]> err.no Git - linux-2.6/blob - drivers/usb/gadget/dummy_hcd.c
ALSA: ASoC: Fix double free and memory leak in many codec drivers
[linux-2.6] / drivers / usb / gadget / dummy_hcd.c
1 /*
2  * dummy_hcd.c -- Dummy/Loopback USB host and device emulator driver.
3  *
4  * Maintainer: Alan Stern <stern@rowland.harvard.edu>
5  *
6  * Copyright (C) 2003 David Brownell
7  * Copyright (C) 2003-2005 Alan Stern
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program; if not, write to the Free Software
21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  */
23
24
25 /*
26  * This exposes a device side "USB gadget" API, driven by requests to a
27  * Linux-USB host controller driver.  USB traffic is simulated; there's
28  * no need for USB hardware.  Use this with two other drivers:
29  *
30  *  - Gadget driver, responding to requests (slave);
31  *  - Host-side device driver, as already familiar in Linux.
32  *
33  * Having this all in one kernel can help some stages of development,
34  * bypassing some hardware (and driver) issues.  UML could help too.
35  */
36
37 #include <linux/module.h>
38 #include <linux/kernel.h>
39 #include <linux/delay.h>
40 #include <linux/ioport.h>
41 #include <linux/slab.h>
42 #include <linux/errno.h>
43 #include <linux/init.h>
44 #include <linux/timer.h>
45 #include <linux/list.h>
46 #include <linux/interrupt.h>
47 #include <linux/platform_device.h>
48 #include <linux/usb.h>
49 #include <linux/usb/gadget.h>
50
51 #include <asm/byteorder.h>
52 #include <asm/io.h>
53 #include <asm/irq.h>
54 #include <asm/system.h>
55 #include <asm/unaligned.h>
56
57
58 #include "../core/hcd.h"
59
60
61 #define DRIVER_DESC     "USB Host+Gadget Emulator"
62 #define DRIVER_VERSION  "02 May 2005"
63
64 #define POWER_BUDGET    500     /* in mA; use 8 for low-power port testing */
65
66 static const char       driver_name [] = "dummy_hcd";
67 static const char       driver_desc [] = "USB Host+Gadget Emulator";
68
69 static const char       gadget_name [] = "dummy_udc";
70
71 MODULE_DESCRIPTION (DRIVER_DESC);
72 MODULE_AUTHOR ("David Brownell");
73 MODULE_LICENSE ("GPL");
74
75 /*-------------------------------------------------------------------------*/
76
77 /* gadget side driver data structres */
78 struct dummy_ep {
79         struct list_head                queue;
80         unsigned long                   last_io;        /* jiffies timestamp */
81         struct usb_gadget               *gadget;
82         const struct usb_endpoint_descriptor *desc;
83         struct usb_ep                   ep;
84         unsigned                        halted : 1;
85         unsigned                        already_seen : 1;
86         unsigned                        setup_stage : 1;
87 };
88
89 struct dummy_request {
90         struct list_head                queue;          /* ep's requests */
91         struct usb_request              req;
92 };
93
94 static inline struct dummy_ep *usb_ep_to_dummy_ep (struct usb_ep *_ep)
95 {
96         return container_of (_ep, struct dummy_ep, ep);
97 }
98
99 static inline struct dummy_request *usb_request_to_dummy_request
100                 (struct usb_request *_req)
101 {
102         return container_of (_req, struct dummy_request, req);
103 }
104
105 /*-------------------------------------------------------------------------*/
106
107 /*
108  * Every device has ep0 for control requests, plus up to 30 more endpoints,
109  * in one of two types:
110  *
111  *   - Configurable:  direction (in/out), type (bulk, iso, etc), and endpoint
112  *     number can be changed.  Names like "ep-a" are used for this type.
113  *
114  *   - Fixed Function:  in other cases.  some characteristics may be mutable;
115  *     that'd be hardware-specific.  Names like "ep12out-bulk" are used.
116  *
117  * Gadget drivers are responsible for not setting up conflicting endpoint
118  * configurations, illegal or unsupported packet lengths, and so on.
119  */
120
121 static const char ep0name [] = "ep0";
122
123 static const char *const ep_name [] = {
124         ep0name,                                /* everyone has ep0 */
125
126         /* act like a net2280: high speed, six configurable endpoints */
127         "ep-a", "ep-b", "ep-c", "ep-d", "ep-e", "ep-f",
128
129         /* or like pxa250: fifteen fixed function endpoints */
130         "ep1in-bulk", "ep2out-bulk", "ep3in-iso", "ep4out-iso", "ep5in-int",
131         "ep6in-bulk", "ep7out-bulk", "ep8in-iso", "ep9out-iso", "ep10in-int",
132         "ep11in-bulk", "ep12out-bulk", "ep13in-iso", "ep14out-iso",
133                 "ep15in-int",
134
135         /* or like sa1100: two fixed function endpoints */
136         "ep1out-bulk", "ep2in-bulk",
137 };
138 #define DUMMY_ENDPOINTS ARRAY_SIZE(ep_name)
139
140 /*-------------------------------------------------------------------------*/
141
142 #define FIFO_SIZE               64
143
144 struct urbp {
145         struct urb              *urb;
146         struct list_head        urbp_list;
147 };
148
149
150 enum dummy_rh_state {
151         DUMMY_RH_RESET,
152         DUMMY_RH_SUSPENDED,
153         DUMMY_RH_RUNNING
154 };
155
156 struct dummy {
157         spinlock_t                      lock;
158
159         /*
160          * SLAVE/GADGET side support
161          */
162         struct dummy_ep                 ep [DUMMY_ENDPOINTS];
163         int                             address;
164         struct usb_gadget               gadget;
165         struct usb_gadget_driver        *driver;
166         struct dummy_request            fifo_req;
167         u8                              fifo_buf [FIFO_SIZE];
168         u16                             devstatus;
169         unsigned                        udc_suspended:1;
170         unsigned                        pullup:1;
171         unsigned                        active:1;
172         unsigned                        old_active:1;
173
174         /*
175          * MASTER/HOST side support
176          */
177         enum dummy_rh_state             rh_state;
178         struct timer_list               timer;
179         u32                             port_status;
180         u32                             old_status;
181         unsigned                        resuming:1;
182         unsigned long                   re_timeout;
183
184         struct usb_device               *udev;
185         struct list_head                urbp_list;
186 };
187
188 static inline struct dummy *hcd_to_dummy (struct usb_hcd *hcd)
189 {
190         return (struct dummy *) (hcd->hcd_priv);
191 }
192
193 static inline struct usb_hcd *dummy_to_hcd (struct dummy *dum)
194 {
195         return container_of((void *) dum, struct usb_hcd, hcd_priv);
196 }
197
198 static inline struct device *dummy_dev (struct dummy *dum)
199 {
200         return dummy_to_hcd(dum)->self.controller;
201 }
202
203 static inline struct device *udc_dev (struct dummy *dum)
204 {
205         return dum->gadget.dev.parent;
206 }
207
208 static inline struct dummy *ep_to_dummy (struct dummy_ep *ep)
209 {
210         return container_of (ep->gadget, struct dummy, gadget);
211 }
212
213 static inline struct dummy *gadget_to_dummy (struct usb_gadget *gadget)
214 {
215         return container_of (gadget, struct dummy, gadget);
216 }
217
218 static inline struct dummy *gadget_dev_to_dummy (struct device *dev)
219 {
220         return container_of (dev, struct dummy, gadget.dev);
221 }
222
223 static struct dummy                     *the_controller;
224
225 /*-------------------------------------------------------------------------*/
226
227 /* SLAVE/GADGET SIDE UTILITY ROUTINES */
228
229 /* called with spinlock held */
230 static void nuke (struct dummy *dum, struct dummy_ep *ep)
231 {
232         while (!list_empty (&ep->queue)) {
233                 struct dummy_request    *req;
234
235                 req = list_entry (ep->queue.next, struct dummy_request, queue);
236                 list_del_init (&req->queue);
237                 req->req.status = -ESHUTDOWN;
238
239                 spin_unlock (&dum->lock);
240                 req->req.complete (&ep->ep, &req->req);
241                 spin_lock (&dum->lock);
242         }
243 }
244
245 /* caller must hold lock */
246 static void
247 stop_activity (struct dummy *dum)
248 {
249         struct dummy_ep *ep;
250
251         /* prevent any more requests */
252         dum->address = 0;
253
254         /* The timer is left running so that outstanding URBs can fail */
255
256         /* nuke any pending requests first, so driver i/o is quiesced */
257         list_for_each_entry (ep, &dum->gadget.ep_list, ep.ep_list)
258                 nuke (dum, ep);
259
260         /* driver now does any non-usb quiescing necessary */
261 }
262
263 /* caller must hold lock */
264 static void
265 set_link_state (struct dummy *dum)
266 {
267         dum->active = 0;
268         if ((dum->port_status & USB_PORT_STAT_POWER) == 0)
269                 dum->port_status = 0;
270
271         /* UDC suspend must cause a disconnect */
272         else if (!dum->pullup || dum->udc_suspended) {
273                 dum->port_status &= ~(USB_PORT_STAT_CONNECTION |
274                                         USB_PORT_STAT_ENABLE |
275                                         USB_PORT_STAT_LOW_SPEED |
276                                         USB_PORT_STAT_HIGH_SPEED |
277                                         USB_PORT_STAT_SUSPEND);
278                 if ((dum->old_status & USB_PORT_STAT_CONNECTION) != 0)
279                         dum->port_status |= (USB_PORT_STAT_C_CONNECTION << 16);
280         } else {
281                 dum->port_status |= USB_PORT_STAT_CONNECTION;
282                 if ((dum->old_status & USB_PORT_STAT_CONNECTION) == 0)
283                         dum->port_status |= (USB_PORT_STAT_C_CONNECTION << 16);
284                 if ((dum->port_status & USB_PORT_STAT_ENABLE) == 0)
285                         dum->port_status &= ~USB_PORT_STAT_SUSPEND;
286                 else if ((dum->port_status & USB_PORT_STAT_SUSPEND) == 0 &&
287                                 dum->rh_state != DUMMY_RH_SUSPENDED)
288                         dum->active = 1;
289         }
290
291         if ((dum->port_status & USB_PORT_STAT_ENABLE) == 0 || dum->active)
292                 dum->resuming = 0;
293
294         if ((dum->port_status & USB_PORT_STAT_CONNECTION) == 0 ||
295                         (dum->port_status & USB_PORT_STAT_RESET) != 0) {
296                 if ((dum->old_status & USB_PORT_STAT_CONNECTION) != 0 &&
297                                 (dum->old_status & USB_PORT_STAT_RESET) == 0 &&
298                                 dum->driver) {
299                         stop_activity (dum);
300                         spin_unlock (&dum->lock);
301                         dum->driver->disconnect (&dum->gadget);
302                         spin_lock (&dum->lock);
303                 }
304         } else if (dum->active != dum->old_active) {
305                 if (dum->old_active && dum->driver->suspend) {
306                         spin_unlock (&dum->lock);
307                         dum->driver->suspend (&dum->gadget);
308                         spin_lock (&dum->lock);
309                 } else if (!dum->old_active && dum->driver->resume) {
310                         spin_unlock (&dum->lock);
311                         dum->driver->resume (&dum->gadget);
312                         spin_lock (&dum->lock);
313                 }
314         }
315
316         dum->old_status = dum->port_status;
317         dum->old_active = dum->active;
318 }
319
320 /*-------------------------------------------------------------------------*/
321
322 /* SLAVE/GADGET SIDE DRIVER
323  *
324  * This only tracks gadget state.  All the work is done when the host
325  * side tries some (emulated) i/o operation.  Real device controller
326  * drivers would do real i/o using dma, fifos, irqs, timers, etc.
