1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16#include <linux/init.h>
17#include <linux/module.h>
18#include <linux/fs.h>
19#include <linux/pagemap.h>
20#include <linux/uts.h>
21#include <linux/wait.h>
22#include <linux/compiler.h>
23#include <linux/uaccess.h>
24#include <linux/sched.h>
25#include <linux/slab.h>
26#include <linux/poll.h>
27#include <linux/mmu_context.h>
28#include <linux/aio.h>
29#include <linux/uio.h>
30
31#include <linux/device.h>
32#include <linux/moduleparam.h>
33
34#include <linux/usb/gadgetfs.h>
35#include <linux/usb/gadget.h>
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68#define DRIVER_DESC "USB Gadget filesystem"
69#define DRIVER_VERSION "24 Aug 2004"
70
71static const char driver_desc [] = DRIVER_DESC;
72static const char shortname [] = "gadgetfs";
73
74MODULE_DESCRIPTION (DRIVER_DESC);
75MODULE_AUTHOR ("David Brownell");
76MODULE_LICENSE ("GPL");
77
78static int ep_open(struct inode *, struct file *);
79
80
81
82
83#define GADGETFS_MAGIC 0xaee71ee7
84
85
86enum ep0_state {
87
88
89 STATE_DEV_DISABLED = 0,
90
91
92
93
94
95
96 STATE_DEV_OPENED,
97
98
99
100
101
102
103 STATE_DEV_UNCONNECTED,
104 STATE_DEV_CONNECTED,
105 STATE_DEV_SETUP,
106
107
108
109
110 STATE_DEV_UNBOUND,
111};
112
113
114#define N_EVENT 5
115
116struct dev_data {
117 spinlock_t lock;
118 atomic_t count;
119 enum ep0_state state;
120 struct usb_gadgetfs_event event [N_EVENT];
121 unsigned ev_next;
122 struct fasync_struct *fasync;
123 u8 current_config;
124
125
126
127
128 unsigned usermode_setup : 1,
129 setup_in : 1,
130 setup_can_stall : 1,
131 setup_out_ready : 1,
132 setup_out_error : 1,
133 setup_abort : 1,
134 gadget_registered : 1;
135 unsigned setup_wLength;
136
137
138 struct usb_config_descriptor *config, *hs_config;
139 struct usb_device_descriptor *dev;
140 struct usb_request *req;
141 struct usb_gadget *gadget;
142 struct list_head epfiles;
143 void *buf;
144 wait_queue_head_t wait;
145 struct super_block *sb;
146 struct dentry *dentry;
147
148
149 u8 rbuf [256];
150};
151
152static inline void get_dev (struct dev_data *data)
153{
154 atomic_inc (&data->count);
155}
156
157static void put_dev (struct dev_data *data)
158{
159 if (likely (!atomic_dec_and_test (&data->count)))
160 return;
161
162 BUG_ON (waitqueue_active (&data->wait));
163 kfree (data);
164}
165
166static struct dev_data *dev_new (void)
167{
168 struct dev_data *dev;
169
170 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
171 if (!dev)
172 return NULL;
173 dev->state = STATE_DEV_DISABLED;
174 atomic_set (&dev->count, 1);
175 spin_lock_init (&dev->lock);
176 INIT_LIST_HEAD (&dev->epfiles);
177 init_waitqueue_head (&dev->wait);
178 return dev;
179}
180
181
182
183
184enum ep_state {
185 STATE_EP_DISABLED = 0,
186 STATE_EP_READY,
187 STATE_EP_ENABLED,
188 STATE_EP_UNBOUND,
189};
190
191struct ep_data {
192 struct mutex lock;
193 enum ep_state state;
194 atomic_t count;
195 struct dev_data *dev;
196
197 struct usb_ep *ep;
198 struct usb_request *req;
199 ssize_t status;
200 char name [16];
201 struct usb_endpoint_descriptor desc, hs_desc;
202 struct list_head epfiles;
203 wait_queue_head_t wait;
204 struct dentry *dentry;
205};
206
207static inline void get_ep (struct ep_data *data)
208{
209 atomic_inc (&data->count);
210}
211
212static void put_ep (struct ep_data *data)
213{
214 if (likely (!atomic_dec_and_test (&data->count)))
215 return;
216 put_dev (data->dev);
217
218 BUG_ON (!list_empty (&data->epfiles));
219 BUG_ON (waitqueue_active (&data->wait));
220 kfree (data);
221}
222
223
224
225
226
227
228
229
230
231static const char *CHIP;
232
233
234
235
236
237
238
239
240#define xprintk(d,level,fmt,args...) \
241 printk(level "%s: " fmt , shortname , ## args)
242
243#ifdef DEBUG
244#define DBG(dev,fmt,args...) \
245 xprintk(dev , KERN_DEBUG , fmt , ## args)
246#else
247#define DBG(dev,fmt,args...) \
248 do { } while (0)
249#endif
250
251#ifdef VERBOSE_DEBUG
252#define VDEBUG DBG
253#else
254#define VDEBUG(dev,fmt,args...) \
255 do { } while (0)
256#endif
257
258#define ERROR(dev,fmt,args...) \
259 xprintk(dev , KERN_ERR , fmt , ## args)
260#define INFO(dev,fmt,args...) \
261 xprintk(dev , KERN_INFO , fmt , ## args)
262
263
264
265
266
267
268
269
270
271
272
273static void epio_complete (struct usb_ep *ep, struct usb_request *req)
274{
275 struct ep_data *epdata = ep->driver_data;
276
277 if (!req->context)
278 return;
279 if (req->status)
280 epdata->status = req->status;
281 else
282 epdata->status = req->actual;
283 complete ((struct completion *)req->context);
284}
285
286
287
288
289static int
290get_ready_ep (unsigned f_flags, struct ep_data *epdata, bool is_write)
291{
292 int val;
293
294 if (f_flags & O_NONBLOCK) {
295 if (!mutex_trylock(&epdata->lock))
296 goto nonblock;
297 if (epdata->state != STATE_EP_ENABLED &&
298 (!is_write || epdata->state != STATE_EP_READY)) {
299 mutex_unlock(&epdata->lock);
300nonblock:
301 val = -EAGAIN;
302 } else
303 val = 0;
304 return val;
305 }
306
307 val = mutex_lock_interruptible(&epdata->lock);
308 if (val < 0)
309 return val;
310
311 switch (epdata->state) {
312 case STATE_EP_ENABLED:
313 return 0;
314 case STATE_EP_READY:
315 if (is_write)
316 return 0;
317
318 case STATE_EP_UNBOUND:
319 break;
320
321 default:
322 pr_debug ("%s: ep %p not available, state %d\n",
323 shortname, epdata, epdata->state);
324 }
325 mutex_unlock(&epdata->lock);
326 return -ENODEV;
327}
328
329static ssize_t
330ep_io (struct ep_data *epdata, void *buf, unsigned len)
331{
332 DECLARE_COMPLETION_ONSTACK (done);
333 int value;
334
335 spin_lock_irq (&epdata->dev->lock);
