root/drivers/usb/class/usbtmc.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. usbtmc_delete
  2. usbtmc_open
  3. usbtmc_flush
  4. usbtmc_release
  5. usbtmc_ioctl_abort_bulk_in_tag
  6. usbtmc_ioctl_abort_bulk_in
  7. usbtmc_ioctl_abort_bulk_out_tag
  8. usbtmc_ioctl_abort_bulk_out
  9. usbtmc488_ioctl_read_stb
  10. usbtmc488_ioctl_wait_srq
  11. usbtmc488_ioctl_simple
  12. usbtmc488_ioctl_trigger
  13. usbtmc_create_urb
  14. usbtmc_read_bulk_cb
  15. usbtmc_do_transfer
  16. usbtmc_generic_read
  17. usbtmc_ioctl_generic_read
  18. usbtmc_write_bulk_cb
  19. usbtmc_generic_write
  20. usbtmc_ioctl_generic_write
  21. usbtmc_ioctl_write_result
  22. send_request_dev_dep_msg_in
  23. usbtmc_read
  24. usbtmc_write
  25. usbtmc_ioctl_clear
  26. usbtmc_ioctl_clear_out_halt
  27. usbtmc_ioctl_clear_in_halt
  28. usbtmc_ioctl_cancel_io
  29. usbtmc_ioctl_cleanup_io
  30. get_capabilities
  31. usbtmc_ioctl_indicator_pulse
  32. usbtmc_ioctl_request
  33. usbtmc_ioctl_get_timeout
  34. usbtmc_ioctl_set_timeout
  35. usbtmc_ioctl_eom_enable
  36. usbtmc_ioctl_config_termc
  37. usbtmc_ioctl
  38. usbtmc_fasync
  39. usbtmc_poll
  40. usbtmc_interrupt
  41. usbtmc_free_int
  42. usbtmc_probe
  43. usbtmc_disconnect
  44. usbtmc_draw_down
  45. usbtmc_suspend
  46. usbtmc_resume
  47. usbtmc_pre_reset
  48. usbtmc_post_reset

   1 // SPDX-License-Identifier: GPL-2.0+
   2 /**
   3  * drivers/usb/class/usbtmc.c - USB Test & Measurement class driver
   4  *
   5  * Copyright (C) 2007 Stefan Kopp, Gechingen, Germany
   6  * Copyright (C) 2008 Novell, Inc.
   7  * Copyright (C) 2008 Greg Kroah-Hartman <gregkh@suse.de>
   8  * Copyright (C) 2018 IVI Foundation, Inc.
   9  */
  10 
  11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  12 
  13 #include <linux/module.h>
  14 #include <linux/kernel.h>
  15 #include <linux/fs.h>
  16 #include <linux/uaccess.h>
  17 #include <linux/kref.h>
  18 #include <linux/slab.h>
  19 #include <linux/poll.h>
  20 #include <linux/mutex.h>
  21 #include <linux/usb.h>
  22 #include <linux/compat.h>
  23 #include <linux/usb/tmc.h>
  24 
  25 /* Increment API VERSION when changing tmc.h with new flags or ioctls
  26  * or when changing a significant behavior of the driver.
  27  */
  28 #define USBTMC_API_VERSION (2)
  29 
  30 #define USBTMC_HEADER_SIZE      12
  31 #define USBTMC_MINOR_BASE       176
  32 
  33 /* Minimum USB timeout (in milliseconds) */
  34 #define USBTMC_MIN_TIMEOUT      100
  35 /* Default USB timeout (in milliseconds) */
  36 #define USBTMC_TIMEOUT          5000
  37 
  38 /* Max number of urbs used in write transfers */
  39 #define MAX_URBS_IN_FLIGHT      16
  40 /* I/O buffer size used in generic read/write functions */
  41 #define USBTMC_BUFSIZE          (4096)
  42 
  43 /*
  44  * Maximum number of read cycles to empty bulk in endpoint during CLEAR and
  45  * ABORT_BULK_IN requests. Ends the loop if (for whatever reason) a short
  46  * packet is never read.
  47  */
  48 #define USBTMC_MAX_READS_TO_CLEAR_BULK_IN       100
  49 
  50 static const struct usb_device_id usbtmc_devices[] = {
  51         { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 0), },
  52         { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 1), },
  53         { 0, } /* terminating entry */
  54 };
  55 MODULE_DEVICE_TABLE(usb, usbtmc_devices);
  56 
  57 /*
  58  * This structure is the capabilities for the device
  59  * See section 4.2.1.8 of the USBTMC specification,
  60  * and section 4.2.2 of the USBTMC usb488 subclass
  61  * specification for details.
  62  */
  63 struct usbtmc_dev_capabilities {
  64         __u8 interface_capabilities;
  65         __u8 device_capabilities;
  66         __u8 usb488_interface_capabilities;
  67         __u8 usb488_device_capabilities;
  68 };
  69 
  70 /* This structure holds private data for each USBTMC device. One copy is
  71  * allocated for each USBTMC device in the driver's probe function.
  72  */
  73 struct usbtmc_device_data {
  74         const struct usb_device_id *id;
  75         struct usb_device *usb_dev;
  76         struct usb_interface *intf;
  77         struct list_head file_list;
  78 
  79         unsigned int bulk_in;
  80         unsigned int bulk_out;
  81 
  82         u8 bTag;
  83         u8 bTag_last_write;     /* needed for abort */
  84         u8 bTag_last_read;      /* needed for abort */
  85 
  86         /* packet size of IN bulk */
  87         u16            wMaxPacketSize;
  88 
  89         /* data for interrupt in endpoint handling */
  90         u8             bNotify1;
  91         u8             bNotify2;
  92         u16            ifnum;
  93         u8             iin_bTag;
  94         u8            *iin_buffer;
  95         atomic_t       iin_data_valid;
  96         unsigned int   iin_ep;
  97         int            iin_ep_present;
  98         int            iin_interval;
  99         struct urb    *iin_urb;
 100         u16            iin_wMaxPacketSize;
 101 
 102         /* coalesced usb488_caps from usbtmc_dev_capabilities */
 103         __u8 usb488_caps;
 104 
 105         bool zombie; /* fd of disconnected device */
 106 
 107         struct usbtmc_dev_capabilities  capabilities;
 108         struct kref kref;
 109         struct mutex io_mutex;  /* only one i/o function running at a time */
 110         wait_queue_head_t waitq;
 111         struct fasync_struct *fasync;
 112         spinlock_t dev_lock; /* lock for file_list */
 113 };
 114 #define to_usbtmc_data(d) container_of(d, struct usbtmc_device_data, kref)
 115 
 116 /*
 117  * This structure holds private data for each USBTMC file handle.
 118  */
 119 struct usbtmc_file_data {
 120         struct usbtmc_device_data *data;
 121         struct list_head file_elem;
 122 
 123         u32            timeout;
 124         u8             srq_byte;
 125         atomic_t       srq_asserted;
 126         atomic_t       closing;
 127         u8             bmTransferAttributes; /* member of DEV_DEP_MSG_IN */
 128 
 129         u8             eom_val;
 130         u8             term_char;
 131         bool           term_char_enabled;
 132         bool           auto_abort;
 133 
 134         spinlock_t     err_lock; /* lock for errors */
 135 
 136         struct usb_anchor submitted;
 137 
 138         /* data for generic_write */
 139         struct semaphore limit_write_sem;
 140         u32 out_transfer_size;
 141         int out_status;
 142 
 143         /* data for generic_read */
 144         u32 in_transfer_size;
 145         int in_status;
 146         int in_urbs_used;
 147         struct usb_anchor in_anchor;
 148         wait_queue_head_t wait_bulk_in;
 149 };
 150 
 151 /* Forward declarations */
 152 static struct usb_driver usbtmc_driver;
 153 static void usbtmc_draw_down(struct usbtmc_file_data *file_data);
 154 
 155 static void usbtmc_delete(struct kref *kref)
 156 {
 157         struct usbtmc_device_data *data = to_usbtmc_data(kref);
 158 
 159         usb_put_dev(data->usb_dev);
 160         kfree(data);
 161 }
 162 
 163 static int usbtmc_open(struct inode *inode, struct file *filp)
 164 {
 165         struct usb_interface *intf;
 166         struct usbtmc_device_data *data;
 167         struct usbtmc_file_data *file_data;
 168 
 169         intf = usb_find_interface(&usbtmc_driver, iminor(inode));
 170         if (!intf) {
 171                 pr_err("can not find device for minor %d", iminor(inode));
 172                 return -ENODEV;
 173         }
 174 
 175         file_data = kzalloc(sizeof(*file_data), GFP_KERNEL);
 176         if (!file_data)
 177                 return -ENOMEM;
 178 
 179         spin_lock_init(&file_data->err_lock);
 180         sema_init(&file_data->limit_write_sem, MAX_URBS_IN_FLIGHT);
 181         init_usb_anchor(&file_data->submitted);
 182         init_usb_anchor(&file_data->in_anchor);
 183         init_waitqueue_head(&file_data->wait_bulk_in);
 184 
 185         data = usb_get_intfdata(intf);
 186         /* Protect reference to data from file structure until release */
 187         kref_get(&data->kref);
 188 
 189         mutex_lock(&data->io_mutex);
 190         file_data->data = data;
 191 
 192         atomic_set(&file_data->closing, 0);
 193 
 194         file_data->timeout = USBTMC_TIMEOUT;
 195         file_data->term_char = '\n';
 196         file_data->term_char_enabled = 0;
 197         file_data->auto_abort = 0;
 198         file_data->eom_val = 1;
 199 
 200         INIT_LIST_HEAD(&file_data->file_elem);
 201         spin_lock_irq(&data->dev_lock);
 202         list_add_tail(&file_data->file_elem, &data->file_list);
 203         spin_unlock_irq(&data->dev_lock);
 204         mutex_unlock(&data->io_mutex);
 205 
 206         /* Store pointer in file structure's private data field */
 207         filp->private_data = file_data;
 208 
 209         return 0;
 210 }
 211 
 212 /*
 213  * usbtmc_flush - called before file handle is closed
 214  */
 215 static int usbtmc_flush(struct file *file, fl_owner_t id)
 216 {
 217         struct usbtmc_file_data *file_data;
 218         struct usbtmc_device_data *data;
 219 
 220         file_data = file->private_data;
 221         if (file_data == NULL)
 222                 return -ENODEV;
 223 
 224         atomic_set(&file_data->closing, 1);
 225         data = file_data->data;
 226 
 227         /* wait for io to stop */
 228         mutex_lock(&data->io_mutex);
 229 
 230         usbtmc_draw_down(file_data);
 231 
 232         spin_lock_irq(&file_data->err_lock);
 233         file_data->in_status = 0;
 234         file_data->in_transfer_size = 0;
 235         file_data->in_urbs_used = 0;
 236         file_data->out_status = 0;
 237         file_data->out_transfer_size = 0;
 238         spin_unlock_irq(&file_data->err_lock);
 239 
 240         wake_up_interruptible_all(&data->waitq);
 241         mutex_unlock(&data->io_mutex);
 242 
 243         return 0;
 244 }
 245 
 246 static int usbtmc_release(struct inode *inode, struct file *file)
 247 {
 248         struct usbtmc_file_data *file_data = file->private_data;
 249 
 250         /* prevent IO _AND_ usbtmc_interrupt */
 251         mutex_lock(&file_data->data->io_mutex);
 252         spin_lock_irq(&file_data->data->dev_lock);
 253 
 254         list_del(&file_data->file_elem);
 255 
 256         spin_unlock_irq(&file_data->data->dev_lock);
 257         mutex_unlock(&file_data->data->io_mutex);
 258 
 259         kref_put(&file_data->data->kref, usbtmc_delete);
 260         file_data->data = NULL;
 261         kfree(file_data);
 262         return 0;
 263 }
 264 
 265 static int usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data *data,
 266                                           u8 tag)
 267 {
 268         u8 *buffer;
 269         struct device *dev;
 270         int rv;
 271         int n;
 272         int actual;
 273 
 274         dev = &data->intf->dev;
 275         buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL);
 276         if (!buffer)
 277                 return -ENOMEM;
 278 
 279         rv = usb_control_msg(data->usb_dev,
 280                              usb_rcvctrlpipe(data->usb_dev, 0),
 281                              USBTMC_REQUEST_INITIATE_ABORT_BULK_IN,
 282                              USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
 283                              tag, data->bulk_in,
 284                              buffer, 2, USB_CTRL_GET_TIMEOUT);
 285 
 286         if (rv < 0) {
 287                 dev_err(dev, "usb_control_msg returned %d\n", rv);
 288                 goto exit;
 289         }
 290 
 291         dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x with tag %02x\n",
 292                 buffer[0], buffer[1]);
 293 
 294         if (buffer[0] == USBTMC_STATUS_FAILED) {
 295                 /* No transfer in progress and the Bulk-OUT FIFO is empty. */
 296                 rv = 0;
 297                 goto exit;
 298         }
 299 
 300         if (buffer[0] == USBTMC_STATUS_TRANSFER_NOT_IN_PROGRESS) {
 301                 /* The device returns this status if either:
 302                  * - There is a transfer in progress, but the specified bTag
 303                  *   does not match.
