[SCSI] fix BUG when sum(scatterlist) > bufflen
[linux-2.6] / drivers / usb / misc / rio500.c
1 /* -*- linux-c -*- */
2
3 /* 
4  * Driver for USB Rio 500
5  *
6  * Cesar Miquel (miquel@df.uba.ar)
7  * 
8  * based on hp_scanner.c by David E. Nelson (dnelson@jump.net)
9  * 
10  * This program is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU General Public License as
12  * published by the Free Software Foundation; either version 2 of the
13  * License, or (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful, but
16  * WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  * General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with this program; if not, write to the Free Software
22  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23  *
24  * Based upon mouse.c (Brad Keryan) and printer.c (Michael Gee).
25  *
26  * Changelog:
27  * 30/05/2003  replaced lock/unlock kernel with up/down
28  *             Daniele Bellucci  bellucda@tiscali.it
29  * */
30
31 #include <linux/module.h>
32 #include <linux/kernel.h>
33 #include <linux/signal.h>
34 #include <linux/sched.h>
35 #include <linux/errno.h>
36 #include <linux/random.h>
37 #include <linux/poll.h>
38 #include <linux/init.h>
39 #include <linux/slab.h>
40 #include <linux/spinlock.h>
41 #include <linux/usb.h>
42 #include <linux/wait.h>
43
44 #include "rio500_usb.h"
45
46 /*
47  * Version Information
48  */
49 #define DRIVER_VERSION "v1.1"
50 #define DRIVER_AUTHOR "Cesar Miquel <miquel@df.uba.ar>"
51 #define DRIVER_DESC "USB Rio 500 driver"
52
53 #define RIO_MINOR       64
54
55 /* stall/wait timeout for rio */
56 #define NAK_TIMEOUT (HZ)
57
58 #define IBUF_SIZE 0x1000
59
60 /* Size of the rio buffer */
61 #define OBUF_SIZE 0x10000
62
63 struct rio_usb_data {
64         struct usb_device *rio_dev;     /* init: probe_rio */
65         unsigned int ifnum;             /* Interface number of the USB device */
66         int isopen;                     /* nz if open */
67         int present;                    /* Device is present on the bus */
68         char *obuf, *ibuf;              /* transfer buffers */
69         char bulk_in_ep, bulk_out_ep;   /* Endpoint assignments */
70         wait_queue_head_t wait_q;       /* for timeouts */
71         struct mutex lock;          /* general race avoidance */
72 };
73
74 static struct rio_usb_data rio_instance;
75
76 static int open_rio(struct inode *inode, struct file *file)
77 {
78         struct rio_usb_data *rio = &rio_instance;
79
80         mutex_lock(&(rio->lock));
81
82         if (rio->isopen || !rio->present) {
83                 mutex_unlock(&(rio->lock));
84                 return -EBUSY;
85         }
86         rio->isopen = 1;
87
88         init_waitqueue_head(&rio->wait_q);
89
90         mutex_unlock(&(rio->lock));
91
92         info("Rio opened.");
93
94         return 0;
95 }
96
97 static int close_rio(struct inode *inode, struct file *file)
98 {
99         struct rio_usb_data *rio = &rio_instance;
100
101         rio->isopen = 0;
102
103         info("Rio closed.");
104         return 0;
105 }
106
107 static int
108 ioctl_rio(struct inode *inode, struct file *file, unsigned int cmd,
109           unsigned long arg)
110 {
111         struct RioCommand rio_cmd;
112         struct rio_usb_data *rio = &rio_instance;
113         void __user *data;
114         unsigned char *buffer;
115         int result, requesttype;
116         int retries;
117         int retval=0;
118
119         mutex_lock(&(rio->lock));
120         /* Sanity check to make sure rio is connected, powered, etc */
121         if (rio->present == 0 || rio->rio_dev == NULL) {
122                 retval = -ENODEV;
123                 goto err_out;
124         }
125
126         switch (cmd) {
127         case RIO_RECV_COMMAND:
128                 data = (void __user *) arg;
129                 if (data == NULL)
130                         break;
131                 if (copy_from_user(&rio_cmd, data, sizeof(struct RioCommand))) {
132                         retval = -EFAULT;
133                         goto err_out;
134                 }
135                 if (rio_cmd.length < 0 || rio_cmd.length > PAGE_SIZE) {
136                         retval = -EINVAL;
137                         goto err_out;
138                 }
139                 buffer = (unsigned char *) __get_free_page(GFP_KERNEL);
140                 if (buffer == NULL) {
141                         retval = -ENOMEM;
142                         goto err_out;
143                 }
144                 if (copy_from_user(buffer, rio_cmd.buffer, rio_cmd.length)) {
145                         retval = -EFAULT;
146                         free_page((unsigned long) buffer);
147                         goto err_out;
148                 }
149
150                 requesttype = rio_cmd.requesttype | USB_DIR_IN |
151                     USB_TYPE_VENDOR | USB_RECIP_DEVICE;
152                 dbg
153                     ("sending command:reqtype=%0x req=%0x value=%0x index=%0x len=%0x",
154                      requesttype, rio_cmd.request, rio_cmd.value,
155                      rio_cmd.index, rio_cmd.length);
156                 /* Send rio control message */
157                 retries = 3;
