This source file includes following definitions.
- get_dev
- put_dev
- dev_new
- get_ep
- put_ep
- epio_complete
- get_ready_ep
- ep_io
- ep_release
- ep_ioctl
- ep_aio_cancel
- ep_user_copy_worker
- ep_aio_complete
- ep_aio
- ep_read_iter
- ep_write_iter
- ep_config
- ep_open
- ep0_readable
- clean_req
- ep0_complete
- setup_req
- ep0_read
- next_event
- ep0_write
- ep0_fasync
- dev_release
- ep0_poll
- dev_ioctl
- make_qualifier
- config_buf
- gadgetfs_setup
- destroy_ep_files
- activate_ep_files
- gadgetfs_unbind
- gadgetfs_bind
- gadgetfs_disconnect
- gadgetfs_suspend
- is_valid_config
- dev_config
- dev_open
- gadgetfs_make_inode
- gadgetfs_create_file
- gadgetfs_fill_super
- gadgetfs_get_tree
- gadgetfs_init_fs_context
- gadgetfs_kill_sb
- cleanup
1
2
3
4
5
6
7
8
9
10
11
12 #include <linux/init.h>
13 #include <linux/module.h>
14 #include <linux/fs.h>
15 #include <linux/fs_context.h>
16 #include <linux/pagemap.h>
17 #include <linux/uts.h>
18 #include <linux/wait.h>
19 #include <linux/compiler.h>
20 #include <linux/uaccess.h>
21 #include <linux/sched.h>
22 #include <linux/slab.h>
23 #include <linux/poll.h>
24 #include <linux/mmu_context.h>
25 #include <linux/aio.h>
26 #include <linux/uio.h>
27 #include <linux/refcount.h>
28 #include <linux/delay.h>
29 #include <linux/device.h>
30 #include <linux/moduleparam.h>
31
32 #include <linux/usb/gadgetfs.h>
33 #include <linux/usb/gadget.h>
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66 #define DRIVER_DESC "USB Gadget filesystem"
67 #define DRIVER_VERSION "24 Aug 2004"
68
69 static const char driver_desc [] = DRIVER_DESC;
70 static const char shortname [] = "gadgetfs";
71
72 MODULE_DESCRIPTION (DRIVER_DESC);
73 MODULE_AUTHOR ("David Brownell");
74 MODULE_LICENSE ("GPL");
75
76 static int ep_open(struct inode *, struct file *);
77
78
79
80
81 #define GADGETFS_MAGIC 0xaee71ee7
82
83
84 enum ep0_state {
85
86 STATE_DEV_DISABLED = 0,
87
88
89
90
91
92
93 STATE_DEV_OPENED,
94
95
96
97
98
99
100 STATE_DEV_UNCONNECTED,
101 STATE_DEV_CONNECTED,
102 STATE_DEV_SETUP,
103
104
105
106
107 STATE_DEV_UNBOUND,
108 };
109
110
111 #define N_EVENT 5
112
113 struct dev_data {
114 spinlock_t lock;
115 refcount_t count;
116 int udc_usage;
117 enum ep0_state state;
118 struct usb_gadgetfs_event event [N_EVENT];
119 unsigned ev_next;
120 struct fasync_struct *fasync;
121 u8 current_config;
122
123
124
125
126 unsigned usermode_setup : 1,
127 setup_in : 1,
128 setup_can_stall : 1,
129 setup_out_ready : 1,
130 setup_out_error : 1,
131 setup_abort : 1,
132 gadget_registered : 1;
133 unsigned setup_wLength;
134
135
136 struct usb_config_descriptor *config, *hs_config;
137 struct usb_device_descriptor *dev;
138 struct usb_request *req;
139 struct usb_gadget *gadget;
140 struct list_head epfiles;
141 void *buf;
142 wait_queue_head_t wait;
143 struct super_block *sb;
144 struct dentry *dentry;
145
146
147 u8 rbuf [256];
148 };
149
150 static inline void get_dev (struct dev_data *data)
151 {
152 refcount_inc (&data->count);
153 }
154
155 static void put_dev (struct dev_data *data)
156 {
157 if (likely (!refcount_dec_and_test (&data->count)))
158 return;
159
160 BUG_ON (waitqueue_active (&data->wait));
161 kfree (data);
162 }
163
164 static struct dev_data *dev_new (void)
165 {
166 struct dev_data *dev;
167
168 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
169 if (!dev)
170 return NULL;
171 dev->state = STATE_DEV_DISABLED;
172 refcount_set (&dev->count, 1);
173 spin_lock_init (&dev->lock);
174 INIT_LIST_HEAD (&dev->epfiles);
175 init_waitqueue_head (&dev->wait);
176 return dev;
177 }
178
179
180
181
182 enum ep_state {
183 STATE_EP_DISABLED = 0,
184 STATE_EP_READY,
185 STATE_EP_ENABLED,
186 STATE_EP_UNBOUND,
187 };
188
189 struct ep_data {
190 struct mutex lock;
191 enum ep_state state;
192 refcount_t count;
193 struct dev_data *dev;
194
195 struct usb_ep *ep;
196 struct usb_request *req;
197 ssize_t status;
198 char name [16];
199 struct usb_endpoint_descriptor desc, hs_desc;
200 struct list_head epfiles;
201 wait_queue_head_t wait;
202 struct dentry *dentry;
203 };
204
205 static inline void get_ep (struct ep_data *data)
206 {
207 refcount_inc (&data->count);
208 }
209
210 static void put_ep (struct ep_data *data)
211 {
212 if (likely (!refcount_dec_and_test (&data->count)))
213 return;
214 put_dev (data->dev);
215
216 BUG_ON (!list_empty (&data->epfiles));
217 BUG_ON (waitqueue_active (&data->wait));
218 kfree (data);
219 }
220
221
222
223
224
225
226
227
228
229 static const char *CHIP;
230
231
232
233
234
235
236
237
238 #define xprintk(d,level,fmt,args...) \
239 printk(level "%s: " fmt , shortname , ## args)
240
241 #ifdef DEBUG
242 #define DBG(dev,fmt,args...) \
243 xprintk(dev , KERN_DEBUG , fmt , ## args)
244 #else
245 #define DBG(dev,fmt,args...) \
246 do { } while (0)
247 #endif
248
249 #ifdef VERBOSE_DEBUG
250 #define VDEBUG DBG
251 #else
252 #define VDEBUG(dev,fmt,args...) \
253 do { } while (0)
254 #endif
255
256 #define ERROR(dev,fmt,args...) \
257 xprintk(dev , KERN_ERR , fmt , ## args)
258 #define INFO(dev,fmt,args...) \
259 xprintk(dev , KERN_INFO , fmt , ## args)
260
261
262
263
264
265
266
267
268
269
270
271 static void epio_complete (struct usb_ep *ep, struct usb_request *req)
272 {
273 struct ep_data *epdata = ep->driver_data;
274
275 if (!req->context)
276 return;
277 if (req->status)
278 epdata->status = req->status;
279 else
280 epdata->status = req->actual;
281 complete ((struct completion *)req->context);
282 }
283
284
285
286
287 static int
288 get_ready_ep (unsigned f_flags, struct ep_data *epdata, bool is_write)
289 {
290 int val;
291
292 if (f_flags & O_NONBLOCK) {
293 if (!mutex_trylock(&epdata->lock))
294 goto nonblock;
295 if (epdata->state != STATE_EP_ENABLED &&
296 (!is_write || epdata->state != STATE_EP_READY)) {
297 mutex_unlock(&epdata->lock);
298 nonblock:
299 val = -EAGAIN;
300 } else
301 val = 0;
