/* * dummy_hcd.c -- Dummy/Loopback USB host and device emulator driver. * * Maintainer: Alan Stern * * Copyright (C) 2003 David Brownell * Copyright (C) 2003, 2004 Alan Stern * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ /* * This exposes a device side "USB gadget" API, driven by requests to a * Linux-USB host controller driver. USB traffic is simulated; there's * no need for USB hardware. Use this with two other drivers: * * - Gadget driver, responding to requests (slave); * - Host-side device driver, as already familiar in Linux. * * Having this all in one kernel can help some stages of development, * bypassing some hardware (and driver) issues. UML could help too. */ #define DEBUG #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "../core/hcd.h" #define DRIVER_DESC "USB Host+Gadget Emulator" #define DRIVER_VERSION "14 Mar 2004" static const char driver_name [] = "dummy_hcd"; static const char driver_desc [] = "USB Host+Gadget Emulator"; static const char gadget_name [] = "dummy_udc"; MODULE_DESCRIPTION (DRIVER_DESC); MODULE_AUTHOR ("David Brownell"); MODULE_LICENSE ("GPL"); /*-------------------------------------------------------------------------*/ /* gadget side driver data structres */ struct dummy_ep { struct list_head queue; unsigned long last_io; /* jiffies timestamp */ struct usb_gadget *gadget; const struct usb_endpoint_descriptor *desc; struct usb_ep ep; unsigned halted : 1; unsigned already_seen : 1; unsigned setup_stage : 1; }; struct dummy_request { struct list_head queue; /* ep's requests */ struct usb_request req; }; /*-------------------------------------------------------------------------*/ /* * Every device has ep0 for control requests, plus up to 30 more endpoints, * in one of two types: * * - Configurable: direction (in/out), type (bulk, iso, etc), and endpoint * number can be changed. Names like "ep-a" are used for this type. * * - Fixed Function: in other cases. some characteristics may be mutable; * that'd be hardware-specific. Names like "ep12out-bulk" are used. * * Gadget drivers are responsible for not setting up conflicting endpoint * configurations, illegal or unsupported packet lengths, and so on. */ static const char ep0name [] = "ep0"; static const char *const ep_name [] = { ep0name, /* everyone has ep0 */ /* act like a net2280: high speed, six configurable endpoints */ "ep-a", "ep-b", "ep-c", "ep-d", "ep-e", "ep-f", /* or like pxa250: fifteen fixed function endpoints */ "ep1in-bulk", "ep2out-bulk", "ep3in-iso", "ep4out-iso", "ep5in-int", "ep6in-bulk", "ep7out-bulk", "ep8in-iso", "ep9out-iso", "ep10in-int", "ep11in-bulk", "ep12out-bulk", "ep13in-iso", "ep14out-iso", "ep15in-int", /* or like sa1100: two fixed function endpoints */ "ep1out-bulk", "ep2in-bulk", }; #define DUMMY_ENDPOINTS (sizeof(ep_name)/sizeof(char *)) #define FIFO_SIZE 64 struct dummy { spinlock_t lock; /* * SLAVE/GADGET side support */ struct dummy_ep ep [DUMMY_ENDPOINTS]; int address; struct usb_gadget gadget; struct usb_gadget_driver *driver; struct dummy_request fifo_req; u8 fifo_buf [FIFO_SIZE]; struct hcd_dev *hdev; /* * MASTER/HOST side support */ struct usb_hcd hcd; struct platform_device pdev; struct timer_list timer; u32 port_status; int started; struct completion released; }; static struct dummy *the_controller; static inline struct dummy *ep_to_dummy (struct dummy_ep *ep) { return container_of (ep->gadget, struct dummy, gadget); } static inline struct dummy *gadget_dev_to_dummy (struct device *dev) { return container_of (dev, struct dummy, gadget.dev); } /* * This "hardware" may look a bit odd in diagnostics since it's got both * host and device sides; and it binds different drivers to each side. */ #define hardware (&the_controller->pdev.dev) /*-------------------------------------------------------------------------*/ static struct device_driver dummy_driver = { .name = (char *) driver_name, .bus = &platform_bus_type, }; /*-------------------------------------------------------------------------*/ /* SLAVE/GADGET SIDE DRIVER * * This only tracks gadget state. All the work is done when the host * side tries some (emulated) i/o operation. Real device controller * drivers would do real i/o using dma, fifos, irqs, timers, etc. */ #define is_enabled() \ (the_controller->port_status & USB_PORT_STAT_ENABLE) static int dummy_enable (struct usb_ep *_ep, const struct usb_endpoint_descriptor *desc) { struct dummy *dum; struct dummy_ep *ep; unsigned max; int retval; ep = container_of (_ep, struct dummy_ep, ep); if (!