1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0+
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * inode.c -- user mode filesystem api for usb gadget controllers
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * Copyright (C) 2003-2004 David Brownell
6*4882a593Smuzhiyun * Copyright (C) 2003 Agilent Technologies
7*4882a593Smuzhiyun */
8*4882a593Smuzhiyun
9*4882a593Smuzhiyun
10*4882a593Smuzhiyun /* #define VERBOSE_DEBUG */
11*4882a593Smuzhiyun
12*4882a593Smuzhiyun #include <linux/init.h>
13*4882a593Smuzhiyun #include <linux/module.h>
14*4882a593Smuzhiyun #include <linux/fs.h>
15*4882a593Smuzhiyun #include <linux/fs_context.h>
16*4882a593Smuzhiyun #include <linux/pagemap.h>
17*4882a593Smuzhiyun #include <linux/uts.h>
18*4882a593Smuzhiyun #include <linux/wait.h>
19*4882a593Smuzhiyun #include <linux/compiler.h>
20*4882a593Smuzhiyun #include <linux/uaccess.h>
21*4882a593Smuzhiyun #include <linux/sched.h>
22*4882a593Smuzhiyun #include <linux/slab.h>
23*4882a593Smuzhiyun #include <linux/poll.h>
24*4882a593Smuzhiyun #include <linux/kthread.h>
25*4882a593Smuzhiyun #include <linux/aio.h>
26*4882a593Smuzhiyun #include <linux/uio.h>
27*4882a593Smuzhiyun #include <linux/refcount.h>
28*4882a593Smuzhiyun #include <linux/delay.h>
29*4882a593Smuzhiyun #include <linux/device.h>
30*4882a593Smuzhiyun #include <linux/moduleparam.h>
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun #include <linux/usb/gadgetfs.h>
33*4882a593Smuzhiyun #include <linux/usb/gadget.h>
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun
36*4882a593Smuzhiyun /*
37*4882a593Smuzhiyun * The gadgetfs API maps each endpoint to a file descriptor so that you
38*4882a593Smuzhiyun * can use standard synchronous read/write calls for I/O. There's some
39*4882a593Smuzhiyun * O_NONBLOCK and O_ASYNC/FASYNC style i/o support. Example usermode
40*4882a593Smuzhiyun * drivers show how this works in practice. You can also use AIO to
41*4882a593Smuzhiyun * eliminate I/O gaps between requests, to help when streaming data.
42*4882a593Smuzhiyun *
43*4882a593Smuzhiyun * Key parts that must be USB-specific are protocols defining how the
44*4882a593Smuzhiyun * read/write operations relate to the hardware state machines. There
45*4882a593Smuzhiyun * are two types of files. One type is for the device, implementing ep0.
46*4882a593Smuzhiyun * The other type is for each IN or OUT endpoint. In both cases, the
47*4882a593Smuzhiyun * user mode driver must configure the hardware before using it.
48*4882a593Smuzhiyun *
49*4882a593Smuzhiyun * - First, dev_config() is called when /dev/gadget/$CHIP is configured
50*4882a593Smuzhiyun * (by writing configuration and device descriptors). Afterwards it
51*4882a593Smuzhiyun * may serve as a source of device events, used to handle all control
52*4882a593Smuzhiyun * requests other than basic enumeration.
53*4882a593Smuzhiyun *
54*4882a593Smuzhiyun * - Then, after a SET_CONFIGURATION control request, ep_config() is
55*4882a593Smuzhiyun * called when each /dev/gadget/ep* file is configured (by writing
56*4882a593Smuzhiyun * endpoint descriptors). Afterwards these files are used to write()
57*4882a593Smuzhiyun * IN data or to read() OUT data. To halt the endpoint, a "wrong
58*4882a593Smuzhiyun * direction" request is issued (like reading an IN endpoint).
59*4882a593Smuzhiyun *
60*4882a593Smuzhiyun * Unlike "usbfs" the only ioctl()s are for things that are rare, and maybe
61*4882a593Smuzhiyun * not possible on all hardware. For example, precise fault handling with
62*4882a593Smuzhiyun * respect to data left in endpoint fifos after aborted operations; or
63*4882a593Smuzhiyun * selective clearing of endpoint halts, to implement SET_INTERFACE.
64*4882a593Smuzhiyun */
65*4882a593Smuzhiyun
66*4882a593Smuzhiyun #define DRIVER_DESC "USB Gadget filesystem"
67*4882a593Smuzhiyun #define DRIVER_VERSION "24 Aug 2004"
68*4882a593Smuzhiyun
69*4882a593Smuzhiyun static const char driver_desc [] = DRIVER_DESC;
70*4882a593Smuzhiyun static const char shortname [] = "gadgetfs";
71*4882a593Smuzhiyun
72*4882a593Smuzhiyun MODULE_DESCRIPTION (DRIVER_DESC);
73*4882a593Smuzhiyun MODULE_AUTHOR ("David Brownell");
74*4882a593Smuzhiyun MODULE_LICENSE ("GPL");
75*4882a593Smuzhiyun
76*4882a593Smuzhiyun static int ep_open(struct inode *, struct file *);
77*4882a593Smuzhiyun
78*4882a593Smuzhiyun
79*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
80*4882a593Smuzhiyun
81*4882a593Smuzhiyun #define GADGETFS_MAGIC 0xaee71ee7
82*4882a593Smuzhiyun
83*4882a593Smuzhiyun /* /dev/gadget/$CHIP represents ep0 and the whole device */
84*4882a593Smuzhiyun enum ep0_state {
85*4882a593Smuzhiyun /* DISABLED is the initial state. */
86*4882a593Smuzhiyun STATE_DEV_DISABLED = 0,
87*4882a593Smuzhiyun
88*4882a593Smuzhiyun /* Only one open() of /dev/gadget/$CHIP; only one file tracks
89*4882a593Smuzhiyun * ep0/device i/o modes and binding to the controller. Driver
90*4882a593Smuzhiyun * must always write descriptors to initialize the device, then
91*4882a593Smuzhiyun * the device becomes UNCONNECTED until enumeration.
92*4882a593Smuzhiyun */
93*4882a593Smuzhiyun STATE_DEV_OPENED,
94*4882a593Smuzhiyun
95*4882a593Smuzhiyun /* From then on, ep0 fd is in either of two basic modes:
96*4882a593Smuzhiyun * - (UN)CONNECTED: read usb_gadgetfs_event(s) from it
97*4882a593Smuzhiyun * - SETUP: read/write will transfer control data and succeed;
98*4882a593Smuzhiyun * or if "wrong direction", performs protocol stall
99*4882a593Smuzhiyun */
100*4882a593Smuzhiyun STATE_DEV_UNCONNECTED,
101*4882a593Smuzhiyun STATE_DEV_CONNECTED,
102*4882a593Smuzhiyun STATE_DEV_SETUP,
103*4882a593Smuzhiyun
104*4882a593Smuzhiyun /* UNBOUND means the driver closed ep0, so the device won't be
105*4882a593Smuzhiyun * accessible again (DEV_DISABLED) until all fds are closed.
106*4882a593Smuzhiyun */
107*4882a593Smuzhiyun STATE_DEV_UNBOUND,
108*4882a593Smuzhiyun };
109*4882a593Smuzhiyun
110*4882a593Smuzhiyun /* enough for the whole queue: most events invalidate others */
111*4882a593Smuzhiyun #define N_EVENT 5
112*4882a593Smuzhiyun
113*4882a593Smuzhiyun #define RBUF_SIZE 256
114*4882a593Smuzhiyun
115*4882a593Smuzhiyun struct dev_data {
116*4882a593Smuzhiyun spinlock_t lock;
117*4882a593Smuzhiyun refcount_t count;
118*4882a593Smuzhiyun int udc_usage;
119*4882a593Smuzhiyun enum ep0_state state; /* P: lock */
120*4882a593Smuzhiyun struct usb_gadgetfs_event event [N_EVENT];
121*4882a593Smuzhiyun unsigned ev_next;
122*4882a593Smuzhiyun struct fasync_struct *fasync;
123*4882a593Smuzhiyun u8 current_config;
124*4882a593Smuzhiyun
125*4882a593Smuzhiyun /* drivers reading ep0 MUST handle control requests (SETUP)
126*4882a593Smuzhiyun * reported that way; else the host will time out.
127*4882a593Smuzhiyun */
128*4882a593Smuzhiyun unsigned usermode_setup : 1,
129*4882a593Smuzhiyun setup_in : 1,
130*4882a593Smuzhiyun setup_can_stall : 1,
131*4882a593Smuzhiyun setup_out_ready : 1,
132*4882a593Smuzhiyun setup_out_error : 1,
133*4882a593Smuzhiyun setup_abort : 1,
134*4882a593Smuzhiyun gadget_registered : 1;
135*4882a593Smuzhiyun unsigned setup_wLength;
136*4882a593Smuzhiyun
137*4882a593Smuzhiyun /* the rest is basically write-once */
138*4882a593Smuzhiyun struct usb_config_descriptor *config, *hs_config;
139*4882a593Smuzhiyun struct usb_device_descriptor *dev;
140*4882a593Smuzhiyun struct usb_request *req;
141*4882a593Smuzhiyun struct usb_gadget *gadget;
142*4882a593Smuzhiyun struct list_head epfiles;
143*4882a593Smuzhiyun void *buf;
144*4882a593Smuzhiyun wait_queue_head_t wait;
145*4882a593Smuzhiyun struct super_block *sb;
146*4882a593Smuzhiyun struct dentry *dentry;
147*4882a593Smuzhiyun
148*4882a593Smuzhiyun /* except this scratch i/o buffer for ep0 */
149*4882a593Smuzhiyun u8 rbuf[RBUF_SIZE];
150*4882a593Smuzhiyun };
151*4882a593Smuzhiyun
get_dev(struct dev_data * data)152*4882a593Smuzhiyun static inline void get_dev (struct dev_data *data)
153*4882a593Smuzhiyun {
154*4882a593Smuzhiyun refcount_inc (&data->count);
155*4882a593Smuzhiyun }
156*4882a593Smuzhiyun
put_dev(struct dev_data * data)157*4882a593Smuzhiyun static void put_dev (struct dev_data *data)
158*4882a593Smuzhiyun {
159*4882a593Smuzhiyun if (likely (!refcount_dec_and_test (&data->count)))
160*4882a593Smuzhiyun return;
161*4882a593Smuzhiyun /* needs no more cleanup */
162*4882a593Smuzhiyun BUG_ON (waitqueue_active (&data->wait));
163*4882a593Smuzhiyun kfree (data);
164*4882a593Smuzhiyun }
165*4882a593Smuzhiyun
dev_new(void)166*4882a593Smuzhiyun static struct dev_data *dev_new (void)
167*4882a593Smuzhiyun {
168*4882a593Smuzhiyun struct dev_data *dev;
169*4882a593Smuzhiyun
170*4882a593Smuzhiyun dev = kzalloc(sizeof(*dev), GFP_KERNEL);
171*4882a593Smuzhiyun if (!dev)
172*4882a593Smuzhiyun return NULL;
173*4882a593Smuzhiyun dev->state = STATE_DEV_DISABLED;
174*4882a593Smuzhiyun refcount_set (&dev->count, 1);
175*4882a593Smuzhiyun spin_lock_init (&dev->lock);
176*4882a593Smuzhiyun INIT_LIST_HEAD (&dev->epfiles);
177*4882a593Smuzhiyun init_waitqueue_head (&dev->wait);
178*4882a593Smuzhiyun return dev;
179*4882a593Smuzhiyun }
180*4882a593Smuzhiyun
181*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
182*4882a593Smuzhiyun
183*4882a593Smuzhiyun /* other /dev/gadget/$ENDPOINT files represent endpoints */
184*4882a593Smuzhiyun enum ep_state {
185*4882a593Smuzhiyun STATE_EP_DISABLED = 0,
186*4882a593Smuzhiyun STATE_EP_READY,
187*4882a593Smuzhiyun STATE_EP_ENABLED,
188*4882a593Smuzhiyun STATE_EP_UNBOUND,
189*4882a593Smuzhiyun };
190*4882a593Smuzhiyun
191*4882a593Smuzhiyun struct ep_data {
192*4882a593Smuzhiyun struct mutex lock;
193*4882a593Smuzhiyun enum ep_state state;
194*4882a593Smuzhiyun refcount_t count;
195*4882a593Smuzhiyun struct dev_data *dev;
196*4882a593Smuzhiyun /* must hold dev->lock before accessing ep or req */
197*4882a593Smuzhiyun struct usb_ep *ep;
198*4882a593Smuzhiyun struct usb_request *req;
199*4882a593Smuzhiyun ssize_t status;
200*4882a593Smuzhiyun char name [16];
201*4882a593Smuzhiyun struct usb_endpoint_descriptor desc, hs_desc;
202*4882a593Smuzhiyun struct list_head epfiles;
203*4882a593Smuzhiyun wait_queue_head_t wait;
204*4882a593Smuzhiyun struct dentry *dentry;
205*4882a593Smuzhiyun };
206*4882a593Smuzhiyun
get_ep(struct ep_data * data)207*4882a593Smuzhiyun static inline void get_ep (struct ep_data *data)
208*4882a593Smuzhiyun {
209*4882a593Smuzhiyun refcount_inc (&data->count);
210*4882a593Smuzhiyun }
211*4882a593Smuzhiyun
put_ep(struct ep_data * data)212*4882a593Smuzhiyun static void put_ep (struct ep_data *data)
213*4882a593Smuzhiyun {
214*4882a593Smuzhiyun if (likely (!refcount_dec_and_test (&data->count)))
215*4882a593Smuzhiyun return;
216*4882a593Smuzhiyun put_dev (data->dev);
217*4882a593Smuzhiyun /* needs no more cleanup */
218*4882a593Smuzhiyun BUG_ON (!list_empty (&data->epfiles));
219*4882a593Smuzhiyun BUG_ON (waitqueue_active (&data->wait));
220*4882a593Smuzhiyun kfree (data);
221*4882a593Smuzhiyun }
222*4882a593Smuzhiyun
223*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
224*4882a593Smuzhiyun
225*4882a593Smuzhiyun /* most "how to use the hardware" policy choices are in userspace:
226*4882a593Smuzhiyun * mapping endpoint roles (which the driver needs) to the capabilities
227*4882a593Smuzhiyun * which the usb controller has. most of those capabilities are exposed
228*4882a593Smuzhiyun * implicitly, starting with the driver name and then endpoint names.
229*4882a593Smuzhiyun */
230*4882a593Smuzhiyun
231*4882a593Smuzhiyun static const char *CHIP;
232*4882a593Smuzhiyun
233*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
234*4882a593Smuzhiyun
235*4882a593Smuzhiyun /* NOTE: don't use dev_printk calls before binding to the gadget
236*4882a593Smuzhiyun * at the end of ep0 configuration, or after unbind.
237*4882a593Smuzhiyun */
238*4882a593Smuzhiyun
239*4882a593Smuzhiyun /* too wordy: dev_printk(level , &(d)->gadget->dev , fmt , ## args) */
240*4882a593Smuzhiyun #define xprintk(d,level,fmt,args...) \
241*4882a593Smuzhiyun printk(level "%s: " fmt , shortname , ## args)
242*4882a593Smuzhiyun
243*4882a593Smuzhiyun #ifdef DEBUG
244*4882a593Smuzhiyun #define DBG(dev,fmt,args...) \
245*4882a593Smuzhiyun xprintk(dev , KERN_DEBUG , fmt , ## args)
246*4882a593Smuzhiyun #else
247*4882a593Smuzhiyun #define DBG(dev,fmt,args...) \
248*4882a593Smuzhiyun do { } while (0)
249*4882a593Smuzhiyun #endif /* DEBUG */
250*4882a593Smuzhiyun
251*4882a593Smuzhiyun #ifdef VERBOSE_DEBUG
252*4882a593Smuzhiyun #define VDEBUG DBG
253*4882a593Smuzhiyun #else
254*4882a593Smuzhiyun #define VDEBUG(dev,fmt,args...) \
255*4882a593Smuzhiyun do { } while (0)
256*4882a593Smuzhiyun #endif /* DEBUG */
257*4882a593Smuzhiyun
258*4882a593Smuzhiyun #define ERROR(dev,fmt,args...) \
259*4882a593Smuzhiyun xprintk(dev , KERN_ERR , fmt , ## args)
260*4882a593Smuzhiyun #define INFO(dev,fmt,args...) \
261*4882a593Smuzhiyun xprintk(dev , KERN_INFO , fmt , ## args)
262*4882a593Smuzhiyun
263*4882a593Smuzhiyun
264*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
265*4882a593Smuzhiyun
266*4882a593Smuzhiyun /* SYNCHRONOUS ENDPOINT OPERATIONS (bulk/intr/iso)
267*4882a593Smuzhiyun *
268*4882a593Smuzhiyun * After opening, configure non-control endpoints. Then use normal
269*4882a593Smuzhiyun * stream read() and write() requests; and maybe ioctl() to get more
270*4882a593Smuzhiyun * precise FIFO status when recovering from cancellation.
