1 // SPDX-License-Identifier: GPL-2.0
3 * USB Raw Gadget driver.
4 * See Documentation/usb/raw-gadget.rst for more details.
6 * Copyright (c) 2020 Google, Inc.
7 * Author: Andrey Konovalov <andreyknvl@gmail.com>
10 #include <linux/compiler.h>
11 #include <linux/ctype.h>
12 #include <linux/debugfs.h>
13 #include <linux/delay.h>
14 #include <linux/kref.h>
15 #include <linux/miscdevice.h>
16 #include <linux/module.h>
17 #include <linux/semaphore.h>
18 #include <linux/sched.h>
19 #include <linux/slab.h>
20 #include <linux/uaccess.h>
21 #include <linux/wait.h>
23 #include <linux/usb.h>
24 #include <linux/usb/ch9.h>
25 #include <linux/usb/ch11.h>
26 #include <linux/usb/gadget.h>
28 #include <uapi/linux/usb/raw_gadget.h>
30 #define DRIVER_DESC "USB Raw Gadget"
31 #define DRIVER_NAME "raw-gadget"
33 MODULE_DESCRIPTION(DRIVER_DESC);
34 MODULE_AUTHOR("Andrey Konovalov");
35 MODULE_LICENSE("GPL");
37 /*----------------------------------------------------------------------*/
39 #define RAW_EVENT_QUEUE_SIZE 16
41 struct raw_event_queue {
42 /* See the comment in raw_event_queue_fetch() for locking details. */
44 struct semaphore sema;
45 struct usb_raw_event *events[RAW_EVENT_QUEUE_SIZE];
49 static void raw_event_queue_init(struct raw_event_queue *queue)
51 spin_lock_init(&queue->lock);
52 sema_init(&queue->sema, 0);
56 static int raw_event_queue_add(struct raw_event_queue *queue,
57 enum usb_raw_event_type type, size_t length, const void *data)
60 struct usb_raw_event *event;
62 spin_lock_irqsave(&queue->lock, flags);
63 if (WARN_ON(queue->size >= RAW_EVENT_QUEUE_SIZE)) {
64 spin_unlock_irqrestore(&queue->lock, flags);
67 event = kmalloc(sizeof(*event) + length, GFP_ATOMIC);
69 spin_unlock_irqrestore(&queue->lock, flags);
73 event->length = length;
75 memcpy(&event->data[0], data, length);
76 queue->events[queue->size] = event;
79 spin_unlock_irqrestore(&queue->lock, flags);
83 static struct usb_raw_event *raw_event_queue_fetch(
84 struct raw_event_queue *queue)
88 struct usb_raw_event *event;
91 * This function can be called concurrently. We first check that
92 * there's at least one event queued by decrementing the semaphore,
93 * and then take the lock to protect queue struct fields.
95 ret = down_interruptible(&queue->sema);
98 spin_lock_irqsave(&queue->lock, flags);
100 * queue->size must have the same value as queue->sema counter (before
101 * the down_interruptible() call above), so this check is a fail-safe.
103 if (WARN_ON(!queue->size)) {
104 spin_unlock_irqrestore(&queue->lock, flags);
105 return ERR_PTR(-ENODEV);
107 event = queue->events[0];
109 memmove(&queue->events[0], &queue->events[1],
110 queue->size * sizeof(queue->events[0]));
111 spin_unlock_irqrestore(&queue->lock, flags);
115 static void raw_event_queue_destroy(struct raw_event_queue *queue)
119 for (i = 0; i < queue->size; i++)
120 kfree(queue->events[i]);
124 /*----------------------------------------------------------------------*/
138 struct usb_request *req;
145 STATE_DEV_INVALID = 0,
147 STATE_DEV_INITIALIZED,
148 STATE_DEV_REGISTERING,
158 const char *udc_name;
159 struct usb_gadget_driver driver;
161 /* Reference to misc device: */
164 /* Protected by lock: */
165 enum dev_state state;
166 bool gadget_registered;
167 struct usb_gadget *gadget;