_ep || !desc || ep->desc || _ep->name == ep0name || desc->bDescriptorType != USB_DT_ENDPOINT) if (!the_controller->driver || !is_enabled ()) return -ESHUTDOWN; max = desc->wMaxPacketSize & 0x3ff; /* drivers must not request bad settings, since lower levels * (hardware or its drivers) may not check. some endpoints * can't do iso, many have maxpacket limitations, etc. * * since this "hardware" driver is here to help debugging, we * have some extra sanity checks. (there could be more though, * especially for "ep9out" style fixed function ones.) */ dum = container_of (ep->gadget, struct dummy, gadget); retval = -EINVAL; switch (desc->bmAttributes & 0x03) { case USB_ENDPOINT_XFER_BULK: if (strstr (ep->ep.name, "-iso") || strstr (ep->ep.name, "-int")) { goto done; } switch (dum->gadget.speed) { case USB_SPEED_HIGH: if (max == 512) break; /* conserve return statements */ default: switch (max) { case 8: case 16: case 32: case 64: /* we'll fake any legal size */ break; default: case USB_SPEED_LOW: goto done; } } break; case USB_ENDPOINT_XFER_INT: if (strstr (ep->ep.name, "-iso")) /* bulk is ok */ goto done; /* real hardware might not handle all packet sizes */ switch (dum->gadget.speed) { case USB_SPEED_HIGH: if (max <= 1024) break; /* save a return statement */ case USB_SPEED_FULL: if (max <= 64) break; /* save a return statement */ default: if (max <= 8) break; goto done; } break; case USB_ENDPOINT_XFER_ISOC: if (strstr (ep->ep.name, "-bulk") || strstr (ep->ep.name, "-int")) goto done; /* real hardware might not handle all packet sizes */ switch (dum->gadget.speed) { case USB_SPEED_HIGH: if (max <= 1024) break; /* save a return statement */ case USB_SPEED_FULL: if (max <= 1023) break; /* save a return statement */ default: goto done; } break; default: /* few chips support control except on ep0 */ goto done; } _ep->maxpacket = max; ep->desc = desc; dev_dbg (hardware, "enabled %s (ep%d%s-%s) maxpacket %d\n", _ep->name, desc->bEndpointAddress & 0x0f, (desc->bEndpointAddress & USB_DIR_IN) ? "in" : "out", ({ char *val; switch (desc->bmAttributes & 0x03) { case USB_ENDPOINT_XFER_BULK: val = "bulk"; break; case USB_ENDPOINT_XFER_ISOC: val = "iso"; break; case USB_ENDPOINT_XFER_INT: val = "intr"; break; default: val = "ctrl"; break; }; val; }), max); /* at this point real hardware should be NAKing transfers * to that endpoint, until a buffer is queued to it. */ retval = 0; done: return retval; } /* called with spinlock held */ static void nuke (struct dummy *dum, struct dummy_ep *ep) { while (!list_empty (&ep->queue)) { struct dummy_request *req; req = list_entry (ep->queue.next, struct dummy_request, queue); list_del_init (&req->queue); req->req.status = -ESHUTDOWN; spin_unlock (&dum->lock); req->req.complete (&ep->ep, &req->req); spin_lock (&dum->lock); } } static int dummy_disable (struct usb_ep *_ep) { struct dummy_ep *ep; struct dummy *dum; unsigned long flags; int retval; ep = container_of (_ep, struct dummy_ep, ep); if (!_ep || !ep->desc || _ep->name == ep0name) return -EINVAL; dum = ep_to_dummy (ep); spin_lock_irqsave (&dum->lock, flags); ep->desc = 0; retval = 0; nuke (dum, ep); spin_unlock_irqrestore (&dum->lock, flags); dev_dbg (hardware, "disabled %s\n", _ep->name); return retval; } static struct usb_request * dummy_alloc_request (struct usb_ep *_ep, int mem_flags) { struct dummy_ep *ep; struct dummy_request *req; ep = container_of (_ep, struct dummy_ep, ep); if (!_ep) return 0; req = kmalloc (sizeof *req, mem_flags); if (!req) return 0; memset (req, 0, sizeof *req); INIT_LIST_HEAD (&req->queue); return &req->req; } static void dummy_free_request (struct usb_ep *_ep, struct usb_request *_req) { struct dummy_ep *ep; struct dummy_request *req; ep = container_of (_ep, struct dummy_ep, ep); if (!ep || !_req || (!ep->desc && _ep->name != ep0name)) return; req = container_of (_req, struct dummy_request, req); WARN_ON (!list_empty (&req->queue)); kfree (req); } static void * dummy_alloc_buffer ( struct usb_ep *_ep, unsigned bytes, dma_addr_t *dma, int mem_flags ) { char *retval; if (!the_controller->driver) return 0; retval = kmalloc (bytes, mem_flags); *dma = (dma_addr_t) retval; return retval; } static void dummy_free_buffer ( struct usb_ep *_ep, void *buf, dma_addr_t dma, unsigned bytes ) { if (bytes) kfree (buf); } static void fifo_complete (struct usb_ep *ep, struct usb_request *req) { #if 0 dev_dbg (hardware, "fifo_complete: %d\n", req->status); #endif } static int dummy_queue (struct usb_ep *_ep, struct usb_request *_req, int mem_flags) { struct dummy_ep *ep; struct dummy_request *req; struct dummy *dum; unsigned long flags; req = container_of (_req, struct dummy_request, req); if (!_req || !list_empty (&req->queue) || !_req->complete) return -EINVAL; ep = container_of (_ep, struct dummy_ep, ep); if (!