1 /* -*- Mode: C; indent-tabs-mode:t ; c-basic-offset:8 -*- */
2 /*
3  * I/O functions for libusb
4  * Copyright © 2007-2009 Daniel Drake <dsd@gentoo.org>
5  * Copyright © 2001 Johannes Erdfelt <johannes@erdfelt.com>
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20  */
21 
22 #include <config.h>
23 
24 #include <assert.h>
25 #include <errno.h>
26 #include <stdint.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <time.h>
30 #ifdef HAVE_SIGNAL_H
31 #include <signal.h>
32 #endif
33 #ifdef HAVE_SYS_TIME_H
34 #include <sys/time.h>
35 #endif
36 #ifdef USBI_TIMERFD_AVAILABLE
37 #include <sys/timerfd.h>
38 #endif
39 
40 #include "libusbi.h"
41 #include "hotplug.h"
42 
43 /**
44  * \page libusb_io Synchronous and asynchronous device I/O
45  *
46  * \section io_intro Introduction
47  *
48  * If you're using libusb in your application, you're probably wanting to
49  * perform I/O with devices - you want to perform USB data transfers.
50  *
51  * libusb offers two separate interfaces for device I/O. This page aims to
52  * introduce the two in order to help you decide which one is more suitable
53  * for your application. You can also choose to use both interfaces in your
54  * application by considering each transfer on a case-by-case basis.
55  *
56  * Once you have read through the following discussion, you should consult the
57  * detailed API documentation pages for the details:
58  * - \ref libusb_syncio
59  * - \ref libusb_asyncio
60  *
61  * \section theory Transfers at a logical level
62  *
63  * At a logical level, USB transfers typically happen in two parts. For
64  * example, when reading data from a endpoint:
65  * -# A request for data is sent to the device
66  * -# Some time later, the incoming data is received by the host
67  *
68  * or when writing data to an endpoint:
69  *
70  * -# The data is sent to the device
71  * -# Some time later, the host receives acknowledgement from the device that
72  *    the data has been transferred.
73  *
74  * There may be an indefinite delay between the two steps. Consider a
75  * fictional USB input device with a button that the user can press. In order
76  * to determine when the button is pressed, you would likely submit a request
77  * to read data on a bulk or interrupt endpoint and wait for data to arrive.
78  * Data will arrive when the button is pressed by the user, which is
79  * potentially hours later.
80  *
81  * libusb offers both a synchronous and an asynchronous interface to performing
82  * USB transfers. The main difference is that the synchronous interface
83  * combines both steps indicated above into a single function call, whereas
84  * the asynchronous interface separates them.
85  *
86  * \section sync The synchronous interface
87  *
88  * The synchronous I/O interface allows you to perform a USB transfer with
89  * a single function call. When the function call returns, the transfer has
90  * completed and you can parse the results.
91  *
92  * If you have used the libusb-0.1 before, this I/O style will seem familar to
93  * you. libusb-0.1 only offered a synchronous interface.
94  *
95  * In our input device example, to read button presses you might write code
96  * in the following style:
97 \code
98 unsigned char data[4];
99 int actual_length;
100 int r = libusb_bulk_transfer(dev_handle, LIBUSB_ENDPOINT_IN, data, sizeof(data), &actual_length, 0);
101 if (r == 0 && actual_length == sizeof(data)) {
102 	// results of the transaction can now be found in the data buffer
103 	// parse them here and report button press
104 } else {
105 	error();
106 }
107 \endcode
108  *
109  * The main advantage of this model is simplicity: you did everything with
110  * a single simple function call.
111  *
112  * However, this interface has its limitations. Your application will sleep
113  * inside libusb_bulk_transfer() until the transaction has completed. If it
114  * takes the user 3 hours to press the button, your application will be
115  * sleeping for that long. Execution will be tied up inside the library -
116  * the entire thread will be useless for that duration.
117  *
118  * Another issue is that by tieing up the thread with that single transaction
119  * there is no possibility of performing I/O with multiple endpoints and/or
120  * multiple devices simultaneously, unless you resort to creating one thread
121  * per transaction.
122  *
123  * Additionally, there is no opportunity to cancel the transfer after the
124  * request has been submitted.
125  *
126  * For details on how to use the synchronous API, see the
127  * \ref libusb_syncio "synchronous I/O API documentation" pages.
128  *
129  * \section async The asynchronous interface
130  *
131  * Asynchronous I/O is the most significant new feature in libusb-1.0.
132  * Although it is a more complex interface, it solves all the issues detailed
133  * above.
134  *
135  * Instead of providing which functions that block until the I/O has complete,
136  * libusb's asynchronous interface presents non-blocking functions which
137  * begin a transfer and then return immediately. Your application passes a
138  * callback function pointer to this non-blocking function, which libusb will
139  * call with the results of the transaction when it has completed.
140  *
141  * Transfers which have been submitted through the non-blocking functions
142  * can be cancelled with a separate function call.
143  *
144  * The non-blocking nature of this interface allows you to be simultaneously
145  * performing I/O to multiple endpoints on multiple devices, without having
146  * to use threads.
147  *
148  * This added flexibility does come with some complications though:
149  * - In the interest of being a lightweight library, libusb does not create
150  * threads and can only operate when your application is calling into it. Your
151  * application must call into libusb from it's main loop when events are ready
152  * to be handled, or you must use some other scheme to allow libusb to
153  * undertake whatever work needs to be done.
154  * - libusb also needs to be called into at certain fixed points in time in
155  * order to accurately handle transfer timeouts.
156  * - Memory handling becomes more complex. You cannot use stack memory unless
157  * the function with that stack is guaranteed not to return until the transfer
158  * callback has finished executing.
159  * - You generally lose some linearity from your code flow because submitting
160  * the transfer request is done in a separate function from where the transfer
161  * results are handled. This becomes particularly obvious when you want to
162  * submit a second transfer based on the results of an earlier transfer.
163  *
164  * Internally, libusb's synchronous interface is expressed in terms of function
165  * calls to the asynchronous interface.
166  *
167  * For details on how to use the asynchronous API, see the
168  * \ref libusb_asyncio "asynchronous I/O API" documentation pages.
169  */
170 
171 
172 /**
173  * \page libusb_packetoverflow Packets and overflows
174  *
175  * \section packets Packet abstraction
176  *
177  * The USB specifications describe how data is transmitted in packets, with
178  * constraints on packet size defined by endpoint descriptors. The host must
179  * not send data payloads larger than the endpoint's maximum packet size.
180  *
181  * libusb and the underlying OS abstract out the packet concept, allowing you
182  * to request transfers of any size. Internally, the request will be divided
183  * up into correctly-sized packets. You do not have to be concerned with
184  * packet sizes, but there is one exception when considering overflows.
185  *
186  * \section overflow Bulk/interrupt transfer overflows
187  *
188  * When requesting data on a bulk endpoint, libusb requires you to supply a
189  * buffer and the maximum number of bytes of data that libusb can put in that
190  * buffer. However, the size of the buffer is not communicated to the device -
191  * the device is just asked to send any amount of data.
192  *
193  * There is no problem if the device sends an amount of data that is less than
194  * or equal to the buffer size. libusb reports this condition to you through
195  * the \ref libusb_transfer::actual_length "libusb_transfer.actual_length"
196  * field.
197  *
198  * Problems may occur if the device attempts to send more data than can fit in
199  * the buffer. libusb reports LIBUSB_TRANSFER_OVERFLOW for this condition but
200  * other behaviour is largely undefined: actual_length may or may not be
201  * accurate, the chunk of data that can fit in the buffer (before overflow)
202  * may or may not have been transferred.
203  *
204  * Overflows are nasty, but can be avoided. Even though you were told to
205  * ignore packets above, think about the lower level details: each transfer is
206  * split into packets (typically small, with a maximum size of 512 bytes).
207  * Overflows can only happen if the final packet in an incoming data transfer
208  * is smaller than the actual packet that the device wants to transfer.
209  * Therefore, you will never see an overflow if your transfer buffer size is a
210  * multiple of the endpoint's packet size: the final packet will either
211  * fill up completely or will be only partially filled.
212  */
213 
214 /**
215  * @defgroup libusb_asyncio Asynchronous device I/O
216  *
217  * This page details libusb's asynchronous (non-blocking) API for USB device
218  * I/O. This interface is very powerful but is also quite complex - you will
219  * need to read this page carefully to understand the necessary considerations
220  * and issues surrounding use of this interface. Simplistic applications
221  * may wish to consider the \ref libusb_syncio "synchronous I/O API" instead.
222  *
223  * The asynchronous interface is built around the idea of separating transfer
224  * submission and handling of transfer completion (the synchronous model
225  * combines both of these into one). There may be a long delay between
226  * submission and completion, however the asynchronous submission function
227  * is non-blocking so will return control to your application during that
228  * potentially long delay.
229  *
230  * \section asyncabstraction Transfer abstraction
231  *
232  * For the asynchronous I/O, libusb implements the concept of a generic
233  * transfer entity for all types of I/O (control, bulk, interrupt,
234  * isochronous). The generic transfer object must be treated slightly
235  * differently depending on which type of I/O you are performing with it.
236  *
237  * This is represented by the public libusb_transfer structure type.
238  *
239  * \section asynctrf Asynchronous transfers
240  *
241  * We can view asynchronous I/O as a 5 step process:
242  * -# <b>Allocation</b>: allocate a libusb_transfer
243  * -# <b>Filling</b>: populate the libusb_transfer instance with information
244  *    about the transfer you wish to perform
245  * -# <b>Submission</b>: ask libusb to submit the transfer
246  * -# <b>Completion handling</b>: examine transfer results in the
247  *    libusb_transfer structure
248  * -# <b>Deallocation</b>: clean up resources
249  *
250  *
251  * \subsection asyncalloc Allocation
252  *
253  * This step involves allocating memory for a USB transfer. This is the
254  * generic transfer object mentioned above. At this stage, the transfer
255  * is "blank" with no details about what type of I/O it will be used for.
256  *
257  * Allocation is done with the libusb_alloc_transfer() function. You must use
258  * this function rather than allocating your own transfers.
259  *
260  * \subsection asyncfill Filling
261  *
262  * This step is where you take a previously allocated transfer and fill it
263  * with information to determine the message type and direction, data buffer,
264  * callback function, etc.
265  *
266  * You can either fill the required fields yourself or you can use the
267  * helper functions: libusb_fill_control_transfer(), libusb_fill_bulk_transfer()
268  * and libusb_fill_interrupt_transfer().
269  *
270  * \subsection asyncsubmit Submission
271  *
272  * When you have allocated a transfer and filled it, you can submit it using
273  * libusb_submit_transfer(). This function returns immediately but can be
274  * regarded as firing off the I/O request in the background.
275  *
276  * \subsection asynccomplete Completion handling
277  *
278  * After a transfer has been submitted, one of four things can happen to it:
279  *
280  * - The transfer completes (i.e. some data was transferred)
281  * - The transfer has a timeout and the timeout expires before all data is
282  * transferred
283  * - The transfer fails due to an error
284  * - The transfer is cancelled
285  *
286  * Each of these will cause the user-specified transfer callback function to
287  * be invoked. It is up to the callback function to determine which of the
288  * above actually happened and to act accordingly.
289  *
290  * The user-specified callback is passed a pointer to the libusb_transfer
291  * structure which was used to setup and submit the transfer. At completion
292  * time, libusb has populated this structure with results of the transfer:
293  * success or failure reason, number of bytes of data transferred, etc. See
294  * the libusb_transfer structure documentation for more information.
295  *
296  * <b>Important Note</b>: The user-specified callback is called from an event
297  * handling context. It is therefore important that no calls are made into
298  * libusb that will attempt to perform any event handling. Examples of such
299  * functions are any listed in the \ref libusb_syncio "synchronous API" and any of
300  * the blocking functions that retrieve \ref libusb_desc "USB descriptors".
301  *
302  * \subsection Deallocation
303  *
304  * When a transfer has completed (i.e. the callback function has been invoked),
305  * you are advised to free the transfer (unless you wish to resubmit it, see
306  * below). Transfers are deallocated with libusb_free_transfer().
307  *
308  * It is undefined behaviour to free a transfer which has not completed.
309  *
310  * \section asyncresubmit Resubmission
311  *
312  * You may be wondering why allocation, filling, and submission are all
313  * separated above where they could reasonably be combined into a single
314  * operation.
315  *
316  * The reason for separation is to allow you to resubmit transfers without
317  * having to allocate new ones every time. This is especially useful for
318  * common situations dealing with interrupt endpoints - you allocate one
319  * transfer, fill and submit it, and when it returns with results you just
320  * resubmit it for the next interrupt.
321  *
322  * \section asynccancel Cancellation
323  *
324  * Another advantage of using the asynchronous interface is that you have
325  * the ability to cancel transfers which have not yet completed. This is
326  * done by calling the libusb_cancel_transfer() function.
327  *
328  * libusb_cancel_transfer() is asynchronous/non-blocking in itself. When the
329  * cancellation actually completes, the transfer's callback function will
330  * be invoked, and the callback function should check the transfer status to
331  * determine that it was cancelled.
332  *
333  * Freeing the transfer after it has been cancelled but before cancellation
334  * has completed will result in undefined behaviour.
335  *
336  * When a transfer is cancelled, some of the data may have been transferred.
337  * libusb will communicate this to you in the transfer callback. Do not assume
338  * that no data was transferred.
339  *
340  * \section bulk_overflows Overflows on device-to-host bulk/interrupt endpoints
341  *
342  * If your device does not have predictable transfer sizes (or it misbehaves),
343  * your application may submit a request for data on an IN endpoint which is
344  * smaller than the data that the device wishes to send. In some circumstances
345  * this will cause an overflow, which is a nasty condition to deal with. See
346  * the \ref libusb_packetoverflow page for discussion.
347  *
348  * \section asyncctrl Considerations for control transfers
349  *
350  * The <tt>libusb_transfer</tt> structure is generic and hence does not
351  * include specific fields for the control-specific setup packet structure.
352  *
353  * In order to perform a control transfer, you must place the 8-byte setup
354  * packet at the start of the data buffer. To simplify this, you could
355  * cast the buffer pointer to type struct libusb_control_setup, or you can
356  * use the helper function libusb_fill_control_setup().
357  *
358  * The wLength field placed in the setup packet must be the length you would
359  * expect to be sent in the setup packet: the length of the payload that
360  * follows (or the expected maximum number of bytes to receive). However,
361  * the length field of the libusb_transfer object must be the length of
362  * the data buffer - i.e. it should be wLength <em>plus</em> the size of
363  * the setup packet (LIBUSB_CONTROL_SETUP_SIZE).
364  *
365  * If you use the helper functions, this is simplified for you:
366  * -# Allocate a buffer of size LIBUSB_CONTROL_SETUP_SIZE plus the size of the
367  * data you are sending/requesting.
368  * -# Call libusb_fill_control_setup() on the data buffer, using the transfer
369  * request size as the wLength value (i.e. do not include the extra space you
370  * allocated for the control setup).
371  * -# If this is a host-to-device transfer, place the data to be transferred
372  * in the data buffer, starting at offset LIBUSB_CONTROL_SETUP_SIZE.
373  * -# Call libusb_fill_control_transfer() to associate the data buffer with
374  * the transfer (and to set the remaining details such as callback and timeout).
375  *   - Note that there is no parameter to set the length field of the transfer.
376  *     The length is automatically inferred from the wLength field of the setup
377  *     packet.
378  * -# Submit the transfer.
379  *
380  * The multi-byte control setup fields (wValue, wIndex and wLength) must
381  * be given in little-endian byte order (the endianness of the USB bus).
382  * Endianness conversion is transparently handled by
383  * libusb_fill_control_setup() which is documented to accept host-endian
384  * values.
