1 /* $NetBSD: usbdi.c,v 1.247 2022/09/13 10:32:58 riastradh Exp $ */
2
3 /*
4 * Copyright (c) 1998, 2012, 2015 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Lennart Augustsson (lennart@augustsson.net) at
9 * Carlstedt Research & Technology, Matthew R. Green (mrg@eterna.com.au),
10 * and Nick Hudson.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
25 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 #include <sys/cdefs.h>
35 __KERNEL_RCSID(0, "$NetBSD: usbdi.c,v 1.247 2022/09/13 10:32:58 riastradh Exp $");
36
37 #ifdef _KERNEL_OPT
38 #include "opt_usb.h"
39 #include "opt_compat_netbsd.h"
40 #include "usb_dma.h"
41 #endif
42
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/kernel.h>
46 #include <sys/device.h>
47 #include <sys/kmem.h>
48 #include <sys/proc.h>
49 #include <sys/bus.h>
50 #include <sys/cpu.h>
51
52 #include <dev/usb/usb.h>
53 #include <dev/usb/usbdi.h>
54 #include <dev/usb/usbdi_util.h>
55 #include <dev/usb/usbdivar.h>
56 #include <dev/usb/usb_mem.h>
57 #include <dev/usb/usb_quirks.h>
58 #include <dev/usb/usb_sdt.h>
59 #include <dev/usb/usbhist.h>
60
61 /* UTF-8 encoding stuff */
62 #include <fs/unicode.h>
63
64 SDT_PROBE_DEFINE5(usb, device, pipe, open,
65 "struct usbd_interface *"/*iface*/,
66 "uint8_t"/*address*/,
67 "uint8_t"/*flags*/,
68 "int"/*ival*/,
69 "struct usbd_pipe *"/*pipe*/);
70
71 SDT_PROBE_DEFINE7(usb, device, pipe, open__intr,
72 "struct usbd_interface *"/*iface*/,
73 "uint8_t"/*address*/,
74 "uint8_t"/*flags*/,
75 "int"/*ival*/,
76 "usbd_callback"/*cb*/,
77 "void *"/*cookie*/,
78 "struct usbd_pipe *"/*pipe*/);
79
80 SDT_PROBE_DEFINE2(usb, device, pipe, transfer__start,
81 "struct usbd_pipe *"/*pipe*/,
82 "struct usbd_xfer *"/*xfer*/);
83 SDT_PROBE_DEFINE3(usb, device, pipe, transfer__done,
84 "struct usbd_pipe *"/*pipe*/,
85 "struct usbd_xfer *"/*xfer*/,
86 "usbd_status"/*err*/);
87 SDT_PROBE_DEFINE2(usb, device, pipe, start,
88 "struct usbd_pipe *"/*pipe*/,
89 "struct usbd_xfer *"/*xfer*/);
90
91 SDT_PROBE_DEFINE1(usb, device, pipe, close, "struct usbd_pipe *"/*pipe*/);
92 SDT_PROBE_DEFINE1(usb, device, pipe, abort__start,
93 "struct usbd_pipe *"/*pipe*/);
94 SDT_PROBE_DEFINE1(usb, device, pipe, abort__done,
95 "struct usbd_pipe *"/*pipe*/);
96 SDT_PROBE_DEFINE1(usb, device, pipe, clear__endpoint__stall,
97 "struct usbd_pipe *"/*pipe*/);
98 SDT_PROBE_DEFINE1(usb, device, pipe, clear__endpoint__toggle,
99 "struct usbd_pipe *"/*pipe*/);
100
101 SDT_PROBE_DEFINE5(usb, device, xfer, create,
102 "struct usbd_xfer *"/*xfer*/,
103 "struct usbd_pipe *"/*pipe*/,
104 "size_t"/*len*/,
105 "unsigned int"/*flags*/,
106 "unsigned int"/*nframes*/);
107 SDT_PROBE_DEFINE1(usb, device, xfer, start, "struct usbd_xfer *"/*xfer*/);
108 SDT_PROBE_DEFINE1(usb, device, xfer, preabort, "struct usbd_xfer *"/*xfer*/);
109 SDT_PROBE_DEFINE1(usb, device, xfer, abort, "struct usbd_xfer *"/*xfer*/);
110 SDT_PROBE_DEFINE1(usb, device, xfer, timeout, "struct usbd_xfer *"/*xfer*/);
111 SDT_PROBE_DEFINE2(usb, device, xfer, done,
112 "struct usbd_xfer *"/*xfer*/,
113 "usbd_status"/*status*/);
114 SDT_PROBE_DEFINE1(usb, device, xfer, destroy, "struct usbd_xfer *"/*xfer*/);
115
116 SDT_PROBE_DEFINE5(usb, device, request, start,
117 "struct usbd_device *"/*dev*/,
118 "usb_device_request_t *"/*req*/,
119 "size_t"/*len*/,
120 "int"/*flags*/,
121 "uint32_t"/*timeout*/);
122
123 SDT_PROBE_DEFINE7(usb, device, request, done,
124 "struct usbd_device *"/*dev*/,
125 "usb_device_request_t *"/*req*/,
126 "size_t"/*actlen*/,
127 "int"/*flags*/,
128 "uint32_t"/*timeout*/,
129 "void *"/*data*/,
130 "usbd_status"/*status*/);
131
132 Static void usbd_ar_pipe(struct usbd_pipe *);
133 Static void usbd_start_next(struct usbd_pipe *);
134 Static usbd_status usbd_open_pipe_ival
135 (struct usbd_interface *, uint8_t, uint8_t, struct usbd_pipe **, int);
136 static void *usbd_alloc_buffer(struct usbd_xfer *, uint32_t);
137 static void usbd_free_buffer(struct usbd_xfer *);
138 static struct usbd_xfer *usbd_alloc_xfer(struct usbd_device *, unsigned int);
139 static void usbd_free_xfer(struct usbd_xfer *);
140 static void usbd_xfer_timeout(void *);
141 static void usbd_xfer_timeout_task(void *);
142 static bool usbd_xfer_probe_timeout(struct usbd_xfer *);
143 static void usbd_xfer_cancel_timeout_async(struct usbd_xfer *);
144
145 #if defined(USB_DEBUG)
146 void
usbd_dump_iface(struct usbd_interface * iface)147 usbd_dump_iface(struct usbd_interface *iface)
148 {
149 USBHIST_FUNC();
150 USBHIST_CALLARGS(usbdebug, "iface %#jx", (uintptr_t)iface, 0, 0, 0);
151
152 if (iface == NULL)
153 return;
154 USBHIST_LOG(usbdebug, " device = %#jx idesc = %#jx index = %jd",
155 (uintptr_t)iface->ui_dev, (uintptr_t)iface->ui_idesc,
156 iface->ui_index, 0);
157 USBHIST_LOG(usbdebug, " altindex=%jd",
158 iface->ui_altindex, 0, 0, 0);
159 }
160
161 void
usbd_dump_device(struct usbd_device * dev)162 usbd_dump_device(struct usbd_device *dev)
163 {
164 USBHIST_FUNC();
165 USBHIST_CALLARGS(usbdebug, "dev = %#jx", (uintptr_t)dev, 0, 0, 0);
166
167 if (dev == NULL)
168 return;
169 USBHIST_LOG(usbdebug, " bus = %#jx default_pipe = %#jx",
170 (uintptr_t)dev->ud_bus, (uintptr_t)dev->ud_pipe0, 0, 0);
171 USBHIST_LOG(usbdebug, " address = %jd config = %jd depth = %jd ",
172 dev->ud_addr, dev->ud_config, dev->ud_depth, 0);
173 USBHIST_LOG(usbdebug, " speed = %jd self_powered = %jd "
174 "power = %jd langid = %jd",
175 dev->ud_speed, dev->ud_selfpowered, dev->ud_power, dev->ud_langid);
176 }
177
178 void
usbd_dump_endpoint(struct usbd_endpoint * endp)179 usbd_dump_endpoint(struct usbd_endpoint *endp)
180 {
181 USBHIST_FUNC();
182 USBHIST_CALLARGS(usbdebug, "endp = %#jx", (uintptr_t)endp, 0, 0, 0);
183
184 if (endp == NULL)
185 return;
186 USBHIST_LOG(usbdebug, " edesc = %#jx refcnt = %jd",
187 (uintptr_t)endp->ue_edesc, endp->ue_refcnt, 0, 0);
188 if (endp->ue_edesc)
189 USBHIST_LOG(usbdebug, " bEndpointAddress=0x%02jx",
190 endp->ue_edesc->bEndpointAddress, 0, 0, 0);
191 }
192
193 void
usbd_dump_queue(struct usbd_pipe * pipe)194 usbd_dump_queue(struct usbd_pipe *pipe)
195 {
196 struct usbd_xfer *xfer;
197
198 USBHIST_FUNC();
199 USBHIST_CALLARGS(usbdebug, "pipe = %#jx", (uintptr_t)pipe, 0, 0, 0);
200
201 SIMPLEQ_FOREACH(xfer, &pipe->up_queue, ux_next) {
202 USBHIST_LOG(usbdebug, " xfer = %#jx", (uintptr_t)xfer,
203 0, 0, 0);
204 }
205 }
206
207 void
usbd_dump_pipe(struct usbd_pipe * pipe)208 usbd_dump_pipe(struct usbd_pipe *pipe)
209 {
210 USBHIST_FUNC();
211 USBHIST_CALLARGS(usbdebug, "pipe = %#jx", (uintptr_t)pipe, 0, 0, 0);
212
213 if (pipe == NULL)
214 return;
215 usbd_dump_iface(pipe->up_iface);
216 usbd_dump_device(pipe->up_dev);
217 usbd_dump_endpoint(pipe->up_endpoint);
218 USBHIST_LOG(usbdebug, "(usbd_dump_pipe)", 0, 0, 0, 0);
219 USBHIST_LOG(usbdebug, " running = %jd aborting = %jd",
220 pipe->up_running, pipe->up_aborting, 0, 0);
221 USBHIST_LOG(usbdebug, " intrxfer = %#jx, repeat = %jd, "
222 "interval = %jd", (uintptr_t)pipe->up_intrxfer, pipe->up_repeat,
223 pipe->up_interval, 0);
224 }
225 #endif
226
227 usbd_status
usbd_open_pipe(struct usbd_interface * iface,uint8_t address,uint8_t flags,struct usbd_pipe ** pipe)228 usbd_open_pipe(struct usbd_interface *iface, uint8_t address,
229 uint8_t flags, struct usbd_pipe **pipe)
230 {
231 return (usbd_open_pipe_ival(iface, address, flags, pipe,
232 USBD_DEFAULT_INTERVAL));
233 }
234
235 usbd_status
usbd_open_pipe_ival(struct usbd_interface * iface,uint8_t address,uint8_t flags,struct usbd_pipe ** pipe,int ival)236 usbd_open_pipe_ival(struct usbd_interface *iface, uint8_t address,
237 uint8_t flags, struct usbd_pipe **pipe, int ival)
238 {
239 struct usbd_pipe *p = NULL;
240 struct usbd_endpoint *ep = NULL /* XXXGCC */;
241 bool piperef = false;
242 usbd_status err;
243 int i;
244
245 USBHIST_FUNC();
246 USBHIST_CALLARGS(usbdebug, "iface = %#jx address = %#jx flags = %#jx",
247 (uintptr_t)iface, address, flags, 0);
248
249 /*
250 * Block usbd_set_interface so we have a snapshot of the
251 * interface endpoints. They will remain stable until we drop
252 * the reference in usbd_close_pipe (or on failure here).