168 struct usb_request *req;
170 bool ep0_out_pending;
173 struct raw_ep eps[USB_RAW_EPS_NUM_MAX];
176 struct completion ep0_done;
177 struct raw_event_queue queue;
180 static struct raw_dev *dev_new(void)
184 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
187 /* Matches kref_put() in raw_release(). */
188 kref_init(&dev->count);
189 spin_lock_init(&dev->lock);
190 init_completion(&dev->ep0_done);
191 raw_event_queue_init(&dev->queue);
195 static void dev_free(struct kref *kref)
197 struct raw_dev *dev = container_of(kref, struct raw_dev, count);
200 kfree(dev->udc_name);
201 kfree(dev->driver.udc_name);
203 if (dev->ep0_urb_queued)
204 usb_ep_dequeue(dev->gadget->ep0, dev->req);
205 usb_ep_free_request(dev->gadget->ep0, dev->req);
207 raw_event_queue_destroy(&dev->queue);
208 for (i = 0; i < dev->eps_num; i++) {
209 if (dev->eps[i].state == STATE_EP_DISABLED)
211 usb_ep_disable(dev->eps[i].ep);
212 usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req);
213 kfree(dev->eps[i].ep->desc);
214 dev->eps[i].state = STATE_EP_DISABLED;
219 /*----------------------------------------------------------------------*/
221 static int raw_queue_event(struct raw_dev *dev,
222 enum usb_raw_event_type type, size_t length, const void *data)
227 ret = raw_event_queue_add(&dev->queue, type, length, data);
229 spin_lock_irqsave(&dev->lock, flags);
230 dev->state = STATE_DEV_FAILED;
231 spin_unlock_irqrestore(&dev->lock, flags);
236 static void gadget_ep0_complete(struct usb_ep *ep, struct usb_request *req)
238 struct raw_dev *dev = req->context;
241 spin_lock_irqsave(&dev->lock, flags);
243 dev->ep0_status = req->status;
245 dev->ep0_status = req->actual;
246 if (dev->ep0_in_pending)
247 dev->ep0_in_pending = false;
249 dev->ep0_out_pending = false;
250 spin_unlock_irqrestore(&dev->lock, flags);
252 complete(&dev->ep0_done);
255 static u8 get_ep_addr(const char *name)
257 /* If the endpoint has fixed function (named as e.g. "ep12out-bulk"),
258 * parse the endpoint address from its name. We deliberately use
259 * deprecated simple_strtoul() function here, as the number isn't
260 * followed by '\0' nor '\n'.
262 if (isdigit(name[2]))
263 return simple_strtoul(&name[2], NULL, 10);
264 /* Otherwise the endpoint is configurable (named as e.g. "ep-a"). */
265 return USB_RAW_EP_ADDR_ANY;
268 static int gadget_bind(struct usb_gadget *gadget,
269 struct usb_gadget_driver *driver)
272 struct raw_dev *dev = container_of(driver, struct raw_dev, driver);
273 struct usb_request *req;
277 if (strcmp(gadget->name, dev->udc_name) != 0)
280 set_gadget_data(gadget, dev);
281 req = usb_ep_alloc_request(gadget->ep0, GFP_KERNEL);
283 dev_err(&gadget->dev, "usb_ep_alloc_request failed\n");
284 set_gadget_data(gadget, NULL);
288 spin_lock_irqsave(&dev->lock, flags);
290 dev->req->context = dev;
291 dev->req->complete = gadget_ep0_complete;
292 dev->gadget = gadget;
293 gadget_for_each_ep(ep, dev->gadget) {
295 dev->eps[i].addr = get_ep_addr(ep->name);
296 dev->eps[i].state = STATE_EP_DISABLED;
300 spin_unlock_irqrestore(&dev->lock, flags);
302 /* Matches kref_put() in gadget_unbind(). */
303 kref_get(&dev->count);
305 ret = raw_queue_event(dev, USB_RAW_EVENT_CONNECT, 0, NULL);
307 dev_err(&gadget->dev, "failed to queue event\n");
312 static void gadget_unbind(struct usb_gadget *gadget)
