ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 928

User:	Jiri Slaby
Error type:	Leaving function in locked state
Error type description:	Some lock is not unlocked on all paths of a function, so it is leaked
File location:	drivers/usb/image/mdc800.c
Line in file:	502
Project:	Linux Kernel
Project version:	2.6.28
Confirmation:	Fixed by 909b6c3fc20ea772dc63a03986d74148fcbb1a1d
Tools:	Stanse (1.2)
Entered:	2012-03-02 21:35:17 UTC
Source:

   1/*
   2 * copyright (C) 1999/2000 by Henning Zabel <henning@uni-paderborn.de>
   3 *
   4 * This program is free software; you can redistribute it and/or modify it
   5 * under the terms of the GNU General Public License as published by the
   6 * Free Software Foundation; either version 2 of the License, or (at your
   7 * option) any later version.
   8 *
   9 * This program is distributed in the hope that it will be useful, but
  10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  11 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12 * for more details.
  13 *
  14 * You should have received a copy of the GNU General Public License
  15 * along with this program; if not, write to the Free Software Foundation,
  16 * Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  17 */
  18
  19
  20/*
  21 *        USB-Kernel Driver for the Mustek MDC800 Digital Camera
  22 *        (c) 1999/2000 Henning Zabel <henning@uni-paderborn.de>
  23 *
  24 *
  25 * The driver brings the USB functions of the MDC800 to Linux.
  26 * To use the Camera you must support the USB Protocol of the camera
  27 * to the Kernel Node.
  28 * The Driver uses a misc device Node. Create it with :
  29 * mknod /dev/mustek c 180 32
  30 *
  31 * The driver supports only one camera.
  32 * 
  33 * Fix: mdc800 used sleep_on and slept with io_lock held.
  34 * Converted sleep_on to waitqueues with schedule_timeout and made io_lock
  35 * a semaphore from a spinlock.
  36 * by Oliver Neukum <oliver@neukum.name>
  37 * (02/12/2001)
  38 * 
  39 * Identify version on module load.
  40 * (08/04/2001) gb
  41 *
  42 * version 0.7.5
  43 * Fixed potential SMP races with Spinlocks.
  44 * Thanks to Oliver Neukum <oliver@neukum.name> who 
  45 * noticed the race conditions.
  46 * (30/10/2000)
  47 *
  48 * Fixed: Setting urb->dev before submitting urb.
  49 * by Greg KH <greg@kroah.com>
  50 * (13/10/2000)
  51 *
  52 * version 0.7.3
  53 * bugfix : The mdc800->state field gets set to READY after the
  54 * the diconnect function sets it to NOT_CONNECTED. This makes the
  55 * driver running like the camera is connected and causes some
  56 * hang ups.
  57 *
  58 * version 0.7.1
  59 * MOD_INC and MOD_DEC are changed in usb_probe to prevent load/unload
  60 * problems when compiled as Module.
  61 * (04/04/2000)
  62 *
  63 * The mdc800 driver gets assigned the USB Minor 32-47. The Registration
  64 * was updated to use these values.
  65 * (26/03/2000)
  66 *
  67 * The Init und Exit Module Function are updated.
  68 * (01/03/2000)
  69 *
  70 * version 0.7.0
  71 * Rewrite of the driver : The driver now uses URB's. The old stuff
  72 * has been removed.
  73 *
  74 * version 0.6.0
  75 * Rewrite of this driver: The Emulation of the rs232 protocoll
  76 * has been removed from the driver. A special executeCommand function
  77 * for this driver is included to gphoto.
  78 * The driver supports two kind of communication to bulk endpoints.
  79 * Either with the dev->bus->ops->bulk... or with callback function.
  80 * (09/11/1999)
  81 *
  82 * version 0.5.0:
  83 * first Version that gets a version number. Most of the needed
  84 * functions work.
