1 /*
2  * I/O functions for libusb
3  * Copyright (C) 2007-2009 Daniel Drake <dsd@gentoo.org>
4  * Copyright (c) 2001 Johannes Erdfelt <johannes@erdfelt.com>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19  */
20 
21 #include <config.h>
22 #include <errno.h>
23 #include <poll.h>
24 #include <pthread.h>
25 #include <signal.h>
26 #include <stdint.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <sys/time.h>
30 #include <time.h>
31 #include <unistd.h>
32 
33 #ifdef USBI_TIMERFD_AVAILABLE
34 #include <sys/timerfd.h>
35 #endif
36 
37 #include "libusbi.h"
38 
39 /**
40  * \page io Synchronous and asynchronous device I/O
41  *
42  * \section intro Introduction
43  *
44  * If you're using libusb in your application, you're probably wanting to
45  * perform I/O with devices - you want to perform USB data transfers.
46  *
47  * libusb offers two separate interfaces for device I/O. This page aims to
48  * introduce the two in order to help you decide which one is more suitable
49  * for your application. You can also choose to use both interfaces in your
50  * application by considering each transfer on a case-by-case basis.
51  *
52  * Once you have read through the following discussion, you should consult the
53  * detailed API documentation pages for the details:
54  * - \ref syncio
55  * - \ref asyncio
56  *
57  * \section theory Transfers at a logical level
58  *
59  * At a logical level, USB transfers typically happen in two parts. For
60  * example, when reading data from a endpoint:
61  * -# A request for data is sent to the device
62  * -# Some time later, the incoming data is received by the host
63  *
64  * or when writing data to an endpoint:
65  *
66  * -# The data is sent to the device
67  * -# Some time later, the host receives acknowledgement from the device that
68  *    the data has been transferred.
69  *
70  * There may be an indefinite delay between the two steps. Consider a
71  * fictional USB input device with a button that the user can press. In order
72  * to determine when the button is pressed, you would likely submit a request
73  * to read data on a bulk or interrupt endpoint and wait for data to arrive.
74  * Data will arrive when the button is pressed by the user, which is
75  * potentially hours later.
76  *
77  * libusb offers both a synchronous and an asynchronous interface to performing
78  * USB transfers. The main difference is that the synchronous interface
79  * combines both steps indicated above into a single function call, whereas
80  * the asynchronous interface separates them.
81  *
82  * \section sync The synchronous interface
83  *
84  * The synchronous I/O interface allows you to perform a USB transfer with
85  * a single function call. When the function call returns, the transfer has
86  * completed and you can parse the results.
87  *
88  * If you have used the libusb-0.1 before, this I/O style will seem familar to
89  * you. libusb-0.1 only offered a synchronous interface.
90  *
91  * In our input device example, to read button presses you might write code
92  * in the following style:
93 \code
94 unsigned char data[4];
95 int actual_length,
96 int r = libusb_bulk_transfer(handle, EP_IN, data, sizeof(data), &actual_length, 0);
97 if (r == 0 && actual_length == sizeof(data)) {
98 	// results of the transaction can now be found in the data buffer
99 	// parse them here and report button press
100 } else {
101 	error();
102 }
103 \endcode
104  *
105  * The main advantage of this model is simplicity: you did everything with
106  * a single simple function call.
107  *
108  * However, this interface has its limitations. Your application will sleep
109  * inside libusb_bulk_transfer() until the transaction has completed. If it
110  * takes the user 3 hours to press the button, your application will be
111  * sleeping for that long. Execution will be tied up inside the library -
112  * the entire thread will be useless for that duration.
113  *
114  * Another issue is that by tieing up the thread with that single transaction
115  * there is no possibility of performing I/O with multiple endpoints and/or
116  * multiple devices simultaneously, unless you resort to creating one thread
117  * per transaction.
118  *
119  * Additionally, there is no opportunity to cancel the transfer after the
120  * request has been submitted.
121  *
122  * For details on how to use the synchronous API, see the
123  * \ref syncio "synchronous I/O API documentation" pages.
124  *
125  * \section async The asynchronous interface
126  *
127  * Asynchronous I/O is the most significant new feature in libusb-1.0.
128  * Although it is a more complex interface, it solves all the issues detailed
129  * above.
130  *
131  * Instead of providing which functions that block until the I/O has complete,
132  * libusb's asynchronous interface presents non-blocking functions which
133  * begin a transfer and then return immediately. Your application passes a
134  * callback function pointer to this non-blocking function, which libusb will
135  * call with the results of the transaction when it has completed.
136  *
137  * Transfers which have been submitted through the non-blocking functions
138  * can be cancelled with a separate function call.
139  *
140  * The non-blocking nature of this interface allows you to be simultaneously
141  * performing I/O to multiple endpoints on multiple devices, without having
142  * to use threads.
143  *
144  * This added flexibility does come with some complications though:
145  * - In the interest of being a lightweight library, libusb does not create
146  * threads and can only operate when your application is calling into it. Your
147  * application must call into libusb from it's main loop when events are ready
148  * to be handled, or you must use some other scheme to allow libusb to
149  * undertake whatever work needs to be done.
150  * - libusb also needs to be called into at certain fixed points in time in
151  * order to accurately handle transfer timeouts.
152  * - Memory handling becomes more complex. You cannot use stack memory unless
153  * the function with that stack is guaranteed not to return until the transfer
154  * callback has finished executing.
155  * - You generally lose some linearity from your code flow because submitting
156  * the transfer request is done in a separate function from where the transfer
157  * results are handled. This becomes particularly obvious when you want to
158  * submit a second transfer based on the results of an earlier transfer.
159  *
160  * Internally, libusb's synchronous interface is expressed in terms of function
161  * calls to the asynchronous interface.
162  *
163  * For details on how to use the asynchronous API, see the
164  * \ref asyncio "asynchronous I/O API" documentation pages.
165  */
166 
167 
168 /**
169  * \page packetoverflow Packets and overflows
170  *
171  * \section packets Packet abstraction
172  *
173  * The USB specifications describe how data is transmitted in packets, with
174  * constraints on packet size defined by endpoint descriptors. The host must
175  * not send data payloads larger than the endpoint's maximum packet size.
176  *
177  * libusb and the underlying OS abstract out the packet concept, allowing you
178  * to request transfers of any size. Internally, the request will be divided
179  * up into correctly-sized packets. You do not have to be concerned with
180  * packet sizes, but there is one exception when considering overflows.
181  *
182  * \section overflow Bulk/interrupt transfer overflows
183  *
184  * When requesting data on a bulk endpoint, libusb requires you to supply a
185  * buffer and the maximum number of bytes of data that libusb can put in that
186  * buffer. However, the size of the buffer is not communicated to the device -
187  * the device is just asked to send any amount of data.
188  *
189  * There is no problem if the device sends an amount of data that is less than
190  * or equal to the buffer size. libusb reports this condition to you through
191  * the \ref libusb_transfer::actual_length "libusb_transfer.actual_length"
192  * field.
193  *
194  * Problems may occur if the device attempts to send more data than can fit in
195  * the buffer. libusb reports LIBUSB_TRANSFER_OVERFLOW for this condition but
196  * other behaviour is largely undefined: actual_length may or may not be
197  * accurate, the chunk of data that can fit in the buffer (before overflow)
198  * may or may not have been transferred.
199  *
200  * Overflows are nasty, but can be avoided. Even though you were told to
201  * ignore packets above, think about the lower level details: each transfer is
202  * split into packets (typically small, with a maximum size of 512 bytes).
203  * Overflows can only happen if the final packet in an incoming data transfer
204  * is smaller than the actual packet that the device wants to transfer.
205  * Therefore, you will never see an overflow if your transfer buffer size is a
206  * multiple of the endpoint's packet size: the final packet will either
207  * fill up completely or will be only partially filled.
208  */
209 
210 /**
211  * @defgroup asyncio Asynchronous device I/O
212  *
213  * This page details libusb's asynchronous (non-blocking) API for USB device
214  * I/O. This interface is very powerful but is also quite complex - you will
215  * need to read this page carefully to understand the necessary considerations
216  * and issues surrounding use of this interface. Simplistic applications
217  * may wish to consider the \ref syncio "synchronous I/O API" instead.
218  *
219  * The asynchronous interface is built around the idea of separating transfer
220  * submission and handling of transfer completion (the synchronous model
221  * combines both of these into one). There may be a long delay between
222  * submission and completion, however the asynchronous submission function
223  * is non-blocking so will return control to your application during that
224  * potentially long delay.
225  *
226  * \section asyncabstraction Transfer abstraction
227  *
228  * For the asynchronous I/O, libusb implements the concept of a generic
229  * transfer entity for all types of I/O (control, bulk, interrupt,
230  * isochronous). The generic transfer object must be treated slightly
231  * differently depending on which type of I/O you are performing with it.
232  *
233  * This is represented by the public libusb_transfer structure type.
234  *
235  * \section asynctrf Asynchronous transfers
236  *
237  * We can view asynchronous I/O as a 5 step process:
238  * -# <b>Allocation</b>: allocate a libusb_transfer
239  * -# <b>Filling</b>: populate the libusb_transfer instance with information
240  *    about the transfer you wish to perform
241  * -# <b>Submission</b>: ask libusb to submit the transfer
242  * -# <b>Completion handling</b>: examine transfer results in the
243  *    libusb_transfer structure
244  * -# <b>Deallocation</b>: clean up resources
245  *
246  *
247  * \subsection asyncalloc Allocation
248  *
249  * This step involves allocating memory for a USB transfer. This is the
250  * generic transfer object mentioned above. At this stage, the transfer
251  * is "blank" with no details about what type of I/O it will be used for.
252  *
253  * Allocation is done with the libusb_alloc_transfer() function. You must use
254  * this function rather than allocating your own transfers.
255  *
256  * \subsection asyncfill Filling
257  *
258  * This step is where you take a previously allocated transfer and fill it
259  * with information to determine the message type and direction, data buffer,
260  * callback function, etc.
261  *
262  * You can either fill the required fields yourself or you can use the
263  * helper functions: libusb_fill_control_transfer(), libusb_fill_bulk_transfer()
264  * and libusb_fill_interrupt_transfer().
265  *
266  * \subsection asyncsubmit Submission
267  *
268  * When you have allocated a transfer and filled it, you can submit it using
269  * libusb_submit_transfer(). This function returns immediately but can be
270  * regarded as firing off the I/O request in the background.
271  *
272  * \subsection asynccomplete Completion handling
273  *
274  * After a transfer has been submitted, one of four things can happen to it:
275  *
276  * - The transfer completes (i.e. some data was transferred)
277  * - The transfer has a timeout and the timeout expires before all data is
278  * transferred
279  * - The transfer fails due to an error
280  * - The transfer is cancelled
281  *
282  * Each of these will cause the user-specified transfer callback function to
283  * be invoked. It is up to the callback function to determine which of the
284  * above actually happened and to act accordingly.
285  *
286  * The user-specified callback is passed a pointer to the libusb_transfer
287  * structure which was used to setup and submit the transfer. At completion
288  * time, libusb has populated this structure with results of the transfer:
289  * success or failure reason, number of bytes of data transferred, etc. See
290  * the libusb_transfer structure documentation for more information.
291  *
292  * \subsection Deallocation
293  *
294  * When a transfer has completed (i.e. the callback function has been invoked),
295  * you are advised to free the transfer (unless you wish to resubmit it, see
296  * below). Transfers are deallocated with libusb_free_transfer().
297  *
298  * It is undefined behaviour to free a transfer which has not completed.
299  *
300  * \section asyncresubmit Resubmission
301  *
302  * You may be wondering why allocation, filling, and submission are all
303  * separated above where they could reasonably be combined into a single
304  * operation.
305  *
306  * The reason for separation is to allow you to resubmit transfers without
307  * having to allocate new ones every time. This is especially useful for
308  * common situations dealing with interrupt endpoints - you allocate one
309  * transfer, fill and submit it, and when it returns with results you just
310  * resubmit it for the next interrupt.
311  *
312  * \section asynccancel Cancellation
313  *
314  * Another advantage of using the asynchronous interface is that you have
315  * the ability to cancel transfers which have not yet completed. This is
316  * done by calling the libusb_cancel_transfer() function.
317  *
318  * libusb_cancel_transfer() is asynchronous/non-blocking in itself. When the
319  * cancellation actually completes, the transfer's callback function will
320  * be invoked, and the callback function should check the transfer status to
321  * determine that it was cancelled.
322  *
323  * Freeing the transfer after it has been cancelled but before cancellation
324  * has completed will result in undefined behaviour.
325  *
326  * When a transfer is cancelled, some of the data may have been transferred.
327  * libusb will communicate this to you in the transfer callback. Do not assume
328  * that no data was transferred.