314 struct raw_dev *dev = get_gadget_data(gadget);
316 set_gadget_data(gadget, NULL);
317 /* Matches kref_get() in gadget_bind(). */
318 kref_put(&dev->count, dev_free);
321 static int gadget_setup(struct usb_gadget *gadget,
322 const struct usb_ctrlrequest *ctrl)
325 struct raw_dev *dev = get_gadget_data(gadget);
328 spin_lock_irqsave(&dev->lock, flags);
329 if (dev->state != STATE_DEV_RUNNING) {
330 dev_err(&gadget->dev, "ignoring, device is not running\n");
334 if (dev->ep0_in_pending || dev->ep0_out_pending) {
335 dev_dbg(&gadget->dev, "stalling, request already pending\n");
339 if ((ctrl->bRequestType & USB_DIR_IN) && ctrl->wLength)
340 dev->ep0_in_pending = true;
342 dev->ep0_out_pending = true;
343 spin_unlock_irqrestore(&dev->lock, flags);
345 ret = raw_queue_event(dev, USB_RAW_EVENT_CONTROL, sizeof(*ctrl), ctrl);
347 dev_err(&gadget->dev, "failed to queue event\n");
351 spin_unlock_irqrestore(&dev->lock, flags);
356 /* These are currently unused but present in case UDC driver requires them. */
357 static void gadget_disconnect(struct usb_gadget *gadget) { }
358 static void gadget_suspend(struct usb_gadget *gadget) { }
359 static void gadget_resume(struct usb_gadget *gadget) { }
360 static void gadget_reset(struct usb_gadget *gadget) { }
362 /*----------------------------------------------------------------------*/
364 static struct miscdevice raw_misc_device;
366 static int raw_open(struct inode *inode, struct file *fd)
370 /* Nonblocking I/O is not supported yet. */
371 if (fd->f_flags & O_NONBLOCK)
377 fd->private_data = dev;
378 dev->state = STATE_DEV_OPENED;
379 dev->dev = raw_misc_device.this_device;
383 static int raw_release(struct inode *inode, struct file *fd)
386 struct raw_dev *dev = fd->private_data;
388 bool unregister = false;
390 spin_lock_irqsave(&dev->lock, flags);
391 dev->state = STATE_DEV_CLOSED;
393 spin_unlock_irqrestore(&dev->lock, flags);
396 if (dev->gadget_registered)
398 dev->gadget_registered = false;
399 spin_unlock_irqrestore(&dev->lock, flags);
402 ret = usb_gadget_unregister_driver(&dev->driver);
405 "usb_gadget_unregister_driver() failed with %d\n",
407 /* Matches kref_get() in raw_ioctl_run(). */
408 kref_put(&dev->count, dev_free);
412 /* Matches dev_new() in raw_open(). */
413 kref_put(&dev->count, dev_free);
417 /*----------------------------------------------------------------------*/
419 static int raw_ioctl_init(struct raw_dev *dev, unsigned long value)
422 struct usb_raw_init arg;
423 char *udc_driver_name;
424 char *udc_device_name;
427 if (copy_from_user(&arg, (void __user *)value, sizeof(arg)))
431 case USB_SPEED_UNKNOWN:
432 arg.speed = USB_SPEED_HIGH;
437 case USB_SPEED_SUPER:
443 udc_driver_name = kmalloc(UDC_NAME_LENGTH_MAX, GFP_KERNEL);
444 if (!udc_driver_name)
446 ret = strscpy(udc_driver_name, &arg.driver_name[0],
447 UDC_NAME_LENGTH_MAX);
449 kfree(udc_driver_name);
454 udc_device_name = kmalloc(UDC_NAME_LENGTH_MAX, GFP_KERNEL);
455 if (!udc_device_name) {
456 kfree(udc_driver_name);
459 ret = strscpy(udc_device_name, &arg.device_name[0],
460 UDC_NAME_LENGTH_MAX);
462 kfree(udc_driver_name);
463 kfree(udc_device_name);
468 spin_lock_irqsave(&dev->lock, flags);
469 if (dev->state != STATE_DEV_OPENED) {
470 dev_dbg(dev->dev, "fail, device is not opened\n");
