1 /*
2 * inode.c -- user mode filesystem api for usb gadget controllers
3 *
4 * Copyright (C) 2003-2004 David Brownell
5 * Copyright (C) 2003 Agilent Technologies
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 */
12
13
14 /* #define VERBOSE_DEBUG */
15
16 #include <linux/init.h>
17 #include <linux/module.h>
18 #include <linux/fs.h>
19 #include <linux/pagemap.h>
20 #include <linux/uts.h>
21 #include <linux/wait.h>
22 #include <linux/compiler.h>
23 #include <asm/uaccess.h>
24 #include <linux/sched.h>
25 #include <linux/slab.h>
26 #include <linux/poll.h>
27 #include <linux/mmu_context.h>
28 #include <linux/aio.h>
29
30 #include <linux/device.h>
31 #include <linux/moduleparam.h>
32
33 #include <linux/usb/gadgetfs.h>
34 #include <linux/usb/gadget.h>
35
36
37 /*
38 * The gadgetfs API maps each endpoint to a file descriptor so that you
39 * can use standard synchronous read/write calls for I/O. There's some
40 * O_NONBLOCK and O_ASYNC/FASYNC style i/o support. Example usermode
41 * drivers show how this works in practice. You can also use AIO to
42 * eliminate I/O gaps between requests, to help when streaming data.
43 *
44 * Key parts that must be USB-specific are protocols defining how the
45 * read/write operations relate to the hardware state machines. There
46 * are two types of files. One type is for the device, implementing ep0.
47 * The other type is for each IN or OUT endpoint. In both cases, the
48 * user mode driver must configure the hardware before using it.
49 *
50 * - First, dev_config() is called when /dev/gadget/$CHIP is configured
51 * (by writing configuration and device descriptors). Afterwards it
52 * may serve as a source of device events, used to handle all control
53 * requests other than basic enumeration.
54 *
55 * - Then, after a SET_CONFIGURATION control request, ep_config() is
56 * called when each /dev/gadget/ep* file is configured (by writing
57 * endpoint descriptors). Afterwards these files are used to write()
58 * IN data or to read() OUT data. To halt the endpoint, a "wrong
59 * direction" request is issued (like reading an IN endpoint).
60 *
61 * Unlike "usbfs" the only ioctl()s are for things that are rare, and maybe
62 * not possible on all hardware. For example, precise fault handling with
63 * respect to data left in endpoint fifos after aborted operations; or
64 * selective clearing of endpoint halts, to implement SET_INTERFACE.
65 */
66
67 #define DRIVER_DESC "USB Gadget filesystem"
68 #define DRIVER_VERSION "24 Aug 2004"
69
70 static const char driver_desc [] = DRIVER_DESC;
71 static const char shortname [] = "gadgetfs";
72
73 MODULE_DESCRIPTION (DRIVER_DESC);
74 MODULE_AUTHOR ("David Brownell");
75 MODULE_LICENSE ("GPL");
76
77
78 /*----------------------------------------------------------------------*/
79
80 #define GADGETFS_MAGIC 0xaee71ee7
81
82 /* /dev/gadget/$CHIP represents ep0 and the whole device */
83 enum ep0_state {
84 /* DISBLED is the initial state.
85 */
86 STATE_DEV_DISABLED = 0,
87
88 /* Only one open() of /dev/gadget/$CHIP; only one file tracks
89 * ep0/device i/o modes and binding to the controller. Driver
90 * must always write descriptors to initialize the device, then
91 * the device becomes UNCONNECTED until enumeration.
92 */
93 STATE_DEV_OPENED,
94
95 /* From then on, ep0 fd is in either of two basic modes:
96 * - (UN)CONNECTED: read usb_gadgetfs_event(s) from it
97 * - SETUP: read/write will transfer control data and succeed;
98 * or if "wrong direction", performs protocol stall
99 */
100 STATE_DEV_UNCONNECTED,
101 STATE_DEV_CONNECTED,
102 STATE_DEV_SETUP,
103
104 /* UNBOUND means the driver closed ep0, so the device won't be
105 * accessible again (DEV_DISABLED) until all fds are closed.
106 */
107 STATE_DEV_UNBOUND,
108 };
109
110 /* enough for the whole queue: most events invalidate others */
111 #define N_EVENT 5
112
113 struct dev_data {
114 spinlock_t lock;
115 atomic_t count;
116 enum ep0_state state; /* P: lock */
117 struct usb_gadgetfs_event event [N_EVENT];
118 unsigned ev_next;
119 struct fasync_struct *fasync;
120 u8 current_config;
121
122 /* drivers reading ep0 MUST handle control requests (SETUP)
123 * reported that way; else the host will time out.
124 */
125 unsigned usermode_setup : 1,
126 setup_in : 1,
127 setup_can_stall : 1,
128 setup_out_ready : 1,
129 setup_out_error : 1,
130 setup_abort : 1;
131 unsigned setup_wLength;
132
133 /* the rest is basically write-once */
134 struct usb_config_descriptor *config, *hs_config;
135 struct usb_device_descriptor *dev;
136 struct usb_request *req;
137 struct usb_gadget *gadget;
138 struct list_head epfiles;
139 void *buf;
140 wait_queue_head_t wait;
141 struct super_block *sb;
142 struct dentry *dentry;
143
144 /* except this scratch i/o buffer for ep0 */
145 u8 rbuf [256];
146 };
147
get_dev(struct dev_data * data)148 static inline void get_dev (struct dev_data *data)
149 {
150 atomic_inc (&data->count);
151 }
152
put_dev(struct dev_data * data)153 static void put_dev (struct dev_data *data)
154 {
155 if (likely (!atomic_dec_and_test (&data->count)))
156 return;
157 /* needs no more cleanup */
158 BUG_ON (waitqueue_active (&data->wait));
159 kfree (data);
160 }
161
dev_new(void)162 static struct dev_data *dev_new (void)
163 {
164 struct dev_data *dev;
165
166 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
167 if (!dev)
168 return NULL;
169 dev->state = STATE_DEV_DISABLED;
170 atomic_set (&dev->count, 1);
171 spin_lock_init (&dev->lock);
172 INIT_LIST_HEAD (&dev->epfiles);
173 init_waitqueue_head (&dev->wait);
174 return dev;
175 }
176
177 /*----------------------------------------------------------------------*/
178
179 /* other /dev/gadget/$ENDPOINT files represent endpoints */
180 enum ep_state {
181 STATE_EP_DISABLED = 0,
182 STATE_EP_READY,
183 STATE_EP_ENABLED,
184 STATE_EP_UNBOUND,
185 };
186
187 struct ep_data {
188 struct mutex lock;
189 enum ep_state state;
190 atomic_t count;
191 struct dev_data *dev;
192 /* must hold dev->lock before accessing ep or req */
193 struct usb_ep *ep;
194 struct usb_request *req;
195 ssize_t status;
196 char name [16];
197 struct usb_endpoint_descriptor desc, hs_desc;
198 struct list_head epfiles;
199 wait_queue_head_t wait;
200 struct dentry *dentry;
201 struct inode *inode;
202 };
203
get_ep(struct ep_data * data)204 static inline void get_ep (struct ep_data *data)
205 {
206 atomic_inc (&data->count);
207 }
208
put_ep(struct ep_data * data)209 static void put_ep (struct ep_data *data)
210 {
211 if (likely (!atomic_dec_and_test (&data->count)))
212 return;
213 put_dev (data->dev);
214 /* needs no more cleanup */
215 BUG_ON (!list_empty (&data->epfiles));
216 BUG_ON (waitqueue_active (&data->wait));
217 kfree (data);
218 }
219
220 /*----------------------------------------------------------------------*/
221
222 /* most "how to use the hardware" policy choices are in userspace:
223 * mapping endpoint roles (which the driver needs) to the capabilities
224 * which the usb controller has. most of those capabilities are exposed
225 * implicitly, starting with the driver name and then endpoint names.
226 */
227
228 static const char *CHIP;
229
230 /*----------------------------------------------------------------------*/
231
232 /* NOTE: don't use dev_printk calls before binding to the gadget
233 * at the end of ep0 configuration, or after unbind.
234 */
235
236 /* too wordy: dev_printk(level , &(d)->gadget->dev , fmt , ## args) */
237 #define xprintk(d,level,fmt,args...) \
238 printk(level "%s: " fmt , shortname , ## args)
239
240 #ifdef DEBUG
241 #define DBG(dev,fmt,args...) \
242 xprintk(dev , KERN_DEBUG , fmt , ## args)
243 #else
244 #define DBG(dev,fmt,args...) \
245 do { } while (0)
246 #endif /* DEBUG */
247
248 #ifdef VERBOSE_DEBUG
249 #define VDEBUG DBG
250 #else
251 #define VDEBUG(dev,fmt,args...) \
252 do { } while (0)
253 #endif /* DEBUG */
254
255 #define ERROR(dev,fmt,args...) \
256 xprintk(dev , KERN_ERR , fmt , ## args)
257 #define INFO(dev,fmt,args...) \
258 xprintk(dev , KERN_INFO , fmt , ## args)
259
260
261 /*----------------------------------------------------------------------*/
262
263 /* SYNCHRONOUS ENDPOINT OPERATIONS (bulk/intr/iso)
264 *
265 * After opening, configure non-control endpoints. Then use normal
266 * stream read() and write() requests; and maybe ioctl() to get more
267 * precise FIFO status when recovering from cancellation.
