inode.c revision 3898115896c7f18cb7009de691c43cb3d92bb82a
1/* 2 * inode.c -- user mode filesystem api for usb gadget controllers 3 * 4 * Copyright (C) 2003-2004 David Brownell 5 * Copyright (C) 2003 Agilent Technologies 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 */ 21 22 23/* #define VERBOSE_DEBUG */ 24 25#include <linux/init.h> 26#include <linux/module.h> 27#include <linux/fs.h> 28#include <linux/pagemap.h> 29#include <linux/uts.h> 30#include <linux/wait.h> 31#include <linux/compiler.h> 32#include <asm/uaccess.h> 33#include <linux/sched.h> 34#include <linux/slab.h> 35#include <linux/poll.h> 36 37#include <linux/device.h> 38#include <linux/moduleparam.h> 39 40#include <linux/usb/gadgetfs.h> 41#include <linux/usb/gadget.h> 42 43 44/* 45 * The gadgetfs API maps each endpoint to a file descriptor so that you 46 * can use standard synchronous read/write calls for I/O. There's some 47 * O_NONBLOCK and O_ASYNC/FASYNC style i/o support. Example usermode 48 * drivers show how this works in practice. You can also use AIO to 49 * eliminate I/O gaps between requests, to help when streaming data. 50 * 51 * Key parts that must be USB-specific are protocols defining how the 52 * read/write operations relate to the hardware state machines. There 53 * are two types of files. One type is for the device, implementing ep0. 54 * The other type is for each IN or OUT endpoint. In both cases, the 55 * user mode driver must configure the hardware before using it. 56 * 57 * - First, dev_config() is called when /dev/gadget/$CHIP is configured 58 * (by writing configuration and device descriptors). Afterwards it 59 * may serve as a source of device events, used to handle all control 60 * requests other than basic enumeration. 61 * 62 * - Then, after a SET_CONFIGURATION control request, ep_config() is 63 * called when each /dev/gadget/ep* file is configured (by writing 64 * endpoint descriptors). Afterwards these files are used to write() 65 * IN data or to read() OUT data. To halt the endpoint, a "wrong 66 * direction" request is issued (like reading an IN endpoint). 67 * 68 * Unlike "usbfs" the only ioctl()s are for things that are rare, and maybe 69 * not possible on all hardware. For example, precise fault handling with 70 * respect to data left in endpoint fifos after aborted operations; or 71 * selective clearing of endpoint halts, to implement SET_INTERFACE. 72 */ 73 74#define DRIVER_DESC "USB Gadget filesystem" 75#define DRIVER_VERSION "24 Aug 2004" 76 77static const char driver_desc [] = DRIVER_DESC; 78static const char shortname [] = "gadgetfs"; 79 80MODULE_DESCRIPTION (DRIVER_DESC); 81MODULE_AUTHOR ("David Brownell"); 82MODULE_LICENSE ("GPL"); 83 84 85/*----------------------------------------------------------------------*/ 86 87#define GADGETFS_MAGIC 0xaee71ee7 88#define DMA_ADDR_INVALID (~(dma_addr_t)0) 89 90/* /dev/gadget/$CHIP represents ep0 and the whole device */ 91enum ep0_state { 92 /* DISBLED is the initial state. 93 */ 94 STATE_DEV_DISABLED = 0, 95 96 /* Only one open() of /dev/gadget/$CHIP; only one file tracks 97 * ep0/device i/o modes and binding to the controller. Driver 98 * must always write descriptors to initialize the device, then 99 * the device becomes UNCONNECTED until enumeration. 100 */ 101 STATE_DEV_OPENED, 102 103 /* From then on, ep0 fd is in either of two basic modes: 104 * - (UN)CONNECTED: read usb_gadgetfs_event(s) from it 105 * - SETUP: read/write will transfer control data and succeed; 106 * or if "wrong direction", performs protocol stall 107 */ 108 STATE_DEV_UNCONNECTED, 109 STATE_DEV_CONNECTED, 110 STATE_DEV_SETUP, 111 112 /* UNBOUND means the driver closed ep0, so the device won't be 113 * accessible again (DEV_DISABLED) until all fds are closed. 114 */ 115 STATE_DEV_UNBOUND, 116}; 117 118/* enough for the whole queue: most events invalidate others */ 119#define N_EVENT 5 120 121struct dev_data { 122 spinlock_t lock; 123 atomic_t count; 124 enum ep0_state state; /* P: lock */ 125 struct usb_gadgetfs_event event [N_EVENT]; 126 unsigned ev_next; 127 struct fasync_struct *fasync; 128 u8 current_config; 129 130 /* drivers reading ep0 MUST handle control requests (SETUP) 131 * reported that way; else the host will time out. 132 */ 133 unsigned usermode_setup : 1, 134 setup_in : 1, 135 setup_can_stall : 1, 136 setup_out_ready : 1, 137 setup_out_error : 1, 138 setup_abort : 1; 139 unsigned setup_wLength; 140 141 /* the rest is basically write-once */ 142 struct usb_config_descriptor *config, *hs_config; 143 struct usb_device_descriptor *dev; 144 struct usb_request *req; 145 struct usb_gadget *gadget; 146 struct list_head epfiles; 147 void *buf; 148 wait_queue_head_t wait; 149 struct super_block *sb; 150 struct dentry *dentry; 151 152 /* except this scratch i/o buffer for ep0 */ 153 u8 rbuf [256]; 154}; 155 156static inline void get_dev (struct dev_data *data) 157{ 158 atomic_inc (&data->count); 159} 160 161static void put_dev (struct dev_data *data) 162{ 163 if (likely (!atomic_dec_and_test (&data->count))) 164 return; 165 /* needs no more cleanup */ 166 BUG_ON (waitqueue_active (&data->wait)); 167 kfree (data); 168} 169 170static struct dev_data *dev_new (void) 171{ 172 struct dev_data *dev; 173 174 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 175 if (!dev) 176 return NULL; 177 dev->state = STATE_DEV_DISABLED; 178 atomic_set (&dev->count, 1); 179 spin_lock_init (&dev->lock); 180 INIT_LIST_HEAD (&dev->epfiles); 181 init_waitqueue_head (&dev->wait); 182 return dev; 183} 184 185/*----------------------------------------------------------------------*/ 186 187/* other /dev/gadget/$ENDPOINT files represent endpoints */ 188enum ep_state { 189 STATE_EP_DISABLED = 0, 190 STATE_EP_READY, 191 STATE_EP_ENABLED, 192 STATE_EP_UNBOUND, 193}; 194 195struct ep_data { 196 struct mutex lock; 197 enum ep_state state; 198 atomic_t count; 199 struct dev_data *dev; 200 /* must hold dev->lock before accessing ep or req */ 201 struct usb_ep *ep; 202 struct usb_request *req; 203 ssize_t status; 204 char name [16]; 205 struct usb_endpoint_descriptor desc, hs_desc; 206 struct list_head epfiles; 207 wait_queue_head_t wait; 208 struct dentry *dentry; 209 struct inode *inode; 210}; 211 212static inline void get_ep (struct ep_data *data) 213{ 214 atomic_inc (&data->count); 215} 216 217static void put_ep (struct ep_data *data) 218{ 219 if (likely (!atomic_dec_and_test (&data->count))) 220 return; 221 put_dev (data->dev); 222 /* needs no more cleanup */ 223 BUG_ON (!list_empty (&data->epfiles)); 224 BUG_ON (waitqueue_active (&data->wait)); 225 kfree (data); 226} 227 228/*----------------------------------------------------------------------*/ 229 230/* most "how to use the hardware" policy choices are in userspace: 231 * mapping endpoint roles (which the driver needs) to the capabilities 232 * which the usb controller has. most of those capabilities are exposed 233 * implicitly, starting with the driver name and then endpoint names. 234 */ 235 236static const char *CHIP; 237 238/*----------------------------------------------------------------------*/ 239 240/* NOTE: don't use dev_printk calls before binding to the gadget 241 * at the end of ep0 configuration, or after unbind. 