LXR linux/drivers/usb/gadget/inode.c

   1/*
   2 * inode.c -- user mode filesystem api for usb gadget controllers
   3 *
   4 * Copyright (C) 2003-2004 David Brownell
   5 * Copyright (C) 2003 Agilent Technologies
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 2 of the License, or
  10 * (at your option) any later version.
  11 */
  12
  13
  14/* #define VERBOSE_DEBUG */
  15
  16#include <linux/init.h>
  17#include <linux/module.h>
  18#include <linux/fs.h>
  19#include <linux/pagemap.h>
  20#include <linux/uts.h>
  21#include <linux/wait.h>
  22#include <linux/compiler.h>
  23#include <asm/uaccess.h>
  24#include <linux/sched.h>
  25#include <linux/slab.h>
  26#include <linux/poll.h>
  27#include <linux/mmu_context.h>
  28#include <linux/aio.h>
  29
  30#include <linux/device.h>
  31#include <linux/moduleparam.h>
  32
  33#include <linux/usb/gadgetfs.h>
  34#include <linux/usb/gadget.h>
  35
  36
  37/*
  38 * The gadgetfs API maps each endpoint to a file descriptor so that you
  39 * can use standard synchronous read/write calls for I/O.  There's some
  40 * O_NONBLOCK and O_ASYNC/FASYNC style i/o support.  Example usermode
  41 * drivers show how this works in practice.  You can also use AIO to
  42 * eliminate I/O gaps between requests, to help when streaming data.
  43 *
  44 * Key parts that must be USB-specific are protocols defining how the
  45 * read/write operations relate to the hardware state machines.  There
  46 * are two types of files.  One type is for the device, implementing ep0.
  47 * The other type is for each IN or OUT endpoint.  In both cases, the
  48 * user mode driver must configure the hardware before using it.
  49 *
  50 * - First, dev_config() is called when /dev/gadget/$CHIP is configured
  51 *   (by writing configuration and device descriptors).  Afterwards it
  52 *   may serve as a source of device events, used to handle all control
  53 *   requests other than basic enumeration.
  54 *
  55 * - Then, after a SET_CONFIGURATION control request, ep_config() is
  56 *   called when each /dev/gadget/ep* file is configured (by writing
  57 *   endpoint descriptors).  Afterwards these files are used to write()
  58 *   IN data or to read() OUT data.  To halt the endpoint, a "wrong
  59 *   direction" request is issued (like reading an IN endpoint).
  60 *
  61 * Unlike "usbfs" the only ioctl()s are for things that are rare, and maybe
  62 * not possible on all hardware.  For example, precise fault handling with
  63 * respect to data left in endpoint fifos after aborted operations; or
  64 * selective clearing of endpoint halts, to implement SET_INTERFACE.
  65 */
  66
  67#define DRIVER_DESC     "USB Gadget filesystem"
  68#define DRIVER_VERSION  "24 Aug 2004"
  69
  70static const char driver_desc [] = DRIVER_DESC;
  71static const char shortname [] = "gadgetfs";
  72
  73MODULE_DESCRIPTION (DRIVER_DESC);
  74MODULE_AUTHOR ("David Brownell");
  75MODULE_LICENSE ("GPL");
  76
  77
  78/*----------------------------------------------------------------------*/
  79
  80#define GADGETFS_MAGIC          0xaee71ee7
  81
  82/* /dev/gadget/$CHIP represents ep0 and the whole device */
  83enum ep0_state {
  84        /* DISBLED is the initial state.
  85         */
  86        STATE_DEV_DISABLED = 0,
  87
  88        /* Only one open() of /dev/gadget/$CHIP; only one file tracks
  89         * ep0/device i/o modes and binding to the controller.  Driver
  90         * must always write descriptors to initialize the device, then
  91         * the device becomes UNCONNECTED until enumeration.
  92         */
  93        STATE_DEV_OPENED,
  94
  95        /* From then on, ep0 fd is in either of two basic modes:
  96         * - (UN)CONNECTED: read usb_gadgetfs_event(s) from it
  97         * - SETUP: read/write will transfer control data and succeed;
  98         *   or if "wrong direction", performs protocol stall
  99         */
 100        STATE_DEV_UNCONNECTED,
 101        STATE_DEV_CONNECTED,
 102        STATE_DEV_SETUP,
 103
 104        /* UNBOUND means the driver closed ep0, so the device won't be
 105         * accessible again (DEV_DISABLED) until all fds are closed.
 106         */
 107        STATE_DEV_UNBOUND,
 108};
 109
 110/* enough for the whole queue: most events invalidate others */
 111#define N_EVENT                 5
 112
 113struct dev_data {
 114        spinlock_t                      lock;
 115        atomic_t                        count;
 116        enum ep0_state                  state;          /* P: lock */
 117        struct usb_gadgetfs_event       event [N_EVENT];
 118        unsigned                        ev_next;
 119        struct fasync_struct            *fasync;
 120        u8                              current_config;
 121
 122        /* drivers reading ep0 MUST handle control requests (SETUP)
 123         * reported that way; else the host will time out.
 124         */
 125        unsigned                        usermode_setup : 1,
 126                                        setup_in : 1,
 127                                        setup_can_stall : 1,
 128                                        setup_out_ready : 1,
 129                                        setup_out_error : 1,
 130                                        setup_abort : 1;
 131        unsigned                        setup_wLength;
 132
 133        /* the rest is basically write-once */
 134        struct usb_config_descriptor    *config, *hs_config;
 135        struct usb_device_descriptor    *dev;
 136        struct usb_request              *req;
 137        struct usb_gadget               *gadget;
 138        struct list_head                epfiles;
 139        void                            *buf;
 140        wait_queue_head_t               wait;
 141        struct super_block              *sb;
 142        struct dentry                   *dentry;
 143
 144        /* except this scratch i/o buffer for ep0 */
 145        u8                              rbuf [256];
 146};
 147
 148static inline void get_dev (struct dev_data *data)
 149{
 150        atomic_inc (&data->count);
 151}
 152
 153static void put_dev (struct dev_data *data)
 154{
 155        if (likely (!atomic_dec_and_test (&data->count)))
 156                return;
 157        /* needs no more cleanup */
 158        BUG_ON (waitqueue_active (&data->wait));
 159        kfree (data);
 160}
 161
 162static struct dev_data *dev_new (void)
 163{
 164        struct dev_data         *dev;
 165
 166        dev = kzalloc(sizeof(*dev), GFP_KERNEL);
 167        if (!dev)
 168                return NULL;
 169        dev->state = STATE_DEV_DISABLED;
 170        atomic_set (&dev->count, 1);
 171        spin_lock_init (&dev->lock);
 172        INIT_LIST_HEAD (&dev->epfiles);
 173        init_waitqueue_head (&dev->wait);
 174        return dev;
 175}
 176
 177/*----------------------------------------------------------------------*/
 178
 179/* other /dev/gadget/$ENDPOINT files represent endpoints */
 180enum ep_state {
 181        STATE_EP_DISABLED = 0,
 182        STATE_EP_READY,
 183        STATE_EP_ENABLED,
 184        STATE_EP_UNBOUND,
 185};
 186
 187struct ep_data {
 188        struct mutex                    lock;
 189        enum ep_state                   state;
 190        atomic_t                        count;
 191        struct dev_data                 *dev;
 192        /* must hold dev->lock before accessing ep or req */
 193        struct usb_ep                   *ep;
 194        struct usb_request              *req;
 195        ssize_t                         status;
 196        char                            name [16];
 197        struct usb_endpoint_descriptor  desc, hs_desc;
 198        struct list_head                epfiles;
 199        wait_queue_head_t               wait;
 200        struct dentry                   *dentry;
 201        struct inode                    *inode;
 202};
 203
 204static inline void get_ep (struct ep_data *data)
 205{
 206        atomic_inc (&data->count);
 207}
 208
 209static void put_ep (struct ep_data *data)
 210{
 211        if (likely (!atomic_dec_and_test (&data->count)))
 212                return;
 213        put_dev (data->dev);
 214        /* needs no more cleanup */
 215        BUG_ON (!list_empty (&data->epfiles));
 216        BUG_ON (waitqueue_active (&data->wait));
 217        kfree (data);
 218}
 219
 220/*----------------------------------------------------------------------*/
 221
 222/* most "how to use the hardware" policy choices are in userspace:
 223 * mapping endpoint roles (which the driver needs) to the capabilities
 224 * which the usb controller has.  most of those capabilities are exposed
 225 * implicitly, starting with the driver name and then endpoint names.
 226 */
 227
 228static const char *CHIP;
 229
 230/*----------------------------------------------------------------------*/
 231
 232/* NOTE:  don't use dev_printk calls before binding to the gadget
 233 * at the end of ep0 configuration, or after unbind.
