1/* 2 * f_fs.c -- user mode file system API for USB composite function controllers 3 * 4 * Copyright (C) 2010 Samsung Electronics 5 * Author: Michal Nazarewicz <m.nazarewicz@samsung.com> 6 * 7 * Based on inode.c (GadgetFS) which was: 8 * Copyright (C) 2003-2004 David Brownell 9 * Copyright (C) 2003 Agilent Technologies 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2 of the License, or 14 * (at your option) any later version. 15 */ 16 17 18/* #define DEBUG */ 19/* #define VERBOSE_DEBUG */ 20 21#include <linux/blkdev.h> 22#include <linux/pagemap.h> 23#include <linux/export.h> 24#include <asm/unaligned.h> 25 26#include <linux/usb/composite.h> 27#include <linux/usb/functionfs.h> 28 29 30#define FUNCTIONFS_MAGIC 0xa647361 /* Chosen by a honest dice roll ;) */ 31 32 33/* Debugging ****************************************************************/ 34 35#ifdef VERBOSE_DEBUG 36# define pr_vdebug pr_debug 37# define ffs_dump_mem(prefix, ptr, len) \ 38 print_hex_dump_bytes(pr_fmt(prefix ": "), DUMP_PREFIX_NONE, ptr, len) 39#else 40# define pr_vdebug(...) do { } while (0) 41# define ffs_dump_mem(prefix, ptr, len) do { } while (0) 42#endif /* VERBOSE_DEBUG */ 43 44#define ENTER() pr_vdebug("%s()\n", __func__) 45 46 47/* The data structure and setup file ****************************************/ 48 49enum ffs_state { 50 /* 51 * Waiting for descriptors and strings. 52 * 53 * In this state no open(2), read(2) or write(2) on epfiles 54 * may succeed (which should not be the problem as there 55 * should be no such files opened in the first place). 56 */ 57 FFS_READ_DESCRIPTORS, 58 FFS_READ_STRINGS, 59 60 /* 61 * We've got descriptors and strings. We are or have called 62 * functionfs_ready_callback(). functionfs_bind() may have 63 * been called but we don't know. 64 * 65 * This is the only state in which operations on epfiles may 66 * succeed. 67 */ 68 FFS_ACTIVE, 69 70 /* 71 * All endpoints have been closed. This state is also set if 72 * we encounter an unrecoverable error. The only 73 * unrecoverable error is situation when after reading strings 74 * from user space we fail to initialise epfiles or 75 * functionfs_ready_callback() returns with error (<0). 76 * 77 * In this state no open(2), read(2) or write(2) (both on ep0 78 * as well as epfile) may succeed (at this point epfiles are 79 * unlinked and all closed so this is not a problem; ep0 is 80 * also closed but ep0 file exists and so open(2) on ep0 must 81 * fail). 82 */ 83 FFS_CLOSING 84}; 85 86 87enum ffs_setup_state { 88 /* There is no setup request pending. */ 89 FFS_NO_SETUP, 90 /* 91 * User has read events and there was a setup request event 92 * there. The next read/write on ep0 will handle the 93 * request. 94 */ 95 FFS_SETUP_PENDING, 96 /* 97 * There was event pending but before user space handled it 98 * some other event was introduced which canceled existing 99 * setup. If this state is set read/write on ep0 return 100 * -EIDRM. This state is only set when adding event. 101 */ 102 FFS_SETUP_CANCELED 103}; 104 105 106 107struct ffs_epfile; 108struct ffs_function; 109 110struct ffs_data { 111 struct usb_gadget *gadget; 112 113 /* 114 * Protect access read/write operations, only one read/write 115 * at a time. As a consequence protects ep0req and company. 116 * While setup request is being processed (queued) this is 117 * held. 118 */ 119 struct mutex mutex; 120 121 /* 122 * Protect access to endpoint related structures (basically 123 * usb_ep_queue(), usb_ep_dequeue(), etc. calls) except for 124 * endpoint zero. 125 */ 126 spinlock_t eps_lock; 127 128 /* 129 * XXX REVISIT do we need our own request? Since we are not 130 * handling setup requests immediately user space may be so 131 * slow that another setup will be sent to the gadget but this 132 * time not to us but another function and then there could be 133 * a race. Is that the case? Or maybe we can use cdev->req 134 * after all, maybe we just need some spinlock for that? 135 */ 136 struct usb_request *ep0req; /* P: mutex */ 137 struct completion ep0req_completion; /* P: mutex */ 138 int ep0req_status; /* P: mutex */ 139 140 /* reference counter */ 141 atomic_t ref; 142 /* how many files are opened (EP0 and others) */ 143 atomic_t opened; 144 145 /* EP0 state */ 146 enum ffs_state state; 147 148 /* 149 * Possible transitions: 150 * + FFS_NO_SETUP -> FFS_SETUP_PENDING -- P: ev.waitq.lock 151 * happens only in ep0 read which is P: mutex 152 * + FFS_SETUP_PENDING -> FFS_NO_SETUP -- P: ev.waitq.lock 153 * happens only in ep0 i/o which is P: mutex 154 * + FFS_SETUP_PENDING -> FFS_SETUP_CANCELED -- P: ev.waitq.lock 155 * + FFS_SETUP_CANCELED -> FFS_NO_SETUP -- cmpxchg 156 */ 157 enum ffs_setup_state setup_state; 158 159#define FFS_SETUP_STATE(ffs) \ 160 ((enum ffs_setup_state)cmpxchg(&(ffs)->setup_state, \ 161 FFS_SETUP_CANCELED, FFS_NO_SETUP)) 162 163 /* Events & such. */ 164 struct { 165 u8 types[4]; 166 unsigned short count; 167 /* XXX REVISIT need to update it in some places, or do we? */ 168 unsigned short can_stall; 169 struct usb_ctrlrequest setup; 170 171 wait_queue_head_t waitq; 172 } ev; /* the whole structure, P: ev.waitq.lock */ 173 174 /* Flags */ 175 unsigned long flags; 176#define FFS_FL_CALL_CLOSED_CALLBACK 0 177#define FFS_FL_BOUND 1 178 179 /* Active function */ 180 struct ffs_function *func; 181 182 /* 183 * Device name, write once when file system is mounted. 184 * Intended for user to read if she wants. 185 */ 186 const char *dev_name; 187 /* Private data for our user (ie. gadget). Managed by user. */ 188 void *private_data; 189 190 /* filled by __ffs_data_got_descs() */ 191 /* 192 * Real descriptors are 16 bytes after raw_descs (so you need 193 * to skip 16 bytes (ie. ffs->raw_descs + 16) to get to the 194 * first full speed descriptor). raw_descs_length and 195 * raw_fs_descs_length do not have those 16 bytes added. 