253 */
254 err = usbd_iface_piperef(iface);
255 if (err)
256 goto out;
257 piperef = true;
258
259 /* Find the endpoint at this address. */
260 for (i = 0; i < iface->ui_idesc->bNumEndpoints; i++) {
261 ep = &iface->ui_endpoints[i];
262 if (ep->ue_edesc == NULL) {
263 err = USBD_IOERROR;
264 goto out;
265 }
266 if (ep->ue_edesc->bEndpointAddress == address)
267 break;
268 }
269 if (i == iface->ui_idesc->bNumEndpoints) {
270 err = USBD_BAD_ADDRESS;
271 goto out;
272 }
273
274 /* Set up the pipe with this endpoint. */
275 err = usbd_setup_pipe_flags(iface->ui_dev, iface, ep, ival, &p, flags);
276 if (err)
277 goto out;
278
279 /* Success! */
280 *pipe = p;
281 p = NULL; /* handed off to caller */
282 piperef = false; /* handed off to pipe */
283 SDT_PROBE5(usb, device, pipe, open,
284 iface, address, flags, ival, p);
285 err = USBD_NORMAL_COMPLETION;
286
287 out: if (p)
288 usbd_close_pipe(p);
289 if (piperef)
290 usbd_iface_pipeunref(iface);
291 return err;
292 }
293
294 usbd_status
usbd_open_pipe_intr(struct usbd_interface * iface,uint8_t address,uint8_t flags,struct usbd_pipe ** pipe,void * priv,void * buffer,uint32_t len,usbd_callback cb,int ival)295 usbd_open_pipe_intr(struct usbd_interface *iface, uint8_t address,
296 uint8_t flags, struct usbd_pipe **pipe,
297 void *priv, void *buffer, uint32_t len,
298 usbd_callback cb, int ival)
299 {
300 usbd_status err;
301 struct usbd_xfer *xfer;
302 struct usbd_pipe *ipipe;
303
304 USBHIST_FUNC();
305 USBHIST_CALLARGS(usbdebug, "address = %#jx flags = %#jx len = %jd",
306 address, flags, len, 0);
307
308 err = usbd_open_pipe_ival(iface, address,
309 USBD_EXCLUSIVE_USE | (flags & USBD_MPSAFE),
310 &ipipe, ival);
311 if (err)
312 return err;
313 err = usbd_create_xfer(ipipe, len, flags, 0, &xfer);
314 if (err)
315 goto bad1;
316
317 usbd_setup_xfer(xfer, priv, buffer, len, flags, USBD_NO_TIMEOUT, cb);
318 ipipe->up_intrxfer = xfer;
319 ipipe->up_repeat = 1;
320 err = usbd_transfer(xfer);
321 *pipe = ipipe;
322 if (err != USBD_IN_PROGRESS)
323 goto bad3;
324 SDT_PROBE7(usb, device, pipe, open__intr,
325 iface, address, flags, ival, cb, priv, ipipe);
326 return USBD_NORMAL_COMPLETION;
327
328 bad3:
329 ipipe->up_intrxfer = NULL;
330 ipipe->up_repeat = 0;
331
332 usbd_destroy_xfer(xfer);
333 bad1:
334 usbd_close_pipe(ipipe);
335 return err;
336 }
337
338 void
usbd_close_pipe(struct usbd_pipe * pipe)339 usbd_close_pipe(struct usbd_pipe *pipe)
340 {
341 USBHIST_FUNC(); USBHIST_CALLED(usbdebug);
342
343 KASSERT(pipe != NULL);
344
345 usbd_lock_pipe(pipe);
346 SDT_PROBE1(usb, device, pipe, close, pipe);
347 if (!SIMPLEQ_EMPTY(&pipe->up_queue)) {
348 printf("WARNING: pipe closed with active xfers on addr %d\n",
349 pipe->up_dev->ud_addr);
350 usbd_ar_pipe(pipe);
351 }
352 KASSERT(SIMPLEQ_EMPTY(&pipe->up_queue));
353 pipe->up_methods->upm_close(pipe);
354 usbd_unlock_pipe(pipe);
355
356 cv_destroy(&pipe->up_callingcv);
357 if (pipe->up_intrxfer)
358 usbd_destroy_xfer(pipe->up_intrxfer);
359 usb_rem_task_wait(pipe->up_dev, &pipe->up_async_task, USB_TASKQ_DRIVER,
360 NULL);
361 usbd_endpoint_release(pipe->up_dev, pipe->up_endpoint);
362 if (pipe->up_iface)
363 usbd_iface_pipeunref(pipe->up_iface);
364 kmem_free(pipe, pipe->up_dev->ud_bus->ub_pipesize);
365 }
366
367 usbd_status
usbd_transfer(struct usbd_xfer * xfer)368 usbd_transfer(struct usbd_xfer *xfer)
369 {
370 struct usbd_pipe *pipe = xfer->ux_pipe;
371 usbd_status err;
372 unsigned int size, flags;
373
374 USBHIST_FUNC(); USBHIST_CALLARGS(usbdebug,
375 "xfer = %#jx, flags = %#jx, pipe = %#jx, running = %jd",
376 (uintptr_t)xfer, xfer->ux_flags, (uintptr_t)pipe, pipe->up_running);
377 KASSERT(xfer->ux_status == USBD_NOT_STARTED);
378 SDT_PROBE1(usb, device, xfer, start, xfer);
379
380 #ifdef USB_DEBUG
381 if (usbdebug > 5)
382 usbd_dump_queue(pipe);
383 #endif
384 xfer->ux_done = 0;
385
386 KASSERT(xfer->ux_length == 0 || xfer->ux_buf != NULL);
387
388 size = xfer->ux_length;
389 flags = xfer->ux_flags;
390
391 if (size != 0) {
392 /*
393 * Use the xfer buffer if none specified in transfer setup.
394 * isoc transfers always use the xfer buffer, i.e.
395 * ux_buffer is always NULL for isoc.
396 */
397 if (xfer->ux_buffer == NULL) {
398 xfer->ux_buffer = xfer->ux_buf;
399 }
400
401 /*
402 * If not using the xfer buffer copy data to the
403 * xfer buffer for OUT transfers of >0 length
404 */
405 if (xfer->ux_buffer != xfer->ux_buf) {
406 KASSERT(xfer->ux_buf);
407 if (!usbd_xfer_isread(xfer)) {
408 memcpy(xfer->ux_buf, xfer->ux_buffer, size);
409 }
410 }
411 }
412
413 usbd_lock_pipe(pipe);
414 if (pipe->up_aborting) {
415 /*
416 * XXX For synchronous transfers this is fine. What to
417 * do for asynchronous transfers? The callback is
418 * never run, not even with status USBD_CANCELLED.
419 */
420 usbd_unlock_pipe(pipe);
421 USBHIST_LOG(usbdebug, "<- done xfer %#jx, aborting",
422 (uintptr_t)xfer, 0, 0, 0);
423 SDT_PROBE2(usb, device, xfer, done, xfer, USBD_CANCELLED);
424 return USBD_CANCELLED;
425 }
426
427 /* xfer is not valid after the transfer method unless synchronous */
428 SDT_PROBE2(usb, device, pipe, transfer__start, pipe, xfer);
429 do {
430 #ifdef DIAGNOSTIC
431 xfer->ux_state = XFER_ONQU;
432 #endif
433 SIMPLEQ_INSERT_TAIL(&pipe->up_queue, xfer, ux_next);
434 if (pipe->up_running && pipe->up_serialise) {
435 err = USBD_IN_PROGRESS;
436 } else {
437 pipe->up_running = 1;
438 err = USBD_NORMAL_COMPLETION;
439 }
440 if (err)
441 break;
442 err = pipe->up_methods->upm_transfer(xfer);
443 } while (0);
444 SDT_PROBE3(usb, device, pipe, transfer__done, pipe, xfer, err);
445
446 usbd_unlock_pipe(pipe);
447
448 if (err != USBD_IN_PROGRESS && err) {
449 /*
450 * The transfer made it onto the pipe queue, but didn't get
451 * accepted by the HCD for some reason. It needs removing
452 * from the pipe queue.