268 */
269
epio_complete(struct usb_ep * ep,struct usb_request * req)270 static void epio_complete (struct usb_ep *ep, struct usb_request *req)
271 {
272 struct ep_data *epdata = ep->driver_data;
273
274 if (!req->context)
275 return;
276 if (req->status)
277 epdata->status = req->status;
278 else
279 epdata->status = req->actual;
280 complete ((struct completion *)req->context);
281 }
282
283 /* tasklock endpoint, returning when it's connected.
284 * still need dev->lock to use epdata->ep.
285 */
286 static int
get_ready_ep(unsigned f_flags,struct ep_data * epdata)287 get_ready_ep (unsigned f_flags, struct ep_data *epdata)
288 {
289 int val;
290
291 if (f_flags & O_NONBLOCK) {
292 if (!mutex_trylock(&epdata->lock))
293 goto nonblock;
294 if (epdata->state != STATE_EP_ENABLED) {
295 mutex_unlock(&epdata->lock);
296 nonblock:
297 val = -EAGAIN;
298 } else
299 val = 0;
300 return val;
301 }
302
303 val = mutex_lock_interruptible(&epdata->lock);
304 if (val < 0)
305 return val;
306
307 switch (epdata->state) {
308 case STATE_EP_ENABLED:
309 break;
310 // case STATE_EP_DISABLED: /* "can't happen" */
311 // case STATE_EP_READY: /* "can't happen" */
312 default: /* error! */
313 pr_debug ("%s: ep %p not available, state %d\n",
314 shortname, epdata, epdata->state);
315 // FALLTHROUGH
316 case STATE_EP_UNBOUND: /* clean disconnect */
317 val = -ENODEV;
318 mutex_unlock(&epdata->lock);
319 }
320 return val;
321 }
322
323 static ssize_t
ep_io(struct ep_data * epdata,void * buf,unsigned len)324 ep_io (struct ep_data *epdata, void *buf, unsigned len)
325 {
326 DECLARE_COMPLETION_ONSTACK (done);
327 int value;
328
329 spin_lock_irq (&epdata->dev->lock);
330 if (likely (epdata->ep != NULL)) {
331 struct usb_request *req = epdata->req;
332
333 req->context = &done;
334 req->complete = epio_complete;
335 req->buf = buf;
336 req->length = len;
337 value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
338 } else
339 value = -ENODEV;
340 spin_unlock_irq (&epdata->dev->lock);
341
342 if (likely (value == 0)) {
343 value = wait_event_interruptible (done.wait, done.done);
344 if (value != 0) {
345 spin_lock_irq (&epdata->dev->lock);
346 if (likely (epdata->ep != NULL)) {
347 DBG (epdata->dev, "%s i/o interrupted\n",
348 epdata->name);
349 usb_ep_dequeue (epdata->ep, epdata->req);
350 spin_unlock_irq (&epdata->dev->lock);
351
352 wait_event (done.wait, done.done);
353 if (epdata->status == -ECONNRESET)
354 epdata->status = -EINTR;
355 } else {
356 spin_unlock_irq (&epdata->dev->lock);
357
358 DBG (epdata->dev, "endpoint gone\n");
359 epdata->status = -ENODEV;
360 }
361 }
362 return epdata->status;
363 }
364 return value;
365 }
366
367
368 /* handle a synchronous OUT bulk/intr/iso transfer */
369 static ssize_t
ep_read(struct file * fd,char __user * buf,size_t len,loff_t * ptr)370 ep_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
371 {
372 struct ep_data *data = fd->private_data;
373 void *kbuf;
374 ssize_t value;
375
376 if ((value = get_ready_ep (fd->f_flags, data)) < 0)
377 return value;
378
379 /* halt any endpoint by doing a "wrong direction" i/o call */
380 if (usb_endpoint_dir_in(&data->desc)) {
381 if (usb_endpoint_xfer_isoc(&data->desc)) {
382 mutex_unlock(&data->lock);
383 return -EINVAL;
384 }
385 DBG (data->dev, "%s halt\n", data->name);
386 spin_lock_irq (&data->dev->lock);
387 if (likely (data->ep != NULL))
388 usb_ep_set_halt (data->ep);
389 spin_unlock_irq (&data->dev->lock);
390 mutex_unlock(&data->lock);
391 return -EBADMSG;
392 }
393
394 /* FIXME readahead for O_NONBLOCK and poll(); careful with ZLPs */
395
396 value = -ENOMEM;
397 kbuf = kmalloc (len, GFP_KERNEL);
398 if (unlikely (!kbuf))
399 goto free1;
400
401 value = ep_io (data, kbuf, len);
402 VDEBUG (data->dev, "%s read %zu OUT, status %d\n",
403 data->name, len, (int) value);
404 if (value >= 0 && copy_to_user (buf, kbuf, value))
405 value = -EFAULT;
406
407 free1:
408 mutex_unlock(&data->lock);
409 kfree (kbuf);
410 return value;
411 }
412
413 /* handle a synchronous IN bulk/intr/iso transfer */
414 static ssize_t
ep_write(struct file * fd,const char __user * buf,size_t len,loff_t * ptr)415 ep_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
416 {
417 struct ep_data *data = fd->private_data;
418 void *kbuf;
419 ssize_t value;
420
421 if ((value = get_ready_ep (fd->f_flags, data)) < 0)
422 return value;
423
424 /* halt any endpoint by doing a "wrong direction" i/o call */
425 if (!usb_endpoint_dir_in(&data->desc)) {
426 if (usb_endpoint_xfer_isoc(&data->desc)) {
427 mutex_unlock(&data->lock);
428 return -EINVAL;
429 }
430 DBG (data->dev, "%s halt\n", data->name);
431 spin_lock_irq (&data->dev->lock);
432 if (likely (data->ep != NULL))
433 usb_ep_set_halt (data->ep);
434 spin_unlock_irq (&data->dev->lock);
435 mutex_unlock(&data->lock);
436 return -EBADMSG;
437 }
438
439 /* FIXME writebehind for O_NONBLOCK and poll(), qlen = 1 */
440
441 value = -ENOMEM;
442 kbuf = kmalloc (len, GFP_KERNEL);
443 if (!kbuf)
444 goto free1;
445 if (copy_from_user (kbuf, buf, len)) {
446 value = -EFAULT;
447 goto free1;
448 }
449
450 value = ep_io (data, kbuf, len);
451 VDEBUG (data->dev, "%s write %zu IN, status %d\n",
452 data->name, len, (int) value);
453 free1:
454 mutex_unlock(&data->lock);
455 kfree (kbuf);
456 return value;
457 }
458
459 static int
ep_release(struct inode * inode,struct file * fd)460 ep_release (struct inode *inode, struct file *fd)
461 {
462 struct ep_data *data = fd->private_data;
463 int value;
464
465 value = mutex_lock_interruptible(&data->lock);
466 if (value < 0)
467 return value;
468
469 /* clean up if this can be reopened */
470 if (data->state != STATE_EP_UNBOUND) {
471 data->state = STATE_EP_DISABLED;
472 data->desc.bDescriptorType = 0;
473 data->hs_desc.bDescriptorType = 0;
474 usb_ep_disable(data->ep);
475 }
476 mutex_unlock(&data->lock);
477 put_ep (data);
478 return 0;
479 }
480
ep_ioctl(struct file * fd,unsigned code,unsigned long value)481 static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
482 {
483 struct ep_data *data = fd->private_data;
484 int status;
485
486 if ((status = get_ready_ep (fd->f_flags, data)) < 0)
487 return status;
488
489 spin_lock_irq (&data->dev->lock);
490 if (likely (data->ep != NULL)) {
491 switch (code) {
492 case GADGETFS_FIFO_STATUS:
493 status = usb_ep_fifo_status (data->ep);
494 break;
495 case GADGETFS_FIFO_FLUSH:
496 usb_ep_fifo_flush (data->ep);
497 break;
498 case GADGETFS_CLEAR_HALT:
499 status = usb_ep_clear_halt (data->ep);
500 break;
501 default:
502 status = -ENOTTY;
503 }
504 } else
505 status = -ENODEV;
506 spin_unlock_irq (&data->dev->lock);
507 mutex_unlock(&data->lock);
508 return status;
509 }
510
511 /*----------------------------------------------------------------------*/
512
513 /* ASYNCHRONOUS ENDPOINT I/O OPERATIONS (bulk/intr/iso) */
514
515 struct kiocb_priv {
516 struct usb_request *req;
517 struct ep_data *epdata;
518 struct kiocb *iocb;
519 struct mm_struct *mm;
520 struct work_struct work;
521 void *buf;
522 const struct iovec *iv;
523 unsigned long nr_segs;
524 unsigned actual;
525 };
526
ep_aio_cancel(struct kiocb * iocb,struct io_event * e)527 static int ep_aio_cancel(struct kiocb *iocb, struct io_event *e)
528 {
529 struct kiocb_priv *priv = iocb->private;
530 struct ep_data *epdata;
531 int value;
532
533 local_irq_disable();
534 epdata = priv->epdata;
535 // spin_lock(&epdata->dev->lock);
536 if (likely(epdata && epdata->ep && priv->req))
537 value = usb_ep_dequeue (epdata->ep, priv->req);
538 else
539 value = -EINVAL;
540 // spin_unlock(&epdata->dev->lock);
541 local_irq_enable();
542
543 aio_put_req(iocb);
544 return value;
545 }
546
ep_copy_to_user(struct kiocb_priv * priv)547 static ssize_t ep_copy_to_user(struct kiocb_priv *priv)
548 {
549 ssize_t len, total;
550 void *to_copy;
551 int i;
552
553 /* copy stuff into user buffers */
554 total = priv->actual;
555 len = 0;
556 to_copy = priv->buf;
557 for (i=0; i < priv->nr_segs; i++) {
558 ssize_t this = min((ssize_t)(priv->iv[i].iov_len), total);
559
560 if (copy_to_user(priv->iv[i].iov_base, to_copy, this)) {
561 if (len == 0)
562 len = -EFAULT;
563 break;
564 }
565
566 total -= this;
567 len += this;
568 to_copy += this;
569 if (total == 0)
570 break;
571 }
572
573 return len;
574 }
575
ep_user_copy_worker(struct work_struct * work)576 static void ep_user_copy_worker(struct work_struct *work)
577 {
578 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
579 struct mm_struct *mm = priv->mm;
580 struct kiocb *iocb = priv->iocb;
581 size_t ret;
582
583 use_mm(mm);
584 ret = ep_copy_to_user(priv);
585 unuse_mm(mm);
586
587 /* completing the iocb can drop the ctx and mm, don't touch mm after */
588 aio_complete(iocb, ret, ret);
589
590 kfree(priv->buf);
591 kfree(priv);
592 }
593
ep_aio_complete(struct usb_ep * ep,struct usb_request * req)594 static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
595 {
596 struct kiocb *iocb = req->context;
597 struct kiocb_priv *priv = iocb->private;
598 struct ep_data *epdata = priv->epdata;
599
600 /* lock against disconnect (and ideally, cancel) */
601 spin_lock(&epdata->dev->lock);
602 priv->req = NULL;
603 priv->epdata = NULL;
604
605 /* if this was a write or a read returning no data then we
606 * don't need to copy anything to userspace, so we can
607 * complete the aio request immediately.
