Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / fb6d1e42cbb46b51a8b0d7ca4bec587047a9635b / . / drivers / usb / gadget / f_mtp.c
blob: c8c355a424c406b04d87bb17f04689cc9c6a7309 [file] [log] [blame]
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]1/*
2 * Gadget Function Driver for MTP
3 *
4 * Copyright (C) 2010 Google, Inc.
5 * Author: Mike Lockwood <lockwood@android.com>
6 *
7 * This software is licensed under the terms of the GNU General Public
8 * License version 2, as published by the Free Software Foundation, and
9 * may be copied, distributed, and modified under those terms.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 */
17
18/* #define DEBUG */
19/* #define VERBOSE_DEBUG */
20
21#include <linux/module.h>
22#include <linux/init.h>
23#include <linux/poll.h>
24#include <linux/delay.h>
25#include <linux/wait.h>
26#include <linux/err.h>
27#include <linux/interrupt.h>
28
29#include <linux/types.h>
30#include <linux/file.h>
31#include <linux/device.h>
32#include <linux/miscdevice.h>
33
34#include <linux/usb.h>
35#include <linux/usb_usual.h>
36#include <linux/usb/ch9.h>
37#include <linux/usb/f_mtp.h>
38
39#define MTP_BULK_BUFFER_SIZE 16384
40#define INTR_BUFFER_SIZE 28
41
42/* String IDs */
43#define INTERFACE_STRING_INDEX 0
44
45/* values for mtp_dev.state */
46#define STATE_OFFLINE 0 /* initial state, disconnected */
47#define STATE_READY 1 /* ready for userspace calls */
48#define STATE_BUSY 2 /* processing userspace calls */
49#define STATE_CANCELED 3 /* transaction canceled by host */
50#define STATE_ERROR 4 /* error from completion routine */
51
52/* number of tx and rx requests to allocate */
53#define TX_REQ_MAX 4
54#define RX_REQ_MAX 2
55#define INTR_REQ_MAX 5
56
57/* ID for Microsoft MTP OS String */
58#define MTP_OS_STRING_ID 0xEE
59
60/* MTP class reqeusts */
61#define MTP_REQ_CANCEL 0x64
62#define MTP_REQ_GET_EXT_EVENT_DATA 0x65
63#define MTP_REQ_RESET 0x66
64#define MTP_REQ_GET_DEVICE_STATUS 0x67
65
66/* constants for device status */
67#define MTP_RESPONSE_OK 0x2001
68#define MTP_RESPONSE_DEVICE_BUSY 0x2019
69
Pavankumar Kondeti9ade1912012-12-19 20:19:35 +0530[diff] [blame]70unsigned int mtp_rx_req_len = MTP_BULK_BUFFER_SIZE;
71module_param(mtp_rx_req_len, uint, S_IRUGO | S_IWUSR);
72
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]73static const char mtp_shortname[] = "mtp_usb";
74
75struct mtp_dev {
76 struct usb_function function;
77 struct usb_composite_dev *cdev;
78 spinlock_t lock;
79
80 struct usb_ep *ep_in;
81 struct usb_ep *ep_out;
82 struct usb_ep *ep_intr;
83
84 int state;
85
86 /* synchronize access to our device file */
87 atomic_t open_excl;
88 /* to enforce only one ioctl at a time */
89 atomic_t ioctl_excl;
90
91 struct list_head tx_idle;
92 struct list_head intr_idle;
93
94 wait_queue_head_t read_wq;
95 wait_queue_head_t write_wq;
96 wait_queue_head_t intr_wq;
97 struct usb_request *rx_req[RX_REQ_MAX];
98 int rx_done;
99
100 /* for processing MTP_SEND_FILE, MTP_RECEIVE_FILE and
101 * MTP_SEND_FILE_WITH_HEADER ioctls on a work queue
102 */
103 struct workqueue_struct *wq;
104 struct work_struct send_file_work;
105 struct work_struct receive_file_work;
106 struct file *xfer_file;
107 loff_t xfer_file_offset;
108 int64_t xfer_file_length;
109 unsigned xfer_send_header;
110 uint16_t xfer_command;
111 uint32_t xfer_transaction_id;
112 int xfer_result;
113};
114
115static struct usb_interface_descriptor mtp_interface_desc = {
116 .bLength = USB_DT_INTERFACE_SIZE,
117 .bDescriptorType = USB_DT_INTERFACE,
118 .bInterfaceNumber = 0,
119 .bNumEndpoints = 3,
120 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
121 .bInterfaceSubClass = USB_SUBCLASS_VENDOR_SPEC,
122 .bInterfaceProtocol = 0,
123};
124
125static struct usb_interface_descriptor ptp_interface_desc = {
126 .bLength = USB_DT_INTERFACE_SIZE,
127 .bDescriptorType = USB_DT_INTERFACE,
128 .bInterfaceNumber = 0,
129 .bNumEndpoints = 3,
130 .bInterfaceClass = USB_CLASS_STILL_IMAGE,
131 .bInterfaceSubClass = 1,
132 .bInterfaceProtocol = 1,
133};
134
135static struct usb_endpoint_descriptor mtp_highspeed_in_desc = {
136 .bLength = USB_DT_ENDPOINT_SIZE,
137 .bDescriptorType = USB_DT_ENDPOINT,
138 .bEndpointAddress = USB_DIR_IN,
139 .bmAttributes = USB_ENDPOINT_XFER_BULK,
140 .wMaxPacketSize = __constant_cpu_to_le16(512),
141};
142
143static struct usb_endpoint_descriptor mtp_highspeed_out_desc = {
144 .bLength = USB_DT_ENDPOINT_SIZE,
145 .bDescriptorType = USB_DT_ENDPOINT,
146 .bEndpointAddress = USB_DIR_OUT,
147 .bmAttributes = USB_ENDPOINT_XFER_BULK,
148 .wMaxPacketSize = __constant_cpu_to_le16(512),
149};
150
151static struct usb_endpoint_descriptor mtp_fullspeed_in_desc = {
152 .bLength = USB_DT_ENDPOINT_SIZE,
153 .bDescriptorType = USB_DT_ENDPOINT,
154 .bEndpointAddress = USB_DIR_IN,
155 .bmAttributes = USB_ENDPOINT_XFER_BULK,
