File: /usr/src/linux/drivers/usb/devio.c
1 /*****************************************************************************/
2
3 /*
4 * devio.c -- User space communication with USB devices.
5 *
6 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch)
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 *
22 * $Id: devio.c,v 1.7 2000/02/01 17:28:48 fliegl Exp $
23 *
24 * This file implements the usbdevfs/x/y files, where
25 * x is the bus number and y the device number.
26 *
27 * It allows user space programs/"drivers" to communicate directly
28 * with USB devices without intervening kernel driver.
29 *
30 * Revision history
31 * 22.12.1999 0.1 Initial release (split from proc_usb.c)
32 * 04.01.2000 0.2 Turned into its own filesystem
33 */
34
35 /*****************************************************************************/
36
37 #include <linux/fs.h>
38 #include <linux/mm.h>
39 #include <linux/slab.h>
40 #include <linux/smp_lock.h>
41 #include <linux/signal.h>
42 #include <linux/poll.h>
43 #include <linux/usb.h>
44 #include <linux/usbdevice_fs.h>
45 #include <asm/uaccess.h>
46
47
48 struct async {
49 struct list_head asynclist;
50 struct dev_state *ps;
51 struct task_struct *task;
52 unsigned int signr;
53 void *userbuffer;
54 void *userurb;
55 urb_t urb;
56 };
57
58 static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
59 {
60 switch (orig) {
61 case 0:
62 file->f_pos = offset;
63 return file->f_pos;
64
65 case 1:
66 file->f_pos += offset;
67 return file->f_pos;
68
69 case 2:
70 return -EINVAL;
71
72 default:
73 return -EINVAL;
74 }
75 }
76
77 static ssize_t usbdev_read(struct file *file, char * buf, size_t nbytes, loff_t *ppos)
78 {
79 struct dev_state *ps = (struct dev_state *)file->private_data;
80 ssize_t ret = 0;
81 unsigned len;
82 loff_t pos;
83 int i;
84
85 pos = *ppos;
86 down_read(&ps->devsem);
87 if (!ps->dev) {
88 ret = -ENODEV;
89 goto err;
90 } else if (pos < 0) {
91 ret = -EINVAL;
92 goto err;
93 }
94
95 if (pos < sizeof(struct usb_device_descriptor)) {
96 len = sizeof(struct usb_device_descriptor) - pos;
97 if (len > nbytes)
98 len = nbytes;
99 if (copy_to_user(buf, ((char *)&ps->dev->descriptor) + pos, len)) {
100 ret = -EFAULT;
101 goto err;
102 }
103
104 *ppos += len;
105 buf += len;
106 nbytes -= len;
107 ret += len;
108 }
109
110 pos = sizeof(struct usb_device_descriptor);
111 for (i = 0; nbytes && i < ps->dev->descriptor.bNumConfigurations; i++) {
112 struct usb_config_descriptor *config =
113 (struct usb_config_descriptor *)ps->dev->rawdescriptors[i];
114 unsigned int length = le16_to_cpu(config->wTotalLength);
115
116 if (*ppos < pos + length) {
117 len = length - (*ppos - pos);
118 if (len > nbytes)
119 len = nbytes;
120
121 if (copy_to_user(buf,
122 ps->dev->rawdescriptors[i] + (*ppos - pos), len)) {
123 ret = -EFAULT;
124 goto err;
125 }
126
127 *ppos += len;
128 buf += len;
129 nbytes -= len;
130 ret += len;
131 }
132
133 pos += length;
134 }
135
136 err:
137 up_read(&ps->devsem);
138 return ret;
139 }
140
141 extern inline unsigned int ld2(unsigned int x)
142 {
143 unsigned int r = 0;
144
145 if (x >= 0x10000) {
146 x >>= 16;
147 r += 16;
148 }
149 if (x >= 0x100) {
150 x >>= 8;
151 r += 8;
152 }
153 if (x >= 0x10) {
154 x >>= 4;
155 r += 4;
156 }
157 if (x >= 4) {
158 x >>= 2;
159 r += 2;
160 }
161 if (x >= 2)
162 r++;
163 return r;
164 }
165
166 /*
167 * async list handling
168 */
169
170 static struct async *alloc_async(unsigned int numisoframes)
171 {
172 unsigned int assize = sizeof(struct async) + numisoframes * sizeof(iso_packet_descriptor_t);
173 struct async *as = kmalloc(assize, GFP_KERNEL);
174 if (!as)
175 return NULL;
176 memset(as, 0, assize);
177 as->urb.number_of_packets = numisoframes;
178 spin_lock_init(&as->urb.lock);
179 return as;
180 }
181
182 static void free_async(struct async *as)
183 {
184 if (as->urb.transfer_buffer)
185 kfree(as->urb.transfer_buffer);
186 if (as->urb.setup_packet)
187 kfree(as->urb.setup_packet);
188 kfree(as);
189 }
190
191 extern __inline__ void async_newpending(struct async *as)