 304                  * - There is no transfer in progress, but the Bulk-OUT FIFO
 305                  *   is not empty.
 306                  */
 307                 rv = -ENOMSG;
 308                 goto exit;
 309         }
 310 
 311         if (buffer[0] != USBTMC_STATUS_SUCCESS) {
 312                 dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n",
 313                         buffer[0]);
 314                 rv = -EPERM;
 315                 goto exit;
 316         }
 317 
 318         n = 0;
 319 
 320 usbtmc_abort_bulk_in_status:
 321         dev_dbg(dev, "Reading from bulk in EP\n");
 322 
 323         /* Data must be present. So use low timeout 300 ms */
 324         actual = 0;
 325         rv = usb_bulk_msg(data->usb_dev,
 326                           usb_rcvbulkpipe(data->usb_dev,
 327                                           data->bulk_in),
 328                           buffer, USBTMC_BUFSIZE,
 329                           &actual, 300);
 330 
 331         print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1,
 332                              buffer, actual, true);
 333 
 334         n++;
 335 
 336         if (rv < 0) {
 337                 dev_err(dev, "usb_bulk_msg returned %d\n", rv);
 338                 if (rv != -ETIMEDOUT)
 339                         goto exit;
 340         }
 341 
 342         if (actual == USBTMC_BUFSIZE)
 343                 goto usbtmc_abort_bulk_in_status;
 344 
 345         if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) {
 346                 dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
 347                         USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
 348                 rv = -EPERM;
 349                 goto exit;
 350         }
 351 
 352         rv = usb_control_msg(data->usb_dev,
 353                              usb_rcvctrlpipe(data->usb_dev, 0),
 354                              USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS,
 355                              USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
 356                              0, data->bulk_in, buffer, 0x08,
 357                              USB_CTRL_GET_TIMEOUT);
 358 
 359         if (rv < 0) {
 360                 dev_err(dev, "usb_control_msg returned %d\n", rv);
 361                 goto exit;
 362         }
 363 
 364         dev_dbg(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]);
 365 
 366         if (buffer[0] == USBTMC_STATUS_SUCCESS) {
 367                 rv = 0;
 368                 goto exit;
 369         }
 370 
 371         if (buffer[0] != USBTMC_STATUS_PENDING) {
 372                 dev_err(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]);
 373                 rv = -EPERM;
 374                 goto exit;
 375         }
 376 
 377         if ((buffer[1] & 1) > 0) {
 378                 /* The device has 1 or more queued packets the Host can read */
 379                 goto usbtmc_abort_bulk_in_status;
 380         }
 381 
 382         /* The Host must send CHECK_ABORT_BULK_IN_STATUS at a later time. */
 383         rv = -EAGAIN;
 384 exit:
 385         kfree(buffer);
 386         return rv;
 387 }
 388 
 389 static int usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data *data)
 390 {
 391         return usbtmc_ioctl_abort_bulk_in_tag(data, data->bTag_last_read);
 392 }
 393 
 394 static int usbtmc_ioctl_abort_bulk_out_tag(struct usbtmc_device_data *data,
 395                                            u8 tag)
 396 {
 397         struct device *dev;
 398         u8 *buffer;
 399         int rv;
 400         int n;
 401 
 402         dev = &data->intf->dev;
 403 
 404         buffer = kmalloc(8, GFP_KERNEL);
 405         if (!buffer)
 406                 return -ENOMEM;
 407 
 408         rv = usb_control_msg(data->usb_dev,
 409                              usb_rcvctrlpipe(data->usb_dev, 0),
 410                              USBTMC_REQUEST_INITIATE_ABORT_BULK_OUT,
 411                              USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
 412                              tag, data->bulk_out,
 413                              buffer, 2, USB_CTRL_GET_TIMEOUT);
 414 
 415         if (rv < 0) {
 416                 dev_err(dev, "usb_control_msg returned %d\n", rv);
 417                 goto exit;
 418         }
 419 
 420         dev_dbg(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", buffer[0]);
 421 
 422         if (buffer[0] != USBTMC_STATUS_SUCCESS) {
 423                 dev_err(dev, "INITIATE_ABORT_BULK_OUT returned %x\n",
 424                         buffer[0]);
 425                 rv = -EPERM;
 426                 goto exit;
 427         }
 428 
 429         n = 0;
 430 
 431 usbtmc_abort_bulk_out_check_status:
 432         /* do not stress device with subsequent requests */
 433         msleep(50);
 434         rv = usb_control_msg(data->usb_dev,
 435                              usb_rcvctrlpipe(data->usb_dev, 0),
 436                              USBTMC_REQUEST_CHECK_ABORT_BULK_OUT_STATUS,
 437                              USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
 438                              0, data->bulk_out, buffer, 0x08,
 439                              USB_CTRL_GET_TIMEOUT);
 440         n++;
 441         if (rv < 0) {
 442                 dev_err(dev, "usb_control_msg returned %d\n", rv);
 443                 goto exit;
 444         }
 445 
 446         dev_dbg(dev, "CHECK_ABORT_BULK_OUT returned %x\n", buffer[0]);
 447 
 448         if (buffer[0] == USBTMC_STATUS_SUCCESS)
 449                 goto usbtmc_abort_bulk_out_clear_halt;
 450 
 451         if ((buffer[0] == USBTMC_STATUS_PENDING) &&
 452             (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN))
 453                 goto usbtmc_abort_bulk_out_check_status;
 454 
 455         rv = -EPERM;
 456         goto exit;
 457 
 458 usbtmc_abort_bulk_out_clear_halt:
 459         rv = usb_clear_halt(data->usb_dev,
 460                             usb_sndbulkpipe(data->usb_dev, data->bulk_out));
 461 
 462         if (rv < 0) {
 463                 dev_err(dev, "usb_control_msg returned %d\n", rv);
 464                 goto exit;
 465         }
 466         rv = 0;
 467 
 468 exit:
 469         kfree(buffer);
 470         return rv;
 471 }
 472 
 473 static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data)
 474 {
 475         return usbtmc_ioctl_abort_bulk_out_tag(data, data->bTag_last_write);
 476 }
 477 
 478 static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data,
 479                                 void __user *arg)
 480 {
 481         struct usbtmc_device_data *data = file_data->data;
 482         struct device *dev = &data->intf->dev;
 483         int srq_asserted = 0;
 484         u8 *buffer;
 485         u8 tag;
 486         __u8 stb;
 487         int rv;
 488 
 489         dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n",
 490                 data->iin_ep_present);
 491 
 492         spin_lock_irq(&data->dev_lock);
 493         srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted);
 494         if (srq_asserted) {
 495                 /* a STB with SRQ is already received */
 496                 stb = file_data->srq_byte;
 497                 spin_unlock_irq(&data->dev_lock);
 498                 rv = put_user(stb, (__u8 __user *)arg);
 499                 dev_dbg(dev, "stb:0x%02x with srq received %d\n",
 500                         (unsigned int)stb, rv);
 501                 return rv;
 502         }
 503         spin_unlock_irq(&data->dev_lock);
 504 
 505         buffer = kmalloc(8, GFP_KERNEL);
 506         if (!buffer)
 507                 return -ENOMEM;
 508 
 509         atomic_set(&data->iin_data_valid, 0);
 510 
 511         rv = usb_control_msg(data->usb_dev,
 512                         usb_rcvctrlpipe(data->usb_dev, 0),
 513                         USBTMC488_REQUEST_READ_STATUS_BYTE,
 514                         USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
 515                         data->iin_bTag,
 516                         data->ifnum,
 517                         buffer, 0x03, USB_CTRL_GET_TIMEOUT);
 518         if (rv < 0) {
 519                 dev_err(dev, "stb usb_control_msg returned %d\n", rv);
 520                 goto exit;
 521         }
 522 
 523         if (buffer[0] != USBTMC_STATUS_SUCCESS) {
 524                 dev_err(dev, "control status returned %x\n", buffer[0]);
 525                 rv = -EIO;
 526                 goto exit;
 527         }
 528 
 529         if (data->iin_ep_present) {
 530                 rv = wait_event_interruptible_timeout(
 531                         data->waitq,
 532                         atomic_read(&data->iin_data_valid) != 0,
 533                         file_data->timeout);
 534                 if (rv < 0) {
 535                         dev_dbg(dev, "wait interrupted %d\n", rv);
 536                         goto exit;
 537                 }
 538 
 539                 if (rv == 0) {
 540                         dev_dbg(dev, "wait timed out\n");
 541                         rv = -ETIMEDOUT;
 542                         goto exit;
 543                 }
 544 
 545                 tag = data->bNotify1 & 0x7f;
 546                 if (tag != data->iin_bTag) {
 547                         dev_err(dev, "expected bTag %x got %x\n",
 548                                 data->iin_bTag, tag);
 549                 }
 550 
 551                 stb = data->bNotify2;
 552         } else {
 553                 stb = buffer[2];
 554         }
 555 
 556         rv = put_user(stb, (__u8 __user *)arg);
 557         dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)stb, rv);
 558 
 559  exit:
 560         /* bump interrupt bTag */
 561         data->iin_bTag += 1;
 562         if (data->iin_bTag > 127)
 563                 /* 1 is for SRQ see USBTMC-USB488 subclass spec section 4.3.1 */
 564                 data->iin_bTag = 2;
 565 
 566         kfree(buffer);
 567         return rv;
 568 }
 569 
 570 static int usbtmc488_ioctl_wait_srq(struct usbtmc_file_data *file_data,
 571                                     __u32 __user *arg)
 572 {
 573         struct usbtmc_device_data *data = file_data->data;
 574         struct device *dev = &data->intf->dev;
 575         int rv;
 576         u32 timeout;
 577         unsigned long expire;
 578 
 579         if (!data->iin_ep_present) {
 580                 dev_dbg(dev, "no interrupt endpoint present\n");
 581                 return -EFAULT;
 582         }
 583 
 584         if (get_user(timeout, arg))
 585                 return -EFAULT;
 586 
 587         expire = msecs_to_jiffies(timeout);
 588 
 589         mutex_unlock(&data->io_mutex);
 590 
 591         rv = wait_event_interruptible_timeout(
 592                         data->waitq,
 593                         atomic_read(&file_data->srq_asserted) != 0 ||
 594                         atomic_read(&file_data->closing),
 595                         expire);
 596 
 597         mutex_lock(&data->io_mutex);
 598 
 599         /* Note! disconnect or close could be called in the meantime */
 600         if (atomic_read(&file_data->closing) || data->zombie)
 601                 rv = -ENODEV;
 602 
 603         if (rv < 0) {
 604                 /* dev can be invalid now! */
 605                 pr_debug("%s - wait interrupted %d\n", __func__, rv);
 606                 return rv;
 607         }
 608 
 609         if (rv == 0) {
 610                 dev_dbg(dev, "%s - wait timed out\n", __func__);
 611                 return -ETIMEDOUT;
 612         }
 613 
 614         dev_dbg(dev, "%s - srq asserted\n", __func__);
 615         return 0;
 616 }
 617 
 618 static int usbtmc488_ioctl_simple(struct usbtmc_device_data *data,
 619                                 void __user *arg, unsigned int cmd)
 620 {
 621         struct device *dev = &data->intf->dev;
 622         __u8 val;
 623         u8 *buffer;
 624         u16 wValue;
 625         int rv;
 626 
 627         if (!(data->usb488_caps & USBTMC488_CAPABILITY_SIMPLE))
 628                 return -EINVAL;
 629 
 630         buffer = kmalloc(8, GFP_KERNEL);
 631         if (!buffer)
 632                 return -ENOMEM;
 633 
 634         if (cmd == USBTMC488_REQUEST_REN_CONTROL) {
 635                 rv = copy_from_user(&val, arg, sizeof(val));
 636                 if (rv) {
 637                         rv = -EFAULT;
 638                         goto exit;
 639                 }
 640                 wValue = val ? 1 : 0;
 641         } else {
 642                 wValue = 0;
 643         }
 644 
 645         rv = usb_control_msg(data->usb_dev,
 646                         usb_rcvctrlpipe(data->usb_dev, 0),
 647                         cmd,
 648                         USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
 649                         wValue,
 650                         data->ifnum,
 651                         buffer, 0x01, USB_CTRL_GET_TIMEOUT);
 652         if (rv < 0) {
 653                 dev_err(dev, "simple usb_control_msg failed %d\n", rv);
 654                 goto exit;
 655         } else if (rv != 1) {
 656                 dev_warn(dev, "simple usb_control_msg returned %d\n", rv);
 657                 rv = -EIO;
 658                 goto exit;
 659         }
 660 
 661         if (buffer[0] != USBTMC_STATUS_SUCCESS) {
 662                 dev_err(dev, "simple control status returned %x\n", buffer[0]);
 663                 rv = -EIO;
 664                 goto exit;
 665         }
 666         rv = 0;
 667 
 668  exit:
 669         kfree(buffer);
 670         return rv;
 671 }
 672 
 673 /*
 674  * Sends a TRIGGER Bulk-OUT command message
 675  * See the USBTMC-USB488 specification, Table 2.
