1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * USB Raw Gadget driver. 4 * See Documentation/usb/raw-gadget.rst for more details. 5 * 6 * Copyright (c) 2020 Google, Inc. 7 * Author: Andrey Konovalov <andreyknvl@gmail.com> 8 */ 9 10 #include <linux/compiler.h> 11 #include <linux/ctype.h> 12 #include <linux/debugfs.h> 13 #include <linux/delay.h> 14 #include <linux/idr.h> 15 #include <linux/kref.h> 16 #include <linux/miscdevice.h> 17 #include <linux/module.h> 18 #include <linux/semaphore.h> 19 #include <linux/sched.h> 20 #include <linux/slab.h> 21 #include <linux/uaccess.h> 22 #include <linux/wait.h> 23 24 #include <linux/usb.h> 25 #include <linux/usb/ch9.h> 26 #include <linux/usb/ch11.h> 27 #include <linux/usb/gadget.h> 28 #include <linux/usb/composite.h> 29 30 #include <uapi/linux/usb/raw_gadget.h> 31 32 #define DRIVER_DESC "USB Raw Gadget" 33 #define DRIVER_NAME "raw-gadget" 34 35 MODULE_DESCRIPTION(DRIVER_DESC); 36 MODULE_AUTHOR("Andrey Konovalov"); 37 MODULE_LICENSE("GPL"); 38 39 /*----------------------------------------------------------------------*/ 40 41 static DEFINE_IDA(driver_id_numbers); 42 #define DRIVER_DRIVER_NAME_LENGTH_MAX 32 43 44 #define RAW_EVENT_QUEUE_SIZE 16 45 46 struct raw_event_queue { 47 /* See the comment in raw_event_queue_fetch() for locking details. */ 48 spinlock_t lock; 49 struct semaphore sema; 50 struct usb_raw_event *events[RAW_EVENT_QUEUE_SIZE]; 51 int size; 52 }; 53 54 static void raw_event_queue_init(struct raw_event_queue *queue) 55 { 56 spin_lock_init(&queue->lock); 57 sema_init(&queue->sema, 0); 58 queue->size = 0; 59 } 60 61 static int raw_event_queue_add(struct raw_event_queue *queue, 62 enum usb_raw_event_type type, size_t length, const void *data) 63 { 64 unsigned long flags; 65 struct usb_raw_event *event; 66 67 spin_lock_irqsave(&queue->lock, flags); 68 if (queue->size >= RAW_EVENT_QUEUE_SIZE) { 69 spin_unlock_irqrestore(&queue->lock, flags); 70 return -ENOMEM; 71 } 72 event = kmalloc(sizeof(*event) + length, GFP_ATOMIC); 73 if (!event) { 74 spin_unlock_irqrestore(&queue->lock, flags); 75 return -ENOMEM; 76 } 77 event->type = type; 78 event->length = length; 79 if (event->length) 80 memcpy(&event->data[0], data, length); 81 queue->events[queue->size] = event; 82 queue->size++; 83 up(&queue->sema); 84 spin_unlock_irqrestore(&queue->lock, flags); 85 return 0; 86 } 87 88 static struct usb_raw_event *raw_event_queue_fetch( 89 struct raw_event_queue *queue) 90 { 91 int ret; 92 unsigned long flags; 93 struct usb_raw_event *event; 94 95 /* 96 * This function can be called concurrently. We first check that 97 * there's at least one event queued by decrementing the semaphore, 98 * and then take the lock to protect queue struct fields. 99 */ 100 ret = down_interruptible(&queue->sema); 101 if (ret) 102 return ERR_PTR(ret); 103 spin_lock_irqsave(&queue->lock, flags); 104 /* 105 * queue->size must have the same value as queue->sema counter (before 106 * the down_interruptible() call above), so this check is a fail-safe. 107 */ 108 if (WARN_ON(!queue->size)) { 109 spin_unlock_irqrestore(&queue->lock, flags); 110 return ERR_PTR(-ENODEV); 111 } 112 event = queue->events[0]; 113 queue->size--; 114 memmove(&queue->events[0], &queue->events[1], 115 queue->size * sizeof(queue->events[0])); 116 spin_unlock_irqrestore(&queue->lock, flags); 117 return event; 118 } 119 120 static void raw_event_queue_destroy(struct raw_event_queue *queue) 121 { 122 int i; 123 124 for (i = 0; i < queue->size; i++) 125 kfree(queue->events[i]); 126 queue->size = 0; 127 } 128 129 /*----------------------------------------------------------------------*/ 130 131 struct raw_dev; 132 133 enum ep_state { 134 STATE_EP_DISABLED, 135 STATE_EP_ENABLED, 136 }; 137 138 struct raw_ep { 139 struct raw_dev *dev; 140 enum ep_state state; 141 struct usb_ep *ep; 142 u8 addr; 143 struct usb_request *req; 144 bool urb_queued; 145 bool disabling; 146 ssize_t status; 147 }; 148 149 enum dev_state { 150 STATE_DEV_INVALID = 0, 151 STATE_DEV_OPENED, 152 STATE_DEV_INITIALIZED, 153 STATE_DEV_REGISTERING, 154 STATE_DEV_RUNNING, 155 STATE_DEV_CLOSED, 156 STATE_DEV_FAILED 157 }; 158 159 struct raw_dev { 160 struct kref count; 161 spinlock_t lock; 162 163 const char *udc_name; 164 struct usb_gadget_driver driver; 165 166 /* Reference to misc device: */ 167 struct device *dev; 168 169 /* Make driver names unique */ 170 int driver_id_number; 171 172 /* Protected by lock: */ 173 enum dev_state state; 174 bool gadget_registered; 175 struct usb_gadget *gadget; 176 struct usb_request *req; 177 bool ep0_in_pending; 178 bool ep0_out_pending; 179 bool ep0_urb_queued; 180 ssize_t ep0_status; 181 struct raw_ep eps[USB_RAW_EPS_NUM_MAX]; 182 int eps_num; 183 184 struct completion ep0_done; 