search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
USB: legousbtower: fix potential NULL-deref on disconnect
[linux/fpc-iii.git] / drivers / usb / misc / legousbtower.c
blobbeb1ec8e54bb3b787f1fa7cad8140e82b32cc1fd
1 /*
2 * LEGO USB Tower driver
3 *
4 * Copyright (C) 2003 David Glance <davidgsf@sourceforge.net>
5 * 2001-2004 Juergen Stuber <starblue@users.sourceforge.net>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 of
10 * the License, or (at your option) any later version.
11 *
12 * derived from USB Skeleton driver - 0.5
13 * Copyright (C) 2001 Greg Kroah-Hartman (greg@kroah.com)
14 *
15 * History:
16 *
17 * 2001-10-13 - 0.1 js
18 * - first version
19 * 2001-11-03 - 0.2 js
20 * - simplified buffering, one-shot URBs for writing
21 * 2001-11-10 - 0.3 js
22 * - removed IOCTL (setting power/mode is more complicated, postponed)
23 * 2001-11-28 - 0.4 js
24 * - added vendor commands for mode of operation and power level in open
25 * 2001-12-04 - 0.5 js
26 * - set IR mode by default (by oversight 0.4 set VLL mode)
27 * 2002-01-11 - 0.5? pcchan
28 * - make read buffer reusable and work around bytes_to_write issue between
29 * uhci and legusbtower
30 * 2002-09-23 - 0.52 david (david@csse.uwa.edu.au)
31 * - imported into lejos project
32 * - changed wake_up to wake_up_interruptible
33 * - changed to use lego0 rather than tower0
34 * - changed dbg() to use __func__ rather than deprecated __func__
35 * 2003-01-12 - 0.53 david (david@csse.uwa.edu.au)
36 * - changed read and write to write everything or
37 * timeout (from a patch by Chris Riesen and Brett Thaeler driver)
38 * - added ioctl functionality to set timeouts
39 * 2003-07-18 - 0.54 davidgsf (david@csse.uwa.edu.au)
40 * - initial import into LegoUSB project
41 * - merge of existing LegoUSB.c driver
42 * 2003-07-18 - 0.56 davidgsf (david@csse.uwa.edu.au)
43 * - port to 2.6 style driver
44 * 2004-02-29 - 0.6 Juergen Stuber <starblue@users.sourceforge.net>
45 * - fix locking
46 * - unlink read URBs which are no longer needed
47 * - allow increased buffer size, eliminates need for timeout on write
48 * - have read URB running continuously
49 * - added poll
50 * - forbid seeking
51 * - added nonblocking I/O
52 * - changed back __func__ to __func__
53 * - read and log tower firmware version
54 * - reset tower on probe, avoids failure of first write
55 * 2004-03-09 - 0.7 Juergen Stuber <starblue@users.sourceforge.net>
56 * - timeout read now only after inactivity, shorten default accordingly
57 * 2004-03-11 - 0.8 Juergen Stuber <starblue@users.sourceforge.net>
58 * - log major, minor instead of possibly confusing device filename
59 * - whitespace cleanup
60 * 2004-03-12 - 0.9 Juergen Stuber <starblue@users.sourceforge.net>
61 * - normalize whitespace in debug messages
62 * - take care about endianness in control message responses
63 * 2004-03-13 - 0.91 Juergen Stuber <starblue@users.sourceforge.net>
64 * - make default intervals longer to accommodate current EHCI driver
65 * 2004-03-19 - 0.92 Juergen Stuber <starblue@users.sourceforge.net>
66 * - replaced atomic_t by memory barriers
67 * 2004-04-21 - 0.93 Juergen Stuber <starblue@users.sourceforge.net>
68 * - wait for completion of write urb in release (needed for remotecontrol)
69 * - corrected poll for write direction (missing negation)
70 * 2004-04-22 - 0.94 Juergen Stuber <starblue@users.sourceforge.net>
71 * - make device locking interruptible
72 * 2004-04-30 - 0.95 Juergen Stuber <starblue@users.sourceforge.net>
73 * - check for valid udev on resubmitting and unlinking urbs
74 * 2004-08-03 - 0.96 Juergen Stuber <starblue@users.sourceforge.net>
75 * - move reset into open to clean out spurious data
76 */
77
78 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
79
80 #include <linux/kernel.h>
81 #include <linux/errno.h>
82 #include <linux/slab.h>
83 #include <linux/module.h>
84 #include <linux/completion.h>
85 #include <linux/mutex.h>
86 #include <asm/uaccess.h>
87 #include <linux/usb.h>
88 #include <linux/poll.h>
89
90
91 /* Version Information */
92 #define DRIVER_VERSION "v0.96"
93 #define DRIVER_AUTHOR "Juergen Stuber <starblue@sourceforge.net>"
94 #define DRIVER_DESC "LEGO USB Tower Driver"
95
96
97 /* The defaults are chosen to work with the latest versions of leJOS and NQC.