302 return val;
303 }
304
305 val = mutex_lock_interruptible(&epdata->lock);
306 if (val < 0)
307 return val;
308
309 switch (epdata->state) {
310 case STATE_EP_ENABLED:
311 return 0;
312 case STATE_EP_READY:
313 if (is_write)
314 return 0;
315
316 case STATE_EP_UNBOUND:
317 break;
318
319 default:
320 pr_debug ("%s: ep %p not available, state %d\n",
321 shortname, epdata, epdata->state);
322 }
323 mutex_unlock(&epdata->lock);
324 return -ENODEV;
325 }
326
327 static ssize_t
328 ep_io (struct ep_data *epdata, void *buf, unsigned len)
329 {
330 DECLARE_COMPLETION_ONSTACK (done);
331 int value;
332
333 spin_lock_irq (&epdata->dev->lock);
334 if (likely (epdata->ep != NULL)) {
335 struct usb_request *req = epdata->req;
336
337 req->context = &done;
338 req->complete = epio_complete;
339 req->buf = buf;
340 req->length = len;
341 value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
342 } else
343 value = -ENODEV;
344 spin_unlock_irq (&epdata->dev->lock);
345
346 if (likely (value == 0)) {
347 value = wait_event_interruptible (done.wait, done.done);
348 if (value != 0) {
349 spin_lock_irq (&epdata->dev->lock);
350 if (likely (epdata->ep != NULL)) {
351 DBG (epdata->dev, "%s i/o interrupted\n",
352 epdata->name);
353 usb_ep_dequeue (epdata->ep, epdata->req);
354 spin_unlock_irq (&epdata->dev->lock);
355
356 wait_event (done.wait, done.done);
357 if (epdata->status == -ECONNRESET)
358 epdata->status = -EINTR;
359 } else {
360 spin_unlock_irq (&epdata->dev->lock);
361
362 DBG (epdata->dev, "endpoint gone\n");
363 epdata->status = -ENODEV;
364 }
365 }
366 return epdata->status;
367 }
368 return value;
369 }
370
371 static int
372 ep_release (struct inode *inode, struct file *fd)
373 {
374 struct ep_data *data = fd->private_data;
375 int value;
376
377 value = mutex_lock_interruptible(&data->lock);
378 if (value < 0)
379 return value;
380
381
382 if (data->state != STATE_EP_UNBOUND) {
383 data->state = STATE_EP_DISABLED;
384 data->desc.bDescriptorType = 0;
385 data->hs_desc.bDescriptorType = 0;
386 usb_ep_disable(data->ep);
387 }
388 mutex_unlock(&data->lock);
389 put_ep (data);
390 return 0;
391 }
392
393 static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
394 {
395 struct ep_data *data = fd->private_data;
396 int status;
397
398 if ((status = get_ready_ep (fd->f_flags, data, false)) < 0)
399 return status;
400
401 spin_lock_irq (&data->dev->lock);
402 if (likely (data->ep != NULL)) {
403 switch (code) {
404 case GADGETFS_FIFO_STATUS:
405 status = usb_ep_fifo_status (data->ep);
406 break;
407 case GADGETFS_FIFO_FLUSH:
408 usb_ep_fifo_flush (data->ep);
409 break;
410 case GADGETFS_CLEAR_HALT:
411 status = usb_ep_clear_halt (data->ep);
412 break;
413 default:
414 status = -ENOTTY;
415 }
416 } else
417 status = -ENODEV;
418 spin_unlock_irq (&data->dev->lock);
419 mutex_unlock(&data->lock);
420 return status;
421 }
422
423
424
425
426
427 struct kiocb_priv {
428 struct usb_request *req;
429 struct ep_data *epdata;
430 struct kiocb *iocb;
431 struct mm_struct *mm;
432 struct work_struct work;
433 void *buf;
434 struct iov_iter to;
435 const void *to_free;
436 unsigned actual;
437 };
438
439 static int ep_aio_cancel(struct kiocb *iocb)
440 {
441 struct kiocb_priv *priv = iocb->private;
442 struct ep_data *epdata;
443 int value;
444
445 local_irq_disable();
446 epdata = priv->epdata;
447
448 if (likely(epdata && epdata->ep && priv->req))
449 value = usb_ep_dequeue (epdata->ep, priv->req);
450 else
451 value = -EINVAL;
452
453 local_irq_enable();
454
455 return value;
456 }
457
458 static void ep_user_copy_worker(struct work_struct *work)
459 {
460 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
461 struct mm_struct *mm = priv->mm;
462 struct kiocb *iocb = priv->iocb;
463 size_t ret;
464
465 use_mm(mm);
466 ret = copy_to_iter(priv->buf, priv->actual, &priv->to);
467 unuse_mm(mm);
468 if (!ret)
469 ret = -EFAULT;
470
471
472 iocb->ki_complete(iocb, ret, ret);
473
474 kfree(priv->buf);
475 kfree(priv->to_free);
476 kfree(priv);
477 }
478
479 static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
480 {
481 struct kiocb *iocb = req->context;
482 struct kiocb_priv *priv = iocb->private;
483 struct ep_data *epdata = priv->epdata;
484
485
486 spin_lock(&epdata->dev->lock);
487 priv->req = NULL;
488 priv->epdata = NULL;
489
490
491
492
493
494 if (priv->to_free == NULL || unlikely(req->actual == 0)) {
495 kfree(req->buf);
496 kfree(priv->to_free);
497 kfree(priv);
498 iocb->private = NULL;
499
500
501 iocb->ki_complete(iocb, req->actual ? req->actual : req->status,
502 req->status);
503 } else {
504
505 if (unlikely(0 != req->status))
506 DBG(epdata->dev, "%s fault %d len %d\n",
507 ep->name, req->status, req->actual);
508
509 priv->buf = req->buf;
510 priv->actual = req->actual;
511 INIT_WORK(&priv->work, ep_user_copy_worker);
512 schedule_work(&priv->work);
513 }
514
515 usb_ep_free_request(ep, req);
516 spin_unlock(&epdata->dev->lock);
517 put_ep(epdata);
518 }
519
520 static ssize_t ep_aio(struct kiocb *iocb,
521 struct kiocb_priv *priv,
522 struct ep_data *epdata,
523 char *buf,
524 size_t len)
525 {
526 struct usb_request *req;
527 ssize_t value;
528
529 iocb->private = priv;
530 priv->iocb = iocb;
531
532 kiocb_set_cancel_fn(iocb, ep_aio_cancel);
533 get_ep(epdata);
534 priv->epdata = epdata;
535 priv->actual = 0;
536 priv->mm = current->mm;
537
538
539
540
541 spin_lock_irq(&epdata->dev->lock);
542 value = -ENODEV;
543 if (unlikely(epdata->ep == NULL))
544 goto fail;
545
546 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
547 value = -ENOMEM;
548 if (unlikely(!req))
549 goto fail;
550
551 priv->req = req;
552 req->buf = buf;
553 req->length = len;
554 req->complete = ep_aio_complete;
555 req->context = iocb;
556 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
557 if (unlikely(0 != value)) {
558 usb_ep_free_request(epdata->ep, req);
559 goto fail;
560 }
