1
2
3
4
5
6
7
8
9
10
11
12#include <linux/init.h>
13#include <linux/module.h>
14#include <linux/fs.h>
15#include <linux/pagemap.h>
16#include <linux/uts.h>
17#include <linux/wait.h>
18#include <linux/compiler.h>
19#include <linux/uaccess.h>
20#include <linux/sched.h>
21#include <linux/slab.h>
22#include <linux/poll.h>
23#include <linux/mmu_context.h>
24#include <linux/aio.h>
25#include <linux/uio.h>
26#include <linux/refcount.h>
27#include <linux/delay.h>
28#include <linux/device.h>
29#include <linux/moduleparam.h>
30
31#include <linux/usb/gadgetfs.h>
32#include <linux/usb/gadget.h>
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65#define DRIVER_DESC "USB Gadget filesystem"
66#define DRIVER_VERSION "24 Aug 2004"
67
68static const char driver_desc [] = DRIVER_DESC;
69static const char shortname [] = "gadgetfs";
70
71MODULE_DESCRIPTION (DRIVER_DESC);
72MODULE_AUTHOR ("David Brownell");
73MODULE_LICENSE ("GPL");
74
75static int ep_open(struct inode *, struct file *);
76
77
78
79
80#define GADGETFS_MAGIC 0xaee71ee7
81
82
83enum ep0_state {
84
85 STATE_DEV_DISABLED = 0,
86
87
88
89
90
91
92 STATE_DEV_OPENED,
93
94
95
96
97
98
99 STATE_DEV_UNCONNECTED,
100 STATE_DEV_CONNECTED,
101 STATE_DEV_SETUP,
102
103
104
105
106 STATE_DEV_UNBOUND,
107};
108
109
110#define N_EVENT 5
111
112struct dev_data {
113 spinlock_t lock;
114 refcount_t count;
115 int udc_usage;
116 enum ep0_state state;
117 struct usb_gadgetfs_event event [N_EVENT];
118 unsigned ev_next;
119 struct fasync_struct *fasync;
120 u8 current_config;
121
122
123
124
125 unsigned usermode_setup : 1,
126 setup_in : 1,
127 setup_can_stall : 1,
128 setup_out_ready : 1,
129 setup_out_error : 1,
130 setup_abort : 1,
131 gadget_registered : 1;
132 unsigned setup_wLength;
133
134
135 struct usb_config_descriptor *config, *hs_config;
136 struct usb_device_descriptor *dev;
137 struct usb_request *req;
138 struct usb_gadget *gadget;
139 struct list_head epfiles;
140 void *buf;
141 wait_queue_head_t wait;
142 struct super_block *sb;
143 struct dentry *dentry;
144
145
146 u8 rbuf [256];
147};
148
149static inline void get_dev (struct dev_data *data)
150{
151 refcount_inc (&data->count);
152}
153
154static void put_dev (struct dev_data *data)
155{
156 if (likely (!refcount_dec_and_test (&data->count)))
157 return;
158
159 BUG_ON (waitqueue_active (&data->wait));
160 kfree (data);
161}
162
163static struct dev_data *dev_new (void)
164{
165 struct dev_data *dev;
166
167 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
168 if (!dev)
169 return NULL;
170 dev->state = STATE_DEV_DISABLED;
171 refcount_set (&dev->count, 1);
172 spin_lock_init (&dev->lock);
173 INIT_LIST_HEAD (&dev->epfiles);
174 init_waitqueue_head (&dev->wait);
175 return dev;
176}
177
178
179
180
181enum ep_state {
182 STATE_EP_DISABLED = 0,
183 STATE_EP_READY,
184 STATE_EP_ENABLED,
185 STATE_EP_UNBOUND,
186};
187
188struct ep_data {
189 struct mutex lock;
190 enum ep_state state;
191 refcount_t count;
192 struct dev_data *dev;
193
194 struct usb_ep *ep;
195 struct usb_request *req;
196 ssize_t status;
197 char name [16];
198 struct usb_endpoint_descriptor desc, hs_desc;
199 struct list_head epfiles;
200 wait_queue_head_t wait;
201 struct dentry *dentry;
202};
203
204static inline void get_ep (struct ep_data *data)
205{
206 refcount_inc (&data->count);
207}
208
209static void put_ep (struct ep_data *data)
210{
211 if (likely (!refcount_dec_and_test (&data->count)))
212 return;
213 put_dev (data->dev);
214
215 BUG_ON (!list_empty (&data->epfiles));
216 BUG_ON (waitqueue_active (&data->wait));
217 kfree (data);
218}
219
220
221
222
223
224
225
226
227
228static const char *CHIP;
229
230
231
232
233
234
235
236
237#define xprintk(d,level,fmt,args...) \
238 printk(level "%s: " fmt , shortname , ## args)
239
240#ifdef DEBUG
241#define DBG(dev,fmt,args...) \
242 xprintk(dev , KERN_DEBUG , fmt , ## args)
243#else
244#define DBG(dev,fmt,args...) \
245 do { } while (0)
246#endif
247
248#ifdef VERBOSE_DEBUG
249#define VDEBUG DBG
250#else
251#define VDEBUG(dev,fmt,args...) \
252 do { } while (0)
253#endif
254
255#define ERROR(dev,fmt,args...) \
256 xprintk(dev , KERN_ERR , fmt , ## args)
257#define INFO(dev,fmt,args...) \
258 xprintk(dev , KERN_INFO , fmt , ## args)
259
260
261
262
263
264
265
266
267
268
269
270static void epio_complete (struct usb_ep *ep, struct usb_request *req)
271{
272 struct ep_data *epdata = ep->driver_data;
273
274 if (!req->context)
275 return;
276 if (req->status)
277 epdata->status = req->status;
278 else
279 epdata->status = req->actual;
280 complete ((struct completion *)req->context);
281}
282
283
284
285
286static int
287get_ready_ep (unsigned f_flags, struct ep_data *epdata, bool is_write)
288{
289 int val;
290
291 if (f_flags & O_NONBLOCK) {
292 if (!mutex_trylock(&epdata->lock))
293 goto nonblock;
294 if (epdata->state != STATE_EP_ENABLED &&
295 (!is_write || epdata->state != STATE_EP_READY)) {
296 mutex_unlock(&epdata->lock);
297nonblock:
298 val = -EAGAIN;
299 } else
300 val = 0;
301 return val;
302 }
303
304 val = mutex_lock_interruptible(&epdata->lock);
305 if (val < 0)
306 return val;
307
308 switch (epdata->state) {
309 case STATE_EP_ENABLED:
310 return 0;
311 case STATE_EP_READY:
312 if (is_write)
313 return 0;
314
315 case STATE_EP_UNBOUND:
316 break;
317
318 default:
319 pr_debug ("%s: ep %p not available, state %d\n",
320 shortname, epdata, epdata->state);
321 }
322 mutex_unlock(&epdata->lock);
323 return -ENODEV;
324}
325
326static ssize_t
327ep_io (struct ep_data *epdata, void *buf, unsigned len)
328{
329 DECLARE_COMPLETION_ONSTACK (done);
330 int value;
331
332 spin_lock_irq (&epdata->dev->lock);
333 if (likely (epdata->ep != NULL)) {
334 struct usb_request *req = epdata->req;
