1 /* $NetBSD: usbdi.c,v 1.253 2024/04/05 18:57:10 riastradh Exp $ */
2
3 /*
4 * Copyright (c) 1998, 2012, 2015 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Lennart Augustsson (lennart@augustsson.net) at
9 * Carlstedt Research & Technology, Matthew R. Green (mrg@eterna23.net),
10 * and Nick Hudson.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
25 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 #include <sys/cdefs.h>
35 __KERNEL_RCSID(0, "$NetBSD: usbdi.c,v 1.253 2024/04/05 18:57:10 riastradh Exp $");
36
37 #ifdef _KERNEL_OPT
38 #include "opt_usb.h"
39 #include "opt_compat_netbsd.h"
40 #include "usb_dma.h"
41 #endif
42
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/kernel.h>
46 #include <sys/device.h>
47 #include <sys/kmem.h>
48 #include <sys/proc.h>
49 #include <sys/bus.h>
50 #include <sys/cpu.h>
51
52 #include <dev/usb/usb.h>
53 #include <dev/usb/usbdi.h>
54 #include <dev/usb/usbdi_util.h>
55 #include <dev/usb/usbdivar.h>
56 #include <dev/usb/usb_mem.h>
57 #include <dev/usb/usb_quirks.h>
58 #include <dev/usb/usb_sdt.h>
59 #include <dev/usb/usbhist.h>
60
61 /* UTF-8 encoding stuff */
62 #include <fs/unicode.h>
63
64 SDT_PROBE_DEFINE5(usb, device, pipe, open,
65 "struct usbd_interface *"/*iface*/,
66 "uint8_t"/*address*/,
67 "uint8_t"/*flags*/,
68 "int"/*ival*/,
69 "struct usbd_pipe *"/*pipe*/);
70
71 SDT_PROBE_DEFINE7(usb, device, pipe, open__intr,
72 "struct usbd_interface *"/*iface*/,
73 "uint8_t"/*address*/,
74 "uint8_t"/*flags*/,
75 "int"/*ival*/,
76 "usbd_callback"/*cb*/,
77 "void *"/*cookie*/,
78 "struct usbd_pipe *"/*pipe*/);
79
80 SDT_PROBE_DEFINE2(usb, device, pipe, transfer__start,
81 "struct usbd_pipe *"/*pipe*/,
82 "struct usbd_xfer *"/*xfer*/);
83 SDT_PROBE_DEFINE3(usb, device, pipe, transfer__done,
84 "struct usbd_pipe *"/*pipe*/,
85 "struct usbd_xfer *"/*xfer*/,
86 "usbd_status"/*err*/);
87 SDT_PROBE_DEFINE2(usb, device, pipe, start,
88 "struct usbd_pipe *"/*pipe*/,
89 "struct usbd_xfer *"/*xfer*/);
90
91 SDT_PROBE_DEFINE1(usb, device, pipe, close, "struct usbd_pipe *"/*pipe*/);
92 SDT_PROBE_DEFINE1(usb, device, pipe, abort__start,
93 "struct usbd_pipe *"/*pipe*/);
94 SDT_PROBE_DEFINE1(usb, device, pipe, abort__done,
95 "struct usbd_pipe *"/*pipe*/);
96 SDT_PROBE_DEFINE1(usb, device, pipe, clear__endpoint__stall,
97 "struct usbd_pipe *"/*pipe*/);
98 SDT_PROBE_DEFINE1(usb, device, pipe, clear__endpoint__toggle,
99 "struct usbd_pipe *"/*pipe*/);
100
101 SDT_PROBE_DEFINE5(usb, device, xfer, create,
102 "struct usbd_xfer *"/*xfer*/,
103 "struct usbd_pipe *"/*pipe*/,
104 "size_t"/*len*/,
105 "unsigned int"/*flags*/,
106 "unsigned int"/*nframes*/);
107 SDT_PROBE_DEFINE1(usb, device, xfer, start, "struct usbd_xfer *"/*xfer*/);
108 SDT_PROBE_DEFINE1(usb, device, xfer, preabort, "struct usbd_xfer *"/*xfer*/);
109 SDT_PROBE_DEFINE1(usb, device, xfer, abort, "struct usbd_xfer *"/*xfer*/);
110 SDT_PROBE_DEFINE1(usb, device, xfer, timeout, "struct usbd_xfer *"/*xfer*/);
111 SDT_PROBE_DEFINE2(usb, device, xfer, done,
112 "struct usbd_xfer *"/*xfer*/,
113 "usbd_status"/*status*/);
114 SDT_PROBE_DEFINE1(usb, device, xfer, destroy, "struct usbd_xfer *"/*xfer*/);
115
116 SDT_PROBE_DEFINE5(usb, device, request, start,
117 "struct usbd_device *"/*dev*/,
118 "usb_device_request_t *"/*req*/,
119 "size_t"/*len*/,
120 "int"/*flags*/,
121 "uint32_t"/*timeout*/);
122
123 SDT_PROBE_DEFINE7(usb, device, request, done,
124 "struct usbd_device *"/*dev*/,
125 "usb_device_request_t *"/*req*/,
126 "size_t"/*actlen*/,
127 "int"/*flags*/,
128 "uint32_t"/*timeout*/,
129 "void *"/*data*/,
130 "usbd_status"/*status*/);
131
132 Static void usbd_ar_pipe(struct usbd_pipe *);
133 Static void usbd_start_next(struct usbd_pipe *);
134 Static usbd_status usbd_open_pipe_ival
135 (struct usbd_interface *, uint8_t, uint8_t, struct usbd_pipe **, int);
136 static void *usbd_alloc_buffer(struct usbd_xfer *, uint32_t);
137 static void usbd_free_buffer(struct usbd_xfer *);
138 static struct usbd_xfer *usbd_alloc_xfer(struct usbd_device *, unsigned int);
139 static void usbd_free_xfer(struct usbd_xfer *);
140 static void usbd_xfer_timeout(void *);
141 static void usbd_xfer_timeout_task(void *);
142 static bool usbd_xfer_probe_timeout(struct usbd_xfer *);
143 static void usbd_xfer_cancel_timeout_async(struct usbd_xfer *);
144
145 #if defined(USB_DEBUG)
146 void
usbd_dump_iface(struct usbd_interface * iface)147 usbd_dump_iface(struct usbd_interface *iface)
148 {
149 USBHIST_FUNC();
150 USBHIST_CALLARGS(usbdebug, "iface %#jx", (uintptr_t)iface, 0, 0, 0);
151
152 if (iface == NULL)
153 return;
154 USBHIST_LOG(usbdebug, " device = %#jx idesc = %#jx index = %jd",
155 (uintptr_t)iface->ui_dev, (uintptr_t)iface->ui_idesc,
156 iface->ui_index, 0);
157 USBHIST_LOG(usbdebug, " altindex=%jd",
158 iface->ui_altindex, 0, 0, 0);
159 }
160
161 void
usbd_dump_device(struct usbd_device * dev)162 usbd_dump_device(struct usbd_device *dev)
163 {
164 USBHIST_FUNC();
165 USBHIST_CALLARGS(usbdebug, "dev = %#jx", (uintptr_t)dev, 0, 0, 0);
166
167 if (dev == NULL)
168 return;
169 USBHIST_LOG(usbdebug, " bus = %#jx default_pipe = %#jx",
170 (uintptr_t)dev->ud_bus, (uintptr_t)dev->ud_pipe0, 0, 0);
171 USBHIST_LOG(usbdebug, " address = %jd config = %jd depth = %jd ",
172 dev->ud_addr, dev->ud_config, dev->ud_depth, 0);
173 USBHIST_LOG(usbdebug, " speed = %jd self_powered = %jd "
174 "power = %jd langid = %jd",
175 dev->ud_speed, dev->ud_selfpowered, dev->ud_power, dev->ud_langid);
176 }
177
178 void
usbd_dump_endpoint(struct usbd_endpoint * endp)179 usbd_dump_endpoint(struct usbd_endpoint *endp)
180 {
181 USBHIST_FUNC();
182 USBHIST_CALLARGS(usbdebug, "endp = %#jx", (uintptr_t)endp, 0, 0, 0);
183
184 if (endp == NULL)
185 return;
186 USBHIST_LOG(usbdebug, " edesc = %#jx refcnt = %jd",
187 (uintptr_t)endp->ue_edesc, endp->ue_refcnt, 0, 0);
188 if (endp->ue_edesc)
189 USBHIST_LOG(usbdebug, " bEndpointAddress=0x%02jx",
190 endp->ue_edesc->bEndpointAddress, 0, 0, 0);
191 }
192
193 void
usbd_dump_queue(struct usbd_pipe * pipe)194 usbd_dump_queue(struct usbd_pipe *pipe)
195 {
196 struct usbd_xfer *xfer;
197
198 USBHIST_FUNC();
199 USBHIST_CALLARGS(usbdebug, "pipe = %#jx", (uintptr_t)pipe, 0, 0, 0);
200
201 SIMPLEQ_FOREACH(xfer, &pipe->up_queue, ux_next) {
202 USBHIST_LOG(usbdebug, " xfer = %#jx", (uintptr_t)xfer,
203 0, 0, 0);
204 }
205 }
206
207 void
usbd_dump_pipe(struct usbd_pipe * pipe)208 usbd_dump_pipe(struct usbd_pipe *pipe)
209 {
210 USBHIST_FUNC();
211 USBHIST_CALLARGS(usbdebug, "pipe = %#jx", (uintptr_t)pipe, 0, 0, 0);
212
213 if (pipe == NULL)
214 return;
215 usbd_dump_iface(pipe->up_iface);
216 usbd_dump_device(pipe->up_dev);
217 usbd_dump_endpoint(pipe->up_endpoint);
218 USBHIST_LOG(usbdebug, "(usbd_dump_pipe)", 0, 0, 0, 0);
219 USBHIST_LOG(usbdebug, " running = %jd aborting = %jd",
220 pipe->up_running, pipe->up_aborting, 0, 0);
221 USBHIST_LOG(usbdebug, " intrxfer = %#jx, repeat = %jd, "
222 "interval = %jd", (uintptr_t)pipe->up_intrxfer, pipe->up_repeat,
223 pipe->up_interval, 0);
224 }
225 #endif
226
227 usbd_status
usbd_open_pipe(struct usbd_interface * iface,uint8_t address,uint8_t flags,struct usbd_pipe ** pipe)228 usbd_open_pipe(struct usbd_interface *iface, uint8_t address,
229 uint8_t flags, struct usbd_pipe **pipe)
230 {
231 return (usbd_open_pipe_ival(iface, address, flags, pipe,
232 USBD_DEFAULT_INTERVAL));
233 }
234
235 usbd_status
usbd_open_pipe_ival(struct usbd_interface * iface,uint8_t address,uint8_t flags,struct usbd_pipe ** pipe,int ival)236 usbd_open_pipe_ival(struct usbd_interface *iface, uint8_t address,
237 uint8_t flags, struct usbd_pipe **pipe, int ival)
238 {
239 struct usbd_pipe *p = NULL;
240 struct usbd_endpoint *ep = NULL /* XXXGCC */;
241 bool piperef = false;
242 usbd_status err;
243 int i;
244
245 USBHIST_FUNC();
246 USBHIST_CALLARGS(usbdebug, "iface = %#jx address = %#jx flags = %#jx",
247 (uintptr_t)iface, address, flags, 0);
248
249 /*
250 * Block usbd_set_interface so we have a snapshot of the
251 * interface endpoints. They will remain stable until we drop
252 * the reference in usbd_close_pipe (or on failure here).
