1 /* $FreeBSD$ */ 2 /*- 3 * Copyright (c) 2008 Hans Petter Selasky. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 #include <dev/usb/usb_mfunc.h> 28 #include <dev/usb/usb_error.h> 29 #include <dev/usb/usb.h> 30 31 #define USB_DEBUG_VAR usb_debug 32 33 #include <dev/usb/usb_core.h> 34 #include <dev/usb/usb_process.h> 35 #include <dev/usb/usb_busdma.h> 36 #include <dev/usb/usb_transfer.h> 37 #include <dev/usb/usb_device.h> 38 #include <dev/usb/usb_debug.h> 39 #include <dev/usb/usb_dynamic.h> 40 #include <dev/usb/usb_hub.h> 41 42 #include <dev/usb/usb_controller.h> 43 #include <dev/usb/usb_bus.h> 44 45 /* function prototypes */ 46 47 static uint8_t usb_handle_get_stall(struct usb_device *, uint8_t); 48 static usb_error_t usb_handle_remote_wakeup(struct usb_xfer *, uint8_t); 49 static usb_error_t usb_handle_request(struct usb_xfer *); 50 static usb_error_t usb_handle_set_config(struct usb_xfer *, uint8_t); 51 static usb_error_t usb_handle_set_stall(struct usb_xfer *, uint8_t, 52 uint8_t); 53 static usb_error_t usb_handle_iface_request(struct usb_xfer *, void **, 54 uint16_t *, struct usb_device_request, uint16_t, 55 uint8_t); 56 57 /*------------------------------------------------------------------------* 58 * usb_handle_request_callback 59 * 60 * This function is the USB callback for generic USB Device control 61 * transfers. 62 *------------------------------------------------------------------------*/ 63 void 64 usb_handle_request_callback(struct usb_xfer *xfer) 65 { 66 usb_error_t err; 67 68 /* check the current transfer state */ 69 70 switch (USB_GET_STATE(xfer)) { 71 case USB_ST_SETUP: 72 case USB_ST_TRANSFERRED: 73 74 /* handle the request */ 75 err = usb_handle_request(xfer); 76 77 if (err) { 78 79 if (err == USB_ERR_BAD_CONTEXT) { 80 /* we need to re-setup the control transfer */ 81 usb_needs_explore(xfer->xroot->bus, 0); 82 break; 83 } 84 goto tr_restart; 85 } 86 usbd_transfer_submit(xfer); 87 break; 88 89 default: 90 /* check if a control transfer is active */ 91 if (xfer->flags_int.control_rem != 0xFFFF) { 92 /* handle the request */ 93 err = usb_handle_request(xfer); 94 } 95 if (xfer->error != USB_ERR_CANCELLED) { 96 /* should not happen - try stalling */ 97 goto tr_restart; 98 } 99 break; 100 } 101 return; 102 103 tr_restart: 104 /* 105 * If a control transfer is active, stall it, and wait for the 106 * next control transfer. 107 */ 108 xfer->frlengths[0] = sizeof(struct usb_device_request); 109 xfer->nframes = 1; 110 xfer->flags.manual_status = 1; 111 xfer->flags.force_short_xfer = 0; 112 xfer->flags.stall_pipe = 1; /* cancel previous transfer, if any */ 113 usbd_transfer_submit(xfer); 114 } 115 116 /*------------------------------------------------------------------------* 117 * usb_handle_set_config 118 * 119 * Returns: 120 * 0: Success 121 * Else: Failure 122 *------------------------------------------------------------------------*/ 123 static usb_error_t 124 usb_handle_set_config(struct usb_xfer *xfer, uint8_t conf_no) 125 { 126 struct usb_device *udev = xfer->xroot->udev; 127 usb_error_t