335
336 req->context = &done;
337 req->complete = epio_complete;
338 req->buf = buf;
339 req->length = len;
340 value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
341 } else
342 value = -ENODEV;
343 spin_unlock_irq (&epdata->dev->lock);
344
345 if (likely (value == 0)) {
346 value = wait_event_interruptible (done.wait, done.done);
347 if (value != 0) {
348 spin_lock_irq (&epdata->dev->lock);
349 if (likely (epdata->ep != NULL)) {
350 DBG (epdata->dev, "%s i/o interrupted\n",
351 epdata->name);
352 usb_ep_dequeue (epdata->ep, epdata->req);
353 spin_unlock_irq (&epdata->dev->lock);
354
355 wait_event (done.wait, done.done);
356 if (epdata->status == -ECONNRESET)
357 epdata->status = -EINTR;
358 } else {
359 spin_unlock_irq (&epdata->dev->lock);
360
361 DBG (epdata->dev, "endpoint gone\n");
362 epdata->status = -ENODEV;
363 }
364 }
365 return epdata->status;
366 }
367 return value;
368}
369
370static int
371ep_release (struct inode *inode, struct file *fd)
372{
373 struct ep_data *data = fd->private_data;
374 int value;
375
376 value = mutex_lock_interruptible(&data->lock);
377 if (value < 0)
378 return value;
379
380
381 if (data->state != STATE_EP_UNBOUND) {
382 data->state = STATE_EP_DISABLED;
383 data->desc.bDescriptorType = 0;
384 data->hs_desc.bDescriptorType = 0;
385 usb_ep_disable(data->ep);
386 }
387 mutex_unlock(&data->lock);
388 put_ep (data);
389 return 0;
390}
391
392static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
393{
394 struct ep_data *data = fd->private_data;
395 int status;
396
397 if ((status = get_ready_ep (fd->f_flags, data, false)) < 0)
398 return status;
399
400 spin_lock_irq (&data->dev->lock);
401 if (likely (data->ep != NULL)) {
402 switch (code) {
403 case GADGETFS_FIFO_STATUS:
404 status = usb_ep_fifo_status (data->ep);
405 break;
406 case GADGETFS_FIFO_FLUSH:
407 usb_ep_fifo_flush (data->ep);
408 break;
409 case GADGETFS_CLEAR_HALT:
410 status = usb_ep_clear_halt (data->ep);
411 break;
412 default:
413 status = -ENOTTY;
414 }
415 } else
416 status = -ENODEV;
417 spin_unlock_irq (&data->dev->lock);
418 mutex_unlock(&data->lock);
419 return status;
420}
421
422
423
424
425
426struct kiocb_priv {
427 struct usb_request *req;
428 struct ep_data *epdata;
429 struct kiocb *iocb;
430 struct mm_struct *mm;
431 struct work_struct work;
432 void *buf;
433 struct iov_iter to;
434 const void *to_free;
435 unsigned actual;
436};
437
438static int ep_aio_cancel(struct kiocb *iocb)
439{
440 struct kiocb_priv *priv = iocb->private;
441 struct ep_data *epdata;
442 int value;
443
444 local_irq_disable();
445 epdata = priv->epdata;
446
447 if (likely(epdata && epdata->ep && priv->req))
448 value = usb_ep_dequeue (epdata->ep, priv->req);
449 else
450 value = -EINVAL;
451
452 local_irq_enable();
453
454 return value;
455}
456
457static void ep_user_copy_worker(struct work_struct *work)
458{
459 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
460 struct mm_struct *mm = priv->mm;
461 struct kiocb *iocb = priv->iocb;
462 size_t ret;
463
464 use_mm(mm);
465 ret = copy_to_iter(priv->buf, priv->actual, &priv->to);
466 unuse_mm(mm);
467 if (!ret)
468 ret = -EFAULT;
469
470
471 iocb->ki_complete(iocb, ret, ret);
472
473 kfree(priv->buf);
474 kfree(priv->to_free);
475 kfree(priv);
476}
477
478static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
479{
480 struct kiocb *iocb = req->context;
481 struct kiocb_priv *priv = iocb->private;
482 struct ep_data *epdata = priv->epdata;
483
484
485 spin_lock(&epdata->dev->lock);
486 priv->req = NULL;
487 priv->epdata = NULL;
488
489
490
491
492
493 if (priv->to_free == NULL || unlikely(req->actual == 0)) {
494 kfree(req->buf);
495 kfree(priv->to_free);
496 kfree(priv);
497 iocb->private = NULL;
498
499
500 iocb->ki_complete(iocb, req->actual ? req->actual : req->status,
501 req->status);
502 } else {
503
504 if (unlikely(0 != req->status))
505 DBG(epdata->dev, "%s fault %d len %d\n",
506 ep->name, req->status, req->actual);
507
508 priv->buf = req->buf;
509 priv->actual = req->actual;
510 INIT_WORK(&priv->work, ep_user_copy_worker);
511 schedule_work(&priv->work);
512 }
513
514 usb_ep_free_request(ep, req);
515 spin_unlock(&epdata->dev->lock);
516 put_ep(epdata);
517}
518
519static ssize_t ep_aio(struct kiocb *iocb,
520 struct kiocb_priv *priv,
521 struct ep_data *epdata,
522 char *buf,
523 size_t len)
524{
525 struct usb_request *req;
526 ssize_t value;
527
528 iocb->private = priv;
529 priv->iocb = iocb;
530
531 kiocb_set_cancel_fn(iocb, ep_aio_cancel);
532 get_ep(epdata);
533 priv->epdata = epdata;
534 priv->actual = 0;
535 priv->mm = current->mm;
536
537
538
539
540 spin_lock_irq(&epdata->dev->lock);
541 value = -ENODEV;
542 if (unlikely(epdata->ep == NULL))
543 goto fail;
544
545 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
546 value = -ENOMEM;
547 if (unlikely(!req))
548 goto fail;
549
550 priv->req = req;
551 req->buf = buf;
552 req->length = len;
553 req->complete = ep_aio_complete;
554 req->context = iocb;
555 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
556 if (unlikely(0 != value)) {
557 usb_ep_free_request(epdata->ep, req);
558 goto fail;
559 }
560 spin_unlock_irq(&epdata->dev->lock);
561 return -EIOCBQUEUED;
562
563fail:
564 spin_unlock_irq(&epdata->dev->lock);
565 kfree(priv->to_free);
566 kfree(priv);
567 put_ep(epdata);
568 return value;
569}
570
571static ssize_t
572ep_read_iter(struct kiocb *iocb, struct iov_iter *to)
573{
574 struct file *file = iocb->ki_filp;
575 struct ep_data *epdata = file->private_data;
576 size_t len = iov_iter_count(to);
577 ssize_t value;
578 char *buf;
579
580 if ((value = get_ready_ep(file->f_flags, epdata, false)) < 0)
581 return value;
582
583
584 if (usb_endpoint_dir_in(&epdata->desc)) {
