1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
// Copyright 2019 The ChromiumOS Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

use std::convert::TryInto;
use std::fs::File;
use std::io::Read;
use std::io::Seek;
use std::io::SeekFrom;
use std::mem::size_of_val;
use std::os::raw::c_int;
use std::os::raw::c_uchar;
use std::os::raw::c_uint;
use std::os::raw::c_void;
use std::sync::Arc;
use std::sync::Weak;

use base::error;
use base::handle_eintr_errno;
use base::warn;
use base::AsRawDescriptor;
use base::IoctlNr;
use base::MappedRegion;
use base::MemoryMapping;
use base::MemoryMappingBuilder;
use base::Protection;
use base::RawDescriptor;
use data_model::vec_with_array_field;
use libc::EAGAIN;
use libc::ENODEV;
use libc::ENOENT;
use libc::EPIPE;
use sync::Mutex;

use crate::control_request_type;
use crate::descriptor;
use crate::ConfigDescriptorTree;
use crate::ControlRequestDataPhaseTransferDirection;
use crate::ControlRequestRecipient;
use crate::ControlRequestType;
use crate::DeviceDescriptor;
use crate::DeviceDescriptorTree;
use crate::DeviceSpeed;
use crate::Error;
use crate::Result;
use crate::StandardControlRequest;

// This is the maximum block size observed during storage performance test
const MMAP_SIZE: usize = 1024 * 1024;

/// ManagedDmaBuffer represents the entire DMA buffer allocated by a device
struct ManagedDmaBuffer {
    /// The entire DMA buffer
    buf: MemoryMapping,
    /// A DMA buffer lent to a TransferBuffer. This is a part of the entire buffer.
    used: Option<Arc<Mutex<DmaBuffer>>>,
}

/// DmaBuffer represents a DMA buffer lent by a device
pub struct DmaBuffer {
    /// Host virtual address of the buffer
    addr: u64,
    /// Size of the buffer
    size: usize,
}

impl DmaBuffer {
    pub fn address(&mut self) -> *mut c_void {
        self.addr as *mut c_void
    }

    pub fn size(&self) -> usize {
        self.size
    }

    pub fn as_slice(&self) -> &[u8] {
        // SAFETY:
        // Safe because the region has been lent by a device
        unsafe { std::slice::from_raw_parts(self.addr as *const u8, self.size) }
    }

    pub fn as_mut_slice(&mut self) -> &mut [u8] {
        // SAFETY:
        // Safe because the region has been lent by a device
        unsafe { std::slice::from_raw_parts_mut(self.addr as *mut u8, self.size) }
    }
}

/// TransferBuffer is used for data transfer between crosvm and the host kernel
#[derive(Clone)]
pub enum TransferBuffer {
    Vector(Vec<u8>),
    Dma(Weak<Mutex<DmaBuffer>>),
}

impl TransferBuffer {
    pub fn address(&mut self) -> Option<*mut c_void> {
        match self {
            TransferBuffer::Vector(v) => Some(v.as_mut_ptr() as *mut c_void),
            TransferBuffer::Dma(buf) => buf.upgrade().map(|buf| buf.lock().address()),
        }
    }
    pub fn size(&self) -> Option<usize> {
        match self {
            TransferBuffer::Vector(v) => Some(v.len()),
            TransferBuffer::Dma(buf) => buf.upgrade().map(|buf| buf.lock().size()),
        }
    }
}

/// Device represents a USB device.
pub struct Device {
    fd: Arc<File>,
    device_descriptor_tree: DeviceDescriptorTree,
    dma_buffer: Option<ManagedDmaBuffer>,
}

/// Transfer contains the information necessary to submit a USB request
/// and, once it has been submitted and completed, contains the response.
pub struct Transfer {
    // NOTE: This Vec is actually a single URB with a trailing
    // variable-length field created by vec_with_array_field().
    urb: Vec<usb_sys::usbdevfs_urb>,
    pub buffer: TransferBuffer,
    callback: Option<Box<dyn Fn(Transfer) + Send + Sync>>,
}

/// TransferHandle is a handle that allows cancellation of in-flight transfers
/// between submit_transfer() and get_completed_transfer().
/// Attempting to cancel a transfer that has already completed is safe and will
/// return an error.
pub struct TransferHandle {
    weak_transfer: std::sync::Weak<Transfer>,
    fd: std::sync::Weak<File>,
}

