aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/usb/gadget/legacy/inode.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/usb/gadget/legacy/inode.c')
-rw-r--r--drivers/usb/gadget/legacy/inode.c466
1 files changed, 193 insertions, 273 deletions
diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
index db49ec4c748e..200f9a584064 100644
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -74,6 +74,8 @@ MODULE_DESCRIPTION (DRIVER_DESC);
74MODULE_AUTHOR ("David Brownell"); 74MODULE_AUTHOR ("David Brownell");
75MODULE_LICENSE ("GPL"); 75MODULE_LICENSE ("GPL");
76 76
77static int ep_open(struct inode *, struct file *);
78
77 79
78/*----------------------------------------------------------------------*/ 80/*----------------------------------------------------------------------*/
79 81
@@ -283,14 +285,15 @@ static void epio_complete (struct usb_ep *ep, struct usb_request *req)
283 * still need dev->lock to use epdata->ep. 285 * still need dev->lock to use epdata->ep.
284 */ 286 */
285static int 287static int
286get_ready_ep (unsigned f_flags, struct ep_data *epdata) 288get_ready_ep (unsigned f_flags, struct ep_data *epdata, bool is_write)
287{ 289{
288 int val; 290 int val;
289 291
290 if (f_flags & O_NONBLOCK) { 292 if (f_flags & O_NONBLOCK) {
291 if (!mutex_trylock(&epdata->lock)) 293 if (!mutex_trylock(&epdata->lock))
292 goto nonblock; 294 goto nonblock;
293 if (epdata->state != STATE_EP_ENABLED) { 295 if (epdata->state != STATE_EP_ENABLED &&
296 (!is_write || epdata->state != STATE_EP_READY)) {
294 mutex_unlock(&epdata->lock); 297 mutex_unlock(&epdata->lock);
295nonblock: 298nonblock:
296 val = -EAGAIN; 299 val = -EAGAIN;
@@ -305,18 +308,20 @@ nonblock:
305 308
306 switch (epdata->state) { 309 switch (epdata->state) {
307 case STATE_EP_ENABLED: 310 case STATE_EP_ENABLED:
311 return 0;
312 case STATE_EP_READY: /* not configured yet */
313 if (is_write)
314 return 0;
315 // FALLTHRU
316 case STATE_EP_UNBOUND: /* clean disconnect */
308 break; 317 break;
309 // case STATE_EP_DISABLED: /* "can't happen" */ 318 // case STATE_EP_DISABLED: /* "can't happen" */
310 // case STATE_EP_READY: /* "can't happen" */
311 default: /* error! */ 319 default: /* error! */
312 pr_debug ("%s: ep %p not available, state %d\n", 320 pr_debug ("%s: ep %p not available, state %d\n",
313 shortname, epdata, epdata->state); 321 shortname, epdata, epdata->state);
314 // FALLTHROUGH
315 case STATE_EP_UNBOUND: /* clean disconnect */
316 val = -ENODEV;
317 mutex_unlock(&epdata->lock);
318 } 322 }
319 return val; 323 mutex_unlock(&epdata->lock);
324 return -ENODEV;
320} 325}
321 326
322static ssize_t 327static ssize_t
@@ -363,97 +368,6 @@ ep_io (struct ep_data *epdata, void *buf, unsigned len)
363 return value; 368 return value;
364} 369}
365 370
366
367/* handle a synchronous OUT bulk/intr/iso transfer */
368static ssize_t
369ep_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
370{
371 struct ep_data *data = fd->private_data;
372 void *kbuf;
373 ssize_t value;
374
375 if ((value = get_ready_ep (fd->f_flags, data)) < 0)
376 return value;
377
378 /* halt any endpoint by doing a "wrong direction" i/o call */
379 if (usb_endpoint_dir_in(&data->desc)) {
380 if (usb_endpoint_xfer_isoc(&data->desc)) {
381 mutex_unlock(&data->lock);
382 return -EINVAL;
383 }
384 DBG (data->dev, "%s halt\n", data->name);
385 spin_lock_irq (&data->dev->lock);
386 if (likely (data->ep != NULL))