_ep || (!ep->desc && _ep->name != ep0name)) return -EINVAL; if (!the_controller->driver || !is_enabled ()) return -ESHUTDOWN; dum = container_of (ep->gadget, struct dummy, gadget); #if 0 dev_dbg (hardware, "ep %p queue req %p to %s, len %d buf %p\n", ep, _req, _ep->name, _req->length, _req->buf); #endif _req->status = -EINPROGRESS; _req->actual = 0; spin_lock_irqsave (&dum->lock, flags); /* implement an emulated single-request FIFO */ if (ep->desc && (ep->desc->bEndpointAddress & USB_DIR_IN) && list_empty (&dum->fifo_req.queue) && list_empty (&ep->queue) && _req->length <= FIFO_SIZE) { req = &dum->fifo_req; req->req = *_req; req->req.buf = dum->fifo_buf; memcpy (dum->fifo_buf, _req->buf, _req->length); req->req.context = dum; req->req.complete = fifo_complete; spin_unlock (&dum->lock); _req->actual = _req->length; _req->status = 0; _req->complete (_ep, _req); spin_lock (&dum->lock); } list_add_tail (&req->queue, &ep->queue); spin_unlock_irqrestore (&dum->lock, flags); /* real hardware would likely enable transfers here, in case * it'd been left NAKing. */ return 0; } static int dummy_dequeue (struct usb_ep *_ep, struct usb_request *_req) { struct dummy_ep *ep; struct dummy *dum; int retval = -EINVAL; unsigned long flags; struct dummy_request *req = 0; if (!the_controller->driver) return -ESHUTDOWN; if (!_ep || !_req) return retval; ep = container_of (_ep, struct dummy_ep, ep); dum = container_of (ep->gadget, struct dummy, gadget); spin_lock_irqsave (&dum->lock, flags); list_for_each_entry (req, &ep->queue, queue) { if (&req->req == _req) { list_del_init (&req->queue); _req->status = -ECONNRESET; retval = 0; break; } } spin_unlock_irqrestore (&dum->lock, flags); if (retval == 0) { dev_dbg (hardware, "dequeued req %p from %s, len %d buf %p\n", req, _ep->name, _req->length, _req->buf); _req->complete (_ep, _req); } return retval; } static int dummy_set_halt (struct usb_ep *_ep, int value) { struct dummy_ep *ep; if (!_ep) return -EINVAL; if (!the_controller->driver) return -ESHUTDOWN; ep = container_of (_ep, struct dummy_ep, ep); if (!value) ep->halted = 0; else if (ep->desc && (ep->desc->bEndpointAddress & USB_DIR_IN) && !list_empty (&ep->queue)) return -EAGAIN; else ep->halted = 1; /* FIXME clear emulated data toggle too */ return 0; } static const struct usb_ep_ops dummy_ep_ops = { .enable = dummy_enable, .disable = dummy_disable, .alloc_request = dummy_alloc_request, .free_request = dummy_free_request, .alloc_buffer = dummy_alloc_buffer, .free_buffer = dummy_free_buffer, /* map, unmap, ... eventually hook the "generic" dma calls */ .queue = dummy_queue, .dequeue = dummy_dequeue, .set_halt = dummy_set_halt, }; /*-------------------------------------------------------------------------*/ /* there are both host and device side versions of this call ... */ static int dummy_g_get_frame (struct usb_gadget *_gadget) { struct timeval tv; do_gettimeofday (&tv); return tv.tv_usec / 1000; } static const struct usb_gadget_ops dummy_ops = { .get_frame = dummy_g_get_frame, }; /*-------------------------------------------------------------------------*/ /* "function" sysfs attribute */ static ssize_t show_function (struct device *_dev, char *buf) { struct dummy *dum = the_controller; if (!dum->driver->function || strlen (dum->driver->function) > PAGE_SIZE) return 0; return snprintf (buf, PAGE_SIZE, "%s\n", dum->driver->function); } DEVICE_ATTR (function, S_IRUGO, show_function, NULL); /*-------------------------------------------------------------------------*/ /* * Driver registration/unregistration. * * This is basically hardware-specific; there's usually only one real USB * device (not host) controller since that's how USB devices are intended * to work. So most implementations of these api calls will rely on the * fact that only one driver will ever bind to the hardware. But curious * hardware can be built with discrete components, so the gadget API doesn't * require that assumption. * * For this emulator, it might be convenient to create a usb slave device * for each driver that registers: just add to a big root hub. */ static void dummy_udc_release (struct device *dev) { struct dummy *dum = gadget_dev_to_dummy (dev); complete (&dum->released); } static void dummy_hc_release (struct device *dev) { struct dummy *dum = dev_get_drvdata (dev); complete (&dum->released); } static int dummy_register_udc (struct dummy *dum) { int rc; strcpy (dum->gadget.dev.bus_id, "udc"); dum->gadget.dev.parent = &dum->pdev.dev; dum->gadget.dev.release = dummy_udc_release; rc = device_register (&dum->gadget.dev); if (rc == 0) device_create_file (&dum->gadget.dev, &dev_attr_function); return rc; } static void dummy_unregister_udc (struct dummy *dum) { device_remove_file (&dum->gadget.dev, &dev_attr_function); init_completion (&dum->released); device_unregister (&dum->gadget.dev); wait_for_completion (&dum->released); } int