cdc-wdm: Fix more races on the read path
[pandora-kernel.git] / drivers / usb / class / cdc-wdm.c
1 /*
2  * cdc-wdm.c
3  *
4  * This driver supports USB CDC WCM Device Management.
5  *
6  * Copyright (c) 2007-2009 Oliver Neukum
7  *
8  * Some code taken from cdc-acm.c
9  *
10  * Released under the GPLv2.
11  *
12  * Many thanks to Carl Nordbeck
13  */
14 #include <linux/kernel.h>
15 #include <linux/errno.h>
16 #include <linux/slab.h>
17 #include <linux/module.h>
18 #include <linux/mutex.h>
19 #include <linux/uaccess.h>
20 #include <linux/bitops.h>
21 #include <linux/poll.h>
22 #include <linux/usb.h>
23 #include <linux/usb/cdc.h>
24 #include <asm/byteorder.h>
25 #include <asm/unaligned.h>
26
27 /*
28  * Version Information
29  */
30 #define DRIVER_VERSION "v0.03"
31 #define DRIVER_AUTHOR "Oliver Neukum"
32 #define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
33
34 static const struct usb_device_id wdm_ids[] = {
35         {
36                 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
37                                  USB_DEVICE_ID_MATCH_INT_SUBCLASS,
38                 .bInterfaceClass = USB_CLASS_COMM,
39                 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
40         },
41         { }
42 };
43
44 MODULE_DEVICE_TABLE (usb, wdm_ids);
45
46 #define WDM_MINOR_BASE  176
47
48
49 #define WDM_IN_USE              1
50 #define WDM_DISCONNECTING       2
51 #define WDM_RESULT              3
52 #define WDM_READ                4
53 #define WDM_INT_STALL           5
54 #define WDM_POLL_RUNNING        6
55 #define WDM_RESPONDING          7
56 #define WDM_SUSPENDING          8
57
58 #define WDM_MAX                 16
59
60 /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
61 #define WDM_DEFAULT_BUFSIZE     256
62
63 static DEFINE_MUTEX(wdm_mutex);
64
65 /* --- method tables --- */
66
67 struct wdm_device {
68         u8                      *inbuf; /* buffer for response */
69         u8                      *outbuf; /* buffer for command */
70         u8                      *sbuf; /* buffer for status */
71         u8                      *ubuf; /* buffer for copy to user space */
72
73         struct urb              *command;
74         struct urb              *response;
75         struct urb              *validity;
76         struct usb_interface    *intf;
77         struct usb_ctrlrequest  *orq;
78         struct usb_ctrlrequest  *irq;
79         spinlock_t              iuspin;
80
81         unsigned long           flags;
82         u16                     bufsize;
83         u16                     wMaxCommand;
84         u16                     wMaxPacketSize;
85         u16                     bMaxPacketSize0;
86         __le16                  inum;
87         int                     reslength;
88         int                     length;
89         int                     read;
90         int                     count;
91         dma_addr_t              shandle;
92         dma_addr_t              ihandle;
93         struct mutex            wlock;
94         struct mutex            rlock;
95         wait_queue_head_t       wait;
96         struct work_struct      rxwork;
97         int                     werr;
98         int                     rerr;
99 };
100
101 static struct usb_driver wdm_driver;
102
103 /* --- callbacks --- */
104 static void wdm_out_callback(struct urb *urb)
105 {
106         struct wdm_device *desc;
107         desc = urb->context;
108         spin_lock(&desc->iuspin);
109         desc->werr = urb->status;
110         spin_unlock(&desc->iuspin);
111         clear_bit(WDM_IN_USE, &desc->flags);
112         kfree(desc->outbuf);
113         wake_up(&desc->wait);
114 }
115
116 static void wdm_in_callback(struct urb *urb)
117 {
118         struct wdm_device *desc = urb->context;
119         int status = urb->status;
120
121         spin_lock(&desc->iuspin);
122         clear_bit(WDM_RESPONDING, &desc->flags);
123
124         if (status) {
125                 switch (status) {
126                 case -ENOENT:
127                         dev_dbg(&desc->intf->dev,
128                                 "nonzero urb status received: -ENOENT");
129                         goto skip_error;
130                 case -ECONNRESET:
131                         dev_dbg(&desc->intf->dev,
132                                 "nonzero urb status received: -ECONNRESET");
133                         goto skip_error;
134                 case -ESHUTDOWN:
135                         dev_dbg(&desc->intf->dev,
136                                 "nonzero urb status received: -ESHUTDOWN");
137                         goto skip_error;
138                 case -EPIPE:
139                         dev_err(&desc->intf->dev,
