1
2
3
4
5
6
7
8
9
10
11
12#include <linux/init.h>
13#include <linux/module.h>
14#include <linux/fs.h>
15#include <linux/fs_context.h>
16#include <linux/pagemap.h>
17#include <linux/uts.h>
18#include <linux/wait.h>
19#include <linux/compiler.h>
20#include <linux/uaccess.h>
21#include <linux/sched.h>
22#include <linux/slab.h>
23#include <linux/poll.h>
24#include <linux/kthread.h>
25#include <linux/aio.h>
26#include <linux/uio.h>
27#include <linux/refcount.h>
28#include <linux/delay.h>
29#include <linux/device.h>
30#include <linux/moduleparam.h>
31
32#include <linux/usb/gadgetfs.h>
33#include <linux/usb/gadget.h>
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66#define DRIVER_DESC "USB Gadget filesystem"
67#define DRIVER_VERSION "24 Aug 2004"
68
69static const char driver_desc [] = DRIVER_DESC;
70static const char shortname [] = "gadgetfs";
71
72MODULE_DESCRIPTION (DRIVER_DESC);
73MODULE_AUTHOR ("David Brownell");
74MODULE_LICENSE ("GPL");
75
76static int ep_open(struct inode *, struct file *);
77
78
79
80
81#define GADGETFS_MAGIC 0xaee71ee7
82
83
84enum ep0_state {
85
86 STATE_DEV_DISABLED = 0,
87
88
89
90
91
92
93 STATE_DEV_OPENED,
94
95
96
97
98
99
100 STATE_DEV_UNCONNECTED,
101 STATE_DEV_CONNECTED,
102 STATE_DEV_SETUP,
103
104
105
106
107 STATE_DEV_UNBOUND,
108};
109
110
111#define N_EVENT 5
112
113struct dev_data {
114 spinlock_t lock;
115 refcount_t count;
116 int udc_usage;
117 enum ep0_state state;
118 struct usb_gadgetfs_event event [N_EVENT];
119 unsigned ev_next;
120 struct fasync_struct *fasync;
121 u8 current_config;
122
123
124
125
126 unsigned usermode_setup : 1,
127 setup_in : 1,
128 setup_can_stall : 1,
129 setup_out_ready : 1,
130 setup_out_error : 1,
131 setup_abort : 1,
132 gadget_registered : 1;
133 unsigned setup_wLength;
134
135
136 struct usb_config_descriptor *config, *hs_config;
137 struct usb_device_descriptor *dev;
138 struct usb_request *req;
139 struct usb_gadget *gadget;
140 struct list_head epfiles;
141 void *buf;
142 wait_queue_head_t wait;
143 struct super_block *sb;
144 struct dentry *dentry;
145
146
147 u8 rbuf [256];
148};
149
150static inline void get_dev (struct dev_data *data)
151{
152 refcount_inc (&data->count);
153}
154
155static void put_dev (struct dev_data *data)
156{
157 if (likely (!refcount_dec_and_test (&data->count)))
158 return;
159
160 BUG_ON (waitqueue_active (&data->wait));
161 kfree (data);
162}
163
164static struct dev_data *dev_new (void)
165{
166 struct dev_data *dev;
167
168 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
169 if (!dev)
170 return NULL;
171 dev->state = STATE_DEV_DISABLED;
172 refcount_set (&dev->count, 1);
173 spin_lock_init (&dev->lock);
174 INIT_LIST_HEAD (&dev->epfiles);
175 init_waitqueue_head (&dev->wait);
176 return dev;
177}
178
179
180
181
182enum ep_state {
183 STATE_EP_DISABLED = 0,
184 STATE_EP_READY,
185 STATE_EP_ENABLED,
186 STATE_EP_UNBOUND,
187};
188
189struct ep_data {
190 struct mutex lock;
191 enum ep_state state;
192 refcount_t count;
193 struct dev_data *dev;
194
195 struct usb_ep *ep;
196 struct usb_request *req;
197 ssize_t status;
198 char name [16];
199 struct usb_endpoint_descriptor desc, hs_desc;
200 struct list_head epfiles;
201 wait_queue_head_t wait;
202 struct dentry *dentry;
203};
204
205static inline void get_ep (struct ep_data *data)
206{
207 refcount_inc (&data->count);
208}
209
210static void put_ep (struct ep_data *data)
211{
212 if (likely (!refcount_dec_and_test (&data->count)))
213 return;
214 put_dev (data->dev);
215
216 BUG_ON (!list_empty (&data->epfiles));
217 BUG_ON (waitqueue_active (&data->wait));
218 kfree (data);
219}
220
221
222
223
224
225
226
227
228
229static const char *CHIP;
230
231
232
233
234
235
236
237
238#define xprintk(d,level,fmt,args...) \
239 printk(level "%s: " fmt , shortname , ## args)
240
241#ifdef DEBUG
242#define DBG(dev,fmt,args...) \
243 xprintk(dev , KERN_DEBUG , fmt , ## args)
244#else
245#define DBG(dev,fmt,args...) \
246 do { } while (0)
247#endif
248
249#ifdef VERBOSE_DEBUG
250#define VDEBUG DBG
251#else
252#define VDEBUG(dev,fmt,args...) \
253 do { } while (0)
254#endif
255
256#define ERROR(dev,fmt,args...) \
257 xprintk(dev , KERN_ERR , fmt , ## args)
258#define INFO(dev,fmt,args...) \
259 xprintk(dev , KERN_INFO , fmt , ## args)
260
261
262
263
264
265
266
267
268
269
270
271static void epio_complete (struct usb_ep *ep, struct usb_request *req)
272{
273 struct ep_data *epdata = ep->driver_data;
274
275 if (!req->context)
276 return;
277 if (req->status)
278 epdata->status = req->status;
279 else
280 epdata->status = req->actual;
281 complete ((struct completion *)req->context);
282}
283
284
285
286
287static int
288get_ready_ep (unsigned f_flags, struct ep_data *epdata, bool is_write)
289{
290 int val;
291
292 if (f_flags & O_NONBLOCK) {
293 if (!mutex_trylock(&epdata->lock))
294 goto nonblock;
295 if (epdata->state != STATE_EP_ENABLED &&
296 (!is_write || epdata->state != STATE_EP_READY)) {
297 mutex_unlock(&epdata->lock);
298nonblock:
299 val = -EAGAIN;
300 } else
301 val = 0;
302 return val;
303 }
304
305 val = mutex_lock_interruptible(&epdata->lock);
306 if (val < 0)
307 return val;
308
309 switch (epdata->state) {
310 case STATE_EP_ENABLED:
311 return 0;
312 case STATE_EP_READY:
313 if (is_write)
314 return 0;
315 fallthrough;
316 case STATE_EP_UNBOUND:
317 break;
318
319 default:
320 pr_debug ("%s: ep %p not available, state %d\n",
321 shortname, epdata, epdata->state);
322 }
323 mutex_unlock(&epdata->lock);
324 return -ENODEV;
325}
326
327static ssize_t
328ep_io (struct ep_data *epdata, void *buf, unsigned len)
329{
330 DECLARE_COMPLETION_ONSTACK (done);
331 int value;
332
333 spin_lock_irq (&epdata->dev->lock);
334 if (likely (epdata->ep != NULL)) {
335 struct usb_request *req = epdata->req;