196 */ 197 const void *raw_descs; 198 unsigned raw_descs_length; 199 unsigned raw_fs_descs_length; 200 unsigned fs_descs_count; 201 unsigned hs_descs_count; 202 203 unsigned short strings_count; 204 unsigned short interfaces_count; 205 unsigned short eps_count; 206 unsigned short _pad1; 207 208 /* filled by __ffs_data_got_strings() */ 209 /* ids in stringtabs are set in functionfs_bind() */ 210 const void *raw_strings; 211 struct usb_gadget_strings **stringtabs; 212 213 /* 214 * File system's super block, write once when file system is 215 * mounted. 216 */ 217 struct super_block *sb; 218 219 /* File permissions, written once when fs is mounted */ 220 struct ffs_file_perms { 221 umode_t mode; 222 uid_t uid; 223 gid_t gid; 224 } file_perms; 225 226 /* 227 * The endpoint files, filled by ffs_epfiles_create(), 228 * destroyed by ffs_epfiles_destroy(). 229 */ 230 struct ffs_epfile *epfiles; 231}; 232 233/* Reference counter handling */ 234static void ffs_data_get(struct ffs_data *ffs); 235static void ffs_data_put(struct ffs_data *ffs); 236/* Creates new ffs_data object. */ 237static struct ffs_data *__must_check ffs_data_new(void) __attribute__((malloc)); 238 239/* Opened counter handling. */ 240static void ffs_data_opened(struct ffs_data *ffs); 241static void ffs_data_closed(struct ffs_data *ffs); 242 243/* Called with ffs->mutex held; take over ownership of data. */ 244static int __must_check 245__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len); 246static int __must_check 247__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len); 248 249 250/* The function structure ***************************************************/ 251 252struct ffs_ep; 253 254struct ffs_function { 255 struct usb_configuration *conf; 256 struct usb_gadget *gadget; 257 struct ffs_data *ffs; 258 259 struct ffs_ep *eps; 260 u8 eps_revmap[16]; 261 short *interfaces_nums; 262 263 struct usb_function function; 264}; 265 266 267static struct ffs_function *ffs_func_from_usb(struct usb_function *f) 268{ 269 return container_of(f, struct ffs_function, function); 270} 271 272static void ffs_func_free(struct ffs_function *func); 273 274static void ffs_func_eps_disable(struct ffs_function *func); 275static int __must_check ffs_func_eps_enable(struct ffs_function *func); 276 277static int ffs_func_bind(struct usb_configuration *, 278 struct usb_function *); 279static void ffs_func_unbind(struct usb_configuration *, 280 struct usb_function *); 281static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned); 282static void ffs_func_disable(struct usb_function *); 283static int ffs_func_setup(struct usb_function *, 284 const struct usb_ctrlrequest *); 285static void ffs_func_suspend(struct usb_function *); 286static void ffs_func_resume(struct usb_function *); 287 288 289static int ffs_func_revmap_ep(struct ffs_function *func, u8 num); 290static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf); 291 292 293/* The endpoints structures *************************************************/ 294 295struct ffs_ep { 296 struct usb_ep *ep; /* P: ffs->eps_lock */ 297 struct usb_request *req; /* P: epfile->mutex */ 298 299 /* [0]: full speed, [1]: high speed */ 300 struct usb_endpoint_descriptor *descs[2]; 301 302 u8 num; 303 304 int status; /* P: epfile->mutex */ 305}; 306 307struct ffs_epfile { 308 /* Protects ep->ep and ep->req. */ 309 struct mutex mutex; 310 wait_queue_head_t wait; 311 312 struct ffs_data *ffs; 313 struct ffs_ep *ep; /* P: ffs->eps_lock */ 314 315 struct dentry *dentry; 316 317 char name[5]; 318 319 unsigned char in; /* P: ffs->eps_lock */ 320 unsigned char isoc; /* P: ffs->eps_lock */ 321 322 unsigned char _pad; 323}; 324 325static int __must_check ffs_epfiles_create(struct ffs_data *ffs); 326static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count); 327 328static struct inode *__must_check 329ffs_sb_create_file(struct super_block *sb, const char *name, void *data, 330 const struct file_operations *fops, 331 struct dentry **dentry_p); 332 333 334/* Misc helper functions ****************************************************/ 335 336static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock) 337 __attribute__((warn_unused_result, nonnull)); 338static char *ffs_prepare_buffer(const char * __user buf, size_t len) 339 __attribute__((warn_unused_result, nonnull)); 340 341 342/* Control file aka ep0 *****************************************************/ 343 344static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req) 345{ 346 struct ffs_data *ffs = req->context; 347 348 complete_all(&ffs->ep0req_completion); 349} 350 351static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len) 352{ 353 struct usb_request *req = ffs->ep0req; 354 int ret; 355 356 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength); 357 358 spin_unlock_irq(&ffs->ev.waitq.lock); 359 360 req->buf = data; 361 req->length = len; 362 363 /* 364 * UDC layer requires to provide a buffer even for ZLP, but should 365 * not use it at all. Let's provide some poisoned pointer to catch 366 * possible bug in the driver. 367 */ 368 if (req->buf == NULL) 369 req->buf = (void *)0xDEADBABE; 370 371 INIT_COMPLETION(ffs->ep0req_completion); 372 373 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC); 374 if (unlikely(ret < 0)) 375 return ret; 376 377 ret = wait_for_completion_interruptible(&ffs->ep0req_completion); 378 if (unlikely(ret)) { 379 usb_ep_dequeue(ffs->gadget->ep0, req); 380 return -EINTR; 381 } 382 383 ffs->setup_state = FFS_NO_SETUP; 384 return ffs->ep0req_status; 385} 386 387static int __ffs_ep0_stall(struct ffs_data *ffs) 388{ 389 if (ffs->ev.can_stall) { 390 pr_vdebug("ep0 stall\n"); 391 usb_ep_set_halt(ffs->gadget->ep0); 392 ffs->setup_state = FFS_NO_SETUP; 393 return -EL2HLT; 394 } else { 395 pr_debug("bogus ep0 stall!