336 if (likely (epdata->ep != NULL)) {
337 struct usb_request *req = epdata->req;
338
339 req->context = &done;
340 req->complete = epio_complete;
341 req->buf = buf;
342 req->length = len;
343 value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
344 } else
345 value = -ENODEV;
346 spin_unlock_irq (&epdata->dev->lock);
347
348 if (likely (value == 0)) {
349 value = wait_event_interruptible (done.wait, done.done);
350 if (value != 0) {
351 spin_lock_irq (&epdata->dev->lock);
352 if (likely (epdata->ep != NULL)) {
353 DBG (epdata->dev, "%s i/o interrupted\n",
354 epdata->name);
355 usb_ep_dequeue (epdata->ep, epdata->req);
356 spin_unlock_irq (&epdata->dev->lock);
357
358 wait_event (done.wait, done.done);
359 if (epdata->status == -ECONNRESET)
360 epdata->status = -EINTR;
361 } else {
362 spin_unlock_irq (&epdata->dev->lock);
363
364 DBG (epdata->dev, "endpoint gone\n");
365 epdata->status = -ENODEV;
366 }
367 }
368 return epdata->status;
369 }
370 return value;
371}
372
373static int
374ep_release (struct inode *inode, struct file *fd)
375{
376 struct ep_data *data = fd->private_data;
377 int value;
378
379 value = mutex_lock_interruptible(&data->lock);
380 if (value < 0)
381 return value;
382
383
384 if (data->state != STATE_EP_UNBOUND) {
385 data->state = STATE_EP_DISABLED;
386 data->desc.bDescriptorType = 0;
387 data->hs_desc.bDescriptorType = 0;
388 usb_ep_disable(data->ep);
389 }
390 mutex_unlock(&data->lock);
391 put_ep (data);
392 return 0;
393}
394
395static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
396{
397 struct ep_data *data = fd->private_data;
398 int status;
399
400 if ((status = get_ready_ep (fd->f_flags, data, false)) < 0)
401 return status;
402
403 spin_lock_irq (&data->dev->lock);
404 if (likely (data->ep != NULL)) {
405 switch (code) {
406 case GADGETFS_FIFO_STATUS:
407 status = usb_ep_fifo_status (data->ep);
408 break;
409 case GADGETFS_FIFO_FLUSH:
410 usb_ep_fifo_flush (data->ep);
411 break;
412 case GADGETFS_CLEAR_HALT:
413 status = usb_ep_clear_halt (data->ep);
414 break;
415 default:
416 status = -ENOTTY;
417 }
418 } else
419 status = -ENODEV;
420 spin_unlock_irq (&data->dev->lock);
421 mutex_unlock(&data->lock);
422 return status;
423}
424
425
426
427
428
429struct kiocb_priv {
430 struct usb_request *req;
431 struct ep_data *epdata;
432 struct kiocb *iocb;
433 struct mm_struct *mm;
434 struct work_struct work;
435 void *buf;
436 struct iov_iter to;
437 const void *to_free;
438 unsigned actual;
439};
440
441static int ep_aio_cancel(struct kiocb *iocb)
442{
443 struct kiocb_priv *priv = iocb->private;
444 struct ep_data *epdata;
445 int value;
446
447 local_irq_disable();
448 epdata = priv->epdata;
449
450 if (likely(epdata && epdata->ep && priv->req))
451 value = usb_ep_dequeue (epdata->ep, priv->req);
452 else
453 value = -EINVAL;
454
455 local_irq_enable();
456
457 return value;
458}
459
460static void ep_user_copy_worker(struct work_struct *work)
461{
462 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
463 struct mm_struct *mm = priv->mm;
464 struct kiocb *iocb = priv->iocb;
465 size_t ret;
466
467 use_mm(mm);
468 ret = copy_to_iter(priv->buf, priv->actual, &priv->to);
469 unuse_mm(mm);
470 if (!ret)
471 ret = -EFAULT;
472
473
474 iocb->ki_complete(iocb, ret, ret);
475
476 kfree(priv->buf);
477 kfree(priv->to_free);
478 kfree(priv);
479}
480
481static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
482{
483 struct kiocb *iocb = req->context;
484 struct kiocb_priv *priv = iocb->private;
485 struct ep_data *epdata = priv->epdata;
486
487
488 spin_lock(&epdata->dev->lock);
489 priv->req = NULL;
490 priv->epdata = NULL;
491
492
493
494
495
496 if (priv->to_free == NULL || unlikely(req->actual == 0)) {
497 kfree(req->buf);
498 kfree(priv->to_free);
499 kfree(priv);
500 iocb->private = NULL;
501
502
503 iocb->ki_complete(iocb, req->actual ? req->actual : req->status,
504 req->status);
505 } else {
506
507 if (unlikely(0 != req->status))
508 DBG(epdata->dev, "%s fault %d len %d\n",
509 ep->name, req->status, req->actual);
510
511 priv->buf = req->buf;
512 priv->actual = req->actual;
513 INIT_WORK(&priv->work, ep_user_copy_worker);
514 schedule_work(&priv->work);
515 }
516 spin_unlock(&epdata->dev->lock);
517
518 usb_ep_free_request(ep, req);
519 put_ep(epdata);
520}
521
522static ssize_t ep_aio(struct kiocb *iocb,
523 struct kiocb_priv *priv,
524 struct ep_data *epdata,
525 char *buf,
526 size_t len)
527{
528 struct usb_request *req;
529 ssize_t value;
530
531 iocb->private = priv;
532 priv->iocb = iocb;
533
534 kiocb_set_cancel_fn(iocb, ep_aio_cancel);
535 get_ep(epdata);
536 priv->epdata = epdata;
537 priv->actual = 0;
538 priv->mm = current->mm;
539
540
541
542
543 spin_lock_irq(&epdata->dev->lock);
544 value = -ENODEV;
545 if (unlikely(epdata->ep == NULL))
546 goto fail;
547
548 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
549 value = -ENOMEM;
550 if (unlikely(!req))
551 goto fail;
552
553 priv->req = req;
554 req->buf = buf;
555 req->length = len;
556 req->complete = ep_aio_complete;
557 req->context = iocb;
558 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
559 if (unlikely(0 != value)) {
560 usb_ep_free_request(epdata->ep, req);
561 goto fail;
562 }
563 spin_unlock_irq(&epdata->dev->lock);
564 return -EIOCBQUEUED;
565
566fail:
567 spin_unlock_irq(&epdata->dev->lock);
568 kfree(priv->to_free);
569 kfree(priv);
570 put_ep(epdata);
571 return value;
572}
573
574static ssize_t
575ep_read_iter(struct kiocb *iocb, struct iov_iter *to)
576{
577 struct file *file = iocb->ki_filp;
578 struct ep_data *epdata = file->private_data;
