Linux设备驱动之USB hub驱动
------------------------------------------本文系本站原创,欢迎转载!转载请注明出处:http://ericxiao.cublog.cn/------------------------------------------一:前言继UHCI的驱动之后,我们对USB Control的运作有了一定的了解.在接下来的分析中,我们对USB设备的驱动做一个全面的分析,我们先从HUB的驱动说起.关于HUB,usb2.0 spec上有详细的定义,基于这部份的代码位于linux-2.6.25/drivers/usb/core下,也就是说,这部份代码是位于core下, 和具体设备是无关的,因为各厂商的hub都是按照spec的要求来设计的.二:UHCI驱动中的root hub记得在分析UHCI驱动的时候,曾详细分析过root hub的初始化操作.为了分析方便,将代码片段列出如下:usb_add_hcd() à usb_alloc_dev():struct usb_device *usb_alloc_dev(struct usb_device *parent, struct usb_bus *bus, unsigned port1){ …… …… //usb_device,内嵌有struct device结构,对这个结构进行初始化 device_initialize(&dev->dev); dev->dev.bus = &usb_bus_type; dev->dev.type = &usb_device_type; …… ……}一看到前面对dev的赋值,根据我们对设备模型的理解,一旦这个device进行注册,就会发生driver和device的匹配过程了.不过,现在还不是分析这个过程的时候,我们先来看一下,USB子系统中的两种驱动. 三:USB子系统中的两种驱动linux-2.6.25/drivers/usb/core/driver.c中,我们可以找到两种 register driver的方式,分别为usb_register_driver()和usb_register_device_driver().分别来分析一下这 两个接口. usb_register_device_driver()接口的代码如下:int usb_register_device_driver(struct usb_device_driver *new_udriver, struct module *owner){ int retval = 0; if (usb_disabled()) return -ENODEV; new_udriver->drvwrap.for_devices = 1; new_udriver->drvwrap.driver.name = (char *) new_udriver->name; new_udriver->drvwrap.driver.bus = &usb_bus_type; new_udriver->drvwrap.driver.probe = usb_probe_device; new_udriver->drvwrap.driver.remove = usb_unbind_device; new_udriver->drvwrap.driver.owner = owner; retval = driver_register(&new_udriver->drvwrap.driver); if (!retval) { pr_info("%s: registered new device driver %s\n", usbcore_name, new_udriver->name); usbfs_update_special(); } else { printk(KERN_ERR "%s: error %d registering device " " driver %s\n", usbcore_name, retval, new_udriver->name); } return retval;}首先,通过usb_disabled()来判断一下usb是否被禁用,如果被禁用,当然就不必执行下面的流程了,直接退出即可.从上面的代码,很明显可以看到, struct usb_device_driver 对struct device_driver进行了一次封装,我们注意一下这里的赋值操作:new_udriver->drvwrap.for_devices = 1.等等.这些在后面都是用派上用场的. usb_register_driver()的代码如下:int usb_register_driver(struct usb_driver *new_driver, struct module *owner, const char *mod_name){ int retval = 0; if (usb_disabled()) return -ENODEV; new_driver->drvwrap.for_devices = 0; new_driver->drvwrap.driver.name = (char *) new_driver->name; new_driver->drvwrap.driver.bus = &usb_bus_type; new_driver->drvwrap.driver.probe = usb_probe_interface; new_driver->drvwrap.driver.remove = usb_unbind_interface; new_driver->drvwrap.driver.owner = owner; new_driver->drvwrap.driver.mod_name = mod_name; spin_lock_init(&new_driver->dynids.lock); INIT_LIST_HEAD(&new_driver->dynids.list); retval = driver_register(&new_driver->drvwrap.driver); if (!retval) { pr_info("%s: registered new interface driver %s\n", usbcore_name, new_driver->name); usbfs_update_special(); usb_create_newid_file(new_driver); } else { printk(KERN_ERR "%s: error %d registering interface " " driver %s\n", usbcore_name, retval, new_driver->name); } return retval;}很明显,在这里接口里,将new_driver->drvwrap.for_devices设为了0.而且两个接口的porbe()函数也不一样.其实,对于usb_register_driver()可以看作是usb设备中的接口驱动,而usb_register_device_driver()是一个单纯的USB设备驱动. 四: hub的驱动分析4.1: usb_bus_type->match()的匹配过程usb_bus_type->match()用来判断驱动和设备是否匹配,它的代码如下:static int usb_device_match(struct device *dev, struct device_driver *drv){ /* devices and interfaces are handled separately */ //usb device的情况 if (is_usb_device(dev)) { /* interface drivers never match devices */ if (!is_usb_device_driver(drv)) return 0; /* TODO: Add real matching code */ return 1; } //interface的情况 else { struct usb_interface *intf; struct usb_driver *usb_drv; const struct usb_device_id *id; /* device drivers never match interfaces */ if (is_usb_device_driver(drv)) return 0; intf = to_usb_interface(dev); usb_drv = to_usb_driver(drv); id = usb_match_id(intf, usb_drv->id_table); if (id) return 1; id = usb_match_dynamic_id(intf, usb_drv); if (id) return 1; } return 0;}这里的match会区分上面所说的两种驱动,即设备的驱动和接口的驱动.is_usb_device()的代码如下:static inline int is_usb_device(const struct device *dev){ return dev->type == &usb_device_type;}很明显,对于root hub来说,这个判断是肯定会满足的.static inline int is_usb_device_driver(struct device_driver *drv){ return container_of(drv, struct usbdrv_wrap, driver)-> for_devices;}回忆一下,我们在分析usb_register_device_driver()的时候,不是将 new_udriver->drvwrap.for_devices置为了1么?所以对于 usb_register_device_driver()注册的驱动来说,这里也是会满足的.因此,对应root hub的情况,从第一个if就会匹配到usb_register_device_driver()注册的驱动.对于接口的驱动,我们等遇到的时候再来进行分析. 4.2:root hub的驱动入口既然我们知道,root hub会匹配到usb_bus_type->match()的驱动,那这个驱动到底是什么呢?我们从usb子系统的初始化开始说起.在linux-2.6.25/drivers/usb/core/usb.c中.有这样的一段代码:subsys_initcall(usb_init);对于subsys_initcall()我们已经不陌生了,在很多地方都会遇到它.在系统初始化的时候,会调用到它对应的函数.在这里,即为usb_init().在usb_init()中,有这样的代码片段:static int __init usb_init(void){ …… ……retval = usb_register_device_driver(&usb_generic_driver, THIS_MODULE); if (!retval) goto out; ……}在这里终于看到usb_register_device_driver()了. usb_generic_driver会匹配到所有usb 设备.定义如下:struct usb_device_driver usb_generic_driver = { .name = "usb", .probe = generic_probe, .disconnect = generic_disconnect,#ifdef CONFIG_PM .suspend = generic_suspend, .resume = generic_resume,#endif .supports_autosuspend = 1,};现在是到分析probe()的时候了.我们这里说的并不是usb_generic_driver中的probe,而是封装在struct usb_device_driver中的driver对应的probe函数.在上面的分析, usb_register_device_driver()将封装的driver的probe()函数设置为了usb_probe_device().代码如下:static int usb_probe_device(struct device *dev){ struct usb_device_driver *udriver = to_usb_device_driver(dev->driver); struct usb_device *udev; int error = -ENODEV; dev_dbg(dev, "%s\n", __FUNCTION__); //再次判断dev是否是usb device if (!is_usb_device(dev)) /* Sanity check */ return error; udev = to_usb_device(dev); /* TODO: Add real matching code */ /* The device should always appear to be in use * unless the driver suports autosuspend. */ //pm_usage_cnt: autosuspend计数.如果此计数为1,则不允许autosuspend udev->pm_usage_cnt = !(udriver->supports_autosuspend); error = udriver->probe(udev); return error;}首先,可以通过container_of()将封装的struct device, struct device_driver转换为struct usb_device和struct usb_device_driver.然后,再执行一次安全检查,判断dev是否是属于一个usb device.在这里,我们首次接触到了hub suspend.