  85 * (20/10/1999)
  86 */
  87
  88#include <linux/sched.h>
  89#include <linux/signal.h>
  90#include <linux/spinlock.h>
  91#include <linux/errno.h>
  92#include <linux/random.h>
  93#include <linux/poll.h>
  94#include <linux/init.h>
  95#include <linux/slab.h>
  96#include <linux/module.h>
  97#include <linux/wait.h>
  98#include <linux/mutex.h>
  99
 100#include <linux/usb.h>
 101#include <linux/fs.h>
 102
 103/*
 104 * Version Information
 105 */
 106#define DRIVER_VERSION "v0.7.5 (30/10/2000)"
 107#define DRIVER_AUTHOR "Henning Zabel <henning@uni-paderborn.de>"
 108#define DRIVER_DESC "USB Driver for Mustek MDC800 Digital Camera"
 109
 110/* Vendor and Product Information */
 111#define MDC800_VENDOR_ID         0x055f
 112#define MDC800_PRODUCT_ID        0xa800
 113
 114/* Timeouts (msec) */
 115#define TO_DOWNLOAD_GET_READY                1500
 116#define TO_DOWNLOAD_GET_BUSY                1500
 117#define TO_WRITE_GET_READY                1000
 118#define TO_DEFAULT_COMMAND                5000
 119#define TO_READ_FROM_IRQ                 TO_DEFAULT_COMMAND
 120#define TO_GET_READY                        TO_DEFAULT_COMMAND
 121
 122/* Minor Number of the device (create with mknod /dev/mustek c 180 32) */
 123#define MDC800_DEVICE_MINOR_BASE 32
 124
 125
 126/**************************************************************************
 127        Data and structs
 128***************************************************************************/
 129
 130
 131typedef enum {
 132        NOT_CONNECTED, READY, WORKING, DOWNLOAD
 133} mdc800_state;
 134
 135
 136/* Data for the driver */
 137struct mdc800_data
 138{
 139        struct usb_device *        dev;                        // Device Data
 140        mdc800_state                 state;
 141
 142        unsigned int                endpoint [4];
 143
 144        struct urb *                irq_urb;
 145        wait_queue_head_t        irq_wait;
 146        int                        irq_woken;
 147        char*                        irq_urb_buffer;
 148
 149        int                        camera_busy;          // is camera busy ?
 150        int                         camera_request_ready; // Status to synchronize with irq
 151        char                         camera_response [8];  // last Bytes send after busy
 152
 153        struct urb *                   write_urb;
 154        char*                        write_urb_buffer;
 155        wait_queue_head_t        write_wait;
 156        int                        written;
 157
 158
 159        struct urb *                   download_urb;
 160        char*                        download_urb_buffer;
 161        wait_queue_head_t        download_wait;
 162        int                        downloaded;
 163        int                        download_left;                // Bytes left to download ?
 164
 165
 166        /* Device Data */
 167        char                        out [64];        // Answer Buffer
 168        int                         out_ptr;        // Index to the first not readen byte
 169        int                        out_count;        // Bytes in the buffer
 170
 171        int                        open;                // Camera device open ?
 172        struct mutex                io_lock;        // IO -lock
 173
 174        char                         in [8];                // Command Input Buffer
 175        int                          in_count;
 176
 177        int                        pic_index;        // Cache for the Imagesize (-1 for nothing cached )
 178        int                        pic_len;
 179        int                        minor;
 180};
 181
 182
 183/* Specification of the Endpoints */
 184static struct usb_endpoint_descriptor mdc800_ed [4] =
 185{
 186        { 
 187                .bLength =                 0,
 188                .bDescriptorType =        0,
 189                .bEndpointAddress =        0x01,
 190                .bmAttributes =         0x02,
 191                .wMaxPacketSize =        __constant_cpu_to_le16(8),
 192                .bInterval =                 0,
 193                .bRefresh =                 0,
 194                .bSynchAddress =         0,
 195        },
 196        {
 197                .bLength =                 0,
 198                .bDescriptorType =         0,
 199                .bEndpointAddress =         0x82,
 200                .bmAttributes =         0x03,
 201                .wMaxPacketSize =         __constant_cpu_to_le16(8),
 202                .bInterval =                 0,
 203                .bRefresh =                 0,
 204                .bSynchAddress =         0,
 205        },
 206        {
 207                .bLength =                 0,
 208                .bDescriptorType =         0,
 209                .bEndpointAddress =         0x03,
 210                .bmAttributes =         0x02,
 211                .wMaxPacketSize =         __constant_cpu_to_le16(64),
 212                .bInterval =                 0,
 213                .bRefresh =                 0,
 214                .bSynchAddress =         0,
 215        },
 216        {
 217                .bLength =                 0,
 218                .bDescriptorType =         0,
 219                .bEndpointAddress =         0x84,
