Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes...
[linux-2.6] / drivers / usb / gadget / dummy_hcd.c
1 /*
2  * dummy_hcd.c -- Dummy/Loopback USB host and device emulator driver.
3  *
4  * Maintainer: Alan Stern <stern@rowland.harvard.edu>
5  *
6  * Copyright (C) 2003 David Brownell
7  * Copyright (C) 2003-2005 Alan Stern
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program; if not, write to the Free Software
21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  */
23
24
25 /*
26  * This exposes a device side "USB gadget" API, driven by requests to a
27  * Linux-USB host controller driver.  USB traffic is simulated; there's
28  * no need for USB hardware.  Use this with two other drivers:
29  *
30  *  - Gadget driver, responding to requests (slave);
31  *  - Host-side device driver, as already familiar in Linux.
32  *
33  * Having this all in one kernel can help some stages of development,
34  * bypassing some hardware (and driver) issues.  UML could help too.
35  */
36
37 #include <linux/module.h>
38 #include <linux/kernel.h>
39 #include <linux/delay.h>
40 #include <linux/ioport.h>
41 #include <linux/slab.h>
42 #include <linux/errno.h>
43 #include <linux/init.h>
44 #include <linux/timer.h>
45 #include <linux/list.h>
46 #include <linux/interrupt.h>
47 #include <linux/platform_device.h>
48 #include <linux/usb.h>
49 #include <linux/usb/gadget.h>
50
51 #include <asm/byteorder.h>
52 #include <asm/io.h>
53 #include <asm/irq.h>
54 #include <asm/system.h>
55 #include <asm/unaligned.h>
56
57
58 #include "../core/hcd.h"
59
60
61 #define DRIVER_DESC     "USB Host+Gadget Emulator"
62 #define DRIVER_VERSION  "02 May 2005"
63
64 #define POWER_BUDGET    500     /* in mA; use 8 for low-power port testing */
65
66 static const char       driver_name [] = "dummy_hcd";
67 static const char       driver_desc [] = "USB Host+Gadget Emulator";
68
69 static const char       gadget_name [] = "dummy_udc";
70
71 MODULE_DESCRIPTION (DRIVER_DESC);
72 MODULE_AUTHOR ("David Brownell");
73 MODULE_LICENSE ("GPL");
74
75 /*-------------------------------------------------------------------------*/
76
77 /* gadget side driver data structres */
78 struct dummy_ep {
79         struct list_head                queue;
80         unsigned long                   last_io;        /* jiffies timestamp */
81         struct usb_gadget               *gadget;
82         const struct usb_endpoint_descriptor *desc;
83         struct usb_ep                   ep;
84         unsigned                        halted : 1;
85         unsigned                        wedged : 1;
86         unsigned                        already_seen : 1;
87         unsigned                        setup_stage : 1;
88 };
89
90 struct dummy_request {
91         struct list_head                queue;          /* ep's requests */
92         struct usb_request              req;
93 };
94
95 static inline struct dummy_ep *usb_ep_to_dummy_ep (struct usb_ep *_ep)
96 {
97         return container_of (_ep, struct dummy_ep, ep);
98 }
99
100 static inline struct dummy_request *usb_request_to_dummy_request
101                 (struct usb_request *_req)
102 {
103         return container_of (_req, struct dummy_request, req);
104 }
105
106 /*-------------------------------------------------------------------------*/
107
108 /*
109  * Every device has ep0 for control requests, plus up to 30 more endpoints,
110  * in one of two types:
111  *
112  *   - Configurable:  direction (in/out), type (bulk, iso, etc), and endpoint
113  *     number can be changed.  Names like "ep-a" are used for this type.
114  *
115  *   - Fixed Function:  in other cases.  some characteristics may be mutable;
116  *     that'd be hardware-specific.  Names like "ep12out-bulk" are used.
117  *
118  * Gadget drivers are responsible for not setting up conflicting endpoint
119  * configurations, illegal or unsupported packet lengths, and so on.
120  */
121
122 static const char ep0name [] = "ep0";
123
124 static const char *const ep_name [] = {
125         ep0name,                                /* everyone has ep0 */
126
127         /* act like a net2280: high speed, six configurable endpoints */
128         "ep-a", "ep-b", "ep-c", "ep-d", "ep-e", "ep-f",
129
130         /* or like pxa250: fifteen fixed function endpoints */
131         "ep1in-bulk", "ep2out-bulk", "ep3in-iso", "ep4out-iso", "ep5in-int",
132         "ep6in-bulk", "ep7out-bulk", "ep8in-iso", "ep9out-iso", "ep10in-int",
133         "ep11in-bulk", "ep12out-bulk", "ep13in-iso", "ep14out-iso",
134                 "ep15in-int",
135
136         /* or like sa1100: two fixed function endpoints */
137         "ep1out-bulk", "ep2in-bulk",
138 };
139 #define DUMMY_ENDPOINTS ARRAY_SIZE(ep_name)
140
141 /*-------------------------------------------------------------------------*/
142
143 #define FIFO_SIZE               64
144
145 struct urbp {
146         struct urb              *urb;
147         struct list_head        urbp_list;
148 };
149
150
151 enum dummy_rh_state {
152         DUMMY_RH_RESET,
153         DUMMY_RH_SUSPENDED,
154         DUMMY_RH_RUNNING
155 };
156
157 struct dummy {
158         spinlock_t                      lock;
159
160         /*
161          * SLAVE/GADGET side support
162          */
163         struct dummy_ep                 ep [DUMMY_ENDPOINTS];
164         int                             address;
165         struct usb_gadget               gadget;
166         struct usb_gadget_driver        *driver;
167         struct dummy_request            fifo_req;
168         u8                              fifo_buf [FIFO_SIZE];
169         u16                             devstatus;
170         unsigned                        udc_suspended:1;
171         unsigned                        pullup:1;
172         unsigned                        active:1;
173         unsigned                        old_active:1;
174
175         /*
176          * MASTER/HOST side support
177          */
178         enum dummy_rh_state             rh_state;
179         struct timer_list               timer;
180         u32                             port_status;
181         u32                             old_status;
182         unsigned                        resuming:1;
183         unsigned long                   re_timeout;
184
185         struct usb_device               *udev;
186         struct list_head                urbp_list;
187 };
188
189 static inline struct dummy *hcd_to_dummy (struct usb_hcd *hcd)
190 {
191         return (struct dummy *) (hcd->hcd_priv);
192 }
193
194 static inline struct usb_hcd *dummy_to_hcd (struct dummy *dum)
195 {
196         return container_of((void *) dum, struct usb_hcd, hcd_priv);
197 }
198
199 static inline struct device *dummy_dev (struct dummy *dum)
200 {
201         return dummy_to_hcd(dum)->self.controller;
202 }
203
204 static inline struct device *udc_dev (struct dummy *dum)
205 {
206         return dum->gadget.dev.parent;
207 }
208
209 static inline struct dummy *ep_to_dummy (struct dummy_ep *ep)
210 {
211         return container_of (ep->gadget, struct dummy, gadget);
212 }
213
214 static inline struct dummy *gadget_to_dummy (struct usb_gadget *gadget)
215 {
216         return container_of (gadget, struct dummy, gadget);
217 }
218
219 static inline struct dummy *gadget_dev_to_dummy (struct device *dev)
220 {
221         return container_of (dev, struct dummy, gadget.dev);
222 }
223
224 static struct dummy                     *the_controller;
225
226 /*-------------------------------------------------------------------------*/
227
228 /* SLAVE/GADGET SIDE UTILITY ROUTINES */
229
230 /* called with spinlock held */
231 static void nuke (struct dummy *dum, struct dummy_ep *ep)
232 {
233         while (!list_empty (&ep->queue)) {
234                 struct dummy_request    *req;
235
236                 req = list_entry (ep->queue.next, struct dummy_request, queue);
237                 list_del_init (&req->queue);
238                 req->req.status = -ESHUTDOWN;
239
240                 spin_unlock (&dum->lock);
241                 req->req.complete (&ep->ep, &req->req);
242                 spin_lock (&dum->lock);
243         }
244 }
245
246 /* caller must hold lock */
247 static void
248 stop_activity (struct dummy *dum)
249 {
250         struct dummy_ep *ep;
251
252         /* prevent any more requests */
253         dum->address = 0;
254
255         /* The timer is left running so that outstanding URBs can fail */
256
257         /* nuke any pending requests first, so driver i/o is quiesced */
258         list_for_each_entry (ep, &dum->gadget.ep_list, ep.ep_list)
259                 nuke (dum, ep);
260
261         /* driver now does any non-usb quiescing necessary */
262 }
263
264 /* caller must hold lock */
265 static void
266 set_link_state (struct dummy *dum)
267 {
268         dum->active = 0;
269         if ((dum->port_status & USB_PORT_STAT_POWER) == 0)
270                 dum->port_status = 0;
271
272         /* UDC suspend must cause a disconnect */
273         else if (!dum->pullup || dum->udc_suspended) {
274                 dum->port_status &= ~(USB_PORT_STAT_CONNECTION |
275                                         USB_PORT_STAT_ENABLE |
276                                         USB_PORT_STAT_LOW_SPEED |
277                                         USB_PORT_STAT_HIGH_SPEED |
278                                         USB_PORT_STAT_SUSPEND);
279                 if ((dum->old_status & USB_PORT_STAT_CONNECTION) != 0)
280                         dum->port_status |= (USB_PORT_STAT_C_CONNECTION << 16);
281         } else {
282                 dum->port_status |= USB_PORT_STAT_CONNECTION;
283                 if ((dum->old_status & USB_PORT_STAT_CONNECTION) == 0)
284                         dum->port_status |= (USB_PORT_STAT_C_CONNECTION << 16);
285                 if ((dum->port_status & USB_PORT_STAT_ENABLE) == 0)
286                         dum->port_status &= ~USB_PORT_STAT_SUSPEND;
287                 else if ((dum->port_status & USB_PORT_STAT_SUSPEND) == 0 &&
288                                 dum->rh_state != DUMMY_RH_SUSPENDED)
289                         dum->active = 1;
290         }
291
292         if ((dum->port_status & USB_PORT_STAT_ENABLE) == 0 || dum->active)
293                 dum->resuming = 0;
294
295         if ((dum->port_status & USB_PORT_STAT_CONNECTION) == 0 ||
296                         (dum->port_status & USB_PORT_STAT_RESET) != 0) {
297                 if ((dum->old_status & USB_PORT_STAT_CONNECTION) != 0 &&
298                                 (dum->old_status & USB_PORT_STAT_RESET) == 0 &&
299                                 dum->driver) {
300                         stop_activity (dum);
301                         spin_unlock (&dum->lock);
302                         dum->driver->disconnect (&dum->gadget);
303                         spin_lock (&dum->lock);
304                 }
305         } else if (dum->active != dum->old_active) {
306                 if (dum->old_active && dum->driver->suspend) {
307                         spin_unlock (&dum->lock);
308                         dum->driver->suspend (&dum->gadget);
309                         spin_lock (&dum->lock);
310                 } else if (!dum->old_active && dum->driver->resume) {
311                         spin_unlock (&dum->lock);
312                         dum->driver->resume (&dum->gadget);
313                         spin_lock (&dum->lock);
314                 }
315         }
316
317         dum->old_status = dum->port_status;
318         dum->old_active = dum->active;
319 }
320
321 /*-------------------------------------------------------------------------*/
322
323 /* SLAVE/GADGET SIDE DRIVER
324  *
325  * This only tracks gadget state.  All the work is done when the host
326  * side tries some (emulated) i/o operation.  Real device controller
327  * drivers would do real i/o using dma, fifos, irqs, timers, etc.