140                                 "nonzero urb status received: -EPIPE\n");
141                         break;
142                 default:
143                         dev_err(&desc->intf->dev,
144                                 "Unexpected error %d\n", status);
145                         break;
146                 }
147         }
148
149         desc->rerr = status;
150         desc->reslength = urb->actual_length;
151         memmove(desc->ubuf + desc->length, desc->inbuf, desc->reslength);
152         desc->length += desc->reslength;
153 skip_error:
154         wake_up(&desc->wait);
155
156         set_bit(WDM_READ, &desc->flags);
157         spin_unlock(&desc->iuspin);
158 }
159
160 static void wdm_int_callback(struct urb *urb)
161 {
162         int rv = 0;
163         int status = urb->status;
164         struct wdm_device *desc;
165         struct usb_ctrlrequest *req;
166         struct usb_cdc_notification *dr;
167
168         desc = urb->context;
169         req = desc->irq;
170         dr = (struct usb_cdc_notification *)desc->sbuf;
171
172         if (status) {
173                 switch (status) {
174                 case -ESHUTDOWN:
175                 case -ENOENT:
176                 case -ECONNRESET:
177                         return; /* unplug */
178                 case -EPIPE:
179                         set_bit(WDM_INT_STALL, &desc->flags);
180                         dev_err(&desc->intf->dev, "Stall on int endpoint\n");
181                         goto sw; /* halt is cleared in work */
182                 default:
183                         dev_err(&desc->intf->dev,
184                                 "nonzero urb status received: %d\n", status);
185                         break;
186                 }
187         }
188
189         if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
190                 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
191                         urb->actual_length);
192                 goto exit;
193         }
194
195         switch (dr->bNotificationType) {
196         case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
197                 dev_dbg(&desc->intf->dev,
198                         "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d",
199                         dr->wIndex, dr->wLength);
200                 break;
201
202         case USB_CDC_NOTIFY_NETWORK_CONNECTION:
203
204                 dev_dbg(&desc->intf->dev,
205                         "NOTIFY_NETWORK_CONNECTION %s network",
206                         dr->wValue ? "connected to" : "disconnected from");
207                 goto exit;
208         default:
209                 clear_bit(WDM_POLL_RUNNING, &desc->flags);
210                 dev_err(&desc->intf->dev,
211                         "unknown notification %d received: index %d len %d\n",
212                         dr->bNotificationType, dr->wIndex, dr->wLength);
213                 goto exit;
214         }
215
216         req->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
217         req->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
218         req->wValue = 0;
219         req->wIndex = desc->inum;
220         req->wLength = cpu_to_le16(desc->wMaxCommand);
221
222         usb_fill_control_urb(
223                 desc->response,
224                 interface_to_usbdev(desc->intf),
225                 /* using common endpoint 0 */
226                 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
227                 (unsigned char *)req,
228                 desc->inbuf,
229                 desc->wMaxCommand,
230                 wdm_in_callback,
231                 desc
232         );
233         desc->response->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
234         spin_lock(&desc->iuspin);
235         clear_bit(WDM_READ, &desc->flags);
236         set_bit(WDM_RESPONDING, &desc->flags);
237         if (!test_bit(WDM_DISCONNECTING, &desc->flags)
238                 && !test_bit(WDM_SUSPENDING, &desc->flags)) {
239                 rv = usb_submit_urb(desc->response, GFP_ATOMIC);
240                 dev_dbg(&desc->intf->dev, "%s: usb_submit_urb %d",
241                         __func__, rv);
242         }
243         spin_unlock(&desc->iuspin);
244         if (rv < 0) {
245                 clear_bit(WDM_RESPONDING, &desc->flags);
246                 if (rv == -EPERM)
247                         return;
248                 if (rv == -ENOMEM) {
249 sw:
250                         rv = schedule_work(&desc->rxwork);
251                         if (rv)
252                                 dev_err(&desc->intf->dev,
253                                         "Cannot schedule work\n");
254                 }
255         }
256 exit:
