1
2
3
4
5
6
7
8
9
10
11
12#include <linux/init.h>
13#include <linux/module.h>
14#include <linux/fs.h>
15#include <linux/fs_context.h>
16#include <linux/pagemap.h>
17#include <linux/uts.h>
18#include <linux/wait.h>
19#include <linux/compiler.h>
20#include <linux/uaccess.h>
21#include <linux/sched.h>
22#include <linux/slab.h>
23#include <linux/poll.h>
24#include <linux/kthread.h>
25#include <linux/aio.h>
26#include <linux/uio.h>
27#include <linux/refcount.h>
28#include <linux/delay.h>
29#include <linux/device.h>
30#include <linux/moduleparam.h>
31
32#include <linux/usb/gadgetfs.h>
33#include <linux/usb/gadget.h>
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66#define DRIVER_DESC "USB Gadget filesystem"
67#define DRIVER_VERSION "24 Aug 2004"
68
69static const char driver_desc [] = DRIVER_DESC;
70static const char shortname [] = "gadgetfs";
71
72MODULE_DESCRIPTION (DRIVER_DESC);
73MODULE_AUTHOR ("David Brownell");
74MODULE_LICENSE ("GPL");
75
76static int ep_open(struct inode *, struct file *);
77
78
79
80
81#define GADGETFS_MAGIC 0xaee71ee7
82
83
84enum ep0_state {
85
86 STATE_DEV_DISABLED = 0,
87
88
89
90
91
92
93 STATE_DEV_OPENED,
94
95
96
97
98
99
100 STATE_DEV_UNCONNECTED,
101 STATE_DEV_CONNECTED,
102 STATE_DEV_SETUP,
103
104
105
106
107 STATE_DEV_UNBOUND,
108};
109
110
111#define N_EVENT 5
112
113struct dev_data {
114 spinlock_t lock;
115 refcount_t count;
116 int udc_usage;
117 enum ep0_state state;
118 struct usb_gadgetfs_event event [N_EVENT];
119 unsigned ev_next;
120 struct fasync_struct *fasync;
121 u8 current_config;
122
123
124
125
126 unsigned usermode_setup : 1,
127 setup_in : 1,
128 setup_can_stall : 1,
129 setup_out_ready : 1,
130 setup_out_error : 1,
131 setup_abort : 1,
132 gadget_registered : 1;
133 unsigned setup_wLength;
134
135
136 struct usb_config_descriptor *config, *hs_config;
137 struct usb_device_descriptor *dev;
138 struct usb_request *req;
139 struct usb_gadget *gadget;
140 struct list_head epfiles;
141 void *buf;
142 wait_queue_head_t wait;
143 struct super_block *sb;
144 struct dentry *dentry;
145
146
147 u8 rbuf [256];
148};
149
150static inline void get_dev (struct dev_data *data)
151{
152 refcount_inc (&data->count);
153}
154
155static void put_dev (struct dev_data *data)
156{
157 if (likely (!refcount_dec_and_test (&data->count)))
158 return;
159
160 BUG_ON (waitqueue_active (&data->wait));
161 kfree (data);
162}
163
164static struct dev_data *dev_new (void)
165{
166 struct dev_data *dev;
167
168 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
169 if (!dev)
170 return NULL;
171 dev->state = STATE_DEV_DISABLED;
172 refcount_set (&dev->count, 1);
173 spin_lock_init (&dev->lock);
174 INIT_LIST_HEAD (&dev->epfiles);
175 init_waitqueue_head (&dev->wait);
176 return dev;
177}
178
179
180
181
182enum ep_state {
183 STATE_EP_DISABLED = 0,
184 STATE_EP_READY,
185 STATE_EP_ENABLED,
186 STATE_EP_UNBOUND,
187};
188
189struct ep_data {
190 struct mutex lock;
191 enum ep_state state;
192 refcount_t count;
193 struct dev_data *dev;
194
195 struct usb_ep *ep;
196 struct usb_request *req;
197 ssize_t status;
198 char name [16];
199 struct usb_endpoint_descriptor desc, hs_desc;
200 struct list_head epfiles;
201 wait_queue_head_t wait;
202 struct dentry *dentry;
203};
204
205static inline void get_ep (struct ep_data *data)
206{
207 refcount_inc (&data->count);
208}
209
210static void put_ep (struct ep_data *data)
211{
212 if (likely (!refcount_dec_and_test (&data->count)))
213 return;
214 put_dev (data->dev);
215
216 BUG_ON (!list_empty (&data->epfiles));
217 BUG_ON (waitqueue_active (&data->wait));
218 kfree (data);
219}
220
221
222
223
224
225
226
227
228
229static const char *CHIP;
230
231
232
233
234
235
236
237
238#define xprintk(d,level,fmt,args...) \
239 printk(level "%s: " fmt , shortname , ## args)
240
241#ifdef DEBUG
242#define DBG(dev,fmt,args...) \
243 xprintk(dev , KERN_DEBUG , fmt , ## args)
244#else
245#define DBG(dev,fmt,args...) \
246 do { } while (0)
247#endif
248
249#ifdef VERBOSE_DEBUG
250#define VDEBUG DBG
251#else
252#define VDEBUG(dev,fmt,args...) \
253 do { } while (0)
254#endif
255
256#define ERROR(dev,fmt,args...) \
257 xprintk(dev , KERN_ERR , fmt , ## args)
258#define INFO(dev,fmt,args...) \
259 xprintk(dev , KERN_INFO , fmt , ## args)
260
261
262
263
264
265
266
267
268
269
270
271static void epio_complete (struct usb_ep *ep, struct usb_request *req)
272{
273 struct ep_data *epdata = ep->driver_data;
274
275 if (!req->context)
276 return;
277 if (req->status)
278 epdata->status = req->status;
279 else
280 epdata->status = req->actual;
281 complete ((struct completion *)req->context);
282}
283
284
285
286
287static int
288get_ready_ep (unsigned f_flags, struct ep_data *epdata, bool is_write)
289{
290 int val;
291
292 if (f_flags & O_NONBLOCK) {
293 if (!mutex_trylock(&epdata->lock))
294 goto nonblock;
295 if (epdata->state != STATE_EP_ENABLED &&
296 (!is_write || epdata->state != STATE_EP_READY)) {
297 mutex_unlock(&epdata->lock);
298nonblock:
299 val = -EAGAIN;
300 } else
301 val = 0;
302 return val;
303 }
304
305 val = mutex_lock_interruptible(&epdata->lock);
306 if (val < 0)
307 return val;
308
309 switch (epdata->state) {
310 case STATE_EP_ENABLED:
311 return 0;
312 case STATE_EP_READY:
313 if (is_write)
314 return 0;
315 fallthrough;
316 case STATE_EP_UNBOUND:
317 break;
318
319 default:
320 pr_debug ("%s: ep %p not available, state %d\n",
321 shortname, epdata, epdata->state);
322 }
323 mutex_unlock(&epdata->lock);
324 return -ENODEV;
325}
326
327static ssize_t
328ep_io (struct ep_data *epdata, void *buf, unsigned len)
329{
330 DECLARE_COMPLETION_ONSTACK (done);
331 int value;
332
333 spin_lock_irq (&epdata->dev->lock);
334 if (likely (epdata->ep != NULL)) {
335 struct usb_request *req = epdata->req;