336
337 req->context = &done;
338 req->complete = epio_complete;
339 req->buf = buf;
340 req->length = len;
341 value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
342 } else
343 value = -ENODEV;
344 spin_unlock_irq (&epdata->dev->lock);
345
346 if (likely (value == 0)) {
347 value = wait_for_completion_interruptible(&done);
348 if (value != 0) {
349 spin_lock_irq (&epdata->dev->lock);
350 if (likely (epdata->ep != NULL)) {
351 DBG (epdata->dev, "%s i/o interrupted\n",
352 epdata->name);
353 usb_ep_dequeue (epdata->ep, epdata->req);
354 spin_unlock_irq (&epdata->dev->lock);
355
356 wait_for_completion(&done);
357 if (epdata->status == -ECONNRESET)
358 epdata->status = -EINTR;
359 } else {
360 spin_unlock_irq (&epdata->dev->lock);
361
362 DBG (epdata->dev, "endpoint gone\n");
363 epdata->status = -ENODEV;
364 }
365 }
366 return epdata->status;
367 }
368 return value;
369}
370
371static int
372ep_release (struct inode *inode, struct file *fd)
373{
374 struct ep_data *data = fd->private_data;
375 int value;
376
377 value = mutex_lock_interruptible(&data->lock);
378 if (value < 0)
379 return value;
380
381
382 if (data->state != STATE_EP_UNBOUND) {
383 data->state = STATE_EP_DISABLED;
384 data->desc.bDescriptorType = 0;
385 data->hs_desc.bDescriptorType = 0;
386 usb_ep_disable(data->ep);
387 }
388 mutex_unlock(&data->lock);
389 put_ep (data);
390 return 0;
391}
392
393static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
394{
395 struct ep_data *data = fd->private_data;
396 int status;
397
398 if ((status = get_ready_ep (fd->f_flags, data, false)) < 0)
399 return status;
400
401 spin_lock_irq (&data->dev->lock);
402 if (likely (data->ep != NULL)) {
403 switch (code) {
404 case GADGETFS_FIFO_STATUS:
405 status = usb_ep_fifo_status (data->ep);
406 break;
407 case GADGETFS_FIFO_FLUSH:
408 usb_ep_fifo_flush (data->ep);
409 break;
410 case GADGETFS_CLEAR_HALT:
411 status = usb_ep_clear_halt (data->ep);
412 break;
413 default:
414 status = -ENOTTY;
415 }
416 } else
417 status = -ENODEV;
418 spin_unlock_irq (&data->dev->lock);
419 mutex_unlock(&data->lock);
420 return status;
421}
422
423
424
425
426
427struct kiocb_priv {
428 struct usb_request *req;
429 struct ep_data *epdata;
430 struct kiocb *iocb;
431 struct mm_struct *mm;
432 struct work_struct work;
433 void *buf;
434 struct iov_iter to;
435 const void *to_free;
436 unsigned actual;
437};
438
439static int ep_aio_cancel(struct kiocb *iocb)
440{
441 struct kiocb_priv *priv = iocb->private;
442 struct ep_data *epdata;
443 int value;
444
445 local_irq_disable();
446 epdata = priv->epdata;
447
448 if (likely(epdata && epdata->ep && priv->req))
449 value = usb_ep_dequeue (epdata->ep, priv->req);
450 else
451 value = -EINVAL;
452
453 local_irq_enable();
454
455 return value;
456}
457
458static void ep_user_copy_worker(struct work_struct *work)
459{
460 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
461 struct mm_struct *mm = priv->mm;
462 struct kiocb *iocb = priv->iocb;
463 size_t ret;
464
465 kthread_use_mm(mm);
466 ret = copy_to_iter(priv->buf, priv->actual, &priv->to);
467 kthread_unuse_mm(mm);
468 if (!ret)
469 ret = -EFAULT;
470
471
472 iocb->ki_complete(iocb, ret, ret);
473
474 kfree(priv->buf);
475 kfree(priv->to_free);
476 kfree(priv);
477}
478
479static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
480{
481 struct kiocb *iocb = req->context;
482 struct kiocb_priv *priv = iocb->private;
483 struct ep_data *epdata = priv->epdata;
484
485
486 spin_lock(&epdata->dev->lock);
487 priv->req = NULL;
488 priv->epdata = NULL;
489
490
491
492
493
494 if (priv->to_free == NULL || unlikely(req->actual == 0)) {
495 kfree(req->buf);
496 kfree(priv->to_free);
497 kfree(priv);
498 iocb->private = NULL;
499
500
501 iocb->ki_complete(iocb,
502 req->actual ? req->actual : (long)req->status,
503 req->status);
504 } else {
505
506 if (unlikely(0 != req->status))
507 DBG(epdata->dev, "%s fault %d len %d\n",
508 ep->name, req->status, req->actual);
509
510 priv->buf = req->buf;
511 priv->actual = req->actual;
512 INIT_WORK(&priv->work, ep_user_copy_worker);
513 schedule_work(&priv->work);
514 }
515
516 usb_ep_free_request(ep, req);
517 spin_unlock(&epdata->dev->lock);
518 put_ep(epdata);
519}
520
521static ssize_t ep_aio(struct kiocb *iocb,
522 struct kiocb_priv *priv,
523 struct ep_data *epdata,
524 char *buf,
525 size_t len)
526{
527 struct usb_request *req;
528 ssize_t value;
529
530 iocb->private = priv;
531 priv->iocb = iocb;
532
533 kiocb_set_cancel_fn(iocb, ep_aio_cancel);
534 get_ep(epdata);
535 priv->epdata = epdata;
536 priv->actual = 0;
537 priv->mm = current->mm;
538
539
540
541
542 spin_lock_irq(&epdata->dev->lock);
543 value = -ENODEV;
544 if (unlikely(epdata->ep == NULL))
545 goto fail;
546
547 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
548 value = -ENOMEM;
549 if (unlikely(!req))
550 goto fail;
551
552 priv->req = req;
553 req->buf = buf;
554 req->length = len;
555 req->complete = ep_aio_complete;
556 req->context = iocb;
557 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
558 if (unlikely(0 != value)) {
559 usb_ep_free_request(epdata->ep, req);
560 goto fail;
561 }
562 spin_unlock_irq(&epdata->dev->lock);
563 return -EIOCBQUEUED;
564
565fail:
566 spin_unlock_irq(&epdata->dev->lock);
567 kfree(priv->to_free);
568 kfree(priv);
569 put_ep(epdata);
570 return value;
571}
572
573static ssize_t
574ep_read_iter(struct kiocb *iocb, struct iov_iter *to)
575{
576 struct file *file = iocb->ki_filp;
577 struct ep_data *epdata = file->private_data;
578 size_t len = iov_iter_count(to);
579 ssize_t value;
580 char *buf;
581
582 if ((value = get_ready_ep(file->f_flags, epdata, false)) < 0)
583 return value;
584
585
586 if (usb_endpoint_dir_in(&epdata->desc)) {