253 */
254 err = usbd_iface_piperef(iface);
255 if (err)
256 goto out;
257 piperef = true;
258
259 /* Find the endpoint at this address. */
260 for (i = 0; i < iface->ui_idesc->bNumEndpoints; i++) {
261 ep = &iface->ui_endpoints[i];
262 if (ep->ue_edesc == NULL) {
263 err = USBD_IOERROR;
264 goto out;
265 }
266 if (ep->ue_edesc->bEndpointAddress == address)
267 break;
268 }
269 if (i == iface->ui_idesc->bNumEndpoints) {
270 err = USBD_BAD_ADDRESS;
271 goto out;
272 }
273
274 /* Set up the pipe with this endpoint. */
275 err = usbd_setup_pipe_flags(iface->ui_dev, iface, ep, ival, &p, flags);
276 if (err)
277 goto out;
278
279 /* Success! */
280 *pipe = p;
281 p = NULL; /* handed off to caller */
282 piperef = false; /* handed off to pipe */
283 SDT_PROBE5(usb, device, pipe, open,
284 iface, address, flags, ival, p);
285 err = USBD_NORMAL_COMPLETION;
286
287 out: if (p)
288 usbd_close_pipe(p);
289 if (piperef)
290 usbd_iface_pipeunref(iface);
291 return err;
292 }
293
294 usbd_status
usbd_open_pipe_intr(struct usbd_interface * iface,uint8_t address,uint8_t flags,struct usbd_pipe ** pipe,void * priv,void * buffer,uint32_t len,usbd_callback cb,int ival)295 usbd_open_pipe_intr(struct usbd_interface *iface, uint8_t address,
296 uint8_t flags, struct usbd_pipe **pipe,
297 void *priv, void *buffer, uint32_t len,
298 usbd_callback cb, int ival)
299 {
300 usbd_status err;
301 struct usbd_xfer *xfer;
302 struct usbd_pipe *ipipe;
303
304 USBHIST_FUNC();
305 USBHIST_CALLARGS(usbdebug, "address = %#jx flags = %#jx len = %jd",
306 address, flags, len, 0);
307
308 err = usbd_open_pipe_ival(iface, address,
309 USBD_EXCLUSIVE_USE | (flags & USBD_MPSAFE),
310 &ipipe, ival);
311 if (err)
312 return err;
313 err = usbd_create_xfer(ipipe, len, flags, 0, &xfer);
314 if (err)
315 goto bad1;
316
317 usbd_setup_xfer(xfer, priv, buffer, len, flags, USBD_NO_TIMEOUT, cb);
318 ipipe->up_intrxfer = xfer;
319 ipipe->up_repeat = 1;
320 err = usbd_transfer(xfer);
321 *pipe = ipipe;
322 if (err != USBD_IN_PROGRESS)
323 goto bad3;
324 SDT_PROBE7(usb, device, pipe, open__intr,
325 iface, address, flags, ival, cb, priv, ipipe);
326 return USBD_NORMAL_COMPLETION;
327
328 bad3:
329 ipipe->up_intrxfer = NULL;
330 ipipe->up_repeat = 0;
331
332 usbd_destroy_xfer(xfer);
333 bad1:
334 usbd_close_pipe(ipipe);
335 return err;
336 }
337
338 void
usbd_close_pipe(struct usbd_pipe * pipe)339 usbd_close_pipe(struct usbd_pipe *pipe)
340 {
341 USBHIST_FUNC(); USBHIST_CALLED(usbdebug);
342
343 KASSERT(pipe != NULL);
344
345 usbd_lock_pipe(pipe);
346 SDT_PROBE1(usb, device, pipe, close, pipe);
347 if (!SIMPLEQ_EMPTY(&pipe->up_queue)) {
348 printf("WARNING: pipe closed with active xfers on addr %d\n",
349 pipe->up_dev->ud_addr);
350 usbd_ar_pipe(pipe);
351 }
352 KASSERT(SIMPLEQ_EMPTY(&pipe->up_queue));
353 pipe->up_methods->upm_close(pipe);
354 usbd_unlock_pipe(pipe);
355
356 cv_destroy(&pipe->up_callingcv);
357 if (pipe->up_intrxfer)
358 usbd_destroy_xfer(pipe->up_intrxfer);
359 usb_rem_task_wait(pipe->up_dev, &pipe->up_async_task, USB_TASKQ_DRIVER,
360 NULL);
361 usbd_endpoint_release(pipe->up_dev, pipe->up_endpoint);
362 if (pipe->up_iface)
363 usbd_iface_pipeunref(pipe->up_iface);
364 kmem_free(pipe, pipe->up_dev->ud_bus->ub_pipesize);
365 }
366
367 usbd_status
usbd_transfer(struct usbd_xfer * xfer)368 usbd_transfer(struct usbd_xfer *xfer)
369 {
370 struct usbd_pipe *pipe = xfer->ux_pipe;
371 usbd_status err;
372 unsigned int size, flags;
373
374 USBHIST_FUNC(); USBHIST_CALLARGS(usbdebug,
375 "xfer = %#jx, flags = %#jx, pipe = %#jx, running = %jd",
376 (uintptr_t)xfer, xfer->ux_flags, (uintptr_t)pipe, pipe->up_running);
377 KASSERT(xfer->ux_status == USBD_NOT_STARTED);
378 SDT_PROBE1(usb, device, xfer, start, xfer);
379
380 #ifdef USB_DEBUG
381 if (usbdebug > 5)
382 usbd_dump_queue(pipe);
383 #endif
384 xfer->ux_done = 0;
385
386 KASSERT(xfer->ux_length == 0 || xfer->ux_buf != NULL);
387
388 size = xfer->ux_length;
389 flags = xfer->ux_flags;
390
391 if (size != 0) {
392 /*
393 * Use the xfer buffer if none specified in transfer setup.
394 * isoc transfers always use the xfer buffer, i.e.
395 * ux_buffer is always NULL for isoc.
396 */
397 if (xfer->ux_buffer == NULL) {
398 xfer->ux_buffer = xfer->ux_buf;
399 }
400
401 /*
402 * If not using the xfer buffer copy data to the
403 * xfer buffer for OUT transfers of >0 length
404 */
405 if (xfer->ux_buffer != xfer->ux_buf) {
406 KASSERT(xfer->ux_buf);
407 if (!usbd_xfer_isread(xfer)) {
408 memcpy(xfer->ux_buf, xfer->ux_buffer, size);
409 }
410 }
411 }
412
413 if (pipe->up_dev->ud_bus->ub_usepolling == 0)
414 usbd_lock_pipe(pipe);
415 if (pipe->up_aborting) {
416 /*
417 * XXX For synchronous transfers this is fine. What to
418 * do for asynchronous transfers? The callback is
419 * never run, not even with status USBD_CANCELLED.
420 */
421 KASSERT(pipe->up_dev->ud_bus->ub_usepolling == 0);
422 usbd_unlock_pipe(pipe);
423 USBHIST_LOG(usbdebug, "<- done xfer %#jx, aborting",
424 (uintptr_t)xfer, 0, 0, 0);
425 SDT_PROBE2(usb, device, xfer, done, xfer, USBD_CANCELLED);
426 return USBD_CANCELLED;
427 }
428
429 /* xfer is not valid after the transfer method unless synchronous */
430 SDT_PROBE2(usb, device, pipe, transfer__start, pipe, xfer);
431 do {
432 #ifdef DIAGNOSTIC
433 xfer->ux_state = XFER_ONQU;
434 #endif
435 SIMPLEQ_INSERT_TAIL(&pipe->up_queue, xfer, ux_next);
436 if (pipe->up_running && pipe->up_serialise) {
437 err = USBD_IN_PROGRESS;
438 } else {
439 pipe->up_running = 1;
440 err = USBD_NORMAL_COMPLETION;
441 }
442 if (err)
443 break;
444 err = pipe->up_methods->upm_transfer(xfer);
445 } while (0);
446 SDT_PROBE3(usb, device, pipe, transfer__done, pipe, xfer, err);
447
448 if (pipe->up_dev->ud_bus->ub_usepolling == 0)
449 usbd_unlock_pipe(pipe);
450
451 if (err != USBD_IN_PROGRESS && err) {
452 /*
453 * The transfer made it onto the pipe queue, but didn't get
454 * accepted by the HCD for some reason. It needs removing
455 * from the pipe queue.