158                 while (retries) {
159                         result = usb_control_msg(rio->rio_dev,
160                                                  usb_rcvctrlpipe(rio-> rio_dev, 0),
161                                                  rio_cmd.request,
162                                                  requesttype,
163                                                  rio_cmd.value,
164                                                  rio_cmd.index, buffer,
165                                                  rio_cmd.length,
166                                                  jiffies_to_msecs(rio_cmd.timeout));
167                         if (result == -ETIMEDOUT)
168                                 retries--;
169                         else if (result < 0) {
170                                 err("Error executing ioctrl. code = %d", result);
171                                 retries = 0;
172                         } else {
173                                 dbg("Executed ioctl. Result = %d (data=%02x)",
174                                      result, buffer[0]);
175                                 if (copy_to_user(rio_cmd.buffer, buffer,
176                                                  rio_cmd.length)) {
177                                         free_page((unsigned long) buffer);
178                                         retval = -EFAULT;
179                                         goto err_out;
180                                 }
181                                 retries = 0;
182                         }
183
184                         /* rio_cmd.buffer contains a raw stream of single byte
185                            data which has been returned from rio.  Data is
186                            interpreted at application level.  For data that
187                            will be cast to data types longer than 1 byte, data
188                            will be little_endian and will potentially need to
189                            be swapped at the app level */
190
191                 }
192                 free_page((unsigned long) buffer);
193                 break;
194
195         case RIO_SEND_COMMAND:
196                 data = (void __user *) arg;
197                 if (data == NULL)
198                         break;
199                 if (copy_from_user(&rio_cmd, data, sizeof(struct RioCommand))) {
200                         retval = -EFAULT;
201                         goto err_out;
202                 }
203                 if (rio_cmd.length < 0 || rio_cmd.length > PAGE_SIZE) {
204                         retval = -EINVAL;
205                         goto err_out;
206                 }
207                 buffer = (unsigned char *) __get_free_page(GFP_KERNEL);
208                 if (buffer == NULL) {
209                         retval = -ENOMEM;
210                         goto err_out;
211                 }
212                 if (copy_from_user(buffer, rio_cmd.buffer, rio_cmd.length)) {
213                         free_page((unsigned long)buffer);
214                         retval = -EFAULT;
215                         goto err_out;
216                 }
217
218                 requesttype = rio_cmd.requesttype | USB_DIR_OUT |
219                     USB_TYPE_VENDOR | USB_RECIP_DEVICE;
220                 dbg("sending command: reqtype=%0x req=%0x value=%0x index=%0x len=%0x",
221                      requesttype, rio_cmd.request, rio_cmd.value,
222                      rio_cmd.index, rio_cmd.length);
223                 /* Send rio control message */
224                 retries = 3;
225                 while (retries) {
226                         result = usb_control_msg(rio->rio_dev,
227                                                  usb_sndctrlpipe(rio-> rio_dev, 0),
228                                                  rio_cmd.request,
229                                                  requesttype,
230                                                  rio_cmd.value,
231                                                  rio_cmd.index, buffer,
232                                                  rio_cmd.length,
233                                                  jiffies_to_msecs(rio_cmd.timeout));
234                         if (result == -ETIMEDOUT)
235                                 retries--;
236                         else if (result < 0) {
237                                 err("Error executing ioctrl. code = %d", result);
238                                 retries = 0;
239                         } else {
240                                 dbg("Executed ioctl. Result = %d", result);
241                                 retries = 0;
242
243                         }
244
245                 }
246                 free_page((unsigned long) buffer);
247                 break;
248
249         default:
250                 retval = -ENOTTY;
251                 break;
252         }
253
254
255 err_out:
256         mutex_unlock(&(rio->lock));
257         return retval;
258 }
259
260 static ssize_t
261 write_rio(struct file *file, const char __user *buffer,
262           size_t count, loff_t * ppos)
263 {
264         DEFINE_WAIT(wait);
265         struct rio_usb_data *rio = &rio_instance;
266