156};
157
158static struct usb_endpoint_descriptor mtp_fullspeed_out_desc = {
159 .bLength = USB_DT_ENDPOINT_SIZE,
160 .bDescriptorType = USB_DT_ENDPOINT,
161 .bEndpointAddress = USB_DIR_OUT,
162 .bmAttributes = USB_ENDPOINT_XFER_BULK,
163};
164
165static struct usb_endpoint_descriptor mtp_intr_desc = {
166 .bLength = USB_DT_ENDPOINT_SIZE,
167 .bDescriptorType = USB_DT_ENDPOINT,
168 .bEndpointAddress = USB_DIR_IN,
169 .bmAttributes = USB_ENDPOINT_XFER_INT,
170 .wMaxPacketSize = __constant_cpu_to_le16(INTR_BUFFER_SIZE),
171 .bInterval = 6,
172};
173
174static struct usb_descriptor_header *fs_mtp_descs[] = {
175 (struct usb_descriptor_header *) &mtp_interface_desc,
176 (struct usb_descriptor_header *) &mtp_fullspeed_in_desc,
177 (struct usb_descriptor_header *) &mtp_fullspeed_out_desc,
178 (struct usb_descriptor_header *) &mtp_intr_desc,
179 NULL,
180};
181
182static struct usb_descriptor_header *hs_mtp_descs[] = {
183 (struct usb_descriptor_header *) &mtp_interface_desc,
184 (struct usb_descriptor_header *) &mtp_highspeed_in_desc,
185 (struct usb_descriptor_header *) &mtp_highspeed_out_desc,
186 (struct usb_descriptor_header *) &mtp_intr_desc,
187 NULL,
188};
189
190static struct usb_descriptor_header *fs_ptp_descs[] = {
191 (struct usb_descriptor_header *) &ptp_interface_desc,
192 (struct usb_descriptor_header *) &mtp_fullspeed_in_desc,
193 (struct usb_descriptor_header *) &mtp_fullspeed_out_desc,
194 (struct usb_descriptor_header *) &mtp_intr_desc,
195 NULL,
196};
197
198static struct usb_descriptor_header *hs_ptp_descs[] = {
199 (struct usb_descriptor_header *) &ptp_interface_desc,
200 (struct usb_descriptor_header *) &mtp_highspeed_in_desc,
201 (struct usb_descriptor_header *) &mtp_highspeed_out_desc,
202 (struct usb_descriptor_header *) &mtp_intr_desc,
203 NULL,
204};
205
206static struct usb_string mtp_string_defs[] = {
207 /* Naming interface "MTP" so libmtp will recognize us */
208 [INTERFACE_STRING_INDEX].s = "MTP",
209 { }, /* end of list */
210};
211
212static struct usb_gadget_strings mtp_string_table = {
213 .language = 0x0409, /* en-US */
214 .strings = mtp_string_defs,
215};
216
217static struct usb_gadget_strings *mtp_strings[] = {
218 &mtp_string_table,
219 NULL,
220};
221
222/* Microsoft MTP OS String */
223static u8 mtp_os_string[] = {
224 18, /* sizeof(mtp_os_string) */
225 USB_DT_STRING,
226 /* Signature field: "MSFT100" */
227 'M', 0, 'S', 0, 'F', 0, 'T', 0, '1', 0, '0', 0, '0', 0,
228 /* vendor code */
229 1,
230 /* padding */
231 0
232};
233
234/* Microsoft Extended Configuration Descriptor Header Section */
235struct mtp_ext_config_desc_header {
236 __le32 dwLength;
237 __u16 bcdVersion;
238 __le16 wIndex;
239 __u8 bCount;
240 __u8 reserved[7];
241};
242
243/* Microsoft Extended Configuration Descriptor Function Section */
244struct mtp_ext_config_desc_function {
245 __u8 bFirstInterfaceNumber;
246 __u8 bInterfaceCount;
247 __u8 compatibleID[8];
248 __u8 subCompatibleID[8];
249 __u8 reserved[6];
250};
251
252/* MTP Extended Configuration Descriptor */
253struct {
254 struct mtp_ext_config_desc_header header;
255 struct mtp_ext_config_desc_function function;
256} mtp_ext_config_desc = {
257 .header = {
258 .dwLength = __constant_cpu_to_le32(sizeof(mtp_ext_config_desc)),
259 .bcdVersion = __constant_cpu_to_le16(0x0100),
260 .wIndex = __constant_cpu_to_le16(4),
261 .bCount = __constant_cpu_to_le16(1),
262 },
263 .function = {
264 .bFirstInterfaceNumber = 0,
265 .bInterfaceCount = 1,
266 .compatibleID = { 'M', 'T', 'P' },
267 },
268};
269
270struct mtp_device_status {
271 __le16 wLength;
272 __le16 wCode;
273};
274
275/* temporary variable used between mtp_open() and mtp_gadget_bind() */
276static struct mtp_dev *_mtp_dev;
277
278static inline struct mtp_dev *func_to_mtp(struct usb_function *f)
279{
280 return container_of(f, struct mtp_dev, function);
281}
282
283static struct usb_request *mtp_request_new(struct usb_ep *ep, int buffer_size)
284{
285 struct usb_request *req = usb_ep_alloc_request(ep, GFP_KERNEL);
286 if (!req)
287 return NULL;
288
289 /* now allocate buffers for the requests */
290 req->buf = kmalloc(buffer_size, GFP_KERNEL);
291 if (!req->buf) {
292 usb_ep_free_request(ep, req);
293 return NULL;
294 }
295
296 return req;
297}
298
299static void mtp_request_free(struct usb_request *req, struct usb_ep *ep)
300{
301 if (req) {
302 kfree(req->buf);
303 usb_ep_free_request(ep, req);
304 }
305}
306
307static inline int mtp_lock(atomic_t *excl)
308{
309 if (atomic_inc_return(excl) == 1) {
310 return 0;
311 } else {
312 atomic_dec(excl);
313 return -1;
314 }
315}
316
317static inline void mtp_unlock(atomic_t *excl)
318{
319 atomic_dec(excl);
320}
321
322/* add a request to the tail of a list */
323static void mtp_req_put(struct mtp_dev *dev, struct list_head *head,