 220                .bmAttributes =         0x02,
 221                .wMaxPacketSize =         __constant_cpu_to_le16(64),
 222                .bInterval =                 0,
 223                .bRefresh =                 0,
 224                .bSynchAddress =         0,
 225        },
 226};
 227
 228/* The Variable used by the driver */
 229static struct mdc800_data* mdc800;
 230
 231
 232/***************************************************************************
 233        The USB Part of the driver
 234****************************************************************************/
 235
 236static int mdc800_endpoint_equals (struct usb_endpoint_descriptor *a,struct usb_endpoint_descriptor *b)
 237{
 238        return (
 239                   ( a->bEndpointAddress == b->bEndpointAddress )
 240                && ( a->bmAttributes     == b->bmAttributes     )
 241                && ( a->wMaxPacketSize   == b->wMaxPacketSize   )
 242        );
 243}
 244
 245
 246/*
 247 * Checks whether the camera responds busy
 248 */
 249static int mdc800_isBusy (char* ch)
 250{
 251        int i=0;
 252        while (i<8)
 253        {
 254                if (ch [i] != (char)0x99)
 255                        return 0;
 256                i++;
 257        }
 258        return 1;
 259}
 260
 261
 262/*
 263 * Checks whether the Camera is ready
 264 */
 265static int mdc800_isReady (char *ch)
 266{
 267        int i=0;
 268        while (i<8)
 269        {
 270                if (ch [i] != (char)0xbb)
 271                        return 0;
 272                i++;
 273        }
 274        return 1;
 275}
 276
 277
 278
 279/*
 280 * USB IRQ Handler for InputLine
 281 */
 282static void mdc800_usb_irq (struct urb *urb)
 283{
 284        int data_received=0, wake_up;
 285        unsigned char* b=urb->transfer_buffer;
 286        struct mdc800_data* mdc800=urb->context;
 287        int status = urb->status;
 288
 289        if (status >= 0) {
 290
 291                //dbg ("%i %i %i %i %i %i %i %i \n",b[0],b[1],b[2],b[3],b[4],b[5],b[6],b[7]);
 292
 293                if (mdc800_isBusy (b))
 294                {
 295                        if (!mdc800->camera_busy)
 296                        {
 297                                mdc800->camera_busy=1;
 298                                dbg ("gets busy");
 299                        }
 300                }
 301                else
 302                {
 303                        if (mdc800->camera_busy && mdc800_isReady (b))
 304                        {
 305                                mdc800->camera_busy=0;
 306                                dbg ("gets ready");
 307                        }
 308                }
 309                if (!(mdc800_isBusy (b) || mdc800_isReady (b)))
 310                {
 311                        /* Store Data in camera_answer field */
 312                        dbg ("%i %i %i %i %i %i %i %i ",b[0],b[1],b[2],b[3],b[4],b[5],b[6],b[7]);
 313
 314                        memcpy (mdc800->camera_response,b,8);
 315                        data_received=1;
 316                }
 317        }
 318        wake_up= ( mdc800->camera_request_ready > 0 )
 319                &&
 320                (
 321                        ((mdc800->camera_request_ready == 1) && (!mdc800->camera_busy))
 322                ||
 323                        ((mdc800->camera_request_ready == 2) && data_received)
 324                ||
 325                        ((mdc800->camera_request_ready == 3) && (mdc800->camera_busy))
 326                ||
 327                        (status < 0)
 328                );
 329
 330        if (wake_up)
 331        {
 332                mdc800->camera_request_ready=0;
 333                mdc800->irq_woken=1;
 334                wake_up (&mdc800->irq_wait);
 335        }
 336}
 337
 338
 339/*
 340 * Waits a while until the irq responds that camera is ready
 341 *
 342 *  mode : 0: Wait for camera gets ready
 343 *         1: Wait for receiving data
 344 *         2: Wait for camera gets busy
 345 *
 346 * msec: Time to wait
 347 */
 348static int mdc800_usb_waitForIRQ (int mode, int msec)
 349{
 350        mdc800->camera_request_ready=1+mode;
 351
 352        wait_event_timeout(mdc800->irq_wait, mdc800->irq_woken, msec*HZ/1000);
 353        mdc800->irq_woken = 0;
 354
 355        if (mdc800->camera_request_ready>0)
 356        {
 357                mdc800->camera_request_ready=0;
 358                dev_err(&mdc800->dev->dev, "timeout waiting for camera.\n");
 359                return -1;
 360        }
 361        
 362        if (mdc800->state == NOT_CONNECTED)
 363        {
 364                printk(KERN_WARNING "mdc800: Camera gets disconnected "
 365                       "during waiting for irq.\n");
 366                mdc800->camera_request_ready=0;
 367                return -2;
 368        }
 369        
 370        return 0;
 371}
 372
 373
 374/*
 375 * The write_urb callback function
 376 */
 377static void mdc800_usb_write_notify (struct urb *urb)
 378{
 379        struct mdc800_data* mdc800=urb->context;
 380        int status = urb->status;
 381
 382        if (status != 0)
 383                dev_err(&mdc800->dev->dev,
 384                        "writing command fails (status=%i)\n", status);
 385        else
