xref: /dragonfly/sys/bus/u4b/usb_generic.c (revision 2b3f93ea6d1f70880f3e87f3c2cbe0dc0bfc9332)
1 /* $FreeBSD: head/sys/dev/usb/usb_generic.c 277417 2015-01-20 11:43:16Z hselasky $ */
2 /*-
3  * Copyright (c) 2008 Hans Petter Selasky. All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #include <sys/stdint.h>
28 #include <sys/param.h>
29 #include <sys/queue.h>
30 #include <sys/types.h>
31 #include <sys/systm.h>
32 #include <sys/kernel.h>
33 #include <sys/bus.h>
34 #include <sys/module.h>
35 #include <sys/lock.h>
36 #include <sys/condvar.h>
37 #include <sys/sysctl.h>
38 #include <sys/unistd.h>
39 #include <sys/callout.h>
40 #include <sys/malloc.h>
41 #include <sys/caps.h>
42 #include <sys/conf.h>
43 #include <sys/fcntl.h>
44 
45 #include <bus/u4b/usb.h>
46 #include <bus/u4b/usb_ioctl.h>
47 #include <bus/u4b/usbdi.h>
48 #include <bus/u4b/usbdi_util.h>
49 
50 #define   USB_DEBUG_VAR ugen_debug
51 
52 #include <bus/u4b/usb_core.h>
53 #include <bus/u4b/usb_dev.h>
54 #include <bus/u4b/usb_mbuf.h>
55 #include <bus/u4b/usb_process.h>
56 #include <bus/u4b/usb_device.h>
57 #include <bus/u4b/usb_debug.h>
58 #include <bus/u4b/usb_request.h>
59 #include <bus/u4b/usb_busdma.h>
60 #include <bus/u4b/usb_util.h>
61 #include <bus/u4b/usb_hub.h>
62 #include <bus/u4b/usb_generic.h>
63 #include <bus/u4b/usb_transfer.h>
64 
65 #include <bus/u4b/usb_controller.h>
66 #include <bus/u4b/usb_bus.h>
67 
68 #if USB_HAVE_UGEN
69 
70 /* defines */
71 
72 #define   UGEN_BULK_FS_BUFFER_SIZE      (64*32)   /* bytes */
73 #define   UGEN_BULK_HS_BUFFER_SIZE      (1024*32) /* bytes */
74 #define   UGEN_HW_FRAMES      50                  /* number of milliseconds per transfer */
75 
76 /* function prototypes */
77 
78 static usb_callback_t ugen_read_clear_stall_callback;
79 static usb_callback_t ugen_write_clear_stall_callback;
80 static usb_callback_t ugen_ctrl_read_callback;
81 static usb_callback_t ugen_ctrl_write_callback;
82 static usb_callback_t ugen_isoc_read_callback;
83 static usb_callback_t ugen_isoc_write_callback;
84 static usb_callback_t ugen_ctrl_fs_callback;
85 
86 static usb_fifo_open_t ugen_open;
87 static usb_fifo_close_t ugen_close;
88 static usb_fifo_ioctl_t ugen_ioctl;
89 static usb_fifo_ioctl_t ugen_ioctl_post;
90 static usb_fifo_cmd_t ugen_start_read;
91 static usb_fifo_cmd_t ugen_start_write;
92 static usb_fifo_cmd_t ugen_stop_io;
93 
94 static int          ugen_transfer_setup(struct usb_fifo *,
95                          const struct usb_config *, uint8_t);
96 static int          ugen_open_pipe_write(struct usb_fifo *);
97 static int          ugen_open_pipe_read(struct usb_fifo *);
98 static int          ugen_set_config(struct usb_fifo *, uint8_t);
99 static int          ugen_set_interface(struct usb_fifo *, uint8_t, uint8_t);
100 static int          ugen_get_cdesc(struct usb_fifo *, struct usb_gen_descriptor *);
101 static int          ugen_get_sdesc(struct usb_fifo *, struct usb_gen_descriptor *);
102 static int          ugen_get_iface_driver(struct usb_fifo *f, struct usb_gen_descriptor *ugd);
103 static int          usb_gen_fill_deviceinfo(struct usb_fifo *,
104                         struct usb_device_info *);
105 static int          ugen_re_enumerate(struct usb_fifo *);
106 static int          ugen_iface_ioctl(struct usb_fifo *, u_long, void *, int);
107 static uint8_t      ugen_fs_get_complete(struct usb_fifo *, uint8_t *);
108 static int          ugen_fs_uninit(struct usb_fifo *f);
109 
110 /* structures */
111 
112 struct usb_fifo_methods usb_ugen_methods = {
113           .f_open = &ugen_open,
114           .f_close = &ugen_close,
115           .f_ioctl = &ugen_ioctl,
116           .f_ioctl_post = &ugen_ioctl_post,
117           .f_start_read = &ugen_start_read,
118           .f_stop_read = &ugen_stop_io,
119           .f_start_write = &ugen_start_write,
120           .f_stop_write = &ugen_stop_io,
121 };
122 
123 #ifdef USB_DEBUG
124 static int ugen_debug = 0;
125 
126 static SYSCTL_NODE(_hw_usb, OID_AUTO, ugen, CTLFLAG_RW, 0, "USB generic");
127 SYSCTL_INT(_hw_usb_ugen, OID_AUTO, debug, CTLFLAG_RW, &ugen_debug,
128     0, "Debug level");
129 
130 TUNABLE_INT("hw.usb.ugen.debug", &ugen_debug);
131 #endif
132 
133 
134 /* prototypes */
135 
136 static int
ugen_transfer_setup(struct usb_fifo * f,const struct usb_config * setup,uint8_t n_setup)137 ugen_transfer_setup(struct usb_fifo *f,
138     const struct usb_config *setup, uint8_t n_setup)
139 {
140           struct usb_endpoint *ep = usb_fifo_softc(f);
141           struct usb_device *udev = f->udev;
142           uint8_t iface_index = ep->iface_index;
143           int error;
144 
145           lockmgr(f->priv_lock, LK_RELEASE);
146 
147           /*
148            * "usbd_transfer_setup()" can sleep so one needs to make a wrapper,
149            * exiting the mutex and checking things
150            */
151           error = usbd_transfer_setup(udev, &iface_index, f->xfer,
152               setup, n_setup, f, f->priv_lock);
153           if (error == 0) {
154 
155                     if (f->xfer[0]->nframes == 1) {
156                               error = usb_fifo_alloc_buffer(f,
157                                   f->xfer[0]->max_data_length, 2);
158                     } else {
159                               error = usb_fifo_alloc_buffer(f,
160                                   f->xfer[0]->max_frame_size,
161                                   2 * f->xfer[0]->nframes);
162                     }
163                     if (error) {
164                               usbd_transfer_unsetup(f->xfer, n_setup);
165                     }
166           }
167           lockmgr(f->priv_lock, LK_EXCLUSIVE);
168 
169           return (error);
170 }
171 
172 static int
ugen_open(struct usb_fifo * f,int fflags)173 ugen_open(struct usb_fifo *f, int fflags)
174 {
175           struct usb_endpoint *ep = usb_fifo_softc(f);
176           struct usb_endpoint_descriptor *ed = ep->edesc;
177           uint8_t type;
178 
179           DPRINTFN(6, "flag=0x%x\n", fflags);
180 
181           lockmgr(f->priv_lock, LK_EXCLUSIVE);
182           switch (usbd_get_speed(f->udev)) {
183           case USB_SPEED_LOW:
184           case USB_SPEED_FULL:
185                     f->nframes = UGEN_HW_FRAMES;
186                     f->bufsize = UGEN_BULK_FS_BUFFER_SIZE;
187                     break;
188           default:
189                     f->nframes = UGEN_HW_FRAMES * 8;
190                     f->bufsize = UGEN_BULK_HS_BUFFER_SIZE;
191                     break;
192           }
193 
194           type = ed->bmAttributes & UE_XFERTYPE;
195           if (type == UE_INTERRUPT) {
196                     f->bufsize = 0;               /* use "wMaxPacketSize" */
197           }
198           f->timeout = USB_NO_TIMEOUT;
199           f->flag_short = 0;
200           f->fifo_zlp = 0;
201           lockmgr(f->priv_lock, LK_RELEASE);
202 
203           return (0);
204 }
205 
206 static void
ugen_close(struct usb_fifo * f,int fflags)207 ugen_close(struct usb_fifo *f, int fflags)
208 {
209           DPRINTFN(6, "flag=0x%x\n", fflags);
210 
211           /* cleanup */
212 
213           lockmgr(f->priv_lock, LK_EXCLUSIVE);
214           usbd_transfer_stop(f->xfer[0]);
215           usbd_transfer_stop(f->xfer[1]);
216           lockmgr(f->priv_lock, LK_RELEASE);
217 
218           usbd_transfer_unsetup(f->xfer, 2);
219           usb_fifo_free_buffer(f);
220 
221           if (ugen_fs_uninit(f)) {
222                     /* ignore any errors - we are closing */
223                     DPRINTFN(6, "no FIFOs\n");
224           }
225 }
226 
227 static int
ugen_open_pipe_write(struct usb_fifo * f)228 ugen_open_pipe_write(struct usb_fifo *f)
229 {
230           struct usb_config usb_config[2];
231           struct usb_endpoint *ep = usb_fifo_softc(f);
232           struct usb_endpoint_descriptor *ed = ep->edesc;
233 
234           KKASSERT(lockowned(f->priv_lock));
235 
236           if (f->xfer[0] || f->xfer[1]) {
237                     /* transfers are already opened */
238                     return (0);
239           }
240           memset(usb_config, 0, sizeof(usb_config));
241 
242           usb_config[1].type = UE_CONTROL;
243           usb_config[1].endpoint = 0;
244           usb_config[1].direction = UE_DIR_ANY;
245           usb_config[1].timeout = 1000; /* 1 second */
246           usb_config[1].interval = 50;/* 50 milliseconds */
247           usb_config[1].bufsize = sizeof(struct usb_device_request);
248           usb_config[1].callback = &ugen_write_clear_stall_callback;
249           usb_config[1].usb_mode = USB_MODE_HOST;
250 
251           usb_config[0].type = ed->bmAttributes & UE_XFERTYPE;
252           usb_config[0].endpoint = ed->bEndpointAddress & UE_ADDR;
253           usb_config[0].stream_id = 0;  /* XXX support more stream ID's */
254           usb_config[0].direction = UE_DIR_TX;
255           usb_config[0].interval = USB_DEFAULT_INTERVAL;
256           usb_config[0].flags.proxy_buffer = 1;
257           usb_config[0].usb_mode = USB_MODE_DUAL; /* both modes */