271*4882a593Smuzhiyun */
272*4882a593Smuzhiyun
epio_complete(struct usb_ep * ep,struct usb_request * req)273*4882a593Smuzhiyun static void epio_complete (struct usb_ep *ep, struct usb_request *req)
274*4882a593Smuzhiyun {
275*4882a593Smuzhiyun struct ep_data *epdata = ep->driver_data;
276*4882a593Smuzhiyun
277*4882a593Smuzhiyun if (!req->context)
278*4882a593Smuzhiyun return;
279*4882a593Smuzhiyun if (req->status)
280*4882a593Smuzhiyun epdata->status = req->status;
281*4882a593Smuzhiyun else
282*4882a593Smuzhiyun epdata->status = req->actual;
283*4882a593Smuzhiyun complete ((struct completion *)req->context);
284*4882a593Smuzhiyun }
285*4882a593Smuzhiyun
286*4882a593Smuzhiyun /* tasklock endpoint, returning when it's connected.
287*4882a593Smuzhiyun * still need dev->lock to use epdata->ep.
288*4882a593Smuzhiyun */
289*4882a593Smuzhiyun static int
get_ready_ep(unsigned f_flags,struct ep_data * epdata,bool is_write)290*4882a593Smuzhiyun get_ready_ep (unsigned f_flags, struct ep_data *epdata, bool is_write)
291*4882a593Smuzhiyun {
292*4882a593Smuzhiyun int val;
293*4882a593Smuzhiyun
294*4882a593Smuzhiyun if (f_flags & O_NONBLOCK) {
295*4882a593Smuzhiyun if (!mutex_trylock(&epdata->lock))
296*4882a593Smuzhiyun goto nonblock;
297*4882a593Smuzhiyun if (epdata->state != STATE_EP_ENABLED &&
298*4882a593Smuzhiyun (!is_write || epdata->state != STATE_EP_READY)) {
299*4882a593Smuzhiyun mutex_unlock(&epdata->lock);
300*4882a593Smuzhiyun nonblock:
301*4882a593Smuzhiyun val = -EAGAIN;
302*4882a593Smuzhiyun } else
303*4882a593Smuzhiyun val = 0;
304*4882a593Smuzhiyun return val;
305*4882a593Smuzhiyun }
306*4882a593Smuzhiyun
307*4882a593Smuzhiyun val = mutex_lock_interruptible(&epdata->lock);
308*4882a593Smuzhiyun if (val < 0)
309*4882a593Smuzhiyun return val;
310*4882a593Smuzhiyun
311*4882a593Smuzhiyun switch (epdata->state) {
312*4882a593Smuzhiyun case STATE_EP_ENABLED:
313*4882a593Smuzhiyun return 0;
314*4882a593Smuzhiyun case STATE_EP_READY: /* not configured yet */
315*4882a593Smuzhiyun if (is_write)
316*4882a593Smuzhiyun return 0;
317*4882a593Smuzhiyun fallthrough;
318*4882a593Smuzhiyun case STATE_EP_UNBOUND: /* clean disconnect */
319*4882a593Smuzhiyun break;
320*4882a593Smuzhiyun // case STATE_EP_DISABLED: /* "can't happen" */
321*4882a593Smuzhiyun default: /* error! */
322*4882a593Smuzhiyun pr_debug ("%s: ep %p not available, state %d\n",
323*4882a593Smuzhiyun shortname, epdata, epdata->state);
324*4882a593Smuzhiyun }
325*4882a593Smuzhiyun mutex_unlock(&epdata->lock);
326*4882a593Smuzhiyun return -ENODEV;
327*4882a593Smuzhiyun }
328*4882a593Smuzhiyun
329*4882a593Smuzhiyun static ssize_t
ep_io(struct ep_data * epdata,void * buf,unsigned len)330*4882a593Smuzhiyun ep_io (struct ep_data *epdata, void *buf, unsigned len)
331*4882a593Smuzhiyun {
332*4882a593Smuzhiyun DECLARE_COMPLETION_ONSTACK (done);
333*4882a593Smuzhiyun int value;
334*4882a593Smuzhiyun
335*4882a593Smuzhiyun spin_lock_irq (&epdata->dev->lock);
336*4882a593Smuzhiyun if (likely (epdata->ep != NULL)) {
337*4882a593Smuzhiyun struct usb_request *req = epdata->req;
338*4882a593Smuzhiyun
339*4882a593Smuzhiyun req->context = &done;
340*4882a593Smuzhiyun req->complete = epio_complete;
341*4882a593Smuzhiyun req->buf = buf;
342*4882a593Smuzhiyun req->length = len;
343*4882a593Smuzhiyun value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
344*4882a593Smuzhiyun } else
345*4882a593Smuzhiyun value = -ENODEV;
346*4882a593Smuzhiyun spin_unlock_irq (&epdata->dev->lock);
347*4882a593Smuzhiyun
348*4882a593Smuzhiyun if (likely (value == 0)) {
349*4882a593Smuzhiyun value = wait_for_completion_interruptible(&done);
350*4882a593Smuzhiyun if (value != 0) {
351*4882a593Smuzhiyun spin_lock_irq (&epdata->dev->lock);
352*4882a593Smuzhiyun if (likely (epdata->ep != NULL)) {
353*4882a593Smuzhiyun DBG (epdata->dev, "%s i/o interrupted\n",
354*4882a593Smuzhiyun epdata->name);
355*4882a593Smuzhiyun usb_ep_dequeue (epdata->ep, epdata->req);
356*4882a593Smuzhiyun spin_unlock_irq (&epdata->dev->lock);
357*4882a593Smuzhiyun
358*4882a593Smuzhiyun wait_for_completion(&done);
359*4882a593Smuzhiyun if (epdata->status == -ECONNRESET)
360*4882a593Smuzhiyun epdata->status = -EINTR;
361*4882a593Smuzhiyun } else {
362*4882a593Smuzhiyun spin_unlock_irq (&epdata->dev->lock);
363*4882a593Smuzhiyun
364*4882a593Smuzhiyun DBG (epdata->dev, "endpoint gone\n");
365*4882a593Smuzhiyun wait_for_completion(&done);
366*4882a593Smuzhiyun epdata->status = -ENODEV;
367*4882a593Smuzhiyun }
368*4882a593Smuzhiyun }
369*4882a593Smuzhiyun return epdata->status;
370*4882a593Smuzhiyun }
371*4882a593Smuzhiyun return value;
372*4882a593Smuzhiyun }
373*4882a593Smuzhiyun
374*4882a593Smuzhiyun static int
ep_release(struct inode * inode,struct file * fd)375*4882a593Smuzhiyun ep_release (struct inode *inode, struct file *fd)
376*4882a593Smuzhiyun {
377*4882a593Smuzhiyun struct ep_data *data = fd->private_data;
378*4882a593Smuzhiyun int value;
379*4882a593Smuzhiyun
380*4882a593Smuzhiyun value = mutex_lock_interruptible(&data->lock);
381*4882a593Smuzhiyun if (value < 0)
382*4882a593Smuzhiyun return value;
383*4882a593Smuzhiyun
384*4882a593Smuzhiyun /* clean up if this can be reopened */
385*4882a593Smuzhiyun if (data->state != STATE_EP_UNBOUND) {
386*4882a593Smuzhiyun data->state = STATE_EP_DISABLED;
387*4882a593Smuzhiyun data->desc.bDescriptorType = 0;
388*4882a593Smuzhiyun data->hs_desc.bDescriptorType = 0;
389*4882a593Smuzhiyun usb_ep_disable(data->ep);
390*4882a593Smuzhiyun }
391*4882a593Smuzhiyun mutex_unlock(&data->lock);
392*4882a593Smuzhiyun put_ep (data);
393*4882a593Smuzhiyun return 0;
394*4882a593Smuzhiyun }
395*4882a593Smuzhiyun
ep_ioctl(struct file * fd,unsigned code,unsigned long value)396*4882a593Smuzhiyun static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
397*4882a593Smuzhiyun {
398*4882a593Smuzhiyun struct ep_data *data = fd->private_data;
399*4882a593Smuzhiyun int status;
400*4882a593Smuzhiyun
401*4882a593Smuzhiyun if ((status = get_ready_ep (fd->f_flags, data, false)) < 0)
402*4882a593Smuzhiyun return status;
403*4882a593Smuzhiyun
404*4882a593Smuzhiyun spin_lock_irq (&data->dev->lock);
405*4882a593Smuzhiyun if (likely (data->ep != NULL)) {
406*4882a593Smuzhiyun switch (code) {
407*4882a593Smuzhiyun case GADGETFS_FIFO_STATUS:
408*4882a593Smuzhiyun status = usb_ep_fifo_status (data->ep);
409*4882a593Smuzhiyun break;
410*4882a593Smuzhiyun case GADGETFS_FIFO_FLUSH:
411*4882a593Smuzhiyun usb_ep_fifo_flush (data->ep);
412*4882a593Smuzhiyun break;
413*4882a593Smuzhiyun case GADGETFS_CLEAR_HALT:
414*4882a593Smuzhiyun status = usb_ep_clear_halt (data->ep);
415*4882a593Smuzhiyun break;
416*4882a593Smuzhiyun default:
417*4882a593Smuzhiyun status = -ENOTTY;
418*4882a593Smuzhiyun }
419*4882a593Smuzhiyun } else
420*4882a593Smuzhiyun status = -ENODEV;
421*4882a593Smuzhiyun spin_unlock_irq (&data->dev->lock);
422*4882a593Smuzhiyun mutex_unlock(&data->lock);
423*4882a593Smuzhiyun return status;
424*4882a593Smuzhiyun }
425*4882a593Smuzhiyun
426*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
427*4882a593Smuzhiyun
428*4882a593Smuzhiyun /* ASYNCHRONOUS ENDPOINT I/O OPERATIONS (bulk/intr/iso) */
429*4882a593Smuzhiyun
430*4882a593Smuzhiyun struct kiocb_priv {
431*4882a593Smuzhiyun struct usb_request *req;
432*4882a593Smuzhiyun struct ep_data *epdata;
433*4882a593Smuzhiyun struct kiocb *iocb;
434*4882a593Smuzhiyun struct mm_struct *mm;
435*4882a593Smuzhiyun struct work_struct work;
436*4882a593Smuzhiyun void *buf;
437*4882a593Smuzhiyun struct iov_iter to;
438*4882a593Smuzhiyun const void *to_free;
439*4882a593Smuzhiyun unsigned actual;
440*4882a593Smuzhiyun };
441*4882a593Smuzhiyun
ep_aio_cancel(struct kiocb * iocb)442*4882a593Smuzhiyun static int ep_aio_cancel(struct kiocb *iocb)
443*4882a593Smuzhiyun {
444*4882a593Smuzhiyun struct kiocb_priv *priv = iocb->private;
445*4882a593Smuzhiyun struct ep_data *epdata;
446*4882a593Smuzhiyun int value;
447*4882a593Smuzhiyun
448*4882a593Smuzhiyun local_irq_disable();
449*4882a593Smuzhiyun epdata = priv->epdata;
450*4882a593Smuzhiyun // spin_lock(&epdata->dev->lock);
451*4882a593Smuzhiyun if (likely(epdata && epdata->ep && priv->req))
452*4882a593Smuzhiyun value = usb_ep_dequeue (epdata->ep, priv->req);
453*4882a593Smuzhiyun else
454*4882a593Smuzhiyun value = -EINVAL;
455*4882a593Smuzhiyun // spin_unlock(&epdata->dev->lock);
456*4882a593Smuzhiyun local_irq_enable();
457*4882a593Smuzhiyun
458*4882a593Smuzhiyun return value;
459*4882a593Smuzhiyun }
460*4882a593Smuzhiyun
ep_user_copy_worker(struct work_struct * work)461*4882a593Smuzhiyun static void ep_user_copy_worker(struct work_struct *work)
462*4882a593Smuzhiyun {
463*4882a593Smuzhiyun struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
464*4882a593Smuzhiyun struct mm_struct *mm = priv->mm;
465*4882a593Smuzhiyun struct kiocb *iocb = priv->iocb;
466*4882a593Smuzhiyun size_t ret;
467*4882a593Smuzhiyun
468*4882a593Smuzhiyun kthread_use_mm(mm);
469*4882a593Smuzhiyun ret = copy_to_iter(priv->buf, priv->actual, &priv->to);
470*4882a593Smuzhiyun kthread_unuse_mm(mm);
471*4882a593Smuzhiyun if (!ret)
472*4882a593Smuzhiyun ret = -EFAULT;
473*4882a593Smuzhiyun
474*4882a593Smuzhiyun /* completing the iocb can drop the ctx and mm, don't touch mm after */
475*4882a593Smuzhiyun iocb->ki_complete(iocb, ret, ret);
476*4882a593Smuzhiyun
477*4882a593Smuzhiyun kfree(priv->buf);
478*4882a593Smuzhiyun kfree(priv->to_free);
479*4882a593Smuzhiyun kfree(priv);
480*4882a593Smuzhiyun }
481*4882a593Smuzhiyun
ep_aio_complete(struct usb_ep * ep,struct usb_request * req)482*4882a593Smuzhiyun static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
483*4882a593Smuzhiyun {
484*4882a593Smuzhiyun struct kiocb *iocb = req->context;
485*4882a593Smuzhiyun struct kiocb_priv *priv = iocb->private;
486*4882a593Smuzhiyun struct ep_data *epdata = priv->epdata;
487*4882a593Smuzhiyun
488*4882a593Smuzhiyun /* lock against disconnect (and ideally, cancel) */
489*4882a593Smuzhiyun spin_lock(&epdata->dev->lock);
490*4882a593Smuzhiyun priv->req = NULL;
491*4882a593Smuzhiyun priv->epdata = NULL;
492*4882a593Smuzhiyun
493*4882a593Smuzhiyun /* if this was a write or a read returning no data then we
494*4882a593Smuzhiyun * don't need to copy anything to userspace, so we can
495*4882a593Smuzhiyun * complete the aio request immediately.
496*4882a593Smuzhiyun */
497*4882a593Smuzhiyun if (priv->to_free == NULL || unlikely(req->actual == 0)) {
498*4882a593Smuzhiyun kfree(req->buf);
499*4882a593Smuzhiyun kfree(priv->to_free);
500*4882a593Smuzhiyun kfree(priv);
501*4882a593Smuzhiyun iocb->private = NULL;
502*4882a593Smuzhiyun /* aio_complete() reports bytes-transferred _and_ faults */
503*4882a593Smuzhiyun
504*4882a593Smuzhiyun iocb->ki_complete(iocb, req->actual ? req->actual : req->status,
505*4882a593Smuzhiyun req->status);
506*4882a593Smuzhiyun } else {
507*4882a593Smuzhiyun /* ep_copy_to_user() won't report both; we hide some faults */
508*4882a593Smuzhiyun if (unlikely(0 != req->status))
509*4882a593Smuzhiyun DBG(epdata->dev, "%s fault %d len %d\n",
510*4882a593Smuzhiyun ep->name, req->status, req->actual);
511*4882a593Smuzhiyun
512*4882a593Smuzhiyun priv->buf = req->buf;
513*4882a593Smuzhiyun priv->actual = req->actual;
514*4882a593Smuzhiyun INIT_WORK(&priv->work, ep_user_copy_worker);
515*4882a593Smuzhiyun schedule_work(&priv->work);
516*4882a593Smuzhiyun }
517*4882a593Smuzhiyun
518*4882a593Smuzhiyun usb_ep_free_request(ep, req);
519*4882a593Smuzhiyun spin_unlock(&epdata->dev->lock);
520*4882a593Smuzhiyun put_ep(epdata);
521*4882a593Smuzhiyun }
522*4882a593Smuzhiyun
ep_aio(struct kiocb * iocb,struct kiocb_priv * priv,struct ep_data * epdata,char * buf,size_t len)523*4882a593Smuzhiyun static ssize_t ep_aio(struct kiocb *iocb,
524*4882a593Smuzhiyun struct kiocb_priv *priv,
525*4882a593Smuzhiyun struct ep_data *epdata,
526*4882a593Smuzhiyun char *buf,
527*4882a593Smuzhiyun size_t len)
528*4882a593Smuzhiyun {
529*4882a593Smuzhiyun struct usb_request *req;
530*4882a593Smuzhiyun ssize_t value;
531*4882a593Smuzhiyun
532*4882a593Smuzhiyun iocb->private = priv;
533*4882a593Smuzhiyun priv->iocb = iocb;
534*4882a593Smuzhiyun
535*4882a593Smuzhiyun kiocb_set_cancel_fn(iocb, ep_aio_cancel);
536*4882a593Smuzhiyun get_ep(epdata);
537*4882a593Smuzhiyun priv->epdata = epdata;
538*4882a593Smuzhiyun priv->actual = 0;
539*4882a593Smuzhiyun priv->mm = current->mm; /* mm teardown waits for iocbs in exit_aio() */
540*4882a593Smuzhiyun
541*4882a593Smuzhiyun /* each kiocb is coupled to one usb_request, but we can't
542*4882a593Smuzhiyun * allocate or submit those if the host disconnected.
