1
2
3
4
5
6
7
8
9
10
11
12#include <linux/init.h>
13#include <linux/module.h>
14#include <linux/fs.h>
15#include <linux/fs_context.h>
16#include <linux/pagemap.h>
17#include <linux/uts.h>
18#include <linux/wait.h>
19#include <linux/compiler.h>
20#include <linux/uaccess.h>
21#include <linux/sched.h>
22#include <linux/slab.h>
23#include <linux/poll.h>
24#include <linux/mmu_context.h>
25#include <linux/aio.h>
26#include <linux/uio.h>
27#include <linux/refcount.h>
28#include <linux/delay.h>
29#include <linux/device.h>
30#include <linux/moduleparam.h>
31
32#include <linux/usb/gadgetfs.h>
33#include <linux/usb/gadget.h>
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66#define DRIVER_DESC "USB Gadget filesystem"
67#define DRIVER_VERSION "24 Aug 2004"
68
69static const char driver_desc [] = DRIVER_DESC;
70static const char shortname [] = "gadgetfs";
71
72MODULE_DESCRIPTION (DRIVER_DESC);
73MODULE_AUTHOR ("David Brownell");
74MODULE_LICENSE ("GPL");
75
76static int ep_open(struct inode *, struct file *);
77
78
79
80
81#define GADGETFS_MAGIC 0xaee71ee7
82
83
84enum ep0_state {
85
86 STATE_DEV_DISABLED = 0,
87
88
89
90
91
92
93 STATE_DEV_OPENED,
94
95
96
97
98
99
100 STATE_DEV_UNCONNECTED,
101 STATE_DEV_CONNECTED,
102 STATE_DEV_SETUP,
103
104
105
106
107 STATE_DEV_UNBOUND,
108};
109
110
111#define N_EVENT 5
112
113struct dev_data {
114 spinlock_t lock;
115 refcount_t count;
116 int udc_usage;
117 enum ep0_state state;
118 struct usb_gadgetfs_event event [N_EVENT];
119 unsigned ev_next;
120 struct fasync_struct *fasync;
121 u8 current_config;
122
123
124
125
126 unsigned usermode_setup : 1,
127 setup_in : 1,
128 setup_can_stall : 1,
129 setup_out_ready : 1,
130 setup_out_error : 1,
131 setup_abort : 1,
132 gadget_registered : 1;
133 unsigned setup_wLength;
134
135
136 struct usb_config_descriptor *config, *hs_config;
137 struct usb_device_descriptor *dev;
138 struct usb_request *req;
139 struct usb_gadget *gadget;
140 struct list_head epfiles;
141 void *buf;
142 wait_queue_head_t wait;
143 struct super_block *sb;
144 struct dentry *dentry;
145
146
147 u8 rbuf [256];
148};
149
150static inline void get_dev (struct dev_data *data)
151{
152 refcount_inc (&data->count);
153}
154
155static void put_dev (struct dev_data *data)
156{
157 if (likely (!refcount_dec_and_test (&data->count)))
158 return;
159
160 BUG_ON (waitqueue_active (&data->wait));
161 kfree (data);
162}
163
164static struct dev_data *dev_new (void)
165{
166 struct dev_data *dev;
167
168 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
169 if (!dev)
170 return NULL;
171 dev->state = STATE_DEV_DISABLED;
172 refcount_set (&dev->count, 1);
173 spin_lock_init (&dev->lock);
174 INIT_LIST_HEAD (&dev->epfiles);
175 init_waitqueue_head (&dev->wait);
176 return dev;
177}
178
179
180
181
182enum ep_state {
183 STATE_EP_DISABLED = 0,
184 STATE_EP_READY,
185 STATE_EP_ENABLED,
186 STATE_EP_UNBOUND,
187};
188
189struct ep_data {
190 struct mutex lock;
191 enum ep_state state;
192 refcount_t count;
193 struct dev_data *dev;
194
195 struct usb_ep *ep;
196 struct usb_request *req;
197 ssize_t status;
198 char name [16];
199 struct usb_endpoint_descriptor desc, hs_desc;
200 struct list_head epfiles;
201 wait_queue_head_t wait;
202 struct dentry *dentry;
203};
204
205static inline void get_ep (struct ep_data *data)
206{
207 refcount_inc (&data->count);
208}
209
210static void put_ep (struct ep_data *data)
211{
212 if (likely (!refcount_dec_and_test (&data->count)))
213 return;
214 put_dev (data->dev);
215
216 BUG_ON (!list_empty (&data->epfiles));
217 BUG_ON (waitqueue_active (&data->wait));
218 kfree (data);
219}
220
221
222
223
224
225
226
227
228
229static const char *CHIP;
230
231
232
233
234
235
236
237
238#define xprintk(d,level,fmt,args...) \
239 printk(level "%s: " fmt , shortname , ## args)
240
241#ifdef DEBUG
242#define DBG(dev,fmt,args...) \
243 xprintk(dev , KERN_DEBUG , fmt , ## args)
244#else
245#define DBG(dev,fmt,args...) \
246 do { } while (0)
247#endif
248
249#ifdef VERBOSE_DEBUG
250#define VDEBUG DBG
251#else
252#define VDEBUG(dev,fmt,args...) \
253 do { } while (0)
254#endif
255
256#define ERROR(dev,fmt,args...) \
257 xprintk(dev , KERN_ERR , fmt , ## args)
258#define INFO(dev,fmt,args...) \
259 xprintk(dev , KERN_INFO , fmt , ## args)
260
261
262
263
264
265
266
267
268
269
270
271static void epio_complete (struct usb_ep *ep, struct usb_request *req)
272{
273 struct ep_data *epdata = ep->driver_data;
274
275 if (!req->context)
276 return;
277 if (req->status)
278 epdata->status = req->status;
279 else
280 epdata->status = req->actual;
281 complete ((struct completion *)req->context);
282}
283
284
285
286
287static int
288get_ready_ep (unsigned f_flags, struct ep_data *epdata, bool is_write)
289{
290 int val;
291
292 if (f_flags & O_NONBLOCK) {
293 if (!mutex_trylock(&epdata->lock))
294 goto nonblock;
295 if (epdata->state != STATE_EP_ENABLED &&
296 (!is_write || epdata->state != STATE_EP_READY)) {
297 mutex_unlock(&epdata->lock);
298nonblock:
299 val = -EAGAIN;
300 } else
301 val = 0;
302 return val;
303 }
304
305 val = mutex_lock_interruptible(&epdata->lock);
306 if (val < 0)
307 return val;
308
309 switch (epdata->state) {
310 case STATE_EP_ENABLED:
311 return 0;
312 case STATE_EP_READY:
313 if (is_write)
314 return 0;
315
316 case STATE_EP_UNBOUND:
317 break;
318
319 default:
320 pr_debug ("%s: ep %p not available, state %d\n",
321 shortname, epdata, epdata->state);
322 }
323 mutex_unlock(&epdata->lock);
324 return -ENODEV;
325}
326
327static ssize_t
328ep_io (struct ep_data *epdata, void *buf, unsigned len)
329{
330 DECLARE_COMPLETION_ONSTACK (done);
331 int value;
332
333 spin_lock_irq (&epdata->dev->lock);
334 if (likely (epdata->ep != NULL)) {
335 struct usb_request *req = epdata->req;