257         rv = usb_submit_urb(urb, GFP_ATOMIC);
258         if (rv)
259                 dev_err(&desc->intf->dev,
260                         "%s - usb_submit_urb failed with result %d\n",
261                         __func__, rv);
262
263 }
264
265 static void kill_urbs(struct wdm_device *desc)
266 {
267         /* the order here is essential */
268         usb_kill_urb(desc->command);
269         usb_kill_urb(desc->validity);
270         usb_kill_urb(desc->response);
271 }
272
273 static void free_urbs(struct wdm_device *desc)
274 {
275         usb_free_urb(desc->validity);
276         usb_free_urb(desc->response);
277         usb_free_urb(desc->command);
278 }
279
280 static void cleanup(struct wdm_device *desc)
281 {
282         usb_free_coherent(interface_to_usbdev(desc->intf),
283                           desc->wMaxPacketSize,
284                           desc->sbuf,
285                           desc->validity->transfer_dma);
286         usb_free_coherent(interface_to_usbdev(desc->intf),
287                           desc->bMaxPacketSize0,
288                           desc->inbuf,
289                           desc->response->transfer_dma);
290         kfree(desc->orq);
291         kfree(desc->irq);
292         kfree(desc->ubuf);
293         free_urbs(desc);
294         kfree(desc);
295 }
296
297 static ssize_t wdm_write
298 (struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
299 {
300         u8 *buf;
301         int rv = -EMSGSIZE, r, we;
302         struct wdm_device *desc = file->private_data;
303         struct usb_ctrlrequest *req;
304
305         if (count > desc->wMaxCommand)
306                 count = desc->wMaxCommand;
307
308         spin_lock_irq(&desc->iuspin);
309         we = desc->werr;
310         desc->werr = 0;
311         spin_unlock_irq(&desc->iuspin);
312         if (we < 0)
313                 return -EIO;
314
315         desc->outbuf = buf = kmalloc(count, GFP_KERNEL);
316         if (!buf) {
317                 rv = -ENOMEM;
318                 goto outnl;
319         }
320
321         r = copy_from_user(buf, buffer, count);
322         if (r > 0) {
323                 kfree(buf);
324                 rv = -EFAULT;
325                 goto outnl;
326         }
327
328         /* concurrent writes and disconnect */
329         r = mutex_lock_interruptible(&desc->wlock);
330         rv = -ERESTARTSYS;
331         if (r) {
332                 kfree(buf);
333                 goto outnl;
334         }
335
336         if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
337                 kfree(buf);
338                 rv = -ENODEV;
339                 goto outnp;
340         }
341
342         r = usb_autopm_get_interface(desc->intf);
343         if (r < 0) {
344                 kfree(buf);
345                 goto outnp;
346         }
347
348         if (!(file->f_flags & O_NONBLOCK))
349                 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
350                                                                 &desc->flags));
351         else
352                 if (test_bit(WDM_IN_USE, &desc->flags))
353                         r = -EAGAIN;
354         if (r < 0) {
355                 kfree(buf);
356                 goto out;
357         }
358
359         req = desc->orq;
360         usb_fill_control_urb(
361                 desc->command,
362                 interface_to_usbdev(desc->intf),
363                 /* using common endpoint 0 */
364                 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
365                 (unsigned char *)req,
366                 buf,
367                 count,
368                 wdm_out_callback,
369                 desc
370         );
371
372         req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
373                              USB_RECIP_INTERFACE);
374         req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
375         req->wValue = 0;
376         req->wIndex = desc->inum;
377         req->wLength = cpu_to_le16(count);
378         set_bit(WDM_IN_USE, &desc->flags);
379
380         rv = usb_submit_urb(desc->command, GFP_KERNEL);
381         if (rv < 0) {
382                 kfree(buf);
383                 clear_bit(WDM_IN_USE, &desc->flags);
384                 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
385         } else {
386                 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d",
387                         req->wIndex);
388         }
389 out:
390         usb_autopm_put_interface(desc->intf);
391 outnp:
392         mutex_unlock(&desc->wlock);
393 outnl:
394         return rv < 0 ? rv : count;
395 }
396
397 static ssize_t wdm_read
398 (struct file *file, char __user *buffer, size_t count, loff_t *ppos)