471 kfree(udc_driver_name);
472 kfree(udc_device_name);
476 dev->udc_name = udc_driver_name;
478 dev->driver.function = DRIVER_DESC;
479 dev->driver.max_speed = arg.speed;
480 dev->driver.setup = gadget_setup;
481 dev->driver.disconnect = gadget_disconnect;
482 dev->driver.bind = gadget_bind;
483 dev->driver.unbind = gadget_unbind;
484 dev->driver.suspend = gadget_suspend;
485 dev->driver.resume = gadget_resume;
486 dev->driver.reset = gadget_reset;
487 dev->driver.driver.name = DRIVER_NAME;
488 dev->driver.udc_name = udc_device_name;
489 dev->driver.match_existing_only = 1;
491 dev->state = STATE_DEV_INITIALIZED;
494 spin_unlock_irqrestore(&dev->lock, flags);
498 static int raw_ioctl_run(struct raw_dev *dev, unsigned long value)
506 spin_lock_irqsave(&dev->lock, flags);
507 if (dev->state != STATE_DEV_INITIALIZED) {
508 dev_dbg(dev->dev, "fail, device is not initialized\n");
512 dev->state = STATE_DEV_REGISTERING;
513 spin_unlock_irqrestore(&dev->lock, flags);
515 ret = usb_gadget_probe_driver(&dev->driver);
517 spin_lock_irqsave(&dev->lock, flags);
520 "fail, usb_gadget_probe_driver returned %d\n", ret);
521 dev->state = STATE_DEV_FAILED;
524 dev->gadget_registered = true;
525 dev->state = STATE_DEV_RUNNING;
526 /* Matches kref_put() in raw_release(). */
527 kref_get(&dev->count);
530 spin_unlock_irqrestore(&dev->lock, flags);
534 static int raw_ioctl_event_fetch(struct raw_dev *dev, unsigned long value)
536 struct usb_raw_event arg;
538 struct usb_raw_event *event;
541 if (copy_from_user(&arg, (void __user *)value, sizeof(arg)))
544 spin_lock_irqsave(&dev->lock, flags);
545 if (dev->state != STATE_DEV_RUNNING) {
546 dev_dbg(dev->dev, "fail, device is not running\n");
547 spin_unlock_irqrestore(&dev->lock, flags);
551 dev_dbg(dev->dev, "fail, gadget is not bound\n");
552 spin_unlock_irqrestore(&dev->lock, flags);
555 spin_unlock_irqrestore(&dev->lock, flags);
557 event = raw_event_queue_fetch(&dev->queue);
558 if (PTR_ERR(event) == -EINTR) {
559 dev_dbg(&dev->gadget->dev, "event fetching interrupted\n");
563 dev_err(&dev->gadget->dev, "failed to fetch event\n");
564 spin_lock_irqsave(&dev->lock, flags);
565 dev->state = STATE_DEV_FAILED;
566 spin_unlock_irqrestore(&dev->lock, flags);
569 length = min(arg.length, event->length);
570 if (copy_to_user((void __user *)value, event, sizeof(*event) + length)) {
579 static void *raw_alloc_io_data(struct usb_raw_ep_io *io, void __user *ptr,
584 if (copy_from_user(io, ptr, sizeof(*io)))
585 return ERR_PTR(-EFAULT);
586 if (io->ep >= USB_RAW_EPS_NUM_MAX)
587 return ERR_PTR(-EINVAL);
588 if (!usb_raw_io_flags_valid(io->flags))
589 return ERR_PTR(-EINVAL);
590 if (io->length > PAGE_SIZE)
591 return ERR_PTR(-EINVAL);
593 data = memdup_user(ptr + sizeof(*io), io->length);
595 data = kmalloc(io->length, GFP_KERNEL);
597 data = ERR_PTR(-ENOMEM);
602 static int raw_process_ep0_io(struct raw_dev *dev, struct usb_raw_ep_io *io,
608 spin_lock_irqsave(&dev->lock, flags);
609 if (dev->state != STATE_DEV_RUNNING) {
610 dev_dbg(dev->dev, "fail, device is not running\n");
615 dev_dbg(dev->dev, "fail, gadget is not bound\n");
619 if (dev->ep0_urb_queued) {
620 dev_dbg(&dev->gadget->dev, "fail, urb already queued\n");
624 if ((in && !dev->ep0_in_pending) ||
625 (!in && !dev->ep0_out_pending)) {