543*4882a593Smuzhiyun */
544*4882a593Smuzhiyun spin_lock_irq(&epdata->dev->lock);
545*4882a593Smuzhiyun value = -ENODEV;
546*4882a593Smuzhiyun if (unlikely(epdata->ep == NULL))
547*4882a593Smuzhiyun goto fail;
548*4882a593Smuzhiyun
549*4882a593Smuzhiyun req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
550*4882a593Smuzhiyun value = -ENOMEM;
551*4882a593Smuzhiyun if (unlikely(!req))
552*4882a593Smuzhiyun goto fail;
553*4882a593Smuzhiyun
554*4882a593Smuzhiyun priv->req = req;
555*4882a593Smuzhiyun req->buf = buf;
556*4882a593Smuzhiyun req->length = len;
557*4882a593Smuzhiyun req->complete = ep_aio_complete;
558*4882a593Smuzhiyun req->context = iocb;
559*4882a593Smuzhiyun value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
560*4882a593Smuzhiyun if (unlikely(0 != value)) {
561*4882a593Smuzhiyun usb_ep_free_request(epdata->ep, req);
562*4882a593Smuzhiyun goto fail;
563*4882a593Smuzhiyun }
564*4882a593Smuzhiyun spin_unlock_irq(&epdata->dev->lock);
565*4882a593Smuzhiyun return -EIOCBQUEUED;
566*4882a593Smuzhiyun
567*4882a593Smuzhiyun fail:
568*4882a593Smuzhiyun spin_unlock_irq(&epdata->dev->lock);
569*4882a593Smuzhiyun kfree(priv->to_free);
570*4882a593Smuzhiyun kfree(priv);
571*4882a593Smuzhiyun put_ep(epdata);
572*4882a593Smuzhiyun return value;
573*4882a593Smuzhiyun }
574*4882a593Smuzhiyun
575*4882a593Smuzhiyun static ssize_t
ep_read_iter(struct kiocb * iocb,struct iov_iter * to)576*4882a593Smuzhiyun ep_read_iter(struct kiocb *iocb, struct iov_iter *to)
577*4882a593Smuzhiyun {
578*4882a593Smuzhiyun struct file *file = iocb->ki_filp;
579*4882a593Smuzhiyun struct ep_data *epdata = file->private_data;
580*4882a593Smuzhiyun size_t len = iov_iter_count(to);
581*4882a593Smuzhiyun ssize_t value;
582*4882a593Smuzhiyun char *buf;
583*4882a593Smuzhiyun
584*4882a593Smuzhiyun if ((value = get_ready_ep(file->f_flags, epdata, false)) < 0)
585*4882a593Smuzhiyun return value;
586*4882a593Smuzhiyun
587*4882a593Smuzhiyun /* halt any endpoint by doing a "wrong direction" i/o call */
588*4882a593Smuzhiyun if (usb_endpoint_dir_in(&epdata->desc)) {
589*4882a593Smuzhiyun if (usb_endpoint_xfer_isoc(&epdata->desc) ||
590*4882a593Smuzhiyun !is_sync_kiocb(iocb)) {
591*4882a593Smuzhiyun mutex_unlock(&epdata->lock);
592*4882a593Smuzhiyun return -EINVAL;
593*4882a593Smuzhiyun }
594*4882a593Smuzhiyun DBG (epdata->dev, "%s halt\n", epdata->name);
595*4882a593Smuzhiyun spin_lock_irq(&epdata->dev->lock);
596*4882a593Smuzhiyun if (likely(epdata->ep != NULL))
597*4882a593Smuzhiyun usb_ep_set_halt(epdata->ep);
598*4882a593Smuzhiyun spin_unlock_irq(&epdata->dev->lock);
599*4882a593Smuzhiyun mutex_unlock(&epdata->lock);
600*4882a593Smuzhiyun return -EBADMSG;
601*4882a593Smuzhiyun }
602*4882a593Smuzhiyun
603*4882a593Smuzhiyun buf = kmalloc(len, GFP_KERNEL);
604*4882a593Smuzhiyun if (unlikely(!buf)) {
605*4882a593Smuzhiyun mutex_unlock(&epdata->lock);
606*4882a593Smuzhiyun return -ENOMEM;
607*4882a593Smuzhiyun }
608*4882a593Smuzhiyun if (is_sync_kiocb(iocb)) {
609*4882a593Smuzhiyun value = ep_io(epdata, buf, len);
610*4882a593Smuzhiyun if (value >= 0 && (copy_to_iter(buf, value, to) != value))
611*4882a593Smuzhiyun value = -EFAULT;
612*4882a593Smuzhiyun } else {
613*4882a593Smuzhiyun struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
614*4882a593Smuzhiyun value = -ENOMEM;
615*4882a593Smuzhiyun if (!priv)
616*4882a593Smuzhiyun goto fail;
617*4882a593Smuzhiyun priv->to_free = dup_iter(&priv->to, to, GFP_KERNEL);
618*4882a593Smuzhiyun if (!priv->to_free) {
619*4882a593Smuzhiyun kfree(priv);
620*4882a593Smuzhiyun goto fail;
621*4882a593Smuzhiyun }
622*4882a593Smuzhiyun value = ep_aio(iocb, priv, epdata, buf, len);
623*4882a593Smuzhiyun if (value == -EIOCBQUEUED)
624*4882a593Smuzhiyun buf = NULL;
625*4882a593Smuzhiyun }
626*4882a593Smuzhiyun fail:
627*4882a593Smuzhiyun kfree(buf);
628*4882a593Smuzhiyun mutex_unlock(&epdata->lock);
629*4882a593Smuzhiyun return value;
630*4882a593Smuzhiyun }
631*4882a593Smuzhiyun
632*4882a593Smuzhiyun static ssize_t ep_config(struct ep_data *, const char *, size_t);
633*4882a593Smuzhiyun
634*4882a593Smuzhiyun static ssize_t
ep_write_iter(struct kiocb * iocb,struct iov_iter * from)635*4882a593Smuzhiyun ep_write_iter(struct kiocb *iocb, struct iov_iter *from)
636*4882a593Smuzhiyun {
637*4882a593Smuzhiyun struct file *file = iocb->ki_filp;
638*4882a593Smuzhiyun struct ep_data *epdata = file->private_data;
639*4882a593Smuzhiyun size_t len = iov_iter_count(from);
640*4882a593Smuzhiyun bool configured;
641*4882a593Smuzhiyun ssize_t value;
642*4882a593Smuzhiyun char *buf;
643*4882a593Smuzhiyun
644*4882a593Smuzhiyun if ((value = get_ready_ep(file->f_flags, epdata, true)) < 0)
645*4882a593Smuzhiyun return value;
646*4882a593Smuzhiyun
647*4882a593Smuzhiyun configured = epdata->state == STATE_EP_ENABLED;
648*4882a593Smuzhiyun
649*4882a593Smuzhiyun /* halt any endpoint by doing a "wrong direction" i/o call */
650*4882a593Smuzhiyun if (configured && !usb_endpoint_dir_in(&epdata->desc)) {
651*4882a593Smuzhiyun if (usb_endpoint_xfer_isoc(&epdata->desc) ||
652*4882a593Smuzhiyun !is_sync_kiocb(iocb)) {
653*4882a593Smuzhiyun mutex_unlock(&epdata->lock);
654*4882a593Smuzhiyun return -EINVAL;
655*4882a593Smuzhiyun }
656*4882a593Smuzhiyun DBG (epdata->dev, "%s halt\n", epdata->name);
657*4882a593Smuzhiyun spin_lock_irq(&epdata->dev->lock);
658*4882a593Smuzhiyun if (likely(epdata->ep != NULL))
659*4882a593Smuzhiyun usb_ep_set_halt(epdata->ep);
660*4882a593Smuzhiyun spin_unlock_irq(&epdata->dev->lock);
661*4882a593Smuzhiyun mutex_unlock(&epdata->lock);
662*4882a593Smuzhiyun return -EBADMSG;
663*4882a593Smuzhiyun }
664*4882a593Smuzhiyun
665*4882a593Smuzhiyun buf = kmalloc(len, GFP_KERNEL);
666*4882a593Smuzhiyun if (unlikely(!buf)) {
667*4882a593Smuzhiyun mutex_unlock(&epdata->lock);
668*4882a593Smuzhiyun return -ENOMEM;
669*4882a593Smuzhiyun }
670*4882a593Smuzhiyun
671*4882a593Smuzhiyun if (unlikely(!copy_from_iter_full(buf, len, from))) {
672*4882a593Smuzhiyun value = -EFAULT;
673*4882a593Smuzhiyun goto out;
674*4882a593Smuzhiyun }
675*4882a593Smuzhiyun
676*4882a593Smuzhiyun if (unlikely(!configured)) {
677*4882a593Smuzhiyun value = ep_config(epdata, buf, len);
678*4882a593Smuzhiyun } else if (is_sync_kiocb(iocb)) {
679*4882a593Smuzhiyun value = ep_io(epdata, buf, len);
680*4882a593Smuzhiyun } else {
681*4882a593Smuzhiyun struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
682*4882a593Smuzhiyun value = -ENOMEM;
683*4882a593Smuzhiyun if (priv) {
684*4882a593Smuzhiyun value = ep_aio(iocb, priv, epdata, buf, len);
685*4882a593Smuzhiyun if (value == -EIOCBQUEUED)
686*4882a593Smuzhiyun buf = NULL;
687*4882a593Smuzhiyun }
688*4882a593Smuzhiyun }
689*4882a593Smuzhiyun out:
690*4882a593Smuzhiyun kfree(buf);
691*4882a593Smuzhiyun mutex_unlock(&epdata->lock);
692*4882a593Smuzhiyun return value;
693*4882a593Smuzhiyun }
694*4882a593Smuzhiyun
695*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
696*4882a593Smuzhiyun
697*4882a593Smuzhiyun /* used after endpoint configuration */
698*4882a593Smuzhiyun static const struct file_operations ep_io_operations = {
699*4882a593Smuzhiyun .owner = THIS_MODULE,
700*4882a593Smuzhiyun
701*4882a593Smuzhiyun .open = ep_open,
702*4882a593Smuzhiyun .release = ep_release,
703*4882a593Smuzhiyun .llseek = no_llseek,
704*4882a593Smuzhiyun .unlocked_ioctl = ep_ioctl,
705*4882a593Smuzhiyun .read_iter = ep_read_iter,
706*4882a593Smuzhiyun .write_iter = ep_write_iter,
707*4882a593Smuzhiyun };
708*4882a593Smuzhiyun
709*4882a593Smuzhiyun /* ENDPOINT INITIALIZATION
710*4882a593Smuzhiyun *
711*4882a593Smuzhiyun * fd = open ("/dev/gadget/$ENDPOINT", O_RDWR)
712*4882a593Smuzhiyun * status = write (fd, descriptors, sizeof descriptors)
713*4882a593Smuzhiyun *
714*4882a593Smuzhiyun * That write establishes the endpoint configuration, configuring
715*4882a593Smuzhiyun * the controller to process bulk, interrupt, or isochronous transfers
716*4882a593Smuzhiyun * at the right maxpacket size, and so on.
717*4882a593Smuzhiyun *
718*4882a593Smuzhiyun * The descriptors are message type 1, identified by a host order u32
719*4882a593Smuzhiyun * at the beginning of what's written. Descriptor order is: full/low
720*4882a593Smuzhiyun * speed descriptor, then optional high speed descriptor.
721*4882a593Smuzhiyun */
722*4882a593Smuzhiyun static ssize_t
ep_config(struct ep_data * data,const char * buf,size_t len)723*4882a593Smuzhiyun ep_config (struct ep_data *data, const char *buf, size_t len)
724*4882a593Smuzhiyun {
725*4882a593Smuzhiyun struct usb_ep *ep;
726*4882a593Smuzhiyun u32 tag;
727*4882a593Smuzhiyun int value, length = len;
728*4882a593Smuzhiyun
729*4882a593Smuzhiyun if (data->state != STATE_EP_READY) {
730*4882a593Smuzhiyun value = -EL2HLT;
731*4882a593Smuzhiyun goto fail;
732*4882a593Smuzhiyun }
733*4882a593Smuzhiyun
734*4882a593Smuzhiyun value = len;
735*4882a593Smuzhiyun if (len < USB_DT_ENDPOINT_SIZE + 4)
736*4882a593Smuzhiyun goto fail0;
737*4882a593Smuzhiyun
738*4882a593Smuzhiyun /* we might need to change message format someday */
739*4882a593Smuzhiyun memcpy(&tag, buf, 4);
740*4882a593Smuzhiyun if (tag != 1) {
741*4882a593Smuzhiyun DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
742*4882a593Smuzhiyun goto fail0;
743*4882a593Smuzhiyun }
744*4882a593Smuzhiyun buf += 4;
745*4882a593Smuzhiyun len -= 4;
746*4882a593Smuzhiyun
747*4882a593Smuzhiyun /* NOTE: audio endpoint extensions not accepted here;
748*4882a593Smuzhiyun * just don't include the extra bytes.
749*4882a593Smuzhiyun */
750*4882a593Smuzhiyun
751*4882a593Smuzhiyun /* full/low speed descriptor, then high speed */
752*4882a593Smuzhiyun memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE);
753*4882a593Smuzhiyun if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
754*4882a593Smuzhiyun || data->desc.bDescriptorType != USB_DT_ENDPOINT)
755*4882a593Smuzhiyun goto fail0;
756*4882a593Smuzhiyun if (len != USB_DT_ENDPOINT_SIZE) {
757*4882a593Smuzhiyun if (len != 2 * USB_DT_ENDPOINT_SIZE)
758*4882a593Smuzhiyun goto fail0;
759*4882a593Smuzhiyun memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
760*4882a593Smuzhiyun USB_DT_ENDPOINT_SIZE);
761*4882a593Smuzhiyun if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
762*4882a593Smuzhiyun || data->hs_desc.bDescriptorType
763*4882a593Smuzhiyun != USB_DT_ENDPOINT) {
764*4882a593Smuzhiyun DBG(data->dev, "config %s, bad hs length or type\n",
765*4882a593Smuzhiyun data->name);
766*4882a593Smuzhiyun goto fail0;
767*4882a593Smuzhiyun }
768*4882a593Smuzhiyun }
769*4882a593Smuzhiyun
770*4882a593Smuzhiyun spin_lock_irq (&data->dev->lock);
771*4882a593Smuzhiyun if (data->dev->state == STATE_DEV_UNBOUND) {
772*4882a593Smuzhiyun value = -ENOENT;
773*4882a593Smuzhiyun goto gone;
774*4882a593Smuzhiyun } else {
775*4882a593Smuzhiyun ep = data->ep;
776*4882a593Smuzhiyun if (ep == NULL) {
777*4882a593Smuzhiyun value = -ENODEV;
778*4882a593Smuzhiyun goto gone;
779*4882a593Smuzhiyun }
780*4882a593Smuzhiyun }
781*4882a593Smuzhiyun switch (data->dev->gadget->speed) {
782*4882a593Smuzhiyun case USB_SPEED_LOW:
783*4882a593Smuzhiyun case USB_SPEED_FULL:
784*4882a593Smuzhiyun ep->desc = &data->desc;
785*4882a593Smuzhiyun break;
786*4882a593Smuzhiyun case USB_SPEED_HIGH:
787*4882a593Smuzhiyun /* fails if caller didn't provide that descriptor... */
788*4882a593Smuzhiyun ep->desc = &data->hs_desc;
789*4882a593Smuzhiyun break;
790*4882a593Smuzhiyun default:
791*4882a593Smuzhiyun DBG(data->dev, "unconnected, %s init abandoned\n",
792*4882a593Smuzhiyun data->name);
793*4882a593Smuzhiyun value = -EINVAL;
794*4882a593Smuzhiyun goto gone;
795*4882a593Smuzhiyun }
796*4882a593Smuzhiyun value = usb_ep_enable(ep);
797*4882a593Smuzhiyun if (value == 0) {
798*4882a593Smuzhiyun data->state = STATE_EP_ENABLED;
799*4882a593Smuzhiyun value = length;
800*4882a593Smuzhiyun }
801*4882a593Smuzhiyun gone:
802*4882a593Smuzhiyun spin_unlock_irq (&data->dev->lock);
803*4882a593Smuzhiyun if (value < 0) {
804*4882a593Smuzhiyun fail:
805*4882a593Smuzhiyun data->desc.bDescriptorType = 0;
806*4882a593Smuzhiyun data->hs_desc.bDescriptorType = 0;
807*4882a593Smuzhiyun }
808*4882a593Smuzhiyun return value;
809*4882a593Smuzhiyun fail0:
810*4882a593Smuzhiyun value = -EINVAL;
811*4882a593Smuzhiyun goto fail;
812*4882a593Smuzhiyun }
813*4882a593Smuzhiyun
814*4882a593Smuzhiyun static int
ep_open(struct inode * inode,struct file * fd)815*4882a593Smuzhiyun ep_open (struct inode *inode, struct file *fd)
816*4882a593Smuzhiyun {
817*4882a593Smuzhiyun struct ep_data *data = inode->i_private;
818*4882a593Smuzhiyun int value = -EBUSY;
819*4882a593Smuzhiyun
820*4882a593Smuzhiyun if (mutex_lock_interruptible(&data->lock) != 0)
821*4882a593Smuzhiyun return -EINTR;
822*4882a593Smuzhiyun spin_lock_irq (&data->dev->lock);
823*4882a593Smuzhiyun if (data->dev->state == STATE_DEV_UNBOUND)
824*4882a593Smuzhiyun value = -ENOENT;
825*4882a593Smuzhiyun else if (data->state == STATE_EP_DISABLED) {
826*4882a593Smuzhiyun value = 0;
827*4882a593Smuzhiyun data->state = STATE_EP_READY;
828*4882a593Smuzhiyun get_ep (data);
829*4882a593Smuzhiyun fd->private_data = data;
830*4882a593Smuzhiyun VDEBUG (data->dev, "%s ready\n", data->name);
831*4882a593Smuzhiyun } else
832*4882a593Smuzhiyun DBG (data->dev, "%s state %d\n",
833*4882a593Smuzhiyun data->name, data->state);
834*4882a593Smuzhiyun spin_unlock_irq (&data->dev->lock);
835*4882a593Smuzhiyun mutex_unlock(&data->lock);
836*4882a593Smuzhiyun return value;
837*4882a593Smuzhiyun }
838*4882a593Smuzhiyun
839*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
840*4882a593Smuzhiyun
841*4882a593Smuzhiyun /* EP0 IMPLEMENTATION can be partly in userspace.