336
337 req->context = &done;
338 req->complete = epio_complete;
339 req->buf = buf;
340 req->length = len;
341 value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
342 } else
343 value = -ENODEV;
344 spin_unlock_irq (&epdata->dev->lock);
345
346 if (likely (value == 0)) {
347 value = wait_event_interruptible (done.wait, done.done);
348 if (value != 0) {
349 spin_lock_irq (&epdata->dev->lock);
350 if (likely (epdata->ep != NULL)) {
351 DBG (epdata->dev, "%s i/o interrupted\n",
352 epdata->name);
353 usb_ep_dequeue (epdata->ep, epdata->req);
354 spin_unlock_irq (&epdata->dev->lock);
355
356 wait_event (done.wait, done.done);
357 if (epdata->status == -ECONNRESET)
358 epdata->status = -EINTR;
359 } else {
360 spin_unlock_irq (&epdata->dev->lock);
361
362 DBG (epdata->dev, "endpoint gone\n");
363 epdata->status = -ENODEV;
364 }
365 }
366 return epdata->status;
367 }
368 return value;
369}
370
371static int
372ep_release (struct inode *inode, struct file *fd)
373{
374 struct ep_data *data = fd->private_data;
375 int value;
376
377 value = mutex_lock_interruptible(&data->lock);
378 if (value < 0)
379 return value;
380
381
382 if (data->state != STATE_EP_UNBOUND) {
383 data->state = STATE_EP_DISABLED;
384 data->desc.bDescriptorType = 0;
385 data->hs_desc.bDescriptorType = 0;
386 usb_ep_disable(data->ep);
387 }
388 mutex_unlock(&data->lock);
389 put_ep (data);
390 return 0;
391}
392
393static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
394{
395 struct ep_data *data = fd->private_data;
396 int status;
397
398 if ((status = get_ready_ep (fd->f_flags, data, false)) < 0)
399 return status;
400
401 spin_lock_irq (&data->dev->lock);
402 if (likely (data->ep != NULL)) {
403 switch (code) {
404 case GADGETFS_FIFO_STATUS:
405 status = usb_ep_fifo_status (data->ep);
406 break;
407 case GADGETFS_FIFO_FLUSH:
408 usb_ep_fifo_flush (data->ep);
409 break;
410 case GADGETFS_CLEAR_HALT:
411 status = usb_ep_clear_halt (data->ep);
412 break;
413 default:
414 status = -ENOTTY;
415 }
416 } else
417 status = -ENODEV;
418 spin_unlock_irq (&data->dev->lock);
419 mutex_unlock(&data->lock);
420 return status;
421}
422
423
424
425
426
427struct kiocb_priv {
428 struct usb_request *req;
429 struct ep_data *epdata;
430 struct kiocb *iocb;
431 struct mm_struct *mm;
432 struct work_struct work;
433 void *buf;
434 struct iov_iter to;
435 const void *to_free;
436 unsigned actual;
437};
438
439static int ep_aio_cancel(struct kiocb *iocb)
440{
441 struct kiocb_priv *priv = iocb->private;
442 struct ep_data *epdata;
443 int value;
444
445 local_irq_disable();
446 epdata = priv->epdata;
447
448 if (likely(epdata && epdata->ep && priv->req))
449 value = usb_ep_dequeue (epdata->ep, priv->req);
450 else
451 value = -EINVAL;
452
453 local_irq_enable();
454
455 return value;
456}
457
458static void ep_user_copy_worker(struct work_struct *work)
459{
460 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
461 struct mm_struct *mm = priv->mm;
462 struct kiocb *iocb = priv->iocb;
463 size_t ret;
464
465 use_mm(mm);
466 ret = copy_to_iter(priv->buf, priv->actual, &priv->to);
467 unuse_mm(mm);
468 if (!ret)
469 ret = -EFAULT;
470
471
472 iocb->ki_complete(iocb, ret, ret);
473
474 kfree(priv->buf);
475 kfree(priv->to_free);
476 kfree(priv);
477}
478
479static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
480{
481 struct kiocb *iocb = req->context;
482 struct kiocb_priv *priv = iocb->private;
483 struct ep_data *epdata = priv->epdata;
484
485
486 spin_lock(&epdata->dev->lock);
487 priv->req = NULL;
488 priv->epdata = NULL;
489
490
491
492
493
494 if (priv->to_free == NULL || unlikely(req->actual == 0)) {
495 kfree(req->buf);
496 kfree(priv->to_free);
497 kfree(priv);
498 iocb->private = NULL;
499
500
501 iocb->ki_complete(iocb, req->actual ? req->actual : req->status,
502 req->status);
503 } else {
504
505 if (unlikely(0 != req->status))
506 DBG(epdata->dev, "%s fault %d len %d\n",
507 ep->name, req->status, req->actual);
508
509 priv->buf = req->buf;
510 priv->actual = req->actual;
511 INIT_WORK(&priv->work, ep_user_copy_worker);
512 schedule_work(&priv->work);
513 }
514
515 usb_ep_free_request(ep, req);
516 spin_unlock(&epdata->dev->lock);
517 put_ep(epdata);
518}
519
520static ssize_t ep_aio(struct kiocb *iocb,
521 struct kiocb_priv *priv,
522 struct ep_data *epdata,
523 char *buf,
524 size_t len)
525{
526 struct usb_request *req;
527 ssize_t value;
528
529 iocb->private = priv;
530 priv->iocb = iocb;
531
532 kiocb_set_cancel_fn(iocb, ep_aio_cancel);
533 get_ep(epdata);
534 priv->epdata = epdata;
535 priv->actual = 0;
536 priv->mm = current->mm;
537
538
539
540
541 spin_lock_irq(&epdata->dev->lock);
542 value = -ENODEV;
543 if (unlikely(epdata->ep == NULL))
544 goto fail;
545
546 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
547 value = -ENOMEM;
548 if (unlikely(!req))
549 goto fail;
550
551 priv->req = req;
552 req->buf = buf;
553 req->length = len;
554 req->complete = ep_aio_complete;
555 req->context = iocb;
556 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
557 if (unlikely(0 != value)) {
558 usb_ep_free_request(epdata->ep, req);
559 goto fail;
560 }
561 spin_unlock_irq(&epdata->dev->lock);
562 return -EIOCBQUEUED;
563
564fail:
565 spin_unlock_irq(&epdata->dev->lock);
566 kfree(priv->to_free);
567 kfree(priv);
568 put_ep(epdata);
569 return value;
570}
571
572static ssize_t
573ep_read_iter(struct kiocb *iocb, struct iov_iter *to)
574{
575 struct file *file = iocb->ki_filp;
576 struct ep_data *epdata = file->private_data;
577 size_t len = iov_iter_count(to);
578 ssize_t value;
579 char *buf;
580
581 if ((value = get_ready_ep(file->f_flags, epdata, false)) < 0)
582 return value;
583
584
585 if (usb_endpoint_dir_in(&epdata->desc)) {
586 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