385  *
386  * Further considerations are needed when handling transfer completion in
387  * your callback function:
388  * - As you might expect, the setup packet will still be sitting at the start
389  * of the data buffer.
390  * - If this was a device-to-host transfer, the received data will be sitting
391  * at offset LIBUSB_CONTROL_SETUP_SIZE into the buffer.
392  * - The actual_length field of the transfer structure is relative to the
393  * wLength of the setup packet, rather than the size of the data buffer. So,
394  * if your wLength was 4, your transfer's <tt>length</tt> was 12, then you
395  * should expect an <tt>actual_length</tt> of 4 to indicate that the data was
396  * transferred in entirity.
397  *
398  * To simplify parsing of setup packets and obtaining the data from the
399  * correct offset, you may wish to use the libusb_control_transfer_get_data()
400  * and libusb_control_transfer_get_setup() functions within your transfer
401  * callback.
402  *
403  * Even though control endpoints do not halt, a completed control transfer
404  * may have a LIBUSB_TRANSFER_STALL status code. This indicates the control
405  * request was not supported.
406  *
407  * \section asyncintr Considerations for interrupt transfers
408  *
409  * All interrupt transfers are performed using the polling interval presented
410  * by the bInterval value of the endpoint descriptor.
411  *
412  * \section asynciso Considerations for isochronous transfers
413  *
414  * Isochronous transfers are more complicated than transfers to
415  * non-isochronous endpoints.
416  *
417  * To perform I/O to an isochronous endpoint, allocate the transfer by calling
418  * libusb_alloc_transfer() with an appropriate number of isochronous packets.
419  *
420  * During filling, set \ref libusb_transfer::type "type" to
421  * \ref libusb_transfer_type::LIBUSB_TRANSFER_TYPE_ISOCHRONOUS
422  * "LIBUSB_TRANSFER_TYPE_ISOCHRONOUS", and set
423  * \ref libusb_transfer::num_iso_packets "num_iso_packets" to a value less than
424  * or equal to the number of packets you requested during allocation.
425  * libusb_alloc_transfer() does not set either of these fields for you, given
426  * that you might not even use the transfer on an isochronous endpoint.
427  *
428  * Next, populate the length field for the first num_iso_packets entries in
429  * the \ref libusb_transfer::iso_packet_desc "iso_packet_desc" array. Section
430  * 5.6.3 of the USB2 specifications describe how the maximum isochronous
431  * packet length is determined by the wMaxPacketSize field in the endpoint
432  * descriptor.
433  * Two functions can help you here:
434  *
435  * - libusb_get_max_iso_packet_size() is an easy way to determine the max
436  *   packet size for an isochronous endpoint. Note that the maximum packet
437  *   size is actually the maximum number of bytes that can be transmitted in
438  *   a single microframe, therefore this function multiplies the maximum number
439  *   of bytes per transaction by the number of transaction opportunities per
440  *   microframe.
441  * - libusb_set_iso_packet_lengths() assigns the same length to all packets
442  *   within a transfer, which is usually what you want.
443  *
444  * For outgoing transfers, you'll obviously fill the buffer and populate the
445  * packet descriptors in hope that all the data gets transferred. For incoming
446  * transfers, you must ensure the buffer has sufficient capacity for
447  * the situation where all packets transfer the full amount of requested data.
448  *
449  * Completion handling requires some extra consideration. The
450  * \ref libusb_transfer::actual_length "actual_length" field of the transfer
451  * is meaningless and should not be examined; instead you must refer to the
452  * \ref libusb_iso_packet_descriptor::actual_length "actual_length" field of
453  * each individual packet.
454  *
455  * The \ref libusb_transfer::status "status" field of the transfer is also a
456  * little misleading:
457  *  - If the packets were submitted and the isochronous data microframes
458  *    completed normally, status will have value
459  *    \ref libusb_transfer_status::LIBUSB_TRANSFER_COMPLETED
460  *    "LIBUSB_TRANSFER_COMPLETED". Note that bus errors and software-incurred
461  *    delays are not counted as transfer errors; the transfer.status field may
462  *    indicate COMPLETED even if some or all of the packets failed. Refer to
463  *    the \ref libusb_iso_packet_descriptor::status "status" field of each
464  *    individual packet to determine packet failures.
465  *  - The status field will have value
466  *    \ref libusb_transfer_status::LIBUSB_TRANSFER_ERROR
467  *    "LIBUSB_TRANSFER_ERROR" only when serious errors were encountered.
468  *  - Other transfer status codes occur with normal behaviour.
469  *
470  * The data for each packet will be found at an offset into the buffer that
471  * can be calculated as if each prior packet completed in full. The
472  * libusb_get_iso_packet_buffer() and libusb_get_iso_packet_buffer_simple()
473  * functions may help you here.
474  *
475  * <b>Note</b>: Some operating systems (e.g. Linux) may impose limits on the
476  * length of individual isochronous packets and/or the total length of the
477  * isochronous transfer. Such limits can be difficult for libusb to detect,
478  * so the library will simply try and submit the transfer as set up by you.
479  * If the transfer fails to submit because it is too large,
480  * libusb_submit_transfer() will return
481  * \ref libusb_error::LIBUSB_ERROR_INVALID_PARAM "LIBUSB_ERROR_INVALID_PARAM".
482  *
483  * \section asyncmem Memory caveats
484  *
485  * In most circumstances, it is not safe to use stack memory for transfer
486  * buffers. This is because the function that fired off the asynchronous
487  * transfer may return before libusb has finished using the buffer, and when
488  * the function returns it's stack gets destroyed. This is true for both
489  * host-to-device and device-to-host transfers.
490  *
491  * The only case in which it is safe to use stack memory is where you can
492  * guarantee that the function owning the stack space for the buffer does not
493  * return until after the transfer's callback function has completed. In every
494  * other case, you need to use heap memory instead.
495  *
496  * \section asyncflags Fine control
497  *
498  * Through using this asynchronous interface, you may find yourself repeating
499  * a few simple operations many times. You can apply a bitwise OR of certain
500  * flags to a transfer to simplify certain things:
501  * - \ref libusb_transfer_flags::LIBUSB_TRANSFER_SHORT_NOT_OK
502  *   "LIBUSB_TRANSFER_SHORT_NOT_OK" results in transfers which transferred
503  *   less than the requested amount of data being marked with status
504  *   \ref libusb_transfer_status::LIBUSB_TRANSFER_ERROR "LIBUSB_TRANSFER_ERROR"
505  *   (they would normally be regarded as COMPLETED)
506  * - \ref libusb_transfer_flags::LIBUSB_TRANSFER_FREE_BUFFER
507  *   "LIBUSB_TRANSFER_FREE_BUFFER" allows you to ask libusb to free the transfer
508  *   buffer when freeing the transfer.
509  * - \ref libusb_transfer_flags::LIBUSB_TRANSFER_FREE_TRANSFER
510  *   "LIBUSB_TRANSFER_FREE_TRANSFER" causes libusb to automatically free the
511  *   transfer after the transfer callback returns.
512  *
513  * \section asyncevent Event handling
514  *
515  * An asynchronous model requires that libusb perform work at various
516  * points in time - namely processing the results of previously-submitted
517  * transfers and invoking the user-supplied callback function.
518  *
519  * This gives rise to the libusb_handle_events() function which your
520  * application must call into when libusb has work do to. This gives libusb
521  * the opportunity to reap pending transfers, invoke callbacks, etc.
522  *
523  * There are 2 different approaches to dealing with libusb_handle_events:
524  *
525  * -# Repeatedly call libusb_handle_events() in blocking mode from a dedicated
526  *    thread.
527  * -# Integrate libusb with your application's main event loop. libusb
528  *    exposes a set of file descriptors which allow you to do this.
529  *
530  * The first approach has the big advantage that it will also work on Windows
531  * were libusb' poll API for select / poll integration is not available. So
532  * if you want to support Windows and use the async API, you must use this
533  * approach, see the \ref eventthread "Using an event handling thread" section
534  * below for details.
535  *
536  * If you prefer a single threaded approach with a single central event loop,
537  * see the \ref libusb_poll "polling and timing" section for how to integrate libusb
538  * into your application's main event loop.
539  *
540  * \section eventthread Using an event handling thread
541  *
542  * Lets begin with stating the obvious: If you're going to use a separate
543  * thread for libusb event handling, your callback functions MUST be
544  * threadsafe.
545  *
546  * Other then that doing event handling from a separate thread, is mostly
547  * simple. You can use an event thread function as follows:
548 \code
549 void *event_thread_func(void *ctx)
550 {
551     while (event_thread_run)
552         libusb_handle_events(ctx);
553 
554     return NULL;
555 }
556 \endcode
557  *
558  * There is one caveat though, stopping this thread requires setting the
559  * event_thread_run variable to 0, and after that libusb_handle_events() needs
560  * to return control to event_thread_func. But unless some event happens,
561  * libusb_handle_events() will not return.
562  *
563  * There are 2 different ways of dealing with this, depending on if your
564  * application uses libusb' \ref libusb_hotplug "hotplug" support or not.
565  *
566  * Applications which do not use hotplug support, should not start the event
567  * thread until after their first call to libusb_open(), and should stop the
568  * thread when closing the last open device as follows:
569 \code
570 void my_close_handle(libusb_device_handle *dev_handle)
571 {
572     if (open_devs == 1)
573         event_thread_run = 0;
574 
575     libusb_close(dev_handle); // This wakes up libusb_handle_events()
576 
577     if (open_devs == 1)
578         pthread_join(event_thread);
579 
580     open_devs--;
581 }
582 \endcode
583  *
584  * Applications using hotplug support should start the thread at program init,
585  * after having successfully called libusb_hotplug_register_callback(), and
586  * should stop the thread at program exit as follows:
587 \code
588 void my_libusb_exit(void)
589 {
590     event_thread_run = 0;
591     libusb_hotplug_deregister_callback(ctx, hotplug_cb_handle); // This wakes up libusb_handle_events()
592     pthread_join(event_thread);
593     libusb_exit(ctx);
594 }
595 \endcode
596  */
597 
598 /**
599  * @defgroup libusb_poll Polling and timing
600  *
601  * This page documents libusb's functions for polling events and timing.
602  * These functions are only necessary for users of the
603  * \ref libusb_asyncio "asynchronous API". If you are only using the simpler
604  * \ref libusb_syncio "synchronous API" then you do not need to ever call these
605  * functions.
606  *
607  * The justification for the functionality described here has already been
608  * discussed in the \ref asyncevent "event handling" section of the
609  * asynchronous API documentation. In summary, libusb does not create internal
610  * threads for event processing and hence relies on your application calling
611  * into libusb at certain points in time so that pending events can be handled.
612  *
613  * Your main loop is probably already calling poll() or select() or a
614  * variant on a set of file descriptors for other event sources (e.g. keyboard
615  * button presses, mouse movements, network sockets, etc). You then add
616  * libusb's file descriptors to your poll()/select() calls, and when activity
617  * is detected on such descriptors you know it is time to call
618  * libusb_handle_events().
619  *
620  * There is one final event handling complication. libusb supports
621  * asynchronous transfers which time out after a specified time period.
622  *
623  * On some platforms a timerfd is used, so the timeout handling is just another
624  * fd, on other platforms this requires that libusb is called into at or after
625  * the timeout to handle it. So, in addition to considering libusb's file
626  * descriptors in your main event loop, you must also consider that libusb
627  * sometimes needs to be called into at fixed points in time even when there
628  * is no file descriptor activity, see \ref polltime details.
629  *
630  * In order to know precisely when libusb needs to be called into, libusb
631  * offers you a set of pollable file descriptors and information about when
632  * the next timeout expires.
633  *
634  * If you are using the asynchronous I/O API, you must take one of the two
635  * following options, otherwise your I/O will not complete.
636  *
637  * \section pollsimple The simple option
638  *
639  * If your application revolves solely around libusb and does not need to
640  * handle other event sources, you can have a program structure as follows:
641 \code
642 // initialize libusb
643 // find and open device
644 // maybe fire off some initial async I/O
645 
646 while (user_has_not_requested_exit)
647 	libusb_handle_events(ctx);
648 
649 // clean up and exit
650 \endcode
651  *
652  * With such a simple main loop, you do not have to worry about managing
653  * sets of file descriptors or handling timeouts. libusb_handle_events() will
654  * handle those details internally.
655  *
656  * \section libusb_pollmain The more advanced option
657  *
658  * \note This functionality is currently only available on Unix-like platforms.
659  * On Windows, libusb_get_pollfds() simply returns NULL. Applications which
660  * want to support Windows are advised to use an \ref eventthread
661  * "event handling thread" instead.
662  *
663  * In more advanced applications, you will already have a main loop which
664  * is monitoring other event sources: network sockets, X11 events, mouse
665  * movements, etc. Through exposing a set of file descriptors, libusb is
666  * designed to cleanly integrate into such main loops.
667  *
668  * In addition to polling file descriptors for the other event sources, you
669  * take a set of file descriptors from libusb and monitor those too. When you
670  * detect activity on libusb's file descriptors, you call
671  * libusb_handle_events_timeout() in non-blocking mode.
672  *
673  * What's more, libusb may also need to handle events at specific moments in
674  * time. No file descriptor activity is generated at these times, so your
675  * own application needs to be continually aware of when the next one of these
676  * moments occurs (through calling libusb_get_next_timeout()), and then it
677  * needs to call libusb_handle_events_timeout() in non-blocking mode when
678  * these moments occur. This means that you need to adjust your
679  * poll()/select() timeout accordingly.
680  *
681  * libusb provides you with a set of file descriptors to poll and expects you
682  * to poll all of them, treating them as a single entity. The meaning of each
683  * file descriptor in the set is an internal implementation detail,
684  * platform-dependent and may vary from release to release. Don't try and
685  * interpret the meaning of the file descriptors, just do as libusb indicates,
686  * polling all of them at once.
687  *
688  * In pseudo-code, you want something that looks like:
689 \code
690 // initialise libusb
691 
692 libusb_get_pollfds(ctx)
693 while (user has not requested application exit) {
694 	libusb_get_next_timeout(ctx);
695 	poll(on libusb file descriptors plus any other event sources of interest,
696 		using a timeout no larger than the value libusb just suggested)
697 	if (poll() indicated activity on libusb file descriptors)
698 		libusb_handle_events_timeout(ctx, &zero_tv);
699 	if (time has elapsed to or beyond the libusb timeout)
700 		libusb_handle_events_timeout(ctx, &zero_tv);
701 	// handle events from other sources here
702 }
703 
704 // clean up and exit
705 \endcode
706  *
707  * \subsection polltime Notes on time-based events
708  *
709  * The above complication with having to track time and call into libusb at
710  * specific moments is a bit of a headache. For maximum compatibility, you do
711  * need to write your main loop as above, but you may decide that you can
712  * restrict the supported platforms of your application and get away with
713  * a more simplistic scheme.
714  *
715  * These time-based event complications are \b not required on the following
716  * platforms:
717  *  - Darwin
718  *  - Linux, provided that the following version requirements are satisfied:
719  *   - Linux v2.6.27 or newer, compiled with timerfd support
720  *   - glibc v2.9 or newer
721  *   - libusb v1.0.5 or newer
722  *
723  * Under these configurations, libusb_get_next_timeout() will \em always return
724  * 0, so your main loop can be simplified to:
725 \code
726 // initialise libusb
727 
728 libusb_get_pollfds(ctx)
729 while (user has not requested application exit) {
730 	poll(on libusb file descriptors plus any other event sources of interest,
731 		using any timeout that you like)
732 	if (poll() indicated activity on libusb file descriptors)
733 		libusb_handle_events_timeout(ctx, &zero_tv);
734 	// handle events from other sources here
735 }
736 
737 // clean up and exit
738 \endcode
739  *
740  * Do remember that if you simplify your main loop to the above, you will
741  * lose compatibility with some platforms (including legacy Linux platforms,
742  * and <em>any future platforms supported by libusb which may have time-based
743  * event requirements</em>). The resultant problems will likely appear as
744  * strange bugs in your application.