399 {
400         int rv, cntr;
401         int i = 0;
402         struct wdm_device *desc = file->private_data;
403
404
405         rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
406         if (rv < 0)
407                 return -ERESTARTSYS;
408
409         cntr = ACCESS_ONCE(desc->length);
410         if (cntr == 0) {
411                 desc->read = 0;
412 retry:
413                 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
414                         rv = -ENODEV;
415                         goto err;
416                 }
417                 i++;
418                 if (file->f_flags & O_NONBLOCK) {
419                         if (!test_bit(WDM_READ, &desc->flags)) {
420                                 rv = cntr ? cntr : -EAGAIN;
421                                 goto err;
422                         }
423                         rv = 0;
424                 } else {
425                         rv = wait_event_interruptible(desc->wait,
426                                 test_bit(WDM_READ, &desc->flags));
427                 }
428
429                 /* may have happened while we slept */
430                 if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
431                         rv = -ENODEV;
432                         goto err;
433                 }
434                 usb_mark_last_busy(interface_to_usbdev(desc->intf));
435                 if (rv < 0) {
436                         rv = -ERESTARTSYS;
437                         goto err;
438                 }
439
440                 spin_lock_irq(&desc->iuspin);
441
442                 if (desc->rerr) { /* read completed, error happened */
443                         desc->rerr = 0;
444                         spin_unlock_irq(&desc->iuspin);
445                         rv = -EIO;
446                         goto err;
447                 }
448                 /*
449                  * recheck whether we've lost the race
450                  * against the completion handler
451                  */
452                 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
453                         spin_unlock_irq(&desc->iuspin);
454                         goto retry;
455                 }
456                 if (!desc->reslength) { /* zero length read */
457                         spin_unlock_irq(&desc->iuspin);
458                         goto retry;
459                 }
460                 clear_bit(WDM_READ, &desc->flags);
461                 cntr = desc->length;
462                 spin_unlock_irq(&desc->iuspin);
463         }
464
465         if (cntr > count)
466                 cntr = count;
467         rv = copy_to_user(buffer, desc->ubuf, cntr);
468         if (rv > 0) {
469                 rv = -EFAULT;
470                 goto err;
471         }
472
473         spin_lock_irq(&desc->iuspin);
474
475         for (i = 0; i < desc->length - cntr; i++)
476                 desc->ubuf[i] = desc->ubuf[i + cntr];
477
478         desc->length -= cntr;
479         /* in case we had outstanding data */
480         if (!desc->length)
481                 clear_bit(WDM_READ, &desc->flags);
482
483         spin_unlock_irq(&desc->iuspin);
484
485         rv = cntr;
486
487 err:
488         mutex_unlock(&desc->rlock);
489         return rv;
490 }
491
492 static int wdm_flush(struct file *file, fl_owner_t id)
493 {
494         struct wdm_device *desc = file->private_data;
495
496         wait_event(desc->wait, !test_bit(WDM_IN_USE, &desc->flags));
497         if (desc->werr < 0)
498                 dev_err(&desc->intf->dev, "Error in flush path: %d\n",
499                         desc->werr);
500
501         return desc->werr;
502 }
503
504 static unsigned int wdm_poll(struct file *file, struct poll_table_struct *wait)
505 {
506         struct wdm_device *desc = file->private_data;
507         unsigned long flags;
508         unsigned int mask = 0;
509
510         spin_lock_irqsave(&desc->iuspin, flags);
511         if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
512                 mask = POLLERR;
513                 spin_unlock_irqrestore(&desc->iuspin, flags);
514                 goto desc_out;
515         }
516         if (test_bit(WDM_READ, &desc->flags))
517                 mask = POLLIN | POLLRDNORM;
518         if (desc->rerr || desc->werr)
519                 mask |= POLLERR;
520         if (!test_bit(WDM_IN_USE, &desc->flags))
521                 mask |= POLLOUT | POLLWRNORM;
522         spin_unlock_irqrestore(&desc->iuspin, flags);
523
524         poll_wait(file, &desc->wait, wait);
525
526 desc_out:
527         return mask;
528 }
529
530 static int wdm_open(struct inode *inode, struct file *file)
531 {
532         int minor = iminor(inode);