587 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
588 !is_sync_kiocb(iocb)) {
589 mutex_unlock(&epdata->lock);
590 return -EINVAL;
591 }
592 DBG (epdata->dev, "%s halt\n", epdata->name);
593 spin_lock_irq(&epdata->dev->lock);
594 if (likely(epdata->ep != NULL))
595 usb_ep_set_halt(epdata->ep);
596 spin_unlock_irq(&epdata->dev->lock);
597 mutex_unlock(&epdata->lock);
598 return -EBADMSG;
599 }
600
601 buf = kmalloc(len, GFP_KERNEL);
602 if (unlikely(!buf)) {
603 mutex_unlock(&epdata->lock);
604 return -ENOMEM;
605 }
606 if (is_sync_kiocb(iocb)) {
607 value = ep_io(epdata, buf, len);
608 if (value >= 0 && (copy_to_iter(buf, value, to) != value))
609 value = -EFAULT;
610 } else {
611 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
612 value = -ENOMEM;
613 if (!priv)
614 goto fail;
615 priv->to_free = dup_iter(&priv->to, to, GFP_KERNEL);
616 if (!priv->to_free) {
617 kfree(priv);
618 goto fail;
619 }
620 value = ep_aio(iocb, priv, epdata, buf, len);
621 if (value == -EIOCBQUEUED)
622 buf = NULL;
623 }
624fail:
625 kfree(buf);
626 mutex_unlock(&epdata->lock);
627 return value;
628}
629
630static ssize_t ep_config(struct ep_data *, const char *, size_t);
631
632static ssize_t
633ep_write_iter(struct kiocb *iocb, struct iov_iter *from)
634{
635 struct file *file = iocb->ki_filp;
636 struct ep_data *epdata = file->private_data;
637 size_t len = iov_iter_count(from);
638 bool configured;
639 ssize_t value;
640 char *buf;
641
642 if ((value = get_ready_ep(file->f_flags, epdata, true)) < 0)
643 return value;
644
645 configured = epdata->state == STATE_EP_ENABLED;
646
647
648 if (configured && !usb_endpoint_dir_in(&epdata->desc)) {
649 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
650 !is_sync_kiocb(iocb)) {
651 mutex_unlock(&epdata->lock);
652 return -EINVAL;
653 }
654 DBG (epdata->dev, "%s halt\n", epdata->name);
655 spin_lock_irq(&epdata->dev->lock);
656 if (likely(epdata->ep != NULL))
657 usb_ep_set_halt(epdata->ep);
658 spin_unlock_irq(&epdata->dev->lock);
659 mutex_unlock(&epdata->lock);
660 return -EBADMSG;
661 }
662
663 buf = kmalloc(len, GFP_KERNEL);
664 if (unlikely(!buf)) {
665 mutex_unlock(&epdata->lock);
666 return -ENOMEM;
667 }
668
669 if (unlikely(!copy_from_iter_full(buf, len, from))) {
670 value = -EFAULT;
671 goto out;
672 }
673
674 if (unlikely(!configured)) {
675 value = ep_config(epdata, buf, len);
676 } else if (is_sync_kiocb(iocb)) {
677 value = ep_io(epdata, buf, len);
678 } else {
679 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
680 value = -ENOMEM;
681 if (priv) {
682 value = ep_aio(iocb, priv, epdata, buf, len);
683 if (value == -EIOCBQUEUED)
684 buf = NULL;
685 }
686 }
687out:
688 kfree(buf);
689 mutex_unlock(&epdata->lock);
690 return value;
691}
692
693
694
695
696static const struct file_operations ep_io_operations = {
697 .owner = THIS_MODULE,
698
699 .open = ep_open,
700 .release = ep_release,
701 .llseek = no_llseek,
702 .unlocked_ioctl = ep_ioctl,
703 .read_iter = ep_read_iter,
704 .write_iter = ep_write_iter,
705};
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720static ssize_t
721ep_config (struct ep_data *data, const char *buf, size_t len)
722{
723 struct usb_ep *ep;
724 u32 tag;
725 int value, length = len;
726
727 if (data->state != STATE_EP_READY) {
728 value = -EL2HLT;
729 goto fail;
730 }
731
732 value = len;
733 if (len < USB_DT_ENDPOINT_SIZE + 4)
734 goto fail0;
735
736
737 memcpy(&tag, buf, 4);
738 if (tag != 1) {
739 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
740 goto fail0;
741 }
742 buf += 4;
743 len -= 4;
744
745
746
747
748
749
750 memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE);
751 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
752 || data->desc.bDescriptorType != USB_DT_ENDPOINT)
753 goto fail0;
754 if (len != USB_DT_ENDPOINT_SIZE) {
755 if (len != 2 * USB_DT_ENDPOINT_SIZE)
756 goto fail0;
757 memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
758 USB_DT_ENDPOINT_SIZE);
759 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
760 || data->hs_desc.bDescriptorType
761 != USB_DT_ENDPOINT) {
762 DBG(data->dev, "config %s, bad hs length or type\n",
763 data->name);
764 goto fail0;
765 }
766 }
767
768 spin_lock_irq (&data->dev->lock);
769 if (data->dev->state == STATE_DEV_UNBOUND) {
770 value = -ENOENT;
771 goto gone;
772 } else {
773 ep = data->ep;
774 if (ep == NULL) {
775 value = -ENODEV;
776 goto gone;
777 }
778 }
779 switch (data->dev->gadget->speed) {
780 case USB_SPEED_LOW:
781 case USB_SPEED_FULL:
782 ep->desc = &data->desc;
783 break;
784 case USB_SPEED_HIGH:
785
786 ep->desc = &data->hs_desc;
787 break;
788 default:
789 DBG(data->dev, "unconnected, %s init abandoned\n",
790 data->name);
791 value = -EINVAL;
792 goto gone;
793 }
794 value = usb_ep_enable(ep);
795 if (value == 0) {
796 data->state = STATE_EP_ENABLED;
797 value = length;
798 }
799gone:
800 spin_unlock_irq (&data->dev->lock);
801 if (value < 0) {
802fail:
803 data->desc.bDescriptorType = 0;
804 data->hs_desc.bDescriptorType = 0;
805 }
806 return value;
807fail0:
808 value = -EINVAL;
809 goto fail;
810}
811
812static int
813ep_open (struct inode *inode, struct file *fd)
814{
815 struct ep_data *data = inode->i_private;
816 int value = -EBUSY;
817
818 if (mutex_lock_interruptible(&data->lock) != 0)
819 return -EINTR;
820 spin_lock_irq (&data->dev->lock);
821 if (data->dev->state == STATE_DEV_UNBOUND)
822 value = -ENOENT;
823 else if (data->state == STATE_EP_DISABLED) {
824 value = 0;
825 data->state = STATE_EP_READY;
826 get_ep (data);
827 fd->private_data = data;
828 VDEBUG (data->dev, "%s ready\n", data->name);
829 } else
830 DBG (data->dev, "%s state %d\n",
831 data->name, data->state);
832 spin_unlock_irq (&data->dev->lock);
833 mutex_unlock(&data->lock);
834 return value;
835}
836
837
838