453 */
454 USBHIST_LOG(usbdebug, "xfer failed: %jd, reinserting",
455 err, 0, 0, 0);
456 usbd_lock_pipe(pipe);
457 SDT_PROBE1(usb, device, xfer, preabort, xfer);
458 #ifdef DIAGNOSTIC
459 xfer->ux_state = XFER_BUSY;
460 #endif
461 SIMPLEQ_REMOVE_HEAD(&pipe->up_queue, ux_next);
462 if (pipe->up_serialise)
463 usbd_start_next(pipe);
464 usbd_unlock_pipe(pipe);
465 }
466
467 if (!(flags & USBD_SYNCHRONOUS)) {
468 USBHIST_LOG(usbdebug, "<- done xfer %#jx, not sync (err %jd)",
469 (uintptr_t)xfer, err, 0, 0);
470 KASSERTMSG(err != USBD_NORMAL_COMPLETION,
471 "asynchronous xfer %p completed synchronously", xfer);
472 return err;
473 }
474
475 if (err != USBD_IN_PROGRESS) {
476 USBHIST_LOG(usbdebug, "<- done xfer %#jx, sync (err %jd)",
477 (uintptr_t)xfer, err, 0, 0);
478 SDT_PROBE2(usb, device, xfer, done, xfer, err);
479 return err;
480 }
481
482 /* Sync transfer, wait for completion. */
483 usbd_lock_pipe(pipe);
484 while (!xfer->ux_done) {
485 if (pipe->up_dev->ud_bus->ub_usepolling)
486 panic("usbd_transfer: not done");
487 USBHIST_LOG(usbdebug, "<- sleeping on xfer %#jx",
488 (uintptr_t)xfer, 0, 0, 0);
489
490 err = 0;
491 if ((flags & USBD_SYNCHRONOUS_SIG) != 0) {
492 err = cv_wait_sig(&xfer->ux_cv, pipe->up_dev->ud_bus->ub_lock);
493 } else {
494 cv_wait(&xfer->ux_cv, pipe->up_dev->ud_bus->ub_lock);
495 }
496 if (err) {
497 if (!xfer->ux_done) {
498 SDT_PROBE1(usb, device, xfer, abort, xfer);
499 pipe->up_methods->upm_abort(xfer);
500 }
501 break;
502 }
503 }
504 err = xfer->ux_status;
505 SDT_PROBE2(usb, device, xfer, done, xfer, err);
506 usbd_unlock_pipe(pipe);
507 return err;
508 }
509
510 /* Like usbd_transfer(), but waits for completion. */
511 usbd_status
usbd_sync_transfer(struct usbd_xfer * xfer)512 usbd_sync_transfer(struct usbd_xfer *xfer)
513 {
514 xfer->ux_flags |= USBD_SYNCHRONOUS;
515 return usbd_transfer(xfer);
516 }
517
518 /* Like usbd_transfer(), but waits for completion and listens for signals. */
519 usbd_status
usbd_sync_transfer_sig(struct usbd_xfer * xfer)520 usbd_sync_transfer_sig(struct usbd_xfer *xfer)
521 {
522 xfer->ux_flags |= USBD_SYNCHRONOUS | USBD_SYNCHRONOUS_SIG;
523 return usbd_transfer(xfer);
524 }
525
526 static void *
usbd_alloc_buffer(struct usbd_xfer * xfer,uint32_t size)527 usbd_alloc_buffer(struct usbd_xfer *xfer, uint32_t size)
528 {
529 KASSERT(xfer->ux_buf == NULL);
530 KASSERT(size != 0);
531
532 xfer->ux_bufsize = 0;
533 #if NUSB_DMA > 0
534 struct usbd_bus *bus = xfer->ux_bus;
535
536 if (bus->ub_usedma) {
537 usb_dma_t *dmap = &xfer->ux_dmabuf;
538
539 KASSERT((bus->ub_dmaflags & USBMALLOC_COHERENT) == 0);
540 int err = usb_allocmem(bus->ub_dmatag, size, 0, bus->ub_dmaflags, dmap);
541 if (err) {
542 return NULL;
543 }
544 xfer->ux_buf = KERNADDR(&xfer->ux_dmabuf, 0);
545 xfer->ux_bufsize = size;
546
547 return xfer->ux_buf;
548 }
549 #endif
550 KASSERT(xfer->ux_bus->ub_usedma == false);
551 xfer->ux_buf = kmem_alloc(size, KM_SLEEP);
552 xfer->ux_bufsize = size;
553 return xfer->ux_buf;
554 }
555
556 static void
usbd_free_buffer(struct usbd_xfer * xfer)557 usbd_free_buffer(struct usbd_xfer *xfer)
558 {
559 KASSERT(xfer->ux_buf != NULL);
560 KASSERT(xfer->ux_bufsize != 0);
561
562 void *buf = xfer->ux_buf;
563 uint32_t size = xfer->ux_bufsize;
564
565 xfer->ux_buf = NULL;
566 xfer->ux_bufsize = 0;
567
568 #if NUSB_DMA > 0
569 struct usbd_bus *bus = xfer->ux_bus;
570
571 if (bus->ub_usedma) {
572 usb_dma_t *dmap = &xfer->ux_dmabuf;
573
574 usb_freemem(dmap);
575 return;
576 }
577 #endif
578 KASSERT(xfer->ux_bus->ub_usedma == false);
579
580 kmem_free(buf, size);
581 }
582
583 void *
usbd_get_buffer(struct usbd_xfer * xfer)584 usbd_get_buffer(struct usbd_xfer *xfer)
585 {
586 return xfer->ux_buf;
587 }
588
589 struct usbd_pipe *
usbd_get_pipe0(struct usbd_device * dev)590 usbd_get_pipe0(struct usbd_device *dev)
591 {
592
593 return dev->ud_pipe0;
594 }
595
596 static struct usbd_xfer *
usbd_alloc_xfer(struct usbd_device * dev,unsigned int nframes)597 usbd_alloc_xfer(struct usbd_device *dev, unsigned int nframes)
598 {
599 struct usbd_xfer *xfer;
600
601 USBHIST_FUNC();
602
603 ASSERT_SLEEPABLE();
604
605 xfer = dev->ud_bus->ub_methods->ubm_allocx(dev->ud_bus, nframes);
606 if (xfer == NULL)
607 goto out;
608 xfer->ux_bus = dev->ud_bus;
609 callout_init(&xfer->ux_callout, CALLOUT_MPSAFE);
610 callout_setfunc(&xfer->ux_callout, usbd_xfer_timeout, xfer);
611 cv_init(&xfer->ux_cv, "usbxfer");
612 usb_init_task(&xfer->ux_aborttask, usbd_xfer_timeout_task, xfer,
613 USB_TASKQ_MPSAFE);
614
615 out:
616 USBHIST_CALLARGS(usbdebug, "returns %#jx", (uintptr_t)xfer, 0, 0, 0);
617
618 return xfer;
619 }
620
621 static void
usbd_free_xfer(struct usbd_xfer * xfer)622 usbd_free_xfer(struct usbd_xfer *xfer)
623 {
624 USBHIST_FUNC();
625 USBHIST_CALLARGS(usbdebug, "%#jx", (uintptr_t)xfer, 0, 0, 0);
626
627 if (xfer->ux_buf) {
628 usbd_free_buffer(xfer);
629 }
630
631 /* Wait for any straggling timeout to complete. */
632 mutex_enter(xfer->ux_bus->ub_lock);
633 xfer->ux_timeout_reset = false; /* do not resuscitate */
634 callout_halt(&xfer->ux_callout, xfer->ux_bus->ub_lock);
635 usb_rem_task_wait(xfer->ux_pipe->up_dev, &xfer->ux_aborttask,
636 USB_TASKQ_HC, xfer->ux_bus->ub_lock);
637 mutex_exit(xfer->ux_bus->ub_lock);
638
639 cv_destroy(&xfer->ux_cv);
640 xfer->ux_bus->ub_methods->ubm_freex(xfer->ux_bus, xfer);
641 }
642
643 int
usbd_create_xfer(struct usbd_pipe * pipe,size_t len,unsigned int flags,unsigned int nframes,struct usbd_xfer ** xp)644 usbd_create_xfer(struct usbd_pipe *pipe, size_t len, unsigned int flags,
645 unsigned int nframes, struct usbd_xfer **xp)
646 {
647 KASSERT(xp != NULL);
648 void *buf = NULL;
649
650 struct usbd_xfer *xfer = usbd_alloc_xfer(pipe->up_dev, nframes);
651 if (xfer == NULL)
652 return ENOMEM;
653
654 xfer->ux_pipe = pipe;
655 xfer->ux_flags = flags;
656 xfer->ux_nframes = nframes;
657 xfer->ux_methods = pipe->up_methods;
658
659 if (len) {
660 buf = usbd_alloc_buffer(xfer, len);
661 if (!buf) {
662 usbd_free_xfer(xfer);
663 return ENOMEM;
664 }
665 }
666
667 if (xfer->ux_methods->upm_init) {
668 int err = xfer->ux_methods->upm_init(xfer);
669 if (err) {
670 usbd_free_xfer(xfer);
671 return err;
672 }
673 }
674
675 *xp = xfer;
676 SDT_PROBE5(usb, device, xfer, create,
677 xfer, pipe, len, flags, nframes);
678 return 0;
679 }
680
681 void
usbd_destroy_xfer(struct usbd_xfer * xfer)682 usbd_destroy_xfer(struct usbd_xfer *xfer)
683 {
684
685 SDT_PROBE1(usb, device, xfer, destroy, xfer);
686 if (xfer->ux_methods->upm_fini)
687 xfer->ux_methods->upm_fini(xfer);
688
689 usbd_free_xfer(xfer);
690 }
691
692 void
usbd_setup_xfer(struct usbd_xfer * xfer,void * priv,void * buffer,uint32_t length,uint16_t flags,uint32_t timeout,usbd_callback callback)693 usbd_setup_xfer(struct usbd_xfer *xfer, void *priv, void *buffer,
694 uint32_t length, uint16_t flags, uint32_t timeout, usbd_callback callback)
695 {
696 KASSERT(xfer->ux_pipe);
697
698 xfer->ux_priv = priv;
699 xfer->ux_buffer = buffer;
700 xfer->ux_length = length;
701 xfer->ux_actlen = 0;
702 xfer->ux_flags = flags;
703 xfer->ux_timeout = timeout;
704 xfer->ux_status = USBD_NOT_STARTED;
705 xfer->ux_callback = callback;
706 xfer->ux_rqflags &= ~URQ_REQUEST;
707 xfer->ux_nframes = 0;
708 }
709
710 void
usbd_setup_default_xfer(struct usbd_xfer * xfer,struct usbd_device * dev,void * priv,uint32_t timeout,usb_device_request_t * req,void * buffer,uint32_t length,uint16_t flags,usbd_callback callback)711 usbd_setup_default_xfer(struct usbd_xfer *xfer, struct usbd_device *dev,
712 void *priv, uint32_t timeout, usb_device_request_t *req, void *buffer,
713 uint32_t length, uint16_t flags, usbd_callback callback)
714 {
715 KASSERT(xfer->ux_pipe == dev->ud_pipe0);
716
717 xfer->ux_priv = priv;
718 xfer->ux_buffer = buffer;
719 xfer->ux_length = length;
720 xfer->ux_actlen = 0;
721 xfer->ux_flags = flags;
722 xfer->ux_timeout = timeout;
723 xfer->ux_status = USBD_NOT_STARTED;
724 xfer->ux_callback = callback;
725 xfer->ux_request = *req;
726 xfer->ux_rqflags |= URQ_REQUEST;
727 xfer->ux_nframes = 0;
728 }
729
730 void
usbd_setup_isoc_xfer(struct usbd_xfer * xfer,void * priv,uint16_t * frlengths,uint32_t nframes,uint16_t flags,usbd_callback callback)731 usbd_setup_isoc_xfer(struct usbd_xfer *xfer, void *priv, uint16_t *frlengths,
732 uint32_t nframes, uint16_t flags, usbd_callback callback)
733 {
734 xfer->ux_priv = priv;
735 xfer->ux_buffer = NULL;
736 xfer->ux_length = 0;
737 xfer->ux_actlen = 0;
738 xfer->ux_flags = flags;
739 xfer->ux_timeout = USBD_NO_TIMEOUT;
740 xfer->ux_status = USBD_NOT_STARTED;
741 xfer->ux_callback = callback;
742 xfer->ux_rqflags &= ~URQ_REQUEST;
743 xfer->ux_frlengths = frlengths;
744 xfer->ux_nframes = nframes;
745
746 for (size_t i = 0; i < xfer->ux_nframes; i++)