745  *
746  * You can use the libusb_pollfds_handle_timeouts() function to do a runtime
747  * check to see if it is safe to ignore the time-based event complications.
748  * If your application has taken the shortcut of ignoring libusb's next timeout
749  * in your main loop, then you are advised to check the return value of
750  * libusb_pollfds_handle_timeouts() during application startup, and to abort
751  * if the platform does suffer from these timing complications.
752  *
753  * \subsection fdsetchange Changes in the file descriptor set
754  *
755  * The set of file descriptors that libusb uses as event sources may change
756  * during the life of your application. Rather than having to repeatedly
757  * call libusb_get_pollfds(), you can set up notification functions for when
758  * the file descriptor set changes using libusb_set_pollfd_notifiers().
759  *
760  * \subsection mtissues Multi-threaded considerations
761  *
762  * Unfortunately, the situation is complicated further when multiple threads
763  * come into play. If two threads are monitoring the same file descriptors,
764  * the fact that only one thread will be woken up when an event occurs causes
765  * some headaches.
766  *
767  * The events lock, event waiters lock, and libusb_handle_events_locked()
768  * entities are added to solve these problems. You do not need to be concerned
769  * with these entities otherwise.
770  *
771  * See the extra documentation: \ref libusb_mtasync
772  */
773 
774 /** \page libusb_mtasync Multi-threaded applications and asynchronous I/O
775  *
776  * libusb is a thread-safe library, but extra considerations must be applied
777  * to applications which interact with libusb from multiple threads.
778  *
779  * The underlying issue that must be addressed is that all libusb I/O
780  * revolves around monitoring file descriptors through the poll()/select()
781  * system calls. This is directly exposed at the
782  * \ref libusb_asyncio "asynchronous interface" but it is important to note that the
783  * \ref libusb_syncio "synchronous interface" is implemented on top of the
784  * asynchonrous interface, therefore the same considerations apply.
785  *
786  * The issue is that if two or more threads are concurrently calling poll()
787  * or select() on libusb's file descriptors then only one of those threads
788  * will be woken up when an event arrives. The others will be completely
789  * oblivious that anything has happened.
790  *
791  * Consider the following pseudo-code, which submits an asynchronous transfer
792  * then waits for its completion. This style is one way you could implement a
793  * synchronous interface on top of the asynchronous interface (and libusb
794  * does something similar, albeit more advanced due to the complications
795  * explained on this page).
796  *
797 \code
798 void cb(struct libusb_transfer *transfer)
799 {
800 	int *completed = transfer->user_data;
801 	*completed = 1;
802 }
803 
804 void myfunc() {
805 	struct libusb_transfer *transfer;
806 	unsigned char buffer[LIBUSB_CONTROL_SETUP_SIZE] __attribute__ ((aligned (2)));
807 	int completed = 0;
808 
809 	transfer = libusb_alloc_transfer(0);
810 	libusb_fill_control_setup(buffer,
811 		LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_ENDPOINT_OUT, 0x04, 0x01, 0, 0);
812 	libusb_fill_control_transfer(transfer, dev, buffer, cb, &completed, 1000);
813 	libusb_submit_transfer(transfer);
814 
815 	while (!completed) {
816 		poll(libusb file descriptors, 120*1000);
817 		if (poll indicates activity)
818 			libusb_handle_events_timeout(ctx, &zero_tv);
819 	}
820 	printf("completed!");
821 	// other code here
822 }
823 \endcode
824  *
825  * Here we are <em>serializing</em> completion of an asynchronous event
826  * against a condition - the condition being completion of a specific transfer.
827  * The poll() loop has a long timeout to minimize CPU usage during situations
828  * when nothing is happening (it could reasonably be unlimited).
829  *
830  * If this is the only thread that is polling libusb's file descriptors, there
831  * is no problem: there is no danger that another thread will swallow up the
832  * event that we are interested in. On the other hand, if there is another
833  * thread polling the same descriptors, there is a chance that it will receive
834  * the event that we were interested in. In this situation, <tt>myfunc()</tt>
835  * will only realise that the transfer has completed on the next iteration of
836  * the loop, <em>up to 120 seconds later.</em> Clearly a two-minute delay is
837  * undesirable, and don't even think about using short timeouts to circumvent
838  * this issue!
839  *
840  * The solution here is to ensure that no two threads are ever polling the
841  * file descriptors at the same time. A naive implementation of this would
842  * impact the capabilities of the library, so libusb offers the scheme
843  * documented below to ensure no loss of functionality.
844  *
845  * Before we go any further, it is worth mentioning that all libusb-wrapped
846  * event handling procedures fully adhere to the scheme documented below.
847  * This includes libusb_handle_events() and its variants, and all the
848  * synchronous I/O functions - libusb hides this headache from you.
849  *
850  * \section Using libusb_handle_events() from multiple threads
851  *
852  * Even when only using libusb_handle_events() and synchronous I/O functions,
853  * you can still have a race condition. You might be tempted to solve the
854  * above with libusb_handle_events() like so:
855  *
856 \code
857 	libusb_submit_transfer(transfer);
858 
859 	while (!completed) {
860 		libusb_handle_events(ctx);
861 	}
862 	printf("completed!");
863 \endcode
864  *
865  * This however has a race between the checking of completed and
866  * libusb_handle_events() acquiring the events lock, so another thread
867  * could have completed the transfer, resulting in this thread hanging
868  * until either a timeout or another event occurs. See also commit
869  * 6696512aade99bb15d6792af90ae329af270eba6 which fixes this in the
870  * synchronous API implementation of libusb.
871  *
872  * Fixing this race requires checking the variable completed only after
873  * taking the event lock, which defeats the concept of just calling
874  * libusb_handle_events() without worrying about locking. This is why
875  * libusb-1.0.9 introduces the new libusb_handle_events_timeout_completed()
876  * and libusb_handle_events_completed() functions, which handles doing the
877  * completion check for you after they have acquired the lock:
878  *
879 \code
880 	libusb_submit_transfer(transfer);
881 
882 	while (!completed) {
883 		libusb_handle_events_completed(ctx, &completed);
884 	}
885 	printf("completed!");
886 \endcode
887  *
888  * This nicely fixes the race in our example. Note that if all you want to
889  * do is submit a single transfer and wait for its completion, then using
890  * one of the synchronous I/O functions is much easier.
891  *
892  * \section eventlock The events lock
893  *
894  * The problem is when we consider the fact that libusb exposes file
895  * descriptors to allow for you to integrate asynchronous USB I/O into
896  * existing main loops, effectively allowing you to do some work behind
897  * libusb's back. If you do take libusb's file descriptors and pass them to
898  * poll()/select() yourself, you need to be aware of the associated issues.
899  *
900  * The first concept to be introduced is the events lock. The events lock
901  * is used to serialize threads that want to handle events, such that only
902  * one thread is handling events at any one time.
903  *
904  * You must take the events lock before polling libusb file descriptors,
905  * using libusb_lock_events(). You must release the lock as soon as you have
906  * aborted your poll()/select() loop, using libusb_unlock_events().
907  *
908  * \section threadwait Letting other threads do the work for you
909  *
910  * Although the events lock is a critical part of the solution, it is not
911  * enough on it's own. You might wonder if the following is sufficient...
912 \code
913 	libusb_lock_events(ctx);
914 	while (!completed) {
915 		poll(libusb file descriptors, 120*1000);
916 		if (poll indicates activity)
917 			libusb_handle_events_timeout(ctx, &zero_tv);
918 	}
919 	libusb_unlock_events(ctx);
920 \endcode
921  * ...and the answer is that it is not. This is because the transfer in the
922  * code shown above may take a long time (say 30 seconds) to complete, and
923  * the lock is not released until the transfer is completed.
924  *
925  * Another thread with similar code that wants to do event handling may be
926  * working with a transfer that completes after a few milliseconds. Despite
927  * having such a quick completion time, the other thread cannot check that
928  * status of its transfer until the code above has finished (30 seconds later)
929  * due to contention on the lock.
930  *
931  * To solve this, libusb offers you a mechanism to determine when another
932  * thread is handling events. It also offers a mechanism to block your thread
933  * until the event handling thread has completed an event (and this mechanism
934  * does not involve polling of file descriptors).
935  *
936  * After determining that another thread is currently handling events, you
937  * obtain the <em>event waiters</em> lock using libusb_lock_event_waiters().
938  * You then re-check that some other thread is still handling events, and if
939  * so, you call libusb_wait_for_event().
940  *
941  * libusb_wait_for_event() puts your application to sleep until an event
942  * occurs, or until a thread releases the events lock. When either of these
943  * things happen, your thread is woken up, and should re-check the condition
944  * it was waiting on. It should also re-check that another thread is handling
945  * events, and if not, it should start handling events itself.
946  *
947  * This looks like the following, as pseudo-code:
948 \code
949 retry:
950 if (libusb_try_lock_events(ctx) == 0) {
951 	// we obtained the event lock: do our own event handling
952 	while (!completed) {
953 		if (!libusb_event_handling_ok(ctx)) {
954 			libusb_unlock_events(ctx);
955 			goto retry;
956 		}
957 		poll(libusb file descriptors, 120*1000);
958 		if (poll indicates activity)
959 			libusb_handle_events_locked(ctx, 0);
960 	}
961 	libusb_unlock_events(ctx);
962 } else {
963 	// another thread is doing event handling. wait for it to signal us that
964 	// an event has completed
965 	libusb_lock_event_waiters(ctx);
966 
967 	while (!completed) {
968 		// now that we have the event waiters lock, double check that another
969 		// thread is still handling events for us. (it may have ceased handling
970 		// events in the time it took us to reach this point)
971 		if (!libusb_event_handler_active(ctx)) {
972 			// whoever was handling events is no longer doing so, try again
973 			libusb_unlock_event_waiters(ctx);
974 			goto retry;
975 		}
976 
977 		libusb_wait_for_event(ctx, NULL);
978 	}
979 	libusb_unlock_event_waiters(ctx);
980 }
981 printf("completed!\n");
982 \endcode
983  *
984  * A naive look at the above code may suggest that this can only support
985  * one event waiter (hence a total of 2 competing threads, the other doing
986  * event handling), because the event waiter seems to have taken the event
987  * waiters lock while waiting for an event. However, the system does support
988  * multiple event waiters, because libusb_wait_for_event() actually drops
989  * the lock while waiting, and reaquires it before continuing.
990  *
991  * We have now implemented code which can dynamically handle situations where
992  * nobody is handling events (so we should do it ourselves), and it can also
993  * handle situations where another thread is doing event handling (so we can
994  * piggyback onto them). It is also equipped to handle a combination of
995  * the two, for example, another thread is doing event handling, but for
996  * whatever reason it stops doing so before our condition is met, so we take
997  * over the event handling.
998  *
999  * Four functions were introduced in the above pseudo-code. Their importance
1000  * should be apparent from the code shown above.
1001  * -# libusb_try_lock_events() is a non-blocking function which attempts
1002  *    to acquire the events lock but returns a failure code if it is contended.
1003  * -# libusb_event_handling_ok() checks that libusb is still happy for your
1004  *    thread to be performing event handling. Sometimes, libusb needs to
1005  *    interrupt the event handler, and this is how you can check if you have
1006  *    been interrupted. If this function returns 0, the correct behaviour is
1007  *    for you to give up the event handling lock, and then to repeat the cycle.
1008  *    The following libusb_try_lock_events() will fail, so you will become an
1009  *    events waiter. For more information on this, read \ref fullstory below.
1010  * -# libusb_handle_events_locked() is a variant of
1011  *    libusb_handle_events_timeout() that you can call while holding the
1012  *    events lock. libusb_handle_events_timeout() itself implements similar
1013  *    logic to the above, so be sure not to call it when you are
1014  *    "working behind libusb's back", as is the case here.
1015  * -# libusb_event_handler_active() determines if someone is currently
1016  *    holding the events lock
1017  *
1018  * You might be wondering why there is no function to wake up all threads
1019  * blocked on libusb_wait_for_event(). This is because libusb can do this
1020  * internally: it will wake up all such threads when someone calls
1021  * libusb_unlock_events() or when a transfer completes (at the point after its
1022  * callback has returned).
1023  *
1024  * \subsection fullstory The full story
1025  *
1026  * The above explanation should be enough to get you going, but if you're
1027  * really thinking through the issues then you may be left with some more
1028  * questions regarding libusb's internals. If you're curious, read on, and if
1029  * not, skip to the next section to avoid confusing yourself!
1030  *
1031  * The immediate question that may spring to mind is: what if one thread
1032  * modifies the set of file descriptors that need to be polled while another
1033  * thread is doing event handling?
1034  *
1035  * There are 2 situations in which this may happen.
1036  * -# libusb_open() will add another file descriptor to the poll set,
1037  *    therefore it is desirable to interrupt the event handler so that it
1038  *    restarts, picking up the new descriptor.
1039  * -# libusb_close() will remove a file descriptor from the poll set. There
1040  *    are all kinds of race conditions that could arise here, so it is
1041  *    important that nobody is doing event handling at this time.
1042  *
1043  * libusb handles these issues internally, so application developers do not
1044  * have to stop their event handlers while opening/closing devices. Here's how
1045  * it works, focusing on the libusb_close() situation first:
1046  *
1047  * -# During initialization, libusb opens an internal pipe, and it adds the read
1048  *    end of this pipe to the set of file descriptors to be polled.
1049  * -# During libusb_close(), libusb writes some dummy data on this event pipe.
1050  *    This immediately interrupts the event handler. libusb also records
1051  *    internally that it is trying to interrupt event handlers for this
1052  *    high-priority event.
1053  * -# At this point, some of the functions described above start behaving
1054  *    differently:
1055  *   - libusb_event_handling_ok() starts returning 1, indicating that it is NOT
1056  *     OK for event handling to continue.
1057  *   - libusb_try_lock_events() starts returning 1, indicating that another
1058  *     thread holds the event handling lock, even if the lock is uncontended.
1059  *   - libusb_event_handler_active() starts returning 1, indicating that
1060  *     another thread is doing event handling, even if that is not true.
1061  * -# The above changes in behaviour result in the event handler stopping and
1062  *    giving up the events lock very quickly, giving the high-priority
1063  *    libusb_close() operation a "free ride" to acquire the events lock. All
1064  *    threads that are competing to do event handling become event waiters.
1065  * -# With the events lock held inside libusb_close(), libusb can safely remove
1066  *    a file descriptor from the poll set, in the safety of knowledge that
1067  *    nobody is polling those descriptors or trying to access the poll set.
1068  * -# After obtaining the events lock, the close operation completes very
1069  *    quickly (usually a matter of milliseconds) and then immediately releases
1070  *    the events lock.
1071  * -# At the same time, the behaviour of libusb_event_handling_ok() and friends
1072  *    reverts to the original, documented behaviour.
1073  * -# The release of the events lock causes the threads that are waiting for
1074  *    events to be woken up and to start competing to become event handlers
1075  *    again. One of them will succeed; it will then re-obtain the list of poll
1076  *    descriptors, and USB I/O will then continue as normal.
1077  *
1078  * libusb_open() is similar, and is actually a more simplistic case. Upon a
1079  * call to libusb_open():
1080  *
1081  * -# The device is opened and a file descriptor is added to the poll set.
1082  * -# libusb sends some dummy data on the event pipe, and records that it
1083  *    is trying to modify the poll descriptor set.
1084  * -# The event handler is interrupted, and the same behaviour change as for
1085  *    libusb_close() takes effect, causing all event handling threads to become
1086  *    event waiters.
1087  * -# The libusb_open() implementation takes its free ride to the events lock.
