cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

mdc800.c (24129B)


      1// SPDX-License-Identifier: GPL-2.0+
      2/*
      3 * copyright (C) 1999/2000 by Henning Zabel <henning@uni-paderborn.de>
      4 */
      5
      6
      7/*
      8 *	USB-Kernel Driver for the Mustek MDC800 Digital Camera
      9 *	(c) 1999/2000 Henning Zabel <henning@uni-paderborn.de>
     10 *
     11 *
     12 * The driver brings the USB functions of the MDC800 to Linux.
     13 * To use the Camera you must support the USB Protocol of the camera
     14 * to the Kernel Node.
     15 * The Driver uses a misc device Node. Create it with :
     16 * mknod /dev/mustek c 180 32
     17 *
     18 * The driver supports only one camera.
     19 * 
     20 * Fix: mdc800 used sleep_on and slept with io_lock held.
     21 * Converted sleep_on to waitqueues with schedule_timeout and made io_lock
     22 * a semaphore from a spinlock.
     23 * by Oliver Neukum <oliver@neukum.name>
     24 * (02/12/2001)
     25 * 
     26 * Identify version on module load.
     27 * (08/04/2001) gb
     28 *
     29 * version 0.7.5
     30 * Fixed potential SMP races with Spinlocks.
     31 * Thanks to Oliver Neukum <oliver@neukum.name> who 
     32 * noticed the race conditions.
     33 * (30/10/2000)
     34 *
     35 * Fixed: Setting urb->dev before submitting urb.
     36 * by Greg KH <greg@kroah.com>
     37 * (13/10/2000)
     38 *
     39 * version 0.7.3
     40 * bugfix : The mdc800->state field gets set to READY after the
     41 * the disconnect function sets it to NOT_CONNECTED. This makes the
     42 * driver running like the camera is connected and causes some
     43 * hang ups.
     44 *
     45 * version 0.7.1
     46 * MOD_INC and MOD_DEC are changed in usb_probe to prevent load/unload
     47 * problems when compiled as Module.
     48 * (04/04/2000)
     49 *
     50 * The mdc800 driver gets assigned the USB Minor 32-47. The Registration
     51 * was updated to use these values.
     52 * (26/03/2000)
     53 *
     54 * The Init und Exit Module Function are updated.
     55 * (01/03/2000)
     56 *
     57 * version 0.7.0
     58 * Rewrite of the driver : The driver now uses URB's. The old stuff
     59 * has been removed.
     60 *
     61 * version 0.6.0
     62 * Rewrite of this driver: The Emulation of the rs232 protocoll
     63 * has been removed from the driver. A special executeCommand function
     64 * for this driver is included to gphoto.
     65 * The driver supports two kind of communication to bulk endpoints.
     66 * Either with the dev->bus->ops->bulk... or with callback function.
     67 * (09/11/1999)
     68 *
     69 * version 0.5.0:
     70 * first Version that gets a version number. Most of the needed
     71 * functions work.
     72 * (20/10/1999)
     73 */
     74
     75#include <linux/sched/signal.h>
     76#include <linux/signal.h>
     77#include <linux/spinlock.h>
     78#include <linux/errno.h>
     79#include <linux/random.h>
     80#include <linux/poll.h>
     81#include <linux/init.h>
     82#include <linux/slab.h>
     83#include <linux/module.h>
     84#include <linux/wait.h>
     85#include <linux/mutex.h>
     86
     87#include <linux/usb.h>
     88#include <linux/fs.h>
     89
     90/*
     91 * Version Information
     92 */
     93#define DRIVER_VERSION "v0.7.5 (30/10/2000)"
     94#define DRIVER_AUTHOR "Henning Zabel <henning@uni-paderborn.de>"
     95#define DRIVER_DESC "USB Driver for Mustek MDC800 Digital Camera"
     96
     97/* Vendor and Product Information */
     98#define MDC800_VENDOR_ID 	0x055f
     99#define MDC800_PRODUCT_ID	0xa800
    100
    101/* Timeouts (msec) */
    102#define TO_DOWNLOAD_GET_READY		1500
    103#define TO_DOWNLOAD_GET_BUSY		1500
    104#define TO_WRITE_GET_READY		1000
    105#define TO_DEFAULT_COMMAND		5000
    106#define TO_READ_FROM_IRQ 		TO_DEFAULT_COMMAND
    107#define TO_GET_READY			TO_DEFAULT_COMMAND
    108
    109/* Minor Number of the device (create with mknod /dev/mustek c 180 32) */
    110#define MDC800_DEVICE_MINOR_BASE 32
    111
    112
    113/**************************************************************************
    114	Data and structs
    115***************************************************************************/
    116
    117
    118typedef enum {
    119	NOT_CONNECTED, READY, WORKING, DOWNLOAD
    120} mdc800_state;
    121
    122
    123/* Data for the driver */
    124struct mdc800_data
    125{
    126	struct usb_device *	dev;			// Device Data
    127	mdc800_state 		state;
    128
    129	unsigned int		endpoint [4];
    130
    131	struct urb *		irq_urb;
    132	wait_queue_head_t	irq_wait;
    133	int			irq_woken;
    134	char*			irq_urb_buffer;
    135
    136	int			camera_busy;          // is camera busy ?
