LXR linux/drivers/usb/gadget/inode.c

   1/*
   2 * inode.c -- user mode filesystem api for usb gadget controllers
   3 *
   4 * Copyright (C) 2003-2004 David Brownell
   5 * Copyright (C) 2003 Agilent Technologies
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 2 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * This program is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  20 */
  21
  22
  23/* #define VERBOSE_DEBUG */
  24
  25#include <linux/init.h>
  26#include <linux/module.h>
  27#include <linux/fs.h>
  28#include <linux/pagemap.h>
  29#include <linux/uts.h>
  30#include <linux/wait.h>
  31#include <linux/compiler.h>
  32#include <asm/uaccess.h>
  33#include <linux/sched.h>
  34#include <linux/slab.h>
  35#include <linux/poll.h>
  36
  37#include <linux/device.h>
  38#include <linux/moduleparam.h>
  39
  40#include <linux/usb/gadgetfs.h>
  41#include <linux/usb/gadget.h>
  42
  43
  44/*
  45 * The gadgetfs API maps each endpoint to a file descriptor so that you
  46 * can use standard synchronous read/write calls for I/O.  There's some
  47 * O_NONBLOCK and O_ASYNC/FASYNC style i/o support.  Example usermode
  48 * drivers show how this works in practice.  You can also use AIO to
  49 * eliminate I/O gaps between requests, to help when streaming data.
  50 *
  51 * Key parts that must be USB-specific are protocols defining how the
  52 * read/write operations relate to the hardware state machines.  There
  53 * are two types of files.  One type is for the device, implementing ep0.
  54 * The other type is for each IN or OUT endpoint.  In both cases, the
  55 * user mode driver must configure the hardware before using it.
  56 *
  57 * - First, dev_config() is called when /dev/gadget/$CHIP is configured
  58 *   (by writing configuration and device descriptors).  Afterwards it
  59 *   may serve as a source of device events, used to handle all control
  60 *   requests other than basic enumeration.
  61 *
  62 * - Then, after a SET_CONFIGURATION control request, ep_config() is
  63 *   called when each /dev/gadget/ep* file is configured (by writing
  64 *   endpoint descriptors).  Afterwards these files are used to write()
  65 *   IN data or to read() OUT data.  To halt the endpoint, a "wrong
  66 *   direction" request is issued (like reading an IN endpoint).
  67 *
  68 * Unlike "usbfs" the only ioctl()s are for things that are rare, and maybe
  69 * not possible on all hardware.  For example, precise fault handling with
  70 * respect to data left in endpoint fifos after aborted operations; or
  71 * selective clearing of endpoint halts, to implement SET_INTERFACE.
  72 */
  73
  74#define DRIVER_DESC     "USB Gadget filesystem"
  75#define DRIVER_VERSION  "24 Aug 2004"
  76
  77static const char driver_desc [] = DRIVER_DESC;
  78static const char shortname [] = "gadgetfs";
  79
  80MODULE_DESCRIPTION (DRIVER_DESC);
  81MODULE_AUTHOR ("David Brownell");
  82MODULE_LICENSE ("GPL");
  83
  84
  85/*----------------------------------------------------------------------*/
  86
  87#define GADGETFS_MAGIC          0xaee71ee7
  88#define DMA_ADDR_INVALID        (~(dma_addr_t)0)
  89
  90/* /dev/gadget/$CHIP represents ep0 and the whole device */
  91enum ep0_state {
  92        /* DISBLED is the initial state.
  93         */
  94        STATE_DEV_DISABLED = 0,
  95
  96        /* Only one open() of /dev/gadget/$CHIP; only one file tracks
  97         * ep0/device i/o modes and binding to the controller.  Driver
  98         * must always write descriptors to initialize the device, then
  99         * the device becomes UNCONNECTED until enumeration.
 100         */
 101        STATE_DEV_OPENED,
 102
 103        /* From then on, ep0 fd is in either of two basic modes:
 104         * - (UN)CONNECTED: read usb_gadgetfs_event(s) from it
 105         * - SETUP: read/write will transfer control data and succeed;
 106         *   or if "wrong direction", performs protocol stall
 107         */
 108        STATE_DEV_UNCONNECTED,
 109        STATE_DEV_CONNECTED,
 110        STATE_DEV_SETUP,
 111
 112        /* UNBOUND means the driver closed ep0, so the device won't be
 113         * accessible again (DEV_DISABLED) until all fds are closed.
 114         */
 115        STATE_DEV_UNBOUND,
 116};
 117
 118/* enough for the whole queue: most events invalidate others */
 119#define N_EVENT                 5
 120
 121struct dev_data {
 122        spinlock_t                      lock;
 123        atomic_t                        count;
 124        enum ep0_state                  state;          /* P: lock */
 125        struct usb_gadgetfs_event       event [N_EVENT];
 126        unsigned                        ev_next;
 127        struct fasync_struct            *fasync;
 128        u8                              current_config;
 129
 130        /* drivers reading ep0 MUST handle control requests (SETUP)
 131         * reported that way; else the host will time out.
 132         */
 133        unsigned                        usermode_setup : 1,
 134                                        setup_in : 1,
 135                                        setup_can_stall : 1,
 136                                        setup_out_ready : 1,
 137                                        setup_out_error : 1,
 138                                        setup_abort : 1;
 139        unsigned                        setup_wLength;
 140
 141        /* the rest is basically write-once */
 142        struct usb_config_descriptor    *config, *hs_config;
 143        struct usb_device_descriptor    *dev;
 144        struct usb_request              *req;
 145        struct usb_gadget               *gadget;
 146        struct list_head                epfiles;
 147        void                            *buf;
 148        wait_queue_head_t               wait;
 149        struct super_block              *sb;
 150        struct dentry                   *dentry;
 151
 152        /* except this scratch i/o buffer for ep0 */
 153        u8                              rbuf [256];
 154};
 155
 156static inline void get_dev (struct dev_data *data)
 157{
 158        atomic_inc (&data->count);
 159}
 160
 161static void put_dev (struct dev_data *data)
 162{
 163        if (likely (!atomic_dec_and_test (&data->count)))
 164                return;
 165        /* needs no more cleanup */
 166        BUG_ON (waitqueue_active (&data->wait));
 167        kfree (data);
 168}
 169
 170static struct dev_data *dev_new (void)
 171{
 172        struct dev_data         *dev;
 173
 174        dev = kzalloc(sizeof(*dev), GFP_KERNEL);
 175        if (!dev)
 176                return NULL;
 177        dev->state = STATE_DEV_DISABLED;
 178        atomic_set (&dev->count, 1);
 179        spin_lock_init (&dev->lock);
 180        INIT_LIST_HEAD (&dev->epfiles);
 181        init_waitqueue_head (&dev->wait);
 182        return dev;
 183}
 184
 185/*----------------------------------------------------------------------*/
 186
 187/* other /dev/gadget/$ENDPOINT files represent endpoints */
 188enum ep_state {
 189        STATE_EP_DISABLED = 0,
 190        STATE_EP_READY,
 191        STATE_EP_ENABLED,
 192        STATE_EP_UNBOUND,
 193};
 194
 195struct ep_data {
 196        struct mutex                    lock;
 197        enum ep_state                   state;
 198        atomic_t                        count;
 199        struct dev_data                 *dev;
 200        /* must hold dev->lock before accessing ep or req */
 201        struct usb_ep                   *ep;
 202        struct usb_request              *req;
 203        ssize_t                         status;
 204        char                            name [16];
 205        struct usb_endpoint_descriptor  desc, hs_desc;
 206        struct list_head                epfiles;
 207        wait_queue_head_t               wait;
 208        struct dentry                   *dentry;
 209        struct inode                    *inode;
 210};
 211
 212static inline void get_ep (struct ep_data *data)
 213{
 214        atomic_inc (&data->count);
 215}
 216
 217static void put_ep (struct ep_data *data)
 218{
 219        if (likely (!atomic_dec_and_test (&data->count)))
 220                return;
 221        put_dev (data->dev);
 222        /* needs no more cleanup */
 223        BUG_ON (!list_empty (&data->epfiles));
 224        BUG_ON (waitqueue_active (&data->wait));
 225        kfree (data);
 226}
 227
 228/*----------------------------------------------------------------------*/
 229
 230/* most "how to use the hardware" policy choices are in userspace:
 231 * mapping endpoint roles (which the driver needs) to the capabilities
 232 * which the usb controller has.  most of those capabilities are exposed
 233 * implicitly, starting with the driver name and then endpoint names.
 234 */
 235
 236static const char *CHIP;
 237
 238/*----------------------------------------------------------------------*/
 239
 240/* NOTE:  don't use dev_printk calls before binding to the gadget
 241 * at the end of ep0 configuration, or after unbind.