329  *
330  * \section bulk_overflows Overflows on device-to-host bulk/interrupt endpoints
331  *
332  * If your device does not have predictable transfer sizes (or it misbehaves),
333  * your application may submit a request for data on an IN endpoint which is
334  * smaller than the data that the device wishes to send. In some circumstances
335  * this will cause an overflow, which is a nasty condition to deal with. See
336  * the \ref packetoverflow page for discussion.
337  *
338  * \section asyncctrl Considerations for control transfers
339  *
340  * The <tt>libusb_transfer</tt> structure is generic and hence does not
341  * include specific fields for the control-specific setup packet structure.
342  *
343  * In order to perform a control transfer, you must place the 8-byte setup
344  * packet at the start of the data buffer. To simplify this, you could
345  * cast the buffer pointer to type struct libusb_control_setup, or you can
346  * use the helper function libusb_fill_control_setup().
347  *
348  * The wLength field placed in the setup packet must be the length you would
349  * expect to be sent in the setup packet: the length of the payload that
350  * follows (or the expected maximum number of bytes to receive). However,
351  * the length field of the libusb_transfer object must be the length of
352  * the data buffer - i.e. it should be wLength <em>plus</em> the size of
353  * the setup packet (LIBUSB_CONTROL_SETUP_SIZE).
354  *
355  * If you use the helper functions, this is simplified for you:
356  * -# Allocate a buffer of size LIBUSB_CONTROL_SETUP_SIZE plus the size of the
357  * data you are sending/requesting.
358  * -# Call libusb_fill_control_setup() on the data buffer, using the transfer
359  * request size as the wLength value (i.e. do not include the extra space you
360  * allocated for the control setup).
361  * -# If this is a host-to-device transfer, place the data to be transferred
362  * in the data buffer, starting at offset LIBUSB_CONTROL_SETUP_SIZE.
363  * -# Call libusb_fill_control_transfer() to associate the data buffer with
364  * the transfer (and to set the remaining details such as callback and timeout).
365  *   - Note that there is no parameter to set the length field of the transfer.
366  *     The length is automatically inferred from the wLength field of the setup
367  *     packet.
368  * -# Submit the transfer.
369  *
370  * The multi-byte control setup fields (wValue, wIndex and wLength) must
371  * be given in little-endian byte order (the endianness of the USB bus).
372  * Endianness conversion is transparently handled by
373  * libusb_fill_control_setup() which is documented to accept host-endian
374  * values.
375  *
376  * Further considerations are needed when handling transfer completion in
377  * your callback function:
378  * - As you might expect, the setup packet will still be sitting at the start
379  * of the data buffer.
380  * - If this was a device-to-host transfer, the received data will be sitting
381  * at offset LIBUSB_CONTROL_SETUP_SIZE into the buffer.
382  * - The actual_length field of the transfer structure is relative to the
383  * wLength of the setup packet, rather than the size of the data buffer. So,
384  * if your wLength was 4, your transfer's <tt>length</tt> was 12, then you
385  * should expect an <tt>actual_length</tt> of 4 to indicate that the data was
386  * transferred in entirity.
387  *
388  * To simplify parsing of setup packets and obtaining the data from the
389  * correct offset, you may wish to use the libusb_control_transfer_get_data()
390  * and libusb_control_transfer_get_setup() functions within your transfer
391  * callback.
392  *
393  * Even though control endpoints do not halt, a completed control transfer
394  * may have a LIBUSB_TRANSFER_STALL status code. This indicates the control
395  * request was not supported.
396  *
397  * \section asyncintr Considerations for interrupt transfers
398  *
399  * All interrupt transfers are performed using the polling interval presented
400  * by the bInterval value of the endpoint descriptor.
401  *
402  * \section asynciso Considerations for isochronous transfers
403  *
404  * Isochronous transfers are more complicated than transfers to
405  * non-isochronous endpoints.
406  *
407  * To perform I/O to an isochronous endpoint, allocate the transfer by calling
408  * libusb_alloc_transfer() with an appropriate number of isochronous packets.
409  *
410  * During filling, set \ref libusb_transfer::type "type" to
411  * \ref libusb_transfer_type::LIBUSB_TRANSFER_TYPE_ISOCHRONOUS
412  * "LIBUSB_TRANSFER_TYPE_ISOCHRONOUS", and set
413  * \ref libusb_transfer::num_iso_packets "num_iso_packets" to a value less than
414  * or equal to the number of packets you requested during allocation.
415  * libusb_alloc_transfer() does not set either of these fields for you, given
416  * that you might not even use the transfer on an isochronous endpoint.
417  *
418  * Next, populate the length field for the first num_iso_packets entries in
419  * the \ref libusb_transfer::iso_packet_desc "iso_packet_desc" array. Section
420  * 5.6.3 of the USB2 specifications describe how the maximum isochronous
421  * packet length is determined by the wMaxPacketSize field in the endpoint
422  * descriptor.
423  * Two functions can help you here:
424  *
425  * - libusb_get_max_iso_packet_size() is an easy way to determine the max
426  *   packet size for an isochronous endpoint. Note that the maximum packet
427  *   size is actually the maximum number of bytes that can be transmitted in
428  *   a single microframe, therefore this function multiplies the maximum number
429  *   of bytes per transaction by the number of transaction opportunities per
430  *   microframe.
431  * - libusb_set_iso_packet_lengths() assigns the same length to all packets
432  *   within a transfer, which is usually what you want.
433  *
434  * For outgoing transfers, you'll obviously fill the buffer and populate the
435  * packet descriptors in hope that all the data gets transferred. For incoming
436  * transfers, you must ensure the buffer has sufficient capacity for
437  * the situation where all packets transfer the full amount of requested data.
438  *
439  * Completion handling requires some extra consideration. The
440  * \ref libusb_transfer::actual_length "actual_length" field of the transfer
441  * is meaningless and should not be examined; instead you must refer to the
442  * \ref libusb_iso_packet_descriptor::actual_length "actual_length" field of
443  * each individual packet.
444  *
445  * The \ref libusb_transfer::status "status" field of the transfer is also a
446  * little misleading:
447  *  - If the packets were submitted and the isochronous data microframes
448  *    completed normally, status will have value
449  *    \ref libusb_transfer_status::LIBUSB_TRANSFER_COMPLETED
450  *    "LIBUSB_TRANSFER_COMPLETED". Note that bus errors and software-incurred
451  *    delays are not counted as transfer errors; the transfer.status field may
452  *    indicate COMPLETED even if some or all of the packets failed. Refer to
453  *    the \ref libusb_iso_packet_descriptor::status "status" field of each
454  *    individual packet to determine packet failures.
455  *  - The status field will have value
456  *    \ref libusb_transfer_status::LIBUSB_TRANSFER_ERROR
457  *    "LIBUSB_TRANSFER_ERROR" only when serious errors were encountered.
458  *  - Other transfer status codes occur with normal behaviour.
459  *
460  * The data for each packet will be found at an offset into the buffer that
461  * can be calculated as if each prior packet completed in full. The
462  * libusb_get_iso_packet_buffer() and libusb_get_iso_packet_buffer_simple()
463  * functions may help you here.
464  *
465  * \section asyncmem Memory caveats
466  *
467  * In most circumstances, it is not safe to use stack memory for transfer
468  * buffers. This is because the function that fired off the asynchronous
469  * transfer may return before libusb has finished using the buffer, and when
470  * the function returns it's stack gets destroyed. This is true for both
471  * host-to-device and device-to-host transfers.
472  *
473  * The only case in which it is safe to use stack memory is where you can
474  * guarantee that the function owning the stack space for the buffer does not
475  * return until after the transfer's callback function has completed. In every
476  * other case, you need to use heap memory instead.
477  *
478  * \section asyncflags Fine control
479  *
480  * Through using this asynchronous interface, you may find yourself repeating
481  * a few simple operations many times. You can apply a bitwise OR of certain
482  * flags to a transfer to simplify certain things:
483  * - \ref libusb_transfer_flags::LIBUSB_TRANSFER_SHORT_NOT_OK
484  *   "LIBUSB_TRANSFER_SHORT_NOT_OK" results in transfers which transferred
485  *   less than the requested amount of data being marked with status
486  *   \ref libusb_transfer_status::LIBUSB_TRANSFER_ERROR "LIBUSB_TRANSFER_ERROR"
487  *   (they would normally be regarded as COMPLETED)
488  * - \ref libusb_transfer_flags::LIBUSB_TRANSFER_FREE_BUFFER
489  *   "LIBUSB_TRANSFER_FREE_BUFFER" allows you to ask libusb to free the transfer
490  *   buffer when freeing the transfer.
491  * - \ref libusb_transfer_flags::LIBUSB_TRANSFER_FREE_TRANSFER
492  *   "LIBUSB_TRANSFER_FREE_TRANSFER" causes libusb to automatically free the
493  *   transfer after the transfer callback returns.
494  *
495  * \section asyncevent Event handling
496  *
497  * In accordance of the aim of being a lightweight library, libusb does not
498  * create threads internally. This means that libusb code does not execute
499  * at any time other than when your application is calling a libusb function.
500  * However, an asynchronous model requires that libusb perform work at various
501  * points in time - namely processing the results of previously-submitted
502  * transfers and invoking the user-supplied callback function.
503  *
504  * This gives rise to the libusb_handle_events() function which your
505  * application must call into when libusb has work do to. This gives libusb
506  * the opportunity to reap pending transfers, invoke callbacks, etc.
507  *
508  * The first issue to discuss here is how your application can figure out
509  * when libusb has work to do. In fact, there are two naive options which
510  * do not actually require your application to know this:
511  * -# Periodically call libusb_handle_events() in non-blocking mode at fixed
512  *    short intervals from your main loop
513  * -# Repeatedly call libusb_handle_events() in blocking mode from a dedicated
514  *    thread.
515  *
516  * The first option is plainly not very nice, and will cause unnecessary
517  * CPU wakeups leading to increased power usage and decreased battery life.
518  * The second option is not very nice either, but may be the nicest option
519  * available to you if the "proper" approach can not be applied to your
520  * application (read on...).
521  *
522  * The recommended option is to integrate libusb with your application main
523  * event loop. libusb exposes a set of file descriptors which allow you to do
524  * this. Your main loop is probably already calling poll() or select() or a
525  * variant on a set of file descriptors for other event sources (e.g. keyboard
526  * button presses, mouse movements, network sockets, etc). You then add
527  * libusb's file descriptors to your poll()/select() calls, and when activity
528  * is detected on such descriptors you know it is time to call
529  * libusb_handle_events().
530  *
531  * There is one final event handling complication. libusb supports
532  * asynchronous transfers which time out after a specified time period, and
533  * this requires that libusb is called into at or after the timeout so that
534  * the timeout can be handled. So, in addition to considering libusb's file
535  * descriptors in your main event loop, you must also consider that libusb
536  * sometimes needs to be called into at fixed points in time even when there
537  * is no file descriptor activity.
538  *
539  * For the details on retrieving the set of file descriptors and determining
540  * the next timeout, see the \ref poll "polling and timing" API documentation.
541  */
542 
543 /**
544  * @defgroup poll Polling and timing
545  *
546  * This page documents libusb's functions for polling events and timing.
547  * These functions are only necessary for users of the
548  * \ref asyncio "asynchronous API". If you are only using the simpler
549  * \ref syncio "synchronous API" then you do not need to ever call these
550  * functions.
551  *
552  * The justification for the functionality described here has already been
553  * discussed in the \ref asyncevent "event handling" section of the
554  * asynchronous API documentation. In summary, libusb does not create internal
555  * threads for event processing and hence relies on your application calling
556  * into libusb at certain points in time so that pending events can be handled.
557  * In order to know precisely when libusb needs to be called into, libusb
558  * offers you a set of pollable file descriptors and information about when
559  * the next timeout expires.
560  *
561  * If you are using the asynchronous I/O API, you must take one of the two
562  * following options, otherwise your I/O will not complete.
563  *
564  * \section pollsimple The simple option
565  *
566  * If your application revolves solely around libusb and does not need to
567  * handle other event sources, you can have a program structure as follows:
568 \code
569 // initialize libusb
570 // find and open device
571 // maybe fire off some initial async I/O
572 
573 while (user_has_not_requested_exit)
574 	libusb_handle_events(ctx);
575 
576 // clean up and exit
577 \endcode
578  *
579  * With such a simple main loop, you do not have to worry about managing
580  * sets of file descriptors or handling timeouts. libusb_handle_events() will
581  * handle those details internally.
582  *
583  * \section pollmain The more advanced option
584  *
585  * In more advanced applications, you will already have a main loop which
586  * is monitoring other event sources: network sockets, X11 events, mouse
587  * movements, etc. Through exposing a set of file descriptors, libusb is
588  * designed to cleanly integrate into such main loops.