267         unsigned long copy_size;
268         unsigned long bytes_written = 0;
269         unsigned int partial;
270
271         int result = 0;
272         int maxretry;
273         int errn = 0;
274         int intr;
275
276         intr = mutex_lock_interruptible(&(rio->lock));
277         if (intr)
278                 return -EINTR;
279         /* Sanity check to make sure rio is connected, powered, etc */
280         if (rio->present == 0 || rio->rio_dev == NULL) {
281                 mutex_unlock(&(rio->lock));
282                 return -ENODEV;
283         }
284
285
286
287         do {
288                 unsigned long thistime;
289                 char *obuf = rio->obuf;
290
291                 thistime = copy_size =
292                     (count >= OBUF_SIZE) ? OBUF_SIZE : count;
293                 if (copy_from_user(rio->obuf, buffer, copy_size)) {
294                         errn = -EFAULT;
295                         goto error;
296                 }
297                 maxretry = 5;
298                 while (thistime) {
299                         if (!rio->rio_dev) {
300                                 errn = -ENODEV;
301                                 goto error;
302                         }
303                         if (signal_pending(current)) {
304                                 mutex_unlock(&(rio->lock));
305                                 return bytes_written ? bytes_written : -EINTR;
306                         }
307
308                         result = usb_bulk_msg(rio->rio_dev,
309                                          usb_sndbulkpipe(rio->rio_dev, 2),
310                                          obuf, thistime, &partial, 5000);
311
312                         dbg("write stats: result:%d thistime:%lu partial:%u",
313                              result, thistime, partial);
314
315                         if (result == -ETIMEDOUT) {     /* NAK - so hold for a while */
316                                 if (!maxretry--) {
317                                         errn = -ETIME;
318                                         goto error;
319                                 }
320                                 prepare_to_wait(&rio->wait_q, &wait, TASK_INTERRUPTIBLE);
321                                 schedule_timeout(NAK_TIMEOUT);
322                                 finish_wait(&rio->wait_q, &wait);
323                                 continue;
324                         } else if (!result && partial) {
325                                 obuf += partial;
326                                 thistime -= partial;
327                         } else
328                                 break;
329                 };
330                 if (result) {
331                         err("Write Whoops - %x", result);
332                         errn = -EIO;
333                         goto error;
334                 }
335                 bytes_written += copy_size;
336                 count -= copy_size;
337                 buffer += copy_size;
338         } while (count > 0);
339
340         mutex_unlock(&(rio->lock));
341
342         return bytes_written ? bytes_written : -EIO;
343
344 error:
345         mutex_unlock(&(rio->lock));
346         return errn;
347 }
348
349 static ssize_t
350 read_rio(struct file *file, char __user *buffer, size_t count, loff_t * ppos)
351 {
352         DEFINE_WAIT(wait);
353         struct rio_usb_data *rio = &rio_instance;
354         ssize_t read_count;
355         unsigned int partial;
356         int this_read;
357         int result;
358         int maxretry = 10;
359         char *ibuf;
360         int intr;
361
362         intr = mutex_lock_interruptible(&(rio->lock));
363         if (intr)
364                 return -EINTR;
365         /* Sanity check to make sure rio is connected, powered, etc */
366         if (rio->present == 0 || rio->rio_dev == NULL) {
367                 mutex_unlock(&(rio->lock));
368                 return -ENODEV;
369         }
370
371         ibuf = rio->ibuf;
372
373         read_count = 0;
374
375
376         while (count > 0) {
377                 if (signal_pending(current)) {
378                         mutex_unlock(&(rio->lock));
379                         return read_count ? read_count : -EINTR;
380                 }
381                 if (!rio->rio_dev) {
382                         mutex_unlock(&(rio->lock));
383                         return -ENODEV;
384                 }
385                 this_read = (count >= IBUF_SIZE) ? IBUF_SIZE : count;
386
387                 result = usb_bulk_msg(rio->rio_dev,
388                                       usb_rcvbulkpipe(rio->rio_dev, 1),
389                                       ibuf, this_read, &partial,
390                                       8000);
391
392                 dbg("read stats: result:%d this_read:%u partial:%u",
393                        result, this_read, partial);
394
395                 if (partial) {
396                         count = this_read = partial;
397                 } else if (result == -ETIMEDOUT || result == 15) {      /* FIXME: 15 ??? */
398                         if (!maxretry--) {
399                                 mutex_unlock(&(rio->lock));