    137	int 			camera_request_ready; // Status to synchronize with irq
    138	char 			camera_response [8];  // last Bytes send after busy
    139
    140	struct urb *   		write_urb;
    141	char*			write_urb_buffer;
    142	wait_queue_head_t	write_wait;
    143	int			written;
    144
    145
    146	struct urb *   		download_urb;
    147	char*			download_urb_buffer;
    148	wait_queue_head_t	download_wait;
    149	int			downloaded;
    150	int			download_left;		// Bytes left to download ?
    151
    152
    153	/* Device Data */
    154	char			out [64];	// Answer Buffer
    155	int 			out_ptr;	// Index to the first not readen byte
    156	int			out_count;	// Bytes in the buffer
    157
    158	int			open;		// Camera device open ?
    159	struct mutex		io_lock;	// IO -lock
    160
    161	char 			in [8];		// Command Input Buffer
    162	int  			in_count;
    163
    164	int			pic_index;	// Cache for the Imagesize (-1 for nothing cached )
    165	int			pic_len;
    166	int			minor;
    167};
    168
    169
    170/* Specification of the Endpoints */
    171static struct usb_endpoint_descriptor mdc800_ed [4] =
    172{
    173	{ 
    174		.bLength = 		0,
    175		.bDescriptorType =	0,
    176		.bEndpointAddress =	0x01,
    177		.bmAttributes = 	0x02,
    178		.wMaxPacketSize =	cpu_to_le16(8),
    179		.bInterval = 		0,
    180		.bRefresh = 		0,
    181		.bSynchAddress = 	0,
    182	},
    183	{
    184		.bLength = 		0,
    185		.bDescriptorType = 	0,
    186		.bEndpointAddress = 	0x82,
    187		.bmAttributes = 	0x03,
    188		.wMaxPacketSize = 	cpu_to_le16(8),
    189		.bInterval = 		0,
    190		.bRefresh = 		0,
    191		.bSynchAddress = 	0,
    192	},
    193	{
    194		.bLength = 		0,
    195		.bDescriptorType = 	0,
    196		.bEndpointAddress = 	0x03,
    197		.bmAttributes = 	0x02,
    198		.wMaxPacketSize = 	cpu_to_le16(64),
    199		.bInterval = 		0,
    200		.bRefresh = 		0,
    201		.bSynchAddress = 	0,
    202	},
    203	{
    204		.bLength = 		0,
    205		.bDescriptorType = 	0,
    206		.bEndpointAddress = 	0x84,
    207		.bmAttributes = 	0x02,
    208		.wMaxPacketSize = 	cpu_to_le16(64),
    209		.bInterval = 		0,
    210		.bRefresh = 		0,
    211		.bSynchAddress = 	0,
    212	},
    213};
    214
    215/* The Variable used by the driver */
    216static struct mdc800_data* mdc800;
    217
    218
    219/***************************************************************************
    220	The USB Part of the driver
    221****************************************************************************/
    222
    223static int mdc800_endpoint_equals (struct usb_endpoint_descriptor *a,struct usb_endpoint_descriptor *b)
    224{
    225	return (
    226		   ( a->bEndpointAddress == b->bEndpointAddress )
    227		&& ( a->bmAttributes     == b->bmAttributes     )
    228		&& ( a->wMaxPacketSize   == b->wMaxPacketSize   )
    229	);
    230}
    231
    232
    233/*
    234 * Checks whether the camera responds busy
    235 */
    236static int mdc800_isBusy (char* ch)
    237{
    238	int i=0;
    239	while (i<8)
    240	{
    241		if (ch [i] != (char)0x99)
    242			return 0;
    243		i++;
    244	}
    245	return 1;
    246}
    247
    248
    249/*
    250 * Checks whether the Camera is ready
    251 */
    252static int mdc800_isReady (char *ch)
    253{
    254	int i=0;
    255	while (i<8)
    256	{
    257		if (ch [i] != (char)0xbb)
    258			return 0;
    259		i++;
    260	}
    261	return 1;
    262}
    263
    264
    265
    266/*
    267 * USB IRQ Handler for InputLine
    268 */
    269static void mdc800_usb_irq (struct urb *urb)
    270{
    271	int data_received=0, wake_up;
    272	unsigned char* b=urb->transfer_buffer;
    273	struct mdc800_data* mdc800=urb->context;
    274	struct device *dev = &mdc800->dev->dev;
    275	int status = urb->status;
    276
    277	if (status >= 0) {
    278		if (mdc800_isBusy (b))
    279		{
    280			if (!mdc800->camera_busy)
    281			{
    282				mdc800->camera_busy=1;
    283				dev_dbg(dev, "gets busy\n");
    284			}
    285		}
    286		else
    287		{
    288			if (mdc800->camera_busy && mdc800_isReady (b))