387 usb_ep_set_halt (data->ep);
388 spin_unlock_irq (&data->dev->lock);
389 mutex_unlock(&data->lock);
390 return -EBADMSG;
391 }
392
393 /* FIXME readahead for O_NONBLOCK and poll(); careful with ZLPs */
394
395 value = -ENOMEM;
396 kbuf = kmalloc (len, GFP_KERNEL);
397 if (unlikely (!kbuf))
398 goto free1;
399
400 value = ep_io (data, kbuf, len);
401 VDEBUG (data->dev, "%s read %zu OUT, status %d\n",
402 data->name, len, (int) value);
403 if (value >= 0 && copy_to_user (buf, kbuf, value))
404 value = -EFAULT;
405
406free1:
407 mutex_unlock(&data->lock);
408 kfree (kbuf);
409 return value;
410}
411
412/* handle a synchronous IN bulk/intr/iso transfer */
413static ssize_t
414ep_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
415{
416 struct ep_data *data = fd->private_data;
417 void *kbuf;
418 ssize_t value;
419
420 if ((value = get_ready_ep (fd->f_flags, data)) < 0)
421 return value;
422
423 /* halt any endpoint by doing a "wrong direction" i/o call */
424 if (!usb_endpoint_dir_in(&data->desc)) {
425 if (usb_endpoint_xfer_isoc(&data->desc)) {
426 mutex_unlock(&data->lock);
427 return -EINVAL;
428 }
429 DBG (data->dev, "%s halt\n", data->name);
430 spin_lock_irq (&data->dev->lock);
431 if (likely (data->ep != NULL))
432 usb_ep_set_halt (data->ep);
433 spin_unlock_irq (&data->dev->lock);
434 mutex_unlock(&data->lock);
435 return -EBADMSG;
436 }
437
438 /* FIXME writebehind for O_NONBLOCK and poll(), qlen = 1 */
439
440 value = -ENOMEM;
441 kbuf = memdup_user(buf, len);
442 if (IS_ERR(kbuf)) {
443 value = PTR_ERR(kbuf);
444 kbuf = NULL;
445 goto free1;
446 }
447
448 value = ep_io (data, kbuf, len);
449 VDEBUG (data->dev, "%s write %zu IN, status %d\n",
450 data->name, len, (int) value);
451free1:
452 mutex_unlock(&data->lock);
453 kfree (kbuf);
454 return value;
455}
456
457static int 371static int
458ep_release (struct inode *inode, struct file *fd) 372ep_release (struct inode *inode, struct file *fd)
459{ 373{
@@ -481,7 +395,7 @@ static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
481 struct ep_data *data = fd->private_data; 395 struct ep_data *data = fd->private_data;
482 int status; 396 int status;
483 397
484 if ((status = get_ready_ep (fd->f_flags, data)) < 0) 398 if ((status = get_ready_ep (fd->f_flags, data, false)) < 0)
485 return status; 399 return status;
486 400
487 spin_lock_irq (&data->dev->lock); 401 spin_lock_irq (&data->dev->lock);
@@ -517,8 +431,8 @@ struct kiocb_priv {
517 struct mm_struct *mm; 431 struct mm_struct *mm;
518 struct work_struct work; 432 struct work_struct work;
519 void *buf; 433 void *buf;
520 const struct iovec *iv; 434 struct iov_iter to;
521 unsigned long nr_segs; 435 const void *to_free;
522 unsigned actual; 436 unsigned actual;
523}; 437};
524 438
@@ -541,35 +455,6 @@ static int ep_aio_cancel(struct kiocb *iocb)
541 return value; 455 return value;
542} 456}
543 457
544static ssize_t ep_copy_to_user(struct kiocb_priv *priv)
545{
546 ssize_t len, total;
547 void *to_copy;
548 int i;
549
550 /* copy stuff into user buffers */
551 total = priv->actual;
552 len = 0;
553 to_copy = priv->buf;
554 for (i=0; i < priv->nr_segs; i++) {
555 ssize_t this = min((ssize_t)(priv->iv[i].iov_len), total);
556
557 if (copy_to_user(priv->iv[i].iov_base, to_copy, this)) {
558 if (len == 0)
559 len = -EFAULT;
560 break;
561 }
562
563 total -= this;
564 len += this;
565 to_copy += this;
566 if (total == 0)