 242 */
 243
 244/* too wordy: dev_printk(level , &(d)->gadget->dev , fmt , ## args) */
 245#define xprintk(d,level,fmt,args...) \
 246        printk(level "%s: " fmt , shortname , ## args)
 247
 248#ifdef DEBUG
 249#define DBG(dev,fmt,args...) \
 250        xprintk(dev , KERN_DEBUG , fmt , ## args)
 251#else
 252#define DBG(dev,fmt,args...) \
 253        do { } while (0)
 254#endif /* DEBUG */
 255
 256#ifdef VERBOSE_DEBUG
 257#define VDEBUG  DBG
 258#else
 259#define VDEBUG(dev,fmt,args...) \
 260        do { } while (0)
 261#endif /* DEBUG */
 262
 263#define ERROR(dev,fmt,args...) \
 264        xprintk(dev , KERN_ERR , fmt , ## args)
 265#define INFO(dev,fmt,args...) \
 266        xprintk(dev , KERN_INFO , fmt , ## args)
 267
 268
 269/*----------------------------------------------------------------------*/
 270
 271/* SYNCHRONOUS ENDPOINT OPERATIONS (bulk/intr/iso)
 272 *
 273 * After opening, configure non-control endpoints.  Then use normal
 274 * stream read() and write() requests; and maybe ioctl() to get more
 275 * precise FIFO status when recovering from cancellation.
 276 */
 277
 278static void epio_complete (struct usb_ep *ep, struct usb_request *req)
 279{
 280        struct ep_data  *epdata = ep->driver_data;
 281
 282        if (!req->context)
 283                return;
 284        if (req->status)
 285                epdata->status = req->status;
 286        else
 287                epdata->status = req->actual;
 288        complete ((struct completion *)req->context);
 289}
 290
 291/* tasklock endpoint, returning when it's connected.
 292 * still need dev->lock to use epdata->ep.
 293 */
 294static int
 295get_ready_ep (unsigned f_flags, struct ep_data *epdata)
 296{
 297        int     val;
 298
 299        if (f_flags & O_NONBLOCK) {
 300                if (!mutex_trylock(&epdata->lock))
 301                        goto nonblock;
 302                if (epdata->state != STATE_EP_ENABLED) {
 303                        mutex_unlock(&epdata->lock);
 304nonblock:
 305                        val = -EAGAIN;
 306                } else
 307                        val = 0;
 308                return val;
 309        }
 310
 311        val = mutex_lock_interruptible(&epdata->lock);
 312        if (val < 0)
 313                return val;
 314
 315        switch (epdata->state) {
 316        case STATE_EP_ENABLED:
 317                break;
 318        // case STATE_EP_DISABLED:              /* "can't happen" */
 319        // case STATE_EP_READY:                 /* "can't happen" */
 320        default:                                /* error! */
 321                pr_debug ("%s: ep %p not available, state %d\n",
 322                                shortname, epdata, epdata->state);
 323                // FALLTHROUGH
 324        case STATE_EP_UNBOUND:                  /* clean disconnect */
 325                val = -ENODEV;
 326                mutex_unlock(&epdata->lock);
 327        }
 328        return val;
 329}
 330
 331static ssize_t
 332ep_io (struct ep_data *epdata, void *buf, unsigned len)
 333{
 334        DECLARE_COMPLETION_ONSTACK (done);
 335        int value;
 336
 337        spin_lock_irq (&epdata->dev->lock);
 338        if (likely (epdata->ep != NULL)) {
 339                struct usb_request      *req = epdata->req;
 340
 341                req->context = &done;
 342                req->complete = epio_complete;
 343                req->buf = buf;
 344                req->length = len;
 345                value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
 346        } else
 347                value = -ENODEV;
 348        spin_unlock_irq (&epdata->dev->lock);
 349
 350        if (likely (value == 0)) {
 351                value = wait_event_interruptible (done.wait, done.done);
 352                if (value != 0) {
 353                        spin_lock_irq (&epdata->dev->lock);
 354                        if (likely (epdata->ep != NULL)) {
 355                                DBG (epdata->dev, "%s i/o interrupted\n",
 356                                                epdata->name);
 357                                usb_ep_dequeue (epdata->ep, epdata->req);
 358                                spin_unlock_irq (&epdata->dev->lock);
 359
 360                                wait_event (done.wait, done.done);
 361                                if (epdata->status == -ECONNRESET)
 362                                        epdata->status = -EINTR;
 363                        } else {
 364                                spin_unlock_irq (&epdata->dev->lock);
 365
 366                                DBG (epdata->dev, "endpoint gone\n");
 367                                epdata->status = -ENODEV;
 368                        }
 369                }
 370                return epdata->status;
 371        }
 372        return value;
 373}
 374
 375
 376/* handle a synchronous OUT bulk/intr/iso transfer */
 377static ssize_t
 378ep_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
 379{
 380        struct ep_data          *data = fd->private_data;
 381        void                    *kbuf;
 382        ssize_t                 value;
 383
 384        if ((value = get_ready_ep (fd->f_flags, data)) < 0)
 385                return value;
 386
 387        /* halt any endpoint by doing a "wrong direction" i/o call */
 388        if (usb_endpoint_dir_in(&data->desc)) {
 389                if (usb_endpoint_xfer_isoc(&data->desc)) {
 390                        mutex_unlock(&data->lock);
 391                        return -EINVAL;
 392                }
 393                DBG (data->dev, "%s halt\n", data->name);
 394                spin_lock_irq (&data->dev->lock);
 395                if (likely (data->ep != NULL))
 396                        usb_ep_set_halt (data->ep);
 397                spin_unlock_irq (&data->dev->lock);
 398                mutex_unlock(&data->lock);
 399                return -EBADMSG;
 400        }
 401
 402        /* FIXME readahead for O_NONBLOCK and poll(); careful with ZLPs */
 403
 404        value = -ENOMEM;
 405        kbuf = kmalloc (len, GFP_KERNEL);
 406        if (unlikely (!kbuf))
 407                goto free1;
 408
 409        value = ep_io (data, kbuf, len);
 410        VDEBUG (data->dev, "%s read %zu OUT, status %d\n",
 411                data->name, len, (int) value);
 412        if (value >= 0 && copy_to_user (buf, kbuf, value))
 413                value = -EFAULT;
 414
 415free1:
 416        mutex_unlock(&data->lock);
 417        kfree (kbuf);
 418        return value;
 419}
 420
 421/* handle a synchronous IN bulk/intr/iso transfer */
 422static ssize_t
 423ep_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
 424{
 425        struct ep_data          *data = fd->private_data;
 426        void                    *kbuf;
 427        ssize_t                 value;
 428
 429        if ((value = get_ready_ep (fd->f_flags, data)) < 0)
 430                return value;
 431
 432        /* halt any endpoint by doing a "wrong direction" i/o call */
 433        if (!usb_endpoint_dir_in(&data->desc)) {
 434                if (usb_endpoint_xfer_isoc(&data->desc))
 435                        return -EINVAL;
 436                DBG (data->dev, "%s halt\n", data->name);
 437                spin_lock_irq (&data->dev->lock);
 438                if (likely (data->ep != NULL))
 439                        usb_ep_set_halt (data->ep);
 440                spin_unlock_irq (&data->dev->lock);
 441                mutex_unlock(&data->lock);
 442                return -EBADMSG;
 443        }
 444
 445        /* FIXME writebehind for O_NONBLOCK and poll(), qlen = 1 */
 446
 447        value = -ENOMEM;
 448        kbuf = kmalloc (len, GFP_KERNEL);
 449        if (!kbuf)
 450                goto free1;
 451        if (copy_from_user (kbuf, buf, len)) {
 452                value = -EFAULT;
 453                goto free1;
 454        }
 455
 456        value = ep_io (data, kbuf, len);
 457        VDEBUG (data->dev, "%s write %zu IN, status %d\n",
 458                data->name, len, (int) value);
 459free1:
 460        mutex_unlock(&data->lock);
 461        kfree (kbuf);
 462        return value;
 463}
 464
 465static int
 466ep_release (struct inode *inode, struct file *fd)
 467{
 468        struct ep_data          *data = fd->private_data;
 469        int value;
 470
 471        value = mutex_lock_interruptible(&data->lock);
 472        if (value < 0)
 473                return value;
 474
 475        /* clean up if this can be reopened */
 476        if (data->state != STATE_EP_UNBOUND) {
 477                data->state = STATE_EP_DISABLED;
 478                data->desc.bDescriptorType = 0;
 479                data->hs_desc.bDescriptorType = 0;
 480                usb_ep_disable(data->ep);
 481        }
 482        mutex_unlock(&data->lock);
 483        put_ep (data);
 484        return 0;
 485}
 486
 487static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
 488{
 489        struct ep_data          *data = fd->private_data;
 490        int                     status;
 491
 492        if ((status = get_ready_ep (fd->f_flags, data)) < 0)
 493                return status;
 494
 495        spin_lock_irq (&data->dev->lock);
 496        if (likely (data->ep != NULL)) {
 497                switch (code) {
 498                case GADGETFS_FIFO_STATUS:
 499                        status = usb_ep_fifo_status (data->ep);
 500                        break;
 501                case GADGETFS_FIFO_FLUSH:
 502                        usb_ep_fifo_flush (data->ep);
 503                        break;
 504                case GADGETFS_CLEAR_HALT:
 505                        status = usb_ep_clear_halt (data->ep);
 506                        break;
 507                default:
 508                        status = -ENOTTY;
 509                }
 510        } else
 511                status = -ENODEV;
 512        spin_unlock_irq (&data->dev->lock);
 513        mutex_unlock(&data->lock);
 514        return status;
 515}
 516
 517/*----------------------------------------------------------------------*/
 518
 519/* ASYNCHRONOUS ENDPOINT I/O OPERATIONS (bulk/intr/iso) */
 520
 521struct kiocb_priv {
 522        struct usb_request      *req;
 523        struct ep_data          *epdata;
 524        void                    *buf;
 525        const struct iovec      *iv;
 526        unsigned long           nr_segs;
 527        unsigned                actual;
 528};
 529
 530static int ep_aio_cancel(struct kiocb *iocb, struct io_event *e)
 531{
 532        struct kiocb_priv       *priv = iocb->private;
 533        struct ep_data          *epdata;
 534        int                     value;
 535
 536        local_irq_disable();
 537        epdata = priv->epdata;
 538        // spin_lock(&epdata->dev->lock);
 539        kiocbSetCancelled(iocb);
 540        if (likely(epdata && epdata->ep && priv->req))
 541                value = usb_ep_dequeue (epdata->ep, priv->req);
 542        else
 543                value = -EINVAL;
 544        // spin_unlock(&epdata->dev->lock);
 545        local_irq_enable();
 546
 547        aio_put_req(iocb);
 548        return value;
 549}
 550
 551static ssize_t ep_aio_read_retry(struct kiocb *iocb)
 552{
 553        struct kiocb_priv       *priv = iocb->private;
 554        ssize_t                 len, total;
 555        void                    *to_copy;
 556        int                     i;
 557
 558        /* we "retry" to get the right mm context for this: */
 559
 560        /* copy stuff into user buffers */
 561        total = priv->actual;
 562        len = 0;
 563        to_copy = priv->buf;
 564        for (i=0; i < priv->nr_segs; i++) {
 565                ssize_t this = min((ssize_t)(priv->iv[i].iov_len), total);
 566
 567                if (copy_to_user(priv->iv[i].iov_base, to_copy, this)) {
 568                        if (len == 0)
 569                                len = -EFAULT;
 570                        break;
 571                }
 572
 573                total -= this;
 574                len += this;
 575                to_copy += this;
 576                if (total == 0)
 577                        break;
 578        }
 579        kfree(priv->buf);
 580        kfree(priv);
 581        return len;
 582}
 583
 584static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
 585{
 586        struct kiocb            *iocb = req->context;
 587        struct kiocb_priv       *priv = iocb->private;
 588        struct ep_data          *epdata = priv->epdata;
 589
 590        /* lock against disconnect (and ideally, cancel) */
 591        spin_lock(&epdata->dev->lock);
 592        priv->req = NULL;
 593        priv->epdata = NULL;
 594
 595        /* if this was a write or a read returning no data then we
 596         * don't need to copy anything to userspace, so we can
 597         * complete the aio request immediately.
