LXR linux/drivers/usb/gadget/inode.c

   1/*
   2 * inode.c -- user mode filesystem api for usb gadget controllers
   3 *
   4 * Copyright (C) 2003-2004 David Brownell
   5 * Copyright (C) 2003 Agilent Technologies
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 2 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * This program is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  20 */
  21
  22
  23/* #define VERBOSE_DEBUG */
  24
  25#include <linux/init.h>
  26#include <linux/module.h>
  27#include <linux/fs.h>
  28#include <linux/pagemap.h>
  29#include <linux/uts.h>
  30#include <linux/wait.h>
  31#include <linux/compiler.h>
  32#include <asm/uaccess.h>
  33#include <linux/sched.h>
  34#include <linux/slab.h>
  35#include <linux/poll.h>
  36#include <linux/smp_lock.h>
  37
  38#include <linux/device.h>
  39#include <linux/moduleparam.h>
  40
  41#include <linux/usb/gadgetfs.h>
  42#include <linux/usb/gadget.h>
  43
  44
  45/*
  46 * The gadgetfs API maps each endpoint to a file descriptor so that you
  47 * can use standard synchronous read/write calls for I/O.  There's some
  48 * O_NONBLOCK and O_ASYNC/FASYNC style i/o support.  Example usermode
  49 * drivers show how this works in practice.  You can also use AIO to
  50 * eliminate I/O gaps between requests, to help when streaming data.
  51 *
  52 * Key parts that must be USB-specific are protocols defining how the
  53 * read/write operations relate to the hardware state machines.  There
  54 * are two types of files.  One type is for the device, implementing ep0.
  55 * The other type is for each IN or OUT endpoint.  In both cases, the
  56 * user mode driver must configure the hardware before using it.
  57 *
  58 * - First, dev_config() is called when /dev/gadget/$CHIP is configured
  59 *   (by writing configuration and device descriptors).  Afterwards it
  60 *   may serve as a source of device events, used to handle all control
  61 *   requests other than basic enumeration.
  62 *
  63 * - Then, after a SET_CONFIGURATION control request, ep_config() is
  64 *   called when each /dev/gadget/ep* file is configured (by writing
  65 *   endpoint descriptors).  Afterwards these files are used to write()
  66 *   IN data or to read() OUT data.  To halt the endpoint, a "wrong
  67 *   direction" request is issued (like reading an IN endpoint).
  68 *
  69 * Unlike "usbfs" the only ioctl()s are for things that are rare, and maybe
  70 * not possible on all hardware.  For example, precise fault handling with
  71 * respect to data left in endpoint fifos after aborted operations; or
  72 * selective clearing of endpoint halts, to implement SET_INTERFACE.
  73 */
  74
  75#define DRIVER_DESC     "USB Gadget filesystem"
  76#define DRIVER_VERSION  "24 Aug 2004"
  77
  78static const char driver_desc [] = DRIVER_DESC;
  79static const char shortname [] = "gadgetfs";
  80
  81MODULE_DESCRIPTION (DRIVER_DESC);
  82MODULE_AUTHOR ("David Brownell");
  83MODULE_LICENSE ("GPL");
  84
  85
  86/*----------------------------------------------------------------------*/
  87
  88#define GADGETFS_MAGIC          0xaee71ee7
  89#define DMA_ADDR_INVALID        (~(dma_addr_t)0)
  90
  91/* /dev/gadget/$CHIP represents ep0 and the whole device */
  92enum ep0_state {
  93        /* DISBLED is the initial state.
  94         */
  95        STATE_DEV_DISABLED = 0,
  96
  97        /* Only one open() of /dev/gadget/$CHIP; only one file tracks
  98         * ep0/device i/o modes and binding to the controller.  Driver
  99         * must always write descriptors to initialize the device, then
 100         * the device becomes UNCONNECTED until enumeration.
 101         */
 102        STATE_DEV_OPENED,
 103
 104        /* From then on, ep0 fd is in either of two basic modes:
 105         * - (UN)CONNECTED: read usb_gadgetfs_event(s) from it
 106         * - SETUP: read/write will transfer control data and succeed;
 107         *   or if "wrong direction", performs protocol stall
 108         */
 109        STATE_DEV_UNCONNECTED,
 110        STATE_DEV_CONNECTED,
 111        STATE_DEV_SETUP,
 112
 113        /* UNBOUND means the driver closed ep0, so the device won't be
 114         * accessible again (DEV_DISABLED) until all fds are closed.
 115         */
 116        STATE_DEV_UNBOUND,
 117};
 118
 119/* enough for the whole queue: most events invalidate others */
 120#define N_EVENT                 5
 121
 122struct dev_data {
 123        spinlock_t                      lock;
 124        atomic_t                        count;
 125        enum ep0_state                  state;          /* P: lock */
 126        struct usb_gadgetfs_event       event [N_EVENT];
 127        unsigned                        ev_next;
 128        struct fasync_struct            *fasync;
 129        u8                              current_config;
 130
 131        /* drivers reading ep0 MUST handle control requests (SETUP)
 132         * reported that way; else the host will time out.
 133         */
 134        unsigned                        usermode_setup : 1,
 135                                        setup_in : 1,
 136                                        setup_can_stall : 1,
 137                                        setup_out_ready : 1,
 138                                        setup_out_error : 1,
 139                                        setup_abort : 1;
 140        unsigned                        setup_wLength;
 141
 142        /* the rest is basically write-once */
 143        struct usb_config_descriptor    *config, *hs_config;
 144        struct usb_device_descriptor    *dev;
 145        struct usb_request              *req;
 146        struct usb_gadget               *gadget;
 147        struct list_head                epfiles;
 148        void                            *buf;
 149        wait_queue_head_t               wait;
 150        struct super_block              *sb;
 151        struct dentry                   *dentry;
 152
 153        /* except this scratch i/o buffer for ep0 */
 154        u8                              rbuf [256];
 155};
 156
 157static inline void get_dev (struct dev_data *data)
 158{
 159        atomic_inc (&data->count);
 160}
 161
 162static void put_dev (struct dev_data *data)
 163{
 164        if (likely (!atomic_dec_and_test (&data->count)))
 165                return;
 166        /* needs no more cleanup */
 167        BUG_ON (waitqueue_active (&data->wait));
 168        kfree (data);
 169}
 170
 171static struct dev_data *dev_new (void)
 172{
 173        struct dev_data         *dev;
 174
 175        dev = kzalloc(sizeof(*dev), GFP_KERNEL);
 176        if (!dev)
 177                return NULL;
 178        dev->state = STATE_DEV_DISABLED;
 179        atomic_set (&dev->count, 1);
 180        spin_lock_init (&dev->lock);
 181        INIT_LIST_HEAD (&dev->epfiles);
 182        init_waitqueue_head (&dev->wait);
 183        return dev;
 184}
 185
 186/*----------------------------------------------------------------------*/
 187
 188/* other /dev/gadget/$ENDPOINT files represent endpoints */
 189enum ep_state {
 190        STATE_EP_DISABLED = 0,
 191        STATE_EP_READY,
 192        STATE_EP_ENABLED,
 193        STATE_EP_UNBOUND,
 194};
 195
 196struct ep_data {
 197        struct semaphore                lock;
 198        enum ep_state                   state;
 199        atomic_t                        count;
 200        struct dev_data                 *dev;
 201        /* must hold dev->lock before accessing ep or req */
 202        struct usb_ep                   *ep;
 203        struct usb_request              *req;
 204        ssize_t                         status;
 205        char                            name [16];
 206        struct usb_endpoint_descriptor  desc, hs_desc;
 207        struct list_head                epfiles;
 208        wait_queue_head_t               wait;
 209        struct dentry                   *dentry;
 210        struct inode                    *inode;
 211};
 212
 213static inline void get_ep (struct ep_data *data)
 214{
 215        atomic_inc (&data->count);
 216}
 217
 218static void put_ep (struct ep_data *data)
 219{
 220        if (likely (!atomic_dec_and_test (&data->count)))
 221                return;
 222        put_dev (data->dev);
 223        /* needs no more cleanup */
 224        BUG_ON (!list_empty (&data->epfiles));
 225        BUG_ON (waitqueue_active (&data->wait));
 226        kfree (data);
 227}
 228
 229/*----------------------------------------------------------------------*/
 230
 231/* most "how to use the hardware" policy choices are in userspace:
 232 * mapping endpoint roles (which the driver needs) to the capabilities
 233 * which the usb controller has.  most of those capabilities are exposed
 234 * implicitly, starting with the driver name and then endpoint names.
 235 */
 236
 237static const char *CHIP;
 238
 239/*----------------------------------------------------------------------*/
 240
 241/* NOTE:  don't use dev_printk calls before binding to the gadget
 242 * at the end of ep0 configuration, or after unbind.