328  */
329
330 #define is_enabled(dum) \
331         (dum->port_status & USB_PORT_STAT_ENABLE)
332
333 static int
334 dummy_enable (struct usb_ep *_ep, const struct usb_endpoint_descriptor *desc)
335 {
336         struct dummy            *dum;
337         struct dummy_ep         *ep;
338         unsigned                max;
339         int                     retval;
340
341         ep = usb_ep_to_dummy_ep (_ep);
342         if (!_ep || !desc || ep->desc || _ep->name == ep0name
343                         || desc->bDescriptorType != USB_DT_ENDPOINT)
344                 return -EINVAL;
345         dum = ep_to_dummy (ep);
346         if (!dum->driver || !is_enabled (dum))
347                 return -ESHUTDOWN;
348         max = le16_to_cpu(desc->wMaxPacketSize) & 0x3ff;
349
350         /* drivers must not request bad settings, since lower levels
351          * (hardware or its drivers) may not check.  some endpoints
352          * can't do iso, many have maxpacket limitations, etc.
353          *
354          * since this "hardware" driver is here to help debugging, we
355          * have some extra sanity checks.  (there could be more though,
356          * especially for "ep9out" style fixed function ones.)
357          */
358         retval = -EINVAL;
359         switch (desc->bmAttributes & 0x03) {
360         case USB_ENDPOINT_XFER_BULK:
361                 if (strstr (ep->ep.name, "-iso")
362                                 || strstr (ep->ep.name, "-int")) {
363                         goto done;
364                 }
365                 switch (dum->gadget.speed) {
366                 case USB_SPEED_HIGH:
367                         if (max == 512)
368                                 break;
369                         goto done;
370                 case USB_SPEED_FULL:
371                         if (max == 8 || max == 16 || max == 32 || max == 64)
372                                 /* we'll fake any legal size */
373                                 break;
374                         /* save a return statement */
375                 default:
376                         goto done;
377                 }
378                 break;
379         case USB_ENDPOINT_XFER_INT:
380                 if (strstr (ep->ep.name, "-iso")) /* bulk is ok */
381                         goto done;
382                 /* real hardware might not handle all packet sizes */
383                 switch (dum->gadget.speed) {
384                 case USB_SPEED_HIGH:
385                         if (max <= 1024)
386                                 break;
387                         /* save a return statement */
388                 case USB_SPEED_FULL:
389                         if (max <= 64)
390                                 break;
391                         /* save a return statement */
392                 default:
393                         if (max <= 8)
394                                 break;
395                         goto done;
396                 }
397                 break;
398         case USB_ENDPOINT_XFER_ISOC:
399                 if (strstr (ep->ep.name, "-bulk")
400                                 || strstr (ep->ep.name, "-int"))
401                         goto done;
402                 /* real hardware might not handle all packet sizes */
403                 switch (dum->gadget.speed) {
404                 case USB_SPEED_HIGH:
405                         if (max <= 1024)
406                                 break;
407                         /* save a return statement */
408                 case USB_SPEED_FULL:
409                         if (max <= 1023)
410                                 break;
411                         /* save a return statement */
412                 default:
413                         goto done;
414                 }
415                 break;
416         default:
417                 /* few chips support control except on ep0 */
418                 goto done;
419         }
420
421         _ep->maxpacket = max;
422         ep->desc = desc;
423
424         dev_dbg (udc_dev(dum), "enabled %s (ep%d%s-%s) maxpacket %d\n",
425                 _ep->name,
426                 desc->bEndpointAddress & 0x0f,
427                 (desc->bEndpointAddress & USB_DIR_IN) ? "in" : "out",
428                 ({ char *val;
429                  switch (desc->bmAttributes & 0x03) {
430                  case USB_ENDPOINT_XFER_BULK: val = "bulk"; break;
431                  case USB_ENDPOINT_XFER_ISOC: val = "iso"; break;
432                  case USB_ENDPOINT_XFER_INT: val = "intr"; break;
433                  default: val = "ctrl"; break;
434                  }; val; }),
435                 max);
436
437         /* at this point real hardware should be NAKing transfers
438          * to that endpoint, until a buffer is queued to it.
439          */
440         ep->halted = ep->wedged = 0;
441         retval = 0;
442 done:
443         return retval;
444 }
445
446 static int dummy_disable (struct usb_ep *_ep)
447 {
448         struct dummy_ep         *ep;
449         struct dummy            *dum;
450         unsigned long           flags;
451         int                     retval;
452
453         ep = usb_ep_to_dummy_ep (_ep);
454         if (!_ep || !ep->desc || _ep->name == ep0name)
455                 return -EINVAL;
456         dum = ep_to_dummy (ep);
457
458         spin_lock_irqsave (&dum->lock, flags);
459         ep->desc = NULL;
460         retval = 0;
461         nuke (dum, ep);
462         spin_unlock_irqrestore (&dum->lock, flags);
463
464         dev_dbg (udc_dev(dum), "disabled %s\n", _ep->name);
465         return retval;
466 }
467
468 static struct usb_request *
469 dummy_alloc_request (struct usb_ep *_ep, gfp_t mem_flags)
470 {
471         struct dummy_ep         *ep;
472         struct dummy_request    *req;
473
474         if (!_ep)
475                 return NULL;
476         ep = usb_ep_to_dummy_ep (_ep);
477
478         req = kzalloc(sizeof(*req), mem_flags);
479         if (!req)
480                 return NULL;
481         INIT_LIST_HEAD (&req->queue);
482         return &req->req;
483 }
484
485 static void
486 dummy_free_request (struct usb_ep *_ep, struct usb_request *_req)
487 {
488         struct dummy_ep         *ep;
489         struct dummy_request    *req;
490
491         ep = usb_ep_to_dummy_ep (_ep);
492         if (!ep || !_req || (!ep->desc && _ep->name != ep0name))
493                 return;
494
495         req = usb_request_to_dummy_request (_req);
496         WARN_ON (!list_empty (&req->queue));
497         kfree (req);
498 }
499
500 static void
501 fifo_complete (struct usb_ep *ep, struct usb_request *req)
502 {
503 }
504
505 static int
506 dummy_queue (struct usb_ep *_ep, struct usb_request *_req,
507                 gfp_t mem_flags)
508 {
509         struct dummy_ep         *ep;
510         struct dummy_request    *req;
511         struct dummy            *dum;
512         unsigned long           flags;
513
514         req = usb_request_to_dummy_request (_req);
515         if (!_req || !list_empty (&req->queue) || !_req->complete)
516                 return -EINVAL;
517
518         ep = usb_ep_to_dummy_ep (_ep);
519         if (!_ep || (!ep->desc && _ep->name != ep0name))
520                 return -EINVAL;
521
522         dum = ep_to_dummy (ep);
523         if (!dum->driver || !is_enabled (dum))
524                 return -ESHUTDOWN;
525
526 #if 0
527         dev_dbg (udc_dev(dum), "ep %p queue req %p to %s, len %d buf %p\n",
528                         ep, _req, _ep->name, _req->length, _req->buf);
529 #endif
530
531         _req->status = -EINPROGRESS;
532         _req->actual = 0;
533         spin_lock_irqsave (&dum->lock, flags);
534
535         /* implement an emulated single-request FIFO */
536         if (ep->desc && (ep->desc->bEndpointAddress & USB_DIR_IN) &&
537                         list_empty (&dum->fifo_req.queue) &&
538                         list_empty (&ep->queue) &&
539                         _req->length <= FIFO_SIZE) {
540                 req = &dum->fifo_req;
541                 req->req = *_req;
542                 req->req.buf = dum->fifo_buf;
543                 memcpy (dum->fifo_buf, _req->buf, _req->length);
544                 req->req.context = dum;
545                 req->req.complete = fifo_complete;
546
547                 list_add_tail(&req->queue, &ep->queue);
548                 spin_unlock (&dum->lock);
549                 _req->actual = _req->length;
550                 _req->status = 0;
551                 _req->complete (_ep, _req);
552                 spin_lock (&dum->lock);
553         }  else
554                 list_add_tail(&req->queue, &ep->queue);
555         spin_unlock_irqrestore (&dum->lock, flags);
556
557         /* real hardware would likely enable transfers here, in case
558          * it'd been left NAKing.