192 {
193 struct dev_state *ps = as->ps;
194 unsigned long flags;
195
196 spin_lock_irqsave(&ps->lock, flags);
197 list_add_tail(&as->asynclist, &ps->async_pending);
198 spin_unlock_irqrestore(&ps->lock, flags);
199 }
200
201 extern __inline__ void async_removepending(struct async *as)
202 {
203 struct dev_state *ps = as->ps;
204 unsigned long flags;
205
206 spin_lock_irqsave(&ps->lock, flags);
207 list_del(&as->asynclist);
208 INIT_LIST_HEAD(&as->asynclist);
209 spin_unlock_irqrestore(&ps->lock, flags);
210 }
211
212 extern __inline__ struct async *async_getcompleted(struct dev_state *ps)
213 {
214 unsigned long flags;
215 struct async *as = NULL;
216
217 spin_lock_irqsave(&ps->lock, flags);
218 if (!list_empty(&ps->async_completed)) {
219 as = list_entry(ps->async_completed.next, struct async, asynclist);
220 list_del(&as->asynclist);
221 INIT_LIST_HEAD(&as->asynclist);
222 }
223 spin_unlock_irqrestore(&ps->lock, flags);
224 return as;
225 }
226
227 extern __inline__ struct async *async_getpending(struct dev_state *ps, void *userurb)
228 {
229 unsigned long flags;
230 struct async *as;
231 struct list_head *p;
232
233 spin_lock_irqsave(&ps->lock, flags);
234 for (p = ps->async_pending.next; p != &ps->async_pending; ) {
235 as = list_entry(p, struct async, asynclist);
236 p = p->next;
237 if (as->userurb != userurb)
238 continue;
239 list_del(&as->asynclist);
240 INIT_LIST_HEAD(&as->asynclist);
241 spin_unlock_irqrestore(&ps->lock, flags);
242 return as;
243 }
244 spin_unlock_irqrestore(&ps->lock, flags);
245 return NULL;
246 }
247
248 static void async_completed(purb_t urb)
249 {
250 struct async *as = (struct async *)urb->context;
251 struct dev_state *ps = as->ps;
252 struct siginfo sinfo;
253
254 spin_lock(&ps->lock);
255 list_del(&as->asynclist);
256 list_add_tail(&as->asynclist, &ps->async_completed);
257 spin_unlock(&ps->lock);
258 wake_up(&ps->wait);
259 if (as->signr) {
260 sinfo.si_signo = as->signr;
261 sinfo.si_errno = as->urb.status;
262 sinfo.si_code = SI_ASYNCIO;
263 sinfo.si_addr = as->userurb;
264 send_sig_info(as->signr, &sinfo, as->task);
265 }
266 }
267
268 static void destroy_all_async(struct dev_state *ps)
269 {
270 struct async *as;
271 unsigned long flags;
272
273 spin_lock_irqsave(&ps->lock, flags);
274 while (!list_empty(&ps->async_pending)) {
275 as = list_entry(ps->async_pending.next, struct async, asynclist);
276 list_del(&as->asynclist);
277 INIT_LIST_HEAD(&as->asynclist);
278 spin_unlock_irqrestore(&ps->lock, flags);
279 /* usb_unlink_urb calls the completion handler with status == USB_ST_URB_KILLED */
280 usb_unlink_urb(&as->urb);
281 spin_lock_irqsave(&ps->lock, flags);
282 }
283 spin_unlock_irqrestore(&ps->lock, flags);
284 while ((as = async_getcompleted(ps)))
285 free_async(as);
286 }
287
288 /*
289 * interface claiming
290 */
291
292 static void *driver_probe(struct usb_device *dev, unsigned int intf,
293 const struct usb_device_id *id)
294 {
295 return NULL;
296 }
297
298 static void driver_disconnect(struct usb_device *dev, void *context)
299 {
300 struct dev_state *ps = (struct dev_state *)context;
301
302 ps->ifclaimed = 0;
303 }
304
305 struct usb_driver usbdevfs_driver = {
306 name: "usbdevfs",
307 probe: driver_probe,
308 disconnect: driver_disconnect,
309 };
310
311 static int claimintf(struct dev_state *ps, unsigned int intf)
312 {
313 struct usb_device *dev = ps->dev;
314 struct usb_interface *iface;
315 int err;
316
317 if (intf >= 8*sizeof(ps->ifclaimed) || !dev || intf >= dev->actconfig->bNumInterfaces)
318 return -EINVAL;
319 /* already claimed */
320 if (test_bit(intf, &ps->ifclaimed))
321 return 0;
322 iface = &dev->actconfig->interface[intf];
323 err = -EBUSY;
324 lock_kernel();
325 if (!usb_interface_claimed(iface)) {
326 usb_driver_claim_interface(&usbdevfs_driver, iface, ps);
327 set_bit(intf, &ps->ifclaimed);
328 err = 0;
329 }
330 unlock_kernel();
331 return err;
332 }
333
334 static int releaseintf(struct dev_state *ps, unsigned int intf)
335 {
336 struct usb_device *dev;