608 */
609 if (priv->iv == NULL || unlikely(req->actual == 0)) {
610 kfree(req->buf);
611 kfree(priv);
612 iocb->private = NULL;
613 /* aio_complete() reports bytes-transferred _and_ faults */
614 aio_complete(iocb, req->actual ? req->actual : req->status,
615 req->status);
616 } else {
617 /* ep_copy_to_user() won't report both; we hide some faults */
618 if (unlikely(0 != req->status))
619 DBG(epdata->dev, "%s fault %d len %d\n",
620 ep->name, req->status, req->actual);
621
622 priv->buf = req->buf;
623 priv->actual = req->actual;
624 schedule_work(&priv->work);
625 }
626 spin_unlock(&epdata->dev->lock);
627
628 usb_ep_free_request(ep, req);
629 put_ep(epdata);
630 }
631
632 static ssize_t
ep_aio_rwtail(struct kiocb * iocb,char * buf,size_t len,struct ep_data * epdata,const struct iovec * iv,unsigned long nr_segs)633 ep_aio_rwtail(
634 struct kiocb *iocb,
635 char *buf,
636 size_t len,
637 struct ep_data *epdata,
638 const struct iovec *iv,
639 unsigned long nr_segs
640 )
641 {
642 struct kiocb_priv *priv;
643 struct usb_request *req;
644 ssize_t value;
645
646 priv = kmalloc(sizeof *priv, GFP_KERNEL);
647 if (!priv) {
648 value = -ENOMEM;
649 fail:
650 kfree(buf);
651 return value;
652 }
653 iocb->private = priv;
654 priv->iocb = iocb;
655 priv->iv = iv;
656 priv->nr_segs = nr_segs;
657 INIT_WORK(&priv->work, ep_user_copy_worker);
658
659 value = get_ready_ep(iocb->ki_filp->f_flags, epdata);
660 if (unlikely(value < 0)) {
661 kfree(priv);
662 goto fail;
663 }
664
665 kiocb_set_cancel_fn(iocb, ep_aio_cancel);
666 get_ep(epdata);
667 priv->epdata = epdata;
668 priv->actual = 0;
669 priv->mm = current->mm; /* mm teardown waits for iocbs in exit_aio() */
670
671 /* each kiocb is coupled to one usb_request, but we can't
672 * allocate or submit those if the host disconnected.
673 */
674 spin_lock_irq(&epdata->dev->lock);
675 if (likely(epdata->ep)) {
676 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
677 if (likely(req)) {
678 priv->req = req;
679 req->buf = buf;
680 req->length = len;
681 req->complete = ep_aio_complete;
682 req->context = iocb;
683 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
684 if (unlikely(0 != value))
685 usb_ep_free_request(epdata->ep, req);
686 } else
687 value = -EAGAIN;
688 } else
689 value = -ENODEV;
690 spin_unlock_irq(&epdata->dev->lock);
691
692 mutex_unlock(&epdata->lock);
693
694 if (unlikely(value)) {
695 kfree(priv);
696 put_ep(epdata);
697 } else
698 value = -EIOCBQUEUED;
699 return value;
700 }
701
702 static ssize_t
ep_aio_read(struct kiocb * iocb,const struct iovec * iov,unsigned long nr_segs,loff_t o)703 ep_aio_read(struct kiocb *iocb, const struct iovec *iov,
704 unsigned long nr_segs, loff_t o)
705 {
706 struct ep_data *epdata = iocb->ki_filp->private_data;
707 char *buf;
708
709 if (unlikely(usb_endpoint_dir_in(&epdata->desc)))
710 return -EINVAL;
711
712 buf = kmalloc(iocb->ki_left, GFP_KERNEL);
713 if (unlikely(!buf))
714 return -ENOMEM;
715
716 return ep_aio_rwtail(iocb, buf, iocb->ki_left, epdata, iov, nr_segs);
717 }
718
719 static ssize_t
ep_aio_write(struct kiocb * iocb,const struct iovec * iov,unsigned long nr_segs,loff_t o)720 ep_aio_write(struct kiocb *iocb, const struct iovec *iov,
721 unsigned long nr_segs, loff_t o)
722 {
723 struct ep_data *epdata = iocb->ki_filp->private_data;
724 char *buf;
725 size_t len = 0;
726 int i = 0;
727
728 if (unlikely(!usb_endpoint_dir_in(&epdata->desc)))
729 return -EINVAL;
730
731 buf = kmalloc(iocb->ki_left, GFP_KERNEL);
732 if (unlikely(!buf))
733 return -ENOMEM;
734
735 for (i=0; i < nr_segs; i++) {
736 if (unlikely(copy_from_user(&buf[len], iov[i].iov_base,
737 iov[i].iov_len) != 0)) {
738 kfree(buf);
739 return -EFAULT;
740 }
741 len += iov[i].iov_len;
742 }
743 return ep_aio_rwtail(iocb, buf, len, epdata, NULL, 0);
744 }
745
746 /*----------------------------------------------------------------------*/
747
748 /* used after endpoint configuration */
749 static const struct file_operations ep_io_operations = {
750 .owner = THIS_MODULE,
751 .llseek = no_llseek,
752
753 .read = ep_read,
754 .write = ep_write,
755 .unlocked_ioctl = ep_ioctl,
756 .release = ep_release,
757
758 .aio_read = ep_aio_read,
759 .aio_write = ep_aio_write,
760 };
761
762 /* ENDPOINT INITIALIZATION
763 *
764 * fd = open ("/dev/gadget/$ENDPOINT", O_RDWR)
765 * status = write (fd, descriptors, sizeof descriptors)
766 *
767 * That write establishes the endpoint configuration, configuring
768 * the controller to process bulk, interrupt, or isochronous transfers
769 * at the right maxpacket size, and so on.
770 *
771 * The descriptors are message type 1, identified by a host order u32
772 * at the beginning of what's written. Descriptor order is: full/low
773 * speed descriptor, then optional high speed descriptor.
774 */
775 static ssize_t
ep_config(struct file * fd,const char __user * buf,size_t len,loff_t * ptr)776 ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
777 {
778 struct ep_data *data = fd->private_data;
779 struct usb_ep *ep;
780 u32 tag;
781 int value, length = len;
782
783 value = mutex_lock_interruptible(&data->lock);
784 if (value < 0)
785 return value;
786
787 if (data->state != STATE_EP_READY) {
788 value = -EL2HLT;
789 goto fail;
790 }
791
792 value = len;
793 if (len < USB_DT_ENDPOINT_SIZE + 4)
794 goto fail0;
795
796 /* we might need to change message format someday */
797 if (copy_from_user (&tag, buf, 4)) {
798 goto fail1;
799 }
800 if (tag != 1) {
801 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
802 goto fail0;
803 }
804 buf += 4;
805 len -= 4;
806
807 /* NOTE: audio endpoint extensions not accepted here;
808 * just don't include the extra bytes.