 243 */
 244
 245/* too wordy: dev_printk(level , &(d)->gadget->dev , fmt , ## args) */
 246#define xprintk(d,level,fmt,args...) \
 247        printk(level "%s: " fmt , shortname , ## args)
 248
 249#ifdef DEBUG
 250#define DBG(dev,fmt,args...) \
 251        xprintk(dev , KERN_DEBUG , fmt , ## args)
 252#else
 253#define DBG(dev,fmt,args...) \
 254        do { } while (0)
 255#endif /* DEBUG */
 256
 257#ifdef VERBOSE_DEBUG
 258#define VDEBUG  DBG
 259#else
 260#define VDEBUG(dev,fmt,args...) \
 261        do { } while (0)
 262#endif /* DEBUG */
 263
 264#define ERROR(dev,fmt,args...) \
 265        xprintk(dev , KERN_ERR , fmt , ## args)
 266#define INFO(dev,fmt,args...) \
 267        xprintk(dev , KERN_INFO , fmt , ## args)
 268
 269
 270/*----------------------------------------------------------------------*/
 271
 272/* SYNCHRONOUS ENDPOINT OPERATIONS (bulk/intr/iso)
 273 *
 274 * After opening, configure non-control endpoints.  Then use normal
 275 * stream read() and write() requests; and maybe ioctl() to get more
 276 * precise FIFO status when recovering from cancellation.
 277 */
 278
 279static void epio_complete (struct usb_ep *ep, struct usb_request *req)
 280{
 281        struct ep_data  *epdata = ep->driver_data;
 282
 283        if (!req->context)
 284                return;
 285        if (req->status)
 286                epdata->status = req->status;
 287        else
 288                epdata->status = req->actual;
 289        complete ((struct completion *)req->context);
 290}
 291
 292/* tasklock endpoint, returning when it's connected.
 293 * still need dev->lock to use epdata->ep.
 294 */
 295static int
 296get_ready_ep (unsigned f_flags, struct ep_data *epdata)
 297{
 298        int     val;
 299
 300        if (f_flags & O_NONBLOCK) {
 301                if (down_trylock (&epdata->lock) != 0)
 302                        goto nonblock;
 303                if (epdata->state != STATE_EP_ENABLED) {
 304                        up (&epdata->lock);
 305nonblock:
 306                        val = -EAGAIN;
 307                } else
 308                        val = 0;
 309                return val;
 310        }
 311
 312        if ((val = down_interruptible (&epdata->lock)) < 0)
 313                return val;
 314
 315        switch (epdata->state) {
 316        case STATE_EP_ENABLED:
 317                break;
 318        // case STATE_EP_DISABLED:              /* "can't happen" */
 319        // case STATE_EP_READY:                 /* "can't happen" */
 320        default:                                /* error! */
 321                pr_debug ("%s: ep %p not available, state %d\n",
 322                                shortname, epdata, epdata->state);
 323                // FALLTHROUGH
 324        case STATE_EP_UNBOUND:                  /* clean disconnect */
 325                val = -ENODEV;
 326                up (&epdata->lock);
 327        }
 328        return val;
 329}
 330
 331static ssize_t
 332ep_io (struct ep_data *epdata, void *buf, unsigned len)
 333{
 334        DECLARE_COMPLETION_ONSTACK (done);
 335        int value;
 336
 337        spin_lock_irq (&epdata->dev->lock);
 338        if (likely (epdata->ep != NULL)) {
 339                struct usb_request      *req = epdata->req;
 340
 341                req->context = &done;
 342                req->complete = epio_complete;
 343                req->buf = buf;
 344                req->length = len;
 345                value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
 346        } else
 347                value = -ENODEV;
 348        spin_unlock_irq (&epdata->dev->lock);
 349
 350        if (likely (value == 0)) {
 351                value = wait_event_interruptible (done.wait, done.done);
 352                if (value != 0) {
 353                        spin_lock_irq (&epdata->dev->lock);
 354                        if (likely (epdata->ep != NULL)) {
 355                                DBG (epdata->dev, "%s i/o interrupted\n",
 356                                                epdata->name);
 357                                usb_ep_dequeue (epdata->ep, epdata->req);
 358                                spin_unlock_irq (&epdata->dev->lock);
 359
 360                                wait_event (done.wait, done.done);
 361                                if (epdata->status == -ECONNRESET)
 362                                        epdata->status = -EINTR;
 363                        } else {
 364                                spin_unlock_irq (&epdata->dev->lock);
 365
 366                                DBG (epdata->dev, "endpoint gone\n");
 367                                epdata->status = -ENODEV;
 368                        }
 369                }
 370                return epdata->status;
 371        }
 372        return value;
 373}
 374
 375
 376/* handle a synchronous OUT bulk/intr/iso transfer */
 377static ssize_t
 378ep_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
 379{
 380        struct ep_data          *data = fd->private_data;
 381        void                    *kbuf;
 382        ssize_t                 value;
 383
 384        if ((value = get_ready_ep (fd->f_flags, data)) < 0)
 385                return value;
 386
 387        /* halt any endpoint by doing a "wrong direction" i/o call */
 388        if (usb_endpoint_dir_in(&data->desc)) {
 389                if (usb_endpoint_xfer_isoc(&data->desc))
 390                        return -EINVAL;
 391                DBG (data->dev, "%s halt\n", data->name);
 392                spin_lock_irq (&data->dev->lock);
 393                if (likely (data->ep != NULL))
 394                        usb_ep_set_halt (data->ep);
 395                spin_unlock_irq (&data->dev->lock);
 396                up (&data->lock);
 397                return -EBADMSG;
 398        }
 399
 400        /* FIXME readahead for O_NONBLOCK and poll(); careful with ZLPs */
 401
 402        value = -ENOMEM;
 403        kbuf = kmalloc (len, GFP_KERNEL);
 404        if (unlikely (!kbuf))
 405                goto free1;
 406
 407        value = ep_io (data, kbuf, len);
 408        VDEBUG (data->dev, "%s read %zu OUT, status %d\n",
 409                data->name, len, (int) value);
 410        if (value >= 0 && copy_to_user (buf, kbuf, value))
 411                value = -EFAULT;
 412
 413free1:
 414        up (&data->lock);
 415        kfree (kbuf);
 416        return value;
 417}
 418
 419/* handle a synchronous IN bulk/intr/iso transfer */
 420static ssize_t
 421ep_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
 422{
 423        struct ep_data          *data = fd->private_data;
 424        void                    *kbuf;
 425        ssize_t                 value;
 426
 427        if ((value = get_ready_ep (fd->f_flags, data)) < 0)
 428                return value;
 429
 430        /* halt any endpoint by doing a "wrong direction" i/o call */
 431        if (!usb_endpoint_dir_in(&data->desc)) {
 432                if (usb_endpoint_xfer_isoc(&data->desc))
 433                        return -EINVAL;
 434                DBG (data->dev, "%s halt\n", data->name);
 435                spin_lock_irq (&data->dev->lock);
 436                if (likely (data->ep != NULL))
 437                        usb_ep_set_halt (data->ep);
 438                spin_unlock_irq (&data->dev->lock);
 439                up (&data->lock);
 440                return -EBADMSG;
 441        }
 442
 443        /* FIXME writebehind for O_NONBLOCK and poll(), qlen = 1 */
 444
 445        value = -ENOMEM;
 446        kbuf = kmalloc (len, GFP_KERNEL);
 447        if (!kbuf)
 448                goto free1;
 449        if (copy_from_user (kbuf, buf, len)) {
 450                value = -EFAULT;
 451                goto free1;
 452        }
 453
 454        value = ep_io (data, kbuf, len);
 455        VDEBUG (data->dev, "%s write %zu IN, status %d\n",
 456                data->name, len, (int) value);
 457free1:
 458        up (&data->lock);
 459        kfree (kbuf);
 460        return value;
 461}
 462
 463static int
 464ep_release (struct inode *inode, struct file *fd)
 465{
 466        struct ep_data          *data = fd->private_data;
 467        int value;
 468
 469        if ((value = down_interruptible(&data->lock)) < 0)
 470                return value;
 471
 472        /* clean up if this can be reopened */
 473        if (data->state != STATE_EP_UNBOUND) {
 474                data->state = STATE_EP_DISABLED;
 475                data->desc.bDescriptorType = 0;
 476                data->hs_desc.bDescriptorType = 0;
 477                usb_ep_disable(data->ep);
 478        }
 479        up (&data->lock);
 480        put_ep (data);
 481        return 0;
 482}
 483
 484static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
 485{
 486        struct ep_data          *data = fd->private_data;
 487        int                     status;
 488
 489        if ((status = get_ready_ep (fd->f_flags, data)) < 0)
 490                return status;
 491
 492        spin_lock_irq (&data->dev->lock);
 493        if (likely (data->ep != NULL)) {
 494                switch (code) {
 495                case GADGETFS_FIFO_STATUS:
 496                        status = usb_ep_fifo_status (data->ep);
 497                        break;
 498                case GADGETFS_FIFO_FLUSH:
 499                        usb_ep_fifo_flush (data->ep);
 500                        break;
 501                case GADGETFS_CLEAR_HALT:
 502                        status = usb_ep_clear_halt (data->ep);
 503                        break;
 504                default:
 505                        status = -ENOTTY;
 506                }
 507        } else
 508                status = -ENODEV;
 509        spin_unlock_irq (&data->dev->lock);
 510        up (&data->lock);
 511        return status;
 512}
 513
 514/*----------------------------------------------------------------------*/
 515
 516/* ASYNCHRONOUS ENDPOINT I/O OPERATIONS (bulk/intr/iso) */
 517
 518struct kiocb_priv {
 519        struct usb_request      *req;
 520        struct ep_data          *epdata;
 521        void                    *buf;
 522        const struct iovec      *iv;
 523        unsigned long           nr_segs;
 524        unsigned                actual;
 525};
 526
 527static int ep_aio_cancel(struct kiocb *iocb, struct io_event *e)
 528{
 529        struct kiocb_priv       *priv = iocb->private;
 530        struct ep_data          *epdata;
 531        int                     value;
 532
 533        local_irq_disable();
 534        epdata = priv->epdata;
 535        // spin_lock(&epdata->dev->lock);
 536        kiocbSetCancelled(iocb);
 537        if (likely(epdata && epdata->ep && priv->req))
 538                value = usb_ep_dequeue (epdata->ep, priv->req);
 539        else
 540                value = -EINVAL;
 541        // spin_unlock(&epdata->dev->lock);
 542        local_irq_enable();
 543
 544        aio_put_req(iocb);
 545        return value;
 546}
 547
 548static ssize_t ep_aio_read_retry(struct kiocb *iocb)
 549{
 550        struct kiocb_priv       *priv = iocb->private;
 551        ssize_t                 len, total;
 552        void                    *to_copy;
 553        int                     i;
 554
 555        /* we "retry" to get the right mm context for this: */
 556
 557        /* copy stuff into user buffers */
 558        total = priv->actual;
 559        len = 0;
 560        to_copy = priv->buf;
 561        for (i=0; i < priv->nr_segs; i++) {
 562                ssize_t this = min((ssize_t)(priv->iv[i].iov_len), total);
 563
 564                if (copy_to_user(priv->iv[i].iov_base, to_copy, this)) {
 565                        if (len == 0)
 566                                len = -EFAULT;
 567                        break;
 568                }
 569
 570                total -= this;
 571                len += this;
 572                to_copy += this;
 573                if (total == 0)
 574                        break;
 575        }
 576        kfree(priv->buf);
 577        kfree(priv);
 578        return len;
 579}
 580
 581static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
 582{
 583        struct kiocb            *iocb = req->context;
 584        struct kiocb_priv       *priv = iocb->private;
 585        struct ep_data          *epdata = priv->epdata;
 586
 587        /* lock against disconnect (and ideally, cancel) */
 588        spin_lock(&epdata->dev->lock);
 589        priv->req = NULL;
 590        priv->epdata = NULL;
 591
 592        /* if this was a write or a read returning no data then we
 593         * don't need to copy anything to userspace, so we can
 594         * complete the aio request immediately.