 234 */
 235
 236/* too wordy: dev_printk(level , &(d)->gadget->dev , fmt , ## args) */
 237#define xprintk(d,level,fmt,args...) \
 238        printk(level "%s: " fmt , shortname , ## args)
 239
 240#ifdef DEBUG
 241#define DBG(dev,fmt,args...) \
 242        xprintk(dev , KERN_DEBUG , fmt , ## args)
 243#else
 244#define DBG(dev,fmt,args...) \
 245        do { } while (0)
 246#endif /* DEBUG */
 247
 248#ifdef VERBOSE_DEBUG
 249#define VDEBUG  DBG
 250#else
 251#define VDEBUG(dev,fmt,args...) \
 252        do { } while (0)
 253#endif /* DEBUG */
 254
 255#define ERROR(dev,fmt,args...) \
 256        xprintk(dev , KERN_ERR , fmt , ## args)
 257#define INFO(dev,fmt,args...) \
 258        xprintk(dev , KERN_INFO , fmt , ## args)
 259
 260
 261/*----------------------------------------------------------------------*/
 262
 263/* SYNCHRONOUS ENDPOINT OPERATIONS (bulk/intr/iso)
 264 *
 265 * After opening, configure non-control endpoints.  Then use normal
 266 * stream read() and write() requests; and maybe ioctl() to get more
 267 * precise FIFO status when recovering from cancellation.
 268 */
 269
 270static void epio_complete (struct usb_ep *ep, struct usb_request *req)
 271{
 272        struct ep_data  *epdata = ep->driver_data;
 273
 274        if (!req->context)
 275                return;
 276        if (req->status)
 277                epdata->status = req->status;
 278        else
 279                epdata->status = req->actual;
 280        complete ((struct completion *)req->context);
 281}
 282
 283/* tasklock endpoint, returning when it's connected.
 284 * still need dev->lock to use epdata->ep.
 285 */
 286static int
 287get_ready_ep (unsigned f_flags, struct ep_data *epdata)
 288{
 289        int     val;
 290
 291        if (f_flags & O_NONBLOCK) {
 292                if (!mutex_trylock(&epdata->lock))
 293                        goto nonblock;
 294                if (epdata->state != STATE_EP_ENABLED) {
 295                        mutex_unlock(&epdata->lock);
 296nonblock:
 297                        val = -EAGAIN;
 298                } else
 299                        val = 0;
 300                return val;
 301        }
 302
 303        val = mutex_lock_interruptible(&epdata->lock);
 304        if (val < 0)
 305                return val;
 306
 307        switch (epdata->state) {
 308        case STATE_EP_ENABLED:
 309                break;
 310        // case STATE_EP_DISABLED:              /* "can't happen" */
 311        // case STATE_EP_READY:                 /* "can't happen" */
 312        default:                                /* error! */
 313                pr_debug ("%s: ep %p not available, state %d\n",
 314                                shortname, epdata, epdata->state);
 315                // FALLTHROUGH
 316        case STATE_EP_UNBOUND:                  /* clean disconnect */
 317                val = -ENODEV;
 318                mutex_unlock(&epdata->lock);
 319        }
 320        return val;
 321}
 322
 323static ssize_t
 324ep_io (struct ep_data *epdata, void *buf, unsigned len)
 325{
 326        DECLARE_COMPLETION_ONSTACK (done);
 327        int value;
 328
 329        spin_lock_irq (&epdata->dev->lock);
 330        if (likely (epdata->ep != NULL)) {
 331                struct usb_request      *req = epdata->req;
 332
 333                req->context = &done;
 334                req->complete = epio_complete;
 335                req->buf = buf;
 336                req->length = len;
 337                value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
 338        } else
 339                value = -ENODEV;
 340        spin_unlock_irq (&epdata->dev->lock);
 341
 342        if (likely (value == 0)) {
 343                value = wait_event_interruptible (done.wait, done.done);
 344                if (value != 0) {
 345                        spin_lock_irq (&epdata->dev->lock);
 346                        if (likely (epdata->ep != NULL)) {
 347                                DBG (epdata->dev, "%s i/o interrupted\n",
 348                                                epdata->name);
 349                                usb_ep_dequeue (epdata->ep, epdata->req);
 350                                spin_unlock_irq (&epdata->dev->lock);
 351
 352                                wait_event (done.wait, done.done);
 353                                if (epdata->status == -ECONNRESET)
 354                                        epdata->status = -EINTR;
 355                        } else {
 356                                spin_unlock_irq (&epdata->dev->lock);
 357
 358                                DBG (epdata->dev, "endpoint gone\n");
 359                                epdata->status = -ENODEV;
 360                        }
 361                }
 362                return epdata->status;
 363        }
 364        return value;
 365}
 366
 367
 368/* handle a synchronous OUT bulk/intr/iso transfer */
 369static ssize_t
 370ep_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
 371{
 372        struct ep_data          *data = fd->private_data;
 373        void                    *kbuf;
 374        ssize_t                 value;
 375
 376        if ((value = get_ready_ep (fd->f_flags, data)) < 0)
 377                return value;
 378
 379        /* halt any endpoint by doing a "wrong direction" i/o call */
 380        if (usb_endpoint_dir_in(&data->desc)) {
 381                if (usb_endpoint_xfer_isoc(&data->desc)) {
 382                        mutex_unlock(&data->lock);
 383                        return -EINVAL;
 384                }
 385                DBG (data->dev, "%s halt\n", data->name);
 386                spin_lock_irq (&data->dev->lock);
 387                if (likely (data->ep != NULL))
 388                        usb_ep_set_halt (data->ep);
 389                spin_unlock_irq (&data->dev->lock);
 390                mutex_unlock(&data->lock);
 391                return -EBADMSG;
 392        }
 393
 394        /* FIXME readahead for O_NONBLOCK and poll(); careful with ZLPs */
 395
 396        value = -ENOMEM;
 397        kbuf = kmalloc (len, GFP_KERNEL);
 398        if (unlikely (!kbuf))
 399                goto free1;
 400
 401        value = ep_io (data, kbuf, len);
 402        VDEBUG (data->dev, "%s read %zu OUT, status %d\n",
 403                data->name, len, (int) value);
 404        if (value >= 0 && copy_to_user (buf, kbuf, value))
 405                value = -EFAULT;
 406
 407free1:
 408        mutex_unlock(&data->lock);
 409        kfree (kbuf);
 410        return value;
 411}
 412
 413/* handle a synchronous IN bulk/intr/iso transfer */
 414static ssize_t
 415ep_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
 416{
 417        struct ep_data          *data = fd->private_data;
 418        void                    *kbuf;
 419        ssize_t                 value;
 420
 421        if ((value = get_ready_ep (fd->f_flags, data)) < 0)
 422                return value;
 423
 424        /* halt any endpoint by doing a "wrong direction" i/o call */
 425        if (!usb_endpoint_dir_in(&data->desc)) {
 426                if (usb_endpoint_xfer_isoc(&data->desc)) {
 427                        mutex_unlock(&data->lock);
 428                        return -EINVAL;
 429                }
 430                DBG (data->dev, "%s halt\n", data->name);
 431                spin_lock_irq (&data->dev->lock);
 432                if (likely (data->ep != NULL))
 433                        usb_ep_set_halt (data->ep);
 434                spin_unlock_irq (&data->dev->lock);
 435                mutex_unlock(&data->lock);
 436                return -EBADMSG;
 437        }
 438
 439        /* FIXME writebehind for O_NONBLOCK and poll(), qlen = 1 */
 440
 441        value = -ENOMEM;
 442        kbuf = kmalloc (len, GFP_KERNEL);
 443        if (!kbuf)
 444                goto free1;
 445        if (copy_from_user (kbuf, buf, len)) {
 446                value = -EFAULT;
 447                goto free1;
 448        }
 449
 450        value = ep_io (data, kbuf, len);
 451        VDEBUG (data->dev, "%s write %zu IN, status %d\n",
 452                data->name, len, (int) value);
 453free1:
 454        mutex_unlock(&data->lock);
 455        kfree (kbuf);
 456        return value;
 457}
 458
 459static int
 460ep_release (struct inode *inode, struct file *fd)
 461{
 462        struct ep_data          *data = fd->private_data;
 463        int value;
 464
 465        value = mutex_lock_interruptible(&data->lock);
 466        if (value < 0)
 467                return value;
 468
 469        /* clean up if this can be reopened */
 470        if (data->state != STATE_EP_UNBOUND) {
 471                data->state = STATE_EP_DISABLED;
 472                data->desc.bDescriptorType = 0;
 473                data->hs_desc.bDescriptorType = 0;
 474                usb_ep_disable(data->ep);
 475        }
 476        mutex_unlock(&data->lock);
 477        put_ep (data);
 478        return 0;
 479}
 480
 481static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
 482{
 483        struct ep_data          *data = fd->private_data;
 484        int                     status;
 485
 486        if ((status = get_ready_ep (fd->f_flags, data)) < 0)
 487                return status;
 488
 489        spin_lock_irq (&data->dev->lock);
 490        if (likely (data->ep != NULL)) {
 491                switch (code) {
 492                case GADGETFS_FIFO_STATUS:
 493                        status = usb_ep_fifo_status (data->ep);
 494                        break;
 495                case GADGETFS_FIFO_FLUSH:
 496                        usb_ep_fifo_flush (data->ep);
 497                        break;
 498                case GADGETFS_CLEAR_HALT:
 499                        status = usb_ep_clear_halt (data->ep);
