drivers/usb/gadget/inode.c at v3.1 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / drivers / usb / gadget / inode.c
at v3.1 2151 lines 54 kB view raw
   1/*
   2 * inode.c -- user mode filesystem api for usb gadget controllers
   3 *
   4 * Copyright (C) 2003-2004 David Brownell
   5 * Copyright (C) 2003 Agilent Technologies
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 2 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * This program is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  20 */
  21
  22
  23/* #define VERBOSE_DEBUG */
  24
  25#include <linux/init.h>
  26#include <linux/module.h>
  27#include <linux/fs.h>
  28#include <linux/pagemap.h>
  29#include <linux/uts.h>
  30#include <linux/wait.h>
  31#include <linux/compiler.h>
  32#include <asm/uaccess.h>
  33#include <linux/sched.h>
  34#include <linux/slab.h>
  35#include <linux/poll.h>
  36
  37#include <linux/device.h>
  38#include <linux/moduleparam.h>
  39
  40#include <linux/usb/gadgetfs.h>
  41#include <linux/usb/gadget.h>
  42
  43
  44/*
  45 * The gadgetfs API maps each endpoint to a file descriptor so that you
  46 * can use standard synchronous read/write calls for I/O.  There's some
  47 * O_NONBLOCK and O_ASYNC/FASYNC style i/o support.  Example usermode
  48 * drivers show how this works in practice.  You can also use AIO to
  49 * eliminate I/O gaps between requests, to help when streaming data.
  50 *
  51 * Key parts that must be USB-specific are protocols defining how the
  52 * read/write operations relate to the hardware state machines.  There
  53 * are two types of files.  One type is for the device, implementing ep0.
  54 * The other type is for each IN or OUT endpoint.  In both cases, the
  55 * user mode driver must configure the hardware before using it.
  56 *
  57 * - First, dev_config() is called when /dev/gadget/$CHIP is configured
  58 *   (by writing configuration and device descriptors).  Afterwards it
  59 *   may serve as a source of device events, used to handle all control
  60 *   requests other than basic enumeration.
  61 *
  62 * - Then, after a SET_CONFIGURATION control request, ep_config() is
  63 *   called when each /dev/gadget/ep* file is configured (by writing
  64 *   endpoint descriptors).  Afterwards these files are used to write()
  65 *   IN data or to read() OUT data.  To halt the endpoint, a "wrong
  66 *   direction" request is issued (like reading an IN endpoint).
  67 *
  68 * Unlike "usbfs" the only ioctl()s are for things that are rare, and maybe
  69 * not possible on all hardware.  For example, precise fault handling with
  70 * respect to data left in endpoint fifos after aborted operations; or
  71 * selective clearing of endpoint halts, to implement SET_INTERFACE.
  72 */
  73
  74#define	DRIVER_DESC	"USB Gadget filesystem"
  75#define	DRIVER_VERSION	"24 Aug 2004"
  76
  77static const char driver_desc [] = DRIVER_DESC;
  78static const char shortname [] = "gadgetfs";
  79
  80MODULE_DESCRIPTION (DRIVER_DESC);
  81MODULE_AUTHOR ("David Brownell");
  82MODULE_LICENSE ("GPL");
  83
  84
  85/*----------------------------------------------------------------------*/
  86
  87#define GADGETFS_MAGIC		0xaee71ee7
  88#define DMA_ADDR_INVALID	(~(dma_addr_t)0)
  89
  90/* /dev/gadget/$CHIP represents ep0 and the whole device */
  91enum ep0_state {
  92	/* DISBLED is the initial state.
  93	 */
  94	STATE_DEV_DISABLED = 0,
  95
  96	/* Only one open() of /dev/gadget/$CHIP; only one file tracks
  97	 * ep0/device i/o modes and binding to the controller.  Driver
  98	 * must always write descriptors to initialize the device, then
  99	 * the device becomes UNCONNECTED until enumeration.
 100	 */
 101	STATE_DEV_OPENED,
 102
 103	/* From then on, ep0 fd is in either of two basic modes:
 104	 * - (UN)CONNECTED: read usb_gadgetfs_event(s) from it
 105	 * - SETUP: read/write will transfer control data and succeed;
 106	 *   or if "wrong direction", performs protocol stall
 107	 */
 108	STATE_DEV_UNCONNECTED,
 109	STATE_DEV_CONNECTED,
 110	STATE_DEV_SETUP,
 111
 112	/* UNBOUND means the driver closed ep0, so the device won't be
 113	 * accessible again (DEV_DISABLED) until all fds are closed.
 114	 */
 115	STATE_DEV_UNBOUND,
 116};
 117
 118/* enough for the whole queue: most events invalidate others */
 119#define	N_EVENT			5
 120
 121struct dev_data {
 122	spinlock_t			lock;
 123	atomic_t			count;
 124	enum ep0_state			state;		/* P: lock */
 125	struct usb_gadgetfs_event	event [N_EVENT];
 126	unsigned			ev_next;
 127	struct fasync_struct		*fasync;
 128	u8				current_config;
 129
 130	/* drivers reading ep0 MUST handle control requests (SETUP)
 131	 * reported that way; else the host will time out.
 132	 */
 133	unsigned			usermode_setup : 1,
 134					setup_in : 1,
 135					setup_can_stall : 1,
 136					setup_out_ready : 1,
 137					setup_out_error : 1,
 138					setup_abort : 1;
 139	unsigned			setup_wLength;
 140
 141	/* the rest is basically write-once */
 142	struct usb_config_descriptor	*config, *hs_config;
 143	struct usb_device_descriptor	*dev;
 144	struct usb_request		*req;
 145	struct usb_gadget		*gadget;
 146	struct list_head		epfiles;
 147	void				*buf;
 148	wait_queue_head_t		wait;
 149	struct super_block		*sb;
 150	struct dentry			*dentry;
 151
 152	/* except this scratch i/o buffer for ep0 */
 153	u8				rbuf [256];
 154};
 155
 156static inline void get_dev (struct dev_data *data)
 157{
 158	atomic_inc (&data->count);
 159}
 160
 161static void put_dev (struct dev_data *data)
 162{
 163	if (likely (!atomic_dec_and_test (&data->count)))
 164		return;
 165	/* needs no more cleanup */
 166	BUG_ON (waitqueue_active (&data->wait));
 167	kfree (data);
 168}
 169
 170static struct dev_data *dev_new (void)
 171{
 172	struct dev_data		*dev;
 173
 174	dev = kzalloc(sizeof(*dev), GFP_KERNEL);
 175	if (!dev)
 176		return NULL;
 177	dev->state = STATE_DEV_DISABLED;
 178	atomic_set (&dev->count, 1);
 179	spin_lock_init (&dev->lock);
 180	INIT_LIST_HEAD (&dev->epfiles);
 181	init_waitqueue_head (&dev->wait);
 182	return dev;
 183}
 184
 185/*----------------------------------------------------------------------*/
 186
 187/* other /dev/gadget/$ENDPOINT files represent endpoints */
 188enum ep_state {
 189	STATE_EP_DISABLED = 0,
 190	STATE_EP_READY,
 191	STATE_EP_ENABLED,
 192	STATE_EP_UNBOUND,
 193};
 194
 195struct ep_data {
 196	struct mutex			lock;
 197	enum ep_state			state;
 198	atomic_t			count;
 199	struct dev_data			*dev;
 200	/* must hold dev->lock before accessing ep or req */
 201	struct usb_ep			*ep;
 202	struct usb_request		*req;
 203	ssize_t				status;
 204	char				name [16];
 205	struct usb_endpoint_descriptor	desc, hs_desc;
 206	struct list_head		epfiles;
 207	wait_queue_head_t		wait;
 208	struct dentry			*dentry;
 209	struct inode			*inode;
 210};
 211
 212static inline void get_ep (struct ep_data *data)
 213{
 214	atomic_inc (&data->count);
 215}
 216
 217static void put_ep (struct ep_data *data)
 218{
 219	if (likely (!atomic_dec_and_test (&data->count)))
 220		return;
 221	put_dev (data->dev);
 222	/* needs no more cleanup */
 223	BUG_ON (!list_empty (&data->epfiles));
 224	BUG_ON (waitqueue_active (&data->wait));
 225	kfree (data);
 226}
 227
 228/*----------------------------------------------------------------------*/
 229
 230/* most "how to use the hardware" policy choices are in userspace:
 231 * mapping endpoint roles (which the driver needs) to the capabilities
 232 * which the usb controller has.  most of those capabilities are exposed
 233 * implicitly, starting with the driver name and then endpoint names.
 234 */
 235
 236static const char *CHIP;
 237
 238/*----------------------------------------------------------------------*/
 239
 240/* NOTE:  don't use dev_printk calls before binding to the gadget
 241 * at the end of ep0 configuration, or after unbind.