324 struct usb_request *req)
325{
326 unsigned long flags;
327
328 spin_lock_irqsave(&dev->lock, flags);
329 list_add_tail(&req->list, head);
330 spin_unlock_irqrestore(&dev->lock, flags);
331}
332
333/* remove a request from the head of a list */
334static struct usb_request
335*mtp_req_get(struct mtp_dev *dev, struct list_head *head)
336{
337 unsigned long flags;
338 struct usb_request *req;
339
340 spin_lock_irqsave(&dev->lock, flags);
341 if (list_empty(head)) {
342 req = 0;
343 } else {
344 req = list_first_entry(head, struct usb_request, list);
345 list_del(&req->list);
346 }
347 spin_unlock_irqrestore(&dev->lock, flags);
348 return req;
349}
350
351static void mtp_complete_in(struct usb_ep *ep, struct usb_request *req)
352{
353 struct mtp_dev *dev = _mtp_dev;
354
355 if (req->status != 0)
356 dev->state = STATE_ERROR;
357
358 mtp_req_put(dev, &dev->tx_idle, req);
359
360 wake_up(&dev->write_wq);
361}
362
363static void mtp_complete_out(struct usb_ep *ep, struct usb_request *req)
364{
365 struct mtp_dev *dev = _mtp_dev;
366
367 dev->rx_done = 1;
368 if (req->status != 0)
369 dev->state = STATE_ERROR;
370
371 wake_up(&dev->read_wq);
372}
373
374static void mtp_complete_intr(struct usb_ep *ep, struct usb_request *req)
375{
376 struct mtp_dev *dev = _mtp_dev;
377
378 if (req->status != 0)
379 dev->state = STATE_ERROR;
380
381 mtp_req_put(dev, &dev->intr_idle, req);
382
383 wake_up(&dev->intr_wq);
384}
385
386static int mtp_create_bulk_endpoints(struct mtp_dev *dev,
387 struct usb_endpoint_descriptor *in_desc,
388 struct usb_endpoint_descriptor *out_desc,
389 struct usb_endpoint_descriptor *intr_desc)
390{
391 struct usb_composite_dev *cdev = dev->cdev;
392 struct usb_request *req;
393 struct usb_ep *ep;
394 int i;
395
396 DBG(cdev, "create_bulk_endpoints dev: %p\n", dev);
397
398 ep = usb_ep_autoconfig(cdev->gadget, in_desc);
399 if (!ep) {
400 DBG(cdev, "usb_ep_autoconfig for ep_in failed\n");
401 return -ENODEV;
402 }
403 DBG(cdev, "usb_ep_autoconfig for ep_in got %s\n", ep->name);
404 ep->driver_data = dev; /* claim the endpoint */
405 dev->ep_in = ep;
406
407 ep = usb_ep_autoconfig(cdev->gadget, out_desc);
408 if (!ep) {
409 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n");
410 return -ENODEV;
411 }
412 DBG(cdev, "usb_ep_autoconfig for mtp ep_out got %s\n", ep->name);
413 ep->driver_data = dev; /* claim the endpoint */
414 dev->ep_out = ep;
415
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]416 ep = usb_ep_autoconfig(cdev->gadget, intr_desc);
417 if (!ep) {
418 DBG(cdev, "usb_ep_autoconfig for ep_intr failed\n");
419 return -ENODEV;
420 }
421 DBG(cdev, "usb_ep_autoconfig for mtp ep_intr got %s\n", ep->name);
422 ep->driver_data = dev; /* claim the endpoint */
423 dev->ep_intr = ep;
424
425 /* now allocate requests for our endpoints */
426 for (i = 0; i < TX_REQ_MAX; i++) {
427 req = mtp_request_new(dev->ep_in, MTP_BULK_BUFFER_SIZE);
428 if (!req)
429 goto fail;
430 req->complete = mtp_complete_in;
431 mtp_req_put(dev, &dev->tx_idle, req);
432 }
Pavankumar Kondeti9ade1912012-12-19 20:19:35 +0530[diff] [blame]433retry_rx_alloc:
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]434 for (i = 0; i < RX_REQ_MAX; i++) {
Pavankumar Kondeti9ade1912012-12-19 20:19:35 +0530[diff] [blame]435 req = mtp_request_new(dev->ep_out, mtp_rx_req_len);
436 if (!req) {
437 if (mtp_rx_req_len <= MTP_BULK_BUFFER_SIZE)
438 goto fail;
439 for (; i > 0; i--)
440 mtp_request_free(dev->rx_req[i], dev->ep_out);
441 mtp_rx_req_len = MTP_BULK_BUFFER_SIZE;
442 goto retry_rx_alloc;
443 }
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]444 req->complete = mtp_complete_out;
445 dev->rx_req[i] = req;
446 }
447 for (i = 0; i < INTR_REQ_MAX; i++) {
448 req = mtp_request_new(dev->ep_intr, INTR_BUFFER_SIZE);
449 if (!req)
450 goto fail;
451 req->complete = mtp_complete_intr;
452 mtp_req_put(dev, &dev->intr_idle, req);
453 }
454
455 return 0;
456
457fail:
458 printk(KERN_ERR "mtp_bind() could not allocate requests\n");
459 return -1;
460}
461
462static ssize_t mtp_read(struct file *fp, char __user *buf,
463 size_t count, loff_t *pos)
464{
465 struct mtp_dev *dev = fp->private_data;
466 struct usb_composite_dev *cdev = dev->cdev;
467 struct usb_request *req;
468 int r = count, xfer;
469 int ret = 0;
470
471 DBG(cdev, "mtp_read(%d)\n", count);
472
Pavankumar Kondeti9ade1912012-12-19 20:19:35 +0530[diff] [blame]473 if (count > mtp_rx_req_len)
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]474 return -EINVAL;
475
476 /* we will block until we're online */
477 DBG(cdev, "mtp_read: waiting for online state\n");
478 ret = wait_event_interruptible(dev->read_wq,
479 dev->state != STATE_OFFLINE);
480 if (ret < 0) {
481 r = ret;
482 goto done;
483 }
484 spin_lock_irq(&dev->lock);
485 if (dev->state == STATE_CANCELED) {
486 /* report cancelation to userspace */