242 */ 243 244/* too wordy: dev_printk(level , &(d)->gadget->dev , fmt , ## args) */ 245#define xprintk(d,level,fmt,args...) \ 246 printk(level "%s: " fmt , shortname , ## args) 247 248#ifdef DEBUG 249#define DBG(dev,fmt,args...) \ 250 xprintk(dev , KERN_DEBUG , fmt , ## args) 251#else 252#define DBG(dev,fmt,args...) \ 253 do { } while (0) 254#endif /* DEBUG */ 255 256#ifdef VERBOSE_DEBUG 257#define VDEBUG DBG 258#else 259#define VDEBUG(dev,fmt,args...) \ 260 do { } while (0) 261#endif /* DEBUG */ 262 263#define ERROR(dev,fmt,args...) \ 264 xprintk(dev , KERN_ERR , fmt , ## args) 265#define INFO(dev,fmt,args...) \ 266 xprintk(dev , KERN_INFO , fmt , ## args) 267 268 269/*----------------------------------------------------------------------*/ 270 271/* SYNCHRONOUS ENDPOINT OPERATIONS (bulk/intr/iso) 272 * 273 * After opening, configure non-control endpoints. Then use normal 274 * stream read() and write() requests; and maybe ioctl() to get more 275 * precise FIFO status when recovering from cancellation. 276 */ 277 278static void epio_complete (struct usb_ep *ep, struct usb_request *req) 279{ 280 struct ep_data *epdata = ep->driver_data; 281 282 if (!req->context) 283 return; 284 if (req->status) 285 epdata->status = req->status; 286 else 287 epdata->status = req->actual; 288 complete ((struct completion *)req->context); 289} 290 291/* tasklock endpoint, returning when it's connected. 292 * still need dev->lock to use epdata->ep. 293 */ 294static int 295get_ready_ep (unsigned f_flags, struct ep_data *epdata) 296{ 297 int val; 298 299 if (f_flags & O_NONBLOCK) { 300 if (!mutex_trylock(&epdata->lock)) 301 goto nonblock; 302 if (epdata->state != STATE_EP_ENABLED) { 303 mutex_unlock(&epdata->lock); 304nonblock: 305 val = -EAGAIN; 306 } else 307 val = 0; 308 return val; 309 } 310 311 val = mutex_lock_interruptible(&epdata->lock); 312 if (val < 0) 313 return val; 314 315 switch (epdata->state) { 316 case STATE_EP_ENABLED: 317 break; 318 // case STATE_EP_DISABLED: /* "can't happen" */ 319 // case STATE_EP_READY: /* "can't happen" */ 320 default: /* error! */ 321 pr_debug ("%s: ep %p not available, state %d\n", 322 shortname, epdata, epdata->state); 323 // FALLTHROUGH 324 case STATE_EP_UNBOUND: /* clean disconnect */ 325 val = -ENODEV; 326 mutex_unlock(&epdata->lock); 327 } 328 return val; 329} 330 331static ssize_t 332ep_io (struct ep_data *epdata, void *buf, unsigned len) 333{ 334 DECLARE_COMPLETION_ONSTACK (done); 335 int value; 336 337 spin_lock_irq (&epdata->dev->lock); 338 if (likely (epdata->ep != NULL)) { 339 struct usb_request *req = epdata->req; 340 341 req->context = &done; 342 req->complete = epio_complete; 343 req->buf = buf; 344 req->length = len; 345 value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC); 346 } else 347 value = -ENODEV; 348 spin_unlock_irq (&epdata->dev->lock); 349 350 if (likely (value == 0)) { 351 value = wait_event_interruptible (done.wait, done.done); 352 if (value != 0) { 353 spin_lock_irq (&epdata->dev->lock); 354 if (likely (epdata->ep != NULL)) { 355 DBG (epdata->dev, "%s i/o interrupted\n", 356 epdata->name); 357 usb_ep_dequeue (epdata->ep, epdata->req); 358 spin_unlock_irq (&epdata->dev->lock); 359 360 wait_event (done.wait, done.done); 361 if (epdata->status == -ECONNRESET) 362 epdata->status = -EINTR; 363 } else { 364 spin_unlock_irq (&epdata->dev->lock); 365 366 DBG (epdata->dev, "endpoint gone\n"); 367 epdata->status = -ENODEV; 368 } 369 } 370 return epdata->status; 371 } 372 return value; 373} 374 375 376/* handle a synchronous OUT bulk/intr/iso transfer */ 377static ssize_t 378ep_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr) 379{ 380 struct ep_data *data = fd->private_data; 381 void *kbuf; 382 ssize_t value; 383 384 if ((value = get_ready_ep (fd->f_flags, data)) < 0) 385 return value; 386 387 /* halt any endpoint by doing a "wrong direction" i/o call */ 388 if (usb_endpoint_dir_in(&data->desc)) { 389 if (usb_endpoint_xfer_isoc(&data->desc)) { 390 mutex_unlock(&data->lock); 391 return -EINVAL; 392 } 393 DBG (data->dev, "%s halt\n", data->name); 394 spin_lock_irq (&data->dev->lock); 395 if (likely (data->ep != NULL)) 396 usb_ep_set_halt (data->ep); 397 spin_unlock_irq (&data->dev->lock); 398 mutex_unlock(&data->lock); 399 return -EBADMSG; 400 } 401 402 /* FIXME readahead for O_NONBLOCK and poll(); careful with ZLPs */ 403 404 value = -ENOMEM; 405 kbuf = kmalloc (len, GFP_KERNEL); 406 if (unlikely (!kbuf)) 407 goto free1; 408 409 value = ep_io (data, kbuf, len); 410 VDEBUG (data->dev, "%s read %zu OUT, status %d\n", 411 data->name, len, (int) value); 412 if (value >= 0 && copy_to_user (buf, kbuf, value)) 413 value = -EFAULT; 414 415free1: 416 mutex_unlock(&data->lock); 417 kfree (kbuf); 418 return value; 419} 420 421/* handle a synchronous IN bulk/intr/iso transfer */ 422static ssize_t 423ep_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 424{ 425 struct ep_data *data = fd->private_data; 426 void *kbuf; 427 ssize_t value; 428 429 if ((value = get_ready_ep (fd->f_flags, data)) < 0) 430 return value; 431 432 /* halt any endpoint by doing a "wrong direction" i/o call */ 433 if (!usb_endpoint_dir_in(&data->desc)) { 434 if (usb_endpoint_xfer_isoc(&data->desc)) { 435 mutex_unlock(&data->lock); 436 return -EINVAL; 437 } 438 DBG (data->dev, "%s halt\n", data->name); 439 spin_lock_irq (&data->dev->lock); 440 if (likely (data->ep != NULL)) 441 usb_ep_set_halt (data->ep); 442 spin_unlock_irq (&data->dev->lock); 443 mutex_unlock(&data->lock); 444 return -EBADMSG; 445 } 446 447 /* FIXME writebehind for O_NONBLOCK and poll(), qlen = 1 */ 448 449 value = -ENOMEM; 450 kbuf = kmalloc (len, GFP_KERNEL); 451 if (!kbuf) 452 goto free1; 453 if (copy_from_user (kbuf, buf, len)) { 454 value = -EFAULT; 455 goto free1; 456 } 457 458 value = ep_io (data, kbuf, len); 459 VDEBUG (data->dev, "%s write %zu IN, status %d\n", 460 data->name, len, (int) value); 461free1: 462 mutex_unlock(&data->lock); 463 kfree (kbuf); 464 return value; 465} 466 467static int 468ep_release (struct inode *inode, struct file *fd) 469{ 470 struct ep_data *data = fd->private_data; 471 int value; 472 473 value = mutex_lock_interruptible(&data->lock); 474 if (value < 0) 475 return value; 476 477 /* clean up if this can be reopened */ 478 if (data->state != STATE_EP_UNBOUND) { 479 data->state = STATE_EP_DISABLED; 480 data->desc.bDescriptorType = 0; 481 data->hs_desc.bDescriptorType = 0; 482 usb_ep_disable(data->ep); 483 } 484 mutex_unlock(&data->lock); 485 put_ep (data); 486 return 0; 487} 488 489static long ep_ioctl(struct file *fd, unsigned code, unsigned long value) 490{ 491 struct ep_data *data = fd->private_data; 492 int status; 493 494 if ((status = get_ready_ep (fd->f_flags, data)) < 0) 495 return status; 496 497 spin_lock_irq (&data->dev->lock); 498 if (likely (data->ep != NULL)) { 499 switch (code) { 500 case GADGETFS_FIFO_STATUS: 501 status = usb_ep_fifo_status (data->ep); 502 break; 503 case GADGETFS_FIFO_FLUSH: 504 usb_ep_fifo_flush (data->ep); 505 break; 506 case GADGETFS_CLEAR_HALT: 507 status = usb_ep_clear_halt (data->ep); 508 break; 509 default: 510 status = -ENOTTY; 511 } 512 } else 513 status = -ENODEV; 514 spin_unlock_irq (&data->dev->lock); 515 mutex_unlock(&data->lock); 516 return status; 517} 518 519/*----------------------------------------------------------------------*/ 520 521/* ASYNCHRONOUS ENDPOINT I/O OPERATIONS (bulk/intr/iso) */ 522 523struct kiocb_priv { 524 struct usb_request *req; 525 struct ep_data *epdata; 526 void *buf; 527 const struct