567 break;
568 }
569
570 return len;
571}
572
573static void ep_user_copy_worker(struct work_struct *work) 458static void ep_user_copy_worker(struct work_struct *work)
574{ 459{
575 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work); 460 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
@@ -578,13 +463,16 @@ static void ep_user_copy_worker(struct work_struct *work)
578 size_t ret; 463 size_t ret;
579 464
580 use_mm(mm); 465 use_mm(mm);
581 ret = ep_copy_to_user(priv); 466 ret = copy_to_iter(priv->buf, priv->actual, &priv->to);
582 unuse_mm(mm); 467 unuse_mm(mm);
468 if (!ret)
469 ret = -EFAULT;
583 470
584 /* completing the iocb can drop the ctx and mm, don't touch mm after */ 471 /* completing the iocb can drop the ctx and mm, don't touch mm after */
585 aio_complete(iocb, ret, ret); 472 aio_complete(iocb, ret, ret);
586 473
587 kfree(priv->buf); 474 kfree(priv->buf);
475 kfree(priv->to_free);
588 kfree(priv); 476 kfree(priv);
589} 477}
590 478
@@ -603,8 +491,9 @@ static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
603 * don't need to copy anything to userspace, so we can 491 * don't need to copy anything to userspace, so we can
604 * complete the aio request immediately. 492 * complete the aio request immediately.
605 */ 493 */
606 if (priv->iv == NULL || unlikely(req->actual == 0)) { 494 if (priv->to_free == NULL || unlikely(req->actual == 0)) {
607 kfree(req->buf); 495 kfree(req->buf);
496 kfree(priv->to_free);
608 kfree(priv); 497 kfree(priv);
609 iocb->private = NULL; 498 iocb->private = NULL;
610 /* aio_complete() reports bytes-transferred _and_ faults */ 499 /* aio_complete() reports bytes-transferred _and_ faults */
@@ -618,6 +507,7 @@ static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
618 507
619 priv->buf = req->buf; 508 priv->buf = req->buf;
620 priv->actual = req->actual; 509 priv->actual = req->actual;
510 INIT_WORK(&priv->work, ep_user_copy_worker);
621 schedule_work(&priv->work); 511 schedule_work(&priv->work);
622 } 512 }
623 spin_unlock(&epdata->dev->lock); 513 spin_unlock(&epdata->dev->lock);
@@ -626,38 +516,17 @@ static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
626 put_ep(epdata); 516 put_ep(epdata);
627} 517}
628 518
629static ssize_t 519static ssize_t ep_aio(struct kiocb *iocb,
630ep_aio_rwtail( 520 struct kiocb_priv *priv,
631 struct kiocb *iocb, 521 struct ep_data *epdata,
632 char *buf, 522 char *buf,
633 size_t len, 523 size_t len)
634 struct ep_data *epdata,
635 const struct iovec *iv,
636 unsigned long nr_segs
637)
638{ 524{
639 struct kiocb_priv *priv; 525 struct usb_request *req;
640 struct usb_request *req; 526 ssize_t value;
641 ssize_t value;
642 527
643 priv = kmalloc(sizeof *priv, GFP_KERNEL);
644 if (!priv) {
645 value = -ENOMEM;
646fail:
647 kfree(buf);
648 return value;
649 }
650 iocb->private = priv; 528 iocb->private = priv;
651 priv->iocb = iocb; 529 priv->iocb = iocb;
652 priv->iv = iv;
653 priv->nr_segs = nr_segs;
654 INIT_WORK(&priv->work, ep_user_copy_worker);
655
656 value = get_ready_ep(iocb->ki_filp->f_flags, epdata);
657 if (unlikely(value < 0)) {
658 kfree(priv);
659 goto fail;
660 }
661 530
662 kiocb_set_cancel_fn(iocb, ep_aio_cancel); 531 kiocb_set_cancel_fn(iocb, ep_aio_cancel);
663 get_ep(epdata); 532 get_ep(epdata);
@@ -669,75 +538,154 @@ fail:
669 * allocate or submit those if the host disconnected. 538 * allocate or submit those if the host disconnected.