456 */
457 USBHIST_LOG(usbdebug, "xfer failed: %jd, reinserting",
458 err, 0, 0, 0);
459 if (pipe->up_dev->ud_bus->ub_usepolling == 0)
460 usbd_lock_pipe(pipe);
461 SDT_PROBE1(usb, device, xfer, preabort, xfer);
462 #ifdef DIAGNOSTIC
463 xfer->ux_state = XFER_BUSY;
464 #endif
465 SIMPLEQ_REMOVE_HEAD(&pipe->up_queue, ux_next);
466 if (pipe->up_serialise)
467 usbd_start_next(pipe);
468 if (pipe->up_dev->ud_bus->ub_usepolling == 0)
469 usbd_unlock_pipe(pipe);
470 }
471
472 if (!(flags & USBD_SYNCHRONOUS)) {
473 USBHIST_LOG(usbdebug, "<- done xfer %#jx, not sync (err %jd)",
474 (uintptr_t)xfer, err, 0, 0);
475 KASSERTMSG(err != USBD_NORMAL_COMPLETION,
476 "asynchronous xfer %p completed synchronously", xfer);
477 return err;
478 }
479
480 if (err != USBD_IN_PROGRESS) {
481 USBHIST_LOG(usbdebug, "<- done xfer %#jx, sync (err %jd)",
482 (uintptr_t)xfer, err, 0, 0);
483 SDT_PROBE2(usb, device, xfer, done, xfer, err);
484 return err;
485 }
486
487 /* Sync transfer, wait for completion. */
488 if (pipe->up_dev->ud_bus->ub_usepolling == 0)
489 usbd_lock_pipe(pipe);
490 while (!xfer->ux_done) {
491 if (pipe->up_dev->ud_bus->ub_usepolling)
492 panic("usbd_transfer: not done");
493 USBHIST_LOG(usbdebug, "<- sleeping on xfer %#jx",
494 (uintptr_t)xfer, 0, 0, 0);
495
496 err = 0;
497 if ((flags & USBD_SYNCHRONOUS_SIG) != 0) {
498 err = cv_wait_sig(&xfer->ux_cv, pipe->up_dev->ud_bus->ub_lock);
499 } else {
500 cv_wait(&xfer->ux_cv, pipe->up_dev->ud_bus->ub_lock);
501 }
502 if (err) {
503 if (!xfer->ux_done) {
504 SDT_PROBE1(usb, device, xfer, abort, xfer);
505 pipe->up_methods->upm_abort(xfer);
506 }
507 break;
508 }
509 }
510 err = xfer->ux_status;
511 SDT_PROBE2(usb, device, xfer, done, xfer, err);
512 if (pipe->up_dev->ud_bus->ub_usepolling == 0)
513 usbd_unlock_pipe(pipe);
514 return err;
515 }
516
517 /* Like usbd_transfer(), but waits for completion. */
518 usbd_status
usbd_sync_transfer(struct usbd_xfer * xfer)519 usbd_sync_transfer(struct usbd_xfer *xfer)
520 {
521 xfer->ux_flags |= USBD_SYNCHRONOUS;
522 return usbd_transfer(xfer);
523 }
524
525 /* Like usbd_transfer(), but waits for completion and listens for signals. */
526 usbd_status
usbd_sync_transfer_sig(struct usbd_xfer * xfer)527 usbd_sync_transfer_sig(struct usbd_xfer *xfer)
528 {
529 xfer->ux_flags |= USBD_SYNCHRONOUS | USBD_SYNCHRONOUS_SIG;
530 return usbd_transfer(xfer);
531 }
532
533 static void *
usbd_alloc_buffer(struct usbd_xfer * xfer,uint32_t size)534 usbd_alloc_buffer(struct usbd_xfer *xfer, uint32_t size)
535 {
536 KASSERT(xfer->ux_buf == NULL);
537 KASSERT(size != 0);
538
539 xfer->ux_bufsize = 0;
540 #if NUSB_DMA > 0
541 struct usbd_bus *bus = xfer->ux_bus;
542
543 if (bus->ub_usedma) {
544 usb_dma_t *dmap = &xfer->ux_dmabuf;
545
546 KASSERT((bus->ub_dmaflags & USBMALLOC_COHERENT) == 0);
547 int err = usb_allocmem(bus->ub_dmatag, size, 0, bus->ub_dmaflags, dmap);
548 if (err) {
549 return NULL;
550 }
551 xfer->ux_buf = KERNADDR(&xfer->ux_dmabuf, 0);
552 xfer->ux_bufsize = size;
553
554 return xfer->ux_buf;
555 }
556 #endif
557 KASSERT(xfer->ux_bus->ub_usedma == false);
558 xfer->ux_buf = kmem_alloc(size, KM_SLEEP);
559 xfer->ux_bufsize = size;
560 return xfer->ux_buf;
561 }
562
563 static void
usbd_free_buffer(struct usbd_xfer * xfer)564 usbd_free_buffer(struct usbd_xfer *xfer)
565 {
566 KASSERT(xfer->ux_buf != NULL);
567 KASSERT(xfer->ux_bufsize != 0);
568
569 void *buf = xfer->ux_buf;
570 uint32_t size = xfer->ux_bufsize;
571
572 xfer->ux_buf = NULL;
573 xfer->ux_bufsize = 0;
574
575 #if NUSB_DMA > 0
576 struct usbd_bus *bus = xfer->ux_bus;
577
578 if (bus->ub_usedma) {
579 usb_dma_t *dmap = &xfer->ux_dmabuf;
580
581 usb_freemem(dmap);
582 return;
583 }
584 #endif
585 KASSERT(xfer->ux_bus->ub_usedma == false);
586
587 kmem_free(buf, size);
588 }
589
590 void *
usbd_get_buffer(struct usbd_xfer * xfer)591 usbd_get_buffer(struct usbd_xfer *xfer)
592 {
593 return xfer->ux_buf;
594 }
595
596 struct usbd_pipe *
usbd_get_pipe0(struct usbd_device * dev)597 usbd_get_pipe0(struct usbd_device *dev)
598 {
599
600 return dev->ud_pipe0;
601 }
602
603 static struct usbd_xfer *
usbd_alloc_xfer(struct usbd_device * dev,unsigned int nframes)604 usbd_alloc_xfer(struct usbd_device *dev, unsigned int nframes)
605 {
606 struct usbd_xfer *xfer;
607
608 USBHIST_FUNC();
609
610 ASSERT_SLEEPABLE();
611
612 xfer = dev->ud_bus->ub_methods->ubm_allocx(dev->ud_bus, nframes);
613 if (xfer == NULL)
614 goto out;
615 xfer->ux_bus = dev->ud_bus;
616 callout_init(&xfer->ux_callout, CALLOUT_MPSAFE);
617 callout_setfunc(&xfer->ux_callout, usbd_xfer_timeout, xfer);
618 cv_init(&xfer->ux_cv, "usbxfer");
619 usb_init_task(&xfer->ux_aborttask, usbd_xfer_timeout_task, xfer,
620 USB_TASKQ_MPSAFE);
621
622 out:
623 USBHIST_CALLARGS(usbdebug, "returns %#jx", (uintptr_t)xfer, 0, 0, 0);
624
625 return xfer;
626 }
627
628 static void
usbd_free_xfer(struct usbd_xfer * xfer)629 usbd_free_xfer(struct usbd_xfer *xfer)
630 {
631 USBHIST_FUNC();
632 USBHIST_CALLARGS(usbdebug, "%#jx", (uintptr_t)xfer, 0, 0, 0);
633
634 if (xfer->ux_buf) {
635 usbd_free_buffer(xfer);
636 }
637
638 /* Wait for any straggling timeout to complete. */
639 mutex_enter(xfer->ux_bus->ub_lock);
640 xfer->ux_timeout_reset = false; /* do not resuscitate */
641 callout_halt(&xfer->ux_callout, xfer->ux_bus->ub_lock);
642 usb_rem_task_wait(xfer->ux_pipe->up_dev, &xfer->ux_aborttask,
643 USB_TASKQ_HC, xfer->ux_bus->ub_lock);
644 mutex_exit(xfer->ux_bus->ub_lock);
645
646 cv_destroy(&xfer->ux_cv);
647 xfer->ux_bus->ub_methods->ubm_freex(xfer->ux_bus, xfer);
648 }
649
650 int
usbd_create_xfer(struct usbd_pipe * pipe,size_t len,unsigned int flags,unsigned int nframes,struct usbd_xfer ** xp)651 usbd_create_xfer(struct usbd_pipe *pipe, size_t len, unsigned int flags,
652 unsigned int nframes, struct usbd_xfer **xp)
653 {
654 KASSERT(xp != NULL);
655 void *buf = NULL;
656
657 struct usbd_xfer *xfer = usbd_alloc_xfer(pipe->up_dev, nframes);
658 if (xfer == NULL)
659 return ENOMEM;
660
661 xfer->ux_pipe = pipe;
662 xfer->ux_flags = flags;
663 xfer->ux_nframes = nframes;
664 xfer->ux_methods = pipe->up_methods;
665
666 if (len) {
667 buf = usbd_alloc_buffer(xfer, len);
668 if (!buf) {
669 usbd_free_xfer(xfer);
670 return ENOMEM;
671 }
672 }
673
674 if (xfer->ux_methods->upm_init) {
675 int err = xfer->ux_methods->upm_init(xfer);
676 if (err) {
677 usbd_free_xfer(xfer);
678 return err;
679 }
680 }
681
682 *xp = xfer;
683 SDT_PROBE5(usb, device, xfer, create,
684 xfer, pipe, len, flags, nframes);
685 return 0;
686 }
687
688 void
usbd_destroy_xfer(struct usbd_xfer * xfer)689 usbd_destroy_xfer(struct usbd_xfer *xfer)
690 {
691
692 SDT_PROBE1(usb, device, xfer, destroy, xfer);
693 if (xfer->ux_methods->upm_fini)
694 xfer->ux_methods->upm_fini(xfer);
695
696 usbd_free_xfer(xfer);
697 }
698
699 void
usbd_setup_xfer(struct usbd_xfer * xfer,void * priv,void * buffer,uint32_t length,uint16_t flags,uint32_t timeout,usbd_callback callback)700 usbd_setup_xfer(struct usbd_xfer *xfer, void *priv, void *buffer,
701 uint32_t length, uint16_t flags, uint32_t timeout, usbd_callback callback)
702 {
703 KASSERT(xfer->ux_pipe);
704
705 xfer->ux_priv = priv;
706 xfer->ux_buffer = buffer;
707 xfer->ux_length = length;
708 xfer->ux_actlen = 0;
709 xfer->ux_flags = flags;
710 xfer->ux_timeout = timeout;
711 xfer->ux_status = USBD_NOT_STARTED;
712 xfer->ux_callback = callback;
713 xfer->ux_rqflags &= ~URQ_REQUEST;
714 xfer->ux_nframes = 0;
715 }
716
717 void
usbd_setup_default_xfer(struct usbd_xfer * xfer,struct usbd_device * dev,void * priv,uint32_t timeout,usb_device_request_t * req,void * buffer,uint32_t length,uint16_t flags,usbd_callback callback)718 usbd_setup_default_xfer(struct usbd_xfer *xfer, struct usbd_device *dev,
719 void *priv, uint32_t timeout, usb_device_request_t *req, void *buffer,
720 uint32_t length, uint16_t flags, usbd_callback callback)
721 {
722 KASSERT(xfer->ux_pipe == dev->ud_pipe0);
723
724 xfer->ux_priv = priv;
725 xfer->ux_buffer = buffer;
726 xfer->ux_length = length;
727 xfer->ux_actlen = 0;
728 xfer->ux_flags = flags;
729 xfer->ux_timeout = timeout;
730 xfer->ux_status = USBD_NOT_STARTED;
731 xfer->ux_callback = callback;
732 xfer->ux_request = *req;
733 xfer->ux_rqflags |= URQ_REQUEST;
734 xfer->ux_nframes = 0;
735 }
736
737 void
usbd_setup_isoc_xfer(struct usbd_xfer * xfer,void * priv,uint16_t * frlengths,uint32_t nframes,uint16_t flags,usbd_callback callback)738 usbd_setup_isoc_xfer(struct usbd_xfer *xfer, void *priv, uint16_t *frlengths,
739 uint32_t nframes, uint16_t flags, usbd_callback callback)
740 {
741 xfer->ux_priv = priv;
742 xfer->ux_buffer = NULL;
743 xfer->ux_length = 0;
744 xfer->ux_actlen = 0;
745 xfer->ux_flags = flags;
746 xfer->ux_timeout = USBD_NO_TIMEOUT;
747 xfer->ux_status = USBD_NOT_STARTED;
748 xfer->ux_callback = callback;
749 xfer->ux_rqflags &= ~URQ_REQUEST;
750 xfer->ux_frlengths = frlengths;