587 !is_sync_kiocb(iocb)) {
588 mutex_unlock(&epdata->lock);
589 return -EINVAL;
590 }
591 DBG (epdata->dev, "%s halt\n", epdata->name);
592 spin_lock_irq(&epdata->dev->lock);
593 if (likely(epdata->ep != NULL))
594 usb_ep_set_halt(epdata->ep);
595 spin_unlock_irq(&epdata->dev->lock);
596 mutex_unlock(&epdata->lock);
597 return -EBADMSG;
598 }
599
600 buf = kmalloc(len, GFP_KERNEL);
601 if (unlikely(!buf)) {
602 mutex_unlock(&epdata->lock);
603 return -ENOMEM;
604 }
605 if (is_sync_kiocb(iocb)) {
606 value = ep_io(epdata, buf, len);
607 if (value >= 0 && (copy_to_iter(buf, value, to) != value))
608 value = -EFAULT;
609 } else {
610 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
611 value = -ENOMEM;
612 if (!priv)
613 goto fail;
614 priv->to_free = dup_iter(&priv->to, to, GFP_KERNEL);
615 if (!priv->to_free) {
616 kfree(priv);
617 goto fail;
618 }
619 value = ep_aio(iocb, priv, epdata, buf, len);
620 if (value == -EIOCBQUEUED)
621 buf = NULL;
622 }
623fail:
624 kfree(buf);
625 mutex_unlock(&epdata->lock);
626 return value;
627}
628
629static ssize_t ep_config(struct ep_data *, const char *, size_t);
630
631static ssize_t
632ep_write_iter(struct kiocb *iocb, struct iov_iter *from)
633{
634 struct file *file = iocb->ki_filp;
635 struct ep_data *epdata = file->private_data;
636 size_t len = iov_iter_count(from);
637 bool configured;
638 ssize_t value;
639 char *buf;
640
641 if ((value = get_ready_ep(file->f_flags, epdata, true)) < 0)
642 return value;
643
644 configured = epdata->state == STATE_EP_ENABLED;
645
646
647 if (configured && !usb_endpoint_dir_in(&epdata->desc)) {
648 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
649 !is_sync_kiocb(iocb)) {
650 mutex_unlock(&epdata->lock);
651 return -EINVAL;
652 }
653 DBG (epdata->dev, "%s halt\n", epdata->name);
654 spin_lock_irq(&epdata->dev->lock);
655 if (likely(epdata->ep != NULL))
656 usb_ep_set_halt(epdata->ep);
657 spin_unlock_irq(&epdata->dev->lock);
658 mutex_unlock(&epdata->lock);
659 return -EBADMSG;
660 }
661
662 buf = kmalloc(len, GFP_KERNEL);
663 if (unlikely(!buf)) {
664 mutex_unlock(&epdata->lock);
665 return -ENOMEM;
666 }
667
668 if (unlikely(!copy_from_iter_full(buf, len, from))) {
669 value = -EFAULT;
670 goto out;
671 }
672
673 if (unlikely(!configured)) {
674 value = ep_config(epdata, buf, len);
675 } else if (is_sync_kiocb(iocb)) {
676 value = ep_io(epdata, buf, len);
677 } else {
678 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
679 value = -ENOMEM;
680 if (priv) {
681 value = ep_aio(iocb, priv, epdata, buf, len);
682 if (value == -EIOCBQUEUED)
683 buf = NULL;
684 }
685 }
686out:
687 kfree(buf);
688 mutex_unlock(&epdata->lock);
689 return value;
690}
691
692
693
694
695static const struct file_operations ep_io_operations = {
696 .owner = THIS_MODULE,
697
698 .open = ep_open,
699 .release = ep_release,
700 .llseek = no_llseek,
701 .unlocked_ioctl = ep_ioctl,
702 .read_iter = ep_read_iter,
703 .write_iter = ep_write_iter,
704};
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719static ssize_t
720ep_config (struct ep_data *data, const char *buf, size_t len)
721{
722 struct usb_ep *ep;
723 u32 tag;
724 int value, length = len;
725
726 if (data->state != STATE_EP_READY) {
727 value = -EL2HLT;
728 goto fail;
729 }
730
731 value = len;
732 if (len < USB_DT_ENDPOINT_SIZE + 4)
733 goto fail0;
734
735
736 memcpy(&tag, buf, 4);
737 if (tag != 1) {
738 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
739 goto fail0;
740 }
741 buf += 4;
742 len -= 4;
743
744
745
746
747
748
749 memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE);
750 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
751 || data->desc.bDescriptorType != USB_DT_ENDPOINT)
752 goto fail0;
753 if (len != USB_DT_ENDPOINT_SIZE) {
754 if (len != 2 * USB_DT_ENDPOINT_SIZE)
755 goto fail0;
756 memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
757 USB_DT_ENDPOINT_SIZE);
758 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
759 || data->hs_desc.bDescriptorType
760 != USB_DT_ENDPOINT) {
761 DBG(data->dev, "config %s, bad hs length or type\n",
762 data->name);
763 goto fail0;
764 }
765 }
766
767 spin_lock_irq (&data->dev->lock);
768 if (data->dev->state == STATE_DEV_UNBOUND) {
769 value = -ENOENT;
770 goto gone;
771 } else {
772 ep = data->ep;
773 if (ep == NULL) {
774 value = -ENODEV;
775 goto gone;
776 }
777 }
778 switch (data->dev->gadget->speed) {
779 case USB_SPEED_LOW:
780 case USB_SPEED_FULL:
781 ep->desc = &data->desc;
782 break;
783 case USB_SPEED_HIGH:
784
785 ep->desc = &data->hs_desc;
786 break;
787 default:
788 DBG(data->dev, "unconnected, %s init abandoned\n",
789 data->name);
790 value = -EINVAL;
791 goto gone;
792 }
793 value = usb_ep_enable(ep);
794 if (value == 0) {
795 data->state = STATE_EP_ENABLED;
796 value = length;
797 }
798gone:
799 spin_unlock_irq (&data->dev->lock);
800 if (value < 0) {
801fail:
802 data->desc.bDescriptorType = 0;
803 data->hs_desc.bDescriptorType = 0;
804 }
805 return value;
806fail0:
807 value = -EINVAL;
808 goto fail;
809}
810
811static int
812ep_open (struct inode *inode, struct file *fd)
813{
814 struct ep_data *data = inode->i_private;
815 int value = -EBUSY;
816
817 if (mutex_lock_interruptible(&data->lock) != 0)
818 return -EINTR;
819 spin_lock_irq (&data->dev->lock);
820 if (data->dev->state == STATE_DEV_UNBOUND)
821 value = -ENOENT;
822 else if (data->state == STATE_EP_DISABLED) {
823 value = 0;
824 data->state = STATE_EP_READY;
825 get_ep (data);
826 fd->private_data = data;
827 VDEBUG (data->dev, "%s ready\n", data->name);
828 } else
829 DBG (data->dev, "%s state %d\n",
830 data->name, data->state);
831 spin_unlock_irq (&data->dev->lock);
832 mutex_unlock(&data->lock);
833 return value;
834}
835
836
837
838