 676  *
 677  * Also updates bTag_last_write.
 678  */
 679 static int usbtmc488_ioctl_trigger(struct usbtmc_file_data *file_data)
 680 {
 681         struct usbtmc_device_data *data = file_data->data;
 682         int retval;
 683         u8 *buffer;
 684         int actual;
 685 
 686         buffer = kzalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
 687         if (!buffer)
 688                 return -ENOMEM;
 689 
 690         buffer[0] = 128;
 691         buffer[1] = data->bTag;
 692         buffer[2] = ~data->bTag;
 693 
 694         retval = usb_bulk_msg(data->usb_dev,
 695                               usb_sndbulkpipe(data->usb_dev,
 696                                               data->bulk_out),
 697                               buffer, USBTMC_HEADER_SIZE,
 698                               &actual, file_data->timeout);
 699 
 700         /* Store bTag (in case we need to abort) */
 701         data->bTag_last_write = data->bTag;
 702 
 703         /* Increment bTag -- and increment again if zero */
 704         data->bTag++;
 705         if (!data->bTag)
 706                 data->bTag++;
 707 
 708         kfree(buffer);
 709         if (retval < 0) {
 710                 dev_err(&data->intf->dev, "%s returned %d\n",
 711                         __func__, retval);
 712                 return retval;
 713         }
 714 
 715         return 0;
 716 }
 717 
 718 static struct urb *usbtmc_create_urb(void)
 719 {
 720         const size_t bufsize = USBTMC_BUFSIZE;
 721         u8 *dmabuf = NULL;
 722         struct urb *urb = usb_alloc_urb(0, GFP_KERNEL);
 723 
 724         if (!urb)
 725                 return NULL;
 726 
 727         dmabuf = kmalloc(bufsize, GFP_KERNEL);
 728         if (!dmabuf) {
 729                 usb_free_urb(urb);
 730                 return NULL;
 731         }
 732 
 733         urb->transfer_buffer = dmabuf;
 734         urb->transfer_buffer_length = bufsize;
 735         urb->transfer_flags |= URB_FREE_BUFFER;
 736         return urb;
 737 }
 738 
 739 static void usbtmc_read_bulk_cb(struct urb *urb)
 740 {
 741         struct usbtmc_file_data *file_data = urb->context;
 742         int status = urb->status;
 743         unsigned long flags;
 744 
 745         /* sync/async unlink faults aren't errors */
 746         if (status) {
 747                 if (!(/* status == -ENOENT || */
 748                         status == -ECONNRESET ||
 749                         status == -EREMOTEIO || /* Short packet */
 750                         status == -ESHUTDOWN))
 751                         dev_err(&file_data->data->intf->dev,
 752                         "%s - nonzero read bulk status received: %d\n",
 753                         __func__, status);
 754 
 755                 spin_lock_irqsave(&file_data->err_lock, flags);
 756                 if (!file_data->in_status)
 757                         file_data->in_status = status;
 758                 spin_unlock_irqrestore(&file_data->err_lock, flags);
 759         }
 760 
 761         spin_lock_irqsave(&file_data->err_lock, flags);
 762         file_data->in_transfer_size += urb->actual_length;
 763         dev_dbg(&file_data->data->intf->dev,
 764                 "%s - total size: %u current: %d status: %d\n",
 765                 __func__, file_data->in_transfer_size,
 766                 urb->actual_length, status);
 767         spin_unlock_irqrestore(&file_data->err_lock, flags);
 768         usb_anchor_urb(urb, &file_data->in_anchor);
 769 
 770         wake_up_interruptible(&file_data->wait_bulk_in);
 771         wake_up_interruptible(&file_data->data->waitq);
 772 }
 773 
 774 static inline bool usbtmc_do_transfer(struct usbtmc_file_data *file_data)
 775 {
 776         bool data_or_error;
 777 
 778         spin_lock_irq(&file_data->err_lock);
 779         data_or_error = !usb_anchor_empty(&file_data->in_anchor)
 780                         || file_data->in_status;
 781         spin_unlock_irq(&file_data->err_lock);
 782         dev_dbg(&file_data->data->intf->dev, "%s: returns %d\n", __func__,
 783                 data_or_error);
 784         return data_or_error;
 785 }
 786 
 787 static ssize_t usbtmc_generic_read(struct usbtmc_file_data *file_data,
 788                                    void __user *user_buffer,
 789                                    u32 transfer_size,
 790                                    u32 *transferred,
 791                                    u32 flags)
 792 {
 793         struct usbtmc_device_data *data = file_data->data;
 794         struct device *dev = &data->intf->dev;
 795         u32 done = 0;
 796         u32 remaining;
 797         const u32 bufsize = USBTMC_BUFSIZE;
 798         int retval = 0;
 799         u32 max_transfer_size;
 800         unsigned long expire;
 801         int bufcount = 1;
 802         int again = 0;
 803 
 804         /* mutex already locked */
 805 
 806         *transferred = done;
 807 
 808         max_transfer_size = transfer_size;
 809 
 810         if (flags & USBTMC_FLAG_IGNORE_TRAILER) {
 811                 /* The device may send extra alignment bytes (up to
 812                  * wMaxPacketSize – 1) to avoid sending a zero-length
 813                  * packet
 814                  */
 815                 remaining = transfer_size;
 816                 if ((max_transfer_size % data->wMaxPacketSize) == 0)
 817                         max_transfer_size += (data->wMaxPacketSize - 1);
 818         } else {
 819                 /* round down to bufsize to avoid truncated data left */
 820                 if (max_transfer_size > bufsize) {
 821                         max_transfer_size =
 822                                 roundup(max_transfer_size + 1 - bufsize,
 823                                         bufsize);
 824                 }
 825                 remaining = max_transfer_size;
 826         }
 827 
 828         spin_lock_irq(&file_data->err_lock);
 829 
 830         if (file_data->in_status) {
 831                 /* return the very first error */
 832                 retval = file_data->in_status;
 833                 spin_unlock_irq(&file_data->err_lock);
 834                 goto error;
 835         }
 836 
 837         if (flags & USBTMC_FLAG_ASYNC) {
 838                 if (usb_anchor_empty(&file_data->in_anchor))
 839                         again = 1;
 840 
 841                 if (file_data->in_urbs_used == 0) {
 842                         file_data->in_transfer_size = 0;
 843                         file_data->in_status = 0;
 844                 }
 845         } else {
 846                 file_data->in_transfer_size = 0;
 847                 file_data->in_status = 0;
 848         }
 849 
 850         if (max_transfer_size == 0) {
 851                 bufcount = 0;
 852         } else {
 853                 bufcount = roundup(max_transfer_size, bufsize) / bufsize;
 854                 if (bufcount > file_data->in_urbs_used)
 855                         bufcount -= file_data->in_urbs_used;
 856                 else
 857                         bufcount = 0;
 858 
 859                 if (bufcount + file_data->in_urbs_used > MAX_URBS_IN_FLIGHT) {
 860                         bufcount = MAX_URBS_IN_FLIGHT -
 861                                         file_data->in_urbs_used;
 862                 }
 863         }
 864         spin_unlock_irq(&file_data->err_lock);
 865 
 866         dev_dbg(dev, "%s: requested=%u flags=0x%X size=%u bufs=%d used=%d\n",
 867                 __func__, transfer_size, flags,
 868                 max_transfer_size, bufcount, file_data->in_urbs_used);
 869 
 870         while (bufcount > 0) {
 871                 u8 *dmabuf = NULL;
 872                 struct urb *urb = usbtmc_create_urb();
 873 
 874                 if (!urb) {
 875                         retval = -ENOMEM;
 876                         goto error;
 877                 }
 878 
 879                 dmabuf = urb->transfer_buffer;
 880 
 881                 usb_fill_bulk_urb(urb, data->usb_dev,
 882                         usb_rcvbulkpipe(data->usb_dev, data->bulk_in),
 883                         dmabuf, bufsize,
 884                         usbtmc_read_bulk_cb, file_data);
 885 
 886                 usb_anchor_urb(urb, &file_data->submitted);
 887                 retval = usb_submit_urb(urb, GFP_KERNEL);
 888                 /* urb is anchored. We can release our reference. */
 889                 usb_free_urb(urb);
 890                 if (unlikely(retval)) {
 891                         usb_unanchor_urb(urb);
 892                         goto error;
 893                 }
 894                 file_data->in_urbs_used++;
 895                 bufcount--;
 896         }
 897 
 898         if (again) {
 899                 dev_dbg(dev, "%s: ret=again\n", __func__);
 900                 return -EAGAIN;
 901         }
 902 
 903         if (user_buffer == NULL)
 904                 return -EINVAL;
 905 
 906         expire = msecs_to_jiffies(file_data->timeout);
 907 
 908         while (max_transfer_size > 0) {
 909                 u32 this_part;
 910                 struct urb *urb = NULL;
 911 
 912                 if (!(flags & USBTMC_FLAG_ASYNC)) {
 913                         dev_dbg(dev, "%s: before wait time %lu\n",
 914                                 __func__, expire);
 915                         retval = wait_event_interruptible_timeout(
 916                                 file_data->wait_bulk_in,
 917                                 usbtmc_do_transfer(file_data),
 918                                 expire);
 919 
 920                         dev_dbg(dev, "%s: wait returned %d\n",
 921                                 __func__, retval);
 922 
 923                         if (retval <= 0) {
 924                                 if (retval == 0)
 925                                         retval = -ETIMEDOUT;
 926                                 goto error;
 927                         }
 928                 }
 929 
 930                 urb = usb_get_from_anchor(&file_data->in_anchor);
 931                 if (!urb) {
 932                         if (!(flags & USBTMC_FLAG_ASYNC)) {
 933                                 /* synchronous case: must not happen */
 934                                 retval = -EFAULT;
 935                                 goto error;
 936                         }
 937 
 938                         /* asynchronous case: ready, do not block or wait */
 939                         *transferred = done;
 940                         dev_dbg(dev, "%s: (async) done=%u ret=0\n",
 941                                 __func__, done);
 942                         return 0;
 943                 }
 944 
 945                 file_data->in_urbs_used--;
 946 
 947                 if (max_transfer_size > urb->actual_length)
 948                         max_transfer_size -= urb->actual_length;
 949                 else
 950                         max_transfer_size = 0;
 951 
 952                 if (remaining > urb->actual_length)
 953                         this_part = urb->actual_length;
 954                 else
 955                         this_part = remaining;
 956 
 957                 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1,
 958                         urb->transfer_buffer, urb->actual_length, true);
 959 
 960                 if (copy_to_user(user_buffer + done,
 961                                  urb->transfer_buffer, this_part)) {
 962                         usb_free_urb(urb);
 963                         retval = -EFAULT;
 964                         goto error;
 965                 }
 966 
 967                 remaining -= this_part;
 968                 done += this_part;
 969 
 970                 spin_lock_irq(&file_data->err_lock);
 971                 if (urb->status) {
 972                         /* return the very first error */
 973                         retval = file_data->in_status;