98 */
99
100 /* Some legacy software likes to receive packets in one piece.
101 * In this case read_buffer_size should exceed the maximal packet length
102 * (417 for datalog uploads), and packet_timeout should be set.
103 */
104 static int read_buffer_size = 480;
105 module_param(read_buffer_size, int, 0);
106 MODULE_PARM_DESC(read_buffer_size, "Read buffer size");
107
108 /* Some legacy software likes to send packets in one piece.
109 * In this case write_buffer_size should exceed the maximal packet length
110 * (417 for firmware and program downloads).
111 * A problem with long writes is that the following read may time out
112 * if the software is not prepared to wait long enough.
113 */
114 static int write_buffer_size = 480;
115 module_param(write_buffer_size, int, 0);
116 MODULE_PARM_DESC(write_buffer_size, "Write buffer size");
117
118 /* Some legacy software expects reads to contain whole LASM packets.
119 * To achieve this, characters which arrive before a packet timeout
120 * occurs will be returned in a single read operation.
121 * A problem with long reads is that the software may time out
122 * if it is not prepared to wait long enough.
123 * The packet timeout should be greater than the time between the
124 * reception of subsequent characters, which should arrive about
125 * every 5ms for the standard 2400 baud.
126 * Set it to 0 to disable.
127 */
128 static int packet_timeout = 50;
129 module_param(packet_timeout, int, 0);
130 MODULE_PARM_DESC(packet_timeout, "Packet timeout in ms");
131
132 /* Some legacy software expects blocking reads to time out.
133 * Timeout occurs after the specified time of read and write inactivity.
134 * Set it to 0 to disable.
135 */
136 static int read_timeout = 200;
137 module_param(read_timeout, int, 0);
138 MODULE_PARM_DESC(read_timeout, "Read timeout in ms");
139
140 /* As of kernel version 2.6.4 ehci-hcd uses an
141 * "only one interrupt transfer per frame" shortcut
142 * to simplify the scheduling of periodic transfers.
143 * This conflicts with our standard 1ms intervals for in and out URBs.
144 * We use default intervals of 2ms for in and 8ms for out transfers,
145 * which is fast enough for 2400 baud and allows a small additional load.
146 * Increase the interval to allow more devices that do interrupt transfers,
147 * or set to 0 to use the standard interval from the endpoint descriptors.
148 */
149 static int interrupt_in_interval = 2;
150 module_param(interrupt_in_interval, int, 0);
151 MODULE_PARM_DESC(interrupt_in_interval, "Interrupt in interval in ms");
152
153 static int interrupt_out_interval = 8;
154 module_param(interrupt_out_interval, int, 0);
155 MODULE_PARM_DESC(interrupt_out_interval, "Interrupt out interval in ms");
156
157 /* Define these values to match your device */
158 #define LEGO_USB_TOWER_VENDOR_ID 0x0694
159 #define LEGO_USB_TOWER_PRODUCT_ID 0x0001
160
161 /* Vendor requests */
162 #define LEGO_USB_TOWER_REQUEST_RESET 0x04
163 #define LEGO_USB_TOWER_REQUEST_GET_VERSION 0xFD
164
165 struct tower_reset_reply {
166 __le16 size; /* little-endian */
167 __u8 err_code;
168 __u8 spare;
169 } __attribute__ ((packed));
170
171 struct tower_get_version_reply {
172 __le16 size; /* little-endian */
173 __u8 err_code;
174 __u8 spare;
175 __u8 major;
176 __u8 minor;
177 __le16 build_no; /* little-endian */
178 } __attribute__ ((packed));
179
180
181 /* table of devices that work with this driver */
182 static const struct usb_device_id tower_table[] = {
183 { USB_DEVICE(LEGO_USB_TOWER_VENDOR_ID, LEGO_USB_TOWER_PRODUCT_ID) },
184 { } /* Terminating entry */
185 };
186
187 MODULE_DEVICE_TABLE (usb, tower_table);
188
189 #define LEGO_USB_TOWER_MINOR_BASE 160
190
191
192 /* Structure to hold all of our device specific stuff */
193 struct lego_usb_tower {
194 struct mutex lock; /* locks this structure */
195 struct usb_device* udev; /* save off the usb device pointer */
196 unsigned char minor; /* the starting minor number for this device */
