1 /*****************************************************************************/
4 * devio.c -- User space communication with USB devices.
6 * Copyright (C) 1999-2000 Thomas Sailer (sailer@ife.ee.ethz.ch)
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 * $Id: devio.c,v 1.7 2000/02/01 17:28:48 fliegl Exp $
24 * This file implements the usbdevfs/x/y files, where
25 * x is the bus number and y the device number.
27 * It allows user space programs/"drivers" to communicate directly
28 * with USB devices without intervening kernel driver.
31 * 22.12.1999 0.1 Initial release (split from proc_usb.c)
32 * 04.01.2000 0.2 Turned into its own filesystem
35 /*****************************************************************************/
39 #include <linux/slab.h>
40 #include <linux/smp_lock.h>
41 #include <linux/signal.h>
42 #include <linux/poll.h>
43 #include <linux/module.h>
44 #include <linux/usb.h>
45 #include <linux/usbdevice_fs.h>
46 #include <asm/uaccess.h>
47 #include <asm/byteorder.h>
48 #include <linux/moduleparam.h>
50 #include "hcd.h" /* for usbcore internals */
54 struct list_head asynclist;
56 struct task_struct *task;
59 void __user *userbuffer;
64 static int usbfs_snoop = 0;
65 module_param (usbfs_snoop, bool, S_IRUGO | S_IWUSR);
66 MODULE_PARM_DESC (usbfs_snoop, "true to log all usbfs traffic");
68 #define snoop(dev, format, arg...) \
71 dev_info( dev , format , ## arg); \
75 static inline int connected (struct usb_device *dev)
77 return dev->state != USB_STATE_NOTATTACHED;
80 static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig)
92 file->f_pos += offset;
104 static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
106 struct dev_state *ps = (struct dev_state *)file->private_data;
107 struct usb_device *dev = ps->dev;
114 down(&dev->serialize);
115 if (!connected(dev)) {
118 } else if (pos < 0) {
123 if (pos < sizeof(struct usb_device_descriptor)) {
124 len = sizeof(struct usb_device_descriptor) - pos;
127 if (copy_to_user(buf, ((char *)&dev->descriptor) + pos, len)) {
138 pos = sizeof(struct usb_device_descriptor);
139 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
140 struct usb_config_descriptor *config =
141 (struct usb_config_descriptor *)dev->rawdescriptors[i];
142 unsigned int length = le16_to_cpu(config->wTotalLength);
144 if (*ppos < pos + length) {
146 /* The descriptor may claim to be longer than it
147 * really is. Here is the actual allocated length. */
149 dev->config[i].desc.wTotalLength;
151 len = length - (*ppos - pos);
155 /* Simply don't write (skip over) unallocated parts */
156 if (alloclen > (*ppos - pos)) {
157 alloclen -= (*ppos - pos);
158 if (copy_to_user(buf,
159 dev->rawdescriptors[i] + (*ppos - pos),
160 min(len, alloclen))) {
181 * async list handling
184 static struct async *alloc_async(unsigned int numisoframes)
186 unsigned int assize = sizeof(struct async) + numisoframes * sizeof(struct usb_iso_packet_descriptor);
187 struct async *as = kmalloc(assize, GFP_KERNEL);
190 memset(as, 0, assize);
191 as->urb = usb_alloc_urb(numisoframes, GFP_KERNEL);
199 static void free_async(struct async *as)
201 if (as->urb->transfer_buffer)
202 kfree(as->urb->transfer_buffer);
203 if (as->urb->setup_packet)
204 kfree(as->urb->setup_packet);
205 usb_free_urb(as->urb);
209 static inline void async_newpending(struct async *as)
211 struct dev_state *ps = as->ps;
214 spin_lock_irqsave(&ps->lock, flags);
215 list_add_tail(&as->asynclist, &ps->async_pending);
216 spin_unlock_irqrestore(&ps->lock, flags);
219 static inline void async_removepending(struct async *as)
221 struct dev_state *ps = as->ps;
224 spin_lock_irqsave(&ps->lock, flags);
225 list_del_init(&as->asynclist);
226 spin_unlock_irqrestore(&ps->lock, flags);
229 static inline struct async *async_getcompleted(struct dev_state *ps)