 598         */
 599        if (priv->iv == NULL || unlikely(req->actual == 0)) {
 600                kfree(req->buf);
 601                kfree(priv);
 602                iocb->private = NULL;
 603                /* aio_complete() reports bytes-transferred _and_ faults */
 604                aio_complete(iocb, req->actual ? req->actual : req->status,
 605                                req->status);
 606        } else {
 607                /* retry() won't report both; so we hide some faults */
 608                if (unlikely(0 != req->status))
 609                        DBG(epdata->dev, "%s fault %d len %d\n",
 610                                ep->name, req->status, req->actual);
 611
 612                priv->buf = req->buf;
 613                priv->actual = req->actual;
 614                kick_iocb(iocb);
 615        }
 616        spin_unlock(&epdata->dev->lock);
 617
 618        usb_ep_free_request(ep, req);
 619        put_ep(epdata);
 620}
 621
 622static ssize_t
 623ep_aio_rwtail(
 624        struct kiocb    *iocb,
 625        char            *buf,
 626        size_t          len,
 627        struct ep_data  *epdata,
 628        const struct iovec *iv,
 629        unsigned long   nr_segs
 630)
 631{
 632        struct kiocb_priv       *priv;
 633        struct usb_request      *req;
 634        ssize_t                 value;
 635
 636        priv = kmalloc(sizeof *priv, GFP_KERNEL);
 637        if (!priv) {
 638                value = -ENOMEM;
 639fail:
 640                kfree(buf);
 641                return value;
 642        }
 643        iocb->private = priv;
 644        priv->iv = iv;
 645        priv->nr_segs = nr_segs;
 646
 647        value = get_ready_ep(iocb->ki_filp->f_flags, epdata);
 648        if (unlikely(value < 0)) {
 649                kfree(priv);
 650                goto fail;
 651        }
 652
 653        iocb->ki_cancel = ep_aio_cancel;
 654        get_ep(epdata);
 655        priv->epdata = epdata;
 656        priv->actual = 0;
 657
 658        /* each kiocb is coupled to one usb_request, but we can't
 659         * allocate or submit those if the host disconnected.
 660         */
 661        spin_lock_irq(&epdata->dev->lock);
 662        if (likely(epdata->ep)) {
 663                req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
 664                if (likely(req)) {
 665                        priv->req = req;
 666                        req->buf = buf;
 667                        req->length = len;
 668                        req->complete = ep_aio_complete;
 669                        req->context = iocb;
 670                        value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
 671                        if (unlikely(0 != value))
 672                                usb_ep_free_request(epdata->ep, req);
 673                } else
 674                        value = -EAGAIN;
 675        } else
 676                value = -ENODEV;
 677        spin_unlock_irq(&epdata->dev->lock);
 678
 679        mutex_unlock(&epdata->lock);
 680
 681        if (unlikely(value)) {
 682                kfree(priv);
 683                put_ep(epdata);
 684        } else
 685                value = (iv ? -EIOCBRETRY : -EIOCBQUEUED);
 686        return value;
 687}
 688
 689static ssize_t
 690ep_aio_read(struct kiocb *iocb, const struct iovec *iov,
 691                unsigned long nr_segs, loff_t o)
 692{
 693        struct ep_data          *epdata = iocb->ki_filp->private_data;
 694        char                    *buf;
 695
 696        if (unlikely(usb_endpoint_dir_in(&epdata->desc)))
 697                return -EINVAL;
 698
 699        buf = kmalloc(iocb->ki_left, GFP_KERNEL);
 700        if (unlikely(!buf))
 701                return -ENOMEM;
 702
 703        iocb->ki_retry = ep_aio_read_retry;
 704        return ep_aio_rwtail(iocb, buf, iocb->ki_left, epdata, iov, nr_segs);
 705}
 706
 707static ssize_t
 708ep_aio_write(struct kiocb *iocb, const struct iovec *iov,
 709                unsigned long nr_segs, loff_t o)
 710{
 711        struct ep_data          *epdata = iocb->ki_filp->private_data;
 712        char                    *buf;
 713        size_t                  len = 0;
 714        int                     i = 0;
 715
 716        if (unlikely(!usb_endpoint_dir_in(&epdata->desc)))
 717                return -EINVAL;
 718
 719        buf = kmalloc(iocb->ki_left, GFP_KERNEL);
 720        if (unlikely(!buf))
 721                return -ENOMEM;
 722
 723        for (i=0; i < nr_segs; i++) {
 724                if (unlikely(copy_from_user(&buf[len], iov[i].iov_base,
 725                                iov[i].iov_len) != 0)) {
 726                        kfree(buf);
 727                        return -EFAULT;
 728                }
 729                len += iov[i].iov_len;
 730        }
 731        return ep_aio_rwtail(iocb, buf, len, epdata, NULL, 0);
 732}
 733
 734/*----------------------------------------------------------------------*/
 735
 736/* used after endpoint configuration */
 737static const struct file_operations ep_io_operations = {
 738        .owner =        THIS_MODULE,
 739        .llseek =       no_llseek,
 740
 741        .read =         ep_read,
 742        .write =        ep_write,
 743        .unlocked_ioctl = ep_ioctl,
 744        .release =      ep_release,
 745
 746        .aio_read =     ep_aio_read,
 747        .aio_write =    ep_aio_write,
 748};
 749
 750/* ENDPOINT INITIALIZATION
 751 *
 752 *     fd = open ("/dev/gadget/$ENDPOINT", O_RDWR)
 753 *     status = write (fd, descriptors, sizeof descriptors)
 754 *
 755 * That write establishes the endpoint configuration, configuring
 756 * the controller to process bulk, interrupt, or isochronous transfers
 757 * at the right maxpacket size, and so on.
 758 *
 759 * The descriptors are message type 1, identified by a host order u32
 760 * at the beginning of what's written.  Descriptor order is: full/low
 761 * speed descriptor, then optional high speed descriptor.
 762 */
 763static ssize_t
 764ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
 765{
 766        struct ep_data          *data = fd->private_data;
 767        struct usb_ep           *ep;
 768        u32                     tag;
 769        int                     value, length = len;
 770
 771        value = mutex_lock_interruptible(&data->lock);
 772        if (value < 0)
 773                return value;
 774
 775        if (data->state != STATE_EP_READY) {
 776                value = -EL2HLT;
 777                goto fail;
 778        }
 779
 780        value = len;
 781        if (len < USB_DT_ENDPOINT_SIZE + 4)
 782                goto fail0;
 783
 784        /* we might need to change message format someday */
 785        if (copy_from_user (&tag, buf, 4)) {
 786                goto fail1;
 787        }
 788        if (tag != 1) {
 789                DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
 790                goto fail0;
 791        }
 792        buf += 4;
 793        len -= 4;
 794
 795        /* NOTE:  audio endpoint extensions not accepted here;
 796         * just don't include the extra bytes.