197
198 int open_count; /* number of times this port has been opened */
199 unsigned long disconnected:1;
200
201 char* read_buffer;
202 size_t read_buffer_length; /* this much came in */
203 size_t read_packet_length; /* this much will be returned on read */
204 spinlock_t read_buffer_lock;
205 int packet_timeout_jiffies;
206 unsigned long read_last_arrival;
207
208 wait_queue_head_t read_wait;
209 wait_queue_head_t write_wait;
210
211 char* interrupt_in_buffer;
212 struct usb_endpoint_descriptor* interrupt_in_endpoint;
213 struct urb* interrupt_in_urb;
214 int interrupt_in_interval;
215 int interrupt_in_running;
216 int interrupt_in_done;
217
218 char* interrupt_out_buffer;
219 struct usb_endpoint_descriptor* interrupt_out_endpoint;
220 struct urb* interrupt_out_urb;
221 int interrupt_out_interval;
222 int interrupt_out_busy;
223
224 };
225
226
227 /* local function prototypes */
228 static ssize_t tower_read (struct file *file, char __user *buffer, size_t count, loff_t *ppos);
229 static ssize_t tower_write (struct file *file, const char __user *buffer, size_t count, loff_t *ppos);
230 static inline void tower_delete (struct lego_usb_tower *dev);
231 static int tower_open (struct inode *inode, struct file *file);
232 static int tower_release (struct inode *inode, struct file *file);
233 static unsigned int tower_poll (struct file *file, poll_table *wait);
234 static loff_t tower_llseek (struct file *file, loff_t off, int whence);
235
236 static void tower_abort_transfers (struct lego_usb_tower *dev);
237 static void tower_check_for_read_packet (struct lego_usb_tower *dev);
238 static void tower_interrupt_in_callback (struct urb *urb);
239 static void tower_interrupt_out_callback (struct urb *urb);
240
241 static int tower_probe (struct usb_interface *interface, const struct usb_device_id *id);
242 static void tower_disconnect (struct usb_interface *interface);
243
244
245 /* file operations needed when we register this driver */
246 static const struct file_operations tower_fops = {
247 .owner = THIS_MODULE,
248 .read = tower_read,
249 .write = tower_write,
250 .open = tower_open,
251 .release = tower_release,
252 .poll = tower_poll,
253 .llseek = tower_llseek,
254 };
255
256 static char *legousbtower_devnode(struct device *dev, umode_t *mode)
257 {
258 return kasprintf(GFP_KERNEL, "usb/%s", dev_name(dev));
259 }
260
261 /*
262 * usb class driver info in order to get a minor number from the usb core,
263 * and to have the device registered with the driver core
264 */
265 static struct usb_class_driver tower_class = {
266 .name = "legousbtower%d",
267 .devnode = legousbtower_devnode,
268 .fops = &tower_fops,
269 .minor_base = LEGO_USB_TOWER_MINOR_BASE,
270 };
271
272
273 /* usb specific object needed to register this driver with the usb subsystem */
274 static struct usb_driver tower_driver = {
275 .name = "legousbtower",
276 .probe = tower_probe,
277 .disconnect = tower_disconnect,
278 .id_table = tower_table,
279 };
280
281
282 /**
283 * lego_usb_tower_debug_data
284 */
285 static inline void lego_usb_tower_debug_data(struct device *dev,
286 const char *function, int size,
287 const unsigned char *data)
288 {
289 dev_dbg(dev, "%s - length = %d, data = %*ph\n",
290 function, size, size, data);
291 }
292
293
294 /**
295 * tower_delete
296 */
297 static inline void tower_delete (struct lego_usb_tower *dev)
298 {
299 /* free data structures */
300 usb_free_urb(dev->interrupt_in_urb);
301 usb_free_urb(dev->interrupt_out_urb);
302 kfree (dev->read_buffer);
303 kfree (dev->interrupt_in_buffer);
304 kfree (dev->interrupt_out_buffer);
305 kfree (dev);
306 }
307
308
309 /**
310 * tower_open
311 */
312 static int tower_open (struct inode *inode, struct file *file)
313 {
314 struct lego_usb_tower *dev = NULL;
315 int subminor;
316 int retval = 0;
317 struct usb_interface *interface;
318 struct tower_reset_reply *reset_reply;
319 int result;
320