232 struct async *as = NULL;
234 spin_lock_irqsave(&ps->lock, flags);
235 if (!list_empty(&ps->async_completed)) {
236 as = list_entry(ps->async_completed.next, struct async, asynclist);
237 list_del_init(&as->asynclist);
239 spin_unlock_irqrestore(&ps->lock, flags);
243 static inline struct async *async_getpending(struct dev_state *ps, void __user *userurb)
248 spin_lock_irqsave(&ps->lock, flags);
249 list_for_each_entry(as, &ps->async_pending, asynclist)
250 if (as->userurb == userurb) {
251 list_del_init(&as->asynclist);
252 spin_unlock_irqrestore(&ps->lock, flags);
255 spin_unlock_irqrestore(&ps->lock, flags);
259 static void async_completed(struct urb *urb, struct pt_regs *regs)
261 struct async *as = (struct async *)urb->context;
262 struct dev_state *ps = as->ps;
263 struct siginfo sinfo;
265 spin_lock(&ps->lock);
266 list_move_tail(&as->asynclist, &ps->async_completed);
267 spin_unlock(&ps->lock);
269 sinfo.si_signo = as->signr;
270 sinfo.si_errno = as->urb->status;
271 sinfo.si_code = SI_ASYNCIO;
272 sinfo.si_addr = (void *)as->userurb;
273 send_sig_info(as->signr, &sinfo, as->task);
278 static void destroy_async (struct dev_state *ps, struct list_head *list)
283 spin_lock_irqsave(&ps->lock, flags);
284 while (!list_empty(list)) {
285 as = list_entry(list->next, struct async, asynclist);
286 list_del_init(&as->asynclist);
287 spin_unlock_irqrestore(&ps->lock, flags);
288 /* usb_unlink_urb calls the completion handler with status == -ENOENT */
289 usb_unlink_urb(as->urb);
290 spin_lock_irqsave(&ps->lock, flags);
292 spin_unlock_irqrestore(&ps->lock, flags);
293 while ((as = async_getcompleted(ps)))
297 static void destroy_async_on_interface (struct dev_state *ps, unsigned int ifnum)
299 struct list_head *p, *q, hitlist;
302 INIT_LIST_HEAD(&hitlist);
303 spin_lock_irqsave(&ps->lock, flags);
304 list_for_each_safe(p, q, &ps->async_pending)
305 if (ifnum == list_entry(p, struct async, asynclist)->ifnum)
306 list_move_tail(p, &hitlist);
307 spin_unlock_irqrestore(&ps->lock, flags);
308 destroy_async(ps, &hitlist);
311 static inline void destroy_all_async(struct dev_state *ps)
313 destroy_async(ps, &ps->async_pending);
317 * interface claims are made only at the request of user level code,
318 * which can also release them (explicitly or by closing files).
319 * they're also undone when devices disconnect.
322 static int driver_probe (struct usb_interface *intf,
323 const struct usb_device_id *id)
328 static void driver_disconnect(struct usb_interface *intf)
330 struct dev_state *ps = usb_get_intfdata (intf);
331 unsigned int ifnum = intf->altsetting->desc.bInterfaceNumber;
336 /* NOTE: this relies on usbcore having canceled and completed
337 * all pending I/O requests; 2.6 does that.
340 if (likely(ifnum < 8*sizeof(ps->ifclaimed)))
341 clear_bit(ifnum, &ps->ifclaimed);
343 warn("interface number %u out of range", ifnum);
345 usb_set_intfdata (intf, NULL);
347 /* force async requests to complete */
348 destroy_async_on_interface(ps, ifnum);
351 struct usb_driver usbdevfs_driver = {
352 .owner = THIS_MODULE,
354 .probe = driver_probe,
355 .disconnect = driver_disconnect,
358 static int claimintf(struct dev_state *ps, unsigned int ifnum)
360 struct usb_device *dev = ps->dev;
361 struct usb_interface *intf;
364 if (ifnum >= 8*sizeof(ps->ifclaimed))
366 /* already claimed */
367 if (test_bit(ifnum, &ps->ifclaimed))
370 /* lock against other changes to driver bindings */
371 down_write(&usb_bus_type.subsys.rwsem);
372 intf = usb_ifnum_to_if(dev, ifnum);
376 err = usb_driver_claim_interface(&usbdevfs_driver, intf, ps);
377 up_write(&usb_bus_type.subsys.rwsem);
379 set_bit(ifnum, &ps->ifclaimed);
383 static int releaseintf(struct dev_state *ps, unsigned int ifnum)
385 struct usb_device *dev;