 242 */
 243
 244/* too wordy: dev_printk(level , &(d)->gadget->dev , fmt , ## args) */
 245#define xprintk(d,level,fmt,args...) \
 246	printk(level "%s: " fmt , shortname , ## args)
 247
 248#ifdef DEBUG
 249#define DBG(dev,fmt,args...) \
 250	xprintk(dev , KERN_DEBUG , fmt , ## args)
 251#else
 252#define DBG(dev,fmt,args...) \
 253	do { } while (0)
 254#endif /* DEBUG */
 255
 256#ifdef VERBOSE_DEBUG
 257#define VDEBUG	DBG
 258#else
 259#define VDEBUG(dev,fmt,args...) \
 260	do { } while (0)
 261#endif /* DEBUG */
 262
 263#define ERROR(dev,fmt,args...) \
 264	xprintk(dev , KERN_ERR , fmt , ## args)
 265#define INFO(dev,fmt,args...) \
 266	xprintk(dev , KERN_INFO , fmt , ## args)
 267
 268
 269/*----------------------------------------------------------------------*/
 270
 271/* SYNCHRONOUS ENDPOINT OPERATIONS (bulk/intr/iso)
 272 *
 273 * After opening, configure non-control endpoints.  Then use normal
 274 * stream read() and write() requests; and maybe ioctl() to get more
 275 * precise FIFO status when recovering from cancellation.
 276 */
 277
 278static void epio_complete (struct usb_ep *ep, struct usb_request *req)
 279{
 280	struct ep_data	*epdata = ep->driver_data;
 281
 282	if (!req->context)
 283		return;
 284	if (req->status)
 285		epdata->status = req->status;
 286	else
 287		epdata->status = req->actual;
 288	complete ((struct completion *)req->context);
 289}
 290
 291/* tasklock endpoint, returning when it's connected.
 292 * still need dev->lock to use epdata->ep.
 293 */
 294static int
 295get_ready_ep (unsigned f_flags, struct ep_data *epdata)
 296{
 297	int	val;
 298
 299	if (f_flags & O_NONBLOCK) {
 300		if (!mutex_trylock(&epdata->lock))
 301			goto nonblock;
 302		if (epdata->state != STATE_EP_ENABLED) {
 303			mutex_unlock(&epdata->lock);
 304nonblock:
 305			val = -EAGAIN;
 306		} else
 307			val = 0;
 308		return val;
 309	}
 310
 311	val = mutex_lock_interruptible(&epdata->lock);
 312	if (val < 0)
 313		return val;
 314
 315	switch (epdata->state) {
 316	case STATE_EP_ENABLED:
 317		break;
 318	// case STATE_EP_DISABLED:		/* "can't happen" */
 319	// case STATE_EP_READY:			/* "can't happen" */
 320	default:				/* error! */
 321		pr_debug ("%s: ep %p not available, state %d\n",
 322				shortname, epdata, epdata->state);
 323		// FALLTHROUGH
 324	case STATE_EP_UNBOUND:			/* clean disconnect */
 325		val = -ENODEV;
 326		mutex_unlock(&epdata->lock);
 327	}
 328	return val;
 329}
 330
 331static ssize_t
 332ep_io (struct ep_data *epdata, void *buf, unsigned len)
 333{
 334	DECLARE_COMPLETION_ONSTACK (done);
 335	int value;
 336
 337	spin_lock_irq (&epdata->dev->lock);
 338	if (likely (epdata->ep != NULL)) {
 339		struct usb_request	*req = epdata->req;
 340
 341		req->context = &done;
 342		req->complete = epio_complete;
 343		req->buf = buf;
 344		req->length = len;
 345		value = usb_ep_queue (epdata->ep, req, GFP_ATOMIC);
 346	} else
 347		value = -ENODEV;
 348	spin_unlock_irq (&epdata->dev->lock);
 349
 350	if (likely (value == 0)) {
 351		value = wait_event_interruptible (done.wait, done.done);
 352		if (value != 0) {
 353			spin_lock_irq (&epdata->dev->lock);
 354			if (likely (epdata->ep != NULL)) {
 355				DBG (epdata->dev, "%s i/o interrupted\n",
 356						epdata->name);
 357				usb_ep_dequeue (epdata->ep, epdata->req);
 358				spin_unlock_irq (&epdata->dev->lock);
 359
 360				wait_event (done.wait, done.done);
 361				if (epdata->status == -ECONNRESET)
 362					epdata->status = -EINTR;
 363			} else {
 364				spin_unlock_irq (&epdata->dev->lock);
 365
 366				DBG (epdata->dev, "endpoint gone\n");
 367				epdata->status = -ENODEV;
 368			}
 369		}
 370		return epdata->status;
 371	}
 372	return value;
 373}
 374
 375
 376/* handle a synchronous OUT bulk/intr/iso transfer */
 377static ssize_t
 378ep_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
 379{
 380	struct ep_data		*data = fd->private_data;
 381	void			*kbuf;
 382	ssize_t			value;
 383
 384	if ((value = get_ready_ep (fd->f_flags, data)) < 0)
 385		return value;
 386
 387	/* halt any endpoint by doing a "wrong direction" i/o call */
 388	if (usb_endpoint_dir_in(&data->desc)) {
 389		if (usb_endpoint_xfer_isoc(&data->desc)) {
 390			mutex_unlock(&data->lock);
 391			return -EINVAL;
 392		}
 393		DBG (data->dev, "%s halt\n", data->name);
 394		spin_lock_irq (&data->dev->lock);
 395		if (likely (data->ep != NULL))
 396			usb_ep_set_halt (data->ep);
 397		spin_unlock_irq (&data->dev->lock);
 398		mutex_unlock(&data->lock);
 399		return -EBADMSG;
 400	}
 401
 402	/* FIXME readahead for O_NONBLOCK and poll(); careful with ZLPs */
 403
 404	value = -ENOMEM;
 405	kbuf = kmalloc (len, GFP_KERNEL);
 406	if (unlikely (!kbuf))
 407		goto free1;
 408
 409	value = ep_io (data, kbuf, len);
 410	VDEBUG (data->dev, "%s read %zu OUT, status %d\n",
 411		data->name, len, (int) value);
 412	if (value >= 0 && copy_to_user (buf, kbuf, value))
 413		value = -EFAULT;
 414
 415free1:
 416	mutex_unlock(&data->lock);
 417	kfree (kbuf);
 418	return value;
 419}
 420
 421/* handle a synchronous IN bulk/intr/iso transfer */
 422static ssize_t
 423ep_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
 424{
 425	struct ep_data		*data = fd->private_data;
 426	void			*kbuf;
 427	ssize_t			value;
 428
 429	if ((value = get_ready_ep (fd->f_flags, data)) < 0)
 430		return value;
 431
 432	/* halt any endpoint by doing a "wrong direction" i/o call */
 433	if (!usb_endpoint_dir_in(&data->desc)) {
 434		if (usb_endpoint_xfer_isoc(&data->desc)) {
 435			mutex_unlock(&data->lock);
 436			return -EINVAL;
 437		}
 438		DBG (data->dev, "%s halt\n", data->name);
 439		spin_lock_irq (&data->dev->lock);
 440		if (likely (data->ep != NULL))
 441			usb_ep_set_halt (data->ep);
 442		spin_unlock_irq (&data->dev->lock);
 443		mutex_unlock(&data->lock);
 444		return -EBADMSG;
 445	}
 446
 447	/* FIXME writebehind for O_NONBLOCK and poll(), qlen = 1 */
 448
 449	value = -ENOMEM;
 450	kbuf = kmalloc (len, GFP_KERNEL);
 451	if (!kbuf)
 452		goto free1;
 453	if (copy_from_user (kbuf, buf, len)) {
 454		value = -EFAULT;
 455		goto free1;
 456	}
 457
 458	value = ep_io (data, kbuf, len);
 459	VDEBUG (data->dev, "%s write %zu IN, status %d\n",
 460		data->name, len, (int) value);
 461free1:
 462	mutex_unlock(&data->lock);
 463	kfree (kbuf);
 464	return value;
 465}
 466
 467static int
 468ep_release (struct inode *inode, struct file *fd)
 469{
 470	struct ep_data		*data = fd->private_data;
 471	int value;
 472
 473	value = mutex_lock_interruptible(&data->lock);
 474	if (value < 0)
 475		return value;
 476
 477	/* clean up if this can be reopened */
 478	if (data->state != STATE_EP_UNBOUND) {
 479		data->state = STATE_EP_DISABLED;
 480		data->desc.bDescriptorType = 0;
 481		data->hs_desc.bDescriptorType = 0;
 482		usb_ep_disable(data->ep);
 483	}
 484	mutex_unlock(&data->lock);
 485	put_ep (data);
 486	return 0;
 487}
 488
 489static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
 490{
 491	struct ep_data		*data = fd->private_data;
 492	int			status;
 493
 494	if ((status = get_ready_ep (fd->f_flags, data)) < 0)
 495		return status;
 496
 497	spin_lock_irq (&data->dev->lock);
 498	if (likely (data->ep != NULL)) {
 499		switch (code) {
 500		case GADGETFS_FIFO_STATUS:
 501			status = usb_ep_fifo_status (data->ep);
 502			break;
 503		case GADGETFS_FIFO_FLUSH:
 504			usb_ep_fifo_flush (data->ep);
 505			break;
 506		case GADGETFS_CLEAR_HALT:
 507			status = usb_ep_clear_halt (data->ep);
 508			break;
 509		default:
 510			status = -ENOTTY;
 511		}
 512	} else
 513		status = -ENODEV;
 514	spin_unlock_irq (&data->dev->lock);
 515	mutex_unlock(&data->lock);
 516	return status;
 517}
 518
 519/*----------------------------------------------------------------------*/
 520
 521/* ASYNCHRONOUS ENDPOINT I/O OPERATIONS (bulk/intr/iso) */
 522
 523struct kiocb_priv {
 524	struct usb_request	*req;
 525	struct ep_data		*epdata;
 526	void			*buf;
 527	const struct iovec	*iv;
 528	unsigned long		nr_segs;
 529	unsigned		actual;
 530};
 531
 532static int ep_aio_cancel(struct kiocb *iocb, struct io_event *e)
 533{
 534	struct kiocb_priv	*priv = iocb->private;
 535	struct ep_data		*epdata;
 536	int			value;
 537
 538	local_irq_disable();
 539	epdata = priv->epdata;
 540	// spin_lock(&epdata->dev->lock);
 541	kiocbSetCancelled(iocb);
 542	if (likely(epdata && epdata->ep && priv->req))
 543		value = usb_ep_dequeue (epdata->ep, priv->req);
 544	else
 545		value = -EINVAL;
 546	// spin_unlock(&epdata->dev->lock);
 547	local_irq_enable();
 548
 549	aio_put_req(iocb);
 550	return value;
 551}
 552
 553static ssize_t ep_aio_read_retry(struct kiocb *iocb)
 554{
 555	struct kiocb_priv	*priv = iocb->private;
 556	ssize_t			len, total;
 557	void			*to_copy;
 558	int			i;
 559
 560	/* we "retry" to get the right mm context for this: */
 561
 562	/* copy stuff into user buffers */
 563	total = priv->actual;
 564	len = 0;
 565	to_copy = priv->buf;
 566	for (i=0; i < priv->nr_segs; i++) {
 567		ssize_t this = min((ssize_t)(priv->iv[i].iov_len), total);
 568
 569		if (copy_to_user(priv->iv[i].iov_base, to_copy, this)) {
 570			if (len == 0)
 571				len = -EFAULT;
 572			break;
 573		}
 574
 575		total -= this;
 576		len += this;
 577		to_copy += this;
 578		if (total == 0)
 579			break;
 580	}
 581	kfree(priv->buf);
 582	kfree(priv);
 583	return len;
 584}
 585
 586static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
 587{
 588	struct kiocb		*iocb = req->context;
 589	struct kiocb_priv	*priv = iocb->private;
 590	struct ep_data		*epdata = priv->epdata;
 591
 592	/* lock against disconnect (and ideally, cancel) */
 593	spin_lock(&epdata->dev->lock);
 594	priv->req = NULL;
 595	priv->epdata = NULL;
 596
 597	/* if this was a write or a read returning no data then we
 598	 * don't need to copy anything to userspace, so we can
 599	 * complete the aio request immediately.