 500                        break;
 501                default:
 502                        status = -ENOTTY;
 503                }
 504        } else
 505                status = -ENODEV;
 506        spin_unlock_irq (&data->dev->lock);
 507        mutex_unlock(&data->lock);
 508        return status;
 509}
 510
 511/*----------------------------------------------------------------------*/
 512
 513/* ASYNCHRONOUS ENDPOINT I/O OPERATIONS (bulk/intr/iso) */
 514
 515struct kiocb_priv {
 516        struct usb_request      *req;
 517        struct ep_data          *epdata;
 518        struct kiocb            *iocb;
 519        struct mm_struct        *mm;
 520        struct work_struct      work;
 521        void                    *buf;
 522        const struct iovec      *iv;
 523        unsigned long           nr_segs;
 524        unsigned                actual;
 525};
 526
 527static int ep_aio_cancel(struct kiocb *iocb, struct io_event *e)
 528{
 529        struct kiocb_priv       *priv = iocb->private;
 530        struct ep_data          *epdata;
 531        int                     value;
 532
 533        local_irq_disable();
 534        epdata = priv->epdata;
 535        // spin_lock(&epdata->dev->lock);
 536        if (likely(epdata && epdata->ep && priv->req))
 537                value = usb_ep_dequeue (epdata->ep, priv->req);
 538        else
 539                value = -EINVAL;
 540        // spin_unlock(&epdata->dev->lock);
 541        local_irq_enable();
 542
 543        aio_put_req(iocb);
 544        return value;
 545}
 546
 547static ssize_t ep_copy_to_user(struct kiocb_priv *priv)
 548{
 549        ssize_t                 len, total;
 550        void                    *to_copy;
 551        int                     i;
 552
 553        /* copy stuff into user buffers */
 554        total = priv->actual;
 555        len = 0;
 556        to_copy = priv->buf;
 557        for (i=0; i < priv->nr_segs; i++) {
 558                ssize_t this = min((ssize_t)(priv->iv[i].iov_len), total);
 559
 560                if (copy_to_user(priv->iv[i].iov_base, to_copy, this)) {
 561                        if (len == 0)
 562                                len = -EFAULT;
 563                        break;
 564                }
 565
 566                total -= this;
 567                len += this;
 568                to_copy += this;
 569                if (total == 0)
 570                        break;
 571        }
 572
 573        return len;
 574}
 575
 576static void ep_user_copy_worker(struct work_struct *work)
 577{
 578        struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
 579        struct mm_struct *mm = priv->mm;
 580        struct kiocb *iocb = priv->iocb;
 581        size_t ret;
 582
 583        use_mm(mm);
 584        ret = ep_copy_to_user(priv);
 585        unuse_mm(mm);
 586
 587        /* completing the iocb can drop the ctx and mm, don't touch mm after */
 588        aio_complete(iocb, ret, ret);
 589
 590        kfree(priv->buf);
 591        kfree(priv);
 592}
 593
 594static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
 595{
 596        struct kiocb            *iocb = req->context;
 597        struct kiocb_priv       *priv = iocb->private;
 598        struct ep_data          *epdata = priv->epdata;
 599
 600        /* lock against disconnect (and ideally, cancel) */
 601        spin_lock(&epdata->dev->lock);
 602        priv->req = NULL;
 603        priv->epdata = NULL;
 604
 605        /* if this was a write or a read returning no data then we
 606         * don't need to copy anything to userspace, so we can
 607         * complete the aio request immediately.
 608         */
 609        if (priv->iv == NULL || unlikely(req->actual == 0)) {
 610                kfree(req->buf);
 611                kfree(priv);
 612                iocb->private = NULL;
 613                /* aio_complete() reports bytes-transferred _and_ faults */
 614                aio_complete(iocb, req->actual ? req->actual : req->status,
 615                                req->status);
 616        } else {
 617                /* ep_copy_to_user() won't report both; we hide some faults */
 618                if (unlikely(0 != req->status))
 619                        DBG(epdata->dev, "%s fault %d len %d\n",
 620                                ep->name, req->status, req->actual);
 621
 622                priv->buf = req->buf;
 623                priv->actual = req->actual;
 624                schedule_work(&priv->work);
 625        }
 626        spin_unlock(&epdata->dev->lock);
 627
 628        usb_ep_free_request(ep, req);
 629        put_ep(epdata);
 630}
 631
 632static ssize_t
 633ep_aio_rwtail(
 634        struct kiocb    *iocb,
 635        char            *buf,
 636        size_t          len,
 637        struct ep_data  *epdata,
 638        const struct iovec *iv,
 639        unsigned long   nr_segs
 640)
 641{
 642        struct kiocb_priv       *priv;
 643        struct usb_request      *req;
 644        ssize_t                 value;
 645
 646        priv = kmalloc(sizeof *priv, GFP_KERNEL);
 647        if (!priv) {
 648                value = -ENOMEM;
 649fail:
 650                kfree(buf);
 651                return value;
 652        }
 653        iocb->private = priv;
 654        priv->iocb = iocb;
 655        priv->iv = iv;
 656        priv->nr_segs = nr_segs;
 657        INIT_WORK(&priv->work, ep_user_copy_worker);
 658
 659        value = get_ready_ep(iocb->ki_filp->f_flags, epdata);
 660        if (unlikely(value < 0)) {
 661                kfree(priv);
 662                goto fail;
 663        }
 664
 665        kiocb_set_cancel_fn(iocb, ep_aio_cancel);
 666        get_ep(epdata);
 667        priv->epdata = epdata;
 668        priv->actual = 0;
 669        priv->mm = current->mm; /* mm teardown waits for iocbs in exit_aio() */
 670
 671        /* each kiocb is coupled to one usb_request, but we can't
 672         * allocate or submit those if the host disconnected.
 673         */
 674        spin_lock_irq(&epdata->dev->lock);
 675        if (likely(epdata->ep)) {
 676                req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
 677                if (likely(req)) {
 678                        priv->req = req;
 679                        req->buf = buf;
 680                        req->length = len;
 681                        req->complete = ep_aio_complete;
 682                        req->context = iocb;
 683                        value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
 684                        if (unlikely(0 != value))
 685                                usb_ep_free_request(epdata->ep, req);
 686                } else
 687                        value = -EAGAIN;
 688        } else
 689                value = -ENODEV;
 690        spin_unlock_irq(&epdata->dev->lock);
 691
 692        mutex_unlock(&epdata->lock);
 693
 694        if (unlikely(value)) {
 695                kfree(priv);
 696                put_ep(epdata);
 697        } else
 698                value = -EIOCBQUEUED;
 699        return value;
 700}
 701
 702static ssize_t
 703ep_aio_read(struct kiocb *iocb, const struct iovec *iov,
 704                unsigned long nr_segs, loff_t o)
 705{
 706        struct ep_data          *epdata = iocb->ki_filp->private_data;
 707        char                    *buf;
 708
 709        if (unlikely(usb_endpoint_dir_in(&epdata->desc)))
 710                return -EINVAL;
 711
 712        buf = kmalloc(iocb->ki_left, GFP_KERNEL);
 713        if (unlikely(!buf))
 714                return -ENOMEM;
 715
 716        return ep_aio_rwtail(iocb, buf, iocb->ki_left, epdata, iov, nr_segs);
 717}
 718
 719static ssize_t
 720ep_aio_write(struct kiocb *iocb, const struct iovec *iov,
 721                unsigned long nr_segs, loff_t o)
 722{
 723        struct ep_data          *epdata = iocb->ki_filp->private_data;
 724        char                    *buf;
 725        size_t                  len = 0;
 726        int                     i = 0;
 727
 728        if (unlikely(!usb_endpoint_dir_in(&epdata->desc)))
 729                return -EINVAL;
 730
 731        buf = kmalloc(iocb->ki_left, GFP_KERNEL);
 732        if (unlikely(!buf))
 733                return -ENOMEM;
 734
 735        for (i=0; i < nr_segs; i++) {
 736                if (unlikely(copy_from_user(&buf[len], iov[i].iov_base,
 737                                iov[i].iov_len) != 0)) {
 738                        kfree(buf);
 739                        return -EFAULT;
 740                }
 741                len += iov[i].iov_len;
 742        }
 743        return ep_aio_rwtail(iocb, buf, len, epdata, NULL, 0);
 744}
 745
 746/*----------------------------------------------------------------------*/
 747
 748/* used after endpoint configuration */
 749static const struct file_operations ep_io_operations = {
 750        .owner =        THIS_MODULE,
 751        .llseek =       no_llseek,
 752
 753        .read =         ep_read,
 754        .write =        ep_write,
 755        .unlocked_ioctl = ep_ioctl,
 756        .release =      ep_release,
 757
 758        .aio_read =     ep_aio_read,
 759        .aio_write =    ep_aio_write,
 760};
 761
 762/* ENDPOINT INITIALIZATION
 763 *
 764 *     fd = open ("/dev/gadget/$ENDPOINT", O_RDWR)
 765 *     status = write (fd, descriptors, sizeof descriptors)
 766 *
 767 * That write establishes the endpoint configuration, configuring
 768 * the controller to process bulk, interrupt, or isochronous transfers
 769 * at the right maxpacket size, and so on.
 770 *
 771 * The descriptors are message type 1, identified by a host order u32
 772 * at the beginning of what's written.  Descriptor order is: full/low
 773 * speed descriptor, then optional high speed descriptor.