559          */
560         return 0;
561 }
562
563 static int dummy_dequeue (struct usb_ep *_ep, struct usb_request *_req)
564 {
565         struct dummy_ep         *ep;
566         struct dummy            *dum;
567         int                     retval = -EINVAL;
568         unsigned long           flags;
569         struct dummy_request    *req = NULL;
570
571         if (!_ep || !_req)
572                 return retval;
573         ep = usb_ep_to_dummy_ep (_ep);
574         dum = ep_to_dummy (ep);
575
576         if (!dum->driver)
577                 return -ESHUTDOWN;
578
579         local_irq_save (flags);
580         spin_lock (&dum->lock);
581         list_for_each_entry (req, &ep->queue, queue) {
582                 if (&req->req == _req) {
583                         list_del_init (&req->queue);
584                         _req->status = -ECONNRESET;
585                         retval = 0;
586                         break;
587                 }
588         }
589         spin_unlock (&dum->lock);
590
591         if (retval == 0) {
592                 dev_dbg (udc_dev(dum),
593                                 "dequeued req %p from %s, len %d buf %p\n",
594                                 req, _ep->name, _req->length, _req->buf);
595                 _req->complete (_ep, _req);
596         }
597         local_irq_restore (flags);
598         return retval;
599 }
600
601 static int
602 dummy_set_halt_and_wedge(struct usb_ep *_ep, int value, int wedged)
603 {
604         struct dummy_ep         *ep;
605         struct dummy            *dum;
606
607         if (!_ep)
608                 return -EINVAL;
609         ep = usb_ep_to_dummy_ep (_ep);
610         dum = ep_to_dummy (ep);
611         if (!dum->driver)
612                 return -ESHUTDOWN;
613         if (!value)
614                 ep->halted = ep->wedged = 0;
615         else if (ep->desc && (ep->desc->bEndpointAddress & USB_DIR_IN) &&
616                         !list_empty (&ep->queue))
617                 return -EAGAIN;
618         else {
619                 ep->halted = 1;
620                 if (wedged)
621                         ep->wedged = 1;
622         }
623         /* FIXME clear emulated data toggle too */
624         return 0;
625 }
626
627 static int
628 dummy_set_halt(struct usb_ep *_ep, int value)
629 {
630         return dummy_set_halt_and_wedge(_ep, value, 0);
631 }
632
633 static int dummy_set_wedge(struct usb_ep *_ep)
634 {
635         if (!_ep || _ep->name == ep0name)
636                 return -EINVAL;
637         return dummy_set_halt_and_wedge(_ep, 1, 1);
638 }
639
640 static const struct usb_ep_ops dummy_ep_ops = {
641         .enable         = dummy_enable,
642         .disable        = dummy_disable,
643
644         .alloc_request  = dummy_alloc_request,
645         .free_request   = dummy_free_request,
646
647         .queue          = dummy_queue,
648         .dequeue        = dummy_dequeue,
649
650         .set_halt       = dummy_set_halt,
651         .set_wedge      = dummy_set_wedge,
652 };
653
654 /*-------------------------------------------------------------------------*/
655
656 /* there are both host and device side versions of this call ... */
657 static int dummy_g_get_frame (struct usb_gadget *_gadget)
658 {
659         struct timeval  tv;
660
661         do_gettimeofday (&tv);
662         return tv.tv_usec / 1000;
663 }
664
665 static int dummy_wakeup (struct usb_gadget *_gadget)
666 {
667         struct dummy    *dum;
668
669         dum = gadget_to_dummy (_gadget);
670         if (!(dum->devstatus &  ( (1 << USB_DEVICE_B_HNP_ENABLE)
671                                 | (1 << USB_DEVICE_REMOTE_WAKEUP))))
672                 return -EINVAL;
673         if ((dum->port_status & USB_PORT_STAT_CONNECTION) == 0)
674                 return -ENOLINK;
675         if ((dum->port_status & USB_PORT_STAT_SUSPEND) == 0 &&
676                          dum->rh_state != DUMMY_RH_SUSPENDED)
677                 return -EIO;
678
679         /* FIXME: What if the root hub is suspended but the port isn't? */
680
681         /* hub notices our request, issues downstream resume, etc */
682         dum->resuming = 1;
683         dum->re_timeout = jiffies + msecs_to_jiffies(20);
684         mod_timer (&dummy_to_hcd (dum)->rh_timer, dum->re_timeout);
685         return 0;
686 }
687
688 static int dummy_set_selfpowered (struct usb_gadget *_gadget, int value)
689 {
690         struct dummy    *dum;
691
692         dum = gadget_to_dummy (_gadget);
693         if (value)
694                 dum->devstatus |= (1 << USB_DEVICE_SELF_POWERED);
695         else
696                 dum->devstatus &= ~(1 << USB_DEVICE_SELF_POWERED);
697         return 0;
698 }
699
700 static int dummy_pullup (struct usb_gadget *_gadget, int value)
701 {
702         struct dummy    *dum;
703         unsigned long   flags;
704
705         dum = gadget_to_dummy (_gadget);
706         spin_lock_irqsave (&dum->lock, flags);
707         dum->pullup = (value != 0);
708         set_link_state (dum);
709         spin_unlock_irqrestore (&dum->lock, flags);
710
711         usb_hcd_poll_rh_status (dummy_to_hcd (dum));
712         return 0;
713 }
714
715 static const struct usb_gadget_ops dummy_ops = {
716         .get_frame      = dummy_g_get_frame,
717         .wakeup         = dummy_wakeup,
718         .set_selfpowered = dummy_set_selfpowered,
719         .pullup         = dummy_pullup,
720 };
721
722 /*-------------------------------------------------------------------------*/
723
724 /* "function" sysfs attribute */
725 static ssize_t
726 show_function (struct device *dev, struct device_attribute *attr, char *buf)
727 {
728         struct dummy    *dum = gadget_dev_to_dummy (dev);
729
730         if (!dum->driver || !dum->driver->function)
731                 return 0;
732         return scnprintf (buf, PAGE_SIZE, "%s\n", dum->driver->function);
733 }
734 static DEVICE_ATTR (function, S_IRUGO, show_function, NULL);
735
736 /*-------------------------------------------------------------------------*/
737
738 /*
739  * Driver registration/unregistration.
740  *
741  * This is basically hardware-specific; there's usually only one real USB
742  * device (not host) controller since that's how USB devices are intended
743  * to work.  So most implementations of these api calls will rely on the
744  * fact that only one driver will ever bind to the hardware.  But curious
745  * hardware can be built with discrete components, so the gadget API doesn't
746  * require that assumption.
747  *
748  * For this emulator, it might be convenient to create a usb slave device
749  * for each driver that registers:  just add to a big root hub.
750  */
751
752 int
753 usb_gadget_register_driver (struct usb_gadget_driver *driver)
754 {
755         struct dummy    *dum = the_controller;
756         int             retval, i;
757
758         if (!dum)
759                 return -EINVAL;
760         if (dum->driver)
761                 return -EBUSY;
762         if (!driver->bind || !driver->setup
763                         || driver->speed == USB_SPEED_UNKNOWN)
764                 return -EINVAL;
765
766         /*
767          * SLAVE side init ... the layer above hardware, which
768          * can't enumerate without help from the driver we're binding.