258 
259           switch (ed->bmAttributes & UE_XFERTYPE) {
260           case UE_INTERRUPT:
261           case UE_BULK:
262                     if (f->flag_short) {
263                               usb_config[0].flags.force_short_xfer = 1;
264                     }
265                     usb_config[0].callback = &ugen_ctrl_write_callback;
266                     usb_config[0].timeout = f->timeout;
267                     usb_config[0].frames = 1;
268                     usb_config[0].bufsize = f->bufsize;
269                     if (ugen_transfer_setup(f, usb_config, 2)) {
270                               return (EIO);
271                     }
272                     /* first transfer does not clear stall */
273                     f->flag_stall = 0;
274                     break;
275 
276           case UE_ISOCHRONOUS:
277                     usb_config[0].flags.short_xfer_ok = 1;
278                     usb_config[0].bufsize = 0;    /* use default */
279                     usb_config[0].frames = f->nframes;
280                     usb_config[0].callback = &ugen_isoc_write_callback;
281                     usb_config[0].timeout = 0;
282 
283                     /* clone configuration */
284                     usb_config[1] = usb_config[0];
285 
286                     if (ugen_transfer_setup(f, usb_config, 2)) {
287                               return (EIO);
288                     }
289                     break;
290           default:
291                     return (EINVAL);
292           }
293           return (0);
294 }
295 
296 static int
ugen_open_pipe_read(struct usb_fifo * f)297 ugen_open_pipe_read(struct usb_fifo *f)
298 {
299           struct usb_config usb_config[2];
300           struct usb_endpoint *ep = usb_fifo_softc(f);
301           struct usb_endpoint_descriptor *ed = ep->edesc;
302 
303           KKASSERT(lockowned(f->priv_lock));
304 
305           if (f->xfer[0] || f->xfer[1]) {
306                     /* transfers are already opened */
307                     return (0);
308           }
309           memset(usb_config, 0, sizeof(usb_config));
310 
311           usb_config[1].type = UE_CONTROL;
312           usb_config[1].endpoint = 0;
313           usb_config[1].direction = UE_DIR_ANY;
314           usb_config[1].timeout = 1000; /* 1 second */
315           usb_config[1].interval = 50;/* 50 milliseconds */
316           usb_config[1].bufsize = sizeof(struct usb_device_request);
317           usb_config[1].callback = &ugen_read_clear_stall_callback;
318           usb_config[1].usb_mode = USB_MODE_HOST;
319 
320           usb_config[0].type = ed->bmAttributes & UE_XFERTYPE;
321           usb_config[0].endpoint = ed->bEndpointAddress & UE_ADDR;
322           usb_config[0].stream_id = 0;  /* XXX support more stream ID's */
323           usb_config[0].direction = UE_DIR_RX;
324           usb_config[0].interval = USB_DEFAULT_INTERVAL;
325           usb_config[0].flags.proxy_buffer = 1;
326           usb_config[0].usb_mode = USB_MODE_DUAL; /* both modes */
327 
328           switch (ed->bmAttributes & UE_XFERTYPE) {
329           case UE_INTERRUPT:
330           case UE_BULK:
331                     if (f->flag_short) {
332                               usb_config[0].flags.short_xfer_ok = 1;
333                     }
334                     usb_config[0].timeout = f->timeout;
335                     usb_config[0].frames = 1;
336                     usb_config[0].callback = &ugen_ctrl_read_callback;
337                     usb_config[0].bufsize = f->bufsize;
338 
339                     if (ugen_transfer_setup(f, usb_config, 2)) {
340                               return (EIO);
341                     }
342                     /* first transfer does not clear stall */
343                     f->flag_stall = 0;
344                     break;
345 
346           case UE_ISOCHRONOUS:
347                     usb_config[0].flags.short_xfer_ok = 1;
348                     usb_config[0].bufsize = 0;    /* use default */
349                     usb_config[0].frames = f->nframes;
350                     usb_config[0].callback = &ugen_isoc_read_callback;
351                     usb_config[0].timeout = 0;
352 
353                     /* clone configuration */
354                     usb_config[1] = usb_config[0];
355 
356                     if (ugen_transfer_setup(f, usb_config, 2)) {
357                               return (EIO);
358                     }
359                     break;
360 
361           default:
362                     return (EINVAL);
363           }
364           return (0);
365 }
366 
367 static void
ugen_start_read(struct usb_fifo * f)368 ugen_start_read(struct usb_fifo *f)
369 {
370           /* check that pipes are open */
371           if (ugen_open_pipe_read(f)) {
372                     /* signal error */
373                     usb_fifo_put_data_error(f);
374           }
375           /* start transfers */
376           usbd_transfer_start(f->xfer[0]);
377           usbd_transfer_start(f->xfer[1]);
378 }
379 
380 static void
ugen_start_write(struct usb_fifo * f)381 ugen_start_write(struct usb_fifo *f)
382 {
383           /* check that pipes are open */
384           if (ugen_open_pipe_write(f)) {
385                     /* signal error */
386                     usb_fifo_get_data_error(f);
387           }
388           /* start transfers */
389           usbd_transfer_start(f->xfer[0]);
390           usbd_transfer_start(f->xfer[1]);
391 }
392 
393 static void
ugen_stop_io(struct usb_fifo * f)394 ugen_stop_io(struct usb_fifo *f)
395 {
396           /* stop transfers */
397           usbd_transfer_stop(f->xfer[0]);
398           usbd_transfer_stop(f->xfer[1]);
399 }
400 
401 static void
ugen_ctrl_read_callback(struct usb_xfer * xfer,usb_error_t error)402 ugen_ctrl_read_callback(struct usb_xfer *xfer, usb_error_t error)
403 {
404           struct usb_fifo *f = usbd_xfer_softc(xfer);
405           struct usb_mbuf *m;
406 
407           DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
408 
409           switch (USB_GET_STATE(xfer)) {
410           case USB_ST_TRANSFERRED:
411                     if (xfer->actlen == 0) {
412                               if (f->fifo_zlp != 4) {
413                                         f->fifo_zlp++;
414                               } else {
415                                         /*
416                                          * Throttle a little bit we have multiple ZLPs
417                                          * in a row!
418                                          */
419                                         xfer->interval = 64;          /* ms */
420                               }
421                     } else {
422                               /* clear throttle */
423                               xfer->interval = 0;
424                               f->fifo_zlp = 0;
425                     }
426                     usb_fifo_put_data(f, xfer->frbuffers, 0,
427                         xfer->actlen, 1);
428 
429           case USB_ST_SETUP:
430                     if (f->flag_stall) {
431                               usbd_transfer_start(f->xfer[1]);
432                               break;
433                     }
434                     USB_IF_POLL(&f->free_q, m);
435                     if (m) {
436                               usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
437                               usbd_transfer_submit(xfer);
438                     }
439                     break;
440 
441           default:                      /* Error */
442                     if (xfer->error != USB_ERR_CANCELLED) {
443                               /* send a zero length packet to userland */
444                               usb_fifo_put_data(f, xfer->frbuffers, 0, 0, 1);
445                               f->flag_stall = 1;
446                               f->fifo_zlp = 0;
447                               usbd_transfer_start(f->xfer[1]);
448                     }
449                     break;
450           }
451 }
452 
453 static void
ugen_ctrl_write_callback(struct usb_xfer * xfer,usb_error_t error)454 ugen_ctrl_write_callback(struct usb_xfer *xfer, usb_error_t error)
455 {
456           struct usb_fifo *f = usbd_xfer_softc(xfer);
457           usb_frlength_t actlen;
458 
459           DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
460 
461           switch (USB_GET_STATE(xfer)) {
462           case USB_ST_SETUP:
463           case USB_ST_TRANSFERRED:
464                     /*
465                      * If writing is in stall, just jump to clear stall
466                      * callback and solve the situation.
467                      */
468                     if (f->flag_stall) {
469                               usbd_transfer_start(f->xfer[1]);
470                               break;
471                     }
472                     /*
473                      * Write data, setup and perform hardware transfer.