751 xfer->ux_nframes = nframes;
752
753 for (size_t i = 0; i < xfer->ux_nframes; i++)
754 xfer->ux_length += xfer->ux_frlengths[i];
755 }
756
757 void
usbd_get_xfer_status(struct usbd_xfer * xfer,void ** priv,void ** buffer,uint32_t * count,usbd_status * status)758 usbd_get_xfer_status(struct usbd_xfer *xfer, void **priv,
759 void **buffer, uint32_t *count, usbd_status *status)
760 {
761 if (priv != NULL)
762 *priv = xfer->ux_priv;
763 if (buffer != NULL)
764 *buffer = xfer->ux_buffer;
765 if (count != NULL)
766 *count = xfer->ux_actlen;
767 if (status != NULL)
768 *status = xfer->ux_status;
769 }
770
771 usb_config_descriptor_t *
usbd_get_config_descriptor(struct usbd_device * dev)772 usbd_get_config_descriptor(struct usbd_device *dev)
773 {
774 KASSERT(dev != NULL);
775
776 return dev->ud_cdesc;
777 }
778
779 usb_interface_descriptor_t *
usbd_get_interface_descriptor(struct usbd_interface * iface)780 usbd_get_interface_descriptor(struct usbd_interface *iface)
781 {
782 KASSERT(iface != NULL);
783
784 return iface->ui_idesc;
785 }
786
787 usb_device_descriptor_t *
usbd_get_device_descriptor(struct usbd_device * dev)788 usbd_get_device_descriptor(struct usbd_device *dev)
789 {
790 KASSERT(dev != NULL);
791
792 return &dev->ud_ddesc;
793 }
794
795 usb_endpoint_descriptor_t *
usbd_interface2endpoint_descriptor(struct usbd_interface * iface,uint8_t index)796 usbd_interface2endpoint_descriptor(struct usbd_interface *iface, uint8_t index)
797 {
798
799 if (index >= iface->ui_idesc->bNumEndpoints)
800 return NULL;
801 return iface->ui_endpoints[index].ue_edesc;
802 }
803
804 /* Some drivers may wish to abort requests on the default pipe, *
805 * but there is no mechanism for getting a handle on it. */
806 void
usbd_abort_default_pipe(struct usbd_device * device)807 usbd_abort_default_pipe(struct usbd_device *device)
808 {
809 usbd_abort_pipe(device->ud_pipe0);
810 }
811
812 void
usbd_abort_pipe(struct usbd_pipe * pipe)813 usbd_abort_pipe(struct usbd_pipe *pipe)
814 {
815
816 usbd_suspend_pipe(pipe);
817 usbd_resume_pipe(pipe);
818 }
819
820 void
usbd_suspend_pipe(struct usbd_pipe * pipe)821 usbd_suspend_pipe(struct usbd_pipe *pipe)
822 {
823
824 usbd_lock_pipe(pipe);
825 usbd_ar_pipe(pipe);
826 usbd_unlock_pipe(pipe);
827 }
828
829 void
usbd_resume_pipe(struct usbd_pipe * pipe)830 usbd_resume_pipe(struct usbd_pipe *pipe)
831 {
832
833 usbd_lock_pipe(pipe);
834 KASSERT(SIMPLEQ_EMPTY(&pipe->up_queue));
835 pipe->up_aborting = 0;
836 usbd_unlock_pipe(pipe);
837 }
838
839 usbd_status
usbd_clear_endpoint_stall(struct usbd_pipe * pipe)840 usbd_clear_endpoint_stall(struct usbd_pipe *pipe)
841 {
842 struct usbd_device *dev = pipe->up_dev;
843 usbd_status err;
844
845 USBHIST_FUNC(); USBHIST_CALLED(usbdebug);
846 SDT_PROBE1(usb, device, pipe, clear__endpoint__stall, pipe);
847
848 /*
849 * Clearing en endpoint stall resets the endpoint toggle, so
850 * do the same to the HC toggle.
851 */
852 SDT_PROBE1(usb, device, pipe, clear__endpoint__toggle, pipe);
853 pipe->up_methods->upm_cleartoggle(pipe);
854
855 err = usbd_clear_endpoint_feature(dev,
856 pipe->up_endpoint->ue_edesc->bEndpointAddress, UF_ENDPOINT_HALT);
857 #if 0
858 XXX should we do this?
859 if (!err) {
860 pipe->state = USBD_PIPE_ACTIVE;
861 /* XXX activate pipe */
862 }
863 #endif
864 return err;
865 }
866
867 void
usbd_clear_endpoint_stall_task(void * arg)868 usbd_clear_endpoint_stall_task(void *arg)
869 {
870 struct usbd_pipe *pipe = arg;
871 struct usbd_device *dev = pipe->up_dev;
872
873 SDT_PROBE1(usb, device, pipe, clear__endpoint__stall, pipe);
874 SDT_PROBE1(usb, device, pipe, clear__endpoint__toggle, pipe);
875 pipe->up_methods->upm_cleartoggle(pipe);
876
877 (void)usbd_clear_endpoint_feature(dev,
878 pipe->up_endpoint->ue_edesc->bEndpointAddress, UF_ENDPOINT_HALT);
879 }
880
881 void
usbd_clear_endpoint_stall_async(struct usbd_pipe * pipe)882 usbd_clear_endpoint_stall_async(struct usbd_pipe *pipe)
883 {
884 usb_add_task(pipe->up_dev, &pipe->up_async_task, USB_TASKQ_DRIVER);
885 }
886
887 void
usbd_clear_endpoint_toggle(struct usbd_pipe * pipe)888 usbd_clear_endpoint_toggle(struct usbd_pipe *pipe)
889 {
890
891 SDT_PROBE1(usb, device, pipe, clear__endpoint__toggle, pipe);
892 pipe->up_methods->upm_cleartoggle(pipe);
893 }
894
895 usbd_status
usbd_endpoint_count(struct usbd_interface * iface,uint8_t * count)896 usbd_endpoint_count(struct usbd_interface *iface, uint8_t *count)
897 {
898 KASSERT(iface != NULL);
899 KASSERT(iface->ui_idesc != NULL);
900
901 *count = iface->ui_idesc->bNumEndpoints;
902 return USBD_NORMAL_COMPLETION;
903 }
904
905 usbd_status
usbd_interface_count(struct usbd_device * dev,uint8_t * count)906 usbd_interface_count(struct usbd_device *dev, uint8_t *count)
907 {
908
909 if (dev->ud_cdesc == NULL)
910 return USBD_NOT_CONFIGURED;
911 *count = dev->ud_cdesc->bNumInterface;
912 return USBD_NORMAL_COMPLETION;
913 }
914
915 void
usbd_interface2device_handle(struct usbd_interface * iface,struct usbd_device ** dev)916 usbd_interface2device_handle(struct usbd_interface *iface,
917 struct usbd_device **dev)
918 {
919
920 *dev = iface->ui_dev;
921 }
922
923 usbd_status
usbd_device2interface_handle(struct usbd_device * dev,uint8_t ifaceno,struct usbd_interface ** iface)924 usbd_device2interface_handle(struct usbd_device *dev,
925 uint8_t ifaceno, struct usbd_interface **iface)
926 {
927
928 if (dev->ud_cdesc == NULL)
929 return USBD_NOT_CONFIGURED;
930 if (ifaceno >= dev->ud_cdesc->bNumInterface)
931 return USBD_INVAL;
932 *iface = &dev->ud_ifaces[ifaceno];
933 return USBD_NORMAL_COMPLETION;
934 }
935
936 struct usbd_device *
usbd_pipe2device_handle(struct usbd_pipe * pipe)937 usbd_pipe2device_handle(struct usbd_pipe *pipe)
938 {
939 KASSERT(pipe != NULL);
940
941 return pipe->up_dev;
942 }
943
944 /* XXXX use altno */
945 usbd_status
usbd_set_interface(struct usbd_interface * iface,int altidx)946 usbd_set_interface(struct usbd_interface *iface, int altidx)
947 {
948 bool locked = false;
949 usb_device_request_t req;
950 usbd_status err;
951
952 USBHIST_FUNC();
953 USBHIST_CALLARGS(usbdebug, "iface %#jx", (uintptr_t)iface, 0, 0, 0);
954
955 err = usbd_iface_lock(iface);
956 if (err)
957 goto out;
958 locked = true;
959
960 err = usbd_fill_iface_data(iface->ui_dev, iface->ui_index, altidx);
961 if (err)
962 goto out;
963
964 req.bmRequestType = UT_WRITE_INTERFACE;
965 req.bRequest = UR_SET_INTERFACE;
966 USETW(req.wValue, iface->ui_idesc->bAlternateSetting);
967 USETW(req.wIndex, iface->ui_idesc->bInterfaceNumber);
968 USETW(req.wLength, 0);
969 err = usbd_do_request(iface->ui_dev, &req, 0);
970
971 out: /* XXX back out iface data? */
972 if (locked)
973 usbd_iface_unlock(iface);
974 return err;
975 }
976
977 int
usbd_get_no_alts(usb_config_descriptor_t * cdesc,int ifaceno)978 usbd_get_no_alts(usb_config_descriptor_t *cdesc, int ifaceno)
979 {
980 char *p = (char *)cdesc;
981 char *end = p + UGETW(cdesc->wTotalLength);
982 usb_descriptor_t *desc;
983 usb_interface_descriptor_t *idesc;
984 int n;
985
986 for (n = 0; end - p >= sizeof(*desc); p += desc->bLength) {
987 desc = (usb_descriptor_t *)p;
988 if (desc->bLength < sizeof(*desc) || desc->bLength > end - p)
989 break;
990 if (desc->bDescriptorType != UDESC_INTERFACE)
991 continue;
992 if (desc->bLength < sizeof(*idesc))
993 break;
994 idesc = (usb_interface_descriptor_t *)desc;
995 if (idesc->bInterfaceNumber == ifaceno) {
996 n++;
997 if (n == INT_MAX)
998 break;
999 }
1000 }
1001 return n;
1002 }
1003
1004 int
usbd_get_interface_altindex(struct usbd_interface * iface)1005 usbd_get_interface_altindex(struct usbd_interface *iface)
1006 {
1007 return iface->ui_altindex;
1008 }
1009
1010 usbd_status
usbd_get_interface(struct usbd_interface * iface,uint8_t * aiface)1011 usbd_get_interface(struct usbd_interface *iface, uint8_t *aiface)
1012 {
1013 usb_device_request_t req;
1014
1015 req.bmRequestType = UT_READ_INTERFACE;
1016 req.bRequest = UR_GET_INTERFACE;
1017 USETW(req.wValue, 0);
1018 USETW(req.wIndex, iface->ui_idesc->bInterfaceNumber);
1019 USETW(req.wLength, 1);
1020 return usbd_do_request(iface->ui_dev, &req, aiface);
1021 }
1022
1023 /*** Internal routines ***/
1024
1025 /* Dequeue all pipe operations, called with bus lock held. */
1026 Static void
usbd_ar_pipe(struct usbd_pipe * pipe)1027 usbd_ar_pipe(struct usbd_pipe *pipe)
1028 {
1029 struct usbd_xfer *xfer;
1030
1031 USBHIST_FUNC();
1032 USBHIST_CALLARGS(usbdebug, "pipe = %#jx", (uintptr_t)pipe, 0, 0, 0);
1033 SDT_PROBE1(usb, device, pipe, abort__start, pipe);
1034
1035 ASSERT_SLEEPABLE();
1036 KASSERT(mutex_owned(pipe->up_dev->ud_bus->ub_lock));
1037 KASSERT(pipe->up_dev->ud_bus->ub_usepolling == 0);
1038
1039 /*
1040 * Allow only one thread at a time to abort the pipe, so we
1041 * don't get confused if upm_abort drops the lock in the middle
1042 * of the abort to wait for hardware completion softints to
1043 * stop using the xfer before returning.