626 dev_dbg(&dev->gadget->dev, "fail, wrong direction\n");
630 if (WARN_ON(in && dev->ep0_out_pending)) {
632 dev->state = STATE_DEV_FAILED;
635 if (WARN_ON(!in && dev->ep0_in_pending)) {
637 dev->state = STATE_DEV_FAILED;
641 dev->req->buf = data;
642 dev->req->length = io->length;
643 dev->req->zero = usb_raw_io_flags_zero(io->flags);
644 dev->ep0_urb_queued = true;
645 spin_unlock_irqrestore(&dev->lock, flags);
647 ret = usb_ep_queue(dev->gadget->ep0, dev->req, GFP_KERNEL);
649 dev_err(&dev->gadget->dev,
650 "fail, usb_ep_queue returned %d\n", ret);
651 spin_lock_irqsave(&dev->lock, flags);
652 dev->state = STATE_DEV_FAILED;
656 ret = wait_for_completion_interruptible(&dev->ep0_done);
658 dev_dbg(&dev->gadget->dev, "wait interrupted\n");
659 usb_ep_dequeue(dev->gadget->ep0, dev->req);
660 wait_for_completion(&dev->ep0_done);
661 spin_lock_irqsave(&dev->lock, flags);
665 spin_lock_irqsave(&dev->lock, flags);
666 ret = dev->ep0_status;
669 dev->ep0_urb_queued = false;
671 spin_unlock_irqrestore(&dev->lock, flags);
675 static int raw_ioctl_ep0_write(struct raw_dev *dev, unsigned long value)
679 struct usb_raw_ep_io io;
681 data = raw_alloc_io_data(&io, (void __user *)value, true);
683 return PTR_ERR(data);
684 ret = raw_process_ep0_io(dev, &io, data, true);
689 static int raw_ioctl_ep0_read(struct raw_dev *dev, unsigned long value)
693 struct usb_raw_ep_io io;
696 data = raw_alloc_io_data(&io, (void __user *)value, false);
698 return PTR_ERR(data);
699 ret = raw_process_ep0_io(dev, &io, data, false);
703 length = min(io.length, (unsigned int)ret);
704 if (copy_to_user((void __user *)(value + sizeof(io)), data, length))
713 static int raw_ioctl_ep0_stall(struct raw_dev *dev, unsigned long value)
720 spin_lock_irqsave(&dev->lock, flags);
721 if (dev->state != STATE_DEV_RUNNING) {
722 dev_dbg(dev->dev, "fail, device is not running\n");
727 dev_dbg(dev->dev, "fail, gadget is not bound\n");
731 if (dev->ep0_urb_queued) {
732 dev_dbg(&dev->gadget->dev, "fail, urb already queued\n");
736 if (!dev->ep0_in_pending && !dev->ep0_out_pending) {
737 dev_dbg(&dev->gadget->dev, "fail, no request pending\n");
742 ret = usb_ep_set_halt(dev->gadget->ep0);
744 dev_err(&dev->gadget->dev,
745 "fail, usb_ep_set_halt returned %d\n", ret);
747 if (dev->ep0_in_pending)
748 dev->ep0_in_pending = false;
750 dev->ep0_out_pending = false;
753 spin_unlock_irqrestore(&dev->lock, flags);
757 static int raw_ioctl_ep_enable(struct raw_dev *dev, unsigned long value)
761 struct usb_endpoint_descriptor *desc;
763 bool ep_props_matched = false;
765 desc = memdup_user((void __user *)value, sizeof(*desc));
767 return PTR_ERR(desc);
770 * Endpoints with a maxpacket length of 0 can cause crashes in UDC
773 if (usb_endpoint_maxp(desc) == 0) {
774 dev_dbg(dev->dev, "fail, bad endpoint maxpacket\n");
779 spin_lock_irqsave(&dev->lock, flags);
780 if (dev->state != STATE_DEV_RUNNING) {
781 dev_dbg(dev->dev, "fail, device is not running\n");
786 dev_dbg(dev->dev, "fail, gadget is not bound\n");
791 for (i = 0; i < dev->eps_num; i++) {
793 if (ep->addr != usb_endpoint_num(desc) &&
794 ep->addr != USB_RAW_EP_ADDR_ANY)
796 if (!usb_gadget_ep_match_desc(dev->gadget, ep->ep, desc, NULL))
798 ep_props_matched = true;
799 if (ep->state != STATE_EP_DISABLED)