iovec *iv; 528 unsigned long nr_segs; 529 unsigned actual; 530}; 531 532static int ep_aio_cancel(struct kiocb *iocb, struct io_event *e) 533{ 534 struct kiocb_priv *priv = iocb->private; 535 struct ep_data *epdata; 536 int value; 537 538 local_irq_disable(); 539 epdata = priv->epdata; 540 // spin_lock(&epdata->dev->lock); 541 kiocbSetCancelled(iocb); 542 if (likely(epdata && epdata->ep && priv->req)) 543 value = usb_ep_dequeue (epdata->ep, priv->req); 544 else 545 value = -EINVAL; 546 // spin_unlock(&epdata->dev->lock); 547 local_irq_enable(); 548 549 aio_put_req(iocb); 550 return value; 551} 552 553static ssize_t ep_aio_read_retry(struct kiocb *iocb) 554{ 555 struct kiocb_priv *priv = iocb->private; 556 ssize_t len, total; 557 void *to_copy; 558 int i; 559 560 /* we "retry" to get the right mm context for this: */ 561 562 /* copy stuff into user buffers */ 563 total = priv->actual; 564 len = 0; 565 to_copy = priv->buf; 566 for (i=0; i < priv->nr_segs; i++) { 567 ssize_t this = min((ssize_t)(priv->iv[i].iov_len), total); 568 569 if (copy_to_user(priv->iv[i].iov_base, to_copy, this)) { 570 if (len == 0) 571 len = -EFAULT; 572 break; 573 } 574 575 total -= this; 576 len += this; 577 to_copy += this; 578 if (total == 0) 579 break; 580 } 581 kfree(priv->buf); 582 kfree(priv); 583 return len; 584} 585 586static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req) 587{ 588 struct kiocb *iocb = req->context; 589 struct kiocb_priv *priv = iocb->private; 590 struct ep_data *epdata = priv->epdata; 591 592 /* lock against disconnect (and ideally, cancel) */ 593 spin_lock(&epdata->dev->lock); 594 priv->req = NULL; 595 priv->epdata = NULL; 596 597 /* if this was a write or a read returning no data then we 598 * don't need to copy anything to userspace, so we can 599 * complete the aio request immediately. 600 */ 601 if (priv->iv == NULL || unlikely(req->actual == 0)) { 602 kfree(req->buf); 603 kfree(priv); 604 iocb->private = NULL; 605 /* aio_complete() reports bytes-transferred _and_ faults */ 606 aio_complete(iocb, req->actual ? req->actual : req->status, 607 req->status); 608 } else { 609 /* retry() won't report both; so we hide some faults */ 610 if (unlikely(0 != req->status)) 611 DBG(epdata->dev, "%s fault %d len %d\n", 612 ep->name, req->status, req->actual); 613 614 priv->buf = req->buf; 615 priv->actual = req->actual; 616 kick_iocb(iocb); 617 } 618 spin_unlock(&epdata->dev->lock); 619 620 usb_ep_free_request(ep, req); 621 put_ep(epdata); 622} 623 624static ssize_t 625ep_aio_rwtail( 626 struct kiocb *iocb, 627 char *buf, 628 size_t len, 629 struct ep_data *epdata, 630 const struct iovec *iv, 631 unsigned long nr_segs 632) 633{ 634 struct kiocb_priv *priv; 635 struct usb_request *req; 636 ssize_t value; 637 638 priv = kmalloc(sizeof *priv, GFP_KERNEL); 639 if (!priv) { 640 value = -ENOMEM; 641fail: 642 kfree(buf); 643 return value; 644 } 645 iocb->private = priv; 646 priv->iv = iv; 647 priv->nr_segs = nr_segs; 648 649 value = get_ready_ep(iocb->ki_filp->f_flags, epdata); 650 if (unlikely(value < 0)) { 651 kfree(priv); 652 goto fail; 653 } 654 655 iocb->ki_cancel = ep_aio_cancel; 656 get_ep(epdata); 657 priv->epdata = epdata; 658 priv->actual = 0; 659 660 /* each kiocb is coupled to one usb_request, but we can't 661 * allocate or submit those if the host disconnected. 662 */ 663 spin_lock_irq(&epdata->dev->lock); 664 if (likely(epdata->ep)) { 665 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC); 666 if (likely(req)) { 667 priv->req = req; 668 req->buf = buf; 669 req->length = len; 670 req->complete = ep_aio_complete; 671 req->context = iocb; 672 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC); 673 if (unlikely(0 != value)) 674 usb_ep_free_request(epdata->ep, req); 675 } else 676 value = -EAGAIN; 677 } else 678 value = -ENODEV; 679 spin_unlock_irq(&epdata->dev->lock); 680 681 mutex_unlock(&epdata->lock); 682 683 if (unlikely(value)) { 684 kfree(priv); 685 put_ep(epdata); 686 } else 687 value = (iv ? -EIOCBRETRY : -EIOCBQUEUED); 688 return value; 689} 690 691static ssize_t 692ep_aio_read(struct kiocb *iocb, const struct iovec *iov, 693 unsigned long nr_segs, loff_t o) 694{ 695 struct ep_data *epdata = iocb->ki_filp->private_data; 696 char *buf; 697 698 if (unlikely(usb_endpoint_dir_in(&epdata->desc))) 699 return -EINVAL; 700 701 buf = kmalloc(iocb->ki_left, GFP_KERNEL); 702 if (unlikely(!buf)) 703 return -ENOMEM; 704 705 iocb->ki_retry = ep_aio_read_retry; 706 return ep_aio_rwtail(iocb, buf, iocb->ki_left, epdata, iov, nr_segs); 707} 708 709static ssize_t 710ep_aio_write(struct kiocb *iocb, const struct iovec *iov, 711 unsigned long nr_segs, loff_t o) 712{ 713 struct ep_data *epdata = iocb->ki_filp->private_data; 714 char *buf; 715 size_t len = 0; 716 int i = 0; 717 718 if (unlikely(!usb_endpoint_dir_in(&epdata->desc))) 719 return -EINVAL; 720 721 buf = kmalloc(iocb->ki_left, GFP_KERNEL); 722 if (unlikely(!buf)) 723 return -ENOMEM; 724 725 for (i=0; i < nr_segs; i++) { 726 if (unlikely(copy_from_user(&buf[len], iov[i].iov_base, 727 iov[i].iov_len) != 0)) { 728 kfree(buf); 729 return -EFAULT; 730 } 731 len += iov[i].iov_len; 732 } 733 return ep_aio_rwtail(iocb, buf, len, epdata, NULL, 0); 734} 735 736/*----------------------------------------------------------------------*/ 737 738/* used after endpoint configuration */ 739static const struct file_operations ep_io_operations = { 740 .owner = THIS_MODULE, 741 .llseek = no_llseek, 742 743 .read = ep_read, 744 .write = ep_write, 745 .unlocked_ioctl = ep_ioctl, 746 .release = ep_release, 747 748 .aio_read = ep_aio_read, 749 .aio_write = ep_aio_write, 750}; 751 752/* ENDPOINT INITIALIZATION 753 * 754 * fd = open ("/dev/gadget/$ENDPOINT", O_RDWR) 755 * status = write (fd, descriptors, sizeof descriptors) 756 * 757 * That write establishes the endpoint configuration, configuring 758 * the controller to process bulk, interrupt, or isochronous transfers 759 * at the right maxpacket size, and so on. 760 * 761 * The descriptors are message type 1, identified by a host order u32 762 * at the beginning of what's written. Descriptor order is: full/low 763 * speed descriptor, then optional high speed descriptor. 764 */ 765static ssize_t 766ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 767{ 768 struct ep_data *data = fd->private_data; 769 struct usb_ep *ep; 770 u32 tag; 771 int value, length = len; 772 773 value = mutex_lock_interruptible(&data->lock); 774 if (value < 0) 775 return value; 776 777 if (data->state != STATE_EP_READY) { 778 value = -EL2HLT; 779 goto fail; 780 } 781 782 value = len; 783 if (len < USB_DT_ENDPOINT_SIZE + 4) 784 goto fail0; 785 786 /* we might need to change message format someday */ 787 if (copy_from_user (&tag, buf, 4)) { 788 goto fail1; 789 } 790 if (tag != 1) { 791 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag); 792 goto fail0; 793 } 794 buf += 4; 795 len -= 4; 796 797 /* NOTE: audio endpoint extensions not accepted here; 798 * just don't include the extra bytes. 