670 */ 539 */
671 spin_lock_irq(&epdata->dev->lock); 540 spin_lock_irq(&epdata->dev->lock);
672 if (likely(epdata->ep)) { 541 value = -ENODEV;
673 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC); 542 if (unlikely(epdata->ep))
674 if (likely(req)) { 543 goto fail;
675 priv->req = req;
676 req->buf = buf;
677 req->length = len;
678 req->complete = ep_aio_complete;
679 req->context = iocb;
680 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
681 if (unlikely(0 != value))
682 usb_ep_free_request(epdata->ep, req);
683 } else
684 value = -EAGAIN;
685 } else
686 value = -ENODEV;
687 spin_unlock_irq(&epdata->dev->lock);
688 544
689 mutex_unlock(&epdata->lock); 545 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
546 value = -ENOMEM;
547 if (unlikely(!req))
548 goto fail;
690 549
691 if (unlikely(value)) { 550 priv->req = req;
692 kfree(priv); 551 req->buf = buf;
693 put_ep(epdata); 552 req->length = len;
694 } else 553 req->complete = ep_aio_complete;
695 value = -EIOCBQUEUED; 554 req->context = iocb;
555 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
556 if (unlikely(0 != value)) {
557 usb_ep_free_request(epdata->ep, req);
558 goto fail;
559 }
560 spin_unlock_irq(&epdata->dev->lock);
561 return -EIOCBQUEUED;
562
563fail:
564 spin_unlock_irq(&epdata->dev->lock);
565 kfree(priv->to_free);
566 kfree(priv);
567 put_ep(epdata);
696 return value; 568 return value;
697} 569}
698 570
699static ssize_t 571static ssize_t
700ep_aio_read(struct kiocb *iocb, const struct iovec *iov, 572ep_read_iter(struct kiocb *iocb, struct iov_iter *to)
701 unsigned long nr_segs, loff_t o)
702{ 573{
703 struct ep_data *epdata = iocb->ki_filp->private_data; 574 struct file *file = iocb->ki_filp;
704 char *buf; 575 struct ep_data *epdata = file->private_data;
576 size_t len = iov_iter_count(to);
577 ssize_t value;
578 char *buf;
705 579
706 if (unlikely(usb_endpoint_dir_in(&epdata->desc))) 580 if ((value = get_ready_ep(file->f_flags, epdata, false)) < 0)
707 return -EINVAL; 581 return value;
708 582
709 buf = kmalloc(iocb->ki_nbytes, GFP_KERNEL); 583 /* halt any endpoint by doing a "wrong direction" i/o call */
710 if (unlikely(!buf)) 584 if (usb_endpoint_dir_in(&epdata->desc)) {
711 return -ENOMEM; 585 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
586 !is_sync_kiocb(iocb)) {
587 mutex_unlock(&epdata->lock);
588 return -EINVAL;
589 }
590 DBG (epdata->dev, "%s halt\n", epdata->name);
591 spin_lock_irq(&epdata->dev->lock);
592 if (likely(epdata->ep != NULL))
593 usb_ep_set_halt(epdata->ep);
594 spin_unlock_irq(&epdata->dev->lock);
595 mutex_unlock(&epdata->lock);
596 return -EBADMSG;
597 }
712 598
713 return ep_aio_rwtail(iocb, buf, iocb->ki_nbytes, epdata, iov, nr_segs); 599 buf = kmalloc(len, GFP_KERNEL);
600 if (unlikely(!buf)) {
601 mutex_unlock(&epdata->lock);
602 return -ENOMEM;
603 }
604 if (is_sync_kiocb(iocb)) {
605 value = ep_io(epdata, buf, len);
606 if (value >= 0 && copy_to_iter(buf, value, to))
607 value = -EFAULT;
608 } else {
609 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
610 value = -ENOMEM;
611 if (!priv)
612 goto fail;
613 priv->to_free = dup_iter(&priv->to, to, GFP_KERNEL);
614 if (!priv->to_free) {
615 kfree(priv);
616 goto fail;
617 }
618 value = ep_aio(iocb, priv, epdata, buf, len);
619 if (value == -EIOCBQUEUED)
620 buf = NULL;
621 }
622fail:
623 kfree(buf);
624 mutex_unlock(&epdata->lock);
625 return value;
714} 626}
715 627
628static ssize_t ep_config(struct ep_data *, const char *, size_t);
629