336
337 req->context = &done;
338 req->complete = epio_complete;
339 req->buf = buf;
340 req->length = len;
341 value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
342 } else
343 value = -ENODEV;
344 spin_unlock_irq (&epdata->dev->lock);
345
346 if (likely (value == 0)) {
347 value = wait_for_completion_interruptible(&done);
348 if (value != 0) {
349 spin_lock_irq (&epdata->dev->lock);
350 if (likely (epdata->ep != NULL)) {
351 DBG (epdata->dev, "%s i/o interrupted\n",
352 epdata->name);
353 usb_ep_dequeue (epdata->ep, epdata->req);
354 spin_unlock_irq (&epdata->dev->lock);
355
356 wait_for_completion(&done);
357 if (epdata->status == -ECONNRESET)
358 epdata->status = -EINTR;
359 } else {
360 spin_unlock_irq (&epdata->dev->lock);
361
362 DBG (epdata->dev, "endpoint gone\n");
363 epdata->status = -ENODEV;
364 }
365 }
366 return epdata->status;
367 }
368 return value;
369}
370
371static int
372ep_release (struct inode *inode, struct file *fd)
373{
374 struct ep_data *data = fd->private_data;
375 int value;
376
377 value = mutex_lock_interruptible(&data->lock);
378 if (value < 0)
379 return value;
380
381
382 if (data->state != STATE_EP_UNBOUND) {
383 data->state = STATE_EP_DISABLED;
384 data->desc.bDescriptorType = 0;
385 data->hs_desc.bDescriptorType = 0;
386 usb_ep_disable(data->ep);
387 }
388 mutex_unlock(&data->lock);
389 put_ep (data);
390 return 0;
391}
392
393static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
394{
395 struct ep_data *data = fd->private_data;
396 int status;
397
398 if ((status = get_ready_ep (fd->f_flags, data, false)) < 0)
399 return status;
400
401 spin_lock_irq (&data->dev->lock);
402 if (likely (data->ep != NULL)) {
403 switch (code) {
404 case GADGETFS_FIFO_STATUS:
405 status = usb_ep_fifo_status (data->ep);
406 break;
407 case GADGETFS_FIFO_FLUSH:
408 usb_ep_fifo_flush (data->ep);
409 break;
410 case GADGETFS_CLEAR_HALT:
411 status = usb_ep_clear_halt (data->ep);
412 break;
413 default:
414 status = -ENOTTY;
415 }
416 } else
417 status = -ENODEV;
418 spin_unlock_irq (&data->dev->lock);
419 mutex_unlock(&data->lock);
420 return status;
421}
422
423
424
425
426
427struct kiocb_priv {
428 struct usb_request *req;
429 struct ep_data *epdata;
430 struct kiocb *iocb;
431 struct mm_struct *mm;
432 struct work_struct work;
433 void *buf;
434 struct iov_iter to;
435 const void *to_free;
436 unsigned actual;
437};
438
439static int ep_aio_cancel(struct kiocb *iocb)
440{
441 struct kiocb_priv *priv = iocb->private;
442 struct ep_data *epdata;
443 int value;
444
445 local_irq_disable();
446 epdata = priv->epdata;
447
448 if (likely(epdata && epdata->ep && priv->req))
449 value = usb_ep_dequeue (epdata->ep, priv->req);
450 else
451 value = -EINVAL;
452
453 local_irq_enable();
454
455 return value;
456}
457
458static void ep_user_copy_worker(struct work_struct *work)
459{
460 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
461 struct mm_struct *mm = priv->mm;
462 struct kiocb *iocb = priv->iocb;
463 size_t ret;
464
465 kthread_use_mm(mm);
466 ret = copy_to_iter(priv->buf, priv->actual, &priv->to);
467 kthread_unuse_mm(mm);
468 if (!ret)
469 ret = -EFAULT;
470
471
472 iocb->ki_complete(iocb, ret, ret);
473
474 kfree(priv->buf);
475 kfree(priv->to_free);
476 kfree(priv);
477}
478
479static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
480{
481 struct kiocb *iocb = req->context;
482 struct kiocb_priv *priv = iocb->private;
483 struct ep_data *epdata = priv->epdata;
484
485
486 spin_lock(&epdata->dev->lock);
487 priv->req = NULL;
488 priv->epdata = NULL;
489
490
491
492
493
494 if (priv->to_free == NULL || unlikely(req->actual == 0)) {
495 kfree(req->buf);
496 kfree(priv->to_free);
497 kfree(priv);
498 iocb->private = NULL;
499
500
501 iocb->ki_complete(iocb, req->actual ? req->actual : req->status,
502 req->status);
503 } else {
504
505 if (unlikely(0 != req->status))
506 DBG(epdata->dev, "%s fault %d len %d\n",
507 ep->name, req->status, req->actual);
508
509 priv->buf = req->buf;
510 priv->actual = req->actual;
511 INIT_WORK(&priv->work, ep_user_copy_worker);
512 schedule_work(&priv->work);
513 }
514
515 usb_ep_free_request(ep, req);
516 spin_unlock(&epdata->dev->lock);
517 put_ep(epdata);
518}
519
520static ssize_t ep_aio(struct kiocb *iocb,
521 struct kiocb_priv *priv,
522 struct ep_data *epdata,
523 char *buf,
524 size_t len)
525{
526 struct usb_request *req;
527 ssize_t value;
528
529 iocb->private = priv;
530 priv->iocb = iocb;
531
532 kiocb_set_cancel_fn(iocb, ep_aio_cancel);
533 get_ep(epdata);
534 priv->epdata = epdata;
535 priv->actual = 0;
536 priv->mm = current->mm;
537
538
539
540
541 spin_lock_irq(&epdata->dev->lock);
542 value = -ENODEV;
543 if (unlikely(epdata->ep == NULL))
544 goto fail;
545
546 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
547 value = -ENOMEM;
548 if (unlikely(!req))
549 goto fail;
550
551 priv->req = req;
552 req->buf = buf;
553 req->length = len;
554 req->complete = ep_aio_complete;
555 req->context = iocb;
556 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
557 if (unlikely(0 != value)) {
558 usb_ep_free_request(epdata->ep, req);
559 goto fail;
560 }
561 spin_unlock_irq(&epdata->dev->lock);
562 return -EIOCBQUEUED;
563
564fail:
565 spin_unlock_irq(&epdata->dev->lock);
566 kfree(priv->to_free);
567 kfree(priv);
568 put_ep(epdata);
569 return value;
570}
571
572static ssize_t
573ep_read_iter(struct kiocb *iocb, struct iov_iter *to)
574{
575 struct file *file = iocb->ki_filp;
576 struct ep_data *epdata = file->private_data;
577 size_t len = iov_iter_count(to);
578 ssize_t value;
579 char *buf;
580
581 if ((value = get_ready_ep(file->f_flags, epdata, false)) < 0)
582 return value;
583
584
585 if (usb_endpoint_dir_in(&epdata->desc)) {
