]> git.ipfire.org Git - thirdparty/linux.git/blame - drivers/usb/gadget/legacy/raw_gadget.c
projects / thirdparty / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'drm/tegra/for-5.7-fixes' of git://anongit.freedesktop.org/tegra/linux...
[thirdparty/linux.git] / drivers / usb / gadget / legacy / raw_gadget.c
CommitLineData
f2c2e717
AK		 1// SPDX-License-Identifier: GPL-2.0
2/*
3 * USB Raw Gadget driver.
4 * See Documentation/usb/raw-gadget.rst for more details.
5 *
6 * Andrey Konovalov <andreyknvl@gmail.com>
7 */
8
9#include <linux/compiler.h>
10#include <linux/debugfs.h>
11#include <linux/delay.h>
12#include <linux/kref.h>
13#include <linux/miscdevice.h>
14#include <linux/module.h>
15#include <linux/semaphore.h>
16#include <linux/sched.h>
17#include <linux/slab.h>
18#include <linux/uaccess.h>
19#include <linux/wait.h>
20
21#include <linux/usb.h>
22#include <linux/usb/ch9.h>
23#include <linux/usb/ch11.h>
24#include <linux/usb/gadget.h>
25
26#include <uapi/linux/usb/raw_gadget.h>
27
28#define DRIVER_DESC "USB Raw Gadget"
29#define DRIVER_NAME "raw-gadget"
30
31MODULE_DESCRIPTION(DRIVER_DESC);
32MODULE_AUTHOR("Andrey Konovalov");
33MODULE_LICENSE("GPL");
34
35/*----------------------------------------------------------------------*/
36
37#define RAW_EVENT_QUEUE_SIZE 16
38
39struct raw_event_queue {
40 /* See the comment in raw_event_queue_fetch() for locking details. */
41 spinlock_t lock;
42 struct semaphore sema;
43 struct usb_raw_event *events[RAW_EVENT_QUEUE_SIZE];
44 int size;
45};
46
47static void raw_event_queue_init(struct raw_event_queue *queue)
48{
49 spin_lock_init(&queue->lock);
50 sema_init(&queue->sema, 0);
51 queue->size = 0;
52}
53
54static int raw_event_queue_add(struct raw_event_queue *queue,
55 enum usb_raw_event_type type, size_t length, const void *data)
56{
57 unsigned long flags;
58 struct usb_raw_event *event;
59
60 spin_lock_irqsave(&queue->lock, flags);
61 if (WARN_ON(queue->size >= RAW_EVENT_QUEUE_SIZE)) {
62 spin_unlock_irqrestore(&queue->lock, flags);
63 return -ENOMEM;
64 }
65 event = kmalloc(sizeof(*event) + length, GFP_ATOMIC);
66 if (!event) {
67 spin_unlock_irqrestore(&queue->lock, flags);
68 return -ENOMEM;
69 }
70 event->type = type;
71 event->length = length;
72 if (event->length)
73 memcpy(&event->data[0], data, length);
74 queue->events[queue->size] = event;
75 queue->size++;
76 up(&queue->sema);
77 spin_unlock_irqrestore(&queue->lock, flags);
78 return 0;
79}
80
81static struct usb_raw_event *raw_event_queue_fetch(
82 struct raw_event_queue *queue)
83{
fdd10499 84 int ret;
f2c2e717
AK		 85 unsigned long flags;
86 struct usb_raw_event *event;
87
88 /*
89 * This function can be called concurrently. We first check that
90 * there's at least one event queued by decrementing the semaphore,
91 * and then take the lock to protect queue struct fields.
92 */
fdd10499
AK		 93 ret = down_interruptible(&queue->sema);
94 if (ret)
95 return ERR_PTR(ret);
f2c2e717 96 spin_lock_irqsave(&queue->lock, flags);
fdd10499
AK		 97 /*
98 * queue->size must have the same value as queue->sema counter (before
99 * the down_interruptible() call above), so this check is a fail-safe.