185 struct raw_event_queue queue; 186 }; 187 188 static struct raw_dev *dev_new(void) 189 { 190 struct raw_dev *dev; 191 192 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 193 if (!dev) 194 return NULL; 195 /* Matches kref_put() in raw_release(). */ 196 kref_init(&dev->count); 197 spin_lock_init(&dev->lock); 198 init_completion(&dev->ep0_done); 199 raw_event_queue_init(&dev->queue); 200 dev->driver_id_number = -1; 201 return dev; 202 } 203 204 static void dev_free(struct kref *kref) 205 { 206 struct raw_dev *dev = container_of(kref, struct raw_dev, count); 207 int i; 208 209 kfree(dev->udc_name); 210 kfree(dev->driver.udc_name); 211 kfree(dev->driver.driver.name); 212 if (dev->driver_id_number >= 0) 213 ida_free(&driver_id_numbers, dev->driver_id_number); 214 if (dev->req) { 215 if (dev->ep0_urb_queued) 216 usb_ep_dequeue(dev->gadget->ep0, dev->req); 217 usb_ep_free_request(dev->gadget->ep0, dev->req); 218 } 219 raw_event_queue_destroy(&dev->queue); 220 for (i = 0; i < dev->eps_num; i++) { 221 if (dev->eps[i].state == STATE_EP_DISABLED) 222 continue; 223 usb_ep_disable(dev->eps[i].ep); 224 usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req); 225 kfree(dev->eps[i].ep->desc); 226 dev->eps[i].state = STATE_EP_DISABLED; 227 } 228 kfree(dev); 229 } 230 231 /*----------------------------------------------------------------------*/ 232 233 static int raw_queue_event(struct raw_dev *dev, 234 enum usb_raw_event_type type, size_t length, const void *data) 235 { 236 int ret = 0; 237 unsigned long flags; 238 239 ret = raw_event_queue_add(&dev->queue, type, length, data); 240 if (ret < 0) { 241 spin_lock_irqsave(&dev->lock, flags); 242 dev->state = STATE_DEV_FAILED; 243 spin_unlock_irqrestore(&dev->lock, flags); 244 } 245 return ret; 246 } 247 248 static void gadget_ep0_complete(struct usb_ep *ep, struct usb_request *req) 249 { 250 struct raw_dev *dev = req->context; 251 unsigned long flags; 252 253 spin_lock_irqsave(&dev->lock, flags); 254 if (req->status) 255 dev->ep0_status = req->status; 256 else 257 dev->ep0_status = req->actual; 258 if (dev->ep0_in_pending) 259 dev->ep0_in_pending = false; 260 else 261 dev->ep0_out_pending = false; 262 spin_unlock_irqrestore(&dev->lock, flags); 263 264 complete(&dev->ep0_done); 265 } 266 267 static u8 get_ep_addr(const char *name) 268 { 269 /* If the endpoint has fixed function (named as e.g. "ep12out-bulk"), 270 * parse the endpoint address from its name. We deliberately use 271 * deprecated simple_strtoul() function here, as the number isn't 272 * followed by '\0' nor '\n'. 273 */ 274 if (isdigit(name[2])) 275 return simple_strtoul(&name[2], NULL, 10); 276 /* Otherwise the endpoint is configurable (named as e.g. "ep-a"). */ 277 return USB_RAW_EP_ADDR_ANY; 278 } 279 280 static int gadget_bind(struct usb_gadget *gadget, 281 struct usb_gadget_driver *driver) 282 { 283 int ret = 0, i = 0; 284 struct raw_dev *dev = container_of(driver, struct raw_dev, driver); 285 struct usb_request *req; 286 struct usb_ep *ep; 287 unsigned long flags; 288 289 if (strcmp(gadget->name, dev->udc_name) != 0) 290 return -ENODEV; 291 292 set_gadget_data(gadget, dev); 293 req = usb_ep_alloc_request(gadget->ep0, GFP_KERNEL); 294 if (!req) { 295 dev_err(&gadget->dev, "usb_ep_alloc_request failed\n"); 296 set_gadget_data(gadget, NULL); 297 return -ENOMEM; 298 } 299 300 spin_lock_irqsave(&dev->lock, flags); 301 dev->req = req; 302 dev->req->context = dev; 303 dev->req->complete = gadget_ep0_complete; 304 dev->gadget = gadget; 305 gadget_for_each_ep(ep, dev->gadget) { 306 dev->eps[i].ep = ep; 307 dev->eps[i].addr = get_ep_addr(ep->name); 308 dev->eps[i].state = STATE_EP_DISABLED; 309 i++; 310 } 311 dev->eps_num = i; 312 spin_unlock_irqrestore(&dev->lock, flags); 313 314 dev_dbg(&gadget->dev, "gadget connected\n"); 315 ret = raw_queue_event(dev, USB_RAW_EVENT_CONNECT, 0, NULL); 316 if (ret < 0) { 317 dev_err(&gadget->dev, "failed to queue connect event\n"); 318 set_gadget_data(gadget, NULL); 319 return ret; 320 } 321 322 /* Matches kref_put() in gadget_unbind(). */ 323 kref_get(&dev->count); 324 return ret; 325 } 326 327 static void gadget_unbind(struct usb_gadget *gadget) 328 { 329 struct raw_dev *dev = get_gadget_data(gadget); 330 331 set_gadget_data(gadget, NULL); 332 /* Matches kref_get() in gadget_bind(). */ 333 kref_put(&dev->count, dev_free); 334 } 335 336 static int gadget_setup(struct usb_gadget *gadget, 337 const struct usb_ctrlrequest *ctrl) 338 { 339 int ret = 0; 340 struct raw_dev *dev = get_gadget_data(gadget); 341 unsigned long flags; 342 343 spin_lock_irqsave(&dev->lock, flags); 344 if (dev->state != STATE_DEV_RUNNING) { 345 dev_err(&gadget->dev, "ignoring, device is not running\n"); 346 ret = -ENODEV; 347 goto out_unlock; 348 } 