    289			{
    290				mdc800->camera_busy=0;
    291				dev_dbg(dev, "gets ready\n");
    292			}
    293		}
    294		if (!(mdc800_isBusy (b) || mdc800_isReady (b)))
    295		{
    296			/* Store Data in camera_answer field */
    297			dev_dbg(dev, "%i %i %i %i %i %i %i %i \n",b[0],b[1],b[2],b[3],b[4],b[5],b[6],b[7]);
    298
    299			memcpy (mdc800->camera_response,b,8);
    300			data_received=1;
    301		}
    302	}
    303	wake_up= ( mdc800->camera_request_ready > 0 )
    304		&&
    305		(
    306			((mdc800->camera_request_ready == 1) && (!mdc800->camera_busy))
    307		||
    308			((mdc800->camera_request_ready == 2) && data_received)
    309		||
    310			((mdc800->camera_request_ready == 3) && (mdc800->camera_busy))
    311		||
    312			(status < 0)
    313		);
    314
    315	if (wake_up)
    316	{
    317		mdc800->camera_request_ready=0;
    318		mdc800->irq_woken=1;
    319		wake_up (&mdc800->irq_wait);
    320	}
    321}
    322
    323
    324/*
    325 * Waits a while until the irq responds that camera is ready
    326 *
    327 *  mode : 0: Wait for camera gets ready
    328 *         1: Wait for receiving data
    329 *         2: Wait for camera gets busy
    330 *
    331 * msec: Time to wait
    332 */
    333static int mdc800_usb_waitForIRQ (int mode, int msec)
    334{
    335	mdc800->camera_request_ready=1+mode;
    336
    337	wait_event_timeout(mdc800->irq_wait, mdc800->irq_woken,
    338			   msecs_to_jiffies(msec));
    339	mdc800->irq_woken = 0;
    340
    341	if (mdc800->camera_request_ready>0)
    342	{
    343		mdc800->camera_request_ready=0;
    344		dev_err(&mdc800->dev->dev, "timeout waiting for camera.\n");
    345		return -1;
    346	}
    347	
    348	if (mdc800->state == NOT_CONNECTED)
    349	{
    350		printk(KERN_WARNING "mdc800: Camera gets disconnected "
    351		       "during waiting for irq.\n");
    352		mdc800->camera_request_ready=0;
    353		return -2;
    354	}
    355	
    356	return 0;
    357}
    358
    359
    360/*
    361 * The write_urb callback function
    362 */
    363static void mdc800_usb_write_notify (struct urb *urb)
    364{
    365	struct mdc800_data* mdc800=urb->context;
    366	int status = urb->status;
    367
    368	if (status != 0)
    369		dev_err(&mdc800->dev->dev,
    370			"writing command fails (status=%i)\n", status);
    371	else
    372		mdc800->state=READY;
    373	mdc800->written = 1;
    374	wake_up (&mdc800->write_wait);
    375}
    376
    377
    378/*
    379 * The download_urb callback function
    380 */
    381static void mdc800_usb_download_notify (struct urb *urb)
    382{
    383	struct mdc800_data* mdc800=urb->context;
    384	int status = urb->status;
    385
    386	if (status == 0) {
    387		/* Fill output buffer with these data */
    388		memcpy (mdc800->out,  urb->transfer_buffer, 64);
    389		mdc800->out_count=64;
    390		mdc800->out_ptr=0;
    391		mdc800->download_left-=64;
    392		if (mdc800->download_left == 0)
    393		{
    394			mdc800->state=READY;
    395		}
    396	} else {
    397		dev_err(&mdc800->dev->dev,
    398			"request bytes fails (status:%i)\n", status);
    399	}
    400	mdc800->downloaded = 1;
    401	wake_up (&mdc800->download_wait);
    402}
    403
    404
    405/***************************************************************************
    406	Probing for the Camera
    407 ***************************************************************************/
    408
    409static struct usb_driver mdc800_usb_driver;
    410static const struct file_operations mdc800_device_ops;
    411static struct usb_class_driver mdc800_class = {
    412	.name =		"mdc800%d",
    413	.fops =		&mdc800_device_ops,
    414	.minor_base =	MDC800_DEVICE_MINOR_BASE,
    415};
    416
    417
    418/*
    419 * Callback to search the Mustek MDC800 on the USB Bus
    420 */
    421static int mdc800_usb_probe (struct usb_interface *intf,
    422			       const struct usb_device_id *id)
    423{
    424	int i,j;
    425	struct usb_host_interface *intf_desc;
    426	struct usb_device *dev = interface_to_usbdev (intf);
    427	int irq_interval=0;
    428	int retval;
