
2323 kill_fasync(&data->fasync,
2324 SIGIO, POLL_PRI);
2325
2326 spin_lock_irqsave(&data->dev_lock, flags);
2327 list_for_each(elem, &data->file_list) {
2328 struct usbtmc_file_data *file_data;
2329
2330 file_data = list_entry(elem,
2331 struct usbtmc_file_data,
2332 file_elem);
2333 file_data->srq_byte = data->iin_buffer[1];
2334 atomic_set(&file_data->srq_asserted, 1);
2335 }
2336 spin_unlock_irqrestore(&data->dev_lock, flags);
2337
2338 dev_dbg(dev, "srq received bTag %x stb %x\n",
2339 (unsigned int)data->iin_buffer[0],
2340 (unsigned int)data->iin_buffer[1]);
2341 wake_up_interruptible_all(&data->waitq);
2342 goto exit;
2343 }
2344 dev_warn(dev, "invalid notification: %x\n",
2345 data->iin_buffer[0]);
2346 break;
2347 case -EOVERFLOW:
2348 dev_err(dev, "overflow with length %d, actual length is %d\n",
2349 data->iin_wMaxPacketSize, urb->actual_length);
2350 fallthrough;
2351 default:
2352 /* urb terminated, clean up */
2353 dev_dbg(dev, "urb terminated, status: %d\n", status);
2354 return;
2355 }
2356 exit:
2357 rv = usb_submit_urb(urb, GFP_ATOMIC);
2358 if (rv)
2359 dev_err(dev, "usb_submit_urb failed: %d\n", rv);
2360 }
2361
usbtmc_free_int(struct usbtmc_device_data * data)2362 static void usbtmc_free_int(struct usbtmc_device_data *data)
2363 {
2364 if (!data->iin_ep_present || !data->iin_urb)
2365 return;
2366 usb_kill_urb(data->iin_urb);
2367 kfree(data->iin_buffer);
2368 data->iin_buffer = NULL;
2369 usb_free_urb(data->iin_urb);
2370 data->iin_urb = NULL;
2371 kref_put(&data->kref, usbtmc_delete);
2372 }
2373
usbtmc_probe(struct usb_interface * intf,const struct usb_device_id * id)2374 static int usbtmc_probe(struct usb_interface *intf,
2375 const struct usb_device_id *id)
2376 {
2377 struct usbtmc_device_data *data;
2378 struct usb_host_interface *iface_desc;
2379 struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in;
2380 int retcode;
2381
2382 dev_dbg(&intf->dev, "%s called\n", __func__);
2383
2384 data = kzalloc_obj(*data);
2385 if (!data)
2386 return -ENOMEM;
2387
2388 data->intf = intf;
2389 data->id = id;
2390 data->usb_dev = usb_get_dev(interface_to_usbdev(intf));
2391 usb_set_intfdata(intf, data);
2392 kref_init(&data->kref);
2393 mutex_init(&data->io_mutex);
2394 init_waitqueue_head(&data->waitq);
2395 atomic_set(&data->iin_data_valid, 0);
2396 INIT_LIST_HEAD(&data->file_list);
2397 spin_lock_init(&data->dev_lock);
2398
2399 data->zombie = 0;
2400
2401 /* Initialize USBTMC bTag and other fields */
2402 data->bTag = 1;
2403 /* 2 <= bTag <= 127 USBTMC-USB488 subclass specification 4.3.1 */
2404 data->iin_bTag = 2;
2405
2406 /* USBTMC devices have only one setting, so use that */
2407 iface_desc = data->intf->cur_altsetting;
2408 data->ifnum = iface_desc->desc.bInterfaceNumber;
2409
2410 /* Find bulk endpoints */
2411 retcode = usb_find_common_endpoints(iface_desc,
2412 &bulk_in, &bulk_out, NULL, NULL);
2413 if (retcode) {
2414 dev_err(&intf->dev, "bulk endpoints not found\n");
2415 goto err_put;
2416 }
2417
2418 retcode = -EINVAL;
2419 data->bulk_in = bulk_in->bEndpointAddress;
2420 data->wMaxPacketSize = usb_endpoint_maxp(bulk_in);
2421 if (!data->wMaxPacketSize)
2422 goto err_put;
2423 dev_dbg(&intf->dev, "Found bulk in endpoint at %u\n", data->bulk_in);
2424
2425 data->bulk_out = bulk_out->bEndpointAddress;
2426 dev_dbg(&intf->dev, "Found Bulk out endpoint at %u\n", data->bulk_out);
2427
2428 /* Find int endpoint */
2429 retcode = usb_find_int_in_endpoint(iface_desc, &int_in);
2430 if (!retcode) {
2431 data->iin_ep_present = 1;
2432 data->iin_ep = int_in->bEndpointAddress;
2433 data->iin_wMaxPacketSize = usb_endpoint_maxp(int_in);
2434 data->iin_interval = int_in->bInterval;
2435 dev_dbg(&intf->dev, "Found Int in endpoint at %u\n",
2436 data->iin_ep);
2437 }
2438
2439 retcode = get_capabilities(data);
2440 if (retcode)
2441 dev_err(&intf->dev, "can't read capabilities\n");
2442
2443 if (data->iin_ep_present) {
2444 /* allocate int urb */
2445 data->iin_urb = usb_alloc_urb(0, GFP_KERNEL);
2446 if (!data->iin_urb) {
2447 retcode = -ENOMEM;
2448 goto error_register;
2449 }
2450
2451 /* Protect interrupt in endpoint data until iin_urb is freed */
2452 kref_get(&data->kref);
2453
2454 /* allocate buffer for interrupt in */
2455 data->iin_buffer = kmalloc(data->iin_wMaxPacketSize,
2456 GFP_KERNEL);
2457 if (!data->iin_buffer) {
2458 retcode = -ENOMEM;
2459 goto error_register;