100 */
101 if (WARN_ON(!queue->size)) {
102 spin_unlock_irqrestore(&queue->lock, flags);
103 return ERR_PTR(-ENODEV);
104 }
f2c2e717
AK		 105 event = queue->events[0];
106 queue->size--;
107 memmove(&queue->events[0], &queue->events[1],
108 queue->size * sizeof(queue->events[0]));
109 spin_unlock_irqrestore(&queue->lock, flags);
110 return event;
111}
112
113static void raw_event_queue_destroy(struct raw_event_queue *queue)
114{
115 int i;
116
117 for (i = 0; i < queue->size; i++)
118 kfree(queue->events[i]);
119 queue->size = 0;
120}
121
122/*----------------------------------------------------------------------*/
123
124struct raw_dev;
125
126#define USB_RAW_MAX_ENDPOINTS 32
127
128enum ep_state {
129 STATE_EP_DISABLED,
130 STATE_EP_ENABLED,
131};
132
133struct raw_ep {
134 struct raw_dev *dev;
135 enum ep_state state;
136 struct usb_ep *ep;
137 struct usb_request *req;
138 bool urb_queued;
139 bool disabling;
140 ssize_t status;
141};
142
143enum dev_state {
144 STATE_DEV_INVALID = 0,
145 STATE_DEV_OPENED,
146 STATE_DEV_INITIALIZED,
147 STATE_DEV_RUNNING,
148 STATE_DEV_CLOSED,
149 STATE_DEV_FAILED
150};
151
152struct raw_dev {
153 struct kref count;
154 spinlock_t lock;
155
156 const char *udc_name;
157 struct usb_gadget_driver driver;
158
159 /* Reference to misc device: */
160 struct device *dev;
161
162 /* Protected by lock: */
163 enum dev_state state;
164 bool gadget_registered;
165 struct usb_gadget *gadget;
166 struct usb_request *req;
167 bool ep0_in_pending;
168 bool ep0_out_pending;
169 bool ep0_urb_queued;
170 ssize_t ep0_status;
171 struct raw_ep eps[USB_RAW_MAX_ENDPOINTS];
172
173 struct completion ep0_done;
174 struct raw_event_queue queue;
175};
176
177static struct raw_dev *dev_new(void)
178{
179 struct raw_dev *dev;
180
181 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
182 if (!dev)
183 return NULL;
184 /* Matches kref_put() in raw_release(). */
185 kref_init(&dev->count);
186 spin_lock_init(&dev->lock);
187 init_completion(&dev->ep0_done);
188 raw_event_queue_init(&dev->queue);
189 return dev;
190}
191
192static void dev_free(struct kref *kref)
193{
194 struct raw_dev *dev = container_of(kref, struct raw_dev, count);
195 int i;
196
197 kfree(dev->udc_name);
198 kfree(dev->driver.udc_name);
199 if (dev->req) {
200 if (dev->ep0_urb_queued)
201 usb_ep_dequeue(dev->gadget->ep0, dev->req);
202 usb_ep_free_request(dev->gadget->ep0, dev->req);
203 }
204 raw_event_queue_destroy(&dev->queue);
205 for (i = 0; i < USB_RAW_MAX_ENDPOINTS; i++) {
206 if (dev->eps[i].state != STATE_EP_ENABLED)
207 continue;
208 usb_ep_disable(dev->eps[i].ep);
209 usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req);
210 kfree(dev->eps[i].ep->desc);
211 dev->eps[i].state = STATE_EP_DISABLED;
212 }
213 kfree(dev);
214}
215
216/*----------------------------------------------------------------------*/
217
218static int raw_queue_event(struct raw_dev *dev,
219 enum usb_raw_event_type type, size_t length, const void *data)
220{
221 int ret = 0;
222 unsigned long flags;
223
224 ret = raw_event_queue_add(&dev->queue, type, length, data);
225 if (ret < 0) {
226 spin_lock_irqsave(&dev->lock, flags);
227 dev->state = STATE_DEV_FAILED;
228 spin_unlock_irqrestore(&dev->lock, flags);
229 }
230 return ret;
231}
232
233static void gadget_ep0_complete(struct usb_ep *ep, struct usb_request *req)
234{
235 struct raw_dev *dev = req->context;
236 unsigned long flags;
237
238 spin_lock_irqsave(&dev->lock, flags);
239 if (req->status)
240 dev->ep0_status = req->status;
241 else
242 dev->ep0_status = req->actual;
243 if (dev->ep0_in_pending)
244 dev->ep0_in_pending = false;
245 else
246 dev->ep0_out_pending = false;
247 spin_unlock_irqrestore(&dev->lock, flags);
248
249 complete(&dev->ep0_done);
250}
251
252static int gadget_bind(struct usb_gadget *gadget,
253 struct usb_gadget_driver *driver)
254{
255 int ret = 0;
256 struct raw_dev *dev = container_of(driver, struct raw_dev, driver);
257 struct usb_request *req;
258 unsigned long flags;
259
260 if (strcmp(gadget->name, dev->udc_name) != 0)
261 return -ENODEV;
262
263 set_gadget_data(gadget, dev);
264 req = usb_ep_alloc_request(gadget->ep0, GFP_KERNEL);
265 if (!req) {
266 dev_err(&gadget->dev, "usb_ep_alloc_request failed\n");