 595         */
 596        if (priv->iv == NULL || unlikely(req->actual == 0)) {
 597                kfree(req->buf);
 598                kfree(priv);
 599                iocb->private = NULL;
 600                /* aio_complete() reports bytes-transferred _and_ faults */
 601                aio_complete(iocb, req->actual ? req->actual : req->status,
 602                                req->status);
 603        } else {
 604                /* retry() won't report both; so we hide some faults */
 605                if (unlikely(0 != req->status))
 606                        DBG(epdata->dev, "%s fault %d len %d\n",
 607                                ep->name, req->status, req->actual);
 608
 609                priv->buf = req->buf;
 610                priv->actual = req->actual;
 611                kick_iocb(iocb);
 612        }
 613        spin_unlock(&epdata->dev->lock);
 614
 615        usb_ep_free_request(ep, req);
 616        put_ep(epdata);
 617}
 618
 619static ssize_t
 620ep_aio_rwtail(
 621        struct kiocb    *iocb,
 622        char            *buf,
 623        size_t          len,
 624        struct ep_data  *epdata,
 625        const struct iovec *iv,
 626        unsigned long   nr_segs
 627)
 628{
 629        struct kiocb_priv       *priv;
 630        struct usb_request      *req;
 631        ssize_t                 value;
 632
 633        priv = kmalloc(sizeof *priv, GFP_KERNEL);
 634        if (!priv) {
 635                value = -ENOMEM;
 636fail:
 637                kfree(buf);
 638                return value;
 639        }
 640        iocb->private = priv;
 641        priv->iv = iv;
 642        priv->nr_segs = nr_segs;
 643
 644        value = get_ready_ep(iocb->ki_filp->f_flags, epdata);
 645        if (unlikely(value < 0)) {
 646                kfree(priv);
 647                goto fail;
 648        }
 649
 650        iocb->ki_cancel = ep_aio_cancel;
 651        get_ep(epdata);
 652        priv->epdata = epdata;
 653        priv->actual = 0;
 654
 655        /* each kiocb is coupled to one usb_request, but we can't
 656         * allocate or submit those if the host disconnected.
 657         */
 658        spin_lock_irq(&epdata->dev->lock);
 659        if (likely(epdata->ep)) {
 660                req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
 661                if (likely(req)) {
 662                        priv->req = req;
 663                        req->buf = buf;
 664                        req->length = len;
 665                        req->complete = ep_aio_complete;
 666                        req->context = iocb;
 667                        value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
 668                        if (unlikely(0 != value))
 669                                usb_ep_free_request(epdata->ep, req);
 670                } else
 671                        value = -EAGAIN;
 672        } else
 673                value = -ENODEV;
 674        spin_unlock_irq(&epdata->dev->lock);
 675
 676        up(&epdata->lock);
 677
 678        if (unlikely(value)) {
 679                kfree(priv);
 680                put_ep(epdata);
 681        } else
 682                value = (iv ? -EIOCBRETRY : -EIOCBQUEUED);
 683        return value;
 684}
 685
 686static ssize_t
 687ep_aio_read(struct kiocb *iocb, const struct iovec *iov,
 688                unsigned long nr_segs, loff_t o)
 689{
 690        struct ep_data          *epdata = iocb->ki_filp->private_data;
 691        char                    *buf;
 692
 693        if (unlikely(usb_endpoint_dir_in(&epdata->desc)))
 694                return -EINVAL;
 695
 696        buf = kmalloc(iocb->ki_left, GFP_KERNEL);
 697        if (unlikely(!buf))
 698                return -ENOMEM;
 699
 700        iocb->ki_retry = ep_aio_read_retry;
 701        return ep_aio_rwtail(iocb, buf, iocb->ki_left, epdata, iov, nr_segs);
 702}
 703
 704static ssize_t
 705ep_aio_write(struct kiocb *iocb, const struct iovec *iov,
 706                unsigned long nr_segs, loff_t o)
 707{
 708        struct ep_data          *epdata = iocb->ki_filp->private_data;
 709        char                    *buf;
 710        size_t                  len = 0;
 711        int                     i = 0;
 712
 713        if (unlikely(!usb_endpoint_dir_in(&epdata->desc)))
 714                return -EINVAL;
 715
 716        buf = kmalloc(iocb->ki_left, GFP_KERNEL);
 717        if (unlikely(!buf))
 718                return -ENOMEM;
 719
 720        for (i=0; i < nr_segs; i++) {
 721                if (unlikely(copy_from_user(&buf[len], iov[i].iov_base,
 722                                iov[i].iov_len) != 0)) {
 723                        kfree(buf);
 724                        return -EFAULT;
 725                }
 726                len += iov[i].iov_len;
 727        }
 728        return ep_aio_rwtail(iocb, buf, len, epdata, NULL, 0);
 729}
 730
 731/*----------------------------------------------------------------------*/
 732
 733/* used after endpoint configuration */
 734static const struct file_operations ep_io_operations = {
 735        .owner =        THIS_MODULE,
 736        .llseek =       no_llseek,
 737
 738        .read =         ep_read,
 739        .write =        ep_write,
 740        .unlocked_ioctl = ep_ioctl,
 741        .release =      ep_release,
 742
 743        .aio_read =     ep_aio_read,
 744        .aio_write =    ep_aio_write,
 745};
 746
 747/* ENDPOINT INITIALIZATION
 748 *
 749 *     fd = open ("/dev/gadget/$ENDPOINT", O_RDWR)
 750 *     status = write (fd, descriptors, sizeof descriptors)
 751 *
 752 * That write establishes the endpoint configuration, configuring
 753 * the controller to process bulk, interrupt, or isochronous transfers
 754 * at the right maxpacket size, and so on.
 755 *
 756 * The descriptors are message type 1, identified by a host order u32
 757 * at the beginning of what's written.  Descriptor order is: full/low
 758 * speed descriptor, then optional high speed descriptor.
 759 */
 760static ssize_t
 761ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
 762{
 763        struct ep_data          *data = fd->private_data;
 764        struct usb_ep           *ep;
 765        u32                     tag;
 766        int                     value, length = len;
 767
 768        if ((value = down_interruptible (&data->lock)) < 0)
 769                return value;
 770
 771        if (data->state != STATE_EP_READY) {
 772                value = -EL2HLT;
 773                goto fail;
 774        }
 775
 776        value = len;
 777        if (len < USB_DT_ENDPOINT_SIZE + 4)
 778                goto fail0;
 779
 780        /* we might need to change message format someday */
 781        if (copy_from_user (&tag, buf, 4)) {
 782                goto fail1;
 783        }
 784        if (tag != 1) {
 785                DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
 786                goto fail0;
 787        }
 788        buf += 4;
 789        len -= 4;
 790
 791        /* NOTE:  audio endpoint extensions not accepted here;
 792         * just don't include the extra bytes.
