From: Arve Hjønnevåg Date: Fri, 19 Apr 2013 01:58:11 +0000 (-0700) Subject: usb: gadget: FunctionFS and SuperSpeed updates X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=5b19615885821fb6673782652418c4e5196c8da2;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git usb: gadget: FunctionFS and SuperSpeed updates usb: gadget: f_fs: HACK: Round reads up to 512 bytes to work with dwc3 Signed-off-by: Arve Hjønnevåg USB: f_fs: Fix epfile crash during composition switch epfile's ep pointer may be NULL during adb transfer and composition switch happening in parallel. As part of composition switch, first it is set to NONE. Setting sys.usb.config to NONE stops adb and disables the composition. stop adb is not blocking call and adb still might be doing epfile read/write for some time when function unbind is ongoing making the data structures NULL. To fix this crash, call usb_ep_dequeue only if ep->ep is valid. Similarly in success case, return ep->status only if ep->ep is valid otherwise return -ENODEV. CRs-Fixed: 643663 Change-Id: Ic152fc1db31cad6f97b8d16d91350dad857a4bf9 Signed-off-by: Sujeet Kumar USB: gadget: f_fs: Release endpoint upon disable Endpoints are claimed using usb_ep_autoconfig function, It will choose an unclaimed usb_ep and prevent the endpoint from being returned by a later autoconfig calls. We can mark the driver_data pointer once ep_enable is done in bind. If we cannot mark to null upon function disable the corresponding endpoint is not allocated by a later autoconfig call. The current code does not make the ep->driver_data to null upon function disable. This is leading to unclaimed endpoints for later autoconfig calls. Claim the endpoints by assigning ep->driver_data to NULL. CRs-Fixed: 633673 Change-Id: I221b98ef36cc2a60d27507a2442061a30ed410f4 Signed-off-by: ChandanaKishori Chiluveru USB: gagget: f_fs: Return error if TX req is queued during device offline when USB cable is disconnected during TX data transfers, endpoints will be disabled during function disable. If userspace client tries to queue requests on disabled endpoints, driver will wait till endpoints are enabled and then queues previous session requests. This results in kernel driver and userspace driver out of sync and due to this, stall will be seen. Hence fix this issue by returning error value if client tries to queue requests on TX endpoint during device offline. CRs-Fixed: 633497 Change-Id: I3e43b8a704367aff7fe8dd88159315aef811c51c Signed-off-by: Vijayavardhan Vennapusa USB: f_fs: Fail stale read IOs after disconnect After a USB disconnect, endpoints for adb are disabled. After this no IO is allowed on the endpoints. Since, adbd is not aware of this disconnect, it may still perform read/writes IO. For adb writes, IOs are failed, but for adb reads kernel waits untill endpoints are enabled. When a USB disconnect and adb read still queued a buffer to kernel, ffs_epfile_io simply waits for endpoint to be enabled. A next connect happens and endpoints are enabled after set_alt, the adb read stale buffer from previous session continues and queues to endpoint. All this time, adb did not close the epfile because it did not get return status on the IOs which it queued. This is an issue, because a new session is not established and both userspace and kernel goes out of sync. To fix this issue, when endpoints are disbled set epfile error. This epfile error is only cleared in epfile open. This will ensure that after a USB disconnect and connect, new session is established. Also, return ENODEV if endpoints not enabled rather than EINTR as EINTR case, and simply retries the request. Incase usb_ep_queue failed, return -EIO