585 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
586 !is_sync_kiocb(iocb)) {
587 mutex_unlock(&epdata->lock);
588 return -EINVAL;
589 }
590 DBG (epdata->dev, "%s halt\n", epdata->name);
591 spin_lock_irq(&epdata->dev->lock);
592 if (likely(epdata->ep != NULL))
593 usb_ep_set_halt(epdata->ep);
594 spin_unlock_irq(&epdata->dev->lock);
595 mutex_unlock(&epdata->lock);
596 return -EBADMSG;
597 }
598
599 buf = kmalloc(len, GFP_KERNEL);
600 if (unlikely(!buf)) {
601 mutex_unlock(&epdata->lock);
602 return -ENOMEM;
603 }
604 if (is_sync_kiocb(iocb)) {
605 value = ep_io(epdata, buf, len);
606 if (value >= 0 && (copy_to_iter(buf, value, to) != value))
607 value = -EFAULT;
608 } else {
609 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
610 value = -ENOMEM;
611 if (!priv)
612 goto fail;
613 priv->to_free = dup_iter(&priv->to, to, GFP_KERNEL);
614 if (!priv->to_free) {
615 kfree(priv);
616 goto fail;
617 }
618 value = ep_aio(iocb, priv, epdata, buf, len);
619 if (value == -EIOCBQUEUED)
620 buf = NULL;
621 }
622fail:
623 kfree(buf);
624 mutex_unlock(&epdata->lock);
625 return value;
626}
627
628static ssize_t ep_config(struct ep_data *, const char *, size_t);
629
630static ssize_t
631ep_write_iter(struct kiocb *iocb, struct iov_iter *from)
632{
633 struct file *file = iocb->ki_filp;
634 struct ep_data *epdata = file->private_data;
635 size_t len = iov_iter_count(from);
636 bool configured;
637 ssize_t value;
638 char *buf;
639
640 if ((value = get_ready_ep(file->f_flags, epdata, true)) < 0)
641 return value;
642
643 configured = epdata->state == STATE_EP_ENABLED;
644
645
646 if (configured && !usb_endpoint_dir_in(&epdata->desc)) {
647 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
648 !is_sync_kiocb(iocb)) {
649 mutex_unlock(&epdata->lock);
650 return -EINVAL;
651 }
652 DBG (epdata->dev, "%s halt\n", epdata->name);
653 spin_lock_irq(&epdata->dev->lock);
654 if (likely(epdata->ep != NULL))
655 usb_ep_set_halt(epdata->ep);
656 spin_unlock_irq(&epdata->dev->lock);
657 mutex_unlock(&epdata->lock);
658 return -EBADMSG;
659 }
660
661 buf = kmalloc(len, GFP_KERNEL);
662 if (unlikely(!buf)) {
663 mutex_unlock(&epdata->lock);
664 return -ENOMEM;
665 }
666
667 if (unlikely(!copy_from_iter_full(buf, len, from))) {
668 value = -EFAULT;
669 goto out;
670 }
671
672 if (unlikely(!configured)) {
673 value = ep_config(epdata, buf, len);
674 } else if (is_sync_kiocb(iocb)) {
675 value = ep_io(epdata, buf, len);
676 } else {
677 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
678 value = -ENOMEM;
679 if (priv) {
680 value = ep_aio(iocb, priv, epdata, buf, len);
681 if (value == -EIOCBQUEUED)
682 buf = NULL;
683 }
684 }
685out:
686 kfree(buf);
687 mutex_unlock(&epdata->lock);
688 return value;
689}
690
691
692
693
694static const struct file_operations ep_io_operations = {
695 .owner = THIS_MODULE,
696
697 .open = ep_open,
698 .release = ep_release,
699 .llseek = no_llseek,
700 .unlocked_ioctl = ep_ioctl,
701 .read_iter = ep_read_iter,
702 .write_iter = ep_write_iter,
703};
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718static ssize_t
719ep_config (struct ep_data *data, const char *buf, size_t len)
720{
721 struct usb_ep *ep;
722 u32 tag;
723 int value, length = len;
724
725 if (data->state != STATE_EP_READY) {
726 value = -EL2HLT;
727 goto fail;
728 }
729
730 value = len;
731 if (len < USB_DT_ENDPOINT_SIZE + 4)
732 goto fail0;
733
734
735 memcpy(&tag, buf, 4);
736 if (tag != 1) {
737 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
738 goto fail0;
739 }
740 buf += 4;
741 len -= 4;
742
743
744
745
746
747
748 memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE);
749 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
750 || data->desc.bDescriptorType != USB_DT_ENDPOINT)
751 goto fail0;
752 if (len != USB_DT_ENDPOINT_SIZE) {
753 if (len != 2 * USB_DT_ENDPOINT_SIZE)
754 goto fail0;
755 memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
756 USB_DT_ENDPOINT_SIZE);
757 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
758 || data->hs_desc.bDescriptorType
759 != USB_DT_ENDPOINT) {
760 DBG(data->dev, "config %s, bad hs length or type\n",
761 data->name);
762 goto fail0;
763 }
764 }
765
766 spin_lock_irq (&data->dev->lock);
767 if (data->dev->state == STATE_DEV_UNBOUND) {
768 value = -ENOENT;
769 goto gone;
770 } else {
771 ep = data->ep;
772 if (ep == NULL) {
773 value = -ENODEV;
774 goto gone;
775 }
776 }
777 switch (data->dev->gadget->speed) {
778 case USB_SPEED_LOW:
779 case USB_SPEED_FULL:
780 ep->desc = &data->desc;
781 break;
782 case USB_SPEED_HIGH:
783
784 ep->desc = &data->hs_desc;
785 break;
786 default:
787 DBG(data->dev, "unconnected, %s init abandoned\n",
788 data->name);
789 value = -EINVAL;
790 goto gone;
791 }
792 value = usb_ep_enable(ep);
793 if (value == 0) {
794 data->state = STATE_EP_ENABLED;
795 value = length;
796 }
797gone:
798 spin_unlock_irq (&data->dev->lock);
799 if (value < 0) {
800fail:
801 data->desc.bDescriptorType = 0;
802 data->hs_desc.bDescriptorType = 0;
803 }
804 return value;
805fail0:
806 value = -EINVAL;
807 goto fail;
808}
809
810static int
811ep_open (struct inode *inode, struct file *fd)
812{
813 struct ep_data *data = inode->i_private;
814 int value = -EBUSY;
815
816 if (mutex_lock_interruptible(&data->lock) != 0)
817 return -EINTR;
818 spin_lock_irq (&data->dev->lock);
819 if (data->dev->state == STATE_DEV_UNBOUND)
820 value = -ENOENT;
821 else if (data->state == STATE_EP_DISABLED) {
822 value = 0;
823 data->state = STATE_EP_READY;
824 get_ep (data);
825 fd->private_data = data;
826 VDEBUG (data->dev, "%s ready\n", data->name);
827 } else
828 DBG (data->dev, "%s state %d\n",
829 data->name, data->state);
830 spin_unlock_irq (&data->dev->lock);