589  *
590  * In addition to polling file descriptors for the other event sources, you
591  * take a set of file descriptors from libusb and monitor those too. When you
592  * detect activity on libusb's file descriptors, you call
593  * libusb_handle_events_timeout() in non-blocking mode.
594  *
595  * What's more, libusb may also need to handle events at specific moments in
596  * time. No file descriptor activity is generated at these times, so your
597  * own application needs to be continually aware of when the next one of these
598  * moments occurs (through calling libusb_get_next_timeout()), and then it
599  * needs to call libusb_handle_events_timeout() in non-blocking mode when
600  * these moments occur. This means that you need to adjust your
601  * poll()/select() timeout accordingly.
602  *
603  * libusb provides you with a set of file descriptors to poll and expects you
604  * to poll all of them, treating them as a single entity. The meaning of each
605  * file descriptor in the set is an internal implementation detail,
606  * platform-dependent and may vary from release to release. Don't try and
607  * interpret the meaning of the file descriptors, just do as libusb indicates,
608  * polling all of them at once.
609  *
610  * In pseudo-code, you want something that looks like:
611 \code
612 // initialise libusb
613 
614 libusb_get_pollfds(ctx)
615 while (user has not requested application exit) {
616 	libusb_get_next_timeout(ctx);
617 	poll(on libusb file descriptors plus any other event sources of interest,
618 		using a timeout no larger than the value libusb just suggested)
619 	if (poll() indicated activity on libusb file descriptors)
620 		libusb_handle_events_timeout(ctx, 0);
621 	if (time has elapsed to or beyond the libusb timeout)
622 		libusb_handle_events_timeout(ctx, 0);
623 	// handle events from other sources here
624 }
625 
626 // clean up and exit
627 \endcode
628  *
629  * \subsection polltime Notes on time-based events
630  *
631  * The above complication with having to track time and call into libusb at
632  * specific moments is a bit of a headache. For maximum compatibility, you do
633  * need to write your main loop as above, but you may decide that you can
634  * restrict the supported platforms of your application and get away with
635  * a more simplistic scheme.
636  *
637  * These time-based event complications are \b not required on the following
638  * platforms:
639  *  - Darwin
640  *  - Linux, provided that the following version requirements are satisfied:
641  *   - Linux v2.6.27 or newer, compiled with timerfd support
642  *   - glibc v2.9 or newer
643  *   - libusb v1.0.5 or newer
644  *
645  * Under these configurations, libusb_get_next_timeout() will \em always return
646  * 0, so your main loop can be simplified to:
647 \code
648 // initialise libusb
649 
650 libusb_get_pollfds(ctx)
651 while (user has not requested application exit) {
652 	poll(on libusb file descriptors plus any other event sources of interest,
653 		using any timeout that you like)
654 	if (poll() indicated activity on libusb file descriptors)
655 		libusb_handle_events_timeout(ctx, 0);
656 	// handle events from other sources here
657 }
658 
659 // clean up and exit
660 \endcode
661  *
662  * Do remember that if you simplify your main loop to the above, you will
663  * lose compatibility with some platforms (including legacy Linux platforms,
664  * and <em>any future platforms supported by libusb which may have time-based
665  * event requirements</em>). The resultant problems will likely appear as
666  * strange bugs in your application.
667  *
668  * You can use the libusb_pollfds_handle_timeouts() function to do a runtime
669  * check to see if it is safe to ignore the time-based event complications.
670  * If your application has taken the shortcut of ignoring libusb's next timeout
671  * in your main loop, then you are advised to check the return value of
672  * libusb_pollfds_handle_timeouts() during application startup, and to abort
673  * if the platform does suffer from these timing complications.
674  *
675  * \subsection fdsetchange Changes in the file descriptor set
676  *
677  * The set of file descriptors that libusb uses as event sources may change
678  * during the life of your application. Rather than having to repeatedly
679  * call libusb_get_pollfds(), you can set up notification functions for when
680  * the file descriptor set changes using libusb_set_pollfd_notifiers().
681  *
682  * \subsection mtissues Multi-threaded considerations
683  *
684  * Unfortunately, the situation is complicated further when multiple threads
685  * come into play. If two threads are monitoring the same file descriptors,
686  * the fact that only one thread will be woken up when an event occurs causes
687  * some headaches.
688  *
689  * The events lock, event waiters lock, and libusb_handle_events_locked()
690  * entities are added to solve these problems. You do not need to be concerned
691  * with these entities otherwise.
692  *
693  * See the extra documentation: \ref mtasync
694  */
695 
696 /** \page mtasync Multi-threaded applications and asynchronous I/O
697  *
698  * libusb is a thread-safe library, but extra considerations must be applied
699  * to applications which interact with libusb from multiple threads.
700  *
701  * The underlying issue that must be addressed is that all libusb I/O
702  * revolves around monitoring file descriptors through the poll()/select()
703  * system calls. This is directly exposed at the
704  * \ref asyncio "asynchronous interface" but it is important to note that the
705  * \ref syncio "synchronous interface" is implemented on top of the
706  * asynchonrous interface, therefore the same considerations apply.
707  *
708  * The issue is that if two or more threads are concurrently calling poll()
709  * or select() on libusb's file descriptors then only one of those threads
710  * will be woken up when an event arrives. The others will be completely
711  * oblivious that anything has happened.
712  *
713  * Consider the following pseudo-code, which submits an asynchronous transfer
714  * then waits for its completion. This style is one way you could implement a
715  * synchronous interface on top of the asynchronous interface (and libusb
716  * does something similar, albeit more advanced due to the complications
717  * explained on this page).
718  *
719 \code
720 void cb(struct libusb_transfer *transfer)
721 {
722 	int *completed = transfer->user_data;
723 	*completed = 1;
724 }
725 
726 void myfunc() {
727 	struct libusb_transfer *transfer;
728 	unsigned char buffer[LIBUSB_CONTROL_SETUP_SIZE];
729 	int completed = 0;
730 
731 	transfer = libusb_alloc_transfer(0);
732 	libusb_fill_control_setup(buffer,
733 		LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_ENDPOINT_OUT, 0x04, 0x01, 0, 0);
734 	libusb_fill_control_transfer(transfer, dev, buffer, cb, &completed, 1000);
735 	libusb_submit_transfer(transfer);
736 
737 	while (!completed) {
738 		poll(libusb file descriptors, 120*1000);
739 		if (poll indicates activity)
740 			libusb_handle_events_timeout(ctx, 0);
741 	}
742 	printf("completed!");
743 	// other code here
744 }
745 \endcode
746  *
747  * Here we are <em>serializing</em> completion of an asynchronous event
748  * against a condition - the condition being completion of a specific transfer.
749  * The poll() loop has a long timeout to minimize CPU usage during situations
750  * when nothing is happening (it could reasonably be unlimited).
751  *
752  * If this is the only thread that is polling libusb's file descriptors, there
753  * is no problem: there is no danger that another thread will swallow up the
754  * event that we are interested in. On the other hand, if there is another
755  * thread polling the same descriptors, there is a chance that it will receive
756  * the event that we were interested in. In this situation, <tt>myfunc()</tt>
757  * will only realise that the transfer has completed on the next iteration of
758  * the loop, <em>up to 120 seconds later.</em> Clearly a two-minute delay is
759  * undesirable, and don't even think about using short timeouts to circumvent
760  * this issue!
761  *
762  * The solution here is to ensure that no two threads are ever polling the
763  * file descriptors at the same time. A naive implementation of this would
764  * impact the capabilities of the library, so libusb offers the scheme
765  * documented below to ensure no loss of functionality.
766  *
767  * Before we go any further, it is worth mentioning that all libusb-wrapped
768  * event handling procedures fully adhere to the scheme documented below.
769  * This includes libusb_handle_events() and all the synchronous I/O functions -
770  * libusb hides this headache from you. You do not need to worry about any
771  * of these issues if you stick to that level.
772  *
773  * The problem is when we consider the fact that libusb exposes file
774  * descriptors to allow for you to integrate asynchronous USB I/O into
775  * existing main loops, effectively allowing you to do some work behind
776  * libusb's back. If you do take libusb's file descriptors and pass them to
777  * poll()/select() yourself, you need to be aware of the associated issues.
778  *
779  * \section eventlock The events lock
780  *
781  * The first concept to be introduced is the events lock. The events lock
782  * is used to serialize threads that want to handle events, such that only
783  * one thread is handling events at any one time.
784  *
785  * You must take the events lock before polling libusb file descriptors,
786  * using libusb_lock_events(). You must release the lock as soon as you have
787  * aborted your poll()/select() loop, using libusb_unlock_events().
788  *
789  * \section threadwait Letting other threads do the work for you
790  *
791  * Although the events lock is a critical part of the solution, it is not
792  * enough on it's own. You might wonder if the following is sufficient...
793 \code
794 	libusb_lock_events(ctx);
795 	while (!completed) {
796 		poll(libusb file descriptors, 120*1000);
797 		if (poll indicates activity)
798 			libusb_handle_events_timeout(ctx, 0);
799 	}
800 	libusb_unlock_events(ctx);
801 \endcode
802  * ...and the answer is that it is not. This is because the transfer in the
803  * code shown above may take a long time (say 30 seconds) to complete, and
804  * the lock is not released until the transfer is completed.
805  *
806  * Another thread with similar code that wants to do event handling may be
807  * working with a transfer that completes after a few milliseconds. Despite
808  * having such a quick completion time, the other thread cannot check that
809  * status of its transfer until the code above has finished (30 seconds later)
810  * due to contention on the lock.
811  *
812  * To solve this, libusb offers you a mechanism to determine when another
813  * thread is handling events. It also offers a mechanism to block your thread
814  * until the event handling thread has completed an event (and this mechanism
815  * does not involve polling of file descriptors).
816  *
817  * After determining that another thread is currently handling events, you
818  * obtain the <em>event waiters</em> lock using libusb_lock_event_waiters().
819  * You then re-check that some other thread is still handling events, and if
820  * so, you call libusb_wait_for_event().
821  *
822  * libusb_wait_for_event() puts your application to sleep until an event
823  * occurs, or until a thread releases the events lock. When either of these
824  * things happen, your thread is woken up, and should re-check the condition
825  * it was waiting on. It should also re-check that another thread is handling
826  * events, and if not, it should start handling events itself.
827  *
828  * This looks like the following, as pseudo-code:
829 \code
830 retry:
831 if (libusb_try_lock_events(ctx) == 0) {
832 	// we obtained the event lock: do our own event handling
833 	while (!completed) {
834 		if (!libusb_event_handling_ok(ctx)) {
835 			libusb_unlock_events(ctx);
836 			goto retry;
837 		}
838 		poll(libusb file descriptors, 120*1000);
839 		if (poll indicates activity)
840 			libusb_handle_events_locked(ctx, 0);
841 	}
842 	libusb_unlock_events(ctx);
843 } else {
844 	// another thread is doing event handling. wait for it to signal us that
845 	// an event has completed
846 	libusb_lock_event_waiters(ctx);
847 
848 	while (!completed) {
849 		// now that we have the event waiters lock, double check that another
850 		// thread is still handling events for us. (it may have ceased handling
851 		// events in the time it took us to reach this point)
852 		if (!libusb_event_handler_active(ctx)) {
853 			// whoever was handling events is no longer doing so, try again
854 			libusb_unlock_event_waiters(ctx);
855 			goto retry;
856 		}
857 
858 		libusb_wait_for_event(ctx);
859 	}
860 	libusb_unlock_event_waiters(ctx);
861 }
862 printf("completed!\n");
863 \endcode
864  *
865  * A naive look at the above code may suggest that this can only support
866  * one event waiter (hence a total of 2 competing threads, the other doing
867  * event handling), because the event waiter seems to have taken the event
868  * waiters lock while waiting for an event. However, the system does support
869  * multiple event waiters, because libusb_wait_for_event() actually drops
870  * the lock while waiting, and reaquires it before continuing.
871  *
872  * We have now implemented code which can dynamically handle situations where
873  * nobody is handling events (so we should do it ourselves), and it can also
874  * handle situations where another thread is doing event handling (so we can
875  * piggyback onto them). It is also equipped to handle a combination of
876  * the two, for example, another thread is doing event handling, but for
877  * whatever reason it stops doing so before our condition is met, so we take
878  * over the event handling.
879  *
880  * Four functions were introduced in the above pseudo-code. Their importance
881  * should be apparent from the code shown above.
882  * -# libusb_try_lock_events() is a non-blocking function which attempts
883  *    to acquire the events lock but returns a failure code if it is contended.
884  * -# libusb_event_handling_ok() checks that libusb is still happy for your
885  *    thread to be performing event handling. Sometimes, libusb needs to
886  *    interrupt the event handler, and this is how you can check if you have
887  *    been interrupted. If this function returns 0, the correct behaviour is
888  *    for you to give up the event handling lock, and then to repeat the cycle.