561 spin_unlock_irq(&epdata->dev->lock);
562 return -EIOCBQUEUED;
563
564 fail:
565 spin_unlock_irq(&epdata->dev->lock);
566 kfree(priv->to_free);
567 kfree(priv);
568 put_ep(epdata);
569 return value;
570 }
571
572 static ssize_t
573 ep_read_iter(struct kiocb *iocb, struct iov_iter *to)
574 {
575 struct file *file = iocb->ki_filp;
576 struct ep_data *epdata = file->private_data;
577 size_t len = iov_iter_count(to);
578 ssize_t value;
579 char *buf;
580
581 if ((value = get_ready_ep(file->f_flags, epdata, false)) < 0)
582 return value;
583
584
585 if (usb_endpoint_dir_in(&epdata->desc)) {
586 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
587 !is_sync_kiocb(iocb)) {
588 mutex_unlock(&epdata->lock);
589 return -EINVAL;
590 }
591 DBG (epdata->dev, "%s halt\n", epdata->name);
592 spin_lock_irq(&epdata->dev->lock);
593 if (likely(epdata->ep != NULL))
594 usb_ep_set_halt(epdata->ep);
595 spin_unlock_irq(&epdata->dev->lock);
596 mutex_unlock(&epdata->lock);
597 return -EBADMSG;
598 }
599
600 buf = kmalloc(len, GFP_KERNEL);
601 if (unlikely(!buf)) {
602 mutex_unlock(&epdata->lock);
603 return -ENOMEM;
604 }
605 if (is_sync_kiocb(iocb)) {
606 value = ep_io(epdata, buf, len);
607 if (value >= 0 && (copy_to_iter(buf, value, to) != value))
608 value = -EFAULT;
609 } else {
610 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
611 value = -ENOMEM;
612 if (!priv)
613 goto fail;
614 priv->to_free = dup_iter(&priv->to, to, GFP_KERNEL);
615 if (!priv->to_free) {
616 kfree(priv);
617 goto fail;
618 }
619 value = ep_aio(iocb, priv, epdata, buf, len);
620 if (value == -EIOCBQUEUED)
621 buf = NULL;
622 }
623 fail:
624 kfree(buf);
625 mutex_unlock(&epdata->lock);
626 return value;
627 }
628
629 static ssize_t ep_config(struct ep_data *, const char *, size_t);
630
631 static ssize_t
632 ep_write_iter(struct kiocb *iocb, struct iov_iter *from)
633 {
634 struct file *file = iocb->ki_filp;
635 struct ep_data *epdata = file->private_data;
636 size_t len = iov_iter_count(from);
637 bool configured;
638 ssize_t value;
639 char *buf;
640
641 if ((value = get_ready_ep(file->f_flags, epdata, true)) < 0)
642 return value;
643
644 configured = epdata->state == STATE_EP_ENABLED;
645
646
647 if (configured && !usb_endpoint_dir_in(&epdata->desc)) {
648 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
649 !is_sync_kiocb(iocb)) {
650 mutex_unlock(&epdata->lock);
651 return -EINVAL;
652 }
653 DBG (epdata->dev, "%s halt\n", epdata->name);
654 spin_lock_irq(&epdata->dev->lock);
655 if (likely(epdata->ep != NULL))
656 usb_ep_set_halt(epdata->ep);
657 spin_unlock_irq(&epdata->dev->lock);
658 mutex_unlock(&epdata->lock);
659 return -EBADMSG;
660 }
661
662 buf = kmalloc(len, GFP_KERNEL);
663 if (unlikely(!buf)) {
664 mutex_unlock(&epdata->lock);
665 return -ENOMEM;
666 }
667
668 if (unlikely(!copy_from_iter_full(buf, len, from))) {
669 value = -EFAULT;
670 goto out;
671 }
672
673 if (unlikely(!configured)) {
674 value = ep_config(epdata, buf, len);
675 } else if (is_sync_kiocb(iocb)) {
676 value = ep_io(epdata, buf, len);
677 } else {
678 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
679 value = -ENOMEM;
680 if (priv) {
681 value = ep_aio(iocb, priv, epdata, buf, len);
682 if (value == -EIOCBQUEUED)
683 buf = NULL;
684 }
685 }
686 out:
687 kfree(buf);
688 mutex_unlock(&epdata->lock);
689 return value;
690 }
691
692
693
694
695 static const struct file_operations ep_io_operations = {
696 .owner = THIS_MODULE,
697
698 .open = ep_open,
699 .release = ep_release,
700 .llseek = no_llseek,
701 .unlocked_ioctl = ep_ioctl,
702 .read_iter = ep_read_iter,
703 .write_iter = ep_write_iter,
704 };
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719 static ssize_t
720 ep_config (struct ep_data *data, const char *buf, size_t len)
721 {
722 struct usb_ep *ep;
723 u32 tag;
724 int value, length = len;
725
726 if (data->state != STATE_EP_READY) {
727 value = -EL2HLT;
728 goto fail;
729 }
730
731 value = len;
732 if (len < USB_DT_ENDPOINT_SIZE + 4)
733 goto fail0;
734
735
736 memcpy(&tag, buf, 4);
737 if (tag != 1) {
738 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
739 goto fail0;
740 }
741 buf += 4;
742 len -= 4;
743
744
745
746
747
748
749 memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE);
750 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
751 || data->desc.bDescriptorType != USB_DT_ENDPOINT)
752 goto fail0;
753 if (len != USB_DT_ENDPOINT_SIZE) {
754 if (len != 2 * USB_DT_ENDPOINT_SIZE)
755 goto fail0;
756 memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
757 USB_DT_ENDPOINT_SIZE);
758 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
759 || data->hs_desc.bDescriptorType
760 != USB_DT_ENDPOINT) {
761 DBG(data->dev, "config %s, bad hs length or type\n",
762 data->name);
763 goto fail0;
764 }
765 }
766
767 spin_lock_irq (&data->dev->lock);
768 if (data->dev->state == STATE_DEV_UNBOUND) {
769 value = -ENOENT;
770 goto gone;
771 } else {
772 ep = data->ep;
773 if (ep == NULL) {
774 value = -ENODEV;
775 goto gone;
776 }
777 }
778 switch (data->dev->gadget->speed) {
779 case USB_SPEED_LOW:
780 case USB_SPEED_FULL:
781 ep->desc = &data->desc;
782 break;
783 case USB_SPEED_HIGH:
784
785 ep->desc = &data->hs_desc;
786 break;
787 default:
788 DBG(data->dev, "unconnected, %s init abandoned\n",
789 data->name);
790 value = -EINVAL;
791 goto gone;
792 }
793 value = usb_ep_enable(ep);
794 if (value == 0) {
795 data->state = STATE_EP_ENABLED;
796 value = length;
797 }
798 gone:
799 spin_unlock_irq (&data->dev->lock);
800 if (value < 0) {
801 fail:
802 data->desc.bDescriptorType = 0;
803 data->hs_desc.bDescriptorType = 0;
804 }
805 return value;
806 fail0:
807 value = -EINVAL;
808 goto fail;
809 }
810
811 static int
812 ep_open (struct inode *inode, struct file *fd)
813 {
814 struct ep_data *data = inode->i_private;
815 int value = -EBUSY;
816
817 if (mutex_lock_interruptible(&data->lock) != 0)