327  */
328
329 #define is_enabled(dum) \
330         (dum->port_status & USB_PORT_STAT_ENABLE)
331
332 static int
333 dummy_enable (struct usb_ep *_ep, const struct usb_endpoint_descriptor *desc)
334 {
335         struct dummy            *dum;
336         struct dummy_ep         *ep;
337         unsigned                max;
338         int                     retval;
339
340         ep = usb_ep_to_dummy_ep (_ep);
341         if (!_ep || !desc || ep->desc || _ep->name == ep0name
342                         || desc->bDescriptorType != USB_DT_ENDPOINT)
343                 return -EINVAL;
344         dum = ep_to_dummy (ep);
345         if (!dum->driver || !is_enabled (dum))
346                 return -ESHUTDOWN;
347         max = le16_to_cpu(desc->wMaxPacketSize) & 0x3ff;
348
349         /* drivers must not request bad settings, since lower levels
350          * (hardware or its drivers) may not check.  some endpoints
351          * can't do iso, many have maxpacket limitations, etc.
352          *
353          * since this "hardware" driver is here to help debugging, we
354          * have some extra sanity checks.  (there could be more though,
355          * especially for "ep9out" style fixed function ones.)
356          */
357         retval = -EINVAL;
358         switch (desc->bmAttributes & 0x03) {
359         case USB_ENDPOINT_XFER_BULK:
360                 if (strstr (ep->ep.name, "-iso")
361                                 || strstr (ep->ep.name, "-int")) {
362                         goto done;
363                 }
364                 switch (dum->gadget.speed) {
365                 case USB_SPEED_HIGH:
366                         if (max == 512)
367                                 break;
368                         goto done;
369                 case USB_SPEED_FULL:
370                         if (max == 8 || max == 16 || max == 32 || max == 64)
371                                 /* we'll fake any legal size */
372                                 break;
373                         /* save a return statement */
374                 default:
375                         goto done;
376                 }
377                 break;
378         case USB_ENDPOINT_XFER_INT:
379                 if (strstr (ep->ep.name, "-iso")) /* bulk is ok */
380                         goto done;
381                 /* real hardware might not handle all packet sizes */
382                 switch (dum->gadget.speed) {
383                 case USB_SPEED_HIGH:
384                         if (max <= 1024)
385                                 break;
386                         /* save a return statement */
387                 case USB_SPEED_FULL:
388                         if (max <= 64)
389                                 break;
390                         /* save a return statement */
391                 default:
392                         if (max <= 8)
393                                 break;
394                         goto done;
395                 }
396                 break;
397         case USB_ENDPOINT_XFER_ISOC:
398                 if (strstr (ep->ep.name, "-bulk")
399                                 || strstr (ep->ep.name, "-int"))
400                         goto done;
401                 /* real hardware might not handle all packet sizes */
402                 switch (dum->gadget.speed) {
403                 case USB_SPEED_HIGH:
404                         if (max <= 1024)
405                                 break;
406                         /* save a return statement */
407                 case USB_SPEED_FULL:
408                         if (max <= 1023)
409                                 break;
410                         /* save a return statement */
411                 default:
412                         goto done;
413                 }
414                 break;
415         default:
416                 /* few chips support control except on ep0 */
417                 goto done;
418         }
419
420         _ep->maxpacket = max;
421         ep->desc = desc;
422
423         dev_dbg (udc_dev(dum), "enabled %s (ep%d%s-%s) maxpacket %d\n",
424                 _ep->name,
425                 desc->bEndpointAddress & 0x0f,
426                 (desc->bEndpointAddress & USB_DIR_IN) ? "in" : "out",
427                 ({ char *val;
428                  switch (desc->bmAttributes & 0x03) {
429                  case USB_ENDPOINT_XFER_BULK: val = "bulk"; break;
430                  case USB_ENDPOINT_XFER_ISOC: val = "iso"; break;
431                  case USB_ENDPOINT_XFER_INT: val = "intr"; break;
432                  default: val = "ctrl"; break;
433                  }; val; }),
434                 max);
435
436         /* at this point real hardware should be NAKing transfers
437          * to that endpoint, until a buffer is queued to it.
438          */
439         retval = 0;
440 done:
441         return retval;
442 }
443
444 static int dummy_disable (struct usb_ep *_ep)
445 {
446         struct dummy_ep         *ep;
447         struct dummy            *dum;
448         unsigned long           flags;
449         int                     retval;
450
451         ep = usb_ep_to_dummy_ep (_ep);
452         if (!_ep || !ep->desc || _ep->name == ep0name)
453                 return -EINVAL;
454         dum = ep_to_dummy (ep);
455
456         spin_lock_irqsave (&dum->lock, flags);
457         ep->desc = NULL;
458         retval = 0;
459         nuke (dum, ep);
460         spin_unlock_irqrestore (&dum->lock, flags);
461
462         dev_dbg (udc_dev(dum), "disabled %s\n", _ep->name);
463         return retval;
464 }
465
466 static struct usb_request *
467 dummy_alloc_request (struct usb_ep *_ep, gfp_t mem_flags)
468 {
469         struct dummy_ep         *ep;
470         struct dummy_request    *req;
471
472         if (!_ep)
473                 return NULL;
474         ep = usb_ep_to_dummy_ep (_ep);
475
476         req = kzalloc(sizeof(*req), mem_flags);
477         if (!req)
478                 return NULL;
479         INIT_LIST_HEAD (&req->queue);
480         return &req->req;
481 }
482
483 static void
484 dummy_free_request (struct usb_ep *_ep, struct usb_request *_req)
485 {
486         struct dummy_ep         *ep;
487         struct dummy_request    *req;
488
489         ep = usb_ep_to_dummy_ep (_ep);
490         if (!ep || !_req || (!ep->desc && _ep->name != ep0name))
491                 return;
492
493         req = usb_request_to_dummy_request (_req);
494         WARN_ON (!list_empty (&req->queue));
495         kfree (req);
496 }
497
498 static void
499 fifo_complete (struct usb_ep *ep, struct usb_request *req)
500 {
501 }
502
503 static int
504 dummy_queue (struct usb_ep *_ep, struct usb_request *_req,
505                 gfp_t mem_flags)
506 {
507         struct dummy_ep         *ep;
508         struct dummy_request    *req;
509         struct dummy            *dum;
510         unsigned long           flags;
511
512         req = usb_request_to_dummy_request (_req);
513         if (!_req || !list_empty (&req->queue) || !_req->complete)
514                 return -EINVAL;
515
516         ep = usb_ep_to_dummy_ep (_ep);
517         if (!_ep || (!ep->desc && _ep->name != ep0name))
518                 return -EINVAL;
519
520         dum = ep_to_dummy (ep);
521         if (!dum->driver || !is_enabled (dum))
522                 return -ESHUTDOWN;
523
524 #if 0
525         dev_dbg (udc_dev(dum), "ep %p queue req %p to %s, len %d buf %p\n",
526                         ep, _req, _ep->name, _req->length, _req->buf);
527 #endif
528
529         _req->status = -EINPROGRESS;
530         _req->actual = 0;
531         spin_lock_irqsave (&dum->lock, flags);
532
533         /* implement an emulated single-request FIFO */
534         if (ep->desc && (ep->desc->bEndpointAddress & USB_DIR_IN) &&
535                         list_empty (&dum->fifo_req.queue) &&
536                         list_empty (&ep->queue) &&
537                         _req->length <= FIFO_SIZE) {
538                 req = &dum->fifo_req;
539                 req->req = *_req;
540                 req->req.buf = dum->fifo_buf;
541                 memcpy (dum->fifo_buf, _req->buf, _req->length);
542                 req->req.context = dum;
543                 req->req.complete = fifo_complete;
544
545                 spin_unlock (&dum->lock);
546                 _req->actual = _req->length;
547                 _req->status = 0;
548                 _req->complete (_ep, _req);
549                 spin_lock (&dum->lock);
550         }
551         list_add_tail (&req->queue, &ep->queue);
552         spin_unlock_irqrestore (&dum->lock, flags);
553
554         /* real hardware would likely enable transfers here, in case
555          * it'd been left NAKing.