889  *    The following libusb_try_lock_events() will fail, so you will become an
890  *    events waiter. For more information on this, read \ref fullstory below.
891  * -# libusb_handle_events_locked() is a variant of
892  *    libusb_handle_events_timeout() that you can call while holding the
893  *    events lock. libusb_handle_events_timeout() itself implements similar
894  *    logic to the above, so be sure not to call it when you are
895  *    "working behind libusb's back", as is the case here.
896  * -# libusb_event_handler_active() determines if someone is currently
897  *    holding the events lock
898  *
899  * You might be wondering why there is no function to wake up all threads
900  * blocked on libusb_wait_for_event(). This is because libusb can do this
901  * internally: it will wake up all such threads when someone calls
902  * libusb_unlock_events() or when a transfer completes (at the point after its
903  * callback has returned).
904  *
905  * \subsection fullstory The full story
906  *
907  * The above explanation should be enough to get you going, but if you're
908  * really thinking through the issues then you may be left with some more
909  * questions regarding libusb's internals. If you're curious, read on, and if
910  * not, skip to the next section to avoid confusing yourself!
911  *
912  * The immediate question that may spring to mind is: what if one thread
913  * modifies the set of file descriptors that need to be polled while another
914  * thread is doing event handling?
915  *
916  * There are 2 situations in which this may happen.
917  * -# libusb_open() will add another file descriptor to the poll set,
918  *    therefore it is desirable to interrupt the event handler so that it
919  *    restarts, picking up the new descriptor.
920  * -# libusb_close() will remove a file descriptor from the poll set. There
921  *    are all kinds of race conditions that could arise here, so it is
922  *    important that nobody is doing event handling at this time.
923  *
924  * libusb handles these issues internally, so application developers do not
925  * have to stop their event handlers while opening/closing devices. Here's how
926  * it works, focusing on the libusb_close() situation first:
927  *
928  * -# During initialization, libusb opens an internal pipe, and it adds the read
929  *    end of this pipe to the set of file descriptors to be polled.
930  * -# During libusb_close(), libusb writes some dummy data on this control pipe.
931  *    This immediately interrupts the event handler. libusb also records
932  *    internally that it is trying to interrupt event handlers for this
933  *    high-priority event.
934  * -# At this point, some of the functions described above start behaving
935  *    differently:
936  *   - libusb_event_handling_ok() starts returning 1, indicating that it is NOT
937  *     OK for event handling to continue.
938  *   - libusb_try_lock_events() starts returning 1, indicating that another
939  *     thread holds the event handling lock, even if the lock is uncontended.
940  *   - libusb_event_handler_active() starts returning 1, indicating that
941  *     another thread is doing event handling, even if that is not true.
942  * -# The above changes in behaviour result in the event handler stopping and
943  *    giving up the events lock very quickly, giving the high-priority
944  *    libusb_close() operation a "free ride" to acquire the events lock. All
945  *    threads that are competing to do event handling become event waiters.
946  * -# With the events lock held inside libusb_close(), libusb can safely remove
947  *    a file descriptor from the poll set, in the safety of knowledge that
948  *    nobody is polling those descriptors or trying to access the poll set.
949  * -# After obtaining the events lock, the close operation completes very
950  *    quickly (usually a matter of milliseconds) and then immediately releases
951  *    the events lock.
952  * -# At the same time, the behaviour of libusb_event_handling_ok() and friends
953  *    reverts to the original, documented behaviour.
954  * -# The release of the events lock causes the threads that are waiting for
955  *    events to be woken up and to start competing to become event handlers
956  *    again. One of them will succeed; it will then re-obtain the list of poll
957  *    descriptors, and USB I/O will then continue as normal.
958  *
959  * libusb_open() is similar, and is actually a more simplistic case. Upon a
960  * call to libusb_open():
961  *
962  * -# The device is opened and a file descriptor is added to the poll set.
963  * -# libusb sends some dummy data on the control pipe, and records that it
964  *    is trying to modify the poll descriptor set.
965  * -# The event handler is interrupted, and the same behaviour change as for
966  *    libusb_close() takes effect, causing all event handling threads to become
967  *    event waiters.
968  * -# The libusb_open() implementation takes its free ride to the events lock.
969  * -# Happy that it has successfully paused the events handler, libusb_open()
970  *    releases the events lock.
971  * -# The event waiter threads are all woken up and compete to become event
972  *    handlers again. The one that succeeds will obtain the list of poll
973  *    descriptors again, which will include the addition of the new device.
974  *
975  * \subsection concl Closing remarks
976  *
977  * The above may seem a little complicated, but hopefully I have made it clear
978  * why such complications are necessary. Also, do not forget that this only
979  * applies to applications that take libusb's file descriptors and integrate
980  * them into their own polling loops.
981  *
982  * You may decide that it is OK for your multi-threaded application to ignore
983  * some of the rules and locks detailed above, because you don't think that
984  * two threads can ever be polling the descriptors at the same time. If that
985  * is the case, then that's good news for you because you don't have to worry.
986  * But be careful here; remember that the synchronous I/O functions do event
987  * handling internally. If you have one thread doing event handling in a loop
988  * (without implementing the rules and locking semantics documented above)
989  * and another trying to send a synchronous USB transfer, you will end up with
990  * two threads monitoring the same descriptors, and the above-described
991  * undesirable behaviour occuring. The solution is for your polling thread to
992  * play by the rules; the synchronous I/O functions do so, and this will result
993  * in them getting along in perfect harmony.
994  *
995  * If you do have a dedicated thread doing event handling, it is perfectly
996  * legal for it to take the event handling lock for long periods of time. Any
997  * synchronous I/O functions you call from other threads will transparently
998  * fall back to the "event waiters" mechanism detailed above. The only
999  * consideration that your event handling thread must apply is the one related
1000  * to libusb_event_handling_ok(): you must call this before every poll(), and
1001  * give up the events lock if instructed.
1002  */
1003 
usbi_io_init(struct libusb_context * ctx)1004 int usbi_io_init(struct libusb_context *ctx)
1005 {
1006 	int r;
1007 
1008 	pthread_mutex_init(&ctx->flying_transfers_lock, NULL);
1009 	pthread_mutex_init(&ctx->pollfds_lock, NULL);
1010 	pthread_mutex_init(&ctx->pollfd_modify_lock, NULL);
1011 	pthread_mutex_init(&ctx->events_lock, NULL);
1012 	pthread_mutex_init(&ctx->event_waiters_lock, NULL);
1013 	pthread_cond_init(&ctx->event_waiters_cond, NULL);
1014 	list_init(&ctx->flying_transfers);
1015 	list_init(&ctx->pollfds);
1016 
1017 	/* FIXME should use an eventfd on kernels that support it */
1018 	r = pipe(ctx->ctrl_pipe);
1019 	if (r < 0)
1020 		return LIBUSB_ERROR_OTHER;
1021 
1022 	r = usbi_add_pollfd(ctx, ctx->ctrl_pipe[0], POLLIN);
1023 	if (r < 0)
1024 		return r;
1025 
1026 #ifdef USBI_TIMERFD_AVAILABLE
1027 	ctx->timerfd = timerfd_create(usbi_backend->get_timerfd_clockid(),
1028 		TFD_NONBLOCK);
1029 	if (ctx->timerfd >= 0) {
1030 		usbi_dbg("using timerfd for timeouts");
1031 		r = usbi_add_pollfd(ctx, ctx->timerfd, POLLIN);
1032 		if (r < 0) {
1033 			close(ctx->timerfd);
1034 			return r;
1035 		}
1036 	} else {
1037 		usbi_dbg("timerfd not available (code %d error %d)", ctx->timerfd, errno);
1038 		ctx->timerfd = -1;
1039 	}
1040 #endif
1041 
1042 	return 0;
1043 }
1044 
usbi_io_exit(struct libusb_context * ctx)1045 void usbi_io_exit(struct libusb_context *ctx)
1046 {
1047 	usbi_remove_pollfd(ctx, ctx->ctrl_pipe[0]);
1048 	close(ctx->ctrl_pipe[0]);
1049 	close(ctx->ctrl_pipe[1]);
1050 #ifdef USBI_TIMERFD_AVAILABLE
1051 	if (usbi_using_timerfd(ctx)) {
1052 		usbi_remove_pollfd(ctx, ctx->timerfd);
1053 		close(ctx->timerfd);
1054 	}
1055 #endif
1056 }
1057 
calculate_timeout(struct usbi_transfer * transfer)1058 static int calculate_timeout(struct usbi_transfer *transfer)
1059 {
1060 	int r;
1061 	struct timespec current_time;
1062 	unsigned int timeout =
1063 		__USBI_TRANSFER_TO_LIBUSB_TRANSFER(transfer)->timeout;
1064 
1065 	if (!timeout)
1066 		return 0;
1067 
1068 	r = usbi_backend->clock_gettime(USBI_CLOCK_MONOTONIC, &current_time);
1069 	if (r < 0) {
1070 		usbi_err(ITRANSFER_CTX(transfer),
1071 			"failed to read monotonic clock, errno=%d", errno);
1072 		return r;
1073 	}
1074 
1075 	current_time.tv_sec += timeout / 1000;
1076 	current_time.tv_nsec += (timeout % 1000) * 1000000;
1077 
1078 	if (current_time.tv_nsec > 1000000000) {
1079 		current_time.tv_nsec -= 1000000000;
1080 		current_time.tv_sec++;
1081 	}
1082 
1083 	TIMESPEC_TO_TIMEVAL(&transfer->timeout, &current_time);
1084 	return 0;
1085 }
1086 
1087 /* add a transfer to the (timeout-sorted) active transfers list.
1088  * returns 1 if the transfer has a timeout and it is the timeout next to
1089  * expire */
add_to_flying_list(struct usbi_transfer * transfer)1090 static int add_to_flying_list(struct usbi_transfer *transfer)
1091 {
1092 	struct usbi_transfer *cur;
1093 	struct timeval *timeout = &transfer->timeout;
1094 	struct libusb_context *ctx = ITRANSFER_CTX(transfer);
1095 	int r = 0;
1096 	int first = 1;
1097 
1098 	pthread_mutex_lock(&ctx->flying_transfers_lock);
1099 
1100 	/* if we have no other flying transfers, start the list with this one */
1101 	if (list_empty(&ctx->flying_transfers)) {
1102 		list_add(&transfer->list, &ctx->flying_transfers);
1103 		if (timerisset(timeout))
1104 			r = 1;
1105 		goto out;
1106 	}
1107 
1108 	/* if we have infinite timeout, append to end of list */
1109 	if (!timerisset(timeout)) {
1110 		list_add_tail(&transfer->list, &ctx->flying_transfers);
1111 		goto out;
1112 	}
1113 
1114 	/* otherwise, find appropriate place in list */
1115 	list_for_each_entry(cur, &ctx->flying_transfers, list) {
1116 		/* find first timeout that occurs after the transfer in question */
1117 		struct timeval *cur_tv = &cur->timeout;
1118 
1119 		if (!timerisset(cur_tv) || (cur_tv->tv_sec > timeout->tv_sec) ||
1120 				(cur_tv->tv_sec == timeout->tv_sec &&
1121 					cur_tv->tv_usec > timeout->tv_usec)) {
1122 			list_add_tail(&transfer->list, &cur->list);
1123 			r = first;
1124 			goto out;
1125 		}
1126 		first = 0;
1127 	}
1128 
1129 	/* otherwise we need to be inserted at the end */
1130 	list_add_tail(&transfer->list, &ctx->flying_transfers);
1131 out:
1132 	pthread_mutex_unlock(&ctx->flying_transfers_lock);
1133 	return r;
1134 }
1135 
1136 /** \ingroup asyncio
1137  * Allocate a libusb transfer with a specified number of isochronous packet
1138  * descriptors. The returned transfer is pre-initialized for you. When the new
1139  * transfer is no longer needed, it should be freed with
1140  * libusb_free_transfer().
1141  *
1142  * Transfers intended for non-isochronous endpoints (e.g. control, bulk,
1143  * interrupt) should specify an iso_packets count of zero.
1144  *
1145  * For transfers intended for isochronous endpoints, specify an appropriate
1146  * number of packet descriptors to be allocated as part of the transfer.
1147  * The returned transfer is not specially initialized for isochronous I/O;
1148  * you are still required to set the
1149  * \ref libusb_transfer::num_iso_packets "num_iso_packets" and
1150  * \ref libusb_transfer::type "type" fields accordingly.
1151  *
1152  * It is safe to allocate a transfer with some isochronous packets and then
1153  * use it on a non-isochronous endpoint. If you do this, ensure that at time
1154  * of submission, num_iso_packets is 0 and that type is set appropriately.