487 dev->state = STATE_READY;
488 spin_unlock_irq(&dev->lock);
489 return -ECANCELED;
490 }
491 dev->state = STATE_BUSY;
492 spin_unlock_irq(&dev->lock);
493
494requeue_req:
495 /* queue a request */
496 req = dev->rx_req[0];
497 req->length = count;
498 dev->rx_done = 0;
499 ret = usb_ep_queue(dev->ep_out, req, GFP_KERNEL);
500 if (ret < 0) {
501 r = -EIO;
502 goto done;
503 } else {
504 DBG(cdev, "rx %p queue\n", req);
505 }
506
507 /* wait for a request to complete */
Rajkumar Raghupathy20298e02012-03-09 12:22:36 +0530[diff] [blame]508 ret = wait_event_interruptible(dev->read_wq,
509 dev->rx_done || dev->state != STATE_BUSY);
510 if (dev->state == STATE_CANCELED) {
511 r = -ECANCELED;
512 if (!dev->rx_done)
513 usb_ep_dequeue(dev->ep_out, req);
514 spin_lock_irq(&dev->lock);
515 dev->state = STATE_CANCELED;
516 spin_unlock_irq(&dev->lock);
517 goto done;
518 }
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]519 if (ret < 0) {
520 r = ret;
521 usb_ep_dequeue(dev->ep_out, req);
522 goto done;
523 }
524 if (dev->state == STATE_BUSY) {
525 /* If we got a 0-len packet, throw it back and try again. */
526 if (req->actual == 0)
527 goto requeue_req;
528
529 DBG(cdev, "rx %p %d\n", req, req->actual);
530 xfer = (req->actual < count) ? req->actual : count;
531 r = xfer;
532 if (copy_to_user(buf, req->buf, xfer))
533 r = -EFAULT;
534 } else
535 r = -EIO;
536
537done:
538 spin_lock_irq(&dev->lock);
539 if (dev->state == STATE_CANCELED)
540 r = -ECANCELED;
541 else if (dev->state != STATE_OFFLINE)
542 dev->state = STATE_READY;
543 spin_unlock_irq(&dev->lock);
544
545 DBG(cdev, "mtp_read returning %d\n", r);
546 return r;
547}
548
549static ssize_t mtp_write(struct file *fp, const char __user *buf,
550 size_t count, loff_t *pos)
551{
552 struct mtp_dev *dev = fp->private_data;
553 struct usb_composite_dev *cdev = dev->cdev;
554 struct usb_request *req = 0;
555 int r = count, xfer;
556 int sendZLP = 0;
557 int ret;
558
559 DBG(cdev, "mtp_write(%d)\n", count);
560
561 spin_lock_irq(&dev->lock);
562 if (dev->state == STATE_CANCELED) {
563 /* report cancelation to userspace */
564 dev->state = STATE_READY;
565 spin_unlock_irq(&dev->lock);
566 return -ECANCELED;
567 }
568 if (dev->state == STATE_OFFLINE) {
569 spin_unlock_irq(&dev->lock);
570 return -ENODEV;
571 }
572 dev->state = STATE_BUSY;
573 spin_unlock_irq(&dev->lock);
574
575 /* we need to send a zero length packet to signal the end of transfer
576 * if the transfer size is aligned to a packet boundary.
577 */
578 if ((count & (dev->ep_in->maxpacket - 1)) == 0)
579 sendZLP = 1;
580
581 while (count > 0 || sendZLP) {
582 /* so we exit after sending ZLP */
583 if (count == 0)
584 sendZLP = 0;
585
586 if (dev->state != STATE_BUSY) {
587 DBG(cdev, "mtp_write dev->error\n");
588 r = -EIO;
589 break;
590 }
591
592 /* get an idle tx request to use */
593 req = 0;
594 ret = wait_event_interruptible(dev->write_wq,
595 ((req = mtp_req_get(dev, &dev->tx_idle))
596 || dev->state != STATE_BUSY));
597 if (!req) {
598 r = ret;
599 break;
600 }
601
602 if (count > MTP_BULK_BUFFER_SIZE)
603 xfer = MTP_BULK_BUFFER_SIZE;
604 else
605 xfer = count;
606 if (xfer && copy_from_user(req->buf, buf, xfer)) {
607 r = -EFAULT;
608 break;
609 }
610
611 req->length = xfer;
612 ret = usb_ep_queue(dev->ep_in, req, GFP_KERNEL);
613 if (ret < 0) {
614 DBG(cdev, "mtp_write: xfer error %d\n", ret);
615 r = -EIO;
616 break;
617 }
618
619 buf += xfer;
620 count -= xfer;
621
622 /* zero this so we don't try to free it on error exit */
623 req = 0;
624 }
625
626 if (req)
627 mtp_req_put(dev, &dev->tx_idle, req);
628
629 spin_lock_irq(&dev->lock);
630 if (dev->state == STATE_CANCELED)
631 r = -ECANCELED;
632 else if (dev->state != STATE_OFFLINE)
633 dev->state = STATE_READY;
634 spin_unlock_irq(&dev->lock);
635
636 DBG(cdev, "mtp_write returning %d\n", r);
637 return r;
638}
639
640/* read from a local file and write to USB */
641static void send_file_work(struct work_struct *data)
642{
643 struct mtp_dev *dev = container_of(data, struct mtp_dev,
644 send_file_work);
645 struct usb_composite_dev *cdev = dev->cdev;
646 struct usb_request *req = 0;
647 struct mtp_data_header *header;
648 struct file *filp;
649 loff_t offset;
650 int64_t count;
651 int xfer, ret, hdr_size;
652 int r = 0;
653 int sendZLP = 0;
654
655 /* read our parameters */
656 smp_rmb();
657 filp = dev->xfer_file;
658 offset = dev->xfer_file_offset;
659 count = dev->xfer_file_length;
660
661 DBG(cdev, "send_file_work(%lld %lld)\n", offset, count);
662
663 if (dev->xfer_send_header) {
664 hdr_size = sizeof(struct mtp_data_header);
665 count += hdr_size;
666 } else {
667 hdr_size = 0;
668 }
669
670 /* we need to send a zero length packet to signal the end of transfer
671 * if the transfer size is aligned to a packet boundary.