400                                 err("read_rio: maxretry timeout");
401                                 return -ETIME;
402                         }
403                         prepare_to_wait(&rio->wait_q, &wait, TASK_INTERRUPTIBLE);
404                         schedule_timeout(NAK_TIMEOUT);
405                         finish_wait(&rio->wait_q, &wait);
406                         continue;
407                 } else if (result != -EREMOTEIO) {
408                         mutex_unlock(&(rio->lock));
409                         err("Read Whoops - result:%u partial:%u this_read:%u",
410                              result, partial, this_read);
411                         return -EIO;
412                 } else {
413                         mutex_unlock(&(rio->lock));
414                         return (0);
415                 }
416
417                 if (this_read) {
418                         if (copy_to_user(buffer, ibuf, this_read)) {
419                                 mutex_unlock(&(rio->lock));
420                                 return -EFAULT;
421                         }
422                         count -= this_read;
423                         read_count += this_read;
424                         buffer += this_read;
425                 }
426         }
427         mutex_unlock(&(rio->lock));
428         return read_count;
429 }
430
431 static struct
432 file_operations usb_rio_fops = {
433         .owner =        THIS_MODULE,
434         .read =         read_rio,
435         .write =        write_rio,
436         .ioctl =        ioctl_rio,
437         .open =         open_rio,
438         .release =      close_rio,
439 };
440
441 static struct usb_class_driver usb_rio_class = {
442         .name =         "rio500%d",
443         .fops =         &usb_rio_fops,
444         .minor_base =   RIO_MINOR,
445 };
446
447 static int probe_rio(struct usb_interface *intf,
448                      const struct usb_device_id *id)
449 {
450         struct usb_device *dev = interface_to_usbdev(intf);
451         struct rio_usb_data *rio = &rio_instance;
452         int retval;
453
454         info("USB Rio found at address %d", dev->devnum);
455
456         retval = usb_register_dev(intf, &usb_rio_class);
457         if (retval) {
458                 err("Not able to get a minor for this device.");
459                 return -ENOMEM;
460         }
461
462         rio->rio_dev = dev;
463
464         if (!(rio->obuf = kmalloc(OBUF_SIZE, GFP_KERNEL))) {
465                 err("probe_rio: Not enough memory for the output buffer");
466                 usb_deregister_dev(intf, &usb_rio_class);
467                 return -ENOMEM;
468         }
469         dbg("probe_rio: obuf address:%p", rio->obuf);
470
471         if (!(rio->ibuf = kmalloc(IBUF_SIZE, GFP_KERNEL))) {
472                 err("probe_rio: Not enough memory for the input buffer");
473                 usb_deregister_dev(intf, &usb_rio_class);
474                 kfree(rio->obuf);
475                 return -ENOMEM;
476         }
477         dbg("probe_rio: ibuf address:%p", rio->ibuf);
478
479         mutex_init(&(rio->lock));
480
481         usb_set_intfdata (intf, rio);
482         rio->present = 1;
483
484         return 0;
485 }
486
487 static void disconnect_rio(struct usb_interface *intf)
488 {
489         struct rio_usb_data *rio = usb_get_intfdata (intf);
490
491         usb_set_intfdata (intf, NULL);
492         if (rio) {
493                 usb_deregister_dev(intf, &usb_rio_class);
494
495                 mutex_lock(&(rio->lock));
496                 if (rio->isopen) {
497                         rio->isopen = 0;
498                         /* better let it finish - the release will do whats needed */
499                         rio->rio_dev = NULL;
500                         mutex_unlock(&(rio->lock));
501                         return;
502                 }
503                 kfree(rio->ibuf);
504                 kfree(rio->obuf);
505
506                 info("USB Rio disconnected.");
507
508                 rio->present = 0;
509                 mutex_unlock(&(rio->lock));
510         }
511 }
512
513 static struct usb_device_id rio_table [] = {
514         { USB_DEVICE(0x0841, 1) },              /* Rio 500 */
515         { }                                     /* Terminating entry */
516 };
517
518 MODULE_DEVICE_TABLE (usb, rio_table);
519
520 static struct usb_driver rio_driver = {
521         .name =         "rio500",
522         .probe =        probe_rio,
523         .disconnect =   disconnect_rio,
524         .id_table =     rio_table,
525 };
526
527 static int __init usb_rio_init(void)
528 {
529         int retval;
530         retval = usb_register(&rio_driver);
531         if (retval)
532                 goto out;
533
534         info(DRIVER_VERSION ":" DRIVER_DESC);
535
536 out:
537         return retval;
538 }
539
540
541 static void __exit usb_rio_cleanup(void)
542 {
543         struct rio_usb_data *rio = &rio_instance;
544
545         rio->present = 0;
546         usb_deregister(&rio_driver);
547
548
549 }
550
551 module_init(usb_rio_init);
552 module_exit(usb_rio_cleanup);
553
554 MODULE_AUTHOR( DRIVER_AUTHOR );
555 MODULE_DESCRIPTION( DRIVER_DESC );
556 MODULE_LICENSE("GPL");
557