inspite of depend on return status from usb_ep_queue. CRs-Fixed: 633497 Change-Id: I6e677e98ec28e5462b372ed290acdde251286f48 Signed-off-by: Sujeet Kumar USB: f_fs: Cutoff epfile IO before epfile could get freed epfile may get freed and accessing epfile's error flag to cut off IOs may lead to use after free. Move the epfile error flag setting above in the order so that it guaranteed to be valid. CRs-Fixed: 668046 Change-Id: I0017513393ddb4fd288cd4e1c2adf9d5ee3bc660 Signed-off-by: Sujeet Kumar USB: f_fs: Check error status before doing epfile I/O Set error status before disabling endpoint during function disable and also check error status before handling I/O. If error status is set, return error status to read/write calls made by userspace. Also set file's private data to NULL during epfile release. CRs-Fixed: 671880 Change-Id: I14b5ee541dfc18a7802ef4a8033878a7729d9adb Signed-off-by: Vijayavardhan Vennapusa USB: f_fs: Fix disconnect check during ongoing IO F_FS function driver allocated ffs_eps and updates ffs_ep->ep to corresponding usb_ep during func->bind and never clears it. On bind it also saves ffs_ep context in epfile->ep. During func->disable, it clears only ffs_ep context in epfile->ep and on func->unbind it frees ffs_eps memory. ffs_epfile_io routine currently relies on ffs_ep->ep (which is never cleared and ffs_ep could be freed on unbind) to detect any disconnect during active IO. This can result in various issues e.g. use after free use of ffs_ep if unbind finished before epfile_io could resume or "stop adbd" trying to dequeue a freed USB request when epfile_io could execute only after F_FS got disabled as 'if (ep->ep)' check would be TRUE. Fix this by checking stored ffs_ep context against latest epfile->ep to figure out if endpoint got disabled or changed before acquiring spin_lock. Change-Id: I6bdcdf0dff0813ed7b2af8c24f544a22796b0369 Signed-off-by: Manu Gautam USB: f_fs: Move ep completion out of stack Allocating completion on the stack may lead to invalid access when udc irq tries to complete the request but interrupted completion returns immediately. This happens because request is not held to be dequeued anymore making the completion invalid. Move the completions in ffs data like it is for ep0. CRs-Fixed: 653761 Change-Id: I15102538d1b5bee14dfa3c7b3fa1f8e3f767cf71 Signed-off-by: Sujeet Kumar usb: dwc3: gadget: Release gadget lock when handling suspend/resume gadget_driver suspend/resume operations might require some dwc3-gadget operations, such as enabling and disabling endpoints. If the lock is not released, this can cause a deadlock scenario. Change-Id: I1e12de65e40492b115ab35de78c2352730649db5 Signed-off-by: Bar Weiner usb: dwc3: gadget: Iterate only over valid endpoints Make dwc3_gadget_resize_tx_fifos() iterate only over IN endpoints that are actually present, based on the num_in_eps parameter. This terminates the loop so as to prevent dereferencing a potential NULL dwc->eps[i] where i >= (num_in_eps + num_out_eps). Change-Id: I07f711bfd380dce212e86b59cf417f84ca7eb006 Signed-off-by: Jack Pham usb: dwc3: gadget: Protect against ep disabling during completion In dwc3_cleanup_done_reqs(), a potential race condition could arise when dwc3_gadget_giveback() temporarily releases the main spinlock. If during this window the very endpoint being handled becomes disabled, it would lead to a NULL pointer dereference in the code that follows. Guard against this by making sure the endpoint is still enabled after returning from the giveback call. CRs-fixed: 628972 Change-Id: Ifdb823fff12747f699217d871a5959c85b5340f7 Signed-off-by: Jack Pham usb: dwc3: calculate the number of endpoints