321 reset_reply = kmalloc(sizeof(*reset_reply), GFP_KERNEL);
322
323 if (!reset_reply) {
324 retval = -ENOMEM;
325 goto exit;
326 }
327
328 nonseekable_open(inode, file);
329 subminor = iminor(inode);
330
331 interface = usb_find_interface (&tower_driver, subminor);
332
333 if (!interface) {
334 pr_err("error, can't find device for minor %d\n", subminor);
335 retval = -ENODEV;
336 goto exit;
337 }
338
339 dev = usb_get_intfdata(interface);
340 if (!dev) {
341 retval = -ENODEV;
342 goto exit;
343 }
344
345 /* lock this device */
346 if (mutex_lock_interruptible(&dev->lock)) {
347 retval = -ERESTARTSYS;
348 goto exit;
349 }
350
351
352 /* allow opening only once */
353 if (dev->open_count) {
354 retval = -EBUSY;
355 goto unlock_exit;
356 }
357 dev->open_count = 1;
358
359 /* reset the tower */
360 result = usb_control_msg (dev->udev,
361 usb_rcvctrlpipe(dev->udev, 0),
362 LEGO_USB_TOWER_REQUEST_RESET,
363 USB_TYPE_VENDOR | USB_DIR_IN | USB_RECIP_DEVICE,
364 0,
365 0,
366 reset_reply,
367 sizeof(*reset_reply),
368 1000);
369 if (result < 0) {
370 dev_err(&dev->udev->dev,
371 "LEGO USB Tower reset control request failed\n");
372 retval = result;
373 goto unlock_exit;
374 }
375
376 /* initialize in direction */
377 dev->read_buffer_length = 0;
378 dev->read_packet_length = 0;
379 usb_fill_int_urb (dev->interrupt_in_urb,
380 dev->udev,
381 usb_rcvintpipe(dev->udev, dev->interrupt_in_endpoint->bEndpointAddress),
382 dev->interrupt_in_buffer,
383 usb_endpoint_maxp(dev->interrupt_in_endpoint),
384 tower_interrupt_in_callback,
385 dev,
386 dev->interrupt_in_interval);
387
388 dev->interrupt_in_running = 1;
389 dev->interrupt_in_done = 0;
390 mb();
391
392 retval = usb_submit_urb (dev->interrupt_in_urb, GFP_KERNEL);
393 if (retval) {
394 dev_err(&dev->udev->dev,
395 "Couldn't submit interrupt_in_urb %d\n", retval);
396 dev->interrupt_in_running = 0;
397 dev->open_count = 0;
398 goto unlock_exit;
399 }
400
401 /* save device in the file's private structure */
402 file->private_data = dev;
403
404 unlock_exit:
405 mutex_unlock(&dev->lock);
406
407 exit:
408 kfree(reset_reply);
409 return retval;
410 }
411
412 /**
413 * tower_release
414 */
415 static int tower_release (struct inode *inode, struct file *file)
416 {
417 struct lego_usb_tower *dev;
418 int retval = 0;
419
420 dev = file->private_data;
421
422 if (dev == NULL) {
423 retval = -ENODEV;
424 goto exit;
425 }
426
427 if (mutex_lock_interruptible(&dev->lock)) {
428 retval = -ERESTARTSYS;
429 goto exit;
430 }
431
432 if (dev->open_count != 1) {
433 dev_dbg(&dev->udev->dev, "%s: device not opened exactly once\n",
434 __func__);
435 retval = -ENODEV;
436 goto unlock_exit;
437 }
438
439 if (dev->disconnected) {
440 /* the device was unplugged before the file was released */
441
442 /* unlock here as tower_delete frees dev */
443 mutex_unlock(&dev->lock);
444 tower_delete (dev);
445 goto exit;
446 }
447
448 /* wait until write transfer is finished */
449 if (dev->interrupt_out_busy) {
450 wait_event_interruptible_timeout (dev->write_wait, !dev->interrupt_out_busy, 2 * HZ);
451 }
452 tower_abort_transfers (dev);
453 dev->open_count = 0;
454
455 unlock_exit:
456 mutex_unlock(&dev->lock);
457 exit:
458 return retval;
459 }
460
461
462 /**
463 * tower_abort_transfers
464 * aborts transfers and frees associated data structures
465 */
466 static void tower_abort_transfers (struct lego_usb_tower *dev)
467 {
468 if (dev == NULL)
469 return;
470
471 /* shutdown transfer */
472 if (dev->interrupt_in_running) {
473 dev->interrupt_in_running = 0;
474 mb();
475 usb_kill_urb(dev->interrupt_in_urb);
476 }
477 if (dev->interrupt_out_busy)
478 usb_kill_urb(dev->interrupt_out_urb);
479 }
480
481
482 /**
483 * tower_check_for_read_packet
484 *
485 * To get correct semantics for signals and non-blocking I/O
486 * with packetizing we pretend not to see any data in the read buffer
487 * until it has been there unchanged for at least
488 * dev->packet_timeout_jiffies, or until the buffer is full.