839
840
841
842
843
844
845
846static inline void ep0_readable (struct dev_data *dev)
847{
848 wake_up (&dev->wait);
849 kill_fasync (&dev->fasync, SIGIO, POLL_IN);
850}
851
852static void clean_req (struct usb_ep *ep, struct usb_request *req)
853{
854 struct dev_data *dev = ep->driver_data;
855
856 if (req->buf != dev->rbuf) {
857 kfree(req->buf);
858 req->buf = dev->rbuf;
859 }
860 req->complete = epio_complete;
861 dev->setup_out_ready = 0;
862}
863
864static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
865{
866 struct dev_data *dev = ep->driver_data;
867 unsigned long flags;
868 int free = 1;
869
870
871 spin_lock_irqsave(&dev->lock, flags);
872 if (!dev->setup_in) {
873 dev->setup_out_error = (req->status != 0);
874 if (!dev->setup_out_error)
875 free = 0;
876 dev->setup_out_ready = 1;
877 ep0_readable (dev);
878 }
879
880
881 if (free && req->buf != &dev->rbuf)
882 clean_req (ep, req);
883 req->complete = epio_complete;
884 spin_unlock_irqrestore(&dev->lock, flags);
885}
886
887static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
888{
889 struct dev_data *dev = ep->driver_data;
890
891 if (dev->setup_out_ready) {
892 DBG (dev, "ep0 request busy!\n");
893 return -EBUSY;
894 }
895 if (len > sizeof (dev->rbuf))
896 req->buf = kmalloc(len, GFP_ATOMIC);
897 if (req->buf == NULL) {
898 req->buf = dev->rbuf;
899 return -ENOMEM;
900 }
901 req->complete = ep0_complete;
902 req->length = len;
903 req->zero = 0;
904 return 0;
905}
906
907static ssize_t
908ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
909{
910 struct dev_data *dev = fd->private_data;
911 ssize_t retval;
912 enum ep0_state state;
913
914 spin_lock_irq (&dev->lock);
915 if (dev->state <= STATE_DEV_OPENED) {
916 retval = -EINVAL;
917 goto done;
918 }
919
920
921 if (dev->setup_abort) {
922 dev->setup_abort = 0;
923 retval = -EIDRM;
924 goto done;
925 }
926
927
928 if ((state = dev->state) == STATE_DEV_SETUP) {
929
930 if (dev->setup_in) {
931 VDEBUG(dev, "ep0in stall\n");
932 (void) usb_ep_set_halt (dev->gadget->ep0);
933 retval = -EL2HLT;
934 dev->state = STATE_DEV_CONNECTED;
935
936 } else if (len == 0) {
937 struct usb_ep *ep = dev->gadget->ep0;
938 struct usb_request *req = dev->req;
939
940 if ((retval = setup_req (ep, req, 0)) == 0) {
941 ++dev->udc_usage;
942 spin_unlock_irq (&dev->lock);
943 retval = usb_ep_queue (ep, req, GFP_KERNEL);
944 spin_lock_irq (&dev->lock);
945 --dev->udc_usage;
946 }
947 dev->state = STATE_DEV_CONNECTED;
948
949
950 if (dev->current_config) {
951 unsigned power;
952
953 if (gadget_is_dualspeed(dev->gadget)
954 && (dev->gadget->speed
955 == USB_SPEED_HIGH))
956 power = dev->hs_config->bMaxPower;
957 else
958 power = dev->config->bMaxPower;
959 usb_gadget_vbus_draw(dev->gadget, 2 * power);
960 }
961
962 } else {
963 if ((fd->f_flags & O_NONBLOCK) != 0
964 && !dev->setup_out_ready) {
965 retval = -EAGAIN;
966 goto done;
967 }
968 spin_unlock_irq (&dev->lock);
969 retval = wait_event_interruptible (dev->wait,
970 dev->setup_out_ready != 0);
971
972
973 spin_lock_irq (&dev->lock);
974 if (retval)
975 goto done;
976
977 if (dev->state != STATE_DEV_SETUP) {
978 retval = -ECANCELED;
979 goto done;
980 }
981 dev->state = STATE_DEV_CONNECTED;
982
983 if (dev->setup_out_error)
984 retval = -EIO;
985 else {
986 len = min (len, (size_t)dev->req->actual);
987 ++dev->udc_usage;
988 spin_unlock_irq(&dev->lock);
989 if (copy_to_user (buf, dev->req->buf, len))
990 retval = -EFAULT;
991 else
992 retval = len;
993 spin_lock_irq(&dev->lock);
994 --dev->udc_usage;
995 clean_req (dev->gadget->ep0, dev->req);
996
997 }
998 }
999 goto done;
1000 }
1001
1002
1003 if (len < sizeof dev->event [0]) {
1004 retval = -EINVAL;
1005 goto done;
1006 }
1007 len -= len % sizeof (struct usb_gadgetfs_event);
1008 dev->usermode_setup = 1;
1009
1010scan:
1011
1012 if (dev->ev_next != 0) {
1013 unsigned i, n;
1014
1015 n = len / sizeof (struct usb_gadgetfs_event);
1016 if (dev->ev_next < n)
1017 n = dev->ev_next;
1018
1019
1020 for (i = 0; i < n; i++) {
1021 if (dev->event [i].type == GADGETFS_SETUP) {
1022 dev->state = STATE_DEV_SETUP;
1023 n = i + 1;
1024 break;
1025 }
1026 }
1027 spin_unlock_irq (&dev->lock);
1028 len = n * sizeof (struct usb_gadgetfs_event);
1029 if (copy_to_user (buf, &dev->event, len))
1030 retval = -EFAULT;
1031 else
1032 retval = len;
1033 if (len > 0) {
1034
1035
1036
1037 spin_lock_irq (&dev->lock);
1038 if (dev->ev_next > n) {
1039 memmove(&dev->event[0], &dev->event[n],
1040 sizeof (struct usb_gadgetfs_event)
1041 * (dev->ev_next - n));
1042 }
1043 dev->ev_next -= n;
1044 spin_unlock_irq (&dev->lock);
1045 }
1046 return retval;
1047 }
1048 if (fd->f_flags & O_NONBLOCK) {
1049 retval = -EAGAIN;
1050 goto done;
1051 }
1052
1053 switch (state) {
1054 default:
1055 DBG (dev, "fail %s, state %d\n", __func__, state);
1056 retval = -ESRCH;
1057 break;
1058 case STATE_DEV_UNCONNECTED:
1059 case STATE_DEV_CONNECTED:
1060 spin_unlock_irq (&dev->lock);
1061 DBG (dev, "%s wait\n", __func__);
1062
1063
1064 retval = wait_event_interruptible (dev->wait,
1065 dev->ev_next != 0);
1066 if (retval < 0)
1067 return retval;
1068 spin_lock_irq (&dev->lock);
1069 goto scan;
1070 }
1071
1072done:
1073 spin_unlock_irq (&dev->lock);
1074 return retval;
1075}
1076
1077static struct usb_gadgetfs_event *
1078next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1079{
1080 struct usb_gadgetfs_event *event;
1081 unsigned i;
1082
1083 switch (type) {
1084
1085 case GADGETFS_DISCONNECT:
1086 if (dev->state == STATE_DEV_SETUP)
1087 dev->setup_abort = 1;
1088 fallthrough;
1089 case GADGETFS_CONNECT:
1090 dev->ev_next = 0;
1091 break;
1092 case GADGETFS_SETUP:
1093 case GADGETFS_SUSPEND:
1094
1095 for (i = 0; i != dev->ev_next; i++) {
1096 if (dev->event [i].type != type)
1097 continue;