usb_gadget_register_driver (struct usb_gadget_driver *driver) { struct dummy *dum = the_controller; int retval, i; if (!dum) return -EINVAL; if (dum->driver) return -EBUSY; if (!driver->bind || !driver->unbind || !driver->setup || driver->speed == USB_SPEED_UNKNOWN) return -EINVAL; /* * SLAVE side init ... the layer above hardware, which * can't enumerate without help from the driver we're binding. */ dum->gadget.name = gadget_name; dum->gadget.ops = &dummy_ops; dum->gadget.is_dualspeed = 1; INIT_LIST_HEAD (&dum->gadget.ep_list); for (i = 0; i < DUMMY_ENDPOINTS; i++) { struct dummy_ep *ep = &dum->ep [i]; if (!ep_name [i]) break; ep->ep.name = ep_name [i]; ep->ep.ops = &dummy_ep_ops; list_add_tail (&ep->ep.ep_list, &dum->gadget.ep_list); ep->halted = ep->already_seen = ep->setup_stage = 0; ep->ep.maxpacket = ~0; ep->last_io = jiffies; ep->gadget = &dum->gadget; ep->desc = 0; INIT_LIST_HEAD (&ep->queue); } dum->gadget.ep0 = &dum->ep [0].ep; dum->ep [0].ep.maxpacket = 64; list_del_init (&dum->ep [0].ep.ep_list); INIT_LIST_HEAD(&dum->fifo_req.queue); dum->driver = driver; dum->gadget.dev.driver = &driver->driver; dev_dbg (hardware, "binding gadget driver '%s'\n", driver->driver.name); if ((retval = driver->bind (&dum->gadget)) != 0) { dum->driver = 0; dum->gadget.dev.driver = 0; return retval; } // FIXME: Check these calls for errors and re-order driver->driver.bus = dum->pdev.dev.bus; driver_register (&driver->driver); device_bind_driver (&dum->gadget.dev); /* khubd will enumerate this in a while */ dum->port_status |= USB_PORT_STAT_CONNECTION | (1 << USB_PORT_FEAT_C_CONNECTION); return 0; } EXPORT_SYMBOL (usb_gadget_register_driver); /* caller must hold lock */ static void stop_activity (struct dummy *dum, struct usb_gadget_driver *driver) { struct dummy_ep *ep; /* prevent any more requests */ dum->hdev = 0; dum->address = 0; /* this might not succeed ... */ del_timer (&dum->timer); /* nuke any pending requests first, so driver i/o is quiesced */ list_for_each_entry (ep, &dum->gadget.ep_list, ep.ep_list) nuke (dum, ep); /* driver now does any non-usb quiescing necessary */ if (driver) { spin_unlock (&dum->lock); driver->disconnect (&dum->gadget); spin_lock (&dum->lock); } } int usb_gadget_unregister_driver (struct usb_gadget_driver *driver) { struct dummy *dum = the_controller; unsigned long flags; if (!dum) return -ENODEV; if (!driver || driver != dum->driver) return -EINVAL; dev_dbg (hardware, "unregister gadget driver '%s'\n", driver->driver.name); spin_lock_irqsave (&dum->lock, flags); stop_activity (dum, driver); dum->port_status &= ~USB_PORT_STAT_CONNECTION; dum->port_status |= (1 << USB_PORT_FEAT_C_CONNECTION); spin_unlock_irqrestore (&dum->lock, flags); driver->unbind (&dum->gadget); dum->driver = 0; device_release_driver (&dum->gadget.dev); driver_unregister (&driver->driver); del_timer_sync (&dum->timer); return 0; } EXPORT_SYMBOL (usb_gadget_unregister_driver); #undef is_enabled int net2280_set_fifo_mode (struct usb_gadget *gadget, int mode) { return -ENOSYS; } EXPORT_SYMBOL (net2280_set_fifo_mode); /*-------------------------------------------------------------------------*/ /* MASTER/HOST SIDE DRIVER * * this uses the hcd framework to hook up to host side drivers. * its root hub will only have one device, otherwise it acts like * a normal host controller. * * when urbs are queued, they're just stuck on a list that we * scan in a timer callback. that callback connects writes from * the host with reads from the device, and so on, based on the * usb 2.0 rules. */ static int dummy_urb_enqueue ( struct usb_hcd *hcd, struct urb *urb, int mem_flags ) { struct dummy *dum; unsigned long flags; /* patch to usb_sg_init() is in 2.5.60 */ BUG_ON (!urb->transfer_buffer && urb->transfer_buffer_length); dum = container_of (hcd, struct dummy, hcd); spin_lock_irqsave (&dum->lock, flags); if (!dum->hdev) dum->hdev = urb->dev->hcpriv; urb->hcpriv = dum; if (usb_pipetype (urb->pipe) == PIPE_CONTROL) urb->error_count = 1; /* mark as a new urb */ /* kick the scheduler, it'll do the rest */ if (!timer_pending (&dum->timer)) mod_timer (&dum->timer, jiffies + 1); spin_unlock_irqrestore (&dum->lock, flags); return 0; } static int dummy_urb_dequeue (struct usb_hcd *hcd, struct urb *urb) { /* giveback happens automatically in timer callback */ return 0; } static void maybe_set_status (struct urb *urb, int status) { spin_lock (&urb->lock); if (urb->status == -EINPROGRESS) urb->status = status; spin_unlock (&urb->lock); } /* transfer up to a frame's worth; caller must own lock */ static int transfer (struct dummy *dum, struct urb *urb, struct dummy_ep *ep, int limit) { struct dummy_request *req; top: /* if there's no request queued, the device is NAKing; return */ list_for_each_entry (req, &ep->queue, queue) { unsigned host_len, dev_len, len; int is_short, to_host; int rescan = 0; /* 1..N packets of ep->ep.maxpacket each ... the last one * may be short (including zero length). * * writer can send a zlp explicitly (length 0) or implicitly * (length mod maxpacket zero, and 'zero' flag); they always * terminate reads. */ host_len = urb->transfer_buffer_length - urb->actual_length; dev_len = req->req.length - req->req.actual; len = min (host_len, dev_len); /* FIXME update emulated data toggle too */ to_host = usb_pipein (urb->pipe); if (unlikely (len == 0)) is_short = 1; else { char *ubuf, *rbuf; /* not enough bandwidth left? */ if (limit < ep->ep.maxpacket && limit < len) break; len = min (len, (unsigned) limit); if (len == 0) break; /* use an extra pass for the final short packet */ if (len > ep->ep.maxpacket) { rescan = 1; len -= (len % ep->ep.maxpacket); } is_short = (len % ep->ep.maxpacket) != 0; /* else transfer packet(s) */ ubuf = urb->transfer_buffer + urb->actual_length; rbuf = req->req.buf + req->req.actual; if (to_host) memcpy (ubuf, rbuf, len); else memcpy (rbuf, ubuf, len); ep->last_io = jiffies; limit -= len; urb->actual_length += len; req->req.actual += len; } /* short packets terminate, maybe with overflow/underflow. * it's only really an error to write too much. * * partially filling a buffer optionally blocks queue advances * (so completion handlers can clean up the queue) but we don't * need to emulate such data-in-flight. so we only show part * of the URB_SHORT_NOT_OK effect: completion status. */ if (is_short) { if (host_len == dev_len) { req->req.status = 0; maybe_set_status (urb, 0); } else if (to_host) { req->req.status = 0; if (dev_len > host_len) maybe_set_status (urb, -EOVERFLOW); else maybe_set_status (urb, (urb->transfer_flags & URB_SHORT_NOT_OK) ? -EREMOTEIO : 0); } else if (!to_host) { maybe_set_status (urb, 0); if (host_len > dev_len) req->req.status = -EOVERFLOW; else req->req.status = 0; } /* many requests terminate without a short packet */ } else { if (req->req.length == req->req.actual && !req->req.zero) req->req.status = 0; if (urb->transfer_buffer_length == urb->actual_length && !(urb->transfer_flags & URB_ZERO_PACKET)) { maybe_set_status (urb, 0); } } /* device side completion --> continuable */ if (req->req.status != -EINPROGRESS) { list_del_init (&req->queue); spin_unlock (&dum->lock); req->req.complete (&ep->ep, &req->req); spin_lock (&dum->lock); /* requests might have been unlinked... */ rescan = 1; } /* host side completion --> terminate */ if (urb->status != -EINPROGRESS) break; /* rescan to continue with any other queued i/o */ if (rescan) goto top; } return limit; } static int periodic_bytes (struct dummy *dum, struct dummy_ep *ep) { int limit = ep->ep.maxpacket; if (dum->gadget.speed == USB_SPEED_HIGH) { int tmp; /* high bandwidth mode */ tmp = ep->desc->wMaxPacketSize; tmp = le16_to_cpu (tmp); tmp = (tmp >> 11) & 0x03; tmp *= 8 /* applies to entire frame */; limit += limit * tmp; } return limit; } static struct dummy_ep *find_endpoint (struct dummy *dum, u8 address) { int i; if ((address & ~USB_DIR_IN) == 0) return &dum->ep [0]; for (i = 1; i < DUMMY_ENDPOINTS; i++) { struct dummy_ep *ep = &dum->ep [i]; if (!ep->desc) continue; if (ep->desc->bEndpointAddress == address) return ep; } return NULL; } #define Dev_Request (USB_TYPE_STANDARD | USB_RECIP_DEVICE) #define Dev_InRequest (Dev_Request | USB_DIR_IN) #define Intf_Request (USB_TYPE_STANDARD | USB_RECIP_INTERFACE) #define Intf_InRequest (Intf_Request | USB_DIR_IN) #define Ep_Request (USB_TYPE_STANDARD | USB_RECIP_ENDPOINT) #define Ep_InRequest (Ep_Request | USB_DIR_IN) /* drive both sides of the transfers; looks like irq handlers to * both drivers except the callbacks aren't in_irq(). */ static void dummy_timer (unsigned long _dum) { struct dummy *dum = (struct dummy *) _dum; struct hcd_dev *hdev = dum->hdev; struct list_head *entry, *tmp; unsigned long flags; int limit, total; int i; if (!hdev) { dev_err (hardware, "timer fired with device gone?