如果不支持suspend(udriver->supports_autosuspend为0),则 udev->pm_usage_cnt被设为1,也就是说,它不允许设备suspend.否则,将其初始化为0.最后,正如你所看到的,流程转入到了usb_device_driver->probe().对应到root hub,流程会转入到generic_probe().代码如下: static int generic_probe(struct usb_device *udev){ int err, c; /* put device-specific files into sysfs */ usb_create_sysfs_dev_files(udev); /* Choose and set the configuration. This registers the interfaces * with the driver core and lets interface drivers bind to them. */ if (udev->authorized == 0) dev_err(&udev->dev, "Device is not authorized for usage\n"); else { //选择和设定一个配置 c = usb_choose_configuration(udev); if (c >= 0) { err = usb_set_configuration(udev, c); if (err) { dev_err(&udev->dev, "can't set config #%d, error %d\n", c, err); /* This need not be fatal. The user can try to * set other configurations. */ } } } /* USB device state == configured ... usable */ usb_notify_add_device(udev); return 0;}usb_create_sysfs_dev_files()是在sysfs中显示几个属性文件,不进行详细分析,有兴趣的可以结合之前分析的<<linux设备模型详解>>来看下代码.usb_notify_add_device()是有关notify链表的操作,这里也不做详细分析.至于udev->authorized,在root hub的初始化中,是会将其初始化为1的.后面的逻辑就更简单了.为root hub 选择一个配置然后再设定这个配置.还记得我们在分析root hub的时候,在usb_new_device()中,会将设备的所有配置都取出来,然后将它们放到了usb_device-> config.现在这些信息终于会派上用场了.不太熟悉的,可以看下本站之前有关usb控制器驱动的文档. Usb2.0 spec上规定,对于hub设备,只能有一个config,一个interface,一个endpoint.实际上,在这里,对hub的选择约束不大,反正就一个配置,不管怎么样,选择和设定都是这个配置.不过,为了方便以后的分析,我们还是跟进去看下usb_choose_configuration()和usb_set_configuration()的实现.实际上,经过这两个函数之后,设备的probe()过程也就会结束了. 4.2.1:usb_choose_configuration()函数分析usb_choose_configuration()的代码如下://为usb device选择一个合适的配置int usb_choose_configuration(struct usb_device *udev){ int i; int num_configs; int insufficient_power = 0; struct usb_host_config *c, *best; best = NULL; //config数组 c = udev->config; //config项数 num_configs = udev->descriptor.bNumConfigurations; //遍历所有配置项 for (i = 0; i < num_configs; (i++, c++)) { struct usb_interface_descriptor *desc = NULL; /* It's possible that a config has no interfaces! */ //配置项的接口数目 //取配置项的第一个接口 if (c->desc.bNumInterfaces > 0) desc = &c->intf_cache[0]->altsetting->desc; /* * HP's USB bus-powered keyboard has only one configuration * and it claims to be self-powered; other devices may have * similar errors in their descriptors. If the next test * were allowed to execute, such configurations would always * be rejected and the devices would not work as expected. * In the meantime, we run the risk of selecting a config * that requires external power at a time when that power * isn't available. It seems to be the lesser of two evils. * * Bugzilla #6448 reports a device that appears to crash * when it receives a GET_DEVICE_STATUS request! We don't * have any other way to tell whether a device is self-powered, * but since we don't use that information anywhere but here, * the call has been removed. * * Maybe the GET_DEVICE_STATUS call and the test below can * be reinstated when device firmwares become more reliable. * Don't hold your breath. */#if 0 /* Rule out self-powered configs for a bus-powered device */ if (bus_powered && (c->desc.bmAttributes & USB_CONFIG_ATT_SELFPOWER)) continue;#endif /* * The next test may not be as effective as it should be. * Some hubs have errors in their descriptor, claiming * to be self-powered when they are really bus-powered. * We will overestimate the amount of current such hubs * make available for each port. * * This is a fairly benign sort of failure. It won't * cause us to reject configurations that we should have * accepted. */ /* Rule out configs that draw too much bus current */ //电源不足.配置描述符中的电力是所需电力的1/2 if (c->desc.bMaxPower * 2 > udev->bus_mA) { insufficient_power++; continue; } /* When the first config's first interface is one of Microsoft's * pet nonstandard Ethernet-over-USB protocols, ignore it unless * this kernel has enabled the necessary host side driver. */ if (i == 0 && desc && (is_rndis(desc) || is_activesync(desc))) {#if !defined(CONFIG_USB_NET_RNDIS_HOST) && !defined(CONFIG_USB_NET_RNDIS_HOST_MODULE) continue;#else best = c;#endif } /* From the remaining configs, choose the first one whose * first interface is for a non-vendor-specific class. * Reason: Linux is more likely to have a class driver * than a vendor-specific driver. */ //选择一个不是USB_CLASS_VENDOR_SPEC的配置 else if (udev->descriptor.bDeviceClass != USB_CLASS_VENDOR_SPEC && (!desc || desc->bInterfaceClass != USB_CLASS_VENDOR_SPEC)) { best = c; break; } /* If all the remaining configs are vendor-specific, * choose the first one. */ else if (!best) best = c; } if (insufficient_power > 0) dev_info(&udev->dev, "rejected %d configuration%s " "due to insufficient available bus power\n", insufficient_power, plural(insufficient_power)); //如果选择好了配置,返回配置的序号,否则,返回-1 if (best) { i = best->desc.bConfigurationValue; dev_info(&udev->dev, "configuration #%d chosen from %d choice%s\n", i, num_configs, plural(num_configs)); } else { i = -1; dev_warn(&udev->dev, "no configuration chosen from %d choice%s\n", num_configs, plural(num_configs)); } return i;}Linux按照自己的喜好选择好了配置之后,返回配置的序号.不过对于HUB来说,它有且仅有一个配置. 4.2.2:usb_set_configuration()函数分析既然已经选好配置了,那就告诉设备选好的配置,这个过程是在usb_set_configuration()中完成的.它的代码如下:int usb_set_configuration(struct usb_device *dev, int configuration){ int i, ret; struct usb_host_config *cp = NULL; struct usb_interface **new_interfaces = NULL; int n, nintf; if (dev->authorized == 0 || configuration == -1) configuration = 0; else { for (i = 0; i < dev->descriptor.bNumConfigurations; i++) { if (dev->config[i].desc.bConfigurationValue == configuration) { cp = &dev->config[i]; break; } } } if ((!cp && configuration != 0)) return -EINVAL; /* The USB spec says configuration 0 means unconfigured. * But if a device includes a configuration numbered 0, * we will accept it as a correctly configured state. * Use -1 if you really want to unconfigure the device. */ if (cp && configuration == 0) dev_warn(&dev->dev, "config 0 descriptor??\n");首先,根据选择好的配置号找到相应的配置,在这里要注意了, dev->config[]数组中的配置并不是按照配置的序号来存放的,而是按照遍历到顺序来排序的.因为有些设备在发送配置描述符的时候,并不是 按照配置序号来发送的,例如,配置2可能在第一次GET_CONFIGURATION就被发送了,而配置1可能是在第二次 GET_CONFIGURATION才能发送.