672 */
673 if ((count & (dev->ep_in->maxpacket - 1)) == 0)
674 sendZLP = 1;
675
676 while (count > 0 || sendZLP) {
677 /* so we exit after sending ZLP */
678 if (count == 0)
679 sendZLP = 0;
680
681 /* get an idle tx request to use */
682 req = 0;
683 ret = wait_event_interruptible(dev->write_wq,
684 (req = mtp_req_get(dev, &dev->tx_idle))
685 || dev->state != STATE_BUSY);
686 if (dev->state == STATE_CANCELED) {
687 r = -ECANCELED;
688 break;
689 }
690 if (!req) {
691 r = ret;
692 break;
693 }
694
695 if (count > MTP_BULK_BUFFER_SIZE)
696 xfer = MTP_BULK_BUFFER_SIZE;
697 else
698 xfer = count;
699
700 if (hdr_size) {
701 /* prepend MTP data header */
702 header = (struct mtp_data_header *)req->buf;
703 header->length = __cpu_to_le32(count);
704 header->type = __cpu_to_le16(2); /* data packet */
705 header->command = __cpu_to_le16(dev->xfer_command);
706 header->transaction_id =
707 __cpu_to_le32(dev->xfer_transaction_id);
708 }
709
710 ret = vfs_read(filp, req->buf + hdr_size, xfer - hdr_size,
711 &offset);
712 if (ret < 0) {
713 r = ret;
714 break;
715 }
716 xfer = ret + hdr_size;
717 hdr_size = 0;
718
719 req->length = xfer;
720 ret = usb_ep_queue(dev->ep_in, req, GFP_KERNEL);
721 if (ret < 0) {
722 DBG(cdev, "send_file_work: xfer error %d\n", ret);
Vijayavardhan Vennapusa00972232012-05-18 11:18:40 +0530[diff] [blame]723 if (dev->state != STATE_OFFLINE)
724 dev->state = STATE_ERROR;
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]725 r = -EIO;
726 break;
727 }
728
729 count -= xfer;
730
731 /* zero this so we don't try to free it on error exit */
732 req = 0;
733 }
734
735 if (req)
736 mtp_req_put(dev, &dev->tx_idle, req);
737
738 DBG(cdev, "send_file_work returning %d\n", r);
739 /* write the result */
740 dev->xfer_result = r;
741 smp_wmb();
742}
743
744/* read from USB and write to a local file */
745static void receive_file_work(struct work_struct *data)
746{
747 struct mtp_dev *dev = container_of(data, struct mtp_dev,
748 receive_file_work);
749 struct usb_composite_dev *cdev = dev->cdev;
750 struct usb_request *read_req = NULL, *write_req = NULL;
751 struct file *filp;
752 loff_t offset;
753 int64_t count;
754 int ret, cur_buf = 0;
755 int r = 0;
756
757 /* read our parameters */
758 smp_rmb();
759 filp = dev->xfer_file;
760 offset = dev->xfer_file_offset;
761 count = dev->xfer_file_length;
762
763 DBG(cdev, "receive_file_work(%lld)\n", count);
764
765 while (count > 0 || write_req) {
766 if (count > 0) {
767 /* queue a request */
768 read_req = dev->rx_req[cur_buf];
769 cur_buf = (cur_buf + 1) % RX_REQ_MAX;
770
Pavankumar Kondeti9ade1912012-12-19 20:19:35 +0530[diff] [blame]771 read_req->length = (count > mtp_rx_req_len
772 ? mtp_rx_req_len : count);
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]773 dev->rx_done = 0;
774 ret = usb_ep_queue(dev->ep_out, read_req, GFP_KERNEL);
775 if (ret < 0) {
776 r = -EIO;
Vijayavardhan Vennapusa00972232012-05-18 11:18:40 +0530[diff] [blame]777 if (dev->state != STATE_OFFLINE)
778 dev->state = STATE_ERROR;
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]779 break;
780 }
781 }
782
783 if (write_req) {
784 DBG(cdev, "rx %p %d\n", write_req, write_req->actual);
785 ret = vfs_write(filp, write_req->buf, write_req->actual,
786 &offset);
787 DBG(cdev, "vfs_write %d\n", ret);
788 if (ret != write_req->actual) {
789 r = -EIO;
Vijayavardhan Vennapusa00972232012-05-18 11:18:40 +0530[diff] [blame]790 if (dev->state != STATE_OFFLINE)
791 dev->state = STATE_ERROR;
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]792 break;
793 }
794 write_req = NULL;
795 }
796
797 if (read_req) {
798 /* wait for our last read to complete */
799 ret = wait_event_interruptible(dev->read_wq,
800 dev->rx_done || dev->state != STATE_BUSY);
Rajkumar Raghupathy7c3c45b2012-07-24 16:13:36 +0530[diff] [blame]801 if (dev->state == STATE_CANCELED
802 || dev->state == STATE_OFFLINE) {
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]803 r = -ECANCELED;
804 if (!dev->rx_done)
805 usb_ep_dequeue(dev->ep_out, read_req);
806 break;
807 }
808 /* if xfer_file_length is 0xFFFFFFFF, then we read until
809 * we get a zero length packet
810 */
811 if (count != 0xFFFFFFFF)
812 count -= read_req->actual;
813 if (read_req->actual < read_req->length) {
814 /*
815 * short packet is used to signal EOF for
816 * sizes > 4 gig
817 */
818 DBG(cdev, "got short packet\n");
819 count = 0;
820 }
821
822 write_req = read_req;
823 read_req = NULL;
824 }
825 }
826
827 DBG(cdev, "receive_file_work returning %d\n", r);
828 /* write the result */
829 dev->xfer_result = r;
830 smp_wmb();
831}
832
833static int mtp_send_event(struct mtp_dev *dev, struct mtp_event *event)
834{
835 struct usb_request *req = NULL;
836 int ret;
837 int length = event->length;
838
839 DBG(dev->cdev, "mtp_send_event(%d)\n", event->length);
840
841 if (length < 0 || length > INTR_BUFFER_SIZE)
842 return -EINVAL;
843 if (dev->state == STATE_OFFLINE)
844 return -ENODEV;
845
846 ret = wait_event_interruptible_timeout(dev->intr_wq,
847 (req = mtp_req_get(dev, &dev->intr_idle)),
848 msecs_to_jiffies(1000));
849 if (!req)
850 return -ETIME;
851