386 struct usb_interface *intf;
390 if (ifnum >= 8*sizeof(ps->ifclaimed))
393 /* lock against other changes to driver bindings */
394 down_write(&usb_bus_type.subsys.rwsem);
395 intf = usb_ifnum_to_if(dev, ifnum);
398 else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) {
399 usb_driver_release_interface(&usbdevfs_driver, intf);
402 up_write(&usb_bus_type.subsys.rwsem);
406 static int checkintf(struct dev_state *ps, unsigned int ifnum)
408 if (ifnum >= 8*sizeof(ps->ifclaimed))
410 if (test_bit(ifnum, &ps->ifclaimed))
412 /* if not yet claimed, claim it for the driver */
413 dev_warn(&ps->dev->dev, "usbfs: process %d (%s) did not claim interface %u before use\n",
414 current->pid, current->comm, ifnum);
415 return claimintf(ps, ifnum);
418 static int findintfep(struct usb_device *dev, unsigned int ep)
420 unsigned int i, j, e;
421 struct usb_interface *intf;
422 struct usb_host_interface *alts;
423 struct usb_endpoint_descriptor *endpt;
425 if (ep & ~(USB_DIR_IN|0xf))
429 for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) {
430 intf = dev->actconfig->interface[i];
431 for (j = 0; j < intf->num_altsetting; j++) {
432 alts = &intf->altsetting[j];
433 for (e = 0; e < alts->desc.bNumEndpoints; e++) {
434 endpt = &alts->endpoint[e].desc;
435 if (endpt->bEndpointAddress == ep)
436 return alts->desc.bInterfaceNumber;
443 static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, unsigned int index)
447 if (USB_TYPE_VENDOR == (USB_TYPE_MASK & requesttype))
451 switch (requesttype & USB_RECIP_MASK) {
452 case USB_RECIP_ENDPOINT:
453 if ((ret = findintfep(ps->dev, index)) >= 0)
454 ret = checkintf(ps, ret);
457 case USB_RECIP_INTERFACE:
458 ret = checkintf(ps, index);
467 static int usbdev_open(struct inode *inode, struct file *file)
469 struct usb_device *dev;
470 struct dev_state *ps;
474 * no locking necessary here, as chrdev_open has the kernel lock
475 * (still acquire the kernel lock for safety)
478 if (!(ps = kmalloc(sizeof(struct dev_state), GFP_KERNEL)))
483 dev = usb_get_dev(inode->u.generic_ip);
491 spin_lock_init(&ps->lock);
492 INIT_LIST_HEAD(&ps->async_pending);
493 INIT_LIST_HEAD(&ps->async_completed);
494 init_waitqueue_head(&ps->wait);
496 ps->disctask = current;
497 ps->disccontext = NULL;
500 list_add_tail(&ps->list, &dev->filelist);
501 file->private_data = ps;
508 static int usbdev_release(struct inode *inode, struct file *file)
510 struct dev_state *ps = (struct dev_state *)file->private_data;
511 struct usb_device *dev = ps->dev;
514 down(&dev->serialize);
515 list_del_init(&ps->list);
517 if (connected(dev)) {
518 for (ifnum = 0; ps->ifclaimed && ifnum < 8*sizeof(ps->ifclaimed); ifnum++)
519 if (test_bit(ifnum, &ps->ifclaimed))
520 releaseintf(ps, ifnum);
521 destroy_all_async(ps);
530 static int proc_control(struct dev_state *ps, void __user *arg)
532 struct usb_device *dev = ps->dev;
533 struct usbdevfs_ctrltransfer ctrl;
538 if (copy_from_user(&ctrl, arg, sizeof(ctrl)))
540 if ((ret = check_ctrlrecip(ps, ctrl.bRequestType, ctrl.wIndex)))
542 if (ctrl.wLength > PAGE_SIZE)
544 if (!(tbuf = (unsigned char *)__get_free_page(GFP_KERNEL)))
546 tmo = (ctrl.timeout * HZ + 999) / 1000;
547 if (ctrl.bRequestType & 0x80) {
548 if (ctrl.wLength && !access_ok(VERIFY_WRITE, ctrl.data, ctrl.wLength)) {
549 free_page((unsigned long)tbuf);
552 snoop(&dev->dev, "control read: bRequest=%02x bRrequestType=%02x wValue=%04x wIndex=%04x\n",
553 ctrl.bRequest, ctrl.bRequestType, ctrl.wValue, ctrl.wIndex);
555 i = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType,
556 ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo);
557 if ((i > 0) && ctrl.wLength) {
559 dev_info(&dev->dev, "control read: data ");
560 for (j = 0; j < ctrl.wLength; ++j)
561 printk ("%02x ", (unsigned char)((char *)ctrl.data)[j]);