    429
    430	dev_dbg(&intf->dev, "(%s) called.\n", __func__);
    431
    432
    433	if (mdc800->dev != NULL)
    434	{
    435		dev_warn(&intf->dev, "only one Mustek MDC800 is supported.\n");
    436		return -ENODEV;
    437	}
    438
    439	if (dev->descriptor.bNumConfigurations != 1)
    440	{
    441		dev_err(&intf->dev,
    442			"probe fails -> wrong Number of Configuration\n");
    443		return -ENODEV;
    444	}
    445	intf_desc = intf->cur_altsetting;
    446
    447	if (
    448			( intf_desc->desc.bInterfaceClass != 0xff )
    449		||	( intf_desc->desc.bInterfaceSubClass != 0 )
    450		|| ( intf_desc->desc.bInterfaceProtocol != 0 )
    451		|| ( intf_desc->desc.bNumEndpoints != 4)
    452	)
    453	{
    454		dev_err(&intf->dev, "probe fails -> wrong Interface\n");
    455		return -ENODEV;
    456	}
    457
    458	/* Check the Endpoints */
    459	for (i=0; i<4; i++)
    460	{
    461		mdc800->endpoint[i]=-1;
    462		for (j=0; j<4; j++)
    463		{
    464			if (mdc800_endpoint_equals (&intf_desc->endpoint [j].desc,&mdc800_ed [i]))
    465			{
    466				mdc800->endpoint[i]=intf_desc->endpoint [j].desc.bEndpointAddress ;
    467				if (i==1)
    468				{
    469					irq_interval=intf_desc->endpoint [j].desc.bInterval;
    470				}
    471			}
    472		}
    473		if (mdc800->endpoint[i] == -1)
    474		{
    475			dev_err(&intf->dev, "probe fails -> Wrong Endpoints.\n");
    476			return -ENODEV;
    477		}
    478	}
    479
    480
    481	dev_info(&intf->dev, "Found Mustek MDC800 on USB.\n");
    482
    483	mutex_lock(&mdc800->io_lock);
    484
    485	retval = usb_register_dev(intf, &mdc800_class);
    486	if (retval) {
    487		dev_err(&intf->dev, "Not able to get a minor for this device.\n");
    488		mutex_unlock(&mdc800->io_lock);
    489		return -ENODEV;
    490	}
    491
    492	mdc800->dev=dev;
    493	mdc800->open=0;
    494
    495	/* Setup URB Structs */
    496	usb_fill_int_urb (
    497		mdc800->irq_urb,
    498		mdc800->dev,
    499		usb_rcvintpipe (mdc800->dev,mdc800->endpoint [1]),
    500		mdc800->irq_urb_buffer,
    501		8,
    502		mdc800_usb_irq,
    503		mdc800,
    504		irq_interval
    505	);
    506
    507	usb_fill_bulk_urb (
    508		mdc800->write_urb,
    509		mdc800->dev,
    510		usb_sndbulkpipe (mdc800->dev, mdc800->endpoint[0]),
    511		mdc800->write_urb_buffer,
    512		8,
    513		mdc800_usb_write_notify,
    514		mdc800
    515	);
    516
    517	usb_fill_bulk_urb (
    518		mdc800->download_urb,
    519		mdc800->dev,
    520		usb_rcvbulkpipe (mdc800->dev, mdc800->endpoint [3]),
    521		mdc800->download_urb_buffer,
    522		64,
    523		mdc800_usb_download_notify,
    524		mdc800
    525	);
    526
    527	mdc800->state=READY;
    528
    529	mutex_unlock(&mdc800->io_lock);
    530	
    531	usb_set_intfdata(intf, mdc800);
    532	return 0;
    533}
    534
    535
    536/*
    537 * Disconnect USB device (maybe the MDC800)
    538 */
    539static void mdc800_usb_disconnect (struct usb_interface *intf)
    540{
    541	struct mdc800_data* mdc800 = usb_get_intfdata(intf);
    542
    543	dev_dbg(&intf->dev, "(%s) called\n", __func__);
    544
    545	if (mdc800) {
    546		if (mdc800->state == NOT_CONNECTED)
    547			return;
    548
    549		usb_deregister_dev(intf, &mdc800_class);
    550
    551		/* must be under lock to make sure no URB
    552		   is submitted after usb_kill_urb() */
    553		mutex_lock(&mdc800->io_lock);
    554		mdc800->state=NOT_CONNECTED;
    555
    556		usb_kill_urb(mdc800->irq_urb);
    557		usb_kill_urb(mdc800->write_urb);
    558		usb_kill_urb(mdc800->download_urb);
    559		mutex_unlock(&mdc800->io_lock);
    560
    561		mdc800->dev = NULL;
    562		usb_set_intfdata(intf, NULL);
    563	}
    564	dev_info(&intf->dev, "Mustek MDC800 disconnected from USB.\n");
    565}
    566
    567
    568/***************************************************************************
    569	The Misc device Part (file_operations)
    570****************************************************************************/
    571
    572/*
    573 * This Function calc the Answersize for a command.