2460 }
2461
2462 /* fill interrupt urb */
2463 usb_fill_int_urb(data->iin_urb, data->usb_dev,
2464 usb_rcvintpipe(data->usb_dev, data->iin_ep),
2465 data->iin_buffer, data->iin_wMaxPacketSize,
2466 usbtmc_interrupt,
2467 data, data->iin_interval);
2468
2469 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL);
2470 if (retcode) {
2471 dev_err(&intf->dev, "Failed to submit iin_urb\n");
2472 goto error_register;
2473 }
2474 }
2475
2476 retcode = usb_register_dev(intf, &usbtmc_class);
2477 if (retcode) {
2478 dev_err(&intf->dev, "Not able to get a minor (base %u, slice default): %d\n",
2479 USBTMC_MINOR_BASE,
2480 retcode);
2481 goto error_register;
2482 }
2483 dev_dbg(&intf->dev, "Using minor number %d\n", intf->minor);
2484
2485 return 0;
2486
2487 error_register:
2488 usbtmc_free_int(data);
2489 err_put:
2490 kref_put(&data->kref, usbtmc_delete);
2491 return retcode;
2492 }
2493
usbtmc_disconnect(struct usb_interface * intf)2494 static void usbtmc_disconnect(struct usb_interface *intf)
2495 {
2496 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2497 struct list_head *elem;
2498
2499 usb_deregister_dev(intf, &usbtmc_class);
2500 mutex_lock(&data->io_mutex);
2501 data->zombie = 1;
2502 wake_up_interruptible_all(&data->waitq);
2503 list_for_each(elem, &data->file_list) {
2504 struct usbtmc_file_data *file_data;
2505
2506 file_data = list_entry(elem,
2507 struct usbtmc_file_data,
2508 file_elem);
2509 usb_kill_anchored_urbs(&file_data->submitted);
2510 usb_scuttle_anchored_urbs(&file_data->in_anchor);
2511 }
2512 mutex_unlock(&data->io_mutex);
2513 usbtmc_free_int(data);
2514 kref_put(&data->kref, usbtmc_delete);
2515 }
2516
usbtmc_draw_down(struct usbtmc_file_data * file_data)2517 static void usbtmc_draw_down(struct usbtmc_file_data *file_data)
2518 {
2519 int time;
2520
2521 time = usb_wait_anchor_empty_timeout(&file_data->submitted, 1000);
2522 if (!time)
2523 usb_kill_anchored_urbs(&file_data->submitted);
2524 usb_scuttle_anchored_urbs(&file_data->in_anchor);
2525 }
2526
usbtmc_suspend(struct usb_interface * intf,pm_message_t message)2527 static int usbtmc_suspend(struct usb_interface *intf, pm_message_t message)
2528 {
2529 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2530 struct list_head *elem;
2531
2532 if (!data)
2533 return 0;
2534
2535 mutex_lock(&data->io_mutex);
2536 list_for_each(elem, &data->file_list) {
2537 struct usbtmc_file_data *file_data;
2538
2539 file_data = list_entry(elem,
2540 struct usbtmc_file_data,
2541 file_elem);
2542 usbtmc_draw_down(file_data);
2543 }
2544
2545 if (data->iin_ep_present && data->iin_urb)
2546 usb_kill_urb(data->iin_urb);
2547
2548 mutex_unlock(&data->io_mutex);
2549 return 0;
2550 }
2551
usbtmc_resume(struct usb_interface * intf)2552 static int usbtmc_resume(struct usb_interface *intf)
2553 {
2554 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2555 int retcode = 0;
2556
2557 if (data->iin_ep_present && data->iin_urb)
2558 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL);
2559 if (retcode)
2560 dev_err(&intf->dev, "Failed to submit iin_urb\n");
2561
2562 return retcode;
2563 }
2564
usbtmc_pre_reset(struct usb_interface * intf)2565 static int usbtmc_pre_reset(struct usb_interface *intf)
2566 {
2567 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2568 struct list_head *elem;
2569
2570 if (!data)
2571 return 0;
2572
2573 mutex_lock(&data->io_mutex);
2574
2575 list_for_each(elem, &data->file_list) {
2576 struct usbtmc_file_data *file_data;
2577
2578 file_data = list_entry(elem,
2579 struct usbtmc_file_data,
2580 file_elem);
2581 usbtmc_ioctl_cancel_io(file_data);
2582 }
2583
2584 return 0;
2585 }
2586
usbtmc_post_reset(struct usb_interface * intf)2587 static int usbtmc_post_reset(struct usb_interface *intf)
2588 {
2589 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2590
2591 mutex_unlock(&data->io_mutex);
2592
2593 return 0;
2594 }
2595
2596 static struct usb_driver usbtmc_driver = {
2597 .name = "usbtmc",
2598 .id_table = usbtmc_devices,
2599 .probe = usbtmc_probe,
2600 .disconnect = usbtmc_disconnect,
2601 .suspend = usbtmc_suspend,
2602 .resume = usbtmc_resume,
2603 .pre_reset = usbtmc_pre_reset,
2604 .post_reset = usbtmc_post_reset,
2605 .dev_groups = usbtmc_groups,
2606 };
2607
2608 module_usb_driver(usbtmc_driver);
2609
2610 MODULE_DESCRIPTION("USB Test & Measurement class driver");
2611 MODULE_LICENSE("GPL");
2612