489 */
490 static void tower_check_for_read_packet (struct lego_usb_tower *dev)
491 {
492 spin_lock_irq (&dev->read_buffer_lock);
493 if (!packet_timeout
494 || time_after(jiffies, dev->read_last_arrival + dev->packet_timeout_jiffies)
495 || dev->read_buffer_length == read_buffer_size) {
496 dev->read_packet_length = dev->read_buffer_length;
497 }
498 dev->interrupt_in_done = 0;
499 spin_unlock_irq (&dev->read_buffer_lock);
500 }
501
502
503 /**
504 * tower_poll
505 */
506 static unsigned int tower_poll (struct file *file, poll_table *wait)
507 {
508 struct lego_usb_tower *dev;
509 unsigned int mask = 0;
510
511 dev = file->private_data;
512
513 if (dev->disconnected)
514 return POLLERR | POLLHUP;
515
516 poll_wait(file, &dev->read_wait, wait);
517 poll_wait(file, &dev->write_wait, wait);
518
519 tower_check_for_read_packet(dev);
520 if (dev->read_packet_length > 0) {
521 mask |= POLLIN | POLLRDNORM;
522 }
523 if (!dev->interrupt_out_busy) {
524 mask |= POLLOUT | POLLWRNORM;
525 }
526
527 return mask;
528 }
529
530
531 /**
532 * tower_llseek
533 */
534 static loff_t tower_llseek (struct file *file, loff_t off, int whence)
535 {
536 return -ESPIPE; /* unseekable */
537 }
538
539
540 /**
541 * tower_read
542 */
543 static ssize_t tower_read (struct file *file, char __user *buffer, size_t count, loff_t *ppos)
544 {
545 struct lego_usb_tower *dev;
546 size_t bytes_to_read;
547 int i;
548 int retval = 0;
549 unsigned long timeout = 0;
550
551 dev = file->private_data;
552
553 /* lock this object */
554 if (mutex_lock_interruptible(&dev->lock)) {
555 retval = -ERESTARTSYS;
556 goto exit;
557 }
558
559 /* verify that the device wasn't unplugged */
560 if (dev->disconnected) {
561 retval = -ENODEV;
562 pr_err("No device or device unplugged %d\n", retval);
563 goto unlock_exit;
564 }
565
566 /* verify that we actually have some data to read */
567 if (count == 0) {
568 dev_dbg(&dev->udev->dev, "read request of 0 bytes\n");
569 goto unlock_exit;
570 }
571
572 if (read_timeout) {
573 timeout = jiffies + msecs_to_jiffies(read_timeout);
574 }
575
576 /* wait for data */
577 tower_check_for_read_packet (dev);
578 while (dev->read_packet_length == 0) {
579 if (file->f_flags & O_NONBLOCK) {
580 retval = -EAGAIN;
581 goto unlock_exit;
582 }
583 retval = wait_event_interruptible_timeout(dev->read_wait, dev->interrupt_in_done, dev->packet_timeout_jiffies);
584 if (retval < 0) {
585 goto unlock_exit;
586 }
587
588 /* reset read timeout during read or write activity */
589 if (read_timeout
590 && (dev->read_buffer_length || dev->interrupt_out_busy)) {
591 timeout = jiffies + msecs_to_jiffies(read_timeout);
592 }
593 /* check for read timeout */
594 if (read_timeout && time_after (jiffies, timeout)) {
595 retval = -ETIMEDOUT;
596 goto unlock_exit;
597 }
598 tower_check_for_read_packet (dev);
599 }
600
601 /* copy the data from read_buffer into userspace */
602 bytes_to_read = min(count, dev->read_packet_length);
603
604 if (copy_to_user (buffer, dev->read_buffer, bytes_to_read)) {
605 retval = -EFAULT;
606 goto unlock_exit;
607 }
608
609 spin_lock_irq (&dev->read_buffer_lock);
610 dev->read_buffer_length -= bytes_to_read;
611 dev->read_packet_length -= bytes_to_read;
612 for (i=0; i<dev->read_buffer_length; i++) {
613 dev->read_buffer[i] = dev->read_buffer[i+bytes_to_read];
614 }
615 spin_unlock_irq (&dev->read_buffer_lock);
616
617 retval = bytes_to_read;
618
619 unlock_exit:
620 /* unlock the device */