579 size_t len = iov_iter_count(to);
580 ssize_t value;
581 char *buf;
582
583 if ((value = get_ready_ep(file->f_flags, epdata, false)) < 0)
584 return value;
585
586
587 if (usb_endpoint_dir_in(&epdata->desc)) {
588 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
589 !is_sync_kiocb(iocb)) {
590 mutex_unlock(&epdata->lock);
591 return -EINVAL;
592 }
593 DBG (epdata->dev, "%s halt\n", epdata->name);
594 spin_lock_irq(&epdata->dev->lock);
595 if (likely(epdata->ep != NULL))
596 usb_ep_set_halt(epdata->ep);
597 spin_unlock_irq(&epdata->dev->lock);
598 mutex_unlock(&epdata->lock);
599 return -EBADMSG;
600 }
601
602 buf = kmalloc(len, GFP_KERNEL);
603 if (unlikely(!buf)) {
604 mutex_unlock(&epdata->lock);
605 return -ENOMEM;
606 }
607 if (is_sync_kiocb(iocb)) {
608 value = ep_io(epdata, buf, len);
609 if (value >= 0 && (copy_to_iter(buf, value, to) != value))
610 value = -EFAULT;
611 } else {
612 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
613 value = -ENOMEM;
614 if (!priv)
615 goto fail;
616 priv->to_free = dup_iter(&priv->to, to, GFP_KERNEL);
617 if (!priv->to_free) {
618 kfree(priv);
619 goto fail;
620 }
621 value = ep_aio(iocb, priv, epdata, buf, len);
622 if (value == -EIOCBQUEUED)
623 buf = NULL;
624 }
625fail:
626 kfree(buf);
627 mutex_unlock(&epdata->lock);
628 return value;
629}
630
631static ssize_t ep_config(struct ep_data *, const char *, size_t);
632
633static ssize_t
634ep_write_iter(struct kiocb *iocb, struct iov_iter *from)
635{
636 struct file *file = iocb->ki_filp;
637 struct ep_data *epdata = file->private_data;
638 size_t len = iov_iter_count(from);
639 bool configured;
640 ssize_t value;
641 char *buf;
642
643 if ((value = get_ready_ep(file->f_flags, epdata, true)) < 0)
644 return value;
645
646 configured = epdata->state == STATE_EP_ENABLED;
647
648
649 if (configured && !usb_endpoint_dir_in(&epdata->desc)) {
650 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
651 !is_sync_kiocb(iocb)) {
652 mutex_unlock(&epdata->lock);
653 return -EINVAL;
654 }
655 DBG (epdata->dev, "%s halt\n", epdata->name);
656 spin_lock_irq(&epdata->dev->lock);
657 if (likely(epdata->ep != NULL))
658 usb_ep_set_halt(epdata->ep);
659 spin_unlock_irq(&epdata->dev->lock);
660 mutex_unlock(&epdata->lock);
661 return -EBADMSG;
662 }
663
664 buf = kmalloc(len, GFP_KERNEL);
665 if (unlikely(!buf)) {
666 mutex_unlock(&epdata->lock);
667 return -ENOMEM;
668 }
669
670 if (unlikely(!copy_from_iter_full(buf, len, from))) {
671 value = -EFAULT;
672 goto out;
673 }
674
675 if (unlikely(!configured)) {
676 value = ep_config(epdata, buf, len);
677 } else if (is_sync_kiocb(iocb)) {
678 value = ep_io(epdata, buf, len);
679 } else {
680 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
681 value = -ENOMEM;
682 if (priv) {
683 value = ep_aio(iocb, priv, epdata, buf, len);
684 if (value == -EIOCBQUEUED)
685 buf = NULL;
686 }
687 }
688out:
689 kfree(buf);
690 mutex_unlock(&epdata->lock);
691 return value;
692}
693
694
695
696
697static const struct file_operations ep_io_operations = {
698 .owner = THIS_MODULE,
699
700 .open = ep_open,
701 .release = ep_release,
702 .llseek = no_llseek,
703 .unlocked_ioctl = ep_ioctl,
704 .read_iter = ep_read_iter,
705 .write_iter = ep_write_iter,
706};
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721static ssize_t
722ep_config (struct ep_data *data, const char *buf, size_t len)
723{
724 struct usb_ep *ep;
725 u32 tag;
726 int value, length = len;
727
728 if (data->state != STATE_EP_READY) {
729 value = -EL2HLT;
730 goto fail;
731 }
732
733 value = len;
734 if (len < USB_DT_ENDPOINT_SIZE + 4)
735 goto fail0;
736
737
738 memcpy(&tag, buf, 4);
739 if (tag != 1) {
740 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
741 goto fail0;
742 }
743 buf += 4;
744 len -= 4;
745
746
747
748
749
750
751 memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE);
752 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
753 || data->desc.bDescriptorType != USB_DT_ENDPOINT)
754 goto fail0;
755 if (len != USB_DT_ENDPOINT_SIZE) {
756 if (len != 2 * USB_DT_ENDPOINT_SIZE)
757 goto fail0;
758 memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
759 USB_DT_ENDPOINT_SIZE);
760 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
761 || data->hs_desc.bDescriptorType
762 != USB_DT_ENDPOINT) {
763 DBG(data->dev, "config %s, bad hs length or type\n",
764 data->name);
765 goto fail0;
766 }
767 }
768
769 spin_lock_irq (&data->dev->lock);
770 if (data->dev->state == STATE_DEV_UNBOUND) {
771 value = -ENOENT;
772 goto gone;
773 } else {
774 ep = data->ep;
775 if (ep == NULL) {
776 value = -ENODEV;
777 goto gone;
778 }
779 }
780 switch (data->dev->gadget->speed) {
781 case USB_SPEED_LOW:
782 case USB_SPEED_FULL:
783 ep->desc = &data->desc;
784 break;
785 case USB_SPEED_HIGH:
786
787 ep->desc = &data->hs_desc;
788 break;
789 default:
790 DBG(data->dev, "unconnected, %s init abandoned\n",
791 data->name);
792 value = -EINVAL;
793 goto gone;
794 }
795 value = usb_ep_enable(ep);
796 if (value == 0) {
797 data->state = STATE_EP_ENABLED;
798 value = length;
799 }
800gone:
801 spin_unlock_irq (&data->dev->lock);
802 if (value < 0) {
803fail:
804 data->desc.bDescriptorType = 0;
805 data->hs_desc.bDescriptorType = 0;
806 }
807 return value;
808fail0:
809 value = -EINVAL;
810 goto fail;
811}
812
813static int
814ep_open (struct inode *inode, struct file *fd)
815{
816 struct ep_data *data = inode->i_private;
817 int value = -EBUSY;
818
819 if (mutex_lock_interruptible(&data->lock) != 0)
820 return -EINTR;
821 spin_lock_irq (&data->dev->lock);
822 if (data->dev->state == STATE_DEV_UNBOUND)
823 value = -ENOENT;