349 if (dev->ep0_in_pending || dev->ep0_out_pending) { 350 dev_dbg(&gadget->dev, "stalling, request already pending\n"); 351 ret = -EBUSY; 352 goto out_unlock; 353 } 354 if ((ctrl->bRequestType & USB_DIR_IN) && ctrl->wLength) 355 dev->ep0_in_pending = true; 356 else 357 dev->ep0_out_pending = true; 358 spin_unlock_irqrestore(&dev->lock, flags); 359 360 ret = raw_queue_event(dev, USB_RAW_EVENT_CONTROL, sizeof(*ctrl), ctrl); 361 if (ret < 0) 362 dev_err(&gadget->dev, "failed to queue control event\n"); 363 goto out; 364 365 out_unlock: 366 spin_unlock_irqrestore(&dev->lock, flags); 367 out: 368 if (ret == 0 && ctrl->wLength == 0) { 369 /* 370 * Return USB_GADGET_DELAYED_STATUS as a workaround to stop 371 * some UDC drivers (e.g. dwc3) from automatically proceeding 372 * with the status stage for 0-length transfers. 373 * Should be removed once all UDC drivers are fixed to always 374 * delay the status stage until a response is queued to EP0. 375 */ 376 return USB_GADGET_DELAYED_STATUS; 377 } 378 return ret; 379 } 380 381 static void gadget_disconnect(struct usb_gadget *gadget) 382 { 383 struct raw_dev *dev = get_gadget_data(gadget); 384 int ret; 385 386 dev_dbg(&gadget->dev, "gadget disconnected\n"); 387 ret = raw_queue_event(dev, USB_RAW_EVENT_DISCONNECT, 0, NULL); 388 if (ret < 0) 389 dev_err(&gadget->dev, "failed to queue disconnect event\n"); 390 } 391 static void gadget_suspend(struct usb_gadget *gadget) 392 { 393 struct raw_dev *dev = get_gadget_data(gadget); 394 int ret; 395 396 dev_dbg(&gadget->dev, "gadget suspended\n"); 397 ret = raw_queue_event(dev, USB_RAW_EVENT_SUSPEND, 0, NULL); 398 if (ret < 0) 399 dev_err(&gadget->dev, "failed to queue suspend event\n"); 400 } 401 static void gadget_resume(struct usb_gadget *gadget) 402 { 403 struct raw_dev *dev = get_gadget_data(gadget); 404 int ret; 405 406 dev_dbg(&gadget->dev, "gadget resumed\n"); 407 ret = raw_queue_event(dev, USB_RAW_EVENT_RESUME, 0, NULL); 408 if (ret < 0) 409 dev_err(&gadget->dev, "failed to queue resume event\n"); 410 } 411 static void gadget_reset(struct usb_gadget *gadget) 412 { 413 struct raw_dev *dev = get_gadget_data(gadget); 414 int ret; 415 416 dev_dbg(&gadget->dev, "gadget reset\n"); 417 ret = raw_queue_event(dev, USB_RAW_EVENT_RESET, 0, NULL); 418 if (ret < 0) 419 dev_err(&gadget->dev, "failed to queue reset event\n"); 420 } 421 422 /*----------------------------------------------------------------------*/ 423 424 static struct miscdevice raw_misc_device; 425 426 static int raw_open(struct inode *inode, struct file *fd) 427 { 428 struct raw_dev *dev; 429 430 /* Nonblocking I/O is not supported yet. */ 431 if (fd->f_flags & O_NONBLOCK) 432 return -EINVAL; 433 434 dev = dev_new(); 435 if (!dev) 436 return -ENOMEM; 437 fd->private_data = dev; 438 dev->state = STATE_DEV_OPENED; 439 dev->dev = raw_misc_device.this_device; 440 return 0; 441 } 442 443 static int raw_release(struct inode *inode, struct file *fd) 444 { 445 int ret = 0; 446 struct raw_dev *dev = fd->private_data; 447 unsigned long flags; 448 bool unregister = false; 449 450 spin_lock_irqsave(&dev->lock, flags); 451 dev->state = STATE_DEV_CLOSED; 452 if (!dev->gadget) { 453 spin_unlock_irqrestore(&dev->lock, flags); 454 goto out_put; 455 } 456 if (dev->gadget_registered) 457 unregister = true; 458 dev->gadget_registered = false; 459 spin_unlock_irqrestore(&dev->lock, flags); 460 461 if (unregister) { 462 ret = usb_gadget_unregister_driver(&dev->driver); 463 if (ret != 0) 464 dev_err(dev->dev, 465 "usb_gadget_unregister_driver() failed with %d\n", 466 ret); 467 /* Matches kref_get() in raw_ioctl_run(). */ 468 kref_put(&dev->count, dev_free); 469 } 470 471 out_put: 472 /* Matches dev_new() in raw_open(). */ 473 kref_put(&dev->count, dev_free); 474 return ret; 475 } 476 477 /*----------------------------------------------------------------------*/ 478 479 static int raw_ioctl_init(struct raw_dev *dev, unsigned long value) 480 { 481 int ret = 0; 482 int driver_id_number; 483 struct usb_raw_init arg; 484 char *udc_driver_name; 485 char *udc_device_name; 486 char *driver_driver_name; 487 unsigned long flags; 488 489 if (copy_from_user(&arg, (void __user *)value, sizeof(arg))) 490 return -EFAULT; 491 492 switch (arg.speed) { 493 case USB_SPEED_UNKNOWN: 494 arg.speed = USB_SPEED_HIGH; 495 break; 496 case USB_SPEED_LOW: 497 case USB_SPEED_FULL: 498 case USB_SPEED_HIGH: 499 case USB_SPEED_SUPER: 500 break; 501 default: 502 return -EINVAL; 503 } 504 505 driver_id_number = ida_alloc(&driver_id_numbers, GFP_KERNEL); 506 if (driver_id_number < 0) 507 return driver_id_number; 508 509 driver_driver_name = kmalloc(DRIVER_DRIVER_NAME_LENGTH_MAX, GFP_KERNEL); 510 if (!driver_driver_name) { 511 ret = -ENOMEM; 512 goto out_free_driver_id_number; 513 } 514 snprintf(driver_driver_name, DRIVER_DRIVER_NAME_LENGTH_MAX, 515 DRIVER_NAME ".