564 if (copy_to_user(ctrl.data, tbuf, ctrl.wLength)) {
565 free_page((unsigned long)tbuf);
571 if (copy_from_user(tbuf, ctrl.data, ctrl.wLength)) {
572 free_page((unsigned long)tbuf);
576 snoop(&dev->dev, "control write: bRequest=%02x bRrequestType=%02x wValue=%04x wIndex=%04x\n",
577 ctrl.bRequest, ctrl.bRequestType, ctrl.wValue, ctrl.wIndex);
579 dev_info(&dev->dev, "control write: data: ");
580 for (j = 0; j < ctrl.wLength; ++j)
581 printk ("%02x ", (unsigned char)((char *)ctrl.data)[j]);
584 i = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), ctrl.bRequest, ctrl.bRequestType,
585 ctrl.wValue, ctrl.wIndex, tbuf, ctrl.wLength, tmo);
587 free_page((unsigned long)tbuf);
589 dev_printk(KERN_DEBUG, &dev->dev, "usbfs: USBDEVFS_CONTROL "
590 "failed cmd %s rqt %u rq %u len %u ret %d\n",
591 current->comm, ctrl.bRequestType, ctrl.bRequest,
597 static int proc_bulk(struct dev_state *ps, void __user *arg)
599 struct usb_device *dev = ps->dev;
600 struct usbdevfs_bulktransfer bulk;
601 unsigned int tmo, len1, pipe;
606 if (copy_from_user(&bulk, arg, sizeof(bulk)))
608 if ((ret = findintfep(ps->dev, bulk.ep)) < 0)
610 if ((ret = checkintf(ps, ret)))
612 if (bulk.ep & USB_DIR_IN)
613 pipe = usb_rcvbulkpipe(dev, bulk.ep & 0x7f);
615 pipe = usb_sndbulkpipe(dev, bulk.ep & 0x7f);
616 if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN)))
619 if (!(tbuf = kmalloc(len1, GFP_KERNEL)))
621 tmo = (bulk.timeout * HZ + 999) / 1000;
622 if (bulk.ep & 0x80) {
623 if (len1 && !access_ok(VERIFY_WRITE, bulk.data, len1)) {
627 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
629 if (copy_to_user(bulk.data, tbuf, len2)) {
636 if (copy_from_user(tbuf, bulk.data, len1)) {
641 i = usb_bulk_msg(dev, pipe, tbuf, len1, &len2, tmo);
645 dev_warn(&dev->dev, "usbfs: USBDEVFS_BULK failed "
646 "ep 0x%x len %u ret %d\n", bulk.ep, bulk.len, i);
652 static int proc_resetep(struct dev_state *ps, void __user *arg)
657 if (get_user(ep, (unsigned int __user *)arg))
659 if ((ret = findintfep(ps->dev, ep)) < 0)
661 if ((ret = checkintf(ps, ret)))
663 usb_settoggle(ps->dev, ep & 0xf, !(ep & USB_DIR_IN), 0);
667 static int proc_clearhalt(struct dev_state *ps, void __user *arg)
673 if (get_user(ep, (unsigned int __user *)arg))
675 if ((ret = findintfep(ps->dev, ep)) < 0)
677 if ((ret = checkintf(ps, ret)))
680 pipe = usb_rcvbulkpipe(ps->dev, ep & 0x7f);
682 pipe = usb_sndbulkpipe(ps->dev, ep & 0x7f);
684 return usb_clear_halt(ps->dev, pipe);
688 static int proc_getdriver(struct dev_state *ps, void __user *arg)
690 struct usbdevfs_getdriver gd;
691 struct usb_interface *intf;
694 if (copy_from_user(&gd, arg, sizeof(gd)))
696 down_read(&usb_bus_type.subsys.rwsem);
697 intf = usb_ifnum_to_if(ps->dev, gd.interface);
698 if (!intf || !intf->dev.driver)
701 strncpy(gd.driver, intf->dev.driver->name,
703 ret = (copy_to_user(arg, &gd, sizeof(gd)) ? -EFAULT : 0);
705 up_read(&usb_bus_type.subsys.rwsem);
709 static int proc_connectinfo(struct dev_state *ps, void __user *arg)
711 struct usbdevfs_connectinfo ci;
713 ci.devnum = ps->dev->devnum;
714 ci.slow = ps->dev->speed == USB_SPEED_LOW;
715 if (copy_to_user(arg, &ci, sizeof(ci)))
720 static int proc_resetdevice(struct dev_state *ps)
722 return __usb_reset_device(ps->dev);
726 static int proc_setintf(struct dev_state *ps, void __user *arg)
728 struct usbdevfs_setinterface setintf;
731 if (copy_from_user(&setintf, arg, sizeof(setintf)))
733 if ((ret = checkintf(ps, setintf.interface)))
735 return usb_set_interface(ps->dev, setintf.interface,
739 static int proc_setconfig(struct dev_state *ps, void __user *arg)
743 struct usb_host_config *actconfig;
745 if (get_user(u, (unsigned int __user *)arg))
748 actconfig = ps->dev->actconfig;
750 /* Don't touch the device if any interfaces are claimed.