824 else if (data->state == STATE_EP_DISABLED) {
825 value = 0;
826 data->state = STATE_EP_READY;
827 get_ep (data);
828 fd->private_data = data;
829 VDEBUG (data->dev, "%s ready\n", data->name);
830 } else
831 DBG (data->dev, "%s state %d\n",
832 data->name, data->state);
833 spin_unlock_irq (&data->dev->lock);
834 mutex_unlock(&data->lock);
835 return value;
836}
837
838
839
840
841
842
843
844
845
846
847static inline void ep0_readable (struct dev_data *dev)
848{
849 wake_up (&dev->wait);
850 kill_fasync (&dev->fasync, SIGIO, POLL_IN);
851}
852
853static void clean_req (struct usb_ep *ep, struct usb_request *req)
854{
855 struct dev_data *dev = ep->driver_data;
856
857 if (req->buf != dev->rbuf) {
858 kfree(req->buf);
859 req->buf = dev->rbuf;
860 }
861 req->complete = epio_complete;
862 dev->setup_out_ready = 0;
863}
864
865static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
866{
867 struct dev_data *dev = ep->driver_data;
868 unsigned long flags;
869 int free = 1;
870
871
872 spin_lock_irqsave(&dev->lock, flags);
873 if (!dev->setup_in) {
874 dev->setup_out_error = (req->status != 0);
875 if (!dev->setup_out_error)
876 free = 0;
877 dev->setup_out_ready = 1;
878 ep0_readable (dev);
879 }
880
881
882 if (free && req->buf != &dev->rbuf)
883 clean_req (ep, req);
884 req->complete = epio_complete;
885 spin_unlock_irqrestore(&dev->lock, flags);
886}
887
888static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
889{
890 struct dev_data *dev = ep->driver_data;
891
892 if (dev->setup_out_ready) {
893 DBG (dev, "ep0 request busy!\n");
894 return -EBUSY;
895 }
896 if (len > sizeof (dev->rbuf))
897 req->buf = kmalloc(len, GFP_ATOMIC);
898 if (req->buf == NULL) {
899 req->buf = dev->rbuf;
900 return -ENOMEM;
901 }
902 req->complete = ep0_complete;
903 req->length = len;
904 req->zero = 0;
905 return 0;
906}
907
908static ssize_t
909ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
910{
911 struct dev_data *dev = fd->private_data;
912 ssize_t retval;
913 enum ep0_state state;
914
915 spin_lock_irq (&dev->lock);
916 if (dev->state <= STATE_DEV_OPENED) {
917 retval = -EINVAL;
918 goto done;
919 }
920
921
922 if (dev->setup_abort) {
923 dev->setup_abort = 0;
924 retval = -EIDRM;
925 goto done;
926 }
927
928
929 if ((state = dev->state) == STATE_DEV_SETUP) {
930
931 if (dev->setup_in) {
932 VDEBUG(dev, "ep0in stall\n");
933 (void) usb_ep_set_halt (dev->gadget->ep0);
934 retval = -EL2HLT;
935 dev->state = STATE_DEV_CONNECTED;
936
937 } else if (len == 0) {
938 struct usb_ep *ep = dev->gadget->ep0;
939 struct usb_request *req = dev->req;
940
941 if ((retval = setup_req (ep, req, 0)) == 0) {
942 spin_unlock_irq (&dev->lock);
943 retval = usb_ep_queue (ep, req, GFP_KERNEL);
944 spin_lock_irq (&dev->lock);
945 }
946 dev->state = STATE_DEV_CONNECTED;
947
948
949 if (dev->current_config) {
950 unsigned power;
951
952 if (gadget_is_dualspeed(dev->gadget)
953 && (dev->gadget->speed
954 == USB_SPEED_HIGH))
955 power = dev->hs_config->bMaxPower;
956 else
957 power = dev->config->bMaxPower;
958 usb_gadget_vbus_draw(dev->gadget, 2 * power);
959 }
960
961 } else {
962 if ((fd->f_flags & O_NONBLOCK) != 0
963 && !dev->setup_out_ready) {
964 retval = -EAGAIN;
965 goto done;
966 }
967 spin_unlock_irq (&dev->lock);
968 retval = wait_event_interruptible (dev->wait,
969 dev->setup_out_ready != 0);
970
971
972 spin_lock_irq (&dev->lock);
973 if (retval)
974 goto done;
975
976 if (dev->state != STATE_DEV_SETUP) {
977 retval = -ECANCELED;
978 goto done;
979 }
980 dev->state = STATE_DEV_CONNECTED;
981
982 if (dev->setup_out_error)
983 retval = -EIO;
984 else {
985 len = min (len, (size_t)dev->req->actual);
986
987 if (copy_to_user (buf, dev->req->buf, len))
988 retval = -EFAULT;
989 else
990 retval = len;
991 clean_req (dev->gadget->ep0, dev->req);
992
993 }
994 }
995 goto done;
996 }
997
998
999 if (len < sizeof dev->event [0]) {
1000 retval = -EINVAL;
1001 goto done;
1002 }
1003 len -= len % sizeof (struct usb_gadgetfs_event);
1004 dev->usermode_setup = 1;
1005
1006scan:
1007
1008 if (dev->ev_next != 0) {
1009 unsigned i, n;
1010
1011 n = len / sizeof (struct usb_gadgetfs_event);
1012 if (dev->ev_next < n)
1013 n = dev->ev_next;
1014
1015
1016 for (i = 0; i < n; i++) {
1017 if (dev->event [i].type == GADGETFS_SETUP) {
1018 dev->state = STATE_DEV_SETUP;
1019 n = i + 1;
1020 break;
1021 }
1022 }
1023 spin_unlock_irq (&dev->lock);
1024 len = n * sizeof (struct usb_gadgetfs_event);
1025 if (copy_to_user (buf, &dev->event, len))
1026 retval = -EFAULT;
1027 else
1028 retval = len;
1029 if (len > 0) {
1030
1031
1032
1033 spin_lock_irq (&dev->lock);
1034 if (dev->ev_next > n) {
1035 memmove(&dev->event[0], &dev->event[n],
1036 sizeof (struct usb_gadgetfs_event)
1037 * (dev->ev_next - n));
1038 }
1039 dev->ev_next -= n;
1040 spin_unlock_irq (&dev->lock);
1041 }
1042 return retval;
1043 }
1044 if (fd->f_flags & O_NONBLOCK) {
1045 retval = -EAGAIN;
1046 goto done;
1047 }
1048
1049 switch (state) {
1050 default:
1051 DBG (dev, "fail %s, state %d\n", __func__, state);
1052 retval = -ESRCH;
1053 break;
1054 case STATE_DEV_UNCONNECTED:
1055 case STATE_DEV_CONNECTED:
1056 spin_unlock_irq (&dev->lock);
1057 DBG (dev, "%s wait\n", __func__);
1058
1059
1060 retval = wait_event_interruptible (dev->wait,
1061 dev->ev_next != 0);
1062 if (retval < 0)
1063 return retval;
1064 spin_lock_irq (&dev->lock);
1065 goto scan;
1066 }
1067
1068done:
1069 spin_unlock_irq (&dev->lock);
1070 return retval;
1071}
1072
1073static struct usb_gadgetfs_event *
1074next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1075{
1076 struct usb_gadgetfs_event *event;