 797         */
 798
 799        /* full/low speed descriptor, then high speed */
 800        if (copy_from_user (&data->desc, buf, USB_DT_ENDPOINT_SIZE)) {
 801                goto fail1;
 802        }
 803        if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
 804                        || data->desc.bDescriptorType != USB_DT_ENDPOINT)
 805                goto fail0;
 806        if (len != USB_DT_ENDPOINT_SIZE) {
 807                if (len != 2 * USB_DT_ENDPOINT_SIZE)
 808                        goto fail0;
 809                if (copy_from_user (&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
 810                                        USB_DT_ENDPOINT_SIZE)) {
 811                        goto fail1;
 812                }
 813                if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
 814                                || data->hs_desc.bDescriptorType
 815                                        != USB_DT_ENDPOINT) {
 816                        DBG(data->dev, "config %s, bad hs length or type\n",
 817                                        data->name);
 818                        goto fail0;
 819                }
 820        }
 821
 822        spin_lock_irq (&data->dev->lock);
 823        if (data->dev->state == STATE_DEV_UNBOUND) {
 824                value = -ENOENT;
 825                goto gone;
 826        } else if ((ep = data->ep) == NULL) {
 827                value = -ENODEV;
 828                goto gone;
 829        }
 830        switch (data->dev->gadget->speed) {
 831        case USB_SPEED_LOW:
 832        case USB_SPEED_FULL:
 833                value = usb_ep_enable (ep, &data->desc);
 834                if (value == 0)
 835                        data->state = STATE_EP_ENABLED;
 836                break;
 837#ifdef  CONFIG_USB_GADGET_DUALSPEED
 838        case USB_SPEED_HIGH:
 839                /* fails if caller didn't provide that descriptor... */
 840                value = usb_ep_enable (ep, &data->hs_desc);
 841                if (value == 0)
 842                        data->state = STATE_EP_ENABLED;
 843                break;
 844#endif
 845        default:
 846                DBG(data->dev, "unconnected, %s init abandoned\n",
 847                                data->name);
 848                value = -EINVAL;
 849        }
 850        if (value == 0) {
 851                fd->f_op = &ep_io_operations;
 852                value = length;
 853        }
 854gone:
 855        spin_unlock_irq (&data->dev->lock);
 856        if (value < 0) {
 857fail:
 858                data->desc.bDescriptorType = 0;
 859                data->hs_desc.bDescriptorType = 0;
 860        }
 861        mutex_unlock(&data->lock);
 862        return value;
 863fail0:
 864        value = -EINVAL;
 865        goto fail;
 866fail1:
 867        value = -EFAULT;
 868        goto fail;
 869}
 870
 871static int
 872ep_open (struct inode *inode, struct file *fd)
 873{
 874        struct ep_data          *data = inode->i_private;
 875        int                     value = -EBUSY;
 876
 877        if (mutex_lock_interruptible(&data->lock) != 0)
 878                return -EINTR;
 879        spin_lock_irq (&data->dev->lock);
 880        if (data->dev->state == STATE_DEV_UNBOUND)
 881                value = -ENOENT;
 882        else if (data->state == STATE_EP_DISABLED) {
 883                value = 0;
 884                data->state = STATE_EP_READY;
 885                get_ep (data);
 886                fd->private_data = data;
 887                VDEBUG (data->dev, "%s ready\n", data->name);
 888        } else
 889                DBG (data->dev, "%s state %d\n",
 890                        data->name, data->state);
 891        spin_unlock_irq (&data->dev->lock);
 892        mutex_unlock(&data->lock);
 893        return value;
 894}
 895
 896/* used before endpoint configuration */
 897static const struct file_operations ep_config_operations = {
 898        .owner =        THIS_MODULE,
 899        .llseek =       no_llseek,
 900
 901        .open =         ep_open,
 902        .write =        ep_config,
 903        .release =      ep_release,
 904};
 905
 906/*----------------------------------------------------------------------*/
 907
 908/* EP0 IMPLEMENTATION can be partly in userspace.
 909 *
 910 * Drivers that use this facility receive various events, including
 911 * control requests the kernel doesn't handle.  Drivers that don't
 912 * use this facility may be too simple-minded for real applications.
 913 */
 914
 915static inline void ep0_readable (struct dev_data *dev)
 916{
 917        wake_up (&dev->wait);
 918        kill_fasync (&dev->fasync, SIGIO, POLL_IN);
 919}
 920
 921static void clean_req (struct usb_ep *ep, struct usb_request *req)
 922{
 923        struct dev_data         *dev = ep->driver_data;
 924
 925        if (req->buf != dev->rbuf) {
 926                kfree(req->buf);
 927                req->buf = dev->rbuf;
 928                req->dma = DMA_ADDR_INVALID;
 929        }
 930        req->complete = epio_complete;
 931        dev->setup_out_ready = 0;
 932}
 933
 934static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
 935{
 936        struct dev_data         *dev = ep->driver_data;
 937        unsigned long           flags;
 938        int                     free = 1;
 939
 940        /* for control OUT, data must still get to userspace */
 941        spin_lock_irqsave(&dev->lock, flags);
 942        if (!dev->setup_in) {
 943                dev->setup_out_error = (req->status != 0);
 944                if (!dev->setup_out_error)
 945                        free = 0;
 946                dev->setup_out_ready = 1;
 947                ep0_readable (dev);
 948        }
 949
 950        /* clean up as appropriate */
 951        if (free && req->buf != &dev->rbuf)
 952                clean_req (ep, req);
 953        req->complete = epio_complete;
 954        spin_unlock_irqrestore(&dev->lock, flags);
 955}
 956
 957static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
 958{
 959        struct dev_data *dev = ep->driver_data;
 960
 961        if (dev->setup_out_ready) {
 962                DBG (dev, "ep0 request busy!\n");
 963                return -EBUSY;
 964        }
 965        if (len > sizeof (dev->rbuf))
 966                req->buf = kmalloc(len, GFP_ATOMIC);
 967        if (req->buf == NULL) {
 968                req->buf = dev->rbuf;
 969                return -ENOMEM;
 970        }
 971        req->complete = ep0_complete;
 972        req->length = len;
 973        req->zero = 0;
 974        return 0;
 975}
 976
 977static ssize_t
 978ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
 979{
 980        struct dev_data                 *dev = fd->private_data;
 981        ssize_t                         retval;
 982        enum ep0_state                  state;
 983
 984        spin_lock_irq (&dev->lock);
 985
 986        /* report fd mode change before acting on it */
 987        if (dev->setup_abort) {
 988                dev->setup_abort = 0;
 989                retval = -EIDRM;
 990                goto done;
 991        }
 992
 993        /* control DATA stage */
 994        if ((state = dev->state) == STATE_DEV_SETUP) {
 995
 996                if (dev->setup_in) {            /* stall IN */
 997                        VDEBUG(dev, "ep0in stall\n");
 998                        (void) usb_ep_set_halt (dev->gadget->ep0);
 999                        retval = -EL2HLT;
1000                        dev->state = STATE_DEV_CONNECTED;

1001
1002                } else if (len == 0) {          /* ack SET_CONFIGURATION etc */
1003                        struct usb_ep           *ep = dev->gadget->ep0;
1004                        struct usb_request      *req = dev->req;
1005
1006                        if ((retval = setup_req (ep, req, 0)) == 0)
1007                                retval = usb_ep_queue (ep, req, GFP_ATOMIC);
1008                        dev->state = STATE_DEV_CONNECTED;
1009
1010                        /* assume that was SET_CONFIGURATION */
1011                        if (dev->current_config) {
1012                                unsigned power;
1013
1014                                if (gadget_is_dualspeed(dev->gadget)
1015                                                && (dev->gadget->speed
1016                                                        == USB_SPEED_HIGH))
1017                                        power = dev->hs_config->bMaxPower;
1018                                else
1019                                        power = dev->config->bMaxPower;
1020                                usb_gadget_vbus_draw(dev->gadget, 2 * power);
1021                        }
1022
1023                } else {                        /* collect OUT data */
1024                        if ((fd->f_flags & O_NONBLOCK) != 0
1025                                        && !dev->setup_out_ready) {
1026                                retval = -EAGAIN;
1027                                goto done;
1028                        }
1029                        spin_unlock_irq (&dev->lock);
1030                        retval = wait_event_interruptible (dev->wait,
1031                                        dev->setup_out_ready != 0);
1032
1033                        /* FIXME state could change from under us */
1034                        spin_lock_irq (&dev->lock);
1035                        if (retval)
1036                                goto done;
1037
1038                        if (dev->state != STATE_DEV_SETUP) {
1039                                retval = -ECANCELED;
1040                                goto done;
1041                        }
1042                        dev->state = STATE_DEV_CONNECTED;
1043
1044                        if (dev->setup_out_error)
1045                                retval = -EIO;
1046                        else {
1047                                len = min (len, (size_t)dev->req->actual);
1048// FIXME don't call this with the spinlock held ...