1044 */
1045 KASSERTMSG(pipe->up_abortlwp == NULL, "pipe->up_abortlwp=%p",
1046 pipe->up_abortlwp);
1047 pipe->up_abortlwp = curlwp;
1048
1049 #ifdef USB_DEBUG
1050 if (usbdebug > 5)
1051 usbd_dump_queue(pipe);
1052 #endif
1053 pipe->up_repeat = 0;
1054 pipe->up_running = 0;
1055 pipe->up_aborting = 1;
1056 while ((xfer = SIMPLEQ_FIRST(&pipe->up_queue)) != NULL) {
1057 USBHIST_LOG(usbdebug, "pipe = %#jx xfer = %#jx "
1058 "(methods = %#jx)", (uintptr_t)pipe, (uintptr_t)xfer,
1059 (uintptr_t)pipe->up_methods, 0);
1060 if (xfer->ux_status == USBD_NOT_STARTED) {
1061 SDT_PROBE1(usb, device, xfer, preabort, xfer);
1062 #ifdef DIAGNOSTIC
1063 xfer->ux_state = XFER_BUSY;
1064 #endif
1065 SIMPLEQ_REMOVE_HEAD(&pipe->up_queue, ux_next);
1066 } else {
1067 /* Make the HC abort it (and invoke the callback). */
1068 SDT_PROBE1(usb, device, xfer, abort, xfer);
1069 pipe->up_methods->upm_abort(xfer);
1070 while (pipe->up_callingxfer == xfer) {
1071 USBHIST_LOG(usbdebug, "wait for callback"
1072 "pipe = %#jx xfer = %#jx",
1073 (uintptr_t)pipe, (uintptr_t)xfer, 0, 0);
1074 cv_wait(&pipe->up_callingcv,
1075 pipe->up_dev->ud_bus->ub_lock);
1076 }
1077 /* XXX only for non-0 usbd_clear_endpoint_stall(pipe); */
1078 }
1079 }
1080
1081 /*
1082 * There may be an xfer callback already in progress which was
1083 * taken off the queue before we got to it. We must wait for
1084 * the callback to finish before returning control to the
1085 * caller.
1086 */
1087 while (pipe->up_callingxfer) {
1088 USBHIST_LOG(usbdebug, "wait for callback"
1089 "pipe = %#jx xfer = %#jx",
1090 (uintptr_t)pipe, (uintptr_t)pipe->up_callingxfer, 0, 0);
1091 cv_wait(&pipe->up_callingcv, pipe->up_dev->ud_bus->ub_lock);
1092 }
1093
1094 KASSERT(mutex_owned(pipe->up_dev->ud_bus->ub_lock));
1095 KASSERTMSG(pipe->up_abortlwp == curlwp, "pipe->up_abortlwp=%p",
1096 pipe->up_abortlwp);
1097 pipe->up_abortlwp = NULL;
1098
1099 SDT_PROBE1(usb, device, pipe, abort__done, pipe);
1100 }
1101
1102 /* Called with USB lock held. */
1103 void
usb_transfer_complete(struct usbd_xfer * xfer)1104 usb_transfer_complete(struct usbd_xfer *xfer)
1105 {
1106 struct usbd_pipe *pipe = xfer->ux_pipe;
1107 struct usbd_bus *bus = pipe->up_dev->ud_bus;
1108 int sync = xfer->ux_flags & USBD_SYNCHRONOUS;
1109 int erred;
1110 int polling = bus->ub_usepolling;
1111 int repeat = pipe->up_repeat;
1112
1113 USBHIST_FUNC();
1114 USBHIST_CALLARGS(usbdebug, "pipe = %#jx xfer = %#jx status = %jd "
1115 "actlen = %jd", (uintptr_t)pipe, (uintptr_t)xfer, xfer->ux_status,
1116 xfer->ux_actlen);
1117
1118 KASSERT(polling || mutex_owned(pipe->up_dev->ud_bus->ub_lock));
1119 KASSERTMSG(xfer->ux_state == XFER_ONQU, "xfer %p state is %x", xfer,
1120 xfer->ux_state);
1121 KASSERT(pipe != NULL);
1122
1123 /*
1124 * If device is known to miss out ack, then pretend that
1125 * output timeout is a success. Userland should handle
1126 * the logic to verify that the operation succeeded.
1127 */
1128 if (pipe->up_dev->ud_quirks &&
1129 pipe->up_dev->ud_quirks->uq_flags & UQ_MISS_OUT_ACK &&
1130 xfer->ux_status == USBD_TIMEOUT &&
1131 !usbd_xfer_isread(xfer)) {
1132 USBHIST_LOG(usbdebug, "Possible output ack miss for xfer %#jx: "
1133 "hiding write timeout to %jd.%jd for %ju bytes written",
1134 (uintptr_t)xfer, curlwp->l_proc->p_pid, curlwp->l_lid,
1135 xfer->ux_length);
1136
1137 xfer->ux_status = USBD_NORMAL_COMPLETION;
1138 xfer->ux_actlen = xfer->ux_length;
1139 }
1140
1141 erred = xfer->ux_status == USBD_CANCELLED ||
1142 xfer->ux_status == USBD_TIMEOUT;
1143
1144 if (!repeat) {
1145 /* Remove request from queue. */
1146
1147 KASSERTMSG(!SIMPLEQ_EMPTY(&pipe->up_queue),
1148 "pipe %p is empty, but xfer %p wants to complete", pipe,
1149 xfer);
1150 KASSERTMSG(xfer == SIMPLEQ_FIRST(&pipe->up_queue),
1151 "xfer %p is not start of queue (%p is at start)", xfer,
1152 SIMPLEQ_FIRST(&pipe->up_queue));
1153
1154 #ifdef DIAGNOSTIC
1155 xfer->ux_state = XFER_BUSY;
1156 #endif
1157 SIMPLEQ_REMOVE_HEAD(&pipe->up_queue, ux_next);
1158 }
1159 USBHIST_LOG(usbdebug, "xfer %#jx: repeat %jd new head = %#jx",
1160 (uintptr_t)xfer, repeat, (uintptr_t)SIMPLEQ_FIRST(&pipe->up_queue),
1161 0);
1162
1163 /* Count completed transfers. */
1164 ++pipe->up_dev->ud_bus->ub_stats.uds_requests
1165 [pipe->up_endpoint->ue_edesc->bmAttributes & UE_XFERTYPE];
1166
1167 xfer->ux_done = 1;
1168 if (!xfer->ux_status && xfer->ux_actlen < xfer->ux_length &&
1169 !(xfer->ux_flags & USBD_SHORT_XFER_OK)) {
1170 USBHIST_LOG(usbdebug, "short transfer %jd < %jd",
1171 xfer->ux_actlen, xfer->ux_length, 0, 0);
1172 xfer->ux_status = USBD_SHORT_XFER;
1173 }
1174
1175 USBHIST_LOG(usbdebug, "xfer %#jx doing done %#jx", (uintptr_t)xfer,
1176 (uintptr_t)pipe->up_methods->upm_done, 0, 0);
1177 SDT_PROBE2(usb, device, xfer, done, xfer, xfer->ux_status);
1178 pipe->up_methods->upm_done(xfer);
1179
1180 if (xfer->ux_length != 0 && xfer->ux_buffer != xfer->ux_buf) {
1181 KDASSERTMSG(xfer->ux_actlen <= xfer->ux_length,
1182 "actlen %d length %d",xfer->ux_actlen, xfer->ux_length);
1183
1184 /* Only if IN transfer */
1185 if (usbd_xfer_isread(xfer)) {
1186 memcpy(xfer->ux_buffer, xfer->ux_buf, xfer->ux_actlen);
1187 }
1188 }
1189
1190 USBHIST_LOG(usbdebug, "xfer %#jx doing callback %#jx status %jd",
1191 (uintptr_t)xfer, (uintptr_t)xfer->ux_callback, xfer->ux_status, 0);
1192
1193 if (xfer->ux_callback) {
1194 if (!polling) {
1195 KASSERT(pipe->up_callingxfer == NULL);
1196 pipe->up_callingxfer = xfer;
1197 mutex_exit(pipe->up_dev->ud_bus->ub_lock);
1198 if (!(pipe->up_flags & USBD_MPSAFE))
1199 KERNEL_LOCK(1, curlwp);
1200 }
1201
1202 xfer->ux_callback(xfer, xfer->ux_priv, xfer->ux_status);
1203
1204 if (!polling) {
1205 if (!(pipe->up_flags & USBD_MPSAFE))
1206 KERNEL_UNLOCK_ONE(curlwp);
1207 mutex_enter(pipe->up_dev->ud_bus->ub_lock);
1208 KASSERT(pipe->up_callingxfer == xfer);
1209 pipe->up_callingxfer = NULL;
1210 cv_broadcast(&pipe->up_callingcv);
1211 }
1212 }
1213
1214 if (sync && !polling) {
1215 USBHIST_LOG(usbdebug, "<- done xfer %#jx, wakeup",
1216 (uintptr_t)xfer, 0, 0, 0);
1217 cv_broadcast(&xfer->ux_cv);
1218 }
1219
1220 if (repeat) {
1221 xfer->ux_actlen = 0;
1222 xfer->ux_status = USBD_NOT_STARTED;
1223 } else {
1224 /* XXX should we stop the queue on all errors? */
1225 if (erred && pipe->up_iface != NULL) /* not control pipe */
1226 pipe->up_running = 0;
1227 }
1228 if (pipe->up_running && pipe->up_serialise)
1229 usbd_start_next(pipe);
1230 }
1231
1232 /* Called with USB lock held. */
1233 void
usbd_start_next(struct usbd_pipe * pipe)1234 usbd_start_next(struct usbd_pipe *pipe)
1235 {
1236 struct usbd_xfer *xfer;
1237 usbd_status err;
1238
1239 USBHIST_FUNC();
1240
1241 KASSERT(pipe != NULL);