 974                         spin_unlock_irq(&file_data->err_lock);
 975                         usb_free_urb(urb);
 976                         goto error;
 977                 }
 978                 spin_unlock_irq(&file_data->err_lock);
 979 
 980                 if (urb->actual_length < bufsize) {
 981                         /* short packet or ZLP received => ready */
 982                         usb_free_urb(urb);
 983                         retval = 1;
 984                         break;
 985                 }
 986 
 987                 if (!(flags & USBTMC_FLAG_ASYNC) &&
 988                     max_transfer_size > (bufsize * file_data->in_urbs_used)) {
 989                         /* resubmit, since other buffers still not enough */
 990                         usb_anchor_urb(urb, &file_data->submitted);
 991                         retval = usb_submit_urb(urb, GFP_KERNEL);
 992                         if (unlikely(retval)) {
 993                                 usb_unanchor_urb(urb);
 994                                 usb_free_urb(urb);
 995                                 goto error;
 996                         }
 997                         file_data->in_urbs_used++;
 998                 }
 999                 usb_free_urb(urb);
1000                 retval = 0;
1001         }
1002 
1003 error:
1004         *transferred = done;
1005 
1006         dev_dbg(dev, "%s: before kill\n", __func__);
1007         /* Attention: killing urbs can take long time (2 ms) */
1008         usb_kill_anchored_urbs(&file_data->submitted);
1009         dev_dbg(dev, "%s: after kill\n", __func__);
1010         usb_scuttle_anchored_urbs(&file_data->in_anchor);
1011         file_data->in_urbs_used = 0;
1012         file_data->in_status = 0; /* no spinlock needed here */
1013         dev_dbg(dev, "%s: done=%u ret=%d\n", __func__, done, retval);
1014 
1015         return retval;
1016 }
1017 
1018 static ssize_t usbtmc_ioctl_generic_read(struct usbtmc_file_data *file_data,
1019                                          void __user *arg)
1020 {
1021         struct usbtmc_message msg;
1022         ssize_t retval = 0;
1023 
1024         /* mutex already locked */
1025 
1026         if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message)))
1027                 return -EFAULT;
1028 
1029         retval = usbtmc_generic_read(file_data, msg.message,
1030                                      msg.transfer_size, &msg.transferred,
1031                                      msg.flags);
1032 
1033         if (put_user(msg.transferred,
1034                      &((struct usbtmc_message __user *)arg)->transferred))
1035                 return -EFAULT;
1036 
1037         return retval;
1038 }
1039 
1040 static void usbtmc_write_bulk_cb(struct urb *urb)
1041 {
1042         struct usbtmc_file_data *file_data = urb->context;
1043         int wakeup = 0;
1044         unsigned long flags;
1045 
1046         spin_lock_irqsave(&file_data->err_lock, flags);
1047         file_data->out_transfer_size += urb->actual_length;
1048 
1049         /* sync/async unlink faults aren't errors */
1050         if (urb->status) {
1051                 if (!(urb->status == -ENOENT ||
1052                         urb->status == -ECONNRESET ||
1053                         urb->status == -ESHUTDOWN))
1054                         dev_err(&file_data->data->intf->dev,
1055                                 "%s - nonzero write bulk status received: %d\n",
1056                                 __func__, urb->status);
1057 
1058                 if (!file_data->out_status) {
1059                         file_data->out_status = urb->status;
1060                         wakeup = 1;
1061                 }
1062         }
1063         spin_unlock_irqrestore(&file_data->err_lock, flags);
1064 
1065         dev_dbg(&file_data->data->intf->dev,
1066                 "%s - write bulk total size: %u\n",
1067                 __func__, file_data->out_transfer_size);
1068 
1069         up(&file_data->limit_write_sem);
1070         if (usb_anchor_empty(&file_data->submitted) || wakeup)
1071                 wake_up_interruptible(&file_data->data->waitq);
1072 }
1073 
1074 static ssize_t usbtmc_generic_write(struct usbtmc_file_data *file_data,
1075                                     const void __user *user_buffer,
1076                                     u32 transfer_size,
1077                                     u32 *transferred,
1078                                     u32 flags)
1079 {
1080         struct usbtmc_device_data *data = file_data->data;
1081         struct device *dev;
1082         u32 done = 0;
1083         u32 remaining;
1084         unsigned long expire;
1085         const u32 bufsize = USBTMC_BUFSIZE;
1086         struct urb *urb = NULL;
1087         int retval = 0;
1088         u32 timeout;
1089 
1090         *transferred = 0;
1091 
1092         /* Get pointer to private data structure */
1093         dev = &data->intf->dev;
1094 
1095         dev_dbg(dev, "%s: size=%u flags=0x%X sema=%u\n",
1096                 __func__, transfer_size, flags,
1097                 file_data->limit_write_sem.count);
1098 
1099         if (flags & USBTMC_FLAG_APPEND) {
1100                 spin_lock_irq(&file_data->err_lock);
1101                 retval = file_data->out_status;
1102                 spin_unlock_irq(&file_data->err_lock);
1103                 if (retval < 0)
1104                         return retval;
1105         } else {
1106                 spin_lock_irq(&file_data->err_lock);
1107                 file_data->out_transfer_size = 0;
1108                 file_data->out_status = 0;
1109                 spin_unlock_irq(&file_data->err_lock);
1110         }
1111 
1112         remaining = transfer_size;
1113         if (remaining > INT_MAX)
1114                 remaining = INT_MAX;
1115 
1116         timeout = file_data->timeout;
1117         expire = msecs_to_jiffies(timeout);
1118 
1119         while (remaining > 0) {
1120                 u32 this_part, aligned;
1121                 u8 *buffer = NULL;
1122 
1123                 if (flags & USBTMC_FLAG_ASYNC) {
1124                         if (down_trylock(&file_data->limit_write_sem)) {
1125                                 retval = (done)?(0):(-EAGAIN);
1126                                 goto exit;
1127                         }
1128                 } else {
1129                         retval = down_timeout(&file_data->limit_write_sem,
1130                                               expire);
1131                         if (retval < 0) {
1132                                 retval = -ETIMEDOUT;
1133                                 goto error;
1134                         }
1135                 }
1136 
1137                 spin_lock_irq(&file_data->err_lock);
1138                 retval = file_data->out_status;
1139                 spin_unlock_irq(&file_data->err_lock);
1140                 if (retval < 0) {
1141                         up(&file_data->limit_write_sem);
1142                         goto error;
1143                 }
1144 
1145                 /* prepare next urb to send */
1146                 urb = usbtmc_create_urb();
1147                 if (!urb) {
1148                         retval = -ENOMEM;
1149                         up(&file_data->limit_write_sem);
1150                         goto error;
1151                 }
1152                 buffer = urb->transfer_buffer;
1153 
1154                 if (remaining > bufsize)
1155                         this_part = bufsize;
1156                 else
1157                         this_part = remaining;
1158 
1159                 if (copy_from_user(buffer, user_buffer + done, this_part)) {
1160                         retval = -EFAULT;
1161                         up(&file_data->limit_write_sem);
1162                         goto error;
1163                 }
1164 
1165                 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1166                         16, 1, buffer, this_part, true);
1167 
1168                 /* fill bulk with 32 bit alignment to meet USBTMC specification
1169                  * (size + 3 & ~3) rounds up and simplifies user code
1170                  */
1171                 aligned = (this_part + 3) & ~3;
1172                 dev_dbg(dev, "write(size:%u align:%u done:%u)\n",
1173                         (unsigned int)this_part,
1174                         (unsigned int)aligned,
1175                         (unsigned int)done);
1176 
1177                 usb_fill_bulk_urb(urb, data->usb_dev,
1178                         usb_sndbulkpipe(data->usb_dev, data->bulk_out),
1179                         urb->transfer_buffer, aligned,
1180                         usbtmc_write_bulk_cb, file_data);
1181 
1182                 usb_anchor_urb(urb, &file_data->submitted);
1183                 retval = usb_submit_urb(urb, GFP_KERNEL);
1184                 if (unlikely(retval)) {
1185                         usb_unanchor_urb(urb);
1186                         up(&file_data->limit_write_sem);
1187                         goto error;
1188                 }
1189 
1190                 usb_free_urb(urb);
1191                 urb = NULL; /* urb will be finally released by usb driver */
1192 
1193                 remaining -= this_part;
1194                 done += this_part;
1195         }
1196 
1197         /* All urbs are on the fly */
1198         if (!(flags & USBTMC_FLAG_ASYNC)) {
1199                 if (!usb_wait_anchor_empty_timeout(&file_data->submitted,
1200                                                    timeout)) {
1201                         retval = -ETIMEDOUT;
1202                         goto error;
1203                 }
1204         }
1205 
1206         retval = 0;
1207         goto exit;
1208 
1209 error:
1210         usb_kill_anchored_urbs(&file_data->submitted);
1211 exit:
1212         usb_free_urb(urb);
1213 
1214         spin_lock_irq(&file_data->err_lock);
1215         if (!(flags & USBTMC_FLAG_ASYNC))
1216                 done = file_data->out_transfer_size;
1217         if (!retval && file_data->out_status)
1218                 retval = file_data->out_status;
1219         spin_unlock_irq(&file_data->err_lock);
1220 
1221         *transferred = done;
1222 
1223         dev_dbg(dev, "%s: done=%u, retval=%d, urbstat=%d\n",
1224                 __func__, done, retval, file_data->out_status);
1225 
1226         return retval;
1227 }
1228 
1229 static ssize_t usbtmc_ioctl_generic_write(struct usbtmc_file_data *file_data,
1230                                           void __user *arg)
1231 {
1232         struct usbtmc_message msg;
1233         ssize_t retval = 0;
1234 
1235         /* mutex already locked */
1236 
1237         if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message)))
1238                 return -EFAULT;
1239 
1240         retval = usbtmc_generic_write(file_data, msg.message,
1241                                       msg.transfer_size, &msg.transferred,
1242                                       msg.flags);
1243 
1244         if (put_user(msg.transferred,
1245                      &((struct usbtmc_message __user *)arg)->transferred))
1246                 return -EFAULT;
1247 
1248         return retval;
1249 }
1250 
1251 /*
1252  * Get the generic write result
1253  */
1254 static ssize_t usbtmc_ioctl_write_result(struct usbtmc_file_data *file_data,
1255                                 void __user *arg)
1256 {
1257         u32 transferred;
1258         int retval;
1259 
1260         spin_lock_irq(&file_data->err_lock);
1261         transferred = file_data->out_transfer_size;
1262         retval = file_data->out_status;
1263         spin_unlock_irq(&file_data->err_lock);
1264 
1265         if (put_user(transferred, (__u32 __user *)arg))
1266                 return -EFAULT;
1267 
1268         return retval;
1269 }
1270 
1271 /*
1272  * Sends a REQUEST_DEV_DEP_MSG_IN message on the Bulk-OUT endpoint.