1088  * -# Happy that it has successfully paused the events handler, libusb_open()
1089  *    releases the events lock.
1090  * -# The event waiter threads are all woken up and compete to become event
1091  *    handlers again. The one that succeeds will obtain the list of poll
1092  *    descriptors again, which will include the addition of the new device.
1093  *
1094  * \subsection concl Closing remarks
1095  *
1096  * The above may seem a little complicated, but hopefully I have made it clear
1097  * why such complications are necessary. Also, do not forget that this only
1098  * applies to applications that take libusb's file descriptors and integrate
1099  * them into their own polling loops.
1100  *
1101  * You may decide that it is OK for your multi-threaded application to ignore
1102  * some of the rules and locks detailed above, because you don't think that
1103  * two threads can ever be polling the descriptors at the same time. If that
1104  * is the case, then that's good news for you because you don't have to worry.
1105  * But be careful here; remember that the synchronous I/O functions do event
1106  * handling internally. If you have one thread doing event handling in a loop
1107  * (without implementing the rules and locking semantics documented above)
1108  * and another trying to send a synchronous USB transfer, you will end up with
1109  * two threads monitoring the same descriptors, and the above-described
1110  * undesirable behaviour occurring. The solution is for your polling thread to
1111  * play by the rules; the synchronous I/O functions do so, and this will result
1112  * in them getting along in perfect harmony.
1113  *
1114  * If you do have a dedicated thread doing event handling, it is perfectly
1115  * legal for it to take the event handling lock for long periods of time. Any
1116  * synchronous I/O functions you call from other threads will transparently
1117  * fall back to the "event waiters" mechanism detailed above. The only
1118  * consideration that your event handling thread must apply is the one related
1119  * to libusb_event_handling_ok(): you must call this before every poll(), and
1120  * give up the events lock if instructed.
1121  */
1122 
usbi_io_init(struct libusb_context * ctx)1123 int usbi_io_init(struct libusb_context *ctx)
1124 {
1125 	int r;
1126 
1127 	usbi_mutex_init(&ctx->flying_transfers_lock);
1128 	usbi_mutex_init(&ctx->events_lock);
1129 	usbi_mutex_init(&ctx->event_waiters_lock);
1130 	usbi_cond_init(&ctx->event_waiters_cond);
1131 	usbi_mutex_init(&ctx->event_data_lock);
1132 	usbi_tls_key_create(&ctx->event_handling_key);
1133 	list_init(&ctx->flying_transfers);
1134 	list_init(&ctx->ipollfds);
1135 	list_init(&ctx->hotplug_msgs);
1136 	list_init(&ctx->completed_transfers);
1137 
1138 	/* FIXME should use an eventfd on kernels that support it */
1139 	r = usbi_pipe(ctx->event_pipe);
1140 	if (r < 0) {
1141 		r = LIBUSB_ERROR_OTHER;
1142 		goto err;
1143 	}
1144 
1145 	r = usbi_add_pollfd(ctx, ctx->event_pipe[0], POLLIN);
1146 	if (r < 0)
1147 		goto err_close_pipe;
1148 
1149 #ifdef USBI_TIMERFD_AVAILABLE
1150 	ctx->timerfd = timerfd_create(usbi_backend->get_timerfd_clockid(),
1151 		TFD_NONBLOCK);
1152 	if (ctx->timerfd >= 0) {
1153 		usbi_dbg("using timerfd for timeouts");
1154 		r = usbi_add_pollfd(ctx, ctx->timerfd, POLLIN);
1155 		if (r < 0)
1156 			goto err_close_timerfd;
1157 	} else {
1158 		usbi_dbg("timerfd not available (code %d error %d)", ctx->timerfd, errno);
1159 		ctx->timerfd = -1;
1160 	}
1161 #endif
1162 
1163 	return 0;
1164 
1165 #ifdef USBI_TIMERFD_AVAILABLE
1166 err_close_timerfd:
1167 	close(ctx->timerfd);
1168 	usbi_remove_pollfd(ctx, ctx->event_pipe[0]);
1169 #endif
1170 err_close_pipe:
1171 	usbi_close(ctx->event_pipe[0]);
1172 	usbi_close(ctx->event_pipe[1]);
1173 err:
1174 	usbi_mutex_destroy(&ctx->flying_transfers_lock);
1175 	usbi_mutex_destroy(&ctx->events_lock);
1176 	usbi_mutex_destroy(&ctx->event_waiters_lock);
1177 	usbi_cond_destroy(&ctx->event_waiters_cond);
1178 	usbi_mutex_destroy(&ctx->event_data_lock);
1179 	usbi_tls_key_delete(ctx->event_handling_key);
1180 	return r;
1181 }
1182 
usbi_io_exit(struct libusb_context * ctx)1183 void usbi_io_exit(struct libusb_context *ctx)
1184 {
1185 	usbi_remove_pollfd(ctx, ctx->event_pipe[0]);
1186 	usbi_close(ctx->event_pipe[0]);
1187 	usbi_close(ctx->event_pipe[1]);
1188 #ifdef USBI_TIMERFD_AVAILABLE
1189 	if (usbi_using_timerfd(ctx)) {
1190 		usbi_remove_pollfd(ctx, ctx->timerfd);
1191 		close(ctx->timerfd);
1192 	}
1193 #endif
1194 	usbi_mutex_destroy(&ctx->flying_transfers_lock);
1195 	usbi_mutex_destroy(&ctx->events_lock);
1196 	usbi_mutex_destroy(&ctx->event_waiters_lock);
1197 	usbi_cond_destroy(&ctx->event_waiters_cond);
1198 	usbi_mutex_destroy(&ctx->event_data_lock);
1199 	usbi_tls_key_delete(ctx->event_handling_key);
1200 	if (ctx->pollfds)
1201 		free(ctx->pollfds);
1202 }
1203 
calculate_timeout(struct usbi_transfer * transfer)1204 static int calculate_timeout(struct usbi_transfer *transfer)
1205 {
1206 	int r;
1207 	struct timespec current_time;
1208 	unsigned int timeout =
1209 		USBI_TRANSFER_TO_LIBUSB_TRANSFER(transfer)->timeout;
1210 
1211 	if (!timeout)
1212 		return 0;
1213 
1214 	r = usbi_backend->clock_gettime(USBI_CLOCK_MONOTONIC, &current_time);
1215 	if (r < 0) {
1216 		usbi_err(ITRANSFER_CTX(transfer),
1217 			"failed to read monotonic clock, errno=%d", errno);
1218 		return r;
1219 	}
1220 
1221 	current_time.tv_sec += timeout / 1000;
1222 	current_time.tv_nsec += (timeout % 1000) * 1000000;
1223 
1224 	while (current_time.tv_nsec >= 1000000000) {
1225 		current_time.tv_nsec -= 1000000000;
1226 		current_time.tv_sec++;
1227 	}
1228 
1229 	TIMESPEC_TO_TIMEVAL(&transfer->timeout, &current_time);
1230 	return 0;
1231 }
1232 
1233 /** \ingroup libusb_asyncio
1234  * Allocate a libusb transfer with a specified number of isochronous packet
1235  * descriptors. The returned transfer is pre-initialized for you. When the new
1236  * transfer is no longer needed, it should be freed with
1237  * libusb_free_transfer().
1238  *
1239  * Transfers intended for non-isochronous endpoints (e.g. control, bulk,
1240  * interrupt) should specify an iso_packets count of zero.
1241  *
1242  * For transfers intended for isochronous endpoints, specify an appropriate
1243  * number of packet descriptors to be allocated as part of the transfer.
1244  * The returned transfer is not specially initialized for isochronous I/O;
1245  * you are still required to set the
1246  * \ref libusb_transfer::num_iso_packets "num_iso_packets" and
1247  * \ref libusb_transfer::type "type" fields accordingly.
1248  *
1249  * It is safe to allocate a transfer with some isochronous packets and then
1250  * use it on a non-isochronous endpoint. If you do this, ensure that at time
1251  * of submission, num_iso_packets is 0 and that type is set appropriately.
1252  *
1253  * \param iso_packets number of isochronous packet descriptors to allocate
1254  * \returns a newly allocated transfer, or NULL on error
1255  */
1256 DEFAULT_VISIBILITY
libusb_alloc_transfer(int iso_packets)1257 struct libusb_transfer * LIBUSB_CALL libusb_alloc_transfer(
1258 	int iso_packets)
1259 {
1260 	struct libusb_transfer *transfer;
1261 	size_t os_alloc_size = usbi_backend->transfer_priv_size;
1262 	size_t alloc_size = sizeof(struct usbi_transfer)
1263 		+ sizeof(struct libusb_transfer)
1264 		+ (sizeof(struct libusb_iso_packet_descriptor) * iso_packets)
1265 		+ os_alloc_size;
1266 	struct usbi_transfer *itransfer = calloc(1, alloc_size);
1267 	if (!itransfer)
1268 		return NULL;
1269 
1270 	itransfer->num_iso_packets = iso_packets;
1271 	usbi_mutex_init(&itransfer->lock);
1272 	transfer = USBI_TRANSFER_TO_LIBUSB_TRANSFER(itransfer);
1273 	usbi_dbg("transfer %p", transfer);
1274 	return transfer;
1275 }
1276 
1277 /** \ingroup libusb_asyncio
1278  * Free a transfer structure. This should be called for all transfers
1279  * allocated with libusb_alloc_transfer().
1280  *
1281  * If the \ref libusb_transfer_flags::LIBUSB_TRANSFER_FREE_BUFFER
1282  * "LIBUSB_TRANSFER_FREE_BUFFER" flag is set and the transfer buffer is
1283  * non-NULL, this function will also free the transfer buffer using the
1284  * standard system memory allocator (e.g. free()).
1285  *
1286  * It is legal to call this function with a NULL transfer. In this case,
1287  * the function will simply return safely.
1288  *
1289  * It is not legal to free an active transfer (one which has been submitted
1290  * and has not yet completed).
1291  *
1292  * \param transfer the transfer to free
1293  */
libusb_free_transfer(struct libusb_transfer * transfer)1294 void API_EXPORTED libusb_free_transfer(struct libusb_transfer *transfer)
1295 {
1296 	struct usbi_transfer *itransfer;
1297 	if (!transfer)
1298 		return;
1299 
1300 	usbi_dbg("transfer %p", transfer);
1301 	if (transfer->flags & LIBUSB_TRANSFER_FREE_BUFFER && transfer->buffer)
1302 		free(transfer->buffer);
1303 
1304 	itransfer = LIBUSB_TRANSFER_TO_USBI_TRANSFER(transfer);
1305 	usbi_mutex_destroy(&itransfer->lock);
1306 	free(itransfer);
1307 }
1308 
1309 #ifdef USBI_TIMERFD_AVAILABLE
disarm_timerfd(struct libusb_context * ctx)1310 static int disarm_timerfd(struct libusb_context *ctx)
1311 {
1312 	const struct itimerspec disarm_timer = { { 0, 0 }, { 0, 0 } };
1313 	int r;
1314 
1315 	usbi_dbg("");
1316 	r = timerfd_settime(ctx->timerfd, 0, &disarm_timer, NULL);
1317 	if (r < 0)
1318 		return LIBUSB_ERROR_OTHER;
1319 	else
1320 		return 0;
1321 }
1322 
1323 /* iterates through the flying transfers, and rearms the timerfd based on the
1324  * next upcoming timeout.
1325  * must be called with flying_list locked.
1326  * returns 0 on success or a LIBUSB_ERROR code on failure.
1327  */
arm_timerfd_for_next_timeout(struct libusb_context * ctx)1328 static int arm_timerfd_for_next_timeout(struct libusb_context *ctx)
1329 {
1330 	struct usbi_transfer *transfer;
1331 
1332 	list_for_each_entry(transfer, &ctx->flying_transfers, list, struct usbi_transfer) {
1333 		struct timeval *cur_tv = &transfer->timeout;
1334 
1335 		/* if we've reached transfers of infinite timeout, then we have no
1336 		 * arming to do */
1337 		if (!timerisset(cur_tv))
1338 			goto disarm;
1339 
1340 		/* act on first transfer that has not already been handled */
1341 		if (!(transfer->timeout_flags & (USBI_TRANSFER_TIMEOUT_HANDLED | USBI_TRANSFER_OS_HANDLES_TIMEOUT))) {
1342 			int r;
1343 			const struct itimerspec it = { {0, 0},
1344 				{ cur_tv->tv_sec, cur_tv->tv_usec * 1000 } };
1345 			usbi_dbg("next timeout originally %dms", USBI_TRANSFER_TO_LIBUSB_TRANSFER(transfer)->timeout);
1346 			r = timerfd_settime(ctx->timerfd, TFD_TIMER_ABSTIME, &it, NULL);
1347 			if (r < 0)
1348 				return LIBUSB_ERROR_OTHER;
1349 			return 0;
1350 		}
1351 	}
1352 
1353 disarm:
1354 	return disarm_timerfd(ctx);
1355 }
1356 #else
arm_timerfd_for_next_timeout(struct libusb_context * ctx)1357 static int arm_timerfd_for_next_timeout(struct libusb_context *ctx)
1358 {
1359 	UNUSED(ctx);
1360 	return 0;
1361 }
1362 #endif
1363 
1364 /* add a transfer to the (timeout-sorted) active transfers list.
1365  * This function will return non 0 if fails to update the timer,
1366  * in which case the transfer is *not* on the flying_transfers list. */
add_to_flying_list(struct usbi_transfer * transfer)1367 static int add_to_flying_list(struct usbi_transfer *transfer)
1368 {
1369 	struct usbi_transfer *cur;
1370 	struct timeval *timeout = &transfer->timeout;
1371 	struct libusb_context *ctx = ITRANSFER_CTX(transfer);
1372 	int r;
1373 	int first = 1;
1374 
1375 	r = calculate_timeout(transfer);
1376 	if (r)
1377 		return r;
1378 
1379 	/* if we have no other flying transfers, start the list with this one */
1380 	if (list_empty(&ctx->flying_transfers)) {
1381 		list_add(&transfer->list, &ctx->flying_transfers);
1382 		goto out;
1383 	}
1384 
1385 	/* if we have infinite timeout, append to end of list */
1386 	if (!timerisset(timeout)) {
1387 		list_add_tail(&transfer->list, &ctx->flying_transfers);
1388 		/* first is irrelevant in this case */
1389 		goto out;
1390 	}
1391 
1392 	/* otherwise, find appropriate place in list */
1393 	list_for_each_entry(cur, &ctx->flying_transfers, list, struct usbi_transfer) {
1394 		/* find first timeout that occurs after the transfer in question */
1395 		struct timeval *cur_tv = &cur->timeout;
1396 
1397 		if (!timerisset(cur_tv) || (cur_tv->tv_sec > timeout->tv_sec) ||
1398 				(cur_tv->tv_sec == timeout->tv_sec &&
1399 					cur_tv->tv_usec > timeout->tv_usec)) {
1400 			list_add_tail(&transfer->list, &cur->list);
1401 			goto out;
1402 		}
1403 		first = 0;
1404 	}
1405 	/* first is 0 at this stage (list not empty) */
1406 
1407 	/* otherwise we need to be inserted at the end */
1408 	list_add_tail(&transfer->list, &ctx->flying_transfers);
1409 out:
1410 #ifdef USBI_TIMERFD_AVAILABLE
1411 	if (first && usbi_using_timerfd(ctx) && timerisset(timeout)) {
1412 		/* if this transfer has the lowest timeout of all active transfers,
1413 		 * rearm the timerfd with this transfer's timeout */
1414 		const struct itimerspec it = { {0, 0},
1415 			{ timeout->tv_sec, timeout->tv_usec * 1000 } };
1416 		usbi_dbg("arm timerfd for timeout in %dms (first in line)",
1417 			USBI_TRANSFER_TO_LIBUSB_TRANSFER(transfer)->timeout);
1418 		r = timerfd_settime(ctx->timerfd, TFD_TIMER_ABSTIME, &it, NULL);
1419 		if (r < 0) {
1420 			usbi_warn(ctx, "failed to arm first timerfd (errno %d)", errno);
1421 			r = LIBUSB_ERROR_OTHER;
1422 		}
1423 	}
1424 #else
1425 	UNUSED(first);
1426 #endif
1427 
1428 	if (r)
1429 		list_del(&transfer->list);
1430 
1431 	return r;
1432 }
1433 
1434 /* remove a transfer from the active transfers list.