716static ssize_t 630static ssize_t
717ep_aio_write(struct kiocb *iocb, const struct iovec *iov, 631ep_write_iter(struct kiocb *iocb, struct iov_iter *from)
718 unsigned long nr_segs, loff_t o)
719{ 632{
720 struct ep_data *epdata = iocb->ki_filp->private_data; 633 struct file *file = iocb->ki_filp;
721 char *buf; 634 struct ep_data *epdata = file->private_data;
722 size_t len = 0; 635 size_t len = iov_iter_count(from);
723 int i = 0; 636 bool configured;
637 ssize_t value;
638 char *buf;
639
640 if ((value = get_ready_ep(file->f_flags, epdata, true)) < 0)
641 return value;
724 642
725 if (unlikely(!usb_endpoint_dir_in(&epdata->desc))) 643 configured = epdata->state == STATE_EP_ENABLED;
726 return -EINVAL;
727 644
728 buf = kmalloc(iocb->ki_nbytes, GFP_KERNEL); 645 /* halt any endpoint by doing a "wrong direction" i/o call */
729 if (unlikely(!buf)) 646 if (configured && !usb_endpoint_dir_in(&epdata->desc)) {
647 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
648 !is_sync_kiocb(iocb)) {
649 mutex_unlock(&epdata->lock);
650 return -EINVAL;
651 }
652 DBG (epdata->dev, "%s halt\n", epdata->name);
653 spin_lock_irq(&epdata->dev->lock);
654 if (likely(epdata->ep != NULL))
655 usb_ep_set_halt(epdata->ep);
656 spin_unlock_irq(&epdata->dev->lock);
657 mutex_unlock(&epdata->lock);
658 return -EBADMSG;
659 }
660
661 buf = kmalloc(len, GFP_KERNEL);
662 if (unlikely(!buf)) {
663 mutex_unlock(&epdata->lock);
730 return -ENOMEM; 664 return -ENOMEM;
665 }
731 666
732 for (i=0; i < nr_segs; i++) { 667 if (unlikely(copy_from_iter(buf, len, from) != len)) {
733 if (unlikely(copy_from_user(&buf[len], iov[i].iov_base, 668 value = -EFAULT;
734 iov[i].iov_len) != 0)) { 669 goto out;
735 kfree(buf); 670 }
736 return -EFAULT; 671
672 if (unlikely(!configured)) {
673 value = ep_config(epdata, buf, len);
674 } else if (is_sync_kiocb(iocb)) {
675 value = ep_io(epdata, buf, len);
676 } else {
677 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
678 value = -ENOMEM;
679 if (priv) {
680 value = ep_aio(iocb, priv, epdata, buf, len);
681 if (value == -EIOCBQUEUED)
682 buf = NULL;
737 } 683 }
738 len += iov[i].iov_len;
739 } 684 }
740 return ep_aio_rwtail(iocb, buf, len, epdata, NULL, 0); 685out:
686 kfree(buf);
687 mutex_unlock(&epdata->lock);
688 return value;
741} 689}
742 690
743/*----------------------------------------------------------------------*/ 691/*----------------------------------------------------------------------*/
@@ -745,15 +693,15 @@ ep_aio_write(struct kiocb *iocb, const struct iovec *iov,
745/* used after endpoint configuration */ 693/* used after endpoint configuration */
746static const struct file_operations ep_io_operations = { 694static const struct file_operations ep_io_operations = {
747 .owner = THIS_MODULE, 695 .owner = THIS_MODULE,
748 .llseek = no_llseek,
749 696
750 .read = ep_read, 697 .open = ep_open,
751 .write = ep_write,
752 .unlocked_ioctl = ep_ioctl,
753 .release = ep_release, 698 .release = ep_release,
754 699 .llseek = no_llseek,
755 .aio_read = ep_aio_read, 700 .read = new_sync_read,
756 .aio_write = ep_aio_write, 701 .write = new_sync_write,
702 .unlocked_ioctl = ep_ioctl,
703 .read_iter = ep_read_iter,
704 .write_iter = ep_write_iter,
757}; 705};
758 706
759/* ENDPOINT INITIALIZATION 707/* ENDPOINT INITIALIZATION
@@ -770,17 +718,12 @@ static const struct file_operations ep_io_operations = {
770 * speed descriptor, then optional high speed descriptor. 718 * speed descriptor, then optional high speed descriptor.