839
840
841
842
843
844
845static inline void ep0_readable (struct dev_data *dev)
846{
847 wake_up (&dev->wait);
848 kill_fasync (&dev->fasync, SIGIO, POLL_IN);
849}
850
851static void clean_req (struct usb_ep *ep, struct usb_request *req)
852{
853 struct dev_data *dev = ep->driver_data;
854
855 if (req->buf != dev->rbuf) {
856 kfree(req->buf);
857 req->buf = dev->rbuf;
858 }
859 req->complete = epio_complete;
860 dev->setup_out_ready = 0;
861}
862
863static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
864{
865 struct dev_data *dev = ep->driver_data;
866 unsigned long flags;
867 int free = 1;
868
869
870 spin_lock_irqsave(&dev->lock, flags);
871 if (!dev->setup_in) {
872 dev->setup_out_error = (req->status != 0);
873 if (!dev->setup_out_error)
874 free = 0;
875 dev->setup_out_ready = 1;
876 ep0_readable (dev);
877 }
878
879
880 if (free && req->buf != &dev->rbuf)
881 clean_req (ep, req);
882 req->complete = epio_complete;
883 spin_unlock_irqrestore(&dev->lock, flags);
884}
885
886static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
887{
888 struct dev_data *dev = ep->driver_data;
889
890 if (dev->setup_out_ready) {
891 DBG (dev, "ep0 request busy!\n");
892 return -EBUSY;
893 }
894 if (len > sizeof (dev->rbuf))
895 req->buf = kmalloc(len, GFP_ATOMIC);
896 if (req->buf == NULL) {
897 req->buf = dev->rbuf;
898 return -ENOMEM;
899 }
900 req->complete = ep0_complete;
901 req->length = len;
902 req->zero = 0;
903 return 0;
904}
905
906static ssize_t
907ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
908{
909 struct dev_data *dev = fd->private_data;
910 ssize_t retval;
911 enum ep0_state state;
912
913 spin_lock_irq (&dev->lock);
914 if (dev->state <= STATE_DEV_OPENED) {
915 retval = -EINVAL;
916 goto done;
917 }
918
919
920 if (dev->setup_abort) {
921 dev->setup_abort = 0;
922 retval = -EIDRM;
923 goto done;
924 }
925
926
927 if ((state = dev->state) == STATE_DEV_SETUP) {
928
929 if (dev->setup_in) {
930 VDEBUG(dev, "ep0in stall\n");
931 (void) usb_ep_set_halt (dev->gadget->ep0);
932 retval = -EL2HLT;
933 dev->state = STATE_DEV_CONNECTED;
934
935 } else if (len == 0) {
936 struct usb_ep *ep = dev->gadget->ep0;
937 struct usb_request *req = dev->req;
938
939 if ((retval = setup_req (ep, req, 0)) == 0) {
940 ++dev->udc_usage;
941 spin_unlock_irq (&dev->lock);
942 retval = usb_ep_queue (ep, req, GFP_KERNEL);
943 spin_lock_irq (&dev->lock);
944 --dev->udc_usage;
945 }
946 dev->state = STATE_DEV_CONNECTED;
947
948
949 if (dev->current_config) {
950 unsigned power;
951
952 if (gadget_is_dualspeed(dev->gadget)
953 && (dev->gadget->speed
954 == USB_SPEED_HIGH))
955 power = dev->hs_config->bMaxPower;
956 else
957 power = dev->config->bMaxPower;
958 usb_gadget_vbus_draw(dev->gadget, 2 * power);
959 }
960
961 } else {
962 if ((fd->f_flags & O_NONBLOCK) != 0
963 && !dev->setup_out_ready) {
964 retval = -EAGAIN;
965 goto done;
966 }
967 spin_unlock_irq (&dev->lock);
968 retval = wait_event_interruptible (dev->wait,
969 dev->setup_out_ready != 0);
970
971
972 spin_lock_irq (&dev->lock);
973 if (retval)
974 goto done;
975
976 if (dev->state != STATE_DEV_SETUP) {
977 retval = -ECANCELED;
978 goto done;
979 }
980 dev->state = STATE_DEV_CONNECTED;
981
982 if (dev->setup_out_error)
983 retval = -EIO;
984 else {
985 len = min (len, (size_t)dev->req->actual);
986 ++dev->udc_usage;
987 spin_unlock_irq(&dev->lock);
988 if (copy_to_user (buf, dev->req->buf, len))
989 retval = -EFAULT;
990 else
991 retval = len;
992 spin_lock_irq(&dev->lock);
993 --dev->udc_usage;
994 clean_req (dev->gadget->ep0, dev->req);
995
996 }
997 }
998 goto done;
999 }
1000
1001
1002 if (len < sizeof dev->event [0]) {
1003 retval = -EINVAL;
1004 goto done;
1005 }
1006 len -= len % sizeof (struct usb_gadgetfs_event);
1007 dev->usermode_setup = 1;
1008
1009scan:
1010
1011 if (dev->ev_next != 0) {
1012 unsigned i, n;
1013
1014 n = len / sizeof (struct usb_gadgetfs_event);
1015 if (dev->ev_next < n)
1016 n = dev->ev_next;
1017
1018
1019 for (i = 0; i < n; i++) {
1020 if (dev->event [i].type == GADGETFS_SETUP) {
1021 dev->state = STATE_DEV_SETUP;
1022 n = i + 1;
1023 break;
1024 }
1025 }
1026 spin_unlock_irq (&dev->lock);
1027 len = n * sizeof (struct usb_gadgetfs_event);
1028 if (copy_to_user (buf, &dev->event, len))
1029 retval = -EFAULT;
1030 else
1031 retval = len;
1032 if (len > 0) {
1033
1034
1035
1036 spin_lock_irq (&dev->lock);
1037 if (dev->ev_next > n) {
1038 memmove(&dev->event[0], &dev->event[n],
1039 sizeof (struct usb_gadgetfs_event)
1040 * (dev->ev_next - n));
1041 }
1042 dev->ev_next -= n;
1043 spin_unlock_irq (&dev->lock);
1044 }
1045 return retval;
1046 }
1047 if (fd->f_flags & O_NONBLOCK) {
1048 retval = -EAGAIN;
1049 goto done;
1050 }
1051
1052 switch (state) {
1053 default:
1054 DBG (dev, "fail %s, state %d\n", __func__, state);
1055 retval = -ESRCH;
1056 break;
1057 case STATE_DEV_UNCONNECTED:
1058 case STATE_DEV_CONNECTED:
1059 spin_unlock_irq (&dev->lock);
1060 DBG (dev, "%s wait\n", __func__);
1061
1062
1063 retval = wait_event_interruptible (dev->wait,
1064 dev->ev_next != 0);
1065 if (retval < 0)
1066 return retval;
1067 spin_lock_irq (&dev->lock);
1068 goto scan;
1069 }
1070
1071done:
1072 spin_unlock_irq (&dev->lock);
1073 return retval;
1074}
1075
1076static struct usb_gadgetfs_event *
1077next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1078{
1079 struct usb_gadgetfs_event *event;
1080 unsigned i;
1081
1082 switch (type) {
1083
1084 case GADGETFS_DISCONNECT:
1085 if (dev->state == STATE_DEV_SETUP)
1086 dev->setup_abort = 1;
1087
1088 case GADGETFS_CONNECT:
1089 dev->ev_next = 0;
1090 break;
1091 case GADGETFS_SETUP:
1092 case GADGETFS_SUSPEND:
1093
1094 for (i = 0; i != dev->ev_next; i++) {
1095 if (dev->event [i].type != type)
1096 continue;