1098 DBG(dev, "discard old event[%d] %d\n", i, type);
1099 dev->ev_next--;
1100 if (i == dev->ev_next)
1101 break;
1102
1103 memmove (&dev->event [i], &dev->event [i + 1],
1104 sizeof (struct usb_gadgetfs_event)
1105 * (dev->ev_next - i));
1106 }
1107 break;
1108 default:
1109 BUG ();
1110 }
1111 VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1112 event = &dev->event [dev->ev_next++];
1113 BUG_ON (dev->ev_next > N_EVENT);
1114 memset (event, 0, sizeof *event);
1115 event->type = type;
1116 return event;
1117}
1118
1119static ssize_t
1120ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1121{
1122 struct dev_data *dev = fd->private_data;
1123 ssize_t retval = -ESRCH;
1124
1125
1126 if (dev->setup_abort) {
1127 dev->setup_abort = 0;
1128 retval = -EIDRM;
1129
1130
1131 } else if (dev->state == STATE_DEV_SETUP) {
1132
1133 len = min_t(size_t, len, dev->setup_wLength);
1134 if (dev->setup_in) {
1135 retval = setup_req (dev->gadget->ep0, dev->req, len);
1136 if (retval == 0) {
1137 dev->state = STATE_DEV_CONNECTED;
1138 ++dev->udc_usage;
1139 spin_unlock_irq (&dev->lock);
1140 if (copy_from_user (dev->req->buf, buf, len))
1141 retval = -EFAULT;
1142 else {
1143 if (len < dev->setup_wLength)
1144 dev->req->zero = 1;
1145 retval = usb_ep_queue (
1146 dev->gadget->ep0, dev->req,
1147 GFP_KERNEL);
1148 }
1149 spin_lock_irq(&dev->lock);
1150 --dev->udc_usage;
1151 if (retval < 0) {
1152 clean_req (dev->gadget->ep0, dev->req);
1153 } else
1154 retval = len;
1155
1156 return retval;
1157 }
1158
1159
1160 } else if (dev->setup_can_stall) {
1161 VDEBUG(dev, "ep0out stall\n");
1162 (void) usb_ep_set_halt (dev->gadget->ep0);
1163 retval = -EL2HLT;
1164 dev->state = STATE_DEV_CONNECTED;
1165 } else {
1166 DBG(dev, "bogus ep0out stall!\n");
1167 }
1168 } else
1169 DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1170
1171 return retval;
1172}
1173
1174static int
1175ep0_fasync (int f, struct file *fd, int on)
1176{
1177 struct dev_data *dev = fd->private_data;
1178
1179 VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1180 return fasync_helper (f, fd, on, &dev->fasync);
1181}
1182
1183static struct usb_gadget_driver gadgetfs_driver;
1184
1185static int
1186dev_release (struct inode *inode, struct file *fd)
1187{
1188 struct dev_data *dev = fd->private_data;
1189
1190
1191
1192 if (dev->gadget_registered) {
1193 usb_gadget_unregister_driver (&gadgetfs_driver);
1194 dev->gadget_registered = false;
1195 }
1196
1197
1198
1199
1200
1201
1202 kfree (dev->buf);
1203 dev->buf = NULL;
1204
1205
1206 spin_lock_irq(&dev->lock);
1207 dev->state = STATE_DEV_DISABLED;
1208 spin_unlock_irq(&dev->lock);
1209
1210 put_dev (dev);
1211 return 0;
1212}
1213
1214static __poll_t
1215ep0_poll (struct file *fd, poll_table *wait)
1216{
1217 struct dev_data *dev = fd->private_data;
1218 __poll_t mask = 0;
1219
1220 if (dev->state <= STATE_DEV_OPENED)
1221 return DEFAULT_POLLMASK;
1222
1223 poll_wait(fd, &dev->wait, wait);
1224
1225 spin_lock_irq(&dev->lock);
1226
1227
1228 if (dev->setup_abort) {
1229 dev->setup_abort = 0;
1230 mask = EPOLLHUP;
1231 goto out;
1232 }
1233
1234 if (dev->state == STATE_DEV_SETUP) {
1235 if (dev->setup_in || dev->setup_can_stall)
1236 mask = EPOLLOUT;
1237 } else {
1238 if (dev->ev_next != 0)
1239 mask = EPOLLIN;
1240 }
1241out:
1242 spin_unlock_irq(&dev->lock);
1243 return mask;
1244}
1245
1246static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1247{
1248 struct dev_data *dev = fd->private_data;
1249 struct usb_gadget *gadget = dev->gadget;
1250 long ret = -ENOTTY;
1251
1252 spin_lock_irq(&dev->lock);
1253 if (dev->state == STATE_DEV_OPENED ||
1254 dev->state == STATE_DEV_UNBOUND) {
1255
1256 } else if (gadget->ops->ioctl) {
1257 ++dev->udc_usage;
1258 spin_unlock_irq(&dev->lock);
1259
1260 ret = gadget->ops->ioctl (gadget, code, value);
1261
1262 spin_lock_irq(&dev->lock);
1263 --dev->udc_usage;
1264 }
1265 spin_unlock_irq(&dev->lock);
1266
1267 return ret;
1268}
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278static void make_qualifier (struct dev_data *dev)
1279{
1280 struct usb_qualifier_descriptor qual;
1281 struct usb_device_descriptor *desc;
1282
1283 qual.bLength = sizeof qual;
1284 qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1285 qual.bcdUSB = cpu_to_le16 (0x0200);
1286
1287 desc = dev->dev;
1288 qual.bDeviceClass = desc->bDeviceClass;
1289 qual.bDeviceSubClass = desc->bDeviceSubClass;
1290 qual.bDeviceProtocol = desc->bDeviceProtocol;
1291
1292
1293 qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1294
1295 qual.bNumConfigurations = 1;
1296 qual.bRESERVED = 0;
1297
1298 memcpy (dev->rbuf, &qual, sizeof qual);
1299}
1300
1301static int
1302config_buf (struct dev_data *dev, u8 type, unsigned index)
1303{
1304 int len;
1305 int hs = 0;
1306
1307
1308 if (index > 0)
1309 return -EINVAL;
1310
1311 if (gadget_is_dualspeed(dev->gadget)) {
1312 hs = (dev->gadget->speed == USB_SPEED_HIGH);
1313 if (type == USB_DT_OTHER_SPEED_CONFIG)
1314 hs = !hs;
1315 }
1316 if (hs) {
1317 dev->req->buf = dev->hs_config;
1318 len = le16_to_cpu(dev->hs_config->wTotalLength);
1319 } else {
1320 dev->req->buf = dev->config;
1321 len = le16_to_cpu(dev->config->wTotalLength);
1322 }
1323 ((u8 *)dev->req->buf) [1] = type;
1324 return len;
1325}
1326
1327static int
1328gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1329{
1330 struct dev_data *dev = get_gadget_data (gadget);
1331 struct usb_request *req = dev->req;
1332 int value = -EOPNOTSUPP;
1333 struct usb_gadgetfs_event *event;
1334 u16 w_value = le16_to_cpu(ctrl->wValue);
1335 u16 w_length = le16_to_cpu(ctrl->wLength);
1336
1337 spin_lock (&dev->lock);
1338 dev->setup_abort = 0;
1339 if (dev->state == STATE_DEV_UNCONNECTED) {
1340 if (gadget_is_dualspeed(gadget)