hwparams2 holds the number of endpoints which were selected during RTL generation, we can use that on our driver. Signed-off-by: Felipe Balbi usb: dwc3: gadget: use num_(in|out)_eps from HW params that way we will only tell gadget framework about the endpoints we actually have. Change-Id: Iabc6a5712b640a9f5b0310984650a4ac44e5f579 Signed-off-by: Felipe Balbi usb: gadget: always update HS/SS descriptors and create a copy of them HS and SS descriptors are staticaly created. They are updated during the bind process with the endpoint address, string id or interface numbers. After that, the descriptor chain is linked to struct usb_function which is used by composite in order to serve the GET_DESCRIPTOR requests, number of available configs and so on. There is no need to assign the HS descriptor only if the UDC supports HS speed because composite won't report those to the host if HS support has not been reached. The same reasoning is valid for SS. This patch makes sure each function updates HS/SS descriptors unconditionally and uses the newly introduced helper function to create a copy the descriptors for the speed which is supported by the UDC. While at that, also rename f->descriptors to f->fs_descriptors in order to make it more explicit what that means. Change-Id: Id670fcc25b0a1cb3020722cfc6eda2e1b08441f1 Cc: Laurent Pinchart Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Felipe Balbi USB: Add super speed descriptors for android functions Update android function drivers like diag, adb, modem, rmnet, mtp and accessory to operate in super speed. The burst capability is not enabled for now. Change-Id: Ie95cbfc9444c56c8268b70e2916713190699c71a Signed-off-by: Pavankumar Kondeti usb: gadget: Finish conversion to fs_descriptor change Change-Id: Iaf72d66bb5cd6b84f14c5aaeb01ffb286568c97b usb: gadget: f_fs: Add support for SuperSpeed Mode Allow userspace to pass SuperSpeed descriptors and handle them in the driver accordingly. This change doesn't modify existing desc_header and thereby keeps the ABI changes backward compatible i.e. existing userspace drivers compiled with old header (functionfs.h) would continue to work with the updated kernel. Change-Id: Ic27035fdef2a83828024348d75be1518e9f8c5c6 Signed-off-by: Manu Gautam USB: f_fs: Set ffs->func to NULL after disabling endpoint in set_alt() When adb root is performed, userspace will close and open ffs_epsfile. Closing this file will call ffs_functionfs_callback() which does call remove_config(). This will call ffs_function_eps_disable to disable endpoints and then calls ffs_func_unbind(). Unbind() will also call endpoint disable which might lead to disabling endpoint which is already disabled. Hence set ffs->func to NULL after disabling endpoints in set_alt(). CRs-Fixed: 557532 Change-Id: I3052bdee74a1793d4e003de4b991d353e5d699b0 Signed-off-by: Vijayavardhan Vennapusa usb: gadget: throttle IRQ rate for SuperSpeed There was a merge error from commit 6e0c86d12 "USB: gadget: u_ether: Fix data stall issue in RNDIS tethering mode" that resulted in the accidental removal of checking if the gadget is connected at SuperSpeed. Re-introduce this check so that IRQs on the downlink path are throttled, decreasing the load on the CPU. Change-Id: Ic2aa1d433e0fded95c6e825a760e89f726360522 Signed-off-by: Jack Pham USB: mbim: Add super speed descriptors for MBIM function This change adds super speed descriptors which is required to get MBIM function to work with SSUSB mode. The burst capability is not enabled for now. CRs-Fixed: 626744 Change-Id: I2a492182c94265ab58014cac470448f61782625c Signed-off-by: Mayank Rana usb: gadget: ECM: Add super speed descriptors for qc_ecm function