 386                mdc800->state=READY;
 387        mdc800->written = 1;
 388        wake_up (&mdc800->write_wait);
 389}
 390
 391
 392/*
 393 * The download_urb callback function
 394 */
 395static void mdc800_usb_download_notify (struct urb *urb)
 396{
 397        struct mdc800_data* mdc800=urb->context;
 398        int status = urb->status;
 399
 400        if (status == 0) {
 401                /* Fill output buffer with these data */
 402                memcpy (mdc800->out,  urb->transfer_buffer, 64);
 403                mdc800->out_count=64;
 404                mdc800->out_ptr=0;
 405                mdc800->download_left-=64;
 406                if (mdc800->download_left == 0)
 407                {
 408                        mdc800->state=READY;
 409                }
 410        } else {
 411                dev_err(&mdc800->dev->dev,
 412                        "request bytes fails (status:%i)\n", status);
 413        }
 414        mdc800->downloaded = 1;
 415        wake_up (&mdc800->download_wait);
 416}
 417
 418
 419/***************************************************************************
 420        Probing for the Camera
 421 ***************************************************************************/
 422
 423static struct usb_driver mdc800_usb_driver;
 424static const struct file_operations mdc800_device_ops;
 425static struct usb_class_driver mdc800_class = {
 426        .name =                "mdc800%d",
 427        .fops =                &mdc800_device_ops,
 428        .minor_base =        MDC800_DEVICE_MINOR_BASE,
 429};
 430
 431
 432/*
 433 * Callback to search the Mustek MDC800 on the USB Bus
 434 */
 435static int mdc800_usb_probe (struct usb_interface *intf,
 436                               const struct usb_device_id *id)
 437{
 438        int i,j;
 439        struct usb_host_interface *intf_desc;
 440        struct usb_device *dev = interface_to_usbdev (intf);
 441        int irq_interval=0;
 442        int retval;
 443
 444        dbg ("(mdc800_usb_probe) called.");
 445
 446
 447        if (mdc800->dev != NULL)
 448        {
 449                dev_warn(&intf->dev, "only one Mustek MDC800 is supported.\n");
 450                return -ENODEV;
 451        }
 452
 453        if (dev->descriptor.bNumConfigurations != 1)
 454        {
 455                dev_err(&intf->dev,
 456                        "probe fails -> wrong Number of Configuration\n");
 457                return -ENODEV;
 458        }
 459        intf_desc = intf->cur_altsetting;
 460
 461        if (
 462                        ( intf_desc->desc.bInterfaceClass != 0xff )
 463                ||        ( intf_desc->desc.bInterfaceSubClass != 0 )
 464                || ( intf_desc->desc.bInterfaceProtocol != 0 )
 465                || ( intf_desc->desc.bNumEndpoints != 4)
 466        )
 467        {
 468                dev_err(&intf->dev, "probe fails -> wrong Interface\n");
 469                return -ENODEV;
 470        }
 471
 472        /* Check the Endpoints */
 473        for (i=0; i<4; i++)
 474        {
 475                mdc800->endpoint[i]=-1;
 476                for (j=0; j<4; j++)
 477                {
 478                        if (mdc800_endpoint_equals (&intf_desc->endpoint [j].desc,&mdc800_ed [i]))
 479                        {
 480                                mdc800->endpoint[i]=intf_desc->endpoint [j].desc.bEndpointAddress ;
 481                                if (i==1)
 482                                {
 483                                        irq_interval=intf_desc->endpoint [j].desc.bInterval;
 484                                }
 485                        }
 486                }
 487                if (mdc800->endpoint[i] == -1)
 488                {
 489                        dev_err(&intf->dev, "probe fails -> Wrong Endpoints.\n");
 490                        return -ENODEV;
 491                }
 492        }
 493
 494
 495        dev_info(&intf->dev, "Found Mustek MDC800 on USB.\n");
 496
 497        mutex_lock(&mdc800->io_lock);
 498
 499        retval = usb_register_dev(intf, &mdc800_class);
 500        if (retval) {
 501                dev_err(&intf->dev, "Not able to get a minor for this device.\n");
 502                return -ENODEV;
 503        }
 504
 505        mdc800->dev=dev;
 506        mdc800->open=0;
 507
 508        /* Setup URB Structs */
 509        usb_fill_int_urb (
 510                mdc800->irq_urb,
 511                mdc800->dev,
 512                usb_rcvintpipe (mdc800->dev,mdc800->endpoint [1]),
 513                mdc800->irq_urb_buffer,
 514                8,
 515                mdc800_usb_irq,
 516                mdc800,
 517                irq_interval
 518        );
 519
 520        usb_fill_bulk_urb (
 521                mdc800->write_urb,
 522                mdc800->dev,
 523                usb_sndbulkpipe (mdc800->dev, mdc800->endpoint[0]),
 524                mdc800->write_urb_buffer,
 525                8,
 526                mdc800_usb_write_notify,
 527                mdc800
 528        );
 529
 530        usb_fill_bulk_urb (
 531                mdc800->download_urb,
 532                mdc800->dev,
 533                usb_rcvbulkpipe (mdc800->dev, mdc800->endpoint [3]),
 534                mdc800->download_urb_buffer,
 535                64,
