[PATCH] md: fix potential memalloc deadlock in md
[linux-2.6] / drivers / usb / misc / rio500.c
1 /* -*- linux-c -*- */
2
3 /* 
4  * Driver for USB Rio 500
5  *
6  * Cesar Miquel (miquel@df.uba.ar)
7  * 
8  * based on hp_scanner.c by David E. Nelson (dnelson@jump.net)
9  * 
10  * This program is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU General Public License as
12  * published by the Free Software Foundation; either version 2 of the
13  * License, or (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful, but
16  * WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  * General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with this program; if not, write to the Free Software
22  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23  *
24  * Based upon mouse.c (Brad Keryan) and printer.c (Michael Gee).
25  *
26  * Changelog:
27  * 30/05/2003  replaced lock/unlock kernel with up/down
28  *             Daniele Bellucci  bellucda@tiscali.it
29  * */
30
31 #include <linux/module.h>
32 #include <linux/kernel.h>
33 #include <linux/signal.h>
34 #include <linux/sched.h>
35 #include <linux/errno.h>
36 #include <linux/random.h>
37 #include <linux/poll.h>
38 #include <linux/init.h>
39 #include <linux/slab.h>
40 #include <linux/spinlock.h>
41 #include <linux/usb.h>
42 #include <linux/smp_lock.h>
43 #include <linux/wait.h>
44
45 #include "rio500_usb.h"
46
47 /*
48  * Version Information
49  */
50 #define DRIVER_VERSION "v1.1"
51 #define DRIVER_AUTHOR "Cesar Miquel <miquel@df.uba.ar>"
52 #define DRIVER_DESC "USB Rio 500 driver"
53
54 #define RIO_MINOR       64
55
56 /* stall/wait timeout for rio */
57 #define NAK_TIMEOUT (HZ)
58
59 #define IBUF_SIZE 0x1000
60
61 /* Size of the rio buffer */
62 #define OBUF_SIZE 0x10000
63
64 struct rio_usb_data {
65         struct usb_device *rio_dev;     /* init: probe_rio */
66         unsigned int ifnum;             /* Interface number of the USB device */
67         int isopen;                     /* nz if open */
68         int present;                    /* Device is present on the bus */
69         char *obuf, *ibuf;              /* transfer buffers */
70         char bulk_in_ep, bulk_out_ep;   /* Endpoint assignments */
71         wait_queue_head_t wait_q;       /* for timeouts */
72         struct semaphore lock;          /* general race avoidance */
73 };
74
75 static struct rio_usb_data rio_instance;
76
77 static int open_rio(struct inode *inode, struct file *file)
78 {
79         struct rio_usb_data *rio = &rio_instance;
80
81         down(&(rio->lock));
82
83         if (rio->isopen || !rio->present) {
84                 up(&(rio->lock));
85                 return -EBUSY;
86         }
87         rio->isopen = 1;
88
89         init_waitqueue_head(&rio->wait_q);
90
91         up(&(rio->lock));
92
93         info("Rio opened.");
94
95         return 0;
96 }
97
98 static int close_rio(struct inode *inode, struct file *file)
99 {
100         struct rio_usb_data *rio = &rio_instance;
101
102         rio->isopen = 0;
103
104         info("Rio closed.");
105         return 0;
106 }
107
108 static int
109 ioctl_rio(struct inode *inode, struct file *file, unsigned int cmd,
110           unsigned long arg)
111 {
112         struct RioCommand rio_cmd;
113         struct rio_usb_data *rio = &rio_instance;
114         void __user *data;
115         unsigned char *buffer;
116         int result, requesttype;
117         int retries;
118         int retval=0;
119
120         down(&(rio->lock));
121         /* Sanity check to make sure rio is connected, powered, etc */
122         if ( rio == NULL ||
123              rio->present == 0 ||
124              rio->rio_dev == NULL )
125         {
126                 retval = -ENODEV;
127                 goto err_out;
128         }
129
130         switch (cmd) {
131         case RIO_RECV_COMMAND:
132                 data = (void __user *) arg;
133                 if (data == NULL)
134                         break;
135                 if (copy_from_user(&rio_cmd, data, sizeof(struct RioCommand))) {
136                         retval = -EFAULT;
137                         goto err_out;
138                 }
139                 if (rio_cmd.length < 0 || rio_cmd.length > PAGE_SIZE) {
140                         retval = -EINVAL;
141                         goto err_out;
142                 }
143                 buffer = (unsigned char *) __get_free_page(GFP_KERNEL);
144                 if (buffer == NULL) {
145                         retval = -ENOMEM;
146                         goto err_out;
147                 }
148                 if (copy_from_user(buffer, rio_cmd.buffer, rio_cmd.length)) {
149                         retval = -EFAULT;
150                         free_page((unsigned long) buffer);
151                         goto err_out;
152                 }
153
154                 requesttype = rio_cmd.requesttype | USB_DIR_IN |
155                     USB_TYPE_VENDOR | USB_RECIP_DEVICE;
156                 dbg
157                     ("sending command:reqtype=%0x req=%0x value=%0x index=%0x len=%0x",
158                      requesttype, rio_cmd.request, rio_cmd.value,
159                      rio_cmd.index, rio_cmd.length);