 793         */
 794
 795        /* full/low speed descriptor, then high speed */
 796        if (copy_from_user (&data->desc, buf, USB_DT_ENDPOINT_SIZE)) {
 797                goto fail1;
 798        }
 799        if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
 800                        || data->desc.bDescriptorType != USB_DT_ENDPOINT)
 801                goto fail0;
 802        if (len != USB_DT_ENDPOINT_SIZE) {
 803                if (len != 2 * USB_DT_ENDPOINT_SIZE)
 804                        goto fail0;
 805                if (copy_from_user (&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
 806                                        USB_DT_ENDPOINT_SIZE)) {
 807                        goto fail1;
 808                }
 809                if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
 810                                || data->hs_desc.bDescriptorType
 811                                        != USB_DT_ENDPOINT) {
 812                        DBG(data->dev, "config %s, bad hs length or type\n",
 813                                        data->name);
 814                        goto fail0;
 815                }
 816        }
 817
 818        spin_lock_irq (&data->dev->lock);
 819        if (data->dev->state == STATE_DEV_UNBOUND) {
 820                value = -ENOENT;
 821                goto gone;
 822        } else if ((ep = data->ep) == NULL) {
 823                value = -ENODEV;
 824                goto gone;
 825        }
 826        switch (data->dev->gadget->speed) {
 827        case USB_SPEED_LOW:
 828        case USB_SPEED_FULL:
 829                value = usb_ep_enable (ep, &data->desc);
 830                if (value == 0)
 831                        data->state = STATE_EP_ENABLED;
 832                break;
 833#ifdef  CONFIG_USB_GADGET_DUALSPEED
 834        case USB_SPEED_HIGH:
 835                /* fails if caller didn't provide that descriptor... */
 836                value = usb_ep_enable (ep, &data->hs_desc);
 837                if (value == 0)
 838                        data->state = STATE_EP_ENABLED;
 839                break;
 840#endif
 841        default:
 842                DBG(data->dev, "unconnected, %s init abandoned\n",
 843                                data->name);
 844                value = -EINVAL;
 845        }
 846        if (value == 0) {
 847                fd->f_op = &ep_io_operations;
 848                value = length;
 849        }
 850gone:
 851        spin_unlock_irq (&data->dev->lock);
 852        if (value < 0) {
 853fail:
 854                data->desc.bDescriptorType = 0;
 855                data->hs_desc.bDescriptorType = 0;
 856        }
 857        up (&data->lock);
 858        return value;
 859fail0:
 860        value = -EINVAL;
 861        goto fail;
 862fail1:
 863        value = -EFAULT;
 864        goto fail;
 865}
 866
 867static int
 868ep_open (struct inode *inode, struct file *fd)
 869{
 870        struct ep_data          *data = inode->i_private;
 871        int                     value = -EBUSY;
 872
 873        if (down_interruptible (&data->lock) != 0)
 874                return -EINTR;
 875        spin_lock_irq (&data->dev->lock);
 876        if (data->dev->state == STATE_DEV_UNBOUND)
 877                value = -ENOENT;
 878        else if (data->state == STATE_EP_DISABLED) {
 879                value = 0;
 880                data->state = STATE_EP_READY;
 881                get_ep (data);
 882                fd->private_data = data;
 883                VDEBUG (data->dev, "%s ready\n", data->name);
 884        } else
 885                DBG (data->dev, "%s state %d\n",
 886                        data->name, data->state);
 887        spin_unlock_irq (&data->dev->lock);
 888        up (&data->lock);
 889        return value;
 890}
 891
 892/* used before endpoint configuration */
 893static const struct file_operations ep_config_operations = {
 894        .owner =        THIS_MODULE,
 895        .llseek =       no_llseek,
 896
 897        .open =         ep_open,
 898        .write =        ep_config,
 899        .release =      ep_release,
 900};
 901
 902/*----------------------------------------------------------------------*/
 903
 904/* EP0 IMPLEMENTATION can be partly in userspace.
 905 *
 906 * Drivers that use this facility receive various events, including
 907 * control requests the kernel doesn't handle.  Drivers that don't
 908 * use this facility may be too simple-minded for real applications.
 909 */
 910
 911static inline void ep0_readable (struct dev_data *dev)
 912{
 913        wake_up (&dev->wait);
 914        kill_fasync (&dev->fasync, SIGIO, POLL_IN);
 915}
 916
 917static void clean_req (struct usb_ep *ep, struct usb_request *req)
 918{
 919        struct dev_data         *dev = ep->driver_data;
 920
 921        if (req->buf != dev->rbuf) {
 922                kfree(req->buf);
 923                req->buf = dev->rbuf;
 924                req->dma = DMA_ADDR_INVALID;
 925        }
 926        req->complete = epio_complete;
 927        dev->setup_out_ready = 0;
 928}
 929
 930static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
 931{
 932        struct dev_data         *dev = ep->driver_data;
 933        unsigned long           flags;
 934        int                     free = 1;
 935
 936        /* for control OUT, data must still get to userspace */
 937        spin_lock_irqsave(&dev->lock, flags);
 938        if (!dev->setup_in) {
 939                dev->setup_out_error = (req->status != 0);
 940                if (!dev->setup_out_error)
 941                        free = 0;
 942                dev->setup_out_ready = 1;
 943                ep0_readable (dev);
 944        }
 945
 946        /* clean up as appropriate */
 947        if (free && req->buf != &dev->rbuf)
 948                clean_req (ep, req);
 949        req->complete = epio_complete;
 950        spin_unlock_irqrestore(&dev->lock, flags);
 951}
 952
 953static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
 954{
 955        struct dev_data *dev = ep->driver_data;
 956
 957        if (dev->setup_out_ready) {
 958                DBG (dev, "ep0 request busy!\n");
 959                return -EBUSY;
 960        }
 961        if (len > sizeof (dev->rbuf))
 962                req->buf = kmalloc(len, GFP_ATOMIC);
 963        if (req->buf == NULL) {
 964                req->buf = dev->rbuf;
 965                return -ENOMEM;
 966        }
 967        req->complete = ep0_complete;
 968        req->length = len;
 969        req->zero = 0;
 970        return 0;
 971}
 972
 973static ssize_t
 974ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
 975{
 976        struct dev_data                 *dev = fd->private_data;
 977        ssize_t                         retval;
 978        enum ep0_state                  state;
 979
 980        spin_lock_irq (&dev->lock);
 981
 982        /* report fd mode change before acting on it */
 983        if (dev->setup_abort) {
 984                dev->setup_abort = 0;
 985                retval = -EIDRM;
 986                goto done;
 987        }
 988
 989        /* control DATA stage */
 990        if ((state = dev->state) == STATE_DEV_SETUP) {
 991
 992                if (dev->setup_in) {            /* stall IN */
 993                        VDEBUG(dev, "ep0in stall\n");
 994                        (void) usb_ep_set_halt (dev->gadget->ep0);
 995                        retval = -EL2HLT;
 996                        dev->state = STATE_DEV_CONNECTED;
 997
 998                } else if (len == 0) {          /* ack SET_CONFIGURATION etc */
 999                        struct usb_ep           *ep = dev->gadget->ep0;
1000                        struct usb_request      *req = dev->req;

1001
1002                        if ((retval = setup_req (ep, req, 0)) == 0)
1003                                retval = usb_ep_queue (ep, req, GFP_ATOMIC);
1004                        dev->state = STATE_DEV_CONNECTED;
1005
1006                        /* assume that was SET_CONFIGURATION */
1007                        if (dev->current_config) {
1008                                unsigned power;
1009
1010                                if (gadget_is_dualspeed(dev->gadget)
1011                                                && (dev->gadget->speed
1012                                                        == USB_SPEED_HIGH))
1013                                        power = dev->hs_config->bMaxPower;
1014                                else
1015                                        power = dev->config->bMaxPower;
1016                                usb_gadget_vbus_draw(dev->gadget, 2 * power);
1017                        }
1018
1019                } else {                        /* collect OUT data */
1020                        if ((fd->f_flags & O_NONBLOCK) != 0
1021                                        && !dev->setup_out_ready) {
1022                                retval = -EAGAIN;
1023                                goto done;
1024                        }
1025                        spin_unlock_irq (&dev->lock);
1026                        retval = wait_event_interruptible (dev->wait,
1027                                        dev->setup_out_ready != 0);
1028
1029                        /* FIXME state could change from under us */
1030                        spin_lock_irq (&dev->lock);
1031                        if (retval)
1032                                goto done;
1033
1034                        if (dev->state != STATE_DEV_SETUP) {
1035                                retval = -ECANCELED;
1036                                goto done;
1037                        }
1038                        dev->state = STATE_DEV_CONNECTED;
1039
1040                        if (dev->setup_out_error)
1041                                retval = -EIO;
1042                        else {
1043                                len = min (len, (size_t)dev->req->actual);
1044// FIXME don't call this with the spinlock held ...