809 */
810
811 /* full/low speed descriptor, then high speed */
812 if (copy_from_user (&data->desc, buf, USB_DT_ENDPOINT_SIZE)) {
813 goto fail1;
814 }
815 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
816 || data->desc.bDescriptorType != USB_DT_ENDPOINT)
817 goto fail0;
818 if (len != USB_DT_ENDPOINT_SIZE) {
819 if (len != 2 * USB_DT_ENDPOINT_SIZE)
820 goto fail0;
821 if (copy_from_user (&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
822 USB_DT_ENDPOINT_SIZE)) {
823 goto fail1;
824 }
825 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
826 || data->hs_desc.bDescriptorType
827 != USB_DT_ENDPOINT) {
828 DBG(data->dev, "config %s, bad hs length or type\n",
829 data->name);
830 goto fail0;
831 }
832 }
833
834 spin_lock_irq (&data->dev->lock);
835 if (data->dev->state == STATE_DEV_UNBOUND) {
836 value = -ENOENT;
837 goto gone;
838 } else if ((ep = data->ep) == NULL) {
839 value = -ENODEV;
840 goto gone;
841 }
842 switch (data->dev->gadget->speed) {
843 case USB_SPEED_LOW:
844 case USB_SPEED_FULL:
845 ep->desc = &data->desc;
846 value = usb_ep_enable(ep);
847 if (value == 0)
848 data->state = STATE_EP_ENABLED;
849 break;
850 case USB_SPEED_HIGH:
851 /* fails if caller didn't provide that descriptor... */
852 ep->desc = &data->hs_desc;
853 value = usb_ep_enable(ep);
854 if (value == 0)
855 data->state = STATE_EP_ENABLED;
856 break;
857 default:
858 DBG(data->dev, "unconnected, %s init abandoned\n",
859 data->name);
860 value = -EINVAL;
861 }
862 if (value == 0) {
863 fd->f_op = &ep_io_operations;
864 value = length;
865 }
866 gone:
867 spin_unlock_irq (&data->dev->lock);
868 if (value < 0) {
869 fail:
870 data->desc.bDescriptorType = 0;
871 data->hs_desc.bDescriptorType = 0;
872 }
873 mutex_unlock(&data->lock);
874 return value;
875 fail0:
876 value = -EINVAL;
877 goto fail;
878 fail1:
879 value = -EFAULT;
880 goto fail;
881 }
882
883 static int
ep_open(struct inode * inode,struct file * fd)884 ep_open (struct inode *inode, struct file *fd)
885 {
886 struct ep_data *data = inode->i_private;
887 int value = -EBUSY;
888
889 if (mutex_lock_interruptible(&data->lock) != 0)
890 return -EINTR;
891 spin_lock_irq (&data->dev->lock);
892 if (data->dev->state == STATE_DEV_UNBOUND)
893 value = -ENOENT;
894 else if (data->state == STATE_EP_DISABLED) {
895 value = 0;
896 data->state = STATE_EP_READY;
897 get_ep (data);
898 fd->private_data = data;
899 VDEBUG (data->dev, "%s ready\n", data->name);
900 } else
901 DBG (data->dev, "%s state %d\n",
902 data->name, data->state);
903 spin_unlock_irq (&data->dev->lock);
904 mutex_unlock(&data->lock);
905 return value;
906 }
907
908 /* used before endpoint configuration */
909 static const struct file_operations ep_config_operations = {
910 .llseek = no_llseek,
911
912 .open = ep_open,
913 .write = ep_config,
914 .release = ep_release,
915 };
916
917 /*----------------------------------------------------------------------*/
918
919 /* EP0 IMPLEMENTATION can be partly in userspace.
920 *
921 * Drivers that use this facility receive various events, including
922 * control requests the kernel doesn't handle. Drivers that don't
923 * use this facility may be too simple-minded for real applications.
924 */
925
ep0_readable(struct dev_data * dev)926 static inline void ep0_readable (struct dev_data *dev)
927 {
928 wake_up (&dev->wait);
929 kill_fasync (&dev->fasync, SIGIO, POLL_IN);
930 }
931
clean_req(struct usb_ep * ep,struct usb_request * req)932 static void clean_req (struct usb_ep *ep, struct usb_request *req)
933 {
934 struct dev_data *dev = ep->driver_data;
935
936 if (req->buf != dev->rbuf) {
937 kfree(req->buf);
938 req->buf = dev->rbuf;
939 }
940 req->complete = epio_complete;
941 dev->setup_out_ready = 0;
942 }
943
ep0_complete(struct usb_ep * ep,struct usb_request * req)944 static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
945 {
946 struct dev_data *dev = ep->driver_data;
947 unsigned long flags;
948 int free = 1;
949
950 /* for control OUT, data must still get to userspace */
951 spin_lock_irqsave(&dev->lock, flags);
952 if (!dev->setup_in) {
953 dev->setup_out_error = (req->status != 0);
954 if (!dev->setup_out_error)
955 free = 0;
956 dev->setup_out_ready = 1;
957 ep0_readable (dev);
958 }
959
960 /* clean up as appropriate */
961 if (free && req->buf != &dev->rbuf)
962 clean_req (ep, req);
963 req->complete = epio_complete;
964 spin_unlock_irqrestore(&dev->lock, flags);
965 }
966
setup_req(struct usb_ep * ep,struct usb_request * req,u16 len)967 static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
968 {
969 struct dev_data *dev = ep->driver_data;
970
971 if (dev->setup_out_ready) {
972 DBG (dev, "ep0 request busy!\n");
973 return -EBUSY;
974 }
975 if (len > sizeof (dev->rbuf))
976 req->buf = kmalloc(len, GFP_ATOMIC);
977 if (req->buf == NULL) {
978 req->buf = dev->rbuf;
979 return -ENOMEM;
980 }
981 req->complete = ep0_complete;
982 req->length = len;
983 req->zero = 0;
984 return 0;
985 }
986
987 static ssize_t
ep0_read(struct file * fd,char __user * buf,size_t len,loff_t * ptr)988 ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
989 {
990 struct dev_data *dev = fd->private_data;
991 ssize_t retval;
992 enum ep0_state state;
993
994 spin_lock_irq (&dev->lock);
995
996 /* report fd mode change before acting on it */
997 if (dev->setup_abort) {
998 dev->setup_abort = 0;
999 retval = -EIDRM;
1000 goto done;
1001 }
1002
1003 /* control DATA stage */
1004 if ((state = dev->state) == STATE_DEV_SETUP) {
1005
1006 if (dev->setup_in) { /* stall IN */
1007 VDEBUG(dev, "ep0in stall\n");
1008 (void) usb_ep_set_halt (dev->gadget->ep0);
1009 retval = -EL2HLT;
1010 dev->state = STATE_DEV_CONNECTED;
1011
1012 } else if (len == 0) { /* ack SET_CONFIGURATION etc */
1013 struct usb_ep *ep = dev->gadget->ep0;
1014 struct usb_request *req = dev->req;
1015
1016 if ((retval = setup_req (ep, req, 0)) == 0)
1017 retval = usb_ep_queue (ep, req, GFP_ATOMIC);
1018 dev->state = STATE_DEV_CONNECTED;
1019
1020 /* assume that was SET_CONFIGURATION */
1021 if (dev->current_config) {
1022 unsigned power;
1023
1024 if (gadget_is_dualspeed(dev->gadget)
1025 && (dev->gadget->speed
1026 == USB_SPEED_HIGH))
1027 power = dev->hs_config->bMaxPower;
1028 else
1029 power = dev->config->bMaxPower;
1030 usb_gadget_vbus_draw(dev->gadget, 2 * power);
1031 }
1032
1033 } else { /* collect OUT data */
1034 if ((fd->f_flags & O_NONBLOCK) != 0
1035 && !dev->setup_out_ready) {
1036 retval = -EAGAIN;
1037 goto done;
1038 }
1039 spin_unlock_irq (&dev->lock);
1040 retval = wait_event_interruptible (dev->wait,
1041 dev->setup_out_ready != 0);
1042
1043 /* FIXME state could change from under us */
1044 spin_lock_irq (&dev->lock);
1045 if (retval)
1046 goto done;
1047
1048 if (dev->state != STATE_DEV_SETUP) {
1049 retval = -ECANCELED;
1050 goto done;
1051 }
1052 dev->state = STATE_DEV_CONNECTED;
1053
1054 if (dev->setup_out_error)
1055 retval = -EIO;
1056 else {
1057 len = min (len, (size_t)dev->req->actual);
1058 // FIXME don't call this with the spinlock held ...
1059 if (copy_to_user (buf, dev->req->buf, len))
1060 retval = -EFAULT;
1061 else
1062 retval = len;
1063 clean_req (dev->gadget->ep0, dev->req);
1064 /* NOTE userspace can't yet choose to stall */
1065 }
1066 }
1067 goto done;
1068 }
1069
1070 /* else normal: return event data */
1071 if (len < sizeof dev->event [0]) {
1072 retval = -EINVAL;
1073 goto done;
1074 }
1075 len -= len % sizeof (struct usb_gadgetfs_event);
1076 dev->usermode_setup = 1;
1077
1078 scan:
1079 /* return queued events right away */
1080 if (dev->ev_next != 0) {
1081 unsigned i, n;
1082
1083 n = len / sizeof (struct usb_gadgetfs_event);
1084 if (dev->ev_next < n)
1085 n = dev->ev_next;
1086
1087 /* ep0 i/o has special semantics during STATE_DEV_SETUP */
1088 for (i = 0; i < n; i++) {
1089 if (dev->event [i].type == GADGETFS_SETUP) {
1090 dev->state = STATE_DEV_SETUP;
1091 n = i + 1;
1092 break;
1093 }
1094 }
1095 spin_unlock_irq (&dev->lock);
1096 len = n * sizeof (struct usb_gadgetfs_event);
1097 if (copy_to_user (buf, &dev->event, len))
1098 retval = -EFAULT;
1099 else
1100 retval = len;
1101 if (len > 0) {
1102 /* NOTE this doesn't guard against broken drivers;
1103 * concurrent ep0 readers may lose events.