831 mutex_unlock(&data->lock);
832 return value;
833}
834
835
836
837
838
839
840
841
842
843
844static inline void ep0_readable (struct dev_data *dev)
845{
846 wake_up (&dev->wait);
847 kill_fasync (&dev->fasync, SIGIO, POLL_IN);
848}
849
850static void clean_req (struct usb_ep *ep, struct usb_request *req)
851{
852 struct dev_data *dev = ep->driver_data;
853
854 if (req->buf != dev->rbuf) {
855 kfree(req->buf);
856 req->buf = dev->rbuf;
857 }
858 req->complete = epio_complete;
859 dev->setup_out_ready = 0;
860}
861
862static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
863{
864 struct dev_data *dev = ep->driver_data;
865 unsigned long flags;
866 int free = 1;
867
868
869 spin_lock_irqsave(&dev->lock, flags);
870 if (!dev->setup_in) {
871 dev->setup_out_error = (req->status != 0);
872 if (!dev->setup_out_error)
873 free = 0;
874 dev->setup_out_ready = 1;
875 ep0_readable (dev);
876 }
877
878
879 if (free && req->buf != &dev->rbuf)
880 clean_req (ep, req);
881 req->complete = epio_complete;
882 spin_unlock_irqrestore(&dev->lock, flags);
883}
884
885static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
886{
887 struct dev_data *dev = ep->driver_data;
888
889 if (dev->setup_out_ready) {
890 DBG (dev, "ep0 request busy!\n");
891 return -EBUSY;
892 }
893 if (len > sizeof (dev->rbuf))
894 req->buf = kmalloc(len, GFP_ATOMIC);
895 if (req->buf == NULL) {
896 req->buf = dev->rbuf;
897 return -ENOMEM;
898 }
899 req->complete = ep0_complete;
900 req->length = len;
901 req->zero = 0;
902 return 0;
903}
904
905static ssize_t
906ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
907{
908 struct dev_data *dev = fd->private_data;
909 ssize_t retval;
910 enum ep0_state state;
911
912 spin_lock_irq (&dev->lock);
913 if (dev->state <= STATE_DEV_OPENED) {
914 retval = -EINVAL;
915 goto done;
916 }
917
918
919 if (dev->setup_abort) {
920 dev->setup_abort = 0;
921 retval = -EIDRM;
922 goto done;
923 }
924
925
926 if ((state = dev->state) == STATE_DEV_SETUP) {
927
928 if (dev->setup_in) {
929 VDEBUG(dev, "ep0in stall\n");
930 (void) usb_ep_set_halt (dev->gadget->ep0);
931 retval = -EL2HLT;
932 dev->state = STATE_DEV_CONNECTED;
933
934 } else if (len == 0) {
935 struct usb_ep *ep = dev->gadget->ep0;
936 struct usb_request *req = dev->req;
937
938 if ((retval = setup_req (ep, req, 0)) == 0) {
939 ++dev->udc_usage;
940 spin_unlock_irq (&dev->lock);
941 retval = usb_ep_queue (ep, req, GFP_KERNEL);
942 spin_lock_irq (&dev->lock);
943 --dev->udc_usage;
944 }
945 dev->state = STATE_DEV_CONNECTED;
946
947
948 if (dev->current_config) {
949 unsigned power;
950
951 if (gadget_is_dualspeed(dev->gadget)
952 && (dev->gadget->speed
953 == USB_SPEED_HIGH))
954 power = dev->hs_config->bMaxPower;
955 else
956 power = dev->config->bMaxPower;
957 usb_gadget_vbus_draw(dev->gadget, 2 * power);
958 }
959
960 } else {
961 if ((fd->f_flags & O_NONBLOCK) != 0
962 && !dev->setup_out_ready) {
963 retval = -EAGAIN;
964 goto done;
965 }
966 spin_unlock_irq (&dev->lock);
967 retval = wait_event_interruptible (dev->wait,
968 dev->setup_out_ready != 0);
969
970
971 spin_lock_irq (&dev->lock);
972 if (retval)
973 goto done;
974
975 if (dev->state != STATE_DEV_SETUP) {
976 retval = -ECANCELED;
977 goto done;
978 }
979 dev->state = STATE_DEV_CONNECTED;
980
981 if (dev->setup_out_error)
982 retval = -EIO;
983 else {
984 len = min (len, (size_t)dev->req->actual);
985 ++dev->udc_usage;
986 spin_unlock_irq(&dev->lock);
987 if (copy_to_user (buf, dev->req->buf, len))
988 retval = -EFAULT;
989 else
990 retval = len;
991 spin_lock_irq(&dev->lock);
992 --dev->udc_usage;
993 clean_req (dev->gadget->ep0, dev->req);
994
995 }
996 }
997 goto done;
998 }
999
1000
1001 if (len < sizeof dev->event [0]) {
1002 retval = -EINVAL;
1003 goto done;
1004 }
1005 len -= len % sizeof (struct usb_gadgetfs_event);
1006 dev->usermode_setup = 1;
1007
1008scan:
1009
1010 if (dev->ev_next != 0) {
1011 unsigned i, n;
1012
1013 n = len / sizeof (struct usb_gadgetfs_event);
1014 if (dev->ev_next < n)
1015 n = dev->ev_next;
1016
1017
1018 for (i = 0; i < n; i++) {
1019 if (dev->event [i].type == GADGETFS_SETUP) {
1020 dev->state = STATE_DEV_SETUP;
1021 n = i + 1;
1022 break;
1023 }
1024 }
1025 spin_unlock_irq (&dev->lock);
1026 len = n * sizeof (struct usb_gadgetfs_event);
1027 if (copy_to_user (buf, &dev->event, len))
1028 retval = -EFAULT;
1029 else
1030 retval = len;
1031 if (len > 0) {
1032
1033
1034
1035 spin_lock_irq (&dev->lock);
1036 if (dev->ev_next > n) {
1037 memmove(&dev->event[0], &dev->event[n],
1038 sizeof (struct usb_gadgetfs_event)
1039 * (dev->ev_next - n));
1040 }
1041 dev->ev_next -= n;
1042 spin_unlock_irq (&dev->lock);
1043 }
1044 return retval;
1045 }
1046 if (fd->f_flags & O_NONBLOCK) {
1047 retval = -EAGAIN;
1048 goto done;
1049 }
1050
1051 switch (state) {
1052 default:
1053 DBG (dev, "fail %s, state %d\n", __func__, state);
1054 retval = -ESRCH;
1055 break;
1056 case STATE_DEV_UNCONNECTED:
1057 case STATE_DEV_CONNECTED:
1058 spin_unlock_irq (&dev->lock);
1059 DBG (dev, "%s wait\n", __func__);
1060
1061
1062 retval = wait_event_interruptible (dev->wait,
1063 dev->ev_next != 0);
1064 if (retval < 0)
1065 return retval;
1066 spin_lock_irq (&dev->lock);
1067 goto scan;
1068 }
1069
1070done:
1071 spin_unlock_irq (&dev->lock);
1072 return retval;
1073}
1074
1075static struct usb_gadgetfs_event *
1076next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1077{
1078 struct usb_gadgetfs_event *event;
1079 unsigned i;
1080
1081 switch (type) {
1082
1083 case GADGETFS_DISCONNECT:
1084 if (dev->state == STATE_DEV_SETUP)
1085 dev->setup_abort = 1;
1086
1087 case GADGETFS_CONNECT:
1088 dev->ev_next = 0;
1089 break;
1090 case GADGETFS_SETUP:
1091 case GADGETFS_SUSPEND:
1092