160                 /* Send rio control message */
161                 retries = 3;
162                 while (retries) {
163                         result = usb_control_msg(rio->rio_dev,
164                                                  usb_rcvctrlpipe(rio-> rio_dev, 0),
165                                                  rio_cmd.request,
166                                                  requesttype,
167                                                  rio_cmd.value,
168                                                  rio_cmd.index, buffer,
169                                                  rio_cmd.length,
170                                                  jiffies_to_msecs(rio_cmd.timeout));
171                         if (result == -ETIMEDOUT)
172                                 retries--;
173                         else if (result < 0) {
174                                 err("Error executing ioctrl. code = %d", result);
175                                 retries = 0;
176                         } else {
177                                 dbg("Executed ioctl. Result = %d (data=%02x)",
178                                      result, buffer[0]);
179                                 if (copy_to_user(rio_cmd.buffer, buffer,
180                                                  rio_cmd.length)) {
181                                         free_page((unsigned long) buffer);
182                                         retval = -EFAULT;
183                                         goto err_out;
184                                 }
185                                 retries = 0;
186                         }
187
188                         /* rio_cmd.buffer contains a raw stream of single byte
189                            data which has been returned from rio.  Data is
190                            interpreted at application level.  For data that
191                            will be cast to data types longer than 1 byte, data
192                            will be little_endian and will potentially need to
193                            be swapped at the app level */
194
195                 }
196                 free_page((unsigned long) buffer);
197                 break;
198
199         case RIO_SEND_COMMAND:
200                 data = (void __user *) arg;
201                 if (data == NULL)
202                         break;
203                 if (copy_from_user(&rio_cmd, data, sizeof(struct RioCommand))) {
204                         retval = -EFAULT;
205                         goto err_out;
206                 }
207                 if (rio_cmd.length < 0 || rio_cmd.length > PAGE_SIZE) {
208                         retval = -EINVAL;
209                         goto err_out;
210                 }
211                 buffer = (unsigned char *) __get_free_page(GFP_KERNEL);
212                 if (buffer == NULL) {
213                         retval = -ENOMEM;
214                         goto err_out;
215                 }
216                 if (copy_from_user(buffer, rio_cmd.buffer, rio_cmd.length)) {
217                         free_page((unsigned long)buffer);
218                         retval = -EFAULT;
219                         goto err_out;
220                 }
221
222                 requesttype = rio_cmd.requesttype | USB_DIR_OUT |
223                     USB_TYPE_VENDOR | USB_RECIP_DEVICE;
224                 dbg("sending command: reqtype=%0x req=%0x value=%0x index=%0x len=%0x",
225                      requesttype, rio_cmd.request, rio_cmd.value,
226                      rio_cmd.index, rio_cmd.length);
227                 /* Send rio control message */
228                 retries = 3;
229                 while (retries) {
230                         result = usb_control_msg(rio->rio_dev,
231                                                  usb_sndctrlpipe(rio-> rio_dev, 0),
232                                                  rio_cmd.request,
233                                                  requesttype,
234                                                  rio_cmd.value,
235                                                  rio_cmd.index, buffer,
236                                                  rio_cmd.length,
237                                                  jiffies_to_msecs(rio_cmd.timeout));
238                         if (result == -ETIMEDOUT)
239                                 retries--;
240                         else if (result < 0) {
241                                 err("Error executing ioctrl. code = %d", result);
242                                 retries = 0;
243                         } else {
244                                 dbg("Executed ioctl. Result = %d", result);
245                                 retries = 0;
246
247                         }
248
249                 }
250                 free_page((unsigned long) buffer);
251                 break;
252
253         default:
254                 retval = -ENOTTY;
255                 break;
256         }
257
258
259 err_out:
260         up(&(rio->lock));
261         return retval;
262 }
263
264 static ssize_t
265 write_rio(struct file *file, const char __user *buffer,