818 return -EINTR;
819 spin_lock_irq (&data->dev->lock);
820 if (data->dev->state == STATE_DEV_UNBOUND)
821 value = -ENOENT;
822 else if (data->state == STATE_EP_DISABLED) {
823 value = 0;
824 data->state = STATE_EP_READY;
825 get_ep (data);
826 fd->private_data = data;
827 VDEBUG (data->dev, "%s ready\n", data->name);
828 } else
829 DBG (data->dev, "%s state %d\n",
830 data->name, data->state);
831 spin_unlock_irq (&data->dev->lock);
832 mutex_unlock(&data->lock);
833 return value;
834 }
835
836
837
838
839
840
841
842
843
844
845 static inline void ep0_readable (struct dev_data *dev)
846 {
847 wake_up (&dev->wait);
848 kill_fasync (&dev->fasync, SIGIO, POLL_IN);
849 }
850
851 static void clean_req (struct usb_ep *ep, struct usb_request *req)
852 {
853 struct dev_data *dev = ep->driver_data;
854
855 if (req->buf != dev->rbuf) {
856 kfree(req->buf);
857 req->buf = dev->rbuf;
858 }
859 req->complete = epio_complete;
860 dev->setup_out_ready = 0;
861 }
862
863 static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
864 {
865 struct dev_data *dev = ep->driver_data;
866 unsigned long flags;
867 int free = 1;
868
869
870 spin_lock_irqsave(&dev->lock, flags);
871 if (!dev->setup_in) {
872 dev->setup_out_error = (req->status != 0);
873 if (!dev->setup_out_error)
874 free = 0;
875 dev->setup_out_ready = 1;
876 ep0_readable (dev);
877 }
878
879
880 if (free && req->buf != &dev->rbuf)
881 clean_req (ep, req);
882 req->complete = epio_complete;
883 spin_unlock_irqrestore(&dev->lock, flags);
884 }
885
886 static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
887 {
888 struct dev_data *dev = ep->driver_data;
889
890 if (dev->setup_out_ready) {
891 DBG (dev, "ep0 request busy!\n");
892 return -EBUSY;
893 }
894 if (len > sizeof (dev->rbuf))
895 req->buf = kmalloc(len, GFP_ATOMIC);
896 if (req->buf == NULL) {
897 req->buf = dev->rbuf;
898 return -ENOMEM;
899 }
900 req->complete = ep0_complete;
901 req->length = len;
902 req->zero = 0;
903 return 0;
904 }
905
906 static ssize_t
907 ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
908 {
909 struct dev_data *dev = fd->private_data;
910 ssize_t retval;
911 enum ep0_state state;
912
913 spin_lock_irq (&dev->lock);
914 if (dev->state <= STATE_DEV_OPENED) {
915 retval = -EINVAL;
916 goto done;
917 }
918
919
920 if (dev->setup_abort) {
921 dev->setup_abort = 0;
922 retval = -EIDRM;
923 goto done;
924 }
925
926
927 if ((state = dev->state) == STATE_DEV_SETUP) {
928
929 if (dev->setup_in) {
930 VDEBUG(dev, "ep0in stall\n");
931 (void) usb_ep_set_halt (dev->gadget->ep0);
932 retval = -EL2HLT;
933 dev->state = STATE_DEV_CONNECTED;
934
935 } else if (len == 0) {
936 struct usb_ep *ep = dev->gadget->ep0;
937 struct usb_request *req = dev->req;
938
939 if ((retval = setup_req (ep, req, 0)) == 0) {
940 ++dev->udc_usage;
941 spin_unlock_irq (&dev->lock);
942 retval = usb_ep_queue (ep, req, GFP_KERNEL);
943 spin_lock_irq (&dev->lock);
944 --dev->udc_usage;
945 }
946 dev->state = STATE_DEV_CONNECTED;
947
948
949 if (dev->current_config) {
950 unsigned power;
951
952 if (gadget_is_dualspeed(dev->gadget)
953 && (dev->gadget->speed
954 == USB_SPEED_HIGH))
955 power = dev->hs_config->bMaxPower;
956 else
957 power = dev->config->bMaxPower;
958 usb_gadget_vbus_draw(dev->gadget, 2 * power);
959 }
960
961 } else {
962 if ((fd->f_flags & O_NONBLOCK) != 0
963 && !dev->setup_out_ready) {
964 retval = -EAGAIN;
965 goto done;
966 }
967 spin_unlock_irq (&dev->lock);
968 retval = wait_event_interruptible (dev->wait,
969 dev->setup_out_ready != 0);
970
971
972 spin_lock_irq (&dev->lock);
973 if (retval)
974 goto done;
975
976 if (dev->state != STATE_DEV_SETUP) {
977 retval = -ECANCELED;
978 goto done;
979 }
980 dev->state = STATE_DEV_CONNECTED;
981
982 if (dev->setup_out_error)
983 retval = -EIO;
984 else {
985 len = min (len, (size_t)dev->req->actual);
986 ++dev->udc_usage;
987 spin_unlock_irq(&dev->lock);
988 if (copy_to_user (buf, dev->req->buf, len))
989 retval = -EFAULT;
990 else
991 retval = len;
992 spin_lock_irq(&dev->lock);
993 --dev->udc_usage;
994 clean_req (dev->gadget->ep0, dev->req);
995
996 }
997 }
998 goto done;
999 }
1000
1001
1002 if (len < sizeof dev->event [0]) {
1003 retval = -EINVAL;
1004 goto done;
1005 }
1006 len -= len % sizeof (struct usb_gadgetfs_event);
1007 dev->usermode_setup = 1;
1008
1009 scan:
1010
1011 if (dev->ev_next != 0) {
1012 unsigned i, n;
1013
1014 n = len / sizeof (struct usb_gadgetfs_event);
1015 if (dev->ev_next < n)
1016 n = dev->ev_next;
1017
1018
1019 for (i = 0; i < n; i++) {
1020 if (dev->event [i].type == GADGETFS_SETUP) {
1021 dev->state = STATE_DEV_SETUP;
1022 n = i + 1;
1023 break;
1024 }
1025 }
1026 spin_unlock_irq (&dev->lock);
1027 len = n * sizeof (struct usb_gadgetfs_event);
1028 if (copy_to_user (buf, &dev->event, len))
1029 retval = -EFAULT;
1030 else
1031 retval = len;
1032 if (len > 0) {
1033
1034
1035
1036 spin_lock_irq (&dev->lock);
1037 if (dev->ev_next > n) {
1038 memmove(&dev->event[0], &dev->event[n],
1039 sizeof (struct usb_gadgetfs_event)
1040 * (dev->ev_next - n));
1041 }
1042 dev->ev_next -= n;
1043 spin_unlock_irq (&dev->lock);
1044 }
1045 return retval;
1046 }
1047 if (fd->f_flags & O_NONBLOCK) {
1048 retval = -EAGAIN;
1049 goto done;
1050 }
1051
1052 switch (state) {
1053 default:
1054 DBG (dev, "fail %s, state %d\n", __func__, state);
1055 retval = -ESRCH;
1056 break;
1057 case STATE_DEV_UNCONNECTED:
1058 case STATE_DEV_CONNECTED:
1059 spin_unlock_irq (&dev->lock);
1060 DBG (dev, "%s wait\n", __func__);
1061
1062
1063 retval = wait_event_interruptible (dev->wait,
1064 dev->ev_next != 0);
1065 if (retval < 0)
1066 return retval;
1067 spin_lock_irq (&dev->lock);
1068 goto scan;
1069 }
1070
1071 done:
1072 spin_unlock_irq (&dev->lock);
1073 return retval;
1074 }
1075
1076 static struct usb_gadgetfs_event *
1077 next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1078 {