#[derive(PartialEq, Eq, Clone, Copy)]
pub enum TransferStatus {
    Completed,
    Error,
    Cancelled,
    NoDevice,
    Stalled,
}

impl Device {
    /// Create a new `Device` from a file descriptor.
    /// `fd` should be a file in usbdevfs (e.g. `/dev/bus/usb/001/002`).
    pub fn new(mut fd: File) -> Result<Self> {
        fd.seek(SeekFrom::Start(0)).map_err(Error::DescriptorRead)?;
        let mut descriptor_data = Vec::new();
        fd.read_to_end(&mut descriptor_data)
            .map_err(Error::DescriptorRead)?;
        let device_descriptor_tree = descriptor::parse_usbfs_descriptors(&descriptor_data)?;

        let mut device = Device {
            fd: Arc::new(fd),
            device_descriptor_tree,
            dma_buffer: None,
        };

        let map = MemoryMappingBuilder::new(MMAP_SIZE)
            .from_file(&device.fd)
            .protection(Protection::read_write())
            .build();
        match map {
            Ok(map) => {
                device.dma_buffer = Some(ManagedDmaBuffer {
                    buf: map,
                    used: None,
                });
            }
            Err(e) => {
                // Ignore the error since we can process requests without DMA buffer
                warn!(
                    "mmap() failed. User-provided buffer will be used for data transfer. {}",
                    e
                );
            }
        }
        Ok(device)
    }

    pub fn fd(&self) -> Arc<File> {
        self.fd.clone()
    }

    unsafe fn ioctl(&self, nr: IoctlNr) -> Result<i32> {
        let ret = handle_eintr_errno!(base::ioctl(&*self.fd, nr));
        if ret < 0 {
            return Err(Error::IoctlFailed(nr, base::Error::last()));
        }
        Ok(ret)
    }

    unsafe fn ioctl_with_ref<T>(&self, nr: IoctlNr, arg: &T) -> Result<i32> {
        let ret = handle_eintr_errno!(base::ioctl_with_ref(&*self.fd, nr, arg));
        if ret < 0 {
            return Err(Error::IoctlFailed(nr, base::Error::last()));
        }
        Ok(ret)
    }

    unsafe fn ioctl_with_mut_ref<T>(&self, nr: IoctlNr, arg: &mut T) -> Result<i32> {
        let ret = handle_eintr_errno!(base::ioctl_with_mut_ref(&*self.fd, nr, arg));
        if ret < 0 {
            return Err(Error::IoctlFailed(nr, base::Error::last()));
        }
        Ok(ret)
    }

    unsafe fn ioctl_with_mut_ptr<T>(&self, nr: IoctlNr, arg: *mut T) -> Result<i32> {
        let ret = handle_eintr_errno!(base::ioctl_with_mut_ptr(&*self.fd, nr, arg));
        if ret < 0 {
            return Err(Error::IoctlFailed(nr, base::Error::last()));
        }
        Ok(ret)
    }

    pub fn reserve_dma_buffer(&mut self, size: usize) -> Result<Weak<Mutex<DmaBuffer>>> {
        if let Some(managed) = &mut self.dma_buffer {
            if managed.used.is_none() {
                let buf = Arc::new(Mutex::new(DmaBuffer {
                    addr: managed.buf.as_ptr() as u64,
                    size,
                }));
                let ret = Ok(Arc::downgrade(&buf));
                managed.used = Some(buf);
                return ret;
            }
        }
        Err(Error::GetDmaBufferFailed(size))
    }

    pub fn release_dma_buffer(&mut self, dmabuf: Weak<Mutex<DmaBuffer>>) -> Result<()> {
        if let Some(managed) = &mut self.dma_buffer {
            if let Some(released) = dmabuf.upgrade() {
                let addr = { released.lock().address() as u64 };
                if let Some(lent) = &managed.used {
                    if lent.lock().addr == addr {
                        managed.used = None;
                        return Ok(());
                    }
                }
            }
        }
        Err(Error::ReleaseDmaBufferFailed)
    }

    /// Submit a transfer to the device.
    /// The transfer will be processed asynchronously by the device.
    /// Call `poll_transfers()` on this device to check for completed transfers.
    pub fn submit_transfer(&mut self, transfer: Transfer) -> Result<TransferHandle> {
        let mut rc_transfer = Arc::new(transfer);