1104 */
1105 spin_lock_irq (&dev->lock);
1106 if (dev->ev_next > n) {
1107 memmove(&dev->event[0], &dev->event[n],
1108 sizeof (struct usb_gadgetfs_event)
1109 * (dev->ev_next - n));
1110 }
1111 dev->ev_next -= n;
1112 spin_unlock_irq (&dev->lock);
1113 }
1114 return retval;
1115 }
1116 if (fd->f_flags & O_NONBLOCK) {
1117 retval = -EAGAIN;
1118 goto done;
1119 }
1120
1121 switch (state) {
1122 default:
1123 DBG (dev, "fail %s, state %d\n", __func__, state);
1124 retval = -ESRCH;
1125 break;
1126 case STATE_DEV_UNCONNECTED:
1127 case STATE_DEV_CONNECTED:
1128 spin_unlock_irq (&dev->lock);
1129 DBG (dev, "%s wait\n", __func__);
1130
1131 /* wait for events */
1132 retval = wait_event_interruptible (dev->wait,
1133 dev->ev_next != 0);
1134 if (retval < 0)
1135 return retval;
1136 spin_lock_irq (&dev->lock);
1137 goto scan;
1138 }
1139
1140 done:
1141 spin_unlock_irq (&dev->lock);
1142 return retval;
1143 }
1144
1145 static struct usb_gadgetfs_event *
next_event(struct dev_data * dev,enum usb_gadgetfs_event_type type)1146 next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1147 {
1148 struct usb_gadgetfs_event *event;
1149 unsigned i;
1150
1151 switch (type) {
1152 /* these events purge the queue */
1153 case GADGETFS_DISCONNECT:
1154 if (dev->state == STATE_DEV_SETUP)
1155 dev->setup_abort = 1;
1156 // FALL THROUGH
1157 case GADGETFS_CONNECT:
1158 dev->ev_next = 0;
1159 break;
1160 case GADGETFS_SETUP: /* previous request timed out */
1161 case GADGETFS_SUSPEND: /* same effect */
1162 /* these events can't be repeated */
1163 for (i = 0; i != dev->ev_next; i++) {
1164 if (dev->event [i].type != type)
1165 continue;
1166 DBG(dev, "discard old event[%d] %d\n", i, type);
1167 dev->ev_next--;
1168 if (i == dev->ev_next)
1169 break;
1170 /* indices start at zero, for simplicity */
1171 memmove (&dev->event [i], &dev->event [i + 1],
1172 sizeof (struct usb_gadgetfs_event)
1173 * (dev->ev_next - i));
1174 }
1175 break;
1176 default:
1177 BUG ();
1178 }
1179 VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1180 event = &dev->event [dev->ev_next++];
1181 BUG_ON (dev->ev_next > N_EVENT);
1182 memset (event, 0, sizeof *event);
1183 event->type = type;
1184 return event;
1185 }
1186
1187 static ssize_t
ep0_write(struct file * fd,const char __user * buf,size_t len,loff_t * ptr)1188 ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1189 {
1190 struct dev_data *dev = fd->private_data;
1191 ssize_t retval = -ESRCH;
1192
1193 spin_lock_irq (&dev->lock);
1194
1195 /* report fd mode change before acting on it */
1196 if (dev->setup_abort) {
1197 dev->setup_abort = 0;
1198 retval = -EIDRM;
1199
1200 /* data and/or status stage for control request */
1201 } else if (dev->state == STATE_DEV_SETUP) {
1202
1203 /* IN DATA+STATUS caller makes len <= wLength */
1204 if (dev->setup_in) {
1205 retval = setup_req (dev->gadget->ep0, dev->req, len);
1206 if (retval == 0) {
1207 dev->state = STATE_DEV_CONNECTED;
1208 spin_unlock_irq (&dev->lock);
1209 if (copy_from_user (dev->req->buf, buf, len))
1210 retval = -EFAULT;
1211 else {
1212 if (len < dev->setup_wLength)
1213 dev->req->zero = 1;
1214 retval = usb_ep_queue (
1215 dev->gadget->ep0, dev->req,
1216 GFP_KERNEL);
1217 }
1218 if (retval < 0) {
1219 spin_lock_irq (&dev->lock);
1220 clean_req (dev->gadget->ep0, dev->req);
1221 spin_unlock_irq (&dev->lock);
1222 } else
1223 retval = len;
1224
1225 return retval;
1226 }
1227
1228 /* can stall some OUT transfers */
1229 } else if (dev->setup_can_stall) {
1230 VDEBUG(dev, "ep0out stall\n");
1231 (void) usb_ep_set_halt (dev->gadget->ep0);
1232 retval = -EL2HLT;
1233 dev->state = STATE_DEV_CONNECTED;
1234 } else {
1235 DBG(dev, "bogus ep0out stall!\n");
1236 }
1237 } else
1238 DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1239
1240 spin_unlock_irq (&dev->lock);
1241 return retval;
1242 }
1243
1244 static int
ep0_fasync(int f,struct file * fd,int on)1245 ep0_fasync (int f, struct file *fd, int on)
1246 {
1247 struct dev_data *dev = fd->private_data;
1248 // caller must F_SETOWN before signal delivery happens
1249 VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1250 return fasync_helper (f, fd, on, &dev->fasync);
1251 }
1252
1253 static struct usb_gadget_driver gadgetfs_driver;
1254
1255 static int
dev_release(struct inode * inode,struct file * fd)1256 dev_release (struct inode *inode, struct file *fd)
1257 {
1258 struct dev_data *dev = fd->private_data;
1259
1260 /* closing ep0 === shutdown all */
1261
1262 usb_gadget_unregister_driver (&gadgetfs_driver);
1263
1264 /* at this point "good" hardware has disconnected the
1265 * device from USB; the host won't see it any more.
1266 * alternatively, all host requests will time out.
1267 */
1268
1269 kfree (dev->buf);
1270 dev->buf = NULL;
1271 put_dev (dev);
1272
1273 /* other endpoints were all decoupled from this device */
1274 spin_lock_irq(&dev->lock);
1275 dev->state = STATE_DEV_DISABLED;
1276 spin_unlock_irq(&dev->lock);
1277 return 0;
1278 }
1279
1280 static unsigned int
ep0_poll(struct file * fd,poll_table * wait)1281 ep0_poll (struct file *fd, poll_table *wait)
1282 {
1283 struct dev_data *dev = fd->private_data;
1284 int mask = 0;
1285
1286 poll_wait(fd, &dev->wait, wait);
1287
1288 spin_lock_irq (&dev->lock);
1289
1290 /* report fd mode change before acting on it */
1291 if (dev->setup_abort) {
1292 dev->setup_abort = 0;
1293 mask = POLLHUP;
1294 goto out;
1295 }
1296
1297 if (dev->state == STATE_DEV_SETUP) {
1298 if (dev->setup_in || dev->setup_can_stall)
1299 mask = POLLOUT;
1300 } else {
1301 if (dev->ev_next != 0)
1302 mask = POLLIN;
1303 }
1304 out:
1305 spin_unlock_irq(&dev->lock);
1306 return mask;
1307 }
1308
dev_ioctl(struct file * fd,unsigned code,unsigned long value)1309 static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1310 {
1311 struct dev_data *dev = fd->private_data;
1312 struct usb_gadget *gadget = dev->gadget;
1313 long ret = -ENOTTY;
1314
1315 if (gadget->ops->ioctl)
1316 ret = gadget->ops->ioctl (gadget, code, value);
1317
1318 return ret;
1319 }
1320
1321 /* used after device configuration */
1322 static const struct file_operations ep0_io_operations = {
1323 .owner = THIS_MODULE,
1324 .llseek = no_llseek,
1325
1326 .read = ep0_read,
1327 .write = ep0_write,
1328 .fasync = ep0_fasync,
1329 .poll = ep0_poll,
1330 .unlocked_ioctl = dev_ioctl,
1331 .release = dev_release,
1332 };
1333
1334 /*----------------------------------------------------------------------*/
1335
1336 /* The in-kernel gadget driver handles most ep0 issues, in particular
1337 * enumerating the single configuration (as provided from user space).
1338 *
1339 * Unrecognized ep0 requests may be handled in user space.