\n"); return; } /* simplistic model for one frame's bandwidth */ switch (dum->gadget.speed) { case USB_SPEED_LOW: total = 8/*bytes*/ * 12/*packets*/; break; case USB_SPEED_FULL: total = 64/*bytes*/ * 19/*packets*/; break; case USB_SPEED_HIGH: total = 512/*bytes*/ * 13/*packets*/ * 8/*uframes*/; break; default: dev_err (hardware, "bogus device speed\n"); return; } /* FIXME if HZ != 1000 this will probably misbehave ... */ /* look at each urb queued by the host side driver */ spin_lock_irqsave (&dum->lock, flags); for (i = 0; i < DUMMY_ENDPOINTS; i++) { if (!ep_name [i]) break; dum->ep [i].already_seen = 0; } restart: list_for_each_safe (entry, tmp, &hdev->urb_list) { struct urb *urb; struct dummy_request *req; u8 address; struct dummy_ep *ep = 0; int type; urb = list_entry (entry, struct urb, urb_list); if (urb->status != -EINPROGRESS) { /* likely it was just unlinked */ goto return_urb; } type = usb_pipetype (urb->pipe); /* used up this frame's non-periodic bandwidth? * FIXME there's infinite bandwidth for control and * periodic transfers ... unrealistic. */ if (total <= 0 && type == PIPE_BULK) continue; /* find the gadget's ep for this request (if configured) */ address = usb_pipeendpoint (urb->pipe); if (usb_pipein (urb->pipe)) address |= USB_DIR_IN; ep = find_endpoint(dum, address); if (!ep) { /* set_configuration() disagreement */ dev_err (hardware, "no ep configured for urb %p\n", urb); maybe_set_status (urb, -ETIMEDOUT); goto return_urb; } if (ep->already_seen) continue; ep->already_seen = 1; if (ep == &dum->ep [0] && urb->error_count) { ep->setup_stage = 1; /* a new urb */ urb->error_count = 0; } if (ep->halted && !ep->setup_stage) { /* NOTE: must not be iso! */ dev_dbg (hardware, "ep %s halted, urb %p\n", ep->ep.name, urb); maybe_set_status (urb, -EPIPE); goto return_urb; } /* FIXME make sure both ends agree on maxpacket */ /* handle control requests */ if (ep == &dum->ep [0] && ep->setup_stage) { struct usb_ctrlrequest setup; int value = 1; struct dummy_ep *ep2; setup = *(struct usb_ctrlrequest*) urb->setup_packet; le16_to_cpus (&setup.wIndex); le16_to_cpus (&setup.wValue); le16_to_cpus (&setup.wLength); if (setup.wLength != urb->transfer_buffer_length) { maybe_set_status (urb, -EOVERFLOW); goto return_urb; } /* paranoia, in case of stale queued data */ list_for_each_entry (req, &ep->queue, queue) { list_del_init (&req->queue); req->req.status = -EOVERFLOW; dev_dbg (hardware, "stale req = %p\n", req); spin_unlock (&dum->lock); req->req.complete (&ep->ep, &req->req); spin_lock (&dum->lock); ep->already_seen = 0; goto restart; } /* gadget driver never sees set_address or operations * on standard feature flags. some hardware doesn't * even expose them. */ ep->last_io = jiffies; ep->setup_stage = 0; ep->halted = 0; switch (setup.bRequest) { case USB_REQ_SET_ADDRESS: if (setup.bRequestType != Dev_Request) break; if (dum->address != 0) { maybe_set_status (urb, -ETIMEDOUT); urb->actual_length = 0; goto return_urb; } dum->address = setup.wValue; maybe_set_status (urb, 0); dev_dbg (hardware, "set_address = %d\n", setup.wValue); value = 0; break; case USB_REQ_SET_FEATURE: if (setup.bRequestType == Dev_Request) { // remote wakeup, and (hs) test mode value = -EOPNOTSUPP; } else if (setup.bRequestType == Ep_Request) { // endpoint halt ep2 = find_endpoint (dum, setup.wIndex); if (!ep2) { value = -EOPNOTSUPP; break; } ep2->halted = 1; value = 0; maybe_set_status (urb, 0); } break; case USB_REQ_CLEAR_FEATURE: if (setup.bRequestType == Dev_Request) { // remote wakeup value = 0; maybe_set_status (urb, 0); } else if (setup.bRequestType == Ep_Request) { // endpoint halt ep2 = find_endpoint (dum, setup.wIndex); if (!ep2) { value = -EOPNOTSUPP; break; } ep2->halted = 0; value = 0; maybe_set_status (urb, 0); } break; case USB_REQ_GET_STATUS: if (setup.bRequestType == Dev_InRequest || setup.bRequestType == Intf_InRequest || setup.bRequestType == Ep_InRequest ) { char *buf; // device: remote wakeup, selfpowered // interface: nothing // endpoint: halt buf = (char *)urb->transfer_buffer; if (urb->transfer_buffer_length > 0) { if (setup.bRequestType == Ep_InRequest) { ep2 = find_endpoint (dum, setup.wIndex); if (!ep2) { value = -EOPNOTSUPP; break; } buf [0] = ep2->halted; } else buf [0] = 0; } if (urb->transfer_buffer_length > 1) buf [1] = 0; urb->actual_length = min (2, urb->transfer_buffer_length); value = 0; maybe_set_status (urb, 0); } break; } /* gadget driver handles all other requests. block * until setup() returns; no reentrancy issues etc. */ if (value > 0) { spin_unlock (&dum->lock); value = dum->driver->setup (&dum->gadget, &setup); spin_lock (&dum->lock); if (value >= 0) { /* no delays (max 64KB data stage) */ limit = 64*1024; goto treat_control_like_bulk; } /* error, see below */ } if (value < 0) { if (value != -EOPNOTSUPP) dev_dbg (hardware, "setup --> %d\n", value); maybe_set_status (urb, -EPIPE); urb->actual_length = 0; } goto return_urb; } /* non-control requests */ limit = total; switch (usb_pipetype (urb->pipe)) { case PIPE_ISOCHRONOUS: /* FIXME is it urb->interval since the last xfer? * use urb->iso_frame_desc[i]. * complete whether or not ep has requests queued. * report random errors, to debug drivers. */ limit = max (limit, periodic_bytes (dum, ep)); maybe_set_status (urb, -ENOSYS); break; case PIPE_INTERRUPT: /* FIXME is it urb->interval since the last xfer? * this almost certainly polls