621 mutex_unlock(&dev->lock);
622
623 exit:
624 return retval;
625 }
626
627
628 /**
629 * tower_write
630 */
631 static ssize_t tower_write (struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
632 {
633 struct lego_usb_tower *dev;
634 size_t bytes_to_write;
635 int retval = 0;
636
637 dev = file->private_data;
638
639 /* lock this object */
640 if (mutex_lock_interruptible(&dev->lock)) {
641 retval = -ERESTARTSYS;
642 goto exit;
643 }
644
645 /* verify that the device wasn't unplugged */
646 if (dev->disconnected) {
647 retval = -ENODEV;
648 pr_err("No device or device unplugged %d\n", retval);
649 goto unlock_exit;
650 }
651
652 /* verify that we actually have some data to write */
653 if (count == 0) {
654 dev_dbg(&dev->udev->dev, "write request of 0 bytes\n");
655 goto unlock_exit;
656 }
657
658 /* wait until previous transfer is finished */
659 while (dev->interrupt_out_busy) {
660 if (file->f_flags & O_NONBLOCK) {
661 retval = -EAGAIN;
662 goto unlock_exit;
663 }
664 retval = wait_event_interruptible (dev->write_wait, !dev->interrupt_out_busy);
665 if (retval) {
666 goto unlock_exit;
667 }
668 }
669
670 /* write the data into interrupt_out_buffer from userspace */
671 bytes_to_write = min_t(int, count, write_buffer_size);
672 dev_dbg(&dev->udev->dev, "%s: count = %Zd, bytes_to_write = %Zd\n",
673 __func__, count, bytes_to_write);
674
675 if (copy_from_user (dev->interrupt_out_buffer, buffer, bytes_to_write)) {
676 retval = -EFAULT;
677 goto unlock_exit;
678 }
679
680 /* send off the urb */
681 usb_fill_int_urb(dev->interrupt_out_urb,
682 dev->udev,
683 usb_sndintpipe(dev->udev, dev->interrupt_out_endpoint->bEndpointAddress),
684 dev->interrupt_out_buffer,
685 bytes_to_write,
686 tower_interrupt_out_callback,
687 dev,
688 dev->interrupt_out_interval);
689
690 dev->interrupt_out_busy = 1;
691 wmb();
692
693 retval = usb_submit_urb (dev->interrupt_out_urb, GFP_KERNEL);
694 if (retval) {
695 dev->interrupt_out_busy = 0;
696 dev_err(&dev->udev->dev,
697 "Couldn't submit interrupt_out_urb %d\n", retval);
698 goto unlock_exit;
699 }
700 retval = bytes_to_write;
701
702 unlock_exit:
703 /* unlock the device */
704 mutex_unlock(&dev->lock);
705
706 exit:
707 return retval;
708 }
709
710
711 /**
712 * tower_interrupt_in_callback
713 */
714 static void tower_interrupt_in_callback (struct urb *urb)
715 {
716 struct lego_usb_tower *dev = urb->context;
717 int status = urb->status;
718 int retval;
719
720 lego_usb_tower_debug_data(&dev->udev->dev, __func__,
721 urb->actual_length, urb->transfer_buffer);
722
723 if (status) {
724 if (status == -ENOENT ||
725 status == -ECONNRESET ||
726 status == -ESHUTDOWN) {
727 goto exit;
728 } else {
729 dev_dbg(&dev->udev->dev,
730 "%s: nonzero status received: %d\n", __func__,
731 status);
732 goto resubmit; /* maybe we can recover */
733 }
734 }
735
736 if (urb->actual_length > 0) {
737 spin_lock (&dev->read_buffer_lock);
738 if (dev->read_buffer_length + urb->actual_length < read_buffer_size) {
739 memcpy (dev->read_buffer + dev->read_buffer_length,
740 dev->interrupt_in_buffer,
741 urb->actual_length);
742 dev->read_buffer_length += urb->actual_length;
743 dev->read_last_arrival = jiffies;
744 dev_dbg(&dev->udev->dev, "%s: received %d bytes\n",
745 __func__, urb->actual_length);
746 } else {
747 pr_warn("read_buffer overflow, %d bytes dropped\n",
748 urb->actual_length);
749 }
750 spin_unlock (&dev->read_buffer_lock);
751 }
752
753 resubmit:
754 /* resubmit if we're still running */
755 if (dev->interrupt_in_running) {
756 retval = usb_submit_urb (dev->interrupt_in_urb, GFP_ATOMIC);
757 if (retval)
758 dev_err(&dev->udev->dev,
759 "%s: usb_submit_urb failed (%d)\n",
760 __func__, retval);
761 }
762
763 exit:
764 dev->interrupt_in_done = 1;
765 wake_up_interruptible (&dev->read_wait);
766 }
767
768
769 /**
770 * tower_interrupt_out_callback
771 */
772 static void tower_interrupt_out_callback (struct urb *urb)
773 {
774 struct lego_usb_tower *dev = urb->context;
775 int status = urb->status;
776
777 lego_usb_tower_debug_data(&dev->udev->dev, __func__,
778 urb->actual_length, urb->transfer_buffer);
779
780 /* sync/async unlink faults aren't errors */
781 if (status && !(status == -ENOENT ||
782 status == -ECONNRESET ||
783 status == -ESHUTDOWN)) {
784 dev_dbg(&dev->udev->dev,
785 "%s: nonzero write bulk status received: %d\n", __func__,
786 status);
787 }
788
789 dev->interrupt_out_busy = 0;
790 wake_up_interruptible(&dev->write_wait);
791 }
792
793
794 /**
795 * tower_probe
796 *
797 * Called by the usb core when a new device is connected that it thinks
798 * this driver might be interested in.
799 */
800 static int tower_probe (struct usb_interface *interface, const struct usb_device_id *id)
801 {
802 struct device *idev = &interface->dev;
803 struct usb_device *udev = interface_to_usbdev(interface);
804 struct lego_usb_tower *dev = NULL;
805 struct usb_host_interface *iface_desc;
806 struct usb_endpoint_descriptor* endpoint;
807 struct tower_get_version_reply *get_version_reply = NULL;
808 int i;
809 int retval = -ENOMEM;
810 int result;
811
812 /* allocate memory for our device state and initialize it */
813
814 dev = kmalloc (sizeof(struct lego_usb_tower), GFP_KERNEL);
815
816 if (!dev)
817 goto exit;
818
819 mutex_init(&dev->lock);
820
821 dev->udev = udev;
822 dev->open_count = 0;
823 dev->disconnected = 0;
824
825 dev->read_buffer = NULL;
826 dev->read_buffer_length = 0;
827 dev->read_packet_length = 0;
828 spin_lock_init (&dev->read_buffer_lock);
829 dev->packet_timeout_jiffies = msecs_to_jiffies(packet_timeout);
830 dev->read_last_arrival = jiffies;
831
832 init_waitqueue_head (&dev->read_wait);
833 init_waitqueue_head (&dev->write_wait);
834
835 dev->interrupt_in_buffer = NULL;
836 dev->interrupt_in_endpoint = NULL;
837 dev->interrupt_in_urb = NULL;
838 dev->interrupt_in_running = 0;
839 dev->interrupt_in_done = 0;
840
841 dev->interrupt_out_buffer = NULL;
842 dev->interrupt_out_endpoint = NULL;
843 dev->interrupt_out_urb = NULL;
844 dev->interrupt_out_busy = 0;
845
846 iface_desc = interface->cur_altsetting;
847
848 /* set up the endpoint information */
849 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
850 endpoint = &iface_desc->endpoint[i].desc;
851
852 if (usb_endpoint_xfer_int(endpoint)) {
853 if (usb_endpoint_dir_in(endpoint))
854 dev->interrupt_in_endpoint = endpoint;
855 else
856 dev->interrupt_out_endpoint = endpoint;
857 }
858 }
859 if(dev->interrupt_in_endpoint == NULL) {
860 dev_err(idev, "interrupt in endpoint not found\n");
861 goto error;
862 }
863 if (dev->interrupt_out_endpoint == NULL) {
864 dev_err(idev, "interrupt out endpoint not found\n");
865 goto error;
866 }
867
868 dev->read_buffer = kmalloc (read_buffer_size, GFP_KERNEL);
869 if (!dev->read_buffer)
870 goto error;
871 dev->interrupt_in_buffer = kmalloc (usb_endpoint_maxp(dev->interrupt_in_endpoint), GFP_KERNEL);
872 if (!dev->interrupt_in_buffer)