1077 unsigned i;
1078
1079 switch (type) {
1080
1081 case GADGETFS_DISCONNECT:
1082 if (dev->state == STATE_DEV_SETUP)
1083 dev->setup_abort = 1;
1084
1085 case GADGETFS_CONNECT:
1086 dev->ev_next = 0;
1087 break;
1088 case GADGETFS_SETUP:
1089 case GADGETFS_SUSPEND:
1090
1091 for (i = 0; i != dev->ev_next; i++) {
1092 if (dev->event [i].type != type)
1093 continue;
1094 DBG(dev, "discard old event[%d] %d\n", i, type);
1095 dev->ev_next--;
1096 if (i == dev->ev_next)
1097 break;
1098
1099 memmove (&dev->event [i], &dev->event [i + 1],
1100 sizeof (struct usb_gadgetfs_event)
1101 * (dev->ev_next - i));
1102 }
1103 break;
1104 default:
1105 BUG ();
1106 }
1107 VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1108 event = &dev->event [dev->ev_next++];
1109 BUG_ON (dev->ev_next > N_EVENT);
1110 memset (event, 0, sizeof *event);
1111 event->type = type;
1112 return event;
1113}
1114
1115static ssize_t
1116ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1117{
1118 struct dev_data *dev = fd->private_data;
1119 ssize_t retval = -ESRCH;
1120
1121
1122 if (dev->setup_abort) {
1123 dev->setup_abort = 0;
1124 retval = -EIDRM;
1125
1126
1127 } else if (dev->state == STATE_DEV_SETUP) {
1128
1129 len = min_t(size_t, len, dev->setup_wLength);
1130 if (dev->setup_in) {
1131 retval = setup_req (dev->gadget->ep0, dev->req, len);
1132 if (retval == 0) {
1133 dev->state = STATE_DEV_CONNECTED;
1134 spin_unlock_irq (&dev->lock);
1135 if (copy_from_user (dev->req->buf, buf, len))
1136 retval = -EFAULT;
1137 else {
1138 if (len < dev->setup_wLength)
1139 dev->req->zero = 1;
1140 retval = usb_ep_queue (
1141 dev->gadget->ep0, dev->req,
1142 GFP_KERNEL);
1143 }
1144 spin_lock_irq(&dev->lock);
1145 if (retval < 0) {
1146 clean_req (dev->gadget->ep0, dev->req);
1147 } else
1148 retval = len;
1149
1150 return retval;
1151 }
1152
1153
1154 } else if (dev->setup_can_stall) {
1155 VDEBUG(dev, "ep0out stall\n");
1156 (void) usb_ep_set_halt (dev->gadget->ep0);
1157 retval = -EL2HLT;
1158 dev->state = STATE_DEV_CONNECTED;
1159 } else {
1160 DBG(dev, "bogus ep0out stall!\n");
1161 }
1162 } else
1163 DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1164
1165 return retval;
1166}
1167
1168static int
1169ep0_fasync (int f, struct file *fd, int on)
1170{
1171 struct dev_data *dev = fd->private_data;
1172
1173 VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1174 return fasync_helper (f, fd, on, &dev->fasync);
1175}
1176
1177static struct usb_gadget_driver gadgetfs_driver;
1178
1179static int
1180dev_release (struct inode *inode, struct file *fd)
1181{
1182 struct dev_data *dev = fd->private_data;
1183
1184
1185
1186 if (dev->gadget_registered)
1187 usb_gadget_unregister_driver (&gadgetfs_driver);
1188
1189
1190
1191
1192
1193
1194 kfree (dev->buf);
1195 dev->buf = NULL;
1196
1197
1198 spin_lock_irq(&dev->lock);
1199 dev->state = STATE_DEV_DISABLED;
1200 spin_unlock_irq(&dev->lock);
1201
1202 put_dev (dev);
1203 return 0;
1204}
1205
1206static unsigned int
1207ep0_poll (struct file *fd, poll_table *wait)
1208{
1209 struct dev_data *dev = fd->private_data;
1210 int mask = 0;
1211
1212 if (dev->state <= STATE_DEV_OPENED)
1213 return DEFAULT_POLLMASK;
1214
1215 poll_wait(fd, &dev->wait, wait);
1216
1217 spin_lock_irq (&dev->lock);
1218
1219
1220 if (dev->setup_abort) {
1221 dev->setup_abort = 0;
1222 mask = POLLHUP;
1223 goto out;
1224 }
1225
1226 if (dev->state == STATE_DEV_SETUP) {
1227 if (dev->setup_in || dev->setup_can_stall)
1228 mask = POLLOUT;
1229 } else {
1230 if (dev->ev_next != 0)
1231 mask = POLLIN;
1232 }
1233out:
1234 spin_unlock_irq(&dev->lock);
1235 return mask;
1236}
1237
1238static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1239{
1240 struct dev_data *dev = fd->private_data;
1241 struct usb_gadget *gadget = dev->gadget;
1242 long ret = -ENOTTY;
1243
1244 if (gadget->ops->ioctl)
1245 ret = gadget->ops->ioctl (gadget, code, value);
1246
1247 return ret;
1248}
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258static void make_qualifier (struct dev_data *dev)
1259{
1260 struct usb_qualifier_descriptor qual;
1261 struct usb_device_descriptor *desc;
1262
1263 qual.bLength = sizeof qual;
1264 qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1265 qual.bcdUSB = cpu_to_le16 (0x0200);
1266
1267 desc = dev->dev;
1268 qual.bDeviceClass = desc->bDeviceClass;
1269 qual.bDeviceSubClass = desc->bDeviceSubClass;
1270 qual.bDeviceProtocol = desc->bDeviceProtocol;
1271
1272
1273 qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1274
1275 qual.bNumConfigurations = 1;
1276 qual.bRESERVED = 0;
1277
1278 memcpy (dev->rbuf, &qual, sizeof qual);
1279}
1280
1281static int
1282config_buf (struct dev_data *dev, u8 type, unsigned index)
1283{
1284 int len;
1285 int hs = 0;
1286
1287
1288 if (index > 0)
1289 return -EINVAL;
1290
1291 if (gadget_is_dualspeed(dev->gadget)) {
1292 hs = (dev->gadget->speed == USB_SPEED_HIGH);
1293 if (type == USB_DT_OTHER_SPEED_CONFIG)
1294 hs = !hs;
1295 }
1296 if (hs) {
1297 dev->req->buf = dev->hs_config;
1298 len = le16_to_cpu(dev->hs_config->wTotalLength);
1299 } else {
1300 dev->req->buf = dev->config;
1301 len = le16_to_cpu(dev->config->wTotalLength);
1302 }
1303 ((u8 *)dev->req->buf) [1] = type;
1304 return len;
1305}
1306
1307static int
1308gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1309{
1310 struct dev_data *dev = get_gadget_data (gadget);
1311 struct usb_request *req = dev->req;
1312 int value = -EOPNOTSUPP;
1313 struct usb_gadgetfs_event *event;
1314 u16 w_value = le16_to_cpu(ctrl->wValue);
1315 u16 w_length = le16_to_cpu(ctrl->wLength);
1316