771 */ 719 */
772static ssize_t 720static ssize_t
773ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 721ep_config (struct ep_data *data, const char *buf, size_t len)
774{ 722{
775 struct ep_data *data = fd->private_data;
776 struct usb_ep *ep; 723 struct usb_ep *ep;
777 u32 tag; 724 u32 tag;
778 int value, length = len; 725 int value, length = len;
779 726
780 value = mutex_lock_interruptible(&data->lock);
781 if (value < 0)
782 return value;
783
784 if (data->state != STATE_EP_READY) { 727 if (data->state != STATE_EP_READY) {
785 value = -EL2HLT; 728 value = -EL2HLT;
786 goto fail; 729 goto fail;
@@ -791,9 +734,7 @@ ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
791 goto fail0; 734 goto fail0;
792 735
793 /* we might need to change message format someday */ 736 /* we might need to change message format someday */
794 if (copy_from_user (&tag, buf, 4)) { 737 memcpy(&tag, buf, 4);
795 goto fail1;
796 }
797 if (tag != 1) { 738 if (tag != 1) {
798 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag); 739 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
799 goto fail0; 740 goto fail0;
@@ -806,19 +747,15 @@ ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
806 */ 747 */
807 748
808 /* full/low speed descriptor, then high speed */ 749 /* full/low speed descriptor, then high speed */
809 if (copy_from_user (&data->desc, buf, USB_DT_ENDPOINT_SIZE)) { 750 memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE);
810 goto fail1;
811 }
812 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE 751 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
813 || data->desc.bDescriptorType != USB_DT_ENDPOINT) 752 || data->desc.bDescriptorType != USB_DT_ENDPOINT)
814 goto fail0; 753 goto fail0;
815 if (len != USB_DT_ENDPOINT_SIZE) { 754 if (len != USB_DT_ENDPOINT_SIZE) {
816 if (len != 2 * USB_DT_ENDPOINT_SIZE) 755 if (len != 2 * USB_DT_ENDPOINT_SIZE)
817 goto fail0; 756 goto fail0;
818 if (copy_from_user (&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE, 757 memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
819 USB_DT_ENDPOINT_SIZE)) { 758 USB_DT_ENDPOINT_SIZE);
820 goto fail1;
821 }
822 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE 759 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
823 || data->hs_desc.bDescriptorType 760 || data->hs_desc.bDescriptorType
824 != USB_DT_ENDPOINT) { 761 != USB_DT_ENDPOINT) {
@@ -840,24 +777,20 @@ ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
840 case USB_SPEED_LOW: 777 case USB_SPEED_LOW:
841 case USB_SPEED_FULL: 778 case USB_SPEED_FULL:
842 ep->desc = &data->desc; 779 ep->desc = &data->desc;
843 value = usb_ep_enable(ep);
844 if (value == 0)
845 data->state = STATE_EP_ENABLED;
846 break; 780 break;
847 case USB_SPEED_HIGH: 781 case USB_SPEED_HIGH:
848 /* fails if caller didn't provide that descriptor... */ 782 /* fails if caller didn't provide that descriptor... */
849 ep->desc = &data->hs_desc; 783 ep->desc = &data->hs_desc;
850 value = usb_ep_enable(ep);
851 if (value == 0)
852 data->state = STATE_EP_ENABLED;
853 break; 784 break;
854 default: 785 default:
855 DBG(data->dev, "unconnected, %s init abandoned\n", 786 DBG(data->dev, "unconnected, %s init abandoned\n",
856 data->name); 787 data->name);