842*4882a593Smuzhiyun *
843*4882a593Smuzhiyun * Drivers that use this facility receive various events, including
844*4882a593Smuzhiyun * control requests the kernel doesn't handle. Drivers that don't
845*4882a593Smuzhiyun * use this facility may be too simple-minded for real applications.
846*4882a593Smuzhiyun */
847*4882a593Smuzhiyun
ep0_readable(struct dev_data * dev)848*4882a593Smuzhiyun static inline void ep0_readable (struct dev_data *dev)
849*4882a593Smuzhiyun {
850*4882a593Smuzhiyun wake_up (&dev->wait);
851*4882a593Smuzhiyun kill_fasync (&dev->fasync, SIGIO, POLL_IN);
852*4882a593Smuzhiyun }
853*4882a593Smuzhiyun
clean_req(struct usb_ep * ep,struct usb_request * req)854*4882a593Smuzhiyun static void clean_req (struct usb_ep *ep, struct usb_request *req)
855*4882a593Smuzhiyun {
856*4882a593Smuzhiyun struct dev_data *dev = ep->driver_data;
857*4882a593Smuzhiyun
858*4882a593Smuzhiyun if (req->buf != dev->rbuf) {
859*4882a593Smuzhiyun kfree(req->buf);
860*4882a593Smuzhiyun req->buf = dev->rbuf;
861*4882a593Smuzhiyun }
862*4882a593Smuzhiyun req->complete = epio_complete;
863*4882a593Smuzhiyun dev->setup_out_ready = 0;
864*4882a593Smuzhiyun }
865*4882a593Smuzhiyun
ep0_complete(struct usb_ep * ep,struct usb_request * req)866*4882a593Smuzhiyun static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
867*4882a593Smuzhiyun {
868*4882a593Smuzhiyun struct dev_data *dev = ep->driver_data;
869*4882a593Smuzhiyun unsigned long flags;
870*4882a593Smuzhiyun int free = 1;
871*4882a593Smuzhiyun
872*4882a593Smuzhiyun /* for control OUT, data must still get to userspace */
873*4882a593Smuzhiyun spin_lock_irqsave(&dev->lock, flags);
874*4882a593Smuzhiyun if (!dev->setup_in) {
875*4882a593Smuzhiyun dev->setup_out_error = (req->status != 0);
876*4882a593Smuzhiyun if (!dev->setup_out_error)
877*4882a593Smuzhiyun free = 0;
878*4882a593Smuzhiyun dev->setup_out_ready = 1;
879*4882a593Smuzhiyun ep0_readable (dev);
880*4882a593Smuzhiyun }
881*4882a593Smuzhiyun
882*4882a593Smuzhiyun /* clean up as appropriate */
883*4882a593Smuzhiyun if (free && req->buf != &dev->rbuf)
884*4882a593Smuzhiyun clean_req (ep, req);
885*4882a593Smuzhiyun req->complete = epio_complete;
886*4882a593Smuzhiyun spin_unlock_irqrestore(&dev->lock, flags);
887*4882a593Smuzhiyun }
888*4882a593Smuzhiyun
setup_req(struct usb_ep * ep,struct usb_request * req,u16 len)889*4882a593Smuzhiyun static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
890*4882a593Smuzhiyun {
891*4882a593Smuzhiyun struct dev_data *dev = ep->driver_data;
892*4882a593Smuzhiyun
893*4882a593Smuzhiyun if (dev->setup_out_ready) {
894*4882a593Smuzhiyun DBG (dev, "ep0 request busy!\n");
895*4882a593Smuzhiyun return -EBUSY;
896*4882a593Smuzhiyun }
897*4882a593Smuzhiyun if (len > sizeof (dev->rbuf))
898*4882a593Smuzhiyun req->buf = kmalloc(len, GFP_ATOMIC);
899*4882a593Smuzhiyun if (req->buf == NULL) {
900*4882a593Smuzhiyun req->buf = dev->rbuf;
901*4882a593Smuzhiyun return -ENOMEM;
902*4882a593Smuzhiyun }
903*4882a593Smuzhiyun req->complete = ep0_complete;
904*4882a593Smuzhiyun req->length = len;
905*4882a593Smuzhiyun req->zero = 0;
906*4882a593Smuzhiyun return 0;
907*4882a593Smuzhiyun }
908*4882a593Smuzhiyun
909*4882a593Smuzhiyun static ssize_t
ep0_read(struct file * fd,char __user * buf,size_t len,loff_t * ptr)910*4882a593Smuzhiyun ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
911*4882a593Smuzhiyun {
912*4882a593Smuzhiyun struct dev_data *dev = fd->private_data;
913*4882a593Smuzhiyun ssize_t retval;
914*4882a593Smuzhiyun enum ep0_state state;
915*4882a593Smuzhiyun
916*4882a593Smuzhiyun spin_lock_irq (&dev->lock);
917*4882a593Smuzhiyun if (dev->state <= STATE_DEV_OPENED) {
918*4882a593Smuzhiyun retval = -EINVAL;
919*4882a593Smuzhiyun goto done;
920*4882a593Smuzhiyun }
921*4882a593Smuzhiyun
922*4882a593Smuzhiyun /* report fd mode change before acting on it */
923*4882a593Smuzhiyun if (dev->setup_abort) {
924*4882a593Smuzhiyun dev->setup_abort = 0;
925*4882a593Smuzhiyun retval = -EIDRM;
926*4882a593Smuzhiyun goto done;
927*4882a593Smuzhiyun }
928*4882a593Smuzhiyun
929*4882a593Smuzhiyun /* control DATA stage */
930*4882a593Smuzhiyun if ((state = dev->state) == STATE_DEV_SETUP) {
931*4882a593Smuzhiyun
932*4882a593Smuzhiyun if (dev->setup_in) { /* stall IN */
933*4882a593Smuzhiyun VDEBUG(dev, "ep0in stall\n");
934*4882a593Smuzhiyun (void) usb_ep_set_halt (dev->gadget->ep0);
935*4882a593Smuzhiyun retval = -EL2HLT;
936*4882a593Smuzhiyun dev->state = STATE_DEV_CONNECTED;
937*4882a593Smuzhiyun
938*4882a593Smuzhiyun } else if (len == 0) { /* ack SET_CONFIGURATION etc */
939*4882a593Smuzhiyun struct usb_ep *ep = dev->gadget->ep0;
940*4882a593Smuzhiyun struct usb_request *req = dev->req;
941*4882a593Smuzhiyun
942*4882a593Smuzhiyun if ((retval = setup_req (ep, req, 0)) == 0) {
943*4882a593Smuzhiyun ++dev->udc_usage;
944*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
945*4882a593Smuzhiyun retval = usb_ep_queue (ep, req, GFP_KERNEL);
946*4882a593Smuzhiyun spin_lock_irq (&dev->lock);
947*4882a593Smuzhiyun --dev->udc_usage;
948*4882a593Smuzhiyun }
949*4882a593Smuzhiyun dev->state = STATE_DEV_CONNECTED;
950*4882a593Smuzhiyun
951*4882a593Smuzhiyun /* assume that was SET_CONFIGURATION */
952*4882a593Smuzhiyun if (dev->current_config) {
953*4882a593Smuzhiyun unsigned power;
954*4882a593Smuzhiyun
955*4882a593Smuzhiyun if (gadget_is_dualspeed(dev->gadget)
956*4882a593Smuzhiyun && (dev->gadget->speed
957*4882a593Smuzhiyun == USB_SPEED_HIGH))
958*4882a593Smuzhiyun power = dev->hs_config->bMaxPower;
959*4882a593Smuzhiyun else
960*4882a593Smuzhiyun power = dev->config->bMaxPower;
961*4882a593Smuzhiyun usb_gadget_vbus_draw(dev->gadget, 2 * power);
962*4882a593Smuzhiyun }
963*4882a593Smuzhiyun
964*4882a593Smuzhiyun } else { /* collect OUT data */
965*4882a593Smuzhiyun if ((fd->f_flags & O_NONBLOCK) != 0
966*4882a593Smuzhiyun && !dev->setup_out_ready) {
967*4882a593Smuzhiyun retval = -EAGAIN;
968*4882a593Smuzhiyun goto done;
969*4882a593Smuzhiyun }
970*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
971*4882a593Smuzhiyun retval = wait_event_interruptible (dev->wait,
972*4882a593Smuzhiyun dev->setup_out_ready != 0);
973*4882a593Smuzhiyun
974*4882a593Smuzhiyun /* FIXME state could change from under us */
975*4882a593Smuzhiyun spin_lock_irq (&dev->lock);
976*4882a593Smuzhiyun if (retval)
977*4882a593Smuzhiyun goto done;
978*4882a593Smuzhiyun
979*4882a593Smuzhiyun if (dev->state != STATE_DEV_SETUP) {
980*4882a593Smuzhiyun retval = -ECANCELED;
981*4882a593Smuzhiyun goto done;
982*4882a593Smuzhiyun }
983*4882a593Smuzhiyun dev->state = STATE_DEV_CONNECTED;
984*4882a593Smuzhiyun
985*4882a593Smuzhiyun if (dev->setup_out_error)
986*4882a593Smuzhiyun retval = -EIO;
987*4882a593Smuzhiyun else {
988*4882a593Smuzhiyun len = min (len, (size_t)dev->req->actual);
989*4882a593Smuzhiyun ++dev->udc_usage;
990*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
991*4882a593Smuzhiyun if (copy_to_user (buf, dev->req->buf, len))
992*4882a593Smuzhiyun retval = -EFAULT;
993*4882a593Smuzhiyun else
994*4882a593Smuzhiyun retval = len;
995*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
996*4882a593Smuzhiyun --dev->udc_usage;
997*4882a593Smuzhiyun clean_req (dev->gadget->ep0, dev->req);
998*4882a593Smuzhiyun /* NOTE userspace can't yet choose to stall */
999*4882a593Smuzhiyun }
1000*4882a593Smuzhiyun }
1001*4882a593Smuzhiyun goto done;
1002*4882a593Smuzhiyun }
1003*4882a593Smuzhiyun
1004*4882a593Smuzhiyun /* else normal: return event data */
1005*4882a593Smuzhiyun if (len < sizeof dev->event [0]) {
1006*4882a593Smuzhiyun retval = -EINVAL;
1007*4882a593Smuzhiyun goto done;
1008*4882a593Smuzhiyun }
1009*4882a593Smuzhiyun len -= len % sizeof (struct usb_gadgetfs_event);
1010*4882a593Smuzhiyun dev->usermode_setup = 1;
1011*4882a593Smuzhiyun
1012*4882a593Smuzhiyun scan:
1013*4882a593Smuzhiyun /* return queued events right away */
1014*4882a593Smuzhiyun if (dev->ev_next != 0) {
1015*4882a593Smuzhiyun unsigned i, n;
1016*4882a593Smuzhiyun
1017*4882a593Smuzhiyun n = len / sizeof (struct usb_gadgetfs_event);
1018*4882a593Smuzhiyun if (dev->ev_next < n)
1019*4882a593Smuzhiyun n = dev->ev_next;
1020*4882a593Smuzhiyun
1021*4882a593Smuzhiyun /* ep0 i/o has special semantics during STATE_DEV_SETUP */
1022*4882a593Smuzhiyun for (i = 0; i < n; i++) {
1023*4882a593Smuzhiyun if (dev->event [i].type == GADGETFS_SETUP) {
1024*4882a593Smuzhiyun dev->state = STATE_DEV_SETUP;
1025*4882a593Smuzhiyun n = i + 1;
1026*4882a593Smuzhiyun break;
1027*4882a593Smuzhiyun }
1028*4882a593Smuzhiyun }
1029*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
1030*4882a593Smuzhiyun len = n * sizeof (struct usb_gadgetfs_event);
1031*4882a593Smuzhiyun if (copy_to_user (buf, &dev->event, len))
1032*4882a593Smuzhiyun retval = -EFAULT;
1033*4882a593Smuzhiyun else
1034*4882a593Smuzhiyun retval = len;
1035*4882a593Smuzhiyun if (len > 0) {
1036*4882a593Smuzhiyun /* NOTE this doesn't guard against broken drivers;
1037*4882a593Smuzhiyun * concurrent ep0 readers may lose events.