 536                mdc800_usb_download_notify,
 537                mdc800
 538        );
 539
 540        mdc800->state=READY;
 541
 542        mutex_unlock(&mdc800->io_lock);
 543        
 544        usb_set_intfdata(intf, mdc800);
 545        return 0;
 546}
 547
 548
 549/*
 550 * Disconnect USB device (maybe the MDC800)
 551 */
 552static void mdc800_usb_disconnect (struct usb_interface *intf)
 553{
 554        struct mdc800_data* mdc800 = usb_get_intfdata(intf);
 555
 556        dbg ("(mdc800_usb_disconnect) called");
 557
 558        if (mdc800) {
 559                if (mdc800->state == NOT_CONNECTED)
 560                        return;
 561
 562                usb_deregister_dev(intf, &mdc800_class);
 563
 564                /* must be under lock to make sure no URB
 565                   is submitted after usb_kill_urb() */
 566                mutex_lock(&mdc800->io_lock);
 567                mdc800->state=NOT_CONNECTED;
 568
 569                usb_kill_urb(mdc800->irq_urb);
 570                usb_kill_urb(mdc800->write_urb);
 571                usb_kill_urb(mdc800->download_urb);
 572                mutex_unlock(&mdc800->io_lock);
 573
 574                mdc800->dev = NULL;
 575                usb_set_intfdata(intf, NULL);
 576        }
 577        dev_info(&intf->dev, "Mustek MDC800 disconnected from USB.\n");
 578}
 579
 580
 581/***************************************************************************
 582        The Misc device Part (file_operations)
 583****************************************************************************/
 584
 585/*
 586 * This Function calc the Answersize for a command.
 587 */
 588static int mdc800_getAnswerSize (char command)
 589{
 590        switch ((unsigned char) command)
 591        {
 592                case 0x2a:
 593                case 0x49:
 594                case 0x51:
 595                case 0x0d:
 596                case 0x20:
 597                case 0x07:
 598                case 0x01:
 599                case 0x25:
 600                case 0x00:
 601                        return 8;
 602
 603                case 0x05:
 604                case 0x3e:
 605                        return mdc800->pic_len;
 606
 607                case 0x09:
 608                        return 4096;
 609
 610                default:
 611                        return 0;
 612        }
 613}
 614
 615
 616/*
 617 * Init the device: (1) alloc mem (2) Increase MOD Count ..
 618 */
 619static int mdc800_device_open (struct inode* inode, struct file *file)
 620{
 621        int retval=0;
 622        int errn=0;
 623
 624        mutex_lock(&mdc800->io_lock);
 625        
 626        if (mdc800->state == NOT_CONNECTED)
 627        {
 628                errn=-EBUSY;
 629                goto error_out;
 630        }
 631        if (mdc800->open)
 632        {
 633                errn=-EBUSY;
 634                goto error_out;
 635        }
 636
 637        mdc800->in_count=0;
 638        mdc800->out_count=0;
 639        mdc800->out_ptr=0;
 640        mdc800->pic_index=0;
 641        mdc800->pic_len=-1;
 642        mdc800->download_left=0;
 643
 644        mdc800->camera_busy=0;
 645        mdc800->camera_request_ready=0;
 646
 647        retval=0;
 648        mdc800->irq_urb->dev = mdc800->dev;
 649        retval = usb_submit_urb (mdc800->irq_urb, GFP_KERNEL);
 650        if (retval) {
 651                dev_err(&mdc800->dev->dev,
 652                        "request USB irq fails (submit_retval=%i).\n", retval);
 653                errn = -EIO;
 654                goto error_out;
 655        }
 656
 657        mdc800->open=1;
 658        dbg ("Mustek MDC800 device opened.");
 659
 660error_out:
 661        mutex_unlock(&mdc800->io_lock);
 662        return errn;
 663}
 664
 665
 666/*
 667 * Close the Camera and release Memory
 668 */
 669static int mdc800_device_release (struct inode* inode, struct file *file)
 670{
 671        int retval=0;
 672        dbg ("Mustek MDC800 device closed.");
 673
 674        mutex_lock(&mdc800->io_lock);
 675        if (mdc800->open && (mdc800->state != NOT_CONNECTED))
 676        {
 677                usb_kill_urb(mdc800->irq_urb);
 678                usb_kill_urb(mdc800->write_urb);
 679                usb_kill_urb(mdc800->download_urb);
 680                mdc800->open=0;
 681        }
 682        else
 683        {
 684                retval=-EIO;
 685        }
 686
 687        mutex_unlock(&mdc800->io_lock);
 688        return retval;
 689}
 690
 691
 692/*
 693 * The Device read callback Function
 694 */
 695static ssize_t mdc800_device_read (struct file *file, char __user *buf, size_t len, loff_t *pos)
 696{
 697        size_t left=len, sts=len; /* single transfer size */
 698        char __user *ptr = buf;
 699        int retval;
 700
 701        mutex_lock(&mdc800->io_lock);
 702        if (mdc800->state == NOT_CONNECTED)
 703        {
 704                mutex_unlock(&mdc800->io_lock);
 705                return -EBUSY;
 706        }
 707        if (mdc800->state == WORKING)
 708        {
 709                printk(KERN_WARNING "mdc800: Illegal State \"working\""
 710                       "reached during read ?!\n");
 711                mutex_unlock(&mdc800->io_lock);
 712                return -EBUSY;
 713        }
 714        if (!mdc800->open)
 715        {