586 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
587 !is_sync_kiocb(iocb)) {
588 mutex_unlock(&epdata->lock);
589 return -EINVAL;
590 }
591 DBG (epdata->dev, "%s halt\n", epdata->name);
592 spin_lock_irq(&epdata->dev->lock);
593 if (likely(epdata->ep != NULL))
594 usb_ep_set_halt(epdata->ep);
595 spin_unlock_irq(&epdata->dev->lock);
596 mutex_unlock(&epdata->lock);
597 return -EBADMSG;
598 }
599
600 buf = kmalloc(len, GFP_KERNEL);
601 if (unlikely(!buf)) {
602 mutex_unlock(&epdata->lock);
603 return -ENOMEM;
604 }
605 if (is_sync_kiocb(iocb)) {
606 value = ep_io(epdata, buf, len);
607 if (value >= 0 && (copy_to_iter(buf, value, to) != value))
608 value = -EFAULT;
609 } else {
610 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
611 value = -ENOMEM;
612 if (!priv)
613 goto fail;
614 priv->to_free = dup_iter(&priv->to, to, GFP_KERNEL);
615 if (!priv->to_free) {
616 kfree(priv);
617 goto fail;
618 }
619 value = ep_aio(iocb, priv, epdata, buf, len);
620 if (value == -EIOCBQUEUED)
621 buf = NULL;
622 }
623fail:
624 kfree(buf);
625 mutex_unlock(&epdata->lock);
626 return value;
627}
628
629static ssize_t ep_config(struct ep_data *, const char *, size_t);
630
631static ssize_t
632ep_write_iter(struct kiocb *iocb, struct iov_iter *from)
633{
634 struct file *file = iocb->ki_filp;
635 struct ep_data *epdata = file->private_data;
636 size_t len = iov_iter_count(from);
637 bool configured;
638 ssize_t value;
639 char *buf;
640
641 if ((value = get_ready_ep(file->f_flags, epdata, true)) < 0)
642 return value;
643
644 configured = epdata->state == STATE_EP_ENABLED;
645
646
647 if (configured && !usb_endpoint_dir_in(&epdata->desc)) {
648 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
649 !is_sync_kiocb(iocb)) {
650 mutex_unlock(&epdata->lock);
651 return -EINVAL;
652 }
653 DBG (epdata->dev, "%s halt\n", epdata->name);
654 spin_lock_irq(&epdata->dev->lock);
655 if (likely(epdata->ep != NULL))
656 usb_ep_set_halt(epdata->ep);
657 spin_unlock_irq(&epdata->dev->lock);
658 mutex_unlock(&epdata->lock);
659 return -EBADMSG;
660 }
661
662 buf = kmalloc(len, GFP_KERNEL);
663 if (unlikely(!buf)) {
664 mutex_unlock(&epdata->lock);
665 return -ENOMEM;
666 }
667
668 if (unlikely(!copy_from_iter_full(buf, len, from))) {
669 value = -EFAULT;
670 goto out;
671 }
672
673 if (unlikely(!configured)) {
674 value = ep_config(epdata, buf, len);
675 } else if (is_sync_kiocb(iocb)) {
676 value = ep_io(epdata, buf, len);
677 } else {
678 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
679 value = -ENOMEM;
680 if (priv) {
681 value = ep_aio(iocb, priv, epdata, buf, len);
682 if (value == -EIOCBQUEUED)
683 buf = NULL;
684 }
685 }
686out:
687 kfree(buf);
688 mutex_unlock(&epdata->lock);
689 return value;
690}
691
692
693
694
695static const struct file_operations ep_io_operations = {
696 .owner = THIS_MODULE,
697
698 .open = ep_open,
699 .release = ep_release,
700 .llseek = no_llseek,
701 .unlocked_ioctl = ep_ioctl,
702 .read_iter = ep_read_iter,
703 .write_iter = ep_write_iter,
704};
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719static ssize_t
720ep_config (struct ep_data *data, const char *buf, size_t len)
721{
722 struct usb_ep *ep;
723 u32 tag;
724 int value, length = len;
725
726 if (data->state != STATE_EP_READY) {
727 value = -EL2HLT;
728 goto fail;
729 }
730
731 value = len;
732 if (len < USB_DT_ENDPOINT_SIZE + 4)
733 goto fail0;
734
735
736 memcpy(&tag, buf, 4);
737 if (tag != 1) {
738 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
739 goto fail0;
740 }
741 buf += 4;
742 len -= 4;
743
744
745
746
747
748
749 memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE);
750 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
751 || data->desc.bDescriptorType != USB_DT_ENDPOINT)
752 goto fail0;
753 if (len != USB_DT_ENDPOINT_SIZE) {
754 if (len != 2 * USB_DT_ENDPOINT_SIZE)
755 goto fail0;
756 memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
757 USB_DT_ENDPOINT_SIZE);
758 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
759 || data->hs_desc.bDescriptorType
760 != USB_DT_ENDPOINT) {
761 DBG(data->dev, "config %s, bad hs length or type\n",
762 data->name);
763 goto fail0;
764 }
765 }
766
767 spin_lock_irq (&data->dev->lock);
768 if (data->dev->state == STATE_DEV_UNBOUND) {
769 value = -ENOENT;
770 goto gone;
771 } else {
772 ep = data->ep;
773 if (ep == NULL) {
774 value = -ENODEV;
775 goto gone;
776 }
777 }
778 switch (data->dev->gadget->speed) {
779 case USB_SPEED_LOW:
780 case USB_SPEED_FULL:
781 ep->desc = &data->desc;
782 break;
783 case USB_SPEED_HIGH:
784
785 ep->desc = &data->hs_desc;
786 break;
787 default:
788 DBG(data->dev, "unconnected, %s init abandoned\n",
789 data->name);
790 value = -EINVAL;
791 goto gone;
792 }
793 value = usb_ep_enable(ep);
794 if (value == 0) {
795 data->state = STATE_EP_ENABLED;
796 value = length;
797 }
798gone:
799 spin_unlock_irq (&data->dev->lock);
800 if (value < 0) {
801fail:
802 data->desc.bDescriptorType = 0;
803 data->hs_desc.bDescriptorType = 0;
804 }
805 return value;
806fail0:
807 value = -EINVAL;
808 goto fail;
809}
810
811static int
812ep_open (struct inode *inode, struct file *fd)
813{
814 struct ep_data *data = inode->i_private;
815 int value = -EBUSY;
816
817 if (mutex_lock_interruptible(&data->lock) != 0)
818 return -EINTR;
819 spin_lock_irq (&data->dev->lock);
820 if (data->dev->state == STATE_DEV_UNBOUND)
821 value = -ENOENT;
822 else if (data->state == STATE_EP_DISABLED) {
823 value = 0;
824 data->state = STATE_EP_READY;
825 get_ep (data);
826 fd->private_data = data;
827 VDEBUG (data->dev, "%s ready\n", data->name);
828 } else
829 DBG (data->dev, "%s state %d\n",
830 data->name, data->state);
831 spin_unlock_irq (&data->dev->lock);
832 mutex_unlock(&data->lock);
833 return value;
834}
835