556          */
557         return 0;
558 }
559
560 static int dummy_dequeue (struct usb_ep *_ep, struct usb_request *_req)
561 {
562         struct dummy_ep         *ep;
563         struct dummy            *dum;
564         int                     retval = -EINVAL;
565         unsigned long           flags;
566         struct dummy_request    *req = NULL;
567
568         if (!_ep || !_req)
569                 return retval;
570         ep = usb_ep_to_dummy_ep (_ep);
571         dum = ep_to_dummy (ep);
572
573         if (!dum->driver)
574                 return -ESHUTDOWN;
575
576         local_irq_save (flags);
577         spin_lock (&dum->lock);
578         list_for_each_entry (req, &ep->queue, queue) {
579                 if (&req->req == _req) {
580                         list_del_init (&req->queue);
581                         _req->status = -ECONNRESET;
582                         retval = 0;
583                         break;
584                 }
585         }
586         spin_unlock (&dum->lock);
587
588         if (retval == 0) {
589                 dev_dbg (udc_dev(dum),
590                                 "dequeued req %p from %s, len %d buf %p\n",
591                                 req, _ep->name, _req->length, _req->buf);
592                 _req->complete (_ep, _req);
593         }
594         local_irq_restore (flags);
595         return retval;
596 }
597
598 static int
599 dummy_set_halt (struct usb_ep *_ep, int value)
600 {
601         struct dummy_ep         *ep;
602         struct dummy            *dum;
603
604         if (!_ep)
605                 return -EINVAL;
606         ep = usb_ep_to_dummy_ep (_ep);
607         dum = ep_to_dummy (ep);
608         if (!dum->driver)
609                 return -ESHUTDOWN;
610         if (!value)
611                 ep->halted = 0;
612         else if (ep->desc && (ep->desc->bEndpointAddress & USB_DIR_IN) &&
613                         !list_empty (&ep->queue))
614                 return -EAGAIN;
615         else
616                 ep->halted = 1;
617         /* FIXME clear emulated data toggle too */
618         return 0;
619 }
620
621 static const struct usb_ep_ops dummy_ep_ops = {
622         .enable         = dummy_enable,
623         .disable        = dummy_disable,
624
625         .alloc_request  = dummy_alloc_request,
626         .free_request   = dummy_free_request,
627
628         .queue          = dummy_queue,
629         .dequeue        = dummy_dequeue,
630
631         .set_halt       = dummy_set_halt,
632 };
633
634 /*-------------------------------------------------------------------------*/
635
636 /* there are both host and device side versions of this call ... */
637 static int dummy_g_get_frame (struct usb_gadget *_gadget)
638 {
639         struct timeval  tv;
640
641         do_gettimeofday (&tv);
642         return tv.tv_usec / 1000;
643 }
644
645 static int dummy_wakeup (struct usb_gadget *_gadget)
646 {
647         struct dummy    *dum;
648
649         dum = gadget_to_dummy (_gadget);
650         if (!(dum->devstatus &  ( (1 << USB_DEVICE_B_HNP_ENABLE)
651                                 | (1 << USB_DEVICE_REMOTE_WAKEUP))))
652                 return -EINVAL;
653         if ((dum->port_status & USB_PORT_STAT_CONNECTION) == 0)
654                 return -ENOLINK;
655         if ((dum->port_status & USB_PORT_STAT_SUSPEND) == 0 &&
656                          dum->rh_state != DUMMY_RH_SUSPENDED)
657                 return -EIO;
658
659         /* FIXME: What if the root hub is suspended but the port isn't? */
660
661         /* hub notices our request, issues downstream resume, etc */
662         dum->resuming = 1;
663         dum->re_timeout = jiffies + msecs_to_jiffies(20);
664         mod_timer (&dummy_to_hcd (dum)->rh_timer, dum->re_timeout);
665         return 0;
666 }
667
668 static int dummy_set_selfpowered (struct usb_gadget *_gadget, int value)
669 {
670         struct dummy    *dum;
671
672         dum = gadget_to_dummy (_gadget);
673         if (value)
674                 dum->devstatus |= (1 << USB_DEVICE_SELF_POWERED);
675         else
676                 dum->devstatus &= ~(1 << USB_DEVICE_SELF_POWERED);
677         return 0;
678 }
679
680 static int dummy_pullup (struct usb_gadget *_gadget, int value)
681 {
682         struct dummy    *dum;
683         unsigned long   flags;
684
685         dum = gadget_to_dummy (_gadget);
686         spin_lock_irqsave (&dum->lock, flags);
687         dum->pullup = (value != 0);
688         set_link_state (dum);
689         spin_unlock_irqrestore (&dum->lock, flags);
690
691         usb_hcd_poll_rh_status (dummy_to_hcd (dum));
692         return 0;
693 }
694
695 static const struct usb_gadget_ops dummy_ops = {
696         .get_frame      = dummy_g_get_frame,
697         .wakeup         = dummy_wakeup,
698         .set_selfpowered = dummy_set_selfpowered,
699         .pullup         = dummy_pullup,
700 };
701
702 /*-------------------------------------------------------------------------*/
703
704 /* "function" sysfs attribute */
705 static ssize_t
706 show_function (struct device *dev, struct device_attribute *attr, char *buf)
707 {
708         struct dummy    *dum = gadget_dev_to_dummy (dev);
709
710         if (!dum->driver || !dum->driver->function)
711                 return 0;
712         return scnprintf (buf, PAGE_SIZE, "%s\n", dum->driver->function);
713 }
714 static DEVICE_ATTR (function, S_IRUGO, show_function, NULL);
715
716 /*-------------------------------------------------------------------------*/
717
718 /*
719  * Driver registration/unregistration.
720  *
721  * This is basically hardware-specific; there's usually only one real USB
722  * device (not host) controller since that's how USB devices are intended
723  * to work.  So most implementations of these api calls will rely on the
724  * fact that only one driver will ever bind to the hardware.  But curious
725  * hardware can be built with discrete components, so the gadget API doesn't
726  * require that assumption.
727  *
728  * For this emulator, it might be convenient to create a usb slave device
729  * for each driver that registers:  just add to a big root hub.
730  */
731
732 int
733 usb_gadget_register_driver (struct usb_gadget_driver *driver)
734 {
735         struct dummy    *dum = the_controller;
736         int             retval, i;
737
738         if (!dum)
739                 return -EINVAL;
740         if (dum->driver)
741                 return -EBUSY;
742         if (!driver->bind || !driver->setup
743                         || driver->speed == USB_SPEED_UNKNOWN)
744                 return -EINVAL;
745
746         /*
747          * SLAVE side init ... the layer above hardware, which
748          * can't enumerate without help from the driver we're binding.