533         int rv = -ENODEV;
534         struct usb_interface *intf;
535         struct wdm_device *desc;
536
537         mutex_lock(&wdm_mutex);
538         intf = usb_find_interface(&wdm_driver, minor);
539         if (!intf)
540                 goto out;
541
542         desc = usb_get_intfdata(intf);
543         if (test_bit(WDM_DISCONNECTING, &desc->flags))
544                 goto out;
545         file->private_data = desc;
546
547         rv = usb_autopm_get_interface(desc->intf);
548         if (rv < 0) {
549                 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
550                 goto out;
551         }
552         intf->needs_remote_wakeup = 1;
553
554         /* using write lock to protect desc->count */
555         mutex_lock(&desc->wlock);
556         if (!desc->count++) {
557                 desc->werr = 0;
558                 desc->rerr = 0;
559                 rv = usb_submit_urb(desc->validity, GFP_KERNEL);
560                 if (rv < 0) {
561                         desc->count--;
562                         dev_err(&desc->intf->dev,
563                                 "Error submitting int urb - %d\n", rv);
564                 }
565         } else {
566                 rv = 0;
567         }
568         mutex_unlock(&desc->wlock);
569         usb_autopm_put_interface(desc->intf);
570 out:
571         mutex_unlock(&wdm_mutex);
572         return rv;
573 }
574
575 static int wdm_release(struct inode *inode, struct file *file)
576 {
577         struct wdm_device *desc = file->private_data;
578
579         mutex_lock(&wdm_mutex);
580
581         /* using write lock to protect desc->count */
582         mutex_lock(&desc->wlock);
583         desc->count--;
584         mutex_unlock(&desc->wlock);
585
586         if (!desc->count) {
587                 dev_dbg(&desc->intf->dev, "wdm_release: cleanup");
588                 kill_urbs(desc);
589                 if (!test_bit(WDM_DISCONNECTING, &desc->flags))
590                         desc->intf->needs_remote_wakeup = 0;
591         }
592         mutex_unlock(&wdm_mutex);
593         return 0;
594 }
595
596 static const struct file_operations wdm_fops = {
597         .owner =        THIS_MODULE,
598         .read =         wdm_read,
599         .write =        wdm_write,
600         .open =         wdm_open,
601         .flush =        wdm_flush,
602         .release =      wdm_release,
603         .poll =         wdm_poll,
604         .llseek =       noop_llseek,
605 };
606
607 static struct usb_class_driver wdm_class = {
608         .name =         "cdc-wdm%d",
609         .fops =         &wdm_fops,
610         .minor_base =   WDM_MINOR_BASE,
611 };
612
613 /* --- error handling --- */
614 static void wdm_rxwork(struct work_struct *work)
615 {
616         struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
617         unsigned long flags;
618         int rv;
619
620         spin_lock_irqsave(&desc->iuspin, flags);
621         if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
622                 spin_unlock_irqrestore(&desc->iuspin, flags);
623         } else {
624                 spin_unlock_irqrestore(&desc->iuspin, flags);
625                 rv = usb_submit_urb(desc->response, GFP_KERNEL);
626                 if (rv < 0 && rv != -EPERM) {
627                         spin_lock_irqsave(&desc->iuspin, flags);
628                         if (!test_bit(WDM_DISCONNECTING, &desc->flags))
629                                 schedule_work(&desc->rxwork);
630                         spin_unlock_irqrestore(&desc->iuspin, flags);
631                 }
632         }
633 }
634
635 /* --- hotplug --- */
636
637 static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
638 {
639         int rv = -EINVAL;
640         struct usb_device *udev = interface_to_usbdev(intf);
641         struct wdm_device *desc;
642         struct usb_host_interface *iface;
643         struct usb_endpoint_descriptor *ep;
644         struct usb_cdc_dmm_desc *dmhd;
645         u8 *buffer = intf->altsetting->extra;
646         int buflen = intf->altsetting->extralen;
647         u16 maxcom = WDM_DEFAULT_BUFSIZE;
648
649         if (!buffer)
650                 goto out;
651
652         while (buflen > 2) {
653                 if (buffer [1] != USB_DT_CS_INTERFACE) {
654                         dev_err(&intf->dev, "skipping garbage\n");
655                         goto next_desc;
656                 }
657
658                 switch (buffer [2]) {
659                 case USB_CDC_HEADER_TYPE:
660                         break;
661                 case USB_CDC_DMM_TYPE:
662                         dmhd = (struct usb_cdc_dmm_desc *)buffer;
663                         maxcom = le16_to_cpu(dmhd->wMaxCommand);