337 struct usb_interface *iface;
338 int err;
339
340 if (intf >= 8*sizeof(ps->ifclaimed))
341 return -EINVAL;
342 err = -EINVAL;
343 lock_kernel();
344 dev = ps->dev;
345 if (dev && test_and_clear_bit(intf, &ps->ifclaimed)) {
346 iface = &dev->actconfig->interface[intf];
347 usb_driver_release_interface(&usbdevfs_driver, iface);
348 err = 0;
349 }
350 unlock_kernel();
351 return err;
352 }
353
354 static int checkintf(struct dev_state *ps, unsigned int intf)
355 {
356 if (intf >= 8*sizeof(ps->ifclaimed))
357 return -EINVAL;
358 if (test_bit(intf, &ps->ifclaimed))
359 return 0;
360 /* if not yet claimed, claim it for the driver */
361 printk(KERN_WARNING "usbdevfs: process %d (%s) did not claim interface %u before use\n",
362 current->pid, current->comm, intf);
363 return claimintf(ps, intf);
364 }
365
366 static int findintfep(struct usb_device *dev, unsigned int ep)
367 {
368 unsigned int i, j, e;
369 struct usb_interface *iface;
370 struct usb_interface_descriptor *alts;
371 struct usb_endpoint_descriptor *endpt;
372
373 if (ep & ~(USB_DIR_IN|0xf))
374 return -EINVAL;
375 for (i = 0; i < dev->actconfig->bNumInterfaces; i++) {
376 iface = &dev->actconfig->interface[i];
377 for (j = 0; j < iface->num_altsetting; j++) {
378 alts = &iface->altsetting[j];
379 for (e = 0; e < alts->bNumEndpoints; e++) {
380 endpt = &alts->endpoint[e];
381 if (endpt->bEndpointAddress == ep)
382 return i;
383 }
384 }
385 }
386 return -ENOENT;
387 }
388
389 static int findintfif(struct usb_device *dev, unsigned int ifn)
390 {
391 unsigned int i, j;
392 struct usb_interface *iface;
393 struct usb_interface_descriptor *alts;
394
395 if (ifn & ~0xff)
396 return -EINVAL;
397 for (i = 0; i < dev->actconfig->bNumInterfaces; i++) {
398 iface = &dev->actconfig->interface[i];
399 for (j = 0; j < iface->num_altsetting; j++) {
400 alts = &iface->altsetting[j];
401 if (alts->bInterfaceNumber == ifn)
402 return i;
403 }
404 }
405 return -ENOENT;
406 }
407
408 extern struct list_head usb_driver_list;
409
410 #if 0
411 static int finddriver(struct usb_driver **driver, char *name)
412 {
413 struct list_head *tmp;
414
415 tmp = usb_driver_list.next;
416 while (tmp != &usb_driver_list) {
417 struct usb_driver *d = list_entry(tmp, struct usb_driver,
418 driver_list);
419
420 if (!strcmp(d->name, name)) {
421 *driver = d;
422 return 0;
423 }
424
425 tmp = tmp->next;
426 }
427
428 return -EINVAL;
429 }
430 #endif
431
432 static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, unsigned int index)
433 {
434 int ret;
435
436 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
437 return 0;
438
439 switch (requesttype & USB_RECIP_MASK) {
440 case USB_RECIP_ENDPOINT:
441 if ((ret = findintfep(ps->dev, index & 0xff)) < 0)
442 return ret;
443 if ((ret = checkintf(ps, ret)))
444 return ret;
445 break;
446
447 case USB_RECIP_INTERFACE:
448 if ((ret = findintfif(ps->dev, index & 0xff)) < 0)
449 return ret;
450 if ((ret = checkintf(ps, ret)))
451 return ret;
452 break;
453 }
454 return 0;
455 }
456
457 /*
458 * file operations
459 */
460 static int usbdev_open(struct inode *inode, struct file *file)
461 {
462 struct usb_device *dev;
463 struct dev_state *ps;
464 int ret;
465
466 /*
467 * no locking necessary here, as both sys_open (actually filp_open)
468 * and the hub thread have the kernel lock
469 * (still acquire the kernel lock for safety)
470 */
471 lock_kernel();
472 ret = -ENOENT;
473 if (ITYPE(inode->i_ino) != IDEVICE)
474 goto out;
475 dev = inode->u.usbdev_i.p.dev;
476 if (!dev)
477 goto out;
478 ret = -ENOMEM;
479 if (!(ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL)))
480 goto out;
481 ret = 0;
482 ps->dev = dev;
483 ps->file = file;
484 spin_lock_init(&ps->lock);
485 INIT_LIST_HEAD(&ps->async_pending);
486 INIT_LIST_HEAD(&ps->async_completed);
487 init_waitqueue_head(&ps->wait);
488 init_rwsem(&ps->devsem);
489 ps->discsignr = 0;
490 ps->disctask = current;
491 ps->disccontext = NULL;
492 ps->ifclaimed = 0;
493 wmb();
494 list_add_tail(&ps->list, &dev->filelist);