1079 struct usb_gadgetfs_event *event;
1080 unsigned i;
1081
1082 switch (type) {
1083
1084 case GADGETFS_DISCONNECT:
1085 if (dev->state == STATE_DEV_SETUP)
1086 dev->setup_abort = 1;
1087
1088 case GADGETFS_CONNECT:
1089 dev->ev_next = 0;
1090 break;
1091 case GADGETFS_SETUP:
1092 case GADGETFS_SUSPEND:
1093
1094 for (i = 0; i != dev->ev_next; i++) {
1095 if (dev->event [i].type != type)
1096 continue;
1097 DBG(dev, "discard old event[%d] %d\n", i, type);
1098 dev->ev_next--;
1099 if (i == dev->ev_next)
1100 break;
1101
1102 memmove (&dev->event [i], &dev->event [i + 1],
1103 sizeof (struct usb_gadgetfs_event)
1104 * (dev->ev_next - i));
1105 }
1106 break;
1107 default:
1108 BUG ();
1109 }
1110 VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1111 event = &dev->event [dev->ev_next++];
1112 BUG_ON (dev->ev_next > N_EVENT);
1113 memset (event, 0, sizeof *event);
1114 event->type = type;
1115 return event;
1116 }
1117
1118 static ssize_t
1119 ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1120 {
1121 struct dev_data *dev = fd->private_data;
1122 ssize_t retval = -ESRCH;
1123
1124
1125 if (dev->setup_abort) {
1126 dev->setup_abort = 0;
1127 retval = -EIDRM;
1128
1129
1130 } else if (dev->state == STATE_DEV_SETUP) {
1131
1132 len = min_t(size_t, len, dev->setup_wLength);
1133 if (dev->setup_in) {
1134 retval = setup_req (dev->gadget->ep0, dev->req, len);
1135 if (retval == 0) {
1136 dev->state = STATE_DEV_CONNECTED;
1137 ++dev->udc_usage;
1138 spin_unlock_irq (&dev->lock);
1139 if (copy_from_user (dev->req->buf, buf, len))
1140 retval = -EFAULT;
1141 else {
1142 if (len < dev->setup_wLength)
1143 dev->req->zero = 1;
1144 retval = usb_ep_queue (
1145 dev->gadget->ep0, dev->req,
1146 GFP_KERNEL);
1147 }
1148 spin_lock_irq(&dev->lock);
1149 --dev->udc_usage;
1150 if (retval < 0) {
1151 clean_req (dev->gadget->ep0, dev->req);
1152 } else
1153 retval = len;
1154
1155 return retval;
1156 }
1157
1158
1159 } else if (dev->setup_can_stall) {
1160 VDEBUG(dev, "ep0out stall\n");
1161 (void) usb_ep_set_halt (dev->gadget->ep0);
1162 retval = -EL2HLT;
1163 dev->state = STATE_DEV_CONNECTED;
1164 } else {
1165 DBG(dev, "bogus ep0out stall!\n");
1166 }
1167 } else
1168 DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1169
1170 return retval;
1171 }
1172
1173 static int
1174 ep0_fasync (int f, struct file *fd, int on)
1175 {
1176 struct dev_data *dev = fd->private_data;
1177
1178 VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1179 return fasync_helper (f, fd, on, &dev->fasync);
1180 }
1181
1182 static struct usb_gadget_driver gadgetfs_driver;
1183
1184 static int
1185 dev_release (struct inode *inode, struct file *fd)
1186 {
1187 struct dev_data *dev = fd->private_data;
1188
1189
1190
1191 if (dev->gadget_registered) {
1192 usb_gadget_unregister_driver (&gadgetfs_driver);
1193 dev->gadget_registered = false;
1194 }
1195
1196
1197
1198
1199
1200
1201 kfree (dev->buf);
1202 dev->buf = NULL;
1203
1204
1205 spin_lock_irq(&dev->lock);
1206 dev->state = STATE_DEV_DISABLED;
1207 spin_unlock_irq(&dev->lock);
1208
1209 put_dev (dev);
1210 return 0;
1211 }
1212
1213 static __poll_t
1214 ep0_poll (struct file *fd, poll_table *wait)
1215 {
1216 struct dev_data *dev = fd->private_data;
1217 __poll_t mask = 0;
1218
1219 if (dev->state <= STATE_DEV_OPENED)
1220 return DEFAULT_POLLMASK;
1221
1222 poll_wait(fd, &dev->wait, wait);
1223
1224 spin_lock_irq(&dev->lock);
1225
1226
1227 if (dev->setup_abort) {
1228 dev->setup_abort = 0;
1229 mask = EPOLLHUP;
1230 goto out;
1231 }
1232
1233 if (dev->state == STATE_DEV_SETUP) {
1234 if (dev->setup_in || dev->setup_can_stall)
1235 mask = EPOLLOUT;
1236 } else {
1237 if (dev->ev_next != 0)
1238 mask = EPOLLIN;
1239 }
1240 out:
1241 spin_unlock_irq(&dev->lock);
1242 return mask;
1243 }
1244
1245 static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1246 {
1247 struct dev_data *dev = fd->private_data;
1248 struct usb_gadget *gadget = dev->gadget;
1249 long ret = -ENOTTY;
1250
1251 spin_lock_irq(&dev->lock);
1252 if (dev->state == STATE_DEV_OPENED ||
1253 dev->state == STATE_DEV_UNBOUND) {
1254
1255 } else if (gadget->ops->ioctl) {
1256 ++dev->udc_usage;
1257 spin_unlock_irq(&dev->lock);
1258
1259 ret = gadget->ops->ioctl (gadget, code, value);
1260
1261 spin_lock_irq(&dev->lock);
1262 --dev->udc_usage;
1263 }
1264 spin_unlock_irq(&dev->lock);
1265
1266 return ret;
1267 }
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277 static void make_qualifier (struct dev_data *dev)
1278 {
1279 struct usb_qualifier_descriptor qual;
1280 struct usb_device_descriptor *desc;
1281
1282 qual.bLength = sizeof qual;
1283 qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1284 qual.bcdUSB = cpu_to_le16 (0x0200);
1285
1286 desc = dev->dev;
1287 qual.bDeviceClass = desc->bDeviceClass;
1288 qual.bDeviceSubClass = desc->bDeviceSubClass;
1289 qual.bDeviceProtocol = desc->bDeviceProtocol;
1290
1291
1292 qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1293
1294 qual.bNumConfigurations = 1;
1295 qual.bRESERVED = 0;
1296
1297 memcpy (dev->rbuf, &qual, sizeof qual);
1298 }
1299
1300 static int
1301 config_buf (struct dev_data *dev, u8 type, unsigned index)
1302 {
1303 int len;
1304 int hs = 0;
1305
1306
1307 if (index > 0)
1308 return -EINVAL;
1309
1310 if (gadget_is_dualspeed(dev->gadget)) {
1311 hs = (dev->gadget->speed == USB_SPEED_HIGH);
1312 if (type == USB_DT_OTHER_SPEED_CONFIG)
1313 hs = !hs;
1314 }
1315 if (hs) {
1316 dev->req->buf = dev->hs_config;
1317 len = le16_to_cpu(dev->hs_config->wTotalLength);
1318 } else {
1319 dev->req->buf = dev->config;
1320 len = le16_to_cpu(dev->config->wTotalLength);
1321 }
1322 ((u8 *)dev->req->buf) [1] = type;
1323 return len;
1324 }
1325
1326 static int
1327 gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1328 {
1329 struct dev_data *dev = get_gadget_data (gadget);
1330 struct usb_request *req = dev->req;