\n"); 396 return -ESRCH; 397 } 398} 399 400static ssize_t ffs_ep0_write(struct file *file, const char __user *buf, 401 size_t len, loff_t *ptr) 402{ 403 struct ffs_data *ffs = file->private_data; 404 ssize_t ret; 405 char *data; 406 407 ENTER(); 408 409 /* Fast check if setup was canceled */ 410 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) 411 return -EIDRM; 412 413 /* Acquire mutex */ 414 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK); 415 if (unlikely(ret < 0)) 416 return ret; 417 418 /* Check state */ 419 switch (ffs->state) { 420 case FFS_READ_DESCRIPTORS: 421 case FFS_READ_STRINGS: 422 /* Copy data */ 423 if (unlikely(len < 16)) { 424 ret = -EINVAL; 425 break; 426 } 427 428 data = ffs_prepare_buffer(buf, len); 429 if (IS_ERR(data)) { 430 ret = PTR_ERR(data); 431 break; 432 } 433 434 /* Handle data */ 435 if (ffs->state == FFS_READ_DESCRIPTORS) { 436 pr_info("read descriptors\n"); 437 ret = __ffs_data_got_descs(ffs, data, len); 438 if (unlikely(ret < 0)) 439 break; 440 441 ffs->state = FFS_READ_STRINGS; 442 ret = len; 443 } else { 444 pr_info("read strings\n"); 445 ret = __ffs_data_got_strings(ffs, data, len); 446 if (unlikely(ret < 0)) 447 break; 448 449 ret = ffs_epfiles_create(ffs); 450 if (unlikely(ret)) { 451 ffs->state = FFS_CLOSING; 452 break; 453 } 454 455 ffs->state = FFS_ACTIVE; 456 mutex_unlock(&ffs->mutex); 457 458 ret = functionfs_ready_callback(ffs); 459 if (unlikely(ret < 0)) { 460 ffs->state = FFS_CLOSING; 461 return ret; 462 } 463 464 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags); 465 return len; 466 } 467 break; 468 469 case FFS_ACTIVE: 470 data = NULL; 471 /* 472 * We're called from user space, we can use _irq 473 * rather then _irqsave 474 */ 475 spin_lock_irq(&ffs->ev.waitq.lock); 476 switch (FFS_SETUP_STATE(ffs)) { 477 case FFS_SETUP_CANCELED: 478 ret = -EIDRM; 479 goto done_spin; 480 481 case FFS_NO_SETUP: 482 ret = -ESRCH; 483 goto done_spin; 484 485 case FFS_SETUP_PENDING: 486 break; 487 } 488 489 /* FFS_SETUP_PENDING */ 490 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) { 491 spin_unlock_irq(&ffs->ev.waitq.lock); 492 ret = __ffs_ep0_stall(ffs); 493 break; 494 } 495 496 /* FFS_SETUP_PENDING and not stall */ 497 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength)); 498 499 spin_unlock_irq(&ffs->ev.waitq.lock); 500 501 data = ffs_prepare_buffer(buf, len); 502 if (IS_ERR(data)) { 503 ret = PTR_ERR(data); 504 break; 505 } 506 507 spin_lock_irq(&ffs->ev.waitq.lock); 508 509 /* 510 * We are guaranteed to be still in FFS_ACTIVE state 511 * but the state of setup could have changed from 512 * FFS_SETUP_PENDING to FFS_SETUP_CANCELED so we need 513 * to check for that. If that happened we copied data 514 * from user space in vain but it's unlikely. 515 * 516 * For sure we are not in FFS_NO_SETUP since this is 517 * the only place FFS_SETUP_PENDING -> FFS_NO_SETUP 518 * transition can be performed and it's protected by 519 * mutex. 520 */ 521 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) { 522 ret = -EIDRM; 523done_spin: 524 spin_unlock_irq(&ffs->ev.waitq.lock); 525 } else { 526 /* unlocks spinlock */ 527 ret = __ffs_ep0_queue_wait(ffs, data, len); 528 } 529 kfree(data); 530 break; 531 532 default: 533 ret = -EBADFD; 534 break; 535 } 536 537 mutex_unlock(&ffs->mutex); 538 return ret; 539} 540 541static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf, 542 size_t n) 543{ 544 /* 545 * We are holding ffs->ev.waitq.lock and ffs->mutex and we need 546 * to release them. 547 */ 548 struct usb_functionfs_event events[n]; 549 unsigned i = 0; 550 551 memset(events, 0, sizeof events); 552 553 do { 554 events[i].type = ffs->ev.types[i]; 555 if (events[i].type == FUNCTIONFS_SETUP) { 556 events[i].u.setup = ffs->ev.setup; 557 ffs->setup_state = FFS_SETUP_PENDING; 558 } 559 } while (++i < n); 560 561 if (n < ffs->ev.count) { 562 ffs->ev.count -= n; 563 memmove(ffs->ev.types, ffs->ev.types + n, 564 ffs->ev.count * sizeof *ffs->ev.types); 565 } else { 566 ffs->ev.count = 0; 567 } 568 569 spin_unlock_irq(&ffs->ev.waitq.lock); 570 mutex_unlock(&ffs->mutex); 571 572 return unlikely(__copy_to_user(buf, events, sizeof events)) 573 ? -EFAULT : sizeof events; 574} 575 576static ssize_t ffs_ep0_read(struct file *file, char __user *buf, 577 size_t len, loff_t *ptr) 578{ 579 struct ffs_data *ffs = file->private_data; 580 char *data = NULL; 581 size_t n; 582 int ret; 583 584 ENTER(); 585 586 /* Fast check if setup was canceled */ 587 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) 588 return -EIDRM; 589 590 /* Acquire mutex */ 591 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK); 592 if (unlikely(ret < 0)) 593 return ret; 594 595 /* Check state */ 596 if (ffs->state != FFS_ACTIVE) { 597 ret = -EBADFD; 598 goto done_mutex; 599 } 600 601 /* 602 * We're called from user space, we can use _irq rather then 603 * _irqsave 604 */ 605 spin_lock_irq(&ffs->ev.waitq.lock); 606 607 switch (FFS_SETUP_STATE(ffs)) { 608 case FFS_SETUP_CANCELED: 609 ret = -EIDRM; 610 break; 611 612 case FFS_NO_SETUP: 613 n = len / sizeof(struct usb_functionfs_event); 614 if (unlikely(!n)) { 615 ret = -EINVAL; 616 break; 617 } 618 619 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) { 620 ret = -EAGAIN; 621 break; 622 } 623 624 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq, 625 ffs->ev.count)) { 626 ret = -EINTR; 627 