747 xfer->ux_length += xfer->ux_frlengths[i];
748 }
749
750 void
usbd_get_xfer_status(struct usbd_xfer * xfer,void ** priv,void ** buffer,uint32_t * count,usbd_status * status)751 usbd_get_xfer_status(struct usbd_xfer *xfer, void **priv,
752 void **buffer, uint32_t *count, usbd_status *status)
753 {
754 if (priv != NULL)
755 *priv = xfer->ux_priv;
756 if (buffer != NULL)
757 *buffer = xfer->ux_buffer;
758 if (count != NULL)
759 *count = xfer->ux_actlen;
760 if (status != NULL)
761 *status = xfer->ux_status;
762 }
763
764 usb_config_descriptor_t *
usbd_get_config_descriptor(struct usbd_device * dev)765 usbd_get_config_descriptor(struct usbd_device *dev)
766 {
767 KASSERT(dev != NULL);
768
769 return dev->ud_cdesc;
770 }
771
772 usb_interface_descriptor_t *
usbd_get_interface_descriptor(struct usbd_interface * iface)773 usbd_get_interface_descriptor(struct usbd_interface *iface)
774 {
775 KASSERT(iface != NULL);
776
777 return iface->ui_idesc;
778 }
779
780 usb_device_descriptor_t *
usbd_get_device_descriptor(struct usbd_device * dev)781 usbd_get_device_descriptor(struct usbd_device *dev)
782 {
783 KASSERT(dev != NULL);
784
785 return &dev->ud_ddesc;
786 }
787
788 usb_endpoint_descriptor_t *
usbd_interface2endpoint_descriptor(struct usbd_interface * iface,uint8_t index)789 usbd_interface2endpoint_descriptor(struct usbd_interface *iface, uint8_t index)
790 {
791
792 if (index >= iface->ui_idesc->bNumEndpoints)
793 return NULL;
794 return iface->ui_endpoints[index].ue_edesc;
795 }
796
797 /* Some drivers may wish to abort requests on the default pipe, *
798 * but there is no mechanism for getting a handle on it. */
799 void
usbd_abort_default_pipe(struct usbd_device * device)800 usbd_abort_default_pipe(struct usbd_device *device)
801 {
802 usbd_abort_pipe(device->ud_pipe0);
803 }
804
805 void
usbd_abort_pipe(struct usbd_pipe * pipe)806 usbd_abort_pipe(struct usbd_pipe *pipe)
807 {
808
809 usbd_suspend_pipe(pipe);
810 usbd_resume_pipe(pipe);
811 }
812
813 void
usbd_suspend_pipe(struct usbd_pipe * pipe)814 usbd_suspend_pipe(struct usbd_pipe *pipe)
815 {
816
817 usbd_lock_pipe(pipe);
818 usbd_ar_pipe(pipe);
819 usbd_unlock_pipe(pipe);
820 }
821
822 void
usbd_resume_pipe(struct usbd_pipe * pipe)823 usbd_resume_pipe(struct usbd_pipe *pipe)
824 {
825
826 usbd_lock_pipe(pipe);
827 KASSERT(SIMPLEQ_EMPTY(&pipe->up_queue));
828 pipe->up_aborting = 0;
829 usbd_unlock_pipe(pipe);
830 }
831
832 usbd_status
usbd_clear_endpoint_stall(struct usbd_pipe * pipe)833 usbd_clear_endpoint_stall(struct usbd_pipe *pipe)
834 {
835 struct usbd_device *dev = pipe->up_dev;
836 usbd_status err;
837
838 USBHIST_FUNC(); USBHIST_CALLED(usbdebug);
839 SDT_PROBE1(usb, device, pipe, clear__endpoint__stall, pipe);
840
841 /*
842 * Clearing en endpoint stall resets the endpoint toggle, so
843 * do the same to the HC toggle.
844 */
845 SDT_PROBE1(usb, device, pipe, clear__endpoint__toggle, pipe);
846 pipe->up_methods->upm_cleartoggle(pipe);
847
848 err = usbd_clear_endpoint_feature(dev,
849 pipe->up_endpoint->ue_edesc->bEndpointAddress, UF_ENDPOINT_HALT);
850 #if 0
851 XXX should we do this?
852 if (!err) {
853 pipe->state = USBD_PIPE_ACTIVE;
854 /* XXX activate pipe */
855 }
856 #endif
857 return err;
858 }
859
860 void
usbd_clear_endpoint_stall_task(void * arg)861 usbd_clear_endpoint_stall_task(void *arg)
862 {
863 struct usbd_pipe *pipe = arg;
864 struct usbd_device *dev = pipe->up_dev;
865
866 SDT_PROBE1(usb, device, pipe, clear__endpoint__stall, pipe);
867 SDT_PROBE1(usb, device, pipe, clear__endpoint__toggle, pipe);
868 pipe->up_methods->upm_cleartoggle(pipe);
869
870 (void)usbd_clear_endpoint_feature(dev,
871 pipe->up_endpoint->ue_edesc->bEndpointAddress, UF_ENDPOINT_HALT);
872 }
873
874 void
usbd_clear_endpoint_stall_async(struct usbd_pipe * pipe)875 usbd_clear_endpoint_stall_async(struct usbd_pipe *pipe)
876 {
877 usb_add_task(pipe->up_dev, &pipe->up_async_task, USB_TASKQ_DRIVER);
878 }
879
880 void
usbd_clear_endpoint_toggle(struct usbd_pipe * pipe)881 usbd_clear_endpoint_toggle(struct usbd_pipe *pipe)
882 {
883
884 SDT_PROBE1(usb, device, pipe, clear__endpoint__toggle, pipe);
885 pipe->up_methods->upm_cleartoggle(pipe);
886 }
887
888 usbd_status
usbd_endpoint_count(struct usbd_interface * iface,uint8_t * count)889 usbd_endpoint_count(struct usbd_interface *iface, uint8_t *count)
890 {
891 KASSERT(iface != NULL);
892 KASSERT(iface->ui_idesc != NULL);
893
894 *count = iface->ui_idesc->bNumEndpoints;
895 return USBD_NORMAL_COMPLETION;
896 }
897
898 usbd_status
usbd_interface_count(struct usbd_device * dev,uint8_t * count)899 usbd_interface_count(struct usbd_device *dev, uint8_t *count)
900 {
901
902 if (dev->ud_cdesc == NULL)
903 return USBD_NOT_CONFIGURED;
904 *count = dev->ud_cdesc->bNumInterface;
905 return USBD_NORMAL_COMPLETION;
906 }
907
908 void
usbd_interface2device_handle(struct usbd_interface * iface,struct usbd_device ** dev)909 usbd_interface2device_handle(struct usbd_interface *iface,
910 struct usbd_device **dev)
911 {
912
913 *dev = iface->ui_dev;
914 }
915
916 usbd_status
usbd_device2interface_handle(struct usbd_device * dev,uint8_t ifaceno,struct usbd_interface ** iface)917 usbd_device2interface_handle(struct usbd_device *dev,
918 uint8_t ifaceno, struct usbd_interface **iface)
919 {
920
921 if (dev->ud_cdesc == NULL)
922 return USBD_NOT_CONFIGURED;
923 if (ifaceno >= dev->ud_cdesc->bNumInterface)
924 return USBD_INVAL;
925 *iface = &dev->ud_ifaces[ifaceno];
926 return USBD_NORMAL_COMPLETION;
927 }
928
929 struct usbd_device *
usbd_pipe2device_handle(struct usbd_pipe * pipe)930 usbd_pipe2device_handle(struct usbd_pipe *pipe)
931 {
932 KASSERT(pipe != NULL);
933
934 return pipe->up_dev;
935 }
936
937 /* XXXX use altno */
938 usbd_status
usbd_set_interface(struct usbd_interface * iface,int altidx)939 usbd_set_interface(struct usbd_interface *iface, int altidx)
940 {
941 bool locked = false;
942 usb_device_request_t req;
943 usbd_status err;
944
945 USBHIST_FUNC();
946 USBHIST_CALLARGS(usbdebug, "iface %#jx", (uintptr_t)iface, 0, 0, 0);
947
948 err = usbd_iface_lock(iface);
949 if (err)
950 goto out;
951 locked = true;
952
953 err = usbd_fill_iface_data(iface->ui_dev, iface->ui_index, altidx);
954 if (err)
955 goto out;
956
957 req.bmRequestType = UT_WRITE_INTERFACE;
958 req.bRequest = UR_SET_INTERFACE;
959 USETW(req.wValue, iface->ui_idesc->bAlternateSetting);
960 USETW(req.wIndex, iface->ui_idesc->bInterfaceNumber);
961 USETW(req.wLength, 0);
962 err = usbd_do_request(iface->ui_dev, &req, 0);
963
964 out: /* XXX back out iface data? */
965 if (locked)
966 usbd_iface_unlock(iface);
967 return err;
968 }
969
970 int
usbd_get_no_alts(usb_config_descriptor_t * cdesc,int ifaceno)971 usbd_get_no_alts(usb_config_descriptor_t *cdesc, int ifaceno)
972 {
973 char *p = (char *)cdesc;
974 char *end = p + UGETW(cdesc->wTotalLength);
975 usb_descriptor_t *desc;
976 usb_interface_descriptor_t *idesc;
977 int n;
978
979 for (n = 0; end - p >= sizeof(*desc); p += desc->bLength) {
980 desc = (usb_descriptor_t *)p;
981 if (desc->bLength < sizeof(*desc) || desc->bLength > end - p)
982 break;
983 if (desc->bDescriptorType != UDESC_INTERFACE)
984 continue;
985 if (desc->bLength < sizeof(*idesc))
986 break;
987 idesc = (usb_interface_descriptor_t *)desc;
988 if (idesc->bInterfaceNumber == ifaceno) {
989 n++;
990 if (n == INT_MAX)
991 break;
992 }
993 }
994 return n;
995 }
996
997 int
usbd_get_interface_altindex(struct usbd_interface * iface)998 usbd_get_interface_altindex(struct usbd_interface *iface)
999 {
1000 return iface->ui_altindex;
1001 }
1002
1003 usbd_status
usbd_get_interface(struct usbd_interface * iface,uint8_t * aiface)1004 usbd_get_interface(struct usbd_interface *iface, uint8_t *aiface)
1005 {
1006 usb_device_request_t req;
1007
1008 req.bmRequestType = UT_READ_INTERFACE;
1009 req.bRequest = UR_GET_INTERFACE;
1010 USETW(req.wValue, 0);
1011 USETW(req.wIndex, iface->ui_idesc->bInterfaceNumber);
1012 USETW(req.wLength, 1);
1013 return usbd_do_request(iface->ui_dev, &req, aiface);
1014 }
1015
1016 /*** Internal routines ***/
1017
1018 /* Dequeue all pipe operations, called with bus lock held. */
1019 Static void
usbd_ar_pipe(struct usbd_pipe * pipe)1020 usbd_ar_pipe(struct usbd_pipe *pipe)
1021 {
1022 struct usbd_xfer *xfer;
1023
1024 USBHIST_FUNC();
1025 USBHIST_CALLARGS(usbdebug, "pipe = %#jx", (uintptr_t)pipe, 0, 0, 0);
1026 SDT_PROBE1(usb, device, pipe, abort__start, pipe);
1027
1028 ASSERT_SLEEPABLE();
1029 KASSERT(mutex_owned(pipe->up_dev->ud_bus->ub_lock));
1030
1031 /*
1032 * Allow only one thread at a time to abort the pipe, so we
1033 * don't get confused if upm_abort drops the lock in the middle
1034 * of the abort to wait for hardware completion softints to
1035 * stop using the xfer before returning.