664                         dev_dbg(&intf->dev,
665                                 "Finding maximum buffer length: %d", maxcom);
666                         break;
667                 default:
668                         dev_err(&intf->dev,
669                                 "Ignoring extra header, type %d, length %d\n",
670                                 buffer[2], buffer[0]);
671                         break;
672                 }
673 next_desc:
674                 buflen -= buffer[0];
675                 buffer += buffer[0];
676         }
677
678         rv = -ENOMEM;
679         desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
680         if (!desc)
681                 goto out;
682         mutex_init(&desc->rlock);
683         mutex_init(&desc->wlock);
684         spin_lock_init(&desc->iuspin);
685         init_waitqueue_head(&desc->wait);
686         desc->wMaxCommand = maxcom;
687         /* this will be expanded and needed in hardware endianness */
688         desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
689         desc->intf = intf;
690         INIT_WORK(&desc->rxwork, wdm_rxwork);
691
692         rv = -EINVAL;
693         iface = intf->cur_altsetting;
694         if (iface->desc.bNumEndpoints != 1)
695                 goto err;
696         ep = &iface->endpoint[0].desc;
697         if (!ep || !usb_endpoint_is_int_in(ep))
698                 goto err;
699
700         desc->wMaxPacketSize = usb_endpoint_maxp(ep);
701         desc->bMaxPacketSize0 = udev->descriptor.bMaxPacketSize0;
702
703         desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
704         if (!desc->orq)
705                 goto err;
706         desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
707         if (!desc->irq)
708                 goto err;
709
710         desc->validity = usb_alloc_urb(0, GFP_KERNEL);
711         if (!desc->validity)
712                 goto err;
713
714         desc->response = usb_alloc_urb(0, GFP_KERNEL);
715         if (!desc->response)
716                 goto err;
717
718         desc->command = usb_alloc_urb(0, GFP_KERNEL);
719         if (!desc->command)
720                 goto err;
721
722         desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
723         if (!desc->ubuf)
724                 goto err;
725
726         desc->sbuf = usb_alloc_coherent(interface_to_usbdev(intf),
727                                         desc->wMaxPacketSize,
728                                         GFP_KERNEL,
729                                         &desc->validity->transfer_dma);
730         if (!desc->sbuf)
731                 goto err;
732
733         desc->inbuf = usb_alloc_coherent(interface_to_usbdev(intf),
734                                          desc->wMaxCommand,
735                                          GFP_KERNEL,
736                                          &desc->response->transfer_dma);
737         if (!desc->inbuf)
738                 goto err2;
739
740         usb_fill_int_urb(
741                 desc->validity,
742                 interface_to_usbdev(intf),
743                 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
744                 desc->sbuf,
745                 desc->wMaxPacketSize,
746                 wdm_int_callback,
747                 desc,
748                 ep->bInterval
749         );
750         desc->validity->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
751
752         usb_set_intfdata(intf, desc);
753         rv = usb_register_dev(intf, &wdm_class);
754         if (rv < 0)
755                 goto err3;
756         else
757                 dev_info(&intf->dev, "cdc-wdm%d: USB WDM device\n",
758                         intf->minor - WDM_MINOR_BASE);
759 out:
760         return rv;
761 err3:
762         usb_set_intfdata(intf, NULL);
763         usb_free_coherent(interface_to_usbdev(desc->intf),
764                           desc->bMaxPacketSize0,
765                         desc->inbuf,
766                         desc->response->transfer_dma);
767 err2:
768         usb_free_coherent(interface_to_usbdev(desc->intf),
769                           desc->wMaxPacketSize,
770                           desc->sbuf,
771                           desc->validity->transfer_dma);
772 err:
773         free_urbs(desc);
774         kfree(desc->ubuf);
775         kfree(desc->orq);
776         kfree(desc->irq);
777         kfree(desc);
778         return rv;
779 }
780
781 static void wdm_disconnect(struct usb_interface *intf)
782 {
783         struct wdm_device *desc;
784         unsigned long flags;
785
786         usb_deregister_dev(intf, &wdm_class);
787         mutex_lock(&wdm_mutex);
788         desc = usb_get_intfdata(intf);
789