495 file->private_data = ps;
496 out:
497 unlock_kernel();
498 return ret;
499 }
500
501 static int usbdev_release(struct inode *inode, struct file *file)
502 {
503 struct dev_state *ps = (struct dev_state *)file->private_data;
504 unsigned int i;
505
506 lock_kernel();
507 list_del(&ps->list);
508 INIT_LIST_HEAD(&ps->list);
509 if (ps->dev) {
510 for (i = 0; ps->ifclaimed && i < 8*sizeof(ps->ifclaimed); i++)
511 if (test_bit(i, &ps->ifclaimed))
512 releaseintf(ps, i);
513 }
514 unlock_kernel();
515 destroy_all_async(ps);
516 kfree(ps);
517 return 0;
518 }
519
520 static int proc_control(struct dev_state *ps, void *arg)
521 {
522 struct usb_device *dev = ps->dev;
523 struct usbdevfs_ctrltransfer ctrl;
524 unsigned int tmo;
525 unsigned char *tbuf;
526 int i, ret;
527
528 if (copy_from_user(&ctrl, (void *)arg, sizeof(ctrl)))
529 return -EFAULT;
530 if ((ret = check_ctrlrecip(ps, ctrl.requesttype, ctrl.index)))
531 return ret;
532 if (ctrl.length > PAGE_SIZE)
533 return -EINVAL;
534 if (!(tbuf = (unsigned char *)__get_free_page(GFP_KERNEL)))
535 return -ENOMEM;
536 tmo = (ctrl.timeout * HZ + 999) / 1000;
537 if (ctrl.requesttype & 0x80) {
538 if (ctrl.length && !access_ok(VERIFY_WRITE, ctrl.data, ctrl.length)) {
539 free_page((unsigned long)tbuf);
540 return -EINVAL;
541 }
542 i = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ctrl.request, ctrl.requesttype,
543 ctrl.value, ctrl.index, tbuf, ctrl.length, tmo);
544 if ((i > 0) && ctrl.length) {
545 if (copy_to_user(ctrl.data, tbuf, ctrl.length)) {
546 free_page((unsigned long)tbuf);
547 return -EFAULT;
548 }
549 }
550 } else {
551 if (ctrl.length) {
552 if (copy_from_user(tbuf, ctrl.data, ctrl.length)) {
553 free_page((unsigned long)tbuf);
554 return -EFAULT;
555 }
556 }
557 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.request, ctrl.requesttype,
558 ctrl.value, ctrl.index, tbuf, ctrl.length, tmo);
559 }
560 free_page((unsigned long)tbuf);
561 if (i<0) {
562 printk(KERN_DEBUG "usbdevfs: USBDEVFS_CONTROL failed dev %d rqt %u rq %u len %u ret %d\n",
563 dev->devnum, ctrl.requesttype, ctrl.request, ctrl.length, i);
564 }
565 return i;
566 }
567
568 static int proc_bulk(struct dev_state *ps, void *arg)
569 {
570 struct usb_device *dev = ps->dev;
571 struct usbdevfs_bulktransfer bulk;
572 unsigned int tmo, len1, pipe;
573 int len2;
574 unsigned char *tbuf;
575 int i, ret;
576
577 if (copy_from_user(&bulk, (void *)arg, sizeof(bulk)))
578 return -EFAULT;
579 if ((ret = findintfep(ps->dev, bulk.ep)) < 0)
580 return ret;
581 if ((ret = checkintf(ps, ret)))
582 return ret;
583 if (bulk.ep & USB_DIR_IN)
584 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f);
585 else
586 pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f);
587 if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
588 return -EINVAL;
589 len1 = bulk.len;
590 if (len1 > PAGE_SIZE)
591 return -EINVAL;
592 if (!(tbuf = (unsigned char *)__get_free_page(GFP_KERNEL)))
593 return -ENOMEM;
594 tmo = (bulk.timeout * HZ + 999) / 1000;
595 if (bulk.ep & 0x80) {
596 if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) {
597 free_page((unsigned long)tbuf);
598 return -EINVAL;
599 }
600 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
601 if (!i && len2) {
602 if (copy_to_user(bulk.data, tbuf, len2)) {
603 free_page((unsigned long)tbuf);
604 return -EFAULT;
605 }
606 }
607 } else {
608 if (len1) {
609 if (copy_from_user(tbuf, bulk.data, len1)) {
610 free_page((unsigned long)tbuf);
611 return -EFAULT;
612 }
613 }
614 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
615 }
616 free_page((unsigned long)tbuf);
617 if (i < 0) {
618 printk(KERN_WARNING "usbdevfs: USBDEVFS_BULK failed dev %d ep 0x%x len %u ret %d\n",
619 dev->devnum, bulk.ep, bulk.len, i);
620 return i;
621 }
622 return len2;
623 }
624
625 static int proc_resetep(struct dev_state *ps, void *arg)
626 {
627 unsigned int ep;
628 int ret;
629
630 if (get_user(ep, (unsigned int *)arg))
631 return -EFAULT;
632 if ((ret = findintfep(ps->dev, ep)) < 0)