266           size_t count, loff_t * ppos)
267 {
268         DEFINE_WAIT(wait);
269         struct rio_usb_data *rio = &rio_instance;
270
271         unsigned long copy_size;
272         unsigned long bytes_written = 0;
273         unsigned int partial;
274
275         int result = 0;
276         int maxretry;
277         int errn = 0;
278
279         down(&(rio->lock));
280         /* Sanity check to make sure rio is connected, powered, etc */
281         if ( rio == NULL ||
282              rio->present == 0 ||
283              rio->rio_dev == NULL )
284         {
285                 up(&(rio->lock));
286                 return -ENODEV;
287         }
288
289
290
291         do {
292                 unsigned long thistime;
293                 char *obuf = rio->obuf;
294
295                 thistime = copy_size =
296                     (count >= OBUF_SIZE) ? OBUF_SIZE : count;
297                 if (copy_from_user(rio->obuf, buffer, copy_size)) {
298                         errn = -EFAULT;
299                         goto error;
300                 }
301                 maxretry = 5;
302                 while (thistime) {
303                         if (!rio->rio_dev) {
304                                 errn = -ENODEV;
305                                 goto error;
306                         }
307                         if (signal_pending(current)) {
308                                 up(&(rio->lock));
309                                 return bytes_written ? bytes_written : -EINTR;
310                         }
311
312                         result = usb_bulk_msg(rio->rio_dev,
313                                          usb_sndbulkpipe(rio->rio_dev, 2),
314                                          obuf, thistime, &partial, 5000);
315
316                         dbg("write stats: result:%d thistime:%lu partial:%u",
317                              result, thistime, partial);
318
319                         if (result == -ETIMEDOUT) {     /* NAK - so hold for a while */
320                                 if (!maxretry--) {
321                                         errn = -ETIME;
322                                         goto error;
323                                 }
324                                 prepare_to_wait(&rio->wait_q, &wait, TASK_INTERRUPTIBLE);
325                                 schedule_timeout(NAK_TIMEOUT);
326                                 finish_wait(&rio->wait_q, &wait);
327                                 continue;
328                         } else if (!result && partial) {
329                                 obuf += partial;
330                                 thistime -= partial;
331                         } else
332                                 break;
333                 };
334                 if (result) {
335                         err("Write Whoops - %x", result);
336                         errn = -EIO;
337                         goto error;
338                 }
339                 bytes_written += copy_size;
340                 count -= copy_size;
341                 buffer += copy_size;
342         } while (count > 0);
343
344         up(&(rio->lock));
345
346         return bytes_written ? bytes_written : -EIO;
347
348 error:
349         up(&(rio->lock));
350         return errn;
351 }
352
353 static ssize_t
354 read_rio(struct file *file, char __user *buffer, size_t count, loff_t * ppos)
355 {
356         DEFINE_WAIT(wait);
357         struct rio_usb_data *rio = &rio_instance;
358         ssize_t read_count;
359         unsigned int partial;
360         int this_read;
361         int result;
362         int maxretry = 10;
363         char *ibuf;
364
365         down(&(rio->lock));
366         /* Sanity check to make sure rio is connected, powered, etc */
367         if ( rio == NULL ||
368              rio->present == 0 ||
369              rio->rio_dev == NULL )
370         {
371                 up(&(rio->lock));
372                 return -ENODEV;
373         }
374
375         ibuf = rio->ibuf;
376
377         read_count = 0;
378
379
380         while (count > 0) {
381                 if (signal_pending(current)) {
382                         up(&(rio->lock));
383                         return read_count ? read_count : -EINTR;
384                 }
385                 if (!rio->rio_dev) {
386                         up(&(rio->lock));
387                         return -ENODEV;
388                 }
389                 this_read = (count >= IBUF_SIZE) ? IBUF_SIZE : count;
390
391                 result = usb_bulk_msg(rio->rio_dev,
392                                       usb_rcvbulkpipe(rio->rio_dev, 1),
393                                       ibuf, this_read, &partial,
394                                       8000);
395
396                 dbg("read stats: result:%d this_read:%u partial:%u",
397                        result, this_read, partial);
398
399                 if (partial) {
400                         count = this_read = partial;
401                 } else if (result == -ETIMEDOUT || result == 15) {      /* FIXME: 15 ??? */
402                         if (!maxretry--) {
403                                 up(&(rio->lock));