1242 KASSERT(pipe->up_methods != NULL);
1243 KASSERT(pipe->up_methods->upm_start != NULL);
1244 KASSERT(pipe->up_serialise == true);
1245
1246 int polling = pipe->up_dev->ud_bus->ub_usepolling;
1247 KASSERT(polling || mutex_owned(pipe->up_dev->ud_bus->ub_lock));
1248
1249 /* Get next request in queue. */
1250 xfer = SIMPLEQ_FIRST(&pipe->up_queue);
1251 USBHIST_CALLARGS(usbdebug, "pipe = %#jx, xfer = %#jx", (uintptr_t)pipe,
1252 (uintptr_t)xfer, 0, 0);
1253 if (xfer == NULL) {
1254 pipe->up_running = 0;
1255 } else {
1256 SDT_PROBE2(usb, device, pipe, start, pipe, xfer);
1257 err = pipe->up_methods->upm_start(xfer);
1258
1259 if (err != USBD_IN_PROGRESS) {
1260 USBHIST_LOG(usbdebug, "error = %jd", err, 0, 0, 0);
1261 pipe->up_running = 0;
1262 /* XXX do what? */
1263 }
1264 }
1265
1266 KASSERT(polling || mutex_owned(pipe->up_dev->ud_bus->ub_lock));
1267 }
1268
1269 usbd_status
usbd_do_request(struct usbd_device * dev,usb_device_request_t * req,void * data)1270 usbd_do_request(struct usbd_device *dev, usb_device_request_t *req, void *data)
1271 {
1272
1273 return usbd_do_request_flags(dev, req, data, 0, 0,
1274 USBD_DEFAULT_TIMEOUT);
1275 }
1276
1277 usbd_status
usbd_do_request_flags(struct usbd_device * dev,usb_device_request_t * req,void * data,uint16_t flags,int * actlen,uint32_t timeout)1278 usbd_do_request_flags(struct usbd_device *dev, usb_device_request_t *req,
1279 void *data, uint16_t flags, int *actlen, uint32_t timeout)
1280 {
1281 size_t len = UGETW(req->wLength);
1282
1283 return usbd_do_request_len(dev, req, len, data, flags, actlen, timeout);
1284 }
1285
1286 usbd_status
usbd_do_request_len(struct usbd_device * dev,usb_device_request_t * req,size_t len,void * data,uint16_t flags,int * actlen,uint32_t timeout)1287 usbd_do_request_len(struct usbd_device *dev, usb_device_request_t *req,
1288 size_t len, void *data, uint16_t flags, int *actlen, uint32_t timeout)
1289 {
1290 struct usbd_xfer *xfer;
1291 usbd_status err;
1292
1293 KASSERT(len >= UGETW(req->wLength));
1294
1295 USBHIST_FUNC();
1296 USBHIST_CALLARGS(usbdebug, "dev=%#jx req=%jx flags=%jx len=%jx",
1297 (uintptr_t)dev, (uintptr_t)req, flags, len);
1298
1299 ASSERT_SLEEPABLE();
1300
1301 SDT_PROBE5(usb, device, request, start,
1302 dev, req, len, flags, timeout);
1303
1304 int error = usbd_create_xfer(dev->ud_pipe0, len, 0, 0, &xfer);
1305 if (error) {
1306 SDT_PROBE7(usb, device, request, done,
1307 dev, req, /*actlen*/0, flags, timeout, data, USBD_NOMEM);
1308 return USBD_NOMEM;
1309 }
1310
1311 usbd_setup_default_xfer(xfer, dev, 0, timeout, req, data,
1312 UGETW(req->wLength), flags, NULL);
1313 KASSERT(xfer->ux_pipe == dev->ud_pipe0);
1314 err = usbd_sync_transfer(xfer);
1315 #if defined(USB_DEBUG) || defined(DIAGNOSTIC)
1316 if (xfer->ux_actlen > xfer->ux_length) {
1317 USBHIST_LOG(usbdebug, "overrun addr = %jd type = 0x%02jx",
1318 dev->ud_addr, xfer->ux_request.bmRequestType, 0, 0);
1319 USBHIST_LOG(usbdebug, " req = 0x%02jx val = %jd "
1320 "index = %jd",
1321 xfer->ux_request.bRequest, UGETW(xfer->ux_request.wValue),
1322 UGETW(xfer->ux_request.wIndex), 0);
1323 USBHIST_LOG(usbdebug, " rlen = %jd length = %jd "
1324 "actlen = %jd",
1325 UGETW(xfer->ux_request.wLength),
1326 xfer->ux_length, xfer->ux_actlen, 0);
1327 }
1328 #endif
1329 if (actlen != NULL)
1330 *actlen = xfer->ux_actlen;
1331
1332 usbd_destroy_xfer(xfer);
1333
1334 SDT_PROBE7(usb, device, request, done,
1335 dev, req, xfer->ux_actlen, flags, timeout, data, err);
1336
1337 if (err) {
1338 USBHIST_LOG(usbdebug, "returning err = %jd", err, 0, 0, 0);
1339 }
1340 return err;
1341 }
1342
1343 const struct usbd_quirks *
usbd_get_quirks(struct usbd_device * dev)1344 usbd_get_quirks(struct usbd_device *dev)
1345 {
1346 #ifdef DIAGNOSTIC
1347 if (dev == NULL) {
1348 printf("usbd_get_quirks: dev == NULL\n");
1349 return 0;
1350 }
1351 #endif
1352 return dev->ud_quirks;
1353 }
1354
1355 /* XXX do periodic free() of free list */
1356
1357 /*
1358 * Called from keyboard driver when in polling mode.
1359 */
1360 void
usbd_dopoll(struct usbd_interface * iface)1361 usbd_dopoll(struct usbd_interface *iface)
1362 {
1363 iface->ui_dev->ud_bus->ub_methods->ubm_dopoll(iface->ui_dev->ud_bus);
1364 }
1365
1366 /*
1367 * This is for keyboard driver as well, which only operates in polling
1368 * mode from the ask root, etc., prompt and from DDB.
1369 */
1370 void
usbd_set_polling(struct usbd_device * dev,int on)1371 usbd_set_polling(struct usbd_device *dev, int on)
1372 {
1373
1374 mutex_enter(dev->ud_bus->ub_lock);
1375 if (on) {
1376 /*
1377 * Enabling polling. If we're enabling for the first
1378 * time, call the softint routine on transition while
1379 * we hold the lock and polling is still disabled, and
1380 * then enable polling -- once polling is enabled, we
1381 * must not hold the lock when we call the softint
1382 * routine.
1383 */
1384 KASSERT(dev->ud_bus->ub_usepolling < __type_max(char));
1385 if (dev->ud_bus->ub_usepolling == 0)
1386 dev->ud_bus->ub_methods->ubm_softint(dev->ud_bus);
1387 dev->ud_bus->ub_usepolling++;
1388 } else {
1389 /*
1390 * Disabling polling. If we're disabling polling for
1391 * the last time, disable polling first and then call
1392 * the softint routine while we hold the lock -- until
1393 * polling is disabled, we must not hold the lock when
1394 * we call the softint routine.
1395 */
1396 KASSERT(dev->ud_bus->ub_usepolling > 0);
1397 dev->ud_bus->ub_usepolling--;
1398 if (dev->ud_bus->ub_usepolling == 0)
1399 dev->ud_bus->ub_methods->ubm_softint(dev->ud_bus);
1400 }
1401 mutex_exit(dev->ud_bus->ub_lock);
1402 }
1403
1404
1405 usb_endpoint_descriptor_t *
usbd_get_endpoint_descriptor(struct usbd_interface * iface,uint8_t address)1406 usbd_get_endpoint_descriptor(struct usbd_interface *iface, uint8_t address)
1407 {
1408 struct usbd_endpoint *ep;
1409 int i;
1410
1411 for (i = 0; i < iface->ui_idesc->bNumEndpoints; i++) {
1412 ep = &iface->ui_endpoints[i];
1413 if (ep->ue_edesc->bEndpointAddress == address)
1414 return iface->ui_endpoints[i].ue_edesc;
1415 }
1416 return NULL;
1417 }
1418
1419 /*
1420 * usbd_ratecheck() can limit the number of error messages that occurs.
1421 * When a device is unplugged it may take up to 0.25s for the hub driver
1422 * to notice it. If the driver continuously tries to do I/O operations
1423 * this can generate a large number of messages.
1424 */
1425 int
usbd_ratecheck(struct timeval * last)1426 usbd_ratecheck(struct timeval *last)
1427 {
1428 static struct timeval errinterval = { 0, 250000 }; /* 0.25 s*/
1429
1430 return ratecheck(last, &errinterval);
1431 }
1432
1433 /*
1434 * Search for a vendor/product pair in an array. The item size is
1435 * given as an argument.