        // Technically, Arc::from_raw() should only be called on pointers returned
        // from Arc::into_raw(). However, we need to stash this value inside the
        // Arc<Transfer> itself, so we manually calculate the address that would be
        // returned from Arc::into_raw() via Deref and then call Arc::into_raw()
        // to forget the Arc without dropping its contents.
        // Do not remove the into_raw() call!
        let raw_transfer = (&*rc_transfer) as *const Transfer as usize;
        match Arc::get_mut(&mut rc_transfer) {
            Some(t) => t.urb_mut().usercontext = raw_transfer,
            None => {
                // This should never happen, since there is only one strong reference
                // at this point.
                return Err(Error::RcGetMutFailed);
            }
        }
        let _ = Arc::into_raw(rc_transfer.clone());

        let urb_ptr = rc_transfer.urb.as_ptr() as *mut usb_sys::usbdevfs_urb;

        // SAFETY:
        // Safe because we control the lifetime of the URB via Arc::into_raw() and
        // Arc::from_raw() in poll_transfers().
        unsafe {
            self.ioctl_with_mut_ptr(usb_sys::USBDEVFS_SUBMITURB, urb_ptr)?;
        }

        let weak_transfer = Arc::downgrade(&rc_transfer);

        Ok(TransferHandle {
            weak_transfer,
            fd: Arc::downgrade(&self.fd),
        })
    }

    /// Check for completed asynchronous transfers submitted via `submit_transfer()`.
    /// The callback for each completed transfer will be called.
    pub fn poll_transfers(&mut self) -> Result<()> {
        // Reap completed transfers until we get EAGAIN.
        loop {
            let mut urb_ptr: *mut usb_sys::usbdevfs_urb = std::ptr::null_mut();
            let result =
        // SAFETY:
            // Safe because we provide a valid urb_ptr to be filled by the kernel.
                unsafe { self.ioctl_with_mut_ref(usb_sys::USBDEVFS_REAPURBNDELAY, &mut urb_ptr) };
            match result {
                // EAGAIN indicates no more completed transfers right now.
                Err(Error::IoctlFailed(_nr, e)) if e.errno() == EAGAIN => break,
                Err(e) => return Err(e),
                Ok(_) => {}
            }

            if urb_ptr.is_null() {
                break;
            }

            let rc_transfer: Arc<Transfer> =
        // SAFETY:
            // Safe because the URB usercontext field is always set to the result of
            // Arc::into_raw() in submit_transfer().
                unsafe { Arc::from_raw((*urb_ptr).usercontext as *const Transfer) };

            // There should always be exactly one strong reference to rc_transfer,
            // so try_unwrap() should never fail.
            let mut transfer = Arc::try_unwrap(rc_transfer).map_err(|_| Error::RcUnwrapFailed)?;

            let dmabuf = match &mut transfer.buffer {
                TransferBuffer::Dma(buf) => Some(buf.clone()),
                TransferBuffer::Vector(_) => None,
            };

            if let Some(cb) = transfer.callback.take() {
                cb(transfer);
            }

            if let Some(dmabuf) = dmabuf {
                if self.release_dma_buffer(dmabuf).is_err() {
                    warn!("failed to release dma buffer");
                }
            }
        }

        Ok(())
    }

    /// Perform a USB port reset to reinitialize a device.
    pub fn reset(&self) -> Result<()> {
        // TODO(dverkamp): re-enable reset once crbug.com/1058059 is resolved.
        // Skip reset for all non-Edge TPU devices.
        let vid = self.device_descriptor_tree.idVendor;
        let pid = self.device_descriptor_tree.idProduct;
        match (vid, pid) {
            (0x1a6e, 0x089a) => (),
            _ => return Ok(()),
        }