836
837
838
839
840
841
842
843
844
845static inline void ep0_readable (struct dev_data *dev)
846{
847 wake_up (&dev->wait);
848 kill_fasync (&dev->fasync, SIGIO, POLL_IN);
849}
850
851static void clean_req (struct usb_ep *ep, struct usb_request *req)
852{
853 struct dev_data *dev = ep->driver_data;
854
855 if (req->buf != dev->rbuf) {
856 kfree(req->buf);
857 req->buf = dev->rbuf;
858 }
859 req->complete = epio_complete;
860 dev->setup_out_ready = 0;
861}
862
863static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
864{
865 struct dev_data *dev = ep->driver_data;
866 unsigned long flags;
867 int free = 1;
868
869
870 spin_lock_irqsave(&dev->lock, flags);
871 if (!dev->setup_in) {
872 dev->setup_out_error = (req->status != 0);
873 if (!dev->setup_out_error)
874 free = 0;
875 dev->setup_out_ready = 1;
876 ep0_readable (dev);
877 }
878
879
880 if (free && req->buf != &dev->rbuf)
881 clean_req (ep, req);
882 req->complete = epio_complete;
883 spin_unlock_irqrestore(&dev->lock, flags);
884}
885
886static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
887{
888 struct dev_data *dev = ep->driver_data;
889
890 if (dev->setup_out_ready) {
891 DBG (dev, "ep0 request busy!\n");
892 return -EBUSY;
893 }
894 if (len > sizeof (dev->rbuf))
895 req->buf = kmalloc(len, GFP_ATOMIC);
896 if (req->buf == NULL) {
897 req->buf = dev->rbuf;
898 return -ENOMEM;
899 }
900 req->complete = ep0_complete;
901 req->length = len;
902 req->zero = 0;
903 return 0;
904}
905
906static ssize_t
907ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
908{
909 struct dev_data *dev = fd->private_data;
910 ssize_t retval;
911 enum ep0_state state;
912
913 spin_lock_irq (&dev->lock);
914 if (dev->state <= STATE_DEV_OPENED) {
915 retval = -EINVAL;
916 goto done;
917 }
918
919
920 if (dev->setup_abort) {
921 dev->setup_abort = 0;
922 retval = -EIDRM;
923 goto done;
924 }
925
926
927 if ((state = dev->state) == STATE_DEV_SETUP) {
928
929 if (dev->setup_in) {
930 VDEBUG(dev, "ep0in stall\n");
931 (void) usb_ep_set_halt (dev->gadget->ep0);
932 retval = -EL2HLT;
933 dev->state = STATE_DEV_CONNECTED;
934
935 } else if (len == 0) {
936 struct usb_ep *ep = dev->gadget->ep0;
937 struct usb_request *req = dev->req;
938
939 if ((retval = setup_req (ep, req, 0)) == 0) {
940 ++dev->udc_usage;
941 spin_unlock_irq (&dev->lock);
942 retval = usb_ep_queue (ep, req, GFP_KERNEL);
943 spin_lock_irq (&dev->lock);
944 --dev->udc_usage;
945 }
946 dev->state = STATE_DEV_CONNECTED;
947
948
949 if (dev->current_config) {
950 unsigned power;
951
952 if (gadget_is_dualspeed(dev->gadget)
953 && (dev->gadget->speed
954 == USB_SPEED_HIGH))
955 power = dev->hs_config->bMaxPower;
956 else
957 power = dev->config->bMaxPower;
958 usb_gadget_vbus_draw(dev->gadget, 2 * power);
959 }
960
961 } else {
962 if ((fd->f_flags & O_NONBLOCK) != 0
963 && !dev->setup_out_ready) {
964 retval = -EAGAIN;
965 goto done;
966 }
967 spin_unlock_irq (&dev->lock);
968 retval = wait_event_interruptible (dev->wait,
969 dev->setup_out_ready != 0);
970
971
972 spin_lock_irq (&dev->lock);
973 if (retval)
974 goto done;
975
976 if (dev->state != STATE_DEV_SETUP) {
977 retval = -ECANCELED;
978 goto done;
979 }
980 dev->state = STATE_DEV_CONNECTED;
981
982 if (dev->setup_out_error)
983 retval = -EIO;
984 else {
985 len = min (len, (size_t)dev->req->actual);
986 ++dev->udc_usage;
987 spin_unlock_irq(&dev->lock);
988 if (copy_to_user (buf, dev->req->buf, len))
989 retval = -EFAULT;
990 else
991 retval = len;
992 spin_lock_irq(&dev->lock);
993 --dev->udc_usage;
994 clean_req (dev->gadget->ep0, dev->req);
995
996 }
997 }
998 goto done;
999 }
1000
1001
1002 if (len < sizeof dev->event [0]) {
1003 retval = -EINVAL;
1004 goto done;
1005 }
1006 len -= len % sizeof (struct usb_gadgetfs_event);
1007 dev->usermode_setup = 1;
1008
1009scan:
1010
1011 if (dev->ev_next != 0) {
1012 unsigned i, n;
1013
1014 n = len / sizeof (struct usb_gadgetfs_event);
1015 if (dev->ev_next < n)
1016 n = dev->ev_next;
1017
1018
1019 for (i = 0; i < n; i++) {
1020 if (dev->event [i].type == GADGETFS_SETUP) {
1021 dev->state = STATE_DEV_SETUP;
1022 n = i + 1;
1023 break;
1024 }
1025 }
1026 spin_unlock_irq (&dev->lock);
1027 len = n * sizeof (struct usb_gadgetfs_event);
1028 if (copy_to_user (buf, &dev->event, len))
1029 retval = -EFAULT;
1030 else
1031 retval = len;
1032 if (len > 0) {
1033
1034
1035
1036 spin_lock_irq (&dev->lock);
1037 if (dev->ev_next > n) {
1038 memmove(&dev->event[0], &dev->event[n],
1039 sizeof (struct usb_gadgetfs_event)
1040 * (dev->ev_next - n));
1041 }
1042 dev->ev_next -= n;
1043 spin_unlock_irq (&dev->lock);
1044 }
1045 return retval;
1046 }
1047 if (fd->f_flags & O_NONBLOCK) {
1048 retval = -EAGAIN;
1049 goto done;
1050 }
1051
1052 switch (state) {
1053 default:
1054 DBG (dev, "fail %s, state %d\n", __func__, state);
1055 retval = -ESRCH;
1056 break;
1057 case STATE_DEV_UNCONNECTED:
1058 case STATE_DEV_CONNECTED:
1059 spin_unlock_irq (&dev->lock);
1060 DBG (dev, "%s wait\n", __func__);
1061
1062
1063 retval = wait_event_interruptible (dev->wait,
1064 dev->ev_next != 0);
1065 if (retval < 0)
1066 return retval;
1067 spin_lock_irq (&dev->lock);
1068 goto scan;
1069 }
1070
1071done:
1072 spin_unlock_irq (&dev->lock);
1073 return retval;
1074}
1075
1076static struct usb_gadgetfs_event *
1077next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1078{
1079 struct usb_gadgetfs_event *event;
1080 unsigned i;
1081
1082 switch (type) {
1083
1084 case GADGETFS_DISCONNECT:
1085 if (dev->state == STATE_DEV_SETUP)
1086 dev->setup_abort = 1;
1087 fallthrough;
1088 case GADGETFS_CONNECT:
1089 dev->ev_next = 0;
1090 break;
1091 case GADGETFS_SETUP:
1092 case GADGETFS_SUSPEND:
1093
1094 for (i = 0; i != dev->ev_next; i++) {
1095 if (dev->event [i].type != type)