1045                                if (copy_to_user (buf, dev->req->buf, len))
1046                                        retval = -EFAULT;
1047                                clean_req (dev->gadget->ep0, dev->req);
1048                                /* NOTE userspace can't yet choose to stall */
1049                        }
1050                }
1051                goto done;
1052        }
1053
1054        /* else normal: return event data */
1055        if (len < sizeof dev->event [0]) {
1056                retval = -EINVAL;
1057                goto done;
1058        }
1059        len -= len % sizeof (struct usb_gadgetfs_event);
1060        dev->usermode_setup = 1;
1061
1062scan:
1063        /* return queued events right away */
1064        if (dev->ev_next != 0) {
1065                unsigned                i, n;
1066
1067                n = len / sizeof (struct usb_gadgetfs_event);
1068                if (dev->ev_next < n)
1069                        n = dev->ev_next;
1070
1071                /* ep0 i/o has special semantics during STATE_DEV_SETUP */
1072                for (i = 0; i < n; i++) {
1073                        if (dev->event [i].type == GADGETFS_SETUP) {
1074                                dev->state = STATE_DEV_SETUP;
1075                                n = i + 1;
1076                                break;
1077                        }
1078                }
1079                spin_unlock_irq (&dev->lock);
1080                len = n * sizeof (struct usb_gadgetfs_event);
1081                if (copy_to_user (buf, &dev->event, len))
1082                        retval = -EFAULT;
1083                else
1084                        retval = len;
1085                if (len > 0) {
1086                        /* NOTE this doesn't guard against broken drivers;
1087                         * concurrent ep0 readers may lose events.
1088                         */
1089                        spin_lock_irq (&dev->lock);
1090                        if (dev->ev_next > n) {
1091                                memmove(&dev->event[0], &dev->event[n],
1092                                        sizeof (struct usb_gadgetfs_event)
1093                                                * (dev->ev_next - n));
1094                        }
1095                        dev->ev_next -= n;
1096                        spin_unlock_irq (&dev->lock);
1097                }
1098                return retval;
1099        }
1100        if (fd->f_flags & O_NONBLOCK) {
1101                retval = -EAGAIN;
1102                goto done;
1103        }
1104
1105        switch (state) {
1106        default:
1107                DBG (dev, "fail %s, state %d\n", __func__, state);
1108                retval = -ESRCH;
1109                break;
1110        case STATE_DEV_UNCONNECTED:
1111        case STATE_DEV_CONNECTED:
1112                spin_unlock_irq (&dev->lock);
1113                DBG (dev, "%s wait\n", __func__);
1114
1115                /* wait for events */
1116                retval = wait_event_interruptible (dev->wait,
1117                                dev->ev_next != 0);
1118                if (retval < 0)
1119                        return retval;
1120                spin_lock_irq (&dev->lock);
1121                goto scan;
1122        }
1123
1124done:
1125        spin_unlock_irq (&dev->lock);
1126        return retval;
1127}
1128
1129static struct usb_gadgetfs_event *
1130next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1131{
1132        struct usb_gadgetfs_event       *event;
1133        unsigned                        i;
1134
1135        switch (type) {
1136        /* these events purge the queue */
1137        case GADGETFS_DISCONNECT:
1138                if (dev->state == STATE_DEV_SETUP)
1139                        dev->setup_abort = 1;
1140                // FALL THROUGH
1141        case GADGETFS_CONNECT:
1142                dev->ev_next = 0;
1143                break;
1144        case GADGETFS_SETUP:            /* previous request timed out */
1145        case GADGETFS_SUSPEND:          /* same effect */
1146                /* these events can't be repeated */
1147                for (i = 0; i != dev->ev_next; i++) {
1148                        if (dev->event [i].type != type)
1149                                continue;
1150                        DBG(dev, "discard old event[%d] %d\n", i, type);
1151                        dev->ev_next--;
1152                        if (i == dev->ev_next)
1153                                break;
1154                        /* indices start at zero, for simplicity */
1155                        memmove (&dev->event [i], &dev->event [i + 1],
1156                                sizeof (struct usb_gadgetfs_event)
1157                                        * (dev->ev_next - i));
1158                }
1159                break;
1160        default:
1161                BUG ();
1162        }
1163        VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1164        event = &dev->event [dev->ev_next++];
1165        BUG_ON (dev->ev_next > N_EVENT);
1166        memset (event, 0, sizeof *event);
1167        event->type = type;
1168        return event;
1169}
1170
1171static ssize_t
1172ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1173{
1174        struct dev_data         *dev = fd->private_data;
1175        ssize_t                 retval = -ESRCH;
1176
1177        spin_lock_irq (&dev->lock);
1178
1179        /* report fd mode change before acting on it */
1180        if (dev->setup_abort) {
1181                dev->setup_abort = 0;
1182                retval = -EIDRM;
1183
1184        /* data and/or status stage for control request */
1185        } else if (dev->state == STATE_DEV_SETUP) {
1186
1187                /* IN DATA+STATUS caller makes len <= wLength */
1188                if (dev->setup_in) {
1189                        retval = setup_req (dev->gadget->ep0, dev->req, len);
1190                        if (retval == 0) {
1191                                dev->state = STATE_DEV_CONNECTED;
1192                                spin_unlock_irq (&dev->lock);
1193                                if (copy_from_user (dev->req->buf, buf, len))
1194                                        retval = -EFAULT;
1195                                else {
1196                                        if (len < dev->setup_wLength)
1197                                                dev->req->zero = 1;
1198                                        retval = usb_ep_queue (
1199                                                dev->gadget->ep0, dev->req,
1200                                                GFP_KERNEL);
1201                                }
1202                                if (retval < 0) {
1203                                        spin_lock_irq (&dev->lock);
1204                                        clean_req (dev->gadget->ep0, dev->req);
1205                                        spin_unlock_irq (&dev->lock);
1206                                } else
1207                                        retval = len;
1208
1209                                return retval;
1210                        }
1211
1212                /* can stall some OUT transfers */
1213                } else if (dev->setup_can_stall) {
1214                        VDEBUG(dev, "ep0out stall\n");
1215                        (void) usb_ep_set_halt (dev->gadget->ep0);
1216                        retval = -EL2HLT;
1217                        dev->state = STATE_DEV_CONNECTED;
1218                } else {
1219                        DBG(dev, "bogus ep0out stall!\n");
1220                }
1221        } else
1222                DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1223
1224        spin_unlock_irq (&dev->lock);
1225        return retval;
1226}
1227
1228static int
1229ep0_fasync (int f, struct file *fd, int on)
1230{
1231        struct dev_data         *dev = fd->private_data;
1232        // caller must F_SETOWN before signal delivery happens
1233        VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1234        return fasync_helper (f, fd, on, &dev->fasync);
1235}
1236
1237static struct usb_gadget_driver gadgetfs_driver;
1238
1239static int
1240dev_release (struct inode *inode, struct file *fd)
1241{
1242        struct dev_data         *dev = fd->private_data;
1243
1244        /* closing ep0 === shutdown all */
1245
1246        usb_gadget_unregister_driver (&gadgetfs_driver);
1247
1248        /* at this point "good" hardware has disconnected the
1249         * device from USB; the host won't see it any more.
1250         * alternatively, all host requests will time out.
1251         */
1252
1253        kfree (dev->buf);
1254        dev->buf = NULL;
1255        put_dev (dev);
1256
1257        /* other endpoints were all decoupled from this device */
1258        spin_lock_irq(&dev->lock);
1259        dev->state = STATE_DEV_DISABLED;
1260        spin_unlock_irq(&dev->lock);
1261        return 0;
1262}
1263
1264static unsigned int
1265ep0_poll (struct file *fd, poll_table *wait)
1266{
1267       struct dev_data         *dev = fd->private_data;
1268       int                     mask = 0;
1269
1270       poll_wait(fd, &dev->wait, wait);
1271
1272       spin_lock_irq (&dev->lock);
1273
1274       /* report fd mode change before acting on it */
1275       if (dev->setup_abort) {
1276               dev->setup_abort = 0;
1277               mask = POLLHUP;
1278               goto out;
1279       }
1280
1281       if (dev->state == STATE_DEV_SETUP) {
1282               if (dev->setup_in || dev->setup_can_stall)
1283                       mask = POLLOUT;
1284       } else {
1285               if (dev->ev_next != 0)
1286                       mask = POLLIN;
1287       }
1288out:
1289       spin_unlock_irq(&dev->lock);
1290       return mask;
1291}
1292
1293static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1294{
1295        struct dev_data         *dev = fd->private_data;
1296        struct usb_gadget       *gadget = dev->gadget;
1297        long ret = -ENOTTY;
1298
1299        if (gadget->ops->ioctl) {
1300                lock_kernel();
1301                ret = gadget->ops->ioctl (gadget, code, value);
1302                unlock_kernel();
1303        }
1304        return ret;
1305}
1306
1307/* used after device configuration */
1308static const struct file_operations ep0_io_operations = {
1309        .owner =        THIS_MODULE,
1310        .llseek =       no_llseek,
1311
1312        .read =         ep0_read,
1313        .write =        ep0_write,
1314        .fasync =       ep0_fasync,
1315        .poll =         ep0_poll,
1316        .unlocked_ioctl =       dev_ioctl,
1317        .release =      dev_release,
1318};
1319
1320/*----------------------------------------------------------------------*/
1321
1322/* The in-kernel gadget driver handles most ep0 issues, in particular
1323 * enumerating the single configuration (as provided from user space).
1324 *
1325 * Unrecognized ep0 requests may be handled in user space.