1331 int value = -EOPNOTSUPP;
1332 struct usb_gadgetfs_event *event;
1333 u16 w_value = le16_to_cpu(ctrl->wValue);
1334 u16 w_length = le16_to_cpu(ctrl->wLength);
1335
1336 spin_lock (&dev->lock);
1337 dev->setup_abort = 0;
1338 if (dev->state == STATE_DEV_UNCONNECTED) {
1339 if (gadget_is_dualspeed(gadget)
1340 && gadget->speed == USB_SPEED_HIGH
1341 && dev->hs_config == NULL) {
1342 spin_unlock(&dev->lock);
1343 ERROR (dev, "no high speed config??\n");
1344 return -EINVAL;
1345 }
1346
1347 dev->state = STATE_DEV_CONNECTED;
1348
1349 INFO (dev, "connected\n");
1350 event = next_event (dev, GADGETFS_CONNECT);
1351 event->u.speed = gadget->speed;
1352 ep0_readable (dev);
1353
1354
1355
1356
1357
1358
1359 } else if (dev->state == STATE_DEV_SETUP)
1360 dev->setup_abort = 1;
1361
1362 req->buf = dev->rbuf;
1363 req->context = NULL;
1364 switch (ctrl->bRequest) {
1365
1366 case USB_REQ_GET_DESCRIPTOR:
1367 if (ctrl->bRequestType != USB_DIR_IN)
1368 goto unrecognized;
1369 switch (w_value >> 8) {
1370
1371 case USB_DT_DEVICE:
1372 value = min (w_length, (u16) sizeof *dev->dev);
1373 dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1374 req->buf = dev->dev;
1375 break;
1376 case USB_DT_DEVICE_QUALIFIER:
1377 if (!dev->hs_config)
1378 break;
1379 value = min (w_length, (u16)
1380 sizeof (struct usb_qualifier_descriptor));
1381 make_qualifier (dev);
1382 break;
1383 case USB_DT_OTHER_SPEED_CONFIG:
1384
1385 case USB_DT_CONFIG:
1386 value = config_buf (dev,
1387 w_value >> 8,
1388 w_value & 0xff);
1389 if (value >= 0)
1390 value = min (w_length, (u16) value);
1391 break;
1392 case USB_DT_STRING:
1393 goto unrecognized;
1394
1395 default:
1396 break;
1397 }
1398 break;
1399
1400
1401 case USB_REQ_SET_CONFIGURATION:
1402 if (ctrl->bRequestType != 0)
1403 goto unrecognized;
1404 if (0 == (u8) w_value) {
1405 value = 0;
1406 dev->current_config = 0;
1407 usb_gadget_vbus_draw(gadget, 8 );
1408
1409 } else {
1410 u8 config, power;
1411
1412 if (gadget_is_dualspeed(gadget)
1413 && gadget->speed == USB_SPEED_HIGH) {
1414 config = dev->hs_config->bConfigurationValue;
1415 power = dev->hs_config->bMaxPower;
1416 } else {
1417 config = dev->config->bConfigurationValue;
1418 power = dev->config->bMaxPower;
1419 }
1420
1421 if (config == (u8) w_value) {
1422 value = 0;
1423 dev->current_config = config;
1424 usb_gadget_vbus_draw(gadget, 2 * power);
1425 }
1426 }
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437 if (value == 0) {
1438 INFO (dev, "configuration #%d\n", dev->current_config);
1439 usb_gadget_set_state(gadget, USB_STATE_CONFIGURED);
1440 if (dev->usermode_setup) {
1441 dev->setup_can_stall = 0;
1442 goto delegate;
1443 }
1444 }
1445 break;
1446
1447 #ifndef CONFIG_USB_PXA25X
1448
1449 case USB_REQ_GET_CONFIGURATION:
1450 if (ctrl->bRequestType != 0x80)
1451 goto unrecognized;
1452 *(u8 *)req->buf = dev->current_config;
1453 value = min (w_length, (u16) 1);
1454 break;
1455 #endif
1456
1457 default:
1458 unrecognized:
1459 VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1460 dev->usermode_setup ? "delegate" : "fail",
1461 ctrl->bRequestType, ctrl->bRequest,
1462 w_value, le16_to_cpu(ctrl->wIndex), w_length);
1463
1464
1465 if (dev->usermode_setup) {
1466 dev->setup_can_stall = 1;
1467 delegate:
1468 dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1469 ? 1 : 0;
1470 dev->setup_wLength = w_length;
1471 dev->setup_out_ready = 0;
1472 dev->setup_out_error = 0;
1473
1474
1475 if (unlikely (!dev->setup_in && w_length)) {
1476 value = setup_req (gadget->ep0, dev->req,
1477 w_length);
1478 if (value < 0)
1479 break;
1480
1481 ++dev->udc_usage;
1482 spin_unlock (&dev->lock);
1483 value = usb_ep_queue (gadget->ep0, dev->req,
1484 GFP_KERNEL);
1485 spin_lock (&dev->lock);
1486 --dev->udc_usage;
1487 if (value < 0) {
1488 clean_req (gadget->ep0, dev->req);
1489 break;
1490 }
1491
1492
1493 dev->setup_can_stall = 0;
1494 }
1495
1496
1497 event = next_event (dev, GADGETFS_SETUP);
1498 event->u.setup = *ctrl;
1499 ep0_readable (dev);
1500 spin_unlock (&dev->lock);
1501 return 0;
1502 }
1503 }
1504
1505
1506 if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1507 req->length = value;
1508 req->zero = value < w_length;
1509
1510 ++dev->udc_usage;
1511 spin_unlock (&dev->lock);
1512 value = usb_ep_queue (gadget->ep0, req, GFP_KERNEL);
1513 spin_lock(&dev->lock);
1514 --dev->udc_usage;
1515 spin_unlock(&dev->lock);
1516 if (value < 0) {
1517 DBG (dev, "ep_queue --> %d\n", value);
1518 req->status = 0;
1519 }
1520 return value;
1521 }
1522
1523
1524 spin_unlock (&dev->lock);
1525 return value;
1526 }
1527
1528 static void destroy_ep_files (struct dev_data *dev)
1529 {
1530 DBG (dev, "%s %d\n", __func__, dev->state);
1531
1532
1533 spin_lock_irq (&dev->lock);
1534 while (!list_empty(&dev->epfiles)) {
1535 struct ep_data *ep;
1536 struct inode *parent;
1537 struct dentry *dentry;
1538
1539
1540 ep = list_first_entry (&dev->epfiles, struct ep_data, epfiles);
1541 list_del_init (&ep->epfiles);
1542 spin_unlock_irq (&dev->lock);
1543
1544 dentry = ep->dentry;
1545 ep->dentry = NULL;
1546 parent = d_inode(dentry->d_parent);
1547
1548
1549 mutex_lock(&ep->lock);
1550 if (ep->state == STATE_EP_ENABLED)
1551 (void) usb_ep_disable (ep->ep);
1552 ep->state = STATE_EP_UNBOUND;
1553 usb_ep_free_request (ep->ep, ep->req);
1554 ep->ep = NULL;
1555 mutex_unlock(&ep->lock);
1556
1557 wake_up (&ep->wait);
1558 put_ep (ep);
1559
1560
1561 inode_lock(parent);
1562 d_delete (dentry);
1563 dput (dentry);
1564 inode_unlock(parent);
1565
1566 spin_lock_irq (&dev->lock);
1567 }
1568 spin_unlock_irq (&dev->lock);
1569 }
1570
1571
1572 static struct dentry *
1573 gadgetfs_create_file (struct super_block *sb, char const *name,
1574 void *data, const struct file_operations *fops);
1575
1576 static int activate_ep_files (struct dev_data *dev)
1577 {
1578 struct usb_ep *ep;
1579 struct ep_data *data;
1580