633 return ret;
634 if ((ret = checkintf(ps, ret)))
635 return ret;
636 usb_settoggle(ps->dev, ep & 0xf, !(ep & USB_DIR_IN), 0);
637 return 0;
638 }
639
640 static int proc_clearhalt(struct dev_state *ps, void *arg)
641 {
642 unsigned int ep;
643 int pipe;
644 int ret;
645
646 if (get_user(ep, (unsigned int *)arg))
647 return -EFAULT;
648 if ((ret = findintfep(ps->dev, ep)) < 0)
649 return ret;
650 if ((ret = checkintf(ps, ret)))
651 return ret;
652 if (ep & USB_DIR_IN)
653 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
654 else
655 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
656
657 return usb_clear_halt(ps->dev, pipe);
658 }
659
660
661 static int proc_getdriver(struct dev_state *ps, void *arg)
662 {
663 struct usbdevfs_getdriver gd;
664 struct usb_interface *interface;
665 int ret;
666
667 if (copy_from_user(&gd, arg, sizeof(gd)))
668 return -EFAULT;
669 if ((ret = findintfif(ps->dev, gd.interface)) < 0)
670 return ret;
671 interface = usb_ifnum_to_if(ps->dev, gd.interface);
672 if (!interface)
673 return -EINVAL;
674 if (!interface->driver)
675 return -ENODATA;
676 strcpy(gd.driver, interface->driver->name);
677 if (copy_to_user(arg, &gd, sizeof(gd)))
678 return -EFAULT;
679 return 0;
680 }
681
682 static int proc_connectinfo(struct dev_state *ps, void *arg)
683 {
684 struct usbdevfs_connectinfo ci;
685
686 ci.devnum = ps->dev->devnum;
687 ci.slow = ps->dev->speed == USB_SPEED_LOW;
688 if (copy_to_user(arg, &ci, sizeof(ci)))
689 return -EFAULT;
690 return 0;
691 }
692
693 static int proc_resetdevice(struct dev_state *ps)
694 {
695 int i, ret;
696
697 ret = usb_reset_device(ps->dev);
698 if (ret < 0)
699 return ret;
700
701 for (i = 0; i < ps->dev->actconfig->bNumInterfaces; i++) {
702 struct usb_interface *intf = &ps->dev->actconfig->interface[i];
703
704 /* Don't simulate interfaces we've claimed */
705 if (test_bit(i, &ps->ifclaimed))
706 continue;
707
708 if (intf->driver) {
709 const struct usb_device_id *id;
710 down(&intf->driver->serialize);
711 intf->driver->disconnect(ps->dev, intf->private_data);
712 id = usb_match_id(ps->dev,intf,intf->driver->id_table);
713 intf->driver->probe(ps->dev, i, id);
714 up(&intf->driver->serialize);
715 }
716 }
717
718 return 0;
719 }
720
721 static int proc_setintf(struct dev_state *ps, void *arg)
722 {
723 struct usbdevfs_setinterface setintf;
724 struct usb_interface *interface;
725 int ret;
726
727 if (copy_from_user(&setintf, arg, sizeof(setintf)))
728 return -EFAULT;
729 if ((ret = findintfif(ps->dev, setintf.interface)) < 0)
730 return ret;
731 interface = usb_ifnum_to_if(ps->dev, setintf.interface);
732 if (!interface)
733 return -EINVAL;
734 if (interface->driver) {
735 if ((ret = checkintf(ps, ret)))
736 return ret;
737 }
738 if (usb_set_interface(ps->dev, setintf.interface, setintf.altsetting))
739 return -EINVAL;
740 return 0;
741 }
742
743 static int proc_setconfig(struct dev_state *ps, void *arg)
744 {
745 unsigned int u;
746
747 if (get_user(u, (unsigned int *)arg))
748 return -EFAULT;
749 if (usb_set_configuration(ps->dev, u) < 0)
750 return -EINVAL;
751 return 0;
752 }
753
754 static int proc_submiturb(struct dev_state *ps, void *arg)
755 {
756 struct usbdevfs_urb uurb;
757 struct usbdevfs_iso_packet_desc *isopkt = NULL;
758 struct usb_endpoint_descriptor *ep_desc;
759 struct async *as;
760 devrequest *dr = NULL;
761 unsigned int u, totlen, isofrmlen;
762 int ret;
763
764 if (copy_from_user(&uurb, arg, sizeof(uurb)))
765 return -EFAULT;
766 if (uurb.flags & ~(USBDEVFS_URB_ISO_ASAP|USBDEVFS_URB_DISABLE_SPD|USBDEVFS_URB_QUEUE_BULK|
767 USB_NO_FSBR|USB_ZERO_PACKET))
768 return -EINVAL;
769 if (!uurb.buffer)
770 return -EINVAL;
771 if (uurb.signr != 0 && (uurb.signr < SIGRTMIN || uurb.signr > SIGRTMAX))
772 return -EINVAL;
773 if (!(uurb.type == USBDEVFS_URB_TYPE_CONTROL && (uurb.endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
774 if ((ret = findintfep(ps->dev, uurb.endpoint)) < 0)
775 return ret;
776 if ((ret = checkintf(ps, ret)))
777 return ret;
778 }
779 switch(uurb.type) {