799 */ 800 801 /* full/low speed descriptor, then high speed */ 802 if (copy_from_user (&data->desc, buf, USB_DT_ENDPOINT_SIZE)) { 803 goto fail1; 804 } 805 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE 806 || data->desc.bDescriptorType != USB_DT_ENDPOINT) 807 goto fail0; 808 if (len != USB_DT_ENDPOINT_SIZE) { 809 if (len != 2 * USB_DT_ENDPOINT_SIZE) 810 goto fail0; 811 if (copy_from_user (&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE, 812 USB_DT_ENDPOINT_SIZE)) { 813 goto fail1; 814 } 815 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE 816 || data->hs_desc.bDescriptorType 817 != USB_DT_ENDPOINT) { 818 DBG(data->dev, "config %s, bad hs length or type\n", 819 data->name); 820 goto fail0; 821 } 822 } 823 824 spin_lock_irq (&data->dev->lock); 825 if (data->dev->state == STATE_DEV_UNBOUND) { 826 value = -ENOENT; 827 goto gone; 828 } else if ((ep = data->ep) == NULL) { 829 value = -ENODEV; 830 goto gone; 831 } 832 switch (data->dev->gadget->speed) { 833 case USB_SPEED_LOW: 834 case USB_SPEED_FULL: 835 value = usb_ep_enable (ep, &data->desc); 836 if (value == 0) 837 data->state = STATE_EP_ENABLED; 838 break; 839#ifdef CONFIG_USB_GADGET_DUALSPEED 840 case USB_SPEED_HIGH: 841 /* fails if caller didn't provide that descriptor... */ 842 value = usb_ep_enable (ep, &data->hs_desc); 843 if (value == 0) 844 data->state = STATE_EP_ENABLED; 845 break; 846#endif 847 default: 848 DBG(data->dev, "unconnected, %s init abandoned\n", 849 data->name); 850 value = -EINVAL; 851 } 852 if (value == 0) { 853 fd->f_op = &ep_io_operations; 854 value = length; 855 } 856gone: 857 spin_unlock_irq (&data->dev->lock); 858 if (value < 0) { 859fail: 860 data->desc.bDescriptorType = 0; 861 data->hs_desc.bDescriptorType = 0; 862 } 863 mutex_unlock(&data->lock); 864 return value; 865fail0: 866 value = -EINVAL; 867 goto fail; 868fail1: 869 value = -EFAULT; 870 goto fail; 871} 872 873static int 874ep_open (struct inode *inode, struct file *fd) 875{ 876 struct ep_data *data = inode->i_private; 877 int value = -EBUSY; 878 879 if (mutex_lock_interruptible(&data->lock) != 0) 880 return -EINTR; 881 spin_lock_irq (&data->dev->lock); 882 if (data->dev->state == STATE_DEV_UNBOUND) 883 value = -ENOENT; 884 else if (data->state == STATE_EP_DISABLED) { 885 value = 0; 886 data->state = STATE_EP_READY; 887 get_ep (data); 888 fd->private_data = data; 889 VDEBUG (data->dev, "%s ready\n", data->name); 890 } else 891 DBG (data->dev, "%s state %d\n", 892 data->name, data->state); 893 spin_unlock_irq (&data->dev->lock); 894 mutex_unlock(&data->lock); 895 return value; 896} 897 898/* used before endpoint configuration */ 899static const struct file_operations ep_config_operations = { 900 .owner = THIS_MODULE, 901 .llseek = no_llseek, 902 903 .open = ep_open, 904 .write = ep_config, 905 .release = ep_release, 906}; 907 908/*----------------------------------------------------------------------*/ 909 910/* EP0 IMPLEMENTATION can be partly in userspace. 911 * 912 * Drivers that use this facility receive various events, including 913 * control requests the kernel doesn't handle. Drivers that don't 914 * use this facility may be too simple-minded for real applications. 915 */ 916 917static inline void ep0_readable (struct dev_data *dev) 918{ 919 wake_up (&dev->wait); 920 kill_fasync (&dev->fasync, SIGIO, POLL_IN); 921} 922 923static void clean_req (struct usb_ep *ep, struct usb_request *req) 924{ 925 struct dev_data *dev = ep->driver_data; 926 927 if (req->buf != dev->rbuf) { 928 kfree(req->buf); 929 req->buf = dev->rbuf; 930 req->dma = DMA_ADDR_INVALID; 931 } 932 req->complete = epio_complete; 933 dev->setup_out_ready = 0; 934} 935 936static void ep0_complete (struct usb_ep *ep, struct usb_request *req) 937{ 938 struct dev_data *dev = ep->driver_data; 939 unsigned long flags; 940 int free = 1; 941 942 /* for control OUT, data must still get to userspace */ 943 spin_lock_irqsave(&dev->lock, flags); 944 if (!dev->setup_in) { 945 dev->setup_out_error = (req->status != 0); 946 if (!dev->setup_out_error) 947 free = 0; 948 dev->setup_out_ready = 1; 949 ep0_readable (dev); 950 } 951 952 /* clean up as appropriate */ 953 if (free && req->buf != &dev->rbuf) 954 clean_req (ep, req); 955 req->complete = epio_complete; 956 spin_unlock_irqrestore(&dev->lock, flags); 957} 958 959static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len) 960{ 961 struct dev_data *dev = ep->driver_data; 962 963 if (dev->setup_out_ready) { 964 DBG (dev, "ep0 request busy!\n"); 965 return -EBUSY; 966 } 967 if (len > sizeof (dev->rbuf)) 968 req->buf = kmalloc(len, GFP_ATOMIC); 969 if (req->buf == NULL) { 970 req->buf = dev->rbuf; 971 return -ENOMEM; 972 } 973 req->complete = ep0_complete; 974 req->length = len; 975 req->zero = 0; 976 return 0; 977} 978 979static ssize_t 980ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr) 981{ 982 struct dev_data *dev = fd->private_data; 983 ssize_t retval; 984 enum ep0_state state; 985 986 spin_lock_irq (&dev->lock); 987 988 /* report fd mode change before acting on it */ 989 if (dev->setup_abort) { 990 dev->setup_abort = 0; 991 retval = -EIDRM; 992 goto done; 993 } 994 995 /* control DATA stage */ 996 if ((state = dev->state) == STATE_DEV_SETUP) { 997 998 if (dev->setup_in) { /* stall IN */ 999 VDEBUG(dev, "ep0in stall\n"); 1000 (void) usb_ep_set_halt (dev->gadget->ep0); 1001 retval = -EL2HLT; 1002 dev->state = STATE_DEV_CONNECTED; 1003 1004 } else if (len == 0) { /* ack SET_CONFIGURATION etc */ 1005 struct usb_ep *ep = dev->gadget->ep0; 1006 struct usb_request *req = dev->req; 1007 1008 if ((retval = setup_req (ep, req, 0)) == 0) 1009 retval = usb_ep_queue (ep, req, GFP_ATOMIC); 1010 dev->state = STATE_DEV_CONNECTED; 1011 1012 /* assume that was SET_CONFIGURATION */ 1013 if (dev->current_config) { 1014 unsigned power; 1015 1016 if (gadget_is_dualspeed(dev->gadget) 1017 && (dev->gadget->speed 1018 == USB_SPEED_HIGH)) 1019 power = dev->hs_config->bMaxPower; 1020 else 1021 power = dev->config->bMaxPower; 1022 usb_gadget_vbus_draw(dev->gadget, 2 * power); 1023 } 1024 1025 } else { /* collect OUT data */ 1026 if ((fd->f_flags & O_NONBLOCK) != 0 1027 && !dev->setup_out_ready) { 1028 retval = -EAGAIN; 1029 goto done; 1030 } 1031 spin_unlock_irq (&dev->lock); 1032 retval = wait_event_interruptible (dev->wait, 1033 dev->setup_out_ready != 0); 1034 1035 /* FIXME state could change from under us */ 1036 spin_lock_irq (&dev->lock); 1037 if (retval) 1038 goto done; 1039 1040 if (dev->state != STATE_DEV_SETUP) { 1041 retval = -ECANCELED; 1042 goto done; 1043 } 1044 dev->state = STATE_DEV_CONNECTED; 1045 1046 if (dev->setup_out_error) 1047 retval = -EIO; 1048 else { 1049 len = min (len, (size_t)dev->req->actual); 1050// FIXME don't call this with the spinlock held ... 1051 if (copy_to_user (buf, dev->req->buf, len)) 1052 retval = -EFAULT; 1053 clean_req (dev->gadget->ep0, dev->req); 1054 /* NOTE userspace can't yet choose to stall */ 1055 } 1056 } 1057 goto done; 1058 } 1059 1060 /* else normal: return event data */ 1061 if (len < sizeof dev->event [0]) { 1062 retval = -EINVAL; 1063 goto done; 1064 } 1065 len -= len % sizeof (struct usb_gadgetfs_event); 1066 dev->usermode_setup = 1; 1067 1068scan: 1069 /* return queued events right away */ 1070 if (dev->ev_next != 0) { 1071 unsigned i, n; 1072 1073 n = len / sizeof (struct usb_gadgetfs_event); 1074 if (dev->ev_next < n) 1075 n = dev->ev_next; 1076 1077 /* ep0 i/o has special semantics during STATE_DEV_SETUP */ 1078 for (i = 0; i < n; i++) { 1079 if (dev->event [i].type == GADGETFS_SETUP) { 1080 dev->state = STATE_DEV_SETUP; 1081 n = i + 1; 1082 break; 1083 } 1084 } 1085 spin_unlock_irq (&dev->lock); 1086 len = n * sizeof (struct usb_gadgetfs_event); 1087 if (copy_to_user (buf, &dev->event, len)) 1088 retval = -EFAULT; 1089 else 1090 retval = len; 1091 if (len > 0) { 1092 /* NOTE this doesn't guard against broken drivers; 1093 * concurrent ep0 readers may lose events. 