 716                mutex_unlock(&mdc800->io_lock);
 717                return -EBUSY;
 718        }
 719
 720        while (left)
 721        {
 722                if (signal_pending (current)) 
 723                {
 724                        mutex_unlock(&mdc800->io_lock);
 725                        return -EINTR;
 726                }
 727
 728                sts=left > (mdc800->out_count-mdc800->out_ptr)?mdc800->out_count-mdc800->out_ptr:left;
 729
 730                if (sts <= 0)
 731                {
 732                        /* Too less Data in buffer */
 733                        if (mdc800->state == DOWNLOAD)
 734                        {
 735                                mdc800->out_count=0;
 736                                mdc800->out_ptr=0;
 737
 738                                /* Download -> Request new bytes */
 739                                mdc800->download_urb->dev = mdc800->dev;
 740                                retval = usb_submit_urb (mdc800->download_urb, GFP_KERNEL);
 741                                if (retval) {
 742                                        dev_err(&mdc800->dev->dev,
 743                                                "Can't submit download urb "
 744                                                "(retval=%i)\n", retval);
 745                                        mutex_unlock(&mdc800->io_lock);
 746                                        return len-left;
 747                                }
 748                                wait_event_timeout(mdc800->download_wait, mdc800->downloaded,
 749                                                                                TO_DOWNLOAD_GET_READY*HZ/1000);
 750                                mdc800->downloaded = 0;
 751                                if (mdc800->download_urb->status != 0)
 752                                {
 753                                        dev_err(&mdc800->dev->dev,
 754                                                "request download-bytes fails "
 755                                                "(status=%i)\n",
 756                                                mdc800->download_urb->status);
 757                                        mutex_unlock(&mdc800->io_lock);
 758                                        return len-left;
 759                                }
 760                        }
 761                        else
 762                        {
 763                                /* No more bytes -> that's an error*/
 764                                mutex_unlock(&mdc800->io_lock);
 765                                return -EIO;
 766                        }
 767                }
 768                else
 769                {
 770                        /* Copy Bytes */
 771                        if (copy_to_user(ptr, &mdc800->out [mdc800->out_ptr],
 772                                                sts)) {
 773                                mutex_unlock(&mdc800->io_lock);
 774                                return -EFAULT;
 775                        }
 776                        ptr+=sts;
 777                        left-=sts;
 778                        mdc800->out_ptr+=sts;
 779                }
 780        }
 781
 782        mutex_unlock(&mdc800->io_lock);
 783        return len-left;
 784}
 785
 786
 787/*
 788 * The Device write callback Function
 789 * If a 8Byte Command is received, it will be send to the camera.
 790 * After this the driver initiates the request for the answer or
 791 * just waits until the camera becomes ready.
 792 */
 793static ssize_t mdc800_device_write (struct file *file, const char __user *buf, size_t len, loff_t *pos)
 794{
 795        size_t i=0;
 796        int retval;
 797
 798        mutex_lock(&mdc800->io_lock);
 799        if (mdc800->state != READY)
 800        {
 801                mutex_unlock(&mdc800->io_lock);
 802                return -EBUSY;
 803        }
 804        if (!mdc800->open )
 805        {
 806                mutex_unlock(&mdc800->io_lock);
 807                return -EBUSY;
 808        }
 809
 810        while (i<len)
 811        {
 812                unsigned char c;
 813                if (signal_pending (current)) 
 814                {
 815                        mutex_unlock(&mdc800->io_lock);
 816                        return -EINTR;
 817                }
 818                
 819                if(get_user(c, buf+i))
 820                {
 821                        mutex_unlock(&mdc800->io_lock);
 822                        return -EFAULT;
 823                }
 824
 825                /* check for command start */
 826                if (c == 0x55)
 827                {
 828                        mdc800->in_count=0;
 829                        mdc800->out_count=0;
 830                        mdc800->out_ptr=0;
 831                        mdc800->download_left=0;
 832                }
 833
 834                /* save command byte */
 835                if (mdc800->in_count < 8)
 836                {
 837                        mdc800->in[mdc800->in_count] = c;
 838                        mdc800->in_count++;
 839                }
 840                else
 841                {
 842                        mutex_unlock(&mdc800->io_lock);
 843                        return -EIO;
 844                }