 774 */
 775static ssize_t
 776ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
 777{
 778        struct ep_data          *data = fd->private_data;
 779        struct usb_ep           *ep;
 780        u32                     tag;
 781        int                     value, length = len;
 782
 783        value = mutex_lock_interruptible(&data->lock);
 784        if (value < 0)
 785                return value;
 786
 787        if (data->state != STATE_EP_READY) {
 788                value = -EL2HLT;
 789                goto fail;
 790        }
 791
 792        value = len;
 793        if (len < USB_DT_ENDPOINT_SIZE + 4)
 794                goto fail0;
 795
 796        /* we might need to change message format someday */
 797        if (copy_from_user (&tag, buf, 4)) {
 798                goto fail1;
 799        }
 800        if (tag != 1) {
 801                DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
 802                goto fail0;
 803        }
 804        buf += 4;
 805        len -= 4;
 806
 807        /* NOTE:  audio endpoint extensions not accepted here;
 808         * just don't include the extra bytes.
 809         */
 810
 811        /* full/low speed descriptor, then high speed */
 812        if (copy_from_user (&data->desc, buf, USB_DT_ENDPOINT_SIZE)) {
 813                goto fail1;
 814        }
 815        if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
 816                        || data->desc.bDescriptorType != USB_DT_ENDPOINT)
 817                goto fail0;
 818        if (len != USB_DT_ENDPOINT_SIZE) {
 819                if (len != 2 * USB_DT_ENDPOINT_SIZE)
 820                        goto fail0;
 821                if (copy_from_user (&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
 822                                        USB_DT_ENDPOINT_SIZE)) {
 823                        goto fail1;
 824                }
 825                if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
 826                                || data->hs_desc.bDescriptorType
 827                                        != USB_DT_ENDPOINT) {
 828                        DBG(data->dev, "config %s, bad hs length or type\n",
 829                                        data->name);
 830                        goto fail0;
 831                }
 832        }
 833
 834        spin_lock_irq (&data->dev->lock);
 835        if (data->dev->state == STATE_DEV_UNBOUND) {
 836                value = -ENOENT;
 837                goto gone;
 838        } else if ((ep = data->ep) == NULL) {
 839                value = -ENODEV;
 840                goto gone;
 841        }
 842        switch (data->dev->gadget->speed) {
 843        case USB_SPEED_LOW:
 844        case USB_SPEED_FULL:
 845                ep->desc = &data->desc;
 846                value = usb_ep_enable(ep);
 847                if (value == 0)
 848                        data->state = STATE_EP_ENABLED;
 849                break;
 850        case USB_SPEED_HIGH:
 851                /* fails if caller didn't provide that descriptor... */
 852                ep->desc = &data->hs_desc;
 853                value = usb_ep_enable(ep);
 854                if (value == 0)
 855                        data->state = STATE_EP_ENABLED;
 856                break;
 857        default:
 858                DBG(data->dev, "unconnected, %s init abandoned\n",
 859                                data->name);
 860                value = -EINVAL;
 861        }
 862        if (value == 0) {
 863                fd->f_op = &ep_io_operations;
 864                value = length;
 865        }
 866gone:
 867        spin_unlock_irq (&data->dev->lock);
 868        if (value < 0) {
 869fail:
 870                data->desc.bDescriptorType = 0;
 871                data->hs_desc.bDescriptorType = 0;
 872        }
 873        mutex_unlock(&data->lock);
 874        return value;
 875fail0:
 876        value = -EINVAL;
 877        goto fail;
 878fail1:
 879        value = -EFAULT;
 880        goto fail;
 881}
 882
 883static int
 884ep_open (struct inode *inode, struct file *fd)
 885{
 886        struct ep_data          *data = inode->i_private;
 887        int                     value = -EBUSY;
 888
 889        if (mutex_lock_interruptible(&data->lock) != 0)
 890                return -EINTR;
 891        spin_lock_irq (&data->dev->lock);
 892        if (data->dev->state == STATE_DEV_UNBOUND)
 893                value = -ENOENT;
 894        else if (data->state == STATE_EP_DISABLED) {
 895                value = 0;
 896                data->state = STATE_EP_READY;
 897                get_ep (data);
 898                fd->private_data = data;
 899                VDEBUG (data->dev, "%s ready\n", data->name);
 900        } else
 901                DBG (data->dev, "%s state %d\n",
 902                        data->name, data->state);
 903        spin_unlock_irq (&data->dev->lock);
 904        mutex_unlock(&data->lock);
 905        return value;
 906}
 907
 908/* used before endpoint configuration */
 909static const struct file_operations ep_config_operations = {
 910        .llseek =       no_llseek,
 911
 912        .open =         ep_open,
 913        .write =        ep_config,
 914        .release =      ep_release,
 915};
 916
 917/*----------------------------------------------------------------------*/
 918
 919/* EP0 IMPLEMENTATION can be partly in userspace.
 920 *
 921 * Drivers that use this facility receive various events, including
 922 * control requests the kernel doesn't handle.  Drivers that don't
 923 * use this facility may be too simple-minded for real applications.
 924 */
 925
 926static inline void ep0_readable (struct dev_data *dev)
 927{
 928        wake_up (&dev->wait);
 929        kill_fasync (&dev->fasync, SIGIO, POLL_IN);
 930}
 931
 932static void clean_req (struct usb_ep *ep, struct usb_request *req)
 933{
 934        struct dev_data         *dev = ep->driver_data;
 935
 936        if (req->buf != dev->rbuf) {
 937                kfree(req->buf);
 938                req->buf = dev->rbuf;
 939        }
 940        req->complete = epio_complete;
 941        dev->setup_out_ready = 0;
 942}
 943
 944static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
 945{
 946        struct dev_data         *dev = ep->driver_data;
 947        unsigned long           flags;
 948        int                     free = 1;
 949
 950        /* for control OUT, data must still get to userspace */
 951        spin_lock_irqsave(&dev->lock, flags);
 952        if (!dev->setup_in) {
 953                dev->setup_out_error = (req->status != 0);
 954                if (!dev->setup_out_error)
 955                        free = 0;
 956                dev->setup_out_ready = 1;
 957                ep0_readable (dev);
 958        }
 959
 960        /* clean up as appropriate */
 961        if (free && req->buf != &dev->rbuf)
 962                clean_req (ep, req);
 963        req->complete = epio_complete;
 964        spin_unlock_irqrestore(&dev->lock, flags);
 965}
 966
 967static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
 968{
 969        struct dev_data *dev = ep->driver_data;
 970
 971        if (dev->setup_out_ready) {
 972                DBG (dev, "ep0 request busy!\n");
 973                return -EBUSY;
 974        }
 975        if (len > sizeof (dev->rbuf))
 976                req->buf = kmalloc(len, GFP_ATOMIC);
 977        if (req->buf == NULL) {
 978                req->buf = dev->rbuf;
 979                return -ENOMEM;
 980        }
 981        req->complete = ep0_complete;
 982        req->length = len;
 983        req->zero = 0;
 984        return 0;
 985}
 986
 987static ssize_t
 988ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
 989{
 990        struct dev_data                 *dev = fd->private_data;
 991        ssize_t                         retval;
 992        enum ep0_state                  state;
 993
 994        spin_lock_irq (&dev->lock);
 995
 996        /* report fd mode change before acting on it */
 997        if (dev->setup_abort) {
 998                dev->setup_abort = 0;
 999                retval = -EIDRM;
1000                goto done;

1001        }
1002
1003        /* control DATA stage */
1004        if ((state = dev->state) == STATE_DEV_SETUP) {
1005
1006                if (dev->setup_in) {            /* stall IN */
1007                        VDEBUG(dev, "ep0in stall\n");
1008                        (void) usb_ep_set_halt (dev->gadget->ep0);
1009                        retval = -EL2HLT;
1010                        dev->state = STATE_DEV_CONNECTED;
1011
1012                } else if (len == 0) {          /* ack SET_CONFIGURATION etc */
1013                        struct usb_ep           *ep = dev->gadget->ep0;
1014                        struct usb_request      *req = dev->req;
1015
1016                        if ((retval = setup_req (ep, req, 0)) == 0)
1017                                retval = usb_ep_queue (ep, req, GFP_ATOMIC);
1018                        dev->state = STATE_DEV_CONNECTED;
1019
1020                        /* assume that was SET_CONFIGURATION */
1021                        if (dev->current_config) {
1022                                unsigned power;
1023
1024                                if (gadget_is_dualspeed(dev->gadget)
1025                                                && (dev->gadget->speed
1026                                                        == USB_SPEED_HIGH))
1027                                        power = dev->hs_config->bMaxPower;
1028                                else
1029                                        power = dev->config->bMaxPower;
1030                                usb_gadget_vbus_draw(dev->gadget, 2 * power);
1031                        }
1032
1033                } else {                        /* collect OUT data */
1034                        if ((fd->f_flags & O_NONBLOCK) != 0
1035                                        && !dev->setup_out_ready) {
1036                                retval = -EAGAIN;
1037                                goto done;
1038                        }
1039                        spin_unlock_irq (&dev->lock);
1040                        retval = wait_event_interruptible (dev->wait,
1041                                        dev->setup_out_ready != 0);
1042
1043                        /* FIXME state could change from under us */
1044                        spin_lock_irq (&dev->lock);
1045                        if (retval)
1046                                goto done;
1047
1048                        if (dev->state != STATE_DEV_SETUP) {
1049                                retval = -ECANCELED;
1050                                goto done;
1051                        }
1052                        dev->state = STATE_DEV_CONNECTED;
1053
1054                        if (dev->setup_out_error)
1055                                retval = -EIO;
1056                        else {
1057                                len = min (len, (size_t)dev->req->actual);
1058// FIXME don't call this with the spinlock held ...