1317 spin_lock (&dev->lock);
1318 dev->setup_abort = 0;
1319 if (dev->state == STATE_DEV_UNCONNECTED) {
1320 if (gadget_is_dualspeed(gadget)
1321 && gadget->speed == USB_SPEED_HIGH
1322 && dev->hs_config == NULL) {
1323 spin_unlock(&dev->lock);
1324 ERROR (dev, "no high speed config??\n");
1325 return -EINVAL;
1326 }
1327
1328 dev->state = STATE_DEV_CONNECTED;
1329
1330 INFO (dev, "connected\n");
1331 event = next_event (dev, GADGETFS_CONNECT);
1332 event->u.speed = gadget->speed;
1333 ep0_readable (dev);
1334
1335
1336
1337
1338
1339
1340 } else if (dev->state == STATE_DEV_SETUP)
1341 dev->setup_abort = 1;
1342
1343 req->buf = dev->rbuf;
1344 req->context = NULL;
1345 value = -EOPNOTSUPP;
1346 switch (ctrl->bRequest) {
1347
1348 case USB_REQ_GET_DESCRIPTOR:
1349 if (ctrl->bRequestType != USB_DIR_IN)
1350 goto unrecognized;
1351 switch (w_value >> 8) {
1352
1353 case USB_DT_DEVICE:
1354 value = min (w_length, (u16) sizeof *dev->dev);
1355 dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1356 req->buf = dev->dev;
1357 break;
1358 case USB_DT_DEVICE_QUALIFIER:
1359 if (!dev->hs_config)
1360 break;
1361 value = min (w_length, (u16)
1362 sizeof (struct usb_qualifier_descriptor));
1363 make_qualifier (dev);
1364 break;
1365 case USB_DT_OTHER_SPEED_CONFIG:
1366
1367 case USB_DT_CONFIG:
1368 value = config_buf (dev,
1369 w_value >> 8,
1370 w_value & 0xff);
1371 if (value >= 0)
1372 value = min (w_length, (u16) value);
1373 break;
1374 case USB_DT_STRING:
1375 goto unrecognized;
1376
1377 default:
1378 break;
1379 }
1380 break;
1381
1382
1383 case USB_REQ_SET_CONFIGURATION:
1384 if (ctrl->bRequestType != 0)
1385 goto unrecognized;
1386 if (0 == (u8) w_value) {
1387 value = 0;
1388 dev->current_config = 0;
1389 usb_gadget_vbus_draw(gadget, 8 );
1390
1391 } else {
1392 u8 config, power;
1393
1394 if (gadget_is_dualspeed(gadget)
1395 && gadget->speed == USB_SPEED_HIGH) {
1396 config = dev->hs_config->bConfigurationValue;
1397 power = dev->hs_config->bMaxPower;
1398 } else {
1399 config = dev->config->bConfigurationValue;
1400 power = dev->config->bMaxPower;
1401 }
1402
1403 if (config == (u8) w_value) {
1404 value = 0;
1405 dev->current_config = config;
1406 usb_gadget_vbus_draw(gadget, 2 * power);
1407 }
1408 }
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419 if (value == 0) {
1420 INFO (dev, "configuration #%d\n", dev->current_config);
1421 usb_gadget_set_state(gadget, USB_STATE_CONFIGURED);
1422 if (dev->usermode_setup) {
1423 dev->setup_can_stall = 0;
1424 goto delegate;
1425 }
1426 }
1427 break;
1428
1429#ifndef CONFIG_USB_PXA25X
1430
1431 case USB_REQ_GET_CONFIGURATION:
1432 if (ctrl->bRequestType != 0x80)
1433 goto unrecognized;
1434 *(u8 *)req->buf = dev->current_config;
1435 value = min (w_length, (u16) 1);
1436 break;
1437#endif
1438
1439 default:
1440unrecognized:
1441 VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1442 dev->usermode_setup ? "delegate" : "fail",
1443 ctrl->bRequestType, ctrl->bRequest,
1444 w_value, le16_to_cpu(ctrl->wIndex), w_length);
1445
1446
1447 if (dev->usermode_setup) {
1448 dev->setup_can_stall = 1;
1449delegate:
1450 dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1451 ? 1 : 0;
1452 dev->setup_wLength = w_length;
1453 dev->setup_out_ready = 0;
1454 dev->setup_out_error = 0;
1455 value = 0;
1456
1457
1458 if (unlikely (!dev->setup_in && w_length)) {
1459 value = setup_req (gadget->ep0, dev->req,
1460 w_length);
1461 if (value < 0)
1462 break;
1463
1464 spin_unlock (&dev->lock);
1465 value = usb_ep_queue (gadget->ep0, dev->req,
1466 GFP_KERNEL);
1467 spin_lock (&dev->lock);
1468 if (value < 0) {
1469 clean_req (gadget->ep0, dev->req);
1470 break;
1471 }
1472
1473
1474 dev->setup_can_stall = 0;
1475 }
1476
1477
1478 event = next_event (dev, GADGETFS_SETUP);
1479 event->u.setup = *ctrl;
1480 ep0_readable (dev);
1481 spin_unlock (&dev->lock);
1482 return 0;
1483 }
1484 }
1485
1486
1487 if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1488 req->length = value;
1489 req->zero = value < w_length;
1490
1491 spin_unlock (&dev->lock);
1492 value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
1493 if (value < 0) {
1494 DBG (dev, "ep_queue --> %d\n", value);
1495 req->status = 0;
1496 }
1497 return value;
1498 }
1499
1500
1501 spin_unlock (&dev->lock);
1502 return value;
1503}
1504
1505static void destroy_ep_files (struct dev_data *dev)
1506{
1507 DBG (dev, "%s %d\n", __func__, dev->state);
1508
1509
1510 spin_lock_irq (&dev->lock);
1511 while (!list_empty(&dev->epfiles)) {
1512 struct ep_data *ep;
1513 struct inode *parent;
1514 struct dentry *dentry;
1515
1516
1517 ep = list_first_entry (&dev->epfiles, struct ep_data, epfiles);
1518 list_del_init (&ep->epfiles);
1519 dentry = ep->dentry;
1520 ep->dentry = NULL;
1521 parent = d_inode(dentry->d_parent);
1522
1523
1524 if (ep->state == STATE_EP_ENABLED)
1525 (void) usb_ep_disable (ep->ep);
1526 ep->state = STATE_EP_UNBOUND;
1527 usb_ep_free_request (ep->ep, ep->req);
1528 ep->ep = NULL;
1529 wake_up (&ep->wait);
1530 put_ep (ep);
1531
1532 spin_unlock_irq (&dev->lock);
1533
1534
1535 inode_lock(parent);
1536 d_delete (dentry);
1537 dput (dentry);
1538 inode_unlock(parent);
1539
1540 spin_lock_irq (&dev->lock);
1541 }
1542 spin_unlock_irq (&dev->lock);
1543}
1544
1545
1546static struct dentry *
1547gadgetfs_create_file (struct super_block *sb, char const *name,
1548 void *data, const struct file_operations *fops);
1549
1550static int activate_ep_files (struct dev_data *dev)
1551{
1552 struct usb_ep *ep;
1553 struct ep_data *data;
1554
1555 gadget_for_each_ep (ep, dev->gadget) {
1556