1435  * This function will *always* remove the transfer from the
1436  * flying_transfers list. It will return a LIBUSB_ERROR code
1437  * if it fails to update the timer for the next timeout. */
remove_from_flying_list(struct usbi_transfer * transfer)1438 static int remove_from_flying_list(struct usbi_transfer *transfer)
1439 {
1440 	struct libusb_context *ctx = ITRANSFER_CTX(transfer);
1441 	int rearm_timerfd;
1442 	int r = 0;
1443 
1444 	usbi_mutex_lock(&ctx->flying_transfers_lock);
1445 	rearm_timerfd = (timerisset(&transfer->timeout) &&
1446 		list_first_entry(&ctx->flying_transfers, struct usbi_transfer, list) == transfer);
1447 	list_del(&transfer->list);
1448 	if (usbi_using_timerfd(ctx) && rearm_timerfd)
1449 		r = arm_timerfd_for_next_timeout(ctx);
1450 	usbi_mutex_unlock(&ctx->flying_transfers_lock);
1451 
1452 	return r;
1453 }
1454 
1455 /** \ingroup libusb_asyncio
1456  * Submit a transfer. This function will fire off the USB transfer and then
1457  * return immediately.
1458  *
1459  * \param transfer the transfer to submit
1460  * \returns 0 on success
1461  * \returns LIBUSB_ERROR_NO_DEVICE if the device has been disconnected
1462  * \returns LIBUSB_ERROR_BUSY if the transfer has already been submitted.
1463  * \returns LIBUSB_ERROR_NOT_SUPPORTED if the transfer flags are not supported
1464  * by the operating system.
1465  * \returns LIBUSB_ERROR_INVALID_PARAM if the transfer size is larger than
1466  * the operating system and/or hardware can support
1467  * \returns another LIBUSB_ERROR code on other failure
1468  */
libusb_submit_transfer(struct libusb_transfer * transfer)1469 int API_EXPORTED libusb_submit_transfer(struct libusb_transfer *transfer)
1470 {
1471 	struct usbi_transfer *itransfer =
1472 		LIBUSB_TRANSFER_TO_USBI_TRANSFER(transfer);
1473 	struct libusb_context *ctx = TRANSFER_CTX(transfer);
1474 	int r;
1475 
1476 	usbi_dbg("transfer %p", transfer);
1477 
1478 	/*
1479 	 * Important note on locking, this function takes / releases locks
1480 	 * in the following order:
1481 	 *  take flying_transfers_lock
1482 	 *  take itransfer->lock
1483 	 *  clear transfer
1484 	 *  add to flying_transfers list
1485 	 *  release flying_transfers_lock
1486 	 *  submit transfer
1487 	 *  release itransfer->lock
1488 	 *  if submit failed:
1489 	 *   take flying_transfers_lock
1490 	 *   remove from flying_transfers list
1491 	 *   release flying_transfers_lock
1492 	 *
1493 	 * Note that it takes locks in the order a-b and then releases them
1494 	 * in the same order a-b. This is somewhat unusual but not wrong,
1495 	 * release order is not important as long as *all* locks are released
1496 	 * before re-acquiring any locks.
1497 	 *
1498 	 * This means that the ordering of first releasing itransfer->lock
1499 	 * and then re-acquiring the flying_transfers_list on error is
1500 	 * important and must not be changed!
1501 	 *
1502 	 * This is done this way because when we take both locks we must always
1503 	 * take flying_transfers_lock first to avoid ab-ba style deadlocks with
1504 	 * the timeout handling and usbi_handle_disconnect paths.
1505 	 *
1506 	 * And we cannot release itransfer->lock before the submission is
1507 	 * complete otherwise timeout handling for transfers with short
1508 	 * timeouts may run before submission.
1509 	 */
1510 	usbi_mutex_lock(&ctx->flying_transfers_lock);
1511 	usbi_mutex_lock(&itransfer->lock);
1512 	if (itransfer->state_flags & USBI_TRANSFER_IN_FLIGHT) {
1513 		usbi_mutex_unlock(&ctx->flying_transfers_lock);
1514 		usbi_mutex_unlock(&itransfer->lock);
1515 		return LIBUSB_ERROR_BUSY;
1516 	}
1517 	itransfer->transferred = 0;
1518 	itransfer->state_flags = 0;
1519 	itransfer->timeout_flags = 0;
1520 	r = add_to_flying_list(itransfer);
1521 	if (r) {
1522 		usbi_mutex_unlock(&ctx->flying_transfers_lock);
1523 		usbi_mutex_unlock(&itransfer->lock);
1524 		return r;
1525 	}
1526 	/*
1527 	 * We must release the flying transfers lock here, because with
1528 	 * some backends the submit_transfer method is synchroneous.
1529 	 */
1530 	usbi_mutex_unlock(&ctx->flying_transfers_lock);
1531 
1532 	r = usbi_backend->submit_transfer(itransfer);
1533 	if (r == LIBUSB_SUCCESS) {
1534 		itransfer->state_flags |= USBI_TRANSFER_IN_FLIGHT;
1535 		/* keep a reference to this device */
1536 		libusb_ref_device(transfer->dev_handle->dev);
1537 	}
1538 	usbi_mutex_unlock(&itransfer->lock);
1539 
1540 	if (r != LIBUSB_SUCCESS)
1541 		remove_from_flying_list(itransfer);
1542 
1543 	return r;
1544 }
1545 
1546 /** \ingroup libusb_asyncio
1547  * Asynchronously cancel a previously submitted transfer.
1548  * This function returns immediately, but this does not indicate cancellation
1549  * is complete. Your callback function will be invoked at some later time
1550  * with a transfer status of
1551  * \ref libusb_transfer_status::LIBUSB_TRANSFER_CANCELLED
1552  * "LIBUSB_TRANSFER_CANCELLED."
1553  *
1554  * \param transfer the transfer to cancel
1555  * \returns 0 on success
1556  * \returns LIBUSB_ERROR_NOT_FOUND if the transfer is not in progress,
1557  * already complete, or already cancelled.
1558  * \returns a LIBUSB_ERROR code on failure
1559  */
libusb_cancel_transfer(struct libusb_transfer * transfer)1560 int API_EXPORTED libusb_cancel_transfer(struct libusb_transfer *transfer)
1561 {
1562 	struct usbi_transfer *itransfer =
1563 		LIBUSB_TRANSFER_TO_USBI_TRANSFER(transfer);
1564 	int r;
1565 
1566 	usbi_dbg("transfer %p", transfer );
1567 	usbi_mutex_lock(&itransfer->lock);
1568 	if (!(itransfer->state_flags & USBI_TRANSFER_IN_FLIGHT)
1569 			|| (itransfer->state_flags & USBI_TRANSFER_CANCELLING)) {
1570 		r = LIBUSB_ERROR_NOT_FOUND;
1571 		goto out;
1572 	}
1573 	r = usbi_backend->cancel_transfer(itransfer);
1574 	if (r < 0) {
1575 		if (r != LIBUSB_ERROR_NOT_FOUND &&
1576 		    r != LIBUSB_ERROR_NO_DEVICE)
1577 			usbi_err(TRANSFER_CTX(transfer),
1578 				"cancel transfer failed error %d", r);
1579 		else
1580 			usbi_dbg("cancel transfer failed error %d", r);
1581 
1582 		if (r == LIBUSB_ERROR_NO_DEVICE)
1583 			itransfer->state_flags |= USBI_TRANSFER_DEVICE_DISAPPEARED;
1584 	}
1585 
1586 	itransfer->state_flags |= USBI_TRANSFER_CANCELLING;
1587 
1588 out:
1589 	usbi_mutex_unlock(&itransfer->lock);
1590 	return r;
1591 }
1592 
1593 /** \ingroup libusb_asyncio
1594  * Set a transfers bulk stream id. Note users are advised to use
1595  * libusb_fill_bulk_stream_transfer() instead of calling this function
1596  * directly.
1597  *
1598  * Since version 1.0.19, \ref LIBUSB_API_VERSION >= 0x01000103
1599  *
1600  * \param transfer the transfer to set the stream id for
1601  * \param stream_id the stream id to set
1602  * \see libusb_alloc_streams()
1603  */
libusb_transfer_set_stream_id(struct libusb_transfer * transfer,uint32_t stream_id)1604 void API_EXPORTED libusb_transfer_set_stream_id(
1605 	struct libusb_transfer *transfer, uint32_t stream_id)
1606 {
1607 	struct usbi_transfer *itransfer =
1608 		LIBUSB_TRANSFER_TO_USBI_TRANSFER(transfer);
1609 
1610 	itransfer->stream_id = stream_id;
1611 }
1612 
1613 /** \ingroup libusb_asyncio
1614  * Get a transfers bulk stream id.
1615  *
1616  * Since version 1.0.19, \ref LIBUSB_API_VERSION >= 0x01000103
1617  *
1618  * \param transfer the transfer to get the stream id for
1619  * \returns the stream id for the transfer
1620  */
libusb_transfer_get_stream_id(struct libusb_transfer * transfer)1621 uint32_t API_EXPORTED libusb_transfer_get_stream_id(
1622 	struct libusb_transfer *transfer)
1623 {
1624 	struct usbi_transfer *itransfer =
1625 		LIBUSB_TRANSFER_TO_USBI_TRANSFER(transfer);
1626 
1627 	return itransfer->stream_id;
1628 }
1629 
1630 /* Handle completion of a transfer (completion might be an error condition).
1631  * This will invoke the user-supplied callback function, which may end up
1632  * freeing the transfer. Therefore you cannot use the transfer structure
1633  * after calling this function, and you should free all backend-specific
1634  * data before calling it.
1635  * Do not call this function with the usbi_transfer lock held. User-specified
1636  * callback functions may attempt to directly resubmit the transfer, which
1637  * will attempt to take the lock. */
usbi_handle_transfer_completion(struct usbi_transfer * itransfer,enum libusb_transfer_status status)1638 int usbi_handle_transfer_completion(struct usbi_transfer *itransfer,
1639 	enum libusb_transfer_status status)
1640 {
1641 	struct libusb_transfer *transfer =
1642 		USBI_TRANSFER_TO_LIBUSB_TRANSFER(itransfer);
1643 	struct libusb_device_handle *dev_handle = transfer->dev_handle;
1644 	uint8_t flags;
1645 	int r;
1646 
1647 	r = remove_from_flying_list(itransfer);
1648 	if (r < 0)
1649 		usbi_err(ITRANSFER_CTX(itransfer), "failed to set timer for next timeout, errno=%d", errno);
1650 
1651 	usbi_mutex_lock(&itransfer->lock);
1652 	itransfer->state_flags &= ~USBI_TRANSFER_IN_FLIGHT;
1653 	usbi_mutex_unlock(&itransfer->lock);
1654 
1655 	if (status == LIBUSB_TRANSFER_COMPLETED
1656 			&& transfer->flags & LIBUSB_TRANSFER_SHORT_NOT_OK) {
1657 		int rqlen = transfer->length;
1658 		if (transfer->type == LIBUSB_TRANSFER_TYPE_CONTROL)
1659 			rqlen -= LIBUSB_CONTROL_SETUP_SIZE;
1660 		if (rqlen != itransfer->transferred) {
1661 			usbi_dbg("interpreting short transfer as error");
1662 			status = LIBUSB_TRANSFER_ERROR;
1663 		}
1664 	}
1665 
1666 	flags = transfer->flags;
1667 	transfer->status = status;
1668 	transfer->actual_length = itransfer->transferred;
1669 	usbi_dbg("transfer %p has callback %p", transfer, transfer->callback);
1670 	if (transfer->callback)
1671 		transfer->callback(transfer);
1672 	/* transfer might have been freed by the above call, do not use from
1673 	 * this point. */
1674 	if (flags & LIBUSB_TRANSFER_FREE_TRANSFER)
1675 		libusb_free_transfer(transfer);
1676 	libusb_unref_device(dev_handle->dev);
1677 	return r;
1678 }
1679 
1680 /* Similar to usbi_handle_transfer_completion() but exclusively for transfers
1681  * that were asynchronously cancelled. The same concerns w.r.t. freeing of
1682  * transfers exist here.
1683  * Do not call this function with the usbi_transfer lock held. User-specified
1684  * callback functions may attempt to directly resubmit the transfer, which
1685  * will attempt to take the lock. */
usbi_handle_transfer_cancellation(struct usbi_transfer * transfer)1686 int usbi_handle_transfer_cancellation(struct usbi_transfer *transfer)
1687 {
1688 	struct libusb_context *ctx = ITRANSFER_CTX(transfer);
1689 	uint8_t timed_out;
1690 
1691 	usbi_mutex_lock(&ctx->flying_transfers_lock);
1692 	timed_out = transfer->timeout_flags & USBI_TRANSFER_TIMED_OUT;
1693 	usbi_mutex_unlock(&ctx->flying_transfers_lock);
1694 
1695 	/* if the URB was cancelled due to timeout, report timeout to the user */
1696 	if (timed_out) {
1697 		usbi_dbg("detected timeout cancellation");
1698 		return usbi_handle_transfer_completion(transfer, LIBUSB_TRANSFER_TIMED_OUT);
1699 	}
1700 
1701 	/* otherwise its a normal async cancel */
1702 	return usbi_handle_transfer_completion(transfer, LIBUSB_TRANSFER_CANCELLED);
1703 }
1704 
1705 /* Add a completed transfer to the completed_transfers list of the
1706  * context and signal the event. The backend's handle_transfer_completion()
1707  * function will be called the next time an event handler runs. */
usbi_signal_transfer_completion(struct usbi_transfer * transfer)1708 void usbi_signal_transfer_completion(struct usbi_transfer *transfer)
1709 {
1710 	struct libusb_context *ctx = ITRANSFER_CTX(transfer);
1711 	int pending_events;
1712 
1713 	usbi_mutex_lock(&ctx->event_data_lock);
1714 	pending_events = usbi_pending_events(ctx);
1715 	list_add_tail(&transfer->completed_list, &ctx->completed_transfers);
1716 	if (!pending_events)
1717 		usbi_signal_event(ctx);
1718 	usbi_mutex_unlock(&ctx->event_data_lock);
1719 }
1720 
1721 /** \ingroup libusb_poll
1722  * Attempt to acquire the event handling lock. This lock is used to ensure that
1723  * only one thread is monitoring libusb event sources at any one time.
1724  *
1725  * You only need to use this lock if you are developing an application
1726  * which calls poll() or select() on libusb's file descriptors directly.
1727  * If you stick to libusb's event handling loop functions (e.g.
1728  * libusb_handle_events()) then you do not need to be concerned with this
1729  * locking.
1730  *
1731  * While holding this lock, you are trusted to actually be handling events.
1732  * If you are no longer handling events, you must call libusb_unlock_events()
1733  * as soon as possible.