1326 */
1327
1328#ifdef  CONFIG_USB_GADGET_DUALSPEED
1329static void make_qualifier (struct dev_data *dev)
1330{
1331        struct usb_qualifier_descriptor         qual;
1332        struct usb_device_descriptor            *desc;
1333
1334        qual.bLength = sizeof qual;
1335        qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1336        qual.bcdUSB = cpu_to_le16 (0x0200);
1337
1338        desc = dev->dev;
1339        qual.bDeviceClass = desc->bDeviceClass;
1340        qual.bDeviceSubClass = desc->bDeviceSubClass;
1341        qual.bDeviceProtocol = desc->bDeviceProtocol;
1342
1343        /* assumes ep0 uses the same value for both speeds ... */
1344        qual.bMaxPacketSize0 = desc->bMaxPacketSize0;
1345
1346        qual.bNumConfigurations = 1;
1347        qual.bRESERVED = 0;
1348
1349        memcpy (dev->rbuf, &qual, sizeof qual);
1350}
1351#endif
1352
1353static int
1354config_buf (struct dev_data *dev, u8 type, unsigned index)
1355{
1356        int             len;
1357        int             hs = 0;
1358
1359        /* only one configuration */
1360        if (index > 0)
1361                return -EINVAL;
1362
1363        if (gadget_is_dualspeed(dev->gadget)) {
1364                hs = (dev->gadget->speed == USB_SPEED_HIGH);
1365                if (type == USB_DT_OTHER_SPEED_CONFIG)
1366                        hs = !hs;
1367        }
1368        if (hs) {
1369                dev->req->buf = dev->hs_config;
1370                len = le16_to_cpu(dev->hs_config->wTotalLength);
1371        } else {
1372                dev->req->buf = dev->config;
1373                len = le16_to_cpu(dev->config->wTotalLength);
1374        }
1375        ((u8 *)dev->req->buf) [1] = type;
1376        return len;
1377}
1378
1379static int
1380gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1381{
1382        struct dev_data                 *dev = get_gadget_data (gadget);
1383        struct usb_request              *req = dev->req;
1384        int                             value = -EOPNOTSUPP;
1385        struct usb_gadgetfs_event       *event;
1386        u16                             w_value = le16_to_cpu(ctrl->wValue);
1387        u16                             w_length = le16_to_cpu(ctrl->wLength);
1388
1389        spin_lock (&dev->lock);
1390        dev->setup_abort = 0;
1391        if (dev->state == STATE_DEV_UNCONNECTED) {
1392                if (gadget_is_dualspeed(gadget)
1393                                && gadget->speed == USB_SPEED_HIGH
1394                                && dev->hs_config == NULL) {
1395                        spin_unlock(&dev->lock);
1396                        ERROR (dev, "no high speed config??\n");
1397                        return -EINVAL;
1398                }
1399
1400                dev->state = STATE_DEV_CONNECTED;
1401                dev->dev->bMaxPacketSize0 = gadget->ep0->maxpacket;
1402
1403                INFO (dev, "connected\n");
1404                event = next_event (dev, GADGETFS_CONNECT);
1405                event->u.speed = gadget->speed;
1406                ep0_readable (dev);
1407
1408        /* host may have given up waiting for response.  we can miss control
1409         * requests handled lower down (device/endpoint status and features);
1410         * then ep0_{read,write} will report the wrong status. controller
1411         * driver will have aborted pending i/o.
1412         */
1413        } else if (dev->state == STATE_DEV_SETUP)
1414                dev->setup_abort = 1;
1415
1416        req->buf = dev->rbuf;
1417        req->dma = DMA_ADDR_INVALID;
1418        req->context = NULL;
1419        value = -EOPNOTSUPP;
1420        switch (ctrl->bRequest) {
1421
1422        case USB_REQ_GET_DESCRIPTOR:
1423                if (ctrl->bRequestType != USB_DIR_IN)
1424                        goto unrecognized;
1425                switch (w_value >> 8) {
1426
1427                case USB_DT_DEVICE:
1428                        value = min (w_length, (u16) sizeof *dev->dev);
1429                        req->buf = dev->dev;
1430                        break;
1431#ifdef  CONFIG_USB_GADGET_DUALSPEED
1432                case USB_DT_DEVICE_QUALIFIER:
1433                        if (!dev->hs_config)
1434                                break;
1435                        value = min (w_length, (u16)
1436                                sizeof (struct usb_qualifier_descriptor));
1437                        make_qualifier (dev);
1438                        break;
1439                case USB_DT_OTHER_SPEED_CONFIG:
1440                        // FALLTHROUGH
1441#endif
1442                case USB_DT_CONFIG:
1443                        value = config_buf (dev,
1444                                        w_value >> 8,
1445                                        w_value & 0xff);
1446                        if (value >= 0)
1447                                value = min (w_length, (u16) value);
1448                        break;
1449                case USB_DT_STRING:
1450                        goto unrecognized;
1451
1452                default:                // all others are errors
1453                        break;
1454                }
1455                break;
1456
1457        /* currently one config, two speeds */
1458        case USB_REQ_SET_CONFIGURATION:
1459                if (ctrl->bRequestType != 0)
1460                        goto unrecognized;
1461                if (0 == (u8) w_value) {
1462                        value = 0;
1463                        dev->current_config = 0;
1464                        usb_gadget_vbus_draw(gadget, 8 /* mA */ );
1465                        // user mode expected to disable endpoints
1466                } else {
1467                        u8      config, power;
1468
1469                        if (gadget_is_dualspeed(gadget)
1470                                        && gadget->speed == USB_SPEED_HIGH) {
1471                                config = dev->hs_config->bConfigurationValue;
1472                                power = dev->hs_config->bMaxPower;
1473                        } else {
1474                                config = dev->config->bConfigurationValue;
1475                                power = dev->config->bMaxPower;
1476                        }
1477
1478                        if (config == (u8) w_value) {
1479                                value = 0;
1480                                dev->current_config = config;
1481                                usb_gadget_vbus_draw(gadget, 2 * power);
1482                        }
1483                }
1484
1485                /* report SET_CONFIGURATION like any other control request,
1486                 * except that usermode may not stall this.  the next
1487                 * request mustn't be allowed start until this finishes:
1488                 * endpoints and threads set up, etc.
1489                 *
1490                 * NOTE:  older PXA hardware (before PXA 255: without UDCCFR)
1491                 * has bad/racey automagic that prevents synchronizing here.
1492                 * even kernel mode drivers often miss them.
1493                 */
1494                if (value == 0) {
1495                        INFO (dev, "configuration #%d\n", dev->current_config);
1496                        if (dev->usermode_setup) {
1497                                dev->setup_can_stall = 0;
1498                                goto delegate;
1499                        }
1500                }
1501                break;
1502
1503#ifndef CONFIG_USB_GADGET_PXA25X
1504        /* PXA automagically handles this request too */
1505        case USB_REQ_GET_CONFIGURATION:
1506                if (ctrl->bRequestType != 0x80)
1507                        goto unrecognized;
1508                *(u8 *)req->buf = dev->current_config;
1509                value = min (w_length, (u16) 1);
1510                break;
1511#endif
1512
1513        default:
1514unrecognized:
1515                VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1516                        dev->usermode_setup ? "delegate" : "fail",
1517                        ctrl->bRequestType, ctrl->bRequest,
1518                        w_value, le16_to_cpu(ctrl->wIndex), w_length);
1519
1520                /* if there's an ep0 reader, don't stall */
1521                if (dev->usermode_setup) {
1522                        dev->setup_can_stall = 1;
1523delegate:
1524                        dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1525                                                ? 1 : 0;
1526                        dev->setup_wLength = w_length;
1527                        dev->setup_out_ready = 0;
1528                        dev->setup_out_error = 0;
1529                        value = 0;
1530
1531                        /* read DATA stage for OUT right away */
1532                        if (unlikely (!dev->setup_in && w_length)) {
1533                                value = setup_req (gadget->ep0, dev->req,
1534                                                        w_length);
1535                                if (value < 0)
1536                                        break;
1537                                value = usb_ep_queue (gadget->ep0, dev->req,
1538                                                        GFP_ATOMIC);
1539                                if (value < 0) {
1540                                        clean_req (gadget->ep0, dev->req);
1541                                        break;
1542                                }
1543
1544                                /* we can't currently stall these */
1545                                dev->setup_can_stall = 0;
1546                        }
1547
1548                        /* state changes when reader collects event */
1549                        event = next_event (dev, GADGETFS_SETUP);
1550                        event->u.setup = *ctrl;