1049                                if (copy_to_user (buf, dev->req->buf, len))
1050                                        retval = -EFAULT;
1051                                clean_req (dev->gadget->ep0, dev->req);
1052                                /* NOTE userspace can't yet choose to stall */
1053                        }
1054                }
1055                goto done;
1056        }
1057
1058        /* else normal: return event data */
1059        if (len < sizeof dev->event [0]) {
1060                retval = -EINVAL;
1061                goto done;
1062        }
1063        len -= len % sizeof (struct usb_gadgetfs_event);
1064        dev->usermode_setup = 1;
1065
1066scan:
1067        /* return queued events right away */
1068        if (dev->ev_next != 0) {
1069                unsigned                i, n;
1070
1071                n = len / sizeof (struct usb_gadgetfs_event);
1072                if (dev->ev_next < n)
1073                        n = dev->ev_next;
1074
1075                /* ep0 i/o has special semantics during STATE_DEV_SETUP */
1076                for (i = 0; i < n; i++) {
1077                        if (dev->event [i].type == GADGETFS_SETUP) {
1078                                dev->state = STATE_DEV_SETUP;
1079                                n = i + 1;
1080                                break;
1081                        }
1082                }
1083                spin_unlock_irq (&dev->lock);
1084                len = n * sizeof (struct usb_gadgetfs_event);
1085                if (copy_to_user (buf, &dev->event, len))
1086                        retval = -EFAULT;
1087                else
1088                        retval = len;
1089                if (len > 0) {
1090                        /* NOTE this doesn't guard against broken drivers;
1091                         * concurrent ep0 readers may lose events.
1092                         */
1093                        spin_lock_irq (&dev->lock);
1094                        if (dev->ev_next > n) {
1095                                memmove(&dev->event[0], &dev->event[n],
1096                                        sizeof (struct usb_gadgetfs_event)
1097                                                * (dev->ev_next - n));
1098                        }
1099                        dev->ev_next -= n;
1100                        spin_unlock_irq (&dev->lock);
1101                }
1102                return retval;
1103        }
1104        if (fd->f_flags & O_NONBLOCK) {
1105                retval = -EAGAIN;
1106                goto done;
1107        }
1108
1109        switch (state) {
1110        default:
1111                DBG (dev, "fail %s, state %d\n", __func__, state);
1112                retval = -ESRCH;
1113                break;
1114        case STATE_DEV_UNCONNECTED:
1115        case STATE_DEV_CONNECTED:
1116                spin_unlock_irq (&dev->lock);
1117                DBG (dev, "%s wait\n", __func__);
1118
1119                /* wait for events */
1120                retval = wait_event_interruptible (dev->wait,
1121                                dev->ev_next != 0);
1122                if (retval < 0)
1123                        return retval;
1124                spin_lock_irq (&dev->lock);
1125                goto scan;
1126        }
1127
1128done:
1129        spin_unlock_irq (&dev->lock);
1130        return retval;
1131}
1132
1133static struct usb_gadgetfs_event *
1134next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1135{
1136        struct usb_gadgetfs_event       *event;
1137        unsigned                        i;
1138
1139        switch (type) {
1140        /* these events purge the queue */
1141        case GADGETFS_DISCONNECT:
1142                if (dev->state == STATE_DEV_SETUP)
1143                        dev->setup_abort = 1;
1144                // FALL THROUGH
1145        case GADGETFS_CONNECT:
1146                dev->ev_next = 0;
1147                break;
1148        case GADGETFS_SETUP:            /* previous request timed out */
1149        case GADGETFS_SUSPEND:          /* same effect */
1150                /* these events can't be repeated */
1151                for (i = 0; i != dev->ev_next; i++) {
1152                        if (dev->event [i].type != type)
1153                                continue;
1154                        DBG(dev, "discard old event[%d] %d\n", i, type);
1155                        dev->ev_next--;
1156                        if (i == dev->ev_next)
1157                                break;
1158                        /* indices start at zero, for simplicity */
1159                        memmove (&dev->event [i], &dev->event [i + 1],
1160                                sizeof (struct usb_gadgetfs_event)
1161                                        * (dev->ev_next - i));
1162                }
1163                break;
1164        default:
1165                BUG ();
1166        }
1167        VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1168        event = &dev->event [dev->ev_next++];
1169        BUG_ON (dev->ev_next > N_EVENT);
1170        memset (event, 0, sizeof *event);
1171        event->type = type;
1172        return event;
1173}
1174
1175static ssize_t
1176ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1177{
1178        struct dev_data         *dev = fd->private_data;
1179        ssize_t                 retval = -ESRCH;
1180
1181        spin_lock_irq (&dev->lock);
1182
1183        /* report fd mode change before acting on it */
1184        if (dev->setup_abort) {
1185                dev->setup_abort = 0;
1186                retval = -EIDRM;
1187
1188        /* data and/or status stage for control request */
1189        } else if (dev->state == STATE_DEV_SETUP) {
1190
1191                /* IN DATA+STATUS caller makes len <= wLength */
1192                if (dev->setup_in) {
1193                        retval = setup_req (dev->gadget->ep0, dev->req, len);
1194                        if (retval == 0) {
1195                                dev->state = STATE_DEV_CONNECTED;
1196                                spin_unlock_irq (&dev->lock);
1197                                if (copy_from_user (dev->req->buf, buf, len))
1198                                        retval = -EFAULT;
1199                                else {
1200                                        if (len < dev->setup_wLength)
1201                                                dev->req->zero = 1;
1202                                        retval = usb_ep_queue (
1203                                                dev->gadget->ep0, dev->req,
1204                                                GFP_KERNEL);
1205                                }
1206                                if (retval < 0) {
1207                                        spin_lock_irq (&dev->lock);
1208                                        clean_req (dev->gadget->ep0, dev->req);
1209                                        spin_unlock_irq (&dev->lock);
1210                                } else
1211                                        retval = len;
1212
1213                                return retval;
1214                        }
1215
1216                /* can stall some OUT transfers */
1217                } else if (dev->setup_can_stall) {
1218                        VDEBUG(dev, "ep0out stall\n");
1219                        (void) usb_ep_set_halt (dev->gadget->ep0);
1220                        retval = -EL2HLT;
1221                        dev->state = STATE_DEV_CONNECTED;
1222                } else {
1223                        DBG(dev, "bogus ep0out stall!\n");
1224                }
1225        } else
1226                DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1227
1228        spin_unlock_irq (&dev->lock);
1229        return retval;
1230}
1231
1232static int
1233ep0_fasync (int f, struct file *fd, int on)
1234{
1235        struct dev_data         *dev = fd->private_data;
1236        // caller must F_SETOWN before signal delivery happens
1237        VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1238        return fasync_helper (f, fd, on, &dev->fasync);
1239}
1240
1241static struct usb_gadget_driver gadgetfs_driver;
1242
1243static int
1244dev_release (struct inode *inode, struct file *fd)
1245{
1246        struct dev_data         *dev = fd->private_data;
1247
1248        /* closing ep0 === shutdown all */
1249
1250        usb_gadget_unregister_driver (&gadgetfs_driver);
1251
1252        /* at this point "good" hardware has disconnected the
1253         * device from USB; the host won't see it any more.
1254         * alternatively, all host requests will time out.
1255         */
1256
1257        kfree (dev->buf);
1258        dev->buf = NULL;
1259        put_dev (dev);
1260
1261        /* other endpoints were all decoupled from this device */
1262        spin_lock_irq(&dev->lock);
1263        dev->state = STATE_DEV_DISABLED;
1264        spin_unlock_irq(&dev->lock);
1265        return 0;
1266}
1267
1268static unsigned int
1269ep0_poll (struct file *fd, poll_table *wait)
1270{
1271       struct dev_data         *dev = fd->private_data;
1272       int                     mask = 0;
1273
1274       poll_wait(fd, &dev->wait, wait);
1275
1276       spin_lock_irq (&dev->lock);
1277
1278       /* report fd mode change before acting on it */
1279       if (dev->setup_abort) {
1280               dev->setup_abort = 0;
1281               mask = POLLHUP;
1282               goto out;
1283       }
1284
1285       if (dev->state == STATE_DEV_SETUP) {
1286               if (dev->setup_in || dev->setup_can_stall)
1287                       mask = POLLOUT;
1288       } else {
1289               if (dev->ev_next != 0)
1290                       mask = POLLIN;
1291       }
1292out:
1293       spin_unlock_irq(&dev->lock);
1294       return mask;
1295}
1296
1297static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1298{
1299        struct dev_data         *dev = fd->private_data;
1300        struct usb_gadget       *gadget = dev->gadget;
1301        long ret = -ENOTTY;
1302
1303        if (gadget->ops->ioctl)
1304                ret = gadget->ops->ioctl (gadget, code, value);
1305
1306        return ret;
1307}
1308
1309/* used after device configuration */
1310static const struct file_operations ep0_io_operations = {
1311        .owner =        THIS_MODULE,
1312        .llseek =       no_llseek,
1313
1314        .read =         ep0_read,
1315        .write =        ep0_write,
1316        .fasync =       ep0_fasync,
1317        .poll =         ep0_poll,
1318        .unlocked_ioctl =       dev_ioctl,
1319        .release =      dev_release,
1320};
1321
1322/*----------------------------------------------------------------------*/
1323
1324/* The in-kernel gadget driver handles most ep0 issues, in particular
1325 * enumerating the single configuration (as provided from user space).
1326 *
1327 * Unrecognized ep0 requests may be handled in user space.