404                                 err("read_rio: maxretry timeout");
405                                 return -ETIME;
406                         }
407                         prepare_to_wait(&rio->wait_q, &wait, TASK_INTERRUPTIBLE);
408                         schedule_timeout(NAK_TIMEOUT);
409                         finish_wait(&rio->wait_q, &wait);
410                         continue;
411                 } else if (result != -EREMOTEIO) {
412                         up(&(rio->lock));
413                         err("Read Whoops - result:%u partial:%u this_read:%u",
414                              result, partial, this_read);
415                         return -EIO;
416                 } else {
417                         up(&(rio->lock));
418                         return (0);
419                 }
420
421                 if (this_read) {
422                         if (copy_to_user(buffer, ibuf, this_read)) {
423                                 up(&(rio->lock));
424                                 return -EFAULT;
425                         }
426                         count -= this_read;
427                         read_count += this_read;
428                         buffer += this_read;
429                 }
430         }
431         up(&(rio->lock));
432         return read_count;
433 }
434
435 static struct
436 file_operations usb_rio_fops = {
437         .owner =        THIS_MODULE,
438         .read =         read_rio,
439         .write =        write_rio,
440         .ioctl =        ioctl_rio,
441         .open =         open_rio,
442         .release =      close_rio,
443 };
444
445 static struct usb_class_driver usb_rio_class = {
446         .name =         "rio500%d",
447         .fops =         &usb_rio_fops,
448         .minor_base =   RIO_MINOR,
449 };
450
451 static int probe_rio(struct usb_interface *intf,
452                      const struct usb_device_id *id)
453 {
454         struct usb_device *dev = interface_to_usbdev(intf);
455         struct rio_usb_data *rio = &rio_instance;
456         int retval;
457
458         info("USB Rio found at address %d", dev->devnum);
459
460         retval = usb_register_dev(intf, &usb_rio_class);
461         if (retval) {
462                 err("Not able to get a minor for this device.");
463                 return -ENOMEM;
464         }
465
466         rio->rio_dev = dev;
467
468         if (!(rio->obuf = kmalloc(OBUF_SIZE, GFP_KERNEL))) {
469                 err("probe_rio: Not enough memory for the output buffer");
470                 usb_deregister_dev(intf, &usb_rio_class);
471                 return -ENOMEM;
472         }
473         dbg("probe_rio: obuf address:%p", rio->obuf);
474
475         if (!(rio->ibuf = kmalloc(IBUF_SIZE, GFP_KERNEL))) {
476                 err("probe_rio: Not enough memory for the input buffer");
477                 usb_deregister_dev(intf, &usb_rio_class);
478                 kfree(rio->obuf);
479                 return -ENOMEM;
480         }
481         dbg("probe_rio: ibuf address:%p", rio->ibuf);
482
483         init_MUTEX(&(rio->lock));
484
485         usb_set_intfdata (intf, rio);
486         rio->present = 1;
487
488         return 0;
489 }
490
491 static void disconnect_rio(struct usb_interface *intf)
492 {
493         struct rio_usb_data *rio = usb_get_intfdata (intf);
494
495         usb_set_intfdata (intf, NULL);
496         if (rio) {
497                 usb_deregister_dev(intf, &usb_rio_class);
498
499                 down(&(rio->lock));
500                 if (rio->isopen) {
501                         rio->isopen = 0;
502                         /* better let it finish - the release will do whats needed */
503                         rio->rio_dev = NULL;
504                         up(&(rio->lock));
505                         return;
506                 }
507                 kfree(rio->ibuf);
508                 kfree(rio->obuf);
509
510                 info("USB Rio disconnected.");
511
512                 rio->present = 0;
513                 up(&(rio->lock));
514         }
515 }
516
517 static struct usb_device_id rio_table [] = {
518         { USB_DEVICE(0x0841, 1) },              /* Rio 500 */
519         { }                                     /* Terminating entry */
520 };
521
522 MODULE_DEVICE_TABLE (usb, rio_table);
523
524 static struct usb_driver rio_driver = {
525         .name =         "rio500",
526         .probe =        probe_rio,
527         .disconnect =   disconnect_rio,
528         .id_table =     rio_table,
529 };
530
531 static int __init usb_rio_init(void)
532 {
533         int retval;
534         retval = usb_register(&rio_driver);
535         if (retval)
536                 goto out;
537
538         info(DRIVER_VERSION ":" DRIVER_DESC);
539
540 out:
541         return retval;
542 }
543
544
545 static void __exit usb_rio_cleanup(void)
546 {
547         struct rio_usb_data *rio = &rio_instance;
548
549         rio->present = 0;
550         usb_deregister(&rio_driver);
551
552
553 }
554
555 module_init(usb_rio_init);
556 module_exit(usb_rio_cleanup);
557
558 MODULE_AUTHOR( DRIVER_AUTHOR );
559 MODULE_DESCRIPTION( DRIVER_DESC );
560 MODULE_LICENSE("GPL");
561