749          */
750
751         dum->devstatus = 0;
752
753         INIT_LIST_HEAD (&dum->gadget.ep_list);
754         for (i = 0; i < DUMMY_ENDPOINTS; i++) {
755                 struct dummy_ep *ep = &dum->ep [i];
756
757                 if (!ep_name [i])
758                         break;
759                 ep->ep.name = ep_name [i];
760                 ep->ep.ops = &dummy_ep_ops;
761                 list_add_tail (&ep->ep.ep_list, &dum->gadget.ep_list);
762                 ep->halted = ep->already_seen = ep->setup_stage = 0;
763                 ep->ep.maxpacket = ~0;
764                 ep->last_io = jiffies;
765                 ep->gadget = &dum->gadget;
766                 ep->desc = NULL;
767                 INIT_LIST_HEAD (&ep->queue);
768         }
769
770         dum->gadget.ep0 = &dum->ep [0].ep;
771         dum->ep [0].ep.maxpacket = 64;
772         list_del_init (&dum->ep [0].ep.ep_list);
773         INIT_LIST_HEAD(&dum->fifo_req.queue);
774
775         driver->driver.bus = NULL;
776         dum->driver = driver;
777         dum->gadget.dev.driver = &driver->driver;
778         dev_dbg (udc_dev(dum), "binding gadget driver '%s'\n",
779                         driver->driver.name);
780         retval = driver->bind(&dum->gadget);
781         if (retval) {
782                 dum->driver = NULL;
783                 dum->gadget.dev.driver = NULL;
784                 return retval;
785         }
786
787         /* khubd will enumerate this in a while */
788         spin_lock_irq (&dum->lock);
789         dum->pullup = 1;
790         set_link_state (dum);
791         spin_unlock_irq (&dum->lock);
792
793         usb_hcd_poll_rh_status (dummy_to_hcd (dum));
794         return 0;
795 }
796 EXPORT_SYMBOL (usb_gadget_register_driver);
797
798 int
799 usb_gadget_unregister_driver (struct usb_gadget_driver *driver)
800 {
801         struct dummy    *dum = the_controller;
802         unsigned long   flags;
803
804         if (!dum)
805                 return -ENODEV;
806         if (!driver || driver != dum->driver || !driver->unbind)
807                 return -EINVAL;
808
809         dev_dbg (udc_dev(dum), "unregister gadget driver '%s'\n",
810                         driver->driver.name);
811
812         spin_lock_irqsave (&dum->lock, flags);
813         dum->pullup = 0;
814         set_link_state (dum);
815         spin_unlock_irqrestore (&dum->lock, flags);
816
817         driver->unbind (&dum->gadget);
818         dum->gadget.dev.driver = NULL;
819         dum->driver = NULL;
820
821         spin_lock_irqsave (&dum->lock, flags);
822         dum->pullup = 0;
823         set_link_state (dum);
824         spin_unlock_irqrestore (&dum->lock, flags);
825
826         usb_hcd_poll_rh_status (dummy_to_hcd (dum));
827         return 0;
828 }
829 EXPORT_SYMBOL (usb_gadget_unregister_driver);
830
831 #undef is_enabled
832
833 /* just declare this in any driver that really need it */
834 extern int net2280_set_fifo_mode (struct usb_gadget *gadget, int mode);
835
836 int net2280_set_fifo_mode (struct usb_gadget *gadget, int mode)
837 {
838         return -ENOSYS;
839 }
840 EXPORT_SYMBOL (net2280_set_fifo_mode);
841
842
843 /* The gadget structure is stored inside the hcd structure and will be
844  * released along with it. */
845 static void
846 dummy_gadget_release (struct device *dev)
847 {
848         struct dummy    *dum = gadget_dev_to_dummy (dev);
849
850         usb_put_hcd (dummy_to_hcd (dum));
851 }
852
853 static int dummy_udc_probe (struct platform_device *pdev)
854 {
855         struct dummy    *dum = the_controller;
856         int             rc;
857
858         dum->gadget.name = gadget_name;
859         dum->gadget.ops = &dummy_ops;
860         dum->gadget.is_dualspeed = 1;
861
862         /* maybe claim OTG support, though we won't complete HNP */
863         dum->gadget.is_otg = (dummy_to_hcd(dum)->self.otg_port != 0);
864
865         dev_set_name(&dum->gadget.dev, "gadget");
866         dum->gadget.dev.parent = &pdev->dev;
867         dum->gadget.dev.release = dummy_gadget_release;
868         rc = device_register (&dum->gadget.dev);
869         if (rc < 0)
870                 return rc;
871
872         usb_get_hcd (dummy_to_hcd (dum));
873
874         platform_set_drvdata (pdev, dum);
875         rc = device_create_file (&dum->gadget.dev, &dev_attr_function);
876         if (rc < 0)
877                 device_unregister (&dum->gadget.dev);
878         return rc;
879 }
880
881 static int dummy_udc_remove (struct platform_device *pdev)
882 {
883         struct dummy    *dum = platform_get_drvdata (pdev);
884
885         platform_set_drvdata (pdev, NULL);
886         device_remove_file (&dum->gadget.dev, &dev_attr_function);
887         device_unregister (&dum->gadget.dev);
888         return 0;
889 }
890
891 static int dummy_udc_suspend (struct platform_device *pdev, pm_message_t state)
892 {
893         struct dummy    *dum = platform_get_drvdata(pdev);
894
895         dev_dbg (&pdev->dev, "%s\n", __func__);
896         spin_lock_irq (&dum->lock);
897         dum->udc_suspended = 1;
898         set_link_state (dum);
899         spin_unlock_irq (&dum->lock);
900
901         usb_hcd_poll_rh_status (dummy_to_hcd (dum));
902         return 0;
903 }
904
905 static int dummy_udc_resume (struct platform_device *pdev)
906 {
907         struct dummy    *dum = platform_get_drvdata(pdev);
908
909         dev_dbg (&pdev->dev, "%s\n", __func__);
910         spin_lock_irq (&dum->lock);
911         dum->udc_suspended = 0;
912         set_link_state (dum);
913         spin_unlock_irq (&dum->lock);
914
915         usb_hcd_poll_rh_status (dummy_to_hcd (dum));
916         return 0;
917 }
918
919 static struct platform_driver dummy_udc_driver = {
920         .probe          = dummy_udc_probe,
921         .remove         = dummy_udc_remove,
922         .suspend        = dummy_udc_suspend,
923         .resume         = dummy_udc_resume,
924         .driver         = {
925                 .name   = (char *) gadget_name,
926                 .owner  = THIS_MODULE,
927         },
928 };
929
930 /*-------------------------------------------------------------------------*/
931
932 /* MASTER/HOST SIDE DRIVER
933  *
934  * this uses the hcd framework to hook up to host side drivers.
935  * its root hub will only have one device, otherwise it acts like
936  * a normal host controller.
937  *
938  * when urbs are queued, they're just stuck on a list that we
939  * scan in a timer callback.  that callback connects writes from
940  * the host with reads from the device, and so on, based on the
941  * usb 2.0 rules.
942  */
943
944 static int dummy_urb_enqueue (
945         struct usb_hcd                  *hcd,
946         struct urb                      *urb,
947         gfp_t                           mem_flags
948 ) {
949         struct dummy    *dum;
950         struct urbp     *urbp;
951         unsigned long   flags;
952         int             rc;
953
954         if (!urb->transfer_buffer && urb->transfer_buffer_length)
955                 return -EINVAL;
956
957         urbp = kmalloc (sizeof *urbp, mem_flags);
958         if (!urbp)
959                 return -ENOMEM;
960         urbp->urb = urb;
961
962         dum = hcd_to_dummy (hcd);
963         spin_lock_irqsave (&dum->lock, flags);
964         rc = usb_hcd_link_urb_to_ep(hcd, urb);
965         if (rc) {
966                 kfree(urbp);
967                 goto done;
968         }
969
970         if (!dum->udev) {
971                 dum->udev = urb->dev;
972                 usb_get_dev (dum->udev);
973         } else if (unlikely (dum->udev != urb->dev))
974                 dev_err (dummy_dev(dum), "usb_device address has changed!\n");
975
976         list_add_tail (&urbp->urbp_list, &dum->urbp_list);
977         urb->hcpriv = urbp;
978         if (usb_pipetype (urb->pipe) == PIPE_CONTROL)
979                 urb->error_count = 1;           /* mark as a new urb */
980
981         /* kick the scheduler, it'll do the rest */
982         if (!timer_pending (&dum->timer))
983                 mod_timer (&dum->timer, jiffies + 1);
984
985  done:
986         spin_unlock_irqrestore(&dum->lock, flags);
987         return rc;
988 }
989
990 static int dummy_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
991 {
992         struct dummy    *dum;
993         unsigned long   flags;
994         int             rc;
995
996         /* giveback happens automatically in timer callback,
997          * so make sure the callback happens */
998         dum = hcd_to_dummy (hcd);
999         spin_lock_irqsave (&dum->lock, flags);
1000
1001         rc = usb_hcd_check_unlink_urb(hcd, urb, status);
1002         if (!rc && dum->rh_state != DUMMY_RH_RUNNING &&
1003                         !list_empty(&dum->urbp_list))
1004                 mod_timer (&dum->timer, jiffies);
1005
1006         spin_unlock_irqrestore (&dum->lock, flags);
1007         return rc;
1008 }
1009
1010 /* transfer up to a frame's worth; caller must own lock */
1011 static int
1012 transfer(struct dummy *dum, struct urb *urb, struct dummy_ep *ep, int limit,
1013                 int *status)
1014 {
1015         struct dummy_request    *req;
1016
1017 top:
1018         /* if there's no request queued, the device is NAKing; return */
1019         list_for_each_entry (req, &ep->queue, queue) {
1020                 unsigned        host_len, dev_len, len;
1021                 int             is_short, to_host;
1022                 int             rescan = 0;
1023
1024                 /* 1..N packets of ep->ep.maxpacket each ... the last one
1025                  * may be short (including zero length).
1026                  *
1027                  * writer can send a zlp explicitly (length 0) or implicitly
1028                  * (length mod maxpacket zero, and 'zero' flag); they always
1029                  * terminate reads.