780 case USBDEVFS_URB_TYPE_CONTROL:
781 if ((uurb.endpoint & ~USB_ENDPOINT_DIR_MASK) != 0) {
782 if (!(ep_desc = usb_epnum_to_ep_desc(ps->dev, uurb.endpoint)))
783 return -ENOENT;
784 if ((ep_desc->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) != USB_ENDPOINT_XFER_CONTROL)
785 return -EINVAL;
786 }
787 /* min 8 byte setup packet, max arbitrary */
788 if (uurb.buffer_length < 8 || uurb.buffer_length > PAGE_SIZE)
789 return -EINVAL;
790 if (!(dr = kmalloc(sizeof(devrequest), GFP_KERNEL)))
791 return -ENOMEM;
792 if (copy_from_user(dr, (unsigned char*)uurb.buffer, 8)) {
793 kfree(dr);
794 return -EFAULT;
795 }
796 if (uurb.buffer_length < (le16_to_cpup(&dr->length) + 8)) {
797 kfree(dr);
798 return -EINVAL;
799 }
800 if ((ret = check_ctrlrecip(ps, dr->requesttype, le16_to_cpup(&dr->index)))) {
801 kfree(dr);
802 return ret;
803 }
804 uurb.endpoint = (uurb.endpoint & ~USB_ENDPOINT_DIR_MASK) | (dr->requesttype & USB_ENDPOINT_DIR_MASK);
805 uurb.number_of_packets = 0;
806 uurb.buffer_length = le16_to_cpup(&dr->length);
807 uurb.buffer += 8;
808 if (!access_ok((uurb.endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb.buffer, uurb.buffer_length)) {
809 kfree(dr);
810 return -EFAULT;
811 }
812 break;
813
814 case USBDEVFS_URB_TYPE_BULK:
815 uurb.number_of_packets = 0;
816 if (uurb.buffer_length > 16384)
817 return -EINVAL;
818 if (!access_ok((uurb.endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb.buffer, uurb.buffer_length))
819 return -EFAULT;
820 break;
821
822 case USBDEVFS_URB_TYPE_ISO:
823 /* arbitrary limit */
824 if (uurb.number_of_packets < 1 || uurb.number_of_packets > 128)
825 return -EINVAL;
826 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) * uurb.number_of_packets;
827 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL)))
828 return -ENOMEM;
829 if (copy_from_user(isopkt, &((struct usbdevfs_urb *)arg)->iso_frame_desc, isofrmlen)) {
830 kfree(isopkt);
831 return -EFAULT;
832 }
833 for (totlen = u = 0; u < uurb.number_of_packets; u++) {
834 if (isopkt[u].length > 1023) {
835 kfree(isopkt);
836 return -EINVAL;
837 }
838 totlen += isopkt[u].length;
839 }
840 if (totlen > 32768) {
841 kfree(isopkt);
842 return -EINVAL;
843 }
844 uurb.buffer_length = totlen;
845 break;
846
847 default:
848 return -EINVAL;
849 }
850 if (!(as = alloc_async(uurb.number_of_packets))) {
851 if (isopkt)
852 kfree(isopkt);
853 if (dr)
854 kfree(dr);
855 return -ENOMEM;
856 }
857 if (!(as->urb.transfer_buffer = kmalloc(uurb.buffer_length, GFP_KERNEL))) {
858 if (isopkt)
859 kfree(isopkt);
860 if (dr)
861 kfree(dr);
862 free_async(as);
863 return -ENOMEM;
864 }
865 as->urb.next = NULL;
866 as->urb.dev = ps->dev;
867 as->urb.pipe = (uurb.type << 30) | __create_pipe(ps->dev, uurb.endpoint & 0xf) | (uurb.endpoint & USB_DIR_IN);
868 as->urb.transfer_flags = uurb.flags;
869 as->urb.transfer_buffer_length = uurb.buffer_length;
870 as->urb.setup_packet = (unsigned char*)dr;
871 as->urb.start_frame = uurb.start_frame;
872 as->urb.number_of_packets = uurb.number_of_packets;
873 as->urb.context = as;
874 as->urb.complete = async_completed;
875 for (totlen = u = 0; u < uurb.number_of_packets; u++) {
876 as->urb.iso_frame_desc[u].offset = totlen;
877 as->urb.iso_frame_desc[u].length = isopkt[u].length;
878 totlen += isopkt[u].length;
879 }
880 if (isopkt)
881 kfree(isopkt);
882 as->ps = ps;
883 as->userurb = arg;
884 if (uurb.endpoint & USB_DIR_IN)
885 as->userbuffer = uurb.buffer;
886 else
887 as->userbuffer = NULL;
888 as->signr = uurb.signr;
889 as->task = current;
890 if (!(uurb.endpoint & USB_DIR_IN)) {
891 if (copy_from_user(as->urb.transfer_buffer, uurb.buffer, as->urb.transfer_buffer_length)) {
892 free_async(as);
893 return -EFAULT;
894 }
895 }
896 async_newpending(as);
897 if ((ret = usb_submit_urb(&as->urb))) {
898 printk(KERN_DEBUG "usbdevfs: usb_submit_urb returned %d\n", ret);
899 async_removepending(as);
900 free_async(as);
901 return ret;
902 }
903 return 0;
904 }
905
906 static int proc_unlinkurb(struct dev_state *ps, void *arg)