 600	 */
 601	if (priv->iv == NULL || unlikely(req->actual == 0)) {
 602		kfree(req->buf);
 603		kfree(priv);
 604		iocb->private = NULL;
 605		/* aio_complete() reports bytes-transferred _and_ faults */
 606		aio_complete(iocb, req->actual ? req->actual : req->status,
 607				req->status);
 608	} else {
 609		/* retry() won't report both; so we hide some faults */
 610		if (unlikely(0 != req->status))
 611			DBG(epdata->dev, "%s fault %d len %d\n",
 612				ep->name, req->status, req->actual);
 613
 614		priv->buf = req->buf;
 615		priv->actual = req->actual;
 616		kick_iocb(iocb);
 617	}
 618	spin_unlock(&epdata->dev->lock);
 619
 620	usb_ep_free_request(ep, req);
 621	put_ep(epdata);
 622}
 623
 624static ssize_t
 625ep_aio_rwtail(
 626	struct kiocb	*iocb,
 627	char		*buf,
 628	size_t		len,
 629	struct ep_data	*epdata,
 630	const struct iovec *iv,
 631	unsigned long	nr_segs
 632)
 633{
 634	struct kiocb_priv	*priv;
 635	struct usb_request	*req;
 636	ssize_t			value;
 637
 638	priv = kmalloc(sizeof *priv, GFP_KERNEL);
 639	if (!priv) {
 640		value = -ENOMEM;
 641fail:
 642		kfree(buf);
 643		return value;
 644	}
 645	iocb->private = priv;
 646	priv->iv = iv;
 647	priv->nr_segs = nr_segs;
 648
 649	value = get_ready_ep(iocb->ki_filp->f_flags, epdata);
 650	if (unlikely(value < 0)) {
 651		kfree(priv);
 652		goto fail;
 653	}
 654
 655	iocb->ki_cancel = ep_aio_cancel;
 656	get_ep(epdata);
 657	priv->epdata = epdata;
 658	priv->actual = 0;
 659
 660	/* each kiocb is coupled to one usb_request, but we can't
 661	 * allocate or submit those if the host disconnected.
 662	 */
 663	spin_lock_irq(&epdata->dev->lock);
 664	if (likely(epdata->ep)) {
 665		req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
 666		if (likely(req)) {
 667			priv->req = req;
 668			req->buf = buf;
 669			req->length = len;
 670			req->complete = ep_aio_complete;
 671			req->context = iocb;
 672			value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
 673			if (unlikely(0 != value))
 674				usb_ep_free_request(epdata->ep, req);
 675		} else
 676			value = -EAGAIN;
 677	} else
 678		value = -ENODEV;
 679	spin_unlock_irq(&epdata->dev->lock);
 680
 681	mutex_unlock(&epdata->lock);
 682
 683	if (unlikely(value)) {
 684		kfree(priv);
 685		put_ep(epdata);
 686	} else
 687		value = (iv ? -EIOCBRETRY : -EIOCBQUEUED);
 688	return value;
 689}
 690
 691static ssize_t
 692ep_aio_read(struct kiocb *iocb, const struct iovec *iov,
 693		unsigned long nr_segs, loff_t o)
 694{
 695	struct ep_data		*epdata = iocb->ki_filp->private_data;
 696	char			*buf;
 697
 698	if (unlikely(usb_endpoint_dir_in(&epdata->desc)))
 699		return -EINVAL;
 700
 701	buf = kmalloc(iocb->ki_left, GFP_KERNEL);
 702	if (unlikely(!buf))
 703		return -ENOMEM;
 704
 705	iocb->ki_retry = ep_aio_read_retry;
 706	return ep_aio_rwtail(iocb, buf, iocb->ki_left, epdata, iov, nr_segs);
 707}
 708
 709static ssize_t
 710ep_aio_write(struct kiocb *iocb, const struct iovec *iov,
 711		unsigned long nr_segs, loff_t o)
 712{
 713	struct ep_data		*epdata = iocb->ki_filp->private_data;
 714	char			*buf;
 715	size_t			len = 0;
 716	int			i = 0;
 717
 718	if (unlikely(!usb_endpoint_dir_in(&epdata->desc)))
 719		return -EINVAL;
 720
 721	buf = kmalloc(iocb->ki_left, GFP_KERNEL);
 722	if (unlikely(!buf))
 723		return -ENOMEM;
 724
 725	for (i=0; i < nr_segs; i++) {
 726		if (unlikely(copy_from_user(&buf[len], iov[i].iov_base,
 727				iov[i].iov_len) != 0)) {
 728			kfree(buf);
 729			return -EFAULT;
 730		}
 731		len += iov[i].iov_len;
 732	}
 733	return ep_aio_rwtail(iocb, buf, len, epdata, NULL, 0);
 734}
 735
 736/*----------------------------------------------------------------------*/
 737
 738/* used after endpoint configuration */
 739static const struct file_operations ep_io_operations = {
 740	.owner =	THIS_MODULE,
 741	.llseek =	no_llseek,
 742
 743	.read =		ep_read,
 744	.write =	ep_write,
 745	.unlocked_ioctl = ep_ioctl,
 746	.release =	ep_release,
 747
 748	.aio_read =	ep_aio_read,
 749	.aio_write =	ep_aio_write,
 750};
 751
 752/* ENDPOINT INITIALIZATION
 753 *
 754 *     fd = open ("/dev/gadget/$ENDPOINT", O_RDWR)
 755 *     status = write (fd, descriptors, sizeof descriptors)
 756 *
 757 * That write establishes the endpoint configuration, configuring
 758 * the controller to process bulk, interrupt, or isochronous transfers
 759 * at the right maxpacket size, and so on.
 760 *
 761 * The descriptors are message type 1, identified by a host order u32
 762 * at the beginning of what's written.  Descriptor order is: full/low
 763 * speed descriptor, then optional high speed descriptor.
 764 */
 765static ssize_t
 766ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
 767{
 768	struct ep_data		*data = fd->private_data;
 769	struct usb_ep		*ep;
 770	u32			tag;
 771	int			value, length = len;
 772
 773	value = mutex_lock_interruptible(&data->lock);
 774	if (value < 0)
 775		return value;
 776
 777	if (data->state != STATE_EP_READY) {
 778		value = -EL2HLT;
 779		goto fail;
 780	}
 781
 782	value = len;
 783	if (len < USB_DT_ENDPOINT_SIZE + 4)
 784		goto fail0;
 785
 786	/* we might need to change message format someday */
 787	if (copy_from_user (&tag, buf, 4)) {
 788		goto fail1;
 789	}
 790	if (tag != 1) {
 791		DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
 792		goto fail0;
 793	}
 794	buf += 4;
 795	len -= 4;
 796
 797	/* NOTE:  audio endpoint extensions not accepted here;
 798	 * just don't include the extra bytes.