1436 */
1437 const struct usb_devno *
usb_match_device(const struct usb_devno * tbl,u_int nentries,u_int sz,uint16_t vendor,uint16_t product)1438 usb_match_device(const struct usb_devno *tbl, u_int nentries, u_int sz,
1439 uint16_t vendor, uint16_t product)
1440 {
1441 while (nentries-- > 0) {
1442 uint16_t tproduct = tbl->ud_product;
1443 if (tbl->ud_vendor == vendor &&
1444 (tproduct == product || tproduct == USB_PRODUCT_ANY))
1445 return tbl;
1446 tbl = (const struct usb_devno *)((const char *)tbl + sz);
1447 }
1448 return NULL;
1449 }
1450
1451 usbd_status
usbd_get_string(struct usbd_device * dev,int si,char * buf)1452 usbd_get_string(struct usbd_device *dev, int si, char *buf)
1453 {
1454 return usbd_get_string0(dev, si, buf, 1);
1455 }
1456
1457 usbd_status
usbd_get_string0(struct usbd_device * dev,int si,char * buf,int unicode)1458 usbd_get_string0(struct usbd_device *dev, int si, char *buf, int unicode)
1459 {
1460 int swap = dev->ud_quirks->uq_flags & UQ_SWAP_UNICODE;
1461 usb_string_descriptor_t us;
1462 char *s;
1463 int i, n;
1464 uint16_t c;
1465 usbd_status err;
1466 int size;
1467
1468 USBHIST_FUNC(); USBHIST_CALLED(usbdebug);
1469
1470 buf[0] = '\0';
1471 if (si == 0)
1472 return USBD_INVAL;
1473 if (dev->ud_quirks->uq_flags & UQ_NO_STRINGS)
1474 return USBD_STALLED;
1475 if (dev->ud_langid == USBD_NOLANG) {
1476 /* Set up default language */
1477 err = usbd_get_string_desc(dev, USB_LANGUAGE_TABLE, 0, &us,
1478 &size);
1479 if (err || size < 4) {
1480 USBHIST_LOG(usbdebug, "getting lang failed, using 0",
1481 0, 0, 0, 0);
1482 dev->ud_langid = 0; /* Well, just pick something then */
1483 } else {
1484 /* Pick the first language as the default. */
1485 dev->ud_langid = UGETW(us.bString[0]);
1486 }
1487 }
1488 err = usbd_get_string_desc(dev, si, dev->ud_langid, &us, &size);
1489 if (err)
1490 return err;
1491 s = buf;
1492 n = size / 2 - 1;
1493 if (unicode) {
1494 for (i = 0; i < n; i++) {
1495 c = UGETW(us.bString[i]);
1496 if (swap)
1497 c = (c >> 8) | (c << 8);
1498 s += wput_utf8(s, 3, c);
1499 }
1500 *s++ = 0;
1501 }
1502 #ifdef COMPAT_30
1503 else {
1504 for (i = 0; i < n; i++) {
1505 c = UGETW(us.bString[i]);
1506 if (swap)
1507 c = (c >> 8) | (c << 8);
1508 *s++ = (c < 0x80) ? c : '?';
1509 }
1510 *s++ = 0;
1511 }
1512 #endif
1513 return USBD_NORMAL_COMPLETION;
1514 }
1515
1516 /*
1517 * usbd_xfer_trycomplete(xfer)
1518 *
1519 * Try to claim xfer for completion. Return true if successful,
1520 * false if the xfer has been synchronously aborted or has timed
1521 * out.
1522 *
1523 * If this returns true, caller is responsible for setting
1524 * xfer->ux_status and calling usb_transfer_complete. To be used
1525 * in a host controller interrupt handler.
1526 *
1527 * Caller must either hold the bus lock or have the bus in polling
1528 * mode. If this succeeds, caller must proceed to call
1529 * usb_complete_transfer under the bus lock or with polling
1530 * enabled -- must not release and reacquire the bus lock in the
1531 * meantime. Failing to heed this rule may lead to catastrophe
1532 * with abort or timeout.
1533 */
1534 bool
usbd_xfer_trycomplete(struct usbd_xfer * xfer)1535 usbd_xfer_trycomplete(struct usbd_xfer *xfer)
1536 {
1537 struct usbd_bus *bus __diagused = xfer->ux_bus;
1538
1539 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1540
1541 USBHIST_FUNC();
1542 USBHIST_CALLARGS(usbdebug, "xfer %#jx status %jd",
1543 (uintptr_t)xfer, xfer->ux_status, 0, 0);
1544
1545 /*
1546 * If software has completed it, either by synchronous abort or
1547 * by timeout, too late.
1548 */
1549 if (xfer->ux_status != USBD_IN_PROGRESS)
1550 return false;
1551
1552 /*
1553 * We are completing the xfer. Cancel the timeout if we can,
1554 * but only asynchronously. See usbd_xfer_cancel_timeout_async
1555 * for why we need not wait for the callout or task here.
1556 */
1557 usbd_xfer_cancel_timeout_async(xfer);
1558
1559 /* Success! Note: Caller must set xfer->ux_status afterwar. */
1560 return true;
1561 }
1562
1563 /*
1564 * usbd_xfer_abort(xfer)
1565 *
1566 * Try to claim xfer to abort. If successful, mark it completed
1567 * with USBD_CANCELLED and call the bus-specific method to abort
1568 * at the hardware level.
1569 *
1570 * To be called in thread context from struct
1571 * usbd_pipe_methods::upm_abort.
1572 *
1573 * Caller must hold the bus lock.
1574 */
1575 void
usbd_xfer_abort(struct usbd_xfer * xfer)1576 usbd_xfer_abort(struct usbd_xfer *xfer)
1577 {
1578 struct usbd_bus *bus = xfer->ux_bus;
1579
1580 KASSERT(mutex_owned(bus->ub_lock));
1581
1582 USBHIST_FUNC();
1583 USBHIST_CALLARGS(usbdebug, "xfer %#jx status %jd",
1584 (uintptr_t)xfer, xfer->ux_status, 0, 0);
1585
1586 /*
1587 * If host controller interrupt or timer interrupt has
1588 * completed it, too late. But the xfer cannot be
1589 * cancelled already -- only one caller can synchronously
1590 * abort.
1591 */
1592 KASSERT(xfer->ux_status != USBD_CANCELLED);
1593 if (xfer->ux_status != USBD_IN_PROGRESS)
1594 return;
1595
1596 /*
1597 * Cancel the timeout if we can, but only asynchronously; see
1598 * usbd_xfer_cancel_timeout_async for why we need not wait for
1599 * the callout or task here.
1600 */
1601 usbd_xfer_cancel_timeout_async(xfer);
1602
1603 /*
1604 * We beat everyone else. Claim the status as cancelled, do
1605 * the bus-specific dance to abort the hardware, and complete
1606 * the xfer.
1607 */
1608 xfer->ux_status = USBD_CANCELLED;
1609 bus->ub_methods->ubm_abortx(xfer);
1610 usb_transfer_complete(xfer);
1611 }
1612
1613 /*
1614 * usbd_xfer_timeout(xfer)
1615 *
1616 * Called at IPL_SOFTCLOCK when too much time has elapsed waiting
1617 * for xfer to complete. Since we can't abort the xfer at
1618 * IPL_SOFTCLOCK, defer to a usb_task to run it in thread context,
1619 * unless the xfer has completed or aborted concurrently -- and if
1620 * the xfer has also been resubmitted, take care of rescheduling
1621 * the callout.
1622 */
1623 static void
usbd_xfer_timeout(void * cookie)1624 usbd_xfer_timeout(void *cookie)
1625 {
1626 struct usbd_xfer *xfer = cookie;
1627 struct usbd_bus *bus = xfer->ux_bus;
1628 struct usbd_device *dev = xfer->ux_pipe->up_dev;
1629
1630 /* Acquire the lock so we can transition the timeout state. */
1631 mutex_enter(bus->ub_lock);
1632
1633 USBHIST_FUNC();
1634 USBHIST_CALLARGS(usbdebug, "xfer %#jx status %jd",
1635 (uintptr_t)xfer, xfer->ux_status, 0, 0);
1636
1637 /*
1638 * Use usbd_xfer_probe_timeout to check whether the timeout is
1639 * still valid, or to reschedule the callout if necessary. If
1640 * it is still valid, schedule the task.
1641 */
1642 if (usbd_xfer_probe_timeout(xfer)) {
1643 USBHIST_LOG(usbdebug, "xfer %#jx schedule timeout task",
1644 (uintptr_t)xfer, 0, 0, 0);
1645 usb_add_task(dev, &xfer->ux_aborttask, USB_TASKQ_HC);
1646 } else {
1647 USBHIST_LOG(usbdebug, "xfer %#jx timeout cancelled",
1648 (uintptr_t)xfer, 0, 0, 0);
1649 }
1650
1651 /*
1652 * Notify usbd_xfer_cancel_timeout_async that we may have
1653 * scheduled the task. This causes callout_invoking to return
1654 * false in usbd_xfer_cancel_timeout_async so that it can tell
1655 * which stage in the callout->task->abort process we're at.
1656 */
1657 callout_ack(&xfer->ux_callout);
1658
1659 /* All done -- release the lock. */
1660 mutex_exit(bus->ub_lock);
1661 }
1662
1663 /*
1664 * usbd_xfer_timeout_task(xfer)
1665 *
1666 * Called in thread context when too much time has elapsed waiting
1667 * for xfer to complete. Abort the xfer with USBD_TIMEOUT, unless
1668 * it has completed or aborted concurrently -- and if the xfer has
1669 * also been resubmitted, take care of rescheduling the callout.
1670 */
1671 static void
usbd_xfer_timeout_task(void * cookie)1672 usbd_xfer_timeout_task(void *cookie)
1673 {
1674 struct usbd_xfer *xfer = cookie;
1675 struct usbd_bus *bus = xfer->ux_bus;
1676
1677 /* Acquire the lock so we can transition the timeout state. */
1678 mutex_enter(bus->ub_lock);
1679
1680 USBHIST_FUNC();
1681 USBHIST_CALLARGS(usbdebug, "xfer %#jx status %jd",
1682 (uintptr_t)xfer, xfer->ux_status, 0, 0);
1683
1684 /*
1685 * Use usbd_xfer_probe_timeout to check whether the timeout is
1686 * still valid, or to reschedule the callout if necessary. If
1687 * it is not valid -- the timeout has been asynchronously
1688 * cancelled, or the xfer has already been resubmitted -- then
1689 * we're done here.
1690 */
1691 if (!usbd_xfer_probe_timeout(xfer)) {
1692 USBHIST_LOG(usbdebug, "xfer %#jx timeout cancelled",
1693 (uintptr_t)xfer, 0, 0, 0);
1694 goto out;
1695 }
1696
1697 /*
1698 * After this point, no further timeout probing will happen for
1699 * the current incarnation of the timeout, so make the next
1700 * usbd_xfer_schedule_timeout schedule a new callout.
1701 * usbd_xfer_probe_timeout has already processed any reset.
1702 */
1703 KASSERT(!xfer->ux_timeout_reset);
1704 xfer->ux_timeout_set = false;
1705
1706 /*
1707 * May have completed or been aborted, but we're the only one
1708 * who can time it out. If it has completed or been aborted,
1709 * no need to timeout.
1710 */
1711 KASSERT(xfer->ux_status != USBD_TIMEOUT);
1712 if (xfer->ux_status != USBD_IN_PROGRESS) {
1713 USBHIST_LOG(usbdebug, "xfer %#jx timeout raced",
1714 (uintptr_t)xfer, 0, 0, 0);
1715 goto out;
1716 }
1717
1718 /*
1719 * We beat everyone else. Claim the status as timed out, do
1720 * the bus-specific dance to abort the hardware, and complete
1721 * the xfer.
1722 */
1723 USBHIST_LOG(usbdebug, "xfer %#jx timed out",
1724 (uintptr_t)xfer, 0, 0, 0);
1725 xfer->ux_status = USBD_TIMEOUT;
1726 bus->ub_methods->ubm_abortx(xfer);
1727 usb_transfer_complete(xfer);
1728
1729 out: /* All done -- release the lock. */
1730 mutex_exit(bus->ub_lock);
1731 }
1732
1733 /*
1734 * usbd_xfer_probe_timeout(xfer)
1735 *
1736 * Probe the status of xfer's timeout. Acknowledge and process a
1737 * request to reschedule. Return true if the timeout is still
1738 * valid and the caller should take further action (queueing a
1739 * task or aborting the xfer), false if it must stop here.