1340 */
1341
make_qualifier(struct dev_data * dev)1342 static void make_qualifier (struct dev_data *dev)
1343 {
1344 struct usb_qualifier_descriptor qual;
1345 struct usb_device_descriptor *desc;
1346
1347 qual.bLength = sizeof qual;
1348 qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1349 qual.bcdUSB = cpu_to_le16 (0x0200);
1350
1351 desc = dev->dev;
1352 qual.bDeviceClass = desc->bDeviceClass;
1353 qual.bDeviceSubClass = desc->bDeviceSubClass;
1354 qual.bDeviceProtocol = desc->bDeviceProtocol;
1355
1356 /* assumes ep0 uses the same value for both speeds ... */
1357 qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1358
1359 qual.bNumConfigurations = 1;
1360 qual.bRESERVED = 0;
1361
1362 memcpy (dev->rbuf, &qual, sizeof qual);
1363 }
1364
1365 static int
config_buf(struct dev_data * dev,u8 type,unsigned index)1366 config_buf (struct dev_data *dev, u8 type, unsigned index)
1367 {
1368 int len;
1369 int hs = 0;
1370
1371 /* only one configuration */
1372 if (index > 0)
1373 return -EINVAL;
1374
1375 if (gadget_is_dualspeed(dev->gadget)) {
1376 hs = (dev->gadget->speed == USB_SPEED_HIGH);
1377 if (type == USB_DT_OTHER_SPEED_CONFIG)
1378 hs = !hs;
1379 }
1380 if (hs) {
1381 dev->req->buf = dev->hs_config;
1382 len = le16_to_cpu(dev->hs_config->wTotalLength);
1383 } else {
1384 dev->req->buf = dev->config;
1385 len = le16_to_cpu(dev->config->wTotalLength);
1386 }
1387 ((u8 *)dev->req->buf) [1] = type;
1388 return len;
1389 }
1390
1391 static int
gadgetfs_setup(struct usb_gadget * gadget,const struct usb_ctrlrequest * ctrl)1392 gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1393 {
1394 struct dev_data *dev = get_gadget_data (gadget);
1395 struct usb_request *req = dev->req;
1396 int value = -EOPNOTSUPP;
1397 struct usb_gadgetfs_event *event;
1398 u16 w_value = le16_to_cpu(ctrl->wValue);
1399 u16 w_length = le16_to_cpu(ctrl->wLength);
1400
1401 spin_lock (&dev->lock);
1402 dev->setup_abort = 0;
1403 if (dev->state == STATE_DEV_UNCONNECTED) {
1404 if (gadget_is_dualspeed(gadget)
1405 && gadget->speed == USB_SPEED_HIGH
1406 && dev->hs_config == NULL) {
1407 spin_unlock(&dev->lock);
1408 ERROR (dev, "no high speed config??\n");
1409 return -EINVAL;
1410 }
1411
1412 dev->state = STATE_DEV_CONNECTED;
1413
1414 INFO (dev, "connected\n");
1415 event = next_event (dev, GADGETFS_CONNECT);
1416 event->u.speed = gadget->speed;
1417 ep0_readable (dev);
1418
1419 /* host may have given up waiting for response. we can miss control
1420 * requests handled lower down (device/endpoint status and features);
1421 * then ep0_{read,write} will report the wrong status. controller
1422 * driver will have aborted pending i/o.
1423 */
1424 } else if (dev->state == STATE_DEV_SETUP)
1425 dev->setup_abort = 1;
1426
1427 req->buf = dev->rbuf;
1428 req->context = NULL;
1429 value = -EOPNOTSUPP;
1430 switch (ctrl->bRequest) {
1431
1432 case USB_REQ_GET_DESCRIPTOR:
1433 if (ctrl->bRequestType != USB_DIR_IN)
1434 goto unrecognized;
1435 switch (w_value >> 8) {
1436
1437 case USB_DT_DEVICE:
1438 value = min (w_length, (u16) sizeof *dev->dev);
1439 dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1440 req->buf = dev->dev;
1441 break;
1442 case USB_DT_DEVICE_QUALIFIER:
1443 if (!dev->hs_config)
1444 break;
1445 value = min (w_length, (u16)
1446 sizeof (struct usb_qualifier_descriptor));
1447 make_qualifier (dev);
1448 break;
1449 case USB_DT_OTHER_SPEED_CONFIG:
1450 // FALLTHROUGH
1451 case USB_DT_CONFIG:
1452 value = config_buf (dev,
1453 w_value >> 8,
1454 w_value & 0xff);
1455 if (value >= 0)
1456 value = min (w_length, (u16) value);
1457 break;
1458 case USB_DT_STRING:
1459 goto unrecognized;
1460
1461 default: // all others are errors
1462 break;
1463 }
1464 break;
1465
1466 /* currently one config, two speeds */
1467 case USB_REQ_SET_CONFIGURATION:
1468 if (ctrl->bRequestType != 0)
1469 goto unrecognized;
1470 if (0 == (u8) w_value) {
1471 value = 0;
1472 dev->current_config = 0;
1473 usb_gadget_vbus_draw(gadget, 8 /* mA */ );
1474 // user mode expected to disable endpoints
1475 } else {
1476 u8 config, power;
1477
1478 if (gadget_is_dualspeed(gadget)
1479 && gadget->speed == USB_SPEED_HIGH) {
1480 config = dev->hs_config->bConfigurationValue;
1481 power = dev->hs_config->bMaxPower;
1482 } else {
1483 config = dev->config->bConfigurationValue;
1484 power = dev->config->bMaxPower;
1485 }
1486
1487 if (config == (u8) w_value) {
1488 value = 0;
1489 dev->current_config = config;
1490 usb_gadget_vbus_draw(gadget, 2 * power);
1491 }
1492 }
1493
1494 /* report SET_CONFIGURATION like any other control request,
1495 * except that usermode may not stall this. the next
1496 * request mustn't be allowed start until this finishes:
1497 * endpoints and threads set up, etc.
1498 *
1499 * NOTE: older PXA hardware (before PXA 255: without UDCCFR)
1500 * has bad/racey automagic that prevents synchronizing here.
1501 * even kernel mode drivers often miss them.
1502 */
1503 if (value == 0) {
1504 INFO (dev, "configuration #%d\n", dev->current_config);
1505 if (dev->usermode_setup) {
1506 dev->setup_can_stall = 0;
1507 goto delegate;
1508 }
1509 }
1510 break;
1511
1512 #ifndef CONFIG_USB_GADGET_PXA25X
1513 /* PXA automagically handles this request too */
1514 case USB_REQ_GET_CONFIGURATION:
1515 if (ctrl->bRequestType != 0x80)
1516 goto unrecognized;
1517 *(u8 *)req->buf = dev->current_config;
1518 value = min (w_length, (u16) 1);
1519 break;
1520 #endif
1521
1522 default:
1523 unrecognized:
1524 VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1525 dev->usermode_setup ? "delegate" : "fail",
1526 ctrl->bRequestType, ctrl->bRequest,
1527 w_value, le16_to_cpu(ctrl->wIndex), w_length);
1528
1529 /* if there's an ep0 reader, don't stall */
1530 if (dev->usermode_setup) {
1531 dev->setup_can_stall = 1;
1532 delegate:
1533 dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1534 ? 1 : 0;
1535 dev->setup_wLength = w_length;
1536 dev->setup_out_ready = 0;
1537 dev->setup_out_error = 0;
1538 value = 0;
1539
1540 /* read DATA stage for OUT right away */
1541 if (unlikely (!dev->setup_in && w_length)) {
1542 value = setup_req (gadget->ep0, dev->req,
1543 w_length);
1544 if (value < 0)
1545 break;
1546 value = usb_ep_queue (gadget->ep0, dev->req,
1547 GFP_ATOMIC);
1548 if (value < 0) {
1549 clean_req (gadget->ep0, dev->req);
1550 break;
1551 }
1552
1553 /* we can't currently stall these */
1554 dev->setup_can_stall = 0;
1555 }
1556
1557 /* state changes when reader collects event */
1558 event = next_event (dev, GADGETFS_SETUP);
1559 event->u.setup = *ctrl;
1560 ep0_readable (dev);
1561 spin_unlock (&dev->lock);
1562 return 0;
1563 }
1564 }
1565
1566 /* proceed with data transfer and status phases? */
1567 if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1568 req->length = value;
1569 req->zero = value < w_length;
1570 value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC);
1571 if (value < 0) {
1572 DBG (dev, "ep_queue --> %d\n", value);
1573 req->status = 0;
1574 }
1575 }
1576
1577 /* device stalls when value < 0 */
1578 spin_unlock (&dev->lock);
1579 return value;
1580 }
1581
destroy_ep_files(struct dev_data * dev)1582 static void destroy_ep_files (struct dev_data *dev)
1583 {
1584 DBG (dev, "%s %d\n", __func__, dev->state);
1585
1586 /* dev->state must prevent interference */
1587 spin_lock_irq (&dev->lock);