769          */
770
771         dum->devstatus = 0;
772
773         INIT_LIST_HEAD (&dum->gadget.ep_list);
774         for (i = 0; i < DUMMY_ENDPOINTS; i++) {
775                 struct dummy_ep *ep = &dum->ep [i];
776
777                 if (!ep_name [i])
778                         break;
779                 ep->ep.name = ep_name [i];
780                 ep->ep.ops = &dummy_ep_ops;
781                 list_add_tail (&ep->ep.ep_list, &dum->gadget.ep_list);
782                 ep->halted = ep->wedged = ep->already_seen =
783                                 ep->setup_stage = 0;
784                 ep->ep.maxpacket = ~0;
785                 ep->last_io = jiffies;
786                 ep->gadget = &dum->gadget;
787                 ep->desc = NULL;
788                 INIT_LIST_HEAD (&ep->queue);
789         }
790
791         dum->gadget.ep0 = &dum->ep [0].ep;
792         dum->ep [0].ep.maxpacket = 64;
793         list_del_init (&dum->ep [0].ep.ep_list);
794         INIT_LIST_HEAD(&dum->fifo_req.queue);
795
796         driver->driver.bus = NULL;
797         dum->driver = driver;
798         dum->gadget.dev.driver = &driver->driver;
799         dev_dbg (udc_dev(dum), "binding gadget driver '%s'\n",
800                         driver->driver.name);
801         retval = driver->bind(&dum->gadget);
802         if (retval) {
803                 dum->driver = NULL;
804                 dum->gadget.dev.driver = NULL;
805                 return retval;
806         }
807
808         /* khubd will enumerate this in a while */
809         spin_lock_irq (&dum->lock);
810         dum->pullup = 1;
811         set_link_state (dum);
812         spin_unlock_irq (&dum->lock);
813
814         usb_hcd_poll_rh_status (dummy_to_hcd (dum));
815         return 0;
816 }
817 EXPORT_SYMBOL (usb_gadget_register_driver);
818
819 int
820 usb_gadget_unregister_driver (struct usb_gadget_driver *driver)
821 {
822         struct dummy    *dum = the_controller;
823         unsigned long   flags;
824
825         if (!dum)
826                 return -ENODEV;
827         if (!driver || driver != dum->driver || !driver->unbind)
828                 return -EINVAL;
829
830         dev_dbg (udc_dev(dum), "unregister gadget driver '%s'\n",
831                         driver->driver.name);
832
833         spin_lock_irqsave (&dum->lock, flags);
834         dum->pullup = 0;
835         set_link_state (dum);
836         spin_unlock_irqrestore (&dum->lock, flags);
837
838         driver->unbind (&dum->gadget);
839         dum->gadget.dev.driver = NULL;
840         dum->driver = NULL;
841
842         spin_lock_irqsave (&dum->lock, flags);
843         dum->pullup = 0;
844         set_link_state (dum);
845         spin_unlock_irqrestore (&dum->lock, flags);
846
847         usb_hcd_poll_rh_status (dummy_to_hcd (dum));
848         return 0;
849 }
850 EXPORT_SYMBOL (usb_gadget_unregister_driver);
851
852 #undef is_enabled
853
854 /* just declare this in any driver that really need it */
855 extern int net2280_set_fifo_mode (struct usb_gadget *gadget, int mode);
856
857 int net2280_set_fifo_mode (struct usb_gadget *gadget, int mode)
858 {
859         return -ENOSYS;
860 }
861 EXPORT_SYMBOL (net2280_set_fifo_mode);
862
863
864 /* The gadget structure is stored inside the hcd structure and will be
865  * released along with it. */
866 static void
867 dummy_gadget_release (struct device *dev)
868 {
869         struct dummy    *dum = gadget_dev_to_dummy (dev);
870
871         usb_put_hcd (dummy_to_hcd (dum));
872 }
873
874 static int dummy_udc_probe (struct platform_device *pdev)
875 {
876         struct dummy    *dum = the_controller;
877         int             rc;
878
879         dum->gadget.name = gadget_name;
880         dum->gadget.ops = &dummy_ops;
881         dum->gadget.is_dualspeed = 1;
882
883         /* maybe claim OTG support, though we won't complete HNP */
884         dum->gadget.is_otg = (dummy_to_hcd(dum)->self.otg_port != 0);
885
886         dev_set_name(&dum->gadget.dev, "gadget");
887         dum->gadget.dev.parent = &pdev->dev;
888         dum->gadget.dev.release = dummy_gadget_release;
889         rc = device_register (&dum->gadget.dev);
890         if (rc < 0)
891                 return rc;
892
893         usb_get_hcd (dummy_to_hcd (dum));
894
895         platform_set_drvdata (pdev, dum);
896         rc = device_create_file (&dum->gadget.dev, &dev_attr_function);
897         if (rc < 0)
898                 device_unregister (&dum->gadget.dev);
899         return rc;
900 }
901
902 static int dummy_udc_remove (struct platform_device *pdev)
903 {
904         struct dummy    *dum = platform_get_drvdata (pdev);
905
906         platform_set_drvdata (pdev, NULL);
907         device_remove_file (&dum->gadget.dev, &dev_attr_function);
908         device_unregister (&dum->gadget.dev);
909         return 0;
910 }
911
912 static int dummy_udc_suspend (struct platform_device *pdev, pm_message_t state)
913 {
914         struct dummy    *dum = platform_get_drvdata(pdev);
915
916         dev_dbg (&pdev->dev, "%s\n", __func__);
917         spin_lock_irq (&dum->lock);
918         dum->udc_suspended = 1;
919         set_link_state (dum);
920         spin_unlock_irq (&dum->lock);
921
922         usb_hcd_poll_rh_status (dummy_to_hcd (dum));
923         return 0;
924 }
925
926 static int dummy_udc_resume (struct platform_device *pdev)
927 {
928         struct dummy    *dum = platform_get_drvdata(pdev);
929
930         dev_dbg (&pdev->dev, "%s\n", __func__);
931         spin_lock_irq (&dum->lock);
932         dum->udc_suspended = 0;
933         set_link_state (dum);
934         spin_unlock_irq (&dum->lock);
935
936         usb_hcd_poll_rh_status (dummy_to_hcd (dum));
937         return 0;
938 }
939
940 static struct platform_driver dummy_udc_driver = {
941         .probe          = dummy_udc_probe,
942         .remove         = dummy_udc_remove,
943         .suspend        = dummy_udc_suspend,
944         .resume         = dummy_udc_resume,
945         .driver         = {
946                 .name   = (char *) gadget_name,
947                 .owner  = THIS_MODULE,
948         },
949 };
950
951 /*-------------------------------------------------------------------------*/
952
953 /* MASTER/HOST SIDE DRIVER
954  *
955  * this uses the hcd framework to hook up to host side drivers.
956  * its root hub will only have one device, otherwise it acts like
957  * a normal host controller.
958  *
959  * when urbs are queued, they're just stuck on a list that we
960  * scan in a timer callback.  that callback connects writes from
961  * the host with reads from the device, and so on, based on the
962  * usb 2.0 rules.
963  */
964
965 static int dummy_urb_enqueue (
966         struct usb_hcd                  *hcd,
967         struct urb                      *urb,
968         gfp_t                           mem_flags
969 ) {
970         struct dummy    *dum;
971         struct urbp     *urbp;
972         unsigned long   flags;
973         int             rc;
974
975         if (!urb->transfer_buffer && urb->transfer_buffer_length)
976                 return -EINVAL;
977
978         urbp = kmalloc (sizeof *urbp, mem_flags);
979         if (!urbp)
980                 return -ENOMEM;
981         urbp->urb = urb;
982
983         dum = hcd_to_dummy (hcd);
984         spin_lock_irqsave (&dum->lock, flags);
985         rc = usb_hcd_link_urb_to_ep(hcd, urb);
986         if (rc) {
987                 kfree(urbp);
988                 goto done;
989         }
990
991         if (!dum->udev) {
992                 dum->udev = urb->dev;
993                 usb_get_dev (dum->udev);
994         } else if (unlikely (dum->udev != urb->dev))
995                 dev_err (dummy_dev(dum), "usb_device address has changed!\n");
996
997         list_add_tail (&urbp->urbp_list, &dum->urbp_list);
998         urb->hcpriv = urbp;
999         if (usb_pipetype (urb->pipe) == PIPE_CONTROL)
1000                 urb->error_count = 1;           /* mark as a new urb */
1001
1002         /* kick the scheduler, it'll do the rest */
1003         if (!timer_pending (&dum->timer))
1004                 mod_timer (&dum->timer, jiffies + 1);
1005
1006  done:
1007         spin_unlock_irqrestore(&dum->lock, flags);
1008         return rc;
1009 }
1010
1011 static int dummy_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
1012 {
1013         struct dummy    *dum;
1014         unsigned long   flags;
1015         int             rc;
1016
1017         /* giveback happens automatically in timer callback,
1018          * so make sure the callback happens */
1019         dum = hcd_to_dummy (hcd);
1020         spin_lock_irqsave (&dum->lock, flags);
1021
1022         rc = usb_hcd_check_unlink_urb(hcd, urb, status);
1023         if (!rc && dum->rh_state != DUMMY_RH_RUNNING &&
1024                         !list_empty(&dum->urbp_list))
1025                 mod_timer (&dum->timer, jiffies);
1026
1027         spin_unlock_irqrestore (&dum->lock, flags);
1028         return rc;
1029 }
1030
1031 /* transfer up to a frame's worth; caller must own lock */
1032 static int
1033 transfer(struct dummy *dum, struct urb *urb, struct dummy_ep *ep, int limit,
1034                 int *status)
1035 {
1036         struct dummy_request    *req;
1037
1038 top:
1039         /* if there's no request queued, the device is NAKing; return */
1040         list_for_each_entry (req, &ep->queue, queue) {
1041                 unsigned        host_len, dev_len, len;
1042                 int             is_short, to_host;
1043                 int             rescan = 0;
1044
1045                 /* 1..N packets of ep->ep.maxpacket each ... the last one
1046                  * may be short (including zero length).
1047                  *
1048                  * writer can send a zlp explicitly (length 0) or implicitly
1049                  * (length mod maxpacket zero, and 'zero' flag); they always
1050                  * terminate reads.