1036 */
1037 KASSERTMSG(pipe->up_abortlwp == NULL, "pipe->up_abortlwp=%p",
1038 pipe->up_abortlwp);
1039 pipe->up_abortlwp = curlwp;
1040
1041 #ifdef USB_DEBUG
1042 if (usbdebug > 5)
1043 usbd_dump_queue(pipe);
1044 #endif
1045 pipe->up_repeat = 0;
1046 pipe->up_running = 0;
1047 pipe->up_aborting = 1;
1048 while ((xfer = SIMPLEQ_FIRST(&pipe->up_queue)) != NULL) {
1049 USBHIST_LOG(usbdebug, "pipe = %#jx xfer = %#jx "
1050 "(methods = %#jx)", (uintptr_t)pipe, (uintptr_t)xfer,
1051 (uintptr_t)pipe->up_methods, 0);
1052 if (xfer->ux_status == USBD_NOT_STARTED) {
1053 SDT_PROBE1(usb, device, xfer, preabort, xfer);
1054 #ifdef DIAGNOSTIC
1055 xfer->ux_state = XFER_BUSY;
1056 #endif
1057 SIMPLEQ_REMOVE_HEAD(&pipe->up_queue, ux_next);
1058 } else {
1059 /* Make the HC abort it (and invoke the callback). */
1060 SDT_PROBE1(usb, device, xfer, abort, xfer);
1061 pipe->up_methods->upm_abort(xfer);
1062 while (pipe->up_callingxfer == xfer) {
1063 USBHIST_LOG(usbdebug, "wait for callback"
1064 "pipe = %#jx xfer = %#jx",
1065 (uintptr_t)pipe, (uintptr_t)xfer, 0, 0);
1066 cv_wait(&pipe->up_callingcv,
1067 pipe->up_dev->ud_bus->ub_lock);
1068 }
1069 /* XXX only for non-0 usbd_clear_endpoint_stall(pipe); */
1070 }
1071 }
1072
1073 /*
1074 * There may be an xfer callback already in progress which was
1075 * taken off the queue before we got to it. We must wait for
1076 * the callback to finish before returning control to the
1077 * caller.
1078 */
1079 while (pipe->up_callingxfer) {
1080 USBHIST_LOG(usbdebug, "wait for callback"
1081 "pipe = %#jx xfer = %#jx",
1082 (uintptr_t)pipe, (uintptr_t)pipe->up_callingxfer, 0, 0);
1083 cv_wait(&pipe->up_callingcv, pipe->up_dev->ud_bus->ub_lock);
1084 }
1085
1086 KASSERT(mutex_owned(pipe->up_dev->ud_bus->ub_lock));
1087 KASSERTMSG(pipe->up_abortlwp == curlwp, "pipe->up_abortlwp=%p",
1088 pipe->up_abortlwp);
1089 pipe->up_abortlwp = NULL;
1090
1091 SDT_PROBE1(usb, device, pipe, abort__done, pipe);
1092 }
1093
1094 /* Called with USB lock held. */
1095 void
usb_transfer_complete(struct usbd_xfer * xfer)1096 usb_transfer_complete(struct usbd_xfer *xfer)
1097 {
1098 struct usbd_pipe *pipe = xfer->ux_pipe;
1099 struct usbd_bus *bus = pipe->up_dev->ud_bus;
1100 int sync = xfer->ux_flags & USBD_SYNCHRONOUS;
1101 int erred;
1102 int polling = bus->ub_usepolling;
1103 int repeat = pipe->up_repeat;
1104
1105 USBHIST_FUNC();
1106 USBHIST_CALLARGS(usbdebug, "pipe = %#jx xfer = %#jx status = %jd "
1107 "actlen = %jd", (uintptr_t)pipe, (uintptr_t)xfer, xfer->ux_status,
1108 xfer->ux_actlen);
1109
1110 KASSERT(polling || mutex_owned(pipe->up_dev->ud_bus->ub_lock));
1111 KASSERTMSG(xfer->ux_state == XFER_ONQU, "xfer %p state is %x", xfer,
1112 xfer->ux_state);
1113 KASSERT(pipe != NULL);
1114
1115 /*
1116 * If device is known to miss out ack, then pretend that
1117 * output timeout is a success. Userland should handle
1118 * the logic to verify that the operation succeeded.
1119 */
1120 if (pipe->up_dev->ud_quirks &&
1121 pipe->up_dev->ud_quirks->uq_flags & UQ_MISS_OUT_ACK &&
1122 xfer->ux_status == USBD_TIMEOUT &&
1123 !usbd_xfer_isread(xfer)) {
1124 USBHIST_LOG(usbdebug, "Possible output ack miss for xfer %#jx: "
1125 "hiding write timeout to %jd.%jd for %ju bytes written",
1126 (uintptr_t)xfer, curlwp->l_proc->p_pid, curlwp->l_lid,
1127 xfer->ux_length);
1128
1129 xfer->ux_status = USBD_NORMAL_COMPLETION;
1130 xfer->ux_actlen = xfer->ux_length;
1131 }
1132
1133 erred = xfer->ux_status == USBD_CANCELLED ||
1134 xfer->ux_status == USBD_TIMEOUT;
1135
1136 if (!repeat) {
1137 /* Remove request from queue. */
1138
1139 KASSERTMSG(!SIMPLEQ_EMPTY(&pipe->up_queue),
1140 "pipe %p is empty, but xfer %p wants to complete", pipe,
1141 xfer);
1142 KASSERTMSG(xfer == SIMPLEQ_FIRST(&pipe->up_queue),
1143 "xfer %p is not start of queue (%p is at start)", xfer,
1144 SIMPLEQ_FIRST(&pipe->up_queue));
1145
1146 #ifdef DIAGNOSTIC
1147 xfer->ux_state = XFER_BUSY;
1148 #endif
1149 SIMPLEQ_REMOVE_HEAD(&pipe->up_queue, ux_next);
1150 }
1151 USBHIST_LOG(usbdebug, "xfer %#jx: repeat %jd new head = %#jx",
1152 (uintptr_t)xfer, repeat, (uintptr_t)SIMPLEQ_FIRST(&pipe->up_queue),
1153 0);
1154
1155 /* Count completed transfers. */
1156 ++pipe->up_dev->ud_bus->ub_stats.uds_requests
1157 [pipe->up_endpoint->ue_edesc->bmAttributes & UE_XFERTYPE];
1158
1159 xfer->ux_done = 1;
1160 if (!xfer->ux_status && xfer->ux_actlen < xfer->ux_length &&
1161 !(xfer->ux_flags & USBD_SHORT_XFER_OK)) {
1162 USBHIST_LOG(usbdebug, "short transfer %jd < %jd",
1163 xfer->ux_actlen, xfer->ux_length, 0, 0);
1164 xfer->ux_status = USBD_SHORT_XFER;
1165 }
1166
1167 USBHIST_LOG(usbdebug, "xfer %#jx doing done %#jx", (uintptr_t)xfer,
1168 (uintptr_t)pipe->up_methods->upm_done, 0, 0);
1169 SDT_PROBE2(usb, device, xfer, done, xfer, xfer->ux_status);
1170 pipe->up_methods->upm_done(xfer);
1171
1172 if (xfer->ux_length != 0 && xfer->ux_buffer != xfer->ux_buf) {
1173 KDASSERTMSG(xfer->ux_actlen <= xfer->ux_length,
1174 "actlen %d length %d",xfer->ux_actlen, xfer->ux_length);
1175
1176 /* Only if IN transfer */
1177 if (usbd_xfer_isread(xfer)) {
1178 memcpy(xfer->ux_buffer, xfer->ux_buf, xfer->ux_actlen);
1179 }
1180 }
1181
1182 USBHIST_LOG(usbdebug, "xfer %#jx doing callback %#jx status %jd",
1183 (uintptr_t)xfer, (uintptr_t)xfer->ux_callback, xfer->ux_status, 0);
1184
1185 if (xfer->ux_callback) {
1186 if (!polling) {
1187 KASSERT(pipe->up_callingxfer == NULL);
1188 pipe->up_callingxfer = xfer;
1189 mutex_exit(pipe->up_dev->ud_bus->ub_lock);
1190 if (!(pipe->up_flags & USBD_MPSAFE))
1191 KERNEL_LOCK(1, curlwp);
1192 }
1193
1194 xfer->ux_callback(xfer, xfer->ux_priv, xfer->ux_status);
1195
1196 if (!polling) {
1197 if (!(pipe->up_flags & USBD_MPSAFE))
1198 KERNEL_UNLOCK_ONE(curlwp);
1199 mutex_enter(pipe->up_dev->ud_bus->ub_lock);
1200 KASSERT(pipe->up_callingxfer == xfer);
1201 pipe->up_callingxfer = NULL;
1202 cv_broadcast(&pipe->up_callingcv);
1203 }
1204 }
1205
1206 if (sync && !polling) {
1207 USBHIST_LOG(usbdebug, "<- done xfer %#jx, wakeup",
1208 (uintptr_t)xfer, 0, 0, 0);
1209 cv_broadcast(&xfer->ux_cv);
1210 }
1211
1212 if (repeat) {
1213 xfer->ux_actlen = 0;
1214 xfer->ux_status = USBD_NOT_STARTED;
1215 } else {
1216 /* XXX should we stop the queue on all errors? */
1217 if (erred && pipe->up_iface != NULL) /* not control pipe */
1218 pipe->up_running = 0;
1219 }
1220 if (pipe->up_running && pipe->up_serialise)
1221 usbd_start_next(pipe);
1222 }
1223
1224 /* Called with USB lock held. */
1225 void
usbd_start_next(struct usbd_pipe * pipe)1226 usbd_start_next(struct usbd_pipe *pipe)
1227 {
1228 struct usbd_xfer *xfer;
1229 usbd_status err;
1230
1231 USBHIST_FUNC();
1232
1233 KASSERT(pipe != NULL);
1234 KASSERT(pipe->up_methods != NULL);
1235 KASSERT(pipe->up_methods->upm_start != NULL);
1236 KASSERT(pipe->up_serialise == true);
1237
1238 int polling = pipe->up_dev->ud_bus->ub_usepolling;
1239 KASSERT(polling || mutex_owned(pipe->up_dev->ud_bus->ub_lock));
1240
1241 /* Get next request in queue. */
1242 xfer = SIMPLEQ_FIRST(&pipe->up_queue);
1243 USBHIST_CALLARGS(usbdebug, "pipe = %#jx, xfer = %#jx", (uintptr_t)pipe,
1244 (uintptr_t)xfer, 0, 0);
1245 if (xfer == NULL) {
1246 pipe->up_running = 0;
1247 } else {
1248 SDT_PROBE2(usb, device, pipe, start, pipe, xfer);
1249 err = pipe->up_methods->upm_start(xfer);
1250
1251 if (err != USBD_IN_PROGRESS) {
1252 USBHIST_LOG(usbdebug, "error = %jd", err, 0, 0, 0);
1253 pipe->up_running = 0;
1254 /* XXX do what? */
1255 }
1256 }
1257
1258 KASSERT(polling || mutex_owned(pipe->up_dev->ud_bus->ub_lock));
1259 }