1097 DBG(dev, "discard old event[%d] %d\n", i, type);
1098 dev->ev_next--;
1099 if (i == dev->ev_next)
1100 break;
1101
1102 memmove (&dev->event [i], &dev->event [i + 1],
1103 sizeof (struct usb_gadgetfs_event)
1104 * (dev->ev_next - i));
1105 }
1106 break;
1107 default:
1108 BUG ();
1109 }
1110 VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1111 event = &dev->event [dev->ev_next++];
1112 BUG_ON (dev->ev_next > N_EVENT);
1113 memset (event, 0, sizeof *event);
1114 event->type = type;
1115 return event;
1116}
1117
1118static ssize_t
1119ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1120{
1121 struct dev_data *dev = fd->private_data;
1122 ssize_t retval = -ESRCH;
1123
1124
1125 if (dev->setup_abort) {
1126 dev->setup_abort = 0;
1127 retval = -EIDRM;
1128
1129
1130 } else if (dev->state == STATE_DEV_SETUP) {
1131
1132 len = min_t(size_t, len, dev->setup_wLength);
1133 if (dev->setup_in) {
1134 retval = setup_req (dev->gadget->ep0, dev->req, len);
1135 if (retval == 0) {
1136 dev->state = STATE_DEV_CONNECTED;
1137 ++dev->udc_usage;
1138 spin_unlock_irq (&dev->lock);
1139 if (copy_from_user (dev->req->buf, buf, len))
1140 retval = -EFAULT;
1141 else {
1142 if (len < dev->setup_wLength)
1143 dev->req->zero = 1;
1144 retval = usb_ep_queue (
1145 dev->gadget->ep0, dev->req,
1146 GFP_KERNEL);
1147 }
1148 spin_lock_irq(&dev->lock);
1149 --dev->udc_usage;
1150 if (retval < 0) {
1151 clean_req (dev->gadget->ep0, dev->req);
1152 } else
1153 retval = len;
1154
1155 return retval;
1156 }
1157
1158
1159 } else if (dev->setup_can_stall) {
1160 VDEBUG(dev, "ep0out stall\n");
1161 (void) usb_ep_set_halt (dev->gadget->ep0);
1162 retval = -EL2HLT;
1163 dev->state = STATE_DEV_CONNECTED;
1164 } else {
1165 DBG(dev, "bogus ep0out stall!\n");
1166 }
1167 } else
1168 DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1169
1170 return retval;
1171}
1172
1173static int
1174ep0_fasync (int f, struct file *fd, int on)
1175{
1176 struct dev_data *dev = fd->private_data;
1177
1178 VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1179 return fasync_helper (f, fd, on, &dev->fasync);
1180}
1181
1182static struct usb_gadget_driver gadgetfs_driver;
1183
1184static int
1185dev_release (struct inode *inode, struct file *fd)
1186{
1187 struct dev_data *dev = fd->private_data;
1188
1189
1190
1191 if (dev->gadget_registered) {
1192 usb_gadget_unregister_driver (&gadgetfs_driver);
1193 dev->gadget_registered = false;
1194 }
1195
1196
1197
1198
1199
1200
1201 kfree (dev->buf);
1202 dev->buf = NULL;
1203
1204
1205 spin_lock_irq(&dev->lock);
1206 dev->state = STATE_DEV_DISABLED;
1207 spin_unlock_irq(&dev->lock);
1208
1209 put_dev (dev);
1210 return 0;
1211}
1212
1213static __poll_t
1214ep0_poll (struct file *fd, poll_table *wait)
1215{
1216 struct dev_data *dev = fd->private_data;
1217 __poll_t mask = 0;
1218
1219 if (dev->state <= STATE_DEV_OPENED)
1220 return DEFAULT_POLLMASK;
1221
1222 poll_wait(fd, &dev->wait, wait);
1223
1224 spin_lock_irq(&dev->lock);
1225
1226
1227 if (dev->setup_abort) {
1228 dev->setup_abort = 0;
1229 mask = EPOLLHUP;
1230 goto out;
1231 }
1232
1233 if (dev->state == STATE_DEV_SETUP) {
1234 if (dev->setup_in || dev->setup_can_stall)
1235 mask = EPOLLOUT;
1236 } else {
1237 if (dev->ev_next != 0)
1238 mask = EPOLLIN;
1239 }
1240out:
1241 spin_unlock_irq(&dev->lock);
1242 return mask;
1243}
1244
1245static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1246{
1247 struct dev_data *dev = fd->private_data;
1248 struct usb_gadget *gadget = dev->gadget;
1249 long ret = -ENOTTY;
1250
1251 spin_lock_irq(&dev->lock);
1252 if (dev->state == STATE_DEV_OPENED ||
1253 dev->state == STATE_DEV_UNBOUND) {
1254
1255 } else if (gadget->ops->ioctl) {
1256 ++dev->udc_usage;
1257 spin_unlock_irq(&dev->lock);
1258
1259 ret = gadget->ops->ioctl (gadget, code, value);
1260
1261 spin_lock_irq(&dev->lock);
1262 --dev->udc_usage;
1263 }
1264 spin_unlock_irq(&dev->lock);
1265
1266 return ret;
1267}
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277static void make_qualifier (struct dev_data *dev)
1278{
1279 struct usb_qualifier_descriptor qual;
1280 struct usb_device_descriptor *desc;
1281
1282 qual.bLength = sizeof qual;
1283 qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1284 qual.bcdUSB = cpu_to_le16 (0x0200);
1285
1286 desc = dev->dev;
1287 qual.bDeviceClass = desc->bDeviceClass;
1288 qual.bDeviceSubClass = desc->bDeviceSubClass;
1289 qual.bDeviceProtocol = desc->bDeviceProtocol;
1290
1291
1292 qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1293
1294 qual.bNumConfigurations = 1;
1295 qual.bRESERVED = 0;
1296
1297 memcpy (dev->rbuf, &qual, sizeof qual);
1298}
1299
1300static int
1301config_buf (struct dev_data *dev, u8 type, unsigned index)
1302{
1303 int len;
1304 int hs = 0;
1305
1306
1307 if (index > 0)
1308 return -EINVAL;
1309
1310 if (gadget_is_dualspeed(dev->gadget)) {
1311 hs = (dev->gadget->speed == USB_SPEED_HIGH);
1312 if (type == USB_DT_OTHER_SPEED_CONFIG)
1313 hs = !hs;
1314 }
1315 if (hs) {
1316 dev->req->buf = dev->hs_config;
1317 len = le16_to_cpu(dev->hs_config->wTotalLength);
1318 } else {
1319 dev->req->buf = dev->config;
1320 len = le16_to_cpu(dev->config->wTotalLength);
1321 }
1322 ((u8 *)dev->req->buf) [1] = type;
1323 return len;
1324}
1325
1326static int
1327gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1328{
1329 struct dev_data *dev = get_gadget_data (gadget);
1330 struct usb_request *req = dev->req;
1331 int value = -EOPNOTSUPP;
1332 struct usb_gadgetfs_event *event;
1333 u16 w_value = le16_to_cpu(ctrl->wValue);
1334 u16 w_length = le16_to_cpu(ctrl->wLength);
1335
1336 spin_lock (&dev->lock);
1337 dev->setup_abort = 0;
1338 if (dev->state == STATE_DEV_UNCONNECTED) {
1339 if (gadget_is_dualspeed(gadget)
1340 && gadget->speed == USB_SPEED_HIGH