1155  *
1156  * \param iso_packets number of isochronous packet descriptors to allocate
1157  * \returns a newly allocated transfer, or NULL on error
1158  */
libusb_alloc_transfer(int iso_packets)1159 API_EXPORTED struct libusb_transfer *libusb_alloc_transfer(int iso_packets)
1160 {
1161 	size_t os_alloc_size = usbi_backend->transfer_priv_size
1162 		+ (usbi_backend->add_iso_packet_size * iso_packets);
1163 	int alloc_size = sizeof(struct usbi_transfer)
1164 		+ sizeof(struct libusb_transfer)
1165 		+ (sizeof(struct libusb_iso_packet_descriptor) * iso_packets)
1166 		+ os_alloc_size;
1167 	struct usbi_transfer *itransfer = malloc(alloc_size);
1168 	if (!itransfer)
1169 		return NULL;
1170 
1171 	memset(itransfer, 0, alloc_size);
1172 	itransfer->num_iso_packets = iso_packets;
1173 	pthread_mutex_init(&itransfer->lock, NULL);
1174 	return __USBI_TRANSFER_TO_LIBUSB_TRANSFER(itransfer);
1175 }
1176 
1177 /** \ingroup asyncio
1178  * Free a transfer structure. This should be called for all transfers
1179  * allocated with libusb_alloc_transfer().
1180  *
1181  * If the \ref libusb_transfer_flags::LIBUSB_TRANSFER_FREE_BUFFER
1182  * "LIBUSB_TRANSFER_FREE_BUFFER" flag is set and the transfer buffer is
1183  * non-NULL, this function will also free the transfer buffer using the
1184  * standard system memory allocator (e.g. free()).
1185  *
1186  * It is legal to call this function with a NULL transfer. In this case,
1187  * the function will simply return safely.
1188  *
1189  * It is not legal to free an active transfer (one which has been submitted
1190  * and has not yet completed).
1191  *
1192  * \param transfer the transfer to free
1193  */
libusb_free_transfer(struct libusb_transfer * transfer)1194 API_EXPORTED void libusb_free_transfer(struct libusb_transfer *transfer)
1195 {
1196 	struct usbi_transfer *itransfer;
1197 	if (!transfer)
1198 		return;
1199 
1200 	if (transfer->flags & LIBUSB_TRANSFER_FREE_BUFFER && transfer->buffer)
1201 		free(transfer->buffer);
1202 
1203 	itransfer = __LIBUSB_TRANSFER_TO_USBI_TRANSFER(transfer);
1204 	pthread_mutex_destroy(&itransfer->lock);
1205 	free(itransfer);
1206 }
1207 
1208 /** \ingroup asyncio
1209  * Submit a transfer. This function will fire off the USB transfer and then
1210  * return immediately.
1211  *
1212  * \param transfer the transfer to submit
1213  * \returns 0 on success
1214  * \returns LIBUSB_ERROR_NO_DEVICE if the device has been disconnected
1215  * \returns LIBUSB_ERROR_BUSY if the transfer has already been submitted.
1216  * \returns another LIBUSB_ERROR code on other failure
1217  */
libusb_submit_transfer(struct libusb_transfer * transfer)1218 API_EXPORTED int libusb_submit_transfer(struct libusb_transfer *transfer)
1219 {
1220 	struct libusb_context *ctx = TRANSFER_CTX(transfer);
1221 	struct usbi_transfer *itransfer =
1222 		__LIBUSB_TRANSFER_TO_USBI_TRANSFER(transfer);
1223 	int r;
1224 	int first;
1225 
1226 	pthread_mutex_lock(&itransfer->lock);
1227 	itransfer->transferred = 0;
1228 	itransfer->flags = 0;
1229 	r = calculate_timeout(itransfer);
1230 	if (r < 0) {
1231 		r = LIBUSB_ERROR_OTHER;
1232 		goto out;
1233 	}
1234 
1235 	first = add_to_flying_list(itransfer);
1236 	r = usbi_backend->submit_transfer(itransfer);
1237 	if (r) {
1238 		pthread_mutex_lock(&ctx->flying_transfers_lock);
1239 		list_del(&itransfer->list);
1240 		pthread_mutex_unlock(&ctx->flying_transfers_lock);
1241 	}
1242 #ifdef USBI_TIMERFD_AVAILABLE
1243 	else if (first && usbi_using_timerfd(ctx)) {
1244 		/* if this transfer has the lowest timeout of all active transfers,
1245 		 * rearm the timerfd with this transfer's timeout */
1246 		const struct itimerspec it = { {0, 0},
1247 			{ itransfer->timeout.tv_sec, itransfer->timeout.tv_usec * 1000 } };
1248 		usbi_dbg("arm timerfd for timeout in %dms (first in line)", transfer->timeout);
1249 		r = timerfd_settime(ctx->timerfd, TFD_TIMER_ABSTIME, &it, NULL);
1250 		if (r < 0)
1251 			r = LIBUSB_ERROR_OTHER;
1252 	}
1253 #endif
1254 
1255 out:
1256 	pthread_mutex_unlock(&itransfer->lock);
1257 	return r;
1258 }
1259 
1260 /** \ingroup asyncio
1261  * Asynchronously cancel a previously submitted transfer.
1262  * This function returns immediately, but this does not indicate cancellation
1263  * is complete. Your callback function will be invoked at some later time
1264  * with a transfer status of
1265  * \ref libusb_transfer_status::LIBUSB_TRANSFER_CANCELLED
1266  * "LIBUSB_TRANSFER_CANCELLED."
1267  *
1268  * \param transfer the transfer to cancel
1269  * \returns 0 on success
1270  * \returns LIBUSB_ERROR_NOT_FOUND if the transfer is already complete or
1271  * cancelled.
1272  * \returns a LIBUSB_ERROR code on failure
1273  */
libusb_cancel_transfer(struct libusb_transfer * transfer)1274 API_EXPORTED int libusb_cancel_transfer(struct libusb_transfer *transfer)
1275 {
1276 	struct usbi_transfer *itransfer =
1277 		__LIBUSB_TRANSFER_TO_USBI_TRANSFER(transfer);
1278 	int r;
1279 
1280 	usbi_dbg("");
1281 	pthread_mutex_lock(&itransfer->lock);
1282 	r = usbi_backend->cancel_transfer(itransfer);
1283 	if (r < 0)
1284 		usbi_err(TRANSFER_CTX(transfer),
1285 			"cancel transfer failed error %d", r);
1286 	pthread_mutex_unlock(&itransfer->lock);
1287 	return r;
1288 }
1289 
1290 #ifdef USBI_TIMERFD_AVAILABLE
disarm_timerfd(struct libusb_context * ctx)1291 static int disarm_timerfd(struct libusb_context *ctx)
1292 {
1293 	const struct itimerspec disarm_timer = { { 0, 0 }, { 0, 0 } };
1294 	int r;
1295 
1296 	usbi_dbg("");
1297 	r = timerfd_settime(ctx->timerfd, 0, &disarm_timer, NULL);
1298 	if (r < 0)
1299 		return LIBUSB_ERROR_OTHER;
1300 	else
1301 		return 0;
1302 }
1303 
1304 /* iterates through the flying transfers, and rearms the timerfd based on the
1305  * next upcoming timeout.
1306  * must be called with flying_list locked.
1307  * returns 0 if there was no timeout to arm, 1 if the next timeout was armed,
1308  * or a LIBUSB_ERROR code on failure.
1309  */
arm_timerfd_for_next_timeout(struct libusb_context * ctx)1310 static int arm_timerfd_for_next_timeout(struct libusb_context *ctx)
1311 {
1312 	struct usbi_transfer *transfer;
1313 
1314 	list_for_each_entry(transfer, &ctx->flying_transfers, list) {
1315 		struct timeval *cur_tv = &transfer->timeout;
1316 
1317 		/* if we've reached transfers of infinite timeout, then we have no
1318 		 * arming to do */
1319 		if (!timerisset(cur_tv))
1320 			return 0;
1321 
1322 		/* act on first transfer that is not already cancelled */
1323 		if (!(transfer->flags & USBI_TRANSFER_TIMED_OUT)) {
1324 			int r;
1325 			const struct itimerspec it = { {0, 0},
1326 				{ cur_tv->tv_sec, cur_tv->tv_usec * 1000 } };
1327 			usbi_dbg("next timeout originally %dms", __USBI_TRANSFER_TO_LIBUSB_TRANSFER(transfer)->timeout);
1328 			r = timerfd_settime(ctx->timerfd, TFD_TIMER_ABSTIME, &it, NULL);
1329 			if (r < 0)
1330 				return LIBUSB_ERROR_OTHER;
1331 			return 1;
1332 		}
1333 	}
1334 
1335 	return 0;
1336 }
1337 #else
disarm_timerfd(struct libusb_context * ctx)1338 static int disarm_timerfd(struct libusb_context *ctx)
1339 {
1340 	return 0;
1341 }
arm_timerfd_for_next_timeout(struct libusb_context * ctx)1342 static int arm_timerfd_for_next_timeout(struct libusb_context *ctx)
1343 {
1344 	return 0;
1345 }
1346 #endif
1347 
1348 /* Handle completion of a transfer (completion might be an error condition).
1349  * This will invoke the user-supplied callback function, which may end up
1350  * freeing the transfer. Therefore you cannot use the transfer structure
1351  * after calling this function, and you should free all backend-specific
1352  * data before calling it.
1353  * Do not call this function with the usbi_transfer lock held. User-specified
1354  * callback functions may attempt to directly resubmit the transfer, which
1355  * will attempt to take the lock. */
usbi_handle_transfer_completion(struct usbi_transfer * itransfer,enum libusb_transfer_status status)1356 int usbi_handle_transfer_completion(struct usbi_transfer *itransfer,
1357 	enum libusb_transfer_status status)
1358 {
1359 	struct libusb_transfer *transfer =
1360 		__USBI_TRANSFER_TO_LIBUSB_TRANSFER(itransfer);
1361 	struct libusb_context *ctx = TRANSFER_CTX(transfer);
1362 	uint8_t flags;
1363 	int r;
1364 
1365 	/* FIXME: could be more intelligent with the timerfd here. we don't need
1366 	 * to disarm the timerfd if there was no timer running, and we only need
1367 	 * to rearm the timerfd if the transfer that expired was the one with
1368 	 * the shortest timeout. */
1369 
1370 	pthread_mutex_lock(&ctx->flying_transfers_lock);
1371 	list_del(&itransfer->list);
1372 	r = arm_timerfd_for_next_timeout(ctx);
1373 	pthread_mutex_unlock(&ctx->flying_transfers_lock);
1374 
1375 	if (r < 0) {
1376 		return r;
1377 	} else if (r == 0) {
1378 		r = disarm_timerfd(ctx);
1379 		if (r < 0)
1380 			return r;
1381 	}
1382 
1383 	if (status == LIBUSB_TRANSFER_COMPLETED
1384 			&& transfer->flags & LIBUSB_TRANSFER_SHORT_NOT_OK) {
1385 		int rqlen = transfer->length;
1386 		if (transfer->type == LIBUSB_TRANSFER_TYPE_CONTROL)
1387 			rqlen -= LIBUSB_CONTROL_SETUP_SIZE;
1388 		if (rqlen != itransfer->transferred) {
1389 			usbi_dbg("interpreting short transfer as error");
1390 			status = LIBUSB_TRANSFER_ERROR;
1391 		}
1392 	}
1393 
1394 	flags = transfer->flags;
1395 	transfer->status = status;
1396 	transfer->actual_length = itransfer->transferred;
1397 	if (transfer->callback)
1398 		transfer->callback(transfer);
1399 	/* transfer might have been freed by the above call, do not use from
1400 	 * this point. */
1401 	if (flags & LIBUSB_TRANSFER_FREE_TRANSFER)
1402 		libusb_free_transfer(transfer);
1403 	pthread_mutex_lock(&ctx->event_waiters_lock);
1404 	pthread_cond_broadcast(&ctx->event_waiters_cond);
1405 	pthread_mutex_unlock(&ctx->event_waiters_lock);
1406 	return 0;
1407 }
1408 
1409 /* Similar to usbi_handle_transfer_completion() but exclusively for transfers
1410  * that were asynchronously cancelled. The same concerns w.r.t. freeing of
1411  * transfers exist here.
1412  * Do not call this function with the usbi_transfer lock held. User-specified
1413  * callback functions may attempt to directly resubmit the transfer, which
1414  * will attempt to take the lock. */
usbi_handle_transfer_cancellation(struct usbi_transfer * transfer)1415 int usbi_handle_transfer_cancellation(struct usbi_transfer *transfer)
1416 {
1417 	/* if the URB was cancelled due to timeout, report timeout to the user */
1418 	if (transfer->flags & USBI_TRANSFER_TIMED_OUT) {
1419 		usbi_dbg("detected timeout cancellation");
1420 		return usbi_handle_transfer_completion(transfer, LIBUSB_TRANSFER_TIMED_OUT);
1421 	}
1422 
1423 	/* otherwise its a normal async cancel */
1424 	return usbi_handle_transfer_completion(transfer, LIBUSB_TRANSFER_CANCELLED);
1425 }
1426 
1427 /** \ingroup poll
1428  * Attempt to acquire the event handling lock. This lock is used to ensure that
1429  * only one thread is monitoring libusb event sources at any one time.