1740 */
1741 static bool
usbd_xfer_probe_timeout(struct usbd_xfer * xfer)1742 usbd_xfer_probe_timeout(struct usbd_xfer *xfer)
1743 {
1744 struct usbd_bus *bus = xfer->ux_bus;
1745 bool valid;
1746
1747 USBHIST_FUNC();
1748 USBHIST_CALLARGS(usbdebug, "xfer %#jx timeout %jdms"
1749 " set %jd reset %jd",
1750 (uintptr_t)xfer, xfer->ux_timeout,
1751 xfer->ux_timeout_set, xfer->ux_timeout_reset);
1752
1753 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1754
1755 /* The timeout must be set. */
1756 KASSERT(xfer->ux_timeout_set);
1757
1758 /*
1759 * Neither callout nor task may be pending; they execute
1760 * alternately in lock step.
1761 */
1762 KASSERT(!callout_pending(&xfer->ux_callout));
1763 KASSERT(!usb_task_pending(xfer->ux_pipe->up_dev, &xfer->ux_aborttask));
1764
1765 /* There are a few cases... */
1766 if (bus->ub_methods->ubm_dying(bus)) {
1767 /* Host controller dying. Drop it all on the floor. */
1768 USBHIST_LOG(usbdebug, "xfer %#jx bus dying, not rescheduling",
1769 (uintptr_t)xfer, 0, 0, 0);
1770 xfer->ux_timeout_set = false;
1771 xfer->ux_timeout_reset = false;
1772 valid = false;
1773 } else if (xfer->ux_timeout_reset) {
1774 /*
1775 * The xfer completed _and_ got resubmitted while we
1776 * waited for the lock. Acknowledge the request to
1777 * reschedule, and reschedule it if there is a timeout
1778 * and the bus is not polling.
1779 */
1780 xfer->ux_timeout_reset = false;
1781 if (xfer->ux_timeout && !bus->ub_usepolling) {
1782 USBHIST_LOG(usbdebug, "xfer %#jx resubmitted,"
1783 " rescheduling timer for %jdms",
1784 (uintptr_t)xfer, xfer->ux_timeout, 0, 0);
1785 KASSERT(xfer->ux_timeout_set);
1786 callout_schedule(&xfer->ux_callout,
1787 mstohz(xfer->ux_timeout));
1788 } else {
1789 /* No more callout or task scheduled. */
1790 USBHIST_LOG(usbdebug, "xfer %#jx resubmitted"
1791 " and completed, not rescheduling",
1792 (uintptr_t)xfer, 0, 0, 0);
1793 xfer->ux_timeout_set = false;
1794 }
1795 valid = false;
1796 } else if (xfer->ux_status != USBD_IN_PROGRESS) {
1797 /*
1798 * The xfer has completed by hardware completion or by
1799 * software abort, and has not been resubmitted, so the
1800 * timeout must be unset, and is no longer valid for
1801 * the caller.
1802 */
1803 USBHIST_LOG(usbdebug, "xfer %#jx timeout lost race,"
1804 " status=%jd, not rescheduling",
1805 (uintptr_t)xfer, xfer->ux_status, 0, 0);
1806 xfer->ux_timeout_set = false;
1807 valid = false;
1808 } else {
1809 /*
1810 * The xfer has not yet completed, so the timeout is
1811 * valid.
1812 */
1813 USBHIST_LOG(usbdebug, "xfer %#jx timing out",
1814 (uintptr_t)xfer, 0, 0, 0);
1815 valid = true;
1816 }
1817
1818 /* Any reset must have been processed. */
1819 KASSERT(!xfer->ux_timeout_reset);
1820
1821 /*
1822 * Either we claim the timeout is set, or the callout is idle.
1823 * If the timeout is still set, we may be handing off to the
1824 * task instead, so this is an if but not an iff.
1825 */
1826 KASSERT(xfer->ux_timeout_set || !callout_pending(&xfer->ux_callout));
1827
1828 /*
1829 * The task must be idle now.
1830 *
1831 * - If the caller is the callout, _and_ the timeout is still
1832 * valid, the caller will schedule it, but it hasn't been
1833 * scheduled yet. (If the timeout is not valid, the task
1834 * should not be scheduled.)
1835 *
1836 * - If the caller is the task, it cannot be scheduled again
1837 * until the callout runs again, which won't happen until we
1838 * next release the lock.
1839 */
1840 KASSERT(!usb_task_pending(xfer->ux_pipe->up_dev, &xfer->ux_aborttask));
1841
1842 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1843
1844 return valid;
1845 }
1846
1847 /*
1848 * usbd_xfer_schedule_timeout(xfer)
1849 *
1850 * Ensure that xfer has a timeout. If the callout is already
1851 * queued or the task is already running, request that they
1852 * reschedule the callout. If not, and if we're not polling,
1853 * schedule the callout anew.
1854 *
1855 * To be called in thread context from struct
1856 * usbd_pipe_methods::upm_start.
1857 */
1858 void
usbd_xfer_schedule_timeout(struct usbd_xfer * xfer)1859 usbd_xfer_schedule_timeout(struct usbd_xfer *xfer)
1860 {
1861 struct usbd_bus *bus = xfer->ux_bus;
1862
1863 USBHIST_FUNC();
1864 USBHIST_CALLARGS(usbdebug, "xfer %#jx timeout %jdms"
1865 " set %jd reset %jd",
1866 (uintptr_t)xfer, xfer->ux_timeout,
1867 xfer->ux_timeout_set, xfer->ux_timeout_reset);
1868
1869 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1870 KASSERTMSG(xfer->ux_status == USBD_IN_PROGRESS, "xfer=%p status=%d",
1871 xfer, xfer->ux_status);
1872
1873 if (xfer->ux_timeout_set) {
1874 /*
1875 * Callout or task has fired from a prior completed
1876 * xfer but has not yet noticed that the xfer is done.
1877 * Ask it to reschedule itself to ux_timeout.
1878 */
1879 xfer->ux_timeout_reset = true;
1880 } else if (xfer->ux_timeout && !bus->ub_usepolling) {
1881 /* Callout is not scheduled. Schedule it. */
1882 KASSERT(!callout_pending(&xfer->ux_callout));
1883 callout_schedule(&xfer->ux_callout, mstohz(xfer->ux_timeout));
1884 xfer->ux_timeout_set = true;
1885 }
1886
1887 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1888 }
1889
1890 /*
1891 * usbd_xfer_cancel_timeout_async(xfer)
1892 *
1893 * Cancel the callout and the task of xfer, which have not yet run
1894 * to completion, but don't wait for the callout or task to finish
1895 * running.
1896 *
1897 * If they have already fired, at worst they are waiting for the
1898 * bus lock. They will see that the xfer is no longer in progress
1899 * and give up, or they will see that the xfer has been
1900 * resubmitted with a new timeout and reschedule the callout.
1901 *
1902 * If a resubmitted request completed so fast that the callout
1903 * didn't have time to process a timer reset, just cancel the
1904 * timer reset.
1905 */
1906 static void
usbd_xfer_cancel_timeout_async(struct usbd_xfer * xfer)1907 usbd_xfer_cancel_timeout_async(struct usbd_xfer *xfer)
1908 {
1909 struct usbd_bus *bus __diagused = xfer->ux_bus;
1910
1911 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1912
1913 USBHIST_FUNC();
1914 USBHIST_CALLARGS(usbdebug, "xfer %#jx timeout %jdms"
1915 " set %jd reset %jd",
1916 (uintptr_t)xfer, xfer->ux_timeout,
1917 xfer->ux_timeout_set, xfer->ux_timeout_reset);
1918
1919 /*
1920 * If the timer wasn't running anyway, forget about it. This
1921 * can happen if we are completing an isochronous transfer
1922 * which doesn't use the same timeout logic.
1923 */
1924 if (!xfer->ux_timeout_set) {
1925 USBHIST_LOG(usbdebug, "xfer %#jx timer not running",
1926 (uintptr_t)xfer, 0, 0, 0);
1927 return;
1928 }
1929
1930 xfer->ux_timeout_reset = false;
1931 if (!callout_stop(&xfer->ux_callout)) {
1932 /*
1933 * We stopped the callout before it ran. The timeout
1934 * is no longer set.
1935 */
1936 USBHIST_LOG(usbdebug, "xfer %#jx timer stopped",
1937 (uintptr_t)xfer, 0, 0, 0);
1938 xfer->ux_timeout_set = false;
1939 } else if (callout_invoking(&xfer->ux_callout)) {
1940 /*
1941 * The callout has begun to run but it has not yet
1942 * acquired the lock and called callout_ack. The task
1943 * cannot be queued yet, and the callout cannot have
1944 * been rescheduled yet.
1945 *
1946 * By the time the callout acquires the lock, we will
1947 * have transitioned from USBD_IN_PROGRESS to a
1948 * completed status, and possibly also resubmitted the
1949 * xfer and set xfer->ux_timeout_reset = true. In both
1950 * cases, the callout will DTRT, so no further action
1951 * is needed here.
1952 */
1953 USBHIST_LOG(usbdebug, "xfer %#jx timer fired",
1954 (uintptr_t)xfer, 0, 0, 0);
1955 } else if (usb_rem_task(xfer->ux_pipe->up_dev, &xfer->ux_aborttask)) {
1956 /*
1957 * The callout had fired and scheduled the task, but we
1958 * stopped the task before it could run. The timeout
1959 * is therefore no longer set -- the next resubmission
1960 * of the xfer must schedule a new timeout.
1961 *
1962 * The callout should not be pending at this point:
1963 * it is scheduled only under the lock, and only when
1964 * xfer->ux_timeout_set is false, or by the callout or
1965 * task itself when xfer->ux_timeout_reset is true.
1966 */
1967 USBHIST_LOG(usbdebug, "xfer %#jx task fired",
1968 (uintptr_t)xfer, 0, 0, 0);
1969 xfer->ux_timeout_set = false;
1970 } else {
1971 USBHIST_LOG(usbdebug, "xfer %#jx task stopped",
1972 (uintptr_t)xfer, 0, 0, 0);
1973 }
1974
1975 /*
1976 * The callout cannot be scheduled and the task cannot be
1977 * queued at this point. Either we cancelled them, or they are
1978 * already running and waiting for the bus lock.
1979 */
1980 KASSERT(!callout_pending(&xfer->ux_callout));
1981 KASSERT(!usb_task_pending(xfer->ux_pipe->up_dev, &xfer->ux_aborttask));
1982
1983 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1984 }
1985