474                      */
475                     if (usb_fifo_get_data(f, xfer->frbuffers, 0,
476                         xfer->max_data_length, &actlen, 0)) {
477                               usbd_xfer_set_frame_len(xfer, 0, actlen);
478                               usbd_transfer_submit(xfer);
479                     }
480                     break;
481 
482           default:                      /* Error */
483                     if (xfer->error != USB_ERR_CANCELLED) {
484                               f->flag_stall = 1;
485                               usbd_transfer_start(f->xfer[1]);
486                     }
487                     break;
488           }
489 }
490 
491 static void
ugen_read_clear_stall_callback(struct usb_xfer * xfer,usb_error_t error)492 ugen_read_clear_stall_callback(struct usb_xfer *xfer, usb_error_t error)
493 {
494           struct usb_fifo *f = usbd_xfer_softc(xfer);
495           struct usb_xfer *xfer_other = f->xfer[0];
496 
497           if (f->flag_stall == 0) {
498                     /* nothing to do */
499                     return;
500           }
501           if (usbd_clear_stall_callback(xfer, xfer_other)) {
502                     DPRINTFN(5, "f=%p: stall cleared\n", f);
503                     f->flag_stall = 0;
504                     usbd_transfer_start(xfer_other);
505           }
506 }
507 
508 static void
ugen_write_clear_stall_callback(struct usb_xfer * xfer,usb_error_t error)509 ugen_write_clear_stall_callback(struct usb_xfer *xfer, usb_error_t error)
510 {
511           struct usb_fifo *f = usbd_xfer_softc(xfer);
512           struct usb_xfer *xfer_other = f->xfer[0];
513 
514           if (f->flag_stall == 0) {
515                     /* nothing to do */
516                     return;
517           }
518           if (usbd_clear_stall_callback(xfer, xfer_other)) {
519                     DPRINTFN(5, "f=%p: stall cleared\n", f);
520                     f->flag_stall = 0;
521                     usbd_transfer_start(xfer_other);
522           }
523 }
524 
525 static void
ugen_isoc_read_callback(struct usb_xfer * xfer,usb_error_t error)526 ugen_isoc_read_callback(struct usb_xfer *xfer, usb_error_t error)
527 {
528           struct usb_fifo *f = usbd_xfer_softc(xfer);
529           usb_frlength_t offset;
530           usb_frcount_t n;
531 
532           DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
533 
534           switch (USB_GET_STATE(xfer)) {
535           case USB_ST_TRANSFERRED:
536 
537                     DPRINTFN(6, "actlen=%d\n", xfer->actlen);
538 
539                     offset = 0;
540 
541                     for (n = 0; n != xfer->aframes; n++) {
542                               usb_fifo_put_data(f, xfer->frbuffers, offset,
543                                   xfer->frlengths[n], 1);
544                               offset += xfer->max_frame_size;
545                     }
546 
547           case USB_ST_SETUP:
548 tr_setup:
549                     for (n = 0; n != xfer->nframes; n++) {
550                               /* setup size for next transfer */
551                               usbd_xfer_set_frame_len(xfer, n, xfer->max_frame_size);
552                     }
553                     usbd_transfer_submit(xfer);
554                     break;
555 
556           default:                      /* Error */
557                     if (xfer->error == USB_ERR_CANCELLED) {
558                               break;
559                     }
560                     goto tr_setup;
561           }
562 }
563 
564 static void
ugen_isoc_write_callback(struct usb_xfer * xfer,usb_error_t error)565 ugen_isoc_write_callback(struct usb_xfer *xfer, usb_error_t error)
566 {
567           struct usb_fifo *f = usbd_xfer_softc(xfer);
568           usb_frlength_t actlen;
569           usb_frlength_t offset;
570           usb_frcount_t n;
571 
572           DPRINTFN(4, "actlen=%u, aframes=%u\n", xfer->actlen, xfer->aframes);
573 
574           switch (USB_GET_STATE(xfer)) {
575           case USB_ST_TRANSFERRED:
576           case USB_ST_SETUP:
577 tr_setup:
578                     offset = 0;
579                     for (n = 0; n != xfer->nframes; n++) {
580                               if (usb_fifo_get_data(f, xfer->frbuffers, offset,
581                                   xfer->max_frame_size, &actlen, 1)) {
582                                         usbd_xfer_set_frame_len(xfer, n, actlen);
583                                         offset += actlen;
584                               } else {
585                                         break;
586                               }
587                     }
588 
589                     for (; n != xfer->nframes; n++) {
590                               /* fill in zero frames */
591                               usbd_xfer_set_frame_len(xfer, n, 0);
592                     }
593                     usbd_transfer_submit(xfer);
594                     break;
595 
596           default:                      /* Error */
597                     if (xfer->error == USB_ERR_CANCELLED) {
598                               break;
599                     }
600                     goto tr_setup;
601           }
602 }
603 
604 static int
ugen_set_config(struct usb_fifo * f,uint8_t index)605 ugen_set_config(struct usb_fifo *f, uint8_t index)
606 {
607           DPRINTFN(2, "index %u\n", index);
608 
609           if (f->udev->flags.usb_mode != USB_MODE_HOST) {
610                     /* not possible in device side mode */
611                     return (ENOTTY);
612           }
613 
614           /* make sure all FIFO's are gone */
615           /* else there can be a deadlock */
616           if (ugen_fs_uninit(f)) {
617                     /* ignore any errors */
618                     DPRINTFN(6, "no FIFOs\n");
619           }
620 
621           if (usbd_start_set_config(f->udev, index) != 0)
622                     return (EIO);
623 
624           return (0);
625 }
626 
627 static int
ugen_set_interface(struct usb_fifo * f,uint8_t iface_index,uint8_t alt_index)628 ugen_set_interface(struct usb_fifo *f,
629     uint8_t iface_index, uint8_t alt_index)
630 {
631           DPRINTFN(2, "%u, %u\n", iface_index, alt_index);
632 
633           if (f->udev->flags.usb_mode != USB_MODE_HOST) {
634                     /* not possible in device side mode */
635                     return (ENOTTY);
636           }
637           /* make sure all FIFO's are gone */
638           /* else there can be a deadlock */
639           if (ugen_fs_uninit(f)) {
640                     /* ignore any errors */
641                     DPRINTFN(6, "no FIFOs\n");
642           }
643           /* change setting - will free generic FIFOs, if any */
644           if (usbd_set_alt_interface_index(f->udev, iface_index, alt_index)) {
645                     return (EIO);
646           }
647           /* probe and attach */
648           if (usb_probe_and_attach(f->udev, iface_index)) {
649                     return (EIO);
650           }
651           return (0);
652 }
653 
654 /*------------------------------------------------------------------------*
655  *        ugen_get_cdesc
656  *
657  * This function will retrieve the complete configuration descriptor
658  * at the given index.
659  *------------------------------------------------------------------------*/
660 static int
ugen_get_cdesc(struct usb_fifo * f,struct usb_gen_descriptor * ugd)661 ugen_get_cdesc(struct usb_fifo *f, struct usb_gen_descriptor *ugd)
662 {
663           struct usb_config_descriptor *cdesc;
664           struct usb_device *udev = f->udev;
665           int error;
666           uint16_t len;
667           uint8_t free_data;
668 
669           DPRINTFN(6, "\n");
670 
671           if (ugd->ugd_data == NULL) {
672                     /* userland pointer should not be zero */
673                     return (EINVAL);
674           }
675           if ((ugd->ugd_config_index == USB_UNCONFIG_INDEX) ||
676               (ugd->ugd_config_index == udev->curr_config_index)) {
677                     cdesc = usbd_get_config_descriptor(udev);
678                     if (cdesc == NULL) {
679                               return (ENXIO);
680                     }
681                     free_data = 0;
682 
683           } else {
684 #if (USB_HAVE_FIXED_CONFIG == 0)
685                     if (usbd_req_get_config_desc_full(udev,
686                         NULL, &cdesc, ugd->ugd_config_index)) {
687                               return (ENXIO);
688                     }
689                     free_data = 1;
690 #else
691                     /* configuration descriptor data is shared */
692                     return (EINVAL);
693 #endif
694           }
695 
696           len = UGETW(cdesc->wTotalLength);
697           if (len > ugd->ugd_maxlen) {
698                     len = ugd->ugd_maxlen;
699           }
700           DPRINTFN(6, "len=%u\n", len);
701 
702           ugd->ugd_actlen = len;
703           ugd->ugd_offset = 0;
704 
705           error = copyout(cdesc, ugd->ugd_data, len);
706 
707           if (free_data)
708                     usbd_free_config_desc(udev, cdesc);
709 
710           return (error);
711 }
712 
713 /*
714  * This function is called having the enumeration SX locked which
715  * protects the scratch area used.
716  */
717 static int
ugen_get_sdesc(struct usb_fifo * f,struct usb_gen_descriptor * ugd)718 ugen_get_sdesc(struct usb_fifo *f, struct usb_gen_descriptor *ugd)
719 {
720           void *ptr;
721           uint16_t size;
722           int error;
723 
724           ptr = f->udev->scratch.data;
725           size = sizeof(f->udev->scratch.data);
726 
727           if (usbd_req_get_string_desc(f->udev, NULL, ptr,
728               size, ugd->ugd_lang_id, ugd->ugd_string_index)) {
729                     error = EINVAL;
730           } else {
731 
732                     if (size > ((uint8_t *)ptr)[0]) {
733                               size = ((uint8_t *)ptr)[0];
734                     }
735                     if (size > ugd->ugd_maxlen) {
736                               size = ugd->ugd_maxlen;
737                     }
738                     ugd->ugd_actlen = size;
739                     ugd->ugd_offset = 0;
740 
741                     error = copyout(ptr, ugd->ugd_data, size);
742           }
743           return (error);
744 }
745 
746 /*------------------------------------------------------------------------*
747  *        ugen_get_iface_driver
748  *
749  * This function generates an USB interface description for userland.
750  *
751  * Returns:
752  *    0: Success
753  * Else: Failure
754  *------------------------------------------------------------------------*/
755 static int
ugen_get_iface_driver(struct usb_fifo * f,struct usb_gen_descriptor * ugd)756 ugen_get_iface_driver(struct usb_fifo *f, struct usb_gen_descriptor *ugd)
757 {
758           struct usb_device *udev = f->udev;
759           struct usb_interface *iface;
760           const char *ptr;
761           const char *desc;
762           unsigned int len;
763           unsigned int maxlen;
764           char buf[128];
765           int error;
766 
767           DPRINTFN(6, "\n");
768 
769           if ((ugd->ugd_data == NULL) || (ugd->ugd_maxlen == 0)) {
770                     /* userland pointer should not be zero */
771                     return (EINVAL);
772           }
773 
774           iface = usbd_get_iface(udev, ugd->ugd_iface_index);
775           if ((iface == NULL) || (iface->idesc == NULL)) {
776                     /* invalid interface index */
777                     return (EINVAL);
778           }
779 
780           /* read out device nameunit string, if any */
781           if ((iface->subdev != NULL) &&
782               device_is_attached(iface->subdev) &&
783               (ptr = device_get_nameunit(iface->subdev)) &&
784               (desc = device_get_desc(iface->subdev))) {
785 
786                     /* print description */
787                     ksnprintf(buf, sizeof(buf), "%s: <%s>", ptr, desc);
788 
789                     /* range checks */
790                     maxlen = ugd->ugd_maxlen - 1;
791                     len = strlen(buf);
792                     if (len > maxlen)
793                               len = maxlen;
794 
795                     /* update actual length, including terminating zero */
796                     ugd->ugd_actlen = len + 1;
797 
798                     /* copy out interface description */
799                     error = copyout(buf, ugd->ugd_data, ugd->ugd_actlen);
800           } else {
801                     /* zero length string is default */
802                     error = copyout("", ugd->ugd_data, 1);
803           }
804           return (error);
805 }
806 
807 /*------------------------------------------------------------------------*
808  *        usb_gen_fill_deviceinfo
809  *
810  * This function dumps information about an USB device to the
811  * structure pointed to by the "di" argument.