907 {
908 struct async *as;
909
910 as = async_getpending(ps, arg);
911 if (!as)
912 return -EINVAL;
913 usb_unlink_urb(&as->urb);
914 return 0;
915 }
916
917 static int processcompl(struct async *as)
918 {
919 unsigned int i;
920
921 if (as->userbuffer)
922 if (copy_to_user(as->userbuffer, as->urb.transfer_buffer, as->urb.transfer_buffer_length))
923 return -EFAULT;
924 if (put_user(as->urb.status,
925 &((struct usbdevfs_urb *)as->userurb)->status))
926 return -EFAULT;
927 if (put_user(as->urb.actual_length,
928 &((struct usbdevfs_urb *)as->userurb)->actual_length))
929 return -EFAULT;
930 if (put_user(as->urb.error_count,
931 &((struct usbdevfs_urb *)as->userurb)->error_count))
932 return -EFAULT;
933
934 if (!(usb_pipeisoc(as->urb.pipe)))
935 return 0;
936 for (i = 0; i < as->urb.number_of_packets; i++) {
937 if (put_user(as->urb.iso_frame_desc[i].actual_length,
938 &((struct usbdevfs_urb *)as->userurb)->iso_frame_desc[i].actual_length))
939 return -EFAULT;
940 if (put_user(as->urb.iso_frame_desc[i].status,
941 &((struct usbdevfs_urb *)as->userurb)->iso_frame_desc[i].status))
942 return -EFAULT;
943 }
944 return 0;
945 }
946
947 static int proc_reapurb(struct dev_state *ps, void *arg)
948 {
949 DECLARE_WAITQUEUE(wait, current);
950 struct async *as = NULL;
951 void *addr;
952 int ret;
953
954 add_wait_queue(&ps->wait, &wait);
955 while (ps->dev) {
956 __set_current_state(TASK_INTERRUPTIBLE);
957 if ((as = async_getcompleted(ps)))
958 break;
959 if (signal_pending(current))
960 break;
961 up_read(&ps->devsem);
962 schedule();
963 down_read(&ps->devsem);
964 }
965 remove_wait_queue(&ps->wait, &wait);
966 set_current_state(TASK_RUNNING);
967 if (as) {
968 ret = processcompl(as);
969 addr = as->userurb;
970 free_async(as);
971 if (ret)
972 return ret;
973 if (put_user(addr, (void **)arg))
974 return -EFAULT;
975 return 0;
976 }
977 if (signal_pending(current))
978 return -EINTR;
979 return -EIO;
980 }
981
982 static int proc_reapurbnonblock(struct dev_state *ps, void *arg)
983 {
984 struct async *as;
985 void *addr;
986 int ret;
987
988 if (!(as = async_getcompleted(ps)))
989 return -EAGAIN;
990 ret = processcompl(as);
991 addr = as->userurb;
992 free_async(as);
993 if (ret)
994 return ret;
995 if (put_user(addr, (void **)arg))
996 return -EFAULT;
997 return 0;
998 }
999
1000 static int proc_disconnectsignal(struct dev_state *ps, void *arg)
1001 {
1002 struct usbdevfs_disconnectsignal ds;
1003
1004 if (copy_from_user(&ds, arg, sizeof(ds)))
1005 return -EFAULT;
1006 if (ds.signr != 0 && (ds.signr < SIGRTMIN || ds.signr > SIGRTMAX))
1007 return -EINVAL;
1008 ps->discsignr = ds.signr;
1009 ps->disccontext = ds.context;
1010 return 0;
1011 }
1012
1013 static int proc_claiminterface(struct dev_state *ps, void *arg)
1014 {
1015 unsigned int intf;
1016 int ret;
1017
1018 if (get_user(intf, (unsigned int *)arg))
1019 return -EFAULT;
1020 if ((ret = findintfif(ps->dev, intf)) < 0)
1021 return ret;
1022 return claimintf(ps, ret);
1023 }
1024
1025 static int proc_releaseinterface(struct dev_state *ps, void *arg)
1026 {
1027 unsigned int intf;
1028 int ret;
1029
1030 if (get_user(intf, (unsigned int *)arg))
1031 return -EFAULT;
1032 if ((ret = findintfif(ps->dev, intf)) < 0)
1033 return ret;
1034 return releaseintf(ps, intf);
1035 }
1036
1037 static int proc_ioctl (struct dev_state *ps, void *arg)
1038 {
1039 struct usbdevfs_ioctl ctrl;
1040 int size;
1041 void *buf = 0;
1042 int retval = 0;
1043
1044 /* get input parameters and alloc buffer */
1045 if (copy_from_user(&ctrl, (void *) arg, sizeof (ctrl)))
1046 return -EFAULT;
1047 if ((size = _IOC_SIZE (ctrl.ioctl_code)) > 0) {
1048 if ((buf = kmalloc (size, GFP_KERNEL)) == 0)
1049 return -ENOMEM;
1050 if ((_IOC_DIR(ctrl.ioctl_code) & _IOC_WRITE)) {
1051 if (copy_from_user (buf, ctrl.data, size)) {
1052 kfree (buf);
1053 return -EFAULT;
1054 }
1055 } else {
1056 memset (buf, 0, size);
1057 }
1058 }
1059
1060 /* ioctl to device */
1061 if (ctrl.ifno < 0) {
1062 switch (ctrl.ioctl_code) {