1093 for (i = 0; i != dev->ev_next; i++) {
1094 if (dev->event [i].type != type)
1095 continue;
1096 DBG(dev, "discard old event[%d] %d\n", i, type);
1097 dev->ev_next--;
1098 if (i == dev->ev_next)
1099 break;
1100
1101 memmove (&dev->event [i], &dev->event [i + 1],
1102 sizeof (struct usb_gadgetfs_event)
1103 * (dev->ev_next - i));
1104 }
1105 break;
1106 default:
1107 BUG ();
1108 }
1109 VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1110 event = &dev->event [dev->ev_next++];
1111 BUG_ON (dev->ev_next > N_EVENT);
1112 memset (event, 0, sizeof *event);
1113 event->type = type;
1114 return event;
1115}
1116
1117static ssize_t
1118ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1119{
1120 struct dev_data *dev = fd->private_data;
1121 ssize_t retval = -ESRCH;
1122
1123
1124 if (dev->setup_abort) {
1125 dev->setup_abort = 0;
1126 retval = -EIDRM;
1127
1128
1129 } else if (dev->state == STATE_DEV_SETUP) {
1130
1131 len = min_t(size_t, len, dev->setup_wLength);
1132 if (dev->setup_in) {
1133 retval = setup_req (dev->gadget->ep0, dev->req, len);
1134 if (retval == 0) {
1135 dev->state = STATE_DEV_CONNECTED;
1136 ++dev->udc_usage;
1137 spin_unlock_irq (&dev->lock);
1138 if (copy_from_user (dev->req->buf, buf, len))
1139 retval = -EFAULT;
1140 else {
1141 if (len < dev->setup_wLength)
1142 dev->req->zero = 1;
1143 retval = usb_ep_queue (
1144 dev->gadget->ep0, dev->req,
1145 GFP_KERNEL);
1146 }
1147 spin_lock_irq(&dev->lock);
1148 --dev->udc_usage;
1149 if (retval < 0) {
1150 clean_req (dev->gadget->ep0, dev->req);
1151 } else
1152 retval = len;
1153
1154 return retval;
1155 }
1156
1157
1158 } else if (dev->setup_can_stall) {
1159 VDEBUG(dev, "ep0out stall\n");
1160 (void) usb_ep_set_halt (dev->gadget->ep0);
1161 retval = -EL2HLT;
1162 dev->state = STATE_DEV_CONNECTED;
1163 } else {
1164 DBG(dev, "bogus ep0out stall!\n");
1165 }
1166 } else
1167 DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1168
1169 return retval;
1170}
1171
1172static int
1173ep0_fasync (int f, struct file *fd, int on)
1174{
1175 struct dev_data *dev = fd->private_data;
1176
1177 VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1178 return fasync_helper (f, fd, on, &dev->fasync);
1179}
1180
1181static struct usb_gadget_driver gadgetfs_driver;
1182
1183static int
1184dev_release (struct inode *inode, struct file *fd)
1185{
1186 struct dev_data *dev = fd->private_data;
1187
1188
1189
1190 if (dev->gadget_registered) {
1191 usb_gadget_unregister_driver (&gadgetfs_driver);
1192 dev->gadget_registered = false;
1193 }
1194
1195
1196
1197
1198
1199
1200 kfree (dev->buf);
1201 dev->buf = NULL;
1202
1203
1204 spin_lock_irq(&dev->lock);
1205 dev->state = STATE_DEV_DISABLED;
1206 spin_unlock_irq(&dev->lock);
1207
1208 put_dev (dev);
1209 return 0;
1210}
1211
1212static __poll_t
1213ep0_poll (struct file *fd, poll_table *wait)
1214{
1215 struct dev_data *dev = fd->private_data;
1216 __poll_t mask = 0;
1217
1218 if (dev->state <= STATE_DEV_OPENED)
1219 return DEFAULT_POLLMASK;
1220
1221 poll_wait(fd, &dev->wait, wait);
1222
1223 spin_lock_irq (&dev->lock);
1224
1225
1226 if (dev->setup_abort) {
1227 dev->setup_abort = 0;
1228 mask = EPOLLHUP;
1229 goto out;
1230 }
1231
1232 if (dev->state == STATE_DEV_SETUP) {
1233 if (dev->setup_in || dev->setup_can_stall)
1234 mask = EPOLLOUT;
1235 } else {
1236 if (dev->ev_next != 0)
1237 mask = EPOLLIN;
1238 }
1239out:
1240 spin_unlock_irq(&dev->lock);
1241 return mask;
1242}
1243
1244static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1245{
1246 struct dev_data *dev = fd->private_data;
1247 struct usb_gadget *gadget = dev->gadget;
1248 long ret = -ENOTTY;
1249
1250 spin_lock_irq(&dev->lock);
1251 if (dev->state == STATE_DEV_OPENED ||
1252 dev->state == STATE_DEV_UNBOUND) {
1253
1254 } else if (gadget->ops->ioctl) {
1255 ++dev->udc_usage;
1256 spin_unlock_irq(&dev->lock);
1257
1258 ret = gadget->ops->ioctl (gadget, code, value);
1259
1260 spin_lock_irq(&dev->lock);
1261 --dev->udc_usage;
1262 }
1263 spin_unlock_irq(&dev->lock);
1264
1265 return ret;
1266}
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276static void make_qualifier (struct dev_data *dev)
1277{
1278 struct usb_qualifier_descriptor qual;
1279 struct usb_device_descriptor *desc;
1280
1281 qual.bLength = sizeof qual;
1282 qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1283 qual.bcdUSB = cpu_to_le16 (0x0200);
1284
1285 desc = dev->dev;
1286 qual.bDeviceClass = desc->bDeviceClass;
1287 qual.bDeviceSubClass = desc->bDeviceSubClass;
1288 qual.bDeviceProtocol = desc->bDeviceProtocol;
1289
1290
1291 qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1292
1293 qual.bNumConfigurations = 1;
1294 qual.bRESERVED = 0;
1295
1296 memcpy (dev->rbuf, &qual, sizeof qual);
1297}
1298
1299static int
1300config_buf (struct dev_data *dev, u8 type, unsigned index)
1301{
1302 int len;
1303 int hs = 0;
1304
1305
1306 if (index > 0)
1307 return -EINVAL;
1308
1309 if (gadget_is_dualspeed(dev->gadget)) {
1310 hs = (dev->gadget->speed == USB_SPEED_HIGH);
1311 if (type == USB_DT_OTHER_SPEED_CONFIG)
1312 hs = !hs;
1313 }
1314 if (hs) {
1315 dev->req->buf = dev->hs_config;
1316 len = le16_to_cpu(dev->hs_config->wTotalLength);
1317 } else {
1318 dev->req->buf = dev->config;
1319 len = le16_to_cpu(dev->config->wTotalLength);
1320 }
1321 ((u8 *)dev->req->buf) [1] = type;
1322 return len;
1323}
1324
1325static int
1326gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1327{
1328 struct dev_data *dev = get_gadget_data (gadget);
1329 struct usb_request *req = dev->req;
1330 int value = -EOPNOTSUPP;
1331 struct usb_gadgetfs_event *event;
1332 u16 w_value = le16_to_cpu(ctrl->wValue);
1333 u16 w_length = le16_to_cpu(ctrl->wLength);
1334
1335 spin_lock (&dev->lock);
1336 dev->setup_abort = 0;