1551                        ep0_readable (dev);
1552                        spin_unlock (&dev->lock);
1553                        return 0;
1554                }
1555        }
1556
1557        /* proceed with data transfer and status phases? */
1558        if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1559                req->length = value;
1560                req->zero = value < w_length;
1561                value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC);
1562                if (value < 0) {
1563                        DBG (dev, "ep_queue --> %d\n", value);
1564                        req->status = 0;
1565                }
1566        }
1567
1568        /* device stalls when value < 0 */
1569        spin_unlock (&dev->lock);
1570        return value;
1571}
1572
1573static void destroy_ep_files (struct dev_data *dev)
1574{
1575        struct list_head        *entry, *tmp;
1576
1577        DBG (dev, "%s %d\n", __func__, dev->state);
1578
1579        /* dev->state must prevent interference */
1580restart:
1581        spin_lock_irq (&dev->lock);
1582        list_for_each_safe (entry, tmp, &dev->epfiles) {
1583                struct ep_data  *ep;
1584                struct inode    *parent;
1585                struct dentry   *dentry;
1586
1587                /* break link to FS */
1588                ep = list_entry (entry, struct ep_data, epfiles);
1589                list_del_init (&ep->epfiles);
1590                dentry = ep->dentry;
1591                ep->dentry = NULL;
1592                parent = dentry->d_parent->d_inode;
1593
1594                /* break link to controller */
1595                if (ep->state == STATE_EP_ENABLED)
1596                        (void) usb_ep_disable (ep->ep);
1597                ep->state = STATE_EP_UNBOUND;
1598                usb_ep_free_request (ep->ep, ep->req);
1599                ep->ep = NULL;
1600                wake_up (&ep->wait);
1601                put_ep (ep);
1602
1603                spin_unlock_irq (&dev->lock);
1604
1605                /* break link to dcache */
1606                mutex_lock (&parent->i_mutex);
1607                d_delete (dentry);
1608                dput (dentry);
1609                mutex_unlock (&parent->i_mutex);
1610
1611                /* fds may still be open */
1612                goto restart;
1613        }
1614        spin_unlock_irq (&dev->lock);
1615}
1616
1617
1618static struct inode *
1619gadgetfs_create_file (struct super_block *sb, char const *name,
1620                void *data, const struct file_operations *fops,
1621                struct dentry **dentry_p);
1622
1623static int activate_ep_files (struct dev_data *dev)
1624{
1625        struct usb_ep   *ep;
1626        struct ep_data  *data;
1627
1628        gadget_for_each_ep (ep, dev->gadget) {
1629
1630                data = kzalloc(sizeof(*data), GFP_KERNEL);
1631                if (!data)
1632                        goto enomem0;
1633                data->state = STATE_EP_DISABLED;
1634                init_MUTEX (&data->lock);
1635                init_waitqueue_head (&data->wait);
1636
1637                strncpy (data->name, ep->name, sizeof (data->name) - 1);
1638                atomic_set (&data->count, 1);
1639                data->dev = dev;
1640                get_dev (dev);
1641
1642                data->ep = ep;
1643                ep->driver_data = data;
1644
1645                data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1646                if (!data->req)
1647                        goto enomem1;
1648
1649                data->inode = gadgetfs_create_file (dev->sb, data->name,
1650                                data, &ep_config_operations,
1651                                &data->dentry);
1652                if (!data->inode)
1653                        goto enomem2;
1654                list_add_tail (&data->epfiles, &dev->epfiles);
1655        }
1656        return 0;
1657
1658enomem2:
1659        usb_ep_free_request (ep, data->req);
1660enomem1:
1661        put_dev (dev);
1662        kfree (data);
1663enomem0:
1664        DBG (dev, "%s enomem\n", __func__);
1665        destroy_ep_files (dev);
1666        return -ENOMEM;
1667}
1668
1669static void
1670gadgetfs_unbind (struct usb_gadget *gadget)
1671{
1672        struct dev_data         *dev = get_gadget_data (gadget);
1673
1674        DBG (dev, "%s\n", __func__);
1675
1676        spin_lock_irq (&dev->lock);
1677        dev->state = STATE_DEV_UNBOUND;
1678        spin_unlock_irq (&dev->lock);
1679
1680        destroy_ep_files (dev);
1681        gadget->ep0->driver_data = NULL;
1682        set_gadget_data (gadget, NULL);
1683
1684        /* we've already been disconnected ... no i/o is active */
1685        if (dev->req)
1686                usb_ep_free_request (gadget->ep0, dev->req);
1687        DBG (dev, "%s done\n", __func__);
1688        put_dev (dev);
1689}
1690
1691static struct dev_data          *the_device;
1692
1693static int
1694gadgetfs_bind (struct usb_gadget *gadget)
1695{
1696        struct dev_data         *dev = the_device;
1697
1698        if (!dev)
1699                return -ESRCH;
1700        if (0 != strcmp (CHIP, gadget->name)) {
1701                pr_err("%s expected %s controller not %s\n",
1702                        shortname, CHIP, gadget->name);
1703                return -ENODEV;
1704        }
1705
1706        set_gadget_data (gadget, dev);
1707        dev->gadget = gadget;
1708        gadget->ep0->driver_data = dev;
1709        dev->dev->bMaxPacketSize0 = gadget->ep0->maxpacket;
1710
1711        /* preallocate control response and buffer */
1712        dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1713        if (!dev->req)
1714                goto enomem;
1715        dev->req->context = NULL;
1716        dev->req->complete = epio_complete;
1717
1718        if (activate_ep_files (dev) < 0)
1719                goto enomem;
1720
1721        INFO (dev, "bound to %s driver\n", gadget->name);
1722        spin_lock_irq(&dev->lock);
1723        dev->state = STATE_DEV_UNCONNECTED;
1724        spin_unlock_irq(&dev->lock);
1725        get_dev (dev);
1726        return 0;
1727
1728enomem:
1729        gadgetfs_unbind (gadget);
1730        return -ENOMEM;
1731}
1732
1733static void
1734gadgetfs_disconnect (struct usb_gadget *gadget)
1735{
1736        struct dev_data         *dev = get_gadget_data (gadget);
1737
1738        spin_lock (&dev->lock);
1739        if (dev->state == STATE_DEV_UNCONNECTED)
1740                goto exit;
1741        dev->state = STATE_DEV_UNCONNECTED;
1742
1743        INFO (dev, "disconnected\n");
1744        next_event (dev, GADGETFS_DISCONNECT);
1745        ep0_readable (dev);
1746exit:
1747        spin_unlock (&dev->lock);
1748}
1749
1750static void
1751gadgetfs_suspend (struct usb_gadget *gadget)
1752{
1753        struct dev_data         *dev = get_gadget_data (gadget);
1754
1755        INFO (dev, "suspended from state %d\n", dev->state);
1756        spin_lock (&dev->lock);
1757        switch (dev->state) {
1758        case STATE_DEV_SETUP:           // VERY odd... host died??
1759        case STATE_DEV_CONNECTED:
1760        case STATE_DEV_UNCONNECTED:
1761                next_event (dev, GADGETFS_SUSPEND);
1762                ep0_readable (dev);
1763                /* FALLTHROUGH */
1764        default:
1765                break;
1766        }
1767        spin_unlock (&dev->lock);
1768}
1769
1770static struct usb_gadget_driver gadgetfs_driver = {
1771#ifdef  CONFIG_USB_GADGET_DUALSPEED
1772        .speed          = USB_SPEED_HIGH,
1773#else
1774        .speed          = USB_SPEED_FULL,
1775#endif
1776        .function       = (char *) driver_desc,
1777        .bind           = gadgetfs_bind,
1778        .unbind         = gadgetfs_unbind,
1779        .setup          = gadgetfs_setup,
1780        .disconnect     = gadgetfs_disconnect,
1781        .suspend        = gadgetfs_suspend,
1782
1783        .driver = {
1784                .name           = (char *) shortname,
1785        },
1786};
1787
1788/*----------------------------------------------------------------------*/
1789
1790static void gadgetfs_nop(struct usb_gadget *arg) { }
1791
1792static int gadgetfs_probe (struct usb_gadget *gadget)
1793{
1794        CHIP = gadget->name;
1795        return -EISNAM;
1796}
1797
1798static struct usb_gadget_driver probe_driver = {
1799        .speed          = USB_SPEED_HIGH,
1800        .bind           = gadgetfs_probe,
1801        .unbind         = gadgetfs_nop,
1802        .setup          = (void *)gadgetfs_nop,
1803        .disconnect     = gadgetfs_nop,
1804        .driver = {
1805                .name           = "nop",
1806        },
1807};
1808
1809
1810/* DEVICE INITIALIZATION
1811 *
1812 *     fd = open ("/dev/gadget/$CHIP", O_RDWR)
1813 *     status = write (fd, descriptors, sizeof descriptors)
1814 *
1815 * That write establishes the device configuration, so the kernel can
1816 * bind to the controller ... guaranteeing it can handle enumeration
1817 * at all necessary speeds.  Descriptor order is:
1818 *
1819 * . message tag (u32, host order) ... for now, must be zero; it
1820 *      would change to support features like multi-config devices
1821 * . full/low speed config ... all wTotalLength bytes (with interface,
1822 *      class, altsetting, endpoint, and other descriptors)
1823 * . high speed config ... all descriptors, for high speed operation;
1824 *      this one's optional except for high-speed hardware
1825 * . device descriptor
1826 *
1827 * Endpoints are not yet enabled. Drivers must wait until device
1828 * configuration and interface altsetting changes create
1829 * the need to configure (or unconfigure) them.
1830 *
1831 * After initialization, the device stays active for as long as that
1832 * $CHIP file is open.  Events must then be read from that descriptor,
1833 * such as configuration notifications.