1059                                if (copy_to_user (buf, dev->req->buf, len))
1060                                        retval = -EFAULT;
1061                                else
1062                                        retval = len;
1063                                clean_req (dev->gadget->ep0, dev->req);
1064                                /* NOTE userspace can't yet choose to stall */
1065                        }
1066                }
1067                goto done;
1068        }
1069
1070        /* else normal: return event data */
1071        if (len < sizeof dev->event [0]) {
1072                retval = -EINVAL;
1073                goto done;
1074        }
1075        len -= len % sizeof (struct usb_gadgetfs_event);
1076        dev->usermode_setup = 1;
1077
1078scan:
1079        /* return queued events right away */
1080        if (dev->ev_next != 0) {
1081                unsigned                i, n;
1082
1083                n = len / sizeof (struct usb_gadgetfs_event);
1084                if (dev->ev_next < n)
1085                        n = dev->ev_next;
1086
1087                /* ep0 i/o has special semantics during STATE_DEV_SETUP */
1088                for (i = 0; i < n; i++) {
1089                        if (dev->event [i].type == GADGETFS_SETUP) {
1090                                dev->state = STATE_DEV_SETUP;
1091                                n = i + 1;
1092                                break;
1093                        }
1094                }
1095                spin_unlock_irq (&dev->lock);
1096                len = n * sizeof (struct usb_gadgetfs_event);
1097                if (copy_to_user (buf, &dev->event, len))
1098                        retval = -EFAULT;
1099                else
1100                        retval = len;
1101                if (len > 0) {
1102                        /* NOTE this doesn't guard against broken drivers;
1103                         * concurrent ep0 readers may lose events.
1104                         */
1105                        spin_lock_irq (&dev->lock);
1106                        if (dev->ev_next > n) {
1107                                memmove(&dev->event[0], &dev->event[n],
1108                                        sizeof (struct usb_gadgetfs_event)
1109                                                * (dev->ev_next - n));
1110                        }
1111                        dev->ev_next -= n;
1112                        spin_unlock_irq (&dev->lock);
1113                }
1114                return retval;
1115        }
1116        if (fd->f_flags & O_NONBLOCK) {
1117                retval = -EAGAIN;
1118                goto done;
1119        }
1120
1121        switch (state) {
1122        default:
1123                DBG (dev, "fail %s, state %d\n", __func__, state);
1124                retval = -ESRCH;
1125                break;
1126        case STATE_DEV_UNCONNECTED:
1127        case STATE_DEV_CONNECTED:
1128                spin_unlock_irq (&dev->lock);
1129                DBG (dev, "%s wait\n", __func__);
1130
1131                /* wait for events */
1132                retval = wait_event_interruptible (dev->wait,
1133                                dev->ev_next != 0);
1134                if (retval < 0)
1135                        return retval;
1136                spin_lock_irq (&dev->lock);
1137                goto scan;
1138        }
1139
1140done:
1141        spin_unlock_irq (&dev->lock);
1142        return retval;
1143}
1144
1145static struct usb_gadgetfs_event *
1146next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1147{
1148        struct usb_gadgetfs_event       *event;
1149        unsigned                        i;
1150
1151        switch (type) {
1152        /* these events purge the queue */
1153        case GADGETFS_DISCONNECT:
1154                if (dev->state == STATE_DEV_SETUP)
1155                        dev->setup_abort = 1;
1156                // FALL THROUGH
1157        case GADGETFS_CONNECT:
1158                dev->ev_next = 0;
1159                break;
1160        case GADGETFS_SETUP:            /* previous request timed out */
1161        case GADGETFS_SUSPEND:          /* same effect */
1162                /* these events can't be repeated */
1163                for (i = 0; i != dev->ev_next; i++) {
1164                        if (dev->event [i].type != type)
1165                                continue;
1166                        DBG(dev, "discard old event[%d] %d\n", i, type);
1167                        dev->ev_next--;
1168                        if (i == dev->ev_next)
1169                                break;
1170                        /* indices start at zero, for simplicity */
1171                        memmove (&dev->event [i], &dev->event [i + 1],
1172                                sizeof (struct usb_gadgetfs_event)
1173                                        * (dev->ev_next - i));
1174                }
1175                break;
1176        default:
1177                BUG ();
1178        }
1179        VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1180        event = &dev->event [dev->ev_next++];
1181        BUG_ON (dev->ev_next > N_EVENT);
1182        memset (event, 0, sizeof *event);
1183        event->type = type;
1184        return event;
1185}
1186
1187static ssize_t
1188ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1189{
1190        struct dev_data         *dev = fd->private_data;
1191        ssize_t                 retval = -ESRCH;
1192
1193        spin_lock_irq (&dev->lock);
1194
1195        /* report fd mode change before acting on it */
1196        if (dev->setup_abort) {
1197                dev->setup_abort = 0;
1198                retval = -EIDRM;
1199
1200        /* data and/or status stage for control request */
1201        } else if (dev->state == STATE_DEV_SETUP) {
1202
1203                /* IN DATA+STATUS caller makes len <= wLength */
1204                if (dev->setup_in) {
1205                        retval = setup_req (dev->gadget->ep0, dev->req, len);
1206                        if (retval == 0) {
1207                                dev->state = STATE_DEV_CONNECTED;
1208                                spin_unlock_irq (&dev->lock);
1209                                if (copy_from_user (dev->req->buf, buf, len))
1210                                        retval = -EFAULT;
1211                                else {
1212                                        if (len < dev->setup_wLength)
1213                                                dev->req->zero = 1;
1214                                        retval = usb_ep_queue (
1215                                                dev->gadget->ep0, dev->req,
1216                                                GFP_KERNEL);
1217                                }
1218                                if (retval < 0) {
1219                                        spin_lock_irq (&dev->lock);
1220                                        clean_req (dev->gadget->ep0, dev->req);
1221                                        spin_unlock_irq (&dev->lock);
1222                                } else
1223                                        retval = len;
1224
1225                                return retval;
1226                        }
1227
1228                /* can stall some OUT transfers */
1229                } else if (dev->setup_can_stall) {
1230                        VDEBUG(dev, "ep0out stall\n");
1231                        (void) usb_ep_set_halt (dev->gadget->ep0);
1232                        retval = -EL2HLT;
1233                        dev->state = STATE_DEV_CONNECTED;
1234                } else {
1235                        DBG(dev, "bogus ep0out stall!\n");
1236                }
1237        } else
1238                DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1239
1240        spin_unlock_irq (&dev->lock);
1241        return retval;
1242}
1243
1244static int
1245ep0_fasync (int f, struct file *fd, int on)
1246{
1247        struct dev_data         *dev = fd->private_data;
1248        // caller must F_SETOWN before signal delivery happens
1249        VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1250        return fasync_helper (f, fd, on, &dev->fasync);
1251}
1252
1253static struct usb_gadget_driver gadgetfs_driver;
1254
1255static int
1256dev_release (struct inode *inode, struct file *fd)
1257{
1258        struct dev_data         *dev = fd->private_data;
1259
1260        /* closing ep0 === shutdown all */
1261
1262        usb_gadget_unregister_driver (&gadgetfs_driver);
1263
1264        /* at this point "good" hardware has disconnected the
1265         * device from USB; the host won't see it any more.
1266         * alternatively, all host requests will time out.
1267         */
1268
1269        kfree (dev->buf);
1270        dev->buf = NULL;
1271        put_dev (dev);
1272
1273        /* other endpoints were all decoupled from this device */
1274        spin_lock_irq(&dev->lock);
1275        dev->state = STATE_DEV_DISABLED;
1276        spin_unlock_irq(&dev->lock);
1277        return 0;
1278}
1279
1280static unsigned int
1281ep0_poll (struct file *fd, poll_table *wait)
1282{
1283       struct dev_data         *dev = fd->private_data;
1284       int                     mask = 0;
1285
1286       poll_wait(fd, &dev->wait, wait);
1287
1288       spin_lock_irq (&dev->lock);
1289
1290       /* report fd mode change before acting on it */
1291       if (dev->setup_abort) {
1292               dev->setup_abort = 0;
1293               mask = POLLHUP;
1294               goto out;
1295       }
1296
1297       if (dev->state == STATE_DEV_SETUP) {
1298               if (dev->setup_in || dev->setup_can_stall)
1299                       mask = POLLOUT;
1300       } else {
1301               if (dev->ev_next != 0)
1302                       mask = POLLIN;
1303       }
1304out:
1305       spin_unlock_irq(&dev->lock);
1306       return mask;
1307}
1308
1309static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1310{
1311        struct dev_data         *dev = fd->private_data;
1312        struct usb_gadget       *gadget = dev->gadget;
1313        long ret = -ENOTTY;
1314
1315        if (gadget->ops->ioctl)
1316                ret = gadget->ops->ioctl (gadget, code, value);
1317
1318        return ret;
1319}
1320
1321/* used after device configuration */
1322static const struct file_operations ep0_io_operations = {
1323        .owner =        THIS_MODULE,
1324        .llseek =       no_llseek,
1325
1326        .read =         ep0_read,
1327        .write =        ep0_write,
1328        .fasync =       ep0_fasync,
1329        .poll =         ep0_poll,
1330        .unlocked_ioctl =       dev_ioctl,
1331        .release =      dev_release,
1332};
1333
1334/*----------------------------------------------------------------------*/
1335
1336/* The in-kernel gadget driver handles most ep0 issues, in particular
1337 * enumerating the single configuration (as provided from user space).