%d", driver_id_number); 516 517 udc_driver_name = kmalloc(UDC_NAME_LENGTH_MAX, GFP_KERNEL); 518 if (!udc_driver_name) { 519 ret = -ENOMEM; 520 goto out_free_driver_driver_name; 521 } 522 ret = strscpy(udc_driver_name, &arg.driver_name[0], 523 UDC_NAME_LENGTH_MAX); 524 if (ret < 0) 525 goto out_free_udc_driver_name; 526 ret = 0; 527 528 udc_device_name = kmalloc(UDC_NAME_LENGTH_MAX, GFP_KERNEL); 529 if (!udc_device_name) { 530 ret = -ENOMEM; 531 goto out_free_udc_driver_name; 532 } 533 ret = strscpy(udc_device_name, &arg.device_name[0], 534 UDC_NAME_LENGTH_MAX); 535 if (ret < 0) 536 goto out_free_udc_device_name; 537 ret = 0; 538 539 spin_lock_irqsave(&dev->lock, flags); 540 if (dev->state != STATE_DEV_OPENED) { 541 dev_dbg(dev->dev, "fail, device is not opened\n"); 542 ret = -EINVAL; 543 goto out_unlock; 544 } 545 dev->udc_name = udc_driver_name; 546 547 dev->driver.function = DRIVER_DESC; 548 dev->driver.max_speed = arg.speed; 549 dev->driver.setup = gadget_setup; 550 dev->driver.disconnect = gadget_disconnect; 551 dev->driver.bind = gadget_bind; 552 dev->driver.unbind = gadget_unbind; 553 dev->driver.suspend = gadget_suspend; 554 dev->driver.resume = gadget_resume; 555 dev->driver.reset = gadget_reset; 556 dev->driver.driver.name = driver_driver_name; 557 dev->driver.udc_name = udc_device_name; 558 dev->driver.match_existing_only = 1; 559 dev->driver_id_number = driver_id_number; 560 561 dev->state = STATE_DEV_INITIALIZED; 562 spin_unlock_irqrestore(&dev->lock, flags); 563 return ret; 564 565 out_unlock: 566 spin_unlock_irqrestore(&dev->lock, flags); 567 out_free_udc_device_name: 568 kfree(udc_device_name); 569 out_free_udc_driver_name: 570 kfree(udc_driver_name); 571 out_free_driver_driver_name: 572 kfree(driver_driver_name); 573 out_free_driver_id_number: 574 ida_free(&driver_id_numbers, driver_id_number); 575 return ret; 576 } 577 578 static int raw_ioctl_run(struct raw_dev *dev, unsigned long value) 579 { 580 int ret = 0; 581 unsigned long flags; 582 583 if (value) 584 return -EINVAL; 585 586 spin_lock_irqsave(&dev->lock, flags); 587 if (dev->state != STATE_DEV_INITIALIZED) { 588 dev_dbg(dev->dev, "fail, device is not initialized\n"); 589 ret = -EINVAL; 590 goto out_unlock; 591 } 592 dev->state = STATE_DEV_REGISTERING; 593 spin_unlock_irqrestore(&dev->lock, flags); 594 595 ret = usb_gadget_register_driver(&dev->driver); 596 597 spin_lock_irqsave(&dev->lock, flags); 598 if (ret) { 599 dev_err(dev->dev, 600 "fail, usb_gadget_register_driver returned %d\n", ret); 601 dev->state = STATE_DEV_FAILED; 602 goto out_unlock; 603 } 604 dev->gadget_registered = true; 605 dev->state = STATE_DEV_RUNNING; 606 /* Matches kref_put() in raw_release(). */ 607 kref_get(&dev->count); 608 609 out_unlock: 610 spin_unlock_irqrestore(&dev->lock, flags); 611 return ret; 612 } 613 614 static int raw_ioctl_event_fetch(struct raw_dev *dev, unsigned long value) 615 { 616 struct usb_raw_event arg; 617 unsigned long flags; 618 struct usb_raw_event *event; 619 uint32_t length; 620 621 if (copy_from_user(&arg, (void __user *)value, sizeof(arg))) 622 return -EFAULT; 623 624 spin_lock_irqsave(&dev->lock, flags); 625 if (dev->state != STATE_DEV_RUNNING) { 626 dev_dbg(dev->dev, "fail, device is not running\n"); 627 spin_unlock_irqrestore(&dev->lock, flags); 628 return -EINVAL; 629 } 630 if (!dev->gadget) { 631 dev_dbg(dev->dev, "fail, gadget is not bound\n"); 632 spin_unlock_irqrestore(&dev->lock, flags); 633 return -EBUSY; 634 } 635 spin_unlock_irqrestore(&dev->lock, flags); 636 637 event = raw_event_queue_fetch(&dev->queue); 638 if (PTR_ERR(event) == -EINTR) { 639 dev_dbg(&dev->gadget->dev, "event fetching interrupted\n"); 640 return -EINTR; 641 } 642 if (IS_ERR(event)) { 643 dev_err(&dev->gadget->dev, "failed to fetch event\n"); 644 spin_lock_irqsave(&dev->lock, flags); 645 dev->state = STATE_DEV_FAILED; 646 spin_unlock_irqrestore(&dev->lock, flags); 647 return -ENODEV; 648 } 649 length = min(arg.length, event->length); 650 if (copy_to_user((void __user *)value, event, sizeof(*event) + length)) { 651 kfree(event); 652 return -EFAULT; 653 } 654 655 kfree(event); 656 return 0; 657 } 658 659 static void *raw_alloc_io_data(struct usb_raw_ep_io *io, void __user *ptr, 660 bool get_from_user) 661 { 662 void *data; 663 664 if (copy_from_user(io, ptr, sizeof(*io))) 665 return ERR_PTR(-EFAULT); 666 if (io->ep >= USB_RAW_EPS_NUM_MAX) 667 return ERR_PTR(-EINVAL); 668 if (!usb_raw_io_flags_valid(io->flags)) 669 return ERR_PTR(-EINVAL); 670 if (get_from_user) 671 data = memdup_user(ptr + sizeof(*io), io->length); 672 else { 673 data = kmalloc(io->length, GFP_KERNEL); 674 if (!data) 675 data = ERR_PTR(-ENOMEM); 