267 set_gadget_data(gadget, NULL);
268 return -ENOMEM;
269 }
270
271 spin_lock_irqsave(&dev->lock, flags);
272 dev->req = req;
273 dev->req->context = dev;
274 dev->req->complete = gadget_ep0_complete;
275 dev->gadget = gadget;
276 spin_unlock_irqrestore(&dev->lock, flags);
277
278 /* Matches kref_put() in gadget_unbind(). */
279 kref_get(&dev->count);
280
281 ret = raw_queue_event(dev, USB_RAW_EVENT_CONNECT, 0, NULL);
282 if (ret < 0)
283 dev_err(&gadget->dev, "failed to queue event\n");
284
285 return ret;
286}
287
288static void gadget_unbind(struct usb_gadget *gadget)
289{
290 struct raw_dev *dev = get_gadget_data(gadget);
291
292 set_gadget_data(gadget, NULL);
293 /* Matches kref_get() in gadget_bind(). */
294 kref_put(&dev->count, dev_free);
295}
296
297static int gadget_setup(struct usb_gadget *gadget,
298 const struct usb_ctrlrequest *ctrl)
299{
300 int ret = 0;
301 struct raw_dev *dev = get_gadget_data(gadget);
302 unsigned long flags;
303
304 spin_lock_irqsave(&dev->lock, flags);
305 if (dev->state != STATE_DEV_RUNNING) {
306 dev_err(&gadget->dev, "ignoring, device is not running\n");
307 ret = -ENODEV;
308 goto out_unlock;
309 }
310 if (dev->ep0_in_pending || dev->ep0_out_pending) {
311 dev_dbg(&gadget->dev, "stalling, request already pending\n");
312 ret = -EBUSY;
313 goto out_unlock;
314 }
315 if ((ctrl->bRequestType & USB_DIR_IN) && ctrl->wLength)
316 dev->ep0_in_pending = true;
317 else
318 dev->ep0_out_pending = true;
319 spin_unlock_irqrestore(&dev->lock, flags);
320
321 ret = raw_queue_event(dev, USB_RAW_EVENT_CONTROL, sizeof(*ctrl), ctrl);
322 if (ret < 0)
323 dev_err(&gadget->dev, "failed to queue event\n");
324 goto out;
325
326out_unlock:
327 spin_unlock_irqrestore(&dev->lock, flags);
328out:
329 return ret;
330}
331
332/* These are currently unused but present in case UDC driver requires them. */
333static void gadget_disconnect(struct usb_gadget *gadget) { }
334static void gadget_suspend(struct usb_gadget *gadget) { }
335static void gadget_resume(struct usb_gadget *gadget) { }
336static void gadget_reset(struct usb_gadget *gadget) { }
337
338/*----------------------------------------------------------------------*/
339
340static struct miscdevice raw_misc_device;
341
342static int raw_open(struct inode *inode, struct file *fd)
343{
344 struct raw_dev *dev;
345
346 /* Nonblocking I/O is not supported yet. */
347 if (fd->f_flags & O_NONBLOCK)
348 return -EINVAL;
349
350 dev = dev_new();
351 if (!dev)
352 return -ENOMEM;
353 fd->private_data = dev;
354 dev->state = STATE_DEV_OPENED;
355 dev->dev = raw_misc_device.this_device;
356 return 0;
357}
358
359static int raw_release(struct inode *inode, struct file *fd)
360{
361 int ret = 0;
362 struct raw_dev *dev = fd->private_data;
363 unsigned long flags;
364 bool unregister = false;
365
366 spin_lock_irqsave(&dev->lock, flags);
367 dev->state = STATE_DEV_CLOSED;
368 if (!dev->gadget) {
369 spin_unlock_irqrestore(&dev->lock, flags);
370 goto out_put;
371 }
372 if (dev->gadget_registered)
373 unregister = true;
374 dev->gadget_registered = false;
375 spin_unlock_irqrestore(&dev->lock, flags);
376
377 if (unregister) {
378 ret = usb_gadget_unregister_driver(&dev->driver);
379 if (ret != 0)
380 dev_err(dev->dev,
381 "usb_gadget_unregister_driver() failed with %d\n",
382 ret);
383 /* Matches kref_get() in raw_ioctl_run(). */
384 kref_put(&dev->count, dev_free);
385 }
386
387out_put:
388 /* Matches dev_new() in raw_open(). */
389 kref_put(&dev->count, dev_free);
390 return ret;
391}
392
393/*----------------------------------------------------------------------*/
394
395static int raw_ioctl_init(struct raw_dev *dev, unsigned long value)
396{
397 int ret = 0;
398 struct usb_raw_init arg;
399 char *udc_driver_name;
400 char *udc_device_name;
401 unsigned long flags;
402
068fbff4
DC		 403 if (copy_from_user(&arg, (void __user *)value, sizeof(arg)))
404 return -EFAULT;
f2c2e717
AK		 405
406 switch (arg.speed) {
407 case USB_SPEED_UNKNOWN:
408 arg.speed = USB_SPEED_HIGH;
409 break;
410 case USB_SPEED_LOW:
411 case USB_SPEED_FULL:
412 case USB_SPEED_HIGH:
413 case USB_SPEED_SUPER:
414 break;
415 default:
416 return -EINVAL;
417 }
418