1096 continue;
1097 DBG(dev, "discard old event[%d] %d\n", i, type);
1098 dev->ev_next--;
1099 if (i == dev->ev_next)
1100 break;
1101
1102 memmove (&dev->event [i], &dev->event [i + 1],
1103 sizeof (struct usb_gadgetfs_event)
1104 * (dev->ev_next - i));
1105 }
1106 break;
1107 default:
1108 BUG ();
1109 }
1110 VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1111 event = &dev->event [dev->ev_next++];
1112 BUG_ON (dev->ev_next > N_EVENT);
1113 memset (event, 0, sizeof *event);
1114 event->type = type;
1115 return event;
1116}
1117
1118static ssize_t
1119ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1120{
1121 struct dev_data *dev = fd->private_data;
1122 ssize_t retval = -ESRCH;
1123
1124
1125 if (dev->setup_abort) {
1126 dev->setup_abort = 0;
1127 retval = -EIDRM;
1128
1129
1130 } else if (dev->state == STATE_DEV_SETUP) {
1131
1132 len = min_t(size_t, len, dev->setup_wLength);
1133 if (dev->setup_in) {
1134 retval = setup_req (dev->gadget->ep0, dev->req, len);
1135 if (retval == 0) {
1136 dev->state = STATE_DEV_CONNECTED;
1137 ++dev->udc_usage;
1138 spin_unlock_irq (&dev->lock);
1139 if (copy_from_user (dev->req->buf, buf, len))
1140 retval = -EFAULT;
1141 else {
1142 if (len < dev->setup_wLength)
1143 dev->req->zero = 1;
1144 retval = usb_ep_queue (
1145 dev->gadget->ep0, dev->req,
1146 GFP_KERNEL);
1147 }
1148 spin_lock_irq(&dev->lock);
1149 --dev->udc_usage;
1150 if (retval < 0) {
1151 clean_req (dev->gadget->ep0, dev->req);
1152 } else
1153 retval = len;
1154
1155 return retval;
1156 }
1157
1158
1159 } else if (dev->setup_can_stall) {
1160 VDEBUG(dev, "ep0out stall\n");
1161 (void) usb_ep_set_halt (dev->gadget->ep0);
1162 retval = -EL2HLT;
1163 dev->state = STATE_DEV_CONNECTED;
1164 } else {
1165 DBG(dev, "bogus ep0out stall!\n");
1166 }
1167 } else
1168 DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1169
1170 return retval;
1171}
1172
1173static int
1174ep0_fasync (int f, struct file *fd, int on)
1175{
1176 struct dev_data *dev = fd->private_data;
1177
1178 VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1179 return fasync_helper (f, fd, on, &dev->fasync);
1180}
1181
1182static struct usb_gadget_driver gadgetfs_driver;
1183
1184static int
1185dev_release (struct inode *inode, struct file *fd)
1186{
1187 struct dev_data *dev = fd->private_data;
1188
1189
1190
1191 if (dev->gadget_registered) {
1192 usb_gadget_unregister_driver (&gadgetfs_driver);
1193 dev->gadget_registered = false;
1194 }
1195
1196
1197
1198
1199
1200
1201 kfree (dev->buf);
1202 dev->buf = NULL;
1203
1204
1205 spin_lock_irq(&dev->lock);
1206 dev->state = STATE_DEV_DISABLED;
1207 spin_unlock_irq(&dev->lock);
1208
1209 put_dev (dev);
1210 return 0;
1211}
1212
1213static __poll_t
1214ep0_poll (struct file *fd, poll_table *wait)
1215{
1216 struct dev_data *dev = fd->private_data;
1217 __poll_t mask = 0;
1218
1219 if (dev->state <= STATE_DEV_OPENED)
1220 return DEFAULT_POLLMASK;
1221
1222 poll_wait(fd, &dev->wait, wait);
1223
1224 spin_lock_irq(&dev->lock);
1225
1226
1227 if (dev->setup_abort) {
1228 dev->setup_abort = 0;
1229 mask = EPOLLHUP;
1230 goto out;
1231 }
1232
1233 if (dev->state == STATE_DEV_SETUP) {
1234 if (dev->setup_in || dev->setup_can_stall)
1235 mask = EPOLLOUT;
1236 } else {
1237 if (dev->ev_next != 0)
1238 mask = EPOLLIN;
1239 }
1240out:
1241 spin_unlock_irq(&dev->lock);
1242 return mask;
1243}
1244
1245static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1246{
1247 struct dev_data *dev = fd->private_data;
1248 struct usb_gadget *gadget = dev->gadget;
1249 long ret = -ENOTTY;
1250
1251 spin_lock_irq(&dev->lock);
1252 if (dev->state == STATE_DEV_OPENED ||
1253 dev->state == STATE_DEV_UNBOUND) {
1254
1255 } else if (gadget->ops->ioctl) {
1256 ++dev->udc_usage;
1257 spin_unlock_irq(&dev->lock);
1258
1259 ret = gadget->ops->ioctl (gadget, code, value);
1260
1261 spin_lock_irq(&dev->lock);
1262 --dev->udc_usage;
1263 }
1264 spin_unlock_irq(&dev->lock);
1265
1266 return ret;
1267}
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277static void make_qualifier (struct dev_data *dev)
1278{
1279 struct usb_qualifier_descriptor qual;
1280 struct usb_device_descriptor *desc;
1281
1282 qual.bLength = sizeof qual;
1283 qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1284 qual.bcdUSB = cpu_to_le16 (0x0200);
1285
1286 desc = dev->dev;
1287 qual.bDeviceClass = desc->bDeviceClass;
1288 qual.bDeviceSubClass = desc->bDeviceSubClass;
1289 qual.bDeviceProtocol = desc->bDeviceProtocol;
1290
1291
1292 qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1293
1294 qual.bNumConfigurations = 1;
1295 qual.bRESERVED = 0;
1296
1297 memcpy (dev->rbuf, &qual, sizeof qual);
1298}
1299
1300static int
1301config_buf (struct dev_data *dev, u8 type, unsigned index)
1302{
1303 int len;
1304 int hs = 0;
1305
1306
1307 if (index > 0)
1308 return -EINVAL;
1309
1310 if (gadget_is_dualspeed(dev->gadget)) {
1311 hs = (dev->gadget->speed == USB_SPEED_HIGH);
1312 if (type == USB_DT_OTHER_SPEED_CONFIG)
1313 hs = !hs;
1314 }
1315 if (hs) {
1316 dev->req->buf = dev->hs_config;
1317 len = le16_to_cpu(dev->hs_config->wTotalLength);
1318 } else {
1319 dev->req->buf = dev->config;
1320 len = le16_to_cpu(dev->config->wTotalLength);
1321 }
1322 ((u8 *)dev->req->buf) [1] = type;
1323 return len;
1324}
1325
1326static int
1327gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1328{
1329 struct dev_data *dev = get_gadget_data (gadget);
1330 struct usb_request *req = dev->req;
1331 int value = -EOPNOTSUPP;
1332 struct usb_gadgetfs_event *event;
1333 u16 w_value = le16_to_cpu(ctrl->wValue);
1334 u16 w_length = le16_to_cpu(ctrl->wLength);
1335
1336 spin_lock (&dev->lock);
1337 dev->setup_abort = 0;
1338 if (dev->state == STATE_DEV_UNCONNECTED) {
1339 if (gadget_is_dualspeed(gadget)