1094 */ 1095 spin_lock_irq (&dev->lock); 1096 if (dev->ev_next > n) { 1097 memmove(&dev->event[0], &dev->event[n], 1098 sizeof (struct usb_gadgetfs_event) 1099 * (dev->ev_next - n)); 1100 } 1101 dev->ev_next -= n; 1102 spin_unlock_irq (&dev->lock); 1103 } 1104 return retval; 1105 } 1106 if (fd->f_flags & O_NONBLOCK) { 1107 retval = -EAGAIN; 1108 goto done; 1109 } 1110 1111 switch (state) { 1112 default: 1113 DBG (dev, "fail %s, state %d\n", __func__, state); 1114 retval = -ESRCH; 1115 break; 1116 case STATE_DEV_UNCONNECTED: 1117 case STATE_DEV_CONNECTED: 1118 spin_unlock_irq (&dev->lock); 1119 DBG (dev, "%s wait\n", __func__); 1120 1121 /* wait for events */ 1122 retval = wait_event_interruptible (dev->wait, 1123 dev->ev_next != 0); 1124 if (retval < 0) 1125 return retval; 1126 spin_lock_irq (&dev->lock); 1127 goto scan; 1128 } 1129 1130done: 1131 spin_unlock_irq (&dev->lock); 1132 return retval; 1133} 1134 1135static struct usb_gadgetfs_event * 1136next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type) 1137{ 1138 struct usb_gadgetfs_event *event; 1139 unsigned i; 1140 1141 switch (type) { 1142 /* these events purge the queue */ 1143 case GADGETFS_DISCONNECT: 1144 if (dev->state == STATE_DEV_SETUP) 1145 dev->setup_abort = 1; 1146 // FALL THROUGH 1147 case GADGETFS_CONNECT: 1148 dev->ev_next = 0; 1149 break; 1150 case GADGETFS_SETUP: /* previous request timed out */ 1151 case GADGETFS_SUSPEND: /* same effect */ 1152 /* these events can't be repeated */ 1153 for (i = 0; i != dev->ev_next; i++) { 1154 if (dev->event [i].type != type) 1155 continue; 1156 DBG(dev, "discard old event[%d] %d\n", i, type); 1157 dev->ev_next--; 1158 if (i == dev->ev_next) 1159 break; 1160 /* indices start at zero, for simplicity */ 1161 memmove (&dev->event [i], &dev->event [i + 1], 1162 sizeof (struct usb_gadgetfs_event) 1163 * (dev->ev_next - i)); 1164 } 1165 break; 1166 default: 1167 BUG (); 1168 } 1169 VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type); 1170 event = &dev->event [dev->ev_next++]; 1171 BUG_ON (dev->ev_next > N_EVENT); 1172 memset (event, 0, sizeof *event); 1173 event->type = type; 1174 return event; 1175} 1176 1177static ssize_t 1178ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 1179{ 1180 struct dev_data *dev = fd->private_data; 1181 ssize_t retval = -ESRCH; 1182 1183 spin_lock_irq (&dev->lock); 1184 1185 /* report fd mode change before acting on it */ 1186 if (dev->setup_abort) { 1187 dev->setup_abort = 0; 1188 retval = -EIDRM; 1189 1190 /* data and/or status stage for control request */ 1191 } else if (dev->state == STATE_DEV_SETUP) { 1192 1193 /* IN DATA+STATUS caller makes len <= wLength */ 1194 if (dev->setup_in) { 1195 retval = setup_req (dev->gadget->ep0, dev->req, len); 1196 if (retval == 0) { 1197 dev->state = STATE_DEV_CONNECTED; 1198 spin_unlock_irq (&dev->lock); 1199 if (copy_from_user (dev->req->buf, buf, len)) 1200 retval = -EFAULT; 1201 else { 1202 if (len < dev->setup_wLength) 1203 dev->req->zero = 1; 1204 retval = usb_ep_queue ( 1205 dev->gadget->ep0, dev->req, 1206 GFP_KERNEL); 1207 } 1208 if (retval < 0) { 1209 spin_lock_irq (&dev->lock); 1210 clean_req (dev->gadget->ep0, dev->req); 1211 spin_unlock_irq (&dev->lock); 1212 } else 1213 retval = len; 1214 1215 return retval; 1216 } 1217 1218 /* can stall some OUT transfers */ 1219 } else if (dev->setup_can_stall) { 1220 VDEBUG(dev, "ep0out stall\n"); 1221 (void) usb_ep_set_halt (dev->gadget->ep0); 1222 retval = -EL2HLT; 1223 dev->state = STATE_DEV_CONNECTED; 1224 } else { 1225 DBG(dev, "bogus ep0out stall!\n"); 1226 } 1227 } else 1228 DBG (dev, "fail %s, state %d\n", __func__, dev->state); 1229 1230 spin_unlock_irq (&dev->lock); 1231 return retval; 1232} 1233 1234static int 1235ep0_fasync (int f, struct file *fd, int on) 1236{ 1237 struct dev_data *dev = fd->private_data; 1238 // caller must F_SETOWN before signal delivery happens 1239 VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off"); 1240 return fasync_helper (f, fd, on, &dev->fasync); 1241} 1242 1243static struct usb_gadget_driver gadgetfs_driver; 1244 1245static int 1246dev_release (struct inode *inode, struct file *fd) 1247{ 1248 struct dev_data *dev = fd->private_data; 1249 1250 /* closing ep0 === shutdown all */ 1251 1252 usb_gadget_unregister_driver (&gadgetfs_driver); 1253 1254 /* at this point "good" hardware has disconnected the 1255 * device from USB; the host won't see it any more. 1256 * alternatively, all host requests will time out. 1257 */ 1258 1259 kfree (dev->buf); 1260 dev->buf = NULL; 1261 put_dev (dev); 1262 1263 /* other endpoints were all decoupled from this device */ 1264 spin_lock_irq(&dev->lock); 1265 dev->state = STATE_DEV_DISABLED; 1266 spin_unlock_irq(&dev->lock); 1267 return 0; 1268} 1269 1270static unsigned int 1271ep0_poll (struct file *fd, poll_table *wait) 1272{ 1273 struct dev_data *dev = fd->private_data; 1274 int mask = 0; 1275 1276 poll_wait(fd, &dev->wait, wait); 1277 1278 spin_lock_irq (&dev->lock); 1279 1280 /* report fd mode change before acting on it */ 1281 if (dev->setup_abort) { 1282 dev->setup_abort = 0; 1283 mask = POLLHUP; 1284 goto out; 1285 } 1286 1287 if (dev->state == STATE_DEV_SETUP) { 1288 if (dev->setup_in || dev->setup_can_stall) 1289 mask = POLLOUT; 1290 } else { 1291 if (dev->ev_next != 0) 1292 mask = POLLIN; 1293 } 1294out: 1295 spin_unlock_irq(&dev->lock); 1296 return mask; 1297} 1298 1299static long dev_ioctl (struct file *fd, unsigned code, unsigned long value) 1300{ 1301 struct dev_data *dev = fd->private_data; 1302 struct usb_gadget *gadget = dev->gadget; 1303 long ret = -ENOTTY; 1304 1305 if (gadget->ops->ioctl) 1306 ret = gadget->ops->ioctl (gadget, code, value); 1307 1308 return ret; 1309} 1310 1311/* used after device configuration */ 1312static const struct file_operations ep0_io_operations = { 1313 .owner = THIS_MODULE, 1314 .llseek = no_llseek, 1315 1316 .read = ep0_read, 1317 .write = ep0_write, 1318 .fasync = ep0_fasync, 1319 .poll = ep0_poll, 1320 .unlocked_ioctl = dev_ioctl, 1321 .release = dev_release, 1322}; 1323 1324/*----------------------------------------------------------------------*/ 1325 1326/* The in-kernel gadget driver handles most ep0 issues, in particular 1327 * enumerating the single configuration (as provided from user space). 1328 * 1329 * Unrecognized ep0 requests may be handled in user space. 