676 } 677 return data; 678 } 679 680 static int raw_process_ep0_io(struct raw_dev *dev, struct usb_raw_ep_io *io, 681 void *data, bool in) 682 { 683 int ret = 0; 684 unsigned long flags; 685 686 spin_lock_irqsave(&dev->lock, flags); 687 if (dev->state != STATE_DEV_RUNNING) { 688 dev_dbg(dev->dev, "fail, device is not running\n"); 689 ret = -EINVAL; 690 goto out_unlock; 691 } 692 if (!dev->gadget) { 693 dev_dbg(dev->dev, "fail, gadget is not bound\n"); 694 ret = -EBUSY; 695 goto out_unlock; 696 } 697 if (dev->ep0_urb_queued) { 698 dev_dbg(&dev->gadget->dev, "fail, urb already queued\n"); 699 ret = -EBUSY; 700 goto out_unlock; 701 } 702 if ((in && !dev->ep0_in_pending) || 703 (!in && !dev->ep0_out_pending)) { 704 dev_dbg(&dev->gadget->dev, "fail, wrong direction\n"); 705 ret = -EBUSY; 706 goto out_unlock; 707 } 708 if (WARN_ON(in && dev->ep0_out_pending)) { 709 ret = -ENODEV; 710 dev->state = STATE_DEV_FAILED; 711 goto out_unlock; 712 } 713 if (WARN_ON(!in && dev->ep0_in_pending)) { 714 ret = -ENODEV; 715 dev->state = STATE_DEV_FAILED; 716 goto out_unlock; 717 } 718 719 dev->req->buf = data; 720 dev->req->length = io->length; 721 dev->req->zero = usb_raw_io_flags_zero(io->flags); 722 dev->ep0_urb_queued = true; 723 spin_unlock_irqrestore(&dev->lock, flags); 724 725 ret = usb_ep_queue(dev->gadget->ep0, dev->req, GFP_KERNEL); 726 if (ret) { 727 dev_err(&dev->gadget->dev, 728 "fail, usb_ep_queue returned %d\n", ret); 729 spin_lock_irqsave(&dev->lock, flags); 730 goto out_queue_failed; 731 } 732 733 ret = wait_for_completion_interruptible(&dev->ep0_done); 734 if (ret) { 735 dev_dbg(&dev->gadget->dev, "wait interrupted\n"); 736 usb_ep_dequeue(dev->gadget->ep0, dev->req); 737 wait_for_completion(&dev->ep0_done); 738 spin_lock_irqsave(&dev->lock, flags); 739 if (dev->ep0_status == -ECONNRESET) 740 dev->ep0_status = -EINTR; 741 goto out_interrupted; 742 } 743 744 spin_lock_irqsave(&dev->lock, flags); 745 746 out_interrupted: 747 ret = dev->ep0_status; 748 out_queue_failed: 749 dev->ep0_urb_queued = false; 750 out_unlock: 751 spin_unlock_irqrestore(&dev->lock, flags); 752 return ret; 753 } 754 755 static int raw_ioctl_ep0_write(struct raw_dev *dev, unsigned long value) 756 { 757 int ret = 0; 758 void *data; 759 struct usb_raw_ep_io io; 760 761 data = raw_alloc_io_data(&io, (void __user *)value, true); 762 if (IS_ERR(data)) 763 return PTR_ERR(data); 764 ret = raw_process_ep0_io(dev, &io, data, true); 765 kfree(data); 766 return ret; 767 } 768 769 static int raw_ioctl_ep0_read(struct raw_dev *dev, unsigned long value) 770 { 771 int ret = 0; 772 void *data; 773 struct usb_raw_ep_io io; 774 unsigned int length; 775 776 data = raw_alloc_io_data(&io, (void __user *)value, false); 777 if (IS_ERR(data)) 778 return PTR_ERR(data); 779 ret = raw_process_ep0_io(dev, &io, data, false); 780 if (ret < 0) 781 goto free; 782 783 length = min_t(unsigned int, io.length, ret); 784 if (copy_to_user((void __user *)(value + sizeof(io)), data, length)) 785 ret = -EFAULT; 786 else 787 ret = length; 788 free: 789 kfree(data); 790 return ret; 791 } 792 793 static int raw_ioctl_ep0_stall(struct raw_dev *dev, unsigned long value) 794 { 795 int ret = 0; 796 unsigned long flags; 797 798 if (value) 799 return -EINVAL; 800 spin_lock_irqsave(&dev->lock, flags); 801 if (dev->state != STATE_DEV_RUNNING) { 802 dev_dbg(dev->dev, "fail, device is not running\n"); 803 ret = -EINVAL; 804 goto out_unlock; 805 } 806 if (!dev->gadget) { 807 dev_dbg(dev->dev, "fail, gadget is not bound\n"); 808 ret = -EBUSY; 809 goto out_unlock; 810 } 811 if (dev->ep0_urb_queued) { 812 dev_dbg(&dev->gadget->dev, "fail, urb already queued\n"); 813 ret = -EBUSY; 814 goto out_unlock; 815 } 816 if (!dev->ep0_in_pending && !dev->ep0_out_pending) { 817 dev_dbg(&dev->gadget->dev, "fail, no request pending\n"); 818 ret = -EBUSY; 819 goto out_unlock; 820 } 821 822 ret = usb_ep_set_halt(dev->gadget->ep0); 823 if (ret < 0) 824 dev_err(&dev->gadget->dev, 825 "fail, usb_ep_set_halt returned %d\n", ret); 826 827 if (dev->ep0_in_pending) 828 dev->ep0_in_pending = false; 829 else 830 dev->ep0_out_pending = false; 831 832 out_unlock: 833 spin_unlock_irqrestore(&dev->lock, flags); 834 return ret; 835 } 836 837 static int raw_ioctl_ep_enable(struct raw_dev *dev, unsigned long value) 838 { 839 int ret = 0, i; 840 unsigned long flags; 841 struct usb_endpoint_descriptor *desc; 842 struct raw_ep *ep; 843 bool ep_props_matched = false; 844 845 desc = memdup_user((void __user *)value, sizeof(*desc)); 846 if (IS_ERR(desc)) 847 return PTR_ERR(desc); 848 849 /* 850 * Endpoints with a maxpacket length of 0 can cause crashes in UDC 851 * drivers. 