 799	 */
 800
 801	/* full/low speed descriptor, then high speed */
 802	if (copy_from_user (&data->desc, buf, USB_DT_ENDPOINT_SIZE)) {
 803		goto fail1;
 804	}
 805	if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
 806			|| data->desc.bDescriptorType != USB_DT_ENDPOINT)
 807		goto fail0;
 808	if (len != USB_DT_ENDPOINT_SIZE) {
 809		if (len != 2 * USB_DT_ENDPOINT_SIZE)
 810			goto fail0;
 811		if (copy_from_user (&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
 812					USB_DT_ENDPOINT_SIZE)) {
 813			goto fail1;
 814		}
 815		if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
 816				|| data->hs_desc.bDescriptorType
 817					!= USB_DT_ENDPOINT) {
 818			DBG(data->dev, "config %s, bad hs length or type\n",
 819					data->name);
 820			goto fail0;
 821		}
 822	}
 823
 824	spin_lock_irq (&data->dev->lock);
 825	if (data->dev->state == STATE_DEV_UNBOUND) {
 826		value = -ENOENT;
 827		goto gone;
 828	} else if ((ep = data->ep) == NULL) {
 829		value = -ENODEV;
 830		goto gone;
 831	}
 832	switch (data->dev->gadget->speed) {
 833	case USB_SPEED_LOW:
 834	case USB_SPEED_FULL:
 835		ep->desc = &data->desc;
 836		value = usb_ep_enable(ep);
 837		if (value == 0)
 838			data->state = STATE_EP_ENABLED;
 839		break;
 840#ifdef	CONFIG_USB_GADGET_DUALSPEED
 841	case USB_SPEED_HIGH:
 842		/* fails if caller didn't provide that descriptor... */
 843		ep->desc = &data->hs_desc;
 844		value = usb_ep_enable(ep);
 845		if (value == 0)
 846			data->state = STATE_EP_ENABLED;
 847		break;
 848#endif
 849	default:
 850		DBG(data->dev, "unconnected, %s init abandoned\n",
 851				data->name);
 852		value = -EINVAL;
 853	}
 854	if (value == 0) {
 855		fd->f_op = &ep_io_operations;
 856		value = length;
 857	}
 858gone:
 859	spin_unlock_irq (&data->dev->lock);
 860	if (value < 0) {
 861fail:
 862		data->desc.bDescriptorType = 0;
 863		data->hs_desc.bDescriptorType = 0;
 864	}
 865	mutex_unlock(&data->lock);
 866	return value;
 867fail0:
 868	value = -EINVAL;
 869	goto fail;
 870fail1:
 871	value = -EFAULT;
 872	goto fail;
 873}
 874
 875static int
 876ep_open (struct inode *inode, struct file *fd)
 877{
 878	struct ep_data		*data = inode->i_private;
 879	int			value = -EBUSY;
 880
 881	if (mutex_lock_interruptible(&data->lock) != 0)
 882		return -EINTR;
 883	spin_lock_irq (&data->dev->lock);
 884	if (data->dev->state == STATE_DEV_UNBOUND)
 885		value = -ENOENT;
 886	else if (data->state == STATE_EP_DISABLED) {
 887		value = 0;
 888		data->state = STATE_EP_READY;
 889		get_ep (data);
 890		fd->private_data = data;
 891		VDEBUG (data->dev, "%s ready\n", data->name);
 892	} else
 893		DBG (data->dev, "%s state %d\n",
 894			data->name, data->state);
 895	spin_unlock_irq (&data->dev->lock);
 896	mutex_unlock(&data->lock);
 897	return value;
 898}
 899
 900/* used before endpoint configuration */
 901static const struct file_operations ep_config_operations = {
 902	.owner =	THIS_MODULE,
 903	.llseek =	no_llseek,
 904
 905	.open =		ep_open,
 906	.write =	ep_config,
 907	.release =	ep_release,
 908};
 909
 910/*----------------------------------------------------------------------*/
 911
 912/* EP0 IMPLEMENTATION can be partly in userspace.
 913 *
 914 * Drivers that use this facility receive various events, including
 915 * control requests the kernel doesn't handle.  Drivers that don't
 916 * use this facility may be too simple-minded for real applications.
 917 */
 918
 919static inline void ep0_readable (struct dev_data *dev)
 920{
 921	wake_up (&dev->wait);
 922	kill_fasync (&dev->fasync, SIGIO, POLL_IN);
 923}
 924
 925static void clean_req (struct usb_ep *ep, struct usb_request *req)
 926{
 927	struct dev_data		*dev = ep->driver_data;
 928
 929	if (req->buf != dev->rbuf) {
 930		kfree(req->buf);
 931		req->buf = dev->rbuf;
 932		req->dma = DMA_ADDR_INVALID;
 933	}
 934	req->complete = epio_complete;
 935	dev->setup_out_ready = 0;
 936}
 937
 938static void ep0_complete (struct usb_ep *ep, struct usb_request *req)
 939{
 940	struct dev_data		*dev = ep->driver_data;
 941	unsigned long		flags;
 942	int			free = 1;
 943
 944	/* for control OUT, data must still get to userspace */
 945	spin_lock_irqsave(&dev->lock, flags);
 946	if (!dev->setup_in) {
 947		dev->setup_out_error = (req->status != 0);
 948		if (!dev->setup_out_error)
 949			free = 0;
 950		dev->setup_out_ready = 1;
 951		ep0_readable (dev);
 952	}
 953
 954	/* clean up as appropriate */
 955	if (free && req->buf != &dev->rbuf)
 956		clean_req (ep, req);
 957	req->complete = epio_complete;
 958	spin_unlock_irqrestore(&dev->lock, flags);
 959}
 960
 961static int setup_req (struct usb_ep *ep, struct usb_request *req, u16 len)
 962{
 963	struct dev_data	*dev = ep->driver_data;
 964
 965	if (dev->setup_out_ready) {
 966		DBG (dev, "ep0 request busy!\n");
 967		return -EBUSY;
 968	}
 969	if (len > sizeof (dev->rbuf))
 970		req->buf = kmalloc(len, GFP_ATOMIC);
 971	if (req->buf == NULL) {
 972		req->buf = dev->rbuf;
 973		return -ENOMEM;
 974	}
 975	req->complete = ep0_complete;
 976	req->length = len;
 977	req->zero = 0;
 978	return 0;
 979}
 980
 981static ssize_t
 982ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
 983{
 984	struct dev_data			*dev = fd->private_data;
 985	ssize_t				retval;
 986	enum ep0_state			state;
 987
 988	spin_lock_irq (&dev->lock);
 989
 990	/* report fd mode change before acting on it */
 991	if (dev->setup_abort) {
 992		dev->setup_abort = 0;
 993		retval = -EIDRM;
 994		goto done;
 995	}
 996
 997	/* control DATA stage */
 998	if ((state = dev->state) == STATE_DEV_SETUP) {
 999
1000		if (dev->setup_in) {		/* stall IN */
1001			VDEBUG(dev, "ep0in stall\n");
1002			(void) usb_ep_set_halt (dev->gadget->ep0);
1003			retval = -EL2HLT;
1004			dev->state = STATE_DEV_CONNECTED;
1005
1006		} else if (len == 0) {		/* ack SET_CONFIGURATION etc */
1007			struct usb_ep		*ep = dev->gadget->ep0;
1008			struct usb_request	*req = dev->req;
1009
1010			if ((retval = setup_req (ep, req, 0)) == 0)
1011				retval = usb_ep_queue (ep, req, GFP_ATOMIC);
1012			dev->state = STATE_DEV_CONNECTED;
1013
1014			/* assume that was SET_CONFIGURATION */
1015			if (dev->current_config) {
1016				unsigned power;
1017
1018				if (gadget_is_dualspeed(dev->gadget)
1019						&& (dev->gadget->speed
1020							== USB_SPEED_HIGH))
1021					power = dev->hs_config->bMaxPower;
1022				else
1023					power = dev->config->bMaxPower;
1024				usb_gadget_vbus_draw(dev->gadget, 2 * power);
1025			}
1026
1027		} else {			/* collect OUT data */
1028			if ((fd->f_flags & O_NONBLOCK) != 0
1029					&& !dev->setup_out_ready) {
1030				retval = -EAGAIN;
1031				goto done;
1032			}
1033			spin_unlock_irq (&dev->lock);
1034			retval = wait_event_interruptible (dev->wait,
1035					dev->setup_out_ready != 0);
1036
1037			/* FIXME state could change from under us */
1038			spin_lock_irq (&dev->lock);
1039			if (retval)
1040				goto done;
1041
1042			if (dev->state != STATE_DEV_SETUP) {
1043				retval = -ECANCELED;
1044				goto done;
1045			}
1046			dev->state = STATE_DEV_CONNECTED;
1047
1048			if (dev->setup_out_error)
1049				retval = -EIO;
1050			else {
1051				len = min (len, (size_t)dev->req->actual);
1052// FIXME don't call this with the spinlock held ...