        // SAFETY:
        // Safe because self.fd is a valid usbdevfs file descriptor.
        let result = unsafe { self.ioctl(usb_sys::USBDEVFS_RESET) };

        if let Err(Error::IoctlFailed(_nr, errno_err)) = result {
            // The device may disappear after a reset if e.g. its firmware changed.
            // Treat that as success.
            if errno_err.errno() == libc::ENODEV {
                return Ok(());
            }
        }

        result?;
        Ok(())
    }

    /// Claim an interface on this device.
    pub fn claim_interface(&self, interface_number: u8) -> Result<()> {
        let disconnect_claim = usb_sys::usbdevfs_disconnect_claim {
            interface: interface_number.into(),
            flags: 0,
            driver: [0u8; 256],
        };
        // SAFETY:
        // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
        // pointer to a usbdevs_disconnect_claim structure.
        unsafe {
            self.ioctl_with_ref(usb_sys::USBDEVFS_DISCONNECT_CLAIM, &disconnect_claim)?;
        }

        Ok(())
    }

    /// Release an interface previously claimed with `claim_interface()`.
    pub fn release_interface(&self, interface_number: u8) -> Result<()> {
        let ifnum: c_uint = interface_number.into();
        // SAFETY:
        // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
        // pointer to unsigned int.
        unsafe {
            self.ioctl_with_ref(usb_sys::USBDEVFS_RELEASEINTERFACE, &ifnum)?;
        }

        Ok(())
    }

    /// Activate an alternate setting for an interface.
    pub fn set_interface_alt_setting(
        &self,
        interface_number: u8,
        alternative_setting: u8,
    ) -> Result<()> {
        let setinterface = usb_sys::usbdevfs_setinterface {
            interface: interface_number.into(),
            altsetting: alternative_setting.into(),
        };
        // SAFETY:
        // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
        // pointer to a usbdevfs_setinterface structure.
        unsafe {
            self.ioctl_with_ref(usb_sys::USBDEVFS_SETINTERFACE, &setinterface)?;
        }
        Ok(())
    }

    /// Set active configuration for this device.
    pub fn set_active_configuration(&mut self, config: u8) -> Result<()> {
        let config: c_int = config.into();
        // SAFETY:
        // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
        // pointer to int.
        unsafe {
            self.ioctl_with_ref(usb_sys::USBDEVFS_SETCONFIGURATION, &config)?;
        }

        Ok(())
    }

    /// Get the device descriptor of this device.
    pub fn get_device_descriptor(&self) -> Result<DeviceDescriptor> {
        Ok(*self.device_descriptor_tree)
    }

    pub fn get_device_descriptor_tree(&self) -> &DeviceDescriptorTree {
        &self.device_descriptor_tree
    }

    /// Get active config descriptor of this device.
    pub fn get_config_descriptor(&self, config: u8) -> Result<ConfigDescriptorTree> {
        match self.device_descriptor_tree.get_config_descriptor(config) {
            Some(config_descriptor) => Ok(config_descriptor.clone()),
            None => Err(Error::NoSuchDescriptor),
        }
    }

    /// Get a configuration descriptor by its index within the list of descriptors returned
    /// by the device.
    pub fn get_config_descriptor_by_index(&self, config_index: u8) -> Result<ConfigDescriptorTree> {
        match self
            .device_descriptor_tree
            .get_config_descriptor_by_index(config_index)
        {
            Some(config_descriptor) => Ok(config_descriptor.clone()),
            None => Err(Error::NoSuchDescriptor),
        }
    }

    /// Get bConfigurationValue of the currently active configuration.
    pub fn get_active_configuration(&self) -> Result<u8> {
        // If the device only exposes a single configuration, bypass the control transfer below
        // by looking up the configuration value from the descriptor.
        if self.device_descriptor_tree.bNumConfigurations == 1 {
            if let Some(config_descriptor) = self
                .device_descriptor_tree
                .get_config_descriptor_by_index(0)
            {
                return Ok(config_descriptor.bConfigurationValue);
            }
        }

        // Send a synchronous control transfer to get the active configuration.
        let mut active_config: u8 = 0;
        let ctrl_transfer = usb_sys::usbdevfs_ctrltransfer {
            bRequestType: control_request_type(
                ControlRequestType::Standard,
                ControlRequestDataPhaseTransferDirection::DeviceToHost,
                ControlRequestRecipient::Device,
            ),
            bRequest: StandardControlRequest::GetConfiguration as u8,
            wValue: 0,
            wIndex: 0,
            wLength: size_of_val(&active_config) as u16,
            timeout: 5000, // milliseconds
            data: &mut active_config as *mut u8 as *mut c_void,
        };
        // SAFETY:
        // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
        // pointer to a usbdevfs_ctrltransfer structure.
        unsafe {
            self.ioctl_with_ref(usb_sys::USBDEVFS_CONTROL, &ctrl_transfer)?;
        }
        Ok(active_config)
    }