852 */ 853 if (usb_endpoint_maxp(desc) == 0) { 854 dev_dbg(dev->dev, "fail, bad endpoint maxpacket\n"); 855 kfree(desc); 856 return -EINVAL; 857 } 858 859 spin_lock_irqsave(&dev->lock, flags); 860 if (dev->state != STATE_DEV_RUNNING) { 861 dev_dbg(dev->dev, "fail, device is not running\n"); 862 ret = -EINVAL; 863 goto out_free; 864 } 865 if (!dev->gadget) { 866 dev_dbg(dev->dev, "fail, gadget is not bound\n"); 867 ret = -EBUSY; 868 goto out_free; 869 } 870 871 for (i = 0; i < dev->eps_num; i++) { 872 ep = &dev->eps[i]; 873 if (ep->addr != usb_endpoint_num(desc) && 874 ep->addr != USB_RAW_EP_ADDR_ANY) 875 continue; 876 if (!usb_gadget_ep_match_desc(dev->gadget, ep->ep, desc, NULL)) 877 continue; 878 ep_props_matched = true; 879 if (ep->state != STATE_EP_DISABLED) 880 continue; 881 ep->ep->desc = desc; 882 ret = usb_ep_enable(ep->ep); 883 if (ret < 0) { 884 dev_err(&dev->gadget->dev, 885 "fail, usb_ep_enable returned %d\n", ret); 886 goto out_free; 887 } 888 ep->req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC); 889 if (!ep->req) { 890 dev_err(&dev->gadget->dev, 891 "fail, usb_ep_alloc_request failed\n"); 892 usb_ep_disable(ep->ep); 893 ret = -ENOMEM; 894 goto out_free; 895 } 896 ep->state = STATE_EP_ENABLED; 897 ep->ep->driver_data = ep; 898 ret = i; 899 goto out_unlock; 900 } 901 902 if (!ep_props_matched) { 903 dev_dbg(&dev->gadget->dev, "fail, bad endpoint descriptor\n"); 904 ret = -EINVAL; 905 } else { 906 dev_dbg(&dev->gadget->dev, "fail, no endpoints available\n"); 907 ret = -EBUSY; 908 } 909 910 out_free: 911 kfree(desc); 912 out_unlock: 913 spin_unlock_irqrestore(&dev->lock, flags); 914 return ret; 915 } 916 917 static int raw_ioctl_ep_disable(struct raw_dev *dev, unsigned long value) 918 { 919 int ret = 0, i = value; 920 unsigned long flags; 921 922 spin_lock_irqsave(&dev->lock, flags); 923 if (dev->state != STATE_DEV_RUNNING) { 924 dev_dbg(dev->dev, "fail, device is not running\n"); 925 ret = -EINVAL; 926 goto out_unlock; 927 } 928 if (!dev->gadget) { 929 dev_dbg(dev->dev, "fail, gadget is not bound\n"); 930 ret = -EBUSY; 931 goto out_unlock; 932 } 933 if (i < 0 || i >= dev->eps_num) { 934 dev_dbg(dev->dev, "fail, invalid endpoint\n"); 935 ret = -EBUSY; 936 goto out_unlock; 937 } 938 if (dev->eps[i].state == STATE_EP_DISABLED) { 939 dev_dbg(&dev->gadget->dev, "fail, endpoint is not enabled\n"); 940 ret = -EINVAL; 941 goto out_unlock; 942 } 943 if (dev->eps[i].disabling) { 944 dev_dbg(&dev->gadget->dev, 945 "fail, disable already in progress\n"); 946 ret = -EINVAL; 947 goto out_unlock; 948 } 949 if (dev->eps[i].urb_queued) { 950 dev_dbg(&dev->gadget->dev, 951 "fail, waiting for urb completion\n"); 952 ret = -EINVAL; 953 goto out_unlock; 954 } 955 dev->eps[i].disabling = true; 956 spin_unlock_irqrestore(&dev->lock, flags); 957 958 usb_ep_disable(dev->eps[i].ep); 959 960 spin_lock_irqsave(&dev->lock, flags); 961 usb_ep_free_request(dev->eps[i].ep, dev->eps[i].req); 962 kfree(dev->eps[i].ep->desc); 963 dev->eps[i].state = STATE_EP_DISABLED; 964 dev->eps[i].disabling = false; 965 966 out_unlock: 967 spin_unlock_irqrestore(&dev->lock, flags); 968 return ret; 969 } 970 971 static int raw_ioctl_ep_set_clear_halt_wedge(struct raw_dev *dev, 972 unsigned long value, bool set, bool halt) 973 { 974 int ret = 0, i = value; 975 unsigned long flags; 976 977 spin_lock_irqsave(&dev->lock, flags); 978 if (dev->state != STATE_DEV_RUNNING) { 979 dev_dbg(dev->dev, "fail, device is not running\n"); 980 ret = -EINVAL; 981 goto out_unlock; 982 } 983 if (!dev->gadget) { 984 dev_dbg(dev->dev, "fail, gadget is not bound\n"); 985 ret = -EBUSY; 986 goto out_unlock; 987 } 988 if (i < 0 || i >= dev->eps_num) { 989 dev_dbg(dev->dev, "fail, invalid endpoint\n"); 990 ret = -EBUSY; 991 goto out_unlock; 992 } 993 if (dev->eps[i].state == STATE_EP_DISABLED) { 994 dev_dbg(&dev->gadget->dev, "fail, endpoint is not enabled\n"); 995 ret = -EINVAL; 996 goto out_unlock; 997 } 998 if (dev->eps[i].disabling) { 999 dev_dbg(&dev->gadget->dev, 1000 "fail, disable is in progress\n"); 1001 ret = -EINVAL; 1002 goto out_unlock; 1003 } 1004 if (dev->eps[i].urb_queued) { 1005 dev_dbg(&dev->gadget->dev, 1006 "fail, waiting for urb completion\n"); 1007 ret = -EINVAL; 1008 goto out_unlock; 1009 } 1010 if (usb_endpoint_xfer_isoc(dev->eps[i].ep->desc)) { 1011 dev_dbg(&dev->gadget->dev, 1012 "fail, can't halt/wedge ISO endpoint\n"); 1013 ret = -EINVAL; 1014 goto out_unlock; 1015 } 1016 1017 if (set && halt) { 1018 ret = usb_ep_set_halt(dev->eps[i].ep); 1019 if (ret < 0) 1020 dev_err(&dev->gadget->dev, 1021 "fail, usb_ep_set_halt returned %d\n", ret); 1022 } else if (!set && halt) { 1023 ret = usb_ep_clear_halt(dev->eps[i].ep); 1024 if (ret < 0) 1025 dev_err(&dev->gadget->dev, 1026 "fail, usb_ep_clear_halt returned %d\n", ret); 1027 } else if (set && !halt) { 1028 ret = usb_ep_set_wedge(dev->eps[i].ep); 