1430  *
1431  * You only need to use this lock if you are developing an application
1432  * which calls poll() or select() on libusb's file descriptors directly.
1433  * If you stick to libusb's event handling loop functions (e.g.
1434  * libusb_handle_events()) then you do not need to be concerned with this
1435  * locking.
1436  *
1437  * While holding this lock, you are trusted to actually be handling events.
1438  * If you are no longer handling events, you must call libusb_unlock_events()
1439  * as soon as possible.
1440  *
1441  * \param ctx the context to operate on, or NULL for the default context
1442  * \returns 0 if the lock was obtained successfully
1443  * \returns 1 if the lock was not obtained (i.e. another thread holds the lock)
1444  * \see \ref mtasync
1445  */
libusb_try_lock_events(libusb_context * ctx)1446 API_EXPORTED int libusb_try_lock_events(libusb_context *ctx)
1447 {
1448 	int r;
1449 	USBI_GET_CONTEXT(ctx);
1450 
1451 	/* is someone else waiting to modify poll fds? if so, don't let this thread
1452 	 * start event handling */
1453 	pthread_mutex_lock(&ctx->pollfd_modify_lock);
1454 	r = ctx->pollfd_modify;
1455 	pthread_mutex_unlock(&ctx->pollfd_modify_lock);
1456 	if (r) {
1457 		usbi_dbg("someone else is modifying poll fds");
1458 		return 1;
1459 	}
1460 
1461 	r = pthread_mutex_trylock(&ctx->events_lock);
1462 	if (r)
1463 		return 1;
1464 
1465 	ctx->event_handler_active = 1;
1466 	return 0;
1467 }
1468 
1469 /** \ingroup poll
1470  * Acquire the event handling lock, blocking until successful acquisition if
1471  * it is contended. This lock is used to ensure that only one thread is
1472  * monitoring libusb event sources at any one time.
1473  *
1474  * You only need to use this lock if you are developing an application
1475  * which calls poll() or select() on libusb's file descriptors directly.
1476  * If you stick to libusb's event handling loop functions (e.g.
1477  * libusb_handle_events()) then you do not need to be concerned with this
1478  * locking.
1479  *
1480  * While holding this lock, you are trusted to actually be handling events.
1481  * If you are no longer handling events, you must call libusb_unlock_events()
1482  * as soon as possible.
1483  *
1484  * \param ctx the context to operate on, or NULL for the default context
1485  * \see \ref mtasync
1486  */
libusb_lock_events(libusb_context * ctx)1487 API_EXPORTED void libusb_lock_events(libusb_context *ctx)
1488 {
1489 	USBI_GET_CONTEXT(ctx);
1490 	pthread_mutex_lock(&ctx->events_lock);
1491 	ctx->event_handler_active = 1;
1492 }
1493 
1494 /** \ingroup poll
1495  * Release the lock previously acquired with libusb_try_lock_events() or
1496  * libusb_lock_events(). Releasing this lock will wake up any threads blocked
1497  * on libusb_wait_for_event().
1498  *
1499  * \param ctx the context to operate on, or NULL for the default context
1500  * \see \ref mtasync
1501  */
libusb_unlock_events(libusb_context * ctx)1502 API_EXPORTED void libusb_unlock_events(libusb_context *ctx)
1503 {
1504 	USBI_GET_CONTEXT(ctx);
1505 	ctx->event_handler_active = 0;
1506 	pthread_mutex_unlock(&ctx->events_lock);
1507 
1508 	/* FIXME: perhaps we should be a bit more efficient by not broadcasting
1509 	 * the availability of the events lock when we are modifying pollfds
1510 	 * (check ctx->pollfd_modify)? */
1511 	pthread_mutex_lock(&ctx->event_waiters_lock);
1512 	pthread_cond_broadcast(&ctx->event_waiters_cond);
1513 	pthread_mutex_unlock(&ctx->event_waiters_lock);
1514 }
1515 
1516 /** \ingroup poll
1517  * Determine if it is still OK for this thread to be doing event handling.
1518  *
1519  * Sometimes, libusb needs to temporarily pause all event handlers, and this
1520  * is the function you should use before polling file descriptors to see if
1521  * this is the case.
1522  *
1523  * If this function instructs your thread to give up the events lock, you
1524  * should just continue the usual logic that is documented in \ref mtasync.
1525  * On the next iteration, your thread will fail to obtain the events lock,
1526  * and will hence become an event waiter.
1527  *
1528  * This function should be called while the events lock is held: you don't
1529  * need to worry about the results of this function if your thread is not
1530  * the current event handler.
1531  *
1532  * \param ctx the context to operate on, or NULL for the default context
1533  * \returns 1 if event handling can start or continue
1534  * \returns 0 if this thread must give up the events lock
1535  * \see \ref fullstory "Multi-threaded I/O: the full story"
1536  */
libusb_event_handling_ok(libusb_context * ctx)1537 API_EXPORTED int libusb_event_handling_ok(libusb_context *ctx)
1538 {
1539 	int r;
1540 	USBI_GET_CONTEXT(ctx);
1541 
1542 	/* is someone else waiting to modify poll fds? if so, don't let this thread
1543 	 * continue event handling */
1544 	pthread_mutex_lock(&ctx->pollfd_modify_lock);
1545 	r = ctx->pollfd_modify;
1546 	pthread_mutex_unlock(&ctx->pollfd_modify_lock);
1547 	if (r) {
1548 		usbi_dbg("someone else is modifying poll fds");
1549 		return 0;
1550 	}
1551 
1552 	return 1;
1553 }
1554 
1555 
1556 /** \ingroup poll
1557  * Determine if an active thread is handling events (i.e. if anyone is holding
1558  * the event handling lock).
1559  *
1560  * \param ctx the context to operate on, or NULL for the default context
1561  * \returns 1 if a thread is handling events
1562  * \returns 0 if there are no threads currently handling events
1563  * \see \ref mtasync
1564  */
libusb_event_handler_active(libusb_context * ctx)1565 API_EXPORTED int libusb_event_handler_active(libusb_context *ctx)
1566 {
1567 	int r;
1568 	USBI_GET_CONTEXT(ctx);
1569 
1570 	/* is someone else waiting to modify poll fds? if so, don't let this thread
1571 	 * start event handling -- indicate that event handling is happening */
1572 	pthread_mutex_lock(&ctx->pollfd_modify_lock);
1573 	r = ctx->pollfd_modify;
1574 	pthread_mutex_unlock(&ctx->pollfd_modify_lock);
1575 	if (r) {
1576 		usbi_dbg("someone else is modifying poll fds");
1577 		return 1;
1578 	}
1579 
1580 	return ctx->event_handler_active;
1581 }
1582 
1583 /** \ingroup poll
1584  * Acquire the event waiters lock. This lock is designed to be obtained under
1585  * the situation where you want to be aware when events are completed, but
1586  * some other thread is event handling so calling libusb_handle_events() is not
1587  * allowed.
1588  *
1589  * You then obtain this lock, re-check that another thread is still handling
1590  * events, then call libusb_wait_for_event().
1591  *
1592  * You only need to use this lock if you are developing an application
1593  * which calls poll() or select() on libusb's file descriptors directly,
1594  * <b>and</b> may potentially be handling events from 2 threads simultaenously.
1595  * If you stick to libusb's event handling loop functions (e.g.
1596  * libusb_handle_events()) then you do not need to be concerned with this
1597  * locking.
1598  *
1599  * \param ctx the context to operate on, or NULL for the default context
1600  * \see \ref mtasync
1601  */
libusb_lock_event_waiters(libusb_context * ctx)1602 API_EXPORTED void libusb_lock_event_waiters(libusb_context *ctx)
1603 {
1604 	USBI_GET_CONTEXT(ctx);
1605 	pthread_mutex_lock(&ctx->event_waiters_lock);
1606 }
1607 
1608 /** \ingroup poll
1609  * Release the event waiters lock.
1610  * \param ctx the context to operate on, or NULL for the default context
1611  * \see \ref mtasync
1612  */
libusb_unlock_event_waiters(libusb_context * ctx)1613 API_EXPORTED void libusb_unlock_event_waiters(libusb_context *ctx)
1614 {
1615 	USBI_GET_CONTEXT(ctx);
1616 	pthread_mutex_unlock(&ctx->event_waiters_lock);
1617 }
1618 
1619 /** \ingroup poll
1620  * Wait for another thread to signal completion of an event. Must be called
1621  * with the event waiters lock held, see libusb_lock_event_waiters().
1622  *
1623  * This function will block until any of the following conditions are met:
1624  * -# The timeout expires
1625  * -# A transfer completes
1626  * -# A thread releases the event handling lock through libusb_unlock_events()
1627  *
1628  * Condition 1 is obvious. Condition 2 unblocks your thread <em>after</em>
1629  * the callback for the transfer has completed. Condition 3 is important
1630  * because it means that the thread that was previously handling events is no
1631  * longer doing so, so if any events are to complete, another thread needs to
1632  * step up and start event handling.
1633  *
1634  * This function releases the event waiters lock before putting your thread
1635  * to sleep, and reacquires the lock as it is being woken up.
1636  *
1637  * \param ctx the context to operate on, or NULL for the default context
1638  * \param tv maximum timeout for this blocking function. A NULL value
1639  * indicates unlimited timeout.