    574 */
    575static int mdc800_getAnswerSize (char command)
    576{
    577	switch ((unsigned char) command)
    578	{
    579		case 0x2a:
    580		case 0x49:
    581		case 0x51:
    582		case 0x0d:
    583		case 0x20:
    584		case 0x07:
    585		case 0x01:
    586		case 0x25:
    587		case 0x00:
    588			return 8;
    589
    590		case 0x05:
    591		case 0x3e:
    592			return mdc800->pic_len;
    593
    594		case 0x09:
    595			return 4096;
    596
    597		default:
    598			return 0;
    599	}
    600}
    601
    602
    603/*
    604 * Init the device: (1) alloc mem (2) Increase MOD Count ..
    605 */
    606static int mdc800_device_open (struct inode* inode, struct file *file)
    607{
    608	int retval=0;
    609	int errn=0;
    610
    611	mutex_lock(&mdc800->io_lock);
    612	
    613	if (mdc800->state == NOT_CONNECTED)
    614	{
    615		errn=-EBUSY;
    616		goto error_out;
    617	}
    618	if (mdc800->open)
    619	{
    620		errn=-EBUSY;
    621		goto error_out;
    622	}
    623
    624	mdc800->in_count=0;
    625	mdc800->out_count=0;
    626	mdc800->out_ptr=0;
    627	mdc800->pic_index=0;
    628	mdc800->pic_len=-1;
    629	mdc800->download_left=0;
    630
    631	mdc800->camera_busy=0;
    632	mdc800->camera_request_ready=0;
    633
    634	retval=0;
    635	mdc800->irq_urb->dev = mdc800->dev;
    636	retval = usb_submit_urb (mdc800->irq_urb, GFP_KERNEL);
    637	if (retval) {
    638		dev_err(&mdc800->dev->dev,
    639			"request USB irq fails (submit_retval=%i).\n", retval);
    640		errn = -EIO;
    641		goto error_out;
    642	}
    643
    644	mdc800->open=1;
    645	dev_dbg(&mdc800->dev->dev, "Mustek MDC800 device opened.\n");
    646
    647error_out:
    648	mutex_unlock(&mdc800->io_lock);
    649	return errn;
    650}
    651
    652
    653/*
    654 * Close the Camera and release Memory
    655 */
    656static int mdc800_device_release (struct inode* inode, struct file *file)
    657{
    658	int retval=0;
    659
    660	mutex_lock(&mdc800->io_lock);
    661	if (mdc800->open && (mdc800->state != NOT_CONNECTED))
    662	{
    663		usb_kill_urb(mdc800->irq_urb);
    664		usb_kill_urb(mdc800->write_urb);
    665		usb_kill_urb(mdc800->download_urb);
    666		mdc800->open=0;
    667	}
    668	else
    669	{
    670		retval=-EIO;
    671	}
    672
    673	mutex_unlock(&mdc800->io_lock);
    674	return retval;
    675}
    676
    677
    678/*
    679 * The Device read callback Function
    680 */
    681static ssize_t mdc800_device_read (struct file *file, char __user *buf, size_t len, loff_t *pos)
    682{
    683	size_t left=len, sts=len; /* single transfer size */
    684	char __user *ptr = buf;
    685	int retval;
    686
    687	mutex_lock(&mdc800->io_lock);
    688	if (mdc800->state == NOT_CONNECTED)
    689	{
    690		mutex_unlock(&mdc800->io_lock);
    691		return -EBUSY;
    692	}
    693	if (mdc800->state == WORKING)
    694	{
    695		printk(KERN_WARNING "mdc800: Illegal State \"working\""
    696		       "reached during read ?!\n");
    697		mutex_unlock(&mdc800->io_lock);
    698		return -EBUSY;
    699	}
    700	if (!mdc800->open)
    701	{
    702		mutex_unlock(&mdc800->io_lock);
    703		return -EBUSY;
    704	}
    705
    706	while (left)
    707	{
    708		if (signal_pending (current)) 
    709		{
    710			mutex_unlock(&mdc800->io_lock);
    711			return -EINTR;
    712		}
    713
    714		sts=left > (mdc800->out_count-mdc800->out_ptr)?mdc800->out_count-mdc800->out_ptr:left;
    715
    716		if (sts <= 0)
    717		{
    718			/* Too less Data in buffer */
    719			if (mdc800->state == DOWNLOAD)
    720			{