419 udc_driver_name = kmalloc(UDC_NAME_LENGTH_MAX, GFP_KERNEL);
420 if (!udc_driver_name)
421 return -ENOMEM;
422 ret = strscpy(udc_driver_name, &arg.driver_name[0],
423 UDC_NAME_LENGTH_MAX);
424 if (ret < 0) {
425 kfree(udc_driver_name);
426 return ret;
427 }
428 ret = 0;
429
430 udc_device_name = kmalloc(UDC_NAME_LENGTH_MAX, GFP_KERNEL);
431 if (!udc_device_name) {
432 kfree(udc_driver_name);
433 return -ENOMEM;
434 }
435 ret = strscpy(udc_device_name, &arg.device_name[0],
436 UDC_NAME_LENGTH_MAX);
437 if (ret < 0) {
438 kfree(udc_driver_name);
439 kfree(udc_device_name);
440 return ret;
441 }
442 ret = 0;
443
444 spin_lock_irqsave(&dev->lock, flags);
445 if (dev->state != STATE_DEV_OPENED) {
446 dev_dbg(dev->dev, "fail, device is not opened\n");
447 kfree(udc_driver_name);
448 kfree(udc_device_name);
449 ret = -EINVAL;
450 goto out_unlock;
451 }
452 dev->udc_name = udc_driver_name;
453
454 dev->driver.function = DRIVER_DESC;
455 dev->driver.max_speed = arg.speed;
456 dev->driver.setup = gadget_setup;
457 dev->driver.disconnect = gadget_disconnect;
458 dev->driver.bind = gadget_bind;
459 dev->driver.unbind = gadget_unbind;
460 dev->driver.suspend = gadget_suspend;
461 dev->driver.resume = gadget_resume;
462 dev->driver.reset = gadget_reset;
463 dev->driver.driver.name = DRIVER_NAME;
464 dev->driver.udc_name = udc_device_name;
465 dev->driver.match_existing_only = 1;
466
467 dev->state = STATE_DEV_INITIALIZED;
468
469out_unlock:
470 spin_unlock_irqrestore(&dev->lock, flags);
471 return ret;
472}
473
474static int raw_ioctl_run(struct raw_dev *dev, unsigned long value)
475{
476 int ret = 0;
477 unsigned long flags;
478
479 if (value)
480 return -EINVAL;
481
482 spin_lock_irqsave(&dev->lock, flags);
483 if (dev->state != STATE_DEV_INITIALIZED) {
484 dev_dbg(dev->dev, "fail, device is not initialized\n");
485 ret = -EINVAL;
486 goto out_unlock;
487 }
488 spin_unlock_irqrestore(&dev->lock, flags);
489
490 ret = usb_gadget_probe_driver(&dev->driver);
491
492 spin_lock_irqsave(&dev->lock, flags);
493 if (ret) {
494 dev_err(dev->dev,
495 "fail, usb_gadget_probe_driver returned %d\n", ret);
496 dev->state = STATE_DEV_FAILED;
497 goto out_unlock;
498 }
499 dev->gadget_registered = true;
500 dev->state = STATE_DEV_RUNNING;
501 /* Matches kref_put() in raw_release(). */
502 kref_get(&dev->count);
503
504out_unlock:
505 spin_unlock_irqrestore(&dev->lock, flags);
506 return ret;
507}
508
509static int raw_ioctl_event_fetch(struct raw_dev *dev, unsigned long value)
510{
f2c2e717
AK		 511 struct usb_raw_event arg;
512 unsigned long flags;
513 struct usb_raw_event *event;
514 uint32_t length;
515
068fbff4
DC		 516 if (copy_from_user(&arg, (void __user *)value, sizeof(arg)))
517 return -EFAULT;
f2c2e717
AK		 518
519 spin_lock_irqsave(&dev->lock, flags);
520 if (dev->state != STATE_DEV_RUNNING) {
521 dev_dbg(dev->dev, "fail, device is not running\n");
522 spin_unlock_irqrestore(&dev->lock, flags);
523 return -EINVAL;
524 }
525 if (!dev->gadget) {
526 dev_dbg(dev->dev, "fail, gadget is not bound\n");
527 spin_unlock_irqrestore(&dev->lock, flags);
528 return -EBUSY;
529 }
530 spin_unlock_irqrestore(&dev->lock, flags);
531
532 event = raw_event_queue_fetch(&dev->queue);
fdd10499 533 if (PTR_ERR(event) == -EINTR) {
f2c2e717
AK		 534 dev_dbg(&dev->gadget->dev, "event fetching interrupted\n");
535 return -EINTR;
536 }
fdd10499
AK		 537 if (IS_ERR(event)) {
538 dev_err(&dev->gadget->dev, "failed to fetch event\n");
539 spin_lock_irqsave(&dev->lock, flags);
540 dev->state = STATE_DEV_FAILED;
541 spin_unlock_irqrestore(&dev->lock, flags);
542 return -ENODEV;
543 }
f2c2e717 544 length = min(arg.length, event->length);
068fbff4
DC		 545 if (copy_to_user((void __user *)value, event, sizeof(*event) + length))
546 return -EFAULT;
547
548 return 0;
f2c2e717
AK		 549}
550
551static void *raw_alloc_io_data(struct usb_raw_ep_io *io, void __user *ptr,
552 bool get_from_user)
553{
f2c2e717
AK		 554 void *data;
555
068fbff4
DC		 556 if (copy_from_user(io, ptr, sizeof(*io)))
557 return ERR_PTR(-EFAULT);
f2c2e717
AK		 558 if (io->ep >= USB_RAW_MAX_ENDPOINTS)
559 return ERR_PTR(-EINVAL);
560 if (!usb_raw_io_flags_valid(io->flags))
561 return ERR_PTR(-EINVAL);
562 if (io->length > PAGE_SIZE)