1340 && gadget->speed == USB_SPEED_HIGH
1341 && dev->hs_config == NULL) {
1342 spin_unlock(&dev->lock);
1343 ERROR (dev, "no high speed config??\n");
1344 return -EINVAL;
1345 }
1346
1347 dev->state = STATE_DEV_CONNECTED;
1348
1349 INFO (dev, "connected\n");
1350 event = next_event (dev, GADGETFS_CONNECT);
1351 event->u.speed = gadget->speed;
1352 ep0_readable (dev);
1353
1354
1355
1356
1357
1358
1359 } else if (dev->state == STATE_DEV_SETUP)
1360 dev->setup_abort = 1;
1361
1362 req->buf = dev->rbuf;
1363 req->context = NULL;
1364 switch (ctrl->bRequest) {
1365
1366 case USB_REQ_GET_DESCRIPTOR:
1367 if (ctrl->bRequestType != USB_DIR_IN)
1368 goto unrecognized;
1369 switch (w_value >> 8) {
1370
1371 case USB_DT_DEVICE:
1372 value = min (w_length, (u16) sizeof *dev->dev);
1373 dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1374 req->buf = dev->dev;
1375 break;
1376 case USB_DT_DEVICE_QUALIFIER:
1377 if (!dev->hs_config)
1378 break;
1379 value = min (w_length, (u16)
1380 sizeof (struct usb_qualifier_descriptor));
1381 make_qualifier (dev);
1382 break;
1383 case USB_DT_OTHER_SPEED_CONFIG:
1384 case USB_DT_CONFIG:
1385 value = config_buf (dev,
1386 w_value >> 8,
1387 w_value & 0xff);
1388 if (value >= 0)
1389 value = min (w_length, (u16) value);
1390 break;
1391 case USB_DT_STRING:
1392 goto unrecognized;
1393
1394 default:
1395 break;
1396 }
1397 break;
1398
1399
1400 case USB_REQ_SET_CONFIGURATION:
1401 if (ctrl->bRequestType != 0)
1402 goto unrecognized;
1403 if (0 == (u8) w_value) {
1404 value = 0;
1405 dev->current_config = 0;
1406 usb_gadget_vbus_draw(gadget, 8 );
1407
1408 } else {
1409 u8 config, power;
1410
1411 if (gadget_is_dualspeed(gadget)
1412 && gadget->speed == USB_SPEED_HIGH) {
1413 config = dev->hs_config->bConfigurationValue;
1414 power = dev->hs_config->bMaxPower;
1415 } else {
1416 config = dev->config->bConfigurationValue;
1417 power = dev->config->bMaxPower;
1418 }
1419
1420 if (config == (u8) w_value) {
1421 value = 0;
1422 dev->current_config = config;
1423 usb_gadget_vbus_draw(gadget, 2 * power);
1424 }
1425 }
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436 if (value == 0) {
1437 INFO (dev, "configuration #%d\n", dev->current_config);
1438 usb_gadget_set_state(gadget, USB_STATE_CONFIGURED);
1439 if (dev->usermode_setup) {
1440 dev->setup_can_stall = 0;
1441 goto delegate;
1442 }
1443 }
1444 break;
1445
1446#ifndef CONFIG_USB_PXA25X
1447
1448 case USB_REQ_GET_CONFIGURATION:
1449 if (ctrl->bRequestType != 0x80)
1450 goto unrecognized;
1451 *(u8 *)req->buf = dev->current_config;
1452 value = min (w_length, (u16) 1);
1453 break;
1454#endif
1455
1456 default:
1457unrecognized:
1458 VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1459 dev->usermode_setup ? "delegate" : "fail",
1460 ctrl->bRequestType, ctrl->bRequest,
1461 w_value, le16_to_cpu(ctrl->wIndex), w_length);
1462
1463
1464 if (dev->usermode_setup) {
1465 dev->setup_can_stall = 1;
1466delegate:
1467 dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1468 ? 1 : 0;
1469 dev->setup_wLength = w_length;
1470 dev->setup_out_ready = 0;
1471 dev->setup_out_error = 0;
1472
1473
1474 if (unlikely (!dev->setup_in && w_length)) {
1475 value = setup_req (gadget->ep0, dev->req,
1476 w_length);
1477 if (value < 0)
1478 break;
1479
1480 ++dev->udc_usage;
1481 spin_unlock (&dev->lock);
1482 value = usb_ep_queue (gadget->ep0, dev->req,
1483 GFP_KERNEL);
1484 spin_lock (&dev->lock);
1485 --dev->udc_usage;
1486 if (value < 0) {
1487 clean_req (gadget->ep0, dev->req);
1488 break;
1489 }
1490
1491
1492 dev->setup_can_stall = 0;
1493 }
1494
1495
1496 event = next_event (dev, GADGETFS_SETUP);
1497 event->u.setup = *ctrl;
1498 ep0_readable (dev);
1499 spin_unlock (&dev->lock);
1500 return 0;
1501 }
1502 }
1503
1504
1505 if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1506 req->length = value;
1507 req->zero = value < w_length;
1508
1509 ++dev->udc_usage;
1510 spin_unlock (&dev->lock);
1511 value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
1512 spin_lock(&dev->lock);
1513 --dev->udc_usage;
1514 spin_unlock(&dev->lock);
1515 if (value < 0) {
1516 DBG (dev, "ep_queue --> %d\n", value);
1517 req->status = 0;
1518 }
1519 return value;
1520 }
1521
1522
1523 spin_unlock (&dev->lock);
1524 return value;
1525}
1526
1527static void destroy_ep_files (struct dev_data *dev)
1528{
1529 DBG (dev, "%s %d\n", __func__, dev->state);
1530
1531
1532 spin_lock_irq (&dev->lock);
1533 while (!list_empty(&dev->epfiles)) {
1534 struct ep_data *ep;
1535 struct inode *parent;
1536 struct dentry *dentry;
1537
1538
1539 ep = list_first_entry (&dev->epfiles, struct ep_data, epfiles);
1540 list_del_init (&ep->epfiles);
1541 spin_unlock_irq (&dev->lock);
1542
1543 dentry = ep->dentry;
1544 ep->dentry = NULL;
1545 parent = d_inode(dentry->d_parent);
1546
1547
1548 mutex_lock(&ep->lock);
1549 if (ep->state == STATE_EP_ENABLED)
1550 (void) usb_ep_disable (ep->ep);
1551 ep->state = STATE_EP_UNBOUND;
1552 usb_ep_free_request (ep->ep, ep->req);
1553 ep->ep = NULL;
1554 mutex_unlock(&ep->lock);
1555
1556 wake_up (&ep->wait);
1557 put_ep (ep);
1558
1559
1560 inode_lock(parent);
1561 d_delete (dentry);
1562 dput (dentry);
1563 inode_unlock(parent);
1564
1565 spin_lock_irq (&dev->lock);
1566 }
1567 spin_unlock_irq (&dev->lock);
1568}
1569
1570
1571static struct dentry *
1572gadgetfs_create_file (struct super_block *sb, char const *name,
1573 void *data, const struct file_operations *fops);
1574
1575static int activate_ep_files (struct dev_data *dev)
1576{
1577 struct usb_ep *ep;
1578 struct ep_data *data;
1579
1580 gadget_for_each_ep (ep, dev->gadget) {
1581
1582 data = kzalloc(sizeof(*data), GFP_KERNEL);
1583 if (!data)
1584 goto enomem0;
1585 data->state = STATE_EP_DISABLED;
1586 mutex_init(&data->lock);