1640  * \returns 0 after a transfer completes or another thread stops event handling
1641  * \returns 1 if the timeout expired
1642  * \see \ref mtasync
1643  */
libusb_wait_for_event(libusb_context * ctx,struct timeval * tv)1644 API_EXPORTED int libusb_wait_for_event(libusb_context *ctx, struct timeval *tv)
1645 {
1646 	struct timespec timeout;
1647 	int r;
1648 
1649 	USBI_GET_CONTEXT(ctx);
1650 	if (tv == NULL) {
1651 		pthread_cond_wait(&ctx->event_waiters_cond, &ctx->event_waiters_lock);
1652 		return 0;
1653 	}
1654 
1655 	r = usbi_backend->clock_gettime(USBI_CLOCK_REALTIME, &timeout);
1656 	if (r < 0) {
1657 		usbi_err(ctx, "failed to read realtime clock, error %d", errno);
1658 		return LIBUSB_ERROR_OTHER;
1659 	}
1660 
1661 	timeout.tv_sec += tv->tv_sec;
1662 	timeout.tv_nsec += tv->tv_usec * 1000;
1663 	if (timeout.tv_nsec > 1000000000) {
1664 		timeout.tv_nsec -= 1000000000;
1665 		timeout.tv_sec++;
1666 	}
1667 
1668 	r = pthread_cond_timedwait(&ctx->event_waiters_cond,
1669 		&ctx->event_waiters_lock, &timeout);
1670 	return (r == ETIMEDOUT);
1671 }
1672 
handle_timeout(struct usbi_transfer * itransfer)1673 static void handle_timeout(struct usbi_transfer *itransfer)
1674 {
1675 	struct libusb_transfer *transfer =
1676 		__USBI_TRANSFER_TO_LIBUSB_TRANSFER(itransfer);
1677 	int r;
1678 
1679 	itransfer->flags |= USBI_TRANSFER_TIMED_OUT;
1680 	r = libusb_cancel_transfer(transfer);
1681 	if (r < 0)
1682 		usbi_warn(TRANSFER_CTX(transfer),
1683 			"async cancel failed %d errno=%d", r, errno);
1684 }
1685 
1686 #ifdef USBI_OS_HANDLES_TIMEOUT
handle_timeouts_locked(struct libusb_context * ctx)1687 static int handle_timeouts_locked(struct libusb_context *ctx)
1688 {
1689 	return 0;
1690 }
handle_timeouts(struct libusb_context * ctx)1691 static int handle_timeouts(struct libusb_context *ctx)
1692 {
1693 	return 0;
1694 }
1695 #else
handle_timeouts_locked(struct libusb_context * ctx)1696 static int handle_timeouts_locked(struct libusb_context *ctx)
1697 {
1698 	int r;
1699 	struct timespec systime_ts;
1700 	struct timeval systime;
1701 	struct usbi_transfer *transfer;
1702 
1703 	if (list_empty(&ctx->flying_transfers))
1704 		return 0;
1705 
1706 	/* get current time */
1707 	r = usbi_backend->clock_gettime(USBI_CLOCK_MONOTONIC, &systime_ts);
1708 	if (r < 0)
1709 		return r;
1710 
1711 	TIMESPEC_TO_TIMEVAL(&systime, &systime_ts);
1712 
1713 	/* iterate through flying transfers list, finding all transfers that
1714 	 * have expired timeouts */
1715 	list_for_each_entry(transfer, &ctx->flying_transfers, list) {
1716 		struct timeval *cur_tv = &transfer->timeout;
1717 
1718 		/* if we've reached transfers of infinite timeout, we're all done */
1719 		if (!timerisset(cur_tv))
1720 			return 0;
1721 
1722 		/* ignore timeouts we've already handled */
1723 		if (transfer->flags & USBI_TRANSFER_TIMED_OUT)
1724 			continue;
1725 
1726 		/* if transfer has non-expired timeout, nothing more to do */
1727 		if ((cur_tv->tv_sec > systime.tv_sec) ||
1728 				(cur_tv->tv_sec == systime.tv_sec &&
1729 					cur_tv->tv_usec > systime.tv_usec))
1730 			return 0;
1731 
1732 		/* otherwise, we've got an expired timeout to handle */
1733 		handle_timeout(transfer);
1734 	}
1735 	return 0;
1736 }
1737 
handle_timeouts(struct libusb_context * ctx)1738 static int handle_timeouts(struct libusb_context *ctx)
1739 {
1740 	int r;
1741 	USBI_GET_CONTEXT(ctx);
1742 	pthread_mutex_lock(&ctx->flying_transfers_lock);
1743 	r = handle_timeouts_locked(ctx);
1744 	pthread_mutex_unlock(&ctx->flying_transfers_lock);
1745 	return r;
1746 }
1747 #endif
1748 
1749 #ifdef USBI_TIMERFD_AVAILABLE
handle_timerfd_trigger(struct libusb_context * ctx)1750 static int handle_timerfd_trigger(struct libusb_context *ctx)
1751 {
1752 	int r;
1753 
1754 	r = disarm_timerfd(ctx);
1755 	if (r < 0)
1756 		return r;
1757 
1758 	pthread_mutex_lock(&ctx->flying_transfers_lock);
1759 
1760 	/* process the timeout that just happened */
1761 	r = handle_timeouts_locked(ctx);
1762 	if (r < 0)
1763 		goto out;
1764 
1765 	/* arm for next timeout*/
1766 	r = arm_timerfd_for_next_timeout(ctx);
1767 
1768 out:
1769 	pthread_mutex_unlock(&ctx->flying_transfers_lock);
1770 	return r;
1771 }
1772 #endif
1773 
1774 /* do the actual event handling. assumes that no other thread is concurrently
1775  * doing the same thing. */
handle_events(struct libusb_context * ctx,struct timeval * tv)1776 static int handle_events(struct libusb_context *ctx, struct timeval *tv)
1777 {
1778 	int r;
1779 	struct usbi_pollfd *ipollfd;
1780 	nfds_t nfds = 0;
1781 	struct pollfd *fds;
1782 	int i = -1;
1783 	int timeout_ms;
1784 
1785 	pthread_mutex_lock(&ctx->pollfds_lock);
1786 	list_for_each_entry(ipollfd, &ctx->pollfds, list)
1787 		nfds++;
1788 
1789 	/* TODO: malloc when number of fd's changes, not on every poll */
1790 	fds = malloc(sizeof(*fds) * nfds);
1791 	if (!fds)
1792 		return LIBUSB_ERROR_NO_MEM;
1793 
1794 	list_for_each_entry(ipollfd, &ctx->pollfds, list) {
1795 		struct libusb_pollfd *pollfd = &ipollfd->pollfd;
1796 		int fd = pollfd->fd;
1797 		i++;
1798 		fds[i].fd = fd;
1799 		fds[i].events = pollfd->events;
1800 		fds[i].revents = 0;
1801 	}
1802 	pthread_mutex_unlock(&ctx->pollfds_lock);
1803 
1804 	timeout_ms = (tv->tv_sec * 1000) + (tv->tv_usec / 1000);
1805 
1806 	/* round up to next millisecond */
1807 	if (tv->tv_usec % 1000)
1808 		timeout_ms++;
1809 
1810 	usbi_dbg("poll() %d fds with timeout in %dms", nfds, timeout_ms);
1811 	r = poll(fds, nfds, timeout_ms);
1812 	usbi_dbg("poll() returned %d", r);
1813 	if (r == 0) {
1814 		free(fds);
1815 		return handle_timeouts(ctx);
1816 	} else if (r == -1 && errno == EINTR) {
1817 		free(fds);
1818 		return LIBUSB_ERROR_INTERRUPTED;
1819 	} else if (r < 0) {
1820 		free(fds);
1821 		usbi_err(ctx, "poll failed %d err=%d\n", r, errno);
1822 		return LIBUSB_ERROR_IO;
1823 	}
1824 
1825 	/* fd[0] is always the ctrl pipe */
1826 	if (fds[0].revents) {
1827 		/* another thread wanted to interrupt event handling, and it succeeded!
1828 		 * handle any other events that cropped up at the same time, and
1829 		 * simply return */
1830 		usbi_dbg("caught a fish on the control pipe");
1831 
1832 		if (r == 1) {
1833 			r = 0;
1834 			goto handled;
1835 		} else {
1836 			/* prevent OS backend from trying to handle events on ctrl pipe */
1837 			fds[0].revents = 0;
1838 			r--;
1839 		}
1840 	}
1841 
1842 #ifdef USBI_TIMERFD_AVAILABLE
1843 	/* on timerfd configurations, fds[1] is the timerfd */
1844 	if (usbi_using_timerfd(ctx) && fds[1].revents) {
1845 		/* timerfd indicates that a timeout has expired */
1846 		int ret;
1847 		usbi_dbg("timerfd triggered");
1848 
1849 		ret = handle_timerfd_trigger(ctx);
1850 		if (ret < 0) {
1851 			/* return error code */
1852 			r = ret;
1853 			goto handled;
1854 		} else if (r == 1) {
1855 			/* no more active file descriptors, nothing more to do */
1856 			r = 0;
1857 			goto handled;
1858 		} else {
1859 			/* more events pending...
1860 			 * prevent OS backend from trying to handle events on timerfd */
1861 			fds[1].revents = 0;
1862 			r--;
1863 		}
1864 	}
1865 #endif
1866 
1867 	r = usbi_backend->handle_events(ctx, fds, nfds, r);
1868 	if (r)
1869 		usbi_err(ctx, "backend handle_events failed with error %d", r);
1870 
1871 handled:
1872 	free(fds);
1873 	return r;
1874 }
1875 
1876 /* returns the smallest of:
1877  *  1. timeout of next URB
1878  *  2. user-supplied timeout
1879  * returns 1 if there is an already-expired timeout, otherwise returns 0
1880  * and populates out
1881  */
get_next_timeout(libusb_context * ctx,struct timeval * tv,struct timeval * out)1882 static int get_next_timeout(libusb_context *ctx, struct timeval *tv,
1883 	struct timeval *out)
1884 {
1885 	struct timeval timeout;
1886 	int r = libusb_get_next_timeout(ctx, &timeout);
1887 	if (r) {
1888 		/* timeout already expired? */
1889 		if (!timerisset(&timeout))
1890 			return 1;
1891 
1892 		/* choose the smallest of next URB timeout or user specified timeout */
1893 		if (timercmp(&timeout, tv, <))
1894 			*out = timeout;
1895 		else
1896 			*out = *tv;
1897 	} else {
1898 		*out = *tv;
1899 	}
1900 	return 0;
1901 }
1902 
1903 /** \ingroup poll
1904  * Handle any pending events.
1905  *
1906  * libusb determines "pending events" by checking if any timeouts have expired
1907  * and by checking the set of file descriptors for activity.
1908  *
1909  * If a zero timeval is passed, this function will handle any already-pending
1910  * events and then immediately return in non-blocking style.
1911  *
1912  * If a non-zero timeval is passed and no events are currently pending, this
1913  * function will block waiting for events to handle up until the specified
1914  * timeout. If an event arrives or a signal is raised, this function will
1915  * return early.
1916  *
1917  * \param ctx the context to operate on, or NULL for the default context
1918  * \param tv the maximum time to block waiting for events, or zero for
1919  * non-blocking mode
1920  * \returns 0 on success, or a LIBUSB_ERROR code on failure
1921  */
libusb_handle_events_timeout(libusb_context * ctx,struct timeval * tv)1922 API_EXPORTED int libusb_handle_events_timeout(libusb_context *ctx,
1923 	struct timeval *tv)
1924 {
1925 	int r;
1926 	struct timeval poll_timeout;
1927 
1928 	USBI_GET_CONTEXT(ctx);
1929 	r = get_next_timeout(ctx, tv, &poll_timeout);
1930 	if (r) {
1931 		/* timeout already expired */
1932 		return handle_timeouts(ctx);
1933 	}
1934 
1935 retry:
1936 	if (libusb_try_lock_events(ctx) == 0) {
1937 		/* we obtained the event lock: do our own event handling */
1938 		r = handle_events(ctx, &poll_timeout);
1939 		libusb_unlock_events(ctx);
1940 		return r;
1941 	}
1942 
1943 	/* another thread is doing event handling. wait for pthread events that
1944 	 * notify event completion. */
1945 	libusb_lock_event_waiters(ctx);
1946 
1947 	if (!libusb_event_handler_active(ctx)) {
1948 		/* we hit a race: whoever was event handling earlier finished in the
1949 		 * time it took us to reach this point. try the cycle again. */
1950 		libusb_unlock_event_waiters(ctx);
1951 		usbi_dbg("event handler was active but went away, retrying");
1952 		goto retry;
1953 	}
1954 
1955 	usbi_dbg("another thread is doing event handling");
1956 	r = libusb_wait_for_event(ctx, &poll_timeout);
1957 	libusb_unlock_event_waiters(ctx);
1958 
1959 	if (r < 0)
1960 		return r;
1961 	else if (r == 1)
1962 		return handle_timeouts(ctx);
1963 	else
1964 		return 0;
1965 }
1966 
1967 /** \ingroup poll
1968  * Handle any pending events in blocking mode. There is currently a timeout
1969  * hardcoded at 60 seconds but we plan to make it unlimited in future. For
1970  * finer control over whether this function is blocking or non-blocking, or
1971  * for control over the timeout, use libusb_handle_events_timeout() instead.
1972  *
1973  * \param ctx the context to operate on, or NULL for the default context
1974  * \returns 0 on success, or a LIBUSB_ERROR code on failure
1975  */
libusb_handle_events(libusb_context * ctx)1976 API_EXPORTED int libusb_handle_events(libusb_context *ctx)
1977 {
1978 	struct timeval tv;
1979 	tv.tv_sec = 60;
1980 	tv.tv_usec = 0;
1981 	return libusb_handle_events_timeout(ctx, &tv);
1982 }
1983 
1984 /** \ingroup poll
1985  * Handle any pending events by polling file descriptors, without checking if
1986  * any other threads are already doing so. Must be called with the event lock
1987  * held, see libusb_lock_events().
1988  *
1989  * This function is designed to be called under the situation where you have
1990  * taken the event lock and are calling poll()/select() directly on libusb's
1991  * file descriptors (as opposed to using libusb_handle_events() or similar).
1992  * You detect events on libusb's descriptors, so you then call this function
1993  * with a zero timeout value (while still holding the event lock).
1994  *
1995  * \param ctx the context to operate on, or NULL for the default context
1996  * \param tv the maximum time to block waiting for events, or zero for
1997  * non-blocking mode
1998  * \returns 0 on success, or a LIBUSB_ERROR code on failure
1999  * \see \ref mtasync
2000  */
libusb_handle_events_locked(libusb_context * ctx,struct timeval * tv)2001 API_EXPORTED int libusb_handle_events_locked(libusb_context *ctx,
2002 	struct timeval *tv)
2003 {
2004 	int r;
2005 	struct timeval poll_timeout;
2006 
2007 	USBI_GET_CONTEXT(ctx);
2008 	r = get_next_timeout(ctx, tv, &poll_timeout);
2009 	if (r) {
2010 		/* timeout already expired */
2011 		return handle_timeouts(ctx);
2012 	}
2013 
2014 	return handle_events(ctx, &poll_timeout);
2015 }
2016 
2017 /** \ingroup poll
2018  * Determines whether your application must apply special timing considerations
2019  * when monitoring libusb's file descriptors.
2020  *
2021  * This function is only useful for applications which retrieve and poll
2022  * libusb's file descriptors in their own main loop (\ref pollmain).
2023  *
2024  * Ordinarily, libusb's event handler needs to be called into at specific
2025  * moments in time (in addition to times when there is activity on the file
2026  * descriptor set). The usual approach is to use libusb_get_next_timeout()
2027  * to learn about when the next timeout occurs, and to adjust your
2028  * poll()/select() timeout accordingly so that you can make a call into the
2029  * library at that time.