1338 *
1339 * Unrecognized ep0 requests may be handled in user space.
1340 */
1341
1342static void make_qualifier (struct dev_data *dev)
1343{
1344        struct usb_qualifier_descriptor         qual;
1345        struct usb_device_descriptor            *desc;
1346
1347        qual.bLength = sizeof qual;
1348        qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1349        qual.bcdUSB = cpu_to_le16 (0x0200);
1350
1351        desc = dev->dev;
1352        qual.bDeviceClass = desc->bDeviceClass;
1353        qual.bDeviceSubClass = desc->bDeviceSubClass;
1354        qual.bDeviceProtocol = desc->bDeviceProtocol;
1355
1356        /* assumes ep0 uses the same value for both speeds ... */
1357        qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1358
1359        qual.bNumConfigurations = 1;
1360        qual.bRESERVED = 0;
1361
1362        memcpy (dev->rbuf, &qual, sizeof qual);
1363}
1364
1365static int
1366config_buf (struct dev_data *dev, u8 type, unsigned index)
1367{
1368        int             len;
1369        int             hs = 0;
1370
1371        /* only one configuration */
1372        if (index > 0)
1373                return -EINVAL;
1374
1375        if (gadget_is_dualspeed(dev->gadget)) {
1376                hs = (dev->gadget->speed == USB_SPEED_HIGH);
1377                if (type == USB_DT_OTHER_SPEED_CONFIG)
1378                        hs = !hs;
1379        }
1380        if (hs) {
1381                dev->req->buf = dev->hs_config;
1382                len = le16_to_cpu(dev->hs_config->wTotalLength);
1383        } else {
1384                dev->req->buf = dev->config;
1385                len = le16_to_cpu(dev->config->wTotalLength);
1386        }
1387        ((u8 *)dev->req->buf) [1] = type;
1388        return len;
1389}
1390
1391static int
1392gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1393{
1394        struct dev_data                 *dev = get_gadget_data (gadget);
1395        struct usb_request              *req = dev->req;
1396        int                             value = -EOPNOTSUPP;
1397        struct usb_gadgetfs_event       *event;
1398        u16                             w_value = le16_to_cpu(ctrl->wValue);
1399        u16                             w_length = le16_to_cpu(ctrl->wLength);
1400
1401        spin_lock (&dev->lock);
1402        dev->setup_abort = 0;
1403        if (dev->state == STATE_DEV_UNCONNECTED) {
1404                if (gadget_is_dualspeed(gadget)
1405                                && gadget->speed == USB_SPEED_HIGH
1406                                && dev->hs_config == NULL) {
1407                        spin_unlock(&dev->lock);
1408                        ERROR (dev, "no high speed config??\n");
1409                        return -EINVAL;
1410                }
1411
1412                dev->state = STATE_DEV_CONNECTED;
1413
1414                INFO (dev, "connected\n");
1415                event = next_event (dev, GADGETFS_CONNECT);
1416                event->u.speed = gadget->speed;
1417                ep0_readable (dev);
1418
1419        /* host may have given up waiting for response.  we can miss control
1420         * requests handled lower down (device/endpoint status and features);
1421         * then ep0_{read,write} will report the wrong status. controller
1422         * driver will have aborted pending i/o.
1423         */
1424        } else if (dev->state == STATE_DEV_SETUP)
1425                dev->setup_abort = 1;
1426
1427        req->buf = dev->rbuf;
1428        req->context = NULL;
1429        value = -EOPNOTSUPP;
1430        switch (ctrl->bRequest) {
1431
1432        case USB_REQ_GET_DESCRIPTOR:
1433                if (ctrl->bRequestType != USB_DIR_IN)
1434                        goto unrecognized;
1435                switch (w_value >> 8) {
1436
1437                case USB_DT_DEVICE:
1438                        value = min (w_length, (u16) sizeof *dev->dev);
1439                        dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1440                        req->buf = dev->dev;
1441                        break;
1442                case USB_DT_DEVICE_QUALIFIER:
1443                        if (!dev->hs_config)
1444                                break;
1445                        value = min (w_length, (u16)
1446                                sizeof (struct usb_qualifier_descriptor));
1447                        make_qualifier (dev);
1448                        break;
1449                case USB_DT_OTHER_SPEED_CONFIG:
1450                        // FALLTHROUGH
1451                case USB_DT_CONFIG:
1452                        value = config_buf (dev,
1453                                        w_value >> 8,
1454                                        w_value & 0xff);
1455                        if (value >= 0)
1456                                value = min (w_length, (u16) value);
1457                        break;
1458                case USB_DT_STRING:
1459                        goto unrecognized;
1460
1461                default:                // all others are errors
1462                        break;
1463                }
1464                break;
1465
1466        /* currently one config, two speeds */
1467        case USB_REQ_SET_CONFIGURATION:
1468                if (ctrl->bRequestType != 0)
1469                        goto unrecognized;
1470                if (0 == (u8) w_value) {
1471                        value = 0;
1472                        dev->current_config = 0;
1473                        usb_gadget_vbus_draw(gadget, 8 /* mA */ );
1474                        // user mode expected to disable endpoints
1475                } else {
1476                        u8      config, power;
1477
1478                        if (gadget_is_dualspeed(gadget)
1479                                        && gadget->speed == USB_SPEED_HIGH) {
1480                                config = dev->hs_config->bConfigurationValue;
1481                                power = dev->hs_config->bMaxPower;
1482                        } else {
1483                                config = dev->config->bConfigurationValue;
1484                                power = dev->config->bMaxPower;
1485                        }
1486
1487                        if (config == (u8) w_value) {
1488                                value = 0;
1489                                dev->current_config = config;
1490                                usb_gadget_vbus_draw(gadget, 2 * power);
1491                        }
1492                }
1493
1494                /* report SET_CONFIGURATION like any other control request,
1495                 * except that usermode may not stall this.  the next
1496                 * request mustn't be allowed start until this finishes:
1497                 * endpoints and threads set up, etc.
1498                 *
1499                 * NOTE:  older PXA hardware (before PXA 255: without UDCCFR)
1500                 * has bad/racey automagic that prevents synchronizing here.
1501                 * even kernel mode drivers often miss them.
1502                 */
1503                if (value == 0) {
1504                        INFO (dev, "configuration #%d\n", dev->current_config);
1505                        if (dev->usermode_setup) {
1506                                dev->setup_can_stall = 0;
1507                                goto delegate;
1508                        }
1509                }
1510                break;
1511
1512#ifndef CONFIG_USB_GADGET_PXA25X
1513        /* PXA automagically handles this request too */
1514        case USB_REQ_GET_CONFIGURATION:
1515                if (ctrl->bRequestType != 0x80)
1516                        goto unrecognized;
1517                *(u8 *)req->buf = dev->current_config;
1518                value = min (w_length, (u16) 1);
1519                break;
1520#endif
1521
1522        default:
1523unrecognized:
1524                VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1525                        dev->usermode_setup ? "delegate" : "fail",
1526                        ctrl->bRequestType, ctrl->bRequest,
1527                        w_value, le16_to_cpu(ctrl->wIndex), w_length);
1528
1529                /* if there's an ep0 reader, don't stall */
1530                if (dev->usermode_setup) {
1531                        dev->setup_can_stall = 1;
1532delegate:
1533                        dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1534                                                ? 1 : 0;
1535                        dev->setup_wLength = w_length;
1536                        dev->setup_out_ready = 0;
1537                        dev->setup_out_error = 0;
1538                        value = 0;
1539
1540                        /* read DATA stage for OUT right away */
1541                        if (unlikely (!dev->setup_in && w_length)) {
1542                                value = setup_req (gadget->ep0, dev->req,
1543                                                        w_length);
1544                                if (value < 0)
1545                                        break;
1546                                value = usb_ep_queue (gadget->ep0, dev->req,
1547                                                        GFP_ATOMIC);
1548                                if (value < 0) {
1549                                        clean_req (gadget->ep0, dev->req);
1550                                        break;
1551                                }
1552
1553                                /* we can't currently stall these */
1554                                dev->setup_can_stall = 0;
1555                        }
1556
1557                        /* state changes when reader collects event */
1558                        event = next_event (dev, GADGETFS_SETUP);