1030                  */
1031                 host_len = urb->transfer_buffer_length - urb->actual_length;
1032                 dev_len = req->req.length - req->req.actual;
1033                 len = min (host_len, dev_len);
1034
1035                 /* FIXME update emulated data toggle too */
1036
1037                 to_host = usb_pipein (urb->pipe);
1038                 if (unlikely (len == 0))
1039                         is_short = 1;
1040                 else {
1041                         char            *ubuf, *rbuf;
1042
1043                         /* not enough bandwidth left? */
1044                         if (limit < ep->ep.maxpacket && limit < len)
1045                                 break;
1046                         len = min (len, (unsigned) limit);
1047                         if (len == 0)
1048                                 break;
1049
1050                         /* use an extra pass for the final short packet */
1051                         if (len > ep->ep.maxpacket) {
1052                                 rescan = 1;
1053                                 len -= (len % ep->ep.maxpacket);
1054                         }
1055                         is_short = (len % ep->ep.maxpacket) != 0;
1056
1057                         /* else transfer packet(s) */
1058                         ubuf = urb->transfer_buffer + urb->actual_length;
1059                         rbuf = req->req.buf + req->req.actual;
1060                         if (to_host)
1061                                 memcpy (ubuf, rbuf, len);
1062                         else
1063                                 memcpy (rbuf, ubuf, len);
1064                         ep->last_io = jiffies;
1065
1066                         limit -= len;
1067                         urb->actual_length += len;
1068                         req->req.actual += len;
1069                 }
1070
1071                 /* short packets terminate, maybe with overflow/underflow.
1072                  * it's only really an error to write too much.
1073                  *
1074                  * partially filling a buffer optionally blocks queue advances
1075                  * (so completion handlers can clean up the queue) but we don't
1076                  * need to emulate such data-in-flight.
1077                  */
1078                 if (is_short) {
1079                         if (host_len == dev_len) {
1080                                 req->req.status = 0;
1081                                 *status = 0;
1082                         } else if (to_host) {
1083                                 req->req.status = 0;
1084                                 if (dev_len > host_len)
1085                                         *status = -EOVERFLOW;
1086                                 else
1087                                         *status = 0;
1088                         } else if (!to_host) {
1089                                 *status = 0;
1090                                 if (host_len > dev_len)
1091                                         req->req.status = -EOVERFLOW;
1092                                 else
1093                                         req->req.status = 0;
1094                         }
1095
1096                 /* many requests terminate without a short packet */
1097                 } else {
1098                         if (req->req.length == req->req.actual
1099                                         && !req->req.zero)
1100                                 req->req.status = 0;
1101                         if (urb->transfer_buffer_length == urb->actual_length
1102                                         && !(urb->transfer_flags
1103                                                 & URB_ZERO_PACKET))
1104                                 *status = 0;
1105                 }
1106
1107                 /* device side completion --> continuable */
1108                 if (req->req.status != -EINPROGRESS) {
1109                         list_del_init (&req->queue);
1110
1111                         spin_unlock (&dum->lock);
1112                         req->req.complete (&ep->ep, &req->req);
1113                         spin_lock (&dum->lock);
1114
1115                         /* requests might have been unlinked... */
1116                         rescan = 1;
1117                 }
1118
1119                 /* host side completion --> terminate */
1120                 if (*status != -EINPROGRESS)
1121                         break;
1122
1123                 /* rescan to continue with any other queued i/o */
1124                 if (rescan)
1125                         goto top;
1126         }
1127         return limit;
1128 }
1129
1130 static int periodic_bytes (struct dummy *dum, struct dummy_ep *ep)
1131 {
1132         int     limit = ep->ep.maxpacket;
1133
1134         if (dum->gadget.speed == USB_SPEED_HIGH) {
1135                 int     tmp;
1136
1137                 /* high bandwidth mode */
1138                 tmp = le16_to_cpu(ep->desc->wMaxPacketSize);
1139                 tmp = (tmp >> 11) & 0x03;
1140                 tmp *= 8 /* applies to entire frame */;
1141                 limit += limit * tmp;
1142         }
1143         return limit;
1144 }
1145
1146 #define is_active(dum)  ((dum->port_status & \
1147                 (USB_PORT_STAT_CONNECTION | USB_PORT_STAT_ENABLE | \
1148                         USB_PORT_STAT_SUSPEND)) \
1149                 == (USB_PORT_STAT_CONNECTION | USB_PORT_STAT_ENABLE))
1150
1151 static struct dummy_ep *find_endpoint (struct dummy *dum, u8 address)
1152 {
1153         int             i;
1154
1155         if (!is_active (dum))
1156                 return NULL;
1157         if ((address & ~USB_DIR_IN) == 0)
1158                 return &dum->ep [0];
1159         for (i = 1; i < DUMMY_ENDPOINTS; i++) {
1160                 struct dummy_ep *ep = &dum->ep [i];
1161
1162                 if (!ep->desc)
1163                         continue;
1164                 if (ep->desc->bEndpointAddress == address)
1165                         return ep;
1166         }
1167         return NULL;
1168 }
1169
1170 #undef is_active
1171
1172 #define Dev_Request     (USB_TYPE_STANDARD | USB_RECIP_DEVICE)
1173 #define Dev_InRequest   (Dev_Request | USB_DIR_IN)
1174 #define Intf_Request    (USB_TYPE_STANDARD | USB_RECIP_INTERFACE)
1175 #define Intf_InRequest  (Intf_Request | USB_DIR_IN)
1176 #define Ep_Request      (USB_TYPE_STANDARD | USB_RECIP_ENDPOINT)
1177 #define Ep_InRequest    (Ep_Request | USB_DIR_IN)
1178
1179 /* drive both sides of the transfers; looks like irq handlers to
1180  * both drivers except the callbacks aren't in_irq().
1181  */
1182 static void dummy_timer (unsigned long _dum)
1183 {
1184         struct dummy            *dum = (struct dummy *) _dum;
1185         struct urbp             *urbp, *tmp;
1186         unsigned long           flags;
1187         int                     limit, total;
1188         int                     i;
1189
1190         /* simplistic model for one frame's bandwidth */
1191         switch (dum->gadget.speed) {
1192         case USB_SPEED_LOW:
1193                 total = 8/*bytes*/ * 12/*packets*/;
1194                 break;
1195         case USB_SPEED_FULL:
1196                 total = 64/*bytes*/ * 19/*packets*/;
1197                 break;
1198         case USB_SPEED_HIGH:
1199                 total = 512/*bytes*/ * 13/*packets*/ * 8/*uframes*/;
1200                 break;
1201         default:
1202                 dev_err (dummy_dev(dum), "bogus device speed\n");
1203                 return;
1204         }
1205
1206         /* FIXME if HZ != 1000 this will probably misbehave ... */
1207
1208         /* look at each urb queued by the host side driver */
1209         spin_lock_irqsave (&dum->lock, flags);
1210
1211         if (!dum->udev) {
1212                 dev_err (dummy_dev(dum),
1213                                 "timer fired with no URBs pending?\n");
1214                 spin_unlock_irqrestore (&dum->lock, flags);
1215                 return;
1216         }
1217
1218         for (i = 0; i < DUMMY_ENDPOINTS; i++) {
1219                 if (!ep_name [i])
1220                         break;
1221                 dum->ep [i].already_seen = 0;
1222         }
1223
1224 restart:
1225         list_for_each_entry_safe (urbp, tmp, &dum->urbp_list, urbp_list) {
1226                 struct urb              *urb;
1227                 struct dummy_request    *req;
1228                 u8                      address;
1229                 struct dummy_ep         *ep = NULL;
1230                 int                     type;
1231                 int                     status = -EINPROGRESS;
1232
1233                 urb = urbp->urb;
1234                 if (urb->unlinked)
1235                         goto return_urb;
1236                 else if (dum->rh_state != DUMMY_RH_RUNNING)
1237                         continue;
1238                 type = usb_pipetype (urb->pipe);
1239
1240                 /* used up this frame's non-periodic bandwidth?
1241                  * FIXME there's infinite bandwidth for control and
1242                  * periodic transfers ... unrealistic.