1341 && gadget->speed == USB_SPEED_HIGH
1342 && dev->hs_config == NULL) {
1343 spin_unlock(&dev->lock);
1344 ERROR (dev, "no high speed config??\n");
1345 return -EINVAL;
1346 }
1347
1348 dev->state = STATE_DEV_CONNECTED;
1349
1350 INFO (dev, "connected\n");
1351 event = next_event (dev, GADGETFS_CONNECT);
1352 event->u.speed = gadget->speed;
1353 ep0_readable (dev);
1354
1355
1356
1357
1358
1359
1360 } else if (dev->state == STATE_DEV_SETUP)
1361 dev->setup_abort = 1;
1362
1363 req->buf = dev->rbuf;
1364 req->context = NULL;
1365 switch (ctrl->bRequest) {
1366
1367 case USB_REQ_GET_DESCRIPTOR:
1368 if (ctrl->bRequestType != USB_DIR_IN)
1369 goto unrecognized;
1370 switch (w_value >> 8) {
1371
1372 case USB_DT_DEVICE:
1373 value = min (w_length, (u16) sizeof *dev->dev);
1374 dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1375 req->buf = dev->dev;
1376 break;
1377 case USB_DT_DEVICE_QUALIFIER:
1378 if (!dev->hs_config)
1379 break;
1380 value = min (w_length, (u16)
1381 sizeof (struct usb_qualifier_descriptor));
1382 make_qualifier (dev);
1383 break;
1384 case USB_DT_OTHER_SPEED_CONFIG:
1385 case USB_DT_CONFIG:
1386 value = config_buf (dev,
1387 w_value >> 8,
1388 w_value & 0xff);
1389 if (value >= 0)
1390 value = min (w_length, (u16) value);
1391 break;
1392 case USB_DT_STRING:
1393 goto unrecognized;
1394
1395 default:
1396 break;
1397 }
1398 break;
1399
1400
1401 case USB_REQ_SET_CONFIGURATION:
1402 if (ctrl->bRequestType != 0)
1403 goto unrecognized;
1404 if (0 == (u8) w_value) {
1405 value = 0;
1406 dev->current_config = 0;
1407 usb_gadget_vbus_draw(gadget, 8 );
1408
1409 } else {
1410 u8 config, power;
1411
1412 if (gadget_is_dualspeed(gadget)
1413 && gadget->speed == USB_SPEED_HIGH) {
1414 config = dev->hs_config->bConfigurationValue;
1415 power = dev->hs_config->bMaxPower;
1416 } else {
1417 config = dev->config->bConfigurationValue;
1418 power = dev->config->bMaxPower;
1419 }
1420
1421 if (config == (u8) w_value) {
1422 value = 0;
1423 dev->current_config = config;
1424 usb_gadget_vbus_draw(gadget, 2 * power);
1425 }
1426 }
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437 if (value == 0) {
1438 INFO (dev, "configuration #%d\n", dev->current_config);
1439 usb_gadget_set_state(gadget, USB_STATE_CONFIGURED);
1440 if (dev->usermode_setup) {
1441 dev->setup_can_stall = 0;
1442 goto delegate;
1443 }
1444 }
1445 break;
1446
1447#ifndef CONFIG_USB_PXA25X
1448
1449 case USB_REQ_GET_CONFIGURATION:
1450 if (ctrl->bRequestType != 0x80)
1451 goto unrecognized;
1452 *(u8 *)req->buf = dev->current_config;
1453 value = min (w_length, (u16) 1);
1454 break;
1455#endif
1456
1457 default:
1458unrecognized:
1459 VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1460 dev->usermode_setup ? "delegate" : "fail",
1461 ctrl->bRequestType, ctrl->bRequest,
1462 w_value, le16_to_cpu(ctrl->wIndex), w_length);
1463
1464
1465 if (dev->usermode_setup) {
1466 dev->setup_can_stall = 1;
1467delegate:
1468 dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1469 ? 1 : 0;
1470 dev->setup_wLength = w_length;
1471 dev->setup_out_ready = 0;
1472 dev->setup_out_error = 0;
1473
1474
1475 if (unlikely (!dev->setup_in && w_length)) {
1476 value = setup_req (gadget->ep0, dev->req,
1477 w_length);
1478 if (value < 0)
1479 break;
1480
1481 ++dev->udc_usage;
1482 spin_unlock (&dev->lock);
1483 value = usb_ep_queue (gadget->ep0, dev->req,
1484 GFP_KERNEL);
1485 spin_lock (&dev->lock);
1486 --dev->udc_usage;
1487 if (value < 0) {
1488 clean_req (gadget->ep0, dev->req);
1489 break;
1490 }
1491
1492
1493 dev->setup_can_stall = 0;
1494 }
1495
1496
1497 event = next_event (dev, GADGETFS_SETUP);
1498 event->u.setup = *ctrl;
1499 ep0_readable (dev);
1500 spin_unlock (&dev->lock);
1501 return 0;
1502 }
1503 }
1504
1505
1506 if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1507 req->length = value;
1508 req->zero = value < w_length;
1509
1510 ++dev->udc_usage;
1511 spin_unlock (&dev->lock);
1512 value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
1513 spin_lock(&dev->lock);
1514 --dev->udc_usage;
1515 spin_unlock(&dev->lock);
1516 if (value < 0) {
1517 DBG (dev, "ep_queue --> %d\n", value);
1518 req->status = 0;
1519 }
1520 return value;
1521 }
1522
1523
1524 spin_unlock (&dev->lock);
1525 return value;
1526}
1527
1528static void destroy_ep_files (struct dev_data *dev)
1529{
1530 DBG (dev, "%s %d\n", __func__, dev->state);
1531
1532
1533 spin_lock_irq (&dev->lock);
1534 while (!list_empty(&dev->epfiles)) {
1535 struct ep_data *ep;
1536 struct inode *parent;
1537 struct dentry *dentry;
1538
1539
1540 ep = list_first_entry (&dev->epfiles, struct ep_data, epfiles);
1541 list_del_init (&ep->epfiles);
1542 spin_unlock_irq (&dev->lock);
1543
1544 dentry = ep->dentry;
1545 ep->dentry = NULL;
1546 parent = d_inode(dentry->d_parent);
1547
1548
1549 mutex_lock(&ep->lock);
1550 if (ep->state == STATE_EP_ENABLED)
1551 (void) usb_ep_disable (ep->ep);
1552 ep->state = STATE_EP_UNBOUND;
1553 usb_ep_free_request (ep->ep, ep->req);
1554 ep->ep = NULL;
1555 mutex_unlock(&ep->lock);
1556
1557 wake_up (&ep->wait);
1558 put_ep (ep);
1559
1560
1561 inode_lock(parent);
1562 d_delete (dentry);
1563 dput (dentry);
1564 inode_unlock(parent);
1565
1566 spin_lock_irq (&dev->lock);
1567 }
1568 spin_unlock_irq (&dev->lock);
1569}
1570
1571
1572static struct dentry *
1573gadgetfs_create_file (struct super_block *sb, char const *name,
1574 void *data, const struct file_operations *fops);
1575
1576static int activate_ep_files (struct dev_data *dev)
1577{
1578 struct usb_ep *ep;
1579 struct ep_data *data;
1580
1581 gadget_for_each_ep (ep, dev->gadget) {
1582
1583 data = kzalloc(sizeof(*data), GFP_KERNEL);
1584 if (!data)
1585 goto enomem0;
1586 data->state = STATE_EP_DISABLED;
1587 mutex_init(&data->lock);