1038*4882a593Smuzhiyun */
1039*4882a593Smuzhiyun spin_lock_irq (&dev->lock);
1040*4882a593Smuzhiyun if (dev->ev_next > n) {
1041*4882a593Smuzhiyun memmove(&dev->event[0], &dev->event[n],
1042*4882a593Smuzhiyun sizeof (struct usb_gadgetfs_event)
1043*4882a593Smuzhiyun * (dev->ev_next - n));
1044*4882a593Smuzhiyun }
1045*4882a593Smuzhiyun dev->ev_next -= n;
1046*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
1047*4882a593Smuzhiyun }
1048*4882a593Smuzhiyun return retval;
1049*4882a593Smuzhiyun }
1050*4882a593Smuzhiyun if (fd->f_flags & O_NONBLOCK) {
1051*4882a593Smuzhiyun retval = -EAGAIN;
1052*4882a593Smuzhiyun goto done;
1053*4882a593Smuzhiyun }
1054*4882a593Smuzhiyun
1055*4882a593Smuzhiyun switch (state) {
1056*4882a593Smuzhiyun default:
1057*4882a593Smuzhiyun DBG (dev, "fail %s, state %d\n", __func__, state);
1058*4882a593Smuzhiyun retval = -ESRCH;
1059*4882a593Smuzhiyun break;
1060*4882a593Smuzhiyun case STATE_DEV_UNCONNECTED:
1061*4882a593Smuzhiyun case STATE_DEV_CONNECTED:
1062*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
1063*4882a593Smuzhiyun DBG (dev, "%s wait\n", __func__);
1064*4882a593Smuzhiyun
1065*4882a593Smuzhiyun /* wait for events */
1066*4882a593Smuzhiyun retval = wait_event_interruptible (dev->wait,
1067*4882a593Smuzhiyun dev->ev_next != 0);
1068*4882a593Smuzhiyun if (retval < 0)
1069*4882a593Smuzhiyun return retval;
1070*4882a593Smuzhiyun spin_lock_irq (&dev->lock);
1071*4882a593Smuzhiyun goto scan;
1072*4882a593Smuzhiyun }
1073*4882a593Smuzhiyun
1074*4882a593Smuzhiyun done:
1075*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
1076*4882a593Smuzhiyun return retval;
1077*4882a593Smuzhiyun }
1078*4882a593Smuzhiyun
1079*4882a593Smuzhiyun static struct usb_gadgetfs_event *
next_event(struct dev_data * dev,enum usb_gadgetfs_event_type type)1080*4882a593Smuzhiyun next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1081*4882a593Smuzhiyun {
1082*4882a593Smuzhiyun struct usb_gadgetfs_event *event;
1083*4882a593Smuzhiyun unsigned i;
1084*4882a593Smuzhiyun
1085*4882a593Smuzhiyun switch (type) {
1086*4882a593Smuzhiyun /* these events purge the queue */
1087*4882a593Smuzhiyun case GADGETFS_DISCONNECT:
1088*4882a593Smuzhiyun if (dev->state == STATE_DEV_SETUP)
1089*4882a593Smuzhiyun dev->setup_abort = 1;
1090*4882a593Smuzhiyun fallthrough;
1091*4882a593Smuzhiyun case GADGETFS_CONNECT:
1092*4882a593Smuzhiyun dev->ev_next = 0;
1093*4882a593Smuzhiyun break;
1094*4882a593Smuzhiyun case GADGETFS_SETUP: /* previous request timed out */
1095*4882a593Smuzhiyun case GADGETFS_SUSPEND: /* same effect */
1096*4882a593Smuzhiyun /* these events can't be repeated */
1097*4882a593Smuzhiyun for (i = 0; i != dev->ev_next; i++) {
1098*4882a593Smuzhiyun if (dev->event [i].type != type)
1099*4882a593Smuzhiyun continue;
1100*4882a593Smuzhiyun DBG(dev, "discard old event[%d] %d\n", i, type);
1101*4882a593Smuzhiyun dev->ev_next--;
1102*4882a593Smuzhiyun if (i == dev->ev_next)
1103*4882a593Smuzhiyun break;
1104*4882a593Smuzhiyun /* indices start at zero, for simplicity */
1105*4882a593Smuzhiyun memmove (&dev->event [i], &dev->event [i + 1],
1106*4882a593Smuzhiyun sizeof (struct usb_gadgetfs_event)
1107*4882a593Smuzhiyun * (dev->ev_next - i));
1108*4882a593Smuzhiyun }
1109*4882a593Smuzhiyun break;
1110*4882a593Smuzhiyun default:
1111*4882a593Smuzhiyun BUG ();
1112*4882a593Smuzhiyun }
1113*4882a593Smuzhiyun VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1114*4882a593Smuzhiyun event = &dev->event [dev->ev_next++];
1115*4882a593Smuzhiyun BUG_ON (dev->ev_next > N_EVENT);
1116*4882a593Smuzhiyun memset (event, 0, sizeof *event);
1117*4882a593Smuzhiyun event->type = type;
1118*4882a593Smuzhiyun return event;
1119*4882a593Smuzhiyun }
1120*4882a593Smuzhiyun
1121*4882a593Smuzhiyun static ssize_t
ep0_write(struct file * fd,const char __user * buf,size_t len,loff_t * ptr)1122*4882a593Smuzhiyun ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1123*4882a593Smuzhiyun {
1124*4882a593Smuzhiyun struct dev_data *dev = fd->private_data;
1125*4882a593Smuzhiyun ssize_t retval = -ESRCH;
1126*4882a593Smuzhiyun
1127*4882a593Smuzhiyun /* report fd mode change before acting on it */
1128*4882a593Smuzhiyun if (dev->setup_abort) {
1129*4882a593Smuzhiyun dev->setup_abort = 0;
1130*4882a593Smuzhiyun retval = -EIDRM;
1131*4882a593Smuzhiyun
1132*4882a593Smuzhiyun /* data and/or status stage for control request */
1133*4882a593Smuzhiyun } else if (dev->state == STATE_DEV_SETUP) {
1134*4882a593Smuzhiyun
1135*4882a593Smuzhiyun len = min_t(size_t, len, dev->setup_wLength);
1136*4882a593Smuzhiyun if (dev->setup_in) {
1137*4882a593Smuzhiyun retval = setup_req (dev->gadget->ep0, dev->req, len);
1138*4882a593Smuzhiyun if (retval == 0) {
1139*4882a593Smuzhiyun dev->state = STATE_DEV_CONNECTED;
1140*4882a593Smuzhiyun ++dev->udc_usage;
1141*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
1142*4882a593Smuzhiyun if (copy_from_user (dev->req->buf, buf, len))
1143*4882a593Smuzhiyun retval = -EFAULT;
1144*4882a593Smuzhiyun else {
1145*4882a593Smuzhiyun if (len < dev->setup_wLength)
1146*4882a593Smuzhiyun dev->req->zero = 1;
1147*4882a593Smuzhiyun retval = usb_ep_queue (
1148*4882a593Smuzhiyun dev->gadget->ep0, dev->req,
1149*4882a593Smuzhiyun GFP_KERNEL);
1150*4882a593Smuzhiyun }
1151*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
1152*4882a593Smuzhiyun --dev->udc_usage;
1153*4882a593Smuzhiyun if (retval < 0) {
1154*4882a593Smuzhiyun clean_req (dev->gadget->ep0, dev->req);
1155*4882a593Smuzhiyun } else
1156*4882a593Smuzhiyun retval = len;
1157*4882a593Smuzhiyun
1158*4882a593Smuzhiyun return retval;
1159*4882a593Smuzhiyun }
1160*4882a593Smuzhiyun
1161*4882a593Smuzhiyun /* can stall some OUT transfers */
1162*4882a593Smuzhiyun } else if (dev->setup_can_stall) {
1163*4882a593Smuzhiyun VDEBUG(dev, "ep0out stall\n");
1164*4882a593Smuzhiyun (void) usb_ep_set_halt (dev->gadget->ep0);
1165*4882a593Smuzhiyun retval = -EL2HLT;
1166*4882a593Smuzhiyun dev->state = STATE_DEV_CONNECTED;
1167*4882a593Smuzhiyun } else {
1168*4882a593Smuzhiyun DBG(dev, "bogus ep0out stall!\n");
1169*4882a593Smuzhiyun }
1170*4882a593Smuzhiyun } else
1171*4882a593Smuzhiyun DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1172*4882a593Smuzhiyun
1173*4882a593Smuzhiyun return retval;
1174*4882a593Smuzhiyun }
1175*4882a593Smuzhiyun
1176*4882a593Smuzhiyun static int
ep0_fasync(int f,struct file * fd,int on)1177*4882a593Smuzhiyun ep0_fasync (int f, struct file *fd, int on)
1178*4882a593Smuzhiyun {
1179*4882a593Smuzhiyun struct dev_data *dev = fd->private_data;
1180*4882a593Smuzhiyun // caller must F_SETOWN before signal delivery happens
1181*4882a593Smuzhiyun VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1182*4882a593Smuzhiyun return fasync_helper (f, fd, on, &dev->fasync);
1183*4882a593Smuzhiyun }
1184*4882a593Smuzhiyun
1185*4882a593Smuzhiyun static struct usb_gadget_driver gadgetfs_driver;
1186*4882a593Smuzhiyun
1187*4882a593Smuzhiyun static int
dev_release(struct inode * inode,struct file * fd)1188*4882a593Smuzhiyun dev_release (struct inode *inode, struct file *fd)
1189*4882a593Smuzhiyun {
1190*4882a593Smuzhiyun struct dev_data *dev = fd->private_data;
1191*4882a593Smuzhiyun
1192*4882a593Smuzhiyun /* closing ep0 === shutdown all */
1193*4882a593Smuzhiyun
1194*4882a593Smuzhiyun if (dev->gadget_registered) {
1195*4882a593Smuzhiyun usb_gadget_unregister_driver (&gadgetfs_driver);
1196*4882a593Smuzhiyun dev->gadget_registered = false;
1197*4882a593Smuzhiyun }
1198*4882a593Smuzhiyun
1199*4882a593Smuzhiyun /* at this point "good" hardware has disconnected the
1200*4882a593Smuzhiyun * device from USB; the host won't see it any more.
1201*4882a593Smuzhiyun * alternatively, all host requests will time out.
1202*4882a593Smuzhiyun */
1203*4882a593Smuzhiyun
1204*4882a593Smuzhiyun kfree (dev->buf);
1205*4882a593Smuzhiyun dev->buf = NULL;
1206*4882a593Smuzhiyun
1207*4882a593Smuzhiyun /* other endpoints were all decoupled from this device */
1208*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
1209*4882a593Smuzhiyun dev->state = STATE_DEV_DISABLED;
1210*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
1211*4882a593Smuzhiyun
1212*4882a593Smuzhiyun put_dev (dev);
1213*4882a593Smuzhiyun return 0;
1214*4882a593Smuzhiyun }
1215*4882a593Smuzhiyun
1216*4882a593Smuzhiyun static __poll_t
ep0_poll(struct file * fd,poll_table * wait)1217*4882a593Smuzhiyun ep0_poll (struct file *fd, poll_table *wait)
1218*4882a593Smuzhiyun {
1219*4882a593Smuzhiyun struct dev_data *dev = fd->private_data;
1220*4882a593Smuzhiyun __poll_t mask = 0;
1221*4882a593Smuzhiyun
1222*4882a593Smuzhiyun if (dev->state <= STATE_DEV_OPENED)
1223*4882a593Smuzhiyun return DEFAULT_POLLMASK;
1224*4882a593Smuzhiyun
1225*4882a593Smuzhiyun poll_wait(fd, &dev->wait, wait);
1226*4882a593Smuzhiyun
1227*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
1228*4882a593Smuzhiyun
1229*4882a593Smuzhiyun /* report fd mode change before acting on it */
1230*4882a593Smuzhiyun if (dev->setup_abort) {
1231*4882a593Smuzhiyun dev->setup_abort = 0;
1232*4882a593Smuzhiyun mask = EPOLLHUP;
1233*4882a593Smuzhiyun goto out;
1234*4882a593Smuzhiyun }
1235*4882a593Smuzhiyun
1236*4882a593Smuzhiyun if (dev->state == STATE_DEV_SETUP) {
1237*4882a593Smuzhiyun if (dev->setup_in || dev->setup_can_stall)
1238*4882a593Smuzhiyun mask = EPOLLOUT;
1239*4882a593Smuzhiyun } else {
1240*4882a593Smuzhiyun if (dev->ev_next != 0)
1241*4882a593Smuzhiyun mask = EPOLLIN;
1242*4882a593Smuzhiyun }
1243*4882a593Smuzhiyun out:
1244*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
1245*4882a593Smuzhiyun return mask;
1246*4882a593Smuzhiyun }
1247*4882a593Smuzhiyun
dev_ioctl(struct file * fd,unsigned code,unsigned long value)1248*4882a593Smuzhiyun static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1249*4882a593Smuzhiyun {
1250*4882a593Smuzhiyun struct dev_data *dev = fd->private_data;
1251*4882a593Smuzhiyun struct usb_gadget *gadget = dev->gadget;
1252*4882a593Smuzhiyun long ret = -ENOTTY;
1253*4882a593Smuzhiyun
1254*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
1255*4882a593Smuzhiyun if (dev->state == STATE_DEV_OPENED ||
1256*4882a593Smuzhiyun dev->state == STATE_DEV_UNBOUND) {
1257*4882a593Smuzhiyun /* Not bound to a UDC */
1258*4882a593Smuzhiyun } else if (gadget->ops->ioctl) {
1259*4882a593Smuzhiyun ++dev->udc_usage;
1260*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
1261*4882a593Smuzhiyun
1262*4882a593Smuzhiyun ret = gadget->ops->ioctl (gadget, code, value);
1263*4882a593Smuzhiyun
1264*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
1265*4882a593Smuzhiyun --dev->udc_usage;
1266*4882a593Smuzhiyun }
1267*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
1268*4882a593Smuzhiyun
1269*4882a593Smuzhiyun return ret;
1270*4882a593Smuzhiyun }
1271*4882a593Smuzhiyun
1272*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
1273*4882a593Smuzhiyun
1274*4882a593Smuzhiyun /* The in-kernel gadget driver handles most ep0 issues, in particular
1275*4882a593Smuzhiyun * enumerating the single configuration (as provided from user space).
1276*4882a593Smuzhiyun *
1277*4882a593Smuzhiyun * Unrecognized ep0 requests may be handled in user space.
1278*4882a593Smuzhiyun */
1279*4882a593Smuzhiyun
make_qualifier(struct dev_data * dev)1280*4882a593Smuzhiyun static void make_qualifier (struct dev_data *dev)
1281*4882a593Smuzhiyun {
1282*4882a593Smuzhiyun struct usb_qualifier_descriptor qual;
1283*4882a593Smuzhiyun struct usb_device_descriptor *desc;
1284*4882a593Smuzhiyun
1285*4882a593Smuzhiyun qual.bLength = sizeof qual;
1286*4882a593Smuzhiyun qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1287*4882a593Smuzhiyun qual.bcdUSB = cpu_to_le16 (0x0200);
1288*4882a593Smuzhiyun
1289*4882a593Smuzhiyun desc = dev->dev;
1290*4882a593Smuzhiyun qual.bDeviceClass = desc->bDeviceClass;
1291*4882a593Smuzhiyun qual.bDeviceSubClass = desc->bDeviceSubClass;
1292*4882a593Smuzhiyun qual.bDeviceProtocol = desc->bDeviceProtocol;
1293*4882a593Smuzhiyun
1294*4882a593Smuzhiyun /* assumes ep0 uses the same value for both speeds ... */
1295*4882a593Smuzhiyun qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1296*4882a593Smuzhiyun
1297*4882a593Smuzhiyun qual.bNumConfigurations = 1;
1298*4882a593Smuzhiyun qual.bRESERVED = 0;
1299*4882a593Smuzhiyun
1300*4882a593Smuzhiyun memcpy (dev->rbuf, &qual, sizeof qual);
1301*4882a593Smuzhiyun }
1302*4882a593Smuzhiyun
1303*4882a593Smuzhiyun static int
config_buf(struct dev_data * dev,u8 type,unsigned index)1304*4882a593Smuzhiyun config_buf (struct dev_data *dev, u8 type, unsigned index)
1305*4882a593Smuzhiyun {
1306*4882a593Smuzhiyun int len;
1307*4882a593Smuzhiyun int hs = 0;
1308*4882a593Smuzhiyun
1309*4882a593Smuzhiyun /* only one configuration */
1310*4882a593Smuzhiyun if (index > 0)
1311*4882a593Smuzhiyun return -EINVAL;
1312*4882a593Smuzhiyun
1313*4882a593Smuzhiyun if (gadget_is_dualspeed(dev->gadget)) {
1314*4882a593Smuzhiyun hs = (dev->gadget->speed == USB_SPEED_HIGH);
1315*4882a593Smuzhiyun if (type == USB_DT_OTHER_SPEED_CONFIG)
1316*4882a593Smuzhiyun hs = !hs;
1317*4882a593Smuzhiyun }
1318*4882a593Smuzhiyun if (hs) {
1319*4882a593Smuzhiyun dev->req->buf = dev->hs_config;
1320*4882a593Smuzhiyun len = le16_to_cpu(dev->hs_config->wTotalLength);
1321*4882a593Smuzhiyun } else {
1322*4882a593Smuzhiyun dev->req->buf = dev->config;
1323*4882a593Smuzhiyun len = le16_to_cpu(dev->config->wTotalLength);
1324*4882a593Smuzhiyun }
1325*4882a593Smuzhiyun ((u8 *)dev->req->buf) [1] = type;
1326*4882a593Smuzhiyun return len;
1327*4882a593Smuzhiyun }
1328*4882a593Smuzhiyun
1329*4882a593Smuzhiyun static int
gadgetfs_setup(struct usb_gadget * gadget,const struct usb_ctrlrequest * ctrl)1330*4882a593Smuzhiyun gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1331*4882a593Smuzhiyun {
1332*4882a593Smuzhiyun struct dev_data *dev = get_gadget_data (gadget);
1333*4882a593Smuzhiyun struct usb_request *req = dev->req;
1334*4882a593Smuzhiyun int value = -EOPNOTSUPP;
1335*4882a593Smuzhiyun struct usb_gadgetfs_event *event;
1336*4882a593Smuzhiyun u16 w_value = le16_to_cpu(ctrl->wValue);
1337*4882a593Smuzhiyun u16 w_length = le16_to_cpu(ctrl->wLength);
1338*4882a593Smuzhiyun
1339*4882a593Smuzhiyun if (w_length > RBUF_SIZE) {
1340*4882a593Smuzhiyun if (ctrl->bRequestType & USB_DIR_IN) {
1341*4882a593Smuzhiyun /* Cast away the const, we are going to overwrite on purpose. */
1342*4882a593Smuzhiyun __le16 *temp = (__le16 *)&ctrl->wLength;
1343*4882a593Smuzhiyun
1344*4882a593Smuzhiyun *temp = cpu_to_le16(RBUF_SIZE);
1345*4882a593Smuzhiyun w_length = RBUF_SIZE;
1346*4882a593Smuzhiyun } else {
1347*4882a593Smuzhiyun return value;
1348*4882a593Smuzhiyun }
1349*4882a593Smuzhiyun }
1350*4882a593Smuzhiyun
1351*4882a593Smuzhiyun spin_lock (&dev->lock);
1352*4882a593Smuzhiyun dev->setup_abort = 0;
1353*4882a593Smuzhiyun if (dev->state == STATE_DEV_UNCONNECTED) {
1354*4882a593Smuzhiyun if (gadget_is_dualspeed(gadget)
1355*4882a593Smuzhiyun && gadget->speed == USB_SPEED_HIGH
1356*4882a593Smuzhiyun && dev->hs_config == NULL) {
1357*4882a593Smuzhiyun spin_unlock(&dev->lock);
1358*4882a593Smuzhiyun ERROR (dev, "no high speed config??\n");
1359*4882a593Smuzhiyun return -EINVAL;
1360*4882a593Smuzhiyun }
1361*4882a593Smuzhiyun
1362*4882a593Smuzhiyun dev->state = STATE_DEV_CONNECTED;
1363*4882a593Smuzhiyun
1364*4882a593Smuzhiyun INFO (dev, "connected\n");
1365*4882a593Smuzhiyun event = next_event (dev, GADGETFS_CONNECT);
1366*4882a593Smuzhiyun event->u.speed = gadget->speed;
1367*4882a593Smuzhiyun ep0_readable (dev);
1368*4882a593Smuzhiyun
1369*4882a593Smuzhiyun /* host may have given up waiting for response. we can miss control
1370*4882a593Smuzhiyun * requests handled lower down (device/endpoint status and features);
1371*4882a593Smuzhiyun * then ep0_{read,write} will report the wrong status. controller
1372*4882a593Smuzhiyun * driver will have aborted pending i/o.