812  *
813  * Returns:
814  *    0: Success
815  * Else: Failure
816  *------------------------------------------------------------------------*/
817 static int
usb_gen_fill_deviceinfo(struct usb_fifo * f,struct usb_device_info * di)818 usb_gen_fill_deviceinfo(struct usb_fifo *f, struct usb_device_info *di)
819 {
820           struct usb_device *udev;
821           struct usb_device *hub;
822 
823           udev = f->udev;
824 
825           bzero(di, sizeof(di[0]));
826 
827           di->udi_bus = device_get_unit(udev->bus->bdev);
828           di->udi_addr = udev->address;
829           di->udi_index = udev->device_index;
830           strlcpy(di->udi_serial, usb_get_serial(udev), sizeof(di->udi_serial));
831           strlcpy(di->udi_vendor, usb_get_manufacturer(udev), sizeof(di->udi_vendor));
832           strlcpy(di->udi_product, usb_get_product(udev), sizeof(di->udi_product));
833           usb_printbcd(di->udi_release, sizeof(di->udi_release),
834               UGETW(udev->ddesc.bcdDevice));
835           di->udi_vendorNo = UGETW(udev->ddesc.idVendor);
836           di->udi_productNo = UGETW(udev->ddesc.idProduct);
837           di->udi_releaseNo = UGETW(udev->ddesc.bcdDevice);
838           di->udi_class = udev->ddesc.bDeviceClass;
839           di->udi_subclass = udev->ddesc.bDeviceSubClass;
840           di->udi_protocol = udev->ddesc.bDeviceProtocol;
841           di->udi_config_no = udev->curr_config_no;
842           di->udi_config_index = udev->curr_config_index;
843           di->udi_power = udev->flags.self_powered ? 0 : udev->power;
844           di->udi_speed = udev->speed;
845           di->udi_mode = udev->flags.usb_mode;
846           di->udi_power_mode = udev->power_mode;
847           di->udi_suspended = udev->flags.peer_suspended;
848 
849           hub = udev->parent_hub;
850           if (hub) {
851                     di->udi_hubaddr = hub->address;
852                     di->udi_hubindex = hub->device_index;
853                     di->udi_hubport = udev->port_no;
854           }
855           return (0);
856 }
857 
858 /*------------------------------------------------------------------------*
859  *        ugen_check_request
860  *
861  * Return values:
862  * 0: Access allowed
863  * Else: No access
864  *------------------------------------------------------------------------*/
865 static int
ugen_check_request(struct usb_device * udev,struct usb_device_request * req)866 ugen_check_request(struct usb_device *udev, struct usb_device_request *req)
867 {
868           struct usb_endpoint *ep;
869           int error;
870 
871           /*
872            * Avoid requests that would damage the bus integrity:
873            */
874           if (((req->bmRequestType == UT_WRITE_DEVICE) &&
875               (req->bRequest == UR_SET_ADDRESS)) ||
876               ((req->bmRequestType == UT_WRITE_DEVICE) &&
877               (req->bRequest == UR_SET_CONFIG)) ||
878               ((req->bmRequestType == UT_WRITE_INTERFACE) &&
879               (req->bRequest == UR_SET_INTERFACE)))
880           {
881                     /*
882                      * These requests can be useful for testing USB drivers.
883                      */
884                     error = caps_priv_check_self(SYSCAP_NODRIVER);
885                     if (error)
886                               return (error);
887           }
888           /*
889            * Special case - handle clearing of stall
890            */
891           if (req->bmRequestType == UT_WRITE_ENDPOINT) {
892 
893                     ep = usbd_get_ep_by_addr(udev, req->wIndex[0]);
894                     if (ep == NULL) {
895                               return (EINVAL);
896                     }
897                     if ((req->bRequest == UR_CLEAR_FEATURE) &&
898                         (UGETW(req->wValue) == UF_ENDPOINT_HALT)) {
899                               usbd_clear_data_toggle(udev, ep);
900                     }
901           }
902           /* TODO: add more checks to verify the interface index */
903 
904           return (0);
905 }
906 
907 int
ugen_do_request(struct usb_fifo * f,struct usb_ctl_request * ur)908 ugen_do_request(struct usb_fifo *f, struct usb_ctl_request *ur)
909 {
910           int error;
911           uint16_t len;
912           uint16_t actlen;
913 
914           if (ugen_check_request(f->udev, &ur->ucr_request)) {
915                     return (EPERM);
916           }
917           len = UGETW(ur->ucr_request.wLength);
918 
919           /* check if "ucr_data" is valid */
920           if (len != 0) {
921                     if (ur->ucr_data == NULL) {
922                               return (EFAULT);
923                     }
924           }
925           /* do the USB request */
926           error = usbd_do_request_flags
927               (f->udev, NULL, &ur->ucr_request, ur->ucr_data,
928               (ur->ucr_flags & USB_SHORT_XFER_OK) |
929               USB_USER_DATA_PTR, &actlen,
930               USB_DEFAULT_TIMEOUT);
931 
932           ur->ucr_actlen = actlen;
933 
934           if (error) {
935                     error = EIO;
936           }
937           return (error);
938 }
939 
940 /*------------------------------------------------------------------------
941  *        ugen_re_enumerate
942  *------------------------------------------------------------------------*/
943 static int
ugen_re_enumerate(struct usb_fifo * f)944 ugen_re_enumerate(struct usb_fifo *f)
945 {
946           struct usb_device *udev = f->udev;
947           int error;
948 
949           /*
950            * This request can be useful for testing USB drivers:
951            */
952           error = caps_priv_check_self(SYSCAP_NODRIVER);
953           if (error)
954                     return (error);
955 
956           if (udev->flags.usb_mode != USB_MODE_HOST) {
957                     /* not possible in device side mode */
958                     DPRINTFN(6, "device mode\n");
959                     return (ENOTTY);
960           }
961           /* make sure all FIFO's are gone */
962           /* else there can be a deadlock */
963           if (ugen_fs_uninit(f)) {
964                     /* ignore any errors */
965                     DPRINTFN(6, "no FIFOs\n");
966           }
967           /* start re-enumeration of device */
968           usbd_start_re_enumerate(udev);
969           return (0);
970 }
971 
972 int
ugen_fs_uninit(struct usb_fifo * f)973 ugen_fs_uninit(struct usb_fifo *f)
974 {
975           if (f->fs_xfer == NULL) {
976                     return (EINVAL);
977           }
978           usbd_transfer_unsetup(f->fs_xfer, f->fs_ep_max);
979           kfree(f->fs_xfer, M_USB);
980           f->fs_xfer = NULL;
981           f->fs_ep_max = 0;
982           f->fs_ep_ptr = NULL;
983           f->flag_iscomplete = 0;
984           usb_fifo_free_buffer(f);
985           return (0);
986 }
987 
988 static uint8_t
ugen_fs_get_complete(struct usb_fifo * f,uint8_t * pindex)989 ugen_fs_get_complete(struct usb_fifo *f, uint8_t *pindex)
990 {
991           struct usb_mbuf *m;
992 
993           USB_IF_DEQUEUE(&f->used_q, m);
994 
995           if (m) {
996                     *pindex = *((uint8_t *)(m->cur_data_ptr));
997 
998                     USB_IF_ENQUEUE(&f->free_q, m);
999 
1000                     return (0);                   /* success */
1001           } else {
1002 
1003                     *pindex = 0;                  /* fix compiler warning */
1004 
1005                     f->flag_iscomplete = 0;
1006           }
1007           return (1);                             /* failure */
1008 }
1009 
1010 static void
ugen_fs_set_complete(struct usb_fifo * f,uint8_t index)1011 ugen_fs_set_complete(struct usb_fifo *f, uint8_t index)
1012 {
1013           struct usb_mbuf *m;
1014 
1015           USB_IF_DEQUEUE(&f->free_q, m);
1016 
1017           if (m == NULL) {
1018                     /* can happen during close */
1019                     DPRINTF("out of buffers\n");
1020                     return;
1021           }
1022           USB_MBUF_RESET(m);
1023 
1024           *((uint8_t *)(m->cur_data_ptr)) = index;
1025 
1026           USB_IF_ENQUEUE(&f->used_q, m);
1027 
1028           f->flag_iscomplete = 1;
1029 
1030           usb_fifo_wakeup(f);
1031 }
1032 
1033 static int
ugen_fs_copy_in(struct usb_fifo * f,uint8_t ep_index)1034 ugen_fs_copy_in(struct usb_fifo *f, uint8_t ep_index)
1035 {
1036           struct usb_device_request *req;
1037           struct usb_xfer *xfer;
1038           struct usb_fs_endpoint fs_ep;
1039           void *uaddr;                            /* userland pointer */
1040           void *kaddr;
1041           usb_frlength_t offset;
1042           usb_frlength_t rem;
1043           usb_frcount_t n;
1044           uint32_t length;
1045           int error;
1046           uint8_t isread;
1047 
1048           if (ep_index >= f->fs_ep_max) {
1049                     return (EINVAL);
1050           }
1051           xfer = f->fs_xfer[ep_index];
1052           if (xfer == NULL) {
1053                     return (EINVAL);
1054           }
1055           lockmgr(f->priv_lock, LK_EXCLUSIVE);
1056           if (usbd_transfer_pending(xfer)) {
1057                     lockmgr(f->priv_lock, LK_RELEASE);
1058                     return (EBUSY);               /* should not happen */
1059           }
1060           lockmgr(f->priv_lock, LK_RELEASE);
1061 
1062           error = copyin(f->fs_ep_ptr +
1063               ep_index, &fs_ep, sizeof(fs_ep));
1064           if (error) {
1065                     return (error);
1066           }
1067           /* security checks */
1068 
1069           if (fs_ep.nFrames > xfer->max_frame_count) {
1070                     xfer->error = USB_ERR_INVAL;
1071                     goto complete;
1072           }
1073           if (fs_ep.nFrames == 0) {
1074                     xfer->error = USB_ERR_INVAL;
1075                     goto complete;
1076           }
1077           error = copyin(fs_ep.ppBuffer,
1078               &uaddr, sizeof(uaddr));
1079           if (error) {
1080                     return (error);
1081           }
1082           /* reset first frame */
1083           usbd_xfer_set_frame_offset(xfer, 0, 0);
1084 
1085           if (xfer->flags_int.control_xfr) {
1086 
1087                     req = xfer->frbuffers[0].buffer;
1088 
1089                     error = copyin(fs_ep.pLength,
1090                         &length, sizeof(length));
1091                     if (error) {
1092                               return (error);
1093                     }
1094                     if (length != sizeof(*req)) {
1095                               xfer->error = USB_ERR_INVAL;
1096                               goto complete;
1097                     }
1098                     if (length != 0) {
1099                               error = copyin(uaddr, req, length);
1100                               if (error) {
1101                                         return (error);
1102                               }
1103                     }
1104                     if (ugen_check_request(f->udev, req)) {
1105                               xfer->error = USB_ERR_INVAL;
1106                               goto complete;
1107                     }
1108                     usbd_xfer_set_frame_len(xfer, 0, length);
1109 
1110                     /* Host mode only ! */
1111                     if ((req->bmRequestType &
1112                         (UT_READ | UT_WRITE)) == UT_READ) {
1113                               isread = 1;
1114                     } else {
1115                               isread = 0;
1116                     }
1117                     n = 1;
1118                     offset = sizeof(*req);
1119 
1120           } else {
1121                     /* Device and Host mode */
1122                     if (USB_GET_DATA_ISREAD(xfer)) {
1123                               isread = 1;
1124                     } else {
1125                               isread = 0;
1126                     }
1127                     n = 0;
1128                     offset = 0;
1129           }
1130 
1131           rem = usbd_xfer_max_len(xfer);
1132           xfer->nframes = fs_ep.nFrames;
1133           xfer->timeout = fs_ep.timeout;
1134           if (xfer->timeout > 65535) {
1135                     xfer->timeout = 65535;
1136           }
1137           if (fs_ep.flags & USB_FS_FLAG_SINGLE_SHORT_OK)
1138                     xfer->flags.short_xfer_ok = 1;
1139           else
1140                     xfer->flags.short_xfer_ok = 0;
1141 
1142           if (fs_ep.flags & USB_FS_FLAG_MULTI_SHORT_OK)
1143                     xfer->flags.short_frames_ok = 1;
1144           else
1145                     xfer->flags.short_frames_ok = 0;
1146 
1147           if (fs_ep.flags & USB_FS_FLAG_FORCE_SHORT)