563 return ERR_PTR(-EINVAL);
564 if (get_from_user)
565 data = memdup_user(ptr + sizeof(*io), io->length);
566 else {
567 data = kmalloc(io->length, GFP_KERNEL);
568 if (!data)
569 data = ERR_PTR(-ENOMEM);
570 }
571 return data;
572}
573
574static int raw_process_ep0_io(struct raw_dev *dev, struct usb_raw_ep_io *io,
575 void *data, bool in)
576{
577 int ret = 0;
578 unsigned long flags;
579
580 spin_lock_irqsave(&dev->lock, flags);
581 if (dev->state != STATE_DEV_RUNNING) {
582 dev_dbg(dev->dev, "fail, device is not running\n");
583 ret = -EINVAL;
584 goto out_unlock;
585 }
586 if (!dev->gadget) {
587 dev_dbg(dev->dev, "fail, gadget is not bound\n");
588 ret = -EBUSY;
589 goto out_unlock;
590 }
591 if (dev->ep0_urb_queued) {
592 dev_dbg(&dev->gadget->dev, "fail, urb already queued\n");
593 ret = -EBUSY;
594 goto out_unlock;
595 }
596 if ((in && !dev->ep0_in_pending) ||
597 (!in && !dev->ep0_out_pending)) {
598 dev_dbg(&dev->gadget->dev, "fail, wrong direction\n");
599 ret = -EBUSY;
600 goto out_unlock;
601 }
602 if (WARN_ON(in && dev->ep0_out_pending)) {
603 ret = -ENODEV;
604 dev->state = STATE_DEV_FAILED;
605 goto out_done;
606 }
607 if (WARN_ON(!in && dev->ep0_in_pending)) {
608 ret = -ENODEV;
609 dev->state = STATE_DEV_FAILED;
610 goto out_done;
611 }
612
613 dev->req->buf = data;
614 dev->req->length = io->length;
615 dev->req->zero = usb_raw_io_flags_zero(io->flags);
616 dev->ep0_urb_queued = true;
617 spin_unlock_irqrestore(&dev->lock, flags);
618
619 ret = usb_ep_queue(dev->gadget->ep0, dev->req, GFP_KERNEL);
620 if (ret) {
621 dev_err(&dev->gadget->dev,
622 "fail, usb_ep_queue returned %d\n", ret);
623 spin_lock_irqsave(&dev->lock, flags);
624 dev->state = STATE_DEV_FAILED;
625 goto out_done;
626 }
627
628 ret = wait_for_completion_interruptible(&dev->ep0_done);
629 if (ret) {
630 dev_dbg(&dev->gadget->dev, "wait interrupted\n");
631 usb_ep_dequeue(dev->gadget->ep0, dev->req);
632 wait_for_completion(&dev->ep0_done);
633 spin_lock_irqsave(&dev->lock, flags);
634 goto out_done;
635 }
636
637 spin_lock_irqsave(&dev->lock, flags);
638 ret = dev->ep0_status;
639
640out_done:
641 dev->ep0_urb_queued = false;
642out_unlock:
643 spin_unlock_irqrestore(&dev->lock, flags);
644 return ret;
645}
646
647static int raw_ioctl_ep0_write(struct raw_dev *dev, unsigned long value)
648{
649 int ret = 0;
650 void *data;
651 struct usb_raw_ep_io io;
652
653 data = raw_alloc_io_data(&io, (void __user *)value, true);
654 if (IS_ERR(data))
655 return PTR_ERR(data);
656 ret = raw_process_ep0_io(dev, &io, data, true);
657 kfree(data);
658 return ret;
659}
660
661static int raw_ioctl_ep0_read(struct raw_dev *dev, unsigned long value)
662{
663 int ret = 0;
664 void *data;
665 struct usb_raw_ep_io io;
666 unsigned int length;
667
668 data = raw_alloc_io_data(&io, (void __user *)value, false);
669 if (IS_ERR(data))
670 return PTR_ERR(data);
671 ret = raw_process_ep0_io(dev, &io, data, false);
068fbff4
DC		 672 if (ret)
673 goto free;
674
f2c2e717 675 length = min(io.length, (unsigned int)ret);
068fbff4
DC		 676 if (copy_to_user((void __user *)(value + sizeof(io)), data, length))
677 ret = -EFAULT;
678free:
f2c2e717
AK		 679 kfree(data);
680 return ret;
681}
682
683static bool check_ep_caps(struct usb_ep *ep,
684 struct usb_endpoint_descriptor *desc)
685{
686 switch (usb_endpoint_type(desc)) {
687 case USB_ENDPOINT_XFER_ISOC:
688 if (!ep->caps.type_iso)
689 return false;
690 break;
691 case USB_ENDPOINT_XFER_BULK:
692 if (!ep->caps.type_bulk)
693 return false;
694 break;
695 case USB_ENDPOINT_XFER_INT:
696 if (!ep->caps.type_int)
697 return false;
698 break;
699 default:
700 return false;
701 }
702
703 if (usb_endpoint_dir_in(desc) && !ep->caps.dir_in)
704 return false;
705 if (usb_endpoint_dir_out(desc) && !ep->caps.dir_out)
706 return false;
707
708 return true;
709}
710
711static int raw_ioctl_ep_enable(struct raw_dev *dev, unsigned long value)
712{
713 int ret = 0, i;
714 unsigned long flags;
715 struct usb_endpoint_descriptor *desc;
716 struct usb_ep *ep = NULL;
717
718 desc = memdup_user((void __user *)value, sizeof(*desc));
719 if (IS_ERR(desc))
720 return PTR_ERR(desc);
721
722 /*
723 * Endpoints with a maxpacket length of 0 can cause crashes in UDC
724 * drivers.