1337 if (dev->state == STATE_DEV_UNCONNECTED) {
1338 if (gadget_is_dualspeed(gadget)
1339 && gadget->speed == USB_SPEED_HIGH
1340 && dev->hs_config == NULL) {
1341 spin_unlock(&dev->lock);
1342 ERROR (dev, "no high speed config??\n");
1343 return -EINVAL;
1344 }
1345
1346 dev->state = STATE_DEV_CONNECTED;
1347
1348 INFO (dev, "connected\n");
1349 event = next_event (dev, GADGETFS_CONNECT);
1350 event->u.speed = gadget->speed;
1351 ep0_readable (dev);
1352
1353
1354
1355
1356
1357
1358 } else if (dev->state == STATE_DEV_SETUP)
1359 dev->setup_abort = 1;
1360
1361 req->buf = dev->rbuf;
1362 req->context = NULL;
1363 value = -EOPNOTSUPP;
1364 switch (ctrl->bRequest) {
1365
1366 case USB_REQ_GET_DESCRIPTOR:
1367 if (ctrl->bRequestType != USB_DIR_IN)
1368 goto unrecognized;
1369 switch (w_value >> 8) {
1370
1371 case USB_DT_DEVICE:
1372 value = min (w_length, (u16) sizeof *dev->dev);
1373 dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1374 req->buf = dev->dev;
1375 break;
1376 case USB_DT_DEVICE_QUALIFIER:
1377 if (!dev->hs_config)
1378 break;
1379 value = min (w_length, (u16)
1380 sizeof (struct usb_qualifier_descriptor));
1381 make_qualifier (dev);
1382 break;
1383 case USB_DT_OTHER_SPEED_CONFIG:
1384
1385 case USB_DT_CONFIG:
1386 value = config_buf (dev,
1387 w_value >> 8,
1388 w_value & 0xff);
1389 if (value >= 0)
1390 value = min (w_length, (u16) value);
1391 break;
1392 case USB_DT_STRING:
1393 goto unrecognized;
1394
1395 default:
1396 break;
1397 }
1398 break;
1399
1400
1401 case USB_REQ_SET_CONFIGURATION:
1402 if (ctrl->bRequestType != 0)
1403 goto unrecognized;
1404 if (0 == (u8) w_value) {
1405 value = 0;
1406 dev->current_config = 0;
1407 usb_gadget_vbus_draw(gadget, 8 );
1408
1409 } else {
1410 u8 config, power;
1411
1412 if (gadget_is_dualspeed(gadget)
1413 && gadget->speed == USB_SPEED_HIGH) {
1414 config = dev->hs_config->bConfigurationValue;
1415 power = dev->hs_config->bMaxPower;
1416 } else {
1417 config = dev->config->bConfigurationValue;
1418 power = dev->config->bMaxPower;
1419 }
1420
1421 if (config == (u8) w_value) {
1422 value = 0;
1423 dev->current_config = config;
1424 usb_gadget_vbus_draw(gadget, 2 * power);
1425 }
1426 }
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437 if (value == 0) {
1438 INFO (dev, "configuration #%d\n", dev->current_config);
1439 usb_gadget_set_state(gadget, USB_STATE_CONFIGURED);
1440 if (dev->usermode_setup) {
1441 dev->setup_can_stall = 0;
1442 goto delegate;
1443 }
1444 }
1445 break;
1446
1447#ifndef CONFIG_USB_PXA25X
1448
1449 case USB_REQ_GET_CONFIGURATION:
1450 if (ctrl->bRequestType != 0x80)
1451 goto unrecognized;
1452 *(u8 *)req->buf = dev->current_config;
1453 value = min (w_length, (u16) 1);
1454 break;
1455#endif
1456
1457 default:
1458unrecognized:
1459 VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1460 dev->usermode_setup ? "delegate" : "fail",
1461 ctrl->bRequestType, ctrl->bRequest,
1462 w_value, le16_to_cpu(ctrl->wIndex), w_length);
1463
1464
1465 if (dev->usermode_setup) {
1466 dev->setup_can_stall = 1;
1467delegate:
1468 dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1469 ? 1 : 0;
1470 dev->setup_wLength = w_length;
1471 dev->setup_out_ready = 0;
1472 dev->setup_out_error = 0;
1473
1474
1475 if (unlikely (!dev->setup_in && w_length)) {
1476 value = setup_req (gadget->ep0, dev->req,
1477 w_length);
1478 if (value < 0)
1479 break;
1480
1481 ++dev->udc_usage;
1482 spin_unlock (&dev->lock);
1483 value = usb_ep_queue (gadget->ep0, dev->req,
1484 GFP_KERNEL);
1485 spin_lock (&dev->lock);
1486 --dev->udc_usage;
1487 if (value < 0) {
1488 clean_req (gadget->ep0, dev->req);
1489 break;
1490 }
1491
1492
1493 dev->setup_can_stall = 0;
1494 }
1495
1496
1497 event = next_event (dev, GADGETFS_SETUP);
1498 event->u.setup = *ctrl;
1499 ep0_readable (dev);
1500 spin_unlock (&dev->lock);
1501 return 0;
1502 }
1503 }
1504
1505
1506 if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1507 req->length = value;
1508 req->zero = value < w_length;
1509
1510 ++dev->udc_usage;
1511 spin_unlock (&dev->lock);
1512 value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
1513 spin_lock(&dev->lock);
1514 --dev->udc_usage;
1515 spin_unlock(&dev->lock);
1516 if (value < 0) {
1517 DBG (dev, "ep_queue --> %d\n", value);
1518 req->status = 0;
1519 }
1520 return value;
1521 }
1522
1523
1524 spin_unlock (&dev->lock);
1525 return value;
1526}
1527
1528static void destroy_ep_files (struct dev_data *dev)
1529{
1530 DBG (dev, "%s %d\n", __func__, dev->state);
1531
1532
1533 spin_lock_irq (&dev->lock);
1534 while (!list_empty(&dev->epfiles)) {
1535 struct ep_data *ep;
1536 struct inode *parent;
1537 struct dentry *dentry;
1538
1539
1540 ep = list_first_entry (&dev->epfiles, struct ep_data, epfiles);
1541 list_del_init (&ep->epfiles);
1542 spin_unlock_irq (&dev->lock);
1543
1544 dentry = ep->dentry;
1545 ep->dentry = NULL;
1546 parent = d_inode(dentry->d_parent);
1547
1548
1549 mutex_lock(&ep->lock);
1550 if (ep->state == STATE_EP_ENABLED)
1551 (void) usb_ep_disable (ep->ep);
1552 ep->state = STATE_EP_UNBOUND;
1553 usb_ep_free_request (ep->ep, ep->req);
1554 ep->ep = NULL;
1555 mutex_unlock(&ep->lock);
1556
1557 wake_up (&ep->wait);
1558 put_ep (ep);
1559
1560
1561 inode_lock(parent);
1562 d_delete (dentry);
1563 dput (dentry);
1564 inode_unlock(parent);
1565
1566 spin_lock_irq (&dev->lock);
1567 }
1568 spin_unlock_irq (&dev->lock);
1569}
1570
1571
1572static struct dentry *
1573gadgetfs_create_file (struct super_block *sb, char const *name,
1574 void *data, const struct file_operations *fops);
1575
1576static int activate_ep_files (struct dev_data *dev)
1577{
1578 struct usb_ep *ep;
1579 struct ep_data *data;
1580
1581 gadget_for_each_ep (ep, dev->gadget) {