1148                     xfer->flags.force_short_xfer = 1;
1149           else
1150                     xfer->flags.force_short_xfer = 0;
1151 
1152           if (fs_ep.flags & USB_FS_FLAG_CLEAR_STALL)
1153                     usbd_xfer_set_stall(xfer);
1154           else
1155                     xfer->flags.stall_pipe = 0;
1156 
1157           for (; n != xfer->nframes; n++) {
1158 
1159                     error = copyin(fs_ep.pLength + n,
1160                         &length, sizeof(length));
1161                     if (error) {
1162                               break;
1163                     }
1164                     usbd_xfer_set_frame_len(xfer, n, length);
1165 
1166                     if (length > rem) {
1167                               xfer->error = USB_ERR_INVAL;
1168                               goto complete;
1169                     }
1170                     rem -= length;
1171 
1172                     if (!isread) {
1173 
1174                               /* we need to know the source buffer */
1175                               error = copyin(fs_ep.ppBuffer + n,
1176                                   &uaddr, sizeof(uaddr));
1177                               if (error) {
1178                                         break;
1179                               }
1180                               if (xfer->flags_int.isochronous_xfr) {
1181                                         /* get kernel buffer address */
1182                                         kaddr = xfer->frbuffers[0].buffer;
1183                                         kaddr = USB_ADD_BYTES(kaddr, offset);
1184                               } else {
1185                                         /* set current frame offset */
1186                                         usbd_xfer_set_frame_offset(xfer, offset, n);
1187 
1188                                         /* get kernel buffer address */
1189                                         kaddr = xfer->frbuffers[n].buffer;
1190                               }
1191 
1192                               /* move data */
1193                               error = copyin(uaddr, kaddr, length);
1194                               if (error) {
1195                                         break;
1196                               }
1197                     }
1198                     offset += length;
1199           }
1200           return (error);
1201 
1202 complete:
1203           lockmgr(f->priv_lock, LK_EXCLUSIVE);
1204           ugen_fs_set_complete(f, ep_index);
1205           lockmgr(f->priv_lock, LK_RELEASE);
1206           return (0);
1207 }
1208 
1209 static int
ugen_fs_copy_out(struct usb_fifo * f,uint8_t ep_index)1210 ugen_fs_copy_out(struct usb_fifo *f, uint8_t ep_index)
1211 {
1212           struct usb_device_request *req;
1213           struct usb_xfer *xfer;
1214           struct usb_fs_endpoint fs_ep;
1215           struct usb_fs_endpoint *fs_ep_uptr;     /* userland ptr */
1216           void *uaddr;                            /* userland ptr */
1217           void *kaddr;
1218           usb_frlength_t offset;
1219           usb_frlength_t rem;
1220           usb_frcount_t n;
1221           uint32_t length;
1222           uint32_t temp;
1223           int error;
1224           uint8_t isread;
1225 
1226           if (ep_index >= f->fs_ep_max)
1227                     return (EINVAL);
1228 
1229           xfer = f->fs_xfer[ep_index];
1230           if (xfer == NULL)
1231                     return (EINVAL);
1232 
1233           lockmgr(f->priv_lock, LK_EXCLUSIVE);
1234           if (usbd_transfer_pending(xfer)) {
1235                     lockmgr(f->priv_lock, LK_RELEASE);
1236                     return (EBUSY);               /* should not happen */
1237           }
1238           lockmgr(f->priv_lock, LK_RELEASE);
1239 
1240           fs_ep_uptr = f->fs_ep_ptr + ep_index;
1241           error = copyin(fs_ep_uptr, &fs_ep, sizeof(fs_ep));
1242           if (error) {
1243                     return (error);
1244           }
1245           fs_ep.status = xfer->error;
1246           fs_ep.aFrames = xfer->aframes;
1247           fs_ep.isoc_time_complete = xfer->isoc_time_complete;
1248           if (xfer->error) {
1249                     goto complete;
1250           }
1251           if (xfer->flags_int.control_xfr) {
1252                     req = xfer->frbuffers[0].buffer;
1253 
1254                     /* Host mode only ! */
1255                     if ((req->bmRequestType & (UT_READ | UT_WRITE)) == UT_READ) {
1256                               isread = 1;
1257                     } else {
1258                               isread = 0;
1259                     }
1260                     if (xfer->nframes == 0)
1261                               n = 0;              /* should never happen */
1262                     else
1263                               n = 1;
1264           } else {
1265                     /* Device and Host mode */
1266                     if (USB_GET_DATA_ISREAD(xfer)) {
1267                               isread = 1;
1268                     } else {
1269                               isread = 0;
1270                     }
1271                     n = 0;
1272           }
1273 
1274           /* Update lengths and copy out data */
1275 
1276           rem = usbd_xfer_max_len(xfer);
1277           offset = 0;
1278 
1279           for (; n != xfer->nframes; n++) {
1280 
1281                     /* get initial length into "temp" */
1282                     error = copyin(fs_ep.pLength + n,
1283                         &temp, sizeof(temp));
1284                     if (error) {
1285                               return (error);
1286                     }
1287                     if (temp > rem) {
1288                               /* the userland length has been corrupted */
1289                               DPRINTF("corrupt userland length "
1290                                   "%u > %u\n", temp, rem);
1291                               fs_ep.status = USB_ERR_INVAL;
1292                               goto complete;
1293                     }
1294                     rem -= temp;
1295 
1296                     /* get actual transfer length */
1297                     length = xfer->frlengths[n];
1298                     if (length > temp) {
1299                               /* data overflow */
1300                               fs_ep.status = USB_ERR_INVAL;
1301                               DPRINTF("data overflow %u > %u\n",
1302                                   length, temp);
1303                               goto complete;
1304                     }
1305                     if (isread) {
1306 
1307                               /* we need to know the destination buffer */
1308                               error = copyin(fs_ep.ppBuffer + n,
1309                                   &uaddr, sizeof(uaddr));
1310                               if (error) {
1311                                         return (error);
1312                               }
1313                               if (xfer->flags_int.isochronous_xfr) {
1314                                         /* only one frame buffer */
1315                                         kaddr = USB_ADD_BYTES(
1316                                             xfer->frbuffers[0].buffer, offset);
1317                               } else {
1318                                         /* multiple frame buffers */
1319                                         kaddr = xfer->frbuffers[n].buffer;
1320                               }
1321 
1322                               /* move data */
1323                               error = copyout(kaddr, uaddr, length);
1324                               if (error) {
1325                                         return (error);
1326                               }
1327                     }
1328                     /*
1329                      * Update offset according to initial length, which is
1330                      * needed by isochronous transfers!
1331                      */
1332                     offset += temp;
1333 
1334                     /* update length */
1335                     error = copyout(&length,
1336                         fs_ep.pLength + n, sizeof(length));
1337                     if (error) {
1338                               return (error);
1339                     }
1340           }
1341 
1342 complete:
1343           /* update "aFrames" */
1344           error = copyout(&fs_ep.aFrames, &fs_ep_uptr->aFrames,
1345               sizeof(fs_ep.aFrames));
1346           if (error)
1347                     goto done;
1348 
1349           /* update "isoc_time_complete" */
1350           error = copyout(&fs_ep.isoc_time_complete,
1351               &fs_ep_uptr->isoc_time_complete,
1352               sizeof(fs_ep.isoc_time_complete));
1353           if (error)
1354                     goto done;
1355           /* update "status" */
1356           error = copyout(&fs_ep.status, &fs_ep_uptr->status,
1357               sizeof(fs_ep.status));
1358 done:
1359           return (error);
1360 }
1361 
1362 static uint8_t
ugen_fifo_in_use(struct usb_fifo * f,int fflags)1363 ugen_fifo_in_use(struct usb_fifo *f, int fflags)
1364 {
1365           struct usb_fifo *f_rx;
1366           struct usb_fifo *f_tx;
1367 
1368           f_rx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_RX];
1369           f_tx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_TX];
1370 
1371           if ((fflags & FREAD) && f_rx &&
1372               (f_rx->xfer[0] || f_rx->xfer[1])) {
1373                     return (1);                   /* RX FIFO in use */
1374           }
1375           if ((fflags & FWRITE) && f_tx &&
1376               (f_tx->xfer[0] || f_tx->xfer[1])) {
1377                     return (1);                   /* TX FIFO in use */
1378           }
1379           return (0);                             /* not in use */
1380 }
1381 
1382 static int
ugen_ioctl(struct usb_fifo * f,u_long cmd,void * addr,int fflags)1383 ugen_ioctl(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
1384 {
1385           struct usb_config usb_config[1];
1386           struct usb_device_request req;
1387           union {
1388                     struct usb_fs_complete *pcomp;
1389                     struct usb_fs_start *pstart;
1390                     struct usb_fs_stop *pstop;
1391                     struct usb_fs_open *popen;
1392                     struct usb_fs_open_stream *popen_stream;
1393                     struct usb_fs_close *pclose;
1394                     struct usb_fs_clear_stall_sync *pstall;
1395                     void   *addr;
1396           }     u;
1397           struct usb_endpoint *ep;
1398           struct usb_endpoint_descriptor *ed;
1399           struct usb_xfer *xfer;
1400           int error = 0;
1401           uint8_t iface_index;
1402           uint8_t isread;
1403           uint8_t ep_index;
1404           uint8_t pre_scale;
1405 
1406           u.addr = addr;
1407 
1408           DPRINTFN(6, "cmd=0x%08lx\n", cmd);
1409 
1410           switch (cmd) {
1411           case USB_FS_COMPLETE:
1412                     lockmgr(f->priv_lock, LK_EXCLUSIVE);
1413                     error = ugen_fs_get_complete(f, &ep_index);
1414                     lockmgr(f->priv_lock, LK_RELEASE);
1415 
1416                     if (error) {
1417                               error = EBUSY;
1418                               break;
1419                     }
1420                     u.pcomp->ep_index = ep_index;
1421                     error = ugen_fs_copy_out(f, u.pcomp->ep_index);
1422                     break;
1423 
1424           case USB_FS_START:
1425                     error = ugen_fs_copy_in(f, u.pstart->ep_index);
1426                     if (error)
1427                               break;
1428                     lockmgr(f->priv_lock, LK_EXCLUSIVE);
1429                     xfer = f->fs_xfer[u.pstart->ep_index];
1430                     usbd_transfer_start(xfer);
1431                     lockmgr(f->priv_lock, LK_RELEASE);
1432                     break;
1433 
1434           case USB_FS_STOP:
1435                     if (u.pstop->ep_index >= f->fs_ep_max) {
1436                               error = EINVAL;
1437                               break;
1438                     }
1439                     lockmgr(f->priv_lock, LK_EXCLUSIVE);
1440                     xfer = f->fs_xfer[u.pstart->ep_index];
1441                     if (usbd_transfer_pending(xfer)) {
1442                               usbd_transfer_stop(xfer);
1443                               /*
1444                                * Check if the USB transfer was stopped
1445                                * before it was even started. Else a cancel
1446                                * callback will be pending.