break; 628 } 629 630 return __ffs_ep0_read_events(ffs, buf, 631 min(n, (size_t)ffs->ev.count)); 632 633 case FFS_SETUP_PENDING: 634 if (ffs->ev.setup.bRequestType & USB_DIR_IN) { 635 spin_unlock_irq(&ffs->ev.waitq.lock); 636 ret = __ffs_ep0_stall(ffs); 637 goto done_mutex; 638 } 639 640 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength)); 641 642 spin_unlock_irq(&ffs->ev.waitq.lock); 643 644 if (likely(len)) { 645 data = kmalloc(len, GFP_KERNEL); 646 if (unlikely(!data)) { 647 ret = -ENOMEM; 648 goto done_mutex; 649 } 650 } 651 652 spin_lock_irq(&ffs->ev.waitq.lock); 653 654 /* See ffs_ep0_write() */ 655 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) { 656 ret = -EIDRM; 657 break; 658 } 659 660 /* unlocks spinlock */ 661 ret = __ffs_ep0_queue_wait(ffs, data, len); 662 if (likely(ret > 0) && unlikely(__copy_to_user(buf, data, len))) 663 ret = -EFAULT; 664 goto done_mutex; 665 666 default: 667 ret = -EBADFD; 668 break; 669 } 670 671 spin_unlock_irq(&ffs->ev.waitq.lock); 672done_mutex: 673 mutex_unlock(&ffs->mutex); 674 kfree(data); 675 return ret; 676} 677 678static int ffs_ep0_open(struct inode *inode, struct file *file) 679{ 680 struct ffs_data *ffs = inode->i_private; 681 682 ENTER(); 683 684 if (unlikely(ffs->state == FFS_CLOSING)) 685 return -EBUSY; 686 687 file->private_data = ffs; 688 ffs_data_opened(ffs); 689 690 return 0; 691} 692 693static int ffs_ep0_release(struct inode *inode, struct file *file) 694{ 695 struct ffs_data *ffs = file->private_data; 696 697 ENTER(); 698 699 ffs_data_closed(ffs); 700 701 return 0; 702} 703 704static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value) 705{ 706 struct ffs_data *ffs = file->private_data; 707 struct usb_gadget *gadget = ffs->gadget; 708 long ret; 709 710 ENTER(); 711 712 if (code == FUNCTIONFS_INTERFACE_REVMAP) { 713 struct ffs_function *func = ffs->func; 714 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV; 715 } else if (gadget->ops->ioctl) { 716 ret = gadget->ops->ioctl(gadget, code, value); 717 } else { 718 ret = -ENOTTY; 719 } 720 721 return ret; 722} 723 724static const struct file_operations ffs_ep0_operations = { 725 .owner = THIS_MODULE, 726 .llseek = no_llseek, 727 728 .open = ffs_ep0_open, 729 .write = ffs_ep0_write, 730 .read = ffs_ep0_read, 731 .release = ffs_ep0_release, 732 .unlocked_ioctl = ffs_ep0_ioctl, 733}; 734 735 736/* "Normal" endpoints operations ********************************************/ 737 738static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req) 739{ 740 ENTER(); 741 if (likely(req->context)) { 742 struct ffs_ep *ep = _ep->driver_data; 743 ep->status = req->status ? req->status : req->actual; 744 complete(req->context); 745 } 746} 747 748static ssize_t ffs_epfile_io(struct file *file, 749 char __user *buf, size_t len, int read) 750{ 751 struct ffs_epfile *epfile = file->private_data; 752 struct ffs_ep *ep; 753 char *data = NULL; 754 ssize_t ret; 755 int halt; 756 757 goto first_try; 758 do { 759 spin_unlock_irq(&epfile->ffs->eps_lock); 760 mutex_unlock(&epfile->mutex); 761 762first_try: 763 /* Are we still active? */ 764 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) { 765 ret = -ENODEV; 766 goto error; 767 } 768 769 /* Wait for endpoint to be enabled */ 770 ep = epfile->ep; 771 if (!ep) { 772 if (file->f_flags & O_NONBLOCK) { 773 ret = -EAGAIN; 774 goto error; 775 } 776 777 if (wait_event_interruptible(epfile->wait, 778 (ep = epfile->ep))) { 779 ret = -EINTR; 780 goto error; 781 } 782 } 783 784 /* Do we halt? */ 785 halt = !read == !epfile->in; 786 if (halt && epfile->isoc) { 787 ret = -EINVAL; 788 goto error; 789 } 790 791 /* Allocate & copy */ 792 if (!halt && !data) { 793 data = kzalloc(len, GFP_KERNEL); 794 if (unlikely(!data)) 795 return -ENOMEM; 796 797 if (!read && 798 unlikely(__copy_from_user(data, buf, len))) { 799 ret = -EFAULT; 800 goto error; 801 } 802 } 803 804 /* We will be using request */ 805 ret = ffs_mutex_lock(&epfile->mutex, 806 file->f_flags & O_NONBLOCK); 807 if (unlikely(ret)) 808 goto error; 809 810 /* 811 * We're called from user space, we can use _irq rather then 812 * _irqsave 813 */ 814 spin_lock_irq(&epfile->ffs->eps_lock); 815 816 /* 817 * While we were acquiring mutex endpoint got disabled 818 * or changed? 819 */ 820 } while (unlikely(epfile->ep != ep)); 821 822 /* Halt */ 823 if (unlikely(halt)) { 824 if (likely(epfile->ep == ep) && !WARN_ON(!ep->ep)) 825 usb_ep_set_halt(ep->ep); 826 spin_unlock_irq(&epfile->ffs->eps_lock); 827 ret = -EBADMSG; 828 } else { 829 /* Fire the request */ 830 DECLARE_COMPLETION_ONSTACK(done); 831 832 struct usb_request *req = ep->req; 833 req->context = &done; 834 req->complete = ffs_epfile_io_complete; 835 req->buf = data; 836 req->length = len; 837 838 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC); 839 840 spin_unlock_irq(&epfile->ffs->eps_lock); 841 842 if (unlikely(ret < 0)) { 843 /* nop */ 844 } else if (unlikely(wait_for_completion_interruptible(&done))) { 845 ret = -EINTR; 846 usb_ep_dequeue(ep->ep, req); 847 } else { 848 ret = ep->status; 849 if (read && ret > 0 && 850 unlikely(copy_to_user(buf, data, ret))) 851 ret = -EFAULT; 852 } 853 } 854 855 mutex_unlock(&epfile->mutex); 856error: 857 kfree(data); 858 return ret; 859} 860 861static ssize_t 862ffs_epfile_write(struct file *file, const char __user *buf, size_t len, 863 loff_t *ptr) 864{ 865 ENTER(); 866 867 return ffs_epfile_io(file, (char __user *)buf, len, 0); 868} 869 870static ssize_t 871ffs_epfile_read(struct file *file, char __user *buf, size_t len, loff_t *ptr) 872{ 873 ENTER(); 874 875 return ffs_epfile_io(file, buf, len, 1); 876} 877 878static int 879ffs_epfile_open(struct inode *inode, struct