1373*4882a593Smuzhiyun */
1374*4882a593Smuzhiyun } else if (dev->state == STATE_DEV_SETUP)
1375*4882a593Smuzhiyun dev->setup_abort = 1;
1376*4882a593Smuzhiyun
1377*4882a593Smuzhiyun req->buf = dev->rbuf;
1378*4882a593Smuzhiyun req->context = NULL;
1379*4882a593Smuzhiyun switch (ctrl->bRequest) {
1380*4882a593Smuzhiyun
1381*4882a593Smuzhiyun case USB_REQ_GET_DESCRIPTOR:
1382*4882a593Smuzhiyun if (ctrl->bRequestType != USB_DIR_IN)
1383*4882a593Smuzhiyun goto unrecognized;
1384*4882a593Smuzhiyun switch (w_value >> 8) {
1385*4882a593Smuzhiyun
1386*4882a593Smuzhiyun case USB_DT_DEVICE:
1387*4882a593Smuzhiyun value = min (w_length, (u16) sizeof *dev->dev);
1388*4882a593Smuzhiyun dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1389*4882a593Smuzhiyun req->buf = dev->dev;
1390*4882a593Smuzhiyun break;
1391*4882a593Smuzhiyun case USB_DT_DEVICE_QUALIFIER:
1392*4882a593Smuzhiyun if (!dev->hs_config)
1393*4882a593Smuzhiyun break;
1394*4882a593Smuzhiyun value = min (w_length, (u16)
1395*4882a593Smuzhiyun sizeof (struct usb_qualifier_descriptor));
1396*4882a593Smuzhiyun make_qualifier (dev);
1397*4882a593Smuzhiyun break;
1398*4882a593Smuzhiyun case USB_DT_OTHER_SPEED_CONFIG:
1399*4882a593Smuzhiyun case USB_DT_CONFIG:
1400*4882a593Smuzhiyun value = config_buf (dev,
1401*4882a593Smuzhiyun w_value >> 8,
1402*4882a593Smuzhiyun w_value & 0xff);
1403*4882a593Smuzhiyun if (value >= 0)
1404*4882a593Smuzhiyun value = min (w_length, (u16) value);
1405*4882a593Smuzhiyun break;
1406*4882a593Smuzhiyun case USB_DT_STRING:
1407*4882a593Smuzhiyun goto unrecognized;
1408*4882a593Smuzhiyun
1409*4882a593Smuzhiyun default: // all others are errors
1410*4882a593Smuzhiyun break;
1411*4882a593Smuzhiyun }
1412*4882a593Smuzhiyun break;
1413*4882a593Smuzhiyun
1414*4882a593Smuzhiyun /* currently one config, two speeds */
1415*4882a593Smuzhiyun case USB_REQ_SET_CONFIGURATION:
1416*4882a593Smuzhiyun if (ctrl->bRequestType != 0)
1417*4882a593Smuzhiyun goto unrecognized;
1418*4882a593Smuzhiyun if (0 == (u8) w_value) {
1419*4882a593Smuzhiyun value = 0;
1420*4882a593Smuzhiyun dev->current_config = 0;
1421*4882a593Smuzhiyun usb_gadget_vbus_draw(gadget, 8 /* mA */ );
1422*4882a593Smuzhiyun // user mode expected to disable endpoints
1423*4882a593Smuzhiyun } else {
1424*4882a593Smuzhiyun u8 config, power;
1425*4882a593Smuzhiyun
1426*4882a593Smuzhiyun if (gadget_is_dualspeed(gadget)
1427*4882a593Smuzhiyun && gadget->speed == USB_SPEED_HIGH) {
1428*4882a593Smuzhiyun config = dev->hs_config->bConfigurationValue;
1429*4882a593Smuzhiyun power = dev->hs_config->bMaxPower;
1430*4882a593Smuzhiyun } else {
1431*4882a593Smuzhiyun config = dev->config->bConfigurationValue;
1432*4882a593Smuzhiyun power = dev->config->bMaxPower;
1433*4882a593Smuzhiyun }
1434*4882a593Smuzhiyun
1435*4882a593Smuzhiyun if (config == (u8) w_value) {
1436*4882a593Smuzhiyun value = 0;
1437*4882a593Smuzhiyun dev->current_config = config;
1438*4882a593Smuzhiyun usb_gadget_vbus_draw(gadget, 2 * power);
1439*4882a593Smuzhiyun }
1440*4882a593Smuzhiyun }
1441*4882a593Smuzhiyun
1442*4882a593Smuzhiyun /* report SET_CONFIGURATION like any other control request,
1443*4882a593Smuzhiyun * except that usermode may not stall this. the next
1444*4882a593Smuzhiyun * request mustn't be allowed start until this finishes:
1445*4882a593Smuzhiyun * endpoints and threads set up, etc.
1446*4882a593Smuzhiyun *
1447*4882a593Smuzhiyun * NOTE: older PXA hardware (before PXA 255: without UDCCFR)
1448*4882a593Smuzhiyun * has bad/racey automagic that prevents synchronizing here.
1449*4882a593Smuzhiyun * even kernel mode drivers often miss them.
1450*4882a593Smuzhiyun */
1451*4882a593Smuzhiyun if (value == 0) {
1452*4882a593Smuzhiyun INFO (dev, "configuration #%d\n", dev->current_config);
1453*4882a593Smuzhiyun usb_gadget_set_state(gadget, USB_STATE_CONFIGURED);
1454*4882a593Smuzhiyun if (dev->usermode_setup) {
1455*4882a593Smuzhiyun dev->setup_can_stall = 0;
1456*4882a593Smuzhiyun goto delegate;
1457*4882a593Smuzhiyun }
1458*4882a593Smuzhiyun }
1459*4882a593Smuzhiyun break;
1460*4882a593Smuzhiyun
1461*4882a593Smuzhiyun #ifndef CONFIG_USB_PXA25X
1462*4882a593Smuzhiyun /* PXA automagically handles this request too */
1463*4882a593Smuzhiyun case USB_REQ_GET_CONFIGURATION:
1464*4882a593Smuzhiyun if (ctrl->bRequestType != 0x80)
1465*4882a593Smuzhiyun goto unrecognized;
1466*4882a593Smuzhiyun *(u8 *)req->buf = dev->current_config;
1467*4882a593Smuzhiyun value = min (w_length, (u16) 1);
1468*4882a593Smuzhiyun break;
1469*4882a593Smuzhiyun #endif
1470*4882a593Smuzhiyun
1471*4882a593Smuzhiyun default:
1472*4882a593Smuzhiyun unrecognized:
1473*4882a593Smuzhiyun VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1474*4882a593Smuzhiyun dev->usermode_setup ? "delegate" : "fail",
1475*4882a593Smuzhiyun ctrl->bRequestType, ctrl->bRequest,
1476*4882a593Smuzhiyun w_value, le16_to_cpu(ctrl->wIndex), w_length);
1477*4882a593Smuzhiyun
1478*4882a593Smuzhiyun /* if there's an ep0 reader, don't stall */
1479*4882a593Smuzhiyun if (dev->usermode_setup) {
1480*4882a593Smuzhiyun dev->setup_can_stall = 1;
1481*4882a593Smuzhiyun delegate:
1482*4882a593Smuzhiyun dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1483*4882a593Smuzhiyun ? 1 : 0;
1484*4882a593Smuzhiyun dev->setup_wLength = w_length;
1485*4882a593Smuzhiyun dev->setup_out_ready = 0;
1486*4882a593Smuzhiyun dev->setup_out_error = 0;
1487*4882a593Smuzhiyun
1488*4882a593Smuzhiyun /* read DATA stage for OUT right away */
1489*4882a593Smuzhiyun if (unlikely (!dev->setup_in && w_length)) {
1490*4882a593Smuzhiyun value = setup_req (gadget->ep0, dev->req,
1491*4882a593Smuzhiyun w_length);
1492*4882a593Smuzhiyun if (value < 0)
1493*4882a593Smuzhiyun break;
1494*4882a593Smuzhiyun
1495*4882a593Smuzhiyun ++dev->udc_usage;
1496*4882a593Smuzhiyun spin_unlock (&dev->lock);
1497*4882a593Smuzhiyun value = usb_ep_queue (gadget->ep0, dev->req,
1498*4882a593Smuzhiyun GFP_KERNEL);
1499*4882a593Smuzhiyun spin_lock (&dev->lock);
1500*4882a593Smuzhiyun --dev->udc_usage;
1501*4882a593Smuzhiyun if (value < 0) {
1502*4882a593Smuzhiyun clean_req (gadget->ep0, dev->req);
1503*4882a593Smuzhiyun break;
1504*4882a593Smuzhiyun }
1505*4882a593Smuzhiyun
1506*4882a593Smuzhiyun /* we can't currently stall these */
1507*4882a593Smuzhiyun dev->setup_can_stall = 0;
1508*4882a593Smuzhiyun }
1509*4882a593Smuzhiyun
1510*4882a593Smuzhiyun /* state changes when reader collects event */
1511*4882a593Smuzhiyun event = next_event (dev, GADGETFS_SETUP);
1512*4882a593Smuzhiyun event->u.setup = *ctrl;
1513*4882a593Smuzhiyun ep0_readable (dev);
1514*4882a593Smuzhiyun spin_unlock (&dev->lock);
1515*4882a593Smuzhiyun return 0;
1516*4882a593Smuzhiyun }
1517*4882a593Smuzhiyun }
1518*4882a593Smuzhiyun
1519*4882a593Smuzhiyun /* proceed with data transfer and status phases? */
1520*4882a593Smuzhiyun if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1521*4882a593Smuzhiyun req->length = value;
1522*4882a593Smuzhiyun req->zero = value < w_length;
1523*4882a593Smuzhiyun
1524*4882a593Smuzhiyun ++dev->udc_usage;
1525*4882a593Smuzhiyun spin_unlock (&dev->lock);
1526*4882a593Smuzhiyun value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
1527*4882a593Smuzhiyun spin_lock(&dev->lock);
1528*4882a593Smuzhiyun --dev->udc_usage;
1529*4882a593Smuzhiyun spin_unlock(&dev->lock);
1530*4882a593Smuzhiyun if (value < 0) {
1531*4882a593Smuzhiyun DBG (dev, "ep_queue --> %d\n", value);
1532*4882a593Smuzhiyun req->status = 0;
1533*4882a593Smuzhiyun }
1534*4882a593Smuzhiyun return value;
1535*4882a593Smuzhiyun }
1536*4882a593Smuzhiyun
1537*4882a593Smuzhiyun /* device stalls when value < 0 */
1538*4882a593Smuzhiyun spin_unlock (&dev->lock);
1539*4882a593Smuzhiyun return value;
1540*4882a593Smuzhiyun }
1541*4882a593Smuzhiyun
destroy_ep_files(struct dev_data * dev)1542*4882a593Smuzhiyun static void destroy_ep_files (struct dev_data *dev)
1543*4882a593Smuzhiyun {
1544*4882a593Smuzhiyun DBG (dev, "%s %d\n", __func__, dev->state);
1545*4882a593Smuzhiyun
1546*4882a593Smuzhiyun /* dev->state must prevent interference */
1547*4882a593Smuzhiyun spin_lock_irq (&dev->lock);
1548*4882a593Smuzhiyun while (!list_empty(&dev->epfiles)) {
1549*4882a593Smuzhiyun struct ep_data *ep;
1550*4882a593Smuzhiyun struct inode *parent;
1551*4882a593Smuzhiyun struct dentry *dentry;
1552*4882a593Smuzhiyun
1553*4882a593Smuzhiyun /* break link to FS */
1554*4882a593Smuzhiyun ep = list_first_entry (&dev->epfiles, struct ep_data, epfiles);
1555*4882a593Smuzhiyun list_del_init (&ep->epfiles);
1556*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
1557*4882a593Smuzhiyun
1558*4882a593Smuzhiyun dentry = ep->dentry;
1559*4882a593Smuzhiyun ep->dentry = NULL;
1560*4882a593Smuzhiyun parent = d_inode(dentry->d_parent);
1561*4882a593Smuzhiyun
1562*4882a593Smuzhiyun /* break link to controller */
1563*4882a593Smuzhiyun mutex_lock(&ep->lock);
1564*4882a593Smuzhiyun if (ep->state == STATE_EP_ENABLED)
1565*4882a593Smuzhiyun (void) usb_ep_disable (ep->ep);
1566*4882a593Smuzhiyun ep->state = STATE_EP_UNBOUND;
1567*4882a593Smuzhiyun usb_ep_free_request (ep->ep, ep->req);
1568*4882a593Smuzhiyun ep->ep = NULL;
1569*4882a593Smuzhiyun mutex_unlock(&ep->lock);
1570*4882a593Smuzhiyun
1571*4882a593Smuzhiyun wake_up (&ep->wait);
1572*4882a593Smuzhiyun put_ep (ep);
1573*4882a593Smuzhiyun
1574*4882a593Smuzhiyun /* break link to dcache */
1575*4882a593Smuzhiyun inode_lock(parent);
1576*4882a593Smuzhiyun d_delete (dentry);
1577*4882a593Smuzhiyun dput (dentry);
1578*4882a593Smuzhiyun inode_unlock(parent);
1579*4882a593Smuzhiyun
1580*4882a593Smuzhiyun spin_lock_irq (&dev->lock);
1581*4882a593Smuzhiyun }
1582*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
1583*4882a593Smuzhiyun }
1584*4882a593Smuzhiyun
1585*4882a593Smuzhiyun
1586*4882a593Smuzhiyun static struct dentry *
1587*4882a593Smuzhiyun gadgetfs_create_file (struct super_block *sb, char const *name,
1588*4882a593Smuzhiyun void *data, const struct file_operations *fops);
1589*4882a593Smuzhiyun
activate_ep_files(struct dev_data * dev)1590*4882a593Smuzhiyun static int activate_ep_files (struct dev_data *dev)
1591*4882a593Smuzhiyun {
1592*4882a593Smuzhiyun struct usb_ep *ep;
1593*4882a593Smuzhiyun struct ep_data *data;
1594*4882a593Smuzhiyun
1595*4882a593Smuzhiyun gadget_for_each_ep (ep, dev->gadget) {
1596*4882a593Smuzhiyun
1597*4882a593Smuzhiyun data = kzalloc(sizeof(*data), GFP_KERNEL);
1598*4882a593Smuzhiyun if (!data)
1599*4882a593Smuzhiyun goto enomem0;
1600*4882a593Smuzhiyun data->state = STATE_EP_DISABLED;
1601*4882a593Smuzhiyun mutex_init(&data->lock);
1602*4882a593Smuzhiyun init_waitqueue_head (&data->wait);
1603*4882a593Smuzhiyun
1604*4882a593Smuzhiyun strncpy (data->name, ep->name, sizeof (data->name) - 1);
1605*4882a593Smuzhiyun refcount_set (&data->count, 1);
1606*4882a593Smuzhiyun data->dev = dev;
1607*4882a593Smuzhiyun get_dev (dev);
1608*4882a593Smuzhiyun
1609*4882a593Smuzhiyun data->ep = ep;
1610*4882a593Smuzhiyun ep->driver_data = data;
1611*4882a593Smuzhiyun
1612*4882a593Smuzhiyun data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1613*4882a593Smuzhiyun if (!data->req)
1614*4882a593Smuzhiyun goto enomem1;
1615*4882a593Smuzhiyun
1616*4882a593Smuzhiyun data->dentry = gadgetfs_create_file (dev->sb, data->name,
1617*4882a593Smuzhiyun data, &ep_io_operations);
1618*4882a593Smuzhiyun if (!data->dentry)
1619*4882a593Smuzhiyun goto enomem2;
1620*4882a593Smuzhiyun list_add_tail (&data->epfiles, &dev->epfiles);
1621*4882a593Smuzhiyun }
1622*4882a593Smuzhiyun return 0;
1623*4882a593Smuzhiyun
1624*4882a593Smuzhiyun enomem2:
1625*4882a593Smuzhiyun usb_ep_free_request (ep, data->req);
1626*4882a593Smuzhiyun enomem1:
1627*4882a593Smuzhiyun put_dev (dev);
1628*4882a593Smuzhiyun kfree (data);
1629*4882a593Smuzhiyun enomem0:
1630*4882a593Smuzhiyun DBG (dev, "%s enomem\n", __func__);
1631*4882a593Smuzhiyun destroy_ep_files (dev);
1632*4882a593Smuzhiyun return -ENOMEM;
1633*4882a593Smuzhiyun }
1634*4882a593Smuzhiyun
1635*4882a593Smuzhiyun static void
gadgetfs_unbind(struct usb_gadget * gadget)1636*4882a593Smuzhiyun gadgetfs_unbind (struct usb_gadget *gadget)
1637*4882a593Smuzhiyun {
1638*4882a593Smuzhiyun struct dev_data *dev = get_gadget_data (gadget);
1639*4882a593Smuzhiyun
1640*4882a593Smuzhiyun DBG (dev, "%s\n", __func__);
1641*4882a593Smuzhiyun
1642*4882a593Smuzhiyun spin_lock_irq (&dev->lock);