1330 */ 1331 1332#ifdef CONFIG_USB_GADGET_DUALSPEED 1333static void make_qualifier (struct dev_data *dev) 1334{ 1335 struct usb_qualifier_descriptor qual; 1336 struct usb_device_descriptor *desc; 1337 1338 qual.bLength = sizeof qual; 1339 qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER; 1340 qual.bcdUSB = cpu_to_le16 (0x0200); 1341 1342 desc = dev->dev; 1343 qual.bDeviceClass = desc->bDeviceClass; 1344 qual.bDeviceSubClass = desc->bDeviceSubClass; 1345 qual.bDeviceProtocol = desc->bDeviceProtocol; 1346 1347 /* assumes ep0 uses the same value for both speeds ... */ 1348 qual.bMaxPacketSize0 = desc->bMaxPacketSize0; 1349 1350 qual.bNumConfigurations = 1; 1351 qual.bRESERVED = 0; 1352 1353 memcpy (dev->rbuf, &qual, sizeof qual); 1354} 1355#endif 1356 1357static int 1358config_buf (struct dev_data *dev, u8 type, unsigned index) 1359{ 1360 int len; 1361 int hs = 0; 1362 1363 /* only one configuration */ 1364 if (index > 0) 1365 return -EINVAL; 1366 1367 if (gadget_is_dualspeed(dev->gadget)) { 1368 hs = (dev->gadget->speed == USB_SPEED_HIGH); 1369 if (type == USB_DT_OTHER_SPEED_CONFIG) 1370 hs = !hs; 1371 } 1372 if (hs) { 1373 dev->req->buf = dev->hs_config; 1374 len = le16_to_cpu(dev->hs_config->wTotalLength); 1375 } else { 1376 dev->req->buf = dev->config; 1377 len = le16_to_cpu(dev->config->wTotalLength); 1378 } 1379 ((u8 *)dev->req->buf) [1] = type; 1380 return len; 1381} 1382 1383static int 1384gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) 1385{ 1386 struct dev_data *dev = get_gadget_data (gadget); 1387 struct usb_request *req = dev->req; 1388 int value = -EOPNOTSUPP; 1389 struct usb_gadgetfs_event *event; 1390 u16 w_value = le16_to_cpu(ctrl->wValue); 1391 u16 w_length = le16_to_cpu(ctrl->wLength); 1392 1393 spin_lock (&dev->lock); 1394 dev->setup_abort = 0; 1395 if (dev->state == STATE_DEV_UNCONNECTED) { 1396 if (gadget_is_dualspeed(gadget) 1397 && gadget->speed == USB_SPEED_HIGH 1398 && dev->hs_config == NULL) { 1399 spin_unlock(&dev->lock); 1400 ERROR (dev, "no high speed config??\n"); 1401 return -EINVAL; 1402 } 1403 1404 dev->state = STATE_DEV_CONNECTED; 1405 dev->dev->bMaxPacketSize0 = gadget->ep0->maxpacket; 1406 1407 INFO (dev, "connected\n"); 1408 event = next_event (dev, GADGETFS_CONNECT); 1409 event->u.speed = gadget->speed; 1410 ep0_readable (dev); 1411 1412 /* host may have given up waiting for response. we can miss control 1413 * requests handled lower down (device/endpoint status and features); 1414 * then ep0_{read,write} will report the wrong status. controller 1415 * driver will have aborted pending i/o. 1416 */ 1417 } else if (dev->state == STATE_DEV_SETUP) 1418 dev->setup_abort = 1; 1419 1420 req->buf = dev->rbuf; 1421 req->dma = DMA_ADDR_INVALID; 1422 req->context = NULL; 1423 value = -EOPNOTSUPP; 1424 switch (ctrl->bRequest) { 1425 1426 case USB_REQ_GET_DESCRIPTOR: 1427 if (ctrl->bRequestType != USB_DIR_IN) 1428 goto unrecognized; 1429 switch (w_value >> 8) { 1430 1431 case USB_DT_DEVICE: 1432 value = min (w_length, (u16) sizeof *dev->dev); 1433 req->buf = dev->dev; 1434 break; 1435#ifdef CONFIG_USB_GADGET_DUALSPEED 1436 case USB_DT_DEVICE_QUALIFIER: 1437 if (!dev->hs_config) 1438 break; 1439 value = min (w_length, (u16) 1440 sizeof (struct usb_qualifier_descriptor)); 1441 make_qualifier (dev); 1442 break; 1443 case USB_DT_OTHER_SPEED_CONFIG: 1444 // FALLTHROUGH 1445#endif 1446 case USB_DT_CONFIG: 1447 value = config_buf (dev, 1448 w_value >> 8, 1449 w_value & 0xff); 1450 if (value >= 0) 1451 value = min (w_length, (u16) value); 1452 break; 1453 case USB_DT_STRING: 1454 goto unrecognized; 1455 1456 default: // all others are errors 1457 break; 1458 } 1459 break; 1460 1461 /* currently one config, two speeds */ 1462 case USB_REQ_SET_CONFIGURATION: 1463 if (ctrl->bRequestType != 0) 1464 goto unrecognized; 1465 if (0 == (u8) w_value) { 1466 value = 0; 1467 dev->current_config = 0; 1468 usb_gadget_vbus_draw(gadget, 8 /* mA */ ); 1469 // user mode expected to disable endpoints 1470 } else { 1471 u8 config, power; 1472 1473 if (gadget_is_dualspeed(gadget) 1474 && gadget->speed == USB_SPEED_HIGH) { 1475 config = dev->hs_config->bConfigurationValue; 1476 power = dev->hs_config->bMaxPower; 1477 } else { 1478 config = dev->config->bConfigurationValue; 1479 power = dev->config->bMaxPower; 1480 } 1481 1482 if (config == (u8) w_value) { 1483 value = 0; 1484 dev->current_config = config; 1485 usb_gadget_vbus_draw(gadget, 2 * power); 1486 } 1487 } 1488 1489 /* report SET_CONFIGURATION like any other control request, 1490 * except that usermode may not stall this. the next 1491 * request mustn't be allowed start until this finishes: 1492 * endpoints and threads set up, etc. 1493 * 1494 * NOTE: older PXA hardware (before PXA 255: without UDCCFR) 1495 * has bad/racey automagic that prevents synchronizing here. 1496 * even kernel mode drivers often miss them. 1497 */ 1498 if (value == 0) { 1499 INFO (dev, "configuration #%d\n", dev->current_config); 1500 if (dev->usermode_setup) { 1501 dev->setup_can_stall = 0; 1502 goto delegate; 1503 } 1504 } 1505 break; 1506 1507#ifndef CONFIG_USB_GADGET_PXA25X 1508 /* PXA automagically handles this request too */ 1509 case USB_REQ_GET_CONFIGURATION: 1510 if (ctrl->bRequestType != 0x80) 1511 goto unrecognized; 1512 *(u8 *)req->buf = dev->current_config; 1513 value = min (w_length, (u16) 1); 1514 break; 1515#endif 1516 1517 default: 1518unrecognized: 1519 VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n", 1520 dev->usermode_setup ? "delegate" : "fail", 1521 ctrl->bRequestType, ctrl->bRequest, 1522 w_value, le16_to_cpu(ctrl->wIndex), w_length); 1523 1524 /* if there's an ep0 reader, don't stall */ 1525 if (dev->usermode_setup) { 1526 dev->setup_can_stall = 1; 1527delegate: 1528 dev->setup_in = (ctrl->bRequestType & USB_DIR_IN) 1529 ? 1 : 0; 1530 dev->setup_wLength = w_length; 1531 dev->setup_out_ready = 0; 1532 dev->setup_out_error = 0; 1533 value = 0; 1534 1535 /* read DATA stage for OUT right away */ 1536 if (unlikely (!dev->setup_in && w_length)) { 1537 value = setup_req (gadget->ep0, dev->req, 1538 w_length); 1539 if (value < 0) 1540 break; 1541 value = usb_ep_queue (gadget->ep0, dev->req, 1542 GFP_ATOMIC); 1543 if (value < 0) { 1544 clean_req (gadget->ep0, dev->req); 1545 break; 1546 } 1547 1548 /* we can't currently stall these */ 1549 dev->setup_can_stall = 0; 1550 } 1551 1552 /* state changes when reader collects event */ 1553 event = next_event (dev, GADGETFS_SETUP); 1554 event->u.setup = *ctrl; 1555 ep0_readable (dev); 1556 spin_unlock (&dev->lock); 1557 return 0; 1558 } 1559 } 1560 1561 /* proceed with data transfer and status phases? */ 1562 if (value >= 0 && dev->state != STATE_DEV_SETUP) { 1563 req->length = value; 1564 req->zero = value < w_length; 1565 value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC); 1566 if (value < 0) { 1567 DBG (dev, "ep_queue --> %d\n", value); 1568 req->status = 0; 1569 } 1570 } 1571 1572 /* device stalls when value < 0 */ 1573 spin_unlock (&dev->lock); 1574 return value; 1575} 1576 1577static void destroy_ep_files (struct dev_data *dev) 1578{ 1579 struct list_head *entry, *tmp; 1580 1581 DBG (dev, "%s %d\n", __func__, dev->state); 1582 1583 /* dev->state must prevent interference */ 1584restart: 1585 spin_lock_irq (&dev->lock); 1586 list_for_each_safe (entry, tmp, &dev->epfiles) { 1587 struct ep_data *ep; 1588 struct inode *parent; 1589 struct dentry *dentry; 1590 1591 /* break link to FS */ 1592 ep = list_entry (entry, struct ep_data, epfiles); 1593 list_del_init (&ep->epfiles); 1594 dentry = ep->dentry; 1595 ep->dentry = NULL; 1596 parent = dentry->d_parent->d_inode; 1597 1598 /* break link to controller */ 1599 if (ep->state == STATE_EP_ENABLED) 1600 (void) usb_ep_disable (ep->ep); 1601 ep->state = STATE_EP_UNBOUND; 1602 usb_ep_free_request (ep->ep, ep->req); 1603 ep->ep = NULL; 1604 wake_up (&ep->wait); 1605 put_ep (ep); 1606 1607 spin_unlock_irq (&dev->lock); 1608 1609 /* break link to dcache */ 1610 mutex_lock (&parent->i_mutex); 1611 d_delete (dentry); 1612 dput (dentry); 1613 mutex_unlock (&parent->i_mutex); 1614 1615 /* fds may still be open */ 1616 goto restart; 1617 } 1618 spin_unlock_irq (&dev->lock); 1619} 1620 1621 