    /// Get the total number of configurations for this device.
    pub fn get_num_configurations(&self) -> u8 {
        self.device_descriptor_tree.bNumConfigurations
    }

    /// Clear the halt/stall condition for an endpoint.
    pub fn clear_halt(&self, ep_addr: u8) -> Result<()> {
        let endpoint: c_uint = ep_addr.into();
        // SAFETY:
        // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
        // pointer to unsigned int.
        unsafe {
            self.ioctl_with_ref(usb_sys::USBDEVFS_CLEAR_HALT, &endpoint)?;
        }

        Ok(())
    }

    /// Get speed of this device.
    pub fn get_speed(&self) -> Result<Option<DeviceSpeed>> {
        // SAFETY: args are valid and the return value is checked
        let speed = unsafe { self.ioctl(usb_sys::USBDEVFS_GET_SPEED) }?;
        match speed {
            1 => Ok(Some(DeviceSpeed::Low)),       // Low Speed
            2 => Ok(Some(DeviceSpeed::Full)),      // Full Speed
            3 => Ok(Some(DeviceSpeed::High)),      // High Speed
            4 => Ok(Some(DeviceSpeed::High)),      // Wireless, treat as a High Speed device
            5 => Ok(Some(DeviceSpeed::Super)),     // Super Speed
            6 => Ok(Some(DeviceSpeed::SuperPlus)), // Super Speed Plus
            _ => {
                error!("unexpected speed: {:?}", speed);
                Ok(None)
            }
        }
    }

    /// Allocate streams for the endpoint
    pub fn alloc_streams(&self, ep: u8, num_streams: u16) -> Result<()> {
        let mut streams = vec_with_array_field::<usb_sys::usbdevfs_streams, c_uchar>(1);
        streams[0].num_streams = num_streams as c_uint;
        streams[0].num_eps = 1 as c_uint;
        // SAFETY:
        // Safe because we have allocated enough memory
        let eps = unsafe { streams[0].eps.as_mut_slice(1) };
        eps[0] = ep as c_uchar;
        // SAFETY:
        // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
        // pointer to a usbdevfs_streams structure.
        unsafe {
            self.ioctl_with_ref(usb_sys::USBDEVFS_ALLOC_STREAMS, &streams[0])?;
        }
        Ok(())
    }

    /// Free streams for the endpoint
    pub fn free_streams(&self, ep: u8) -> Result<()> {
        let mut streams = vec_with_array_field::<usb_sys::usbdevfs_streams, c_uchar>(1);
        streams[0].num_eps = 1 as c_uint;
        // SAFETY:
        // Safe because we have allocated enough memory
        let eps = unsafe { streams[0].eps.as_mut_slice(1) };
        eps[0] = ep as c_uchar;
        // SAFETY:
        // Safe because self.fd is a valid usbdevfs file descriptor and we pass a valid
        // pointer to a usbdevfs_streams structure.
        unsafe {
            self.ioctl_with_ref(usb_sys::USBDEVFS_FREE_STREAMS, &streams[0])?;
        }
        Ok(())
    }
}

impl AsRawDescriptor for Device {
    fn as_raw_descriptor(&self) -> RawDescriptor {
        self.fd.as_raw_descriptor()
    }
}

impl Transfer {
    fn urb(&self) -> &usb_sys::usbdevfs_urb {
        // self.urb is a Vec created with `vec_with_array_field`; the first entry is
        // the URB itself.
        &self.urb[0]
    }

    fn urb_mut(&mut self) -> &mut usb_sys::usbdevfs_urb {
        &mut self.urb[0]
    }

    fn new(
        transfer_type: u8,
        endpoint: u8,
        buffer: TransferBuffer,
        iso_packets: &[usb_sys::usbdevfs_iso_packet_desc],
    ) -> Result<Transfer> {
        let mut transfer = Transfer {
            urb: vec_with_array_field::<usb_sys::usbdevfs_urb, usb_sys::usbdevfs_iso_packet_desc>(
                iso_packets.len(),
            ),
            buffer,
            callback: None,
        };

        transfer.urb_mut().urb_type = transfer_type;
        transfer.urb_mut().endpoint = endpoint;
        transfer.urb_mut().buffer = transfer.buffer.address().ok_or(Error::InvalidBuffer)?;
        transfer.urb_mut().buffer_length = transfer
            .buffer
            .size()
            .ok_or(Error::InvalidBuffer)?
            .try_into()
            .map_err(Error::InvalidBufferLength)?;