1643*4882a593Smuzhiyun dev->state = STATE_DEV_UNBOUND;
1644*4882a593Smuzhiyun while (dev->udc_usage > 0) {
1645*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
1646*4882a593Smuzhiyun usleep_range(1000, 2000);
1647*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
1648*4882a593Smuzhiyun }
1649*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
1650*4882a593Smuzhiyun
1651*4882a593Smuzhiyun destroy_ep_files (dev);
1652*4882a593Smuzhiyun gadget->ep0->driver_data = NULL;
1653*4882a593Smuzhiyun set_gadget_data (gadget, NULL);
1654*4882a593Smuzhiyun
1655*4882a593Smuzhiyun /* we've already been disconnected ... no i/o is active */
1656*4882a593Smuzhiyun if (dev->req)
1657*4882a593Smuzhiyun usb_ep_free_request (gadget->ep0, dev->req);
1658*4882a593Smuzhiyun DBG (dev, "%s done\n", __func__);
1659*4882a593Smuzhiyun put_dev (dev);
1660*4882a593Smuzhiyun }
1661*4882a593Smuzhiyun
1662*4882a593Smuzhiyun static struct dev_data *the_device;
1663*4882a593Smuzhiyun
gadgetfs_bind(struct usb_gadget * gadget,struct usb_gadget_driver * driver)1664*4882a593Smuzhiyun static int gadgetfs_bind(struct usb_gadget *gadget,
1665*4882a593Smuzhiyun struct usb_gadget_driver *driver)
1666*4882a593Smuzhiyun {
1667*4882a593Smuzhiyun struct dev_data *dev = the_device;
1668*4882a593Smuzhiyun
1669*4882a593Smuzhiyun if (!dev)
1670*4882a593Smuzhiyun return -ESRCH;
1671*4882a593Smuzhiyun if (0 != strcmp (CHIP, gadget->name)) {
1672*4882a593Smuzhiyun pr_err("%s expected %s controller not %s\n",
1673*4882a593Smuzhiyun shortname, CHIP, gadget->name);
1674*4882a593Smuzhiyun return -ENODEV;
1675*4882a593Smuzhiyun }
1676*4882a593Smuzhiyun
1677*4882a593Smuzhiyun set_gadget_data (gadget, dev);
1678*4882a593Smuzhiyun dev->gadget = gadget;
1679*4882a593Smuzhiyun gadget->ep0->driver_data = dev;
1680*4882a593Smuzhiyun
1681*4882a593Smuzhiyun /* preallocate control response and buffer */
1682*4882a593Smuzhiyun dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1683*4882a593Smuzhiyun if (!dev->req)
1684*4882a593Smuzhiyun goto enomem;
1685*4882a593Smuzhiyun dev->req->context = NULL;
1686*4882a593Smuzhiyun dev->req->complete = epio_complete;
1687*4882a593Smuzhiyun
1688*4882a593Smuzhiyun if (activate_ep_files (dev) < 0)
1689*4882a593Smuzhiyun goto enomem;
1690*4882a593Smuzhiyun
1691*4882a593Smuzhiyun INFO (dev, "bound to %s driver\n", gadget->name);
1692*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
1693*4882a593Smuzhiyun dev->state = STATE_DEV_UNCONNECTED;
1694*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
1695*4882a593Smuzhiyun get_dev (dev);
1696*4882a593Smuzhiyun return 0;
1697*4882a593Smuzhiyun
1698*4882a593Smuzhiyun enomem:
1699*4882a593Smuzhiyun gadgetfs_unbind (gadget);
1700*4882a593Smuzhiyun return -ENOMEM;
1701*4882a593Smuzhiyun }
1702*4882a593Smuzhiyun
1703*4882a593Smuzhiyun static void
gadgetfs_disconnect(struct usb_gadget * gadget)1704*4882a593Smuzhiyun gadgetfs_disconnect (struct usb_gadget *gadget)
1705*4882a593Smuzhiyun {
1706*4882a593Smuzhiyun struct dev_data *dev = get_gadget_data (gadget);
1707*4882a593Smuzhiyun unsigned long flags;
1708*4882a593Smuzhiyun
1709*4882a593Smuzhiyun spin_lock_irqsave (&dev->lock, flags);
1710*4882a593Smuzhiyun if (dev->state == STATE_DEV_UNCONNECTED)
1711*4882a593Smuzhiyun goto exit;
1712*4882a593Smuzhiyun dev->state = STATE_DEV_UNCONNECTED;
1713*4882a593Smuzhiyun
1714*4882a593Smuzhiyun INFO (dev, "disconnected\n");
1715*4882a593Smuzhiyun next_event (dev, GADGETFS_DISCONNECT);
1716*4882a593Smuzhiyun ep0_readable (dev);
1717*4882a593Smuzhiyun exit:
1718*4882a593Smuzhiyun spin_unlock_irqrestore (&dev->lock, flags);
1719*4882a593Smuzhiyun }
1720*4882a593Smuzhiyun
1721*4882a593Smuzhiyun static void
gadgetfs_suspend(struct usb_gadget * gadget)1722*4882a593Smuzhiyun gadgetfs_suspend (struct usb_gadget *gadget)
1723*4882a593Smuzhiyun {
1724*4882a593Smuzhiyun struct dev_data *dev = get_gadget_data (gadget);
1725*4882a593Smuzhiyun unsigned long flags;
1726*4882a593Smuzhiyun
1727*4882a593Smuzhiyun INFO (dev, "suspended from state %d\n", dev->state);
1728*4882a593Smuzhiyun spin_lock_irqsave(&dev->lock, flags);
1729*4882a593Smuzhiyun switch (dev->state) {
1730*4882a593Smuzhiyun case STATE_DEV_SETUP: // VERY odd... host died??
1731*4882a593Smuzhiyun case STATE_DEV_CONNECTED:
1732*4882a593Smuzhiyun case STATE_DEV_UNCONNECTED:
1733*4882a593Smuzhiyun next_event (dev, GADGETFS_SUSPEND);
1734*4882a593Smuzhiyun ep0_readable (dev);
1735*4882a593Smuzhiyun fallthrough;
1736*4882a593Smuzhiyun default:
1737*4882a593Smuzhiyun break;
1738*4882a593Smuzhiyun }
1739*4882a593Smuzhiyun spin_unlock_irqrestore(&dev->lock, flags);
1740*4882a593Smuzhiyun }
1741*4882a593Smuzhiyun
1742*4882a593Smuzhiyun static struct usb_gadget_driver gadgetfs_driver = {
1743*4882a593Smuzhiyun .function = (char *) driver_desc,
1744*4882a593Smuzhiyun .bind = gadgetfs_bind,
1745*4882a593Smuzhiyun .unbind = gadgetfs_unbind,
1746*4882a593Smuzhiyun .setup = gadgetfs_setup,
1747*4882a593Smuzhiyun .reset = gadgetfs_disconnect,
1748*4882a593Smuzhiyun .disconnect = gadgetfs_disconnect,
1749*4882a593Smuzhiyun .suspend = gadgetfs_suspend,
1750*4882a593Smuzhiyun
1751*4882a593Smuzhiyun .driver = {
1752*4882a593Smuzhiyun .name = shortname,
1753*4882a593Smuzhiyun },
1754*4882a593Smuzhiyun };
1755*4882a593Smuzhiyun
1756*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
1757*4882a593Smuzhiyun /* DEVICE INITIALIZATION
1758*4882a593Smuzhiyun *
1759*4882a593Smuzhiyun * fd = open ("/dev/gadget/$CHIP", O_RDWR)
1760*4882a593Smuzhiyun * status = write (fd, descriptors, sizeof descriptors)
1761*4882a593Smuzhiyun *
1762*4882a593Smuzhiyun * That write establishes the device configuration, so the kernel can
1763*4882a593Smuzhiyun * bind to the controller ... guaranteeing it can handle enumeration
1764*4882a593Smuzhiyun * at all necessary speeds. Descriptor order is:
1765*4882a593Smuzhiyun *
1766*4882a593Smuzhiyun * . message tag (u32, host order) ... for now, must be zero; it
1767*4882a593Smuzhiyun * would change to support features like multi-config devices
1768*4882a593Smuzhiyun * . full/low speed config ... all wTotalLength bytes (with interface,
1769*4882a593Smuzhiyun * class, altsetting, endpoint, and other descriptors)
1770*4882a593Smuzhiyun * . high speed config ... all descriptors, for high speed operation;
1771*4882a593Smuzhiyun * this one's optional except for high-speed hardware
1772*4882a593Smuzhiyun * . device descriptor
1773*4882a593Smuzhiyun *
1774*4882a593Smuzhiyun * Endpoints are not yet enabled. Drivers must wait until device
1775*4882a593Smuzhiyun * configuration and interface altsetting changes create
1776*4882a593Smuzhiyun * the need to configure (or unconfigure) them.
1777*4882a593Smuzhiyun *
1778*4882a593Smuzhiyun * After initialization, the device stays active for as long as that
1779*4882a593Smuzhiyun * $CHIP file is open. Events must then be read from that descriptor,
1780*4882a593Smuzhiyun * such as configuration notifications.
1781*4882a593Smuzhiyun */
1782*4882a593Smuzhiyun
is_valid_config(struct usb_config_descriptor * config,unsigned int total)1783*4882a593Smuzhiyun static int is_valid_config(struct usb_config_descriptor *config,
1784*4882a593Smuzhiyun unsigned int total)
1785*4882a593Smuzhiyun {
1786*4882a593Smuzhiyun return config->bDescriptorType == USB_DT_CONFIG
1787*4882a593Smuzhiyun && config->bLength == USB_DT_CONFIG_SIZE
1788*4882a593Smuzhiyun && total >= USB_DT_CONFIG_SIZE
1789*4882a593Smuzhiyun && config->bConfigurationValue != 0
1790*4882a593Smuzhiyun && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1791*4882a593Smuzhiyun && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1792*4882a593Smuzhiyun /* FIXME if gadget->is_otg, _must_ include an otg descriptor */
1793*4882a593Smuzhiyun /* FIXME check lengths: walk to end */
1794*4882a593Smuzhiyun }
1795*4882a593Smuzhiyun
1796*4882a593Smuzhiyun static ssize_t
dev_config(struct file * fd,const char __user * buf,size_t len,loff_t * ptr)1797*4882a593Smuzhiyun dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1798*4882a593Smuzhiyun {
1799*4882a593Smuzhiyun struct dev_data *dev = fd->private_data;
1800*4882a593Smuzhiyun ssize_t value, length = len;
1801*4882a593Smuzhiyun unsigned total;
1802*4882a593Smuzhiyun u32 tag;
1803*4882a593Smuzhiyun char *kbuf;
1804*4882a593Smuzhiyun
1805*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
1806*4882a593Smuzhiyun if (dev->state > STATE_DEV_OPENED) {
1807*4882a593Smuzhiyun value = ep0_write(fd, buf, len, ptr);
1808*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
1809*4882a593Smuzhiyun return value;
1810*4882a593Smuzhiyun }
1811*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
1812*4882a593Smuzhiyun
1813*4882a593Smuzhiyun if ((len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) ||
1814*4882a593Smuzhiyun (len > PAGE_SIZE * 4))
1815*4882a593Smuzhiyun return -EINVAL;
1816*4882a593Smuzhiyun
1817*4882a593Smuzhiyun /* we might need to change message format someday */
1818*4882a593Smuzhiyun if (copy_from_user (&tag, buf, 4))
1819*4882a593Smuzhiyun return -EFAULT;
1820*4882a593Smuzhiyun if (tag != 0)
1821*4882a593Smuzhiyun return -EINVAL;
1822*4882a593Smuzhiyun buf += 4;
1823*4882a593Smuzhiyun length -= 4;
1824*4882a593Smuzhiyun
1825*4882a593Smuzhiyun kbuf = memdup_user(buf, length);
1826*4882a593Smuzhiyun if (IS_ERR(kbuf))
1827*4882a593Smuzhiyun return PTR_ERR(kbuf);
1828*4882a593Smuzhiyun
1829*4882a593Smuzhiyun spin_lock_irq (&dev->lock);
1830*4882a593Smuzhiyun value = -EINVAL;
1831*4882a593Smuzhiyun if (dev->buf) {
1832*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
1833*4882a593Smuzhiyun kfree(kbuf);
1834*4882a593Smuzhiyun return value;
1835*4882a593Smuzhiyun }
1836*4882a593Smuzhiyun dev->buf = kbuf;
1837*4882a593Smuzhiyun
1838*4882a593Smuzhiyun /* full or low speed config */
1839*4882a593Smuzhiyun dev->config = (void *) kbuf;
1840*4882a593Smuzhiyun total = le16_to_cpu(dev->config->wTotalLength);
1841*4882a593Smuzhiyun if (!is_valid_config(dev->config, total) ||
1842*4882a593Smuzhiyun total > length - USB_DT_DEVICE_SIZE)
1843*4882a593Smuzhiyun goto fail;
1844*4882a593Smuzhiyun kbuf += total;
1845*4882a593Smuzhiyun length -= total;
1846*4882a593Smuzhiyun
1847*4882a593Smuzhiyun /* optional high speed config */
1848*4882a593Smuzhiyun if (kbuf [1] == USB_DT_CONFIG) {
1849*4882a593Smuzhiyun dev->hs_config = (void *) kbuf;
1850*4882a593Smuzhiyun total = le16_to_cpu(dev->hs_config->wTotalLength);
1851*4882a593Smuzhiyun if (!is_valid_config(dev->hs_config, total) ||
1852*4882a593Smuzhiyun total > length - USB_DT_DEVICE_SIZE)
1853*4882a593Smuzhiyun goto fail;
1854*4882a593Smuzhiyun kbuf += total;
1855*4882a593Smuzhiyun length -= total;
1856*4882a593Smuzhiyun } else {
1857*4882a593Smuzhiyun dev->hs_config = NULL;
1858*4882a593Smuzhiyun }
1859*4882a593Smuzhiyun
1860*4882a593Smuzhiyun /* could support multiple configs, using another encoding! */
1861*4882a593Smuzhiyun
1862*4882a593Smuzhiyun /* device descriptor (tweaked for paranoia) */
1863*4882a593Smuzhiyun if (length != USB_DT_DEVICE_SIZE)
1864*4882a593Smuzhiyun goto fail;
1865*4882a593Smuzhiyun dev->dev = (void *)kbuf;
1866*4882a593Smuzhiyun if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1867*4882a593Smuzhiyun || dev->dev->bDescriptorType != USB_DT_DEVICE
1868*4882a593Smuzhiyun || dev->dev->bNumConfigurations != 1)
1869*4882a593Smuzhiyun goto fail;
1870*4882a593Smuzhiyun dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1871*4882a593Smuzhiyun
1872*4882a593Smuzhiyun /* triggers gadgetfs_bind(); then we can enumerate. */
1873*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
1874*4882a593Smuzhiyun if (dev->hs_config)
1875*4882a593Smuzhiyun gadgetfs_driver.max_speed = USB_SPEED_HIGH;
1876*4882a593Smuzhiyun else
1877*4882a593Smuzhiyun gadgetfs_driver.max_speed = USB_SPEED_FULL;
1878*4882a593Smuzhiyun
1879*4882a593Smuzhiyun value = usb_gadget_probe_driver(&gadgetfs_driver);
1880*4882a593Smuzhiyun if (value != 0) {
1881*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
1882*4882a593Smuzhiyun goto fail;
1883*4882a593Smuzhiyun } else {
1884*4882a593Smuzhiyun /* at this point "good" hardware has for the first time
1885*4882a593Smuzhiyun * let the USB the host see us. alternatively, if users
1886*4882a593Smuzhiyun * unplug/replug that will clear all the error state.