1734  *
1735  * \param ctx the context to operate on, or NULL for the default context
1736  * \returns 0 if the lock was obtained successfully
1737  * \returns 1 if the lock was not obtained (i.e. another thread holds the lock)
1738  * \ref libusb_mtasync
1739  */
libusb_try_lock_events(libusb_context * ctx)1740 int API_EXPORTED libusb_try_lock_events(libusb_context *ctx)
1741 {
1742 	int r;
1743 	unsigned int ru;
1744 	USBI_GET_CONTEXT(ctx);
1745 
1746 	/* is someone else waiting to close a device? if so, don't let this thread
1747 	 * start event handling */
1748 	usbi_mutex_lock(&ctx->event_data_lock);
1749 	ru = ctx->device_close;
1750 	usbi_mutex_unlock(&ctx->event_data_lock);
1751 	if (ru) {
1752 		usbi_dbg("someone else is closing a device");
1753 		return 1;
1754 	}
1755 
1756 	r = usbi_mutex_trylock(&ctx->events_lock);
1757 	if (r)
1758 		return 1;
1759 
1760 	ctx->event_handler_active = 1;
1761 	return 0;
1762 }
1763 
1764 /** \ingroup libusb_poll
1765  * Acquire the event handling lock, blocking until successful acquisition if
1766  * it is contended. This lock is used to ensure that only one thread is
1767  * monitoring libusb event sources at any one time.
1768  *
1769  * You only need to use this lock if you are developing an application
1770  * which calls poll() or select() on libusb's file descriptors directly.
1771  * If you stick to libusb's event handling loop functions (e.g.
1772  * libusb_handle_events()) then you do not need to be concerned with this
1773  * locking.
1774  *
1775  * While holding this lock, you are trusted to actually be handling events.
1776  * If you are no longer handling events, you must call libusb_unlock_events()
1777  * as soon as possible.
1778  *
1779  * \param ctx the context to operate on, or NULL for the default context
1780  * \ref libusb_mtasync
1781  */
libusb_lock_events(libusb_context * ctx)1782 void API_EXPORTED libusb_lock_events(libusb_context *ctx)
1783 {
1784 	USBI_GET_CONTEXT(ctx);
1785 	usbi_mutex_lock(&ctx->events_lock);
1786 	ctx->event_handler_active = 1;
1787 }
1788 
1789 /** \ingroup libusb_poll
1790  * Release the lock previously acquired with libusb_try_lock_events() or
1791  * libusb_lock_events(). Releasing this lock will wake up any threads blocked
1792  * on libusb_wait_for_event().
1793  *
1794  * \param ctx the context to operate on, or NULL for the default context
1795  * \ref libusb_mtasync
1796  */
libusb_unlock_events(libusb_context * ctx)1797 void API_EXPORTED libusb_unlock_events(libusb_context *ctx)
1798 {
1799 	USBI_GET_CONTEXT(ctx);
1800 	ctx->event_handler_active = 0;
1801 	usbi_mutex_unlock(&ctx->events_lock);
1802 
1803 	/* FIXME: perhaps we should be a bit more efficient by not broadcasting
1804 	 * the availability of the events lock when we are modifying pollfds
1805 	 * (check ctx->device_close)? */
1806 	usbi_mutex_lock(&ctx->event_waiters_lock);
1807 	usbi_cond_broadcast(&ctx->event_waiters_cond);
1808 	usbi_mutex_unlock(&ctx->event_waiters_lock);
1809 }
1810 
1811 /** \ingroup libusb_poll
1812  * Determine if it is still OK for this thread to be doing event handling.
1813  *
1814  * Sometimes, libusb needs to temporarily pause all event handlers, and this
1815  * is the function you should use before polling file descriptors to see if
1816  * this is the case.
1817  *
1818  * If this function instructs your thread to give up the events lock, you
1819  * should just continue the usual logic that is documented in \ref libusb_mtasync.
1820  * On the next iteration, your thread will fail to obtain the events lock,
1821  * and will hence become an event waiter.
1822  *
1823  * This function should be called while the events lock is held: you don't
1824  * need to worry about the results of this function if your thread is not
1825  * the current event handler.
1826  *
1827  * \param ctx the context to operate on, or NULL for the default context
1828  * \returns 1 if event handling can start or continue
1829  * \returns 0 if this thread must give up the events lock
1830  * \ref fullstory "Multi-threaded I/O: the full story"
1831  */
libusb_event_handling_ok(libusb_context * ctx)1832 int API_EXPORTED libusb_event_handling_ok(libusb_context *ctx)
1833 {
1834 	unsigned int r;
1835 	USBI_GET_CONTEXT(ctx);
1836 
1837 	/* is someone else waiting to close a device? if so, don't let this thread
1838 	 * continue event handling */
1839 	usbi_mutex_lock(&ctx->event_data_lock);
1840 	r = ctx->device_close;
1841 	usbi_mutex_unlock(&ctx->event_data_lock);
1842 	if (r) {
1843 		usbi_dbg("someone else is closing a device");
1844 		return 0;
1845 	}
1846 
1847 	return 1;
1848 }
1849 
1850 
1851 /** \ingroup libusb_poll
1852  * Determine if an active thread is handling events (i.e. if anyone is holding
1853  * the event handling lock).
1854  *
1855  * \param ctx the context to operate on, or NULL for the default context
1856  * \returns 1 if a thread is handling events
1857  * \returns 0 if there are no threads currently handling events
1858  * \ref libusb_mtasync
1859  */
libusb_event_handler_active(libusb_context * ctx)1860 int API_EXPORTED libusb_event_handler_active(libusb_context *ctx)
1861 {
1862 	unsigned int r;
1863 	USBI_GET_CONTEXT(ctx);
1864 
1865 	/* is someone else waiting to close a device? if so, don't let this thread
1866 	 * start event handling -- indicate that event handling is happening */
1867 	usbi_mutex_lock(&ctx->event_data_lock);
1868 	r = ctx->device_close;
1869 	usbi_mutex_unlock(&ctx->event_data_lock);
1870 	if (r) {
1871 		usbi_dbg("someone else is closing a device");
1872 		return 1;
1873 	}
1874 
1875 	return ctx->event_handler_active;
1876 }
1877 
1878 /** \ingroup libusb_poll
1879  * Interrupt any active thread that is handling events. This is mainly useful
1880  * for interrupting a dedicated event handling thread when an application
1881  * wishes to call libusb_exit().
1882  *
1883  * Since version 1.0.21, \ref LIBUSB_API_VERSION >= 0x01000105
1884  *
1885  * \param ctx the context to operate on, or NULL for the default context
1886  * \ref libusb_mtasync
1887  */
libusb_interrupt_event_handler(libusb_context * ctx)1888 void API_EXPORTED libusb_interrupt_event_handler(libusb_context *ctx)
1889 {
1890 	USBI_GET_CONTEXT(ctx);
1891 
1892 	usbi_dbg("");
1893 	usbi_mutex_lock(&ctx->event_data_lock);
1894 	if (!usbi_pending_events(ctx)) {
1895 		ctx->event_flags |= USBI_EVENT_USER_INTERRUPT;
1896 		usbi_signal_event(ctx);
1897 	}
1898 	usbi_mutex_unlock(&ctx->event_data_lock);
1899 }
1900 
1901 /** \ingroup libusb_poll
1902  * Acquire the event waiters lock. This lock is designed to be obtained under
1903  * the situation where you want to be aware when events are completed, but
1904  * some other thread is event handling so calling libusb_handle_events() is not
1905  * allowed.
1906  *
1907  * You then obtain this lock, re-check that another thread is still handling
1908  * events, then call libusb_wait_for_event().
1909  *
1910  * You only need to use this lock if you are developing an application
1911  * which calls poll() or select() on libusb's file descriptors directly,
1912  * <b>and</b> may potentially be handling events from 2 threads simultaenously.
1913  * If you stick to libusb's event handling loop functions (e.g.
1914  * libusb_handle_events()) then you do not need to be concerned with this
1915  * locking.
1916  *
1917  * \param ctx the context to operate on, or NULL for the default context
1918  * \ref libusb_mtasync
1919  */
libusb_lock_event_waiters(libusb_context * ctx)1920 void API_EXPORTED libusb_lock_event_waiters(libusb_context *ctx)
1921 {
1922 	USBI_GET_CONTEXT(ctx);
1923 	usbi_mutex_lock(&ctx->event_waiters_lock);
1924 }
1925 
1926 /** \ingroup libusb_poll
1927  * Release the event waiters lock.
1928  * \param ctx the context to operate on, or NULL for the default context
1929  * \ref libusb_mtasync
1930  */
libusb_unlock_event_waiters(libusb_context * ctx)1931 void API_EXPORTED libusb_unlock_event_waiters(libusb_context *ctx)
1932 {
1933 	USBI_GET_CONTEXT(ctx);
1934 	usbi_mutex_unlock(&ctx->event_waiters_lock);
1935 }
1936 
1937 /** \ingroup libusb_poll
1938  * Wait for another thread to signal completion of an event. Must be called
1939  * with the event waiters lock held, see libusb_lock_event_waiters().
1940  *
1941  * This function will block until any of the following conditions are met:
1942  * -# The timeout expires
1943  * -# A transfer completes
1944  * -# A thread releases the event handling lock through libusb_unlock_events()
1945  *
1946  * Condition 1 is obvious. Condition 2 unblocks your thread <em>after</em>
1947  * the callback for the transfer has completed. Condition 3 is important
1948  * because it means that the thread that was previously handling events is no
1949  * longer doing so, so if any events are to complete, another thread needs to
1950  * step up and start event handling.
1951  *
1952  * This function releases the event waiters lock before putting your thread
1953  * to sleep, and reacquires the lock as it is being woken up.
1954  *
1955  * \param ctx the context to operate on, or NULL for the default context
1956  * \param tv maximum timeout for this blocking function. A NULL value
1957  * indicates unlimited timeout.
1958  * \returns 0 after a transfer completes or another thread stops event handling
1959  * \returns 1 if the timeout expired
1960  * \ref libusb_mtasync
1961  */
libusb_wait_for_event(libusb_context * ctx,struct timeval * tv)1962 int API_EXPORTED libusb_wait_for_event(libusb_context *ctx, struct timeval *tv)
1963 {
1964 	int r;
1965 
1966 	USBI_GET_CONTEXT(ctx);
1967 	if (tv == NULL) {
1968 		usbi_cond_wait(&ctx->event_waiters_cond, &ctx->event_waiters_lock);
1969 		return 0;
1970 	}
1971 
1972 	r = usbi_cond_timedwait(&ctx->event_waiters_cond,
1973 		&ctx->event_waiters_lock, tv);
1974 
1975 	if (r < 0)
1976 		return r;
1977 	else
1978 		return (r == ETIMEDOUT);
1979 }
1980 
handle_timeout(struct usbi_transfer * itransfer)1981 static void handle_timeout(struct usbi_transfer *itransfer)
1982 {
1983 	struct libusb_transfer *transfer =
1984 		USBI_TRANSFER_TO_LIBUSB_TRANSFER(itransfer);
1985 	int r;
1986 
1987 	itransfer->timeout_flags |= USBI_TRANSFER_TIMEOUT_HANDLED;
1988 	r = libusb_cancel_transfer(transfer);
1989 	if (r == LIBUSB_SUCCESS)
1990 		itransfer->timeout_flags |= USBI_TRANSFER_TIMED_OUT;
1991 	else
1992 		usbi_warn(TRANSFER_CTX(transfer),
1993 			"async cancel failed %d errno=%d", r, errno);
1994 }
1995 
handle_timeouts_locked(struct libusb_context * ctx)1996 static int handle_timeouts_locked(struct libusb_context *ctx)
1997 {
1998 	int r;
1999 	struct timespec systime_ts;
2000 	struct timeval systime;
2001 	struct usbi_transfer *transfer;
2002 
2003 	if (list_empty(&ctx->flying_transfers))
2004 		return 0;
2005 
2006 	/* get current time */
2007 	r = usbi_backend->clock_gettime(USBI_CLOCK_MONOTONIC, &systime_ts);
2008 	if (r < 0)
2009 		return r;
2010 
2011 	TIMESPEC_TO_TIMEVAL(&systime, &systime_ts);
2012 
2013 	/* iterate through flying transfers list, finding all transfers that
2014 	 * have expired timeouts */
2015 	list_for_each_entry(transfer, &ctx->flying_transfers, list, struct usbi_transfer) {
2016 		struct timeval *cur_tv = &transfer->timeout;
2017 
2018 		/* if we've reached transfers of infinite timeout, we're all done */
2019 		if (!timerisset(cur_tv))
2020 			return 0;
2021 
2022 		/* ignore timeouts we've already handled */
2023 		if (transfer->timeout_flags & (USBI_TRANSFER_TIMEOUT_HANDLED | USBI_TRANSFER_OS_HANDLES_TIMEOUT))
2024 			continue;
2025 
2026 		/* if transfer has non-expired timeout, nothing more to do */
2027 		if ((cur_tv->tv_sec > systime.tv_sec) ||
2028 				(cur_tv->tv_sec == systime.tv_sec &&
2029 					cur_tv->tv_usec > systime.tv_usec))
2030 			return 0;
2031 
2032 		/* otherwise, we've got an expired timeout to handle */
2033 		handle_timeout(transfer);
2034 	}
2035 	return 0;
2036 }
2037 
handle_timeouts(struct libusb_context * ctx)2038 static int handle_timeouts(struct libusb_context *ctx)
2039 {
2040 	int r;
2041 	USBI_GET_CONTEXT(ctx);
2042 	usbi_mutex_lock(&ctx->flying_transfers_lock);
2043 	r = handle_timeouts_locked(ctx);
2044 	usbi_mutex_unlock(&ctx->flying_transfers_lock);
2045 	return r;
2046 }
2047 
2048 #ifdef USBI_TIMERFD_AVAILABLE
handle_timerfd_trigger(struct libusb_context * ctx)2049 static int handle_timerfd_trigger(struct libusb_context *ctx)
2050 {
2051 	int r;
2052 
2053 	usbi_mutex_lock(&ctx->flying_transfers_lock);
2054 
2055 	/* process the timeout that just happened */
2056 	r = handle_timeouts_locked(ctx);
2057 	if (r < 0)
2058 		goto out;
2059 
2060 	/* arm for next timeout*/
2061 	r = arm_timerfd_for_next_timeout(ctx);
2062 
2063 out:
2064 	usbi_mutex_unlock(&ctx->flying_transfers_lock);
2065 	return r;
2066 }
2067 #endif
2068 
2069 /* do the actual event handling. assumes that no other thread is concurrently
2070  * doing the same thing. */
handle_events(struct libusb_context * ctx,struct timeval * tv)2071 static int handle_events(struct libusb_context *ctx, struct timeval *tv)
2072 {
2073 	int r;
2074 	struct usbi_pollfd *ipollfd;
2075 	POLL_NFDS_TYPE nfds = 0;
2076 	POLL_NFDS_TYPE internal_nfds;
2077 	struct pollfd *fds = NULL;
2078 	int i = -1;
2079 	int timeout_ms;
2080 	int special_event;
2081 
2082 	/* prevent attempts to recursively handle events (e.g. calling into
2083 	 * libusb_handle_events() from within a hotplug or transfer callback) */
2084 	if (usbi_handling_events(ctx))
2085 		return LIBUSB_ERROR_BUSY;
2086 	usbi_start_event_handling(ctx);
2087 
2088 	/* there are certain fds that libusb uses internally, currently:
2089 	 *
2090 	 *   1) event pipe
2091 	 *   2) timerfd
2092 	 *
2093 	 * the backend will never need to attempt to handle events on these fds, so
2094 	 * we determine how many fds are in use internally for this context and when
2095 	 * handle_events() is called in the backend, the pollfd list and count will
2096 	 * be adjusted to skip over these internal fds */
2097 	if (usbi_using_timerfd(ctx))
2098 		internal_nfds = 2;
2099 	else
2100 		internal_nfds = 1;
2101 