1243                  */
1244                 if (total <= 0 && type == PIPE_BULK)
1245                         continue;
1246
1247                 /* find the gadget's ep for this request (if configured) */
1248                 address = usb_pipeendpoint (urb->pipe);
1249                 if (usb_pipein (urb->pipe))
1250                         address |= USB_DIR_IN;
1251                 ep = find_endpoint(dum, address);
1252                 if (!ep) {
1253                         /* set_configuration() disagreement */
1254                         dev_dbg (dummy_dev(dum),
1255                                 "no ep configured for urb %p\n",
1256                                 urb);
1257                         status = -EPROTO;
1258                         goto return_urb;
1259                 }
1260
1261                 if (ep->already_seen)
1262                         continue;
1263                 ep->already_seen = 1;
1264                 if (ep == &dum->ep [0] && urb->error_count) {
1265                         ep->setup_stage = 1;    /* a new urb */
1266                         urb->error_count = 0;
1267                 }
1268                 if (ep->halted && !ep->setup_stage) {
1269                         /* NOTE: must not be iso! */
1270                         dev_dbg (dummy_dev(dum), "ep %s halted, urb %p\n",
1271                                         ep->ep.name, urb);
1272                         status = -EPIPE;
1273                         goto return_urb;
1274                 }
1275                 /* FIXME make sure both ends agree on maxpacket */
1276
1277                 /* handle control requests */
1278                 if (ep == &dum->ep [0] && ep->setup_stage) {
1279                         struct usb_ctrlrequest          setup;
1280                         int                             value = 1;
1281                         struct dummy_ep                 *ep2;
1282                         unsigned                        w_index;
1283                         unsigned                        w_value;
1284
1285                         setup = *(struct usb_ctrlrequest*) urb->setup_packet;
1286                         w_index = le16_to_cpu(setup.wIndex);
1287                         w_value = le16_to_cpu(setup.wValue);
1288                         if (le16_to_cpu(setup.wLength) !=
1289                                         urb->transfer_buffer_length) {
1290                                 status = -EOVERFLOW;
1291                                 goto return_urb;
1292                         }
1293
1294                         /* paranoia, in case of stale queued data */
1295                         list_for_each_entry (req, &ep->queue, queue) {
1296                                 list_del_init (&req->queue);
1297                                 req->req.status = -EOVERFLOW;
1298                                 dev_dbg (udc_dev(dum), "stale req = %p\n",
1299                                                 req);
1300
1301                                 spin_unlock (&dum->lock);
1302                                 req->req.complete (&ep->ep, &req->req);
1303                                 spin_lock (&dum->lock);
1304                                 ep->already_seen = 0;
1305                                 goto restart;
1306                         }
1307
1308                         /* gadget driver never sees set_address or operations
1309                          * on standard feature flags.  some hardware doesn't
1310                          * even expose them.
1311                          */
1312                         ep->last_io = jiffies;
1313                         ep->setup_stage = 0;
1314                         ep->halted = 0;
1315                         switch (setup.bRequest) {
1316                         case USB_REQ_SET_ADDRESS:
1317                                 if (setup.bRequestType != Dev_Request)
1318                                         break;
1319                                 dum->address = w_value;
1320                                 status = 0;
1321                                 dev_dbg (udc_dev(dum), "set_address = %d\n",
1322                                                 w_value);
1323                                 value = 0;
1324                                 break;
1325                         case USB_REQ_SET_FEATURE:
1326                                 if (setup.bRequestType == Dev_Request) {
1327                                         value = 0;
1328                                         switch (w_value) {
1329                                         case USB_DEVICE_REMOTE_WAKEUP:
1330                                                 break;
1331                                         case USB_DEVICE_B_HNP_ENABLE:
1332                                                 dum->gadget.b_hnp_enable = 1;
1333                                                 break;
1334                                         case USB_DEVICE_A_HNP_SUPPORT:
1335                                                 dum->gadget.a_hnp_support = 1;
1336                                                 break;
1337                                         case USB_DEVICE_A_ALT_HNP_SUPPORT:
1338                                                 dum->gadget.a_alt_hnp_support
1339                                                         = 1;
1340                                                 break;
1341                                         default:
1342                                                 value = -EOPNOTSUPP;
1343                                         }
1344                                         if (value == 0) {
1345                                                 dum->devstatus |=
1346                                                         (1 << w_value);
1347                                                 status = 0;
1348                                         }
1349
1350                                 } else if (setup.bRequestType == Ep_Request) {
1351                                         // endpoint halt
1352                                         ep2 = find_endpoint (dum, w_index);
1353                                         if (!ep2) {
1354                                                 value = -EOPNOTSUPP;
1355                                                 break;
1356                                         }
1357                                         ep2->halted = 1;
1358                                         value = 0;
1359                                         status = 0;
1360                                 }
1361                                 break;
1362                         case USB_REQ_CLEAR_FEATURE:
1363                                 if (setup.bRequestType == Dev_Request) {
1364                                         switch (w_value) {
1365                                         case USB_DEVICE_REMOTE_WAKEUP:
1366                                                 dum->devstatus &= ~(1 <<
1367                                                         USB_DEVICE_REMOTE_WAKEUP);
1368                                                 value = 0;
1369                                                 status = 0;
1370                                                 break;
1371                                         default:
1372                                                 value = -EOPNOTSUPP;
1373                                                 break;
1374                                         }
1375                                 } else if (setup.bRequestType == Ep_Request) {
1376                                         // endpoint halt
1377                                         ep2 = find_endpoint (dum, w_index);
1378                                         if (!ep2) {
1379                                                 value = -EOPNOTSUPP;
1380                                                 break;
1381                                         }
1382                                         ep2->halted = 0;
1383                                         value = 0;
1384                                         status = 0;
1385                                 }
1386                                 break;
1387                         case USB_REQ_GET_STATUS:
1388                                 if (setup.bRequestType == Dev_InRequest
1389                                                 || setup.bRequestType
1390                                                         == Intf_InRequest
1391                                                 || setup.bRequestType
1392                                                         == Ep_InRequest
1393                                                 ) {
1394                                         char *buf;
1395
1396                                         // device: remote wakeup, selfpowered
1397                                         // interface: nothing
1398                                         // endpoint: halt
1399                                         buf = (char *)urb->transfer_buffer;
1400                                         if (urb->transfer_buffer_length > 0) {
1401                                                 if (setup.bRequestType ==
1402                                                                 Ep_InRequest) {
1403         ep2 = find_endpoint (dum, w_index);
1404         if (!ep2) {
1405                 value = -EOPNOTSUPP;
1406                 break;
1407         }
1408         buf [0] = ep2->halted;
1409                                                 } else if (setup.bRequestType ==
1410                                                                 Dev_InRequest) {
1411                                                         buf [0] = (u8)
1412                                                                 dum->devstatus;
1413                                                 } else
1414                                                         buf [0] = 0;
1415                                         }
1416                                         if (urb->transfer_buffer_length > 1)
1417                                                 buf [1] = 0;
1418                                         urb->actual_length = min (2,
1419                                                 urb->transfer_buffer_length);
1420                                         value = 0;
1421                                         status = 0;
1422                                 }
1423                                 break;
1424                         }
1425
1426                         /* gadget driver handles all other requests.  block
1427                          * until setup() returns; no reentrancy issues etc.
1428                          */
1429                         if (value > 0) {
1430                                 spin_unlock (&dum->lock);
1431                                 value = dum->driver->setup (&dum->gadget,
1432                                                 &setup);
1433                                 spin_lock (&dum->lock);
1434
1435                                 if (value >= 0) {
1436                                         /* no delays (max 64KB data stage) */
1437                                         limit = 64*1024;
1438                                         goto treat_control_like_bulk;
1439                                 }
1440                                 /* error, see below */
1441                         }
1442
1443                         if (value < 0) {
1444                                 if (value != -EOPNOTSUPP)
1445                                         dev_dbg (udc_dev(dum),
1446                                                 "setup --> %d\n",
1447                                                 value);
1448                                 status = -EPIPE;
1449                                 urb->actual_length = 0;
1450                         }
1451
1452                         goto return_urb;
1453                 }
1454
1455                 /* non-control requests */
1456                 limit = total;
1457                 switch (usb_pipetype (urb->pipe)) {
1458                 case PIPE_ISOCHRONOUS:
1459                         /* FIXME is it urb->interval since the last xfer?
1460                          * use urb->iso_frame_desc[i].
1461                          * complete whether or not ep has requests queued.
1462                          * report random errors, to debug drivers.
1463                          */
1464                         limit = max (limit, periodic_bytes (dum, ep));
1465                         status = -ENOSYS;
1466                         break;
1467
1468                 case PIPE_INTERRUPT:
1469                         /* FIXME is it urb->interval since the last xfer?
1470                          * this almost certainly polls too fast.