857 value = -EINVAL; 788 value = -EINVAL;
789 goto gone;
858 } 790 }
791 value = usb_ep_enable(ep);
859 if (value == 0) { 792 if (value == 0) {
860 fd->f_op = &ep_io_operations; 793 data->state = STATE_EP_ENABLED;
861 value = length; 794 value = length;
862 } 795 }
863gone: 796gone:
@@ -867,14 +800,10 @@ fail:
867 data->desc.bDescriptorType = 0; 800 data->desc.bDescriptorType = 0;
868 data->hs_desc.bDescriptorType = 0; 801 data->hs_desc.bDescriptorType = 0;
869 } 802 }
870 mutex_unlock(&data->lock);
871 return value; 803 return value;
872fail0: 804fail0:
873 value = -EINVAL; 805 value = -EINVAL;
874 goto fail; 806 goto fail;
875fail1:
876 value = -EFAULT;
877 goto fail;
878} 807}
879 808
880static int 809static int
@@ -902,15 +831,6 @@ ep_open (struct inode *inode, struct file *fd)
902 return value; 831 return value;
903} 832}
904 833
905/* used before endpoint configuration */
906static const struct file_operations ep_config_operations = {
907 .llseek = no_llseek,
908
909 .open = ep_open,
910 .write = ep_config,
911 .release = ep_release,
912};
913
914/*----------------------------------------------------------------------*/ 834/*----------------------------------------------------------------------*/
915 835
916/* EP0 IMPLEMENTATION can be partly in userspace. 836/* EP0 IMPLEMENTATION can be partly in userspace.
@@ -989,6 +909,10 @@ ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
989 enum ep0_state state; 909 enum ep0_state state;
990 910
991 spin_lock_irq (&dev->lock); 911 spin_lock_irq (&dev->lock);
912 if (dev->state <= STATE_DEV_OPENED) {
913 retval = -EINVAL;
914 goto done;
915 }
992 916
993 /* report fd mode change before acting on it */ 917 /* report fd mode change before acting on it */
994 if (dev->setup_abort) { 918 if (dev->setup_abort) {
@@ -1187,8 +1111,6 @@ ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1187 struct dev_data *dev = fd->private_data; 1111 struct dev_data *dev = fd->private_data;
1188 ssize_t retval = -ESRCH; 1112 ssize_t retval = -ESRCH;
1189 1113
1190 spin_lock_irq (&dev->lock);
1191
1192 /* report fd mode change before acting on it */ 1114 /* report fd mode change before acting on it */
1193 if (dev->setup_abort) { 1115 if (dev->setup_abort) {
1194 dev->setup_abort = 0; 1116 dev->setup_abort = 0;
@@ -1234,7 +1156,6 @@ ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1234 } else 1156 } else
1235 DBG (dev, "fail %s, state %d\n", __func__, dev->state); 1157 DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1236 1158
1237 spin_unlock_irq (&dev->lock);
1238 return retval; 1159 return retval;
1239} 1160}
1240 1161
@@ -1281,6 +1202,9 @@ ep0_poll (struct file *fd, poll_table *wait)
1281 struct dev_data *dev = fd->private_data; 1202 struct dev_data *dev = fd->private_data;
1282 int mask = 0; 1203 int mask = 0;
1283 1204
1205 if (dev->state <= STATE_DEV_OPENED)
1206 return DEFAULT_POLLMASK;
1207
1284 poll_wait(fd, &dev->wait, wait); 1208 poll_wait(fd, &dev->wait, wait);
1285 1209
1286 spin_lock_irq (&dev->lock); 1210 spin_lock_irq (&dev->lock);
@@ -1316,19 +1240,6 @@ static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1316 return ret; 1240 return ret;
1317} 1241}
1318 1242
1319/* used after device configuration */