1053				if (copy_to_user (buf, dev->req->buf, len))
1054					retval = -EFAULT;
1055				clean_req (dev->gadget->ep0, dev->req);
1056				/* NOTE userspace can't yet choose to stall */
1057			}
1058		}
1059		goto done;
1060	}
1061
1062	/* else normal: return event data */
1063	if (len < sizeof dev->event [0]) {
1064		retval = -EINVAL;
1065		goto done;
1066	}
1067	len -= len % sizeof (struct usb_gadgetfs_event);
1068	dev->usermode_setup = 1;
1069
1070scan:
1071	/* return queued events right away */
1072	if (dev->ev_next != 0) {
1073		unsigned		i, n;
1074
1075		n = len / sizeof (struct usb_gadgetfs_event);
1076		if (dev->ev_next < n)
1077			n = dev->ev_next;
1078
1079		/* ep0 i/o has special semantics during STATE_DEV_SETUP */
1080		for (i = 0; i < n; i++) {
1081			if (dev->event [i].type == GADGETFS_SETUP) {
1082				dev->state = STATE_DEV_SETUP;
1083				n = i + 1;
1084				break;
1085			}
1086		}
1087		spin_unlock_irq (&dev->lock);
1088		len = n * sizeof (struct usb_gadgetfs_event);
1089		if (copy_to_user (buf, &dev->event, len))
1090			retval = -EFAULT;
1091		else
1092			retval = len;
1093		if (len > 0) {
1094			/* NOTE this doesn't guard against broken drivers;
1095			 * concurrent ep0 readers may lose events.
1096			 */
1097			spin_lock_irq (&dev->lock);
1098			if (dev->ev_next > n) {
1099				memmove(&dev->event[0], &dev->event[n],
1100					sizeof (struct usb_gadgetfs_event)
1101						* (dev->ev_next - n));
1102			}
1103			dev->ev_next -= n;
1104			spin_unlock_irq (&dev->lock);
1105		}
1106		return retval;
1107	}
1108	if (fd->f_flags & O_NONBLOCK) {
1109		retval = -EAGAIN;
1110		goto done;
1111	}
1112
1113	switch (state) {
1114	default:
1115		DBG (dev, "fail %s, state %d\n", __func__, state);
1116		retval = -ESRCH;
1117		break;
1118	case STATE_DEV_UNCONNECTED:
1119	case STATE_DEV_CONNECTED:
1120		spin_unlock_irq (&dev->lock);
1121		DBG (dev, "%s wait\n", __func__);
1122
1123		/* wait for events */
1124		retval = wait_event_interruptible (dev->wait,
1125				dev->ev_next != 0);
1126		if (retval < 0)
1127			return retval;
1128		spin_lock_irq (&dev->lock);
1129		goto scan;
1130	}
1131
1132done:
1133	spin_unlock_irq (&dev->lock);
1134	return retval;
1135}
1136
1137static struct usb_gadgetfs_event *
1138next_event (struct dev_data *dev, enum usb_gadgetfs_event_type type)
1139{
1140	struct usb_gadgetfs_event	*event;
1141	unsigned			i;
1142
1143	switch (type) {
1144	/* these events purge the queue */
1145	case GADGETFS_DISCONNECT:
1146		if (dev->state == STATE_DEV_SETUP)
1147			dev->setup_abort = 1;
1148		// FALL THROUGH
1149	case GADGETFS_CONNECT:
1150		dev->ev_next = 0;
1151		break;
1152	case GADGETFS_SETUP:		/* previous request timed out */
1153	case GADGETFS_SUSPEND:		/* same effect */
1154		/* these events can't be repeated */
1155		for (i = 0; i != dev->ev_next; i++) {
1156			if (dev->event [i].type != type)
1157				continue;
1158			DBG(dev, "discard old event[%d] %d\n", i, type);
1159			dev->ev_next--;
1160			if (i == dev->ev_next)
1161				break;
1162			/* indices start at zero, for simplicity */
1163			memmove (&dev->event [i], &dev->event [i + 1],
1164				sizeof (struct usb_gadgetfs_event)
1165					* (dev->ev_next - i));
1166		}
1167		break;
1168	default:
1169		BUG ();
1170	}
1171	VDEBUG(dev, "event[%d] = %d\n", dev->ev_next, type);
1172	event = &dev->event [dev->ev_next++];
1173	BUG_ON (dev->ev_next > N_EVENT);
1174	memset (event, 0, sizeof *event);
1175	event->type = type;
1176	return event;
1177}
1178
1179static ssize_t
1180ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1181{
1182	struct dev_data		*dev = fd->private_data;
1183	ssize_t			retval = -ESRCH;
1184
1185	spin_lock_irq (&dev->lock);
1186
1187	/* report fd mode change before acting on it */
1188	if (dev->setup_abort) {
1189		dev->setup_abort = 0;
1190		retval = -EIDRM;
1191
1192	/* data and/or status stage for control request */
1193	} else if (dev->state == STATE_DEV_SETUP) {
1194
1195		/* IN DATA+STATUS caller makes len <= wLength */
1196		if (dev->setup_in) {
1197			retval = setup_req (dev->gadget->ep0, dev->req, len);
1198			if (retval == 0) {
1199				dev->state = STATE_DEV_CONNECTED;
1200				spin_unlock_irq (&dev->lock);
1201				if (copy_from_user (dev->req->buf, buf, len))
1202					retval = -EFAULT;
1203				else {
1204					if (len < dev->setup_wLength)
1205						dev->req->zero = 1;
1206					retval = usb_ep_queue (
1207						dev->gadget->ep0, dev->req,
1208						GFP_KERNEL);
1209				}
1210				if (retval < 0) {
1211					spin_lock_irq (&dev->lock);
1212					clean_req (dev->gadget->ep0, dev->req);
1213					spin_unlock_irq (&dev->lock);
1214				} else
1215					retval = len;
1216
1217				return retval;
1218			}
1219
1220		/* can stall some OUT transfers */
1221		} else if (dev->setup_can_stall) {
1222			VDEBUG(dev, "ep0out stall\n");
1223			(void) usb_ep_set_halt (dev->gadget->ep0);
1224			retval = -EL2HLT;
1225			dev->state = STATE_DEV_CONNECTED;
1226		} else {
1227			DBG(dev, "bogus ep0out stall!\n");
1228		}
1229	} else
1230		DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1231
1232	spin_unlock_irq (&dev->lock);
1233	return retval;
1234}
1235
1236static int
1237ep0_fasync (int f, struct file *fd, int on)
1238{
1239	struct dev_data		*dev = fd->private_data;
1240	// caller must F_SETOWN before signal delivery happens
1241	VDEBUG (dev, "%s %s\n", __func__, on ? "on" : "off");
1242	return fasync_helper (f, fd, on, &dev->fasync);
1243}
1244
1245static struct usb_gadget_driver gadgetfs_driver;
1246
1247static int
1248dev_release (struct inode *inode, struct file *fd)
1249{
1250	struct dev_data		*dev = fd->private_data;
1251
1252	/* closing ep0 === shutdown all */
1253
1254	usb_gadget_unregister_driver (&gadgetfs_driver);
1255
1256	/* at this point "good" hardware has disconnected the
1257	 * device from USB; the host won't see it any more.
1258	 * alternatively, all host requests will time out.
1259	 */
1260
1261	kfree (dev->buf);
1262	dev->buf = NULL;
1263	put_dev (dev);
1264
1265	/* other endpoints were all decoupled from this device */
1266	spin_lock_irq(&dev->lock);
1267	dev->state = STATE_DEV_DISABLED;
1268	spin_unlock_irq(&dev->lock);
1269	return 0;
1270}
1271
1272static unsigned int
1273ep0_poll (struct file *fd, poll_table *wait)
1274{
1275       struct dev_data         *dev = fd->private_data;
1276       int                     mask = 0;
1277
1278       poll_wait(fd, &dev->wait, wait);
1279
1280       spin_lock_irq (&dev->lock);
1281
1282       /* report fd mode change before acting on it */
1283       if (dev->setup_abort) {
1284               dev->setup_abort = 0;
1285               mask = POLLHUP;
1286               goto out;
1287       }
1288
1289       if (dev->state == STATE_DEV_SETUP) {
1290               if (dev->setup_in || dev->setup_can_stall)
1291                       mask = POLLOUT;
1292       } else {
1293               if (dev->ev_next != 0)
1294                       mask = POLLIN;
1295       }
1296out:
1297       spin_unlock_irq(&dev->lock);
1298       return mask;
1299}
1300
1301static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1302{
1303	struct dev_data		*dev = fd->private_data;
1304	struct usb_gadget	*gadget = dev->gadget;
1305	long ret = -ENOTTY;
1306
1307	if (gadget->ops->ioctl)
1308		ret = gadget->ops->ioctl (gadget, code, value);
1309
1310	return ret;
1311}
1312
1313/* used after device configuration */
1314static const struct file_operations ep0_io_operations = {
1315	.owner =	THIS_MODULE,
1316	.llseek =	no_llseek,
1317
1318	.read =		ep0_read,
1319	.write =	ep0_write,
1320	.fasync =	ep0_fasync,
1321	.poll =		ep0_poll,
1322	.unlocked_ioctl =	dev_ioctl,
1323	.release =	dev_release,
1324};
1325
1326/*----------------------------------------------------------------------*/
1327
1328/* The in-kernel gadget driver handles most ep0 issues, in particular
1329 * enumerating the single configuration (as provided from user space).
1330 *
1331 * Unrecognized ep0 requests may be handled in user space.