1588 init_waitqueue_head (&data->wait);
1589
1590 strncpy (data->name, ep->name, sizeof (data->name) - 1);
1591 refcount_set (&data->count, 1);
1592 data->dev = dev;
1593 get_dev (dev);
1594
1595 data->ep = ep;
1596 ep->driver_data = data;
1597
1598 data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1599 if (!data->req)
1600 goto enomem1;
1601
1602 data->dentry = gadgetfs_create_file (dev->sb, data->name,
1603 data, &ep_io_operations);
1604 if (!data->dentry)
1605 goto enomem2;
1606 list_add_tail (&data->epfiles, &dev->epfiles);
1607 }
1608 return 0;
1609
1610enomem2:
1611 usb_ep_free_request (ep, data->req);
1612enomem1:
1613 put_dev (dev);
1614 kfree (data);
1615enomem0:
1616 DBG (dev, "%s enomem\n", __func__);
1617 destroy_ep_files (dev);
1618 return -ENOMEM;
1619}
1620
1621static void
1622gadgetfs_unbind (struct usb_gadget *gadget)
1623{
1624 struct dev_data *dev = get_gadget_data (gadget);
1625
1626 DBG (dev, "%s\n", __func__);
1627
1628 spin_lock_irq (&dev->lock);
1629 dev->state = STATE_DEV_UNBOUND;
1630 while (dev->udc_usage > 0) {
1631 spin_unlock_irq(&dev->lock);
1632 usleep_range(1000, 2000);
1633 spin_lock_irq(&dev->lock);
1634 }
1635 spin_unlock_irq (&dev->lock);
1636
1637 destroy_ep_files (dev);
1638 gadget->ep0->driver_data = NULL;
1639 set_gadget_data (gadget, NULL);
1640
1641
1642 if (dev->req)
1643 usb_ep_free_request (gadget->ep0, dev->req);
1644 DBG (dev, "%s done\n", __func__);
1645 put_dev (dev);
1646}
1647
1648static struct dev_data *the_device;
1649
1650static int gadgetfs_bind(struct usb_gadget *gadget,
1651 struct usb_gadget_driver *driver)
1652{
1653 struct dev_data *dev = the_device;
1654
1655 if (!dev)
1656 return -ESRCH;
1657 if (0 != strcmp (CHIP, gadget->name)) {
1658 pr_err("%s expected %s controller not %s\n",
1659 shortname, CHIP, gadget->name);
1660 return -ENODEV;
1661 }
1662
1663 set_gadget_data (gadget, dev);
1664 dev->gadget = gadget;
1665 gadget->ep0->driver_data = dev;
1666
1667
1668 dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1669 if (!dev->req)
1670 goto enomem;
1671 dev->req->context = NULL;
1672 dev->req->complete = epio_complete;
1673
1674 if (activate_ep_files (dev) < 0)
1675 goto enomem;
1676
1677 INFO (dev, "bound to %s driver\n", gadget->name);
1678 spin_lock_irq(&dev->lock);
1679 dev->state = STATE_DEV_UNCONNECTED;
1680 spin_unlock_irq(&dev->lock);
1681 get_dev (dev);
1682 return 0;
1683
1684enomem:
1685 gadgetfs_unbind (gadget);
1686 return -ENOMEM;
1687}
1688
1689static void
1690gadgetfs_disconnect (struct usb_gadget *gadget)
1691{
1692 struct dev_data *dev = get_gadget_data (gadget);
1693 unsigned long flags;
1694
1695 spin_lock_irqsave (&dev->lock, flags);
1696 if (dev->state == STATE_DEV_UNCONNECTED)
1697 goto exit;
1698 dev->state = STATE_DEV_UNCONNECTED;
1699
1700 INFO (dev, "disconnected\n");
1701 next_event (dev, GADGETFS_DISCONNECT);
1702 ep0_readable (dev);
1703exit:
1704 spin_unlock_irqrestore (&dev->lock, flags);
1705}
1706
1707static void
1708gadgetfs_suspend (struct usb_gadget *gadget)
1709{
1710 struct dev_data *dev = get_gadget_data (gadget);
1711 unsigned long flags;
1712
1713 INFO (dev, "suspended from state %d\n", dev->state);
1714 spin_lock_irqsave(&dev->lock, flags);
1715 switch (dev->state) {
1716 case STATE_DEV_SETUP:
1717 case STATE_DEV_CONNECTED:
1718 case STATE_DEV_UNCONNECTED:
1719 next_event (dev, GADGETFS_SUSPEND);
1720 ep0_readable (dev);
1721 fallthrough;
1722 default:
1723 break;
1724 }
1725 spin_unlock_irqrestore(&dev->lock, flags);
1726}
1727
1728static struct usb_gadget_driver gadgetfs_driver = {
1729 .function = (char *) driver_desc,
1730 .bind = gadgetfs_bind,
1731 .unbind = gadgetfs_unbind,
1732 .setup = gadgetfs_setup,
1733 .reset = gadgetfs_disconnect,
1734 .disconnect = gadgetfs_disconnect,
1735 .suspend = gadgetfs_suspend,
1736
1737 .driver = {
1738 .name = shortname,
1739 },
1740};
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769static int is_valid_config(struct usb_config_descriptor *config,
1770 unsigned int total)
1771{
1772 return config->bDescriptorType == USB_DT_CONFIG
1773 && config->bLength == USB_DT_CONFIG_SIZE
1774 && total >= USB_DT_CONFIG_SIZE
1775 && config->bConfigurationValue != 0
1776 && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1777 && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1778
1779
1780}
1781
1782static ssize_t
1783dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1784{
1785 struct dev_data *dev = fd->private_data;
1786 ssize_t value, length = len;
1787 unsigned total;
1788 u32 tag;
1789 char *kbuf;
1790
1791 spin_lock_irq(&dev->lock);
1792 if (dev->state > STATE_DEV_OPENED) {
1793 value = ep0_write(fd, buf, len, ptr);
1794 spin_unlock_irq(&dev->lock);
1795 return value;
1796 }
1797 spin_unlock_irq(&dev->lock);
1798
1799 if ((len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) ||
1800 (len > PAGE_SIZE * 4))
1801 return -EINVAL;
1802
1803
1804 if (copy_from_user (&tag, buf, 4))
1805 return -EFAULT;
1806 if (tag != 0)
1807 return -EINVAL;
1808 buf += 4;
1809 length -= 4;
1810
1811 kbuf = memdup_user(buf, length);
1812 if (IS_ERR(kbuf))
1813 return PTR_ERR(kbuf);
1814
1815 spin_lock_irq (&dev->lock);
1816 value = -EINVAL;
1817 if (dev->buf) {
1818 kfree(kbuf);
1819 goto fail;
1820 }
1821 dev->buf = kbuf;
1822
1823
1824 dev->config = (void *) kbuf;
1825 total = le16_to_cpu(dev->config->wTotalLength);
1826 if (!is_valid_config(dev->config, total) ||
1827 total > length - USB_DT_DEVICE_SIZE)
1828 goto fail;
1829 kbuf += total;
1830 length -= total;
1831
1832
1833 if (kbuf [1] == USB_DT_CONFIG) {
1834 dev->hs_config = (void *) kbuf;
1835 total = le16_to_cpu(dev->hs_config->wTotalLength);
1836 if (!is_valid_config(dev->hs_config, total) ||
1837 total > length - USB_DT_DEVICE_SIZE)
1838 goto fail;
1839 kbuf += total;