751 * It could interfere with other drivers' operations, and if
752 * an interface is claimed by usbfs it could easily deadlock.
757 for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
758 if (usb_interface_claimed(actconfig->interface[i])) {
759 dev_warn (&ps->dev->dev,
760 "usbfs: interface %d claimed "
761 "while '%s' sets config #%d\n",
762 actconfig->interface[i]
764 ->desc.bInterfaceNumber,
766 #if 0 /* FIXME: enable in 2.6.10 or so */
774 /* SET_CONFIGURATION is often abused as a "cheap" driver reset,
775 * so avoid usb_set_configuration()'s kick to sysfs
778 if (actconfig && actconfig->desc.bConfigurationValue == u)
779 status = usb_reset_configuration(ps->dev);
781 status = usb_set_configuration(ps->dev, u);
787 static int proc_submiturb(struct dev_state *ps, void __user *arg)
789 struct usbdevfs_urb uurb;
790 struct usbdevfs_iso_packet_desc *isopkt = NULL;
791 struct usb_endpoint_descriptor *ep_desc;
793 struct usb_ctrlrequest *dr = NULL;
794 unsigned int u, totlen, isofrmlen;
795 int ret, interval = 0, ifnum = -1;
797 if (copy_from_user(&uurb, arg, sizeof(uurb)))
799 if (uurb.flags & ~(USBDEVFS_URB_ISO_ASAP|USBDEVFS_URB_SHORT_NOT_OK|
800 URB_NO_FSBR|URB_ZERO_PACKET))
804 if (uurb.signr != 0 && (uurb.signr < SIGRTMIN || uurb.signr > SIGRTMAX))
806 if (!(uurb.type == USBDEVFS_URB_TYPE_CONTROL && (uurb.endpoint & ~USB_ENDPOINT_DIR_MASK) == 0)) {
807 if ((ifnum = findintfep(ps->dev, uurb.endpoint)) < 0)
809 if ((ret = checkintf(ps, ifnum)))
813 case USBDEVFS_URB_TYPE_CONTROL:
814 if ((uurb.endpoint & ~USB_ENDPOINT_DIR_MASK) != 0) {
815 if (!(ep_desc = usb_epnum_to_ep_desc(ps->dev, uurb.endpoint)))
817 if ((ep_desc->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) != USB_ENDPOINT_XFER_CONTROL)
820 /* min 8 byte setup packet, max arbitrary */
821 if (uurb.buffer_length < 8 || uurb.buffer_length > PAGE_SIZE)
823 if (!(dr = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL)))
825 if (copy_from_user(dr, uurb.buffer, 8)) {
829 if (uurb.buffer_length < (le16_to_cpup(&dr->wLength) + 8)) {
833 if ((ret = check_ctrlrecip(ps, dr->bRequestType, le16_to_cpup(&dr->wIndex)))) {
837 uurb.endpoint = (uurb.endpoint & ~USB_ENDPOINT_DIR_MASK) | (dr->bRequestType & USB_ENDPOINT_DIR_MASK);
838 uurb.number_of_packets = 0;
839 uurb.buffer_length = le16_to_cpup(&dr->wLength);
841 if (!access_ok((uurb.endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb.buffer, uurb.buffer_length)) {
847 case USBDEVFS_URB_TYPE_BULK:
848 uurb.number_of_packets = 0;
849 if (uurb.buffer_length > 16384)
851 if (!access_ok((uurb.endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb.buffer, uurb.buffer_length))
855 case USBDEVFS_URB_TYPE_ISO:
856 /* arbitrary limit */
857 if (uurb.number_of_packets < 1 || uurb.number_of_packets > 128)
859 if (!(ep_desc = usb_epnum_to_ep_desc(ps->dev, uurb.endpoint)))
861 interval = 1 << min (15, ep_desc->bInterval - 1);
862 isofrmlen = sizeof(struct usbdevfs_iso_packet_desc) * uurb.number_of_packets;
863 if (!(isopkt = kmalloc(isofrmlen, GFP_KERNEL)))
865 if (copy_from_user(isopkt, &((struct usbdevfs_urb __user *)arg)->iso_frame_desc, isofrmlen)) {