 845
 846                /* Command Buffer full ? -> send it to camera */
 847                if (mdc800->in_count == 8)
 848                {
 849                        int answersize;
 850
 851                        if (mdc800_usb_waitForIRQ (0,TO_GET_READY))
 852                        {
 853                                dev_err(&mdc800->dev->dev,
 854                                        "Camera didn't get ready.\n");
 855                                mutex_unlock(&mdc800->io_lock);
 856                                return -EIO;
 857                        }
 858
 859                        answersize=mdc800_getAnswerSize (mdc800->in[1]);
 860
 861                        mdc800->state=WORKING;
 862                        memcpy (mdc800->write_urb->transfer_buffer, mdc800->in,8);
 863                        mdc800->write_urb->dev = mdc800->dev;
 864                        retval = usb_submit_urb (mdc800->write_urb, GFP_KERNEL);
 865                        if (retval) {
 866                                dev_err(&mdc800->dev->dev,
 867                                        "submitting write urb fails "
 868                                        "(retval=%i)\n", retval);
 869                                mutex_unlock(&mdc800->io_lock);
 870                                return -EIO;
 871                        }
 872                        wait_event_timeout(mdc800->write_wait, mdc800->written, TO_WRITE_GET_READY*HZ/1000);
 873                        mdc800->written = 0;
 874                        if (mdc800->state == WORKING)
 875                        {
 876                                usb_kill_urb(mdc800->write_urb);
 877                                mutex_unlock(&mdc800->io_lock);
 878                                return -EIO;
 879                        }
 880
 881                        switch ((unsigned char) mdc800->in[1])
 882                        {
 883                                case 0x05: /* Download Image */
 884                                case 0x3e: /* Take shot in Fine Mode (WCam Mode) */
 885                                        if (mdc800->pic_len < 0)
 886                                        {
 887                                                dev_err(&mdc800->dev->dev,
 888                                                        "call 0x07 before "
 889                                                        "0x05,0x3e\n");
 890                                                mdc800->state=READY;
 891                                                mutex_unlock(&mdc800->io_lock);
 892                                                return -EIO;
 893                                        }
 894                                        mdc800->pic_len=-1;
 895
 896                                case 0x09: /* Download Thumbnail */
 897                                        mdc800->download_left=answersize+64;
 898                                        mdc800->state=DOWNLOAD;
 899                                        mdc800_usb_waitForIRQ (0,TO_DOWNLOAD_GET_BUSY);
 900                                        break;
 901
 902
 903                                default:
 904                                        if (answersize)
 905                                        {
 906
 907                                                if (mdc800_usb_waitForIRQ (1,TO_READ_FROM_IRQ))
 908                                                {
 909                                                        dev_err(&mdc800->dev->dev, "requesting answer from irq fails\n");
 910                                                        mutex_unlock(&mdc800->io_lock);
 911                                                        return -EIO;
 912                                                }
 913
 914                                                /* Write dummy data, (this is ugly but part of the USB Protocol */
 915                                                /* if you use endpoint 1 as bulk and not as irq) */
 916                                                memcpy (mdc800->out, mdc800->camera_response,8);
 917
 918                                                /* This is the interpreted answer */
 919                                                memcpy (&mdc800->out[8], mdc800->camera_response,8);
 920
 921                                                mdc800->out_ptr=0;
 922                                                mdc800->out_count=16;
 923
 924                                                /* Cache the Imagesize, if command was getImageSize */
 925                                                if (mdc800->in [1] == (char) 0x07)
 926                                                {
 927                                                        mdc800->pic_len=(int) 65536*(unsigned char) mdc800->camera_response[0]+256*(unsigned char) mdc800->camera_response[1]+(unsigned char) mdc800->camera_response[2];
 928
 929                                                        dbg ("cached imagesize = %i",mdc800->pic_len);
 930                                                }
 931
 932                                        }
 933                                        else
 934                                        {
 935                                                if (mdc800_usb_waitForIRQ (0,TO_DEFAULT_COMMAND))