1029 if (ret < 0) 1030 dev_err(&dev->gadget->dev, 1031 "fail, usb_ep_set_wedge returned %d\n", ret); 1032 } 1033 1034 out_unlock: 1035 spin_unlock_irqrestore(&dev->lock, flags); 1036 return ret; 1037 } 1038 1039 static void gadget_ep_complete(struct usb_ep *ep, struct usb_request *req) 1040 { 1041 struct raw_ep *r_ep = (struct raw_ep *)ep->driver_data; 1042 struct raw_dev *dev = r_ep->dev; 1043 unsigned long flags; 1044 1045 spin_lock_irqsave(&dev->lock, flags); 1046 if (req->status) 1047 r_ep->status = req->status; 1048 else 1049 r_ep->status = req->actual; 1050 spin_unlock_irqrestore(&dev->lock, flags); 1051 1052 complete((struct completion *)req->context); 1053 } 1054 1055 static int raw_process_ep_io(struct raw_dev *dev, struct usb_raw_ep_io *io, 1056 void *data, bool in) 1057 { 1058 int ret = 0; 1059 unsigned long flags; 1060 struct raw_ep *ep; 1061 DECLARE_COMPLETION_ONSTACK(done); 1062 1063 spin_lock_irqsave(&dev->lock, flags); 1064 if (dev->state != STATE_DEV_RUNNING) { 1065 dev_dbg(dev->dev, "fail, device is not running\n"); 1066 ret = -EINVAL; 1067 goto out_unlock; 1068 } 1069 if (!dev->gadget) { 1070 dev_dbg(dev->dev, "fail, gadget is not bound\n"); 1071 ret = -EBUSY; 1072 goto out_unlock; 1073 } 1074 if (io->ep >= dev->eps_num) { 1075 dev_dbg(&dev->gadget->dev, "fail, invalid endpoint\n"); 1076 ret = -EINVAL; 1077 goto out_unlock; 1078 } 1079 ep = &dev->eps[io->ep]; 1080 if (ep->state != STATE_EP_ENABLED) { 1081 dev_dbg(&dev->gadget->dev, "fail, endpoint is not enabled\n"); 1082 ret = -EBUSY; 1083 goto out_unlock; 1084 } 1085 if (ep->disabling) { 1086 dev_dbg(&dev->gadget->dev, 1087 "fail, endpoint is already being disabled\n"); 1088 ret = -EBUSY; 1089 goto out_unlock; 1090 } 1091 if (ep->urb_queued) { 1092 dev_dbg(&dev->gadget->dev, "fail, urb already queued\n"); 1093 ret = -EBUSY; 1094 goto out_unlock; 1095 } 1096 if (in != usb_endpoint_dir_in(ep->ep->desc)) { 1097 dev_dbg(&dev->gadget->dev, "fail, wrong direction\n"); 1098 ret = -EINVAL; 1099 goto out_unlock; 1100 } 1101 1102 ep->dev = dev; 1103 ep->req->context = &done; 1104 ep->req->complete = gadget_ep_complete; 1105 ep->req->buf = data; 1106 ep->req->length = io->length; 1107 ep->req->zero = usb_raw_io_flags_zero(io->flags); 1108 ep->urb_queued = true; 1109 spin_unlock_irqrestore(&dev->lock, flags); 1110 1111 ret = usb_ep_queue(ep->ep, ep->req, GFP_KERNEL); 1112 if (ret) { 1113 dev_err(&dev->gadget->dev, 1114 "fail, usb_ep_queue returned %d\n", ret); 1115 spin_lock_irqsave(&dev->lock, flags); 1116 goto out_queue_failed; 1117 } 1118 1119 ret = wait_for_completion_interruptible(&done); 1120 if (ret) { 1121 dev_dbg(&dev->gadget->dev, "wait interrupted\n"); 1122 usb_ep_dequeue(ep->ep, ep->req); 1123 wait_for_completion(&done); 1124 spin_lock_irqsave(&dev->lock, flags); 1125 if (ep->status == -ECONNRESET) 1126 ep->status = -EINTR; 1127 goto out_interrupted; 1128 } 1129 1130 spin_lock_irqsave(&dev->lock, flags); 1131 1132 out_interrupted: 1133 ret = ep->status; 1134 out_queue_failed: 1135 ep->urb_queued = false; 1136 out_unlock: 1137 spin_unlock_irqrestore(&dev->lock, flags); 1138 return ret; 1139 } 1140 1141 static int raw_ioctl_ep_write(struct raw_dev *dev, unsigned long value) 1142 { 1143 int ret = 0; 1144 char *data; 1145 struct usb_raw_ep_io io; 1146 1147 data = raw_alloc_io_data(&io, (void __user *)value, true); 1148 if (IS_ERR(data)) 1149 return PTR_ERR(data); 1150 ret = raw_process_ep_io(dev, &io, data, true); 1151 kfree(data); 1152 return ret; 1153 } 1154 1155 static int raw_ioctl_ep_read(struct raw_dev *dev, unsigned long value) 1156 { 1157 int ret = 0; 1158 char *data; 1159 struct usb_raw_ep_io io; 1160 unsigned int length; 1161 1162 data = raw_alloc_io_data(&io, (void __user *)value, false); 1163 if (IS_ERR(data)) 1164 return PTR_ERR(data); 1165 ret = raw_process_ep_io(dev, &io, data, false); 1166 if (ret < 0) 1167 goto free; 1168 1169 length = min_t(unsigned int, io.length, ret); 1170 if (copy_to_user((void __user *)(value + sizeof(io)), data, length)) 1171 ret = -EFAULT; 1172 else 1173 ret = length; 1174 free: 1175 kfree(data); 1176 return ret; 1177 } 1178 1179 static int raw_ioctl_configure(struct raw_dev *dev, unsigned long value) 1180 { 1181 int ret = 0; 1182 unsigned long flags; 1183 1184 if (value) 1185 return -EINVAL; 1186 spin_lock_irqsave(&dev->lock, flags); 1187 if (dev->state != STATE_DEV_RUNNING) { 1188 dev_dbg(dev->dev, "fail, device is not running\n"); 1189 ret = -EINVAL; 1190 goto out_unlock; 1191 } 1192 if (!dev->gadget) { 1193 dev_dbg(dev->dev, "fail, gadget is not bound\n"); 1194 ret = -EBUSY; 1195 goto out_unlock; 1196 } 1197 usb_gadget_set_state(dev->gadget, USB_STATE_CONFIGURED); 1198 1199 out_unlock: 1200 spin_unlock_irqrestore(&dev->lock, flags); 1201 return