873 goto error;
874 dev->interrupt_in_urb = usb_alloc_urb(0, GFP_KERNEL);
875 if (!dev->interrupt_in_urb)
876 goto error;
877 dev->interrupt_out_buffer = kmalloc (write_buffer_size, GFP_KERNEL);
878 if (!dev->interrupt_out_buffer)
879 goto error;
880 dev->interrupt_out_urb = usb_alloc_urb(0, GFP_KERNEL);
881 if (!dev->interrupt_out_urb)
882 goto error;
883 dev->interrupt_in_interval = interrupt_in_interval ? interrupt_in_interval : dev->interrupt_in_endpoint->bInterval;
884 dev->interrupt_out_interval = interrupt_out_interval ? interrupt_out_interval : dev->interrupt_out_endpoint->bInterval;
885
886 get_version_reply = kmalloc(sizeof(*get_version_reply), GFP_KERNEL);
887
888 if (!get_version_reply) {
889 retval = -ENOMEM;
890 goto error;
891 }
892
893 /* get the firmware version and log it */
894 result = usb_control_msg (udev,
895 usb_rcvctrlpipe(udev, 0),
896 LEGO_USB_TOWER_REQUEST_GET_VERSION,
897 USB_TYPE_VENDOR | USB_DIR_IN | USB_RECIP_DEVICE,
898 0,
899 0,
900 get_version_reply,
901 sizeof(*get_version_reply),
902 1000);
903 if (result < sizeof(*get_version_reply)) {
904 if (result >= 0)
905 result = -EIO;
906 dev_err(idev, "get version request failed: %d\n", result);
907 retval = result;
908 goto error;
909 }
910 dev_info(&interface->dev,
911 "LEGO USB Tower firmware version is %d.%d build %d\n",
912 get_version_reply->major,
913 get_version_reply->minor,
914 le16_to_cpu(get_version_reply->build_no));
915
916 /* we can register the device now, as it is ready */
917 usb_set_intfdata (interface, dev);
918
919 retval = usb_register_dev (interface, &tower_class);
920
921 if (retval) {
922 /* something prevented us from registering this driver */
923 dev_err(idev, "Not able to get a minor for this device.\n");
924 goto error;
925 }
926 dev->minor = interface->minor;
927
928 /* let the user know what node this device is now attached to */
929 dev_info(&interface->dev, "LEGO USB Tower #%d now attached to major "
930 "%d minor %d\n", (dev->minor - LEGO_USB_TOWER_MINOR_BASE),
931 USB_MAJOR, dev->minor);
932
933 exit:
934 kfree(get_version_reply);
935 return retval;
936
937 error:
938 kfree(get_version_reply);
939 tower_delete(dev);
940 return retval;
941 }
942
943
944 /**
945 * tower_disconnect
946 *
947 * Called by the usb core when the device is removed from the system.
948 */
949 static void tower_disconnect (struct usb_interface *interface)
950 {
951 struct lego_usb_tower *dev;
952 int minor;
953
954 dev = usb_get_intfdata (interface);
955
956 minor = dev->minor;
957
958 /* give back our minor and prevent further open() */
959 usb_deregister_dev (interface, &tower_class);
960
961 /* stop I/O */
962 usb_poison_urb(dev->interrupt_in_urb);
963 usb_poison_urb(dev->interrupt_out_urb);
964
965 mutex_lock(&dev->lock);
966
967 /* if the device is not opened, then we clean up right now */
968 if (!dev->open_count) {
969 mutex_unlock(&dev->lock);
970 tower_delete (dev);
971 } else {
972 dev->disconnected = 1;
973 /* wake up pollers */
974 wake_up_interruptible_all(&dev->read_wait);
975 wake_up_interruptible_all(&dev->write_wait);
976 mutex_unlock(&dev->lock);
977 }
978
979 dev_info(&interface->dev, "LEGO USB Tower #%d now disconnected\n",
980 (minor - LEGO_USB_TOWER_MINOR_BASE));
981 }
982
983 module_usb_driver(tower_driver);
984
985 MODULE_AUTHOR(DRIVER_AUTHOR);
986 MODULE_DESCRIPTION(DRIVER_DESC);
987 #ifdef MODULE_LICENSE
988 MODULE_LICENSE("GPL");
989 #endif
Linux with added FPC-III support