too fast. */ limit = max (limit, periodic_bytes (dum, ep)); /* FALLTHROUGH */ // case PIPE_BULK: case PIPE_CONTROL: default: treat_control_like_bulk: ep->last_io = jiffies; total = transfer (dum, urb, ep, limit); break; } /* incomplete transfer? */ if (urb->status == -EINPROGRESS) continue; return_urb: urb->hcpriv = 0; if (ep) ep->already_seen = ep->setup_stage = 0; spin_unlock (&dum->lock); usb_hcd_giveback_urb (&dum->hcd, urb, 0); spin_lock (&dum->lock); goto restart; } /* want a 1 msec delay here */ if (!list_empty (&hdev->urb_list)) mod_timer (&dum->timer, jiffies + 1); spin_unlock_irqrestore (&dum->lock, flags); } /*-------------------------------------------------------------------------*/ #define PORT_C_MASK \ ((1 << USB_PORT_FEAT_C_CONNECTION) \ | (1 << USB_PORT_FEAT_C_ENABLE) \ | (1 << USB_PORT_FEAT_C_SUSPEND) \ | (1 << USB_PORT_FEAT_C_OVER_CURRENT) \ | (1 << USB_PORT_FEAT_C_RESET)) static int dummy_hub_status (struct usb_hcd *hcd, char *buf) { struct dummy *dum; unsigned long flags; int retval; dum = container_of (hcd, struct dummy, hcd); spin_lock_irqsave (&dum->lock, flags); if (!(dum->port_status & PORT_C_MASK)) retval = 0; else { *buf = (1 << 1); dev_dbg (hardware, "port status 0x%08x has changes\n", dum->port_status); retval = 1; } spin_unlock_irqrestore (&dum->lock, flags); return retval; } static inline void hub_descriptor (struct usb_hub_descriptor *desc) { memset (desc, 0, sizeof *desc); desc->bDescriptorType = 0x29; desc->bDescLength = 9; desc->wHubCharacteristics = __constant_cpu_to_le16 (0x0001); desc->bNbrPorts = 1; desc->bitmap [0] = 0xff; desc->bitmap [1] = 0xff; } static int dummy_hub_control ( struct usb_hcd *hcd, u16 typeReq, u16 wValue, u16 wIndex, char *buf, u16 wLength ) { struct dummy *dum; int retval = 0; unsigned long flags; dum = container_of (hcd, struct dummy, hcd); spin_lock_irqsave (&dum->lock, flags); switch (typeReq) { case ClearHubFeature: break; case ClearPortFeature: // FIXME won't some of these need special handling? dum->port_status &= ~(1 << wValue); break; case GetHubDescriptor: hub_descriptor ((struct usb_hub_descriptor *) buf); break; case GetHubStatus: *(u32 *) buf = __constant_cpu_to_le32 (0); break; case GetPortStatus: if (wIndex != 1) retval = -EPIPE; ((u16 *) buf)[0] = cpu_to_le16 (dum->port_status); ((u16 *) buf)[1] = cpu_to_le16 (dum->port_status >> 16); break; case SetHubFeature: retval = -EPIPE; break; case SetPortFeature: if (wValue == USB_PORT_FEAT_RESET) { /* if it's already running, disconnect first */ if (dum->port_status & USB_PORT_STAT_ENABLE) { dum->port_status &= ~(USB_PORT_STAT_ENABLE | USB_PORT_STAT_LOW_SPEED | USB_PORT_STAT_HIGH_SPEED); if (dum->driver) { dev_dbg (hardware, "disconnect\n"); stop_activity (dum, dum->driver); } /* FIXME test that code path! */ } else dum->port_status |= (1 << USB_PORT_FEAT_C_ENABLE); dum->port_status |= USB_PORT_STAT_ENABLE | (1 << USB_PORT_FEAT_C_RESET); if (dum->driver) { /* give it the best speed we agree on */ dum->gadget.speed = dum->driver->speed; dum->gadget.ep0->maxpacket = 64; switch (dum->gadget.speed) { case USB_SPEED_HIGH: dum->port_status |= USB_PORT_STAT_HIGH_SPEED; break; case USB_SPEED_LOW: dum->gadget.ep0->maxpacket = 8; dum->port_status |= USB_PORT_STAT_LOW_SPEED; break; default: dum->gadget.speed = USB_SPEED_FULL; break; } } } else dum->port_status |= (1 << wValue); break; default: dev_dbg (hardware, "hub control req%04x v%04x i%04x l%d\n", typeReq, wValue, wIndex, wLength); /* "protocol stall" on error */ retval = -EPIPE; } spin_unlock_irqrestore (&dum->lock, flags); return retval; } /*-------------------------------------------------------------------------*/ static struct usb_hcd *dummy_alloc (void) { struct dummy *dum; dum = kmalloc (sizeof *dum, SLAB_KERNEL); if (dum == NULL) return 0; memset (dum, 0, sizeof *dum); return &dum->hcd; } static void dummy_free (struct usb_hcd *hcd) { struct dummy *dum; dum = container_of (hcd, struct dummy, hcd); WARN_ON (dum->driver != 0); kfree (dum); } /*-------------------------------------------------------------------------*/ static inline ssize_t show_urb (char *buf, size_t size, struct urb *urb) { int ep = usb_pipeendpoint (urb->pipe); return snprintf (buf, size, "urb/%p %s ep%d%s%s len %d/%d\n", urb, ({ char *s; switch (urb->dev->speed) { case USB_SPEED_LOW: s = "ls"; break; case USB_SPEED_FULL: s = "fs"; break; case USB_SPEED_HIGH: s = "hs"; break; default: s = "?"; break; }; s; }), ep, ep ? (usb_pipein (urb->pipe) ? "in" : "out") : "", ({ char *s; \ switch (usb_pipetype (urb->pipe)) { \ case PIPE_CONTROL: s = ""; break; \ case PIPE_BULK: s = "-bulk"; break; \ case PIPE_INTERRUPT: s = "-int"; break; \ default: s = "-iso"; break; \ }; s;}), urb->actual_length, urb->transfer_buffer_length); } static