1834 */
1835
1836static int is_valid_config (struct usb_config_descriptor *config)
1837{
1838        return config->bDescriptorType == USB_DT_CONFIG
1839                && config->bLength == USB_DT_CONFIG_SIZE
1840                && config->bConfigurationValue != 0
1841                && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1842                && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1843        /* FIXME if gadget->is_otg, _must_ include an otg descriptor */
1844        /* FIXME check lengths: walk to end */
1845}
1846
1847static ssize_t
1848dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1849{
1850        struct dev_data         *dev = fd->private_data;
1851        ssize_t                 value = len, length = len;
1852        unsigned                total;
1853        u32                     tag;
1854        char                    *kbuf;
1855
1856        if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4))
1857                return -EINVAL;
1858
1859        /* we might need to change message format someday */
1860        if (copy_from_user (&tag, buf, 4))
1861                return -EFAULT;
1862        if (tag != 0)
1863                return -EINVAL;
1864        buf += 4;
1865        length -= 4;
1866
1867        kbuf = kmalloc (length, GFP_KERNEL);
1868        if (!kbuf)
1869                return -ENOMEM;
1870        if (copy_from_user (kbuf, buf, length)) {
1871                kfree (kbuf);
1872                return -EFAULT;
1873        }
1874
1875        spin_lock_irq (&dev->lock);
1876        value = -EINVAL;
1877        if (dev->buf)
1878                goto fail;
1879        dev->buf = kbuf;
1880
1881        /* full or low speed config */
1882        dev->config = (void *) kbuf;
1883        total = le16_to_cpu(dev->config->wTotalLength);
1884        if (!is_valid_config (dev->config) || total >= length)
1885                goto fail;
1886        kbuf += total;
1887        length -= total;
1888
1889        /* optional high speed config */
1890        if (kbuf [1] == USB_DT_CONFIG) {
1891                dev->hs_config = (void *) kbuf;
1892                total = le16_to_cpu(dev->hs_config->wTotalLength);
1893                if (!is_valid_config (dev->hs_config) || total >= length)
1894                        goto fail;
1895                kbuf += total;
1896                length -= total;
1897        }
1898
1899        /* could support multiple configs, using another encoding! */
1900
1901        /* device descriptor (tweaked for paranoia) */
1902        if (length != USB_DT_DEVICE_SIZE)
1903                goto fail;
1904        dev->dev = (void *)kbuf;
1905        if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1906                        || dev->dev->bDescriptorType != USB_DT_DEVICE
1907                        || dev->dev->bNumConfigurations != 1)
1908                goto fail;
1909        dev->dev->bNumConfigurations = 1;
1910        dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1911
1912        /* triggers gadgetfs_bind(); then we can enumerate. */
1913        spin_unlock_irq (&dev->lock);
1914        value = usb_gadget_register_driver (&gadgetfs_driver);
1915        if (value != 0) {
1916                kfree (dev->buf);
1917                dev->buf = NULL;
1918        } else {
1919                /* at this point "good" hardware has for the first time
1920                 * let the USB the host see us.  alternatively, if users
1921                 * unplug/replug that will clear all the error state.
1922                 *
1923                 * note:  everything running before here was guaranteed
1924                 * to choke driver model style diagnostics.  from here
1925                 * on, they can work ... except in cleanup paths that
1926                 * kick in after the ep0 descriptor is closed.
1927                 */
1928                fd->f_op = &ep0_io_operations;
1929                value = len;
1930        }
1931        return value;
1932
1933fail:
1934        spin_unlock_irq (&dev->lock);
1935        pr_debug ("%s: %s fail %Zd, %p\n", shortname, __func__, value, dev);
1936        kfree (dev->buf);
1937        dev->buf = NULL;
1938        return value;
1939}
1940
1941static int
1942dev_open (struct inode *inode, struct file *fd)
1943{
1944        struct dev_data         *dev = inode->i_private;
1945        int                     value = -EBUSY;
1946
1947        spin_lock_irq(&dev->lock);
1948        if (dev->state == STATE_DEV_DISABLED) {
1949                dev->ev_next = 0;
1950                dev->state = STATE_DEV_OPENED;
1951                fd->private_data = dev;
1952                get_dev (dev);
1953                value = 0;
1954        }
1955        spin_unlock_irq(&dev->lock);
1956        return value;
1957}
1958
1959static const struct file_operations dev_init_operations = {
1960        .owner =        THIS_MODULE,
1961        .llseek =       no_llseek,
1962
1963        .open =         dev_open,
1964        .write =        dev_config,
1965        .fasync =       ep0_fasync,
1966        .unlocked_ioctl = dev_ioctl,
1967        .release =      dev_release,
1968};
1969
1970/*----------------------------------------------------------------------*/
1971
1972/* FILESYSTEM AND SUPERBLOCK OPERATIONS
1973 *
1974 * Mounting the filesystem creates a controller file, used first for
1975 * device configuration then later for event monitoring.
1976 */
1977
1978
1979/* FIXME PAM etc could set this security policy without mount options
1980 * if epfiles inherited ownership and permissons from ep0 ...
1981 */
1982
1983static unsigned default_uid;
1984static unsigned default_gid;
1985static unsigned default_perm = S_IRUSR | S_IWUSR;
1986
1987module_param (default_uid, uint, 0644);
1988module_param (default_gid, uint, 0644);
1989module_param (default_perm, uint, 0644);
1990
1991
1992static struct inode *
1993gadgetfs_make_inode (struct super_block *sb,
1994                void *data, const struct file_operations *fops,
1995                int mode)
1996{
1997        struct inode *inode = new_inode (sb);
1998
1999        if (inode) {
2000                inode->i_mode = mode;

2001                inode->i_uid = default_uid;
2002                inode->i_gid = default_gid;
2003                inode->i_atime = inode->i_mtime = inode->i_ctime
2004                                = CURRENT_TIME;
2005                inode->i_private = data;
2006                inode->i_fop = fops;
2007        }
2008        return inode;
2009}
2010
2011/* creates in fs root directory, so non-renamable and non-linkable.
2012 * so inode and dentry are paired, until device reconfig.
2013 */
2014static struct inode *
2015gadgetfs_create_file (struct super_block *sb, char const *name,
2016                void *data, const struct file_operations *fops,
2017                struct dentry **dentry_p)
2018{
2019        struct dentry   *dentry;
2020        struct inode    *inode;
2021
2022        dentry = d_alloc_name(sb->s_root, name);
2023        if (!dentry)
2024                return NULL;
2025
2026        inode = gadgetfs_make_inode (sb, data, fops,
2027                        S_IFREG | (default_perm & S_IRWXUGO));
2028        if (!inode) {
2029                dput(dentry);
2030                return NULL;
2031        }
2032        d_add (dentry, inode);
2033        *dentry_p = dentry;
2034        return inode;
2035}
2036
2037static const struct super_operations gadget_fs_operations = {
2038        .statfs =       simple_statfs,
2039        .drop_inode =   generic_delete_inode,
2040};
2041
2042static int
2043gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
2044{
2045        struct inode    *inode;
2046        struct dentry   *d;
2047        struct dev_data *dev;
2048
2049        if (the_device)
2050                return -ESRCH;
2051
2052        /* fake probe to determine $CHIP */
2053        (void) usb_gadget_register_driver (&probe_driver);
2054        if (!CHIP)
2055                return -ENODEV;
2056
2057        /* superblock */
2058        sb->s_blocksize = PAGE_CACHE_SIZE;
2059        sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
2060        sb->s_magic = GADGETFS_MAGIC;
2061        sb->s_op = &gadget_fs_operations;
2062        sb->s_time_gran = 1;
2063
2064        /* root inode */
2065        inode = gadgetfs_make_inode (sb,
2066                        NULL, &simple_dir_operations,
2067                        S_IFDIR | S_IRUGO | S_IXUGO);
2068        if (!inode)
2069                goto enomem0;
2070        inode->i_op = &simple_dir_inode_operations;
2071        if (!(d = d_alloc_root (inode)))
2072                goto enomem1;
2073        sb->s_root = d;
2074
2075        /* the ep0 file is named after the controller we expect;
2076         * user mode code can use it for sanity checks, like we do.
2077         */
2078        dev = dev_new ();
2079        if (!dev)
2080                goto enomem2;
2081
2082        dev->sb = sb;
2083        if (!gadgetfs_create_file (sb, CHIP,
2084                                dev, &dev_init_operations,
2085                                &dev->dentry))
2086                goto enomem3;
2087
2088        /* other endpoint files are available after hardware setup,
2089         * from binding to a controller.
2090         */
2091        the_device = dev;
2092        return 0;
2093
2094enomem3:
2095        put_dev (dev);
2096enomem2:
2097        dput (d);
2098enomem1:
2099        iput (inode);
2100enomem0:
2101        return -ENOMEM;
2102}
2103
2104/* "mount -t gadgetfs path /dev/gadget" ends up here */
2105static int
2106gadgetfs_get_sb (struct file_system_type *t, int flags,
2107                const char *path, void *opts, struct vfsmount *mnt)
2108{
2109        return get_sb_single (t, flags, opts, gadgetfs_fill_super, mnt);
2110}
2111
2112static void
2113gadgetfs_kill_sb (struct super_block *sb)
2114{
2115        kill_litter_super (sb);
2116        if (the_device) {
2117                put_dev (the_device);
2118                the_device = NULL;
2119        }
2120}
2121
2122/*----------------------------------------------------------------------*/
2123
2124static struct file_system_type gadgetfs_type = {
2125        .owner          = THIS_MODULE,
2126        .name           = shortname,
2127        .get_sb         = gadgetfs_get_sb,
2128        .kill_sb        = gadgetfs_kill_sb,
2129};
2130
2131/*----------------------------------------------------------------------*/
2132
2133static int __init init (void)
2134{
2135        int status;
2136
2137        status = register_filesystem (&gadgetfs_type);
2138        if (status == 0)
2139                pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2140                        shortname, driver_desc);
2141        return status;
2142}
2143module_init (init);
2144
2145static void __exit cleanup (void)
2146{
2147        pr_debug ("unregister %s\n", shortname);
2148        unregister_filesystem (&gadgetfs_type);
2149}
2150module_exit (cleanup);
2151
2152