869 for (totlen = u = 0; u < uurb.number_of_packets; u++) {
870 if (isopkt[u].length > 1023) {
874 totlen += isopkt[u].length;
876 if (totlen > 32768) {
880 uurb.buffer_length = totlen;
883 case USBDEVFS_URB_TYPE_INTERRUPT:
884 uurb.number_of_packets = 0;
885 if (!(ep_desc = usb_epnum_to_ep_desc(ps->dev, uurb.endpoint)))
887 if (ps->dev->speed == USB_SPEED_HIGH)
888 interval = 1 << min (15, ep_desc->bInterval - 1);
890 interval = ep_desc->bInterval;
891 if (uurb.buffer_length > 16384)
893 if (!access_ok((uurb.endpoint & USB_DIR_IN) ? VERIFY_WRITE : VERIFY_READ, uurb.buffer, uurb.buffer_length))
900 if (!(as = alloc_async(uurb.number_of_packets))) {
907 if (!(as->urb->transfer_buffer = kmalloc(uurb.buffer_length, GFP_KERNEL))) {
915 as->urb->dev = ps->dev;
916 as->urb->pipe = (uurb.type << 30) | __create_pipe(ps->dev, uurb.endpoint & 0xf) | (uurb.endpoint & USB_DIR_IN);
917 as->urb->transfer_flags = uurb.flags;
918 as->urb->transfer_buffer_length = uurb.buffer_length;
919 as->urb->setup_packet = (unsigned char*)dr;
920 as->urb->start_frame = uurb.start_frame;
921 as->urb->number_of_packets = uurb.number_of_packets;
922 as->urb->interval = interval;
923 as->urb->context = as;
924 as->urb->complete = async_completed;
925 for (totlen = u = 0; u < uurb.number_of_packets; u++) {
926 as->urb->iso_frame_desc[u].offset = totlen;
927 as->urb->iso_frame_desc[u].length = isopkt[u].length;
928 totlen += isopkt[u].length;
934 if (uurb.endpoint & USB_DIR_IN)
935 as->userbuffer = uurb.buffer;
937 as->userbuffer = NULL;
938 as->signr = uurb.signr;
941 if (!(uurb.endpoint & USB_DIR_IN)) {
942 if (copy_from_user(as->urb->transfer_buffer, uurb.buffer, as->urb->transfer_buffer_length)) {
947 async_newpending(as);
948 if ((ret = usb_submit_urb(as->urb, GFP_KERNEL))) {
949 dev_printk(KERN_DEBUG, &ps->dev->dev, "usbfs: usb_submit_urb returned %d\n", ret);
950 async_removepending(as);
957 static int proc_unlinkurb(struct dev_state *ps, void __user *arg)
961 as = async_getpending(ps, arg);
964 usb_unlink_urb(as->urb);
968 static int processcompl(struct async *as)
970 struct urb *urb = as->urb;
974 if (copy_to_user(as->userbuffer, urb->transfer_buffer, urb->transfer_buffer_length))
976 if (put_user(urb->status,
977 &((struct usbdevfs_urb *)as->userurb)->status))
979 if (put_user(urb->actual_length,
980 &((struct usbdevfs_urb *)as->userurb)->actual_length))
982 if (put_user(urb->error_count,
983 &((struct usbdevfs_urb *)as->userurb)->error_count))
986 if (!(usb_pipeisoc(urb->pipe)))
988 for (i = 0; i < urb->number_of_packets; i++) {
989 if (put_user(urb->iso_frame_desc[i].actual_length,
990 &((struct usbdevfs_urb *)as->userurb)->iso_frame_desc[i].actual_length))
992 if (put_user(urb->iso_frame_desc[i].status,
993 &((struct usbdevfs_urb *)as->userurb)->iso_frame_desc[i].status))
999 static int proc_reapurb(struct dev_state *ps, void __user *arg)
1001 DECLARE_WAITQUEUE(wait, current);
1002 struct async *as = NULL;
1004 struct usb_device *dev = ps->dev;
1007 add_wait_queue(&ps->wait, &wait);
1008 while (connected(dev)) {