2030  *
2031  * Some platforms supported by libusb do not come with this baggage - any
2032  * events relevant to timing will be represented by activity on the file
2033  * descriptor set, and libusb_get_next_timeout() will always return 0.
2034  * This function allows you to detect whether you are running on such a
2035  * platform.
2036  *
2037  * Since v1.0.5.
2038  *
2039  * \param ctx the context to operate on, or NULL for the default context
2040  * \returns 0 if you must call into libusb at times determined by
2041  * libusb_get_next_timeout(), or 1 if all timeout events are handled internally
2042  * or through regular activity on the file descriptors.
2043  * \see \ref pollmain "Polling libusb file descriptors for event handling"
2044  */
libusb_pollfds_handle_timeouts(libusb_context * ctx)2045 API_EXPORTED int libusb_pollfds_handle_timeouts(libusb_context *ctx)
2046 {
2047 #if defined(USBI_OS_HANDLES_TIMEOUT)
2048 	return 1;
2049 #elif defined(USBI_TIMERFD_AVAILABLE)
2050 	USBI_GET_CONTEXT(ctx);
2051 	return usbi_using_timerfd(ctx);
2052 #else
2053 	return 0;
2054 #endif
2055 }
2056 
2057 /** \ingroup poll
2058  * Determine the next internal timeout that libusb needs to handle. You only
2059  * need to use this function if you are calling poll() or select() or similar
2060  * on libusb's file descriptors yourself - you do not need to use it if you
2061  * are calling libusb_handle_events() or a variant directly.
2062  *
2063  * You should call this function in your main loop in order to determine how
2064  * long to wait for select() or poll() to return results. libusb needs to be
2065  * called into at this timeout, so you should use it as an upper bound on
2066  * your select() or poll() call.
2067  *
2068  * When the timeout has expired, call into libusb_handle_events_timeout()
2069  * (perhaps in non-blocking mode) so that libusb can handle the timeout.
2070  *
2071  * This function may return 1 (success) and an all-zero timeval. If this is
2072  * the case, it indicates that libusb has a timeout that has already expired
2073  * so you should call libusb_handle_events_timeout() or similar immediately.
2074  * A return code of 0 indicates that there are no pending timeouts.
2075  *
2076  * On some platforms, this function will always returns 0 (no pending
2077  * timeouts). See \ref polltime.
2078  *
2079  * \param ctx the context to operate on, or NULL for the default context
2080  * \param tv output location for a relative time against the current
2081  * clock in which libusb must be called into in order to process timeout events
2082  * \returns 0 if there are no pending timeouts, 1 if a timeout was returned,
2083  * or LIBUSB_ERROR_OTHER on failure
2084  */
libusb_get_next_timeout(libusb_context * ctx,struct timeval * tv)2085 API_EXPORTED int libusb_get_next_timeout(libusb_context *ctx,
2086 	struct timeval *tv)
2087 {
2088 #ifndef USBI_OS_HANDLES_TIMEOUT
2089 	struct usbi_transfer *transfer;
2090 	struct timespec cur_ts;
2091 	struct timeval cur_tv;
2092 	struct timeval *next_timeout;
2093 	int r;
2094 	int found = 0;
2095 
2096 	USBI_GET_CONTEXT(ctx);
2097 	if (usbi_using_timerfd(ctx))
2098 		return 0;
2099 
2100 	pthread_mutex_lock(&ctx->flying_transfers_lock);
2101 	if (list_empty(&ctx->flying_transfers)) {
2102 		pthread_mutex_unlock(&ctx->flying_transfers_lock);
2103 		usbi_dbg("no URBs, no timeout!");
2104 		return 0;
2105 	}
2106 
2107 	/* find next transfer which hasn't already been processed as timed out */
2108 	list_for_each_entry(transfer, &ctx->flying_transfers, list) {
2109 		if (!(transfer->flags & USBI_TRANSFER_TIMED_OUT)) {
2110 			found = 1;
2111 			break;
2112 		}
2113 	}
2114 	pthread_mutex_unlock(&ctx->flying_transfers_lock);
2115 
2116 	if (!found) {
2117 		usbi_dbg("all URBs have already been processed for timeouts");
2118 		return 0;
2119 	}
2120 
2121 	next_timeout = &transfer->timeout;
2122 
2123 	/* no timeout for next transfer */
2124 	if (!timerisset(next_timeout)) {
2125 		usbi_dbg("no URBs with timeouts, no timeout!");
2126 		return 0;
2127 	}
2128 
2129 	r = usbi_backend->clock_gettime(USBI_CLOCK_MONOTONIC, &cur_ts);
2130 	if (r < 0) {
2131 		usbi_err(ctx, "failed to read monotonic clock, errno=%d", errno);
2132 		return LIBUSB_ERROR_OTHER;
2133 	}
2134 	TIMESPEC_TO_TIMEVAL(&cur_tv, &cur_ts);
2135 
2136 	if (timercmp(&cur_tv, next_timeout, >=)) {
2137 		usbi_dbg("first timeout already expired");
2138 		timerclear(tv);
2139 	} else {
2140 		timersub(next_timeout, &cur_tv, tv);
2141 		usbi_dbg("next timeout in %d.%06ds", tv->tv_sec, tv->tv_usec);
2142 	}
2143 
2144 	return 1;
2145 #else
2146 	return 0;
2147 #endif
2148 }
2149 
2150 /** \ingroup poll
2151  * Register notification functions for file descriptor additions/removals.
2152  * These functions will be invoked for every new or removed file descriptor
2153  * that libusb uses as an event source.
2154  *
2155  * To remove notifiers, pass NULL values for the function pointers.
2156  *
2157  * Note that file descriptors may have been added even before you register
2158  * these notifiers (e.g. at libusb_init() time).
2159  *
2160  * Additionally, note that the removal notifier may be called during
2161  * libusb_exit() (e.g. when it is closing file descriptors that were opened
2162  * and added to the poll set at libusb_init() time). If you don't want this,
2163  * remove the notifiers immediately before calling libusb_exit().
2164  *
2165  * \param ctx the context to operate on, or NULL for the default context
2166  * \param added_cb pointer to function for addition notifications
2167  * \param removed_cb pointer to function for removal notifications
2168  * \param user_data User data to be passed back to callbacks (useful for
2169  * passing context information)
2170  */
libusb_set_pollfd_notifiers(libusb_context * ctx,libusb_pollfd_added_cb added_cb,libusb_pollfd_removed_cb removed_cb,void * user_data)2171 API_EXPORTED void libusb_set_pollfd_notifiers(libusb_context *ctx,
2172 	libusb_pollfd_added_cb added_cb, libusb_pollfd_removed_cb removed_cb,
2173 	void *user_data)
2174 {
2175 	USBI_GET_CONTEXT(ctx);
2176 	ctx->fd_added_cb = added_cb;
2177 	ctx->fd_removed_cb = removed_cb;
2178 	ctx->fd_cb_user_data = user_data;
2179 }
2180 
2181 /* Add a file descriptor to the list of file descriptors to be monitored.
2182  * events should be specified as a bitmask of events passed to poll(), e.g.
2183  * POLLIN and/or POLLOUT. */
usbi_add_pollfd(struct libusb_context * ctx,int fd,short events)2184 int usbi_add_pollfd(struct libusb_context *ctx, int fd, short events)
2185 {
2186 	struct usbi_pollfd *ipollfd = malloc(sizeof(*ipollfd));
2187 	if (!ipollfd)
2188 		return LIBUSB_ERROR_NO_MEM;
2189 
2190 	usbi_dbg("add fd %d events %d", fd, events);
2191 	ipollfd->pollfd.fd = fd;
2192 	ipollfd->pollfd.events = events;
2193 	pthread_mutex_lock(&ctx->pollfds_lock);
2194 	list_add_tail(&ipollfd->list, &ctx->pollfds);
2195 	pthread_mutex_unlock(&ctx->pollfds_lock);
2196 
2197 	if (ctx->fd_added_cb)
2198 		ctx->fd_added_cb(fd, events, ctx->fd_cb_user_data);
2199 	return 0;
2200 }
2201 
2202 /* Remove a file descriptor from the list of file descriptors to be polled. */
usbi_remove_pollfd(struct libusb_context * ctx,int fd)2203 void usbi_remove_pollfd(struct libusb_context *ctx, int fd)
2204 {
2205 	struct usbi_pollfd *ipollfd;
2206 	int found = 0;
2207 
2208 	usbi_dbg("remove fd %d", fd);
2209 	pthread_mutex_lock(&ctx->pollfds_lock);
2210 	list_for_each_entry(ipollfd, &ctx->pollfds, list)
2211 		if (ipollfd->pollfd.fd == fd) {
2212 			found = 1;
2213 			break;
2214 		}
2215 
2216 	if (!found) {
2217 		usbi_dbg("couldn't find fd %d to remove", fd);
2218 		pthread_mutex_unlock(&ctx->pollfds_lock);
2219 		return;
2220 	}
2221 
2222 	list_del(&ipollfd->list);
2223 	pthread_mutex_unlock(&ctx->pollfds_lock);
2224 	free(ipollfd);
2225 	if (ctx->fd_removed_cb)
2226 		ctx->fd_removed_cb(fd, ctx->fd_cb_user_data);
2227 }
2228 
2229 /** \ingroup poll
2230  * Retrieve a list of file descriptors that should be polled by your main loop
2231  * as libusb event sources.
2232  *
2233  * The returned list is NULL-terminated and should be freed with free() when
2234  * done. The actual list contents must not be touched.
2235  *
2236  * \param ctx the context to operate on, or NULL for the default context
2237  * \returns a NULL-terminated list of libusb_pollfd structures, or NULL on
2238  * error
2239  */
libusb_get_pollfds(libusb_context * ctx)2240 API_EXPORTED const struct libusb_pollfd **libusb_get_pollfds(
2241 	libusb_context *ctx)
2242 {
2243 	struct libusb_pollfd **ret = NULL;
2244 	struct usbi_pollfd *ipollfd;
2245 	size_t i = 0;
2246 	size_t cnt = 0;
2247 	USBI_GET_CONTEXT(ctx);
2248 
2249 	pthread_mutex_lock(&ctx->pollfds_lock);
2250 	list_for_each_entry(ipollfd, &ctx->pollfds, list)
2251 		cnt++;
2252 
2253 	ret = calloc(cnt + 1, sizeof(struct libusb_pollfd *));
2254 	if (!ret)
2255 		goto out;
2256 
2257 	list_for_each_entry(ipollfd, &ctx->pollfds, list)
2258 		ret[i++] = (struct libusb_pollfd *) ipollfd;
2259 	ret[cnt] = NULL;
2260 
2261 out:
2262 	pthread_mutex_unlock(&ctx->pollfds_lock);
2263 	return (const struct libusb_pollfd **) ret;
2264 }
2265 
2266 /* Backends call this from handle_events to report disconnection of a device.
2267  * The transfers get cancelled appropriately.
2268  */
usbi_handle_disconnect(struct libusb_device_handle * handle)2269 void usbi_handle_disconnect(struct libusb_device_handle *handle)
2270 {
2271 	struct usbi_transfer *cur;
2272 	struct usbi_transfer *to_cancel;
2273 
2274 	usbi_dbg("device %d.%d",
2275 		handle->dev->bus_number, handle->dev->device_address);
2276 
2277 	/* terminate all pending transfers with the LIBUSB_TRANSFER_NO_DEVICE
2278 	 * status code.
2279 	 *
2280 	 * this is a bit tricky because:
2281 	 * 1. we can't do transfer completion while holding flying_transfers_lock
2282 	 * 2. the transfers list can change underneath us - if we were to build a
2283 	 *    list of transfers to complete (while holding look), the situation
2284 	 *    might be different by the time we come to free them
2285 	 *
2286 	 * so we resort to a loop-based approach as below
2287 	 * FIXME: is this still potentially racy?
2288 	 */
2289 
2290 	while (1) {
2291 		pthread_mutex_lock(&HANDLE_CTX(handle)->flying_transfers_lock);
2292 		to_cancel = NULL;
2293 		list_for_each_entry(cur, &HANDLE_CTX(handle)->flying_transfers, list)
2294 			if (__USBI_TRANSFER_TO_LIBUSB_TRANSFER(cur)->dev_handle == handle) {
2295 				to_cancel = cur;
2296 				break;
2297 			}
2298 		pthread_mutex_unlock(&HANDLE_CTX(handle)->flying_transfers_lock);
2299 
2300 		if (!to_cancel)
2301 			break;
2302 
2303 		usbi_backend->clear_transfer_priv(to_cancel);
2304 		usbi_handle_transfer_completion(to_cancel, LIBUSB_TRANSFER_NO_DEVICE);
2305 	}
2306 
2307 }
2308 
2309