1581 gadget_for_each_ep (ep, dev->gadget) {
1582
1583 data = kzalloc(sizeof(*data), GFP_KERNEL);
1584 if (!data)
1585 goto enomem0;
1586 data->state = STATE_EP_DISABLED;
1587 mutex_init(&data->lock);
1588 init_waitqueue_head (&data->wait);
1589
1590 strncpy (data->name, ep->name, sizeof (data->name) - 1);
1591 refcount_set (&data->count, 1);
1592 data->dev = dev;
1593 get_dev (dev);
1594
1595 data->ep = ep;
1596 ep->driver_data = data;
1597
1598 data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1599 if (!data->req)
1600 goto enomem1;
1601
1602 data->dentry = gadgetfs_create_file (dev->sb, data->name,
1603 data, &ep_io_operations);
1604 if (!data->dentry)
1605 goto enomem2;
1606 list_add_tail (&data->epfiles, &dev->epfiles);
1607 }
1608 return 0;
1609
1610 enomem2:
1611 usb_ep_free_request (ep, data->req);
1612 enomem1:
1613 put_dev (dev);
1614 kfree (data);
1615 enomem0:
1616 DBG (dev, "%s enomem\n", __func__);
1617 destroy_ep_files (dev);
1618 return -ENOMEM;
1619 }
1620
1621 static void
1622 gadgetfs_unbind (struct usb_gadget *gadget)
1623 {
1624 struct dev_data *dev = get_gadget_data (gadget);
1625
1626 DBG (dev, "%s\n", __func__);
1627
1628 spin_lock_irq (&dev->lock);
1629 dev->state = STATE_DEV_UNBOUND;
1630 while (dev->udc_usage > 0) {
1631 spin_unlock_irq(&dev->lock);
1632 usleep_range(1000, 2000);
1633 spin_lock_irq(&dev->lock);
1634 }
1635 spin_unlock_irq (&dev->lock);
1636
1637 destroy_ep_files (dev);
1638 gadget->ep0->driver_data = NULL;
1639 set_gadget_data (gadget, NULL);
1640
1641
1642 if (dev->req)
1643 usb_ep_free_request (gadget->ep0, dev->req);
1644 DBG (dev, "%s done\n", __func__);
1645 put_dev (dev);
1646 }
1647
1648 static struct dev_data *the_device;
1649
1650 static int gadgetfs_bind(struct usb_gadget *gadget,
1651 struct usb_gadget_driver *driver)
1652 {
1653 struct dev_data *dev = the_device;
1654
1655 if (!dev)
1656 return -ESRCH;
1657 if (0 != strcmp (CHIP, gadget->name)) {
1658 pr_err("%s expected %s controller not %s\n",
1659 shortname, CHIP, gadget->name);
1660 return -ENODEV;
1661 }
1662
1663 set_gadget_data (gadget, dev);
1664 dev->gadget = gadget;
1665 gadget->ep0->driver_data = dev;
1666
1667
1668 dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1669 if (!dev->req)
1670 goto enomem;
1671 dev->req->context = NULL;
1672 dev->req->complete = epio_complete;
1673
1674 if (activate_ep_files (dev) < 0)
1675 goto enomem;
1676
1677 INFO (dev, "bound to %s driver\n", gadget->name);
1678 spin_lock_irq(&dev->lock);
1679 dev->state = STATE_DEV_UNCONNECTED;
1680 spin_unlock_irq(&dev->lock);
1681 get_dev (dev);
1682 return 0;
1683
1684 enomem:
1685 gadgetfs_unbind (gadget);
1686 return -ENOMEM;
1687 }
1688
1689 static void
1690 gadgetfs_disconnect (struct usb_gadget *gadget)
1691 {
1692 struct dev_data *dev = get_gadget_data (gadget);
1693 unsigned long flags;
1694
1695 spin_lock_irqsave (&dev->lock, flags);
1696 if (dev->state == STATE_DEV_UNCONNECTED)
1697 goto exit;
1698 dev->state = STATE_DEV_UNCONNECTED;
1699
1700 INFO (dev, "disconnected\n");
1701 next_event (dev, GADGETFS_DISCONNECT);
1702 ep0_readable (dev);
1703 exit:
1704 spin_unlock_irqrestore (&dev->lock, flags);
1705 }
1706
1707 static void
1708 gadgetfs_suspend (struct usb_gadget *gadget)
1709 {
1710 struct dev_data *dev = get_gadget_data (gadget);
1711 unsigned long flags;
1712
1713 INFO (dev, "suspended from state %d\n", dev->state);
1714 spin_lock_irqsave(&dev->lock, flags);
1715 switch (dev->state) {
1716 case STATE_DEV_SETUP:
1717 case STATE_DEV_CONNECTED:
1718 case STATE_DEV_UNCONNECTED:
1719 next_event (dev, GADGETFS_SUSPEND);
1720 ep0_readable (dev);
1721
1722 default:
1723 break;
1724 }
1725 spin_unlock_irqrestore(&dev->lock, flags);
1726 }
1727
1728 static struct usb_gadget_driver gadgetfs_driver = {
1729 .function = (char *) driver_desc,
1730 .bind = gadgetfs_bind,
1731 .unbind = gadgetfs_unbind,
1732 .setup = gadgetfs_setup,
1733 .reset = gadgetfs_disconnect,
1734 .disconnect = gadgetfs_disconnect,
1735 .suspend = gadgetfs_suspend,
1736
1737 .driver = {
1738 .name = (char *) shortname,
1739 },
1740 };
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769 static int is_valid_config(struct usb_config_descriptor *config,
1770 unsigned int total)
1771 {
1772 return config->bDescriptorType == USB_DT_CONFIG
1773 && config->bLength == USB_DT_CONFIG_SIZE
1774 && total >= USB_DT_CONFIG_SIZE
1775 && config->bConfigurationValue != 0
1776 && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1777 && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1778
1779
1780 }
1781
1782 static ssize_t
1783 dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1784 {
1785 struct dev_data *dev = fd->private_data;
1786 ssize_t value, length = len;
1787 unsigned total;
1788 u32 tag;
1789 char *kbuf;
1790
1791 spin_lock_irq(&dev->lock);
1792 if (dev->state > STATE_DEV_OPENED) {
1793 value = ep0_write(fd, buf, len, ptr);
1794 spin_unlock_irq(&dev->lock);
1795 return value;
1796 }
1797 spin_unlock_irq(&dev->lock);
1798
1799 if ((len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) ||
1800 (len > PAGE_SIZE * 4))
1801 return -EINVAL;
1802
1803
1804 if (copy_from_user (&tag, buf, 4))
1805 return -EFAULT;
1806 if (tag != 0)
1807 return -EINVAL;
1808 buf += 4;
1809 length -= 4;
1810
1811 kbuf = memdup_user(buf, length);
1812 if (IS_ERR(kbuf))
1813 return PTR_ERR(kbuf);
1814
1815 spin_lock_irq (&dev->lock);
1816 value = -EINVAL;
1817 if (dev->buf) {
1818 kfree(kbuf);
1819 goto fail;
1820 }
1821 dev->buf = kbuf;
1822
1823
1824 dev->config = (void *) kbuf;
1825 total = le16_to_cpu(dev->config->wTotalLength);
1826 if (!is_valid_config(dev->config, total) ||
1827 total > length - USB_DT_DEVICE_SIZE)
1828 goto fail;
1829 kbuf += total;
1830 length -= total;
1831
1832
1833 if (kbuf [1] == USB_DT_CONFIG) {
1834 dev->hs_config = (void *) kbuf;
1835 total = le16_to_cpu(dev->hs_config->wTotalLength);