file *file) 880{ 881 struct ffs_epfile *epfile = inode->i_private; 882 883 ENTER(); 884 885 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) 886 return -ENODEV; 887 888 file->private_data = epfile; 889 ffs_data_opened(epfile->ffs); 890 891 return 0; 892} 893 894static int 895ffs_epfile_release(struct inode *inode, struct file *file) 896{ 897 struct ffs_epfile *epfile = inode->i_private; 898 899 ENTER(); 900 901 ffs_data_closed(epfile->ffs); 902 903 return 0; 904} 905 906static long ffs_epfile_ioctl(struct file *file, unsigned code, 907 unsigned long value) 908{ 909 struct ffs_epfile *epfile = file->private_data; 910 int ret; 911 912 ENTER(); 913 914 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) 915 return -ENODEV; 916 917 spin_lock_irq(&epfile->ffs->eps_lock); 918 if (likely(epfile->ep)) { 919 switch (code) { 920 case FUNCTIONFS_FIFO_STATUS: 921 ret = usb_ep_fifo_status(epfile->ep->ep); 922 break; 923 case FUNCTIONFS_FIFO_FLUSH: 924 usb_ep_fifo_flush(epfile->ep->ep); 925 ret = 0; 926 break; 927 case FUNCTIONFS_CLEAR_HALT: 928 ret = usb_ep_clear_halt(epfile->ep->ep); 929 break; 930 case FUNCTIONFS_ENDPOINT_REVMAP: 931 ret = epfile->ep->num; 932 break; 933 default: 934 ret = -ENOTTY; 935 } 936 } else { 937 ret = -ENODEV; 938 } 939 spin_unlock_irq(&epfile->ffs->eps_lock); 940 941 return ret; 942} 943 944static const struct file_operations ffs_epfile_operations = { 945 .owner = THIS_MODULE, 946 .llseek = no_llseek, 947 948 .open = ffs_epfile_open, 949 .write = ffs_epfile_write, 950 .read = ffs_epfile_read, 951 .release = ffs_epfile_release, 952 .unlocked_ioctl = ffs_epfile_ioctl, 953}; 954 955 956/* File system and super block operations ***********************************/ 957 958/* 959 * Mounting the file system creates a controller file, used first for 960 * function configuration then later for event monitoring. 961 */ 962 963static struct inode *__must_check 964ffs_sb_make_inode(struct super_block *sb, void *data, 965 const struct file_operations *fops, 966 const struct inode_operations *iops, 967 struct ffs_file_perms *perms) 968{ 969 struct inode *inode; 970 971 ENTER(); 972 973 inode = new_inode(sb); 974 975 if (likely(inode)) { 976 struct timespec current_time = CURRENT_TIME; 977 978 inode->i_ino = get_next_ino(); 979 inode->i_mode = perms->mode; 980 inode->i_uid = perms->uid; 981 inode->i_gid = perms->gid; 982 inode->i_atime = current_time; 983 inode->i_mtime = current_time; 984 inode->i_ctime = current_time; 985 inode->i_private = data; 986 if (fops) 987 inode->i_fop = fops; 988 if (iops) 989 inode->i_op = iops; 990 } 991 992 return inode; 993} 994 995/* Create "regular" file */ 996static struct inode *ffs_sb_create_file(struct super_block *sb, 997 const char *name, void *data, 998 const struct file_operations *fops, 999 struct dentry **dentry_p) 1000{ 1001 struct ffs_data *ffs = sb->s_fs_info; 1002 struct dentry *dentry; 1003 struct inode *inode; 1004 1005 ENTER(); 1006 1007 dentry = d_alloc_name(sb->s_root, name); 1008 if (unlikely(!dentry)) 1009 return NULL; 1010 1011 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms); 1012 if (unlikely(!inode)) { 1013 dput(dentry); 1014 return NULL; 1015 } 1016 1017 d_add(dentry, inode); 1018 if (dentry_p) 1019 *dentry_p = dentry; 1020 1021 return inode; 1022} 1023 1024/* Super block */ 1025static const struct super_operations ffs_sb_operations = { 1026 .statfs = simple_statfs, 1027 .drop_inode = generic_delete_inode, 1028}; 1029 1030struct ffs_sb_fill_data { 1031 struct ffs_file_perms perms; 1032 umode_t root_mode; 1033 const char *dev_name; 1034}; 1035 1036static int ffs_sb_fill(struct super_block *sb, void *_data, int silent) 1037{ 1038 struct ffs_sb_fill_data *data = _data; 1039 struct inode *inode; 1040 struct ffs_data *ffs; 1041 1042 ENTER(); 1043 1044 /* Initialise data */ 1045 ffs = ffs_data_new(); 1046 if (unlikely(!ffs)) 1047 goto Enomem; 1048 1049 ffs->sb = sb; 1050 ffs->dev_name = data->dev_name; 1051 ffs->file_perms = data->perms; 1052 1053 sb->s_fs_info = ffs; 1054 sb->s_blocksize = PAGE_CACHE_SIZE; 1055 sb->s_blocksize_bits = PAGE_CACHE_SHIFT; 1056 sb->s_magic = FUNCTIONFS_MAGIC; 1057 sb->s_op = &ffs_sb_operations; 1058 sb->s_time_gran = 1; 1059 1060 /* Root inode */ 1061 data->perms.mode = data->root_mode; 1062 inode = ffs_sb_make_inode(sb, NULL, 1063 &simple_dir_operations, 1064 &simple_dir_inode_operations, 1065 &data->perms); 1066 if (unlikely(!inode)) 1067 goto Enomem; 1068 sb->s_root = d_alloc_root(inode); 1069 if (unlikely(!sb->s_root)) { 1070 iput(inode); 1071 goto Enomem; 1072 } 1073 1074 /* EP0 file */ 1075 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs, 1076 &ffs_ep0_operations, NULL))) 1077 goto Enomem; 1078 1079 return 0; 1080 1081Enomem: 1082 return -ENOMEM; 1083} 1084 1085static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts) 1086{ 1087 ENTER(); 1088 1089 if (!opts || !