1328 */
1329
1330#ifdef  CONFIG_USB_GADGET_DUALSPEED
1331static void make_qualifier (struct dev_data *dev)
1332{
1333        struct usb_qualifier_descriptor         qual;
1334        struct usb_device_descriptor            *desc;
1335
1336        qual.bLength = sizeof qual;
1337        qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1338        qual.bcdUSB = cpu_to_le16 (0x0200);
1339
1340        desc = dev->dev;
1341        qual.bDeviceClass = desc->bDeviceClass;
1342        qual.bDeviceSubClass = desc->bDeviceSubClass;
1343        qual.bDeviceProtocol = desc->bDeviceProtocol;
1344
1345        /* assumes ep0 uses the same value for both speeds ... */
1346        qual.bMaxPacketSize0 = desc->bMaxPacketSize0;
1347
1348        qual.bNumConfigurations = 1;
1349        qual.bRESERVED = 0;
1350
1351        memcpy (dev->rbuf, &qual, sizeof qual);
1352}
1353#endif
1354
1355static int
1356config_buf (struct dev_data *dev, u8 type, unsigned index)
1357{
1358        int             len;
1359        int             hs = 0;
1360
1361        /* only one configuration */
1362        if (index > 0)
1363                return -EINVAL;
1364
1365        if (gadget_is_dualspeed(dev->gadget)) {
1366                hs = (dev->gadget->speed == USB_SPEED_HIGH);
1367                if (type == USB_DT_OTHER_SPEED_CONFIG)
1368                        hs = !hs;
1369        }
1370        if (hs) {
1371                dev->req->buf = dev->hs_config;
1372                len = le16_to_cpu(dev->hs_config->wTotalLength);
1373        } else {
1374                dev->req->buf = dev->config;
1375                len = le16_to_cpu(dev->config->wTotalLength);
1376        }
1377        ((u8 *)dev->req->buf) [1] = type;
1378        return len;
1379}
1380
1381static int
1382gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1383{
1384        struct dev_data                 *dev = get_gadget_data (gadget);
1385        struct usb_request              *req = dev->req;
1386        int                             value = -EOPNOTSUPP;
1387        struct usb_gadgetfs_event       *event;
1388        u16                             w_value = le16_to_cpu(ctrl->wValue);
1389        u16                             w_length = le16_to_cpu(ctrl->wLength);
1390
1391        spin_lock (&dev->lock);
1392        dev->setup_abort = 0;
1393        if (dev->state == STATE_DEV_UNCONNECTED) {
1394                if (gadget_is_dualspeed(gadget)
1395                                && gadget->speed == USB_SPEED_HIGH
1396                                && dev->hs_config == NULL) {
1397                        spin_unlock(&dev->lock);
1398                        ERROR (dev, "no high speed config??\n");
1399                        return -EINVAL;
1400                }
1401
1402                dev->state = STATE_DEV_CONNECTED;
1403                dev->dev->bMaxPacketSize0 = gadget->ep0->maxpacket;
1404
1405                INFO (dev, "connected\n");
1406                event = next_event (dev, GADGETFS_CONNECT);
1407                event->u.speed = gadget->speed;
1408                ep0_readable (dev);
1409
1410        /* host may have given up waiting for response.  we can miss control
1411         * requests handled lower down (device/endpoint status and features);
1412         * then ep0_{read,write} will report the wrong status. controller
1413         * driver will have aborted pending i/o.
1414         */
1415        } else if (dev->state == STATE_DEV_SETUP)
1416                dev->setup_abort = 1;
1417
1418        req->buf = dev->rbuf;
1419        req->dma = DMA_ADDR_INVALID;
1420        req->context = NULL;
1421        value = -EOPNOTSUPP;
1422        switch (ctrl->bRequest) {
1423
1424        case USB_REQ_GET_DESCRIPTOR:
1425                if (ctrl->bRequestType != USB_DIR_IN)
1426                        goto unrecognized;
1427                switch (w_value >> 8) {
1428
1429                case USB_DT_DEVICE:
1430                        value = min (w_length, (u16) sizeof *dev->dev);
1431                        req->buf = dev->dev;
1432                        break;
1433#ifdef  CONFIG_USB_GADGET_DUALSPEED
1434                case USB_DT_DEVICE_QUALIFIER:
1435                        if (!dev->hs_config)
1436                                break;
1437                        value = min (w_length, (u16)
1438                                sizeof (struct usb_qualifier_descriptor));
1439                        make_qualifier (dev);
1440                        break;
1441                case USB_DT_OTHER_SPEED_CONFIG:
1442                        // FALLTHROUGH
1443#endif
1444                case USB_DT_CONFIG:
1445                        value = config_buf (dev,
1446                                        w_value >> 8,
1447                                        w_value & 0xff);
1448                        if (value >= 0)
1449                                value = min (w_length, (u16) value);
1450                        break;
1451                case USB_DT_STRING:
1452                        goto unrecognized;
1453
1454                default:                // all others are errors
1455                        break;
1456                }
1457                break;
1458
1459        /* currently one config, two speeds */
1460        case USB_REQ_SET_CONFIGURATION:
1461                if (ctrl->bRequestType != 0)
1462                        goto unrecognized;
1463                if (0 == (u8) w_value) {
1464                        value = 0;
1465                        dev->current_config = 0;
1466                        usb_gadget_vbus_draw(gadget, 8 /* mA */ );
1467                        // user mode expected to disable endpoints
1468                } else {
1469                        u8      config, power;
1470
1471                        if (gadget_is_dualspeed(gadget)
1472                                        && gadget->speed == USB_SPEED_HIGH) {
1473                                config = dev->hs_config->bConfigurationValue;
1474                                power = dev->hs_config->bMaxPower;
1475                        } else {
1476                                config = dev->config->bConfigurationValue;
1477                                power = dev->config->bMaxPower;
1478                        }
1479
1480                        if (config == (u8) w_value) {
1481                                value = 0;
1482                                dev->current_config = config;
1483                                usb_gadget_vbus_draw(gadget, 2 * power);
1484                        }
1485                }
1486
1487                /* report SET_CONFIGURATION like any other control request,
1488                 * except that usermode may not stall this.  the next
1489                 * request mustn't be allowed start until this finishes:
1490                 * endpoints and threads set up, etc.
1491                 *
1492                 * NOTE:  older PXA hardware (before PXA 255: without UDCCFR)
1493                 * has bad/racey automagic that prevents synchronizing here.
1494                 * even kernel mode drivers often miss them.
1495                 */
1496                if (value == 0) {
1497                        INFO (dev, "configuration #%d\n", dev->current_config);
1498                        if (dev->usermode_setup) {
1499                                dev->setup_can_stall = 0;
1500                                goto delegate;
1501                        }
1502                }
1503                break;
1504
1505#ifndef CONFIG_USB_GADGET_PXA25X
1506        /* PXA automagically handles this request too */
1507        case USB_REQ_GET_CONFIGURATION:
1508                if (ctrl->bRequestType != 0x80)
1509                        goto unrecognized;
1510                *(u8 *)req->buf = dev->current_config;
1511                value = min (w_length, (u16) 1);
1512                break;
1513#endif
1514
1515        default:
1516unrecognized:
1517                VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1518                        dev->usermode_setup ? "delegate" : "fail",
1519                        ctrl->bRequestType, ctrl->bRequest,
1520                        w_value, le16_to_cpu(ctrl->wIndex), w_length);
1521
1522                /* if there's an ep0 reader, don't stall */
1523                if (dev->usermode_setup) {
1524                        dev->setup_can_stall = 1;
1525delegate:
1526                        dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1527                                                ? 1 : 0;
1528                        dev->setup_wLength = w_length;
1529                        dev->setup_out_ready = 0;
1530                        dev->setup_out_error = 0;
1531                        value = 0;
1532
1533                        /* read DATA stage for OUT right away */
1534                        if (unlikely (!dev->setup_in && w_length)) {
1535                                value = setup_req (gadget->ep0, dev->req,
1536                                                        w_length);
1537                                if (value < 0)
1538                                        break;
1539                                value = usb_ep_queue (gadget->ep0, dev->req,
1540                                                        GFP_ATOMIC);
1541                                if (value < 0) {
1542                                        clean_req (gadget->ep0, dev->req);
1543                                        break;
1544                                }
1545
1546                                /* we can't currently stall these */
1547                                dev->setup_can_stall = 0;
1548                        }
1549
1550                        /* state changes when reader collects event */
1551                        event = next_event (dev, GADGETFS_SETUP);