    721				mdc800->out_count=0;
    722				mdc800->out_ptr=0;
    723
    724				/* Download -> Request new bytes */
    725				mdc800->download_urb->dev = mdc800->dev;
    726				retval = usb_submit_urb (mdc800->download_urb, GFP_KERNEL);
    727				if (retval) {
    728					dev_err(&mdc800->dev->dev,
    729						"Can't submit download urb "
    730						"(retval=%i)\n", retval);
    731					mutex_unlock(&mdc800->io_lock);
    732					return len-left;
    733				}
    734				wait_event_timeout(mdc800->download_wait,
    735				     mdc800->downloaded,
    736				     msecs_to_jiffies(TO_DOWNLOAD_GET_READY));
    737				mdc800->downloaded = 0;
    738				if (mdc800->download_urb->status != 0)
    739				{
    740					dev_err(&mdc800->dev->dev,
    741						"request download-bytes fails "
    742						"(status=%i)\n",
    743						mdc800->download_urb->status);
    744					mutex_unlock(&mdc800->io_lock);
    745					return len-left;
    746				}
    747			}
    748			else
    749			{
    750				/* No more bytes -> that's an error*/
    751				mutex_unlock(&mdc800->io_lock);
    752				return -EIO;
    753			}
    754		}
    755		else
    756		{
    757			/* Copy Bytes */
    758			if (copy_to_user(ptr, &mdc800->out [mdc800->out_ptr],
    759						sts)) {
    760				mutex_unlock(&mdc800->io_lock);
    761				return -EFAULT;
    762			}
    763			ptr+=sts;
    764			left-=sts;
    765			mdc800->out_ptr+=sts;
    766		}
    767	}
    768
    769	mutex_unlock(&mdc800->io_lock);
    770	return len-left;
    771}
    772
    773
    774/*
    775 * The Device write callback Function
    776 * If a 8Byte Command is received, it will be send to the camera.
    777 * After this the driver initiates the request for the answer or
    778 * just waits until the camera becomes ready.
    779 */
    780static ssize_t mdc800_device_write (struct file *file, const char __user *buf, size_t len, loff_t *pos)
    781{
    782	size_t i=0;
    783	int retval;
    784
    785	mutex_lock(&mdc800->io_lock);
    786	if (mdc800->state != READY)
    787	{
    788		mutex_unlock(&mdc800->io_lock);
    789		return -EBUSY;
    790	}
    791	if (!mdc800->open )
    792	{
    793		mutex_unlock(&mdc800->io_lock);
    794		return -EBUSY;
    795	}
    796
    797	while (i<len)
    798	{
    799		unsigned char c;
    800		if (signal_pending (current)) 
    801		{
    802			mutex_unlock(&mdc800->io_lock);
    803			return -EINTR;
    804		}
    805		
    806		if(get_user(c, buf+i))
    807		{
    808			mutex_unlock(&mdc800->io_lock);
    809			return -EFAULT;
    810		}
    811
    812		/* check for command start */
    813		if (c == 0x55)
    814		{
    815			mdc800->in_count=0;
    816			mdc800->out_count=0;
    817			mdc800->out_ptr=0;
    818			mdc800->download_left=0;
    819		}
    820
    821		/* save command byte */
    822		if (mdc800->in_count < 8)
    823		{
    824			mdc800->in[mdc800->in_count] = c;
    825			mdc800->in_count++;
    826		}
    827		else
    828		{
    829			mutex_unlock(&mdc800->io_lock);
    830			return -EIO;
    831		}
    832
    833		/* Command Buffer full ? -> send it to camera */
    834		if (mdc800->in_count == 8)
    835		{
    836			int answersize;
    837
    838			if (mdc800_usb_waitForIRQ (0,TO_GET_READY))
    839			{
    840				dev_err(&mdc800->dev->dev,
    841					"Camera didn't get ready.\n");
    842				mutex_unlock(&mdc800->io_lock);
    843				return -EIO;
    844			}
    845
    846			answersize=mdc800_getAnswerSize (mdc800->in[1]);
    847
    848			mdc800->state=WORKING;
    849			memcpy (mdc800->write_urb->transfer_buffer, mdc800->in,8);