ret; 1202 } 1203 1204 static int raw_ioctl_vbus_draw(struct raw_dev *dev, unsigned long value) 1205 { 1206 int ret = 0; 1207 unsigned long flags; 1208 1209 spin_lock_irqsave(&dev->lock, flags); 1210 if (dev->state != STATE_DEV_RUNNING) { 1211 dev_dbg(dev->dev, "fail, device is not running\n"); 1212 ret = -EINVAL; 1213 goto out_unlock; 1214 } 1215 if (!dev->gadget) { 1216 dev_dbg(dev->dev, "fail, gadget is not bound\n"); 1217 ret = -EBUSY; 1218 goto out_unlock; 1219 } 1220 usb_gadget_vbus_draw(dev->gadget, 2 * value); 1221 1222 out_unlock: 1223 spin_unlock_irqrestore(&dev->lock, flags); 1224 return ret; 1225 } 1226 1227 static void fill_ep_caps(struct usb_ep_caps *caps, 1228 struct usb_raw_ep_caps *raw_caps) 1229 { 1230 raw_caps->type_control = caps->type_control; 1231 raw_caps->type_iso = caps->type_iso; 1232 raw_caps->type_bulk = caps->type_bulk; 1233 raw_caps->type_int = caps->type_int; 1234 raw_caps->dir_in = caps->dir_in; 1235 raw_caps->dir_out = caps->dir_out; 1236 } 1237 1238 static void fill_ep_limits(struct usb_ep *ep, struct usb_raw_ep_limits *limits) 1239 { 1240 limits->maxpacket_limit = ep->maxpacket_limit; 1241 limits->max_streams = ep->max_streams; 1242 } 1243 1244 static int raw_ioctl_eps_info(struct raw_dev *dev, unsigned long value) 1245 { 1246 int ret = 0, i; 1247 unsigned long flags; 1248 struct usb_raw_eps_info *info; 1249 struct raw_ep *ep; 1250 1251 info = kzalloc(sizeof(*info), GFP_KERNEL); 1252 if (!info) { 1253 ret = -ENOMEM; 1254 goto out; 1255 } 1256 1257 spin_lock_irqsave(&dev->lock, flags); 1258 if (dev->state != STATE_DEV_RUNNING) { 1259 dev_dbg(dev->dev, "fail, device is not running\n"); 1260 ret = -EINVAL; 1261 spin_unlock_irqrestore(&dev->lock, flags); 1262 goto out_free; 1263 } 1264 if (!dev->gadget) { 1265 dev_dbg(dev->dev, "fail, gadget is not bound\n"); 1266 ret = -EBUSY; 1267 spin_unlock_irqrestore(&dev->lock, flags); 1268 goto out_free; 1269 } 1270 1271 for (i = 0; i < dev->eps_num; i++) { 1272 ep = &dev->eps[i]; 1273 strscpy(&info->eps[i].name[0], ep->ep->name, 1274 USB_RAW_EP_NAME_MAX); 1275 info->eps[i].addr = ep->addr; 1276 fill_ep_caps(&ep->ep->caps, &info->eps[i].caps); 1277 fill_ep_limits(ep->ep, &info->eps[i].limits); 1278 } 1279 ret = dev->eps_num; 1280 spin_unlock_irqrestore(&dev->lock, flags); 1281 1282 if (copy_to_user((void __user *)value, info, sizeof(*info))) 1283 ret = -EFAULT; 1284 1285 out_free: 1286 kfree(info); 1287 out: 1288 return ret; 1289 } 1290 1291 static long raw_ioctl(struct file *fd, unsigned int cmd, unsigned long value) 1292 { 1293 struct raw_dev *dev = fd->private_data; 1294 int ret = 0; 1295 1296 if (!dev) 1297 return -EBUSY; 1298 1299 switch (cmd) { 1300 case USB_RAW_IOCTL_INIT: 1301 ret = raw_ioctl_init(dev, value); 1302 break; 1303 case USB_RAW_IOCTL_RUN: 1304 ret = raw_ioctl_run(dev, value); 1305 break; 1306 case USB_RAW_IOCTL_EVENT_FETCH: 1307 ret = raw_ioctl_event_fetch(dev, value); 1308 break; 1309 case USB_RAW_IOCTL_EP0_WRITE: 1310 ret = raw_ioctl_ep0_write(dev, value); 1311 break; 1312 case USB_RAW_IOCTL_EP0_READ: 1313 ret = raw_ioctl_ep0_read(dev, value); 1314 break; 1315 case USB_RAW_IOCTL_EP_ENABLE: 1316 ret = raw_ioctl_ep_enable(dev, value); 1317 break; 1318 case USB_RAW_IOCTL_EP_DISABLE: 1319 ret = raw_ioctl_ep_disable(dev, value); 1320 break; 1321 case USB_RAW_IOCTL_EP_WRITE: 1322 ret = raw_ioctl_ep_write(dev, value); 1323 break; 1324 case USB_RAW_IOCTL_EP_READ: 1325 ret = raw_ioctl_ep_read(dev, value); 1326 break; 1327 case USB_RAW_IOCTL_CONFIGURE: 1328 ret = raw_ioctl_configure(dev, value); 1329 break; 1330 case USB_RAW_IOCTL_VBUS_DRAW: 1331 ret = raw_ioctl_vbus_draw(dev, value); 1332 break; 1333 case USB_RAW_IOCTL_EPS_INFO: 1334 ret = raw_ioctl_eps_info(dev, value); 1335 break; 1336 case USB_RAW_IOCTL_EP0_STALL: 1337 ret = raw_ioctl_ep0_stall(dev, value); 1338 break; 1339 case USB_RAW_IOCTL_EP_SET_HALT: 1340 ret = raw_ioctl_ep_set_clear_halt_wedge( 1341 dev, value, true, true); 1342 break; 1343 case USB_RAW_IOCTL_EP_CLEAR_HALT: 1344 ret = raw_ioctl_ep_set_clear_halt_wedge( 1345 dev, value, false, true); 1346 break; 1347 case USB_RAW_IOCTL_EP_SET_WEDGE: 1348 ret = raw_ioctl_ep_set_clear_halt_wedge( 1349 dev, value, true, false); 1350 break; 1351 default: 1352 ret = -EINVAL; 1353 } 1354 1355 return ret; 1356 } 1357 1358 /*----------------------------------------------------------------------*/ 1359 1360 static const struct file_operations raw_fops = { 1361 .open = raw_open, 1362 .unlocked_ioctl = raw_ioctl, 1363 .compat_ioctl = raw_ioctl, 1364 .release = raw_release, 1365 }; 1366 1367 static struct miscdevice raw_misc_device = { 1368 .minor = MISC_DYNAMIC_MINOR, 1369 .name = DRIVER_NAME, 1370 .fops = &raw_fops, 1371 }; 1372 1373 module_misc_device(raw_misc_device); 1374