1260
1261 usbd_status
usbd_do_request(struct usbd_device * dev,usb_device_request_t * req,void * data)1262 usbd_do_request(struct usbd_device *dev, usb_device_request_t *req, void *data)
1263 {
1264
1265 return usbd_do_request_flags(dev, req, data, 0, 0,
1266 USBD_DEFAULT_TIMEOUT);
1267 }
1268
1269 usbd_status
usbd_do_request_flags(struct usbd_device * dev,usb_device_request_t * req,void * data,uint16_t flags,int * actlen,uint32_t timeout)1270 usbd_do_request_flags(struct usbd_device *dev, usb_device_request_t *req,
1271 void *data, uint16_t flags, int *actlen, uint32_t timeout)
1272 {
1273 size_t len = UGETW(req->wLength);
1274
1275 return usbd_do_request_len(dev, req, len, data, flags, actlen, timeout);
1276 }
1277
1278 usbd_status
usbd_do_request_len(struct usbd_device * dev,usb_device_request_t * req,size_t len,void * data,uint16_t flags,int * actlen,uint32_t timeout)1279 usbd_do_request_len(struct usbd_device *dev, usb_device_request_t *req,
1280 size_t len, void *data, uint16_t flags, int *actlen, uint32_t timeout)
1281 {
1282 struct usbd_xfer *xfer;
1283 usbd_status err;
1284
1285 KASSERT(len >= UGETW(req->wLength));
1286
1287 USBHIST_FUNC();
1288 USBHIST_CALLARGS(usbdebug, "dev=%#jx req=%jx flags=%jx len=%jx",
1289 (uintptr_t)dev, (uintptr_t)req, flags, len);
1290
1291 ASSERT_SLEEPABLE();
1292
1293 SDT_PROBE5(usb, device, request, start,
1294 dev, req, len, flags, timeout);
1295
1296 int error = usbd_create_xfer(dev->ud_pipe0, len, 0, 0, &xfer);
1297 if (error) {
1298 SDT_PROBE7(usb, device, request, done,
1299 dev, req, /*actlen*/0, flags, timeout, data, USBD_NOMEM);
1300 return USBD_NOMEM;
1301 }
1302
1303 usbd_setup_default_xfer(xfer, dev, 0, timeout, req, data,
1304 UGETW(req->wLength), flags, NULL);
1305 KASSERT(xfer->ux_pipe == dev->ud_pipe0);
1306 err = usbd_sync_transfer(xfer);
1307 #if defined(USB_DEBUG) || defined(DIAGNOSTIC)
1308 if (xfer->ux_actlen > xfer->ux_length) {
1309 USBHIST_LOG(usbdebug, "overrun addr = %jd type = 0x%02jx",
1310 dev->ud_addr, xfer->ux_request.bmRequestType, 0, 0);
1311 USBHIST_LOG(usbdebug, " req = 0x%02jx val = %jd "
1312 "index = %jd",
1313 xfer->ux_request.bRequest, UGETW(xfer->ux_request.wValue),
1314 UGETW(xfer->ux_request.wIndex), 0);
1315 USBHIST_LOG(usbdebug, " rlen = %jd length = %jd "
1316 "actlen = %jd",
1317 UGETW(xfer->ux_request.wLength),
1318 xfer->ux_length, xfer->ux_actlen, 0);
1319 }
1320 #endif
1321 if (actlen != NULL)
1322 *actlen = xfer->ux_actlen;
1323
1324 usbd_destroy_xfer(xfer);
1325
1326 SDT_PROBE7(usb, device, request, done,
1327 dev, req, xfer->ux_actlen, flags, timeout, data, err);
1328
1329 if (err) {
1330 USBHIST_LOG(usbdebug, "returning err = %jd", err, 0, 0, 0);
1331 }
1332 return err;
1333 }
1334
1335 const struct usbd_quirks *
usbd_get_quirks(struct usbd_device * dev)1336 usbd_get_quirks(struct usbd_device *dev)
1337 {
1338 #ifdef DIAGNOSTIC
1339 if (dev == NULL) {
1340 printf("usbd_get_quirks: dev == NULL\n");
1341 return 0;
1342 }
1343 #endif
1344 return dev->ud_quirks;
1345 }
1346
1347 /* XXX do periodic free() of free list */
1348
1349 /*
1350 * Called from keyboard driver when in polling mode.
1351 */
1352 void
usbd_dopoll(struct usbd_interface * iface)1353 usbd_dopoll(struct usbd_interface *iface)
1354 {
1355 iface->ui_dev->ud_bus->ub_methods->ubm_dopoll(iface->ui_dev->ud_bus);
1356 }
1357
1358 /*
1359 * This is for keyboard driver as well, which only operates in polling
1360 * mode from the ask root, etc., prompt and from DDB.
1361 */
1362 void
usbd_set_polling(struct usbd_device * dev,int on)1363 usbd_set_polling(struct usbd_device *dev, int on)
1364 {
1365 if (on)
1366 dev->ud_bus->ub_usepolling++;
1367 else
1368 dev->ud_bus->ub_usepolling--;
1369
1370 /* Kick the host controller when switching modes */
1371 mutex_enter(dev->ud_bus->ub_lock);
1372 dev->ud_bus->ub_methods->ubm_softint(dev->ud_bus);
1373 mutex_exit(dev->ud_bus->ub_lock);
1374 }
1375
1376
1377 usb_endpoint_descriptor_t *
usbd_get_endpoint_descriptor(struct usbd_interface * iface,uint8_t address)1378 usbd_get_endpoint_descriptor(struct usbd_interface *iface, uint8_t address)
1379 {
1380 struct usbd_endpoint *ep;
1381 int i;
1382
1383 for (i = 0; i < iface->ui_idesc->bNumEndpoints; i++) {
1384 ep = &iface->ui_endpoints[i];
1385 if (ep->ue_edesc->bEndpointAddress == address)
1386 return iface->ui_endpoints[i].ue_edesc;
1387 }
1388 return NULL;
1389 }
1390
1391 /*
1392 * usbd_ratecheck() can limit the number of error messages that occurs.
1393 * When a device is unplugged it may take up to 0.25s for the hub driver
1394 * to notice it. If the driver continuously tries to do I/O operations
1395 * this can generate a large number of messages.
1396 */
1397 int
usbd_ratecheck(struct timeval * last)1398 usbd_ratecheck(struct timeval *last)
1399 {
1400 static struct timeval errinterval = { 0, 250000 }; /* 0.25 s*/
1401
1402 return ratecheck(last, &errinterval);
1403 }
1404
1405 /*
1406 * Search for a vendor/product pair in an array. The item size is
1407 * given as an argument.
1408 */
1409 const struct usb_devno *
usb_match_device(const struct usb_devno * tbl,u_int nentries,u_int sz,uint16_t vendor,uint16_t product)1410 usb_match_device(const struct usb_devno *tbl, u_int nentries, u_int sz,
1411 uint16_t vendor, uint16_t product)
1412 {
1413 while (nentries-- > 0) {
1414 uint16_t tproduct = tbl->ud_product;
1415 if (tbl->ud_vendor == vendor &&
1416 (tproduct == product || tproduct == USB_PRODUCT_ANY))
1417 return tbl;
1418 tbl = (const struct usb_devno *)((const char *)tbl + sz);
1419 }
1420 return NULL;
1421 }
1422
1423 usbd_status
usbd_get_string(struct usbd_device * dev,int si,char * buf)1424 usbd_get_string(struct usbd_device *dev, int si, char *buf)
1425 {
1426 return usbd_get_string0(dev, si, buf, 1);
1427 }
1428
1429 usbd_status
usbd_get_string0(struct usbd_device * dev,int si,char * buf,int unicode)1430 usbd_get_string0(struct usbd_device *dev, int si, char *buf, int unicode)
1431 {
1432 int swap = dev->ud_quirks->uq_flags & UQ_SWAP_UNICODE;
1433 usb_string_descriptor_t us;
1434 char *s;
1435 int i, n;
1436 uint16_t c;
1437 usbd_status err;
1438 int size;
1439
1440 USBHIST_FUNC(); USBHIST_CALLED(usbdebug);
1441
1442 buf[0] = '\0';
1443 if (si == 0)
1444 return USBD_INVAL;
1445 if (dev->ud_quirks->uq_flags & UQ_NO_STRINGS)
1446 return USBD_STALLED;
1447 if (dev->ud_langid == USBD_NOLANG) {
1448 /* Set up default language */
1449 err = usbd_get_string_desc(dev, USB_LANGUAGE_TABLE, 0, &us,
1450 &size);
1451 if (err || size < 4) {
1452 USBHIST_LOG(usbdebug, "getting lang failed, using 0",
1453 0, 0, 0, 0);
1454 dev->ud_langid = 0; /* Well, just pick something then */
1455 } else {
1456 /* Pick the first language as the default. */
1457 dev->ud_langid = UGETW(us.bString[0]);
1458 }
1459 }
1460 err = usbd_get_string_desc(dev, si, dev->ud_langid, &us, &size);
1461 if (err)
1462 return err;
1463 s = buf;
1464 n = size / 2 - 1;
1465 if (unicode) {
1466 for (i = 0; i < n; i++) {
1467 c = UGETW(us.bString[i]);
1468 if (swap)
1469 c = (c >> 8) | (c << 8);
1470 s += wput_utf8(s, 3, c);
1471 }
1472 *s++ = 0;
1473 }
1474 #ifdef COMPAT_30
1475 else {
1476 for (i = 0; i < n; i++) {
1477 c = UGETW(us.bString[i]);
1478 if (swap)
1479 c = (c >> 8) | (c << 8);
1480 *s++ = (c < 0x80) ? c : '?';
1481 }
1482 *s++ = 0;
1483 }
1484 #endif
1485 return USBD_NORMAL_COMPLETION;
1486 }
1487
1488 /*
1489 * usbd_xfer_trycomplete(xfer)
1490 *
1491 * Try to claim xfer for completion. Return true if successful,
1492 * false if the xfer has been synchronously aborted or has timed
1493 * out.