802 ret = usb_ep_enable(ep->ep);
804 dev_err(&dev->gadget->dev,
805 "fail, usb_ep_enable returned %d\n", ret);
808 ep->req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC);
810 dev_err(&dev->gadget->dev,
811 "fail, usb_ep_alloc_request failed\n");
812 usb_ep_disable(ep->ep);
816 ep->state = STATE_EP_ENABLED;
817 ep->ep->driver_data = ep;
822 if (!ep_props_matched) {
823 dev_dbg(&dev->gadget->dev, "fail, bad endpoint descriptor\n");
826 dev_dbg(&dev->gadget->dev, "fail, no endpoints available\n");
833 spin_unlock_irqrestore(&dev->lock, flags);
837 static int raw_ioctl_ep_disable(struct raw_dev *dev, unsigned long value)
839 int ret = 0, i = value;
842 spin_lock_irqsave(&dev->lock, flags);
843 if (dev->state != STATE_DEV_RUNNING) {
844 dev_dbg(dev->dev, "fail, device is not running\n");
849 dev_dbg(dev->dev, "fail, gadget is not bound\n");
853 if (i < 0 || i >= dev->eps_num) {
854 dev_dbg(dev->dev, "fail, invalid endpoint\n");
858 if (dev->eps[i].state == STATE_EP_DISABLED) {
859 dev_dbg(&dev->gadget->dev, "fail, endpoint is not enabled\n");
863 if (dev->eps[i].disabling) {
864 dev_dbg(&dev->gadget->dev,
865 "fail, disable already in progress\n");
869 if (dev->eps[i].urb_queued) {
870 dev_dbg(&dev->gadget->dev,
871 "fail, waiting for urb completion\n");
875 dev->eps[i].disabling = true;
876 spin_unlock_irqrestore(&dev->lock, flags);
878 usb_ep_disable(dev->eps[i].ep);
880 spin_lock_irqsave(&dev->lock, flags);
881 usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req);
882 kfree(dev->eps[i].ep->desc);
883 dev->eps[i].state = STATE_EP_DISABLED;
884 dev->eps[i].disabling = false;
887 spin_unlock_irqrestore(&dev->lock, flags);
891 static int raw_ioctl_ep_set_clear_halt_wedge(struct raw_dev *dev,
892 unsigned long value, bool set, bool halt)
894 int ret = 0, i = value;
897 spin_lock_irqsave(&dev->lock, flags);
898 if (dev->state != STATE_DEV_RUNNING) {
899 dev_dbg(dev->dev, "fail, device is not running\n");
904 dev_dbg(dev->dev, "fail, gadget is not bound\n");
908 if (i < 0 || i >= dev->eps_num) {
909 dev_dbg(dev->dev, "fail, invalid endpoint\n");
913 if (dev->eps[i].state == STATE_EP_DISABLED) {
914 dev_dbg(&dev->gadget->dev, "fail, endpoint is not enabled\n");
918 if (dev->eps[i].disabling) {
919 dev_dbg(&dev->gadget->dev,
920 "fail, disable is in progress\n");
924 if (dev->eps[i].urb_queued) {
925 dev_dbg(&dev->gadget->dev,
926 "fail, waiting for urb completion\n");
930 if (usb_endpoint_xfer_isoc(dev->eps[i].ep->desc)) {
931 dev_dbg(&dev->gadget->dev,
932 "fail, can't halt/wedge ISO endpoint\n");
938 ret = usb_ep_set_halt(dev->eps[i].ep);
940 dev_err(&dev->gadget->dev,
941 "fail, usb_ep_set_halt returned %d\n", ret);
942 } else if (!set && halt) {
943 ret = usb_ep_clear_halt(dev->eps[i].ep);
945 dev_err(&dev->gadget->dev,
946 "fail, usb_ep_clear_halt returned %d\n", ret);
947 } else if (set && !halt) {
948 ret = usb_ep_set_wedge(dev->eps[i].ep);
950 dev_err(&dev->gadget->dev,
951 "fail, usb_ep_set_wedge returned %d\n", ret);
955 spin_unlock_irqrestore(&dev->lock, flags);
959 static void gadget_ep_complete(struct usb_ep *ep, struct usb_request *req)
961 struct raw_ep *r_ep = (struct raw_ep *)ep->driver_data;
962 struct raw_dev *dev = r_ep->dev;
965 spin_lock_irqsave(&dev->lock, flags);
967 r_ep->status = req->status;