725 */
726 if (usb_endpoint_maxp(desc) == 0) {
727 dev_dbg(dev->dev, "fail, bad endpoint maxpacket\n");
728 kfree(desc);
729 return -EINVAL;
730 }
731
732 spin_lock_irqsave(&dev->lock, flags);
733 if (dev->state != STATE_DEV_RUNNING) {
734 dev_dbg(dev->dev, "fail, device is not running\n");
735 ret = -EINVAL;
736 goto out_free;
737 }
738 if (!dev->gadget) {
739 dev_dbg(dev->dev, "fail, gadget is not bound\n");
740 ret = -EBUSY;
741 goto out_free;
742 }
743
744 for (i = 0; i < USB_RAW_MAX_ENDPOINTS; i++) {
745 if (dev->eps[i].state == STATE_EP_ENABLED)
746 continue;
747 break;
748 }
749 if (i == USB_RAW_MAX_ENDPOINTS) {
750 dev_dbg(&dev->gadget->dev,
751 "fail, no device endpoints available\n");
752 ret = -EBUSY;
753 goto out_free;
754 }
755
756 gadget_for_each_ep(ep, dev->gadget) {
757 if (ep->enabled)
758 continue;
759 if (!check_ep_caps(ep, desc))
760 continue;
761 ep->desc = desc;
762 ret = usb_ep_enable(ep);
763 if (ret < 0) {
764 dev_err(&dev->gadget->dev,
765 "fail, usb_ep_enable returned %d\n", ret);
766 goto out_free;
767 }
768 dev->eps[i].req = usb_ep_alloc_request(ep, GFP_ATOMIC);
769 if (!dev->eps[i].req) {
770 dev_err(&dev->gadget->dev,
771 "fail, usb_ep_alloc_request failed\n");
772 usb_ep_disable(ep);
773 ret = -ENOMEM;
774 goto out_free;
775 }
776 dev->eps[i].ep = ep;
777 dev->eps[i].state = STATE_EP_ENABLED;
778 ep->driver_data = &dev->eps[i];
779 ret = i;
780 goto out_unlock;
781 }
782
783 dev_dbg(&dev->gadget->dev, "fail, no gadget endpoints available\n");
784 ret = -EBUSY;
785
786out_free:
787 kfree(desc);
788out_unlock:
789 spin_unlock_irqrestore(&dev->lock, flags);
790 return ret;
791}
792
793static int raw_ioctl_ep_disable(struct raw_dev *dev, unsigned long value)
794{
795 int ret = 0, i = value;
796 unsigned long flags;
797 const void *desc;
798
799 if (i < 0 || i >= USB_RAW_MAX_ENDPOINTS)
800 return -EINVAL;
801
802 spin_lock_irqsave(&dev->lock, flags);
803 if (dev->state != STATE_DEV_RUNNING) {
804 dev_dbg(dev->dev, "fail, device is not running\n");
805 ret = -EINVAL;
806 goto out_unlock;
807 }
808 if (!dev->gadget) {
809 dev_dbg(dev->dev, "fail, gadget is not bound\n");
810 ret = -EBUSY;
811 goto out_unlock;
812 }
813 if (dev->eps[i].state != STATE_EP_ENABLED) {
814 dev_dbg(&dev->gadget->dev, "fail, endpoint is not enabled\n");
815 ret = -EINVAL;
816 goto out_unlock;
817 }
818 if (dev->eps[i].disabling) {
819 dev_dbg(&dev->gadget->dev,
820 "fail, disable already in progress\n");
821 ret = -EINVAL;
822 goto out_unlock;
823 }
824 if (dev->eps[i].urb_queued) {
825 dev_dbg(&dev->gadget->dev,
826 "fail, waiting for urb completion\n");
827 ret = -EINVAL;
828 goto out_unlock;
829 }
830 dev->eps[i].disabling = true;
831 spin_unlock_irqrestore(&dev->lock, flags);
832
833 usb_ep_disable(dev->eps[i].ep);
834
835 spin_lock_irqsave(&dev->lock, flags);
836 usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req);
837 desc = dev->eps[i].ep->desc;
838 dev->eps[i].ep = NULL;
839 dev->eps[i].state = STATE_EP_DISABLED;
840 kfree(desc);
841 dev->eps[i].disabling = false;
842
843out_unlock:
844 spin_unlock_irqrestore(&dev->lock, flags);
845 return ret;
846}
847
848static void gadget_ep_complete(struct usb_ep *ep, struct usb_request *req)
849{