1471                          */
1472                         limit = max (limit, periodic_bytes (dum, ep));
1473                         /* FALLTHROUGH */
1474
1475                 // case PIPE_BULK:  case PIPE_CONTROL:
1476                 default:
1477                 treat_control_like_bulk:
1478                         ep->last_io = jiffies;
1479                         total = transfer(dum, urb, ep, limit, &status);
1480                         break;
1481                 }
1482
1483                 /* incomplete transfer? */
1484                 if (status == -EINPROGRESS)
1485                         continue;
1486
1487 return_urb:
1488                 list_del (&urbp->urbp_list);
1489                 kfree (urbp);
1490                 if (ep)
1491                         ep->already_seen = ep->setup_stage = 0;
1492
1493                 usb_hcd_unlink_urb_from_ep(dummy_to_hcd(dum), urb);
1494                 spin_unlock (&dum->lock);
1495                 usb_hcd_giveback_urb(dummy_to_hcd(dum), urb, status);
1496                 spin_lock (&dum->lock);
1497
1498                 goto restart;
1499         }
1500
1501         if (list_empty (&dum->urbp_list)) {
1502                 usb_put_dev (dum->udev);
1503                 dum->udev = NULL;
1504         } else if (dum->rh_state == DUMMY_RH_RUNNING) {
1505                 /* want a 1 msec delay here */
1506                 mod_timer (&dum->timer, jiffies + msecs_to_jiffies(1));
1507         }
1508
1509         spin_unlock_irqrestore (&dum->lock, flags);
1510 }
1511
1512 /*-------------------------------------------------------------------------*/
1513
1514 #define PORT_C_MASK \
1515         ((USB_PORT_STAT_C_CONNECTION \
1516         | USB_PORT_STAT_C_ENABLE \
1517         | USB_PORT_STAT_C_SUSPEND \
1518         | USB_PORT_STAT_C_OVERCURRENT \
1519         | USB_PORT_STAT_C_RESET) << 16)
1520
1521 static int dummy_hub_status (struct usb_hcd *hcd, char *buf)
1522 {
1523         struct dummy            *dum;
1524         unsigned long           flags;
1525         int                     retval = 0;
1526
1527         dum = hcd_to_dummy (hcd);
1528
1529         spin_lock_irqsave (&dum->lock, flags);
1530         if (!test_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags))
1531                 goto done;
1532
1533         if (dum->resuming && time_after_eq (jiffies, dum->re_timeout)) {
1534                 dum->port_status |= (USB_PORT_STAT_C_SUSPEND << 16);
1535                 dum->port_status &= ~USB_PORT_STAT_SUSPEND;
1536                 set_link_state (dum);
1537         }
1538
1539         if ((dum->port_status & PORT_C_MASK) != 0) {
1540                 *buf = (1 << 1);
1541                 dev_dbg (dummy_dev(dum), "port status 0x%08x has changes\n",
1542                                 dum->port_status);
1543                 retval = 1;
1544                 if (dum->rh_state == DUMMY_RH_SUSPENDED)
1545                         usb_hcd_resume_root_hub (hcd);
1546         }
1547 done:
1548         spin_unlock_irqrestore (&dum->lock, flags);
1549         return retval;
1550 }
1551
1552 static inline void
1553 hub_descriptor (struct usb_hub_descriptor *desc)
1554 {
1555         memset (desc, 0, sizeof *desc);
1556         desc->bDescriptorType = 0x29;
1557         desc->bDescLength = 9;
1558         desc->wHubCharacteristics = cpu_to_le16(0x0001);
1559         desc->bNbrPorts = 1;
1560         desc->bitmap [0] = 0xff;
1561         desc->bitmap [1] = 0xff;
1562 }
1563
1564 static int dummy_hub_control (
1565         struct usb_hcd  *hcd,
1566         u16             typeReq,
1567         u16             wValue,
1568         u16             wIndex,
1569         char            *buf,
1570         u16             wLength
1571 ) {
1572         struct dummy    *dum;
1573         int             retval = 0;
1574         unsigned long   flags;
1575
1576         if (!test_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags))
1577                 return -ETIMEDOUT;
1578
1579         dum = hcd_to_dummy (hcd);
1580         spin_lock_irqsave (&dum->lock, flags);
1581         switch (typeReq) {
1582         case ClearHubFeature:
1583                 break;
1584         case ClearPortFeature:
1585                 switch (wValue) {
1586                 case USB_PORT_FEAT_SUSPEND:
1587                         if (dum->port_status & USB_PORT_STAT_SUSPEND) {
1588                                 /* 20msec resume signaling */
1589                                 dum->resuming = 1;
1590                                 dum->re_timeout = jiffies +
1591                                                 msecs_to_jiffies(20);
1592                         }
1593                         break;
1594                 case USB_PORT_FEAT_POWER:
1595                         if (dum->port_status & USB_PORT_STAT_POWER)
1596                                 dev_dbg (dummy_dev(dum), "power-off\n");
1597                         /* FALLS THROUGH */
1598                 default:
1599                         dum->port_status &= ~(1 << wValue);
1600                         set_link_state (dum);
1601                 }
1602                 break;
1603         case GetHubDescriptor:
1604                 hub_descriptor ((struct usb_hub_descriptor *) buf);
1605                 break;
1606         case GetHubStatus:
1607                 *(__le32 *) buf = __constant_cpu_to_le32 (0);
1608                 break;
1609         case GetPortStatus:
1610                 if (wIndex != 1)
1611                         retval = -EPIPE;
1612
1613                 /* whoever resets or resumes must GetPortStatus to
1614                  * complete it!!
1615                  */
1616                 if (dum->resuming &&
1617                                 time_after_eq (jiffies, dum->re_timeout)) {
1618                         dum->port_status |= (USB_PORT_STAT_C_SUSPEND << 16);
1619                         dum->port_status &= ~USB_PORT_STAT_SUSPEND;
1620                 }
1621                 if ((dum->port_status & USB_PORT_STAT_RESET) != 0 &&
1622                                 time_after_eq (jiffies, dum->re_timeout)) {
1623                         dum->port_status |= (USB_PORT_STAT_C_RESET << 16);
1624                         dum->port_status &= ~USB_PORT_STAT_RESET;
1625                         if (dum->pullup) {
1626                                 dum->port_status |= USB_PORT_STAT_ENABLE;
1627                                 /* give it the best speed we agree on */
1628                                 dum->gadget.speed = dum->driver->speed;
1629                                 dum->gadget.ep0->maxpacket = 64;
1630                                 switch (dum->gadget.speed) {
1631                                 case USB_SPEED_HIGH:
1632                                         dum->port_status |=
1633                                                 USB_PORT_STAT_HIGH_SPEED;
1634                                         break;
1635                                 case USB_SPEED_LOW:
1636                                         dum->gadget.ep0->maxpacket = 8;
1637                                         dum->port_status |=
1638                                                 USB_PORT_STAT_LOW_SPEED;
1639                                         break;
1640                                 default:
1641                                         dum->gadget.speed = USB_SPEED_FULL;
1642                                         break;
1643                                 }
1644                         }
1645                 }
1646                 set_link_state (dum);
1647                 ((__le16 *) buf)[0] = cpu_to_le16 (dum->port_status);
1648                 ((__le16 *) buf)[1] = cpu_to_le16 (dum->port_status >> 16);
1649                 break;
1650         case SetHubFeature:
1651                 retval = -EPIPE;
1652                 break;
1653         case SetPortFeature:
1654                 switch (wValue) {
1655                 case USB_PORT_FEAT_SUSPEND:
1656                         if (dum->active) {
1657                                 dum->port_status |= USB_PORT_STAT_SUSPEND;
1658
1659                                 /* HNP would happen here; for now we
1660                                  * assume b_bus_req is always true.
1661                                  */
1662                                 set_link_state (dum);
1663                                 if (((1 << USB_DEVICE_B_HNP_ENABLE)
1664                                                 & dum->devstatus) != 0)
1665                                         dev_dbg (dummy_dev(dum),
1666                                                         "no HNP yet!\n");
1667                         }
1668                         break;
1669                 case USB_PORT_FEAT_POWER:
1670                         dum->port_status |= USB_PORT_STAT_POWER;
1671                         set_link_state (dum);
1672                         break;
1673                 case USB_PORT_FEAT_RESET:
1674                         /* if it's already enabled, disable */
1675                         dum->port_status &= ~(USB_PORT_STAT_ENABLE
1676                                         | USB_PORT_STAT_LOW_SPEED
1677                                         | USB_PORT_STAT_HIGH_SPEED);
1678                         dum->devstatus = 0;
1679                         /* 50msec reset signaling */
1680                         dum->re_timeout = jiffies + msecs_to_jiffies(50);
1681                         /* FALLS THROUGH */
1682                 default:
1683                         if ((dum->port_status & USB_PORT_STAT_POWER) != 0) {
1684                                 dum->port_status |= (1 << wValue);
1685                                 set_link_state (dum);
1686                         }
1687                 }
1688                 break;
1689
1690         default:
1691                 dev_dbg (dummy_dev(dum),
1692                         "hub control req%04x v%04x i%04x l%d\n",
1693                         typeReq, wValue, wIndex, wLength);
1694
1695                 /* "protocol stall" on error */
1696                 retval = -EPIPE;
1697         }
1698         spin_unlock_irqrestore (&dum->lock, flags);
1699
1700         if ((dum->port_status & PORT_C_MASK) != 0)
1701                 usb_hcd_poll_rh_status (hcd);
1702         return retval;
1703 }
1704
1705 static int dummy_bus_suspend (struct usb_hcd *hcd)
1706 {
1707         struct dummy *dum = hcd_to_dummy (hcd);
1708
1709         dev_dbg (&hcd->self.root_hub->dev, "%s\n", __func__);
1710
1711         spin_lock_irq (&dum->lock);
1712         dum->rh_state = DUMMY_RH_SUSPENDED;
1713         set_link_state (dum);
1714         hcd->state = HC_STATE_SUSPENDED;
1715         spin_unlock_irq (&dum->lock);
1716         return 0;
1717 }
1718
1719 static int dummy_bus_resume (struct usb_hcd *hcd)
1720 {
1721         struct dummy *dum = hcd_to_dummy (hcd);
1722         int rc = 0;
1723
1724         dev_dbg (&hcd->self.root_hub->dev, "%s\n", __func__);
1725
1726         spin_lock_irq (&dum->lock);
1727         if (!test_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags)) {
1728                 rc = -ESHUTDOWN;
1729         } else {
1730                 dum->rh_state = DUMMY_RH_RUNNING;
1731                 set_link_state (dum);
1732                 if (!list_empty(&dum->urbp_list))
1733                         mod_timer (&dum->timer, jiffies);
1734                 hcd->state = HC_STATE_RUNNING;
1735         }
1736         spin_unlock_irq (&dum->lock);
1737         return rc;
1738 }
1739
1740 /*-------------------------------------------------------------------------*/
1741
1742 static inline ssize_t
1743 show_urb (char *buf, size_t size, struct urb *urb)
1744 {
1745         int ep = usb_pipeendpoint (urb->pipe);
1746
1747         return snprintf (buf, size,
1748                 "urb/%p %s ep%d%s%s len %d/%d\n",
1749                 urb,
1750                 ({ char *s;
1751                  switch (urb->dev->speed) {
1752                  case USB_SPEED_LOW:    s = "ls"; break;
1753                  case USB_SPEED_FULL:   s = "fs"; break;
1754                  case USB_SPEED_HIGH:   s = "hs"; break;
1755                  default:               s = "?"; break;
1756                  }; s; }),
1757                 ep, ep ? (usb_pipein (urb->pipe) ? "in" : "out") : "",
1758                 ({ char *s; \
1759                  switch (usb_pipetype (urb->pipe)) { \
1760                  case PIPE_CONTROL:     s = ""; break; \
1761                  case PIPE_BULK:        s = "-bulk"; break; \
1762                  case PIPE_INTERRUPT:   s = "-int"; break; \
1763                  default:               s = "-iso"; break; \
1764                 }; s;}),
1765                 urb->actual_length, urb->transfer_buffer_length);
1766 }
1767
1768 static ssize_t
1769 show_urbs (struct device *dev, struct device_attribute *attr, char *buf)
1770 {
1771         struct usb_hcd          *hcd = dev_get_drvdata (dev);
1772         struct dummy            *dum = hcd_to_dummy (hcd);
1773         struct urbp             *urbp;
1774         size_t                  size = 0;
1775         unsigned long           flags;
1776
1777         spin_lock_irqsave (&dum->lock, flags);
1778         list_for_each_entry (urbp, &dum->urbp_list, urbp_list) {
1779                 size_t          temp;
1780
1781                 temp = show_urb (buf, PAGE_SIZE - size, urbp->urb);
1782                 buf += temp;
1783                 size += temp;
1784         }
1785         spin_unlock_irqrestore (&dum->lock, flags);
1786
1787         return size;
1788 }
1789 static DEVICE_ATTR (urbs, S_IRUGO, show_urbs, NULL);
1790
1791 static int dummy_start (struct usb_hcd *hcd)
1792 {
1793         struct dummy            *dum;
1794
1795         dum = hcd_to_dummy (hcd);
1796
1797         /*
1798          * MASTER side init ... we emulate a root hub that'll only ever
1799          * talk to one device (the slave side).  Also appears in sysfs,
1800          * just like more familiar pci-based HCDs.