1587 init_waitqueue_head (&data->wait);
1588
1589 strncpy (data->name, ep->name, sizeof (data->name) - 1);
1590 refcount_set (&data->count, 1);
1591 data->dev = dev;
1592 get_dev (dev);
1593
1594 data->ep = ep;
1595 ep->driver_data = data;
1596
1597 data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1598 if (!data->req)
1599 goto enomem1;
1600
1601 data->dentry = gadgetfs_create_file (dev->sb, data->name,
1602 data, &ep_io_operations);
1603 if (!data->dentry)
1604 goto enomem2;
1605 list_add_tail (&data->epfiles, &dev->epfiles);
1606 }
1607 return 0;
1608
1609enomem2:
1610 usb_ep_free_request (ep, data->req);
1611enomem1:
1612 put_dev (dev);
1613 kfree (data);
1614enomem0:
1615 DBG (dev, "%s enomem\n", __func__);
1616 destroy_ep_files (dev);
1617 return -ENOMEM;
1618}
1619
1620static void
1621gadgetfs_unbind (struct usb_gadget *gadget)
1622{
1623 struct dev_data *dev = get_gadget_data (gadget);
1624
1625 DBG (dev, "%s\n", __func__);
1626
1627 spin_lock_irq (&dev->lock);
1628 dev->state = STATE_DEV_UNBOUND;
1629 while (dev->udc_usage > 0) {
1630 spin_unlock_irq(&dev->lock);
1631 usleep_range(1000, 2000);
1632 spin_lock_irq(&dev->lock);
1633 }
1634 spin_unlock_irq (&dev->lock);
1635
1636 destroy_ep_files (dev);
1637 gadget->ep0->driver_data = NULL;
1638 set_gadget_data (gadget, NULL);
1639
1640
1641 if (dev->req)
1642 usb_ep_free_request (gadget->ep0, dev->req);
1643 DBG (dev, "%s done\n", __func__);
1644 put_dev (dev);
1645}
1646
1647static struct dev_data *the_device;
1648
1649static int gadgetfs_bind(struct usb_gadget *gadget,
1650 struct usb_gadget_driver *driver)
1651{
1652 struct dev_data *dev = the_device;
1653
1654 if (!dev)
1655 return -ESRCH;
1656 if (0 != strcmp (CHIP, gadget->name)) {
1657 pr_err("%s expected %s controller not %s\n",
1658 shortname, CHIP, gadget->name);
1659 return -ENODEV;
1660 }
1661
1662 set_gadget_data (gadget, dev);
1663 dev->gadget = gadget;
1664 gadget->ep0->driver_data = dev;
1665
1666
1667 dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1668 if (!dev->req)
1669 goto enomem;
1670 dev->req->context = NULL;
1671 dev->req->complete = epio_complete;
1672
1673 if (activate_ep_files (dev) < 0)
1674 goto enomem;
1675
1676 INFO (dev, "bound to %s driver\n", gadget->name);
1677 spin_lock_irq(&dev->lock);
1678 dev->state = STATE_DEV_UNCONNECTED;
1679 spin_unlock_irq(&dev->lock);
1680 get_dev (dev);
1681 return 0;
1682
1683enomem:
1684 gadgetfs_unbind (gadget);
1685 return -ENOMEM;
1686}
1687
1688static void
1689gadgetfs_disconnect (struct usb_gadget *gadget)
1690{
1691 struct dev_data *dev = get_gadget_data (gadget);
1692 unsigned long flags;
1693
1694 spin_lock_irqsave (&dev->lock, flags);
1695 if (dev->state == STATE_DEV_UNCONNECTED)
1696 goto exit;
1697 dev->state = STATE_DEV_UNCONNECTED;
1698
1699 INFO (dev, "disconnected\n");
1700 next_event (dev, GADGETFS_DISCONNECT);
1701 ep0_readable (dev);
1702exit:
1703 spin_unlock_irqrestore (&dev->lock, flags);
1704}
1705
1706static void
1707gadgetfs_suspend (struct usb_gadget *gadget)
1708{
1709 struct dev_data *dev = get_gadget_data (gadget);
1710 unsigned long flags;
1711
1712 INFO (dev, "suspended from state %d\n", dev->state);
1713 spin_lock_irqsave(&dev->lock, flags);
1714 switch (dev->state) {
1715 case STATE_DEV_SETUP:
1716 case STATE_DEV_CONNECTED:
1717 case STATE_DEV_UNCONNECTED:
1718 next_event (dev, GADGETFS_SUSPEND);
1719 ep0_readable (dev);
1720 fallthrough;
1721 default:
1722 break;
1723 }
1724 spin_unlock_irqrestore(&dev->lock, flags);
1725}
1726
1727static struct usb_gadget_driver gadgetfs_driver = {
1728 .function = (char *) driver_desc,
1729 .bind = gadgetfs_bind,
1730 .unbind = gadgetfs_unbind,
1731 .setup = gadgetfs_setup,
1732 .reset = gadgetfs_disconnect,
1733 .disconnect = gadgetfs_disconnect,
1734 .suspend = gadgetfs_suspend,
1735
1736 .driver = {
1737 .name = shortname,
1738 },
1739};
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768static int is_valid_config(struct usb_config_descriptor *config,
1769 unsigned int total)
1770{
1771 return config->bDescriptorType == USB_DT_CONFIG
1772 && config->bLength == USB_DT_CONFIG_SIZE
1773 && total >= USB_DT_CONFIG_SIZE
1774 && config->bConfigurationValue != 0
1775 && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1776 && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1777
1778
1779}
1780
1781static ssize_t
1782dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1783{
1784 struct dev_data *dev = fd->private_data;
1785 ssize_t value, length = len;
1786 unsigned total;
1787 u32 tag;
1788 char *kbuf;
1789
1790 spin_lock_irq(&dev->lock);
1791 if (dev->state > STATE_DEV_OPENED) {
1792 value = ep0_write(fd, buf, len, ptr);
1793 spin_unlock_irq(&dev->lock);
1794 return value;
1795 }
1796 spin_unlock_irq(&dev->lock);
1797
1798 if ((len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) ||
1799 (len > PAGE_SIZE * 4))
1800 return -EINVAL;
1801
1802
1803 if (copy_from_user (&tag, buf, 4))
1804 return -EFAULT;
1805 if (tag != 0)
1806 return -EINVAL;
1807 buf += 4;
1808 length -= 4;
1809
1810 kbuf = memdup_user(buf, length);
1811 if (IS_ERR(kbuf))
1812 return PTR_ERR(kbuf);
1813
1814 spin_lock_irq (&dev->lock);
1815 value = -EINVAL;
1816 if (dev->buf) {
1817 kfree(kbuf);
1818 goto fail;
1819 }
1820 dev->buf = kbuf;
1821
1822
1823 dev->config = (void *) kbuf;
1824 total = le16_to_cpu(dev->config->wTotalLength);
1825 if (!is_valid_config(dev->config, total) ||
1826 total > length - USB_DT_DEVICE_SIZE)
1827 goto fail;
1828 kbuf += total;
1829 length -= total;
1830
1831
1832 if (kbuf [1] == USB_DT_CONFIG) {
1833 dev->hs_config = (void *) kbuf;
1834 total = le16_to_cpu(dev->hs_config->wTotalLength);
1835 if (!is_valid_config(dev->hs_config, total) ||
1836 total > length - USB_DT_DEVICE_SIZE)