1332 */
1333
1334#ifdef	CONFIG_USB_GADGET_DUALSPEED
1335static void make_qualifier (struct dev_data *dev)
1336{
1337	struct usb_qualifier_descriptor		qual;
1338	struct usb_device_descriptor		*desc;
1339
1340	qual.bLength = sizeof qual;
1341	qual.bDescriptorType = USB_DT_DEVICE_QUALIFIER;
1342	qual.bcdUSB = cpu_to_le16 (0x0200);
1343
1344	desc = dev->dev;
1345	qual.bDeviceClass = desc->bDeviceClass;
1346	qual.bDeviceSubClass = desc->bDeviceSubClass;
1347	qual.bDeviceProtocol = desc->bDeviceProtocol;
1348
1349	/* assumes ep0 uses the same value for both speeds ... */
1350	qual.bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1351
1352	qual.bNumConfigurations = 1;
1353	qual.bRESERVED = 0;
1354
1355	memcpy (dev->rbuf, &qual, sizeof qual);
1356}
1357#endif
1358
1359static int
1360config_buf (struct dev_data *dev, u8 type, unsigned index)
1361{
1362	int		len;
1363	int		hs = 0;
1364
1365	/* only one configuration */
1366	if (index > 0)
1367		return -EINVAL;
1368
1369	if (gadget_is_dualspeed(dev->gadget)) {
1370		hs = (dev->gadget->speed == USB_SPEED_HIGH);
1371		if (type == USB_DT_OTHER_SPEED_CONFIG)
1372			hs = !hs;
1373	}
1374	if (hs) {
1375		dev->req->buf = dev->hs_config;
1376		len = le16_to_cpu(dev->hs_config->wTotalLength);
1377	} else {
1378		dev->req->buf = dev->config;
1379		len = le16_to_cpu(dev->config->wTotalLength);
1380	}
1381	((u8 *)dev->req->buf) [1] = type;
1382	return len;
1383}
1384
1385static int
1386gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1387{
1388	struct dev_data			*dev = get_gadget_data (gadget);
1389	struct usb_request		*req = dev->req;
1390	int				value = -EOPNOTSUPP;
1391	struct usb_gadgetfs_event	*event;
1392	u16				w_value = le16_to_cpu(ctrl->wValue);
1393	u16				w_length = le16_to_cpu(ctrl->wLength);
1394
1395	spin_lock (&dev->lock);
1396	dev->setup_abort = 0;
1397	if (dev->state == STATE_DEV_UNCONNECTED) {
1398		if (gadget_is_dualspeed(gadget)
1399				&& gadget->speed == USB_SPEED_HIGH
1400				&& dev->hs_config == NULL) {
1401			spin_unlock(&dev->lock);
1402			ERROR (dev, "no high speed config??\n");
1403			return -EINVAL;
1404		}
1405
1406		dev->state = STATE_DEV_CONNECTED;
1407
1408		INFO (dev, "connected\n");
1409		event = next_event (dev, GADGETFS_CONNECT);
1410		event->u.speed = gadget->speed;
1411		ep0_readable (dev);
1412
1413	/* host may have given up waiting for response.  we can miss control
1414	 * requests handled lower down (device/endpoint status and features);
1415	 * then ep0_{read,write} will report the wrong status. controller
1416	 * driver will have aborted pending i/o.
1417	 */
1418	} else if (dev->state == STATE_DEV_SETUP)
1419		dev->setup_abort = 1;
1420
1421	req->buf = dev->rbuf;
1422	req->dma = DMA_ADDR_INVALID;
1423	req->context = NULL;
1424	value = -EOPNOTSUPP;
1425	switch (ctrl->bRequest) {
1426
1427	case USB_REQ_GET_DESCRIPTOR:
1428		if (ctrl->bRequestType != USB_DIR_IN)
1429			goto unrecognized;
1430		switch (w_value >> 8) {
1431
1432		case USB_DT_DEVICE:
1433			value = min (w_length, (u16) sizeof *dev->dev);
1434			dev->dev->bMaxPacketSize0 = dev->gadget->ep0->maxpacket;
1435			req->buf = dev->dev;
1436			break;
1437#ifdef	CONFIG_USB_GADGET_DUALSPEED
1438		case USB_DT_DEVICE_QUALIFIER:
1439			if (!dev->hs_config)
1440				break;
1441			value = min (w_length, (u16)
1442				sizeof (struct usb_qualifier_descriptor));
1443			make_qualifier (dev);
1444			break;
1445		case USB_DT_OTHER_SPEED_CONFIG:
1446			// FALLTHROUGH
1447#endif
1448		case USB_DT_CONFIG:
1449			value = config_buf (dev,
1450					w_value >> 8,
1451					w_value & 0xff);
1452			if (value >= 0)
1453				value = min (w_length, (u16) value);
1454			break;
1455		case USB_DT_STRING:
1456			goto unrecognized;
1457
1458		default:		// all others are errors
1459			break;
1460		}
1461		break;
1462
1463	/* currently one config, two speeds */
1464	case USB_REQ_SET_CONFIGURATION:
1465		if (ctrl->bRequestType != 0)
1466			goto unrecognized;
1467		if (0 == (u8) w_value) {
1468			value = 0;
1469			dev->current_config = 0;
1470			usb_gadget_vbus_draw(gadget, 8 /* mA */ );
1471			// user mode expected to disable endpoints
1472		} else {
1473			u8	config, power;
1474
1475			if (gadget_is_dualspeed(gadget)
1476					&& gadget->speed == USB_SPEED_HIGH) {
1477				config = dev->hs_config->bConfigurationValue;
1478				power = dev->hs_config->bMaxPower;
1479			} else {
1480				config = dev->config->bConfigurationValue;
1481				power = dev->config->bMaxPower;
1482			}
1483
1484			if (config == (u8) w_value) {
1485				value = 0;
1486				dev->current_config = config;
1487				usb_gadget_vbus_draw(gadget, 2 * power);
1488			}
1489		}
1490
1491		/* report SET_CONFIGURATION like any other control request,
1492		 * except that usermode may not stall this.  the next
1493		 * request mustn't be allowed start until this finishes:
1494		 * endpoints and threads set up, etc.
1495		 *
1496		 * NOTE:  older PXA hardware (before PXA 255: without UDCCFR)
1497		 * has bad/racey automagic that prevents synchronizing here.
1498		 * even kernel mode drivers often miss them.
1499		 */
1500		if (value == 0) {
1501			INFO (dev, "configuration #%d\n", dev->current_config);
1502			if (dev->usermode_setup) {
1503				dev->setup_can_stall = 0;
1504				goto delegate;
1505			}
1506		}
1507		break;
1508
1509#ifndef	CONFIG_USB_GADGET_PXA25X
1510	/* PXA automagically handles this request too */
1511	case USB_REQ_GET_CONFIGURATION:
1512		if (ctrl->bRequestType != 0x80)
1513			goto unrecognized;
1514		*(u8 *)req->buf = dev->current_config;
1515		value = min (w_length, (u16) 1);
1516		break;
1517#endif
1518
1519	default:
1520unrecognized:
1521		VDEBUG (dev, "%s req%02x.%02x v%04x i%04x l%d\n",
1522			dev->usermode_setup ? "delegate" : "fail",
1523			ctrl->bRequestType, ctrl->bRequest,
1524			w_value, le16_to_cpu(ctrl->wIndex), w_length);
1525
1526		/* if there's an ep0 reader, don't stall */
1527		if (dev->usermode_setup) {
1528			dev->setup_can_stall = 1;
1529delegate:
1530			dev->setup_in = (ctrl->bRequestType & USB_DIR_IN)
1531						? 1 : 0;
1532			dev->setup_wLength = w_length;
1533			dev->setup_out_ready = 0;
1534			dev->setup_out_error = 0;
1535			value = 0;
1536
1537			/* read DATA stage for OUT right away */
1538			if (unlikely (!dev->setup_in && w_length)) {
1539				value = setup_req (gadget->ep0, dev->req,
1540							w_length);
1541				if (value < 0)
1542					break;
1543				value = usb_ep_queue (gadget->ep0, dev->req,
1544							GFP_ATOMIC);
1545				if (value < 0) {
1546					clean_req (gadget->ep0, dev->req);
1547					break;
1548				}
1549
1550				/* we can't currently stall these */
1551				dev->setup_can_stall = 0;
1552			}
1553
1554			/* state changes when reader collects event */
1555			event = next_event (dev, GADGETFS_SETUP);
1556			event->u.setup = *ctrl;
1557			ep0_readable (dev);
1558			spin_unlock (&dev->lock);
1559			return 0;
1560		}
1561	}
1562
1563	/* proceed with data transfer and status phases? */
1564	if (value >= 0 && dev->state != STATE_DEV_SETUP) {
1565		req->length = value;
1566		req->zero = value < w_length;
1567		value = usb_ep_queue (gadget->ep0, req, GFP_ATOMIC);
1568		if (value < 0) {
1569			DBG (dev, "ep_queue --> %d\n", value);
1570			req->status = 0;
1571		}
1572	}
1573
1574	/* device stalls when value < 0 */
1575	spin_unlock (&dev->lock);