err = 0; 128 129 /* 130 * We need to protect against other threads doing probe and 131 * attach: 132 */ 133 USB_XFER_UNLOCK(xfer); 134 mtx_lock(&Giant); /* XXX */ 135 sx_xlock(udev->default_sx + 1); 136 137 if (conf_no == USB_UNCONFIG_NO) { 138 conf_no = USB_UNCONFIG_INDEX; 139 } else { 140 /* 141 * The relationship between config number and config index 142 * is very simple in our case: 143 */ 144 conf_no--; 145 } 146 147 if (usbd_set_config_index(udev, conf_no)) { 148 DPRINTF("set config %d failed\n", conf_no); 149 err = USB_ERR_STALLED; 150 goto done; 151 } 152 if (usb_probe_and_attach(udev, USB_IFACE_INDEX_ANY)) { 153 DPRINTF("probe and attach failed\n"); 154 err = USB_ERR_STALLED; 155 goto done; 156 } 157 done: 158 mtx_unlock(&Giant); /* XXX */ 159 sx_unlock(udev->default_sx + 1); 160 USB_XFER_LOCK(xfer); 161 return (err); 162 } 163 164 /*------------------------------------------------------------------------* 165 * usb_handle_iface_request 166 * 167 * Returns: 168 * 0: Success 169 * Else: Failure 170 *------------------------------------------------------------------------*/ 171 static usb_error_t 172 usb_handle_iface_request(struct usb_xfer *xfer, 173 void **ppdata, uint16_t *plen, 174 struct usb_device_request req, uint16_t off, uint8_t state) 175 { 176 struct usb_interface *iface; 177 struct usb_interface *iface_parent; /* parent interface */ 178 struct usb_device *udev = xfer->xroot->udev; 179 int error; 180 uint8_t iface_index; 181 182 if ((req.bmRequestType & 0x1F) == UT_INTERFACE) { 183 iface_index = req.wIndex[0]; /* unicast */ 184 } else { 185 iface_index = 0; /* broadcast */ 186 } 187 188 /* 189 * We need to protect against other threads doing probe and 190 * attach: 191 */ 192 USB_XFER_UNLOCK(xfer); 193 mtx_lock(&Giant); /* XXX */ 194 sx_xlock(udev->default_sx + 1); 195 196 error = ENXIO; 197 198 tr_repeat: 199 iface = usbd_get_iface(udev, iface_index); 200 if ((iface == NULL) || 201 (iface->idesc == NULL)) { 202 /* end of interfaces non-existing interface */ 203 goto tr_stalled; 204 } 205 /* forward request to interface, if any */ 206 207 if ((error != 0) && 208 (error != ENOTTY) && 209 (iface->subdev != NULL) && 210 device_is_attached(iface->subdev)) { 211 #if 0 212 DEVMETHOD(usb_handle_request, NULL); /* dummy */ 213 #endif 214 error = USB_HANDLE_REQUEST(iface->subdev, 215 &req, ppdata, plen, 216 off, state); 217 } 218 iface_parent = usbd_get_iface(udev, iface->parent_iface_index); 219 220 if ((iface_parent == NULL) || 221 (iface_parent->idesc == NULL)) { 222 /* non-existing interface */ 223 iface_parent = NULL; 224 } 225 /* forward request to parent interface, if any */ 226 227 if ((error != 0) && 228 (error != ENOTTY) && 229 (iface_parent != NULL) && 230 (iface_parent->subdev != NULL) && 231 ((req.bmRequestType & 0x1F) == UT_INTERFACE) && 232 (iface_parent->subdev != iface->subdev) && 233 device_is_attached(iface_parent->subdev)) { 234 error = USB_HANDLE_REQUEST(iface_parent->subdev, 235 &req, ppdata, plen, off, 236 state); 237 } 238 if (error == 0) { 239 /* negativly adjust pointer and length */ 240 *ppdata = ((uint8_t *)(*ppdata)) - off; 241 *plen += off; 242 goto tr_valid; 243 } else if (error == ENOTTY) { 244 goto tr_stalled; 245 } 246 if ((req.bmRequestType & 0x1F) != UT_INTERFACE) { 247 iface_index++; /* iterate */ 248 goto tr_repeat; 249 } 250 if (state != USB_HR_NOT_COMPLETE) { 251 /* we are complete */ 252 goto tr_valid; 253 } 254 switch (req.bmRequestType) { 255 case UT_WRITE_INTERFACE: 256 switch (req.bRequest) { 257 case UR_SET_INTERFACE: 258 /* 259 * Handle special case. If we have parent interface 260 * we just reset the endpoints, because this is a 261 * multi interface device and re-attaching only a 262 * part of the device is not possible. Also if the 263 * alternate setting is the same like before we just 264 * reset the interface endoints. 265 */ 266 if ((iface_parent != NULL) || 267 (iface->alt_index == req.wValue[0])) { 268 error = usb_reset_iface_endpoints(udev, 269 iface_index); 270 if (error) { 271 DPRINTF("alt setting failed %s\n", 272 usbd_errstr(error)); 273 goto tr_stalled; 274 } 275 break; 276 } 277 /* 278 * Doing the alternate setting will detach the 279 * interface aswell: 280 */ 281 error = usbd_set_alt_interface_index(udev, 282 iface_index, req.wValue[0]); 283 if (error) { 284 DPRINTF("alt setting failed %s\n", 285 usbd_errstr(error)); 286 goto tr_stalled; 287 } 288 error = usb_probe_and_attach(udev, 289 iface_index); 290 if (error) { 291 DPRINTF("alt setting probe failed\n"); 292 goto tr_stalled; 293 } 294 break; 295 default: 296 goto tr_stalled; 297 } 298 break; 299 300 case UT_READ_INTERFACE: 301 switch (req.bRequest) { 302 case UR_GET_INTERFACE: 303 *ppdata = &iface->alt_index; 304 *plen = 1; 305 break; 306 307 default: 308 goto tr_stalled; 309 } 310 break; 311 default: 312 goto tr_stalled; 313 } 314 tr_valid: 315 mtx_unlock(&Giant); 316 sx_unlock(udev->default_sx + 1); 317 USB_XFER_LOCK(xfer); 318 return (0); 319 320 tr_stalled: 321 mtx_unlock(&Giant); 322 sx_unlock(udev->default_sx + 1); 323 USB_XFER_LOCK(xfer); 324 return (USB_ERR_STALLED); 325 } 326 327 /*------------------------------------------------------------------------* 328 * usb_handle_stall 329 * 330 * Returns: 331 * 0: Success 332 * Else: Failure 333 *------------------------------------------------------------------------*/ 334 static usb_error_t 335 usb_handle_set_stall(struct usb_xfer *xfer, uint8_t ep, uint8_t do_stall) 336 { 337 struct usb_device *udev = xfer->xroot->udev; 338 usb_error_t err; 339 340 USB_XFER_UNLOCK(xfer); 341 err = usbd_set_endpoint_stall(udev, 342 usbd_get_ep_by_addr(udev, ep), do_stall); 343 USB_XFER_LOCK(xfer); 344 return (err); 345 } 346 347 /*------------------------------------------------------------------------* 348 * usb_handle_get_stall 349 * 350 * Returns: 351 * 0: Success 352 * Else: Failure 353 *------------------------------------------------------------------------*/ 354 static uint8_t 355 usb_handle_get_stall(struct usb_device *udev, uint8_t ea_val) 356 { 357 struct usb_endpoint *ep; 358 uint8_t halted; 359 360 ep = usbd_get_ep_by_addr(udev, ea_val); 361 if (ep == NULL) { 362 /* nothing to do */ 363 return (0); 364 } 365 USB_BUS_LOCK(udev->bus); 366 halted = ep->is_stalled; 367 USB_BUS_UNLOCK(udev->bus); 368 369 return (halted); 370 } 371 372 /*------------------------------------------------------------------------* 373 * usb_handle_remote_wakeup 374 * 375 * Returns: 376 * 0: Success 377 * Else: Failure 378 *------------------------------------------------------------------------*/ 379 static usb_error_t 380 usb_handle_remote_wakeup(struct usb_xfer *xfer, uint8_t is_on) 381 { 382 struct usb_device *udev; 383 struct usb_bus *bus; 384 385 udev = xfer->xroot->udev; 386 bus = udev->bus; 387 388 USB_BUS_LOCK(bus); 389 390 if (is_on) { 391 udev->flags.remote_wakeup = 1; 392 } else { 393 udev->flags.remote_wakeup = 0; 394 } 395 396 USB_BUS_UNLOCK(bus); 397 398 /* In case we are out of sync, update the power state. */ 399 usb_bus_power_update(udev->bus); 400 return (0); /* success */ 401 } 402 403 /*------------------------------------------------------------------------* 404 * usb_handle_request 405 * 406 * Internal state sequence: 407 * 408 * USB_HR_NOT_COMPLETE -> USB_HR_COMPLETE_OK v USB_HR_COMPLETE_ERR 409 * 410 * Returns: 411 * 0: Ready to start hardware 412 * Else: Stall current transfer, if any 413 *------------------------------------------------------------------------*/ 414 static usb_error_t 415 usb_handle_request(struct usb_xfer *xfer) 416 { 417 struct usb_device_request req; 418 struct usb_device *udev; 419 const void *src_zcopy; /* zero-copy source pointer */ 420 const void *src_mcopy; /* non zero-copy source pointer */ 421 uint16_t off; /* data offset */ 422 uint16_t rem; /* data remainder */ 423 uint16_t max_len; /* max fragment length */ 424 uint16_t wValue; 425 uint16_t wIndex; 426 uint8_t state; 427 usb_error_t err; 428 union { 429 uWord wStatus; 430 uint8_t buf[2]; 431 } temp; 432 433 /* 434 * Filter the USB transfer state into 435 * something which we understand: 436 */ 437 438 switch (USB_GET_STATE(xfer)) { 439 case USB_ST_SETUP: 440 state = USB_HR_NOT_COMPLETE; 441 442 if (!xfer->flags_int.control_act) { 443 /* nothing to do */ 444 goto tr_stalled; 445 } 446 break; 447 case USB_ST_TRANSFERRED: 448 if (!xfer->flags_int.control_act) { 449 state = USB_HR_COMPLETE_OK; 450 } else { 451 state = USB_HR_NOT_COMPLETE; 452 } 453 break; 454 default: 455 state = USB_HR_COMPLETE_ERR; 456 break; 457 } 458 459 /* reset frame stuff */ 460 461 xfer->frlengths[0] = 0; 462 463 usbd_set_frame_offset(xfer, 0, 0); 464 usbd_set_frame_offset(xfer, sizeof(req), 1); 465 466 /* get the current request, if any */ 467 468 usbd_copy_out(xfer->frbuffers, 0, &req, sizeof(req)); 469 470 if (xfer->flags_int.control_rem == 0xFFFF) { 471 /* first time - not initialised */ 472 rem = UGETW(req.wLength); 473 off = 0; 474 } else { 475 /* not first time - initialised */ 476 rem = xfer->flags_int.control_rem; 477 off = UGETW(req.wLength) - rem; 478 } 479 480 /* set some defaults */ 481 482 max_len = 0; 483 src_zcopy = NULL; 484 src_mcopy = NULL; 485 udev = xfer->xroot->udev; 486 487 /* get