2102 	/* only reallocate the poll fds when the list of poll fds has been modified
2103 	 * since the last poll, otherwise reuse them to save the additional overhead */
2104 	usbi_mutex_lock(&ctx->event_data_lock);
2105 	if (ctx->event_flags & USBI_EVENT_POLLFDS_MODIFIED) {
2106 		usbi_dbg("poll fds modified, reallocating");
2107 
2108 		if (ctx->pollfds) {
2109 			free(ctx->pollfds);
2110 			ctx->pollfds = NULL;
2111 		}
2112 
2113 		/* sanity check - it is invalid for a context to have fewer than the
2114 		 * required internal fds (memory corruption?) */
2115 		assert(ctx->pollfds_cnt >= internal_nfds);
2116 
2117 		ctx->pollfds = calloc(ctx->pollfds_cnt, sizeof(*ctx->pollfds));
2118 		if (!ctx->pollfds) {
2119 			usbi_mutex_unlock(&ctx->event_data_lock);
2120 			r = LIBUSB_ERROR_NO_MEM;
2121 			goto done;
2122 		}
2123 
2124 		list_for_each_entry(ipollfd, &ctx->ipollfds, list, struct usbi_pollfd) {
2125 			struct libusb_pollfd *pollfd = &ipollfd->pollfd;
2126 			i++;
2127 			ctx->pollfds[i].fd = pollfd->fd;
2128 			ctx->pollfds[i].events = pollfd->events;
2129 		}
2130 
2131 		/* reset the flag now that we have the updated list */
2132 		ctx->event_flags &= ~USBI_EVENT_POLLFDS_MODIFIED;
2133 
2134 		/* if no further pending events, clear the event pipe so that we do
2135 		 * not immediately return from poll */
2136 		if (!usbi_pending_events(ctx))
2137 			usbi_clear_event(ctx);
2138 	}
2139 	fds = ctx->pollfds;
2140 	nfds = ctx->pollfds_cnt;
2141 	usbi_mutex_unlock(&ctx->event_data_lock);
2142 
2143 	timeout_ms = (int)(tv->tv_sec * 1000) + (tv->tv_usec / 1000);
2144 
2145 	/* round up to next millisecond */
2146 	if (tv->tv_usec % 1000)
2147 		timeout_ms++;
2148 
2149 redo_poll:
2150 	usbi_dbg("poll() %d fds with timeout in %dms", nfds, timeout_ms);
2151 	r = usbi_poll(fds, nfds, timeout_ms);
2152 	usbi_dbg("poll() returned %d", r);
2153 	if (r == 0) {
2154 		r = handle_timeouts(ctx);
2155 		goto done;
2156 	}
2157 	else if (r == -1 && errno == EINTR) {
2158 		r = LIBUSB_ERROR_INTERRUPTED;
2159 		goto done;
2160 	}
2161 	else if (r < 0) {
2162 		usbi_err(ctx, "poll failed %d err=%d", r, errno);
2163 		r = LIBUSB_ERROR_IO;
2164 		goto done;
2165 	}
2166 
2167 	special_event = 0;
2168 
2169 	/* fds[0] is always the event pipe */
2170 	if (fds[0].revents) {
2171 		libusb_hotplug_message *message = NULL;
2172 		struct usbi_transfer *itransfer;
2173 		int ret = 0;
2174 
2175 		usbi_dbg("caught a fish on the event pipe");
2176 
2177 		/* take the the event data lock while processing events */
2178 		usbi_mutex_lock(&ctx->event_data_lock);
2179 
2180 		/* check if someone added a new poll fd */
2181 		if (ctx->event_flags & USBI_EVENT_POLLFDS_MODIFIED)
2182 			usbi_dbg("someone updated the poll fds");
2183 
2184 		if (ctx->event_flags & USBI_EVENT_USER_INTERRUPT) {
2185 			usbi_dbg("someone purposely interrupted");
2186 			ctx->event_flags &= ~USBI_EVENT_USER_INTERRUPT;
2187 		}
2188 
2189 		/* check if someone is closing a device */
2190 		if (ctx->device_close)
2191 			usbi_dbg("someone is closing a device");
2192 
2193 		/* check for any pending hotplug messages */
2194 		if (!list_empty(&ctx->hotplug_msgs)) {
2195 			usbi_dbg("hotplug message received");
2196 			special_event = 1;
2197 			message = list_first_entry(&ctx->hotplug_msgs, libusb_hotplug_message, list);
2198 			list_del(&message->list);
2199 		}
2200 
2201 		/* complete any pending transfers */
2202 		while (ret == 0 && !list_empty(&ctx->completed_transfers)) {
2203 			itransfer = list_first_entry(&ctx->completed_transfers, struct usbi_transfer, completed_list);
2204 			list_del(&itransfer->completed_list);
2205 			usbi_mutex_unlock(&ctx->event_data_lock);
2206 			ret = usbi_backend->handle_transfer_completion(itransfer);
2207 			if (ret)
2208 				usbi_err(ctx, "backend handle_transfer_completion failed with error %d", ret);
2209 			usbi_mutex_lock(&ctx->event_data_lock);
2210 		}
2211 
2212 		/* if no further pending events, clear the event pipe */
2213 		if (!usbi_pending_events(ctx))
2214 			usbi_clear_event(ctx);
2215 
2216 		usbi_mutex_unlock(&ctx->event_data_lock);
2217 
2218 		/* process the hotplug message, if any */
2219 		if (message) {
2220 			usbi_hotplug_match(ctx, message->device, message->event);
2221 
2222 			/* the device left, dereference the device */
2223 			if (LIBUSB_HOTPLUG_EVENT_DEVICE_LEFT == message->event)
2224 				libusb_unref_device(message->device);
2225 
2226 			free(message);
2227 		}
2228 
2229 		if (ret) {
2230 			/* return error code */
2231 			r = ret;
2232 			goto done;
2233 		}
2234 
2235 		if (0 == --r)
2236 			goto handled;
2237 	}
2238 
2239 #ifdef USBI_TIMERFD_AVAILABLE
2240 	/* on timerfd configurations, fds[1] is the timerfd */
2241 	if (usbi_using_timerfd(ctx) && fds[1].revents) {
2242 		/* timerfd indicates that a timeout has expired */
2243 		int ret;
2244 		usbi_dbg("timerfd triggered");
2245 		special_event = 1;
2246 
2247 		ret = handle_timerfd_trigger(ctx);
2248 		if (ret < 0) {
2249 			/* return error code */
2250 			r = ret;
2251 			goto done;
2252 		}
2253 
2254 		if (0 == --r)
2255 			goto handled;
2256 	}
2257 #endif
2258 
2259 	r = usbi_backend->handle_events(ctx, fds + internal_nfds, nfds - internal_nfds, r);
2260 	if (r)
2261 		usbi_err(ctx, "backend handle_events failed with error %d", r);
2262 
2263 handled:
2264 	if (r == 0 && special_event) {
2265 		timeout_ms = 0;
2266 		goto redo_poll;
2267 	}
2268 
2269 done:
2270 	usbi_end_event_handling(ctx);
2271 	return r;
2272 }
2273 
2274 /* returns the smallest of:
2275  *  1. timeout of next URB
2276  *  2. user-supplied timeout
2277  * returns 1 if there is an already-expired timeout, otherwise returns 0
2278  * and populates out
2279  */
get_next_timeout(libusb_context * ctx,struct timeval * tv,struct timeval * out)2280 static int get_next_timeout(libusb_context *ctx, struct timeval *tv,
2281 	struct timeval *out)
2282 {
2283 	struct timeval timeout;
2284 	int r = libusb_get_next_timeout(ctx, &timeout);
2285 	if (r) {
2286 		/* timeout already expired? */
2287 		if (!timerisset(&timeout))
2288 			return 1;
2289 
2290 		/* choose the smallest of next URB timeout or user specified timeout */
2291 		if (timercmp(&timeout, tv, <))
2292 			*out = timeout;
2293 		else
2294 			*out = *tv;
2295 	} else {
2296 		*out = *tv;
2297 	}
2298 	return 0;
2299 }
2300 
2301 /** \ingroup libusb_poll
2302  * Handle any pending events.
2303  *
2304  * libusb determines "pending events" by checking if any timeouts have expired
2305  * and by checking the set of file descriptors for activity.
2306  *
2307  * If a zero timeval is passed, this function will handle any already-pending
2308  * events and then immediately return in non-blocking style.
2309  *
2310  * If a non-zero timeval is passed and no events are currently pending, this
2311  * function will block waiting for events to handle up until the specified
2312  * timeout. If an event arrives or a signal is raised, this function will
2313  * return early.
2314  *
2315  * If the parameter completed is not NULL then <em>after obtaining the event
2316  * handling lock</em> this function will return immediately if the integer
2317  * pointed to is not 0. This allows for race free waiting for the completion
2318  * of a specific transfer.
2319  *
2320  * \param ctx the context to operate on, or NULL for the default context
2321  * \param tv the maximum time to block waiting for events, or an all zero
2322  * timeval struct for non-blocking mode
2323  * \param completed pointer to completion integer to check, or NULL
2324  * \returns 0 on success, or a LIBUSB_ERROR code on failure
2325  * \ref libusb_mtasync
2326  */
libusb_handle_events_timeout_completed(libusb_context * ctx,struct timeval * tv,int * completed)2327 int API_EXPORTED libusb_handle_events_timeout_completed(libusb_context *ctx,
2328 	struct timeval *tv, int *completed)
2329 {
2330 	int r;
2331 	struct timeval poll_timeout;
2332 
2333 	USBI_GET_CONTEXT(ctx);
2334 	r = get_next_timeout(ctx, tv, &poll_timeout);
2335 	if (r) {
2336 		/* timeout already expired */
2337 		return handle_timeouts(ctx);
2338 	}
2339 
2340 retry:
2341 	if (libusb_try_lock_events(ctx) == 0) {
2342 		if (completed == NULL || !*completed) {
2343 			/* we obtained the event lock: do our own event handling */
2344 			usbi_dbg("doing our own event handling");
2345 			r = handle_events(ctx, &poll_timeout);
2346 		}
2347 		libusb_unlock_events(ctx);
2348 		return r;
2349 	}
2350 
2351 	/* another thread is doing event handling. wait for thread events that
2352 	 * notify event completion. */
2353 	libusb_lock_event_waiters(ctx);
2354 
2355 	if (completed && *completed)
2356 		goto already_done;
2357 
2358 	if (!libusb_event_handler_active(ctx)) {
2359 		/* we hit a race: whoever was event handling earlier finished in the
2360 		 * time it took us to reach this point. try the cycle again. */
2361 		libusb_unlock_event_waiters(ctx);
2362 		usbi_dbg("event handler was active but went away, retrying");
2363 		goto retry;
2364 	}
2365 
2366 	usbi_dbg("another thread is doing event handling");
2367 	r = libusb_wait_for_event(ctx, &poll_timeout);
2368 
2369 already_done:
2370 	libusb_unlock_event_waiters(ctx);
2371 
2372 	if (r < 0)
2373 		return r;
2374 	else if (r == 1)
2375 		return handle_timeouts(ctx);
2376 	else
2377 		return 0;
2378 }
2379 
2380 /** \ingroup libusb_poll
2381  * Handle any pending events
2382  *
2383  * Like libusb_handle_events_timeout_completed(), but without the completed
2384  * parameter, calling this function is equivalent to calling
2385  * libusb_handle_events_timeout_completed() with a NULL completed parameter.
2386  *
2387  * This function is kept primarily for backwards compatibility.
2388  * All new code should call libusb_handle_events_completed() or
2389  * libusb_handle_events_timeout_completed() to avoid race conditions.
2390  *
2391  * \param ctx the context to operate on, or NULL for the default context
2392  * \param tv the maximum time to block waiting for events, or an all zero
2393  * timeval struct for non-blocking mode
2394  * \returns 0 on success, or a LIBUSB_ERROR code on failure
2395  */
libusb_handle_events_timeout(libusb_context * ctx,struct timeval * tv)2396 int API_EXPORTED libusb_handle_events_timeout(libusb_context *ctx,
2397 	struct timeval *tv)
2398 {
2399 	return libusb_handle_events_timeout_completed(ctx, tv, NULL);
2400 }
2401 
2402 /** \ingroup libusb_poll
2403  * Handle any pending events in blocking mode. There is currently a timeout
2404  * hardcoded at 60 seconds but we plan to make it unlimited in future. For
2405  * finer control over whether this function is blocking or non-blocking, or
2406  * for control over the timeout, use libusb_handle_events_timeout_completed()
2407  * instead.
2408  *
2409  * This function is kept primarily for backwards compatibility.
2410  * All new code should call libusb_handle_events_completed() or
2411  * libusb_handle_events_timeout_completed() to avoid race conditions.
2412  *
2413  * \param ctx the context to operate on, or NULL for the default context
2414  * \returns 0 on success, or a LIBUSB_ERROR code on failure
2415  */
libusb_handle_events(libusb_context * ctx)2416 int API_EXPORTED libusb_handle_events(libusb_context *ctx)
2417 {
2418 	struct timeval tv;
2419 	tv.tv_sec = 60;
2420 	tv.tv_usec = 0;
2421 	return libusb_handle_events_timeout_completed(ctx, &tv, NULL);
2422 }
2423 
2424 /** \ingroup libusb_poll
2425  * Handle any pending events in blocking mode.
2426  *
2427  * Like libusb_handle_events(), with the addition of a completed parameter
2428  * to allow for race free waiting for the completion of a specific transfer.
2429  *
2430  * See libusb_handle_events_timeout_completed() for details on the completed
2431  * parameter.
2432  *
2433  * \param ctx the context to operate on, or NULL for the default context
2434  * \param completed pointer to completion integer to check, or NULL
2435  * \returns 0 on success, or a LIBUSB_ERROR code on failure
2436  * \ref libusb_mtasync
2437  */
libusb_handle_events_completed(libusb_context * ctx,int * completed)2438 int API_EXPORTED libusb_handle_events_completed(libusb_context *ctx,
2439 	int *completed)
2440 {
2441 	struct timeval tv;
2442 	tv.tv_sec = 60;
2443 	tv.tv_usec = 0;
2444 	return libusb_handle_events_timeout_completed(ctx, &tv, completed);
2445 }
2446 
2447 /** \ingroup libusb_poll
2448  * Handle any pending events by polling file descriptors, without checking if
2449  * any other threads are already doing so. Must be called with the event lock
2450  * held, see libusb_lock_events().
2451  *
2452  * This function is designed to be called under the situation where you have
2453  * taken the event lock and are calling poll()/select() directly on libusb's
2454  * file descriptors (as opposed to using libusb_handle_events() or similar).
2455  * You detect events on libusb's descriptors, so you then call this function
2456  * with a zero timeout value (while still holding the event lock).
2457  *
2458  * \param ctx the context to operate on, or NULL for the default context
2459  * \param tv the maximum time to block waiting for events, or zero for
2460  * non-blocking mode
2461  * \returns 0 on success, or a LIBUSB_ERROR code on failure
2462  * \ref libusb_mtasync
2463  */
libusb_handle_events_locked(libusb_context * ctx,struct timeval * tv)2464 int API_EXPORTED libusb_handle_events_locked(libusb_context *ctx,
2465 	struct timeval *tv)
2466 {
2467 	int r;
2468 	struct timeval poll_timeout;
2469 
2470 	USBI_GET_CONTEXT(ctx);
2471 	r = get_next_timeout(ctx, tv, &poll_timeout);
2472 	if (r) {
2473 		/* timeout already expired */
2474 		return handle_timeouts(ctx);
2475 	}
2476 
2477 	return handle_events(ctx, &poll_timeout);
2478 }
2479 
2480 /** \ingroup libusb_poll
2481  * Determines whether your application must apply special timing considerations
2482  * when monitoring libusb's file descriptors.
2483  *
2484  * This function is only useful for applications which retrieve and poll
2485  * libusb's file descriptors in their own main loop (\ref libusb_pollmain).