取得配置描述信息之后,要对它进行有效性判断,注意一下本段代码的最后几行代码:usb2.0 spec上规定,0号配置是无效配置,但是可能有些厂商的设备并末按照这一约定,所以在linux中,遇到这种情况只是打印出警告信息,然后尝试使用这一配置. /* Allocate memory for new interfaces before doing anything else, * so that if we run out then nothing will have changed. */ n = nintf = 0; if (cp) { //接口总数 nintf = cp->desc.bNumInterfaces; //interface指针数组, new_interfaces = kmalloc(nintf * sizeof(*new_interfaces), GFP_KERNEL); if (!new_interfaces) { dev_err(&dev->dev, "Out of memory\n"); return -ENOMEM; } for (; n < nintf; ++n) { new_interfaces[n] = kzalloc( sizeof(struct usb_interface), GFP_KERNEL); if (!new_interfaces[n]) { dev_err(&dev->dev, "Out of memory\n"); ret = -ENOMEM;free_interfaces: while (--n >= 0) kfree(new_interfaces[n]); kfree(new_interfaces); return ret; } } //如果总电源小于所需电流,打印警告信息 i = dev->bus_mA - cp->desc.bMaxPower * 2; if (i < 0) dev_warn(&dev->dev, "new config #%d exceeds power " "limit by %dmA\n", configuration, -i); }在这里,注要是为new_interfaces分配空间,要这意的是, new_interfaces是一个二级指针,它的最终指向是struct usb_interface结构.特别的,如果总电流数要小于配置所需电流,则打印出警告消息.实际上,这种情况在 usb_choose_configuration()中已经进行了过滤. /* Wake up the device so we can send it the Set-Config request */ //要对设备进行配置了,先唤醒它 ret = usb_autoresume_device(dev); if (ret) goto free_interfaces; /* if it's already configured, clear out old state first. * getting rid of old interfaces means unbinding their drivers. */ //不是处于ADDRESS状态,先清除设备的状态 if (dev->state != USB_STATE_ADDRESS) usb_disable_device(dev, 1); /* Skip ep0 */ //发送控制消息,选取配置 ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), USB_REQ_SET_CONFIGURATION, 0, configuration, 0, NULL, 0, USB_CTRL_SET_TIMEOUT); if (ret < 0) { /* All the old state is gone, so what else can we do? * The device is probably useless now anyway. */ cp = NULL; } //dev->actconfig存放的是当前设备选取的配置 dev->actconfig = cp; if (!cp) { usb_set_device_state(dev, USB_STATE_ADDRESS); usb_autosuspend_device(dev); goto free_interfaces; } //将状态设为CONFIGURED usb_set_device_state(dev, USB_STATE_CONFIGURED);接下来,就要对设备进行配置了,首先,将设备唤醒.回忆一下我们在分析UHCI驱动时,列出来的设备状态图.只 有在ADDRESS状态才能转入到CONFIG状态.(SUSPEND状态除外). 所以,如果设备当前不是处于ADDRESS状态,就需要将设备的状态初始化.usb_disable_device()函数是个比较重要的操作,在接下来 再对它进行详细分析.接着,发送SET_CONFIGURATION的Control消息给设备,用来选择配置最后,将dev->actconfig指向选定的配置,将设备状态设为CONFIG /* Initialize the new interface structures and the * hc/hcd/usbcore interface/endpoint state. */ //遍历所有的接口 for (i = 0; i < nintf; ++i) { struct usb_interface_cache *intfc; struct usb_interface *intf; struct usb_host_interface *alt; cp->interface[i] = intf = new_interfaces[i]; intfc = cp->intf_cache[i]; intf->altsetting = intfc->altsetting; intf->num_altsetting = intfc->num_altsetting; //是否关联的接口描述符,定义在minor usb 2.0 spec中 intf->intf_assoc = find_iad(dev, cp, i); kref_get(&intfc->ref); //选择0号设置 alt = usb_altnum_to_altsetting(intf, 0); /* No altsetting 0? We'll assume the first altsetting. * We could use a GetInterface call, but if a device is * so non-compliant that it doesn't have altsetting 0 * then I wouldn't trust its reply anyway. */ //如果0号设置不存在,选排在第一个设置 if (!alt) alt = &intf->altsetting[0]; //当前的配置 intf->cur_altsetting = alt; usb_enable_interface(dev, intf); intf->dev.parent = &dev->dev; intf->dev.driver = NULL; intf->dev.bus = &usb_bus_type; intf->dev.type = &usb_if_device_type; intf->dev.dma_mask = dev->dev.dma_mask; device_initialize(&intf->dev); mark_quiesced(intf); sprintf(&intf->dev.bus_id[0], "%d-%s:%d.%d", dev->bus->busnum, dev->devpath, configuration, alt->desc.bInterfaceNumber); } kfree(new_interfaces); if (cp->string == NULL) cp->string = usb_cache_string(dev, cp->desc.iConfiguration);之前初始化的new_interfaces在这里终于要派上用场了.初始化各接口,从上面的初始化过程中,我们可以看出:Intf->altsetting,表示接口的各种设置Intf->num_altsetting:表示接口的设置数目Intf->intf_assoc:接口的关联接口(定义于minor usb 2.0 spec)Intf->cur_altsetting:接口的当前设置.结合之前在UHCI中的分析,我们总结一下:Usb_dev->config,其实是一个数组,存放设备的配置.usb_dev->config[m]-> interface[n]表示第m个配置的第n个接口的intercace结构.(m,n不是配置序号和接口序号 *^_^*).注意这个地方对intf内嵌的struct devcie结构赋值,它的type被赋值为了usb_if_device_type.bus还是usb_bus_type.可能你已经反应过来了,要和这个device匹配的设备是interface的驱动.特别的,这里的device的命名:sprintf(&intf->dev.bus_id[0], "%d-%s:%d.%d", dev->bus->busnum, dev->devpath, configuration, alt->desc.bInterfaceNumber);dev指的是这个接口所属的usb_dev,结合我们之前在UHCI中关于usb设备命名方式的描述.可得出它的命令方式如下:USB总线号-设备路径:配置号.接口号.例如,在我的虚拟机上:[root@localhost devices]# pwd/sys/bus/usb/devices[root@localhost devices]# ls1-0:1.0 usb1[root@localhost devices]#可以得知,系统只有一个usb control.1-0:1.0:表示,第一个usb control下的root hub的1号配置的0号接口.那在插入U盘之后,会发生什么变化呢?不着急,我们等着往下面看,待分析到的时候,我自然就会列出来了 ^_^usb_enable_interface()用来启用接口,也就是启用接口中的每一个endpoint.这个接口比较简单,其中调用的子函数usb_enable_endpoint()在分析UHCI的时候已经详细分析过了.在这里就不再赘述了.在这里,还涉及到一个很有意思的函数, mark_quiesced().从字面意思上看来,它是标记接口为停止状态.它的”反函数”是mark_active().两个函数如下示:static inline void mark_active(struct usb_interface *f){ f->is_active = 1; f->dev.power.power_state.event = PM_EVENT_ON;} static inline void mark_quiesced(struct usb_interface *f){ f->is_active = 0; f->dev.power.power_state.event = PM_EVENT_SUSPEND;}从代码看来,它只是对接口的活动标志(is_active)进行了设置. /* Now that all the interfaces are set up, register them * to trigger binding of drivers to interfaces. probe() * routines may install different altsettings and may * claim() any interfaces not yet bound. Many class drivers * need that: CDC, audio, video, etc. */ //注册每一个接口? for (i = 0; i < nintf; ++i) { struct usb_interface *intf = cp->interface[i]; dev_dbg(&dev->dev, "adding %s (config #%d, interface %d)\n", intf->dev.bus_id, configuration, intf->cur_altsetting->desc.bInterfaceNumber); ret = device_add(&intf->dev); if (ret != 0) { dev_err(&dev->dev, "device_add(%s) --> %d\n", intf->dev.bus_id, ret); continue; } usb_create_sysfs_intf_files(intf); } //使设备suspend usb_autosuspend_device(dev); return 0;}最后,注册intf内嵌的device结构.设备配置完成了,为了省电,可以将设备置为SUSPEND状态. 这个函数中还有几个比较重要的子函数,依次分析如下:1: usb_disable_device()函数.顾名思义,这个函数是将设备disable掉.