1887*4882a593Smuzhiyun *
1888*4882a593Smuzhiyun * note: everything running before here was guaranteed
1889*4882a593Smuzhiyun * to choke driver model style diagnostics. from here
1890*4882a593Smuzhiyun * on, they can work ... except in cleanup paths that
1891*4882a593Smuzhiyun * kick in after the ep0 descriptor is closed.
1892*4882a593Smuzhiyun */
1893*4882a593Smuzhiyun value = len;
1894*4882a593Smuzhiyun dev->gadget_registered = true;
1895*4882a593Smuzhiyun }
1896*4882a593Smuzhiyun return value;
1897*4882a593Smuzhiyun
1898*4882a593Smuzhiyun fail:
1899*4882a593Smuzhiyun dev->config = NULL;
1900*4882a593Smuzhiyun dev->hs_config = NULL;
1901*4882a593Smuzhiyun dev->dev = NULL;
1902*4882a593Smuzhiyun spin_unlock_irq (&dev->lock);
1903*4882a593Smuzhiyun pr_debug ("%s: %s fail %zd, %p\n", shortname, __func__, value, dev);
1904*4882a593Smuzhiyun kfree (dev->buf);
1905*4882a593Smuzhiyun dev->buf = NULL;
1906*4882a593Smuzhiyun return value;
1907*4882a593Smuzhiyun }
1908*4882a593Smuzhiyun
1909*4882a593Smuzhiyun static int
dev_open(struct inode * inode,struct file * fd)1910*4882a593Smuzhiyun dev_open (struct inode *inode, struct file *fd)
1911*4882a593Smuzhiyun {
1912*4882a593Smuzhiyun struct dev_data *dev = inode->i_private;
1913*4882a593Smuzhiyun int value = -EBUSY;
1914*4882a593Smuzhiyun
1915*4882a593Smuzhiyun spin_lock_irq(&dev->lock);
1916*4882a593Smuzhiyun if (dev->state == STATE_DEV_DISABLED) {
1917*4882a593Smuzhiyun dev->ev_next = 0;
1918*4882a593Smuzhiyun dev->state = STATE_DEV_OPENED;
1919*4882a593Smuzhiyun fd->private_data = dev;
1920*4882a593Smuzhiyun get_dev (dev);
1921*4882a593Smuzhiyun value = 0;
1922*4882a593Smuzhiyun }
1923*4882a593Smuzhiyun spin_unlock_irq(&dev->lock);
1924*4882a593Smuzhiyun return value;
1925*4882a593Smuzhiyun }
1926*4882a593Smuzhiyun
1927*4882a593Smuzhiyun static const struct file_operations ep0_operations = {
1928*4882a593Smuzhiyun .llseek = no_llseek,
1929*4882a593Smuzhiyun
1930*4882a593Smuzhiyun .open = dev_open,
1931*4882a593Smuzhiyun .read = ep0_read,
1932*4882a593Smuzhiyun .write = dev_config,
1933*4882a593Smuzhiyun .fasync = ep0_fasync,
1934*4882a593Smuzhiyun .poll = ep0_poll,
1935*4882a593Smuzhiyun .unlocked_ioctl = dev_ioctl,
1936*4882a593Smuzhiyun .release = dev_release,
1937*4882a593Smuzhiyun };
1938*4882a593Smuzhiyun
1939*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
1940*4882a593Smuzhiyun
1941*4882a593Smuzhiyun /* FILESYSTEM AND SUPERBLOCK OPERATIONS
1942*4882a593Smuzhiyun *
1943*4882a593Smuzhiyun * Mounting the filesystem creates a controller file, used first for
1944*4882a593Smuzhiyun * device configuration then later for event monitoring.
1945*4882a593Smuzhiyun */
1946*4882a593Smuzhiyun
1947*4882a593Smuzhiyun
1948*4882a593Smuzhiyun /* FIXME PAM etc could set this security policy without mount options
1949*4882a593Smuzhiyun * if epfiles inherited ownership and permissons from ep0 ...
1950*4882a593Smuzhiyun */
1951*4882a593Smuzhiyun
1952*4882a593Smuzhiyun static unsigned default_uid;
1953*4882a593Smuzhiyun static unsigned default_gid;
1954*4882a593Smuzhiyun static unsigned default_perm = S_IRUSR | S_IWUSR;
1955*4882a593Smuzhiyun
1956*4882a593Smuzhiyun module_param (default_uid, uint, 0644);
1957*4882a593Smuzhiyun module_param (default_gid, uint, 0644);
1958*4882a593Smuzhiyun module_param (default_perm, uint, 0644);
1959*4882a593Smuzhiyun
1960*4882a593Smuzhiyun
1961*4882a593Smuzhiyun static struct inode *
gadgetfs_make_inode(struct super_block * sb,void * data,const struct file_operations * fops,int mode)1962*4882a593Smuzhiyun gadgetfs_make_inode (struct super_block *sb,
1963*4882a593Smuzhiyun void *data, const struct file_operations *fops,
1964*4882a593Smuzhiyun int mode)
1965*4882a593Smuzhiyun {
1966*4882a593Smuzhiyun struct inode *inode = new_inode (sb);
1967*4882a593Smuzhiyun
1968*4882a593Smuzhiyun if (inode) {
1969*4882a593Smuzhiyun inode->i_ino = get_next_ino();
1970*4882a593Smuzhiyun inode->i_mode = mode;
1971*4882a593Smuzhiyun inode->i_uid = make_kuid(&init_user_ns, default_uid);
1972*4882a593Smuzhiyun inode->i_gid = make_kgid(&init_user_ns, default_gid);
1973*4882a593Smuzhiyun inode->i_atime = inode->i_mtime = inode->i_ctime
1974*4882a593Smuzhiyun = current_time(inode);
1975*4882a593Smuzhiyun inode->i_private = data;
1976*4882a593Smuzhiyun inode->i_fop = fops;
1977*4882a593Smuzhiyun }
1978*4882a593Smuzhiyun return inode;
1979*4882a593Smuzhiyun }
1980*4882a593Smuzhiyun
1981*4882a593Smuzhiyun /* creates in fs root directory, so non-renamable and non-linkable.
1982*4882a593Smuzhiyun * so inode and dentry are paired, until device reconfig.
1983*4882a593Smuzhiyun */
1984*4882a593Smuzhiyun static struct dentry *
gadgetfs_create_file(struct super_block * sb,char const * name,void * data,const struct file_operations * fops)1985*4882a593Smuzhiyun gadgetfs_create_file (struct super_block *sb, char const *name,
1986*4882a593Smuzhiyun void *data, const struct file_operations *fops)
1987*4882a593Smuzhiyun {
1988*4882a593Smuzhiyun struct dentry *dentry;
1989*4882a593Smuzhiyun struct inode *inode;
1990*4882a593Smuzhiyun
1991*4882a593Smuzhiyun dentry = d_alloc_name(sb->s_root, name);
1992*4882a593Smuzhiyun if (!dentry)
1993*4882a593Smuzhiyun return NULL;
1994*4882a593Smuzhiyun
1995*4882a593Smuzhiyun inode = gadgetfs_make_inode (sb, data, fops,
1996*4882a593Smuzhiyun S_IFREG | (default_perm & S_IRWXUGO));
1997*4882a593Smuzhiyun if (!inode) {
1998*4882a593Smuzhiyun dput(dentry);
1999*4882a593Smuzhiyun return NULL;
2000*4882a593Smuzhiyun }
2001*4882a593Smuzhiyun d_add (dentry, inode);
2002*4882a593Smuzhiyun return dentry;
2003*4882a593Smuzhiyun }
2004*4882a593Smuzhiyun
2005*4882a593Smuzhiyun static const struct super_operations gadget_fs_operations = {
2006*4882a593Smuzhiyun .statfs = simple_statfs,
2007*4882a593Smuzhiyun .drop_inode = generic_delete_inode,
2008*4882a593Smuzhiyun };
2009*4882a593Smuzhiyun
2010*4882a593Smuzhiyun static int
gadgetfs_fill_super(struct super_block * sb,struct fs_context * fc)2011*4882a593Smuzhiyun gadgetfs_fill_super (struct super_block *sb, struct fs_context *fc)
2012*4882a593Smuzhiyun {
2013*4882a593Smuzhiyun struct inode *inode;
2014*4882a593Smuzhiyun struct dev_data *dev;
2015*4882a593Smuzhiyun
2016*4882a593Smuzhiyun if (the_device)
2017*4882a593Smuzhiyun return -ESRCH;
2018*4882a593Smuzhiyun
2019*4882a593Smuzhiyun CHIP = usb_get_gadget_udc_name();
2020*4882a593Smuzhiyun if (!CHIP)
2021*4882a593Smuzhiyun return -ENODEV;
2022*4882a593Smuzhiyun
2023*4882a593Smuzhiyun /* superblock */
2024*4882a593Smuzhiyun sb->s_blocksize = PAGE_SIZE;
2025*4882a593Smuzhiyun sb->s_blocksize_bits = PAGE_SHIFT;
2026*4882a593Smuzhiyun sb->s_magic = GADGETFS_MAGIC;
2027*4882a593Smuzhiyun sb->s_op = &gadget_fs_operations;
2028*4882a593Smuzhiyun sb->s_time_gran = 1;
2029*4882a593Smuzhiyun
2030*4882a593Smuzhiyun /* root inode */
2031*4882a593Smuzhiyun inode = gadgetfs_make_inode (sb,
2032*4882a593Smuzhiyun NULL, &simple_dir_operations,
2033*4882a593Smuzhiyun S_IFDIR | S_IRUGO | S_IXUGO);
2034*4882a593Smuzhiyun if (!inode)
2035*4882a593Smuzhiyun goto Enomem;
2036*4882a593Smuzhiyun inode->i_op = &simple_dir_inode_operations;
2037*4882a593Smuzhiyun if (!(sb->s_root = d_make_root (inode)))
2038*4882a593Smuzhiyun goto Enomem;
2039*4882a593Smuzhiyun
2040*4882a593Smuzhiyun /* the ep0 file is named after the controller we expect;
2041*4882a593Smuzhiyun * user mode code can use it for sanity checks, like we do.
2042*4882a593Smuzhiyun */
2043*4882a593Smuzhiyun dev = dev_new ();
2044*4882a593Smuzhiyun if (!dev)
2045*4882a593Smuzhiyun goto Enomem;
2046*4882a593Smuzhiyun
2047*4882a593Smuzhiyun dev->sb = sb;
2048*4882a593Smuzhiyun dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations);
2049*4882a593Smuzhiyun if (!dev->dentry) {
2050*4882a593Smuzhiyun put_dev(dev);
2051*4882a593Smuzhiyun goto Enomem;
2052*4882a593Smuzhiyun }
2053*4882a593Smuzhiyun
2054*4882a593Smuzhiyun /* other endpoint files are available after hardware setup,
2055*4882a593Smuzhiyun * from binding to a controller.
2056*4882a593Smuzhiyun */
2057*4882a593Smuzhiyun the_device = dev;
2058*4882a593Smuzhiyun return 0;
2059*4882a593Smuzhiyun
2060*4882a593Smuzhiyun Enomem:
2061*4882a593Smuzhiyun kfree(CHIP);
2062*4882a593Smuzhiyun CHIP = NULL;
2063*4882a593Smuzhiyun
2064*4882a593Smuzhiyun return -ENOMEM;
2065*4882a593Smuzhiyun }
2066*4882a593Smuzhiyun
2067*4882a593Smuzhiyun /* "mount -t gadgetfs path /dev/gadget" ends up here */
gadgetfs_get_tree(struct fs_context * fc)2068*4882a593Smuzhiyun static int gadgetfs_get_tree(struct fs_context *fc)
2069*4882a593Smuzhiyun {
2070*4882a593Smuzhiyun return get_tree_single(fc, gadgetfs_fill_super);
2071*4882a593Smuzhiyun }
2072*4882a593Smuzhiyun
2073*4882a593Smuzhiyun static const struct fs_context_operations gadgetfs_context_ops = {
2074*4882a593Smuzhiyun .get_tree = gadgetfs_get_tree,
2075*4882a593Smuzhiyun };
2076*4882a593Smuzhiyun
gadgetfs_init_fs_context(struct fs_context * fc)2077*4882a593Smuzhiyun static int gadgetfs_init_fs_context(struct fs_context *fc)
2078*4882a593Smuzhiyun {
2079*4882a593Smuzhiyun fc->ops = &gadgetfs_context_ops;
2080*4882a593Smuzhiyun return 0;
2081*4882a593Smuzhiyun }
2082*4882a593Smuzhiyun
2083*4882a593Smuzhiyun static void
gadgetfs_kill_sb(struct super_block * sb)2084*4882a593Smuzhiyun gadgetfs_kill_sb (struct super_block *sb)
2085*4882a593Smuzhiyun {
2086*4882a593Smuzhiyun kill_litter_super (sb);
2087*4882a593Smuzhiyun if (the_device) {
2088*4882a593Smuzhiyun put_dev (the_device);
2089*4882a593Smuzhiyun the_device = NULL;
2090*4882a593Smuzhiyun }
2091*4882a593Smuzhiyun kfree(CHIP);
2092*4882a593Smuzhiyun CHIP = NULL;
2093*4882a593Smuzhiyun }
2094*4882a593Smuzhiyun
2095*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
2096*4882a593Smuzhiyun
2097*4882a593Smuzhiyun static struct file_system_type gadgetfs_type = {
2098*4882a593Smuzhiyun .owner = THIS_MODULE,
2099*4882a593Smuzhiyun .name = shortname,
2100*4882a593Smuzhiyun .init_fs_context = gadgetfs_init_fs_context,
2101*4882a593Smuzhiyun .kill_sb = gadgetfs_kill_sb,
2102*4882a593Smuzhiyun };
2103*4882a593Smuzhiyun MODULE_ALIAS_FS("gadgetfs");
2104*4882a593Smuzhiyun
2105*4882a593Smuzhiyun /*----------------------------------------------------------------------*/
2106*4882a593Smuzhiyun
init(void)2107*4882a593Smuzhiyun static int __init init (void)
2108*4882a593Smuzhiyun {
2109*4882a593Smuzhiyun int status;
2110*4882a593Smuzhiyun
2111*4882a593Smuzhiyun status = register_filesystem (&gadgetfs_type);
2112*4882a593Smuzhiyun if (status == 0)
2113*4882a593Smuzhiyun pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2114*4882a593Smuzhiyun shortname, driver_desc);
2115*4882a593Smuzhiyun return status;
2116*4882a593Smuzhiyun }
2117*4882a593Smuzhiyun module_init (init);
2118*4882a593Smuzhiyun
cleanup(void)2119*4882a593Smuzhiyun static void __exit cleanup (void)
2120*4882a593Smuzhiyun {
2121*4882a593Smuzhiyun pr_debug ("unregister %s\n", shortname);
2122*4882a593Smuzhiyun unregister_filesystem (&gadgetfs_type);
2123*4882a593Smuzhiyun }
2124*4882a593Smuzhiyun module_exit (cleanup);
2125*4882a593Smuzhiyun
2126