1836 if (!is_valid_config(dev->hs_config, total) ||
1837 total > length - USB_DT_DEVICE_SIZE)
1838 goto fail;
1839 kbuf += total;
1840 length -= total;
1841 } else {
1842 dev->hs_config = NULL;
1843 }
1844
1845
1846
1847
1848 if (length != USB_DT_DEVICE_SIZE)
1849 goto fail;
1850 dev->dev = (void *)kbuf;
1851 if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1852 || dev->dev->bDescriptorType != USB_DT_DEVICE
1853 || dev->dev->bNumConfigurations != 1)
1854 goto fail;
1855 dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1856
1857
1858 spin_unlock_irq (&dev->lock);
1859 if (dev->hs_config)
1860 gadgetfs_driver.max_speed = USB_SPEED_HIGH;
1861 else
1862 gadgetfs_driver.max_speed = USB_SPEED_FULL;
1863
1864 value = usb_gadget_probe_driver(&gadgetfs_driver);
1865 if (value != 0) {
1866 kfree (dev->buf);
1867 dev->buf = NULL;
1868 } else {
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878 value = len;
1879 dev->gadget_registered = true;
1880 }
1881 return value;
1882
1883 fail:
1884 spin_unlock_irq (&dev->lock);
1885 pr_debug ("%s: %s fail %zd, %p\n", shortname, __func__, value, dev);
1886 kfree (dev->buf);
1887 dev->buf = NULL;
1888 return value;
1889 }
1890
1891 static int
1892 dev_open (struct inode *inode, struct file *fd)
1893 {
1894 struct dev_data *dev = inode->i_private;
1895 int value = -EBUSY;
1896
1897 spin_lock_irq(&dev->lock);
1898 if (dev->state == STATE_DEV_DISABLED) {
1899 dev->ev_next = 0;
1900 dev->state = STATE_DEV_OPENED;
1901 fd->private_data = dev;
1902 get_dev (dev);
1903 value = 0;
1904 }
1905 spin_unlock_irq(&dev->lock);
1906 return value;
1907 }
1908
1909 static const struct file_operations ep0_operations = {
1910 .llseek = no_llseek,
1911
1912 .open = dev_open,
1913 .read = ep0_read,
1914 .write = dev_config,
1915 .fasync = ep0_fasync,
1916 .poll = ep0_poll,
1917 .unlocked_ioctl = dev_ioctl,
1918 .release = dev_release,
1919 };
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934 static unsigned default_uid;
1935 static unsigned default_gid;
1936 static unsigned default_perm = S_IRUSR | S_IWUSR;
1937
1938 module_param (default_uid, uint, 0644);
1939 module_param (default_gid, uint, 0644);
1940 module_param (default_perm, uint, 0644);
1941
1942
1943 static struct inode *
1944 gadgetfs_make_inode (struct super_block *sb,
1945 void *data, const struct file_operations *fops,
1946 int mode)
1947 {
1948 struct inode *inode = new_inode (sb);
1949
1950 if (inode) {
1951 inode->i_ino = get_next_ino();
1952 inode->i_mode = mode;
1953 inode->i_uid = make_kuid(&init_user_ns, default_uid);
1954 inode->i_gid = make_kgid(&init_user_ns, default_gid);
1955 inode->i_atime = inode->i_mtime = inode->i_ctime
1956 = current_time(inode);
1957 inode->i_private = data;
1958 inode->i_fop = fops;
1959 }
1960 return inode;
1961 }
1962
1963
1964
1965
1966 static struct dentry *
1967 gadgetfs_create_file (struct super_block *sb, char const *name,
1968 void *data, const struct file_operations *fops)
1969 {
1970 struct dentry *dentry;
1971 struct inode *inode;
1972
1973 dentry = d_alloc_name(sb->s_root, name);
1974 if (!dentry)
1975 return NULL;
1976
1977 inode = gadgetfs_make_inode (sb, data, fops,
1978 S_IFREG | (default_perm & S_IRWXUGO));
1979 if (!inode) {
1980 dput(dentry);
1981 return NULL;
1982 }
1983 d_add (dentry, inode);
1984 return dentry;
1985 }
1986
1987 static const struct super_operations gadget_fs_operations = {
1988 .statfs = simple_statfs,
1989 .drop_inode = generic_delete_inode,
1990 };
1991
1992 static int
1993 gadgetfs_fill_super (struct super_block *sb, struct fs_context *fc)
1994 {
1995 struct inode *inode;
1996 struct dev_data *dev;
1997
1998 if (the_device)
1999 return -ESRCH;
2000
2001 CHIP = usb_get_gadget_udc_name();
2002 if (!CHIP)
2003 return -ENODEV;
2004
2005
2006 sb->s_blocksize = PAGE_SIZE;
2007 sb->s_blocksize_bits = PAGE_SHIFT;
2008 sb->s_magic = GADGETFS_MAGIC;
2009 sb->s_op = &gadget_fs_operations;
2010 sb->s_time_gran = 1;
2011
2012
2013 inode = gadgetfs_make_inode (sb,
2014 NULL, &simple_dir_operations,
2015 S_IFDIR | S_IRUGO | S_IXUGO);
2016 if (!inode)
2017 goto Enomem;
2018 inode->i_op = &simple_dir_inode_operations;
2019 if (!(sb->s_root = d_make_root (inode)))
2020 goto Enomem;
2021
2022
2023
2024
2025 dev = dev_new ();
2026 if (!dev)
2027 goto Enomem;
2028
2029 dev->sb = sb;
2030 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations);
2031 if (!dev->dentry) {
2032 put_dev(dev);
2033 goto Enomem;
2034 }
2035
2036
2037
2038
2039 the_device = dev;
2040 return 0;
2041
2042 Enomem:
2043 return -ENOMEM;
2044 }
2045
2046
2047 static int gadgetfs_get_tree(struct fs_context *fc)
2048 {
2049 return get_tree_single(fc, gadgetfs_fill_super);
2050 }
2051
2052 static const struct fs_context_operations gadgetfs_context_ops = {
2053 .get_tree = gadgetfs_get_tree,
2054 };
2055
2056 static int gadgetfs_init_fs_context(struct fs_context *fc)
2057 {
2058 fc->ops = &gadgetfs_context_ops;
2059 return 0;
2060 }
2061
2062 static void
2063 gadgetfs_kill_sb (struct super_block *sb)
2064 {
2065 kill_litter_super (sb);
2066 if (the_device) {
2067 put_dev (the_device);
2068 the_device = NULL;
2069 }
2070 kfree(CHIP);
2071 CHIP = NULL;
2072 }
2073
2074
2075
2076 static struct file_system_type gadgetfs_type = {
2077 .owner = THIS_MODULE,
2078 .name = shortname,
2079 .init_fs_context = gadgetfs_init_fs_context,
2080 .kill_sb = gadgetfs_kill_sb,
2081 };
2082 MODULE_ALIAS_FS("gadgetfs");
2083
2084
2085
2086 static int __init init (void)
2087 {
2088 int status;
2089
2090 status = register_filesystem (&gadgetfs_type);
2091 if (status == 0)
2092 pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2093 shortname, driver_desc);
2094 return status;
2095 }
2096 module_init (init);
2097
2098 static void __exit cleanup (void)
2099 {
2100 pr_debug ("unregister %s\n", shortname);
2101 unregister_filesystem (&gadgetfs_type);
2102 }
2103 module_exit (cleanup);
2104