1273  * @transfer_size: number of bytes to request from the device.
1274  *
1275  * See the USBTMC specification, Table 4.
1276  *
1277  * Also updates bTag_last_write.
1278  */
1279 static int send_request_dev_dep_msg_in(struct usbtmc_file_data *file_data,
1280                                        u32 transfer_size)
1281 {
1282         struct usbtmc_device_data *data = file_data->data;
1283         int retval;
1284         u8 *buffer;
1285         int actual;
1286 
1287         buffer = kmalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
1288         if (!buffer)
1289                 return -ENOMEM;
1290         /* Setup IO buffer for REQUEST_DEV_DEP_MSG_IN message
1291          * Refer to class specs for details
1292          */
1293         buffer[0] = 2;
1294         buffer[1] = data->bTag;
1295         buffer[2] = ~data->bTag;
1296         buffer[3] = 0; /* Reserved */
1297         buffer[4] = transfer_size >> 0;
1298         buffer[5] = transfer_size >> 8;
1299         buffer[6] = transfer_size >> 16;
1300         buffer[7] = transfer_size >> 24;
1301         buffer[8] = file_data->term_char_enabled * 2;
1302         /* Use term character? */
1303         buffer[9] = file_data->term_char;
1304         buffer[10] = 0; /* Reserved */
1305         buffer[11] = 0; /* Reserved */
1306 
1307         /* Send bulk URB */
1308         retval = usb_bulk_msg(data->usb_dev,
1309                               usb_sndbulkpipe(data->usb_dev,
1310                                               data->bulk_out),
1311                               buffer, USBTMC_HEADER_SIZE,
1312                               &actual, file_data->timeout);
1313 
1314         /* Store bTag (in case we need to abort) */
1315         data->bTag_last_write = data->bTag;
1316 
1317         /* Increment bTag -- and increment again if zero */
1318         data->bTag++;
1319         if (!data->bTag)
1320                 data->bTag++;
1321 
1322         kfree(buffer);
1323         if (retval < 0)
1324                 dev_err(&data->intf->dev, "%s returned %d\n",
1325                         __func__, retval);
1326 
1327         return retval;
1328 }
1329 
1330 static ssize_t usbtmc_read(struct file *filp, char __user *buf,
1331                            size_t count, loff_t *f_pos)
1332 {
1333         struct usbtmc_file_data *file_data;
1334         struct usbtmc_device_data *data;
1335         struct device *dev;
1336         const u32 bufsize = USBTMC_BUFSIZE;
1337         u32 n_characters;
1338         u8 *buffer;
1339         int actual;
1340         u32 done = 0;
1341         u32 remaining;
1342         int retval;
1343 
1344         /* Get pointer to private data structure */
1345         file_data = filp->private_data;
1346         data = file_data->data;
1347         dev = &data->intf->dev;
1348 
1349         buffer = kmalloc(bufsize, GFP_KERNEL);
1350         if (!buffer)
1351                 return -ENOMEM;
1352 
1353         mutex_lock(&data->io_mutex);
1354         if (data->zombie) {
1355                 retval = -ENODEV;
1356                 goto exit;
1357         }
1358 
1359         if (count > INT_MAX)
1360                 count = INT_MAX;
1361 
1362         dev_dbg(dev, "%s(count:%zu)\n", __func__, count);
1363 
1364         retval = send_request_dev_dep_msg_in(file_data, count);
1365 
1366         if (retval < 0) {
1367                 if (file_data->auto_abort)
1368                         usbtmc_ioctl_abort_bulk_out(data);
1369                 goto exit;
1370         }
1371 
1372         /* Loop until we have fetched everything we requested */
1373         remaining = count;
1374         actual = 0;
1375 
1376         /* Send bulk URB */
1377         retval = usb_bulk_msg(data->usb_dev,
1378                               usb_rcvbulkpipe(data->usb_dev,
1379                                               data->bulk_in),
1380                               buffer, bufsize, &actual,
1381                               file_data->timeout);
1382 
1383         dev_dbg(dev, "%s: bulk_msg retval(%u), actual(%d)\n",
1384                 __func__, retval, actual);
1385 
1386         /* Store bTag (in case we need to abort) */
1387         data->bTag_last_read = data->bTag;
1388 
1389         if (retval < 0) {
1390                 if (file_data->auto_abort)
1391                         usbtmc_ioctl_abort_bulk_in(data);
1392                 goto exit;
1393         }
1394 
1395         /* Sanity checks for the header */
1396         if (actual < USBTMC_HEADER_SIZE) {
1397                 dev_err(dev, "Device sent too small first packet: %u < %u\n",
1398                         actual, USBTMC_HEADER_SIZE);
1399                 if (file_data->auto_abort)
1400                         usbtmc_ioctl_abort_bulk_in(data);
1401                 goto exit;
1402         }
1403 
1404         if (buffer[0] != 2) {
1405                 dev_err(dev, "Device sent reply with wrong MsgID: %u != 2\n",
1406                         buffer[0]);
1407                 if (file_data->auto_abort)
1408                         usbtmc_ioctl_abort_bulk_in(data);
1409                 goto exit;
1410         }
1411 
1412         if (buffer[1] != data->bTag_last_write) {
1413                 dev_err(dev, "Device sent reply with wrong bTag: %u != %u\n",
1414                 buffer[1], data->bTag_last_write);
1415                 if (file_data->auto_abort)
1416                         usbtmc_ioctl_abort_bulk_in(data);
1417                 goto exit;
1418         }
1419 
1420         /* How many characters did the instrument send? */
1421         n_characters = buffer[4] +
1422                        (buffer[5] << 8) +
1423                        (buffer[6] << 16) +
1424                        (buffer[7] << 24);
1425 
1426         file_data->bmTransferAttributes = buffer[8];
1427 
1428         dev_dbg(dev, "Bulk-IN header: N_characters(%u), bTransAttr(%u)\n",
1429                 n_characters, buffer[8]);
1430 
1431         if (n_characters > remaining) {
1432                 dev_err(dev, "Device wants to return more data than requested: %u > %zu\n",
1433                         n_characters, count);
1434                 if (file_data->auto_abort)
1435                         usbtmc_ioctl_abort_bulk_in(data);
1436                 goto exit;
1437         }
1438 
1439         print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1440                              16, 1, buffer, actual, true);
1441 
1442         remaining = n_characters;
1443 
1444         /* Remove the USBTMC header */
1445         actual -= USBTMC_HEADER_SIZE;
1446 
1447         /* Remove padding if it exists */
1448         if (actual > remaining)
1449                 actual = remaining;
1450 
1451         remaining -= actual;
1452 
1453         /* Copy buffer to user space */
1454         if (copy_to_user(buf, &buffer[USBTMC_HEADER_SIZE], actual)) {
1455                 /* There must have been an addressing problem */
1456                 retval = -EFAULT;
1457                 goto exit;
1458         }
1459 
1460         if ((actual + USBTMC_HEADER_SIZE) == bufsize) {
1461                 retval = usbtmc_generic_read(file_data, buf + actual,
1462                                              remaining,
1463                                              &done,
1464                                              USBTMC_FLAG_IGNORE_TRAILER);
1465                 if (retval < 0)
1466                         goto exit;
1467         }
1468         done += actual;
1469 
1470         /* Update file position value */
1471         *f_pos = *f_pos + done;
1472         retval = done;
1473 
1474 exit:
1475         mutex_unlock(&data->io_mutex);
1476         kfree(buffer);
1477         return retval;
1478 }
1479 
1480 static ssize_t usbtmc_write(struct file *filp, const char __user *buf,
1481                             size_t count, loff_t *f_pos)
1482 {
1483         struct usbtmc_file_data *file_data;
1484         struct usbtmc_device_data *data;
1485         struct urb *urb = NULL;
1486         ssize_t retval = 0;
1487         u8 *buffer;
1488         u32 remaining, done;
1489         u32 transfersize, aligned, buflen;
1490 
1491         file_data = filp->private_data;
1492         data = file_data->data;
1493 
1494         mutex_lock(&data->io_mutex);
1495 
1496         if (data->zombie) {
1497                 retval = -ENODEV;
1498                 goto exit;
1499         }
1500 
1501         done = 0;
1502 
1503         spin_lock_irq(&file_data->err_lock);
1504         file_data->out_transfer_size = 0;
1505         file_data->out_status = 0;
1506         spin_unlock_irq(&file_data->err_lock);
1507 
1508         if (!count)
1509                 goto exit;
1510 
1511         if (down_trylock(&file_data->limit_write_sem)) {
1512                 /* previous calls were async */
1513                 retval = -EBUSY;
1514                 goto exit;
1515         }
1516 
1517         urb = usbtmc_create_urb();
1518         if (!urb) {
1519                 retval = -ENOMEM;
1520                 up(&file_data->limit_write_sem);
1521                 goto exit;
1522         }
1523 
1524         buffer = urb->transfer_buffer;
1525         buflen = urb->transfer_buffer_length;
1526 
1527         if (count > INT_MAX) {
1528                 transfersize = INT_MAX;
1529                 buffer[8] = 0;
1530         } else {
1531                 transfersize = count;
1532                 buffer[8] = file_data->eom_val;
1533         }
1534 
1535         /* Setup IO buffer for DEV_DEP_MSG_OUT message */
1536         buffer[0] = 1;
1537         buffer[1] = data->bTag;
1538         buffer[2] = ~data->bTag;
1539         buffer[3] = 0; /* Reserved */
1540         buffer[4] = transfersize >> 0;
1541         buffer[5] = transfersize >> 8;
1542         buffer[6] = transfersize >> 16;
1543         buffer[7] = transfersize >> 24;
1544         /* buffer[8] is set above... */
1545         buffer[9] = 0; /* Reserved */
1546         buffer[10] = 0; /* Reserved */
1547         buffer[11] = 0; /* Reserved */
1548 
1549         remaining = transfersize;
1550 
1551         if (transfersize + USBTMC_HEADER_SIZE > buflen) {
1552                 transfersize = buflen - USBTMC_HEADER_SIZE;
1553                 aligned = buflen;
1554         } else {
1555                 aligned = (transfersize + (USBTMC_HEADER_SIZE + 3)) & ~3;
1556         }
1557 
1558         if (copy_from_user(&buffer[USBTMC_HEADER_SIZE], buf, transfersize)) {
1559                 retval = -EFAULT;
1560                 up(&file_data->limit_write_sem);
1561                 goto exit;
1562         }
1563 
1564         dev_dbg(&data->intf->dev, "%s(size:%u align:%u)\n", __func__,
1565                 (unsigned int)transfersize, (unsigned int)aligned);
1566 
1567         print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1568                              16, 1, buffer, aligned, true);
1569 
1570         usb_fill_bulk_urb(urb, data->usb_dev,
1571                 usb_sndbulkpipe(data->usb_dev, data->bulk_out),
1572                 urb->transfer_buffer, aligned,
1573                 usbtmc_write_bulk_cb, file_data);
1574 
1575         usb_anchor_urb(urb, &file_data->submitted);
1576         retval = usb_submit_urb(urb, GFP_KERNEL);
1577         if (unlikely(retval)) {
1578                 usb_unanchor_urb(urb);
1579                 up(&file_data->limit_write_sem);
1580                 goto exit;
1581         }
1582 
1583         remaining -= transfersize;
1584 