*opts) 1090 return 0; 1091 1092 for (;;) { 1093 char *end, *eq, *comma; 1094 unsigned long value; 1095 1096 /* Option limit */ 1097 comma = strchr(opts, ','); 1098 if (comma) 1099 *comma = 0; 1100 1101 /* Value limit */ 1102 eq = strchr(opts, '='); 1103 if (unlikely(!eq)) { 1104 pr_err("'=' missing in %s\n", opts); 1105 return -EINVAL; 1106 } 1107 *eq = 0; 1108 1109 /* Parse value */ 1110 value = simple_strtoul(eq + 1, &end, 0); 1111 if (unlikely(*end != ',' && *end != 0)) { 1112 pr_err("%s: invalid value: %s\n", opts, eq + 1); 1113 return -EINVAL; 1114 } 1115 1116 /* Interpret option */ 1117 switch (eq - opts) { 1118 case 5: 1119 if (!memcmp(opts, "rmode", 5)) 1120 data->root_mode = (value & 0555) | S_IFDIR; 1121 else if (!memcmp(opts, "fmode", 5)) 1122 data->perms.mode = (value & 0666) | S_IFREG; 1123 else 1124 goto invalid; 1125 break; 1126 1127 case 4: 1128 if (!memcmp(opts, "mode", 4)) { 1129 data->root_mode = (value & 0555) | S_IFDIR; 1130 data->perms.mode = (value & 0666) | S_IFREG; 1131 } else { 1132 goto invalid; 1133 } 1134 break; 1135 1136 case 3: 1137 if (!memcmp(opts, "uid", 3)) 1138 data->perms.uid = value; 1139 else if (!memcmp(opts, "gid", 3)) 1140 data->perms.gid = value; 1141 else 1142 goto invalid; 1143 break; 1144 1145 default: 1146invalid: 1147 pr_err("%s: invalid option\n", opts); 1148 return -EINVAL; 1149 } 1150 1151 /* Next iteration */ 1152 if (!comma) 1153 break; 1154 opts = comma + 1; 1155 } 1156 1157 return 0; 1158} 1159 1160/* "mount -t functionfs dev_name /dev/function" ends up here */ 1161 1162static struct dentry * 1163ffs_fs_mount(struct file_system_type *t, int flags, 1164 const char *dev_name, void *opts) 1165{ 1166 struct ffs_sb_fill_data data = { 1167 .perms = { 1168 .mode = S_IFREG | 0600, 1169 .uid = 0, 1170 .gid = 0 1171 }, 1172 .root_mode = S_IFDIR | 0500, 1173 }; 1174 int ret; 1175 1176 ENTER(); 1177 1178 ret = functionfs_check_dev_callback(dev_name); 1179 if (unlikely(ret < 0)) 1180 return ERR_PTR(ret); 1181 1182 ret = ffs_fs_parse_opts(&data, opts); 1183 if (unlikely(ret < 0)) 1184 return ERR_PTR(ret); 1185 1186 data.dev_name = dev_name; 1187 return mount_single(t, flags, &data, ffs_sb_fill); 1188} 1189 1190static void 1191ffs_fs_kill_sb(struct super_block *sb) 1192{ 1193 ENTER(); 1194 1195 kill_litter_super(sb); 1196 if (sb->s_fs_info) 1197 ffs_data_put(sb->s_fs_info); 1198} 1199 1200static struct file_system_type ffs_fs_type = { 1201 .owner = THIS_MODULE, 1202 .name = "functionfs", 1203 .mount = ffs_fs_mount, 1204 .kill_sb = ffs_fs_kill_sb, 1205}; 1206 1207 1208/* Driver's main init/cleanup functions *************************************/ 1209 1210static int functionfs_init(void) 1211{ 1212 int ret; 1213 1214 ENTER(); 1215 1216 ret = register_filesystem(&ffs_fs_type); 1217 if (likely(!ret)) 1218 pr_info("file system registered\n"); 1219 else 1220 pr_err("failed registering file system (%d)\n", ret); 1221 1222 return ret; 1223} 1224 1225static void functionfs_cleanup(void) 1226{ 1227 ENTER(); 1228 1229 pr_info("unloading\n"); 1230 unregister_filesystem(&ffs_fs_type); 1231} 1232 1233 1234/* ffs_data and ffs_function construction and destruction code **************/ 1235 1236static void ffs_data_clear(struct ffs_data *ffs); 1237static void ffs_data_reset(struct ffs_data *ffs); 1238 1239static void ffs_data_get(struct ffs_data *ffs) 1240{ 1241 ENTER(); 1242 1243 atomic_inc(&ffs->ref); 1244} 1245 1246static void ffs_data_opened(struct ffs_data *ffs) 1247{ 1248 ENTER(); 1249 1250 atomic_inc(&ffs->ref); 1251 atomic_inc(&ffs->opened); 1252} 1253 1254static void ffs_data_put(struct ffs_data *ffs) 1255{ 1256 ENTER(); 1257 1258 if (unlikely(atomic_dec_and_test(&ffs->ref))) { 1259 pr_info("%s(): freeing\n", __func__); 1260 ffs_data_clear(ffs); 1261 BUG_ON(mutex_is_locked(&ffs->mutex) || 1262 spin_is_locked(&ffs->ev.waitq.lock) || 1263 waitqueue_active(&ffs->ev.waitq) || 1264 waitqueue_active(&ffs->ep0req_completion.wait)); 1265 kfree(ffs); 1266 } 1267} 1268 1269static void ffs_data_closed(struct ffs_data *ffs) 1270{ 1271 ENTER(); 1272 1273 if (atomic_dec_and_test(&ffs->opened)) { 1274 ffs->state = FFS_CLOSING; 1275 ffs_data_reset(ffs); 1276 } 1277 1278 ffs_data_put(ffs); 1279} 1280 1281static struct ffs_data *ffs_data_new(void) 1282{ 1283 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL); 1284 if (unlikely(!ffs)) 1285 return 0; 1286 1287 ENTER(); 1288 1289 atomic_set(&ffs->ref, 1); 1290 atomic_set(&ffs->opened, 0); 1291 ffs->state = FFS_READ_DESCRIPTORS; 1292 mutex_init(&ffs->mutex); 1293 spin_lock_init(&ffs->eps_lock); 1294 init_waitqueue_head(&ffs->ev.waitq); 1295 init_completion(&ffs->ep0req_completion); 1296 1297 /* XXX REVISIT need to update it in some places, or do we? */ 1298 ffs->ev.can_stall = 1; 1299 1300 return ffs; 1301} 1302 1303static void ffs_data_clear(struct ffs_data *ffs) 1304{ 1305 ENTER(); 1306 1307 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags)) 1308 functionfs_closed_callback(ffs); 1309 1310 BUG_ON(ffs->gadget); 1311 1312 if (ffs->epfiles) 1313 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count); 1314 1315 kfree(ffs->raw_descs); 1316 kfree(ffs->raw_strings); 1317 kfree(ffs->stringtabs); 1318} 1319 1320static void ffs_data_reset(struct ffs_data *ffs) 1321{ 1322 ENTER(); 1323 1324 ffs_data_clear(ffs); 1325 1326 ffs->epfiles = NULL; 1327 ffs->raw_descs = NULL; 1328 ffs->raw_strings = NULL; 1329 ffs->stringtabs = NULL; 1330 1331 ffs->raw_descs_length = 0; 1332 ffs->raw_fs_descs_length = 0; 1333 ffs->fs_descs_count = 0; 1334 ffs->hs_descs_count = 0; 1335 1336 ffs->strings_count = 0; 1337 ffs->interfaces_count = 0; 1338 ffs->eps_count = 0; 1339 1340 ffs->ev.count = 0; 1341 1342 ffs->state = FFS_READ_DESCRIPTORS; 1343 ffs->setup_state = FFS_NO_SETUP; 1344 ffs->flags = 0; 1345} 1346 1347 1348static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev) 1349{ 1350 struct usb_gadget_strings **lang; 1351 int first_id; 1352 1353 ENTER(); 1354 1355 if (WARN_ON(ffs->state != FFS_ACTIVE 1356 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags))) 1357 return -EBADFD; 1358 1359 first_id = usb_string_ids_n(cdev, ffs->strings_count); 1360 if (unlikely(first_id < 0)) 1361 return first_id; 1362 1363 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL); 1364 if (unlikely(!ffs->ep0req)) 1365 return -ENOMEM; 1366 ffs->ep0req->complete = ffs_ep0_complete; 1367 ffs->ep0req->context = ffs; 1368 1369 lang = ffs->stringtabs; 1370 for (lang = ffs->stringtabs; *lang; ++lang) { 1371 struct