1840 length -= total;
1841 } else {
1842 dev->hs_config = NULL;
1843 }
1844
1845
1846
1847
1848 if (length != USB_DT_DEVICE_SIZE)
1849 goto fail;
1850 dev->dev = (void *)kbuf;
1851 if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1852 || dev->dev->bDescriptorType != USB_DT_DEVICE
1853 || dev->dev->bNumConfigurations != 1)
1854 goto fail;
1855 dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1856
1857
1858 spin_unlock_irq (&dev->lock);
1859 if (dev->hs_config)
1860 gadgetfs_driver.max_speed = USB_SPEED_HIGH;
1861 else
1862 gadgetfs_driver.max_speed = USB_SPEED_FULL;
1863
1864 value = usb_gadget_probe_driver(&gadgetfs_driver);
1865 if (value != 0) {
1866 kfree (dev->buf);
1867 dev->buf = NULL;
1868 } else {
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878 value = len;
1879 dev->gadget_registered = true;
1880 }
1881 return value;
1882
1883fail:
1884 spin_unlock_irq (&dev->lock);
1885 pr_debug ("%s: %s fail %zd, %p\n", shortname, __func__, value, dev);
1886 kfree (dev->buf);
1887 dev->buf = NULL;
1888 return value;
1889}
1890
1891static int
1892dev_open (struct inode *inode, struct file *fd)
1893{
1894 struct dev_data *dev = inode->i_private;
1895 int value = -EBUSY;
1896
1897 spin_lock_irq(&dev->lock);
1898 if (dev->state == STATE_DEV_DISABLED) {
1899 dev->ev_next = 0;
1900 dev->state = STATE_DEV_OPENED;
1901 fd->private_data = dev;
1902 get_dev (dev);
1903 value = 0;
1904 }
1905 spin_unlock_irq(&dev->lock);
1906 return value;
1907}
1908
1909static const struct file_operations ep0_operations = {
1910 .llseek = no_llseek,
1911
1912 .open = dev_open,
1913 .read = ep0_read,
1914 .write = dev_config,
1915 .fasync = ep0_fasync,
1916 .poll = ep0_poll,
1917 .unlocked_ioctl = dev_ioctl,
1918 .release = dev_release,
1919};
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934static unsigned default_uid;
1935static unsigned default_gid;
1936static unsigned default_perm = S_IRUSR | S_IWUSR;
1937
1938module_param (default_uid, uint, 0644);
1939module_param (default_gid, uint, 0644);
1940module_param (default_perm, uint, 0644);
1941
1942
1943static struct inode *
1944gadgetfs_make_inode (struct super_block *sb,
1945 void *data, const struct file_operations *fops,
1946 int mode)
1947{
1948 struct inode *inode = new_inode (sb);
1949
1950 if (inode) {
1951 inode->i_ino = get_next_ino();
1952 inode->i_mode = mode;
1953 inode->i_uid = make_kuid(&init_user_ns, default_uid);
1954 inode->i_gid = make_kgid(&init_user_ns, default_gid);
1955 inode->i_atime = inode->i_mtime = inode->i_ctime
1956 = current_time(inode);
1957 inode->i_private = data;
1958 inode->i_fop = fops;
1959 }
1960 return inode;
1961}
1962
1963
1964
1965
1966static struct dentry *
1967gadgetfs_create_file (struct super_block *sb, char const *name,
1968 void *data, const struct file_operations *fops)
1969{
1970 struct dentry *dentry;
1971 struct inode *inode;
1972
1973 dentry = d_alloc_name(sb->s_root, name);
1974 if (!dentry)
1975 return NULL;
1976
1977 inode = gadgetfs_make_inode (sb, data, fops,
1978 S_IFREG | (default_perm & S_IRWXUGO));
1979 if (!inode) {
1980 dput(dentry);
1981 return NULL;
1982 }
1983 d_add (dentry, inode);
1984 return dentry;
1985}
1986
1987static const struct super_operations gadget_fs_operations = {
1988 .statfs = simple_statfs,
1989 .drop_inode = generic_delete_inode,
1990};
1991
1992static int
1993gadgetfs_fill_super (struct super_block *sb, struct fs_context *fc)
1994{
1995 struct inode *inode;
1996 struct dev_data *dev;
1997
1998 if (the_device)
1999 return -ESRCH;
2000
2001 CHIP = usb_get_gadget_udc_name();
2002 if (!CHIP)
2003 return -ENODEV;
2004
2005
2006 sb->s_blocksize = PAGE_SIZE;
2007 sb->s_blocksize_bits = PAGE_SHIFT;
2008 sb->s_magic = GADGETFS_MAGIC;
2009 sb->s_op = &gadget_fs_operations;
2010 sb->s_time_gran = 1;
2011
2012
2013 inode = gadgetfs_make_inode (sb,
2014 NULL, &simple_dir_operations,
2015 S_IFDIR | S_IRUGO | S_IXUGO);
2016 if (!inode)
2017 goto Enomem;
2018 inode->i_op = &simple_dir_inode_operations;
2019 if (!(sb->s_root = d_make_root (inode)))
2020 goto Enomem;
2021
2022
2023
2024
2025 dev = dev_new ();
2026 if (!dev)
2027 goto Enomem;
2028
2029 dev->sb = sb;
2030 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations);
2031 if (!dev->dentry) {
2032 put_dev(dev);
2033 goto Enomem;
2034 }
2035
2036
2037
2038
2039 the_device = dev;
2040 return 0;
2041
2042Enomem:
2043 kfree(CHIP);
2044 CHIP = NULL;
2045
2046 return -ENOMEM;
2047}
2048
2049
2050static int gadgetfs_get_tree(struct fs_context *fc)
2051{
2052 return get_tree_single(fc, gadgetfs_fill_super);
2053}
2054
2055static const struct fs_context_operations gadgetfs_context_ops = {
2056 .get_tree = gadgetfs_get_tree,
2057};
2058
2059static int gadgetfs_init_fs_context(struct fs_context *fc)
2060{
2061 fc->ops = &gadgetfs_context_ops;
2062 return 0;
2063}
2064
2065static void
2066gadgetfs_kill_sb (struct super_block *sb)
2067{
2068 kill_litter_super (sb);
2069 if (the_device) {
2070 put_dev (the_device);
2071 the_device = NULL;
2072 }
2073 kfree(CHIP);
2074 CHIP = NULL;
2075}
2076
2077
2078
2079static struct file_system_type gadgetfs_type = {
2080 .owner = THIS_MODULE,
2081 .name = shortname,
2082 .init_fs_context = gadgetfs_init_fs_context,
2083 .kill_sb = gadgetfs_kill_sb,
2084};
2085MODULE_ALIAS_FS("gadgetfs");
2086
2087
2088
2089static int __init init (void)
2090{
2091 int status;
2092
2093 status = register_filesystem (&gadgetfs_type);
2094 if (status == 0)
2095 pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2096 shortname, driver_desc);
2097 return status;
2098}
2099module_init (init);
2100
2101static void __exit cleanup (void)
2102{
2103 pr_debug ("unregister %s\n", shortname);
2104 unregister_filesystem (&gadgetfs_type);
2105}
2106module_exit (cleanup);
2107
2108