1063 /* access/release token for issuing control messages
1064 * ask a particular driver to bind/unbind, ... etc
1065 */
1066 }
1067 retval = -ENOSYS;
1068
1069 /* ioctl to the driver which has claimed a given interface */
1070 } else {
1071 struct usb_interface *ifp = 0;
1072 if (!ps->dev)
1073 retval = -ENODEV;
1074 else if (ctrl.ifno >= ps->dev->actconfig->bNumInterfaces)
1075 retval = -EINVAL;
1076 else {
1077 if (!(ifp = usb_ifnum_to_if (ps->dev, ctrl.ifno)))
1078 retval = -EINVAL;
1079 else if (ifp->driver == 0 || ifp->driver->ioctl == 0)
1080 retval = -ENOSYS;
1081 }
1082 if (retval == 0)
1083 /* ifno might usefully be passed ... */
1084 retval = ifp->driver->ioctl (ps->dev, ctrl.ioctl_code, buf);
1085 /* size = min_t(int, size, retval)? */
1086 }
1087
1088 /* cleanup and return */
1089 if (retval >= 0
1090 && (_IOC_DIR (ctrl.ioctl_code) & _IOC_READ) != 0
1091 && size > 0
1092 && copy_to_user (ctrl.data, buf, size) != 0)
1093 retval = -EFAULT;
1094 if (buf != 0)
1095 kfree (buf);
1096 return retval;
1097 }
1098
1099 static int usbdev_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg)
1100 {
1101 struct dev_state *ps = (struct dev_state *)file->private_data;
1102 int ret = -ENOIOCTLCMD;
1103
1104 if (!(file->f_mode & FMODE_WRITE))
1105 return -EPERM;
1106 down_read(&ps->devsem);
1107 if (!ps->dev) {
1108 up_read(&ps->devsem);
1109 return -ENODEV;
1110 }
1111 switch (cmd) {
1112 case USBDEVFS_CONTROL:
1113 ret = proc_control(ps, (void *)arg);
1114 if (ret >= 0)
1115 inode->i_mtime = CURRENT_TIME;
1116 break;
1117
1118 case USBDEVFS_BULK:
1119 ret = proc_bulk(ps, (void *)arg);
1120 if (ret >= 0)
1121 inode->i_mtime = CURRENT_TIME;
1122 break;
1123
1124 case USBDEVFS_RESETEP:
1125 ret = proc_resetep(ps, (void *)arg);
1126 if (ret >= 0)
1127 inode->i_mtime = CURRENT_TIME;
1128 break;
1129
1130 case USBDEVFS_RESET:
1131 ret = proc_resetdevice(ps);
1132 break;
1133
1134 case USBDEVFS_CLEAR_HALT:
1135 ret = proc_clearhalt(ps, (void *)arg);
1136 if (ret >= 0)
1137 inode->i_mtime = CURRENT_TIME;
1138 break;
1139
1140 case USBDEVFS_GETDRIVER:
1141 ret = proc_getdriver(ps, (void *)arg);
1142 break;
1143
1144 case USBDEVFS_CONNECTINFO:
1145 ret = proc_connectinfo(ps, (void *)arg);
1146 break;
1147
1148 case USBDEVFS_SETINTERFACE:
1149 ret = proc_setintf(ps, (void *)arg);
1150 break;
1151
1152 case USBDEVFS_SETCONFIGURATION:
1153 ret = proc_setconfig(ps, (void *)arg);
1154 break;
1155
1156 case USBDEVFS_SUBMITURB:
1157 ret = proc_submiturb(ps, (void *)arg);
1158 if (ret >= 0)
1159 inode->i_mtime = CURRENT_TIME;
1160 break;
1161
1162 case USBDEVFS_DISCARDURB:
1163 ret = proc_unlinkurb(ps, (void *)arg);
1164 break;
1165
1166 case USBDEVFS_REAPURB:
1167 ret = proc_reapurb(ps, (void *)arg);
1168 break;
1169
1170 case USBDEVFS_REAPURBNDELAY:
1171 ret = proc_reapurbnonblock(ps, (void *)arg);
1172 break;
1173
1174 case USBDEVFS_DISCSIGNAL:
1175 ret = proc_disconnectsignal(ps, (void *)arg);
1176 break;
1177
1178 case USBDEVFS_CLAIMINTERFACE:
1179 ret = proc_claiminterface(ps, (void *)arg);
1180 break;
1181
1182 case USBDEVFS_RELEASEINTERFACE:
1183 ret = proc_releaseinterface(ps, (void *)arg);
1184 break;
1185
1186 case USBDEVFS_IOCTL:
1187 ret = proc_ioctl(ps, (void *) arg);
1188 break;
1189 }
1190 up_read(&ps->devsem);
1191 if (ret >= 0)
1192 inode->i_atime = CURRENT_TIME;
1193 return ret;
1194 }
1195
1196 /* No kernel lock - fine */
1197 static unsigned int usbdev_poll(struct file *file, struct poll_table_struct *wait)
1198 {
1199 struct dev_state *ps = (struct dev_state *)file->private_data;
1200 unsigned int mask = 0;
1201
1202 poll_wait(file, &ps->wait, wait);
1203 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
1204 mask |= POLLOUT | POLLWRNORM;
1205 if (!ps->dev)
1206 mask |= POLLERR | POLLHUP;
1207 return mask;
1208 }
1209
1210 struct file_operations usbdevfs_device_file_operations = {
1211 llseek: usbdev_lseek,
1212 read: usbdev_read,
1213 poll: usbdev_poll,
1214 ioctl: usbdev_ioctl,
1215 open: usbdev_open,
1216 release: usbdev_release,
1217 };
1218