ssize_t show_urbs (struct device *dev, char *buf) { struct dummy *dum = dev_get_drvdata(dev); struct urb *urb; size_t size = 0; unsigned long flags; spin_lock_irqsave (&dum->lock, flags); if (dum->hdev) { list_for_each_entry (urb, &dum->hdev->urb_list, urb_list) { size_t temp; temp = show_urb (buf, PAGE_SIZE - size, urb); buf += temp; size += temp; } } spin_unlock_irqrestore (&dum->lock, flags); return size; } static DEVICE_ATTR (urbs, S_IRUGO, show_urbs, NULL); static const struct hc_driver dummy_hcd; static int dummy_start (struct usb_hcd *hcd) { struct dummy *dum; struct usb_bus *bus; struct usb_device *root; int retval; dum = container_of (hcd, struct dummy, hcd); /* * MASTER side init ... we emulate a root hub that'll only ever * talk to one device (the slave side). Also appears in sysfs, * just like more familiar pci-based HCDs. */ spin_lock_init (&dum->lock); retval = driver_register (&dummy_driver); if (retval < 0) return retval; dum->pdev.name = "hc"; dum->pdev.dev.driver = &dummy_driver; dev_set_drvdata(&dum->pdev.dev, dum); dum->pdev.dev.release = dummy_hc_release; retval = platform_device_register (&dum->pdev); if (retval < 0) { driver_unregister (&dummy_driver); return retval; } dev_info (&dum->pdev.dev, "%s, driver " DRIVER_VERSION "\n", driver_desc); hcd->self.controller = &dum->pdev.dev; /* FIXME 'urbs' should be a per-device thing, maybe in usbcore */ device_create_file (hcd->self.controller, &dev_attr_urbs); init_timer (&dum->timer); dum->timer.function = dummy_timer; dum->timer.data = (unsigned long) dum; /* root hub will appear as another device */ dum->hcd.driver = (struct hc_driver *) &dummy_hcd; dum->hcd.description = dummy_hcd.description; dum->hcd.product_desc = "Dummy host controller"; bus = hcd_to_bus (&dum->hcd); bus->bus_name = dum->pdev.dev.bus_id; usb_bus_init (bus); bus->op = &usb_hcd_operations; bus->hcpriv = &dum->hcd; /* FIXME don't require the pci-based buffer/alloc impls; * the "generic dma" implementation still requires them, * it's not very generic yet. */ if ((retval = hcd_buffer_create (&dum->hcd)) != 0) { clean0: init_completion (&dum->released); platform_device_unregister (&dum->pdev); wait_for_completion (&dum->released); driver_unregister (&dummy_driver); return retval; } INIT_LIST_HEAD (&hcd->dev_list); usb_register_bus (bus); bus->root_hub = root = usb_alloc_dev (0, bus, 0); if (!root) { retval = -ENOMEM; clean1: hcd_buffer_destroy (&dum->hcd); usb_deregister_bus (bus); goto clean0; } /* root hub enters addressed state... */ dum->hcd.state = USB_STATE_RUNNING; root->speed = USB_SPEED_HIGH; /* ...then configured, so khubd sees us. */ if ((retval = hcd_register_root (&dum->hcd)) != 0) { bus->root_hub = 0; usb_put_dev (root); clean2: dum->hcd.state = USB_STATE_QUIESCING; goto clean1; } dum->started = 1; if ((retval = dummy_register_udc (dum)) != 0) { dum->started = 0; usb_disconnect (&bus->root_hub); goto clean2; } return 0; } static void dummy_stop (struct usb_hcd *hcd) { struct dummy *dum; struct usb_bus *bus; dum = container_of (hcd, struct dummy, hcd); if (!dum->started) return; dum->started = 0; usb_gadget_unregister_driver (dum->driver); dummy_unregister_udc (dum); bus = hcd_to_bus (&dum->hcd); hcd->state = USB_STATE_QUIESCING; dev_dbg (hardware, "remove root hub\n"); usb_disconnect (&bus->root_hub); hcd_buffer_destroy (&dum->hcd); usb_deregister_bus (bus); dev_info (hardware, "stopped\n"); device_remove_file (hcd->self.controller, &dev_attr_urbs); init_completion (&dum->released); platform_device_unregister (&dum->pdev); wait_for_completion (&dum->released); driver_unregister (&dummy_driver); } /*-------------------------------------------------------------------------*/ static int dummy_h_get_frame (struct usb_hcd *hcd) { return dummy_g_get_frame (0); } static const struct hc_driver dummy_hcd = { .description = (char *) driver_name, .flags = HCD_USB2, .start = dummy_start, .stop = dummy_stop, .hcd_alloc = dummy_alloc, .hcd_free = dummy_free, .urb_enqueue = dummy_urb_enqueue, .urb_dequeue = dummy_urb_dequeue, .get_frame_number = dummy_h_get_frame, .hub_status_data = dummy_hub_status, .hub_control = dummy_hub_control, }; /*-------------------------------------------------------------------------*/ static int __init init (void) { struct usb_hcd *hcd; int value; if (usb_disabled ()) return -ENODEV; if ((hcd = dummy_alloc ()) == 0) return -ENOMEM; the_controller = container_of (hcd, struct dummy, hcd); value = dummy_start (hcd); if (value != 0) { dummy_free (hcd); the_controller = 0; } return value; } module_init (init); static void __exit cleanup (void) { dummy_stop (&the_controller->hcd); dummy_free (&the_controller->hcd); the_controller = 0; } module_exit (cleanup);