1585         data->bTag_last_write = data->bTag;
1586         data->bTag++;
1587 
1588         if (!data->bTag)
1589                 data->bTag++;
1590 
1591         /* call generic_write even when remaining = 0 */
1592         retval = usbtmc_generic_write(file_data, buf + transfersize, remaining,
1593                                       &done, USBTMC_FLAG_APPEND);
1594         /* truncate alignment bytes */
1595         if (done > remaining)
1596                 done = remaining;
1597 
1598         /*add size of first urb*/
1599         done += transfersize;
1600 
1601         if (retval < 0) {
1602                 usb_kill_anchored_urbs(&file_data->submitted);
1603 
1604                 dev_err(&data->intf->dev,
1605                         "Unable to send data, error %d\n", (int)retval);
1606                 if (file_data->auto_abort)
1607                         usbtmc_ioctl_abort_bulk_out(data);
1608                 goto exit;
1609         }
1610 
1611         retval = done;
1612 exit:
1613         usb_free_urb(urb);
1614         mutex_unlock(&data->io_mutex);
1615         return retval;
1616 }
1617 
1618 static int usbtmc_ioctl_clear(struct usbtmc_device_data *data)
1619 {
1620         struct device *dev;
1621         u8 *buffer;
1622         int rv;
1623         int n;
1624         int actual = 0;
1625 
1626         dev = &data->intf->dev;
1627 
1628         dev_dbg(dev, "Sending INITIATE_CLEAR request\n");
1629 
1630         buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL);
1631         if (!buffer)
1632                 return -ENOMEM;
1633 
1634         rv = usb_control_msg(data->usb_dev,
1635                              usb_rcvctrlpipe(data->usb_dev, 0),
1636                              USBTMC_REQUEST_INITIATE_CLEAR,
1637                              USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1638                              0, 0, buffer, 1, USB_CTRL_GET_TIMEOUT);
1639         if (rv < 0) {
1640                 dev_err(dev, "usb_control_msg returned %d\n", rv);
1641                 goto exit;
1642         }
1643 
1644         dev_dbg(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
1645 
1646         if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1647                 dev_err(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
1648                 rv = -EPERM;
1649                 goto exit;
1650         }
1651 
1652         n = 0;
1653 
1654 usbtmc_clear_check_status:
1655 
1656         dev_dbg(dev, "Sending CHECK_CLEAR_STATUS request\n");
1657 
1658         rv = usb_control_msg(data->usb_dev,
1659                              usb_rcvctrlpipe(data->usb_dev, 0),
1660                              USBTMC_REQUEST_CHECK_CLEAR_STATUS,
1661                              USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1662                              0, 0, buffer, 2, USB_CTRL_GET_TIMEOUT);
1663         if (rv < 0) {
1664                 dev_err(dev, "usb_control_msg returned %d\n", rv);
1665                 goto exit;
1666         }
1667 
1668         dev_dbg(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
1669 
1670         if (buffer[0] == USBTMC_STATUS_SUCCESS)
1671                 goto usbtmc_clear_bulk_out_halt;
1672 
1673         if (buffer[0] != USBTMC_STATUS_PENDING) {
1674                 dev_err(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
1675                 rv = -EPERM;
1676                 goto exit;
1677         }
1678 
1679         if ((buffer[1] & 1) != 0) {
1680                 do {
1681                         dev_dbg(dev, "Reading from bulk in EP\n");
1682 
1683                         actual = 0;
1684                         rv = usb_bulk_msg(data->usb_dev,
1685                                           usb_rcvbulkpipe(data->usb_dev,
1686                                                           data->bulk_in),
1687                                           buffer, USBTMC_BUFSIZE,
1688                                           &actual, USB_CTRL_GET_TIMEOUT);
1689 
1690                         print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1691                                              16, 1, buffer, actual, true);
1692 
1693                         n++;
1694 
1695                         if (rv < 0) {
1696                                 dev_err(dev, "usb_control_msg returned %d\n",
1697                                         rv);
1698                                 goto exit;
1699                         }
1700                 } while ((actual == USBTMC_BUFSIZE) &&
1701                           (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
1702         } else {
1703                 /* do not stress device with subsequent requests */
1704                 msleep(50);
1705                 n++;
1706         }
1707 
1708         if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) {
1709                 dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
1710                         USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
1711                 rv = -EPERM;
1712                 goto exit;
1713         }
1714 
1715         goto usbtmc_clear_check_status;
1716 
1717 usbtmc_clear_bulk_out_halt:
1718 
1719         rv = usb_clear_halt(data->usb_dev,
1720                             usb_sndbulkpipe(data->usb_dev, data->bulk_out));
1721         if (rv < 0) {
1722                 dev_err(dev, "usb_clear_halt returned %d\n", rv);
1723                 goto exit;
1724         }
1725         rv = 0;
1726 
1727 exit:
1728         kfree(buffer);
1729         return rv;
1730 }
1731 
1732 static int usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data *data)
1733 {
1734         int rv;
1735 
1736         rv = usb_clear_halt(data->usb_dev,
1737                             usb_sndbulkpipe(data->usb_dev, data->bulk_out));
1738 
1739         if (rv < 0)
1740                 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv);
1741         return rv;
1742 }
1743 
1744 static int usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data *data)
1745 {
1746         int rv;
1747 
1748         rv = usb_clear_halt(data->usb_dev,
1749                             usb_rcvbulkpipe(data->usb_dev, data->bulk_in));
1750 
1751         if (rv < 0)
1752                 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv);
1753         return rv;
1754 }
1755 
1756 static int usbtmc_ioctl_cancel_io(struct usbtmc_file_data *file_data)
1757 {
1758         spin_lock_irq(&file_data->err_lock);
1759         file_data->in_status = -ECANCELED;
1760         file_data->out_status = -ECANCELED;
1761         spin_unlock_irq(&file_data->err_lock);
1762         usb_kill_anchored_urbs(&file_data->submitted);
1763         return 0;
1764 }
1765 
1766 static int usbtmc_ioctl_cleanup_io(struct usbtmc_file_data *file_data)
1767 {
1768         usb_kill_anchored_urbs(&file_data->submitted);
1769         usb_scuttle_anchored_urbs(&file_data->in_anchor);
1770         spin_lock_irq(&file_data->err_lock);
1771         file_data->in_status = 0;
1772         file_data->in_transfer_size = 0;
1773         file_data->out_status = 0;
1774         file_data->out_transfer_size = 0;
1775         spin_unlock_irq(&file_data->err_lock);
1776 
1777         file_data->in_urbs_used = 0;
1778         return 0;
1779 }
1780 
1781 static int get_capabilities(struct usbtmc_device_data *data)
1782 {
1783         struct device *dev = &data->usb_dev->dev;
1784         char *buffer;
1785         int rv = 0;
1786 
1787         buffer = kmalloc(0x18, GFP_KERNEL);
1788         if (!buffer)
1789                 return -ENOMEM;
1790 
1791         rv = usb_control_msg(data->usb_dev, usb_rcvctrlpipe(data->usb_dev, 0),
1792                              USBTMC_REQUEST_GET_CAPABILITIES,
1793                              USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1794                              0, 0, buffer, 0x18, USB_CTRL_GET_TIMEOUT);
1795         if (rv < 0) {
1796                 dev_err(dev, "usb_control_msg returned %d\n", rv);
1797                 goto err_out;
1798         }
1799 
1800         dev_dbg(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
1801         if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1802                 dev_err(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
1803                 rv = -EPERM;
1804                 goto err_out;
1805         }
1806         dev_dbg(dev, "Interface capabilities are %x\n", buffer[4]);
1807         dev_dbg(dev, "Device capabilities are %x\n", buffer[5]);
1808         dev_dbg(dev, "USB488 interface capabilities are %x\n", buffer[14]);
1809         dev_dbg(dev, "USB488 device capabilities are %x\n", buffer[15]);
1810 
1811         data->capabilities.interface_capabilities = buffer[4];
1812         data->capabilities.device_capabilities = buffer[5];
1813         data->capabilities.usb488_interface_capabilities = buffer[14];
1814         data->capabilities.usb488_device_capabilities = buffer[15];
1815         data->usb488_caps = (buffer[14] & 0x07) | ((buffer[15] & 0x0f) << 4);
1816         rv = 0;
1817 
1818 err_out:
1819         kfree(buffer);
1820         return rv;
1821 }
1822 
1823 #define capability_attribute(name)                                      \
1824 static ssize_t name##_show(struct device *dev,                          \
1825                            struct device_attribute *attr, char *buf)    \
1826 {                                                                       \
1827         struct usb_interface *intf = to_usb_interface(dev);             \
1828         struct usbtmc_device_data *data = usb_get_intfdata(intf);       \
1829                                                                         \
1830         return sprintf(buf, "%d\n", data->capabilities.name);           \
1831 }                                                                       \
1832 static DEVICE_ATTR_RO(name)
1833 
1834 capability_attribute(interface_capabilities);
1835 capability_attribute(device_capabilities);
1836 capability_attribute(usb488_interface_capabilities);
1837 capability_attribute(usb488_device_capabilities);
1838 
1839 static struct attribute *usbtmc_attrs[] = {
1840         &dev_attr_interface_capabilities.attr,
1841         &dev_attr_device_capabilities.attr,
1842         &dev_attr_usb488_interface_capabilities.attr,
1843         &dev_attr_usb488_device_capabilities.attr,
1844         NULL,
1845 };
1846 ATTRIBUTE_GROUPS(usbtmc);
1847 
1848 static int usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data *data)
1849 {
1850         struct device *dev;
1851         u8 *buffer;
1852         int rv;
1853 
1854         dev = &data->intf->dev;
1855 
1856         buffer = kmalloc(2, GFP_KERNEL);
1857         if (!buffer)
1858                 return -ENOMEM;
1859 
1860         rv = usb_control_msg(data->usb_dev,
1861                              usb_rcvctrlpipe(data->usb_dev, 0),
1862                              USBTMC_REQUEST_INDICATOR_PULSE,
1863                              USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1864                              0, 0, buffer, 0x01, USB_CTRL_GET_TIMEOUT);
1865 
1866         if (rv < 0) {
1867                 dev_err(dev, "usb_control_msg returned %d\n", rv);
1868                 goto exit;
1869         }
1870 
1871         dev_dbg(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1872 
1873         if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1874                 dev_err(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1875                 rv = -EPERM;