1552                        event->u.setup = *ctrl;
1553                        ep0_readable (dev);
1554                        spin_unlock (&dev->lock);
1555                        return 0;
1556                }
1557        }
1558
1559        /* proceed with data transfer and status phases? */
1560        if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1561                req->length = value;
1562                req->zero = value < w_length;
1563                value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC);
1564                if (value < 0) {
1565                        DBG (dev, "ep_queue --> %d\n", value);
1566                        req->status = 0;
1567                }
1568        }
1569
1570        /* device stalls when value < 0 */
1571        spin_unlock (&dev->lock);
1572        return value;
1573}
1574
1575static void destroy_ep_files (struct dev_data *dev)
1576{
1577        struct list_head        *entry, *tmp;
1578
1579        DBG (dev, "%s %d\n", __func__, dev->state);
1580
1581        /* dev->state must prevent interference */
1582restart:
1583        spin_lock_irq (&dev->lock);
1584        list_for_each_safe (entry, tmp, &dev->epfiles) {
1585                struct ep_data  *ep;
1586                struct inode    *parent;
1587                struct dentry   *dentry;
1588
1589                /* break link to FS */
1590                ep = list_entry (entry, struct ep_data, epfiles);
1591                list_del_init (&ep->epfiles);
1592                dentry = ep->dentry;
1593                ep->dentry = NULL;
1594                parent = dentry->d_parent->d_inode;
1595
1596                /* break link to controller */
1597                if (ep->state == STATE_EP_ENABLED)
1598                        (void) usb_ep_disable (ep->ep);
1599                ep->state = STATE_EP_UNBOUND;
1600                usb_ep_free_request (ep->ep, ep->req);
1601                ep->ep = NULL;
1602                wake_up (&ep->wait);
1603                put_ep (ep);
1604
1605                spin_unlock_irq (&dev->lock);
1606
1607                /* break link to dcache */
1608                mutex_lock (&parent->i_mutex);
1609                d_delete (dentry);
1610                dput (dentry);
1611                mutex_unlock (&parent->i_mutex);
1612
1613                /* fds may still be open */
1614                goto restart;
1615        }
1616        spin_unlock_irq (&dev->lock);
1617}
1618
1619
1620static struct inode *
1621gadgetfs_create_file (struct super_block *sb, char const *name,
1622                void *data, const struct file_operations *fops,
1623                struct dentry **dentry_p);
1624
1625static int activate_ep_files (struct dev_data *dev)
1626{
1627        struct usb_ep   *ep;
1628        struct ep_data  *data;
1629
1630        gadget_for_each_ep (ep, dev->gadget) {
1631
1632                data = kzalloc(sizeof(*data), GFP_KERNEL);
1633                if (!data)
1634                        goto enomem0;
1635                data->state = STATE_EP_DISABLED;
1636                mutex_init(&data->lock);
1637                init_waitqueue_head (&data->wait);
1638
1639                strncpy (data->name, ep->name, sizeof (data->name) - 1);
1640                atomic_set (&data->count, 1);
1641                data->dev = dev;
1642                get_dev (dev);
1643
1644                data->ep = ep;
1645                ep->driver_data = data;
1646
1647                data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1648                if (!data->req)
1649                        goto enomem1;
1650
1651                data->inode = gadgetfs_create_file (dev->sb, data->name,
1652                                data, &ep_config_operations,
1653                                &data->dentry);
1654                if (!data->inode)
1655                        goto enomem2;
1656                list_add_tail (&data->epfiles, &dev->epfiles);
1657        }
1658        return 0;
1659
1660enomem2:
1661        usb_ep_free_request (ep, data->req);
1662enomem1:
1663        put_dev (dev);
1664        kfree (data);
1665enomem0:
1666        DBG (dev, "%s enomem\n", __func__);
1667        destroy_ep_files (dev);
1668        return -ENOMEM;
1669}
1670
1671static void
1672gadgetfs_unbind (struct usb_gadget *gadget)
1673{
1674        struct dev_data         *dev = get_gadget_data (gadget);
1675
1676        DBG (dev, "%s\n", __func__);
1677
1678        spin_lock_irq (&dev->lock);
1679        dev->state = STATE_DEV_UNBOUND;
1680        spin_unlock_irq (&dev->lock);
1681
1682        destroy_ep_files (dev);
1683        gadget->ep0->driver_data = NULL;
1684        set_gadget_data (gadget, NULL);
1685
1686        /* we've already been disconnected ... no i/o is active */
1687        if (dev->req)
1688                usb_ep_free_request (gadget->ep0, dev->req);
1689        DBG (dev, "%s done\n", __func__);
1690        put_dev (dev);
1691}
1692
1693static struct dev_data          *the_device;
1694
1695static int
1696gadgetfs_bind (struct usb_gadget *gadget)
1697{
1698        struct dev_data         *dev = the_device;
1699
1700        if (!dev)
1701                return -ESRCH;
1702        if (0 != strcmp (CHIP, gadget->name)) {
1703                pr_err("%s expected %s controller not %s\n",
1704                        shortname, CHIP, gadget->name);
1705                return -ENODEV;
1706        }
1707
1708        set_gadget_data (gadget, dev);
1709        dev->gadget = gadget;
1710        gadget->ep0->driver_data = dev;
1711        dev->dev->bMaxPacketSize0 = gadget->ep0->maxpacket;
1712
1713        /* preallocate control response and buffer */
1714        dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1715        if (!dev->req)
1716                goto enomem;
1717        dev->req->context = NULL;
1718        dev->req->complete = epio_complete;
1719
1720        if (activate_ep_files (dev) < 0)
1721                goto enomem;
1722
1723        INFO (dev, "bound to %s driver\n", gadget->name);
1724        spin_lock_irq(&dev->lock);
1725        dev->state = STATE_DEV_UNCONNECTED;
1726        spin_unlock_irq(&dev->lock);
1727        get_dev (dev);
1728        return 0;
1729
1730enomem:
1731        gadgetfs_unbind (gadget);
1732        return -ENOMEM;
1733}
1734
1735static void
1736gadgetfs_disconnect (struct usb_gadget *gadget)
1737{
1738        struct dev_data         *dev = get_gadget_data (gadget);
1739
1740        spin_lock (&dev->lock);
1741        if (dev->state == STATE_DEV_UNCONNECTED)
1742                goto exit;
1743        dev->state = STATE_DEV_UNCONNECTED;
1744
1745        INFO (dev, "disconnected\n");
1746        next_event (dev, GADGETFS_DISCONNECT);
1747        ep0_readable (dev);
1748exit:
1749        spin_unlock (&dev->lock);
1750}
1751
1752static void
1753gadgetfs_suspend (struct usb_gadget *gadget)
1754{
1755        struct dev_data         *dev = get_gadget_data (gadget);
1756
1757        INFO (dev, "suspended from state %d\n", dev->state);
1758        spin_lock (&dev->lock);
1759        switch (dev->state) {
1760        case STATE_DEV_SETUP:           // VERY odd... host died??
1761        case STATE_DEV_CONNECTED:
1762        case STATE_DEV_UNCONNECTED:
1763                next_event (dev, GADGETFS_SUSPEND);
1764                ep0_readable (dev);
1765                /* FALLTHROUGH */
1766        default:
1767                break;
1768        }
1769        spin_unlock (&dev->lock);
1770}
1771
1772static struct usb_gadget_driver gadgetfs_driver = {
1773#ifdef  CONFIG_USB_GADGET_DUALSPEED
1774        .speed          = USB_SPEED_HIGH,
1775#else
1776        .speed          = USB_SPEED_FULL,
1777#endif
1778        .function       = (char *) driver_desc,
1779        .unbind         = gadgetfs_unbind,
1780        .setup          = gadgetfs_setup,
1781        .disconnect     = gadgetfs_disconnect,
1782        .suspend        = gadgetfs_suspend,
1783
1784        .driver = {
1785                .name           = (char *) shortname,
1786        },
1787};
1788
1789/*----------------------------------------------------------------------*/
1790
1791static void gadgetfs_nop(struct usb_gadget *arg) { }
1792
1793static int gadgetfs_probe (struct usb_gadget *gadget)
1794{
1795        CHIP = gadget->name;
1796        return -EISNAM;
1797}
1798
1799static struct usb_gadget_driver probe_driver = {
1800        .speed          = USB_SPEED_HIGH,
1801        .unbind         = gadgetfs_nop,
1802        .setup          = (void *)gadgetfs_nop,
1803        .disconnect     = gadgetfs_nop,
1804        .driver = {
1805                .name           = "nop",
1806        },
1807};
1808
1809
1810/* DEVICE INITIALIZATION
1811 *
1812 *     fd = open ("/dev/gadget/$CHIP", O_RDWR)
1813 *     status = write (fd, descriptors, sizeof descriptors)
1814 *
1815 * That write establishes the device configuration, so the kernel can
1816 * bind to the controller ... guaranteeing it can handle enumeration
1817 * at all necessary speeds.  Descriptor order is:
1818 *
1819 * . message tag (u32, host order) ... for now, must be zero; it
1820 *      would change to support features like multi-config devices
1821 * . full/low speed config ... all wTotalLength bytes (with interface,
1822 *      class, altsetting, endpoint, and other descriptors)
1823 * . high speed config ... all descriptors, for high speed operation;
1824 *      this one's optional except for high-speed hardware
1825 * . device descriptor
1826 *
1827 * Endpoints are not yet enabled. Drivers must wait until device
1828 * configuration and interface altsetting changes create
1829 * the need to configure (or unconfigure) them.
1830 *
1831 * After initialization, the device stays active for as long as that
1832 * $CHIP file is open.  Events must then be read from that descriptor,
1833 * such as configuration notifications.