1051                  */
1052                 host_len = urb->transfer_buffer_length - urb->actual_length;
1053                 dev_len = req->req.length - req->req.actual;
1054                 len = min (host_len, dev_len);
1055
1056                 /* FIXME update emulated data toggle too */
1057
1058                 to_host = usb_pipein (urb->pipe);
1059                 if (unlikely (len == 0))
1060                         is_short = 1;
1061                 else {
1062                         char            *ubuf, *rbuf;
1063
1064                         /* not enough bandwidth left? */
1065                         if (limit < ep->ep.maxpacket && limit < len)
1066                                 break;
1067                         len = min (len, (unsigned) limit);
1068                         if (len == 0)
1069                                 break;
1070
1071                         /* use an extra pass for the final short packet */
1072                         if (len > ep->ep.maxpacket) {
1073                                 rescan = 1;
1074                                 len -= (len % ep->ep.maxpacket);
1075                         }
1076                         is_short = (len % ep->ep.maxpacket) != 0;
1077
1078                         /* else transfer packet(s) */
1079                         ubuf = urb->transfer_buffer + urb->actual_length;
1080                         rbuf = req->req.buf + req->req.actual;
1081                         if (to_host)
1082                                 memcpy (ubuf, rbuf, len);
1083                         else
1084                                 memcpy (rbuf, ubuf, len);
1085                         ep->last_io = jiffies;
1086
1087                         limit -= len;
1088                         urb->actual_length += len;
1089                         req->req.actual += len;
1090                 }
1091
1092                 /* short packets terminate, maybe with overflow/underflow.
1093                  * it's only really an error to write too much.
1094                  *
1095                  * partially filling a buffer optionally blocks queue advances
1096                  * (so completion handlers can clean up the queue) but we don't
1097                  * need to emulate such data-in-flight.
1098                  */
1099                 if (is_short) {
1100                         if (host_len == dev_len) {
1101                                 req->req.status = 0;
1102                                 *status = 0;
1103                         } else if (to_host) {
1104                                 req->req.status = 0;
1105                                 if (dev_len > host_len)
1106                                         *status = -EOVERFLOW;
1107                                 else
1108                                         *status = 0;
1109                         } else if (!to_host) {
1110                                 *status = 0;
1111                                 if (host_len > dev_len)
1112                                         req->req.status = -EOVERFLOW;
1113                                 else
1114                                         req->req.status = 0;
1115                         }
1116
1117                 /* many requests terminate without a short packet */
1118                 } else {
1119                         if (req->req.length == req->req.actual
1120                                         && !req->req.zero)
1121                                 req->req.status = 0;
1122                         if (urb->transfer_buffer_length == urb->actual_length
1123                                         && !(urb->transfer_flags
1124                                                 & URB_ZERO_PACKET))
1125                                 *status = 0;
1126                 }
1127
1128                 /* device side completion --> continuable */
1129                 if (req->req.status != -EINPROGRESS) {
1130                         list_del_init (&req->queue);
1131
1132                         spin_unlock (&dum->lock);
1133                         req->req.complete (&ep->ep, &req->req);
1134                         spin_lock (&dum->lock);
1135
1136                         /* requests might have been unlinked... */
1137                         rescan = 1;
1138                 }
1139
1140                 /* host side completion --> terminate */
1141                 if (*status != -EINPROGRESS)
1142                         break;
1143
1144                 /* rescan to continue with any other queued i/o */
1145                 if (rescan)
1146                         goto top;
1147         }
1148         return limit;
1149 }
1150
1151 static int periodic_bytes (struct dummy *dum, struct dummy_ep *ep)
1152 {
1153         int     limit = ep->ep.maxpacket;
1154
1155         if (dum->gadget.speed == USB_SPEED_HIGH) {
1156                 int     tmp;
1157
1158                 /* high bandwidth mode */
1159                 tmp = le16_to_cpu(ep->desc->wMaxPacketSize);
1160                 tmp = (tmp >> 11) & 0x03;
1161                 tmp *= 8 /* applies to entire frame */;
1162                 limit += limit * tmp;
1163         }
1164         return limit;
1165 }
1166
1167 #define is_active(dum)  ((dum->port_status & \
1168                 (USB_PORT_STAT_CONNECTION | USB_PORT_STAT_ENABLE | \
1169                         USB_PORT_STAT_SUSPEND)) \
1170                 == (USB_PORT_STAT_CONNECTION | USB_PORT_STAT_ENABLE))
1171
1172 static struct dummy_ep *find_endpoint (struct dummy *dum, u8 address)
1173 {
1174         int             i;
1175
1176         if (!is_active (dum))
1177                 return NULL;
1178         if ((address & ~USB_DIR_IN) == 0)
1179                 return &dum->ep [0];
1180         for (i = 1; i < DUMMY_ENDPOINTS; i++) {
1181                 struct dummy_ep *ep = &dum->ep [i];
1182
1183                 if (!ep->desc)
1184                         continue;
1185                 if (ep->desc->bEndpointAddress == address)
1186                         return ep;
1187         }
1188         return NULL;
1189 }
1190
1191 #undef is_active
1192
1193 #define Dev_Request     (USB_TYPE_STANDARD | USB_RECIP_DEVICE)
1194 #define Dev_InRequest   (Dev_Request | USB_DIR_IN)
1195 #define Intf_Request    (USB_TYPE_STANDARD | USB_RECIP_INTERFACE)
1196 #define Intf_InRequest  (Intf_Request | USB_DIR_IN)
1197 #define Ep_Request      (USB_TYPE_STANDARD | USB_RECIP_ENDPOINT)
1198 #define Ep_InRequest    (Ep_Request | USB_DIR_IN)
1199
1200 /* drive both sides of the transfers; looks like irq handlers to
1201  * both drivers except the callbacks aren't in_irq().
1202  */
1203 static void dummy_timer (unsigned long _dum)
1204 {
1205         struct dummy            *dum = (struct dummy *) _dum;
1206         struct urbp             *urbp, *tmp;
1207         unsigned long           flags;
1208         int                     limit, total;
1209         int                     i;
1210
1211         /* simplistic model for one frame's bandwidth */
1212         switch (dum->gadget.speed) {
1213         case USB_SPEED_LOW:
1214                 total = 8/*bytes*/ * 12/*packets*/;
1215                 break;
1216         case USB_SPEED_FULL:
1217                 total = 64/*bytes*/ * 19/*packets*/;
1218                 break;
1219         case USB_SPEED_HIGH:
1220                 total = 512/*bytes*/ * 13/*packets*/ * 8/*uframes*/;
1221                 break;
1222         default:
1223                 dev_err (dummy_dev(dum), "bogus device speed\n");
1224                 return;
1225         }
1226
1227         /* FIXME if HZ != 1000 this will probably misbehave ... */
1228
1229         /* look at each urb queued by the host side driver */
1230         spin_lock_irqsave (&dum->lock, flags);
1231
1232         if (!dum->udev) {
1233                 dev_err (dummy_dev(dum),
1234                                 "timer fired with no URBs pending?\n");
1235                 spin_unlock_irqrestore (&dum->lock, flags);
1236                 return;
1237         }
1238
1239         for (i = 0; i < DUMMY_ENDPOINTS; i++) {
1240                 if (!ep_name [i])
1241                         break;
1242                 dum->ep [i].already_seen = 0;
1243         }
1244
1245 restart:
1246         list_for_each_entry_safe (urbp, tmp, &dum->urbp_list, urbp_list) {
1247                 struct urb              *urb;
1248                 struct dummy_request    *req;
1249                 u8                      address;
1250                 struct dummy_ep         *ep = NULL;
1251                 int                     type;
1252                 int                     status = -EINPROGRESS;
1253
1254                 urb = urbp->urb;
1255                 if (urb->unlinked)
1256                         goto return_urb;
1257                 else if (dum->rh_state != DUMMY_RH_RUNNING)
1258                         continue;
1259                 type = usb_pipetype (urb->pipe);
1260
1261                 /* used up this frame's non-periodic bandwidth?
1262                  * FIXME there's infinite bandwidth for control and
1263                  * periodic transfers ... unrealistic.