1557 data = kzalloc(sizeof(*data), GFP_KERNEL);
1558 if (!data)
1559 goto enomem0;
1560 data->state = STATE_EP_DISABLED;
1561 mutex_init(&data->lock);
1562 init_waitqueue_head (&data->wait);
1563
1564 strncpy (data->name, ep->name, sizeof (data->name) - 1);
1565 atomic_set (&data->count, 1);
1566 data->dev = dev;
1567 get_dev (dev);
1568
1569 data->ep = ep;
1570 ep->driver_data = data;
1571
1572 data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1573 if (!data->req)
1574 goto enomem1;
1575
1576 data->dentry = gadgetfs_create_file (dev->sb, data->name,
1577 data, &ep_io_operations);
1578 if (!data->dentry)
1579 goto enomem2;
1580 list_add_tail (&data->epfiles, &dev->epfiles);
1581 }
1582 return 0;
1583
1584enomem2:
1585 usb_ep_free_request (ep, data->req);
1586enomem1:
1587 put_dev (dev);
1588 kfree (data);
1589enomem0:
1590 DBG (dev, "%s enomem\n", __func__);
1591 destroy_ep_files (dev);
1592 return -ENOMEM;
1593}
1594
1595static void
1596gadgetfs_unbind (struct usb_gadget *gadget)
1597{
1598 struct dev_data *dev = get_gadget_data (gadget);
1599
1600 DBG (dev, "%s\n", __func__);
1601
1602 spin_lock_irq (&dev->lock);
1603 dev->state = STATE_DEV_UNBOUND;
1604 spin_unlock_irq (&dev->lock);
1605
1606 destroy_ep_files (dev);
1607 gadget->ep0->driver_data = NULL;
1608 set_gadget_data (gadget, NULL);
1609
1610
1611 if (dev->req)
1612 usb_ep_free_request (gadget->ep0, dev->req);
1613 DBG (dev, "%s done\n", __func__);
1614 put_dev (dev);
1615}
1616
1617static struct dev_data *the_device;
1618
1619static int gadgetfs_bind(struct usb_gadget *gadget,
1620 struct usb_gadget_driver *driver)
1621{
1622 struct dev_data *dev = the_device;
1623
1624 if (!dev)
1625 return -ESRCH;
1626 if (0 != strcmp (CHIP, gadget->name)) {
1627 pr_err("%s expected %s controller not %s\n",
1628 shortname, CHIP, gadget->name);
1629 return -ENODEV;
1630 }
1631
1632 set_gadget_data (gadget, dev);
1633 dev->gadget = gadget;
1634 gadget->ep0->driver_data = dev;
1635
1636
1637 dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1638 if (!dev->req)
1639 goto enomem;
1640 dev->req->context = NULL;
1641 dev->req->complete = epio_complete;
1642
1643 if (activate_ep_files (dev) < 0)
1644 goto enomem;
1645
1646 INFO (dev, "bound to %s driver\n", gadget->name);
1647 spin_lock_irq(&dev->lock);
1648 dev->state = STATE_DEV_UNCONNECTED;
1649 spin_unlock_irq(&dev->lock);
1650 get_dev (dev);
1651 return 0;
1652
1653enomem:
1654 gadgetfs_unbind (gadget);
1655 return -ENOMEM;
1656}
1657
1658static void
1659gadgetfs_disconnect (struct usb_gadget *gadget)
1660{
1661 struct dev_data *dev = get_gadget_data (gadget);
1662 unsigned long flags;
1663
1664 spin_lock_irqsave (&dev->lock, flags);
1665 if (dev->state == STATE_DEV_UNCONNECTED)
1666 goto exit;
1667 dev->state = STATE_DEV_UNCONNECTED;
1668
1669 INFO (dev, "disconnected\n");
1670 next_event (dev, GADGETFS_DISCONNECT);
1671 ep0_readable (dev);
1672exit:
1673 spin_unlock_irqrestore (&dev->lock, flags);
1674}
1675
1676static void
1677gadgetfs_suspend (struct usb_gadget *gadget)
1678{
1679 struct dev_data *dev = get_gadget_data (gadget);
1680
1681 INFO (dev, "suspended from state %d\n", dev->state);
1682 spin_lock (&dev->lock);
1683 switch (dev->state) {
1684 case STATE_DEV_SETUP:
1685 case STATE_DEV_CONNECTED:
1686 case STATE_DEV_UNCONNECTED:
1687 next_event (dev, GADGETFS_SUSPEND);
1688 ep0_readable (dev);
1689
1690 default:
1691 break;
1692 }
1693 spin_unlock (&dev->lock);
1694}
1695
1696static struct usb_gadget_driver gadgetfs_driver = {
1697 .function = (char *) driver_desc,
1698 .bind = gadgetfs_bind,
1699 .unbind = gadgetfs_unbind,
1700 .setup = gadgetfs_setup,
1701 .reset = gadgetfs_disconnect,
1702 .disconnect = gadgetfs_disconnect,
1703 .suspend = gadgetfs_suspend,
1704
1705 .driver = {
1706 .name = (char *) shortname,
1707 },
1708};
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737static int is_valid_config(struct usb_config_descriptor *config,
1738 unsigned int total)
1739{
1740 return config->bDescriptorType == USB_DT_CONFIG
1741 && config->bLength == USB_DT_CONFIG_SIZE
1742 && total >= USB_DT_CONFIG_SIZE
1743 && config->bConfigurationValue != 0
1744 && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1745 && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1746
1747
1748}
1749
1750static ssize_t
1751dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1752{
1753 struct dev_data *dev = fd->private_data;
1754 ssize_t value = len, length = len;
1755 unsigned total;
1756 u32 tag;
1757 char *kbuf;
1758
1759 spin_lock_irq(&dev->lock);
1760 if (dev->state > STATE_DEV_OPENED) {
1761 value = ep0_write(fd, buf, len, ptr);
1762 spin_unlock_irq(&dev->lock);
1763 return value;
1764 }
1765 spin_unlock_irq(&dev->lock);
1766
1767 if ((len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) ||
1768 (len > PAGE_SIZE * 4))
1769 return -EINVAL;
1770
1771
1772 if (copy_from_user (&tag, buf, 4))
1773 return -EFAULT;
1774 if (tag != 0)
1775 return -EINVAL;
1776 buf += 4;
1777 length -= 4;
1778
1779 kbuf = memdup_user(buf, length);
1780 if (IS_ERR(kbuf))
1781 return PTR_ERR(kbuf);
1782
1783 spin_lock_irq (&dev->lock);
1784 value = -EINVAL;
1785 if (dev->buf)
1786 goto fail;
1787 dev->buf = kbuf;
1788
1789
1790 dev->config = (void *) kbuf;
1791 total = le16_to_cpu(dev->config->wTotalLength);
1792 if (!is_valid_config(dev->config, total) ||
1793 total > length - USB_DT_DEVICE_SIZE)
1794 goto fail;
1795 kbuf += total;
1796 length -= total;
1797
1798
1799 if (kbuf [1] == USB_DT_CONFIG) {
1800 dev->hs_config = (void *) kbuf;
1801 total = le16_to_cpu(dev->hs_config->wTotalLength);
1802 if (!is_valid_config(dev->hs_config, total) ||