1447                                */
1448                               if (!xfer->flags_int.transferring) {
1449                                         ugen_fs_set_complete(xfer->priv_sc,
1450                                             USB_P2U(xfer->priv_fifo));
1451                               }
1452                     }
1453                     lockmgr(f->priv_lock, LK_RELEASE);
1454                     break;
1455 
1456           case USB_FS_OPEN:
1457           case USB_FS_OPEN_STREAM:
1458                     if (u.popen->ep_index >= f->fs_ep_max) {
1459                               error = EINVAL;
1460                               break;
1461                     }
1462                     if (f->fs_xfer[u.popen->ep_index] != NULL) {
1463                               error = EBUSY;
1464                               break;
1465                     }
1466                     if (u.popen->max_bufsize > USB_FS_MAX_BUFSIZE) {
1467                               u.popen->max_bufsize = USB_FS_MAX_BUFSIZE;
1468                     }
1469                     if (u.popen->max_frames & USB_FS_MAX_FRAMES_PRE_SCALE) {
1470                               pre_scale = 1;
1471                               u.popen->max_frames &= ~USB_FS_MAX_FRAMES_PRE_SCALE;
1472                     } else {
1473                               pre_scale = 0;
1474                     }
1475                     if (u.popen->max_frames > USB_FS_MAX_FRAMES) {
1476                               u.popen->max_frames = USB_FS_MAX_FRAMES;
1477                               break;
1478                     }
1479                     if (u.popen->max_frames == 0) {
1480                               error = EINVAL;
1481                               break;
1482                     }
1483                     ep = usbd_get_ep_by_addr(f->udev, u.popen->ep_no);
1484                     if (ep == NULL) {
1485                               error = EINVAL;
1486                               break;
1487                     }
1488                     ed = ep->edesc;
1489                     if (ed == NULL) {
1490                               error = ENXIO;
1491                               break;
1492                     }
1493                     iface_index = ep->iface_index;
1494 
1495                     memset(usb_config, 0, sizeof(usb_config));
1496 
1497                     usb_config[0].type = ed->bmAttributes & UE_XFERTYPE;
1498                     usb_config[0].endpoint = ed->bEndpointAddress & UE_ADDR;
1499                     usb_config[0].direction = ed->bEndpointAddress & (UE_DIR_OUT | UE_DIR_IN);
1500                     usb_config[0].interval = USB_DEFAULT_INTERVAL;
1501                     usb_config[0].flags.proxy_buffer = 1;
1502                     if (pre_scale != 0)
1503                               usb_config[0].flags.pre_scale_frames = 1;
1504                     usb_config[0].callback = &ugen_ctrl_fs_callback;
1505                     usb_config[0].timeout = 0;    /* no timeout */
1506                     usb_config[0].frames = u.popen->max_frames;
1507                     usb_config[0].bufsize = u.popen->max_bufsize;
1508                     usb_config[0].usb_mode = USB_MODE_DUAL; /* both modes */
1509                     if (cmd == USB_FS_OPEN_STREAM)
1510                               usb_config[0].stream_id = u.popen_stream->stream_id;
1511 
1512                     if (usb_config[0].type == UE_CONTROL) {
1513                               if (f->udev->flags.usb_mode != USB_MODE_HOST) {
1514                                         error = EINVAL;
1515                                         break;
1516                               }
1517                     } else {
1518 
1519                               isread = ((usb_config[0].endpoint &
1520                                   (UE_DIR_IN | UE_DIR_OUT)) == UE_DIR_IN);
1521 
1522                               if (f->udev->flags.usb_mode != USB_MODE_HOST) {
1523                                         isread = !isread;
1524                               }
1525                               /* check permissions */
1526                               if (isread) {
1527                                         if (!(fflags & FREAD)) {
1528                                                   error = EPERM;
1529                                                   break;
1530                                         }
1531                               } else {
1532                                         if (!(fflags & FWRITE)) {
1533                                                   error = EPERM;
1534                                                   break;
1535                                         }
1536                               }
1537                     }
1538                     error = usbd_transfer_setup(f->udev, &iface_index,
1539                         f->fs_xfer + u.popen->ep_index, usb_config, 1,
1540                         f, f->priv_lock);
1541                     if (error == 0) {
1542                               /* update maximums */
1543                               u.popen->max_packet_length =
1544                                   f->fs_xfer[u.popen->ep_index]->max_frame_size;
1545                               u.popen->max_bufsize =
1546                                   f->fs_xfer[u.popen->ep_index]->max_data_length;
1547                               /* update number of frames */
1548                               u.popen->max_frames =
1549                                   f->fs_xfer[u.popen->ep_index]->nframes;
1550                               /* store index of endpoint */
1551                               f->fs_xfer[u.popen->ep_index]->priv_fifo =
1552                                   ((uint8_t *)0) + u.popen->ep_index;
1553                     } else {
1554                               error = ENOMEM;
1555                     }
1556                     break;
1557 
1558           case USB_FS_CLOSE:
1559                     if (u.pclose->ep_index >= f->fs_ep_max) {
1560                               error = EINVAL;
1561                               break;
1562                     }
1563                     if (f->fs_xfer[u.pclose->ep_index] == NULL) {
1564                               error = EINVAL;
1565                               break;
1566                     }
1567                     usbd_transfer_unsetup(f->fs_xfer + u.pclose->ep_index, 1);
1568                     break;
1569 
1570           case USB_FS_CLEAR_STALL_SYNC:
1571                     if (u.pstall->ep_index >= f->fs_ep_max) {
1572                               error = EINVAL;
1573                               break;
1574                     }
1575                     if (f->fs_xfer[u.pstall->ep_index] == NULL) {
1576                               error = EINVAL;
1577                               break;
1578                     }
1579                     if (f->udev->flags.usb_mode != USB_MODE_HOST) {
1580                               error = EINVAL;
1581                               break;
1582                     }
1583                     lockmgr(f->priv_lock, LK_EXCLUSIVE);
1584                     error = usbd_transfer_pending(f->fs_xfer[u.pstall->ep_index]);
1585                     lockmgr(f->priv_lock, LK_RELEASE);
1586 
1587                     if (error) {
1588                               return (EBUSY);
1589                     }
1590                     ep = f->fs_xfer[u.pstall->ep_index]->endpoint;
1591 
1592                     /* setup a clear-stall packet */
1593                     req.bmRequestType = UT_WRITE_ENDPOINT;
1594                     req.bRequest = UR_CLEAR_FEATURE;
1595                     USETW(req.wValue, UF_ENDPOINT_HALT);
1596                     req.wIndex[0] = ep->edesc->bEndpointAddress;
1597                     req.wIndex[1] = 0;
1598                     USETW(req.wLength, 0);
1599 
1600                     error = usbd_do_request(f->udev, NULL, &req, NULL);
1601                     if (error == 0) {
1602                               usbd_clear_data_toggle(f->udev, ep);
1603                     } else {
1604                               error = ENXIO;
1605                     }
1606                     break;
1607 
1608           default:
1609                     error = ENOIOCTL;
1610                     break;
1611           }
1612 
1613           DPRINTFN(6, "error=%d\n", error);
1614 
1615           return (error);
1616 }
1617 
1618 static int
ugen_set_short_xfer(struct usb_fifo * f,void * addr)1619 ugen_set_short_xfer(struct usb_fifo *f, void *addr)
1620 {
1621           uint8_t t;
1622 
1623           if (*(int *)addr)
1624                     t = 1;
1625           else
1626                     t = 0;
1627 
1628           if (f->flag_short == t) {
1629                     /* same value like before - accept */
1630                     return (0);
1631           }
1632           if (f->xfer[0] || f->xfer[1]) {
1633                     /* cannot change this during transfer */
1634                     return (EBUSY);
1635           }
1636           f->flag_short = t;
1637           return (0);
1638 }
1639 
1640 static int
ugen_set_timeout(struct usb_fifo * f,void * addr)1641 ugen_set_timeout(struct usb_fifo *f, void *addr)
1642 {
1643           f->timeout = *(int *)addr;
1644           if (f->timeout > 65535) {
1645                     /* limit user input */
1646                     f->timeout = 65535;
1647           }
1648           return (0);
1649 }
1650 
1651 static int
ugen_get_frame_size(struct usb_fifo * f,void * addr)1652 ugen_get_frame_size(struct usb_fifo *f, void *addr)
1653 {
1654           if (f->xfer[0]) {
1655                     *(int *)addr = f->xfer[0]->max_frame_size;
1656           } else {
1657                     return (EINVAL);
1658           }
1659           return (0);
1660 }
1661 
1662 static int
ugen_set_buffer_size(struct usb_fifo * f,void * addr)1663 ugen_set_buffer_size(struct usb_fifo *f, void *addr)
1664 {
1665           usb_frlength_t t;
1666 
1667           if (*(int *)addr < 0)
1668                     t = 0;              /* use "wMaxPacketSize" */
1669           else if (*(int *)addr < (256 * 1024))
1670                     t = *(int *)addr;
1671           else
1672                     t = 256 * 1024;
1673 
1674           if (f->bufsize == t) {
1675                     /* same value like before - accept */
1676                     return (0);
1677           }
1678           if (f->xfer[0] || f->xfer[1]) {
1679                     /* cannot change this during transfer */
1680                     return (EBUSY);
1681           }
1682           f->bufsize = t;
1683           return (0);
1684 }
1685 
1686 static int
ugen_get_buffer_size(struct usb_fifo * f,void * addr)1687 ugen_get_buffer_size(struct usb_fifo *f, void *addr)
1688 {
1689           *(int *)addr = f->bufsize;
1690           return (0);
1691 }
1692 
1693 static int
ugen_get_iface_desc(struct usb_fifo * f,struct usb_interface_descriptor * idesc)1694 ugen_get_iface_desc(struct usb_fifo *f,
1695     struct usb_interface_descriptor *idesc)
1696 {
1697           struct usb_interface *iface;
1698 
1699           iface = usbd_get_iface(f->udev, f->iface_index);
1700           if (iface && iface->idesc) {
1701                     *idesc = *(iface->idesc);
1702           } else {
1703                     return (EIO);
1704           }
1705           return (0);
1706 }
1707 
1708 static int
ugen_get_endpoint_desc(struct usb_fifo * f,struct usb_endpoint_descriptor * ed)1709 ugen_get_endpoint_desc(struct usb_fifo *f,
1710     struct usb_endpoint_descriptor *ed)
1711 {
1712           struct usb_endpoint *ep;
1713 