1576	return value;
1577}
1578
1579static void destroy_ep_files (struct dev_data *dev)
1580{
1581	struct list_head	*entry, *tmp;
1582
1583	DBG (dev, "%s %d\n", __func__, dev->state);
1584
1585	/* dev->state must prevent interference */
1586restart:
1587	spin_lock_irq (&dev->lock);
1588	list_for_each_safe (entry, tmp, &dev->epfiles) {
1589		struct ep_data	*ep;
1590		struct inode	*parent;
1591		struct dentry	*dentry;
1592
1593		/* break link to FS */
1594		ep = list_entry (entry, struct ep_data, epfiles);
1595		list_del_init (&ep->epfiles);
1596		dentry = ep->dentry;
1597		ep->dentry = NULL;
1598		parent = dentry->d_parent->d_inode;
1599
1600		/* break link to controller */
1601		if (ep->state == STATE_EP_ENABLED)
1602			(void) usb_ep_disable (ep->ep);
1603		ep->state = STATE_EP_UNBOUND;
1604		usb_ep_free_request (ep->ep, ep->req);
1605		ep->ep = NULL;
1606		wake_up (&ep->wait);
1607		put_ep (ep);
1608
1609		spin_unlock_irq (&dev->lock);
1610
1611		/* break link to dcache */
1612		mutex_lock (&parent->i_mutex);
1613		d_delete (dentry);
1614		dput (dentry);
1615		mutex_unlock (&parent->i_mutex);
1616
1617		/* fds may still be open */
1618		goto restart;
1619	}
1620	spin_unlock_irq (&dev->lock);
1621}
1622
1623
1624static struct inode *
1625gadgetfs_create_file (struct super_block *sb, char const *name,
1626		void *data, const struct file_operations *fops,
1627		struct dentry **dentry_p);
1628
1629static int activate_ep_files (struct dev_data *dev)
1630{
1631	struct usb_ep	*ep;
1632	struct ep_data	*data;
1633
1634	gadget_for_each_ep (ep, dev->gadget) {
1635
1636		data = kzalloc(sizeof(*data), GFP_KERNEL);
1637		if (!data)
1638			goto enomem0;
1639		data->state = STATE_EP_DISABLED;
1640		mutex_init(&data->lock);
1641		init_waitqueue_head (&data->wait);
1642
1643		strncpy (data->name, ep->name, sizeof (data->name) - 1);
1644		atomic_set (&data->count, 1);
1645		data->dev = dev;
1646		get_dev (dev);
1647
1648		data->ep = ep;
1649		ep->driver_data = data;
1650
1651		data->req = usb_ep_alloc_request (ep, GFP_KERNEL);
1652		if (!data->req)
1653			goto enomem1;
1654
1655		data->inode = gadgetfs_create_file (dev->sb, data->name,
1656				data, &ep_config_operations,
1657				&data->dentry);
1658		if (!data->inode)
1659			goto enomem2;
1660		list_add_tail (&data->epfiles, &dev->epfiles);
1661	}
1662	return 0;
1663
1664enomem2:
1665	usb_ep_free_request (ep, data->req);
1666enomem1:
1667	put_dev (dev);
1668	kfree (data);
1669enomem0:
1670	DBG (dev, "%s enomem\n", __func__);
1671	destroy_ep_files (dev);
1672	return -ENOMEM;
1673}
1674
1675static void
1676gadgetfs_unbind (struct usb_gadget *gadget)
1677{
1678	struct dev_data		*dev = get_gadget_data (gadget);
1679
1680	DBG (dev, "%s\n", __func__);
1681
1682	spin_lock_irq (&dev->lock);
1683	dev->state = STATE_DEV_UNBOUND;
1684	spin_unlock_irq (&dev->lock);
1685
1686	destroy_ep_files (dev);
1687	gadget->ep0->driver_data = NULL;
1688	set_gadget_data (gadget, NULL);
1689
1690	/* we've already been disconnected ... no i/o is active */
1691	if (dev->req)
1692		usb_ep_free_request (gadget->ep0, dev->req);
1693	DBG (dev, "%s done\n", __func__);
1694	put_dev (dev);
1695}
1696
1697static struct dev_data		*the_device;
1698
1699static int
1700gadgetfs_bind (struct usb_gadget *gadget)
1701{
1702	struct dev_data		*dev = the_device;
1703
1704	if (!dev)
1705		return -ESRCH;
1706	if (0 != strcmp (CHIP, gadget->name)) {
1707		pr_err("%s expected %s controller not %s\n",
1708			shortname, CHIP, gadget->name);
1709		return -ENODEV;
1710	}
1711
1712	set_gadget_data (gadget, dev);
1713	dev->gadget = gadget;
1714	gadget->ep0->driver_data = dev;
1715
1716	/* preallocate control response and buffer */
1717	dev->req = usb_ep_alloc_request (gadget->ep0, GFP_KERNEL);
1718	if (!dev->req)
1719		goto enomem;
1720	dev->req->context = NULL;
1721	dev->req->complete = epio_complete;
1722
1723	if (activate_ep_files (dev) < 0)
1724		goto enomem;
1725
1726	INFO (dev, "bound to %s driver\n", gadget->name);
1727	spin_lock_irq(&dev->lock);
1728	dev->state = STATE_DEV_UNCONNECTED;
1729	spin_unlock_irq(&dev->lock);
1730	get_dev (dev);
1731	return 0;
1732
1733enomem:
1734	gadgetfs_unbind (gadget);
1735	return -ENOMEM;
1736}
1737
1738static void
1739gadgetfs_disconnect (struct usb_gadget *gadget)
1740{
1741	struct dev_data		*dev = get_gadget_data (gadget);
1742
1743	spin_lock (&dev->lock);
1744	if (dev->state == STATE_DEV_UNCONNECTED)
1745		goto exit;
1746	dev->state = STATE_DEV_UNCONNECTED;
1747
1748	INFO (dev, "disconnected\n");
1749	next_event (dev, GADGETFS_DISCONNECT);
1750	ep0_readable (dev);
1751exit:
1752	spin_unlock (&dev->lock);
1753}
1754
1755static void
1756gadgetfs_suspend (struct usb_gadget *gadget)
1757{
1758	struct dev_data		*dev = get_gadget_data (gadget);
1759
1760	INFO (dev, "suspended from state %d\n", dev->state);
1761	spin_lock (&dev->lock);
1762	switch (dev->state) {
1763	case STATE_DEV_SETUP:		// VERY odd... host died??
1764	case STATE_DEV_CONNECTED:
1765	case STATE_DEV_UNCONNECTED:
1766		next_event (dev, GADGETFS_SUSPEND);
1767		ep0_readable (dev);
1768		/* FALLTHROUGH */
1769	default:
1770		break;
1771	}
1772	spin_unlock (&dev->lock);
1773}
1774
1775static struct usb_gadget_driver gadgetfs_driver = {
1776#ifdef	CONFIG_USB_GADGET_DUALSPEED
1777	.speed		= USB_SPEED_HIGH,
1778#else
1779	.speed		= USB_SPEED_FULL,
1780#endif
1781	.function	= (char *) driver_desc,
1782	.unbind		= gadgetfs_unbind,
1783	.setup		= gadgetfs_setup,
1784	.disconnect	= gadgetfs_disconnect,
1785	.suspend	= gadgetfs_suspend,
1786
1787	.driver	= {
1788		.name		= (char *) shortname,
1789	},
1790};
1791
1792/*----------------------------------------------------------------------*/
1793
1794static void gadgetfs_nop(struct usb_gadget *arg) { }
1795
1796static int gadgetfs_probe (struct usb_gadget *gadget)
1797{
1798	CHIP = gadget->name;
1799	return -EISNAM;
1800}
1801
1802static struct usb_gadget_driver probe_driver = {
1803	.speed		= USB_SPEED_HIGH,
1804	.unbind		= gadgetfs_nop,
1805	.setup		= (void *)gadgetfs_nop,
1806	.disconnect	= gadgetfs_nop,
1807	.driver	= {
1808		.name		= "nop",
1809	},
1810};
1811
1812
1813/* DEVICE INITIALIZATION
1814 *
1815 *     fd = open ("/dev/gadget/$CHIP", O_RDWR)
1816 *     status = write (fd, descriptors, sizeof descriptors)
1817 *
1818 * That write establishes the device configuration, so the kernel can
1819 * bind to the controller ... guaranteeing it can handle enumeration
1820 * at all necessary speeds.  Descriptor order is:
1821 *
1822 * . message tag (u32, host order) ... for now, must be zero; it
1823 *	would change to support features like multi-config devices
1824 * . full/low speed config ... all wTotalLength bytes (with interface,
1825 *	class, altsetting, endpoint, and other descriptors)
1826 * . high speed config ... all descriptors, for high speed operation;
1827 *	this one's optional except for high-speed hardware
1828 * . device descriptor
1829 *
1830 * Endpoints are not yet enabled. Drivers must wait until device
1831 * configuration and interface altsetting changes create
1832 * the need to configure (or unconfigure) them.
1833 *
1834 * After initialization, the device stays active for as long as that
1835 * $CHIP file is open.  Events must then be read from that descriptor,
1836 * such as configuration notifications.