2486  *
2487  * Ordinarily, libusb's event handler needs to be called into at specific
2488  * moments in time (in addition to times when there is activity on the file
2489  * descriptor set). The usual approach is to use libusb_get_next_timeout()
2490  * to learn about when the next timeout occurs, and to adjust your
2491  * poll()/select() timeout accordingly so that you can make a call into the
2492  * library at that time.
2493  *
2494  * Some platforms supported by libusb do not come with this baggage - any
2495  * events relevant to timing will be represented by activity on the file
2496  * descriptor set, and libusb_get_next_timeout() will always return 0.
2497  * This function allows you to detect whether you are running on such a
2498  * platform.
2499  *
2500  * Since v1.0.5.
2501  *
2502  * \param ctx the context to operate on, or NULL for the default context
2503  * \returns 0 if you must call into libusb at times determined by
2504  * libusb_get_next_timeout(), or 1 if all timeout events are handled internally
2505  * or through regular activity on the file descriptors.
2506  * \ref libusb_pollmain "Polling libusb file descriptors for event handling"
2507  */
libusb_pollfds_handle_timeouts(libusb_context * ctx)2508 int API_EXPORTED libusb_pollfds_handle_timeouts(libusb_context *ctx)
2509 {
2510 #if defined(USBI_TIMERFD_AVAILABLE)
2511 	USBI_GET_CONTEXT(ctx);
2512 	return usbi_using_timerfd(ctx);
2513 #else
2514 	UNUSED(ctx);
2515 	return 0;
2516 #endif
2517 }
2518 
2519 /** \ingroup libusb_poll
2520  * Determine the next internal timeout that libusb needs to handle. You only
2521  * need to use this function if you are calling poll() or select() or similar
2522  * on libusb's file descriptors yourself - you do not need to use it if you
2523  * are calling libusb_handle_events() or a variant directly.
2524  *
2525  * You should call this function in your main loop in order to determine how
2526  * long to wait for select() or poll() to return results. libusb needs to be
2527  * called into at this timeout, so you should use it as an upper bound on
2528  * your select() or poll() call.
2529  *
2530  * When the timeout has expired, call into libusb_handle_events_timeout()
2531  * (perhaps in non-blocking mode) so that libusb can handle the timeout.
2532  *
2533  * This function may return 1 (success) and an all-zero timeval. If this is
2534  * the case, it indicates that libusb has a timeout that has already expired
2535  * so you should call libusb_handle_events_timeout() or similar immediately.
2536  * A return code of 0 indicates that there are no pending timeouts.
2537  *
2538  * On some platforms, this function will always returns 0 (no pending
2539  * timeouts). See \ref polltime.
2540  *
2541  * \param ctx the context to operate on, or NULL for the default context
2542  * \param tv output location for a relative time against the current
2543  * clock in which libusb must be called into in order to process timeout events
2544  * \returns 0 if there are no pending timeouts, 1 if a timeout was returned,
2545  * or LIBUSB_ERROR_OTHER on failure
2546  */
libusb_get_next_timeout(libusb_context * ctx,struct timeval * tv)2547 int API_EXPORTED libusb_get_next_timeout(libusb_context *ctx,
2548 	struct timeval *tv)
2549 {
2550 	struct usbi_transfer *transfer;
2551 	struct timespec cur_ts;
2552 	struct timeval cur_tv;
2553 	struct timeval next_timeout = { 0, 0 };
2554 	int r;
2555 
2556 	USBI_GET_CONTEXT(ctx);
2557 	if (usbi_using_timerfd(ctx))
2558 		return 0;
2559 
2560 	usbi_mutex_lock(&ctx->flying_transfers_lock);
2561 	if (list_empty(&ctx->flying_transfers)) {
2562 		usbi_mutex_unlock(&ctx->flying_transfers_lock);
2563 		usbi_dbg("no URBs, no timeout!");
2564 		return 0;
2565 	}
2566 
2567 	/* find next transfer which hasn't already been processed as timed out */
2568 	list_for_each_entry(transfer, &ctx->flying_transfers, list, struct usbi_transfer) {
2569 		if (transfer->timeout_flags & (USBI_TRANSFER_TIMEOUT_HANDLED | USBI_TRANSFER_OS_HANDLES_TIMEOUT))
2570 			continue;
2571 
2572 		/* if we've reached transfers of infinte timeout, we're done looking */
2573 		if (!timerisset(&transfer->timeout))
2574 			break;
2575 
2576 		next_timeout = transfer->timeout;
2577 		break;
2578 	}
2579 	usbi_mutex_unlock(&ctx->flying_transfers_lock);
2580 
2581 	if (!timerisset(&next_timeout)) {
2582 		usbi_dbg("no URB with timeout or all handled by OS; no timeout!");
2583 		return 0;
2584 	}
2585 
2586 	r = usbi_backend->clock_gettime(USBI_CLOCK_MONOTONIC, &cur_ts);
2587 	if (r < 0) {
2588 		usbi_err(ctx, "failed to read monotonic clock, errno=%d", errno);
2589 		return 0;
2590 	}
2591 	TIMESPEC_TO_TIMEVAL(&cur_tv, &cur_ts);
2592 
2593 	if (!timercmp(&cur_tv, &next_timeout, <)) {
2594 		usbi_dbg("first timeout already expired");
2595 		timerclear(tv);
2596 	} else {
2597 		timersub(&next_timeout, &cur_tv, tv);
2598 		usbi_dbg("next timeout in %d.%06ds", tv->tv_sec, tv->tv_usec);
2599 	}
2600 
2601 	return 1;
2602 }
2603 
2604 /** \ingroup libusb_poll
2605  * Register notification functions for file descriptor additions/removals.
2606  * These functions will be invoked for every new or removed file descriptor
2607  * that libusb uses as an event source.
2608  *
2609  * To remove notifiers, pass NULL values for the function pointers.
2610  *
2611  * Note that file descriptors may have been added even before you register
2612  * these notifiers (e.g. at libusb_init() time).
2613  *
2614  * Additionally, note that the removal notifier may be called during
2615  * libusb_exit() (e.g. when it is closing file descriptors that were opened
2616  * and added to the poll set at libusb_init() time). If you don't want this,
2617  * remove the notifiers immediately before calling libusb_exit().
2618  *
2619  * \param ctx the context to operate on, or NULL for the default context
2620  * \param added_cb pointer to function for addition notifications
2621  * \param removed_cb pointer to function for removal notifications
2622  * \param user_data User data to be passed back to callbacks (useful for
2623  * passing context information)
2624  */
libusb_set_pollfd_notifiers(libusb_context * ctx,libusb_pollfd_added_cb added_cb,libusb_pollfd_removed_cb removed_cb,void * user_data)2625 void API_EXPORTED libusb_set_pollfd_notifiers(libusb_context *ctx,
2626 	libusb_pollfd_added_cb added_cb, libusb_pollfd_removed_cb removed_cb,
2627 	void *user_data)
2628 {
2629 	USBI_GET_CONTEXT(ctx);
2630 	ctx->fd_added_cb = added_cb;
2631 	ctx->fd_removed_cb = removed_cb;
2632 	ctx->fd_cb_user_data = user_data;
2633 }
2634 
2635 /*
2636  * Interrupt the iteration of the event handling thread, so that it picks
2637  * up the fd change. Callers of this function must hold the event_data_lock.
2638  */
usbi_fd_notification(struct libusb_context * ctx)2639 static void usbi_fd_notification(struct libusb_context *ctx)
2640 {
2641 	int pending_events;
2642 
2643 	/* Record that there is a new poll fd.
2644 	 * Only signal an event if there are no prior pending events. */
2645 	pending_events = usbi_pending_events(ctx);
2646 	ctx->event_flags |= USBI_EVENT_POLLFDS_MODIFIED;
2647 	if (!pending_events)
2648 		usbi_signal_event(ctx);
2649 }
2650 
2651 /* Add a file descriptor to the list of file descriptors to be monitored.
2652  * events should be specified as a bitmask of events passed to poll(), e.g.
2653  * POLLIN and/or POLLOUT. */
usbi_add_pollfd(struct libusb_context * ctx,int fd,short events)2654 int usbi_add_pollfd(struct libusb_context *ctx, int fd, short events)
2655 {
2656 	struct usbi_pollfd *ipollfd = malloc(sizeof(*ipollfd));
2657 	if (!ipollfd)
2658 		return LIBUSB_ERROR_NO_MEM;
2659 
2660 	usbi_dbg("add fd %d events %d", fd, events);
2661 	ipollfd->pollfd.fd = fd;
2662 	ipollfd->pollfd.events = events;
2663 	usbi_mutex_lock(&ctx->event_data_lock);
2664 	list_add_tail(&ipollfd->list, &ctx->ipollfds);
2665 	ctx->pollfds_cnt++;
2666 	usbi_fd_notification(ctx);
2667 	usbi_mutex_unlock(&ctx->event_data_lock);
2668 
2669 	if (ctx->fd_added_cb)
2670 		ctx->fd_added_cb(fd, events, ctx->fd_cb_user_data);
2671 	return 0;
2672 }
2673 
2674 /* Remove a file descriptor from the list of file descriptors to be polled. */
usbi_remove_pollfd(struct libusb_context * ctx,int fd)2675 void usbi_remove_pollfd(struct libusb_context *ctx, int fd)
2676 {
2677 	struct usbi_pollfd *ipollfd;
2678 	int found = 0;
2679 
2680 	usbi_dbg("remove fd %d", fd);
2681 	usbi_mutex_lock(&ctx->event_data_lock);
2682 	list_for_each_entry(ipollfd, &ctx->ipollfds, list, struct usbi_pollfd)
2683 		if (ipollfd->pollfd.fd == fd) {
2684 			found = 1;
2685 			break;
2686 		}
2687 
2688 	if (!found) {
2689 		usbi_dbg("couldn't find fd %d to remove", fd);
2690 		usbi_mutex_unlock(&ctx->event_data_lock);
2691 		return;
2692 	}
2693 
2694 	list_del(&ipollfd->list);
2695 	ctx->pollfds_cnt--;
2696 	usbi_fd_notification(ctx);
2697 	usbi_mutex_unlock(&ctx->event_data_lock);
2698 	free(ipollfd);
2699 	if (ctx->fd_removed_cb)
2700 		ctx->fd_removed_cb(fd, ctx->fd_cb_user_data);
2701 }
2702 
2703 /** \ingroup libusb_poll
2704  * Retrieve a list of file descriptors that should be polled by your main loop
2705  * as libusb event sources.
2706  *
2707  * The returned list is NULL-terminated and should be freed with libusb_free_pollfds()
2708  * when done. The actual list contents must not be touched.
2709  *
2710  * As file descriptors are a Unix-specific concept, this function is not
2711  * available on Windows and will always return NULL.
2712  *
2713  * \param ctx the context to operate on, or NULL for the default context
2714  * \returns a NULL-terminated list of libusb_pollfd structures
2715  * \returns NULL on error
2716  * \returns NULL on platforms where the functionality is not available
2717  */
2718 DEFAULT_VISIBILITY
libusb_get_pollfds(libusb_context * ctx)2719 const struct libusb_pollfd ** LIBUSB_CALL libusb_get_pollfds(
2720 	libusb_context *ctx)
2721 {
2722 #ifndef OS_WINDOWS
2723 	struct libusb_pollfd **ret = NULL;
2724 	struct usbi_pollfd *ipollfd;
2725 	size_t i = 0;
2726 	USBI_GET_CONTEXT(ctx);
2727 
2728 	usbi_mutex_lock(&ctx->event_data_lock);
2729 
2730 	ret = calloc(ctx->pollfds_cnt + 1, sizeof(struct libusb_pollfd *));
2731 	if (!ret)
2732 		goto out;
2733 
2734 	list_for_each_entry(ipollfd, &ctx->ipollfds, list, struct usbi_pollfd)
2735 		ret[i++] = (struct libusb_pollfd *) ipollfd;
2736 	ret[ctx->pollfds_cnt] = NULL;
2737 
2738 out:
2739 	usbi_mutex_unlock(&ctx->event_data_lock);
2740 	return (const struct libusb_pollfd **) ret;
2741 #else
2742 	usbi_err(ctx, "external polling of libusb's internal descriptors "\
2743 		"is not yet supported on Windows platforms");
2744 	return NULL;
2745 #endif
2746 }
2747 
2748 /** \ingroup libusb_poll
2749  * Free a list of libusb_pollfd structures. This should be called for all
2750  * pollfd lists allocated with libusb_get_pollfds().
2751  *
2752  * Since version 1.0.20, \ref LIBUSB_API_VERSION >= 0x01000104
2753  *
2754  * It is legal to call this function with a NULL pollfd list. In this case,
2755  * the function will simply return safely.
2756  *
2757  * \param pollfds the list of libusb_pollfd structures to free
2758  */
libusb_free_pollfds(const struct libusb_pollfd ** pollfds)2759 void API_EXPORTED libusb_free_pollfds(const struct libusb_pollfd **pollfds)
2760 {
2761 	if (!pollfds)
2762 		return;
2763 
2764 	free((void *)pollfds);
2765 }
2766 
2767 /* Backends may call this from handle_events to report disconnection of a
2768  * device. This function ensures transfers get cancelled appropriately.
2769  * Callers of this function must hold the events_lock.
2770  */
usbi_handle_disconnect(struct libusb_device_handle * dev_handle)2771 void usbi_handle_disconnect(struct libusb_device_handle *dev_handle)
2772 {
2773 	struct usbi_transfer *cur;
2774 	struct usbi_transfer *to_cancel;
2775 
2776 	usbi_dbg("device %d.%d",
2777 		dev_handle->dev->bus_number, dev_handle->dev->device_address);
2778 
2779 	/* terminate all pending transfers with the LIBUSB_TRANSFER_NO_DEVICE
2780 	 * status code.
2781 	 *
2782 	 * when we find a transfer for this device on the list, there are two
2783 	 * possible scenarios:
2784 	 * 1. the transfer is currently in-flight, in which case we terminate the
2785 	 *    transfer here
2786 	 * 2. the transfer has been added to the flying transfer list by
2787 	 *    libusb_submit_transfer, has failed to submit and
2788 	 *    libusb_submit_transfer is waiting for us to release the
2789 	 *    flying_transfers_lock to remove it, so we ignore it
2790 	 */
2791 
2792 	while (1) {
2793 		to_cancel = NULL;
2794 		usbi_mutex_lock(&HANDLE_CTX(dev_handle)->flying_transfers_lock);
2795 		list_for_each_entry(cur, &HANDLE_CTX(dev_handle)->flying_transfers, list, struct usbi_transfer)
2796 			if (USBI_TRANSFER_TO_LIBUSB_TRANSFER(cur)->dev_handle == dev_handle) {
2797 				usbi_mutex_lock(&cur->lock);
2798 				if (cur->state_flags & USBI_TRANSFER_IN_FLIGHT)
2799 					to_cancel = cur;
2800 				usbi_mutex_unlock(&cur->lock);
2801 
2802 				if (to_cancel)
2803 					break;
2804 			}
2805 		usbi_mutex_unlock(&HANDLE_CTX(dev_handle)->flying_transfers_lock);
2806 
2807 		if (!to_cancel)
2808 			break;
2809 
2810 		usbi_dbg("cancelling transfer %p from disconnect",
2811 			 USBI_TRANSFER_TO_LIBUSB_TRANSFER(to_cancel));
2812 
2813 		usbi_mutex_lock(&to_cancel->lock);
2814 		usbi_backend->clear_transfer_priv(to_cancel);
2815 		usbi_mutex_unlock(&to_cancel->lock);
2816 		usbi_handle_transfer_completion(to_cancel, LIBUSB_TRANSFER_NO_DEVICE);
2817 	}
2818 
2819 }
2820