1559                        event->u.setup = *ctrl;
1560                        ep0_readable (dev);
1561                        spin_unlock (&dev->lock);
1562                        return 0;
1563                }
1564        }
1565
1566        /* proceed with data transfer and status phases? */
1567        if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1568                req->length = value;
1569                req->zero = value < w_length;
1570                value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC);
1571                if (value < 0) {
1572                        DBG (dev, "ep_queue --> %d\n", value);
1573                        req->status = 0;
1574                }
1575        }
1576
1577        /* device stalls when value < 0 */
1578        spin_unlock (&dev->lock);
1579        return value;
1580}
1581
1582static void destroy_ep_files (struct dev_data *dev)
1583{
1584        DBG (dev, "%s %d\n", __func__, dev->state);
1585
1586        /* dev->state must prevent interference */
1587        spin_lock_irq (&dev->lock);
1588        while (!list_empty(&dev->epfiles)) {
1589                struct ep_data  *ep;
1590                struct inode    *parent;
1591                struct dentry   *dentry;
1592
1593                /* break link to FS */
1594                ep = list_first_entry (&dev->epfiles, struct ep_data, epfiles);
1595                list_del_init (&ep->epfiles);
1596                dentry = ep->dentry;
1597                ep->dentry = NULL;
1598                parent = dentry->d_parent->d_inode;
1599
1600                /* break link to controller */
1601                if (ep->state == STATE_EP_ENABLED)
1602                        (void) usb_ep_disable (ep->ep);
1603                ep->state = STATE_EP_UNBOUND;
1604                usb_ep_free_request (ep->ep, ep->req);
1605                ep->ep = NULL;
1606                wake_up (&ep->wait);
1607                put_ep (ep);
1608
1609                spin_unlock_irq (&dev->lock);
1610
1611                /* break link to dcache */
1612                mutex_lock (&parent->i_mutex);
1613                d_delete (dentry);
1614                dput (dentry);
1615                mutex_unlock (&parent->i_mutex);
1616
1617                spin_lock_irq (&dev->lock);
1618        }
1619        spin_unlock_irq (&dev->lock);
1620}
1621
1622
1623static struct inode *
1624gadgetfs_create_file (struct super_block *sb, char const *name,
1625                void *data, const struct file_operations *fops,
1626                struct dentry **dentry_p);
1627
1628static int activate_ep_files (struct dev_data *dev)
1629{
1630        struct usb_ep   *ep;
1631        struct ep_data  *data;
1632
1633        gadget_for_each_ep (ep, dev->gadget) {
1634
1635                data = kzalloc(sizeof(*data), GFP_KERNEL);
1636                if (!data)
1637                        goto enomem0;
1638                data->state = STATE_EP_DISABLED;
1639                mutex_init(&data->lock);
1640                init_waitqueue_head (&data->wait);
1641
1642                strncpy (data->name, ep->name, sizeof (data->name) - 1);
1643                atomic_set (&data->count, 1);
1644                data->dev = dev;
1645                get_dev (dev);
1646
1647                data->ep = ep;
1648                ep->driver_data = data;
1649
1650                data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1651                if (!data->req)
1652                        goto enomem1;
1653
1654                data->inode = gadgetfs_create_file (dev->sb, data->name,
1655                                data, &ep_config_operations,
1656                                &data->dentry);
1657                if (!data->inode)
1658                        goto enomem2;
1659                list_add_tail (&data->epfiles, &dev->epfiles);
1660        }
1661        return 0;
1662
1663enomem2:
1664        usb_ep_free_request (ep, data->req);
1665enomem1:
1666        put_dev (dev);
1667        kfree (data);
1668enomem0:
1669        DBG (dev, "%s enomem\n", __func__);
1670        destroy_ep_files (dev);
1671        return -ENOMEM;
1672}
1673
1674static void
1675gadgetfs_unbind (struct usb_gadget *gadget)
1676{
1677        struct dev_data         *dev = get_gadget_data (gadget);
1678
1679        DBG (dev, "%s\n", __func__);
1680
1681        spin_lock_irq (&dev->lock);
1682        dev->state = STATE_DEV_UNBOUND;
1683        spin_unlock_irq (&dev->lock);
1684
1685        destroy_ep_files (dev);
1686        gadget->ep0->driver_data = NULL;
1687        set_gadget_data (gadget, NULL);
1688
1689        /* we've already been disconnected ... no i/o is active */
1690        if (dev->req)
1691                usb_ep_free_request (gadget->ep0, dev->req);
1692        DBG (dev, "%s done\n", __func__);
1693        put_dev (dev);
1694}
1695
1696static struct dev_data          *the_device;
1697
1698static int gadgetfs_bind(struct usb_gadget *gadget,
1699                struct usb_gadget_driver *driver)
1700{
1701        struct dev_data         *dev = the_device;
1702
1703        if (!dev)
1704                return -ESRCH;
1705        if (0 != strcmp (CHIP, gadget->name)) {
1706                pr_err("%s expected %s controller not %s\n",
1707                        shortname, CHIP, gadget->name);
1708                return -ENODEV;
1709        }
1710
1711        set_gadget_data (gadget, dev);
1712        dev->gadget = gadget;
1713        gadget->ep0->driver_data = dev;
1714
1715        /* preallocate control response and buffer */
1716        dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1717        if (!dev->req)
1718                goto enomem;
1719        dev->req->context = NULL;
1720        dev->req->complete = epio_complete;
1721
1722        if (activate_ep_files (dev) < 0)
1723                goto enomem;
1724
1725        INFO (dev, "bound to %s driver\n", gadget->name);
1726        spin_lock_irq(&dev->lock);
1727        dev->state = STATE_DEV_UNCONNECTED;
1728        spin_unlock_irq(&dev->lock);
1729        get_dev (dev);
1730        return 0;
1731
1732enomem:
1733        gadgetfs_unbind (gadget);
1734        return -ENOMEM;
1735}
1736
1737static void
1738gadgetfs_disconnect (struct usb_gadget *gadget)
1739{
1740        struct dev_data         *dev = get_gadget_data (gadget);
1741        unsigned long           flags;
1742
1743        spin_lock_irqsave (&dev->lock, flags);
1744        if (dev->state == STATE_DEV_UNCONNECTED)
1745                goto exit;
1746        dev->state = STATE_DEV_UNCONNECTED;
1747
1748        INFO (dev, "disconnected\n");
1749        next_event (dev, GADGETFS_DISCONNECT);
1750        ep0_readable (dev);
1751exit:
1752        spin_unlock_irqrestore (&dev->lock, flags);
1753}
1754
1755static void
1756gadgetfs_suspend (struct usb_gadget *gadget)
1757{
1758        struct dev_data         *dev = get_gadget_data (gadget);
1759
1760        INFO (dev, "suspended from state %d\n", dev->state);
1761        spin_lock (&dev->lock);
1762        switch (dev->state) {
1763        case STATE_DEV_SETUP:           // VERY odd... host died??
1764        case STATE_DEV_CONNECTED:
1765        case STATE_DEV_UNCONNECTED:
1766                next_event (dev, GADGETFS_SUSPEND);
1767                ep0_readable (dev);
1768                /* FALLTHROUGH */
1769        default:
1770                break;
1771        }
1772        spin_unlock (&dev->lock);
1773}
1774
1775static struct usb_gadget_driver gadgetfs_driver = {
1776        .function       = (char *) driver_desc,
1777        .bind           = gadgetfs_bind,
1778        .unbind         = gadgetfs_unbind,
1779        .setup          = gadgetfs_setup,
1780        .disconnect     = gadgetfs_disconnect,
1781        .suspend        = gadgetfs_suspend,
1782
1783        .driver = {
1784                .name           = (char *) shortname,
1785        },
1786};
1787
1788/*----------------------------------------------------------------------*/
1789
1790static void gadgetfs_nop(struct usb_gadget *arg) { }
1791
1792static int gadgetfs_probe(struct usb_gadget *gadget,
1793                struct usb_gadget_driver *driver)
1794{
1795        CHIP = gadget->name;
1796        return -EISNAM;
1797}
1798
1799static struct usb_gadget_driver probe_driver = {
1800        .max_speed      = USB_SPEED_HIGH,
1801        .bind           = gadgetfs_probe,
1802        .unbind         = gadgetfs_nop,
1803        .setup          = (void *)gadgetfs_nop,
1804        .disconnect     = gadgetfs_nop,
1805        .driver = {
1806                .name           = "nop",
1807        },
1808};
1809
1810
1811/* DEVICE INITIALIZATION
1812 *
1813 *     fd = open ("/dev/gadget/$CHIP", O_RDWR)
1814 *     status = write (fd, descriptors, sizeof descriptors)
1815 *
1816 * That write establishes the device configuration, so the kernel can
1817 * bind to the controller ... guaranteeing it can handle enumeration
1818 * at all necessary speeds.  Descriptor order is:
1819 *
1820 * . message tag (u32, host order) ... for now, must be zero; it
1821 *      would change to support features like multi-config devices
1822 * . full/low speed config ... all wTotalLength bytes (with interface,
1823 *      class, altsetting, endpoint, and other descriptors)
1824 * . high speed config ... all descriptors, for high speed operation;
1825 *      this one's optional except for high-speed hardware
1826 * . device descriptor
1827 *
1828 * Endpoints are not yet enabled. Drivers must wait until device
1829 * configuration and interface altsetting changes create
1830 * the need to configure (or unconfigure) them.
1831 *
1832 * After initialization, the device stays active for as long as that
1833 * $CHIP file is open.  Events must then be read from that descriptor,
1834 * such as configuration notifications.