1714           ep = usb_fifo_softc(f);
1715 
1716           if (ep && ep->edesc) {
1717                     *ed = *ep->edesc;
1718           } else {
1719                     return (EINVAL);
1720           }
1721           return (0);
1722 }
1723 
1724 static int
ugen_set_power_mode(struct usb_fifo * f,int mode)1725 ugen_set_power_mode(struct usb_fifo *f, int mode)
1726 {
1727           struct usb_device *udev = f->udev;
1728           int err;
1729           uint8_t old_mode;
1730 
1731           if ((udev == NULL) ||
1732               (udev->parent_hub == NULL)) {
1733                     return (EINVAL);
1734           }
1735           err = caps_priv_check_self(SYSCAP_NODRIVER);
1736           if (err)
1737                     return (err);
1738 
1739           /* get old power mode */
1740           old_mode = udev->power_mode;
1741 
1742           /* if no change, then just return */
1743           if (old_mode == mode)
1744                     return (0);
1745 
1746           switch (mode) {
1747           case USB_POWER_MODE_OFF:
1748                     if (udev->flags.usb_mode == USB_MODE_HOST &&
1749                         udev->re_enumerate_wait == USB_RE_ENUM_DONE) {
1750                               udev->re_enumerate_wait = USB_RE_ENUM_PWR_OFF;
1751                     }
1752                     /* set power mode will wake up the explore thread */
1753                     break;
1754 
1755           case USB_POWER_MODE_ON:
1756           case USB_POWER_MODE_SAVE:
1757                     break;
1758 
1759           case USB_POWER_MODE_RESUME:
1760 #if USB_HAVE_POWERD
1761                     /* let USB-powerd handle resume */
1762                     USB_BUS_LOCK(udev->bus);
1763                     udev->pwr_save.write_refs++;
1764                     udev->pwr_save.last_xfer_time = ticks;
1765                     USB_BUS_UNLOCK(udev->bus);
1766 
1767                     /* set new power mode */
1768                     usbd_set_power_mode(udev, USB_POWER_MODE_SAVE);
1769 
1770                     /* wait for resume to complete */
1771                     usb_pause_mtx(NULL, hz / 4);
1772 
1773                     /* clear write reference */
1774                     USB_BUS_LOCK(udev->bus);
1775                     udev->pwr_save.write_refs--;
1776                     USB_BUS_UNLOCK(udev->bus);
1777 #endif
1778                     mode = USB_POWER_MODE_SAVE;
1779                     break;
1780 
1781           case USB_POWER_MODE_SUSPEND:
1782 #if USB_HAVE_POWERD
1783                     /* let USB-powerd handle suspend */
1784                     USB_BUS_LOCK(udev->bus);
1785                     udev->pwr_save.last_xfer_time = ticks - (256 * hz);
1786                     USB_BUS_UNLOCK(udev->bus);
1787 #endif
1788                     mode = USB_POWER_MODE_SAVE;
1789                     break;
1790 
1791           default:
1792                     return (EINVAL);
1793           }
1794 
1795           if (err)
1796                     return (ENXIO);               /* I/O failure */
1797 
1798           /* if we are powered off we need to re-enumerate first */
1799           if (old_mode == USB_POWER_MODE_OFF) {
1800                     if (udev->flags.usb_mode == USB_MODE_HOST &&
1801                         udev->re_enumerate_wait == USB_RE_ENUM_DONE) {
1802                               udev->re_enumerate_wait = USB_RE_ENUM_START;
1803                     }
1804                     /* set power mode will wake up the explore thread */
1805           }
1806 
1807           /* set new power mode */
1808           usbd_set_power_mode(udev, mode);
1809 
1810           return (0);                             /* success */
1811 }
1812 
1813 static int
ugen_get_power_mode(struct usb_fifo * f)1814 ugen_get_power_mode(struct usb_fifo *f)
1815 {
1816           struct usb_device *udev = f->udev;
1817 
1818           if (udev == NULL)
1819                     return (USB_POWER_MODE_ON);
1820 
1821           return (udev->power_mode);
1822 }
1823 
1824 static int
ugen_get_port_path(struct usb_fifo * f,struct usb_device_port_path * dpp)1825 ugen_get_port_path(struct usb_fifo *f, struct usb_device_port_path *dpp)
1826 {
1827           struct usb_device *udev = f->udev;
1828           struct usb_device *next;
1829           unsigned int nlevel = 0;
1830 
1831           if (udev == NULL)
1832                     goto error;
1833 
1834           dpp->udp_bus = device_get_unit(udev->bus->bdev);
1835           dpp->udp_index = udev->device_index;
1836 
1837           /* count port levels */
1838           next = udev;
1839           while (next->parent_hub != NULL) {
1840                     nlevel++;
1841                     next = next->parent_hub;
1842           }
1843 
1844           /* check if too many levels */
1845           if (nlevel > USB_DEVICE_PORT_PATH_MAX)
1846                     goto error;
1847 
1848           /* store total level of ports */
1849           dpp->udp_port_level = nlevel;
1850 
1851           /* store port index array */
1852           next = udev;
1853           while (next->parent_hub != NULL) {
1854                     dpp->udp_port_no[--nlevel] = next->port_no;
1855                     next = next->parent_hub;
1856           }
1857           return (0);         /* success */
1858 
1859 error:
1860           return (EINVAL);    /* failure */
1861 }
1862 
1863 static int
ugen_get_power_usage(struct usb_fifo * f)1864 ugen_get_power_usage(struct usb_fifo *f)
1865 {
1866           struct usb_device *udev = f->udev;
1867 
1868           if (udev == NULL)
1869                     return (0);
1870 
1871           return (udev->power);
1872 }
1873 
1874 static int
ugen_do_port_feature(struct usb_fifo * f,uint8_t port_no,uint8_t set,uint16_t feature)1875 ugen_do_port_feature(struct usb_fifo *f, uint8_t port_no,
1876     uint8_t set, uint16_t feature)
1877 {
1878           struct usb_device *udev = f->udev;
1879           struct usb_hub *hub;
1880           int err;
1881 
1882           err = caps_priv_check_self(SYSCAP_NODRIVER);
1883           if (err)
1884                     return (err);
1885 
1886           if (port_no == 0) {
1887                     return (EINVAL);
1888           }
1889           if ((udev == NULL) ||
1890               (udev->hub == NULL)) {
1891                     return (EINVAL);
1892           }
1893           hub = udev->hub;
1894 
1895           if (port_no > hub->nports) {
1896                     return (EINVAL);
1897           }
1898           if (set)
1899                     err = usbd_req_set_port_feature(udev,
1900                         NULL, port_no, feature);
1901           else
1902                     err = usbd_req_clear_port_feature(udev,
1903                         NULL, port_no, feature);
1904 
1905           if (err)
1906                     return (ENXIO);               /* failure */
1907 
1908           return (0);                             /* success */
1909 }
1910 
1911 static int
ugen_iface_ioctl(struct usb_fifo * f,u_long cmd,void * addr,int fflags)1912 ugen_iface_ioctl(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
1913 {
1914           struct usb_fifo *f_rx;
1915           struct usb_fifo *f_tx;
1916           int error = 0;
1917 
1918           f_rx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_RX];
1919           f_tx = f->udev->fifo[(f->fifo_index & ~1) + USB_FIFO_TX];
1920 
1921           switch (cmd) {
1922           case USB_SET_RX_SHORT_XFER:
1923                     if (fflags & FREAD) {
1924                               error = ugen_set_short_xfer(f_rx, addr);
1925                     } else {
1926                               error = EINVAL;
1927                     }
1928                     break;
1929 
1930           case USB_SET_TX_FORCE_SHORT:
1931                     if (fflags & FWRITE) {
1932                               error = ugen_set_short_xfer(f_tx, addr);
1933                     } else {
1934                               error = EINVAL;
1935                     }
1936                     break;
1937 
1938           case USB_SET_RX_TIMEOUT:
1939                     if (fflags & FREAD) {
1940                               error = ugen_set_timeout(f_rx, addr);
1941                     } else {
1942                               error = EINVAL;
1943                     }
1944                     break;
1945 
1946           case USB_SET_TX_TIMEOUT:
1947                     if (fflags & FWRITE) {
1948                               error = ugen_set_timeout(f_tx, addr);
1949                     } else {
1950                               error = EINVAL;
1951                     }
1952                     break;
1953 
1954           case USB_GET_RX_FRAME_SIZE:
1955                     if (fflags & FREAD) {
1956                               error = ugen_get_frame_size(f_rx, addr);
1957                     } else {
1958                               error = EINVAL;
1959                     }
1960                     break;
1961 
1962           case USB_GET_TX_FRAME_SIZE:
1963                     if (fflags & FWRITE) {
1964                               error = ugen_get_frame_size(f_tx, addr);
1965                     } else {
1966                               error = EINVAL;
1967                     }
1968                     break;
1969 
1970           case USB_SET_RX_BUFFER_SIZE:
1971                     if (fflags & FREAD) {
1972                               error = ugen_set_buffer_size(f_rx, addr);
1973                     } else {
1974                               error = EINVAL;
1975                     }
1976                     break;
1977 
1978           case USB_SET_TX_BUFFER_SIZE:
1979                     if (fflags & FWRITE) {
1980                               error = ugen_set_buffer_size(f_tx, addr);
1981                     } else {
1982                               error = EINVAL;
1983                     }
1984                     break;
1985 
1986           case USB_GET_RX_BUFFER_SIZE:
1987                     if (fflags & FREAD) {
1988                               error = ugen_get_buffer_size(f_rx, addr);
1989                     } else {
1990                               error = EINVAL;
1991                     }
1992                     break;
1993 
1994           case USB_GET_TX_BUFFER_SIZE:
1995                     if (fflags & FWRITE) {
1996                               error = ugen_get_buffer_size(f_tx, addr);
1997                     } else {
1998                               error = EINVAL;
1999                     }
2000                     break;
2001 
2002           case USB_GET_RX_INTERFACE_DESC:
2003                     if (fflags & FREAD) {
2004                               error = ugen_get_iface_desc(f_rx, addr);
2005                     } else {
2006                               error = EINVAL;
2007                     }
2008                     break;
2009 
2010           case USB_GET_TX_INTERFACE_DESC:
2011                     if (fflags & FWRITE) {
2012                               error = ugen_get_iface_desc(f_tx, addr);
2013                     } else {
2014                               error = EINVAL;
2015                     }
2016                     break;
2017 
2018           case USB_GET_RX_ENDPOINT_DESC:
2019                     if (fflags & FREAD) {
2020                               error = ugen_get_endpoint_desc(f_rx, addr);
2021                     } else {
2022                               error = EINVAL;
2023                     }
2024                     break;
2025 
2026           case USB_GET_TX_ENDPOINT_DESC:
2027                     if (fflags & FWRITE) {
2028                               error = ugen_get_endpoint_desc(f_tx, addr);