代码如下:void usb_disable_device(struct usb_device *dev, int skip_ep0){ int i; dev_dbg(&dev->dev, "%s nuking %s URBs\n", __FUNCTION__, skip_ep0 ? "non-ep0" : "all"); for (i = skip_ep0; i < 16; ++i) { usb_disable_endpoint(dev, i); usb_disable_endpoint(dev, i + USB_DIR_IN); } dev->toggle[0] = dev->toggle[1] = 0; /* getting rid of interfaces will disconnect * any drivers bound to them (a key side effect) */ if (dev->actconfig) { for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { struct usb_interface *interface; /* remove this interface if it has been registered */ interface = dev->actconfig->interface[i]; if (!device_is_registered(&interface->dev)) continue; dev_dbg(&dev->dev, "unregistering interface %s\n", interface->dev.bus_id); usb_remove_sysfs_intf_files(interface); device_del(&interface->dev); } /* Now that the interfaces are unbound, nobody should * try to access them. */ for (i = 0; i < dev->actconfig->desc.bNumInterfaces; i++) { put_device(&dev->actconfig->interface[i]->dev); dev->actconfig->interface[i] = NULL; } dev->actconfig = NULL; if (dev->state == USB_STATE_CONFIGURED) usb_set_device_state(dev, USB_STATE_ADDRESS); }}第二个参数是skip_ep0.是表示是否跳过ep0.为1表示跳过,为0表示清除掉设备中的所有endpoint.这个函数可以分为两个部份,一部份是对usb_dev中的endpoint进行操作,一方面是释放usb_dev的选定配置项.对于第一部份:从代码中可能看到,如果skip_ep0为1,那就是从1开始循环,所以,就跳过了ep0.另外,一个端点号对应了两个端点,一个IN,一个OUT.IN端点比OUT端点要大USB_DIR_IN.另外,既然设备都已经被禁用了,那toggle也应该回归原位了.因些将两个方向的toggle都设为0. usb_disable_endpoint()是一个很有意思的处理.它的代码如下:void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr){ unsigned int epnum = epaddr & USB_ENDPOINT_NUMBER_MASK; struct usb_host_endpoint *ep; if (!dev) return; //在dev->ep_out和dev->ep_in删除endpoint if (usb_endpoint_out(epaddr)) { ep = dev->ep_out[epnum]; dev->ep_out[epnum] = NULL; } else { ep = dev->ep_in[epnum]; dev->ep_in[epnum] = NULL; } //禁用掉此ep.包括删除ep上提交的urb 和ep上的QH if (ep) { ep->enabled = 0; usb_hcd_flush_endpoint(dev, ep); usb_hcd_disable_endpoint(dev, ep); }}在dev->ep_in[]/dev->ep_out[]中删除endpoint,这点很好理解. 比较难以理解的是后面的两个操作,即usb_hcd_flush_endpoint()和usb_hcd_disable_endpoint().根据之 前分析的UHCI的驱动,我们得知,对于每个endpoint都有一个传输的qh,这个qh上又挂上了要传输的urb.因此,这两个函数一个是删除 urb,一个是删除qh.usb_hcd_flush_endpoint()的代码如下:void usb_hcd_flush_endpoint(struct usb_device *udev, struct usb_host_endpoint *ep){ struct usb_hcd *hcd; struct urb *urb; if (!ep) return; might_sleep(); hcd = bus_to_hcd(udev->bus); /* No more submits can occur */ //在提交urb时,将urb加到ep->urb_list上的时候要持锁 //因此,这里持锁的话,无法发生中断和提交urb spin_lock_irq(&hcd_urb_list_lock);rescan://将挂在ep->urb_list上的所有urb unlink.注意这里unlink一般只会设置urb->unlinked的//值,不会将urb从ep->urb_list上删除.只有在UHCI的中断处理的时候,才会调用//uhci_giveback_urb()将其从ep->urb_list中删除 list_for_each_entry (urb, &ep->urb_list, urb_list) { int is_in; if (urb->unlinked) continue; usb_get_urb (urb); is_in = usb_urb_dir_in(urb); spin_unlock(&hcd_urb_list_lock); /* kick hcd */ unlink1(hcd, urb, -ESHUTDOWN); dev_dbg (hcd->self.controller, "shutdown urb %p ep%d%s%s\n", urb, usb_endpoint_num(&ep->desc), is_in ? "in" : "out", ({ char *s; switch (usb_endpoint_type(&ep->desc)) { case USB_ENDPOINT_XFER_CONTROL: s = ""; break; case USB_ENDPOINT_XFER_BULK: s = "-bulk"; break; case USB_ENDPOINT_XFER_INT: s = "-intr"; break; default: s = "-iso"; break; }; s; })); usb_put_urb (urb); /* list contents may have changed */ //在这里解开锁了,对应ep->urb_list上又可以提交urb. //这里释放释的话,主要是为了能够产生中断 spin_lock(&hcd_urb_list_lock); goto rescan; } spin_unlock_irq(&hcd_urb_list_lock); /* Wait until the endpoint queue is completely empty */ //等待urb被调度完 while (!list_empty (&ep->urb_list)) { spin_lock_irq(&hcd_urb_list_lock); /* The list may have changed while we acquired the spinlock */ urb = NULL; if (!list_empty (&ep->urb_list)) { urb = list_entry (ep->urb_list.prev, struct urb, urb_list); usb_get_urb (urb); } spin_unlock_irq(&hcd_urb_list_lock); if (urb) { usb_kill_urb (urb); usb_put_urb (urb); } }}仔细体会这里的代码,为什么在前一个循环中,要使用goto rescan重新开始这个循环呢?这是因为在后面已经将自旋锁释放了,因此,就会有这样的可能,在函数中操作的urb,可能已经被调度完释放了.因此,再 对这个urb操作就会产生错误.所以,需要重新开始这个循环.那后一个循环又是干什么的呢?后一个循环就是等待urb被调度完.有人就会有这样的疑问了,这里一边等待,然后endpoint一边还提交urb,那这个函数岂不是要耗掉很长时间?在这里,不要忘记了前面的操作,在调这个函数之前, usb_disable_endpoint()已经将这个endpoint禁用了,也就是说该endpoint不会产生新的urb.因为,在后一个循环 中,只需要等待那些被unlink的urb调度完即可.在usb_kill_urb()中,会一直等待,直到这个urb被调度完成为止.可能有人又会有这样的疑问:Usb_kill_urb()中也有unlink urb的操作,为什么这里要分做两个循环呢? 另外的一个函数是usb_hcd_disable_endpoint().代码如下:void usb_hcd_disable_endpoint(struct usb_device *udev, struct usb_host_endpoint *ep){ struct usb_hcd *hcd; might_sleep(); hcd = bus_to_hcd(udev->bus); if (hcd->driver->endpoint_disable) hcd->driver->endpoint_disable(hcd, ep);}从上面的代码可以看到,操作转向了hcd->driver的endpoint_disable()接口.以UHCI为例.在UHCI中,对应的接口为:static void uhci_hcd_endpoint_disable(struct usb_hcd *hcd, struct usb_host_endpoint *hep){ struct uhci_hcd *uhci = hcd_to_uhci(hcd); struct uhci_qh *qh; spin_lock_irq(&uhci->lock); qh = (struct uhci_qh *) hep->hcpriv; if (qh == NULL) goto done; while (qh->state != QH_STATE_IDLE) { ++uhci->num_waiting; spin_unlock_irq(&uhci->lock); wait_event_interruptible(uhci->waitqh, qh->state == QH_STATE_IDLE); spin_lock_irq(&uhci->lock); --uhci->num_waiting; } uhci_free_qh(uhci, qh);done: spin_unlock_irq(&uhci->lock);}这个函数没啥好说的,就是在uhci->waitqh上等待队列状态变为QH_STATE_IDLE.来回忆一下,qh在什么情况下才会变为QH_STATE_IDLE呢? 是在qh没有待传输的urb的时候.然后,将qh释放. 现在我们来接着看usb_disable_device()的第二个部份.第二部份主要是针对dev->actconfig进行的操作, dev->actconfig存放的是设备当前的配置,现在要将设备设回Address状态.就些东西当然是用不了上的了.释放 dev->actconfig->interface[]中的各元素,注意不要将 dev->actconfig->interface[]所指向的信息释放了,它都是指向dev->config[]-> intf_cache[]中的东西,这些东西一释放,usb device在Get_ Configure所获得的信息就会部丢失了.就这样, usb_disable_device()函数也走到了尾声. 2: usb_cache_string()函数这个函数我们在分析UHCI的时候已经接触过,但末做详细的分析.首先了解一下这个函数的作用,有时候,为了形象的说明,会提供一个字符串形式的说明.例如,对于配置描述符来 说,它的iConfiguration就表示一个字符串索引,然后用Get_String就可以取得这个索引所对应的字串了.不过,事情并不是这么简单. 因为字符串对应不同的编码,所以这里还会对应有编码的处理.来看具体的代码:char *usb_cache_string(struct usb_device *udev, int index){ char *buf; char *smallbuf = NULL; int len; if (index <= 0) return NULL; //不知道字符到底有多长,就按最长256字节处理 buf = kmalloc(256, GFP_KERNEL); if (buf) { len = usb_string(udev, index, buf, 256); //取到字符了,分配合适的长度 if (len > 0) { smallbuf = kmalloc(++len, GFP_KERNEL); if (!smallbuf) return buf; //将字符copy过去 memcpy(smallbuf, buf, len); } //释放旧空间 kfree(buf); } return smallbuf;}这个函数没啥好说的,流程转入到usb_string中.