1801          */
1802         spin_lock_init (&dum->lock);
1803         init_timer (&dum->timer);
1804         dum->timer.function = dummy_timer;
1805         dum->timer.data = (unsigned long) dum;
1806         dum->rh_state = DUMMY_RH_RUNNING;
1807
1808         INIT_LIST_HEAD (&dum->urbp_list);
1809
1810         hcd->power_budget = POWER_BUDGET;
1811         hcd->state = HC_STATE_RUNNING;
1812         hcd->uses_new_polling = 1;
1813
1814 #ifdef CONFIG_USB_OTG
1815         hcd->self.otg_port = 1;
1816 #endif
1817
1818         /* FIXME 'urbs' should be a per-device thing, maybe in usbcore */
1819         return device_create_file (dummy_dev(dum), &dev_attr_urbs);
1820 }
1821
1822 static void dummy_stop (struct usb_hcd *hcd)
1823 {
1824         struct dummy            *dum;
1825
1826         dum = hcd_to_dummy (hcd);
1827
1828         device_remove_file (dummy_dev(dum), &dev_attr_urbs);
1829         usb_gadget_unregister_driver (dum->driver);
1830         dev_info (dummy_dev(dum), "stopped\n");
1831 }
1832
1833 /*-------------------------------------------------------------------------*/
1834
1835 static int dummy_h_get_frame (struct usb_hcd *hcd)
1836 {
1837         return dummy_g_get_frame (NULL);
1838 }
1839
1840 static const struct hc_driver dummy_hcd = {
1841         .description =          (char *) driver_name,
1842         .product_desc =         "Dummy host controller",
1843         .hcd_priv_size =        sizeof(struct dummy),
1844
1845         .flags =                HCD_USB2,
1846
1847         .start =                dummy_start,
1848         .stop =                 dummy_stop,
1849
1850         .urb_enqueue =          dummy_urb_enqueue,
1851         .urb_dequeue =          dummy_urb_dequeue,
1852
1853         .get_frame_number =     dummy_h_get_frame,
1854
1855         .hub_status_data =      dummy_hub_status,
1856         .hub_control =          dummy_hub_control,
1857         .bus_suspend =          dummy_bus_suspend,
1858         .bus_resume =           dummy_bus_resume,
1859 };
1860
1861 static int dummy_hcd_probe(struct platform_device *pdev)
1862 {
1863         struct usb_hcd          *hcd;
1864         int                     retval;
1865
1866         dev_info(&pdev->dev, "%s, driver " DRIVER_VERSION "\n", driver_desc);
1867
1868         hcd = usb_create_hcd(&dummy_hcd, &pdev->dev, dev_name(&pdev->dev));
1869         if (!hcd)
1870                 return -ENOMEM;
1871         the_controller = hcd_to_dummy (hcd);
1872
1873         retval = usb_add_hcd(hcd, 0, 0);
1874         if (retval != 0) {
1875                 usb_put_hcd (hcd);
1876                 the_controller = NULL;
1877         }
1878         return retval;
1879 }
1880
1881 static int dummy_hcd_remove (struct platform_device *pdev)
1882 {
1883         struct usb_hcd          *hcd;
1884
1885         hcd = platform_get_drvdata (pdev);
1886         usb_remove_hcd (hcd);
1887         usb_put_hcd (hcd);
1888         the_controller = NULL;
1889         return 0;
1890 }
1891
1892 static int dummy_hcd_suspend (struct platform_device *pdev, pm_message_t state)
1893 {
1894         struct usb_hcd          *hcd;
1895         struct dummy            *dum;
1896         int                     rc = 0;
1897
1898         dev_dbg (&pdev->dev, "%s\n", __func__);
1899
1900         hcd = platform_get_drvdata (pdev);
1901         dum = hcd_to_dummy (hcd);
1902         if (dum->rh_state == DUMMY_RH_RUNNING) {
1903                 dev_warn(&pdev->dev, "Root hub isn't suspended!\n");
1904                 rc = -EBUSY;
1905         } else
1906                 clear_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags);
1907         return rc;
1908 }
1909
1910 static int dummy_hcd_resume (struct platform_device *pdev)
1911 {
1912         struct usb_hcd          *hcd;
1913
1914         dev_dbg (&pdev->dev, "%s\n", __func__);
1915
1916         hcd = platform_get_drvdata (pdev);
1917         set_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags);
1918         usb_hcd_poll_rh_status (hcd);
1919         return 0;
1920 }
1921
1922 static struct platform_driver dummy_hcd_driver = {
1923         .probe          = dummy_hcd_probe,
1924         .remove         = dummy_hcd_remove,
1925         .suspend        = dummy_hcd_suspend,
1926         .resume         = dummy_hcd_resume,
1927         .driver         = {
1928                 .name   = (char *) driver_name,
1929                 .owner  = THIS_MODULE,
1930         },
1931 };
1932
1933 /*-------------------------------------------------------------------------*/
1934
1935 static struct platform_device *the_udc_pdev;
1936 static struct platform_device *the_hcd_pdev;
1937
1938 static int __init init (void)
1939 {
1940         int     retval = -ENOMEM;
1941
1942         if (usb_disabled ())
1943                 return -ENODEV;
1944
1945         the_hcd_pdev = platform_device_alloc(driver_name, -1);
1946         if (!the_hcd_pdev)
1947                 return retval;
1948         the_udc_pdev = platform_device_alloc(gadget_name, -1);
1949         if (!the_udc_pdev)
1950                 goto err_alloc_udc;
1951
1952         retval = platform_driver_register(&dummy_hcd_driver);
1953         if (retval < 0)
1954                 goto err_register_hcd_driver;
1955         retval = platform_driver_register(&dummy_udc_driver);
1956         if (retval < 0)
1957                 goto err_register_udc_driver;
1958
1959         retval = platform_device_add(the_hcd_pdev);
1960         if (retval < 0)
1961                 goto err_add_hcd;
1962         retval = platform_device_add(the_udc_pdev);
1963         if (retval < 0)
1964                 goto err_add_udc;
1965         return retval;
1966
1967 err_add_udc:
1968         platform_device_del(the_hcd_pdev);
1969 err_add_hcd:
1970         platform_driver_unregister(&dummy_udc_driver);
1971 err_register_udc_driver:
1972         platform_driver_unregister(&dummy_hcd_driver);
1973 err_register_hcd_driver:
1974         platform_device_put(the_udc_pdev);
1975 err_alloc_udc:
1976         platform_device_put(the_hcd_pdev);
1977         return retval;
1978 }
1979 module_init (init);
1980
1981 static void __exit cleanup (void)
1982 {
1983         platform_device_unregister(the_udc_pdev);
1984         platform_device_unregister(the_hcd_pdev);
1985         platform_driver_unregister(&dummy_udc_driver);
1986         platform_driver_unregister(&dummy_hcd_driver);
1987 }
1988 module_exit (cleanup);