1264                  */
1265                 if (total <= 0 && type == PIPE_BULK)
1266                         continue;
1267
1268                 /* find the gadget's ep for this request (if configured) */
1269                 address = usb_pipeendpoint (urb->pipe);
1270                 if (usb_pipein (urb->pipe))
1271                         address |= USB_DIR_IN;
1272                 ep = find_endpoint(dum, address);
1273                 if (!ep) {
1274                         /* set_configuration() disagreement */
1275                         dev_dbg (dummy_dev(dum),
1276                                 "no ep configured for urb %p\n",
1277                                 urb);
1278                         status = -EPROTO;
1279                         goto return_urb;
1280                 }
1281
1282                 if (ep->already_seen)
1283                         continue;
1284                 ep->already_seen = 1;
1285                 if (ep == &dum->ep [0] && urb->error_count) {
1286                         ep->setup_stage = 1;    /* a new urb */
1287                         urb->error_count = 0;
1288                 }
1289                 if (ep->halted && !ep->setup_stage) {
1290                         /* NOTE: must not be iso! */
1291                         dev_dbg (dummy_dev(dum), "ep %s halted, urb %p\n",
1292                                         ep->ep.name, urb);
1293                         status = -EPIPE;
1294                         goto return_urb;
1295                 }
1296                 /* FIXME make sure both ends agree on maxpacket */
1297
1298                 /* handle control requests */
1299                 if (ep == &dum->ep [0] && ep->setup_stage) {
1300                         struct usb_ctrlrequest          setup;
1301                         int                             value = 1;
1302                         struct dummy_ep                 *ep2;
1303                         unsigned                        w_index;
1304                         unsigned                        w_value;
1305
1306                         setup = *(struct usb_ctrlrequest*) urb->setup_packet;
1307                         w_index = le16_to_cpu(setup.wIndex);
1308                         w_value = le16_to_cpu(setup.wValue);
1309                         if (le16_to_cpu(setup.wLength) !=
1310                                         urb->transfer_buffer_length) {
1311                                 status = -EOVERFLOW;
1312                                 goto return_urb;
1313                         }
1314
1315                         /* paranoia, in case of stale queued data */
1316                         list_for_each_entry (req, &ep->queue, queue) {
1317                                 list_del_init (&req->queue);
1318                                 req->req.status = -EOVERFLOW;
1319                                 dev_dbg (udc_dev(dum), "stale req = %p\n",
1320                                                 req);
1321
1322                                 spin_unlock (&dum->lock);
1323                                 req->req.complete (&ep->ep, &req->req);
1324                                 spin_lock (&dum->lock);
1325                                 ep->already_seen = 0;
1326                                 goto restart;
1327                         }
1328
1329                         /* gadget driver never sees set_address or operations
1330                          * on standard feature flags.  some hardware doesn't
1331                          * even expose them.
1332                          */
1333                         ep->last_io = jiffies;
1334                         ep->setup_stage = 0;
1335                         ep->halted = 0;
1336                         switch (setup.bRequest) {
1337                         case USB_REQ_SET_ADDRESS:
1338                                 if (setup.bRequestType != Dev_Request)
1339                                         break;
1340                                 dum->address = w_value;
1341                                 status = 0;
1342                                 dev_dbg (udc_dev(dum), "set_address = %d\n",
1343                                                 w_value);
1344                                 value = 0;
1345                                 break;
1346                         case USB_REQ_SET_FEATURE:
1347                                 if (setup.bRequestType == Dev_Request) {
1348                                         value = 0;
1349                                         switch (w_value) {
1350                                         case USB_DEVICE_REMOTE_WAKEUP:
1351                                                 break;
1352                                         case USB_DEVICE_B_HNP_ENABLE:
1353                                                 dum->gadget.b_hnp_enable = 1;
1354                                                 break;
1355                                         case USB_DEVICE_A_HNP_SUPPORT:
1356                                                 dum->gadget.a_hnp_support = 1;
1357                                                 break;
1358                                         case USB_DEVICE_A_ALT_HNP_SUPPORT:
1359                                                 dum->gadget.a_alt_hnp_support
1360                                                         = 1;
1361                                                 break;
1362                                         default:
1363                                                 value = -EOPNOTSUPP;
1364                                         }
1365                                         if (value == 0) {
1366                                                 dum->devstatus |=
1367                                                         (1 << w_value);
1368                                                 status = 0;
1369                                         }
1370
1371                                 } else if (setup.bRequestType == Ep_Request) {
1372                                         // endpoint halt
1373                                         ep2 = find_endpoint (dum, w_index);
1374                                         if (!ep2 || ep2->ep.name == ep0name) {
1375                                                 value = -EOPNOTSUPP;
1376                                                 break;
1377                                         }
1378                                         ep2->halted = 1;
1379                                         value = 0;
1380                                         status = 0;
1381                                 }
1382                                 break;
1383                         case USB_REQ_CLEAR_FEATURE:
1384                                 if (setup.bRequestType == Dev_Request) {
1385                                         switch (w_value) {
1386                                         case USB_DEVICE_REMOTE_WAKEUP:
1387                                                 dum->devstatus &= ~(1 <<
1388                                                         USB_DEVICE_REMOTE_WAKEUP);
1389                                                 value = 0;
1390                                                 status = 0;
1391                                                 break;
1392                                         default:
1393                                                 value = -EOPNOTSUPP;
1394                                                 break;
1395                                         }
1396                                 } else if (setup.bRequestType == Ep_Request) {
1397                                         // endpoint halt
1398                                         ep2 = find_endpoint (dum, w_index);
1399                                         if (!ep2) {
1400                                                 value = -EOPNOTSUPP;
1401                                                 break;
1402                                         }
1403                                         if (!ep2->wedged)
1404                                                 ep2->halted = 0;
1405                                         value = 0;
1406                                         status = 0;
1407                                 }
1408                                 break;
1409                         case USB_REQ_GET_STATUS:
1410                                 if (setup.bRequestType == Dev_InRequest
1411                                                 || setup.bRequestType
1412                                                         == Intf_InRequest
1413                                                 || setup.bRequestType
1414                                                         == Ep_InRequest
1415                                                 ) {
1416                                         char *buf;
1417
1418                                         // device: remote wakeup, selfpowered
1419                                         // interface: nothing
1420                                         // endpoint: halt
1421                                         buf = (char *)urb->transfer_buffer;
1422                                         if (urb->transfer_buffer_length > 0) {
1423                                                 if (setup.bRequestType ==
1424                                                                 Ep_InRequest) {
1425         ep2 = find_endpoint (dum, w_index);
1426         if (!ep2) {
1427                 value = -EOPNOTSUPP;
1428                 break;
1429         }
1430         buf [0] = ep2->halted;
1431                                                 } else if (setup.bRequestType ==
1432                                                                 Dev_InRequest) {
1433                                                         buf [0] = (u8)
1434                                                                 dum->devstatus;
1435                                                 } else
1436                                                         buf [0] = 0;
1437                                         }
1438                                         if (urb->transfer_buffer_length > 1)
1439                                                 buf [1] = 0;
1440                                         urb->actual_length = min_t(u32, 2,
1441                                                 urb->transfer_buffer_length);
1442                                         value = 0;
1443                                         status = 0;
1444                                 }
1445                                 break;
1446                         }
1447
1448                         /* gadget driver handles all other requests.  block
1449                          * until setup() returns; no reentrancy issues etc.
1450                          */
1451                         if (value > 0) {
1452                                 spin_unlock (&dum->lock);
1453                                 value = dum->driver->setup (&dum->gadget,
1454                                                 &setup);
1455                                 spin_lock (&dum->lock);
1456
1457                                 if (value >= 0) {
1458                                         /* no delays (max 64KB data stage) */
1459                                         limit = 64*1024;
1460                                         goto treat_control_like_bulk;
1461                                 }
1462                                 /* error, see below */
1463                         }
1464
1465                         if (value < 0) {
1466                                 if (value != -EOPNOTSUPP)
1467                                         dev_dbg (udc_dev(dum),
1468                                                 "setup --> %d\n",
1469                                                 value);
1470                                 status = -EPIPE;
1471                                 urb->actual_length = 0;
1472                         }
1473
1474                         goto return_urb;
1475                 }
1476
1477                 /* non-control requests */
1478                 limit = total;
1479                 switch (usb_pipetype (urb->pipe)) {
1480                 case PIPE_ISOCHRONOUS:
1481                         /* FIXME is it urb->interval since the last xfer?
1482                          * use urb->iso_frame_desc[i].
1483                          * complete whether or not ep has requests queued.
1484                          * report random errors, to debug drivers.
1485                          */
1486                         limit = max (limit, periodic_bytes (dum, ep));
1487                         status = -ENOSYS;
1488                         break;
1489
1490                 case PIPE_INTERRUPT:
1491                         /* FIXME is it urb->interval since the last xfer?
1492                          * this almost certainly polls too fast.