1588 while (!list_empty(&dev->epfiles)) {
1589 struct ep_data *ep;
1590 struct inode *parent;
1591 struct dentry *dentry;
1592
1593 /* break link to FS */
1594 ep = list_first_entry (&dev->epfiles, struct ep_data, epfiles);
1595 list_del_init (&ep->epfiles);
1596 dentry = ep->dentry;
1597 ep->dentry = NULL;
1598 parent = dentry->d_parent->d_inode;
1599
1600 /* break link to controller */
1601 if (ep->state == STATE_EP_ENABLED)
1602 (void) usb_ep_disable (ep->ep);
1603 ep->state = STATE_EP_UNBOUND;
1604 usb_ep_free_request (ep->ep, ep->req);
1605 ep->ep = NULL;
1606 wake_up (&ep->wait);
1607 put_ep (ep);
1608
1609 spin_unlock_irq (&dev->lock);
1610
1611 /* break link to dcache */
1612 mutex_lock (&parent->i_mutex);
1613 d_delete (dentry);
1614 dput (dentry);
1615 mutex_unlock (&parent->i_mutex);
1616
1617 spin_lock_irq (&dev->lock);
1618 }
1619 spin_unlock_irq (&dev->lock);
1620 }
1621
1622
1623 static struct inode *
1624 gadgetfs_create_file (struct super_block *sb, char const *name,
1625 void *data, const struct file_operations *fops,
1626 struct dentry **dentry_p);
1627
activate_ep_files(struct dev_data * dev)1628 static int activate_ep_files (struct dev_data *dev)
1629 {
1630 struct usb_ep *ep;
1631 struct ep_data *data;
1632
1633 gadget_for_each_ep (ep, dev->gadget) {
1634
1635 data = kzalloc(sizeof(*data), GFP_KERNEL);
1636 if (!data)
1637 goto enomem0;
1638 data->state = STATE_EP_DISABLED;
1639 mutex_init(&data->lock);
1640 init_waitqueue_head (&data->wait);
1641
1642 strncpy (data->name, ep->name, sizeof (data->name) - 1);
1643 atomic_set (&data->count, 1);
1644 data->dev = dev;
1645 get_dev (dev);
1646
1647 data->ep = ep;
1648 ep->driver_data = data;
1649
1650 data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1651 if (!data->req)
1652 goto enomem1;
1653
1654 data->inode = gadgetfs_create_file (dev->sb, data->name,
1655 data, &ep_config_operations,
1656 &data->dentry);
1657 if (!data->inode)
1658 goto enomem2;
1659 list_add_tail (&data->epfiles, &dev->epfiles);
1660 }
1661 return 0;
1662
1663 enomem2:
1664 usb_ep_free_request (ep, data->req);
1665 enomem1:
1666 put_dev (dev);
1667 kfree (data);
1668 enomem0:
1669 DBG (dev, "%s enomem\n", __func__);
1670 destroy_ep_files (dev);
1671 return -ENOMEM;
1672 }
1673
1674 static void
gadgetfs_unbind(struct usb_gadget * gadget)1675 gadgetfs_unbind (struct usb_gadget *gadget)
1676 {
1677 struct dev_data *dev = get_gadget_data (gadget);
1678
1679 DBG (dev, "%s\n", __func__);
1680
1681 spin_lock_irq (&dev->lock);
1682 dev->state = STATE_DEV_UNBOUND;
1683 spin_unlock_irq (&dev->lock);
1684
1685 destroy_ep_files (dev);
1686 gadget->ep0->driver_data = NULL;
1687 set_gadget_data (gadget, NULL);
1688
1689 /* we've already been disconnected ... no i/o is active */
1690 if (dev->req)
1691 usb_ep_free_request (gadget->ep0, dev->req);
1692 DBG (dev, "%s done\n", __func__);
1693 put_dev (dev);
1694 }
1695
1696 static struct dev_data *the_device;
1697
gadgetfs_bind(struct usb_gadget * gadget,struct usb_gadget_driver * driver)1698 static int gadgetfs_bind(struct usb_gadget *gadget,
1699 struct usb_gadget_driver *driver)
1700 {
1701 struct dev_data *dev = the_device;
1702
1703 if (!dev)
1704 return -ESRCH;
1705 if (0 != strcmp (CHIP, gadget->name)) {
1706 pr_err("%s expected %s controller not %s\n",
1707 shortname, CHIP, gadget->name);
1708 return -ENODEV;
1709 }
1710
1711 set_gadget_data (gadget, dev);
1712 dev->gadget = gadget;
1713 gadget->ep0->driver_data = dev;
1714
1715 /* preallocate control response and buffer */
1716 dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1717 if (!dev->req)
1718 goto enomem;
1719 dev->req->context = NULL;
1720 dev->req->complete = epio_complete;
1721
1722 if (activate_ep_files (dev) < 0)
1723 goto enomem;
1724
1725 INFO (dev, "bound to %s driver\n", gadget->name);
1726 spin_lock_irq(&dev->lock);
1727 dev->state = STATE_DEV_UNCONNECTED;
1728 spin_unlock_irq(&dev->lock);
1729 get_dev (dev);
1730 return 0;
1731
1732 enomem:
1733 gadgetfs_unbind (gadget);
1734 return -ENOMEM;
1735 }
1736
1737 static void
gadgetfs_disconnect(struct usb_gadget * gadget)1738 gadgetfs_disconnect (struct usb_gadget *gadget)
1739 {
1740 struct dev_data *dev = get_gadget_data (gadget);
1741 unsigned long flags;
1742
1743 spin_lock_irqsave (&dev->lock, flags);
1744 if (dev->state == STATE_DEV_UNCONNECTED)
1745 goto exit;
1746 dev->state = STATE_DEV_UNCONNECTED;
1747
1748 INFO (dev, "disconnected\n");
1749 next_event (dev, GADGETFS_DISCONNECT);
1750 ep0_readable (dev);
1751 exit:
1752 spin_unlock_irqrestore (&dev->lock, flags);
1753 }
1754
1755 static void
gadgetfs_suspend(struct usb_gadget * gadget)1756 gadgetfs_suspend (struct usb_gadget *gadget)
1757 {
1758 struct dev_data *dev = get_gadget_data (gadget);
1759
1760 INFO (dev, "suspended from state %d\n", dev->state);
1761 spin_lock (&dev->lock);
1762 switch (dev->state) {
1763 case STATE_DEV_SETUP: // VERY odd... host died??
1764 case STATE_DEV_CONNECTED:
1765 case STATE_DEV_UNCONNECTED:
1766 next_event (dev, GADGETFS_SUSPEND);
1767 ep0_readable (dev);
1768 /* FALLTHROUGH */
1769 default:
1770 break;
1771 }
1772 spin_unlock (&dev->lock);
1773 }
1774
1775 static struct usb_gadget_driver gadgetfs_driver = {
1776 .function = (char *) driver_desc,
1777 .bind = gadgetfs_bind,
1778 .unbind = gadgetfs_unbind,
1779 .setup = gadgetfs_setup,
1780 .disconnect = gadgetfs_disconnect,
1781 .suspend = gadgetfs_suspend,
1782
1783 .driver = {
1784 .name = (char *) shortname,
1785 },
1786 };
1787
1788 /*----------------------------------------------------------------------*/
1789
gadgetfs_nop(struct usb_gadget * arg)1790 static void gadgetfs_nop(struct usb_gadget *arg) { }
1791
gadgetfs_probe(struct usb_gadget * gadget,struct usb_gadget_driver * driver)1792 static int gadgetfs_probe(struct usb_gadget *gadget,
1793 struct usb_gadget_driver *driver)
1794 {
1795 CHIP = gadget->name;
1796 return -EISNAM;
1797 }
1798
1799 static struct usb_gadget_driver probe_driver = {
1800 .max_speed = USB_SPEED_HIGH,
1801 .bind = gadgetfs_probe,
1802 .unbind = gadgetfs_nop,
1803 .setup = (void *)gadgetfs_nop,
1804 .disconnect = gadgetfs_nop,
1805 .driver = {
1806 .name = "nop",
1807 },
1808 };
1809
1810
1811 /* DEVICE INITIALIZATION
1812 *
1813 * fd = open ("/dev/gadget/$CHIP", O_RDWR)
1814 * status = write (fd, descriptors, sizeof descriptors)
1815 *
1816 * That write establishes the device configuration, so the kernel can
1817 * bind to the controller ... guaranteeing it can handle enumeration
1818 * at all necessary speeds. Descriptor order is:
1819 *
1820 * . message tag (u32, host order) ... for now, must be zero; it
1821 * would change to support features like multi-config devices
1822 * . full/low speed config ... all wTotalLength bytes (with interface,
1823 * class, altsetting, endpoint, and other descriptors)
1824 * . high speed config ... all descriptors, for high speed operation;
1825 * this one's optional except for high-speed hardware
1826 * . device descriptor
1827 *
1828 * Endpoints are not yet enabled. Drivers must wait until device
1829 * configuration and interface altsetting changes create
1830 * the need to configure (or unconfigure) them.
1831 *
1832 * After initialization, the device stays active for as long as that
1833 * $CHIP file is open. Events must then be read from that descriptor,
1834 * such as configuration notifications.