1009 __set_current_state(TASK_INTERRUPTIBLE);
1010 if ((as = async_getcompleted(ps)))
1012 if (signal_pending(current))
1014 up(&dev->serialize);
1016 down(&dev->serialize);
1018 remove_wait_queue(&ps->wait, &wait);
1019 set_current_state(TASK_RUNNING);
1021 ret = processcompl(as);
1026 if (put_user(addr, (void __user * __user *)arg))
1030 if (signal_pending(current))
1035 static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg)
1041 if (!(as = async_getcompleted(ps)))
1043 ret = processcompl(as);
1048 if (put_user(addr, (void __user * __user *)arg))
1053 static int proc_disconnectsignal(struct dev_state *ps, void __user *arg)
1055 struct usbdevfs_disconnectsignal ds;
1057 if (copy_from_user(&ds, arg, sizeof(ds)))
1059 if (ds.signr != 0 && (ds.signr < SIGRTMIN || ds.signr > SIGRTMAX))
1061 ps->discsignr = ds.signr;
1062 ps->disccontext = ds.context;
1066 static int proc_claiminterface(struct dev_state *ps, void __user *arg)
1070 if (get_user(ifnum, (unsigned int __user *)arg))
1072 return claimintf(ps, ifnum);
1075 static int proc_releaseinterface(struct dev_state *ps, void __user *arg)
1080 if (get_user(ifnum, (unsigned int __user *)arg))
1082 if ((ret = releaseintf(ps, ifnum)) < 0)
1084 destroy_async_on_interface (ps, ifnum);
1088 static int proc_ioctl (struct dev_state *ps, void __user *arg)
1090 struct usbdevfs_ioctl ctrl;
1094 struct usb_interface *intf = 0;
1095 struct usb_driver *driver = 0;
1097 /* get input parameters and alloc buffer */
1098 if (copy_from_user(&ctrl, arg, sizeof (ctrl)))
1100 if ((size = _IOC_SIZE (ctrl.ioctl_code)) > 0) {
1101 if ((buf = kmalloc (size, GFP_KERNEL)) == 0)
1103 if ((_IOC_DIR(ctrl.ioctl_code) & _IOC_WRITE)) {
1104 if (copy_from_user (buf, ctrl.data, size)) {
1109 memset (buf, 0, size);
1113 if (!connected(ps->dev)) {
1119 if (ps->dev->state != USB_STATE_CONFIGURED)
1121 else if (!(intf = usb_ifnum_to_if (ps->dev, ctrl.ifno)))
1123 else switch (ctrl.ioctl_code) {
1125 /* disconnect kernel driver from interface */
1126 case USBDEVFS_DISCONNECT:
1127 down_write(&usb_bus_type.subsys.rwsem);
1128 if (intf->dev.driver) {
1129 driver = to_usb_driver(intf->dev.driver);
1130 dev_dbg (&intf->dev, "disconnect by usbfs\n");
1131 usb_driver_release_interface(driver, intf);
1134 up_write(&usb_bus_type.subsys.rwsem);
1137 /* let kernel drivers try to (re)bind to the interface */
1138 case USBDEVFS_CONNECT:
1139 bus_rescan_devices(intf->dev.bus);
1142 /* talk directly to the interface's driver */
1144 down_read(&usb_bus_type.subsys.rwsem);
1145 if (intf->dev.driver)
1146 driver = to_usb_driver(intf->dev.driver);
1147 if (driver == 0 || driver->ioctl == 0) {
1150 retval = driver->ioctl (intf, ctrl.ioctl_code, buf);
1151 if (retval == -ENOIOCTLCMD)
1154 up_read(&usb_bus_type.subsys.rwsem);
1157 /* cleanup and return */
1159 && (_IOC_DIR (ctrl.ioctl_code) & _IOC_READ) != 0
1161 && copy_to_user (ctrl.data, buf, size) != 0)
1169 * NOTE: All requests here that have interface numbers as parameters
1170 * are assuming that somehow the configuration has been prevented from
1171 * changing. But there's no mechanism to ensure that...