    850			mdc800->write_urb->dev = mdc800->dev;
    851			retval = usb_submit_urb (mdc800->write_urb, GFP_KERNEL);
    852			if (retval) {
    853				dev_err(&mdc800->dev->dev,
    854					"submitting write urb fails "
    855					"(retval=%i)\n", retval);
    856				mutex_unlock(&mdc800->io_lock);
    857				return -EIO;
    858			}
    859			wait_event_timeout(mdc800->write_wait, mdc800->written,
    860					msecs_to_jiffies(TO_WRITE_GET_READY));
    861			mdc800->written = 0;
    862			if (mdc800->state == WORKING)
    863			{
    864				usb_kill_urb(mdc800->write_urb);
    865				mutex_unlock(&mdc800->io_lock);
    866				return -EIO;
    867			}
    868
    869			switch ((unsigned char) mdc800->in[1])
    870			{
    871				case 0x05: /* Download Image */
    872				case 0x3e: /* Take shot in Fine Mode (WCam Mode) */
    873					if (mdc800->pic_len < 0)
    874					{
    875						dev_err(&mdc800->dev->dev,
    876							"call 0x07 before "
    877							"0x05,0x3e\n");
    878						mdc800->state=READY;
    879						mutex_unlock(&mdc800->io_lock);
    880						return -EIO;
    881					}
    882					mdc800->pic_len=-1;
    883					fallthrough;
    884
    885				case 0x09: /* Download Thumbnail */
    886					mdc800->download_left=answersize+64;
    887					mdc800->state=DOWNLOAD;
    888					mdc800_usb_waitForIRQ (0,TO_DOWNLOAD_GET_BUSY);
    889					break;
    890
    891
    892				default:
    893					if (answersize)
    894					{
    895
    896						if (mdc800_usb_waitForIRQ (1,TO_READ_FROM_IRQ))
    897						{
    898							dev_err(&mdc800->dev->dev, "requesting answer from irq fails\n");
    899							mutex_unlock(&mdc800->io_lock);
    900							return -EIO;
    901						}
    902
    903						/* Write dummy data, (this is ugly but part of the USB Protocol */
    904						/* if you use endpoint 1 as bulk and not as irq) */
    905						memcpy (mdc800->out, mdc800->camera_response,8);
    906
    907						/* This is the interpreted answer */
    908						memcpy (&mdc800->out[8], mdc800->camera_response,8);
    909
    910						mdc800->out_ptr=0;
    911						mdc800->out_count=16;
    912
    913						/* Cache the Imagesize, if command was getImageSize */
    914						if (mdc800->in [1] == (char) 0x07)
    915						{
    916							mdc800->pic_len=(int) 65536*(unsigned char) mdc800->camera_response[0]+256*(unsigned char) mdc800->camera_response[1]+(unsigned char) mdc800->camera_response[2];
    917
    918							dev_dbg(&mdc800->dev->dev, "cached imagesize = %i\n", mdc800->pic_len);
    919						}
    920
    921					}
    922					else
    923					{
    924						if (mdc800_usb_waitForIRQ (0,TO_DEFAULT_COMMAND))
    925						{
    926							dev_err(&mdc800->dev->dev, "Command Timeout.\n");
    927							mutex_unlock(&mdc800->io_lock);
    928							return -EIO;
    929						}
    930					}
    931					mdc800->state=READY;
    932					break;
    933			}
    934		}
    935		i++;
    936	}
    937	mutex_unlock(&mdc800->io_lock);
    938	return i;
    939}
    940
    941
    942/***************************************************************************
    943	Init and Cleanup this driver (Structs and types)
    944****************************************************************************/
    945
    946/* File Operations of this drivers */
    947static const struct file_operations mdc800_device_ops =
    948{
    949	.owner =	THIS_MODULE,
    950	.read =		mdc800_device_read,
    951	.write =	mdc800_device_write,
    952	.open =		mdc800_device_open,
    953	.release =	mdc800_device_release,
    954	.llseek =	noop_llseek,
    955};
    956
    957
    958