        // SAFETY:
        // Safe because we ensured there is enough space in transfer.urb to hold the number of
        // isochronous frames required.
        let iso_frame_desc = unsafe {
            transfer
                .urb_mut()
                .iso_frame_desc
                .as_mut_slice(iso_packets.len())
        };
        iso_frame_desc.copy_from_slice(iso_packets);

        Ok(transfer)
    }

    /// Create a control transfer.
    pub fn new_control(buffer: TransferBuffer) -> Result<Transfer> {
        let endpoint = 0;
        Self::new(usb_sys::USBDEVFS_URB_TYPE_CONTROL, endpoint, buffer, &[])
    }

    /// Create an interrupt transfer.
    pub fn new_interrupt(endpoint: u8, buffer: TransferBuffer) -> Result<Transfer> {
        Self::new(usb_sys::USBDEVFS_URB_TYPE_INTERRUPT, endpoint, buffer, &[])
    }

    /// Create a bulk transfer.
    pub fn new_bulk(
        endpoint: u8,
        buffer: TransferBuffer,
        stream_id: Option<u16>,
    ) -> Result<Transfer> {
        let mut transfer = Self::new(usb_sys::USBDEVFS_URB_TYPE_BULK, endpoint, buffer, &[])?;
        if let Some(stream_id) = stream_id {
            transfer.urb_mut().number_of_packets_or_stream_id = stream_id as u32;
        }
        Ok(transfer)
    }

    /// Create an isochronous transfer.
    pub fn new_isochronous(endpoint: u8, buffer: TransferBuffer) -> Result<Transfer> {
        // TODO(dverkamp): allow user to specify iso descriptors
        Self::new(usb_sys::USBDEVFS_URB_TYPE_ISO, endpoint, buffer, &[])
    }

    /// Get the status of a completed transfer.
    pub fn status(&self) -> TransferStatus {
        let status = self.urb().status;
        if status == 0 {
            TransferStatus::Completed
        } else if status == -ENODEV {
            TransferStatus::NoDevice
        } else if status == -ENOENT {
            TransferStatus::Cancelled
        } else if status == -EPIPE {
            TransferStatus::Stalled
        } else {
            TransferStatus::Error
        }
    }

    /// Get the actual amount of data transferred, which may be less than
    /// the original length.
    pub fn actual_length(&self) -> usize {
        self.urb().actual_length as usize
    }

    /// Set callback function for transfer completion.
    pub fn set_callback<C: 'static + Fn(Transfer) + Send + Sync>(&mut self, cb: C) {
        self.callback = Some(Box::new(cb));
    }
}

impl TransferHandle {
    /// Attempt to cancel the transfer associated with this `TransferHandle`.
    /// Safe to call even if the transfer has already completed;
    /// `Error::TransferAlreadyCompleted` will be returned in this case.
    pub fn cancel(&self) -> Result<()> {
        let rc_transfer = match self.weak_transfer.upgrade() {
            None => return Err(Error::TransferAlreadyCompleted),
            Some(rc_transfer) => rc_transfer,
        };

        let urb_ptr = rc_transfer.urb.as_ptr() as *mut usb_sys::usbdevfs_urb;
        let fd = match self.fd.upgrade() {
            None => return Err(Error::NoDevice),
            Some(fd) => fd,
        };

        // SAFETY:
        // Safe because fd is a valid usbdevfs file descriptor and we pass a valid
        // pointer to a usbdevfs_urb structure.
        if unsafe {
            handle_eintr_errno!(base::ioctl_with_mut_ptr(
                &*fd,
                usb_sys::USBDEVFS_DISCARDURB,
                urb_ptr
            ))
        } < 0
        {
            return Err(Error::IoctlFailed(
                usb_sys::USBDEVFS_DISCARDURB,
                base::Error::last(),
            ));
        }

        Ok(())
    }
}