1837 goto fail;
1838 kbuf += total;
1839 length -= total;
1840 } else {
1841 dev->hs_config = NULL;
1842 }
1843
1844
1845
1846
1847 if (length != USB_DT_DEVICE_SIZE)
1848 goto fail;
1849 dev->dev = (void *)kbuf;
1850 if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1851 || dev->dev->bDescriptorType != USB_DT_DEVICE
1852 || dev->dev->bNumConfigurations != 1)
1853 goto fail;
1854 dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1855
1856
1857 spin_unlock_irq (&dev->lock);
1858 if (dev->hs_config)
1859 gadgetfs_driver.max_speed = USB_SPEED_HIGH;
1860 else
1861 gadgetfs_driver.max_speed = USB_SPEED_FULL;
1862
1863 value = usb_gadget_probe_driver(&gadgetfs_driver);
1864 if (value != 0) {
1865 kfree (dev->buf);
1866 dev->buf = NULL;
1867 } else {
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877 value = len;
1878 dev->gadget_registered = true;
1879 }
1880 return value;
1881
1882fail:
1883 spin_unlock_irq (&dev->lock);
1884 pr_debug ("%s: %s fail %zd, %p\n", shortname, __func__, value, dev);
1885 kfree (dev->buf);
1886 dev->buf = NULL;
1887 return value;
1888}
1889
1890static int
1891dev_open (struct inode *inode, struct file *fd)
1892{
1893 struct dev_data *dev = inode->i_private;
1894 int value = -EBUSY;
1895
1896 spin_lock_irq(&dev->lock);
1897 if (dev->state == STATE_DEV_DISABLED) {
1898 dev->ev_next = 0;
1899 dev->state = STATE_DEV_OPENED;
1900 fd->private_data = dev;
1901 get_dev (dev);
1902 value = 0;
1903 }
1904 spin_unlock_irq(&dev->lock);
1905 return value;
1906}
1907
1908static const struct file_operations ep0_operations = {
1909 .llseek = no_llseek,
1910
1911 .open = dev_open,
1912 .read = ep0_read,
1913 .write = dev_config,
1914 .fasync = ep0_fasync,
1915 .poll = ep0_poll,
1916 .unlocked_ioctl = dev_ioctl,
1917 .release = dev_release,
1918};
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933static unsigned default_uid;
1934static unsigned default_gid;
1935static unsigned default_perm = S_IRUSR | S_IWUSR;
1936
1937module_param (default_uid, uint, 0644);
1938module_param (default_gid, uint, 0644);
1939module_param (default_perm, uint, 0644);
1940
1941
1942static struct inode *
1943gadgetfs_make_inode (struct super_block *sb,
1944 void *data, const struct file_operations *fops,
1945 int mode)
1946{
1947 struct inode *inode = new_inode (sb);
1948
1949 if (inode) {
1950 inode->i_ino = get_next_ino();
1951 inode->i_mode = mode;
1952 inode->i_uid = make_kuid(&init_user_ns, default_uid);
1953 inode->i_gid = make_kgid(&init_user_ns, default_gid);
1954 inode->i_atime = inode->i_mtime = inode->i_ctime
1955 = current_time(inode);
1956 inode->i_private = data;
1957 inode->i_fop = fops;
1958 }
1959 return inode;
1960}
1961
1962
1963
1964
1965static struct dentry *
1966gadgetfs_create_file (struct super_block *sb, char const *name,
1967 void *data, const struct file_operations *fops)
1968{
1969 struct dentry *dentry;
1970 struct inode *inode;
1971
1972 dentry = d_alloc_name(sb->s_root, name);
1973 if (!dentry)
1974 return NULL;
1975
1976 inode = gadgetfs_make_inode (sb, data, fops,
1977 S_IFREG | (default_perm & S_IRWXUGO));
1978 if (!inode) {
1979 dput(dentry);
1980 return NULL;
1981 }
1982 d_add (dentry, inode);
1983 return dentry;
1984}
1985
1986static const struct super_operations gadget_fs_operations = {
1987 .statfs = simple_statfs,
1988 .drop_inode = generic_delete_inode,
1989};
1990
1991static int
1992gadgetfs_fill_super (struct super_block *sb, struct fs_context *fc)
1993{
1994 struct inode *inode;
1995 struct dev_data *dev;
1996
1997 if (the_device)
1998 return -ESRCH;
1999
2000 CHIP = usb_get_gadget_udc_name();
2001 if (!CHIP)
2002 return -ENODEV;
2003
2004
2005 sb->s_blocksize = PAGE_SIZE;
2006 sb->s_blocksize_bits = PAGE_SHIFT;
2007 sb->s_magic = GADGETFS_MAGIC;
2008 sb->s_op = &gadget_fs_operations;
2009 sb->s_time_gran = 1;
2010
2011
2012 inode = gadgetfs_make_inode (sb,
2013 NULL, &simple_dir_operations,
2014 S_IFDIR | S_IRUGO | S_IXUGO);
2015 if (!inode)
2016 goto Enomem;
2017 inode->i_op = &simple_dir_inode_operations;
2018 if (!(sb->s_root = d_make_root (inode)))
2019 goto Enomem;
2020
2021
2022
2023
2024 dev = dev_new ();
2025 if (!dev)
2026 goto Enomem;
2027
2028 dev->sb = sb;
2029 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations);
2030 if (!dev->dentry) {
2031 put_dev(dev);
2032 goto Enomem;
2033 }
2034
2035
2036
2037
2038 the_device = dev;
2039 return 0;
2040
2041Enomem:
2042 return -ENOMEM;
2043}
2044
2045
2046static int gadgetfs_get_tree(struct fs_context *fc)
2047{
2048 return get_tree_single(fc, gadgetfs_fill_super);
2049}
2050
2051static const struct fs_context_operations gadgetfs_context_ops = {
2052 .get_tree = gadgetfs_get_tree,
2053};
2054
2055static int gadgetfs_init_fs_context(struct fs_context *fc)
2056{
2057 fc->ops = &gadgetfs_context_ops;
2058 return 0;
2059}
2060
2061static void
2062gadgetfs_kill_sb (struct super_block *sb)
2063{
2064 kill_litter_super (sb);
2065 if (the_device) {
2066 put_dev (the_device);
2067 the_device = NULL;
2068 }
2069 kfree(CHIP);
2070 CHIP = NULL;
2071}
2072
2073
2074
2075static struct file_system_type gadgetfs_type = {
2076 .owner = THIS_MODULE,
2077 .name = shortname,
2078 .init_fs_context = gadgetfs_init_fs_context,
2079 .kill_sb = gadgetfs_kill_sb,
2080};
2081MODULE_ALIAS_FS("gadgetfs");
2082
2083
2084
2085static int __init init (void)
2086{
2087 int status;
2088
2089 status = register_filesystem (&gadgetfs_type);
2090 if (status == 0)
2091 pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2092 shortname, driver_desc);
2093 return status;
2094}
2095module_init (init);
2096
2097static void __exit cleanup (void)
2098{
2099 pr_debug ("unregister %s\n", shortname);
2100 unregister_filesystem (&gadgetfs_type);
2101}
2102module_exit (cleanup);
2103
2104