1493                          */
1494                         limit = max (limit, periodic_bytes (dum, ep));
1495                         /* FALLTHROUGH */
1496
1497                 // case PIPE_BULK:  case PIPE_CONTROL:
1498                 default:
1499                 treat_control_like_bulk:
1500                         ep->last_io = jiffies;
1501                         total = transfer(dum, urb, ep, limit, &status);
1502                         break;
1503                 }
1504
1505                 /* incomplete transfer? */
1506                 if (status == -EINPROGRESS)
1507                         continue;
1508
1509 return_urb:
1510                 list_del (&urbp->urbp_list);
1511                 kfree (urbp);
1512                 if (ep)
1513                         ep->already_seen = ep->setup_stage = 0;
1514
1515                 usb_hcd_unlink_urb_from_ep(dummy_to_hcd(dum), urb);
1516                 spin_unlock (&dum->lock);
1517                 usb_hcd_giveback_urb(dummy_to_hcd(dum), urb, status);
1518                 spin_lock (&dum->lock);
1519
1520                 goto restart;
1521         }
1522
1523         if (list_empty (&dum->urbp_list)) {
1524                 usb_put_dev (dum->udev);
1525                 dum->udev = NULL;
1526         } else if (dum->rh_state == DUMMY_RH_RUNNING) {
1527                 /* want a 1 msec delay here */
1528                 mod_timer (&dum->timer, jiffies + msecs_to_jiffies(1));
1529         }
1530
1531         spin_unlock_irqrestore (&dum->lock, flags);
1532 }
1533
1534 /*-------------------------------------------------------------------------*/
1535
1536 #define PORT_C_MASK \
1537         ((USB_PORT_STAT_C_CONNECTION \
1538         | USB_PORT_STAT_C_ENABLE \
1539         | USB_PORT_STAT_C_SUSPEND \
1540         | USB_PORT_STAT_C_OVERCURRENT \
1541         | USB_PORT_STAT_C_RESET) << 16)
1542
1543 static int dummy_hub_status (struct usb_hcd *hcd, char *buf)
1544 {
1545         struct dummy            *dum;
1546         unsigned long           flags;
1547         int                     retval = 0;
1548
1549         dum = hcd_to_dummy (hcd);
1550
1551         spin_lock_irqsave (&dum->lock, flags);
1552         if (!test_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags))
1553                 goto done;
1554
1555         if (dum->resuming && time_after_eq (jiffies, dum->re_timeout)) {
1556                 dum->port_status |= (USB_PORT_STAT_C_SUSPEND << 16);
1557                 dum->port_status &= ~USB_PORT_STAT_SUSPEND;
1558                 set_link_state (dum);
1559         }
1560
1561         if ((dum->port_status & PORT_C_MASK) != 0) {
1562                 *buf = (1 << 1);
1563                 dev_dbg (dummy_dev(dum), "port status 0x%08x has changes\n",
1564                                 dum->port_status);
1565                 retval = 1;
1566                 if (dum->rh_state == DUMMY_RH_SUSPENDED)
1567                         usb_hcd_resume_root_hub (hcd);
1568         }
1569 done:
1570         spin_unlock_irqrestore (&dum->lock, flags);
1571         return retval;
1572 }
1573
1574 static inline void
1575 hub_descriptor (struct usb_hub_descriptor *desc)
1576 {
1577         memset (desc, 0, sizeof *desc);
1578         desc->bDescriptorType = 0x29;
1579         desc->bDescLength = 9;
1580         desc->wHubCharacteristics = cpu_to_le16(0x0001);
1581         desc->bNbrPorts = 1;
1582         desc->bitmap [0] = 0xff;
1583         desc->bitmap [1] = 0xff;
1584 }
1585
1586 static int dummy_hub_control (
1587         struct usb_hcd  *hcd,
1588         u16             typeReq,
1589         u16             wValue,
1590         u16             wIndex,
1591         char            *buf,
1592         u16             wLength
1593 ) {
1594         struct dummy    *dum;
1595         int             retval = 0;
1596         unsigned long   flags;
1597
1598         if (!test_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags))
1599                 return -ETIMEDOUT;
1600
1601         dum = hcd_to_dummy (hcd);
1602         spin_lock_irqsave (&dum->lock, flags);
1603         switch (typeReq) {
1604         case ClearHubFeature:
1605                 break;
1606         case ClearPortFeature:
1607                 switch (wValue) {
1608                 case USB_PORT_FEAT_SUSPEND:
1609                         if (dum->port_status & USB_PORT_STAT_SUSPEND) {
1610                                 /* 20msec resume signaling */
1611                                 dum->resuming = 1;
1612                                 dum->re_timeout = jiffies +
1613                                                 msecs_to_jiffies(20);
1614                         }
1615                         break;
1616                 case USB_PORT_FEAT_POWER:
1617                         if (dum->port_status & USB_PORT_STAT_POWER)
1618                                 dev_dbg (dummy_dev(dum), "power-off\n");
1619                         /* FALLS THROUGH */
1620                 default:
1621                         dum->port_status &= ~(1 << wValue);
1622                         set_link_state (dum);
1623                 }
1624                 break;
1625         case GetHubDescriptor:
1626                 hub_descriptor ((struct usb_hub_descriptor *) buf);
1627                 break;
1628         case GetHubStatus:
1629                 *(__le32 *) buf = cpu_to_le32 (0);
1630                 break;
1631         case GetPortStatus:
1632                 if (wIndex != 1)
1633                         retval = -EPIPE;
1634
1635                 /* whoever resets or resumes must GetPortStatus to
1636                  * complete it!!
1637                  */
1638                 if (dum->resuming &&
1639                                 time_after_eq (jiffies, dum->re_timeout)) {
1640                         dum->port_status |= (USB_PORT_STAT_C_SUSPEND << 16);
1641                         dum->port_status &= ~USB_PORT_STAT_SUSPEND;
1642                 }
1643                 if ((dum->port_status & USB_PORT_STAT_RESET) != 0 &&
1644                                 time_after_eq (jiffies, dum->re_timeout)) {
1645                         dum->port_status |= (USB_PORT_STAT_C_RESET << 16);
1646                         dum->port_status &= ~USB_PORT_STAT_RESET;
1647                         if (dum->pullup) {
1648                                 dum->port_status |= USB_PORT_STAT_ENABLE;
1649                                 /* give it the best speed we agree on */
1650                                 dum->gadget.speed = dum->driver->speed;
1651                                 dum->gadget.ep0->maxpacket = 64;
1652                                 switch (dum->gadget.speed) {
1653                                 case USB_SPEED_HIGH:
1654                                         dum->port_status |=
1655                                                 USB_PORT_STAT_HIGH_SPEED;
1656                                         break;
1657                                 case USB_SPEED_LOW:
1658                                         dum->gadget.ep0->maxpacket = 8;
1659                                         dum->port_status |=
1660                                                 USB_PORT_STAT_LOW_SPEED;
1661                                         break;
1662                                 default:
1663                                         dum->gadget.speed = USB_SPEED_FULL;
1664                                         break;
1665                                 }
1666                         }
1667                 }
1668                 set_link_state (dum);
1669                 ((__le16 *) buf)[0] = cpu_to_le16 (dum->port_status);
1670                 ((__le16 *) buf)[1] = cpu_to_le16 (dum->port_status >> 16);
1671                 break;
1672         case SetHubFeature:
1673                 retval = -EPIPE;
1674                 break;
1675         case SetPortFeature:
1676                 switch (wValue) {
1677                 case USB_PORT_FEAT_SUSPEND:
1678                         if (dum->active) {
1679                                 dum->port_status |= USB_PORT_STAT_SUSPEND;
1680
1681                                 /* HNP would happen here; for now we
1682                                  * assume b_bus_req is always true.
1683                                  */
1684                                 set_link_state (dum);
1685                                 if (((1 << USB_DEVICE_B_HNP_ENABLE)
1686                                                 & dum->devstatus) != 0)
1687                                         dev_dbg (dummy_dev(dum),
1688                                                         "no HNP yet!\n");
1689                         }
1690                         break;
1691                 case USB_PORT_FEAT_POWER:
1692                         dum->port_status |= USB_PORT_STAT_POWER;
1693                         set_link_state (dum);
1694                         break;
1695                 case USB_PORT_FEAT_RESET:
1696                         /* if it's already enabled, disable */
1697                         dum->port_status &= ~(USB_PORT_STAT_ENABLE
1698                                         | USB_PORT_STAT_LOW_SPEED
1699                                         | USB_PORT_STAT_HIGH_SPEED);
1700                         dum->devstatus = 0;
1701                         /* 50msec reset signaling */
1702                         dum->re_timeout = jiffies + msecs_to_jiffies(50);
1703                         /* FALLS THROUGH */
1704                 default:
1705                         if ((dum->port_status & USB_PORT_STAT_POWER) != 0) {
1706                                 dum->port_status |= (1 << wValue);
1707                                 set_link_state (dum);
1708                         }
1709                 }
1710                 break;
1711
1712         default:
1713                 dev_dbg (dummy_dev(dum),
1714                         "hub control req%04x v%04x i%04x l%d\n",
1715                         typeReq, wValue, wIndex, wLength);
1716
1717                 /* "protocol stall" on error */
1718                 retval = -EPIPE;
1719         }
1720         spin_unlock_irqrestore (&dum->lock, flags);
1721
1722         if ((dum->port_status & PORT_C_MASK) != 0)
1723                 usb_hcd_poll_rh_status (hcd);
1724         return retval;
1725 }
1726
1727 static int dummy_bus_suspend (struct usb_hcd *hcd)
1728 {
1729         struct dummy *dum = hcd_to_dummy (hcd);
1730
1731         dev_dbg (&hcd->self.root_hub->dev, "%s\n", __func__);
1732
1733         spin_lock_irq (&dum->lock);
1734         dum->rh_state = DUMMY_RH_SUSPENDED;
1735         set_link_state (dum);
1736         hcd->state = HC_STATE_SUSPENDED;
1737         spin_unlock_irq (&dum->lock);
1738         return 0;
1739 }
1740
1741 static int dummy_bus_resume (struct usb_hcd *hcd)
1742 {
1743         struct dummy *dum = hcd_to_dummy (hcd);
1744         int rc = 0;
1745
1746         dev_dbg (&hcd->self.root_hub->dev, "%s\n", __func__);
1747
1748         spin_lock_irq (&dum->lock);
1749         if (!test_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags)) {
1750                 rc = -ESHUTDOWN;
1751         } else {
1752                 dum->rh_state = DUMMY_RH_RUNNING;
1753                 set_link_state (dum);
1754                 if (!list_empty(&dum->urbp_list))
1755                         mod_timer (&dum->timer, jiffies);
1756                 hcd->state = HC_STATE_RUNNING;
1757         }
1758         spin_unlock_irq (&dum->lock);
1759         return rc;
1760 }
1761
1762 /*-------------------------------------------------------------------------*/
1763
1764 static inline ssize_t
1765 show_urb (char *buf, size_t size, struct urb *urb)
1766 {
1767         int ep = usb_pipeendpoint (urb->pipe);
1768
1769         return snprintf (buf, size,
1770                 "urb/%p %s ep%d%s%s len %d/%d\n",
1771                 urb,
1772                 ({ char *s;
1773                  switch (urb->dev->speed) {
1774                  case USB_SPEED_LOW:    s = "ls"; break;
1775                  case USB_SPEED_FULL:   s = "fs"; break;
1776                  case USB_SPEED_HIGH:   s = "hs"; break;
1777                  default:               s = "?"; break;
1778                  }; s; }),
1779                 ep, ep ? (usb_pipein (urb->pipe) ? "in" : "out") : "",
1780                 ({ char *s; \
1781                  switch (usb_pipetype (urb->pipe)) { \
1782                  case PIPE_CONTROL:     s = ""; break; \
1783                  case PIPE_BULK:        s = "-bulk"; break; \
1784                  case PIPE_INTERRUPT:   s = "-int"; break; \
1785                  default:               s = "-iso"; break; \
1786                 }; s;}),
1787                 urb->actual_length, urb->transfer_buffer_length);
1788 }
1789
1790 static ssize_t
1791 show_urbs (struct device *dev, struct device_attribute *attr, char *buf)
1792 {
1793         struct usb_hcd          *hcd = dev_get_drvdata (dev);
1794         struct dummy            *dum = hcd_to_dummy (hcd);
1795         struct urbp             *urbp;
1796         size_t                  size = 0;
1797         unsigned long           flags;
1798
1799         spin_lock_irqsave (&dum->lock, flags);
1800         list_for_each_entry (urbp, &dum->urbp_list, urbp_list) {
1801                 size_t          temp;
1802
1803                 temp = show_urb (buf, PAGE_SIZE - size, urbp->urb);
1804                 buf += temp;
1805                 size += temp;
1806         }
1807         spin_unlock_irqrestore (&dum->lock, flags);
1808
1809         return size;
1810 }
1811 static DEVICE_ATTR (urbs, S_IRUGO, show_urbs, NULL);
1812
1813 static int dummy_start (struct usb_hcd *hcd)
1814 {
1815         struct dummy            *dum;
1816
1817         dum = hcd_to_dummy (hcd);
1818
1819         /*
1820          * MASTER side init ... we emulate a root hub that'll only ever
1821          * talk to one device (the slave side).  Also appears in sysfs,
1822          * just like more familiar pci-based HCDs.