852 if (copy_from_user(req->buf, (void __user *)event->data, length)) {
853 mtp_req_put(dev, &dev->intr_idle, req);
854 return -EFAULT;
855 }
856 req->length = length;
857 ret = usb_ep_queue(dev->ep_intr, req, GFP_KERNEL);
858 if (ret)
859 mtp_req_put(dev, &dev->intr_idle, req);
860
861 return ret;
862}
863
864static long mtp_ioctl(struct file *fp, unsigned code, unsigned long value)
865{
866 struct mtp_dev *dev = fp->private_data;
867 struct file *filp = NULL;
868 int ret = -EINVAL;
869
870 if (mtp_lock(&dev->ioctl_excl))
871 return -EBUSY;
872
873 switch (code) {
874 case MTP_SEND_FILE:
875 case MTP_RECEIVE_FILE:
876 case MTP_SEND_FILE_WITH_HEADER:
877 {
878 struct mtp_file_range mfr;
879 struct work_struct *work;
880
881 spin_lock_irq(&dev->lock);
882 if (dev->state == STATE_CANCELED) {
883 /* report cancelation to userspace */
884 dev->state = STATE_READY;
885 spin_unlock_irq(&dev->lock);
886 ret = -ECANCELED;
887 goto out;
888 }
889 if (dev->state == STATE_OFFLINE) {
890 spin_unlock_irq(&dev->lock);
891 ret = -ENODEV;
892 goto out;
893 }
894 dev->state = STATE_BUSY;
895 spin_unlock_irq(&dev->lock);
896
897 if (copy_from_user(&mfr, (void __user *)value, sizeof(mfr))) {
898 ret = -EFAULT;
899 goto fail;
900 }
901 /* hold a reference to the file while we are working with it */
902 filp = fget(mfr.fd);
903 if (!filp) {
904 ret = -EBADF;
905 goto fail;
906 }
907
908 /* write the parameters */
909 dev->xfer_file = filp;
910 dev->xfer_file_offset = mfr.offset;
911 dev->xfer_file_length = mfr.length;
912 smp_wmb();
913
914 if (code == MTP_SEND_FILE_WITH_HEADER) {
915 work = &dev->send_file_work;
916 dev->xfer_send_header = 1;
917 dev->xfer_command = mfr.command;
918 dev->xfer_transaction_id = mfr.transaction_id;
919 } else if (code == MTP_SEND_FILE) {
920 work = &dev->send_file_work;
921 dev->xfer_send_header = 0;
922 } else {
923 work = &dev->receive_file_work;
924 }
925
926 /* We do the file transfer on a work queue so it will run
927 * in kernel context, which is necessary for vfs_read and
928 * vfs_write to use our buffers in the kernel address space.
929 */
930 queue_work(dev->wq, work);
931 /* wait for operation to complete */
932 flush_workqueue(dev->wq);
933 fput(filp);
934
935 /* read the result */
936 smp_rmb();
937 ret = dev->xfer_result;
938 break;
939 }
940 case MTP_SEND_EVENT:
941 {
942 struct mtp_event event;
943 /* return here so we don't change dev->state below,
944 * which would interfere with bulk transfer state.
945 */
946 if (copy_from_user(&event, (void __user *)value, sizeof(event)))
947 ret = -EFAULT;
948 else
949 ret = mtp_send_event(dev, &event);
950 goto out;
951 }
952 }
953
954fail:
955 spin_lock_irq(&dev->lock);
956 if (dev->state == STATE_CANCELED)
957 ret = -ECANCELED;
958 else if (dev->state != STATE_OFFLINE)
959 dev->state = STATE_READY;
960 spin_unlock_irq(&dev->lock);
961out:
962 mtp_unlock(&dev->ioctl_excl);
963 DBG(dev->cdev, "ioctl returning %d\n", ret);
964 return ret;
965}
966
967static int mtp_open(struct inode *ip, struct file *fp)
968{
969 printk(KERN_INFO "mtp_open\n");
970 if (mtp_lock(&_mtp_dev->open_excl))
971 return -EBUSY;
972
973 /* clear any error condition */
974 if (_mtp_dev->state != STATE_OFFLINE)
975 _mtp_dev->state = STATE_READY;
976
977 fp->private_data = _mtp_dev;
978 return 0;
979}
980
981static int mtp_release(struct inode *ip, struct file *fp)
982{
983 printk(KERN_INFO "mtp_release\n");
984
985 mtp_unlock(&_mtp_dev->open_excl);
986 return 0;
987}
988
989/* file operations for /dev/mtp_usb */
990static const struct file_operations mtp_fops = {
991 .owner = THIS_MODULE,
992 .read = mtp_read,
993 .write = mtp_write,
994 .unlocked_ioctl = mtp_ioctl,
995 .open = mtp_open,
996 .release = mtp_release,
997};
998
999static struct miscdevice mtp_device = {
1000 .minor = MISC_DYNAMIC_MINOR,
1001 .name = mtp_shortname,
1002 .fops = &mtp_fops,
1003};
1004
1005static int mtp_ctrlrequest(struct usb_composite_dev *cdev,
1006 const struct usb_ctrlrequest *ctrl)
1007{
1008 struct mtp_dev *dev = _mtp_dev;
1009 int value = -EOPNOTSUPP;
1010 u16 w_index = le16_to_cpu(ctrl->wIndex);
1011 u16 w_value = le16_to_cpu(ctrl->wValue);
1012 u16 w_length = le16_to_cpu(ctrl->wLength);
1013 unsigned long flags;
1014
1015 VDBG(cdev, "mtp_ctrlrequest "
1016 "%02x.%02x v%04x i%04x l%u\n",
1017 ctrl->bRequestType, ctrl->bRequest,
1018 w_value, w_index, w_length);
1019
1020 /* Handle MTP OS string */
1021 if (ctrl->bRequestType ==
1022 (USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE)
1023 && ctrl->bRequest == USB_REQ_GET_DESCRIPTOR
1024 && (w_value >> 8) == USB_DT_STRING
1025 && (w_value & 0xFF) == MTP_OS_STRING_ID) {
1026 value = (w_length < sizeof(mtp_os_string)
1027 ? w_length : sizeof(mtp_os_string));
1028 memcpy(cdev->req->buf, mtp_os_string, value);
1029 } else if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_VENDOR) {
1030 /* Handle MTP OS descriptor */
1031 DBG(cdev, "vendor request: %d index: %d value: %d length: %d\n",
1032 ctrl->bRequest, w_index, w_value, w_length);
1033
1034 if (ctrl->bRequest == 1
1035 && (ctrl->bRequestType & USB_DIR_IN)
1036 && (w_index == 4 || w_index == 5)) {
1037 value = (w_length < sizeof(mtp_ext_config_desc) ?