This change adds super speed descriptors which is required to get ECM function to work with SSUSB mode. CRs-Fixed: 627063 Change-Id: I275a32f6cb957b59bfdf1c5b5377ba6e189efb6d Signed-off-by: Mayank Rana usb: gadget: Add file for USB HID function This file the same as f_hid.c. Change-Id: I951b3067f477c3cb502c8320693ab11df90150d2 Signed-off-by: muluhe Signed-off-by: Aravind Asam Signed-off-by: Ameya Thakur usb: gadget: Enable HID function for charging mode Provide HID function for only charging mode, in this mode device enumerated as one input device. Change-Id: I769adf76807b8a28adcc298de0536fa779176016 Signed-off-by: Mulu He usb: gadget: composite: Fix USB version number for L1 When usb version number is greater than 2.01 USB-CV expects to find a Super Speed USB Device Capability descriptor. When we want to enable BOS descriptor capabilities for a high-speed device the USB version number should be 2.01. CRs-Fixed: 521752 Change-Id: Ic75b5e570b3c2df8e67370389dfddc8de6fb72d4 Signed-off-by: Shimrit Malichi usb: gadget: Fix compilation of f_mbim driver after SS updates Change-Id: I72e7dfa5c8f3905bbe57e227ebb7e7035d8b671c --- diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 8f96e7d1d4da..1266e4fdbf6e 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -191,15 +191,12 @@ int dwc3_gadget_resize_tx_fifos(struct dwc3 *dwc) * improve this algorithm so that we better use the internal * FIFO space */ - for (num = 0; num < DWC3_ENDPOINTS_NUM; num++) { - struct dwc3_ep *dep = dwc->eps[num]; + for (num = 0; num < dwc->num_in_eps; num++) { + struct dwc3_ep *dep = dwc->eps[(num << 1) | 1]; int fifo_number = dep->number >> 1; int mult = 1; int tmp; - if (!(dep->number & 1)) - continue; - if (!(dep->flags & DWC3_EP_ENABLED)) continue; @@ -228,8 +225,7 @@ int dwc3_gadget_resize_tx_fifos(struct dwc3 *dwc) dev_vdbg(dwc->dev, "%s: Fifo Addr %04x Size %d\n", dep->name, last_fifo_depth, fifo_size & 0xffff); - dwc3_writel(dwc->regs, DWC3_GTXFIFOSIZ(fifo_number), - fifo_size); + dwc3_writel(dwc->regs, DWC3_GTXFIFOSIZ(num), fifo_size); last_fifo_depth += (fifo_size & 0xffff); } @@ -2385,7 +2381,14 @@ static void dwc3_gadget_wakeup_interrupt(struct dwc3 *dwc) * implemented. */ + /* + * gadget_driver resume function might require some dwc3-gadget + * operations, such as ep_enable. Hence, dwc->lock must be released. + */ + spin_unlock(&dwc->lock); dwc->gadget_driver->resume(&dwc->gadget); + spin_lock(&dwc->lock); + dwc->link_state = DWC3_LINK_STATE_U0; } static void dwc3_gadget_linksts_change_interrupt(struct dwc3 *dwc, diff --git a/drivers/usb/gadget/android.c b/drivers/usb/gadget/android.c index 95d460c39de2..25058e02bf70 100644 --- a/drivers/usb/gadget/android.c +++ b/drivers/usb/gadget/android.c @@ -51,6 +51,7 @@ #include "f_ecm.c" #include "f_eem.c" #include "u_ether.c" +#include "f_charger.c" #ifdef CONFIG_EVDO_DT_SUPPORT #include @@ -1010,6 +1011,18 @@ static struct android_usb_function serial_function = { .attributes = serial_function_attributes, }; +/* Charger */ +static int charger_function_bind_config(struct android_usb_function *f, + struct usb_configuration *c) +{ + return charger_bind_config(c); +} + +static struct android_usb_function charger_function = { + .name = "charging", + .bind_config = charger_function_bind_config, +}; + static int mtp_function_init(struct android_usb_function *f, struct usb_composite_dev *cdev) @@ -1859,6 +1872,7 @@ static struct android_usb_function *supported_functions[] = { #ifdef CONFIG_USB_F_LOOPBACK &loopback_function, #endif + &charger_function, NULL }; @@ -2054,8 +2068,6 @@ functions_store(struct device *pdev, struct device_attribute *attr, pr_debug("[XLOG_INFO][USB]%s: name = %s \n", __func__, name); /* Added for USB Develpment debug, more log for more debuging help */ - if (!name) - continue; is_ffs = 0; strlcpy(aliases, dev->ffs_aliases, sizeof(aliases)); diff --git a/drivers/usb/gadget/f_charger.c b/drivers/usb/gadget/f_charger.c new file mode 100644 index 000000000000..2a11d22a16d7 --- /dev/null +++ b/drivers/usb/gadget/f_charger.c @@ -0,0 +1,368 @@ +/* + * f_charger.c -- USB HID function driver + * + * Copyright (C) 2010 Fabien Chouteau + * Copyright (C) 2014, The Linux Foundation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * The Linux Foundation chooses to take subject only to the GPLv2 license + * terms, and distributes only under these terms. + */ + +#include +#include +#include +#include + +struct f_charger { + struct usb_ep *in_ep; + struct usb_function func; +}; + +static inline struct f_charger *func_to_charger(struct usb_function *f) +{ + return container_of(f, struct f_charger, func); +} + +static const uint8_t the_report_descriptor[] = { + 0x06, 0xA0, 0xFF, 0x09, 0xA5, 0xA1, 0x01, 0x09, + 0xA6, 0x09, 0xA7, 0x15, 0x80, 0x25, 0x7F, 0x75, + 0x08, 0x95, 0x02, 0x81, 0x02, 0x09, 0xA9, 0x15, + 0x80, 0x25, 0x7F, 0x75, 0x08, 0x95, 0x02, 0x91, + 0x02, 0xC0, +}; + + +static struct usb_interface_descriptor charger_interface_desc = { + .bLength = sizeof(charger_interface_desc), + .bDescriptorType = USB_DT_INTERFACE, + /* .bInterfaceNumber = DYNAMIC */ + .bAlternateSetting = 0, + .bNumEndpoints = 1, + .bInterfaceClass = USB_CLASS_HID, + .bInterfaceSubClass = 0, + .bInterfaceProtocol = 0, + /* .iInterface = DYNAMIC */ +}; + +static struct hid_descriptor charger_hid_desc = { + .bLength = sizeof(charger_hid_desc), + .bDescriptorType = 0x21, + .bcdHID = 0x0111, + .bCountryCode = 0x00, + .bNumDescriptors = 0x1, + .desc[0].bDescriptorType = 0x22, + .desc[0].wDescriptorLength = sizeof(the_report_descriptor), +}; + +/* Super-Speed Support */ + +static struct usb_endpoint_descriptor charger_ss_in_ep_desc = { + .bLength = USB_DT_ENDPOINT_SIZE, + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = USB_DIR_IN, + .bmAttributes = USB_ENDPOINT_XFER_INT, + .wMaxPacketSize = 1 , + .bInterval = 16, +}; + +static struct usb_descriptor_header *charger_ss_descriptors[] = { + (struct usb_descriptor_header *)&charger_interface_desc, + (struct usb_descriptor_header *)&charger_hid_desc, + (struct usb_descriptor_header *)&charger_ss_in_ep_desc, + NULL, +}; + +/* High-Speed Support */ +static struct usb_endpoint_descriptor charger_hs_in_ep_desc = { + .bLength = USB_DT_ENDPOINT_SIZE, + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = USB_DIR_IN, + .bmAttributes = USB_ENDPOINT_XFER_INT, + .wMaxPacketSize = 1 , + .bInterval = 16, +}; + +static struct usb_descriptor_header *charger_hs_descriptors[] = { + (struct usb_descriptor_header *)&charger_interface_desc, + (struct usb_descriptor_header *)&charger_hid_desc, + (struct usb_descriptor_header *)&charger_hs_in_ep_desc, + NULL, +}; + +/* Full-Speed Support */ + +static struct usb_endpoint_descriptor charger_fs_in_ep_desc = { + .bLength = USB_DT_ENDPOINT_SIZE, + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = USB_DIR_IN, + .bmAttributes = USB_ENDPOINT_XFER_INT, + .wMaxPacketSize = 1, + .bInterval = 16, +}; + +static struct usb_descriptor_header *charger_fs_descriptors[] = { + (struct usb_descriptor_header *)&charger_interface_desc, + (struct usb_descriptor_header *)&charger_hid_desc, + (struct usb_descriptor_header *)&charger_fs_in_ep_desc, + NULL, +}; + +/* Strings */ + +#define CT_FUNC_HID_IDX 0 + +static struct usb_string ct_func_string_defs[] = { + [CT_FUNC_HID_IDX].s = "HID Interface", + {}, /* end of list */ +}; + +static struct usb_gadget_strings ct_func_string_table = { + .language = 0x0409, /* en-US */ + .strings = ct_func_string_defs, +}; + +static struct usb_gadget_strings *ct_func_strings[] = { + &ct_func_string_table, + NULL, +}; + + +static void charger_disable(struct usb_function *f) +{ + struct f_charger *charger = func_to_charger(f); + usb_ep_disable(charger->in_ep); + charger->in_ep->driver_data = NULL; +} + +static int hid_setup(struct usb_function *f, + const struct usb_ctrlrequest *ctrl) +{ + struct usb_composite_dev *cdev = f->config->cdev; + struct usb_request *req = cdev->req; + int status = 0; + __u16 value, length; + bool resp_stall = false; + + value = le16_to_cpu(ctrl->wValue); + length = le16_to_cpu(ctrl->wLength); + + VDBG(cdev, + "hid_setup crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n", + ctrl->bRequestType, ctrl->bRequest, value); + + switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { + case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 + | HID_REQ_GET_REPORT): + VDBG(cdev, "get_report\n"); + + /* send an empty report */ + length = min_t(unsigned, length, + charger_hid_desc.desc[0].wDescriptorLength); + memset(req->buf, 0x0, length); + break; + + case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 + | HID_REQ_GET_PROTOCOL): + VDBG(cdev, "get_protocol\n"); + resp_stall = true; + break; + + case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 + | HID_REQ_SET_REPORT): + VDBG(cdev, "set_report | wLenght=%d\n", ctrl->wLength); + resp_stall = true; + break; + + case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 + | HID_REQ_SET_PROTOCOL): + VDBG(cdev, "set_protocol\n"); + resp_stall = true; + break; + + case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 + | USB_REQ_GET_DESCRIPTOR): + switch (value >> 8) { + + case HID_DT_HID: + VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); + length = min_t(unsigned short, length, + charger_hid_desc.bLength); + memcpy(req->buf, &charger_hid_desc, length); + break; + + case HID_DT_REPORT: + VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); + length = min_t(unsigned short, length, + charger_hid_desc.desc[0].wDescriptorLength); + memcpy(req->buf, &the_report_descriptor, length); + break; + + default: + VDBG(cdev, "Unknown descriptor request 0x%x\n", + value >> 8); + resp_stall = true; + break; + } + break; + + default: + VDBG(cdev, "Unknown request 0x%x\n", + ctrl->bRequest); + resp_stall = true; + break; + } + + if (resp_stall) { + ERROR(cdev, "usb ep stall\n"); + return -EOPNOTSUPP; + } + + req->zero = 0; + req->length = length; + status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); + if (status < 0) + ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); + return status; +} + +static int charger_set_alt(struct usb_function *f, unsigned intf, unsigned alt) +{ + struct usb_composite_dev *cdev = f->config->cdev; + struct f_charger *charger = func_to_charger(f); + int status = 0; + + VDBG(cdev, "charger_set_alt intf:%d alt:%d\n", intf, alt); + + if (charger->in_ep != NULL) { + /* restart endpoint */ + if (charger->in_ep->driver_data != NULL) + usb_ep_disable(charger->in_ep); + + status = config_ep_by_speed(f->config->cdev->gadget, f, + charger->in_ep); + if (status) { + charger->in_ep->desc = NULL; + ERROR(cdev, "config_ep_by_speed FAILED!\n"); + goto fail; + } + status = usb_ep_enable(charger->in_ep); + if (status < 0) { + ERROR(cdev, "Enable IN endpoint FAILED!