代码如下:int usb_string(struct usb_device *dev, int index, char *buf, size_t size){ unsigned char *tbuf; int err; unsigned int u, idx; if (dev->state == USB_STATE_SUSPENDED) return -EHOSTUNREACH; if (size <= 0 || !buf || !index) return -EINVAL; buf[0] = 0; tbuf = kmalloc(256, GFP_KERNEL); if (!tbuf) return -ENOMEM; /* get langid for strings if it's not yet known */ //先取得设备支持的编码ID if (!dev->have_langid) { //以0号序号和编码0,Get_String就可得到设备所支持的编码列表 err = usb_string_sub(dev, 0, 0, tbuf); //如果发生了错误,或者是取得的数据超短(最短为4字节) if (err < 0) { dev_err(&dev->dev, "string descriptor 0 read error: %d\n", err); goto errout; } else if (err < 4) { dev_err(&dev->dev, "string descriptor 0 too short\n"); err = -EINVAL; goto errout; } //取设备支持的第一个编码 else { dev->have_langid = 1; dev->string_langid = tbuf[2] | (tbuf[3] << 8); /* always use the first langid listed */ dev_dbg(&dev->dev, "default language 0x%04x\n", dev->string_langid); } } //以编码ID和序号Index作为参数Get_String取得序号对应的字串 err = usb_string_sub(dev, dev->string_langid, index, tbuf); if (err < 0) goto errout; //空一个字符来用来存放结束符 size--; /* leave room for trailing NULL char in output buffer */ //两字节一组,(Unicode编码的) for (idx = 0, u = 2; u < err; u += 2) { if (idx >= size) break; //如果高字节有值,说明它不是ISO-8859-1编码的,将它置为? //否则,就将低位的值存放到buf中 if (tbuf[u+1]) /* high byte */ buf[idx++] = '?'; /* non ISO-8859-1 character */ else buf[idx++] = tbuf[u]; } //在最后一位赋0,字串结尾 buf[idx] = 0; //返回字串的长度,(算上了最后的结尾字符) err = idx; //如果该描述符不是STRING描述符,打印出错误提示 if (tbuf[1] != USB_DT_STRING) dev_dbg(&dev->dev, "wrong descriptor type %02x for string %d (\"%s\")\n", tbuf[1], index, buf); errout: //释放空间,返回长度 kfree(tbuf); return err;}结合代码中的注释,就很容易理解这一函数了,在此不对这一函数做详细分析.跟踪进usb_string_sub().代码如下:static int usb_string_sub(struct usb_device *dev, unsigned int langid, unsigned int index, unsigned char *buf){ int rc; /* Try to read the string descriptor by asking for the maximum * possible number of bytes */ //如果设备不需要Fixup 就发出Get_String if (dev->quirks & USB_QUIRK_STRING_FETCH_255) rc = -EIO; else rc = usb_get_string(dev, langid, index, buf, 255); /* If that failed try to read the descriptor length, then * ask for just that many bytes */ //如果Get_String失败或者取得长度有问题.就先取字符描述符的头部 //再以实际的长度和参数,再次Get_String if (rc < 2) { rc = usb_get_string(dev, langid, index, buf, 2); if (rc == 2) rc = usb_get_string(dev, langid, index, buf, buf[0]); } //如果成功 if (rc >= 2) { //如果前两个字节为空.则需要找到数据的有效起始位置 if (!buf[0] && !buf[1]) usb_try_string_workarounds(buf, &rc); /* There might be extra junk at the end of the descriptor */ //整调一下描述符的长度 if (buf[0] < rc) rc = buf[0]; //将rc置为了一个偶数. rc = rc - (rc & 1); /* force a multiple of two */ } //长度最终小于2.返回错误值 if (rc < 2) rc = (rc < 0 ? rc : -EINVAL); return rc;}在这个地方,有个错误处理,可能有的设备你一次用255的长度去取它对字符串会返回一个错误,所以,在用255长度返回错误的时候,先以2为长度取它的描述符头度,再以描述符的实际长度去取字符串描述符串.另外,在描述符的前两个字节都为空的情况下,就需要计算它的有效长度.在代码中,这一工作是由usb_try_string_workarounds()完成的.static void usb_try_string_workarounds(unsigned char *buf, int *length){ int newlength, oldlength = *length; //前两个字节是描述符头部,所以从2开始循环. //Unicode编码用两个字节来表示一个字符. 所以每次循环完了之后要+2 for (newlength = 2; newlength + 1 < oldlength; newlength += 2) //低字节是不可打印字符,或者高字节不为空(不是ISO-8859-1), 就退出循环. if (!isprint(buf[newlength]) || buf[newlength + 1]) break; //修正字符串描述符的实际长度. //如果newlength 等于2.说明字符中描述符没有带字串 if (newlength > 2) { buf[0] = newlength; *length = newlength; }}这个函数涉及到编码方面的东东,建议参阅fudan_abc的<< Linux那些事儿之我是USB core >>,上面的较详细的描述.至此, usb_cache_string()完分析完了.到这里,usb device driver的probe过程也就完成了. 五:hub接口驱动分析5.1:接口驱动架构是时候来分析接口驱动的架构了.我们在上面看到了接口设备的注册.在开篇的时候分析了接口驱动的注册.我们首先来分析接口驱备和接口驱动的匹配.代码还是在usb_bus_type->match().只不过是对应另外的一种情况了.将相关代码列出:static int usb_device_match(struct device *dev, struct device_driver *drv){ …… if (is_usb_device(dev)) { ……} //interface的情况 else { struct usb_interface *intf; struct usb_driver *usb_drv; const struct usb_device_id *id; /* device drivers never match interfaces */ if (is_usb_device_driver(drv)) return 0; intf = to_usb_interface(dev); usb_drv = to_usb_driver(drv); id = usb_match_id(intf, usb_drv->id_table); if (id) return 1; id = usb_match_dynamic_id(intf, usb_drv); if (id) return 1; } return 0;}经过前面的分析,因为在注册接口设备的时候,是将type设为usb_if_device_type,因此,这个函数第一个if是不会满足的.首先,将struct device和struct device_driver转换为被封装的struct usb_interface和struct usb_driver.紧接着,我们看到了两个匹配,一个是usb_match_id().另外一个是usb_match_dynamic_id().后 者只有在前者没有匹配成功的情况下才能调用.我们也可以看到, struct usb_driver中一个struct usb_device_id类型的数组(id_table字段)和一个dynids链表.哪id和dyname_id有什么区别呢?一般来说,id_table是usb 接口驱动静态定义的可以和此驱动匹配设备的一些参数.而dyname_id是可以动态调整的.你可以通过写/sys/bus/usb/drivers/XXX/new_id来设置驱动的dyname_id.其中,XXX表示驱动的名称.这两个函数的逻辑都差不多,我们以usb_match_id()为例进行分析.代码如下:const struct usb_device_id *usb_match_id(struct usb_interface *interface, const struct usb_device_id *id){ /* proc_connectinfo in devio.c may call us with id == NULL. */ //如果driver中没有定义符合条件的id_talbe.则不能静态匹配所有设备 if (id == NULL) return NULL; /* It is important to check that id->driver_info is nonzero, since an entry that is all zeroes except for a nonzero id->driver_info is the way to create an entry that indicates that the driver want to examine every device and interface. */ //如果id_talbe中,有定义的匹配项,则调用usb_match_one_id()进行匹配测试 //如果成功,则返回匹配成功的id_talbe 项数.否则,继续下一项 for (; id->idVendor || id->idProduct || id->bDeviceClass || id->bInterfaceClass || id->driver_info; id++) { if (usb_match_one_id(interface, id)) return id; } //如果没有匹配成功,则返回NULL return NULL;}Id_talbe所属的结构如下示:struct usb_device_id { /* which fields to match against? */ __u16 match_flags; /* Used for product specific matches; range is inclusive */ __u16 idVendor; __u16 idProduct; __u16 bcdDevice_lo; __u16 bcdDevice_hi; /* Used for device class matches */ __u8 bDeviceClass; __u8 bDeviceSubClass; __u8 bDeviceProtocol; /* Used for interface class matches */ __u8 bInterfaceClass; __u8 bInterfaceSubClass; __u8 bInterfaceProtocol; /* not matched against */ kernel_ulong_t driver_info;};match_flags是一个匹配标志,表示要匹配哪一项.而后面的成员,例如idVendor, idProduct.表示具体要匹配项的值.usb_match_one_id()的代码如下:int usb_match_one_id(struct usb_interface *interface, const struct usb_device_id *id){ struct usb_host_interface *intf; struct usb_device *dev; /* proc_connectinfo in devio.c may call us with id == NULL. */ //再次判断id是否为空 if (id == NULL) return 0; //接口听当前匹配 intf = interface->cur_altsetting; //转换为所属的usb_dev dev = interface_to_usbdev(interface); //关于设备参数的匹配.