790         /* the spinlock makes sure no new urbs are generated in the callbacks */
791         spin_lock_irqsave(&desc->iuspin, flags);
792         set_bit(WDM_DISCONNECTING, &desc->flags);
793         set_bit(WDM_READ, &desc->flags);
794         /* to terminate pending flushes */
795         clear_bit(WDM_IN_USE, &desc->flags);
796         spin_unlock_irqrestore(&desc->iuspin, flags);
797         wake_up_all(&desc->wait);
798         mutex_lock(&desc->rlock);
799         mutex_lock(&desc->wlock);
800         kill_urbs(desc);
801         cancel_work_sync(&desc->rxwork);
802         mutex_unlock(&desc->wlock);
803         mutex_unlock(&desc->rlock);
804         if (!desc->count)
805                 cleanup(desc);
806         mutex_unlock(&wdm_mutex);
807 }
808
809 #ifdef CONFIG_PM
810 static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
811 {
812         struct wdm_device *desc = usb_get_intfdata(intf);
813         int rv = 0;
814
815         dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
816
817         /* if this is an autosuspend the caller does the locking */
818         if (!PMSG_IS_AUTO(message)) {
819                 mutex_lock(&desc->rlock);
820                 mutex_lock(&desc->wlock);
821         }
822         spin_lock_irq(&desc->iuspin);
823
824         if (PMSG_IS_AUTO(message) &&
825                         (test_bit(WDM_IN_USE, &desc->flags)
826                         || test_bit(WDM_RESPONDING, &desc->flags))) {
827                 spin_unlock_irq(&desc->iuspin);
828                 rv = -EBUSY;
829         } else {
830
831                 set_bit(WDM_SUSPENDING, &desc->flags);
832                 spin_unlock_irq(&desc->iuspin);
833                 /* callback submits work - order is essential */
834                 kill_urbs(desc);
835                 cancel_work_sync(&desc->rxwork);
836         }
837         if (!PMSG_IS_AUTO(message)) {
838                 mutex_unlock(&desc->wlock);
839                 mutex_unlock(&desc->rlock);
840         }
841
842         return rv;
843 }
844 #endif
845
846 static int recover_from_urb_loss(struct wdm_device *desc)
847 {
848         int rv = 0;
849
850         if (desc->count) {
851                 rv = usb_submit_urb(desc->validity, GFP_NOIO);
852                 if (rv < 0)
853                         dev_err(&desc->intf->dev,
854                                 "Error resume submitting int urb - %d\n", rv);
855         }
856         return rv;
857 }
858
859 #ifdef CONFIG_PM
860 static int wdm_resume(struct usb_interface *intf)
861 {
862         struct wdm_device *desc = usb_get_intfdata(intf);
863         int rv;
864
865         dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
866
867         clear_bit(WDM_SUSPENDING, &desc->flags);
868         rv = recover_from_urb_loss(desc);
869
870         return rv;
871 }
872 #endif
873
874 static int wdm_pre_reset(struct usb_interface *intf)
875 {
876         struct wdm_device *desc = usb_get_intfdata(intf);
877
878         mutex_lock(&desc->rlock);
879         mutex_lock(&desc->wlock);
880         kill_urbs(desc);
881
882         /*
883          * we notify everybody using poll of
884          * an exceptional situation
885          * must be done before recovery lest a spontaneous
886          * message from the device is lost
887          */
888         spin_lock_irq(&desc->iuspin);
889         desc->rerr = -EINTR;
890         spin_unlock_irq(&desc->iuspin);
891         wake_up_all(&desc->wait);
892         return 0;
893 }
894
895 static int wdm_post_reset(struct usb_interface *intf)
896 {
897         struct wdm_device *desc = usb_get_intfdata(intf);
898         int rv;
899
900         rv = recover_from_urb_loss(desc);
901         mutex_unlock(&desc->wlock);
902         mutex_unlock(&desc->rlock);
903         return 0;
904 }
905
906 static struct usb_driver wdm_driver = {
907         .name =         "cdc_wdm",
908         .probe =        wdm_probe,
909         .disconnect =   wdm_disconnect,
910 #ifdef CONFIG_PM
911         .suspend =      wdm_suspend,
912         .resume =       wdm_resume,
913         .reset_resume = wdm_resume,
914 #endif
915         .pre_reset =    wdm_pre_reset,
916         .post_reset =   wdm_post_reset,
917         .id_table =     wdm_ids,
918         .supports_autosuspend = 1,
919 };
920
921 /* --- low level module stuff --- */
922
923 static int __init wdm_init(void)
924 {
925         int rv;
926
927         rv = usb_register(&wdm_driver);
928
929         return rv;
930 }
931
932 static void __exit wdm_exit(void)
933 {
934         usb_deregister(&wdm_driver);
935 }
936
937 module_init(wdm_init);
938 module_exit(wdm_exit);
939
940 MODULE_AUTHOR(DRIVER_AUTHOR);
941 MODULE_DESCRIPTION(DRIVER_DESC);
942 MODULE_LICENSE("GPL");