1876                 goto exit;
1877         }
1878         rv = 0;
1879 
1880 exit:
1881         kfree(buffer);
1882         return rv;
1883 }
1884 
1885 static int usbtmc_ioctl_request(struct usbtmc_device_data *data,
1886                                 void __user *arg)
1887 {
1888         struct device *dev = &data->intf->dev;
1889         struct usbtmc_ctrlrequest request;
1890         u8 *buffer = NULL;
1891         int rv;
1892         unsigned long res;
1893 
1894         res = copy_from_user(&request, arg, sizeof(struct usbtmc_ctrlrequest));
1895         if (res)
1896                 return -EFAULT;
1897 
1898         if (request.req.wLength > USBTMC_BUFSIZE)
1899                 return -EMSGSIZE;
1900 
1901         if (request.req.wLength) {
1902                 buffer = kmalloc(request.req.wLength, GFP_KERNEL);
1903                 if (!buffer)
1904                         return -ENOMEM;
1905 
1906                 if ((request.req.bRequestType & USB_DIR_IN) == 0) {
1907                         /* Send control data to device */
1908                         res = copy_from_user(buffer, request.data,
1909                                              request.req.wLength);
1910                         if (res) {
1911                                 rv = -EFAULT;
1912                                 goto exit;
1913                         }
1914                 }
1915         }
1916 
1917         rv = usb_control_msg(data->usb_dev,
1918                         usb_rcvctrlpipe(data->usb_dev, 0),
1919                         request.req.bRequest,
1920                         request.req.bRequestType,
1921                         request.req.wValue,
1922                         request.req.wIndex,
1923                         buffer, request.req.wLength, USB_CTRL_GET_TIMEOUT);
1924 
1925         if (rv < 0) {
1926                 dev_err(dev, "%s failed %d\n", __func__, rv);
1927                 goto exit;
1928         }
1929 
1930         if (rv && (request.req.bRequestType & USB_DIR_IN)) {
1931                 /* Read control data from device */
1932                 res = copy_to_user(request.data, buffer, rv);
1933                 if (res)
1934                         rv = -EFAULT;
1935         }
1936 
1937  exit:
1938         kfree(buffer);
1939         return rv;
1940 }
1941 
1942 /*
1943  * Get the usb timeout value
1944  */
1945 static int usbtmc_ioctl_get_timeout(struct usbtmc_file_data *file_data,
1946                                 void __user *arg)
1947 {
1948         u32 timeout;
1949 
1950         timeout = file_data->timeout;
1951 
1952         return put_user(timeout, (__u32 __user *)arg);
1953 }
1954 
1955 /*
1956  * Set the usb timeout value
1957  */
1958 static int usbtmc_ioctl_set_timeout(struct usbtmc_file_data *file_data,
1959                                 void __user *arg)
1960 {
1961         u32 timeout;
1962 
1963         if (get_user(timeout, (__u32 __user *)arg))
1964                 return -EFAULT;
1965 
1966         /* Note that timeout = 0 means
1967          * MAX_SCHEDULE_TIMEOUT in usb_control_msg
1968          */
1969         if (timeout < USBTMC_MIN_TIMEOUT)
1970                 return -EINVAL;
1971 
1972         file_data->timeout = timeout;
1973 
1974         return 0;
1975 }
1976 
1977 /*
1978  * enables/disables sending EOM on write
1979  */
1980 static int usbtmc_ioctl_eom_enable(struct usbtmc_file_data *file_data,
1981                                 void __user *arg)
1982 {
1983         u8 eom_enable;
1984 
1985         if (copy_from_user(&eom_enable, arg, sizeof(eom_enable)))
1986                 return -EFAULT;
1987 
1988         if (eom_enable > 1)
1989                 return -EINVAL;
1990 
1991         file_data->eom_val = eom_enable;
1992 
1993         return 0;
1994 }
1995 
1996 /*
1997  * Configure termination character for read()
1998  */
1999 static int usbtmc_ioctl_config_termc(struct usbtmc_file_data *file_data,
2000                                 void __user *arg)
2001 {
2002         struct usbtmc_termchar termc;
2003 
2004         if (copy_from_user(&termc, arg, sizeof(termc)))
2005                 return -EFAULT;
2006 
2007         if ((termc.term_char_enabled > 1) ||
2008                 (termc.term_char_enabled &&
2009                 !(file_data->data->capabilities.device_capabilities & 1)))
2010                 return -EINVAL;
2011 
2012         file_data->term_char = termc.term_char;
2013         file_data->term_char_enabled = termc.term_char_enabled;
2014 
2015         return 0;
2016 }
2017 
2018 static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2019 {
2020         struct usbtmc_file_data *file_data;
2021         struct usbtmc_device_data *data;
2022         int retval = -EBADRQC;
2023         __u8 tmp_byte;
2024 
2025         file_data = file->private_data;
2026         data = file_data->data;
2027 
2028         mutex_lock(&data->io_mutex);
2029         if (data->zombie) {
2030                 retval = -ENODEV;
2031                 goto skip_io_on_zombie;
2032         }
2033 
2034         switch (cmd) {
2035         case USBTMC_IOCTL_CLEAR_OUT_HALT:
2036                 retval = usbtmc_ioctl_clear_out_halt(data);
2037                 break;
2038 
2039         case USBTMC_IOCTL_CLEAR_IN_HALT:
2040                 retval = usbtmc_ioctl_clear_in_halt(data);
2041                 break;
2042 
2043         case USBTMC_IOCTL_INDICATOR_PULSE:
2044                 retval = usbtmc_ioctl_indicator_pulse(data);
2045                 break;
2046 
2047         case USBTMC_IOCTL_CLEAR:
2048                 retval = usbtmc_ioctl_clear(data);
2049                 break;
2050 
2051         case USBTMC_IOCTL_ABORT_BULK_OUT:
2052                 retval = usbtmc_ioctl_abort_bulk_out(data);
2053                 break;
2054 
2055         case USBTMC_IOCTL_ABORT_BULK_IN:
2056                 retval = usbtmc_ioctl_abort_bulk_in(data);
2057                 break;
2058 
2059         case USBTMC_IOCTL_CTRL_REQUEST:
2060                 retval = usbtmc_ioctl_request(data, (void __user *)arg);
2061                 break;
2062 
2063         case USBTMC_IOCTL_GET_TIMEOUT:
2064                 retval = usbtmc_ioctl_get_timeout(file_data,
2065                                                   (void __user *)arg);
2066                 break;
2067 
2068         case USBTMC_IOCTL_SET_TIMEOUT:
2069                 retval = usbtmc_ioctl_set_timeout(file_data,
2070                                                   (void __user *)arg);
2071                 break;
2072 
2073         case USBTMC_IOCTL_EOM_ENABLE:
2074                 retval = usbtmc_ioctl_eom_enable(file_data,
2075                                                  (void __user *)arg);
2076                 break;
2077 
2078         case USBTMC_IOCTL_CONFIG_TERMCHAR:
2079                 retval = usbtmc_ioctl_config_termc(file_data,
2080                                                    (void __user *)arg);
2081                 break;
2082 
2083         case USBTMC_IOCTL_WRITE:
2084                 retval = usbtmc_ioctl_generic_write(file_data,
2085                                                     (void __user *)arg);
2086                 break;
2087 
2088         case USBTMC_IOCTL_READ:
2089                 retval = usbtmc_ioctl_generic_read(file_data,
2090                                                    (void __user *)arg);
2091                 break;
2092 
2093         case USBTMC_IOCTL_WRITE_RESULT:
2094                 retval = usbtmc_ioctl_write_result(file_data,
2095                                                    (void __user *)arg);
2096                 break;
2097 
2098         case USBTMC_IOCTL_API_VERSION:
2099                 retval = put_user(USBTMC_API_VERSION,
2100                                   (__u32 __user *)arg);
2101                 break;
2102 
2103         case USBTMC488_IOCTL_GET_CAPS:
2104                 retval = put_user(data->usb488_caps,
2105                                   (unsigned char __user *)arg);
2106                 break;
2107 
2108         case USBTMC488_IOCTL_READ_STB:
2109                 retval = usbtmc488_ioctl_read_stb(file_data,
2110                                                   (void __user *)arg);
2111                 break;
2112 
2113         case USBTMC488_IOCTL_REN_CONTROL:
2114                 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2115                                                 USBTMC488_REQUEST_REN_CONTROL);
2116                 break;
2117 
2118         case USBTMC488_IOCTL_GOTO_LOCAL:
2119                 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2120                                                 USBTMC488_REQUEST_GOTO_LOCAL);
2121                 break;
2122 
2123         case USBTMC488_IOCTL_LOCAL_LOCKOUT:
2124                 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2125                                                 USBTMC488_REQUEST_LOCAL_LOCKOUT);
2126                 break;
2127 
2128         case USBTMC488_IOCTL_TRIGGER:
2129                 retval = usbtmc488_ioctl_trigger(file_data);
2130                 break;
2131 
2132         case USBTMC488_IOCTL_WAIT_SRQ:
2133                 retval = usbtmc488_ioctl_wait_srq(file_data,
2134                                                   (__u32 __user *)arg);
2135                 break;
2136 
2137         case USBTMC_IOCTL_MSG_IN_ATTR:
2138                 retval = put_user(file_data->bmTransferAttributes,
2139                                   (__u8 __user *)arg);
2140                 break;
2141 
2142         case USBTMC_IOCTL_AUTO_ABORT:
2143                 retval = get_user(tmp_byte, (unsigned char __user *)arg);
2144                 if (retval == 0)
2145                         file_data->auto_abort = !!tmp_byte;
2146                 break;
2147 
2148         case USBTMC_IOCTL_CANCEL_IO:
2149                 retval = usbtmc_ioctl_cancel_io(file_data);
2150                 break;
2151 
2152         case USBTMC_IOCTL_CLEANUP_IO:
2153                 retval = usbtmc_ioctl_cleanup_io(file_data);
2154                 break;
2155         }
2156 
2157 skip_io_on_zombie:
2158         mutex_unlock(&data->io_mutex);
2159         return retval;
2160 }
2161 
2162 static int usbtmc_fasync(int fd, struct file *file, int on)
2163 {
2164         struct usbtmc_file_data *file_data = file->private_data;
2165 
2166         return fasync_helper(fd, file, on, &file_data->data->fasync);
2167 }
2168 
2169 static __poll_t usbtmc_poll(struct file *file, poll_table *wait)
2170 {
2171         struct usbtmc_file_data *file_data = file->private_data;
2172         struct usbtmc_device_data *data = file_data->data;
2173         __poll_t mask;
2174 
2175         mutex_lock(&data->io_mutex);
2176 
2177         if (data->zombie) {
2178                 mask = EPOLLHUP | EPOLLERR;
2179                 goto no_poll;
2180         }
2181 
2182         poll_wait(file, &data->waitq, wait);
2183 
2184         /* Note that EPOLLPRI is now assigned to SRQ, and
2185          * EPOLLIN|EPOLLRDNORM to normal read data.
2186          */
2187         mask = 0;
2188         if (atomic_read(&file_data->srq_asserted))
2189                 mask |= EPOLLPRI;
2190 
2191         /* Note that the anchor submitted includes all urbs for BULK IN
2192          * and OUT. So EPOLLOUT is signaled when BULK OUT is empty and
2193          * all BULK IN urbs are completed and moved to in_anchor.