1803 total > length - USB_DT_DEVICE_SIZE)
1804 goto fail;
1805 kbuf += total;
1806 length -= total;
1807 } else {
1808 dev->hs_config = NULL;
1809 }
1810
1811
1812
1813
1814 if (length != USB_DT_DEVICE_SIZE)
1815 goto fail;
1816 dev->dev = (void *)kbuf;
1817 if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1818 || dev->dev->bDescriptorType != USB_DT_DEVICE
1819 || dev->dev->bNumConfigurations != 1)
1820 goto fail;
1821 dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1822
1823
1824 spin_unlock_irq (&dev->lock);
1825 if (dev->hs_config)
1826 gadgetfs_driver.max_speed = USB_SPEED_HIGH;
1827 else
1828 gadgetfs_driver.max_speed = USB_SPEED_FULL;
1829
1830 value = usb_gadget_probe_driver(&gadgetfs_driver);
1831 if (value != 0) {
1832 kfree (dev->buf);
1833 dev->buf = NULL;
1834 } else {
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844 value = len;
1845 dev->gadget_registered = true;
1846 }
1847 return value;
1848
1849fail:
1850 spin_unlock_irq (&dev->lock);
1851 pr_debug ("%s: %s fail %Zd, %p\n", shortname, __func__, value, dev);
1852 kfree (dev->buf);
1853 dev->buf = NULL;
1854 return value;
1855}
1856
1857static int
1858dev_open (struct inode *inode, struct file *fd)
1859{
1860 struct dev_data *dev = inode->i_private;
1861 int value = -EBUSY;
1862
1863 spin_lock_irq(&dev->lock);
1864 if (dev->state == STATE_DEV_DISABLED) {
1865 dev->ev_next = 0;
1866 dev->state = STATE_DEV_OPENED;
1867 fd->private_data = dev;
1868 get_dev (dev);
1869 value = 0;
1870 }
1871 spin_unlock_irq(&dev->lock);
1872 return value;
1873}
1874
1875static const struct file_operations ep0_operations = {
1876 .llseek = no_llseek,
1877
1878 .open = dev_open,
1879 .read = ep0_read,
1880 .write = dev_config,
1881 .fasync = ep0_fasync,
1882 .poll = ep0_poll,
1883 .unlocked_ioctl = dev_ioctl,
1884 .release = dev_release,
1885};
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900static unsigned default_uid;
1901static unsigned default_gid;
1902static unsigned default_perm = S_IRUSR | S_IWUSR;
1903
1904module_param (default_uid, uint, 0644);
1905module_param (default_gid, uint, 0644);
1906module_param (default_perm, uint, 0644);
1907
1908
1909static struct inode *
1910gadgetfs_make_inode (struct super_block *sb,
1911 void *data, const struct file_operations *fops,
1912 int mode)
1913{
1914 struct inode *inode = new_inode (sb);
1915
1916 if (inode) {
1917 inode->i_ino = get_next_ino();
1918 inode->i_mode = mode;
1919 inode->i_uid = make_kuid(&init_user_ns, default_uid);
1920 inode->i_gid = make_kgid(&init_user_ns, default_gid);
1921 inode->i_atime = inode->i_mtime = inode->i_ctime
1922 = current_time(inode);
1923 inode->i_private = data;
1924 inode->i_fop = fops;
1925 }
1926 return inode;
1927}
1928
1929
1930
1931
1932static struct dentry *
1933gadgetfs_create_file (struct super_block *sb, char const *name,
1934 void *data, const struct file_operations *fops)
1935{
1936 struct dentry *dentry;
1937 struct inode *inode;
1938
1939 dentry = d_alloc_name(sb->s_root, name);
1940 if (!dentry)
1941 return NULL;
1942
1943 inode = gadgetfs_make_inode (sb, data, fops,
1944 S_IFREG | (default_perm & S_IRWXUGO));
1945 if (!inode) {
1946 dput(dentry);
1947 return NULL;
1948 }
1949 d_add (dentry, inode);
1950 return dentry;
1951}
1952
1953static const struct super_operations gadget_fs_operations = {
1954 .statfs = simple_statfs,
1955 .drop_inode = generic_delete_inode,
1956};
1957
1958static int
1959gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
1960{
1961 struct inode *inode;
1962 struct dev_data *dev;
1963
1964 if (the_device)
1965 return -ESRCH;
1966
1967 CHIP = usb_get_gadget_udc_name();
1968 if (!CHIP)
1969 return -ENODEV;
1970
1971
1972 sb->s_blocksize = PAGE_SIZE;
1973 sb->s_blocksize_bits = PAGE_SHIFT;
1974 sb->s_magic = GADGETFS_MAGIC;
1975 sb->s_op = &gadget_fs_operations;
1976 sb->s_time_gran = 1;
1977
1978
1979 inode = gadgetfs_make_inode (sb,
1980 NULL, &simple_dir_operations,
1981 S_IFDIR | S_IRUGO | S_IXUGO);
1982 if (!inode)
1983 goto Enomem;
1984 inode->i_op = &simple_dir_inode_operations;
1985 if (!(sb->s_root = d_make_root (inode)))
1986 goto Enomem;
1987
1988
1989
1990
1991 dev = dev_new ();
1992 if (!dev)
1993 goto Enomem;
1994
1995 dev->sb = sb;
1996 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations);
1997 if (!dev->dentry) {
1998 put_dev(dev);
1999 goto Enomem;
2000 }
2001
2002
2003
2004
2005 the_device = dev;
2006 return 0;
2007
2008Enomem:
2009 return -ENOMEM;
2010}
2011
2012
2013static struct dentry *
2014gadgetfs_mount (struct file_system_type *t, int flags,
2015 const char *path, void *opts)
2016{
2017 return mount_single (t, flags, opts, gadgetfs_fill_super);
2018}
2019
2020static void
2021gadgetfs_kill_sb (struct super_block *sb)
2022{
2023 kill_litter_super (sb);
2024 if (the_device) {
2025 put_dev (the_device);
2026 the_device = NULL;
2027 }
2028 kfree(CHIP);
2029 CHIP = NULL;
2030}
2031
2032
2033
2034static struct file_system_type gadgetfs_type = {
2035 .owner = THIS_MODULE,
2036 .name = shortname,
2037 .mount = gadgetfs_mount,
2038 .kill_sb = gadgetfs_kill_sb,
2039};
2040MODULE_ALIAS_FS("gadgetfs");
2041
2042
2043
2044static int __init init (void)
2045{
2046 int status;
2047
2048 status = register_filesystem (&gadgetfs_type);
2049 if (status == 0)
2050 pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2051 shortname, driver_desc);
2052 return status;
2053}
2054module_init (init);
2055
2056static void __exit cleanup (void)
2057{
2058 pr_debug ("unregister %s\n", shortname);
2059 unregister_filesystem (&gadgetfs_type);
2060}
2061module_exit (cleanup);
2062
2063