850 struct raw_ep *r_ep = (struct raw_ep *)ep->driver_data;
851 struct raw_dev *dev = r_ep->dev;
852 unsigned long flags;
853
854 spin_lock_irqsave(&dev->lock, flags);
855 if (req->status)
856 r_ep->status = req->status;
857 else
858 r_ep->status = req->actual;
859 spin_unlock_irqrestore(&dev->lock, flags);
860
861 complete((struct completion *)req->context);
862}
863
864static int raw_process_ep_io(struct raw_dev *dev, struct usb_raw_ep_io *io,
865 void *data, bool in)
866{
867 int ret = 0;
868 unsigned long flags;
869 struct raw_ep *ep = &dev->eps[io->ep];
870 DECLARE_COMPLETION_ONSTACK(done);
871
872 spin_lock_irqsave(&dev->lock, flags);
873 if (dev->state != STATE_DEV_RUNNING) {
874 dev_dbg(dev->dev, "fail, device is not running\n");
875 ret = -EINVAL;
876 goto out_unlock;
877 }
878 if (!dev->gadget) {
879 dev_dbg(dev->dev, "fail, gadget is not bound\n");
880 ret = -EBUSY;
881 goto out_unlock;
882 }
883 if (ep->state != STATE_EP_ENABLED) {
884 dev_dbg(&dev->gadget->dev, "fail, endpoint is not enabled\n");
885 ret = -EBUSY;
886 goto out_unlock;
887 }
888 if (ep->disabling) {
889 dev_dbg(&dev->gadget->dev,
890 "fail, endpoint is already being disabled\n");
891 ret = -EBUSY;
892 goto out_unlock;
893 }
894 if (ep->urb_queued) {
895 dev_dbg(&dev->gadget->dev, "fail, urb already queued\n");
896 ret = -EBUSY;
897 goto out_unlock;
898 }
899 if ((in && !ep->ep->caps.dir_in) || (!in && ep->ep->caps.dir_in)) {
900 dev_dbg(&dev->gadget->dev, "fail, wrong direction\n");
901 ret = -EINVAL;
902 goto out_unlock;
903 }
904
905 ep->dev = dev;
906 ep->req->context = &done;
907 ep->req->complete = gadget_ep_complete;
908 ep->req->buf = data;
909 ep->req->length = io->length;
910 ep->req->zero = usb_raw_io_flags_zero(io->flags);
911 ep->urb_queued = true;
912 spin_unlock_irqrestore(&dev->lock, flags);
913
914 ret = usb_ep_queue(ep->ep, ep->req, GFP_KERNEL);
915 if (ret) {
916 dev_err(&dev->gadget->dev,
917 "fail, usb_ep_queue returned %d\n", ret);
918 spin_lock_irqsave(&dev->lock, flags);
919 dev->state = STATE_DEV_FAILED;
920 goto out_done;
921 }
922
923 ret = wait_for_completion_interruptible(&done);
924 if (ret) {
925 dev_dbg(&dev->gadget->dev, "wait interrupted\n");
926 usb_ep_dequeue(ep->ep, ep->req);
927 wait_for_completion(&done);
928 spin_lock_irqsave(&dev->lock, flags);
929 goto out_done;
930 }
931
932 spin_lock_irqsave(&dev->lock, flags);
933 ret = ep->status;
934
935out_done:
936 ep->urb_queued = false;
937out_unlock:
938 spin_unlock_irqrestore(&dev->lock, flags);
939 return ret;
940}
941
942static int raw_ioctl_ep_write(struct raw_dev *dev, unsigned long value)
943{
944 int ret = 0;
945 char *data;
946 struct usb_raw_ep_io io;
947
948 data = raw_alloc_io_data(&io, (void __user *)value, true);
949 if (IS_ERR(data))
950 return PTR_ERR(data);
951 ret = raw_process_ep_io(dev, &io, data, true);
952 kfree(data);
953 return ret;
954}
955
956static int raw_ioctl_ep_read(struct raw_dev *dev, unsigned long value)
957{
958 int ret = 0;
959 char *data;
960 struct usb_raw_ep_io io;
961 unsigned int length;
962
963 data = raw_alloc_io_data(&io, (void __user *)value, false);
964 if (IS_ERR(data))
965 return PTR_ERR(data);
966 ret = raw_process_ep_io(dev, &io, data, false);
068fbff4
DC		 967 if (ret)
968 goto free;
969