1835 */
1836
is_valid_config(struct usb_config_descriptor * config)1837 static int is_valid_config (struct usb_config_descriptor *config)
1838 {
1839 return config->bDescriptorType == USB_DT_CONFIG
1840 && config->bLength == USB_DT_CONFIG_SIZE
1841 && config->bConfigurationValue != 0
1842 && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1843 && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1844 /* FIXME if gadget->is_otg, _must_ include an otg descriptor */
1845 /* FIXME check lengths: walk to end */
1846 }
1847
1848 static ssize_t
dev_config(struct file * fd,const char __user * buf,size_t len,loff_t * ptr)1849 dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1850 {
1851 struct dev_data *dev = fd->private_data;
1852 ssize_t value = len, length = len;
1853 unsigned total;
1854 u32 tag;
1855 char *kbuf;
1856
1857 if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4))
1858 return -EINVAL;
1859
1860 /* we might need to change message format someday */
1861 if (copy_from_user (&tag, buf, 4))
1862 return -EFAULT;
1863 if (tag != 0)
1864 return -EINVAL;
1865 buf += 4;
1866 length -= 4;
1867
1868 kbuf = memdup_user(buf, length);
1869 if (IS_ERR(kbuf))
1870 return PTR_ERR(kbuf);
1871
1872 spin_lock_irq (&dev->lock);
1873 value = -EINVAL;
1874 if (dev->buf)
1875 goto fail;
1876 dev->buf = kbuf;
1877
1878 /* full or low speed config */
1879 dev->config = (void *) kbuf;
1880 total = le16_to_cpu(dev->config->wTotalLength);
1881 if (!is_valid_config (dev->config) || total >= length)
1882 goto fail;
1883 kbuf += total;
1884 length -= total;
1885
1886 /* optional high speed config */
1887 if (kbuf [1] == USB_DT_CONFIG) {
1888 dev->hs_config = (void *) kbuf;
1889 total = le16_to_cpu(dev->hs_config->wTotalLength);
1890 if (!is_valid_config (dev->hs_config) || total >= length)
1891 goto fail;
1892 kbuf += total;
1893 length -= total;
1894 }
1895
1896 /* could support multiple configs, using another encoding! */
1897
1898 /* device descriptor (tweaked for paranoia) */
1899 if (length != USB_DT_DEVICE_SIZE)
1900 goto fail;
1901 dev->dev = (void *)kbuf;
1902 if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1903 || dev->dev->bDescriptorType != USB_DT_DEVICE
1904 || dev->dev->bNumConfigurations != 1)
1905 goto fail;
1906 dev->dev->bNumConfigurations = 1;
1907 dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1908
1909 /* triggers gadgetfs_bind(); then we can enumerate. */
1910 spin_unlock_irq (&dev->lock);
1911 if (dev->hs_config)
1912 gadgetfs_driver.max_speed = USB_SPEED_HIGH;
1913 else
1914 gadgetfs_driver.max_speed = USB_SPEED_FULL;
1915
1916 value = usb_gadget_probe_driver(&gadgetfs_driver);
1917 if (value != 0) {
1918 kfree (dev->buf);
1919 dev->buf = NULL;
1920 } else {
1921 /* at this point "good" hardware has for the first time
1922 * let the USB the host see us. alternatively, if users
1923 * unplug/replug that will clear all the error state.
1924 *
1925 * note: everything running before here was guaranteed
1926 * to choke driver model style diagnostics. from here
1927 * on, they can work ... except in cleanup paths that
1928 * kick in after the ep0 descriptor is closed.
1929 */
1930 fd->f_op = &ep0_io_operations;
1931 value = len;
1932 }
1933 return value;
1934
1935 fail:
1936 spin_unlock_irq (&dev->lock);
1937 pr_debug ("%s: %s fail %Zd, %p\n", shortname, __func__, value, dev);
1938 kfree (dev->buf);
1939 dev->buf = NULL;
1940 return value;
1941 }
1942
1943 static int
dev_open(struct inode * inode,struct file * fd)1944 dev_open (struct inode *inode, struct file *fd)
1945 {
1946 struct dev_data *dev = inode->i_private;
1947 int value = -EBUSY;
1948
1949 spin_lock_irq(&dev->lock);
1950 if (dev->state == STATE_DEV_DISABLED) {
1951 dev->ev_next = 0;
1952 dev->state = STATE_DEV_OPENED;
1953 fd->private_data = dev;
1954 get_dev (dev);
1955 value = 0;
1956 }
1957 spin_unlock_irq(&dev->lock);
1958 return value;
1959 }
1960
1961 static const struct file_operations dev_init_operations = {
1962 .llseek = no_llseek,
1963
1964 .open = dev_open,
1965 .write = dev_config,
1966 .fasync = ep0_fasync,
1967 .unlocked_ioctl = dev_ioctl,
1968 .release = dev_release,
1969 };
1970
1971 /*----------------------------------------------------------------------*/
1972
1973 /* FILESYSTEM AND SUPERBLOCK OPERATIONS
1974 *
1975 * Mounting the filesystem creates a controller file, used first for
1976 * device configuration then later for event monitoring.
1977 */
1978
1979
1980 /* FIXME PAM etc could set this security policy without mount options
1981 * if epfiles inherited ownership and permissons from ep0 ...
1982 */
1983
1984 static unsigned default_uid;
1985 static unsigned default_gid;
1986 static unsigned default_perm = S_IRUSR | S_IWUSR;
1987
1988 module_param (default_uid, uint, 0644);
1989 module_param (default_gid, uint, 0644);
1990 module_param (default_perm, uint, 0644);
1991
1992
1993 static struct inode *
gadgetfs_make_inode(struct super_block * sb,void * data,const struct file_operations * fops,int mode)1994 gadgetfs_make_inode (struct super_block *sb,
1995 void *data, const struct file_operations *fops,
1996 int mode)
1997 {
1998 struct inode *inode = new_inode (sb);
1999
2000 if (inode) {
2001 inode->i_ino = get_next_ino();
2002 inode->i_mode = mode;
2003 inode->i_uid = make_kuid(&init_user_ns, default_uid);
2004 inode->i_gid = make_kgid(&init_user_ns, default_gid);
2005 inode->i_atime = inode->i_mtime = inode->i_ctime
2006 = CURRENT_TIME;
2007 inode->i_private = data;
2008 inode->i_fop = fops;
2009 }
2010 return inode;
2011 }
2012
2013 /* creates in fs root directory, so non-renamable and non-linkable.
2014 * so inode and dentry are paired, until device reconfig.
2015 */
2016 static struct inode *
gadgetfs_create_file(struct super_block * sb,char const * name,void * data,const struct file_operations * fops,struct dentry ** dentry_p)2017 gadgetfs_create_file (struct super_block *sb, char const *name,
2018 void *data, const struct file_operations *fops,
2019 struct dentry **dentry_p)
2020 {
2021 struct dentry *dentry;
2022 struct inode *inode;
2023
2024 dentry = d_alloc_name(sb->s_root, name);
2025 if (!dentry)
2026 return NULL;
2027
2028 inode = gadgetfs_make_inode (sb, data, fops,
2029 S_IFREG | (default_perm & S_IRWXUGO));
2030 if (!inode) {
2031 dput(dentry);
2032 return NULL;
2033 }
2034 d_add (dentry, inode);
2035 *dentry_p = dentry;
2036 return inode;
2037 }
2038
2039 static const struct super_operations gadget_fs_operations = {
2040 .statfs = simple_statfs,
2041 .drop_inode = generic_delete_inode,
2042 };
2043
2044 static int
gadgetfs_fill_super(struct super_block * sb,void * opts,int silent)2045 gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
2046 {
2047 struct inode *inode;
2048 struct dev_data *dev;
2049
2050 if (the_device)
2051 return -ESRCH;
2052
2053 /* fake probe to determine $CHIP */
2054 usb_gadget_probe_driver(&probe_driver);
2055 if (!CHIP)
2056 return -ENODEV;
2057
2058 /* superblock */
2059 sb->s_blocksize = PAGE_CACHE_SIZE;
2060 sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
2061 sb->s_magic = GADGETFS_MAGIC;
2062 sb->s_op = &gadget_fs_operations;
2063 sb->s_time_gran = 1;
2064
2065 /* root inode */
2066 inode = gadgetfs_make_inode (sb,
2067 NULL, &simple_dir_operations,
2068 S_IFDIR | S_IRUGO | S_IXUGO);
2069 if (!inode)
2070 goto Enomem;
2071 inode->i_op = &simple_dir_inode_operations;
2072 if (!(sb->s_root = d_make_root (inode)))
2073 goto Enomem;
2074
2075 /* the ep0 file is named after the controller we expect;
2076 * user mode code can use it for sanity checks, like we do.
2077 */
2078 dev = dev_new ();
2079 if (!dev)
2080 goto Enomem;
2081
2082 dev->sb = sb;
2083 if (!gadgetfs_create_file (sb, CHIP,
2084 dev, &dev_init_operations,
2085 &dev->dentry)) {
2086 put_dev(dev);
2087 goto Enomem;
2088 }
2089
2090 /* other endpoint files are available after hardware setup,
2091 * from binding to a controller.
2092 */
2093 the_device = dev;
2094 return 0;
2095
2096 Enomem:
2097 return -ENOMEM;
2098 }
2099
2100 /* "mount -t gadgetfs path /dev/gadget" ends up here */
2101 static struct dentry *
gadgetfs_mount(struct file_system_type * t,int flags,const char * path,void * opts)2102 gadgetfs_mount (struct file_system_type *t, int flags,
2103 const char *path, void *opts)
2104 {
2105 return mount_single (t, flags, opts, gadgetfs_fill_super);
2106 }
2107
2108 static void
gadgetfs_kill_sb(struct super_block * sb)2109 gadgetfs_kill_sb (struct super_block *sb)
2110 {
2111 kill_litter_super (sb);
2112 if (the_device) {
2113 put_dev (the_device);
2114 the_device = NULL;
2115 }
2116 }
2117
2118 /*----------------------------------------------------------------------*/
2119
2120 static struct file_system_type gadgetfs_type = {
2121 .owner = THIS_MODULE,
2122 .name = shortname,
2123 .mount = gadgetfs_mount,
2124 .kill_sb = gadgetfs_kill_sb,
2125 };
2126 MODULE_ALIAS_FS("gadgetfs");
2127
2128 /*----------------------------------------------------------------------*/
2129
init(void)2130 static int __init init (void)
2131 {
2132 int status;
2133
2134 status = register_filesystem (&gadgetfs_type);
2135 if (status == 0)
2136 pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2137 shortname, driver_desc);
2138 return status;
2139 }
2140 module_init (init);
2141
cleanup(void)2142 static void __exit cleanup (void)
2143 {
2144 pr_debug ("unregister %s\n", shortname);
2145 unregister_filesystem (&gadgetfs_type);
2146 }
2147 module_exit (cleanup);
2148
2149