usb_string *str = (*lang)->strings; 1372 int id = first_id; 1373 for (; str->s; ++id, ++str) 1374 str->id = id; 1375 } 1376 1377 ffs->gadget = cdev->gadget; 1378 ffs_data_get(ffs); 1379 return 0; 1380} 1381 1382static void functionfs_unbind(struct ffs_data *ffs) 1383{ 1384 ENTER(); 1385 1386 if (!WARN_ON(!ffs->gadget)) { 1387 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req); 1388 ffs->ep0req = NULL; 1389 ffs->gadget = NULL; 1390 ffs_data_put(ffs); 1391 } 1392} 1393 1394static int ffs_epfiles_create(struct ffs_data *ffs) 1395{ 1396 struct ffs_epfile *epfile, *epfiles; 1397 unsigned i, count; 1398 1399 ENTER(); 1400 1401 count = ffs->eps_count; 1402 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL); 1403 if (!epfiles) 1404 return -ENOMEM; 1405 1406 epfile = epfiles; 1407 for (i = 1; i <= count; ++i, ++epfile) { 1408 epfile->ffs = ffs; 1409 mutex_init(&epfile->mutex); 1410 init_waitqueue_head(&epfile->wait); 1411 sprintf(epfiles->name, "ep%u", i); 1412 if (!unlikely(ffs_sb_create_file(ffs->sb, epfiles->name, epfile, 1413 &ffs_epfile_operations, 1414 &epfile->dentry))) { 1415 ffs_epfiles_destroy(epfiles, i - 1); 1416 return -ENOMEM; 1417 } 1418 } 1419 1420 ffs->epfiles = epfiles; 1421 return 0; 1422} 1423 1424static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count) 1425{ 1426 struct ffs_epfile *epfile = epfiles; 1427 1428 ENTER(); 1429 1430 for (; count; --count, ++epfile) { 1431 BUG_ON(mutex_is_locked(&epfile->mutex) || 1432 waitqueue_active(&epfile->wait)); 1433 if (epfile->dentry) { 1434 d_delete(epfile->dentry); 1435 dput(epfile->dentry); 1436 epfile->dentry = NULL; 1437 } 1438 } 1439 1440 kfree(epfiles); 1441} 1442 1443static int functionfs_bind_config(struct usb_composite_dev *cdev, 1444 struct usb_configuration *c, 1445 struct ffs_data *ffs) 1446{ 1447 struct ffs_function *func; 1448 int ret; 1449 1450 ENTER(); 1451 1452 func = kzalloc(sizeof *func, GFP_KERNEL); 1453 if (unlikely(!func)) 1454 return -ENOMEM; 1455 1456 func->function.name = "Function FS Gadget"; 1457 func->function.strings = ffs->stringtabs; 1458 1459 func->function.bind = ffs_func_bind; 1460 func->function.unbind = ffs_func_unbind; 1461 func->function.set_alt = ffs_func_set_alt; 1462 func->function.disable = ffs_func_disable; 1463 func->function.setup = ffs_func_setup; 1464 func->function.suspend = ffs_func_suspend; 1465 func->function.resume = ffs_func_resume; 1466 1467 func->conf = c; 1468 func->gadget = cdev->gadget; 1469 func->ffs = ffs; 1470 ffs_data_get(ffs); 1471 1472 ret = usb_add_function(c, &func->function); 1473 if (unlikely(ret)) 1474 ffs_func_free(func); 1475 1476 return ret; 1477} 1478 1479static void ffs_func_free(struct ffs_function *func) 1480{ 1481 ENTER(); 1482 1483 ffs_data_put(func->ffs); 1484 1485 kfree(func->eps); 1486 /* 1487 * eps and interfaces_nums are allocated in the same chunk so 1488 * only one free is required. Descriptors are also allocated 1489 * in the same chunk. 1490 */ 1491 1492 kfree(func); 1493} 1494 1495static void ffs_func_eps_disable(struct ffs_function *func) 1496{ 1497 struct ffs_ep *ep = func->eps; 1498 struct ffs_epfile *epfile = func->ffs->epfiles; 1499 unsigned count = func->ffs->eps_count; 1500 unsigned long flags; 1501 1502 spin_lock_irqsave(&func->ffs->eps_lock, flags); 1503 do { 1504 /* pending requests get nuked */ 1505 if (likely(ep->ep)) 1506 usb_ep_disable(ep->ep); 1507 epfile->ep = NULL; 1508 1509 ++ep; 1510 ++epfile; 1511 } while (--count); 1512 spin_unlock_irqrestore(&func->ffs->eps_lock, flags); 1513} 1514 1515static int ffs_func_eps_enable(struct ffs_function *func) 1516{ 1517 struct ffs_data *ffs = func->ffs; 1518 struct ffs_ep *ep = func->eps; 1519 struct ffs_epfile *epfile = ffs->epfiles; 1520 unsigned count = ffs->eps_count; 1521 unsigned long flags; 1522 int ret = 0; 1523 1524 spin_lock_irqsave(&func->ffs->eps_lock, flags); 1525 do { 1526 struct usb_endpoint_descriptor *ds; 1527 ds = ep->descs[ep->descs[1] ? 1 : 0]; 1528 1529 ep->ep->driver_data = ep; 1530 ep->ep->desc = ds; 1531 ret = usb_ep_enable(ep->ep); 1532 if (likely(!ret)) { 1533 epfile->ep = ep; 1534 epfile->in = usb_endpoint_dir_in(ds); 1535 epfile->isoc = usb_endpoint_xfer_isoc(ds); 1536 } else { 1537 break; 1538 } 1539 1540 wake_up(&epfile->wait); 1541 1542 ++ep; 1543 ++epfile; 1544 } while (--count); 1545 spin_unlock_irqrestore(&func->ffs->eps_lock, flags); 1546 1547 return ret; 1548} 1549 1550 1551/* Parsing and building descriptors and strings *****************************/ 1552 1553/* 1554 * This validates if data pointed by data is a valid USB descriptor as 1555 * well as record how many interfaces, endpoints and strings are 1556 * required by given configuration. Returns address after the 1557 * descriptor or NULL if data is invalid. 1558 */ 1559 1560enum ffs_entity_type { 1561 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT 1562}; 1563 1564typedef int (*ffs_entity_callback)(enum ffs_entity_type entity, 1565 u8 *valuep, 1566 struct usb_descriptor_header *desc, 1567 void *priv); 1568 1569static int __must_check ffs_do_desc(char *data, unsigned len, 1570 ffs_entity_callback entity, void *priv) 1571{ 1572 struct usb_descriptor_header *_ds = (void *)data; 1573 u8 length; 1574 int ret; 1575 1576 ENTER(); 1577 1578 /* At least two bytes are required: length and type */ 1579 if (len < 2) { 1580 pr_vdebug("descriptor too short\n"); 1581 return -EINVAL; 1582 } 1583 1584 /* If we have at least as many bytes as the descriptor takes? */ 1585 length = _ds->bLength; 1586 if (len < length) { 1587 pr_vdebug("descriptor longer then available data\n"); 1588 return -EINVAL; 1589 } 1590 1591#define __entity_check_INTERFACE(val) 1 1592#define __entity_check_STRING(val) (val) 1593#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK) 1594#define __entity(type, val) do { \ 1595 pr_vdebug("entity " #type "(%02x)\n", (val)); \ 1596 if (unlikely(!