只有在设备参数符合的情况下,才会进行接口 //参数的匹配. if (!usb_match_device(dev, id)) return 0; //下面是关于接口参数的匹配 /* The interface class, subclass, and protocol should never be * checked for a match if the device class is Vendor Specific, * unless the match record specifies the Vendor ID. */ //当设备是厂商自定义类型时(Vendor Specific).除非定义了//USB_DEVICE_ID_MATCH_VENDOR //否则是不需要匹配的 if (dev->descriptor.bDeviceClass == USB_CLASS_VENDOR_SPEC && !(id->match_flags & USB_DEVICE_ID_MATCH_VENDOR) && (id->match_flags & (USB_DEVICE_ID_MATCH_INT_CLASS | USB_DEVICE_ID_MATCH_INT_SUBCLASS | USB_DEVICE_ID_MATCH_INT_PROTOCOL))) return 0; //如果要匹配interface class if ((id->match_flags & USB_DEVICE_ID_MATCH_INT_CLASS) && (id->bInterfaceClass != intf->desc.bInterfaceClass)) return 0; //如果要匹配interface subclass if ((id->match_flags & USB_DEVICE_ID_MATCH_INT_SUBCLASS) && (id->bInterfaceSubClass != intf->desc.bInterfaceSubClass)) return 0; //如果要匹配interface protocol if ((id->match_flags & USB_DEVICE_ID_MATCH_INT_PROTOCOL) && (id->bInterfaceProtocol != intf->desc.bInterfaceProtocol)) return 0; return 1;}这个函数逻辑比较简单.它先检测所属设备参数的匹配项.再检查接口参数的匹配项.由于这个函数比较简单,就不对它多费舌去解释了.简单的说一下关于Vendor Specific class的设备,这个类型在USB Class Codes被定义如下:This base class is defined for vendors to use as they please. These class codes can be used in both Device and Interface Descriptors.
也就是说,这个类型是被厂商自定义的.它主要是靠SubClass和protocol来区分设备的.这些都是非标准定义的. 如果被这个match匹配成功的话,就会转入probe()了,由于bus中没有probe()函数,因此,流程转入到了与之匹配的驱动的probe函数.记得在开篇的时候,分析过接口驱动,它的probe函数被设置为了usb_cache_string().代码如下:static int usb_probe_interface(struct device *dev){ struct usb_driver *driver = to_usb_driver(dev->driver); struct usb_interface *intf; struct usb_device *udev; const struct usb_device_id *id; int error = -ENODEV; dev_dbg(dev, "%s\n", __FUNCTION__); //如果是一个usb 设备,退出 if (is_usb_device(dev)) /* Sanity check */ return error; intf = to_usb_interface(dev); udev = interface_to_usbdev(intf); //如果所属设备的authorized 为0.错误,退出 if (udev->authorized == 0) { dev_err(&intf->dev, "Device is not authorized for usage\n"); return -ENODEV; } //再确认一下设备和驱动是否匹配 id = usb_match_id(intf, driver->id_table); if (!id) id = usb_match_dynamic_id(intf, driver); //如果匹配 if (id) { dev_dbg(dev, "%s - got id\n", __FUNCTION__); //使设备resume error = usb_autoresume_device(udev); if (error) return error; /* Interface "power state" doesn't correspond to any hardware * state whatsoever. We use it to record when it's bound to * a driver that may start I/0: it's not frozen/quiesced. */ //将接口标志为active mark_active(intf); //intf->condition:接口的状态 //USB_INTERFACE_BINDING:正在绑定 intf->condition = USB_INTERFACE_BINDING; /* The interface should always appear to be in use * unless the driver suports autosuspend. */ //intf->pm_usage_cnt:如果为1,接口不会autosuspend intf->pm_usage_cnt = !(driver->supports_autosuspend); //调用挂装结构的probe error = driver->probe(intf, id); //如果发生了错误,将接口标记成不活动的,接口状态设为USB_INTERFACE_UNBOUND if (error) { mark_quiesced(intf); intf->needs_remote_wakeup = 0; intf->condition = USB_INTERFACE_UNBOUND; } //如果成功,将接口状态设为USB_INTERFACE_BOUND else intf->condition = USB_INTERFACE_BOUND; //使设备suspend usb_autosuspend_device(udev); } return error;}至此为至,我们遇到了大量的usb_autoresume_device()/usb_autosuspend_device().先将它们放到一边,等以后再来详细分析他们的操作.还记得,在usb_set_configuration()中,为每一个接口调用了mark_quiesced().所以在这个probe里,将正确匹配的接口调用mark_active(),将其标记为Active.另外,我们来看一下,intf-> condition的几种情况,在代码中, condition属于enum usb_interface_condition结构.如下示:enum usb_interface_condition { USB_INTERFACE_UNBOUND = 0, USB_INTERFACE_BINDING, USB_INTERFACE_BOUND, USB_INTERFACE_UNBINDING,};分别表示,没有绑定,正在绑定,已经绑定,正在解除绑定.从上面的代码中可以看出.最后的流程会回溯到usb_driver的probe. 5.2:hub的接口驱动经过上面的分析,我们知道,接口驱动和接口的匹配主要是根据接口的一些信息来判断的.那对于hub的接口,它的标志信息是什么呢?在usb2.0 spec上,规定了hub的设备class和接口class都为0x9.也就是代码中定义的USB_CLASS_HUB.同时,我们注意到,在usb_init()àusb_hub_init()中:int usb_hub_init(void){ if (usb_register(&hub_driver) < 0) { printk(KERN_ERR "%s: can't register hub driver\n", usbcore_name); return -1; } khubd_task = kthread_run(hub_thread, NULL, "khubd"); if (!IS_ERR(khubd_task)) return 0; /* Fall through if kernel_thread failed */ usb_deregister(&hub_driver); printk(KERN_ERR "%s: can't start khubd\n", usbcore_name); return -1;}这个函数注册了hub_driver对应的接口驱动,还启动了一个内核线程.在这里,我们注意到, hub_driver的定义如下:static struct usb_driver hub_driver = { .name = "hub", .probe = hub_probe, .disconnect = hub_disconnect, .suspend = hub_suspend, .resume = hub_resume, .reset_resume = hub_reset_resume, .pre_reset = hub_pre_reset, .post_reset = hub_post_reset, .ioctl = hub_ioctl, .id_table = hub_id_table, .supports_autosuspend = 1,};Hub_id_talbe被定义为:static struct usb_device_id hub_id_table [] = { { .match_flags = USB_DEVICE_ID_MATCH_DEV_CLASS, .bDeviceClass = USB_CLASS_HUB}, { .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS, .bInterfaceClass = USB_CLASS_HUB}, { } /* Terminating entry */};看到了没,这些信息就是hub 的接口class信息.也就是说, hub_driver就是为们要找的hub 接口的驱动.根据上面的分析,流程最终会到hub_driver->probe中,对应的接口为hub_probe(). 5.2.1:接口驱动的probe过程Hub_probe()的代码如下:static int hub_probe(struct usb_interface *intf, const struct usb_device_id *id){ struct usb_host_interface *desc; struct usb_endpoint_descriptor *endpoint; struct usb_device *hdev; struct usb_hub *hub; desc = intf->cur_altsetting; hdev = interface_to_usbdev(intf); #ifdef CONFIG_USB_OTG_BLACKLIST_HUB if (hdev->parent) { dev_warn(&intf->dev, "ignoring external hub\n"); return -ENODEV; }#endif /* Some hubs have a subclass of 1, which AFAICT according to the */ /* specs is not defined, but it works */ //spec上规定接口的subclass为0.