\n"); + goto fail; + } + charger->in_ep->driver_data = charger; + } +fail: + return status; +} + + + +static int charger_bind(struct usb_configuration *c, struct usb_function *f) +{ + struct usb_ep *ep; + struct f_charger *charger = func_to_charger(f); + int status; + + /* allocate instance-specific interface IDs, and patch descriptors */ + status = usb_interface_id(c, f); + if (status < 0) + goto fail; + + charger_interface_desc.bInterfaceNumber = status; + + /* allocate instance-specific endpoints */ + status = -ENODEV; + ep = usb_ep_autoconfig(c->cdev->gadget, &charger_fs_in_ep_desc); + if (!ep) + goto fail; + ep->driver_data = c->cdev; /* claim */ + charger->in_ep = ep; + + /* copy descriptors */ + f->fs_descriptors = usb_copy_descriptors(charger_fs_descriptors); + if (!f->fs_descriptors) + goto fail; + + if (gadget_is_dualspeed(c->cdev->gadget)) { + charger_hs_in_ep_desc.bEndpointAddress = + charger_fs_in_ep_desc.bEndpointAddress; + + f->hs_descriptors = + usb_copy_descriptors(charger_hs_descriptors); + if (!f->hs_descriptors) + goto fail; + } + + if (gadget_is_superspeed(c->cdev->gadget)) { + charger_ss_in_ep_desc.bEndpointAddress = + charger_fs_in_ep_desc.bEndpointAddress; + + f->ss_descriptors = + usb_copy_descriptors(charger_ss_descriptors); + if (!f->ss_descriptors) + goto fail; + } + + return 0; + +fail: + ERROR(f->config->cdev, "charger_bind FAILED\n"); + + if (f->ss_descriptors) + usb_free_descriptors(f->ss_descriptors); + if (f->hs_descriptors) + usb_free_descriptors(f->hs_descriptors); + if (f->fs_descriptors) + usb_free_descriptors(f->fs_descriptors); + + return status; +} + +static void charger_unbind(struct usb_configuration *c, struct usb_function *f) +{ + struct f_charger *charger = func_to_charger(f); + + /* disable/free request and end point */ + usb_ep_disable(charger->in_ep); + + /* free descriptors copies */ + if (gadget_is_superspeed(c->cdev->gadget)) + usb_free_descriptors(f->ss_descriptors); + if (gadget_is_dualspeed(c->cdev->gadget)) + usb_free_descriptors(f->hs_descriptors); + + usb_free_descriptors(f->fs_descriptors); + + kfree(charger); +} + +static int charger_bind_config(struct usb_configuration *c) +{ + struct f_charger *charger; + int status; + + /* allocate and initialize one new instance */ + charger = kzalloc(sizeof(*charger), GFP_KERNEL); + if (!charger) + return -ENOMEM; + + charger->func.name = "charging"; + charger->func.strings = ct_func_strings; + charger->func.bind = charger_bind; + charger->func.unbind = charger_unbind; + charger->func.set_alt = charger_set_alt; + charger->func.disable = charger_disable; + charger->func.setup = hid_setup; + + status = usb_add_function(c, &charger->func); + if (status) + kfree(charger); + + return status; +} diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c index fb9174c96cb8..0d5f28fcafd5 100644 --- a/drivers/usb/gadget/f_fs.c +++ b/drivers/usb/gadget/f_fs.c @@ -141,6 +141,8 @@ struct ffs_data { struct usb_request *ep0req; /* P: mutex */ struct completion ep0req_completion; /* P: mutex */ int ep0req_status; /* P: mutex */ + struct completion epin_completion; + struct completion epout_completion; /* reference counter */ atomic_t ref; @@ -317,6 +319,7 @@ struct ffs_epfile { /* Protects ep->ep and ep->req. */ struct mutex mutex; wait_queue_head_t wait; + atomic_t error; struct ffs_data *ffs; struct ffs_ep *ep; /* P: ffs->eps_lock */ @@ -745,8 +748,10 @@ static const struct file_operations ffs_ep0_operations = { static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req) { + struct ffs_ep *ep = _ep->driver_data; ENTER(); - if (likely(req->context)) { + /* req may be freed during unbind */ + if (ep && ep->req && likely(req->context)) { struct ffs_ep *ep = _ep->driver_data; ep->status = req->status ? req->status : req->actual; complete(req->context); @@ -758,10 +763,16 @@ static ssize_t ffs_epfile_io(struct file *file, { struct