969 r_ep->status = req->actual;
970 spin_unlock_irqrestore(&dev->lock, flags);
972 complete((struct completion *)req->context);
975 static int raw_process_ep_io(struct raw_dev *dev, struct usb_raw_ep_io *io,
981 DECLARE_COMPLETION_ONSTACK(done);
983 spin_lock_irqsave(&dev->lock, flags);
984 if (dev->state != STATE_DEV_RUNNING) {
985 dev_dbg(dev->dev, "fail, device is not running\n");
990 dev_dbg(dev->dev, "fail, gadget is not bound\n");
994 if (io->ep >= dev->eps_num) {
995 dev_dbg(&dev->gadget->dev, "fail, invalid endpoint\n");
999 ep = &dev->eps[io->ep];
1000 if (ep->state != STATE_EP_ENABLED) {
1001 dev_dbg(&dev->gadget->dev, "fail, endpoint is not enabled\n");
1005 if (ep->disabling) {
1006 dev_dbg(&dev->gadget->dev,
1007 "fail, endpoint is already being disabled\n");
1011 if (ep->urb_queued) {
1012 dev_dbg(&dev->gadget->dev, "fail, urb already queued\n");
1016 if (in != usb_endpoint_dir_in(ep->ep->desc)) {
1017 dev_dbg(&dev->gadget->dev, "fail, wrong direction\n");
1023 ep->req->context = &done;
1024 ep->req->complete = gadget_ep_complete;
1025 ep->req->buf = data;
1026 ep->req->length = io->length;
1027 ep->req->zero = usb_raw_io_flags_zero(io->flags);
1028 ep->urb_queued = true;
1029 spin_unlock_irqrestore(&dev->lock, flags);
1031 ret = usb_ep_queue(ep->ep, ep->req, GFP_KERNEL);
1033 dev_err(&dev->gadget->dev,
1034 "fail, usb_ep_queue returned %d\n", ret);
1035 spin_lock_irqsave(&dev->lock, flags);
1036 dev->state = STATE_DEV_FAILED;
1040 ret = wait_for_completion_interruptible(&done);
1042 dev_dbg(&dev->gadget->dev, "wait interrupted\n");
1043 usb_ep_dequeue(ep->ep, ep->req);
1044 wait_for_completion(&done);
1045 spin_lock_irqsave(&dev->lock, flags);
1049 spin_lock_irqsave(&dev->lock, flags);
1053 ep->urb_queued = false;
1055 spin_unlock_irqrestore(&dev->lock, flags);
1059 static int raw_ioctl_ep_write(struct raw_dev *dev, unsigned long value)
1063 struct usb_raw_ep_io io;
1065 data = raw_alloc_io_data(&io, (void __user *)value, true);
1067 return PTR_ERR(data);
1068 ret = raw_process_ep_io(dev, &io, data, true);
1073 static int raw_ioctl_ep_read(struct raw_dev *dev, unsigned long value)
1077 struct usb_raw_ep_io io;
1078 unsigned int length;
1080 data = raw_alloc_io_data(&io, (void __user *)value, false);
1082 return PTR_ERR(data);
1083 ret = raw_process_ep_io(dev, &io, data, false);
1087 length = min(io.length, (unsigned int)ret);
1088 if (copy_to_user((void __user *)(value + sizeof(io)), data, length))
1097 static int raw_ioctl_configure(struct raw_dev *dev, unsigned long value)
1100 unsigned long flags;
1104 spin_lock_irqsave(&dev->lock, flags);
1105 if (dev->state != STATE_DEV_RUNNING) {
1106 dev_dbg(dev->dev, "fail, device is not running\n");
1111 dev_dbg(dev->dev, "fail, gadget is not bound\n");
1115 usb_gadget_set_state(dev->gadget, USB_STATE_CONFIGURED);
1118 spin_unlock_irqrestore(&dev->lock, flags);
1122 static int raw_ioctl_vbus_draw(struct raw_dev *dev, unsigned long value)
1125 unsigned long flags;
1127 spin_lock_irqsave(&dev->lock, flags);
1128 if (dev->state != STATE_DEV_RUNNING) {
1129 dev_dbg(dev->dev, "fail, device is not running\n");
1134 dev_dbg(dev->dev, "fail, gadget is not bound\n");
1138 usb_gadget_vbus_draw(dev->gadget, 2 * value);
1141 spin_unlock_irqrestore(&dev->lock, flags);