1835 */
1836
1837static int is_valid_config (struct usb_config_descriptor *config)
1838{
1839        return config->bDescriptorType == USB_DT_CONFIG
1840                && config->bLength == USB_DT_CONFIG_SIZE
1841                && config->bConfigurationValue != 0
1842                && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1843                && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1844        /* FIXME if gadget->is_otg, _must_ include an otg descriptor */
1845        /* FIXME check lengths: walk to end */
1846}
1847
1848static ssize_t
1849dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1850{
1851        struct dev_data         *dev = fd->private_data;
1852        ssize_t                 value = len, length = len;
1853        unsigned                total;
1854        u32                     tag;
1855        char                    *kbuf;
1856
1857        if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4))
1858                return -EINVAL;
1859
1860        /* we might need to change message format someday */
1861        if (copy_from_user (&tag, buf, 4))
1862                return -EFAULT;
1863        if (tag != 0)
1864                return -EINVAL;
1865        buf += 4;
1866        length -= 4;
1867
1868        kbuf = memdup_user(buf, length);
1869        if (IS_ERR(kbuf))
1870                return PTR_ERR(kbuf);
1871
1872        spin_lock_irq (&dev->lock);
1873        value = -EINVAL;
1874        if (dev->buf)
1875                goto fail;
1876        dev->buf = kbuf;
1877
1878        /* full or low speed config */
1879        dev->config = (void *) kbuf;
1880        total = le16_to_cpu(dev->config->wTotalLength);
1881        if (!is_valid_config (dev->config) || total >= length)
1882                goto fail;
1883        kbuf += total;
1884        length -= total;
1885
1886        /* optional high speed config */
1887        if (kbuf [1] == USB_DT_CONFIG) {
1888                dev->hs_config = (void *) kbuf;
1889                total = le16_to_cpu(dev->hs_config->wTotalLength);
1890                if (!is_valid_config (dev->hs_config) || total >= length)
1891                        goto fail;
1892                kbuf += total;
1893                length -= total;
1894        }
1895
1896        /* could support multiple configs, using another encoding! */
1897
1898        /* device descriptor (tweaked for paranoia) */
1899        if (length != USB_DT_DEVICE_SIZE)
1900                goto fail;
1901        dev->dev = (void *)kbuf;
1902        if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1903                        || dev->dev->bDescriptorType != USB_DT_DEVICE
1904                        || dev->dev->bNumConfigurations != 1)
1905                goto fail;
1906        dev->dev->bNumConfigurations = 1;
1907        dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1908
1909        /* triggers gadgetfs_bind(); then we can enumerate. */
1910        spin_unlock_irq (&dev->lock);
1911        if (dev->hs_config)
1912                gadgetfs_driver.max_speed = USB_SPEED_HIGH;
1913        else
1914                gadgetfs_driver.max_speed = USB_SPEED_FULL;
1915
1916        value = usb_gadget_probe_driver(&gadgetfs_driver);
1917        if (value != 0) {
1918                kfree (dev->buf);
1919                dev->buf = NULL;
1920        } else {
1921                /* at this point "good" hardware has for the first time
1922                 * let the USB the host see us.  alternatively, if users
1923                 * unplug/replug that will clear all the error state.
1924                 *
1925                 * note:  everything running before here was guaranteed
1926                 * to choke driver model style diagnostics.  from here
1927                 * on, they can work ... except in cleanup paths that
1928                 * kick in after the ep0 descriptor is closed.
1929                 */
1930                fd->f_op = &ep0_io_operations;
1931                value = len;
1932        }
1933        return value;
1934
1935fail:
1936        spin_unlock_irq (&dev->lock);
1937        pr_debug ("%s: %s fail %Zd, %p\n", shortname, __func__, value, dev);
1938        kfree (dev->buf);
1939        dev->buf = NULL;
1940        return value;
1941}
1942
1943static int
1944dev_open (struct inode *inode, struct file *fd)
1945{
1946        struct dev_data         *dev = inode->i_private;
1947        int                     value = -EBUSY;
1948
1949        spin_lock_irq(&dev->lock);
1950        if (dev->state == STATE_DEV_DISABLED) {
1951                dev->ev_next = 0;
1952                dev->state = STATE_DEV_OPENED;
1953                fd->private_data = dev;
1954                get_dev (dev);
1955                value = 0;
1956        }
1957        spin_unlock_irq(&dev->lock);
1958        return value;
1959}
1960
1961static const struct file_operations dev_init_operations = {
1962        .llseek =       no_llseek,
1963
1964        .open =         dev_open,
1965        .write =        dev_config,
1966        .fasync =       ep0_fasync,
1967        .unlocked_ioctl = dev_ioctl,
1968        .release =      dev_release,
1969};
1970
1971/*----------------------------------------------------------------------*/
1972
1973/* FILESYSTEM AND SUPERBLOCK OPERATIONS
1974 *
1975 * Mounting the filesystem creates a controller file, used first for
1976 * device configuration then later for event monitoring.
1977 */
1978
1979
1980/* FIXME PAM etc could set this security policy without mount options
1981 * if epfiles inherited ownership and permissons from ep0 ...
1982 */
1983
1984static unsigned default_uid;
1985static unsigned default_gid;
1986static unsigned default_perm = S_IRUSR | S_IWUSR;
1987
1988module_param (default_uid, uint, 0644);
1989module_param (default_gid, uint, 0644);
1990module_param (default_perm, uint, 0644);
1991
1992
1993static struct inode *
1994gadgetfs_make_inode (struct super_block *sb,
1995                void *data, const struct file_operations *fops,
1996                int mode)
1997{
1998        struct inode *inode = new_inode (sb);
1999
2000        if (inode) {

2001                inode->i_ino = get_next_ino();
2002                inode->i_mode = mode;
2003                inode->i_uid = make_kuid(&init_user_ns, default_uid);
2004                inode->i_gid = make_kgid(&init_user_ns, default_gid);
2005                inode->i_atime = inode->i_mtime = inode->i_ctime
2006                                = CURRENT_TIME;
2007                inode->i_private = data;
2008                inode->i_fop = fops;
2009        }
2010        return inode;
2011}
2012
2013/* creates in fs root directory, so non-renamable and non-linkable.
2014 * so inode and dentry are paired, until device reconfig.
2015 */
2016static struct inode *
2017gadgetfs_create_file (struct super_block *sb, char const *name,
2018                void *data, const struct file_operations *fops,
2019                struct dentry **dentry_p)
2020{
2021        struct dentry   *dentry;
2022        struct inode    *inode;
2023
2024        dentry = d_alloc_name(sb->s_root, name);
2025        if (!dentry)
2026                return NULL;
2027
2028        inode = gadgetfs_make_inode (sb, data, fops,
2029                        S_IFREG | (default_perm & S_IRWXUGO));
2030        if (!inode) {
2031                dput(dentry);
2032                return NULL;
2033        }
2034        d_add (dentry, inode);
2035        *dentry_p = dentry;
2036        return inode;
2037}
2038
2039static const struct super_operations gadget_fs_operations = {
2040        .statfs =       simple_statfs,
2041        .drop_inode =   generic_delete_inode,
2042};
2043
2044static int
2045gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
2046{
2047        struct inode    *inode;
2048        struct dev_data *dev;
2049
2050        if (the_device)
2051                return -ESRCH;
2052
2053        /* fake probe to determine $CHIP */
2054        usb_gadget_probe_driver(&probe_driver);
2055        if (!CHIP)
2056                return -ENODEV;
2057
2058        /* superblock */
2059        sb->s_blocksize = PAGE_CACHE_SIZE;
2060        sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
2061        sb->s_magic = GADGETFS_MAGIC;
2062        sb->s_op = &gadget_fs_operations;
2063        sb->s_time_gran = 1;
2064
2065        /* root inode */
2066        inode = gadgetfs_make_inode (sb,
2067                        NULL, &simple_dir_operations,
2068                        S_IFDIR | S_IRUGO | S_IXUGO);
2069        if (!inode)
2070                goto Enomem;
2071        inode->i_op = &simple_dir_inode_operations;
2072        if (!(sb->s_root = d_make_root (inode)))
2073                goto Enomem;
2074
2075        /* the ep0 file is named after the controller we expect;
2076         * user mode code can use it for sanity checks, like we do.
2077         */
2078        dev = dev_new ();
2079        if (!dev)
2080                goto Enomem;
2081
2082        dev->sb = sb;
2083        if (!gadgetfs_create_file (sb, CHIP,
2084                                dev, &dev_init_operations,
2085                                &dev->dentry)) {
2086                put_dev(dev);
2087                goto Enomem;
2088        }
2089
2090        /* other endpoint files are available after hardware setup,
2091         * from binding to a controller.
2092         */
2093        the_device = dev;
2094        return 0;
2095
2096Enomem:
2097        return -ENOMEM;
2098}
2099
2100/* "mount -t gadgetfs path /dev/gadget" ends up here */
2101static struct dentry *
2102gadgetfs_mount (struct file_system_type *t, int flags,
2103                const char *path, void *opts)
2104{
2105        return mount_single (t, flags, opts, gadgetfs_fill_super);
2106}
2107
2108static void
2109gadgetfs_kill_sb (struct super_block *sb)
2110{
2111        kill_litter_super (sb);
2112        if (the_device) {
2113                put_dev (the_device);
2114                the_device = NULL;
2115        }
2116}
2117
2118/*----------------------------------------------------------------------*/
2119
2120static struct file_system_type gadgetfs_type = {
2121        .owner          = THIS_MODULE,
2122        .name           = shortname,
2123        .mount          = gadgetfs_mount,
2124        .kill_sb        = gadgetfs_kill_sb,
2125};
2126MODULE_ALIAS_FS("gadgetfs");
2127
2128/*----------------------------------------------------------------------*/
2129
2130static int __init init (void)
2131{
2132        int status;
2133
2134        status = register_filesystem (&gadgetfs_type);
2135        if (status == 0)
2136                pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2137                        shortname, driver_desc);
2138        return status;
2139}
2140module_init (init);
2141
2142static void __exit cleanup (void)
2143{
2144        pr_debug ("unregister %s\n", shortname);
2145        unregister_filesystem (&gadgetfs_type);
2146}
2147module_exit (cleanup);
2148
2149