1823          */
1824         spin_lock_init (&dum->lock);
1825         init_timer (&dum->timer);
1826         dum->timer.function = dummy_timer;
1827         dum->timer.data = (unsigned long) dum;
1828         dum->rh_state = DUMMY_RH_RUNNING;
1829
1830         INIT_LIST_HEAD (&dum->urbp_list);
1831
1832         hcd->power_budget = POWER_BUDGET;
1833         hcd->state = HC_STATE_RUNNING;
1834         hcd->uses_new_polling = 1;
1835
1836 #ifdef CONFIG_USB_OTG
1837         hcd->self.otg_port = 1;
1838 #endif
1839
1840         /* FIXME 'urbs' should be a per-device thing, maybe in usbcore */
1841         return device_create_file (dummy_dev(dum), &dev_attr_urbs);
1842 }
1843
1844 static void dummy_stop (struct usb_hcd *hcd)
1845 {
1846         struct dummy            *dum;
1847
1848         dum = hcd_to_dummy (hcd);
1849
1850         device_remove_file (dummy_dev(dum), &dev_attr_urbs);
1851         usb_gadget_unregister_driver (dum->driver);
1852         dev_info (dummy_dev(dum), "stopped\n");
1853 }
1854
1855 /*-------------------------------------------------------------------------*/
1856
1857 static int dummy_h_get_frame (struct usb_hcd *hcd)
1858 {
1859         return dummy_g_get_frame (NULL);
1860 }
1861
1862 static const struct hc_driver dummy_hcd = {
1863         .description =          (char *) driver_name,
1864         .product_desc =         "Dummy host controller",
1865         .hcd_priv_size =        sizeof(struct dummy),
1866
1867         .flags =                HCD_USB2,
1868
1869         .start =                dummy_start,
1870         .stop =                 dummy_stop,
1871
1872         .urb_enqueue =          dummy_urb_enqueue,
1873         .urb_dequeue =          dummy_urb_dequeue,
1874
1875         .get_frame_number =     dummy_h_get_frame,
1876
1877         .hub_status_data =      dummy_hub_status,
1878         .hub_control =          dummy_hub_control,
1879         .bus_suspend =          dummy_bus_suspend,
1880         .bus_resume =           dummy_bus_resume,
1881 };
1882
1883 static int dummy_hcd_probe(struct platform_device *pdev)
1884 {
1885         struct usb_hcd          *hcd;
1886         int                     retval;
1887
1888         dev_info(&pdev->dev, "%s, driver " DRIVER_VERSION "\n", driver_desc);
1889
1890         hcd = usb_create_hcd(&dummy_hcd, &pdev->dev, dev_name(&pdev->dev));
1891         if (!hcd)
1892                 return -ENOMEM;
1893         the_controller = hcd_to_dummy (hcd);
1894
1895         retval = usb_add_hcd(hcd, 0, 0);
1896         if (retval != 0) {
1897                 usb_put_hcd (hcd);
1898                 the_controller = NULL;
1899         }
1900         return retval;
1901 }
1902
1903 static int dummy_hcd_remove (struct platform_device *pdev)
1904 {
1905         struct usb_hcd          *hcd;
1906
1907         hcd = platform_get_drvdata (pdev);
1908         usb_remove_hcd (hcd);
1909         usb_put_hcd (hcd);
1910         the_controller = NULL;
1911         return 0;
1912 }
1913
1914 static int dummy_hcd_suspend (struct platform_device *pdev, pm_message_t state)
1915 {
1916         struct usb_hcd          *hcd;
1917         struct dummy            *dum;
1918         int                     rc = 0;
1919
1920         dev_dbg (&pdev->dev, "%s\n", __func__);
1921
1922         hcd = platform_get_drvdata (pdev);
1923         dum = hcd_to_dummy (hcd);
1924         if (dum->rh_state == DUMMY_RH_RUNNING) {
1925                 dev_warn(&pdev->dev, "Root hub isn't suspended!\n");
1926                 rc = -EBUSY;
1927         } else
1928                 clear_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags);
1929         return rc;
1930 }
1931
1932 static int dummy_hcd_resume (struct platform_device *pdev)
1933 {
1934         struct usb_hcd          *hcd;
1935
1936         dev_dbg (&pdev->dev, "%s\n", __func__);
1937
1938         hcd = platform_get_drvdata (pdev);
1939         set_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags);
1940         usb_hcd_poll_rh_status (hcd);
1941         return 0;
1942 }
1943
1944 static struct platform_driver dummy_hcd_driver = {
1945         .probe          = dummy_hcd_probe,
1946         .remove         = dummy_hcd_remove,
1947         .suspend        = dummy_hcd_suspend,
1948         .resume         = dummy_hcd_resume,
1949         .driver         = {
1950                 .name   = (char *) driver_name,
1951                 .owner  = THIS_MODULE,
1952         },
1953 };
1954
1955 /*-------------------------------------------------------------------------*/
1956
1957 static struct platform_device *the_udc_pdev;
1958 static struct platform_device *the_hcd_pdev;
1959
1960 static int __init init (void)
1961 {
1962         int     retval = -ENOMEM;
1963
1964         if (usb_disabled ())
1965                 return -ENODEV;
1966
1967         the_hcd_pdev = platform_device_alloc(driver_name, -1);
1968         if (!the_hcd_pdev)
1969                 return retval;
1970         the_udc_pdev = platform_device_alloc(gadget_name, -1);
1971         if (!the_udc_pdev)
1972                 goto err_alloc_udc;
1973
1974         retval = platform_driver_register(&dummy_hcd_driver);
1975         if (retval < 0)
1976                 goto err_register_hcd_driver;
1977         retval = platform_driver_register(&dummy_udc_driver);
1978         if (retval < 0)
1979                 goto err_register_udc_driver;
1980
1981         retval = platform_device_add(the_hcd_pdev);
1982         if (retval < 0)
1983                 goto err_add_hcd;
1984         retval = platform_device_add(the_udc_pdev);
1985         if (retval < 0)
1986                 goto err_add_udc;
1987         return retval;
1988
1989 err_add_udc:
1990         platform_device_del(the_hcd_pdev);
1991 err_add_hcd:
1992         platform_driver_unregister(&dummy_udc_driver);
1993 err_register_udc_driver:
1994         platform_driver_unregister(&dummy_hcd_driver);
1995 err_register_hcd_driver:
1996         platform_device_put(the_udc_pdev);
1997 err_alloc_udc:
1998         platform_device_put(the_hcd_pdev);
1999         return retval;
2000 }
2001 module_init (init);
2002
2003 static void __exit cleanup (void)
2004 {
2005         platform_device_unregister(the_udc_pdev);
2006         platform_device_unregister(the_hcd_pdev);
2007         platform_driver_unregister(&dummy_udc_driver);
2008         platform_driver_unregister(&dummy_hcd_driver);
2009 }
2010 module_exit (cleanup);