1494 *
1495 * If this returns true, caller is responsible for setting
1496 * xfer->ux_status and calling usb_transfer_complete. To be used
1497 * in a host controller interrupt handler.
1498 *
1499 * Caller must either hold the bus lock or have the bus in polling
1500 * mode. If this succeeds, caller must proceed to call
1501 * usb_complete_transfer under the bus lock or with polling
1502 * enabled -- must not release and reacquire the bus lock in the
1503 * meantime. Failing to heed this rule may lead to catastrophe
1504 * with abort or timeout.
1505 */
1506 bool
usbd_xfer_trycomplete(struct usbd_xfer * xfer)1507 usbd_xfer_trycomplete(struct usbd_xfer *xfer)
1508 {
1509 struct usbd_bus *bus __diagused = xfer->ux_bus;
1510
1511 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1512
1513 USBHIST_FUNC();
1514 USBHIST_CALLARGS(usbdebug, "xfer %#jx status %jd",
1515 (uintptr_t)xfer, xfer->ux_status, 0, 0);
1516
1517 /*
1518 * If software has completed it, either by synchronous abort or
1519 * by timeout, too late.
1520 */
1521 if (xfer->ux_status != USBD_IN_PROGRESS)
1522 return false;
1523
1524 /*
1525 * We are completing the xfer. Cancel the timeout if we can,
1526 * but only asynchronously. See usbd_xfer_cancel_timeout_async
1527 * for why we need not wait for the callout or task here.
1528 */
1529 usbd_xfer_cancel_timeout_async(xfer);
1530
1531 /* Success! Note: Caller must set xfer->ux_status afterwar. */
1532 return true;
1533 }
1534
1535 /*
1536 * usbd_xfer_abort(xfer)
1537 *
1538 * Try to claim xfer to abort. If successful, mark it completed
1539 * with USBD_CANCELLED and call the bus-specific method to abort
1540 * at the hardware level.
1541 *
1542 * To be called in thread context from struct
1543 * usbd_pipe_methods::upm_abort.
1544 *
1545 * Caller must hold the bus lock.
1546 */
1547 void
usbd_xfer_abort(struct usbd_xfer * xfer)1548 usbd_xfer_abort(struct usbd_xfer *xfer)
1549 {
1550 struct usbd_bus *bus = xfer->ux_bus;
1551
1552 KASSERT(mutex_owned(bus->ub_lock));
1553
1554 USBHIST_FUNC();
1555 USBHIST_CALLARGS(usbdebug, "xfer %#jx status %jd",
1556 (uintptr_t)xfer, xfer->ux_status, 0, 0);
1557
1558 /*
1559 * If host controller interrupt or timer interrupt has
1560 * completed it, too late. But the xfer cannot be
1561 * cancelled already -- only one caller can synchronously
1562 * abort.
1563 */
1564 KASSERT(xfer->ux_status != USBD_CANCELLED);
1565 if (xfer->ux_status != USBD_IN_PROGRESS)
1566 return;
1567
1568 /*
1569 * Cancel the timeout if we can, but only asynchronously; see
1570 * usbd_xfer_cancel_timeout_async for why we need not wait for
1571 * the callout or task here.
1572 */
1573 usbd_xfer_cancel_timeout_async(xfer);
1574
1575 /*
1576 * We beat everyone else. Claim the status as cancelled, do
1577 * the bus-specific dance to abort the hardware, and complete
1578 * the xfer.
1579 */
1580 xfer->ux_status = USBD_CANCELLED;
1581 bus->ub_methods->ubm_abortx(xfer);
1582 usb_transfer_complete(xfer);
1583 }
1584
1585 /*
1586 * usbd_xfer_timeout(xfer)
1587 *
1588 * Called at IPL_SOFTCLOCK when too much time has elapsed waiting
1589 * for xfer to complete. Since we can't abort the xfer at
1590 * IPL_SOFTCLOCK, defer to a usb_task to run it in thread context,
1591 * unless the xfer has completed or aborted concurrently -- and if
1592 * the xfer has also been resubmitted, take care of rescheduling
1593 * the callout.
1594 */
1595 static void
usbd_xfer_timeout(void * cookie)1596 usbd_xfer_timeout(void *cookie)
1597 {
1598 struct usbd_xfer *xfer = cookie;
1599 struct usbd_bus *bus = xfer->ux_bus;
1600 struct usbd_device *dev = xfer->ux_pipe->up_dev;
1601
1602 /* Acquire the lock so we can transition the timeout state. */
1603 mutex_enter(bus->ub_lock);
1604
1605 USBHIST_FUNC();
1606 USBHIST_CALLARGS(usbdebug, "xfer %#jx status %jd",
1607 (uintptr_t)xfer, xfer->ux_status, 0, 0);
1608
1609 /*
1610 * Use usbd_xfer_probe_timeout to check whether the timeout is
1611 * still valid, or to reschedule the callout if necessary. If
1612 * it is still valid, schedule the task.
1613 */
1614 if (usbd_xfer_probe_timeout(xfer)) {
1615 USBHIST_LOG(usbdebug, "xfer %#jx schedule timeout task",
1616 (uintptr_t)xfer, 0, 0, 0);
1617 usb_add_task(dev, &xfer->ux_aborttask, USB_TASKQ_HC);
1618 } else {
1619 USBHIST_LOG(usbdebug, "xfer %#jx timeout cancelled",
1620 (uintptr_t)xfer, 0, 0, 0);
1621 }
1622
1623 /*
1624 * Notify usbd_xfer_cancel_timeout_async that we may have
1625 * scheduled the task. This causes callout_invoking to return
1626 * false in usbd_xfer_cancel_timeout_async so that it can tell
1627 * which stage in the callout->task->abort process we're at.
1628 */
1629 callout_ack(&xfer->ux_callout);
1630
1631 /* All done -- release the lock. */
1632 mutex_exit(bus->ub_lock);
1633 }
1634
1635 /*
1636 * usbd_xfer_timeout_task(xfer)
1637 *
1638 * Called in thread context when too much time has elapsed waiting
1639 * for xfer to complete. Abort the xfer with USBD_TIMEOUT, unless
1640 * it has completed or aborted concurrently -- and if the xfer has
1641 * also been resubmitted, take care of rescheduling the callout.
1642 */
1643 static void
usbd_xfer_timeout_task(void * cookie)1644 usbd_xfer_timeout_task(void *cookie)
1645 {
1646 struct usbd_xfer *xfer = cookie;
1647 struct usbd_bus *bus = xfer->ux_bus;
1648
1649 /* Acquire the lock so we can transition the timeout state. */
1650 mutex_enter(bus->ub_lock);
1651
1652 USBHIST_FUNC();
1653 USBHIST_CALLARGS(usbdebug, "xfer %#jx status %jd",
1654 (uintptr_t)xfer, xfer->ux_status, 0, 0);
1655
1656 /*
1657 * Use usbd_xfer_probe_timeout to check whether the timeout is
1658 * still valid, or to reschedule the callout if necessary. If
1659 * it is not valid -- the timeout has been asynchronously
1660 * cancelled, or the xfer has already been resubmitted -- then
1661 * we're done here.
1662 */
1663 if (!usbd_xfer_probe_timeout(xfer)) {
1664 USBHIST_LOG(usbdebug, "xfer %#jx timeout cancelled",
1665 (uintptr_t)xfer, 0, 0, 0);
1666 goto out;
1667 }
1668
1669 /*
1670 * After this point, no further timeout probing will happen for
1671 * the current incarnation of the timeout, so make the next
1672 * usbd_xfer_schedule_timout schedule a new callout.
1673 * usbd_xfer_probe_timeout has already processed any reset.
1674 */
1675 KASSERT(!xfer->ux_timeout_reset);
1676 xfer->ux_timeout_set = false;
1677
1678 /*
1679 * May have completed or been aborted, but we're the only one
1680 * who can time it out. If it has completed or been aborted,
1681 * no need to timeout.
1682 */
1683 KASSERT(xfer->ux_status != USBD_TIMEOUT);
1684 if (xfer->ux_status != USBD_IN_PROGRESS) {
1685 USBHIST_LOG(usbdebug, "xfer %#jx timeout raced",
1686 (uintptr_t)xfer, 0, 0, 0);
1687 goto out;
1688 }
1689
1690 /*
1691 * We beat everyone else. Claim the status as timed out, do
1692 * the bus-specific dance to abort the hardware, and complete
1693 * the xfer.
1694 */
1695 USBHIST_LOG(usbdebug, "xfer %#jx timed out",
1696 (uintptr_t)xfer, 0, 0, 0);
1697 xfer->ux_status = USBD_TIMEOUT;
1698 bus->ub_methods->ubm_abortx(xfer);
1699 usb_transfer_complete(xfer);
1700
1701 out: /* All done -- release the lock. */
1702 mutex_exit(bus->ub_lock);
1703 }
1704
1705 /*
1706 * usbd_xfer_probe_timeout(xfer)
1707 *
1708 * Probe the status of xfer's timeout. Acknowledge and process a
1709 * request to reschedule. Return true if the timeout is still
1710 * valid and the caller should take further action (queueing a
1711 * task or aborting the xfer), false if it must stop here.