1320static const struct file_operations ep0_io_operations = {
1321 .owner = THIS_MODULE,
1322 .llseek = no_llseek,
1323
1324 .read = ep0_read,
1325 .write = ep0_write,
1326 .fasync = ep0_fasync,
1327 .poll = ep0_poll,
1328 .unlocked_ioctl = dev_ioctl,
1329 .release = dev_release,
1330};
1331
1332/*----------------------------------------------------------------------*/ 1243/*----------------------------------------------------------------------*/
1333 1244
1334/* The in-kernel gadget driver handles most ep0 issues, in particular 1245/* The in-kernel gadget driver handles most ep0 issues, in particular
@@ -1650,7 +1561,7 @@ static int activate_ep_files (struct dev_data *dev)
1650 goto enomem1; 1561 goto enomem1;
1651 1562
1652 data->dentry = gadgetfs_create_file (dev->sb, data->name, 1563 data->dentry = gadgetfs_create_file (dev->sb, data->name,
1653 data, &ep_config_operations); 1564 data, &ep_io_operations);
1654 if (!data->dentry) 1565 if (!data->dentry)
1655 goto enomem2; 1566 goto enomem2;
1656 list_add_tail (&data->epfiles, &dev->epfiles); 1567 list_add_tail (&data->epfiles, &dev->epfiles);
@@ -1852,6 +1763,14 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1852 u32 tag; 1763 u32 tag;
1853 char *kbuf; 1764 char *kbuf;
1854 1765
1766 spin_lock_irq(&dev->lock);
1767 if (dev->state > STATE_DEV_OPENED) {
1768 value = ep0_write(fd, buf, len, ptr);
1769 spin_unlock_irq(&dev->lock);
1770 return value;
1771 }
1772 spin_unlock_irq(&dev->lock);
1773
1855 if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) 1774 if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4))
1856 return -EINVAL; 1775 return -EINVAL;
1857 1776
@@ -1925,7 +1844,6 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1925 * on, they can work ... except in cleanup paths that 1844 * on, they can work ... except in cleanup paths that
1926 * kick in after the ep0 descriptor is closed. 1845 * kick in after the ep0 descriptor is closed.
1927 */ 1846 */
1928 fd->f_op = &ep0_io_operations;
1929 value = len; 1847 value = len;
1930 } 1848 }
1931 return value; 1849 return value;
@@ -1956,12 +1874,14 @@ dev_open (struct inode *inode, struct file *fd)
1956 return value; 1874 return value;
1957} 1875}
1958 1876
1959static const struct file_operations dev_init_operations = { 1877static const struct file_operations ep0_operations = {
1960 .llseek = no_llseek, 1878 .llseek = no_llseek,
1961 1879
1962 .open = dev_open, 1880 .open = dev_open,
1881 .read = ep0_read,
1963 .write = dev_config, 1882 .write = dev_config,
1964 .fasync = ep0_fasync, 1883 .fasync = ep0_fasync,
1884 .poll = ep0_poll,
1965 .unlocked_ioctl = dev_ioctl, 1885 .unlocked_ioctl = dev_ioctl,
1966 .release = dev_release, 1886 .release = dev_release,
1967}; 1887};
@@ -2077,7 +1997,7 @@ gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
2077 goto Enomem; 1997 goto Enomem;
2078 1998
2079 dev->sb = sb; 1999 dev->sb = sb;
2080 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &dev_init_operations); 2000 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations);
2081 if (!dev->dentry) { 2001 if (!dev->dentry) {
2082 put_dev(dev); 2002 put_dev(dev);
2083 goto Enomem; 2003 goto Enomem;
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-20 07:32:07 -0400