1341 && dev->hs_config == NULL) {
1342 spin_unlock(&dev->lock);
1343 ERROR (dev, "no high speed config??\n");
1344 return -EINVAL;
1345 }
1346
1347 dev->state = STATE_DEV_CONNECTED;
1348
1349 INFO (dev, "connected\n");
1350 event = next_event (dev, GADGETFS_CONNECT);
1351 event->u.speed = gadget->speed;
1352 ep0_readable (dev);
1353
1354
1355
1356
1357
1358
1359 } else if (dev->state == STATE_DEV_SETUP)
1360 dev->setup_abort = 1;
1361
1362 req->buf = dev->rbuf;
1363 req->context = NULL;
1364 value = -EOPNOTSUPP;
1365 switch (ctrl->bRequest) {
1366
1367 case USB_REQ_GET_DESCRIPTOR:
1368 if (ctrl->bRequestType != USB_DIR_IN)
1369 goto unrecognized;
1370 switch (w_value >> 8) {
1371
1372 case USB_DT_DEVICE:
1373 value = min (w_length, (u16) sizeof *dev->dev);
1374 dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1375 req->buf = dev->dev;
1376 break;
1377 case USB_DT_DEVICE_QUALIFIER:
1378 if (!dev->hs_config)
1379 break;
1380 value = min (w_length, (u16)
1381 sizeof (struct usb_qualifier_descriptor));
1382 make_qualifier (dev);
1383 break;
1384 case USB_DT_OTHER_SPEED_CONFIG:
1385
1386 case USB_DT_CONFIG:
1387 value = config_buf (dev,
1388 w_value >> 8,
1389 w_value & 0xff);
1390 if (value >= 0)
1391 value = min (w_length, (u16) value);
1392 break;
1393 case USB_DT_STRING:
1394 goto unrecognized;
1395
1396 default:
1397 break;
1398 }
1399 break;
1400
1401
1402 case USB_REQ_SET_CONFIGURATION:
1403 if (ctrl->bRequestType != 0)
1404 goto unrecognized;
1405 if (0 == (u8) w_value) {
1406 value = 0;
1407 dev->current_config = 0;
1408 usb_gadget_vbus_draw(gadget, 8 );
1409
1410 } else {
1411 u8 config, power;
1412
1413 if (gadget_is_dualspeed(gadget)
1414 && gadget->speed == USB_SPEED_HIGH) {
1415 config = dev->hs_config->bConfigurationValue;
1416 power = dev->hs_config->bMaxPower;
1417 } else {
1418 config = dev->config->bConfigurationValue;
1419 power = dev->config->bMaxPower;
1420 }
1421
1422 if (config == (u8) w_value) {
1423 value = 0;
1424 dev->current_config = config;
1425 usb_gadget_vbus_draw(gadget, 2 * power);
1426 }
1427 }
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438 if (value == 0) {
1439 INFO (dev, "configuration #%d\n", dev->current_config);
1440 usb_gadget_set_state(gadget, USB_STATE_CONFIGURED);
1441 if (dev->usermode_setup) {
1442 dev->setup_can_stall = 0;
1443 goto delegate;
1444 }
1445 }
1446 break;
1447
1448#ifndef CONFIG_USB_PXA25X
1449
1450 case USB_REQ_GET_CONFIGURATION:
1451 if (ctrl->bRequestType != 0x80)
1452 goto unrecognized;
1453 *(u8 *)req->buf = dev->current_config;
1454 value = min (w_length, (u16) 1);
1455 break;
1456#endif
1457
1458 default:
1459unrecognized:
1460 VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1461 dev->usermode_setup ? "delegate" : "fail",
1462 ctrl->bRequestType, ctrl->bRequest,
1463 w_value, le16_to_cpu(ctrl->wIndex), w_length);
1464
1465
1466 if (dev->usermode_setup) {
1467 dev->setup_can_stall = 1;
1468delegate:
1469 dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1470 ? 1 : 0;
1471 dev->setup_wLength = w_length;
1472 dev->setup_out_ready = 0;
1473 dev->setup_out_error = 0;
1474
1475
1476 if (unlikely (!dev->setup_in && w_length)) {
1477 value = setup_req (gadget->ep0, dev->req,
1478 w_length);
1479 if (value < 0)
1480 break;
1481
1482 ++dev->udc_usage;
1483 spin_unlock (&dev->lock);
1484 value = usb_ep_queue (gadget->ep0, dev->req,
1485 GFP_KERNEL);
1486 spin_lock (&dev->lock);
1487 --dev->udc_usage;
1488 if (value < 0) {
1489 clean_req (gadget->ep0, dev->req);
1490 break;
1491 }
1492
1493
1494 dev->setup_can_stall = 0;
1495 }
1496
1497
1498 event = next_event (dev, GADGETFS_SETUP);
1499 event->u.setup = *ctrl;
1500 ep0_readable (dev);
1501 spin_unlock (&dev->lock);
1502 return 0;
1503 }
1504 }
1505
1506
1507 if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1508 req->length = value;
1509 req->zero = value < w_length;
1510
1511 ++dev->udc_usage;
1512 spin_unlock (&dev->lock);
1513 value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
1514 spin_lock(&dev->lock);
1515 --dev->udc_usage;
1516 spin_unlock(&dev->lock);
1517 if (value < 0) {
1518 DBG (dev, "ep_queue --> %d\n", value);
1519 req->status = 0;
1520 }
1521 return value;
1522 }
1523
1524
1525 spin_unlock (&dev->lock);
1526 return value;
1527}
1528
1529static void destroy_ep_files (struct dev_data *dev)
1530{
1531 DBG (dev, "%s %d\n", __func__, dev->state);
1532
1533
1534 spin_lock_irq (&dev->lock);
1535 while (!list_empty(&dev->epfiles)) {
1536 struct ep_data *ep;
1537 struct inode *parent;
1538 struct dentry *dentry;
1539
1540
1541 ep = list_first_entry (&dev->epfiles, struct ep_data, epfiles);
1542 list_del_init (&ep->epfiles);
1543 spin_unlock_irq (&dev->lock);
1544
1545 dentry = ep->dentry;
1546 ep->dentry = NULL;
1547 parent = d_inode(dentry->d_parent);
1548
1549
1550 mutex_lock(&ep->lock);
1551 if (ep->state == STATE_EP_ENABLED)
1552 (void) usb_ep_disable (ep->ep);
1553 ep->state = STATE_EP_UNBOUND;
1554 usb_ep_free_request (ep->ep, ep->req);
1555 ep->ep = NULL;
1556 mutex_unlock(&ep->lock);
1557
1558 wake_up (&ep->wait);
1559 put_ep (ep);
1560
1561
1562 inode_lock(parent);
1563 d_delete (dentry);
1564 dput (dentry);
1565 inode_unlock(parent);
1566
1567 spin_lock_irq (&dev->lock);
1568 }
1569 spin_unlock_irq (&dev->lock);
1570}
1571
1572
1573static struct dentry *
1574gadgetfs_create_file (struct super_block *sb, char const *name,
1575 void *data, const struct file_operations *fops);
1576
1577static int activate_ep_files (struct dev_data *dev)
1578{
1579 struct usb_ep *ep;
1580 struct ep_data *data;
1581
1582 gadget_for_each_ep (ep, dev->gadget) {
1583
1584 data = kzalloc(sizeof(*data), GFP_KERNEL);
1585 if (!data)
1586 goto enomem0;
1587 data->state = STATE_EP_DISABLED;
1588 mutex_init(&data->lock);