1712 */
1713 static bool
usbd_xfer_probe_timeout(struct usbd_xfer * xfer)1714 usbd_xfer_probe_timeout(struct usbd_xfer *xfer)
1715 {
1716 struct usbd_bus *bus = xfer->ux_bus;
1717 bool valid;
1718
1719 USBHIST_FUNC();
1720 USBHIST_CALLARGS(usbdebug, "xfer %#jx timeout %jdms"
1721 " set %jd reset %jd",
1722 (uintptr_t)xfer, xfer->ux_timeout,
1723 xfer->ux_timeout_set, xfer->ux_timeout_reset);
1724
1725 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1726
1727 /* The timeout must be set. */
1728 KASSERT(xfer->ux_timeout_set);
1729
1730 /*
1731 * Neither callout nor task may be pending; they execute
1732 * alternately in lock step.
1733 */
1734 KASSERT(!callout_pending(&xfer->ux_callout));
1735 KASSERT(!usb_task_pending(xfer->ux_pipe->up_dev, &xfer->ux_aborttask));
1736
1737 /* There are a few cases... */
1738 if (bus->ub_methods->ubm_dying(bus)) {
1739 /* Host controller dying. Drop it all on the floor. */
1740 USBHIST_LOG(usbdebug, "xfer %#jx bus dying, not rescheduling",
1741 (uintptr_t)xfer, 0, 0, 0);
1742 xfer->ux_timeout_set = false;
1743 xfer->ux_timeout_reset = false;
1744 valid = false;
1745 } else if (xfer->ux_timeout_reset) {
1746 /*
1747 * The xfer completed _and_ got resubmitted while we
1748 * waited for the lock. Acknowledge the request to
1749 * reschedule, and reschedule it if there is a timeout
1750 * and the bus is not polling.
1751 */
1752 xfer->ux_timeout_reset = false;
1753 if (xfer->ux_timeout && !bus->ub_usepolling) {
1754 USBHIST_LOG(usbdebug, "xfer %#jx resubmitted,"
1755 " rescheduling timer for %jdms",
1756 (uintptr_t)xfer, xfer->ux_timeout, 0, 0);
1757 KASSERT(xfer->ux_timeout_set);
1758 callout_schedule(&xfer->ux_callout,
1759 mstohz(xfer->ux_timeout));
1760 } else {
1761 /* No more callout or task scheduled. */
1762 USBHIST_LOG(usbdebug, "xfer %#jx resubmitted"
1763 " and completed, not rescheduling",
1764 (uintptr_t)xfer, 0, 0, 0);
1765 xfer->ux_timeout_set = false;
1766 }
1767 valid = false;
1768 } else if (xfer->ux_status != USBD_IN_PROGRESS) {
1769 /*
1770 * The xfer has completed by hardware completion or by
1771 * software abort, and has not been resubmitted, so the
1772 * timeout must be unset, and is no longer valid for
1773 * the caller.
1774 */
1775 USBHIST_LOG(usbdebug, "xfer %#jx timeout lost race,"
1776 " status=%jd, not rescheduling",
1777 (uintptr_t)xfer, xfer->ux_status, 0, 0);
1778 xfer->ux_timeout_set = false;
1779 valid = false;
1780 } else {
1781 /*
1782 * The xfer has not yet completed, so the timeout is
1783 * valid.
1784 */
1785 USBHIST_LOG(usbdebug, "xfer %#jx timing out",
1786 (uintptr_t)xfer, 0, 0, 0);
1787 valid = true;
1788 }
1789
1790 /* Any reset must have been processed. */
1791 KASSERT(!xfer->ux_timeout_reset);
1792
1793 /*
1794 * Either we claim the timeout is set, or the callout is idle.
1795 * If the timeout is still set, we may be handing off to the
1796 * task instead, so this is an if but not an iff.
1797 */
1798 KASSERT(xfer->ux_timeout_set || !callout_pending(&xfer->ux_callout));
1799
1800 /*
1801 * The task must be idle now.
1802 *
1803 * - If the caller is the callout, _and_ the timeout is still
1804 * valid, the caller will schedule it, but it hasn't been
1805 * scheduled yet. (If the timeout is not valid, the task
1806 * should not be scheduled.)
1807 *
1808 * - If the caller is the task, it cannot be scheduled again
1809 * until the callout runs again, which won't happen until we
1810 * next release the lock.
1811 */
1812 KASSERT(!usb_task_pending(xfer->ux_pipe->up_dev, &xfer->ux_aborttask));
1813
1814 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1815
1816 return valid;
1817 }
1818
1819 /*
1820 * usbd_xfer_schedule_timeout(xfer)
1821 *
1822 * Ensure that xfer has a timeout. If the callout is already
1823 * queued or the task is already running, request that they
1824 * reschedule the callout. If not, and if we're not polling,
1825 * schedule the callout anew.
1826 *
1827 * To be called in thread context from struct
1828 * usbd_pipe_methods::upm_start.
1829 */
1830 void
usbd_xfer_schedule_timeout(struct usbd_xfer * xfer)1831 usbd_xfer_schedule_timeout(struct usbd_xfer *xfer)
1832 {
1833 struct usbd_bus *bus = xfer->ux_bus;
1834
1835 USBHIST_FUNC();
1836 USBHIST_CALLARGS(usbdebug, "xfer %#jx timeout %jdms"
1837 " set %jd reset %jd",
1838 (uintptr_t)xfer, xfer->ux_timeout,
1839 xfer->ux_timeout_set, xfer->ux_timeout_reset);
1840
1841 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1842
1843 if (xfer->ux_timeout_set) {
1844 /*
1845 * Callout or task has fired from a prior completed
1846 * xfer but has not yet noticed that the xfer is done.
1847 * Ask it to reschedule itself to ux_timeout.
1848 */
1849 xfer->ux_timeout_reset = true;
1850 } else if (xfer->ux_timeout && !bus->ub_usepolling) {
1851 /* Callout is not scheduled. Schedule it. */
1852 KASSERT(!callout_pending(&xfer->ux_callout));
1853 callout_schedule(&xfer->ux_callout, mstohz(xfer->ux_timeout));
1854 xfer->ux_timeout_set = true;
1855 }
1856
1857 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1858 }
1859
1860 /*
1861 * usbd_xfer_cancel_timeout_async(xfer)
1862 *
1863 * Cancel the callout and the task of xfer, which have not yet run
1864 * to completion, but don't wait for the callout or task to finish
1865 * running.
1866 *
1867 * If they have already fired, at worst they are waiting for the
1868 * bus lock. They will see that the xfer is no longer in progress
1869 * and give up, or they will see that the xfer has been
1870 * resubmitted with a new timeout and reschedule the callout.
1871 *
1872 * If a resubmitted request completed so fast that the callout
1873 * didn't have time to process a timer reset, just cancel the
1874 * timer reset.
1875 */
1876 static void
usbd_xfer_cancel_timeout_async(struct usbd_xfer * xfer)1877 usbd_xfer_cancel_timeout_async(struct usbd_xfer *xfer)
1878 {
1879 struct usbd_bus *bus __diagused = xfer->ux_bus;
1880
1881 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1882
1883 USBHIST_FUNC();
1884 USBHIST_CALLARGS(usbdebug, "xfer %#jx timeout %jdms"
1885 " set %jd reset %jd",
1886 (uintptr_t)xfer, xfer->ux_timeout,
1887 xfer->ux_timeout_set, xfer->ux_timeout_reset);
1888
1889 /*
1890 * If the timer wasn't running anyway, forget about it. This
1891 * can happen if we are completing an isochronous transfer
1892 * which doesn't use the same timeout logic.
1893 */
1894 if (!xfer->ux_timeout_set) {
1895 USBHIST_LOG(usbdebug, "xfer %#jx timer not running",
1896 (uintptr_t)xfer, 0, 0, 0);
1897 return;
1898 }
1899
1900 xfer->ux_timeout_reset = false;
1901 if (!callout_stop(&xfer->ux_callout)) {
1902 /*
1903 * We stopped the callout before it ran. The timeout
1904 * is no longer set.
1905 */
1906 USBHIST_LOG(usbdebug, "xfer %#jx timer stopped",
1907 (uintptr_t)xfer, 0, 0, 0);
1908 xfer->ux_timeout_set = false;
1909 } else if (callout_invoking(&xfer->ux_callout)) {
1910 /*
1911 * The callout has begun to run but it has not yet
1912 * acquired the lock and called callout_ack. The task
1913 * cannot be queued yet, and the callout cannot have
1914 * been rescheduled yet.
1915 *
1916 * By the time the callout acquires the lock, we will
1917 * have transitioned from USBD_IN_PROGRESS to a
1918 * completed status, and possibly also resubmitted the
1919 * xfer and set xfer->ux_timeout_reset = true. In both
1920 * cases, the callout will DTRT, so no further action
1921 * is needed here.
1922 */
1923 USBHIST_LOG(usbdebug, "xfer %#jx timer fired",
1924 (uintptr_t)xfer, 0, 0, 0);
1925 } else if (usb_rem_task(xfer->ux_pipe->up_dev, &xfer->ux_aborttask)) {
1926 /*
1927 * The callout had fired and scheduled the task, but we
1928 * stopped the task before it could run. The timeout
1929 * is therefore no longer set -- the next resubmission
1930 * of the xfer must schedule a new timeout.
1931 *
1932 * The callout should not be pending at this point:
1933 * it is scheduled only under the lock, and only when
1934 * xfer->ux_timeout_set is false, or by the callout or
1935 * task itself when xfer->ux_timeout_reset is true.
1936 */
1937 USBHIST_LOG(usbdebug, "xfer %#jx task fired",
1938 (uintptr_t)xfer, 0, 0, 0);
1939 xfer->ux_timeout_set = false;
1940 } else {
1941 USBHIST_LOG(usbdebug, "xfer %#jx task stopped",
1942 (uintptr_t)xfer, 0, 0, 0);
1943 }
1944
1945 /*
1946 * The callout cannot be scheduled and the task cannot be
1947 * queued at this point. Either we cancelled them, or they are
1948 * already running and waiting for the bus lock.
1949 */
1950 KASSERT(!callout_pending(&xfer->ux_callout));
1951 KASSERT(!usb_task_pending(xfer->ux_pipe->up_dev, &xfer->ux_aborttask));
1952
1953 KASSERT(bus->ub_usepolling || mutex_owned(bus->ub_lock));
1954 }
1955