1622static struct inode * 1623gadgetfs_create_file (struct super_block *sb, char const *name, 1624 void *data, const struct file_operations *fops, 1625 struct dentry **dentry_p); 1626 1627static int activate_ep_files (struct dev_data *dev) 1628{ 1629 struct usb_ep *ep; 1630 struct ep_data *data; 1631 1632 gadget_for_each_ep (ep, dev->gadget) { 1633 1634 data = kzalloc(sizeof(*data), GFP_KERNEL); 1635 if (!data) 1636 goto enomem0; 1637 data->state = STATE_EP_DISABLED; 1638 mutex_init(&data->lock); 1639 init_waitqueue_head (&data->wait); 1640 1641 strncpy (data->name, ep->name, sizeof (data->name) - 1); 1642 atomic_set (&data->count, 1); 1643 data->dev = dev; 1644 get_dev (dev); 1645 1646 data->ep = ep; 1647 ep->driver_data = data; 1648 1649 data->req = usb_ep_alloc_request (ep, GFP_KERNEL); 1650 if (!data->req) 1651 goto enomem1; 1652 1653 data->inode = gadgetfs_create_file (dev->sb, data->name, 1654 data, &ep_config_operations, 1655 &data->dentry); 1656 if (!data->inode) 1657 goto enomem2; 1658 list_add_tail (&data->epfiles, &dev->epfiles); 1659 } 1660 return 0; 1661 1662enomem2: 1663 usb_ep_free_request (ep, data->req); 1664enomem1: 1665 put_dev (dev); 1666 kfree (data); 1667enomem0: 1668 DBG (dev, "%s enomem\n", __func__); 1669 destroy_ep_files (dev); 1670 return -ENOMEM; 1671} 1672 1673static void 1674gadgetfs_unbind (struct usb_gadget *gadget) 1675{ 1676 struct dev_data *dev = get_gadget_data (gadget); 1677 1678 DBG (dev, "%s\n", __func__); 1679 1680 spin_lock_irq (&dev->lock); 1681 dev->state = STATE_DEV_UNBOUND; 1682 spin_unlock_irq (&dev->lock); 1683 1684 destroy_ep_files (dev); 1685 gadget->ep0->driver_data = NULL; 1686 set_gadget_data (gadget, NULL); 1687 1688 /* we've already been disconnected ... no i/o is active */ 1689 if (dev->req) 1690 usb_ep_free_request (gadget->ep0, dev->req); 1691 DBG (dev, "%s done\n", __func__); 1692 put_dev (dev); 1693} 1694 1695static struct dev_data *the_device; 1696 1697static int 1698gadgetfs_bind (struct usb_gadget *gadget) 1699{ 1700 struct dev_data *dev = the_device; 1701 1702 if (!dev) 1703 return -ESRCH; 1704 if (0 != strcmp (CHIP, gadget->name)) { 1705 pr_err("%s expected %s controller not %s\n", 1706 shortname, CHIP, gadget->name); 1707 return -ENODEV; 1708 } 1709 1710 set_gadget_data (gadget, dev); 1711 dev->gadget = gadget; 1712 gadget->ep0->driver_data = dev; 1713 dev->dev->bMaxPacketSize0 = gadget->ep0->maxpacket; 1714 1715 /* preallocate control response and buffer */ 1716 dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL); 1717 if (!dev->req) 1718 goto enomem; 1719 dev->req->context = NULL; 1720 dev->req->complete = epio_complete; 1721 1722 if (activate_ep_files (dev) < 0) 1723 goto enomem; 1724 1725 INFO (dev, "bound to %s driver\n", gadget->name); 1726 spin_lock_irq(&dev->lock); 1727 dev->state = STATE_DEV_UNCONNECTED; 1728 spin_unlock_irq(&dev->lock); 1729 get_dev (dev); 1730 return 0; 1731 1732enomem: 1733 gadgetfs_unbind (gadget); 1734 return -ENOMEM; 1735} 1736 1737static void 1738gadgetfs_disconnect (struct usb_gadget *gadget) 1739{ 1740 struct dev_data *dev = get_gadget_data (gadget); 1741 1742 spin_lock (&dev->lock); 1743 if (dev->state == STATE_DEV_UNCONNECTED) 1744 goto exit; 1745 dev->state = STATE_DEV_UNCONNECTED; 1746 1747 INFO (dev, "disconnected\n"); 1748 next_event (dev, GADGETFS_DISCONNECT); 1749 ep0_readable (dev); 1750exit: 1751 spin_unlock (&dev->lock); 1752} 1753 1754static void 1755gadgetfs_suspend (struct usb_gadget *gadget) 1756{ 1757 struct dev_data *dev = get_gadget_data (gadget); 1758 1759 INFO (dev, "suspended from state %d\n", dev->state); 1760 spin_lock (&dev->lock); 1761 switch (dev->state) { 1762 case STATE_DEV_SETUP: // VERY odd... host died?? 1763 case STATE_DEV_CONNECTED: 1764 case STATE_DEV_UNCONNECTED: 1765 next_event (dev, GADGETFS_SUSPEND); 1766 ep0_readable (dev); 1767 /* FALLTHROUGH */ 1768 default: 1769 break; 1770 } 1771 spin_unlock (&dev->lock); 1772} 1773 1774static struct usb_gadget_driver gadgetfs_driver = { 1775#ifdef CONFIG_USB_GADGET_DUALSPEED 1776 .speed = USB_SPEED_HIGH, 1777#else 1778 .speed = USB_SPEED_FULL, 1779#endif 1780 .function = (char *) driver_desc, 1781 .unbind = gadgetfs_unbind, 1782 .setup = gadgetfs_setup, 1783 .disconnect = gadgetfs_disconnect, 1784 .suspend = gadgetfs_suspend, 1785 1786 .driver = { 1787 .name = (char *) shortname, 1788 }, 1789}; 1790 1791/*----------------------------------------------------------------------*/ 1792 1793static void gadgetfs_nop(struct usb_gadget *arg) { } 1794 1795static int gadgetfs_probe (struct usb_gadget *gadget) 1796{ 1797 CHIP = gadget->name; 1798 return -EISNAM; 1799} 1800 1801static struct usb_gadget_driver probe_driver = { 1802 .speed = USB_SPEED_HIGH, 1803 .unbind = gadgetfs_nop, 1804 .setup = (void *)gadgetfs_nop, 1805 .disconnect = gadgetfs_nop, 1806 .driver = { 1807 .name = "nop", 1808 }, 1809}; 1810 1811 1812/* DEVICE INITIALIZATION 1813 * 1814 * fd = open ("/dev/gadget/$CHIP", O_RDWR) 1815 * status = write (fd, descriptors, sizeof descriptors) 1816 * 1817 * That write establishes the device configuration, so the kernel can 1818 * bind to the controller ... guaranteeing it can handle enumeration 1819 * at all necessary speeds. Descriptor order is: 1820 * 1821 * . message tag (u32, host order) ... for now, must be zero; it 1822 * would change to support features like multi-config devices 1823 * . full/low speed config ... all wTotalLength bytes (with interface, 1824 * class, altsetting, endpoint, and other descriptors) 1825 * . high speed config ... all descriptors, for high speed operation; 1826 * this one's optional except for high-speed hardware 1827 * . device descriptor 1828 * 1829 * Endpoints are not yet enabled. Drivers must wait until device 1830 * configuration and interface altsetting changes create 1831 * the need to configure (or unconfigure) them. 1832 * 1833 * After initialization, the device stays active for as long as that 1834 * $CHIP file is open. Events must then be read from that descriptor, 1835 * such as configuration notifications. 1836 */ 1837 1838static int is_valid_config (struct usb_config_descriptor *config) 1839{ 1840 return config->bDescriptorType == USB_DT_CONFIG 1841 && config->bLength == USB_DT_CONFIG_SIZE 1842 && config->bConfigurationValue != 0 1843 && (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0 1844 && (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0; 1845 /* FIXME if gadget->is_otg, _must_ include an otg descriptor */ 1846 /* FIXME check lengths: walk to end */ 1847} 1848 1849static ssize_t 1850dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 1851{ 1852 struct dev_data *dev = fd->private_data; 1853 ssize_t value = len, length = len; 1854 unsigned total; 1855 u32 tag; 1856 char *kbuf; 1857 1858 if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) 1859 return -EINVAL; 1860 1861 /* we might need to change message format someday */ 1862 if (copy_from_user (&tag, buf, 4)) 1863 return -EFAULT; 1864 if (tag != 0) 1865 return -EINVAL; 1866 buf += 4; 1867 length -= 4; 1868 1869 kbuf = memdup_user(buf, length); 1870 if (IS_ERR(kbuf)) 1871 return PTR_ERR(kbuf); 1872 1873 spin_lock_irq (&dev->lock); 1874 value = -EINVAL; 1875 if (dev->buf) 1876 goto fail; 1877 dev->buf = kbuf; 1878 1879 /* full or low speed config */ 1880 dev->config = (void *) kbuf; 1881 total = le16_to_cpu(dev->config->wTotalLength); 