1589 init_waitqueue_head (&data->wait);
1590
1591 strncpy (data->name, ep->name, sizeof (data->name) - 1);
1592 refcount_set (&data->count, 1);
1593 data->dev = dev;
1594 get_dev (dev);
1595
1596 data->ep = ep;
1597 ep->driver_data = data;
1598
1599 data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1600 if (!data->req)
1601 goto enomem1;
1602
1603 data->dentry = gadgetfs_create_file (dev->sb, data->name,
1604 data, &ep_io_operations);
1605 if (!data->dentry)
1606 goto enomem2;
1607 list_add_tail (&data->epfiles, &dev->epfiles);
1608 }
1609 return 0;
1610
1611enomem2:
1612 usb_ep_free_request (ep, data->req);
1613enomem1:
1614 put_dev (dev);
1615 kfree (data);
1616enomem0:
1617 DBG (dev, "%s enomem\n", __func__);
1618 destroy_ep_files (dev);
1619 return -ENOMEM;
1620}
1621
1622static void
1623gadgetfs_unbind (struct usb_gadget *gadget)
1624{
1625 struct dev_data *dev = get_gadget_data (gadget);
1626
1627 DBG (dev, "%s\n", __func__);
1628
1629 spin_lock_irq (&dev->lock);
1630 dev->state = STATE_DEV_UNBOUND;
1631 while (dev->udc_usage > 0) {
1632 spin_unlock_irq(&dev->lock);
1633 usleep_range(1000, 2000);
1634 spin_lock_irq(&dev->lock);
1635 }
1636 spin_unlock_irq (&dev->lock);
1637
1638 destroy_ep_files (dev);
1639 gadget->ep0->driver_data = NULL;
1640 set_gadget_data (gadget, NULL);
1641
1642
1643 if (dev->req)
1644 usb_ep_free_request (gadget->ep0, dev->req);
1645 DBG (dev, "%s done\n", __func__);
1646 put_dev (dev);
1647}
1648
1649static struct dev_data *the_device;
1650
1651static int gadgetfs_bind(struct usb_gadget *gadget,
1652 struct usb_gadget_driver *driver)
1653{
1654 struct dev_data *dev = the_device;
1655
1656 if (!dev)
1657 return -ESRCH;
1658 if (0 != strcmp (CHIP, gadget->name)) {
1659 pr_err("%s expected %s controller not %s\n",
1660 shortname, CHIP, gadget->name);
1661 return -ENODEV;
1662 }
1663
1664 set_gadget_data (gadget, dev);
1665 dev->gadget = gadget;
1666 gadget->ep0->driver_data = dev;
1667
1668
1669 dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1670 if (!dev->req)
1671 goto enomem;
1672 dev->req->context = NULL;
1673 dev->req->complete = epio_complete;
1674
1675 if (activate_ep_files (dev) < 0)
1676 goto enomem;
1677
1678 INFO (dev, "bound to %s driver\n", gadget->name);
1679 spin_lock_irq(&dev->lock);
1680 dev->state = STATE_DEV_UNCONNECTED;
1681 spin_unlock_irq(&dev->lock);
1682 get_dev (dev);
1683 return 0;
1684
1685enomem:
1686 gadgetfs_unbind (gadget);
1687 return -ENOMEM;
1688}
1689
1690static void
1691gadgetfs_disconnect (struct usb_gadget *gadget)
1692{
1693 struct dev_data *dev = get_gadget_data (gadget);
1694 unsigned long flags;
1695
1696 spin_lock_irqsave (&dev->lock, flags);
1697 if (dev->state == STATE_DEV_UNCONNECTED)
1698 goto exit;
1699 dev->state = STATE_DEV_UNCONNECTED;
1700
1701 INFO (dev, "disconnected\n");
1702 next_event (dev, GADGETFS_DISCONNECT);
1703 ep0_readable (dev);
1704exit:
1705 spin_unlock_irqrestore (&dev->lock, flags);
1706}
1707
1708static void
1709gadgetfs_suspend (struct usb_gadget *gadget)
1710{
1711 struct dev_data *dev = get_gadget_data (gadget);
1712 unsigned long flags;
1713
1714 INFO (dev, "suspended from state %d\n", dev->state);
1715 spin_lock_irqsave(&dev->lock, flags);
1716 switch (dev->state) {
1717 case STATE_DEV_SETUP:
1718 case STATE_DEV_CONNECTED:
1719 case STATE_DEV_UNCONNECTED:
1720 next_event (dev, GADGETFS_SUSPEND);
1721 ep0_readable (dev);
1722
1723 default:
1724 break;
1725 }
1726 spin_unlock_irqrestore(&dev->lock, flags);
1727}
1728
1729static struct usb_gadget_driver gadgetfs_driver = {
1730 .function = (char *) driver_desc,
1731 .bind = gadgetfs_bind,
1732 .unbind = gadgetfs_unbind,
1733 .setup = gadgetfs_setup,
1734 .reset = gadgetfs_disconnect,
1735 .disconnect = gadgetfs_disconnect,
1736 .suspend = gadgetfs_suspend,
1737
1738 .driver = {
1739 .name = (char *) shortname,
1740 },
1741};
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770static int is_valid_config(struct usb_config_descriptor *config,
1771 unsigned int total)
1772{
1773 return config->bDescriptorType == USB_DT_CONFIG
1774 && config->bLength == USB_DT_CONFIG_SIZE
1775 && total >= USB_DT_CONFIG_SIZE
1776 && config->bConfigurationValue != 0
1777 && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1778 && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1779
1780
1781}
1782
1783static ssize_t
1784dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1785{
1786 struct dev_data *dev = fd->private_data;
1787 ssize_t value = len, length = len;
1788 unsigned total;
1789 u32 tag;
1790 char *kbuf;
1791
1792 spin_lock_irq(&dev->lock);
1793 if (dev->state > STATE_DEV_OPENED) {
1794 value = ep0_write(fd, buf, len, ptr);
1795 spin_unlock_irq(&dev->lock);
1796 return value;
1797 }
1798 spin_unlock_irq(&dev->lock);
1799
1800 if ((len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) ||
1801 (len > PAGE_SIZE * 4))
1802 return -EINVAL;
1803
1804
1805 if (copy_from_user (&tag, buf, 4))
1806 return -EFAULT;
1807 if (tag != 0)
1808 return -EINVAL;
1809 buf += 4;
1810 length -= 4;
1811
1812 kbuf = memdup_user(buf, length);
1813 if (IS_ERR(kbuf))
1814 return PTR_ERR(kbuf);
1815
1816 spin_lock_irq (&dev->lock);
1817 value = -EINVAL;
1818 if (dev->buf) {
1819 kfree(kbuf);
1820 goto fail;
1821 }
1822 dev->buf = kbuf;
1823
1824
1825 dev->config = (void *) kbuf;
1826 total = le16_to_cpu(dev->config->wTotalLength);
1827 if (!is_valid_config(dev->config, total) ||
1828 total > length - USB_DT_DEVICE_SIZE)
1829 goto fail;
1830 kbuf += total;
1831 length -= total;
1832
1833
1834 if (kbuf [1] == USB_DT_CONFIG) {
1835 dev->hs_config = (void *) kbuf;
1836 total = le16_to_cpu(dev->hs_config->wTotalLength);
1837 if (!is_valid_config(dev->hs_config, total) ||
1838 total > length - USB_DT_DEVICE_SIZE)