2029                     } else {
2030                               error = EINVAL;
2031                     }
2032                     break;
2033 
2034           case USB_SET_RX_STALL_FLAG:
2035                     if ((fflags & FREAD) && (*(int *)addr)) {
2036                               f_rx->flag_stall = 1;
2037                     }
2038                     break;
2039 
2040           case USB_SET_TX_STALL_FLAG:
2041                     if ((fflags & FWRITE) && (*(int *)addr)) {
2042                               f_tx->flag_stall = 1;
2043                     }
2044                     break;
2045 
2046           default:
2047                     error = ENOIOCTL;
2048                     break;
2049           }
2050           return (error);
2051 }
2052 
2053 static int
ugen_ioctl_post(struct usb_fifo * f,u_long cmd,void * addr,int fflags)2054 ugen_ioctl_post(struct usb_fifo *f, u_long cmd, void *addr, int fflags)
2055 {
2056           union {
2057                     struct usb_interface_descriptor *idesc;
2058                     struct usb_alt_interface *ai;
2059                     struct usb_device_descriptor *ddesc;
2060                     struct usb_config_descriptor *cdesc;
2061                     struct usb_device_stats *stat;
2062                     struct usb_fs_init *pinit;
2063                     struct usb_fs_uninit *puninit;
2064                     struct usb_device_port_path *dpp;
2065                     uint32_t *ptime;
2066                     void   *addr;
2067                     int    *pint;
2068           }     u;
2069           struct usb_device_descriptor *dtemp;
2070           struct usb_config_descriptor *ctemp;
2071           struct usb_interface *iface;
2072           int error = 0;
2073           uint8_t n;
2074 
2075           u.addr = addr;
2076 
2077           DPRINTFN(6, "cmd=0x%08lx\n", cmd);
2078 
2079           switch (cmd) {
2080           case USB_DISCOVER:
2081                     usb_needs_explore_all();
2082                     break;
2083 
2084           case USB_SETDEBUG:
2085                     if (!(fflags & FWRITE)) {
2086                               error = EPERM;
2087                               break;
2088                     }
2089                     usb_debug = *(int *)addr;
2090                     break;
2091 
2092           case USB_GET_CONFIG:
2093                     *(int *)addr = f->udev->curr_config_index;
2094                     break;
2095 
2096           case USB_SET_CONFIG:
2097                     if (!(fflags & FWRITE)) {
2098                               error = EPERM;
2099                               break;
2100                     }
2101                     error = ugen_set_config(f, *(int *)addr);
2102                     break;
2103 
2104           case USB_GET_ALTINTERFACE:
2105                     iface = usbd_get_iface(f->udev,
2106                         u.ai->uai_interface_index);
2107                     if (iface && iface->idesc) {
2108                               u.ai->uai_alt_index = iface->alt_index;
2109                     } else {
2110                               error = EINVAL;
2111                     }
2112                     break;
2113 
2114           case USB_SET_ALTINTERFACE:
2115                     if (!(fflags & FWRITE)) {
2116                               error = EPERM;
2117                               break;
2118                     }
2119                     error = ugen_set_interface(f,
2120                         u.ai->uai_interface_index, u.ai->uai_alt_index);
2121                     break;
2122 
2123           case USB_GET_DEVICE_DESC:
2124                     dtemp = usbd_get_device_descriptor(f->udev);
2125                     if (!dtemp) {
2126                               error = EIO;
2127                               break;
2128                     }
2129                     *u.ddesc = *dtemp;
2130                     break;
2131 
2132           case USB_GET_CONFIG_DESC:
2133                     ctemp = usbd_get_config_descriptor(f->udev);
2134                     if (!ctemp) {
2135                               error = EIO;
2136                               break;
2137                     }
2138                     *u.cdesc = *ctemp;
2139                     break;
2140 
2141           case USB_GET_FULL_DESC:
2142                     error = ugen_get_cdesc(f, addr);
2143                     break;
2144 
2145           case USB_GET_STRING_DESC:
2146                     error = ugen_get_sdesc(f, addr);
2147                     break;
2148 
2149           case USB_GET_IFACE_DRIVER:
2150                     error = ugen_get_iface_driver(f, addr);
2151                     break;
2152 
2153           case USB_REQUEST:
2154           case USB_DO_REQUEST:
2155                     if (!(fflags & FWRITE)) {
2156                               error = EPERM;
2157                               break;
2158                     }
2159                     error = ugen_do_request(f, addr);
2160                     break;
2161 
2162           case USB_DEVICEINFO:
2163           case USB_GET_DEVICEINFO:
2164                     error = usb_gen_fill_deviceinfo(f, addr);
2165                     break;
2166 
2167           case USB_DEVICESTATS:
2168                     for (n = 0; n != 4; n++) {
2169 
2170                               u.stat->uds_requests_fail[n] =
2171                                   f->udev->bus->stats_err.uds_requests[n];
2172 
2173                               u.stat->uds_requests_ok[n] =
2174                                   f->udev->bus->stats_ok.uds_requests[n];
2175                     }
2176                     break;
2177 
2178           case USB_DEVICEENUMERATE:
2179                     error = ugen_re_enumerate(f);
2180                     break;
2181 
2182           case USB_GET_PLUGTIME:
2183                     *u.ptime = f->udev->plugtime;
2184                     break;
2185 
2186           case USB_CLAIM_INTERFACE:
2187           case USB_RELEASE_INTERFACE:
2188                     /* TODO */
2189                     break;
2190 
2191           case USB_IFACE_DRIVER_ACTIVE:
2192 
2193                     n = *u.pint & 0xFF;
2194 
2195                     iface = usbd_get_iface(f->udev, n);
2196 
2197                     if (iface && iface->subdev)
2198                               error = 0;
2199                     else
2200                               error = ENXIO;
2201                     break;
2202 
2203           case USB_IFACE_DRIVER_DETACH:
2204 
2205                     error = caps_priv_check_self(SYSCAP_NODRIVER);
2206                     if (error)
2207                               break;
2208 
2209                     n = *u.pint & 0xFF;
2210 
2211                     if (n == USB_IFACE_INDEX_ANY) {
2212                               error = EINVAL;
2213                               break;
2214                     }
2215 
2216                     /*
2217                      * Detach the currently attached driver.
2218                      */
2219                     usb_detach_device(f->udev, n, 0);
2220 
2221                     /*
2222                      * Set parent to self, this should keep attach away
2223                      * until the next set configuration event.
2224                      */
2225                     usbd_set_parent_iface(f->udev, n, n);
2226                     break;
2227 
2228           case USB_SET_POWER_MODE:
2229                     error = ugen_set_power_mode(f, *u.pint);
2230                     break;
2231 
2232           case USB_GET_POWER_MODE:
2233                     *u.pint = ugen_get_power_mode(f);
2234                     break;
2235 
2236           case USB_GET_DEV_PORT_PATH:
2237                     error = ugen_get_port_path(f, u.dpp);
2238                     break;
2239 
2240           case USB_GET_POWER_USAGE:
2241                     *u.pint = ugen_get_power_usage(f);
2242                     break;
2243 
2244           case USB_SET_PORT_ENABLE:
2245                     error = ugen_do_port_feature(f,
2246                         *u.pint, 1, UHF_PORT_ENABLE);
2247                     break;
2248 
2249           case USB_SET_PORT_DISABLE:
2250                     error = ugen_do_port_feature(f,
2251                         *u.pint, 0, UHF_PORT_ENABLE);
2252                     break;
2253 
2254           case USB_FS_INIT:
2255                     /* verify input parameters */
2256                     if (u.pinit->pEndpoints == NULL) {
2257                               error = EINVAL;
2258                               break;
2259                     }
2260                     if (u.pinit->ep_index_max > 127) {
2261                               error = EINVAL;
2262                               break;
2263                     }
2264                     if (u.pinit->ep_index_max == 0) {
2265                               error = EINVAL;
2266                               break;
2267                     }
2268                     if (f->fs_xfer != NULL) {
2269                               error = EBUSY;
2270                               break;
2271                     }
2272                     if (f->dev_ep_index != 0) {
2273                               error = EINVAL;
2274                               break;
2275                     }
2276                     if (ugen_fifo_in_use(f, fflags)) {
2277                               error = EBUSY;
2278                               break;
2279                     }
2280                     error = usb_fifo_alloc_buffer(f, 1, u.pinit->ep_index_max);
2281                     if (error) {
2282                               break;
2283                     }
2284                     f->fs_xfer = kmalloc(sizeof(f->fs_xfer[0]) *
2285                         u.pinit->ep_index_max, M_USB, M_WAITOK | M_ZERO);
2286                     if (f->fs_xfer == NULL) {
2287                               usb_fifo_free_buffer(f);
2288                               error = ENOMEM;
2289                               break;
2290                     }
2291                     f->fs_ep_max = u.pinit->ep_index_max;
2292                     f->fs_ep_ptr = u.pinit->pEndpoints;
2293                     break;
2294 
2295           case USB_FS_UNINIT:
2296                     if (u.puninit->dummy != 0) {
2297                               error = EINVAL;
2298                               break;
2299                     }
2300                     error = ugen_fs_uninit(f);
2301                     break;
2302 
2303           default:
2304                     lockmgr(f->priv_lock, LK_EXCLUSIVE);
2305                     error = ugen_iface_ioctl(f, cmd, addr, fflags);
2306                     lockmgr(f->priv_lock, LK_RELEASE);
2307                     break;
2308           }
2309           DPRINTFN(6, "error=%d\n", error);
2310           return (error);
2311 }
2312 
2313 static void
ugen_ctrl_fs_callback(struct usb_xfer * xfer,usb_error_t error)2314 ugen_ctrl_fs_callback(struct usb_xfer *xfer, usb_error_t error)
2315 {
2316           ;                                       /* workaround for a bug in "indent" */
2317 
2318           DPRINTF("st=%u alen=%u aframes=%u\n",
2319               USB_GET_STATE(xfer), xfer->actlen, xfer->aframes);
2320 
2321           switch (USB_GET_STATE(xfer)) {
2322           case USB_ST_SETUP:
2323                     usbd_transfer_submit(xfer);
2324                     break;
2325           default:
2326                     ugen_fs_set_complete(xfer->priv_sc, USB_P2U(xfer->priv_fifo));
2327                     break;
2328           }
2329 }
2330 #endif    /* USB_HAVE_UGEN */
2331