1882 if (!is_valid_config (dev->config) || total >= length) 1883 goto fail; 1884 kbuf += total; 1885 length -= total; 1886 1887 /* optional high speed config */ 1888 if (kbuf [1] == USB_DT_CONFIG) { 1889 dev->hs_config = (void *) kbuf; 1890 total = le16_to_cpu(dev->hs_config->wTotalLength); 1891 if (!is_valid_config (dev->hs_config) || total >= length) 1892 goto fail; 1893 kbuf += total; 1894 length -= total; 1895 } 1896 1897 /* could support multiple configs, using another encoding! */ 1898 1899 /* device descriptor (tweaked for paranoia) */ 1900 if (length != USB_DT_DEVICE_SIZE) 1901 goto fail; 1902 dev->dev = (void *)kbuf; 1903 if (dev->dev->bLength != USB_DT_DEVICE_SIZE 1904 || dev->dev->bDescriptorType != USB_DT_DEVICE 1905 || dev->dev->bNumConfigurations != 1) 1906 goto fail; 1907 dev->dev->bNumConfigurations = 1; 1908 dev->dev->bcdUSB = cpu_to_le16 (0x0200); 1909 1910 /* triggers gadgetfs_bind(); then we can enumerate. */ 1911 spin_unlock_irq (&dev->lock); 1912 value = usb_gadget_probe_driver(&gadgetfs_driver, gadgetfs_bind); 1913 if (value != 0) { 1914 kfree (dev->buf); 1915 dev->buf = NULL; 1916 } else { 1917 /* at this point "good" hardware has for the first time 1918 * let the USB the host see us. alternatively, if users 1919 * unplug/replug that will clear all the error state. 1920 * 1921 * note: everything running before here was guaranteed 1922 * to choke driver model style diagnostics. from here 1923 * on, they can work ... except in cleanup paths that 1924 * kick in after the ep0 descriptor is closed. 1925 */ 1926 fd->f_op = &ep0_io_operations; 1927 value = len; 1928 } 1929 return value; 1930 1931fail: 1932 spin_unlock_irq (&dev->lock); 1933 pr_debug ("%s: %s fail %Zd, %p\n", shortname, __func__, value, dev); 1934 kfree (dev->buf); 1935 dev->buf = NULL; 1936 return value; 1937} 1938 1939static int 1940dev_open (struct inode *inode, struct file *fd) 1941{ 1942 struct dev_data *dev = inode->i_private; 1943 int value = -EBUSY; 1944 1945 spin_lock_irq(&dev->lock); 1946 if (dev->state == STATE_DEV_DISABLED) { 1947 dev->ev_next = 0; 1948 dev->state = STATE_DEV_OPENED; 1949 fd->private_data = dev; 1950 get_dev (dev); 1951 value = 0; 1952 } 1953 spin_unlock_irq(&dev->lock); 1954 return value; 1955} 1956 1957static const struct file_operations dev_init_operations = { 1958 .owner = THIS_MODULE, 1959 .llseek = no_llseek, 1960 1961 .open = dev_open, 1962 .write = dev_config, 1963 .fasync = ep0_fasync, 1964 .unlocked_ioctl = dev_ioctl, 1965 .release = dev_release, 1966}; 1967 1968/*----------------------------------------------------------------------*/ 1969 1970/* FILESYSTEM AND SUPERBLOCK OPERATIONS 1971 * 1972 * Mounting the filesystem creates a controller file, used first for 1973 * device configuration then later for event monitoring. 1974 */ 1975 1976 1977/* FIXME PAM etc could set this security policy without mount options 1978 * if epfiles inherited ownership and permissons from ep0 ... 1979 */ 1980 1981static unsigned default_uid; 1982static unsigned default_gid; 1983static unsigned default_perm = S_IRUSR | S_IWUSR; 1984 1985module_param (default_uid, uint, 0644); 1986module_param (default_gid, uint, 0644); 1987module_param (default_perm, uint, 0644); 1988 1989 1990static struct inode * 1991gadgetfs_make_inode (struct super_block *sb, 1992 void *data, const struct file_operations *fops, 1993 int mode) 1994{ 1995 struct inode *inode = new_inode (sb); 1996 1997 if (inode) { 1998 inode->i_ino = get_next_ino(); 1999 inode->i_mode = mode; 2000 inode->i_uid = default_uid; 2001 inode->i_gid = default_gid; 2002 inode->i_atime = inode->i_mtime = inode->i_ctime 2003 = CURRENT_TIME; 2004 inode->i_private = data; 2005 inode->i_fop = fops; 2006 } 2007 return inode; 2008} 2009 2010/* creates in fs root directory, so non-renamable and non-linkable. 2011 * so inode and dentry are paired, until device reconfig. 2012 */ 2013static struct inode * 2014gadgetfs_create_file (struct super_block *sb, char const *name, 2015 void *data, const struct file_operations *fops, 2016 struct dentry **dentry_p) 2017{ 2018 struct dentry *dentry; 2019 struct inode *inode; 2020 2021 dentry = d_alloc_name(sb->s_root, name); 2022 if (!dentry) 2023 return NULL; 2024 2025 inode = gadgetfs_make_inode (sb, data, fops, 2026 S_IFREG | (default_perm & S_IRWXUGO)); 2027 if (!inode) { 2028 dput(dentry); 2029 return NULL; 2030 } 2031 d_add (dentry, inode); 2032 *dentry_p = dentry; 2033 return inode; 2034} 2035 2036static const struct super_operations gadget_fs_operations = { 2037 .statfs = simple_statfs, 2038 .drop_inode = generic_delete_inode, 2039}; 2040 2041static int 2042gadgetfs_fill_super (struct super_block *sb, void *opts, int silent) 2043{ 2044 struct inode *inode; 2045 struct dentry *d; 2046 struct dev_data *dev; 2047 2048 if (the_device) 2049 return -ESRCH; 2050 2051 /* fake probe to determine $CHIP */ 2052 (void) usb_gadget_probe_driver(&probe_driver, gadgetfs_probe); 2053 if (!CHIP) 2054 return -ENODEV; 2055 2056 /* superblock */ 2057 sb->s_blocksize = PAGE_CACHE_SIZE; 2058 sb->s_blocksize_bits = PAGE_CACHE_SHIFT; 2059 sb->s_magic = GADGETFS_MAGIC; 2060 sb->s_op = &gadget_fs_operations; 2061 sb->s_time_gran = 1; 2062 2063 /* root inode */ 2064 inode = gadgetfs_make_inode (sb, 2065 NULL, &simple_dir_operations, 2066 S_IFDIR | S_IRUGO | S_IXUGO); 2067 if (!inode) 2068 goto enomem0; 2069 inode->i_op = &simple_dir_inode_operations; 2070 if (!(d = d_alloc_root (inode))) 2071 goto enomem1; 2072 sb->s_root = d; 2073 2074 /* the ep0 file is named after the controller we expect; 2075 * user mode code can use it for sanity checks, like we do. 2076 */ 2077 dev = dev_new (); 2078 if (!dev) 2079 goto enomem2; 2080 2081 dev->sb = sb; 2082 if (!gadgetfs_create_file (sb, CHIP, 2083 dev, &dev_init_operations, 2084 &dev->dentry)) 2085 goto enomem3; 2086 2087 /* other endpoint files are available after hardware setup, 2088 * from binding to a controller. 2089 */ 2090 the_device = dev; 2091 return 0; 2092 2093enomem3: 2094 put_dev (dev); 2095enomem2: 2096 dput (d); 2097enomem1: 2098 iput (inode); 2099enomem0: 2100 return -ENOMEM; 2101} 2102 2103/* "mount -t gadgetfs path /dev/gadget" ends up here */ 2104static struct dentry * 2105gadgetfs_mount (struct file_system_type *t, int flags, 2106 const char *path, void *opts) 2107{ 2108 return mount_single (t, flags, opts, gadgetfs_fill_super); 2109} 2110 2111static void 2112gadgetfs_kill_sb (struct super_block *sb) 2113{ 2114 kill_litter_super (sb); 2115 if (the_device) { 2116 put_dev (the_device); 2117 the_device = NULL; 2118 } 2119} 2120 2121/*----------------------------------------------------------------------*/ 2122 2123static struct file_system_type gadgetfs_type = { 2124 .owner = THIS_MODULE, 2125 .name = shortname, 2126 .mount = gadgetfs_mount, 2127 .kill_sb = gadgetfs_kill_sb, 2128}; 2129 2130/*----------------------------------------------------------------------*/ 2131 2132static int __init init (void) 2133{ 2134 int status; 2135 2136 status = register_filesystem (&gadgetfs_type); 2137 if (status == 0) 2138 pr_info ("%s: %s, version " DRIVER_VERSION "\n", 2139 shortname, driver_desc); 2140 return status; 2141} 2142module_init (init); 2143 2144static void __exit cleanup (void) 2145{ 2146 pr_debug ("unregister %s\n", shortname); 2147 unregister_filesystem (&gadgetfs_type); 2148} 2149module_exit (cleanup); 2150 2151