1582
1583 data = kzalloc(sizeof(*data), GFP_KERNEL);
1584 if (!data)
1585 goto enomem0;
1586 data->state = STATE_EP_DISABLED;
1587 mutex_init(&data->lock);
1588 init_waitqueue_head (&data->wait);
1589
1590 strncpy (data->name, ep->name, sizeof (data->name) - 1);
1591 refcount_set (&data->count, 1);
1592 data->dev = dev;
1593 get_dev (dev);
1594
1595 data->ep = ep;
1596 ep->driver_data = data;
1597
1598 data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1599 if (!data->req)
1600 goto enomem1;
1601
1602 data->dentry = gadgetfs_create_file (dev->sb, data->name,
1603 data, &ep_io_operations);
1604 if (!data->dentry)
1605 goto enomem2;
1606 list_add_tail (&data->epfiles, &dev->epfiles);
1607 }
1608 return 0;
1609
1610enomem2:
1611 usb_ep_free_request (ep, data->req);
1612enomem1:
1613 put_dev (dev);
1614 kfree (data);
1615enomem0:
1616 DBG (dev, "%s enomem\n", __func__);
1617 destroy_ep_files (dev);
1618 return -ENOMEM;
1619}
1620
1621static void
1622gadgetfs_unbind (struct usb_gadget *gadget)
1623{
1624 struct dev_data *dev = get_gadget_data (gadget);
1625
1626 DBG (dev, "%s\n", __func__);
1627
1628 spin_lock_irq (&dev->lock);
1629 dev->state = STATE_DEV_UNBOUND;
1630 while (dev->udc_usage > 0) {
1631 spin_unlock_irq(&dev->lock);
1632 usleep_range(1000, 2000);
1633 spin_lock_irq(&dev->lock);
1634 }
1635 spin_unlock_irq (&dev->lock);
1636
1637 destroy_ep_files (dev);
1638 gadget->ep0->driver_data = NULL;
1639 set_gadget_data (gadget, NULL);
1640
1641
1642 if (dev->req)
1643 usb_ep_free_request (gadget->ep0, dev->req);
1644 DBG (dev, "%s done\n", __func__);
1645 put_dev (dev);
1646}
1647
1648static struct dev_data *the_device;
1649
1650static int gadgetfs_bind(struct usb_gadget *gadget,
1651 struct usb_gadget_driver *driver)
1652{
1653 struct dev_data *dev = the_device;
1654
1655 if (!dev)
1656 return -ESRCH;
1657 if (0 != strcmp (CHIP, gadget->name)) {
1658 pr_err("%s expected %s controller not %s\n",
1659 shortname, CHIP, gadget->name);
1660 return -ENODEV;
1661 }
1662
1663 set_gadget_data (gadget, dev);
1664 dev->gadget = gadget;
1665 gadget->ep0->driver_data = dev;
1666
1667
1668 dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1669 if (!dev->req)
1670 goto enomem;
1671 dev->req->context = NULL;
1672 dev->req->complete = epio_complete;
1673
1674 if (activate_ep_files (dev) < 0)
1675 goto enomem;
1676
1677 INFO (dev, "bound to %s driver\n", gadget->name);
1678 spin_lock_irq(&dev->lock);
1679 dev->state = STATE_DEV_UNCONNECTED;
1680 spin_unlock_irq(&dev->lock);
1681 get_dev (dev);
1682 return 0;
1683
1684enomem:
1685 gadgetfs_unbind (gadget);
1686 return -ENOMEM;
1687}
1688
1689static void
1690gadgetfs_disconnect (struct usb_gadget *gadget)
1691{
1692 struct dev_data *dev = get_gadget_data (gadget);
1693 unsigned long flags;
1694
1695 spin_lock_irqsave (&dev->lock, flags);
1696 if (dev->state == STATE_DEV_UNCONNECTED)
1697 goto exit;
1698 dev->state = STATE_DEV_UNCONNECTED;
1699
1700 INFO (dev, "disconnected\n");
1701 next_event (dev, GADGETFS_DISCONNECT);
1702 ep0_readable (dev);
1703exit:
1704 spin_unlock_irqrestore (&dev->lock, flags);
1705}
1706
1707static void
1708gadgetfs_suspend (struct usb_gadget *gadget)
1709{
1710 struct dev_data *dev = get_gadget_data (gadget);
1711 unsigned long flags;
1712
1713 INFO (dev, "suspended from state %d\n", dev->state);
1714 spin_lock_irqsave(&dev->lock, flags);
1715 switch (dev->state) {
1716 case STATE_DEV_SETUP:
1717 case STATE_DEV_CONNECTED:
1718 case STATE_DEV_UNCONNECTED:
1719 next_event (dev, GADGETFS_SUSPEND);
1720 ep0_readable (dev);
1721
1722 default:
1723 break;
1724 }
1725 spin_unlock_irqrestore(&dev->lock, flags);
1726}
1727
1728static struct usb_gadget_driver gadgetfs_driver = {
1729 .function = (char *) driver_desc,
1730 .bind = gadgetfs_bind,
1731 .unbind = gadgetfs_unbind,
1732 .setup = gadgetfs_setup,
1733 .reset = gadgetfs_disconnect,
1734 .disconnect = gadgetfs_disconnect,
1735 .suspend = gadgetfs_suspend,
1736
1737 .driver = {
1738 .name = (char *) shortname,
1739 },
1740};
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769static int is_valid_config(struct usb_config_descriptor *config,
1770 unsigned int total)
1771{
1772 return config->bDescriptorType == USB_DT_CONFIG
1773 && config->bLength == USB_DT_CONFIG_SIZE
1774 && total >= USB_DT_CONFIG_SIZE
1775 && config->bConfigurationValue != 0
1776 && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1777 && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1778
1779
1780}
1781
1782static ssize_t
1783dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1784{
1785 struct dev_data *dev = fd->private_data;
1786 ssize_t value = len, length = len;
1787 unsigned total;
1788 u32 tag;
1789 char *kbuf;
1790
1791 spin_lock_irq(&dev->lock);
1792 if (dev->state > STATE_DEV_OPENED) {
1793 value = ep0_write(fd, buf, len, ptr);
1794 spin_unlock_irq(&dev->lock);
1795 return value;
1796 }
1797 spin_unlock_irq(&dev->lock);
1798
1799 if ((len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) ||
1800 (len > PAGE_SIZE * 4))
1801 return -EINVAL;
1802
1803
1804 if (copy_from_user (&tag, buf, 4))
1805 return -EFAULT;
1806 if (tag != 0)
1807 return -EINVAL;
1808 buf += 4;
1809 length -= 4;
1810
1811 kbuf = memdup_user(buf, length);
1812 if (IS_ERR(kbuf))
1813 return PTR_ERR(kbuf);
1814
1815 spin_lock_irq (&dev->lock);
1816 value = -EINVAL;
1817 if (dev->buf) {
1818 kfree(kbuf);
1819 goto fail;
1820 }
1821 dev->buf = kbuf;
1822
1823
1824 dev->config = (void *) kbuf;
1825 total = le16_to_cpu(dev->config->wTotalLength);
1826 if (!is_valid_config(dev->config, total) ||
1827 total > length - USB_DT_DEVICE_SIZE)
1828 goto fail;
1829 kbuf += total;
1830 length -= total;
1831
1832
1833 if (kbuf [1] == USB_DT_CONFIG) {