    959static const struct usb_device_id mdc800_table[] = {
    960	{ USB_DEVICE(MDC800_VENDOR_ID, MDC800_PRODUCT_ID) },
    961	{ }						/* Terminating entry */
    962};
    963
    964MODULE_DEVICE_TABLE (usb, mdc800_table);
    965/*
    966 * USB Driver Struct for this device
    967 */
    968static struct usb_driver mdc800_usb_driver =
    969{
    970	.name =		"mdc800",
    971	.probe =	mdc800_usb_probe,
    972	.disconnect =	mdc800_usb_disconnect,
    973	.id_table =	mdc800_table
    974};
    975
    976
    977
    978/************************************************************************
    979	Init and Cleanup this driver (Main Functions)
    980*************************************************************************/
    981
    982static int __init usb_mdc800_init (void)
    983{
    984	int retval = -ENODEV;
    985	/* Allocate Memory */
    986	mdc800=kzalloc (sizeof (struct mdc800_data), GFP_KERNEL);
    987	if (!mdc800)
    988		goto cleanup_on_fail;
    989
    990	mdc800->dev = NULL;
    991	mdc800->state=NOT_CONNECTED;
    992	mutex_init (&mdc800->io_lock);
    993
    994	init_waitqueue_head (&mdc800->irq_wait);
    995	init_waitqueue_head (&mdc800->write_wait);
    996	init_waitqueue_head (&mdc800->download_wait);
    997
    998	mdc800->irq_woken = 0;
    999	mdc800->downloaded = 0;
   1000	mdc800->written = 0;
   1001
   1002	mdc800->irq_urb_buffer=kmalloc (8, GFP_KERNEL);
   1003	if (!mdc800->irq_urb_buffer)
   1004		goto cleanup_on_fail;
   1005	mdc800->write_urb_buffer=kmalloc (8, GFP_KERNEL);
   1006	if (!mdc800->write_urb_buffer)
   1007		goto cleanup_on_fail;
   1008	mdc800->download_urb_buffer=kmalloc (64, GFP_KERNEL);
   1009	if (!mdc800->download_urb_buffer)
   1010		goto cleanup_on_fail;
   1011
   1012	mdc800->irq_urb=usb_alloc_urb (0, GFP_KERNEL);
   1013	if (!mdc800->irq_urb)
   1014		goto cleanup_on_fail;
   1015	mdc800->download_urb=usb_alloc_urb (0, GFP_KERNEL);
   1016	if (!mdc800->download_urb)
   1017		goto cleanup_on_fail;
   1018	mdc800->write_urb=usb_alloc_urb (0, GFP_KERNEL);
   1019	if (!mdc800->write_urb)
   1020		goto cleanup_on_fail;
   1021
   1022	/* Register the driver */
   1023	retval = usb_register(&mdc800_usb_driver);
   1024	if (retval)
   1025		goto cleanup_on_fail;
   1026
   1027	printk(KERN_INFO KBUILD_MODNAME ": " DRIVER_VERSION ":"
   1028	       DRIVER_DESC "\n");
   1029
   1030	return 0;
   1031
   1032	/* Clean driver up, when something fails */
   1033
   1034cleanup_on_fail:
   1035
   1036	if (mdc800 != NULL)
   1037	{
   1038		printk(KERN_ERR "mdc800: can't alloc memory!\n");
   1039
   1040		kfree(mdc800->download_urb_buffer);
   1041		kfree(mdc800->write_urb_buffer);
   1042		kfree(mdc800->irq_urb_buffer);
   1043
   1044		usb_free_urb(mdc800->write_urb);
   1045		usb_free_urb(mdc800->download_urb);
   1046		usb_free_urb(mdc800->irq_urb);
   1047
   1048		kfree (mdc800);
   1049	}
   1050	mdc800 = NULL;
   1051	return retval;
   1052}
   1053
   1054
   1055static void __exit usb_mdc800_cleanup (void)
   1056{
   1057	usb_deregister (&mdc800_usb_driver);
   1058
   1059	usb_free_urb (mdc800->irq_urb);
   1060	usb_free_urb (mdc800->download_urb);
   1061	usb_free_urb (mdc800->write_urb);
   1062
   1063	kfree (mdc800->irq_urb_buffer);
   1064	kfree (mdc800->write_urb_buffer);
   1065	kfree (mdc800->download_urb_buffer);
   1066
   1067	kfree (mdc800);
   1068	mdc800 = NULL;
   1069}
   1070
   1071module_init (usb_mdc800_init);
   1072module_exit (usb_mdc800_cleanup);
   1073
   1074MODULE_AUTHOR( DRIVER_AUTHOR );
   1075MODULE_DESCRIPTION( DRIVER_DESC );
   1076MODULE_LICENSE("GPL");
   1077