1837 */
1838
1839static int is_valid_config (struct usb_config_descriptor *config)
1840{
1841	return config->bDescriptorType == USB_DT_CONFIG
1842		&& config->bLength == USB_DT_CONFIG_SIZE
1843		&& config->bConfigurationValue != 0
1844		&& (config->bmAttributes & USB_CONFIG_ATT_ONE) != 0
1845		&& (config->bmAttributes & USB_CONFIG_ATT_WAKEUP) == 0;
1846	/* FIXME if gadget->is_otg, _must_ include an otg descriptor */
1847	/* FIXME check lengths: walk to end */
1848}
1849
1850static ssize_t
1851dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1852{
1853	struct dev_data		*dev = fd->private_data;
1854	ssize_t			value = len, length = len;
1855	unsigned		total;
1856	u32			tag;
1857	char			*kbuf;
1858
1859	if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4))
1860		return -EINVAL;
1861
1862	/* we might need to change message format someday */
1863	if (copy_from_user (&tag, buf, 4))
1864		return -EFAULT;
1865	if (tag != 0)
1866		return -EINVAL;
1867	buf += 4;
1868	length -= 4;
1869
1870	kbuf = memdup_user(buf, length);
1871	if (IS_ERR(kbuf))
1872		return PTR_ERR(kbuf);
1873
1874	spin_lock_irq (&dev->lock);
1875	value = -EINVAL;
1876	if (dev->buf)
1877		goto fail;
1878	dev->buf = kbuf;
1879
1880	/* full or low speed config */
1881	dev->config = (void *) kbuf;
1882	total = le16_to_cpu(dev->config->wTotalLength);
1883	if (!is_valid_config (dev->config) || total >= length)
1884		goto fail;
1885	kbuf += total;
1886	length -= total;
1887
1888	/* optional high speed config */
1889	if (kbuf [1] == USB_DT_CONFIG) {
1890		dev->hs_config = (void *) kbuf;
1891		total = le16_to_cpu(dev->hs_config->wTotalLength);
1892		if (!is_valid_config (dev->hs_config) || total >= length)
1893			goto fail;
1894		kbuf += total;
1895		length -= total;
1896	}
1897
1898	/* could support multiple configs, using another encoding! */
1899
1900	/* device descriptor (tweaked for paranoia) */
1901	if (length != USB_DT_DEVICE_SIZE)
1902		goto fail;
1903	dev->dev = (void *)kbuf;
1904	if (dev->dev->bLength != USB_DT_DEVICE_SIZE
1905			|| dev->dev->bDescriptorType != USB_DT_DEVICE
1906			|| dev->dev->bNumConfigurations != 1)
1907		goto fail;
1908	dev->dev->bNumConfigurations = 1;
1909	dev->dev->bcdUSB = cpu_to_le16 (0x0200);
1910
1911	/* triggers gadgetfs_bind(); then we can enumerate. */
1912	spin_unlock_irq (&dev->lock);
1913	value = usb_gadget_probe_driver(&gadgetfs_driver, gadgetfs_bind);
1914	if (value != 0) {
1915		kfree (dev->buf);
1916		dev->buf = NULL;
1917	} else {
1918		/* at this point "good" hardware has for the first time
1919		 * let the USB the host see us.  alternatively, if users
1920		 * unplug/replug that will clear all the error state.
1921		 *
1922		 * note:  everything running before here was guaranteed
1923		 * to choke driver model style diagnostics.  from here
1924		 * on, they can work ... except in cleanup paths that
1925		 * kick in after the ep0 descriptor is closed.
1926		 */
1927		fd->f_op = &ep0_io_operations;
1928		value = len;
1929	}
1930	return value;
1931
1932fail:
1933	spin_unlock_irq (&dev->lock);
1934	pr_debug ("%s: %s fail %Zd, %p\n", shortname, __func__, value, dev);
1935	kfree (dev->buf);
1936	dev->buf = NULL;
1937	return value;
1938}
1939
1940static int
1941dev_open (struct inode *inode, struct file *fd)
1942{
1943	struct dev_data		*dev = inode->i_private;
1944	int			value = -EBUSY;
1945
1946	spin_lock_irq(&dev->lock);
1947	if (dev->state == STATE_DEV_DISABLED) {
1948		dev->ev_next = 0;
1949		dev->state = STATE_DEV_OPENED;
1950		fd->private_data = dev;
1951		get_dev (dev);
1952		value = 0;
1953	}
1954	spin_unlock_irq(&dev->lock);
1955	return value;
1956}
1957
1958static const struct file_operations dev_init_operations = {
1959	.owner =	THIS_MODULE,
1960	.llseek =	no_llseek,
1961
1962	.open =		dev_open,
1963	.write =	dev_config,
1964	.fasync =	ep0_fasync,
1965	.unlocked_ioctl = dev_ioctl,
1966	.release =	dev_release,
1967};
1968
1969/*----------------------------------------------------------------------*/
1970
1971/* FILESYSTEM AND SUPERBLOCK OPERATIONS
1972 *
1973 * Mounting the filesystem creates a controller file, used first for
1974 * device configuration then later for event monitoring.
1975 */
1976
1977
1978/* FIXME PAM etc could set this security policy without mount options
1979 * if epfiles inherited ownership and permissons from ep0 ...
1980 */
1981
1982static unsigned default_uid;
1983static unsigned default_gid;
1984static unsigned default_perm = S_IRUSR | S_IWUSR;
1985
1986module_param (default_uid, uint, 0644);
1987module_param (default_gid, uint, 0644);
1988module_param (default_perm, uint, 0644);
1989
1990
1991static struct inode *
1992gadgetfs_make_inode (struct super_block *sb,
1993		void *data, const struct file_operations *fops,
1994		int mode)
1995{
1996	struct inode *inode = new_inode (sb);
1997
1998	if (inode) {
1999		inode->i_ino = get_next_ino();
2000		inode->i_mode = mode;
2001		inode->i_uid = default_uid;
2002		inode->i_gid = default_gid;
2003		inode->i_atime = inode->i_mtime = inode->i_ctime
2004				= CURRENT_TIME;
2005		inode->i_private = data;
2006		inode->i_fop = fops;
2007	}
2008	return inode;
2009}
2010
2011/* creates in fs root directory, so non-renamable and non-linkable.
2012 * so inode and dentry are paired, until device reconfig.
2013 */
2014static struct inode *
2015gadgetfs_create_file (struct super_block *sb, char const *name,
2016		void *data, const struct file_operations *fops,
2017		struct dentry **dentry_p)
2018{
2019	struct dentry	*dentry;
2020	struct inode	*inode;
2021
2022	dentry = d_alloc_name(sb->s_root, name);
2023	if (!dentry)
2024		return NULL;
2025
2026	inode = gadgetfs_make_inode (sb, data, fops,
2027			S_IFREG | (default_perm & S_IRWXUGO));
2028	if (!inode) {
2029		dput(dentry);
2030		return NULL;
2031	}
2032	d_add (dentry, inode);
2033	*dentry_p = dentry;
2034	return inode;
2035}
2036
2037static const struct super_operations gadget_fs_operations = {
2038	.statfs =	simple_statfs,
2039	.drop_inode =	generic_delete_inode,
2040};
2041
2042static int
2043gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
2044{
2045	struct inode	*inode;
2046	struct dentry	*d;
2047	struct dev_data	*dev;
2048
2049	if (the_device)
2050		return -ESRCH;
2051
2052	/* fake probe to determine $CHIP */
2053	(void) usb_gadget_probe_driver(&probe_driver, gadgetfs_probe);
2054	if (!CHIP)
2055		return -ENODEV;
2056
2057	/* superblock */
2058	sb->s_blocksize = PAGE_CACHE_SIZE;
2059	sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
2060	sb->s_magic = GADGETFS_MAGIC;
2061	sb->s_op = &gadget_fs_operations;
2062	sb->s_time_gran = 1;
2063
2064	/* root inode */
2065	inode = gadgetfs_make_inode (sb,
2066			NULL, &simple_dir_operations,
2067			S_IFDIR | S_IRUGO | S_IXUGO);
2068	if (!inode)
2069		goto enomem0;
2070	inode->i_op = &simple_dir_inode_operations;
2071	if (!(d = d_alloc_root (inode)))
2072		goto enomem1;
2073	sb->s_root = d;
2074
2075	/* the ep0 file is named after the controller we expect;
2076	 * user mode code can use it for sanity checks, like we do.
2077	 */
2078	dev = dev_new ();
2079	if (!dev)
2080		goto enomem2;
2081
2082	dev->sb = sb;
2083	if (!gadgetfs_create_file (sb, CHIP,
2084				dev, &dev_init_operations,
2085				&dev->dentry))
2086		goto enomem3;
2087
2088	/* other endpoint files are available after hardware setup,
2089	 * from binding to a controller.
2090	 */
2091	the_device = dev;
2092	return 0;
2093
2094enomem3:
2095	put_dev (dev);
2096enomem2:
2097	dput (d);
2098enomem1:
2099	iput (inode);
2100enomem0:
2101	return -ENOMEM;
2102}
2103
2104/* "mount -t gadgetfs path /dev/gadget" ends up here */
2105static struct dentry *
2106gadgetfs_mount (struct file_system_type *t, int flags,
2107		const char *path, void *opts)
2108{
2109	return mount_single (t, flags, opts, gadgetfs_fill_super);
2110}
2111
2112static void
2113gadgetfs_kill_sb (struct super_block *sb)
2114{
2115	kill_litter_super (sb);
2116	if (the_device) {
2117		put_dev (the_device);
2118		the_device = NULL;
2119	}
2120}
2121
2122/*----------------------------------------------------------------------*/
2123
2124static struct file_system_type gadgetfs_type = {
2125	.owner		= THIS_MODULE,
2126	.name		= shortname,
2127	.mount		= gadgetfs_mount,
2128	.kill_sb	= gadgetfs_kill_sb,
2129};
2130
2131/*----------------------------------------------------------------------*/
2132
2133static int __init init (void)
2134{
2135	int status;
2136
2137	status = register_filesystem (&gadgetfs_type);
2138	if (status == 0)
2139		pr_info ("%s: %s, version " DRIVER_VERSION "\n",
2140			shortname, driver_desc);
2141	return status;
2142}
2143module_init (init);
2144
2145static void __exit cleanup (void)
2146{
2147	pr_debug ("unregister %s\n", shortname);
2148	unregister_filesystem (&gadgetfs_type);
2149}
2150module_exit (cleanup);
2151