1834 dev->hs_config = (void *) kbuf;
1835 total = le16_to_cpu(dev->hs_config->wTotalLength);
1836 if (!is_valid_config(dev->hs_config, total) ||
1837 total > length - USB_DT_DEVICE_SIZE)
1838 goto fail;
1839 kbuf += total;
1840 length -= total;
1841 } else {
1842 dev->hs_config = NULL;
1843 }
1844
1845
1846
1847
1848 if (length != USB_DT_DEVICE_SIZE)
1849 goto fail;
1850 dev->dev = (void *)kbuf;
1851 if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1852 || dev->dev->bDescriptorType != USB_DT_DEVICE
1853 || dev->dev->bNumConfigurations != 1)
1854 goto fail;
1855 dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1856
1857
1858 spin_unlock_irq (&dev->lock);
1859 if (dev->hs_config)
1860 gadgetfs_driver.max_speed = USB_SPEED_HIGH;
1861 else
1862 gadgetfs_driver.max_speed = USB_SPEED_FULL;
1863
1864 value = usb_gadget_probe_driver(&gadgetfs_driver);
1865 if (value != 0) {
1866 kfree (dev->buf);
1867 dev->buf = NULL;
1868 } else {
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878 value = len;
1879 dev->gadget_registered = true;
1880 }
1881 return value;
1882
1883fail:
1884 spin_unlock_irq (&dev->lock);
1885 pr_debug ("%s: %s fail %zd, %p\n", shortname, __func__, value, dev);
1886 kfree (dev->buf);
1887 dev->buf = NULL;
1888 return value;
1889}
1890
1891static int
1892dev_open (struct inode *inode, struct file *fd)
1893{
1894 struct dev_data *dev = inode->i_private;
1895 int value = -EBUSY;
1896
1897 spin_lock_irq(&dev->lock);
1898 if (dev->state == STATE_DEV_DISABLED) {
1899 dev->ev_next = 0;
1900 dev->state = STATE_DEV_OPENED;
1901 fd->private_data = dev;
1902 get_dev (dev);
1903 value = 0;
1904 }
1905 spin_unlock_irq(&dev->lock);
1906 return value;
1907}
1908
1909static const struct file_operations ep0_operations = {
1910 .llseek = no_llseek,
1911
1912 .open = dev_open,
1913 .read = ep0_read,
1914 .write = dev_config,
1915 .fasync = ep0_fasync,
1916 .poll = ep0_poll,
1917 .unlocked_ioctl = dev_ioctl,
1918 .release = dev_release,
1919};
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934static unsigned default_uid;
1935static unsigned default_gid;
1936static unsigned default_perm = S_IRUSR | S_IWUSR;
1937
1938module_param (default_uid, uint, 0644);
1939module_param (default_gid, uint, 0644);
1940module_param (default_perm, uint, 0644);
1941
1942
1943static struct inode *
1944gadgetfs_make_inode (struct super_block *sb,
1945 void *data, const struct file_operations *fops,
1946 int mode)
1947{
1948 struct inode *inode = new_inode (sb);
1949
1950 if (inode) {
1951 inode->i_ino = get_next_ino();
1952 inode->i_mode = mode;
1953 inode->i_uid = make_kuid(&init_user_ns, default_uid);
1954 inode->i_gid = make_kgid(&init_user_ns, default_gid);
1955 inode->i_atime = inode->i_mtime = inode->i_ctime
1956 = current_time(inode);
1957 inode->i_private = data;
1958 inode->i_fop = fops;
1959 }
1960 return inode;
1961}
1962
1963
1964
1965
1966static struct dentry *
1967gadgetfs_create_file (struct super_block *sb, char const *name,
1968 void *data, const struct file_operations *fops)
1969{
1970 struct dentry *dentry;
1971 struct inode *inode;
1972
1973 dentry = d_alloc_name(sb->s_root, name);
1974 if (!dentry)
1975 return NULL;
1976
1977 inode = gadgetfs_make_inode (sb, data, fops,
1978 S_IFREG | (default_perm & S_IRWXUGO));
1979 if (!inode) {
1980 dput(dentry);
1981 return NULL;
1982 }
1983 d_add (dentry, inode);
1984 return dentry;
1985}
1986
1987static const struct super_operations gadget_fs_operations = {
1988 .statfs = simple_statfs,
1989 .drop_inode = generic_delete_inode,
1990};
1991
1992static int
1993gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
1994{
1995 struct inode *inode;
1996 struct dev_data *dev;
1997
1998 if (the_device)
1999 return -ESRCH;
2000
2001 CHIP = usb_get_gadget_udc_name();
2002 if (!CHIP)
2003 return -ENODEV;
2004
2005
2006 sb->s_blocksize = PAGE_SIZE;
2007 sb->s_blocksize_bits = PAGE_SHIFT;
2008 sb->s_magic = GADGETFS_MAGIC;
2009 sb->s_op = &gadget_fs_operations;
2010 sb->s_time_gran = 1;
2011
2012
2013 inode = gadgetfs_make_inode (sb,
2014 NULL, &simple_dir_operations,
2015 S_IFDIR | S_IRUGO | S_IXUGO);
2016 if (!inode)
2017 goto Enomem;
2018 inode->i_op = &simple_dir_inode_operations;
2019 if (!(sb->s_root = d_make_root (inode)))
2020 goto Enomem;
2021
2022
2023
2024
2025 dev = dev_new ();
2026 if (!dev)
2027 goto Enomem;
2028
2029 dev->sb = sb;
2030 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations);
2031 if (!dev->dentry) {
2032 put_dev(dev);
2033 goto Enomem;
2034 }
2035
2036
2037
2038
2039 the_device = dev;
2040 return 0;
2041
2042Enomem:
2043 return -ENOMEM;
2044}
2045
2046
2047static struct dentry *
2048gadgetfs_mount (struct file_system_type *t, int flags,
2049 const char *path, void *opts)
2050{
2051 return mount_single (t, flags, opts, gadgetfs_fill_super);
2052}
2053
2054static void
2055gadgetfs_kill_sb (struct super_block *sb)
2056{
2057 kill_litter_super (sb);
2058 if (the_device) {
2059 put_dev (the_device);
2060 the_device = NULL;
2061 }
2062 kfree(CHIP);
2063 CHIP = NULL;
2064}
2065
2066
2067
2068static struct file_system_type gadgetfs_type = {
2069 .owner = THIS_MODULE,
2070 .name = shortname,
2071 .mount = gadgetfs_mount,
2072 .kill_sb = gadgetfs_kill_sb,
2073};
2074MODULE_ALIAS_FS("gadgetfs");
2075
2076
2077
2078static int __init init (void)
2079{
2080 int status;
2081
2082 status = register_filesystem (&gadgetfs_type);
2083 if (status == 0)
2084 pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2085 shortname, driver_desc);
2086 return status;
2087}
2088module_init (init);
2089
2090static void __exit cleanup (void)
2091{
2092 pr_debug ("unregister %s\n", shortname);
2093 unregister_filesystem (&gadgetfs_type);
2094}
2095module_exit (cleanup);
2096
2097