1834 */
1835
1836static int is_valid_config (struct usb_config_descriptor *config)
1837{
1838        return config->bDescriptorType == USB_DT_CONFIG
1839                && config->bLength == USB_DT_CONFIG_SIZE
1840                && config->bConfigurationValue != 0
1841                && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1842                && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1843        /* FIXME if gadget->is_otg, _must_ include an otg descriptor */
1844        /* FIXME check lengths: walk to end */
1845}
1846
1847static ssize_t
1848dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1849{
1850        struct dev_data         *dev = fd->private_data;
1851        ssize_t                 value = len, length = len;
1852        unsigned                total;
1853        u32                     tag;
1854        char                    *kbuf;
1855
1856        if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4))
1857                return -EINVAL;
1858
1859        /* we might need to change message format someday */
1860        if (copy_from_user (&tag, buf, 4))
1861                return -EFAULT;
1862        if (tag != 0)
1863                return -EINVAL;
1864        buf += 4;
1865        length -= 4;
1866
1867        kbuf = memdup_user(buf, length);
1868        if (IS_ERR(kbuf))
1869                return PTR_ERR(kbuf);
1870
1871        spin_lock_irq (&dev->lock);
1872        value = -EINVAL;
1873        if (dev->buf)
1874                goto fail;
1875        dev->buf = kbuf;
1876
1877        /* full or low speed config */
1878        dev->config = (void *) kbuf;
1879        total = le16_to_cpu(dev->config->wTotalLength);
1880        if (!is_valid_config (dev->config) || total >= length)
1881                goto fail;
1882        kbuf += total;
1883        length -= total;
1884
1885        /* optional high speed config */
1886        if (kbuf [1] == USB_DT_CONFIG) {
1887                dev->hs_config = (void *) kbuf;
1888                total = le16_to_cpu(dev->hs_config->wTotalLength);
1889                if (!is_valid_config (dev->hs_config) || total >= length)
1890                        goto fail;
1891                kbuf += total;
1892                length -= total;
1893        }
1894
1895        /* could support multiple configs, using another encoding! */
1896
1897        /* device descriptor (tweaked for paranoia) */
1898        if (length != USB_DT_DEVICE_SIZE)
1899                goto fail;
1900        dev->dev = (void *)kbuf;
1901        if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1902                        || dev->dev->bDescriptorType != USB_DT_DEVICE
1903                        || dev->dev->bNumConfigurations != 1)
1904                goto fail;
1905        dev->dev->bNumConfigurations = 1;
1906        dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1907
1908        /* triggers gadgetfs_bind(); then we can enumerate. */
1909        spin_unlock_irq (&dev->lock);
1910        value = usb_gadget_probe_driver(&gadgetfs_driver, gadgetfs_bind);
1911        if (value != 0) {
1912                kfree (dev->buf);
1913                dev->buf = NULL;
1914        } else {
1915                /* at this point "good" hardware has for the first time
1916                 * let the USB the host see us.  alternatively, if users
1917                 * unplug/replug that will clear all the error state.
1918                 *
1919                 * note:  everything running before here was guaranteed
1920                 * to choke driver model style diagnostics.  from here
1921                 * on, they can work ... except in cleanup paths that
1922                 * kick in after the ep0 descriptor is closed.
1923                 */
1924                fd->f_op = &ep0_io_operations;
1925                value = len;
1926        }
1927        return value;
1928
1929fail:
1930        spin_unlock_irq (&dev->lock);
1931        pr_debug ("%s: %s fail %Zd, %p\n", shortname, __func__, value, dev);
1932        kfree (dev->buf);
1933        dev->buf = NULL;
1934        return value;
1935}
1936
1937static int
1938dev_open (struct inode *inode, struct file *fd)
1939{
1940        struct dev_data         *dev = inode->i_private;
1941        int                     value = -EBUSY;
1942
1943        spin_lock_irq(&dev->lock);
1944        if (dev->state == STATE_DEV_DISABLED) {
1945                dev->ev_next = 0;
1946                dev->state = STATE_DEV_OPENED;
1947                fd->private_data = dev;
1948                get_dev (dev);
1949                value = 0;
1950        }
1951        spin_unlock_irq(&dev->lock);
1952        return value;
1953}
1954
1955static const struct file_operations dev_init_operations = {
1956        .owner =        THIS_MODULE,
1957        .llseek =       no_llseek,
1958
1959        .open =         dev_open,
1960        .write =        dev_config,
1961        .fasync =       ep0_fasync,
1962        .unlocked_ioctl = dev_ioctl,
1963        .release =      dev_release,
1964};
1965
1966/*----------------------------------------------------------------------*/
1967
1968/* FILESYSTEM AND SUPERBLOCK OPERATIONS
1969 *
1970 * Mounting the filesystem creates a controller file, used first for
1971 * device configuration then later for event monitoring.
1972 */
1973
1974
1975/* FIXME PAM etc could set this security policy without mount options
1976 * if epfiles inherited ownership and permissons from ep0 ...
1977 */
1978
1979static unsigned default_uid;
1980static unsigned default_gid;
1981static unsigned default_perm = S_IRUSR | S_IWUSR;
1982
1983module_param (default_uid, uint, 0644);
1984module_param (default_gid, uint, 0644);
1985module_param (default_perm, uint, 0644);
1986
1987
1988static struct inode *
1989gadgetfs_make_inode (struct super_block *sb,
1990                void *data, const struct file_operations *fops,
1991                int mode)
1992{
1993        struct inode *inode = new_inode (sb);
1994
1995        if (inode) {
1996                inode->i_ino = get_next_ino();
1997                inode->i_mode = mode;
1998                inode->i_uid = default_uid;
1999                inode->i_gid = default_gid;
2000                inode->i_atime = inode->i_mtime = inode->i_ctime

2001                                = CURRENT_TIME;
2002                inode->i_private = data;
2003                inode->i_fop = fops;
2004        }
2005        return inode;
2006}
2007
2008/* creates in fs root directory, so non-renamable and non-linkable.
2009 * so inode and dentry are paired, until device reconfig.
2010 */
2011static struct inode *
2012gadgetfs_create_file (struct super_block *sb, char const *name,
2013                void *data, const struct file_operations *fops,
2014                struct dentry **dentry_p)
2015{
2016        struct dentry   *dentry;
2017        struct inode    *inode;
2018
2019        dentry = d_alloc_name(sb->s_root, name);
2020        if (!dentry)
2021                return NULL;
2022
2023        inode = gadgetfs_make_inode (sb, data, fops,
2024                        S_IFREG | (default_perm & S_IRWXUGO));
2025        if (!inode) {
2026                dput(dentry);
2027                return NULL;
2028        }
2029        d_add (dentry, inode);
2030        *dentry_p = dentry;
2031        return inode;
2032}
2033
2034static const struct super_operations gadget_fs_operations = {
2035        .statfs =       simple_statfs,
2036        .drop_inode =   generic_delete_inode,
2037};
2038
2039static int
2040gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
2041{
2042        struct inode    *inode;
2043        struct dentry   *d;
2044        struct dev_data *dev;
2045
2046        if (the_device)
2047                return -ESRCH;
2048
2049        /* fake probe to determine $CHIP */
2050        (void) usb_gadget_probe_driver(&probe_driver, gadgetfs_probe);
2051        if (!CHIP)
2052                return -ENODEV;
2053
2054        /* superblock */
2055        sb->s_blocksize = PAGE_CACHE_SIZE;
2056        sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
2057        sb->s_magic = GADGETFS_MAGIC;
2058        sb->s_op = &gadget_fs_operations;
2059        sb->s_time_gran = 1;
2060
2061        /* root inode */
2062        inode = gadgetfs_make_inode (sb,
2063                        NULL, &simple_dir_operations,
2064                        S_IFDIR | S_IRUGO | S_IXUGO);
2065        if (!inode)
2066                goto enomem0;
2067        inode->i_op = &simple_dir_inode_operations;
2068        if (!(d = d_alloc_root (inode)))
2069                goto enomem1;
2070        sb->s_root = d;
2071
2072        /* the ep0 file is named after the controller we expect;
2073         * user mode code can use it for sanity checks, like we do.
2074         */
2075        dev = dev_new ();
2076        if (!dev)
2077                goto enomem2;
2078
2079        dev->sb = sb;
2080        if (!gadgetfs_create_file (sb, CHIP,
2081                                dev, &dev_init_operations,
2082                                &dev->dentry))
2083                goto enomem3;
2084
2085        /* other endpoint files are available after hardware setup,
2086         * from binding to a controller.
2087         */
2088        the_device = dev;
2089        return 0;
2090
2091enomem3:
2092        put_dev (dev);
2093enomem2:
2094        dput (d);
2095enomem1:
2096        iput (inode);
2097enomem0:
2098        return -ENOMEM;
2099}
2100
2101/* "mount -t gadgetfs path /dev/gadget" ends up here */
2102static struct dentry *
2103gadgetfs_mount (struct file_system_type *t, int flags,
2104                const char *path, void *opts)
2105{
2106        return mount_single (t, flags, opts, gadgetfs_fill_super);
2107}
2108
2109static void
2110gadgetfs_kill_sb (struct super_block *sb)
2111{
2112        kill_litter_super (sb);
2113        if (the_device) {
2114                put_dev (the_device);
2115                the_device = NULL;
2116        }
2117}
2118
2119/*----------------------------------------------------------------------*/
2120
2121static struct file_system_type gadgetfs_type = {
2122        .owner          = THIS_MODULE,
2123        .name           = shortname,
2124        .mount          = gadgetfs_mount,
2125        .kill_sb        = gadgetfs_kill_sb,
2126};
2127
2128/*----------------------------------------------------------------------*/
2129
2130static int __init init (void)
2131{
2132        int status;
2133
2134        status = register_filesystem (&gadgetfs_type);
2135        if (status == 0)
2136                pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2137                        shortname, driver_desc);
2138        return status;
2139}
2140module_init (init);
2141
2142static void __exit cleanup (void)
2143{
2144        pr_debug ("unregister %s\n", shortname);
2145        unregister_filesystem (&gadgetfs_type);
2146}
2147module_exit (cleanup);
2148
2149