但为1时,也能工作 if ((desc->desc.bInterfaceSubClass != 0) && (desc->desc.bInterfaceSubClass != 1)) {descriptor_error: dev_err (&intf->dev, "bad descriptor, ignoring hub\n"); return -EIO; } /* Multiple endpoints? What kind of mutant ninja-hub is this? */ //spec上规定hub interface的endpoint数目为1,这里的数目没有包括ep0 if (desc->desc.bNumEndpoints != 1) goto descriptor_error; //端点描述符 endpoint = &desc->endpoint[0].desc; /* If it's not an interrupt in endpoint, we'd better punt! */ //不是IN方向的中断传输端点,有错误 if (!usb_endpoint_is_int_in(endpoint)) goto descriptor_error; /* We found a hub */ dev_info (&intf->dev, "USB hub found\n"); //初始化一个struct usb_hub结构 hub = kzalloc(sizeof(*hub), GFP_KERNEL); if (!hub) { dev_dbg (&intf->dev, "couldn't kmalloc hub struct\n"); return -ENOMEM; } //初始化引用计数 kref_init(&hub->kref); //初始化event_list INIT_LIST_HEAD(&hub->event_list); //hub->intfdev:指向接口封装的dev hub->intfdev = &intf->dev; //hub->hdev:hub所属的usb_dev hub->hdev = hdev; //初始化一个延时工作队列,用来管理hub LED的 INIT_DELAYED_WORK(&hub->leds, led_work); //增加intf->dev的引用计数 usb_get_intf(intf); //intf->dev的私有结构指和hub usb_set_intfdata (intf, hub); //接口需要远程唤醒 intf->needs_remote_wakeup = 1; //如果是一个高速设备,增加highspeed_hubs 计数 if (hdev->speed == USB_SPEED_HIGH) highspeed_hubs++; //配置hub if (hub_configure(hub, endpoint) >= 0) return 0; hub_disconnect (intf); return -ENODEV;}这个函数前一部份进行一些有效性检查,后半部份分配并初始化一个struct usb_hub结构.然后流程就转入了hub_configure().hub_configure()函数是一个很重要的操作,它的代码如下:static int hub_configure(struct usb_hub *hub, struct usb_endpoint_descriptor *endpoint){ struct usb_device *hdev = hub->hdev; struct device *hub_dev = hub->intfdev; u16 hubstatus, hubchange; u16 wHubCharacteristics; unsigned int pipe; int maxp, ret; char *message; //为buffer分配空间,DMA分配,其物理地址存放在hub->buffer_dma中 //buffer是一个指向数组的指针 hub->buffer = usb_buffer_alloc(hdev, sizeof(*hub->buffer), GFP_KERNEL, &hub->buffer_dma); if (!hub->buffer) { message = "can't allocate hub irq buffer"; ret = -ENOMEM; goto fail; } //为status分配空间 hub->status = kmalloc(sizeof(*hub->status), GFP_KERNEL); if (!hub->status) { message = "can't kmalloc hub status buffer"; ret = -ENOMEM; goto fail; } mutex_init(&hub->status_mutex); //为hub->descriptor分配空间 hub->descriptor = kmalloc(sizeof(*hub->descriptor), GFP_KERNEL); if (!hub->descriptor) { message = "can't kmalloc hub descriptor"; ret = -ENOMEM; goto fail; } /* Request the entire hub descriptor. * hub->descriptor can handle USB_MAXCHILDREN ports, * but the hub can/will return fewer bytes here. */ //取得hub描述符 ret = get_hub_descriptor(hdev, hub->descriptor, sizeof(*hub->descriptor)); //如果Get_Descriptor失败或者hub端口超多 if (ret < 0) { message = "can't read hub descriptor"; goto fail; } //协议上规定hub最多有255个接口,但Linux认为31个接口已经够多了 else if (hub->descriptor->bNbrPorts > USB_MAXCHILDREN) { message = "hub has too many ports!"; ret = -ENODEV; goto fail; } //hdev->maxchild: hub的端口数目 hdev->maxchild = hub->descriptor->bNbrPorts; dev_info (hub_dev, "%d port%s detected\n", hdev->maxchild, (hdev->maxchild == 1) ? "" : "s"); //wHubCharacteristics字段 wHubCharacteristics = le16_to_cpu(hub->descriptor->wHubCharacteristics); //是否是一个复合设备 if (wHubCharacteristics & HUB_CHAR_COMPOUND) { int i; char portstr [USB_MAXCHILDREN + 1]; for (i = 0; i < hdev->maxchild; i++) //找到数组中的所在项和数组项中的位置 portstr[i] = hub->descriptor->DeviceRemovable [((i + 1) / 8)] & (1 << ((i + 1) % 8)) ? 'F' : 'R'; //以\0 结尾 portstr[hdev->maxchild] = 0; dev_dbg(hub_dev, "compound device; port removable status: %s\n", portstr); } else dev_dbg(hub_dev, "standalone hub\n"); //电源开关模式 switch (wHubCharacteristics & HUB_CHAR_LPSM) { //ganged 电源开关,所有连接端口同时开机 case 0x00: dev_dbg(hub_dev, "ganged power switching\n"); break; //端口有单独的电源开关 case 0x01: dev_dbg(hub_dev, "individual port power switching\n"); break; //1X:保留, 表示没有电源开关 case 0x02: case 0x03: dev_dbg(hub_dev, "no power switching (usb 1.0)\n"); break; } //过电流保护模式 switch (wHubCharacteristics & HUB_CHAR_OCPM) { //全部电流保护 case 0x00: dev_dbg(hub_dev, "global over-current protection\n"); break; //个别连接端口电源保护 case 0x08: dev_dbg(hub_dev, "individual port over-current protection\n"); break; //没有过电流保护 case 0x10: case 0x18: dev_dbg(hub_dev, "no over-current protection\n"); break; } //初始化TT相关的东西 spin_lock_init (&hub->tt.lock); INIT_LIST_HEAD (&hub->tt.clear_list); INIT_WORK (&hub->tt.kevent, hub_tt_kevent); //设备描述符的bDeviceProtocol 字段 switch (hdev->descriptor.bDeviceProtocol) { //HUB是一个低速/全速设备 case 0: break; //只有一个TT case 1: dev_dbg(hub_dev, "Single TT\n"); hub->tt.hub = hdev; break; //多个TT case 2: //为接口选取1号设置 ret = usb_set_interface(hdev, 0, 1); if (ret == 0) { dev_dbg(hub_dev, "TT per port\n"); hub->tt.multi = 1; } else dev_err(hub_dev, "Using single TT (err %d)\n", ret); hub->tt.hub = hdev; break; default: dev_dbg(hub_dev, "Unrecognized hub protocol %d\n", hdev->descriptor.bDeviceProtocol); break; } /* Note 8 FS bit times == (8 bits / 12000000 bps) ~= 666ns */ //TT think time, switch (wHubCharacteristics & HUB_CHAR_TTTT) { case HUB_TTTT_8_BITS: if (hdev->descriptor.bDeviceProtocol != 0) { hub->tt.think_time = 666; dev_dbg(hub_dev, "TT requires at most %d " "FS bit times (%d ns)\n", 8, hub->tt.think_time); } break; case HUB_TTTT_16_BITS: hub->tt.think_time = 666 * 2; dev_dbg(hub_dev, "TT requires at most %d " "FS bit times (%d ns)\n", 16, hub->tt.think_time); break; case HUB_TTTT_24_BITS: hub->tt.think_time = 666 * 3; dev_dbg(hub_dev, "TT requires at most %d " "FS bit times (%d ns)\n", 24, hub->tt.think_time); break; case HUB_TTTT_32_BITS: hub->tt.think_time = 666 * 4; dev_dbg(hub_dev, "TT requires at most %d " "FS bit times (%d ns)\n", 32, hub->tt.think_time); break; } /* probe() zeroes hub->indicator[] */ //是否支持连接端口LED if (wHubCharacteristics & HUB_CHAR_PORTIND) { hub->has_indicators = 1; dev_dbg(hub_dev, "Port indicators are supported\n"); } //bPwrOn2PwrGood字段表示连接端口从开机到准备好的时间 dev_dbg(hub_dev, "power on to power good time: %dms\n", hub->descriptor->bPwrOn2PwrGood * 2); /* power budgeting mostly matters with bus-powered hubs, * and battery-powered root hubs (may provide just 8 mA). */ //Get_Status 设备 ret = usb_get_status(hdev, USB_RECIP_DEVICE, 0, &hubstatus); //Get_Status失败 if (ret < 2) { message = "can't get hub status"; goto fail; } //设备的status包含两个部份:bit 0 表示使用自身电源bit 1是远程唤醒字段 le16_to_cpus(&hubstatus); //如果是root hub if (hdev == hdev->bus->root_hub) { //如果电流没有限制 if (hdev->bus_mA == 0 || hdev->bus_mA >= 500) hub->mA_per_port = 500; //有限制的情况下 else { hub->mA_per_port = hdev->bus_mA; hub->limited_power = 1; } } //如果使用总线电流 else if ((hubstatus & (1 << USB_DEVICE_SELF_POWERED)) == 0) { dev_dbg(hub_dev, "hub controller current requirement: %dmA\n", hub->descriptor->bHubContrCurrent); hub->limited_power = 1; if (hdev->maxchild > 0) { int remaining = hdev->bus_mA - hub->descriptor->bHubContrCurrent; if (remaining < hdev->maxchild * 100) dev_warn(hub_dev, "insufficient power available " "to use all downstream ports\n"); hub->mA_per_port = 100; /* 7.2.1.1 */ } } // 如果使用本身电流 else { /* Self-powered external hub */ /* FIXME: What about battery-powered external hubs that * provide less current per port? */ hub->mA_per_port = 500; } if (hub->mA_per_port < 500) dev_dbg(hub_dev, "%umA bus power budget for each child\n", hub->mA_per_port); //Get hub status //hub 状态位和改变位 ret = hub_hub_status(hub, &hubstatus, &hubchange); if (ret < 0) { message = "can't get hub status"; goto fail; } /* local power status reports aren't always correct */ //自身供电 if (hdev->actconfig->desc.bmAttributes & USB_CONFIG_ATT_SELFPOWER) dev_dbg(hub_dev, "local power source is %s\n", (hubstatus & HUB_STATUS_LOCAL_POWER) ? "lost (inactive)" : "good"); //不支持过电流保护 if ((wHubCharacteristics & HUB_CHAR_OCPM) == 0) dev_dbg(hub_dev, "%sover-current condition exists\n", (hubstatus & HUB_STATUS_OVERCURRENT) ? "" : "no "); /* set up the interrupt endpoint * We use the EP's maxpacket size instead of (PORTS+1+7)/8 * bytes as USB2.0[11.12.3] says because some hubs are known * to send more data (and thus cause overflow). For root hubs, * maxpktsize is defined in hcd.c's fake endpoint descriptors * to be big enough for at least USB_MAXCHILDREN ports. */ //设备中断控制传输的urb //通道和最大包长度 pipe = usb_rcvintpipe(hdev, endpoint->bEndpointAddress); maxp = usb_maxpacket(hdev, pipe, usb_pipeout(pipe)); if (maxp > sizeof(*hub->buffer)) maxp = sizeof(*hub->buffer); //分配urb hub->urb = usb_alloc_urb(0, GFP_KERNEL); if (!hub->urb) { message = "couldn't allocate interrupt urb"; ret = -ENOMEM; goto fail; } //填充urb usb_fill_int_urb(hub->urb, hdev, pipe, *hub->buffer, maxp, hub_irq, hub, endpoint->bInterval); hub->urb->transfer_dma = hub->buffer_dma; hub->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; /* maybe cycle the hub leds */ if (hub->has_indicators && blinkenlights) hub->indicator [0] = INDICATOR_CYCLE; //驱动hub hub_power_on(hub); //激活hub hub_activate(hub); return 0; fail: dev_err (hub_dev, "config failed, %s (err %d)\n", message, ret); /* hub_disconnect() frees urb and descriptor */ return ret;}这个函数先初始化struct usb_hub中的几个指针,为之分配空间,然后,取得hub的描述符,再根据取得的描述符信息再初始化和显示一些调试信息.其中的一些成员赋值等我们用 到的时候再来进行分析.这个函数的后面关于urb部份和后面调用的两个子函数才是我们要分析的重点.在这里,顺带提一下HUB的指示灯问题.Hub描述符的wHubCharacteristics的bit7来描述设备是否支持显示灯.为1表示在下游的连接端口上支持显示灯,为0则不支持.如果Hub支持指示灯,则将hub->has_indicators置为1.另外,HUB的指示灯是否起作用,还由一个参数决定,在代码中,大家也看到,这个参数是blinkenlights.这个参数定义如下:static int blinkenlights = 0;module_param (blinkenlights, bool, S_IRUGO);MODULE_PARM_DESC (blinkenlights, "true to cycle leds on hubs");这是一个可调的模块参数.如果要显示灯起作用,必须要将其置为1才可以.我们可以用下面两种方法来设置这个参数:1:如果模块没有编译进kernel,可以在插入模块的时候,加上这个参数: modprobe usbcore blinkenlights=12:如果模块已经编进kernel,那在kernel的启动参数上加上如下参数: usbcore.blinkenlights=1在usb2.0 spec中,对不同情况下的灯颜色都做了定义.在代码中,灯的显示交给了一延迟的工作队列进行处理,初始化如下所示:INIT_DELAYED_WORK(&hub->leds, led_work); (在hub_probe()函数中)在这里,并不打算详细分析这一部份,有兴趣的可以跟踪下去看下. 那函数后面初始化的URB是用来干什么的呢?我们将这个URB的初始化部份单独列出如下:pipe = usb_rcvintpipe(hdev, endpoint->bEndpointAddress); maxp = usb_maxpacket(hdev, pipe, usb_pipeout(pipe)); if (maxp > sizeof(*hub->buffer)) maxp = sizeof(*hub->buffer);我们从此可以看出,这个URB是作用于ep0之外的另一个端点,而且传输数据的长度最大为sizeof(*hub->buffer)Hub->buffer被定义如下:struct usb_hub { …… char (*buffer)[8]; ……}由此可以看出buffer是指向一个8元素字符数组的指针,sizeof(*hub->buffer)等于0.关于传输的数据长度,代码中有一段注释,这段注释说,spec上规定的长度是(PORTS+1+7)/8.而linux中,对每个hub上挂有认为最多的端口进行处理,因些,就是(31+1+7)/8 = 5为什么这里要是8呢?因为usb2.0 spec上规定,ep0的最大发包长度,可能为8.16.32.64.512.所以选择比5要大的最小值8.另外,我们注意到,URB完成之后,所要调用的函数是hub_irq().如下所示:usb_fill_int_urb(hub->urb, hdev, pipe, *hub->buffer, maxp, hub_irq, hub, endpoint->bInterval);UHCI必须要知道HUB的端口的一些连接状态,因此,需要HUB周期性的上报它的端口连接状态.这个URB就是用来做这个用途的.UHCI周期性的发送IN方向中断传输传输给HUB.HUB就会通过这个URB将端口信息发送给HUB.那这个轮询周期是多长呢?根据我们之前分析的UHCI的知识,它的调度周期是由endpoint的bInterval 字段所决定的. 现在,我们慢慢来接触到hub的一些核心处理了.整理一下心情,继续看代码.^_^接下来,我们要看到的第一个函数是hub_power_on().代码如下:static void hub_power_on(struct usb_hub *hub){ int port1; //从连接端口从开机到准备好的时间 unsigned pgood_delay = hub->descriptor->bPwrOn2PwrGood * 2; //wHubCharacteristics字段 u16 wHubCharacteristics = le16_to_cpu(hub->descriptor->wHubCharacteristics); /* Enable power on each port. Some hubs have reserved values * of LPSM (> 2) in their descriptors, even though they are * USB 2.0 hubs. Some hubs do not implement port-power switching * but only emulate it. In all cases, the ports won't work * unless we send these messages to the hub. */ //开关模式 if ((wHubCharacteristics & HUB_CHAR_LPSM) < 2) dev_dbg(hub->intfdev, "enabling power on all ports\n"); else dev_dbg(hub->intfdev, "trying to enable port power on " "non-switchable hub\n"); //给每一个端口发送PORT_POWER的Set_Feature消息 for (port1 = 1; port1 <= hub->descriptor->bNbrPorts; port1++) set_port_feature(hub->hdev, port1, USB_PORT_FEAT_POWER); /* Wait at least 100 msec for power to become stable */ //等待端口可以正常工作,至少100 ms msleep(max(pgood_delay, (unsigned) 100));}这里就是给每个接口发送PORT_POWER的Set_Feature消息,告之可起来工作了,然后等待端口可以工作. 另外要分析的函数是hub_activate().代码如下:static void hub_activate(struct usb_hub *hub){ int status; hub->quiescing = 0; hub->activating = 1; //提交urb status = usb_submit_urb(hub->urb, GFP_NOIO); if (status < 0) dev_err(hub->intfdev, "activate --> %d\n", status); if (hub->has_indicators && blinkenlights) schedule_delayed_work(&hub->leds, LED_CYCLE_PERIOD); /* scan all ports ASAP */ kick_khubd(hub);}首先,是在hub的两个字段进行赋值操作,hub-> quiescing 和 hub->activating表示分别表示hub处理暂停和活跃状态.注意,在这里,不要和接口的mark_active()设置的intf->is_active相混淆.然后,将hub->urb提交.开始调度Led的工作队列.最后,流程转入kick_khubd().代码如下:static void kick_khubd(struct usb_hub *hub){ unsigned long flags; /* Suppress autosuspend until khubd runs */ //pm_usage_cnt设置为1,防止autosuspend to_usb_interface(hub->intfdev)->pm_usage_cnt = 1; spin_lock_irqsave(&hub_event_lock, flags); if (!hub->disconnected && list_empty(&hub->event_list)) { list_add_tail(&hub->event_list, &hub_event_list); wake_up(&khubd_wait); } spin_unlock_irqrestore(&hub_event_lock, flags);}在这个函数中,先将接口的pm_usage_cnt置1,此后,该接口就不能SUSPEND.然后,将该hub添加进hub_event_list链表,并唤醒Khubd_wait等待队列.hub_event_list和Khubd_wait到底代表着什么呢?它后面的参数又是什么呢?接着往下看…