2194          */
2195         if (usb_anchor_empty(&file_data->submitted))
2196                 mask |= (EPOLLOUT | EPOLLWRNORM);
2197         if (!usb_anchor_empty(&file_data->in_anchor))
2198                 mask |= (EPOLLIN | EPOLLRDNORM);
2199 
2200         spin_lock_irq(&file_data->err_lock);
2201         if (file_data->in_status || file_data->out_status)
2202                 mask |= EPOLLERR;
2203         spin_unlock_irq(&file_data->err_lock);
2204 
2205         dev_dbg(&data->intf->dev, "poll mask = %x\n", mask);
2206 
2207 no_poll:
2208         mutex_unlock(&data->io_mutex);
2209         return mask;
2210 }
2211 
2212 static const struct file_operations fops = {
2213         .owner          = THIS_MODULE,
2214         .read           = usbtmc_read,
2215         .write          = usbtmc_write,
2216         .open           = usbtmc_open,
2217         .release        = usbtmc_release,
2218         .flush          = usbtmc_flush,
2219         .unlocked_ioctl = usbtmc_ioctl,
2220 #ifdef CONFIG_COMPAT
2221         .compat_ioctl   = usbtmc_ioctl,
2222 #endif
2223         .fasync         = usbtmc_fasync,
2224         .poll           = usbtmc_poll,
2225         .llseek         = default_llseek,
2226 };
2227 
2228 static struct usb_class_driver usbtmc_class = {
2229         .name =         "usbtmc%d",
2230         .fops =         &fops,
2231         .minor_base =   USBTMC_MINOR_BASE,
2232 };
2233 
2234 static void usbtmc_interrupt(struct urb *urb)
2235 {
2236         struct usbtmc_device_data *data = urb->context;
2237         struct device *dev = &data->intf->dev;
2238         int status = urb->status;
2239         int rv;
2240 
2241         dev_dbg(&data->intf->dev, "int status: %d len %d\n",
2242                 status, urb->actual_length);
2243 
2244         switch (status) {
2245         case 0: /* SUCCESS */
2246                 /* check for valid STB notification */
2247                 if (data->iin_buffer[0] > 0x81) {
2248                         data->bNotify1 = data->iin_buffer[0];
2249                         data->bNotify2 = data->iin_buffer[1];
2250                         atomic_set(&data->iin_data_valid, 1);
2251                         wake_up_interruptible(&data->waitq);
2252                         goto exit;
2253                 }
2254                 /* check for SRQ notification */
2255                 if (data->iin_buffer[0] == 0x81) {
2256                         unsigned long flags;
2257                         struct list_head *elem;
2258 
2259                         if (data->fasync)
2260                                 kill_fasync(&data->fasync,
2261                                         SIGIO, POLL_PRI);
2262 
2263                         spin_lock_irqsave(&data->dev_lock, flags);
2264                         list_for_each(elem, &data->file_list) {
2265                                 struct usbtmc_file_data *file_data;
2266 
2267                                 file_data = list_entry(elem,
2268                                                        struct usbtmc_file_data,
2269                                                        file_elem);
2270                                 file_data->srq_byte = data->iin_buffer[1];
2271                                 atomic_set(&file_data->srq_asserted, 1);
2272                         }
2273                         spin_unlock_irqrestore(&data->dev_lock, flags);
2274 
2275                         dev_dbg(dev, "srq received bTag %x stb %x\n",
2276                                 (unsigned int)data->iin_buffer[0],
2277                                 (unsigned int)data->iin_buffer[1]);
2278                         wake_up_interruptible_all(&data->waitq);
2279                         goto exit;
2280                 }
2281                 dev_warn(dev, "invalid notification: %x\n",
2282                          data->iin_buffer[0]);
2283                 break;
2284         case -EOVERFLOW:
2285                 dev_err(dev, "overflow with length %d, actual length is %d\n",
2286                         data->iin_wMaxPacketSize, urb->actual_length);
2287                 /* fall through */
2288         case -ECONNRESET:
2289         case -ENOENT:
2290         case -ESHUTDOWN:
2291         case -EILSEQ:
2292         case -ETIME:
2293         case -EPIPE:
2294                 /* urb terminated, clean up */
2295                 dev_dbg(dev, "urb terminated, status: %d\n", status);
2296                 return;
2297         default:
2298                 dev_err(dev, "unknown status received: %d\n", status);
2299         }
2300 exit:
2301         rv = usb_submit_urb(urb, GFP_ATOMIC);
2302         if (rv)
2303                 dev_err(dev, "usb_submit_urb failed: %d\n", rv);
2304 }
2305 
2306 static void usbtmc_free_int(struct usbtmc_device_data *data)
2307 {
2308         if (!data->iin_ep_present || !data->iin_urb)
2309                 return;
2310         usb_kill_urb(data->iin_urb);
2311         kfree(data->iin_buffer);
2312         data->iin_buffer = NULL;
2313         usb_free_urb(data->iin_urb);
2314         data->iin_urb = NULL;
2315         kref_put(&data->kref, usbtmc_delete);
2316 }
2317 
2318 static int usbtmc_probe(struct usb_interface *intf,
2319                         const struct usb_device_id *id)
2320 {
2321         struct usbtmc_device_data *data;
2322         struct usb_host_interface *iface_desc;
2323         struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in;
2324         int retcode;
2325 
2326         dev_dbg(&intf->dev, "%s called\n", __func__);
2327 
2328         data = kzalloc(sizeof(*data), GFP_KERNEL);
2329         if (!data)
2330                 return -ENOMEM;
2331 
2332         data->intf = intf;
2333         data->id = id;
2334         data->usb_dev = usb_get_dev(interface_to_usbdev(intf));
2335         usb_set_intfdata(intf, data);
2336         kref_init(&data->kref);
2337         mutex_init(&data->io_mutex);
2338         init_waitqueue_head(&data->waitq);
2339         atomic_set(&data->iin_data_valid, 0);
2340         INIT_LIST_HEAD(&data->file_list);
2341         spin_lock_init(&data->dev_lock);
2342 
2343         data->zombie = 0;
2344 
2345         /* Initialize USBTMC bTag and other fields */
2346         data->bTag      = 1;
2347         /*  2 <= bTag <= 127   USBTMC-USB488 subclass specification 4.3.1 */
2348         data->iin_bTag = 2;
2349 
2350         /* USBTMC devices have only one setting, so use that */
2351         iface_desc = data->intf->cur_altsetting;
2352         data->ifnum = iface_desc->desc.bInterfaceNumber;
2353 
2354         /* Find bulk endpoints */
2355         retcode = usb_find_common_endpoints(iface_desc,
2356                         &bulk_in, &bulk_out, NULL, NULL);
2357         if (retcode) {
2358                 dev_err(&intf->dev, "bulk endpoints not found\n");
2359                 goto err_put;
2360         }
2361 
2362         retcode = -EINVAL;
2363         data->bulk_in = bulk_in->bEndpointAddress;
2364         data->wMaxPacketSize = usb_endpoint_maxp(bulk_in);
2365         if (!data->wMaxPacketSize)
2366                 goto err_put;
2367         dev_dbg(&intf->dev, "Found bulk in endpoint at %u\n", data->bulk_in);
2368 
2369         data->bulk_out = bulk_out->bEndpointAddress;
2370         dev_dbg(&intf->dev, "Found Bulk out endpoint at %u\n", data->bulk_out);
2371 
2372         /* Find int endpoint */
2373         retcode = usb_find_int_in_endpoint(iface_desc, &int_in);
2374         if (!retcode) {
2375                 data->iin_ep_present = 1;
2376                 data->iin_ep = int_in->bEndpointAddress;
2377                 data->iin_wMaxPacketSize = usb_endpoint_maxp(int_in);
2378                 data->iin_interval = int_in->bInterval;
2379                 dev_dbg(&intf->dev, "Found Int in endpoint at %u\n",
2380                                 data->iin_ep);
2381         }
2382 
2383         retcode = get_capabilities(data);
2384         if (retcode)
2385                 dev_err(&intf->dev, "can't read capabilities\n");
2386 
2387         if (data->iin_ep_present) {
2388                 /* allocate int urb */
2389                 data->iin_urb = usb_alloc_urb(0, GFP_KERNEL);
2390                 if (!data->iin_urb) {
2391                         retcode = -ENOMEM;
2392                         goto error_register;
2393                 }
2394 
2395                 /* Protect interrupt in endpoint data until iin_urb is freed */
2396                 kref_get(&data->kref);
2397 
2398                 /* allocate buffer for interrupt in */
2399                 data->iin_buffer = kmalloc(data->iin_wMaxPacketSize,
2400                                         GFP_KERNEL);
2401                 if (!data->iin_buffer) {
2402                         retcode = -ENOMEM;
2403                         goto error_register;
2404                 }
2405 
2406                 /* fill interrupt urb */
2407                 usb_fill_int_urb(data->iin_urb, data->usb_dev,
2408                                 usb_rcvintpipe(data->usb_dev, data->iin_ep),
2409                                 data->iin_buffer, data->iin_wMaxPacketSize,
2410                                 usbtmc_interrupt,
2411                                 data, data->iin_interval);
2412 
2413                 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL);
2414                 if (retcode) {
2415                         dev_err(&intf->dev, "Failed to submit iin_urb\n");
2416                         goto error_register;
2417                 }
2418         }
2419 
2420         retcode = usb_register_dev(intf, &usbtmc_class);
2421         if (retcode) {
2422                 dev_err(&intf->dev, "Not able to get a minor (base %u, slice default): %d\n",
2423                         USBTMC_MINOR_BASE,
2424                         retcode);
2425                 goto error_register;
2426         }
2427         dev_dbg(&intf->dev, "Using minor number %d\n", intf->minor);
2428 
2429         return 0;
2430 
2431 error_register:
2432         usbtmc_free_int(data);
2433 err_put:
2434         kref_put(&data->kref, usbtmc_delete);
2435         return retcode;
2436 }
2437 
2438 static void usbtmc_disconnect(struct usb_interface *intf)
2439 {
2440         struct usbtmc_device_data *data  = usb_get_intfdata(intf);
2441         struct list_head *elem;
2442 
2443         usb_deregister_dev(intf, &usbtmc_class);
2444         mutex_lock(&data->io_mutex);
2445         data->zombie = 1;
2446         wake_up_interruptible_all(&data->waitq);
2447         list_for_each(elem, &data->file_list) {
2448                 struct usbtmc_file_data *file_data;
2449 
2450                 file_data = list_entry(elem,
2451                                        struct usbtmc_file_data,
2452                                        file_elem);
2453                 usb_kill_anchored_urbs(&file_data->submitted);
2454                 usb_scuttle_anchored_urbs(&file_data->in_anchor);
2455         }
2456         mutex_unlock(&data->io_mutex);
2457         usbtmc_free_int(data);
2458         kref_put(&data->kref, usbtmc_delete);
2459 }
2460 
2461 static void usbtmc_draw_down(struct usbtmc_file_data *file_data)
2462 {
2463         int time;
2464 
2465         time = usb_wait_anchor_empty_timeout(&file_data->submitted, 1000);
2466         if (!time)
2467                 usb_kill_anchored_urbs(&file_data->submitted);
2468         usb_scuttle_anchored_urbs(&file_data->in_anchor);
2469 }
2470 
2471 static int usbtmc_suspend(struct usb_interface *intf, pm_message_t message)
2472 {
2473         struct usbtmc_device_data *data = usb_get_intfdata(intf);
2474         struct list_head *elem;
2475 
2476         if (!data)
2477                 return 0;
2478 
2479         mutex_lock(&data->io_mutex);
2480         list_for_each(elem, &data->file_list) {
2481                 struct usbtmc_file_data *file_data;
2482 
2483                 file_data = list_entry(elem,
2484                                        struct usbtmc_file_data,
2485                                        file_elem);
2486                 usbtmc_draw_down(file_data);
2487         }
2488 
2489         if (data->iin_ep_present && data->iin_urb)
2490                 usb_kill_urb(data->iin_urb);
2491 
2492         mutex_unlock(&data->io_mutex);
2493         return 0;
2494 }
2495 
2496 static int usbtmc_resume(struct usb_interface *intf)
2497 {
2498         struct usbtmc_device_data *data = usb_get_intfdata(intf);
2499         int retcode = 0;
2500 
2501         if (data->iin_ep_present && data->iin_urb)
2502                 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL);
2503         if (retcode)
2504                 dev_err(&intf->dev, "Failed to submit iin_urb\n");
2505 
2506         return retcode;
2507 }
2508 
2509 static int usbtmc_pre_reset(struct usb_interface *intf)
2510 {
2511         struct usbtmc_device_data *data  = usb_get_intfdata(intf);
2512         struct list_head *elem;
2513 
2514         if (!data)
2515                 return 0;
2516 
2517         mutex_lock(&data->io_mutex);
2518 
2519         list_for_each(elem, &data->file_list) {
2520                 struct usbtmc_file_data *file_data;
2521 
2522                 file_data = list_entry(elem,
2523                                        struct usbtmc_file_data,
2524                                        file_elem);
2525                 usbtmc_ioctl_cancel_io(file_data);
2526         }
2527 
2528         return 0;
2529 }
2530 
2531 static int usbtmc_post_reset(struct usb_interface *intf)
2532 {
2533         struct usbtmc_device_data *data  = usb_get_intfdata(intf);
2534 
2535         mutex_unlock(&data->io_mutex);
2536 
2537         return 0;
2538 }
2539 
2540 static struct usb_driver usbtmc_driver = {
2541         .name           = "usbtmc",
2542         .id_table       = usbtmc_devices,
2543         .probe          = usbtmc_probe,
2544         .disconnect     = usbtmc_disconnect,
2545         .suspend        = usbtmc_suspend,
2546         .resume         = usbtmc_resume,
2547         .pre_reset      = usbtmc_pre_reset,
2548         .post_reset     = usbtmc_post_reset,
2549         .dev_groups     = usbtmc_groups,
2550 };
2551 
2552 module_usb_driver(usbtmc_driver);
2553 
2554 MODULE_LICENSE("GPL");

/* [<][>][^][v][top][bottom][index][help] */