1038 w_length : sizeof(mtp_ext_config_desc));
1039 memcpy(cdev->req->buf, &mtp_ext_config_desc, value);
1040 }
1041 } else if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS) {
1042 DBG(cdev, "class request: %d index: %d value: %d length: %d\n",
1043 ctrl->bRequest, w_index, w_value, w_length);
1044
1045 if (ctrl->bRequest == MTP_REQ_CANCEL && w_index == 0
1046 && w_value == 0) {
1047 DBG(cdev, "MTP_REQ_CANCEL\n");
1048
1049 spin_lock_irqsave(&dev->lock, flags);
1050 if (dev->state == STATE_BUSY) {
1051 dev->state = STATE_CANCELED;
1052 wake_up(&dev->read_wq);
1053 wake_up(&dev->write_wq);
1054 }
1055 spin_unlock_irqrestore(&dev->lock, flags);
1056
1057 /* We need to queue a request to read the remaining
1058 * bytes, but we don't actually need to look at
1059 * the contents.
1060 */
1061 value = w_length;
1062 } else if (ctrl->bRequest == MTP_REQ_GET_DEVICE_STATUS
1063 && w_index == 0 && w_value == 0) {
1064 struct mtp_device_status *status = cdev->req->buf;
1065 status->wLength =
1066 __constant_cpu_to_le16(sizeof(*status));
1067
1068 DBG(cdev, "MTP_REQ_GET_DEVICE_STATUS\n");
1069 spin_lock_irqsave(&dev->lock, flags);
1070 /* device status is "busy" until we report
1071 * the cancelation to userspace
1072 */
1073 if (dev->state == STATE_CANCELED)
1074 status->wCode =
1075 __cpu_to_le16(MTP_RESPONSE_DEVICE_BUSY);
1076 else
1077 status->wCode =
1078 __cpu_to_le16(MTP_RESPONSE_OK);
1079 spin_unlock_irqrestore(&dev->lock, flags);
1080 value = sizeof(*status);
1081 }
1082 }
1083
1084 /* respond with data transfer or status phase? */
1085 if (value >= 0) {
1086 int rc;
1087 cdev->req->zero = value < w_length;
1088 cdev->req->length = value;
1089 rc = usb_ep_queue(cdev->gadget->ep0, cdev->req, GFP_ATOMIC);
1090 if (rc < 0)
1091 ERROR(cdev, "%s: response queue error\n", __func__);
1092 }
1093 return value;
1094}
1095
1096static int
1097mtp_function_bind(struct usb_configuration *c, struct usb_function *f)
1098{
1099 struct usb_composite_dev *cdev = c->cdev;
1100 struct mtp_dev *dev = func_to_mtp(f);
1101 int id;
1102 int ret;
1103
1104 dev->cdev = cdev;
1105 DBG(cdev, "mtp_function_bind dev: %p\n", dev);
1106
1107 /* allocate interface ID(s) */
1108 id = usb_interface_id(c, f);
1109 if (id < 0)
1110 return id;
1111 mtp_interface_desc.bInterfaceNumber = id;
Devin Kime81d6182012-06-20 08:42:06 -0700[diff] [blame]1112 mtp_ext_config_desc.function.bFirstInterfaceNumber = id;
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]1113
1114 /* allocate endpoints */
1115 ret = mtp_create_bulk_endpoints(dev, &mtp_fullspeed_in_desc,
1116 &mtp_fullspeed_out_desc, &mtp_intr_desc);
1117 if (ret)
1118 return ret;
1119
1120 /* support high speed hardware */
1121 if (gadget_is_dualspeed(c->cdev->gadget)) {
1122 mtp_highspeed_in_desc.bEndpointAddress =
1123 mtp_fullspeed_in_desc.bEndpointAddress;
1124 mtp_highspeed_out_desc.bEndpointAddress =
1125 mtp_fullspeed_out_desc.bEndpointAddress;
1126 }
1127
1128 DBG(cdev, "%s speed %s: IN/%s, OUT/%s\n",
1129 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
1130 f->name, dev->ep_in->name, dev->ep_out->name);
1131 return 0;
1132}
1133
1134static void
1135mtp_function_unbind(struct usb_configuration *c, struct usb_function *f)
1136{
1137 struct mtp_dev *dev = func_to_mtp(f);
1138 struct usb_request *req;
1139 int i;
1140
1141 while ((req = mtp_req_get(dev, &dev->tx_idle)))
1142 mtp_request_free(req, dev->ep_in);
1143 for (i = 0; i < RX_REQ_MAX; i++)
1144 mtp_request_free(dev->rx_req[i], dev->ep_out);
1145 while ((req = mtp_req_get(dev, &dev->intr_idle)))
1146 mtp_request_free(req, dev->ep_intr);
1147 dev->state = STATE_OFFLINE;
1148}
1149
1150static int mtp_function_set_alt(struct usb_function *f,
1151 unsigned intf, unsigned alt)
1152{
1153 struct mtp_dev *dev = func_to_mtp(f);
1154 struct usb_composite_dev *cdev = f->config->cdev;
1155 int ret;
1156
1157 DBG(cdev, "mtp_function_set_alt intf: %d alt: %d\n", intf, alt);
1158
1159 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_in);
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]1160 if (ret) {
Tatyana Brokhman31ac3522011-06-28 15:33:50 +0200[diff] [blame]1161 dev->ep_in->desc = NULL;
1162 ERROR(cdev, "config_ep_by_speed failes for ep %s, result %d\n",
1163 dev->ep_in->name, ret);
1164 return ret;
1165 }
1166 ret = usb_ep_enable(dev->ep_in);