1173 static int usbdev_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg)
1175 struct dev_state *ps = (struct dev_state *)file->private_data;
1176 struct usb_device *dev = ps->dev;
1177 void __user *p = (void __user *)arg;
1180 if (!(file->f_mode & FMODE_WRITE))
1182 down(&dev->serialize);
1183 if (!connected(dev)) {
1184 up(&dev->serialize);
1189 case USBDEVFS_CONTROL:
1190 snoop(&dev->dev, "%s: CONTROL\n", __FUNCTION__);
1191 ret = proc_control(ps, p);
1193 inode->i_mtime = CURRENT_TIME;
1197 snoop(&dev->dev, "%s: BULK\n", __FUNCTION__);
1198 ret = proc_bulk(ps, p);
1200 inode->i_mtime = CURRENT_TIME;
1203 case USBDEVFS_RESETEP:
1204 snoop(&dev->dev, "%s: RESETEP\n", __FUNCTION__);
1205 ret = proc_resetep(ps, p);
1207 inode->i_mtime = CURRENT_TIME;
1210 case USBDEVFS_RESET:
1211 snoop(&dev->dev, "%s: RESET\n", __FUNCTION__);
1212 ret = proc_resetdevice(ps);
1215 case USBDEVFS_CLEAR_HALT:
1216 snoop(&dev->dev, "%s: CLEAR_HALT\n", __FUNCTION__);
1217 ret = proc_clearhalt(ps, p);
1219 inode->i_mtime = CURRENT_TIME;
1222 case USBDEVFS_GETDRIVER:
1223 snoop(&dev->dev, "%s: GETDRIVER\n", __FUNCTION__);
1224 ret = proc_getdriver(ps, p);
1227 case USBDEVFS_CONNECTINFO:
1228 snoop(&dev->dev, "%s: CONNECTINFO\n", __FUNCTION__);
1229 ret = proc_connectinfo(ps, p);
1232 case USBDEVFS_SETINTERFACE:
1233 snoop(&dev->dev, "%s: SETINTERFACE\n", __FUNCTION__);
1234 ret = proc_setintf(ps, p);
1237 case USBDEVFS_SETCONFIGURATION:
1238 snoop(&dev->dev, "%s: SETCONFIGURATION\n", __FUNCTION__);
1239 ret = proc_setconfig(ps, p);
1242 case USBDEVFS_SUBMITURB:
1243 snoop(&dev->dev, "%s: SUBMITURB\n", __FUNCTION__);
1244 ret = proc_submiturb(ps, p);
1246 inode->i_mtime = CURRENT_TIME;
1249 case USBDEVFS_DISCARDURB:
1250 snoop(&dev->dev, "%s: DISCARDURB\n", __FUNCTION__);
1251 ret = proc_unlinkurb(ps, p);
1254 case USBDEVFS_REAPURB:
1255 snoop(&dev->dev, "%s: REAPURB\n", __FUNCTION__);
1256 ret = proc_reapurb(ps, p);
1259 case USBDEVFS_REAPURBNDELAY:
1260 snoop(&dev->dev, "%s: REAPURBDELAY\n", __FUNCTION__);
1261 ret = proc_reapurbnonblock(ps, p);
1264 case USBDEVFS_DISCSIGNAL:
1265 snoop(&dev->dev, "%s: DISCSIGNAL\n", __FUNCTION__);
1266 ret = proc_disconnectsignal(ps, p);
1269 case USBDEVFS_CLAIMINTERFACE:
1270 snoop(&dev->dev, "%s: CLAIMINTERFACE\n", __FUNCTION__);
1271 ret = proc_claiminterface(ps, p);
1274 case USBDEVFS_RELEASEINTERFACE:
1275 snoop(&dev->dev, "%s: RELEASEINTERFACE\n", __FUNCTION__);
1276 ret = proc_releaseinterface(ps, p);
1279 case USBDEVFS_IOCTL:
1280 snoop(&dev->dev, "%s: IOCTL\n", __FUNCTION__);
1281 ret = proc_ioctl(ps, p);
1284 up(&dev->serialize);
1286 inode->i_atime = CURRENT_TIME;
1290 /* No kernel lock - fine */
1291 static unsigned int usbdev_poll(struct file *file, struct poll_table_struct *wait)
1293 struct dev_state *ps = (struct dev_state *)file->private_data;
1294 unsigned int mask = 0;
1296 poll_wait(file, &ps->wait, wait);
1297 if (file->f_mode & FMODE_WRITE && !list_empty(&ps->async_completed))
1298 mask |= POLLOUT | POLLWRNORM;
1299 if (!connected(ps->dev))
1300 mask |= POLLERR | POLLHUP;
1304 struct file_operations usbdevfs_device_file_operations = {
1305 .llseek = usbdev_lseek,
1306 .read = usbdev_read,
1307 .poll = usbdev_poll,
1308 .ioctl = usbdev_ioctl,
1309 .open = usbdev_open,
1310 .release = usbdev_release,