ffs_epfile *epfile = file->private_data; struct ffs_ep *ep; + struct ffs_data *ffs = epfile->ffs; char *data = NULL; ssize_t ret; int halt; - int buffer_len = 0; + int buffer_len = !read ? len : round_up(len, 1024); + + pr_debug("%s: len %d, buffer_len %d, read %d\n", __func__, len, buffer_len, read); + + if (atomic_read(&epfile->error)) + return -ENODEV; pr_debug("%s: len %lld, read %d\n", __func__, (u64)len, read); @@ -785,9 +796,24 @@ first_try: goto error; } - if (wait_event_interruptible(epfile->wait, - (ep = epfile->ep))) { - ret = -EINTR; + /* Don't wait on write if device is offline */ + if (!read) { + ret = -ENODEV; + goto error; + } + + /* + * if ep is disabled, this fails all current IOs + * and wait for next epfile open to happen + */ + if (!atomic_read(&epfile->error)) { + ret = wait_event_interruptible(epfile->wait, + (ep = epfile->ep)); + if (ret < 0) + goto error; + } + if (!ep) { + ret = -ENODEV; goto error; } } @@ -841,25 +867,47 @@ first_try: ret = -EBADMSG; } else { /* Fire the request */ - DECLARE_COMPLETION_ONSTACK(done); + struct completion *done; struct usb_request *req = ep->req; - req->context = &done; req->complete = ffs_epfile_io_complete; req->buf = data; req->length = buffer_len; + if (read) { + INIT_COMPLETION(ffs->epout_completion); + req->context = done = &ffs->epout_completion; + } else { + INIT_COMPLETION(ffs->epin_completion); + req->context = done = &ffs->epin_completion; + } ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC); spin_unlock_irq(&epfile->ffs->eps_lock); if (unlikely(ret < 0)) { - /* nop */ - } else if (unlikely(wait_for_completion_interruptible(&done))) { + ret = -EIO; + } else if (unlikely(wait_for_completion_interruptible(done))) { + spin_lock_irq(&epfile->ffs->eps_lock); + /* + * While we were acquiring lock endpoint got disabled + * (disconnect) or changed (composition switch) ? + */ + if (epfile->ep == ep) + usb_ep_dequeue(ep->ep, req); + spin_unlock_irq(&epfile->ffs->eps_lock); ret = -EINTR; - usb_ep_dequeue(ep->ep, req); } else { - ret = ep->status; + spin_lock_irq(&epfile->ffs->eps_lock); + /* + * While we were acquiring lock endpoint got disabled + * (disconnect) or changed (composition switch) ? + */ + if (epfile->ep == ep) + ret = ep->status; + else + ret = -ENODEV; + spin_unlock_irq(&epfile->ffs->eps_lock); if (read && ret > 0) { if (ret > len) ret = -EOVERFLOW; @@ -904,6 +952,7 @@ ffs_epfile_open(struct inode *inode, struct file *file) file->private_data = epfile; ffs_data_opened(epfile->ffs); + atomic_set(&epfile->error, 0); return 0; } @@ -915,7 +964,9 @@ ffs_epfile_release(struct inode *inode, struct file *file) ENTER(); + atomic_set(&epfile->error, 1); ffs_data_closed(epfile->ffs); + file->private_data = NULL; return 0; } @@ -1336,6 +1387,8 @@ static struct ffs_data *ffs_data_new(void) spin_lock_init(&ffs->eps_lock); init_waitqueue_head(&ffs->ev.waitq); init_completion(&ffs->ep0req_completion); + init_completion(&ffs->epout_completion); + init_completion(&ffs->epin_completion); /* XXX REVISIT need to update it in some places, or do we? */ ffs->ev.can_stall = 1; @@ -1537,6 +1590,7 @@ static void ffs_func_free(struct ffs_function *func) if (ep->ep && ep->req) usb_ep_free_request(ep->ep, ep->req); ep->req = NULL; + ep->ep = NULL; ++ep; } while (--count); spin_unlock_irqrestore(&func->ffs->eps_lock, flags); @@ -1562,9 +1616,12 @@ static void ffs_func_eps_disable(struct ffs_function *func) spin_lock_irqsave(&func->ffs->eps_lock, flags); do { + atomic_set(&epfile->error, 1); /* pending requests get nuked */ - if (likely(ep->ep)) + if (likely(ep->ep)) { usb_ep_disable(ep->ep); + ep->ep->driver_data = NULL; + } epfile->ep = NULL; ++ep;