some request fields decoded */ 488 489 wValue = UGETW(req.wValue); 490 wIndex = UGETW(req.wIndex); 491 492 DPRINTF("req 0x%02x 0x%02x 0x%04x 0x%04x " 493 "off=0x%x rem=0x%x, state=%d\n", req.bmRequestType, 494 req.bRequest, wValue, wIndex, off, rem, state); 495 496 /* demultiplex the control request */ 497 498 switch (req.bmRequestType) { 499 case UT_READ_DEVICE: 500 if (state != USB_HR_NOT_COMPLETE) { 501 break; 502 } 503 switch (req.bRequest) { 504 case UR_GET_DESCRIPTOR: 505 goto tr_handle_get_descriptor; 506 case UR_GET_CONFIG: 507 goto tr_handle_get_config; 508 case UR_GET_STATUS: 509 goto tr_handle_get_status; 510 default: 511 goto tr_stalled; 512 } 513 break; 514 515 case UT_WRITE_DEVICE: 516 switch (req.bRequest) { 517 case UR_SET_ADDRESS: 518 goto tr_handle_set_address; 519 case UR_SET_CONFIG: 520 goto tr_handle_set_config; 521 case UR_CLEAR_FEATURE: 522 switch (wValue) { 523 case UF_DEVICE_REMOTE_WAKEUP: 524 goto tr_handle_clear_wakeup; 525 default: 526 goto tr_stalled; 527 } 528 break; 529 case UR_SET_FEATURE: 530 switch (wValue) { 531 case UF_DEVICE_REMOTE_WAKEUP: 532 goto tr_handle_set_wakeup; 533 default: 534 goto tr_stalled; 535 } 536 break; 537 default: 538 goto tr_stalled; 539 } 540 break; 541 542 case UT_WRITE_ENDPOINT: 543 switch (req.bRequest) { 544 case UR_CLEAR_FEATURE: 545 switch (wValue) { 546 case UF_ENDPOINT_HALT: 547 goto tr_handle_clear_halt; 548 default: 549 goto tr_stalled; 550 } 551 break; 552 case UR_SET_FEATURE: 553 switch (wValue) { 554 case UF_ENDPOINT_HALT: 555 goto tr_handle_set_halt; 556 default: 557 goto tr_stalled; 558 } 559 break; 560 default: 561 goto tr_stalled; 562 } 563 break; 564 565 case UT_READ_ENDPOINT: 566 switch (req.bRequest) { 567 case UR_GET_STATUS: 568 goto tr_handle_get_ep_status; 569 default: 570 goto tr_stalled; 571 } 572 break; 573 default: 574 /* we use "USB_ADD_BYTES" to de-const the src_zcopy */ 575 err = usb_handle_iface_request(xfer, 576 USB_ADD_BYTES(&src_zcopy, 0), 577 &max_len, req, off, state); 578 if (err == 0) { 579 goto tr_valid; 580 } 581 /* 582 * Reset zero-copy pointer and max length 583 * variable in case they were unintentionally 584 * set: 585 */ 586 src_zcopy = NULL; 587 max_len = 0; 588 589 /* 590 * Check if we have a vendor specific 591 * descriptor: 592 */ 593 goto tr_handle_get_descriptor; 594 } 595 goto tr_valid; 596 597 tr_handle_get_descriptor: 598 err = (usb_temp_get_desc_p) (udev, &req, &src_zcopy, &max_len); 599 if (err) 600 goto tr_stalled; 601 if (src_zcopy == NULL) 602 goto tr_stalled; 603 goto tr_valid; 604 605 tr_handle_get_config: 606 temp.buf[0] = udev->curr_config_no; 607 src_mcopy = temp.buf; 608 max_len = 1; 609 goto tr_valid; 610 611 tr_handle_get_status: 612 613 wValue = 0; 614 615 USB_BUS_LOCK(udev->bus); 616 if (udev->flags.remote_wakeup) { 617 wValue |= UDS_REMOTE_WAKEUP; 618 } 619 if (udev->flags.self_powered) { 620 wValue |= UDS_SELF_POWERED; 621 } 622 USB_BUS_UNLOCK(udev->bus); 623 624 USETW(temp.wStatus, wValue); 625 src_mcopy = temp.wStatus; 626 max_len = sizeof(temp.wStatus); 627 goto tr_valid; 628 629 