1839 goto fail;
1840 kbuf += total;
1841 length -= total;
1842 } else {
1843 dev->hs_config = NULL;
1844 }
1845
1846
1847
1848
1849 if (length != USB_DT_DEVICE_SIZE)
1850 goto fail;
1851 dev->dev = (void *)kbuf;
1852 if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1853 || dev->dev->bDescriptorType != USB_DT_DEVICE
1854 || dev->dev->bNumConfigurations != 1)
1855 goto fail;
1856 dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1857
1858
1859 spin_unlock_irq (&dev->lock);
1860 if (dev->hs_config)
1861 gadgetfs_driver.max_speed = USB_SPEED_HIGH;
1862 else
1863 gadgetfs_driver.max_speed = USB_SPEED_FULL;
1864
1865 value = usb_gadget_probe_driver(&gadgetfs_driver);
1866 if (value != 0) {
1867 kfree (dev->buf);
1868 dev->buf = NULL;
1869 } else {
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879 value = len;
1880 dev->gadget_registered = true;
1881 }
1882 return value;
1883
1884fail:
1885 spin_unlock_irq (&dev->lock);
1886 pr_debug ("%s: %s fail %zd, %p\n", shortname, __func__, value, dev);
1887 kfree (dev->buf);
1888 dev->buf = NULL;
1889 return value;
1890}
1891
1892static int
1893dev_open (struct inode *inode, struct file *fd)
1894{
1895 struct dev_data *dev = inode->i_private;
1896 int value = -EBUSY;
1897
1898 spin_lock_irq(&dev->lock);
1899 if (dev->state == STATE_DEV_DISABLED) {
1900 dev->ev_next = 0;
1901 dev->state = STATE_DEV_OPENED;
1902 fd->private_data = dev;
1903 get_dev (dev);
1904 value = 0;
1905 }
1906 spin_unlock_irq(&dev->lock);
1907 return value;
1908}
1909
1910static const struct file_operations ep0_operations = {
1911 .llseek = no_llseek,
1912
1913 .open = dev_open,
1914 .read = ep0_read,
1915 .write = dev_config,
1916 .fasync = ep0_fasync,
1917 .poll = ep0_poll,
1918 .unlocked_ioctl = dev_ioctl,
1919 .release = dev_release,
1920};
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935static unsigned default_uid;
1936static unsigned default_gid;
1937static unsigned default_perm = S_IRUSR | S_IWUSR;
1938
1939module_param (default_uid, uint, 0644);
1940module_param (default_gid, uint, 0644);
1941module_param (default_perm, uint, 0644);
1942
1943
1944static struct inode *
1945gadgetfs_make_inode (struct super_block *sb,
1946 void *data, const struct file_operations *fops,
1947 int mode)
1948{
1949 struct inode *inode = new_inode (sb);
1950
1951 if (inode) {
1952 inode->i_ino = get_next_ino();
1953 inode->i_mode = mode;
1954 inode->i_uid = make_kuid(&init_user_ns, default_uid);
1955 inode->i_gid = make_kgid(&init_user_ns, default_gid);
1956 inode->i_atime = inode->i_mtime = inode->i_ctime
1957 = current_time(inode);
1958 inode->i_private = data;
1959 inode->i_fop = fops;
1960 }
1961 return inode;
1962}
1963
1964
1965
1966
1967static struct dentry *
1968gadgetfs_create_file (struct super_block *sb, char const *name,
1969 void *data, const struct file_operations *fops)
1970{
1971 struct dentry *dentry;
1972 struct inode *inode;
1973
1974 dentry = d_alloc_name(sb->s_root, name);
1975 if (!dentry)
1976 return NULL;
1977
1978 inode = gadgetfs_make_inode (sb, data, fops,
1979 S_IFREG | (default_perm & S_IRWXUGO));
1980 if (!inode) {
1981 dput(dentry);
1982 return NULL;
1983 }
1984 d_add (dentry, inode);
1985 return dentry;
1986}
1987
1988static const struct super_operations gadget_fs_operations = {
1989 .statfs = simple_statfs,
1990 .drop_inode = generic_delete_inode,
1991};
1992
1993static int
1994gadgetfs_fill_super (struct super_block *sb, struct fs_context *fc)
1995{
1996 struct inode *inode;
1997 struct dev_data *dev;
1998
1999 if (the_device)
2000 return -ESRCH;
2001
2002 CHIP = usb_get_gadget_udc_name();
2003 if (!CHIP)
2004 return -ENODEV;
2005
2006
2007 sb->s_blocksize = PAGE_SIZE;
2008 sb->s_blocksize_bits = PAGE_SHIFT;
2009 sb->s_magic = GADGETFS_MAGIC;
2010 sb->s_op = &gadget_fs_operations;
2011 sb->s_time_gran = 1;
2012
2013
2014 inode = gadgetfs_make_inode (sb,
2015 NULL, &simple_dir_operations,
2016 S_IFDIR | S_IRUGO | S_IXUGO);
2017 if (!inode)
2018 goto Enomem;
2019 inode->i_op = &simple_dir_inode_operations;
2020 if (!(sb->s_root = d_make_root (inode)))
2021 goto Enomem;
2022
2023
2024
2025
2026 dev = dev_new ();
2027 if (!dev)
2028 goto Enomem;
2029
2030 dev->sb = sb;
2031 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations);
2032 if (!dev->dentry) {
2033 put_dev(dev);
2034 goto Enomem;
2035 }
2036
2037
2038
2039
2040 the_device = dev;
2041 return 0;
2042
2043Enomem:
2044 return -ENOMEM;
2045}
2046
2047
2048static int gadgetfs_get_tree(struct fs_context *fc)
2049{
2050 return get_tree_single(fc, gadgetfs_fill_super);
2051}
2052
2053static const struct fs_context_operations gadgetfs_context_ops = {
2054 .get_tree = gadgetfs_get_tree,
2055};
2056
2057static int gadgetfs_init_fs_context(struct fs_context *fc)
2058{
2059 fc->ops = &gadgetfs_context_ops;
2060 return 0;
2061}
2062
2063static void
2064gadgetfs_kill_sb (struct super_block *sb)
2065{
2066 kill_litter_super (sb);
2067 if (the_device) {
2068 put_dev (the_device);
2069 the_device = NULL;
2070 }
2071 kfree(CHIP);
2072 CHIP = NULL;
2073}
2074
2075
2076
2077static struct file_system_type gadgetfs_type = {
2078 .owner = THIS_MODULE,
2079 .name = shortname,
2080 .init_fs_context = gadgetfs_init_fs_context,
2081 .kill_sb = gadgetfs_kill_sb,
2082};
2083MODULE_ALIAS_FS("gadgetfs");
2084
2085
2086
2087static int __init init (void)
2088{
2089 int status;
2090
2091 status = register_filesystem (&gadgetfs_type);
2092 if (status == 0)
2093 pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2094 shortname, driver_desc);
2095 return status;
2096}
2097module_init (init);
2098
2099static void __exit cleanup (void)
2100{
2101 pr_debug ("unregister %s\n", shortname);
2102 unregister_filesystem (&gadgetfs_type);
2103}
2104module_exit (cleanup);
2105
2106