1145 static void fill_ep_caps(struct usb_ep_caps *caps,
1146 struct usb_raw_ep_caps *raw_caps)
1148 raw_caps->type_control = caps->type_control;
1149 raw_caps->type_iso = caps->type_iso;
1150 raw_caps->type_bulk = caps->type_bulk;
1151 raw_caps->type_int = caps->type_int;
1152 raw_caps->dir_in = caps->dir_in;
1153 raw_caps->dir_out = caps->dir_out;
1156 static void fill_ep_limits(struct usb_ep *ep, struct usb_raw_ep_limits *limits)
1158 limits->maxpacket_limit = ep->maxpacket_limit;
1159 limits->max_streams = ep->max_streams;
1162 static int raw_ioctl_eps_info(struct raw_dev *dev, unsigned long value)
1165 unsigned long flags;
1166 struct usb_raw_eps_info *info;
1169 info = kzalloc(sizeof(*info), GFP_KERNEL);
1175 spin_lock_irqsave(&dev->lock, flags);
1176 if (dev->state != STATE_DEV_RUNNING) {
1177 dev_dbg(dev->dev, "fail, device is not running\n");
1179 spin_unlock_irqrestore(&dev->lock, flags);
1183 dev_dbg(dev->dev, "fail, gadget is not bound\n");
1185 spin_unlock_irqrestore(&dev->lock, flags);
1189 for (i = 0; i < dev->eps_num; i++) {
1191 strscpy(&info->eps[i].name[0], ep->ep->name,
1192 USB_RAW_EP_NAME_MAX);
1193 info->eps[i].addr = ep->addr;
1194 fill_ep_caps(&ep->ep->caps, &info->eps[i].caps);
1195 fill_ep_limits(ep->ep, &info->eps[i].limits);
1198 spin_unlock_irqrestore(&dev->lock, flags);
1200 if (copy_to_user((void __user *)value, info, sizeof(*info)))
1209 static long raw_ioctl(struct file *fd, unsigned int cmd, unsigned long value)
1211 struct raw_dev *dev = fd->private_data;
1218 case USB_RAW_IOCTL_INIT:
1219 ret = raw_ioctl_init(dev, value);
1221 case USB_RAW_IOCTL_RUN:
1222 ret = raw_ioctl_run(dev, value);
1224 case USB_RAW_IOCTL_EVENT_FETCH:
1225 ret = raw_ioctl_event_fetch(dev, value);
1227 case USB_RAW_IOCTL_EP0_WRITE:
1228 ret = raw_ioctl_ep0_write(dev, value);
1230 case USB_RAW_IOCTL_EP0_READ:
1231 ret = raw_ioctl_ep0_read(dev, value);
1233 case USB_RAW_IOCTL_EP_ENABLE:
1234 ret = raw_ioctl_ep_enable(dev, value);
1236 case USB_RAW_IOCTL_EP_DISABLE:
1237 ret = raw_ioctl_ep_disable(dev, value);
1239 case USB_RAW_IOCTL_EP_WRITE:
1240 ret = raw_ioctl_ep_write(dev, value);
1242 case USB_RAW_IOCTL_EP_READ:
1243 ret = raw_ioctl_ep_read(dev, value);
1245 case USB_RAW_IOCTL_CONFIGURE:
1246 ret = raw_ioctl_configure(dev, value);
1248 case USB_RAW_IOCTL_VBUS_DRAW:
1249 ret = raw_ioctl_vbus_draw(dev, value);
1251 case USB_RAW_IOCTL_EPS_INFO:
1252 ret = raw_ioctl_eps_info(dev, value);
1254 case USB_RAW_IOCTL_EP0_STALL:
1255 ret = raw_ioctl_ep0_stall(dev, value);
1257 case USB_RAW_IOCTL_EP_SET_HALT:
1258 ret = raw_ioctl_ep_set_clear_halt_wedge(
1259 dev, value, true, true);
1261 case USB_RAW_IOCTL_EP_CLEAR_HALT:
1262 ret = raw_ioctl_ep_set_clear_halt_wedge(
1263 dev, value, false, true);
1265 case USB_RAW_IOCTL_EP_SET_WEDGE:
1266 ret = raw_ioctl_ep_set_clear_halt_wedge(
1267 dev, value, true, false);
1276 /*----------------------------------------------------------------------*/
1278 static const struct file_operations raw_fops = {
1280 .unlocked_ioctl = raw_ioctl,
1281 .compat_ioctl = raw_ioctl,
1282 .release = raw_release,
1283 .llseek = no_llseek,
1286 static struct miscdevice raw_misc_device = {
1287 .minor = MISC_DYNAMIC_MINOR,
1288 .name = DRIVER_NAME,
1292 module_misc_device(raw_misc_device);
projects / linux-2.6-microblaze.git / blob