tr_handle_set_address: 630 if (state == USB_HR_NOT_COMPLETE) { 631 if (wValue >= 0x80) { 632 /* invalid value */ 633 goto tr_stalled; 634 } else if (udev->curr_config_no != 0) { 635 /* we are configured ! */ 636 goto tr_stalled; 637 } 638 } else if (state != USB_HR_NOT_COMPLETE) { 639 udev->address = (wValue & 0x7F); 640 goto tr_bad_context; 641 } 642 goto tr_valid; 643 644 tr_handle_set_config: 645 if (state == USB_HR_NOT_COMPLETE) { 646 if (usb_handle_set_config(xfer, req.wValue[0])) { 647 goto tr_stalled; 648 } 649 } 650 goto tr_valid; 651 652 tr_handle_clear_halt: 653 if (state == USB_HR_NOT_COMPLETE) { 654 if (usb_handle_set_stall(xfer, req.wIndex[0], 0)) { 655 goto tr_stalled; 656 } 657 } 658 goto tr_valid; 659 660 tr_handle_clear_wakeup: 661 if (state == USB_HR_NOT_COMPLETE) { 662 if (usb_handle_remote_wakeup(xfer, 0)) { 663 goto tr_stalled; 664 } 665 } 666 goto tr_valid; 667 668 tr_handle_set_halt: 669 if (state == USB_HR_NOT_COMPLETE) { 670 if (usb_handle_set_stall(xfer, req.wIndex[0], 1)) { 671 goto tr_stalled; 672 } 673 } 674 goto tr_valid; 675 676 tr_handle_set_wakeup: 677 if (state == USB_HR_NOT_COMPLETE) { 678 if (usb_handle_remote_wakeup(xfer, 1)) { 679 goto tr_stalled; 680 } 681 } 682 goto tr_valid; 683 684 tr_handle_get_ep_status: 685 if (state == USB_HR_NOT_COMPLETE) { 686 temp.wStatus[0] = 687 usb_handle_get_stall(udev, req.wIndex[0]); 688 temp.wStatus[1] = 0; 689 src_mcopy = temp.wStatus; 690 max_len = sizeof(temp.wStatus); 691 } 692 goto tr_valid; 693 694 tr_valid: 695 if (state != USB_HR_NOT_COMPLETE) { 696 goto tr_stalled; 697 } 698 /* subtract offset from length */ 699 700 max_len -= off; 701 702 /* Compute the real maximum data length */ 703 704 if (max_len > xfer->max_data_length) { 705 max_len = xfer->max_data_length; 706 } 707 if (max_len > rem) { 708 max_len = rem; 709 } 710 /* 711 * If the remainder is greater than the maximum data length, 712 * we need to truncate the value for the sake of the 713 * comparison below: 714 */ 715 if (rem > xfer->max_data_length) { 716 rem = xfer->max_data_length; 717 } 718 if (rem != max_len) { 719 /* 720 * If we don't transfer the data we can transfer, then 721 * the transfer is short ! 722 */ 723 xfer->flags.force_short_xfer = 1; 724 xfer->nframes = 2; 725 } else { 726 /* 727 * Default case 728 */ 729 xfer->flags.force_short_xfer = 0; 730 xfer->nframes = max_len ? 2 : 1; 731 } 732 if (max_len > 0) { 733 if (src_mcopy) { 734 src_mcopy = USB_ADD_BYTES(src_mcopy, off); 735 usbd_copy_in(xfer->frbuffers + 1, 0, 736 src_mcopy, max_len); 737 } else { 738 usbd_set_frame_data(xfer, 739 USB_ADD_BYTES(src_zcopy, off), 1); 740 } 741 xfer->frlengths[1] = max_len; 742 } else { 743 /* the end is reached, send status */ 744 xfer->flags.manual_status = 0; 745 xfer->frlengths[1] = 0; 746 } 747 DPRINTF("success\n"); 748 return (0); /* success */ 749 750 tr_stalled: 751 DPRINTF("%s\n", (state != USB_HR_NOT_COMPLETE) ? 752 "complete" : "stalled"); 753 return (USB_ERR_STALLED); 754 755 tr_bad_context: 756 DPRINTF("bad context\n"); 757 return (USB_ERR_BAD_CONTEXT); 758 } 759