f2c2e717 970 length = min(io.length, (unsigned int)ret);
068fbff4
DC		 971 if (copy_to_user((void __user *)(value + sizeof(io)), data, length))
972 ret = -EFAULT;
973free:
f2c2e717
AK		 974 kfree(data);
975 return ret;
976}
977
978static int raw_ioctl_configure(struct raw_dev *dev, unsigned long value)
979{
980 int ret = 0;
981 unsigned long flags;
982
983 if (value)
984 return -EINVAL;
985 spin_lock_irqsave(&dev->lock, flags);
986 if (dev->state != STATE_DEV_RUNNING) {
987 dev_dbg(dev->dev, "fail, device is not running\n");
988 ret = -EINVAL;
989 goto out_unlock;
990 }
991 if (!dev->gadget) {
992 dev_dbg(dev->dev, "fail, gadget is not bound\n");
993 ret = -EBUSY;
994 goto out_unlock;
995 }
996 usb_gadget_set_state(dev->gadget, USB_STATE_CONFIGURED);
997
998out_unlock:
999 spin_unlock_irqrestore(&dev->lock, flags);
1000 return ret;
1001}
1002
1003static int raw_ioctl_vbus_draw(struct raw_dev *dev, unsigned long value)
1004{
1005 int ret = 0;
1006 unsigned long flags;
1007
1008 spin_lock_irqsave(&dev->lock, flags);
1009 if (dev->state != STATE_DEV_RUNNING) {
1010 dev_dbg(dev->dev, "fail, device is not running\n");
1011 ret = -EINVAL;
1012 goto out_unlock;
1013 }
1014 if (!dev->gadget) {
1015 dev_dbg(dev->dev, "fail, gadget is not bound\n");
1016 ret = -EBUSY;
1017 goto out_unlock;
1018 }
1019 usb_gadget_vbus_draw(dev->gadget, 2 * value);
1020
1021out_unlock:
1022 spin_unlock_irqrestore(&dev->lock, flags);
1023 return ret;
1024}
1025
1026static long raw_ioctl(struct file *fd, unsigned int cmd, unsigned long value)
1027{
1028 struct raw_dev *dev = fd->private_data;
1029 int ret = 0;
1030
1031 if (!dev)
1032 return -EBUSY;
1033
1034 switch (cmd) {
1035 case USB_RAW_IOCTL_INIT:
1036 ret = raw_ioctl_init(dev, value);
1037 break;
1038 case USB_RAW_IOCTL_RUN:
1039 ret = raw_ioctl_run(dev, value);
1040 break;
1041 case USB_RAW_IOCTL_EVENT_FETCH:
1042 ret = raw_ioctl_event_fetch(dev, value);
1043 break;
1044 case USB_RAW_IOCTL_EP0_WRITE:
1045 ret = raw_ioctl_ep0_write(dev, value);
1046 break;
1047 case USB_RAW_IOCTL_EP0_READ:
1048 ret = raw_ioctl_ep0_read(dev, value);
1049 break;
1050 case USB_RAW_IOCTL_EP_ENABLE:
1051 ret = raw_ioctl_ep_enable(dev, value);
1052 break;
1053 case USB_RAW_IOCTL_EP_DISABLE:
1054 ret = raw_ioctl_ep_disable(dev, value);
1055 break;
1056 case USB_RAW_IOCTL_EP_WRITE:
1057 ret = raw_ioctl_ep_write(dev, value);
1058 break;
1059 case USB_RAW_IOCTL_EP_READ:
1060 ret = raw_ioctl_ep_read(dev, value);
1061 break;
1062 case USB_RAW_IOCTL_CONFIGURE:
1063 ret = raw_ioctl_configure(dev, value);
1064 break;
1065 case USB_RAW_IOCTL_VBUS_DRAW:
1066 ret = raw_ioctl_vbus_draw(dev, value);
1067 break;
1068 default:
1069 ret = -EINVAL;
1070 }
1071
1072 return ret;
1073}
1074
1075/*----------------------------------------------------------------------*/
1076
1077static const struct file_operations raw_fops = {
1078 .open = raw_open,
1079 .unlocked_ioctl = raw_ioctl,
1080 .compat_ioctl = raw_ioctl,
1081 .release = raw_release,
1082 .llseek = no_llseek,
1083};
1084
1085static struct miscdevice raw_misc_device = {
1086 .minor = MISC_DYNAMIC_MINOR,
1087 .name = DRIVER_NAME,
1088 .fops = &raw_fops,
1089};
1090
1091module_misc_device(raw_misc_device);
A mirror of Linus' kernel repository