 936                                                {
 937                                                        dev_err(&mdc800->dev->dev, "Command Timeout.\n");
 938                                                        mutex_unlock(&mdc800->io_lock);
 939                                                        return -EIO;
 940                                                }
 941                                        }
 942                                        mdc800->state=READY;
 943                                        break;
 944                        }
 945                }
 946                i++;
 947        }
 948        mutex_unlock(&mdc800->io_lock);
 949        return i;
 950}
 951
 952
 953/***************************************************************************
 954        Init and Cleanup this driver (Structs and types)
 955****************************************************************************/
 956
 957/* File Operations of this drivers */
 958static const struct file_operations mdc800_device_ops =
 959{
 960        .owner =        THIS_MODULE,
 961        .read =                mdc800_device_read,
 962        .write =        mdc800_device_write,
 963        .open =                mdc800_device_open,
 964        .release =        mdc800_device_release,
 965};
 966
 967
 968
 969static struct usb_device_id mdc800_table [] = {
 970        { USB_DEVICE(MDC800_VENDOR_ID, MDC800_PRODUCT_ID) },
 971        { }                                                /* Terminating entry */
 972};
 973
 974MODULE_DEVICE_TABLE (usb, mdc800_table);
 975/*
 976 * USB Driver Struct for this device
 977 */
 978static struct usb_driver mdc800_usb_driver =
 979{
 980        .name =                "mdc800",
 981        .probe =        mdc800_usb_probe,
 982        .disconnect =        mdc800_usb_disconnect,
 983        .id_table =        mdc800_table
 984};
 985
 986
 987
 988/************************************************************************
 989        Init and Cleanup this driver (Main Functions)
 990*************************************************************************/
 991
 992static int __init usb_mdc800_init (void)
 993{
 994        int retval = -ENODEV;
 995        /* Allocate Memory */
 996        mdc800=kzalloc (sizeof (struct mdc800_data), GFP_KERNEL);
 997        if (!mdc800)
 998                goto cleanup_on_fail;
 999
1000        mdc800->dev = NULL;
1001        mdc800->state=NOT_CONNECTED;
1002        mutex_init (&mdc800->io_lock);
1003
1004        init_waitqueue_head (&mdc800->irq_wait);
1005        init_waitqueue_head (&mdc800->write_wait);
1006        init_waitqueue_head (&mdc800->download_wait);
1007
1008        mdc800->irq_woken = 0;
1009        mdc800->downloaded = 0;
1010        mdc800->written = 0;
1011
1012        mdc800->irq_urb_buffer=kmalloc (8, GFP_KERNEL);
1013        if (!mdc800->irq_urb_buffer)
1014                goto cleanup_on_fail;
1015        mdc800->write_urb_buffer=kmalloc (8, GFP_KERNEL);
1016        if (!mdc800->write_urb_buffer)
1017                goto cleanup_on_fail;
1018        mdc800->download_urb_buffer=kmalloc (64, GFP_KERNEL);
1019        if (!mdc800->download_urb_buffer)
1020                goto cleanup_on_fail;
1021
1022        mdc800->irq_urb=usb_alloc_urb (0, GFP_KERNEL);
1023        if (!mdc800->irq_urb)
1024                goto cleanup_on_fail;
1025        mdc800->download_urb=usb_alloc_urb (0, GFP_KERNEL);
1026        if (!mdc800->download_urb)
1027                goto cleanup_on_fail;
1028        mdc800->write_urb=usb_alloc_urb (0, GFP_KERNEL);
1029        if (!mdc800->write_urb)
1030                goto cleanup_on_fail;
1031
1032        /* Register the driver */
1033        retval = usb_register(&mdc800_usb_driver);
1034        if (retval)
1035                goto cleanup_on_fail;
1036
1037        printk(KERN_INFO KBUILD_MODNAME ": " DRIVER_VERSION ":"
1038               DRIVER_DESC "\n");
1039
1040        return 0;
1041
1042        /* Clean driver up, when something fails */
1043
1044cleanup_on_fail:
1045
1046        if (mdc800 != NULL)
1047        {
1048                printk(KERN_ERR "mdc800: can't alloc memory!\n");
1049
1050                kfree(mdc800->download_urb_buffer);
1051                kfree(mdc800->write_urb_buffer);
1052                kfree(mdc800->irq_urb_buffer);
1053
1054                usb_free_urb(mdc800->write_urb);
1055                usb_free_urb(mdc800->download_urb);
1056                usb_free_urb(mdc800->irq_urb);
1057
1058                kfree (mdc800);
1059        }
1060        mdc800 = NULL;
1061        return retval;
1062}
1063
1064
1065static void __exit usb_mdc800_cleanup (void)
1066{
1067        usb_deregister (&mdc800_usb_driver);
1068
1069        usb_free_urb (mdc800->irq_urb);
1070        usb_free_urb (mdc800->download_urb);
1071        usb_free_urb (mdc800->write_urb);
1072
1073        kfree (mdc800->irq_urb_buffer);
1074        kfree (mdc800->write_urb_buffer);
1075        kfree (mdc800->download_urb_buffer);
1076
1077        kfree (mdc800);
1078        mdc800 = NULL;
1079}
1080
1081module_init (usb_mdc800_init);
1082module_exit (usb_mdc800_cleanup);
1083
1084MODULE_AUTHOR( DRIVER_AUTHOR );
1085MODULE_DESCRIPTION( DRIVER_DESC );
1086MODULE_LICENSE("GPL");
1087