1167 if (ret) {
1168 ERROR(cdev, "failed to enable ep %s, result %d\n",
1169 dev->ep_in->name, ret);
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]1170 return ret;
1171 }
1172
Tatyana Brokhman31ac3522011-06-28 15:33:50 +0200[diff] [blame]1173 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_out);
1174 if (ret) {
1175 dev->ep_out->desc = NULL;
1176 ERROR(cdev, "config_ep_by_speed failes for ep %s, result %d\n",
1177 dev->ep_out->name, ret);
Tatyana Brokhmanebd3f392011-06-28 16:33:50 +0300[diff] [blame]1178 usb_ep_disable(dev->ep_in);
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]1179 return ret;
Tatyana Brokhmanebd3f392011-06-28 16:33:50 +0300[diff] [blame]1180 }
Tatyana Brokhman31ac3522011-06-28 15:33:50 +0200[diff] [blame]1181 ret = usb_ep_enable(dev->ep_out);
1182 if (ret) {
1183 ERROR(cdev, "failed to enable ep %s, result %d\n",
1184 dev->ep_out->name, ret);
Tatyana Brokhmanebd3f392011-06-28 16:33:50 +0300[diff] [blame]1185 usb_ep_disable(dev->ep_in);
1186 return ret;
1187 }
Tatyana Brokhmancf709c12011-06-28 16:33:48 +0300[diff] [blame]1188 dev->ep_intr->desc = &mtp_intr_desc;
Benoit Gobyf0fbc482011-12-19 14:37:50 -0800[diff] [blame]1189 ret = usb_ep_enable(dev->ep_intr);
1190 if (ret) {
1191 usb_ep_disable(dev->ep_out);
1192 usb_ep_disable(dev->ep_in);
1193 return ret;
1194 }
1195 dev->state = STATE_READY;
1196
1197 /* readers may be blocked waiting for us to go online */
1198 wake_up(&dev->read_wq);
1199 return 0;
1200}
1201
1202static void mtp_function_disable(struct usb_function *f)
1203{
1204 struct mtp_dev *dev = func_to_mtp(f);
1205 struct usb_composite_dev *cdev = dev->cdev;
1206
1207 DBG(cdev, "mtp_function_disable\n");
1208 dev->state = STATE_OFFLINE;
1209 usb_ep_disable(dev->ep_in);
1210 usb_ep_disable(dev->ep_out);
1211 usb_ep_disable(dev->ep_intr);
1212
1213 /* readers may be blocked waiting for us to go online */
1214 wake_up(&dev->read_wq);
1215
1216 VDBG(cdev, "%s disabled\n", dev->function.name);
1217}
1218
1219static int mtp_bind_config(struct usb_configuration *c, bool ptp_config)
1220{
1221 struct mtp_dev *dev = _mtp_dev;
1222 int ret = 0;
1223
1224 printk(KERN_INFO "mtp_bind_config\n");
1225
1226 /* allocate a string ID for our interface */
1227 if (mtp_string_defs[INTERFACE_STRING_INDEX].id == 0) {
1228 ret = usb_string_id(c->cdev);
1229 if (ret < 0)
1230 return ret;
1231 mtp_string_defs[INTERFACE_STRING_INDEX].id = ret;
1232 mtp_interface_desc.iInterface = ret;
1233 }
1234
1235 dev->cdev = c->cdev;
1236 dev->function.name = "mtp";
1237 dev->function.strings = mtp_strings;
1238 if (ptp_config) {
1239 dev->function.descriptors = fs_ptp_descs;
1240 dev->function.hs_descriptors = hs_ptp_descs;
1241 } else {
1242 dev->function.descriptors = fs_mtp_descs;
1243 dev->function.hs_descriptors = hs_mtp_descs;
1244 }
1245 dev->function.bind = mtp_function_bind;
1246 dev->function.unbind = mtp_function_unbind;
1247 dev->function.set_alt = mtp_function_set_alt;
1248 dev->function.disable = mtp_function_disable;
1249
1250 return usb_add_function(c, &dev->function);
1251}
1252
1253static int mtp_setup(void)
1254{
1255 struct mtp_dev *dev;
1256 int ret;
1257
1258 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
1259 if (!dev)
1260 return -ENOMEM;
1261
1262 spin_lock_init(&dev->lock);
1263 init_waitqueue_head(&dev->read_wq);
1264 init_waitqueue_head(&dev->write_wq);
1265 init_waitqueue_head(&dev->intr_wq);
1266 atomic_set(&dev->open_excl, 0);
1267 atomic_set(&dev->ioctl_excl, 0);
1268 INIT_LIST_HEAD(&dev->tx_idle);
1269 INIT_LIST_HEAD(&dev->intr_idle);
1270
1271 dev->wq = create_singlethread_workqueue("f_mtp");
1272 if (!dev->wq) {
1273 ret = -ENOMEM;
1274 goto err1;
1275 }
1276 INIT_WORK(&dev->send_file_work, send_file_work);
1277 INIT_WORK(&dev->receive_file_work, receive_file_work);
1278
1279 _mtp_dev = dev;
1280
1281 ret = misc_register(&mtp_device);
1282 if (ret)
1283 goto err2;
1284
1285 return 0;
1286
1287err2:
1288 destroy_workqueue(dev->wq);
1289err1:
1290 _mtp_dev = NULL;
1291 kfree(dev);
1292 printk(KERN_ERR "mtp gadget driver failed to initialize\n");
1293 return ret;
1294}
1295
1296static void mtp_cleanup(void)
1297{
1298 struct mtp_dev *dev = _mtp_dev;
1299
1300 if (!dev)
1301 return;
1302
1303 misc_deregister(&mtp_device);
1304 destroy_workqueue(dev->wq);
1305 _mtp_dev = NULL;
1306 kfree(dev);
1307}