__entity_check_ ##type(val))) { \ 1597 pr_vdebug("invalid entity's value\n"); \ 1598 return -EINVAL; \ 1599 } \ 1600 ret = entity(FFS_ ##type, &val, _ds, priv); \ 1601 if (unlikely(ret < 0)) { \ 1602 pr_debug("entity " #type "(%02x); ret = %d\n", \ 1603 (val), ret); \ 1604 return ret; \ 1605 } \ 1606 } while (0) 1607 1608 /* Parse descriptor depending on type. */ 1609 switch (_ds->bDescriptorType) { 1610 case USB_DT_DEVICE: 1611 case USB_DT_CONFIG: 1612 case USB_DT_STRING: 1613 case USB_DT_DEVICE_QUALIFIER: 1614 /* function can't have any of those */ 1615 pr_vdebug("descriptor reserved for gadget: %d\n", 1616 _ds->bDescriptorType); 1617 return -EINVAL; 1618 1619 case USB_DT_INTERFACE: { 1620 struct usb_interface_descriptor *ds = (void *)_ds; 1621 pr_vdebug("interface descriptor\n"); 1622 if (length != sizeof *ds) 1623 goto inv_length; 1624 1625 __entity(INTERFACE, ds->bInterfaceNumber); 1626 if (ds->iInterface) 1627 __entity(STRING, ds->iInterface); 1628 } 1629 break; 1630 1631 case USB_DT_ENDPOINT: { 1632 struct usb_endpoint_descriptor *ds = (void *)_ds; 1633 pr_vdebug("endpoint descriptor\n"); 1634 if (length != USB_DT_ENDPOINT_SIZE && 1635 length != USB_DT_ENDPOINT_AUDIO_SIZE) 1636 goto inv_length; 1637 __entity(ENDPOINT, ds->bEndpointAddress); 1638 } 1639 break; 1640 1641 case USB_DT_OTG: 1642 if (length != sizeof(struct usb_otg_descriptor)) 1643 goto inv_length; 1644 break; 1645 1646 case USB_DT_INTERFACE_ASSOCIATION: { 1647 struct usb_interface_assoc_descriptor *ds = (void *)_ds; 1648 pr_vdebug("interface association descriptor\n"); 1649 if (length != sizeof *ds) 1650 goto inv_length; 1651 if (ds->iFunction) 1652 __entity(STRING, ds->iFunction); 1653 } 1654 break; 1655 1656 case USB_DT_OTHER_SPEED_CONFIG: 1657 case USB_DT_INTERFACE_POWER: 1658 case USB_DT_DEBUG: 1659 case USB_DT_SECURITY: 1660 case USB_DT_CS_RADIO_CONTROL: 1661 /* TODO */ 1662 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType); 1663 return -EINVAL; 1664 1665 default: 1666 /* We should never be here */ 1667 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType); 1668 return -EINVAL; 1669 1670inv_length: 1671 pr_vdebug("invalid length: %d (descriptor %d)\n", 1672 _ds->bLength, _ds->bDescriptorType); 1673 return -EINVAL; 1674 } 1675 1676#undef __entity 1677#undef __entity_check_DESCRIPTOR 1678#undef __entity_check_INTERFACE 1679#undef __entity_check_STRING 1680#undef __entity_check_ENDPOINT 1681 1682 return length; 1683} 1684 1685static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len, 1686 ffs_entity_callback entity, void *priv) 1687{ 1688 const unsigned _len = len; 1689 unsigned long num = 0; 1690 1691 ENTER(); 1692 1693 for (;;) { 1694 int ret; 1695 1696 if (num == count) 1697 data = NULL; 1698 1699 /* Record "descriptor" entity */ 1700 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv); 1701 if (unlikely(ret < 0)) { 1702 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n", 1703 num, ret); 1704 return ret; 1705 } 1706 1707 if (!data) 1708 return _len - len; 1709 1710 ret = ffs_do_desc(data, len, entity, priv); 1711 if (unlikely(ret < 0)) { 1712 pr_debug("%s returns %d\n", __func__, ret); 1713 return ret; 1714 } 1715 1716 len -= ret; 1717 data += ret; 1718 ++num; 1719 } 1720} 1721 1722static int __ffs_data_do_entity(enum ffs_entity_type type, 1723 u8 *valuep, struct usb_descriptor_header *desc, 1724 void *priv) 1725{ 1726 struct ffs_data *ffs = priv; 1727 1728 ENTER(); 1729 1730 switch (type) { 1731 case FFS_DESCRIPTOR: 1732 break; 1733 1734 case FFS_INTERFACE: 1735 /* 1736 * Interfaces are indexed from zero so if we 1737 * encountered interface "n" then there are at least 1738 * "n+1" interfaces. 1739 */ 1740 if (*valuep >= ffs->interfaces_count) 1741 ffs->interfaces_count = *valuep + 1; 1742 break; 1743 1744 case FFS_STRING: 1745 /* 1746 * Strings are indexed from 1 (0 is magic ;) reserved 1747 * for languages list or some such) 1748 */ 1749 if (*valuep > ffs->strings_count) 1750 ffs->strings_count = *valuep; 1751 break; 1752 1753 case FFS_ENDPOINT: 1754 /* Endpoints are indexed from 1 as well. */ 1755 if ((*valuep & USB_ENDPOINT_NUMBER_MASK) > ffs->eps_count) 1756 ffs->eps_count = (*valuep & USB_ENDPOINT_NUMBER_MASK); 1757 break; 1758 } 1759 1760 return 0; 1761} 1762 1763static int __ffs_data_got_descs(struct ffs_data *ffs, 1764 char *const _data, size_t len) 1765{ 1766 unsigned fs_count, hs_count; 1767 int fs_len, ret = -EINVAL; 1768 char *data = _data; 1769 1770 ENTER(); 1771 1772 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_DESCRIPTORS_MAGIC || 1773 get_unaligned_le32(data + 4) != len)) 1774 goto error; 1775 fs_count = get_unaligned_le32(data + 8); 1776 hs_count = get_unaligned_le32(data + 12); 1777 1778 if (!fs_count && !hs_count) 1779 goto einval; 1780 1781 data += 16; 1782 len -= 16; 1783 1784 if (likely(fs_count)) { 1785 fs_len = ffs_do_descs(fs_count, data, len, 1786 __ffs_data_do_entity, ffs); 1787 if (unlikely(fs_len < 0)) { 1788 ret = fs_len; 1789 goto error; 1790 } 1791 1792 data += fs_len; 1793 len -= fs_len; 1794 } else { 1795 fs_len = 0; 1796 } 1797 1798 if (likely(hs_count)) { 1799 ret = ffs_do_descs(hs_count, data, len, 1800 __ffs_data_do_entity, ffs); 1801 if (unlikely(ret < 0)) 1802 goto error; 1803 } else { 1804 ret = 0; 1805 } 1806 1807 if (unlikely(len != ret)) 1808 goto einval; 1809 1810 ffs->raw_fs_descs_length = fs_len; 1811 ffs->raw_descs_length = fs_len + ret; 1812 ffs->raw_descs = _data; 1813 ffs->fs_descs_count = fs_count; 1814 ffs->hs_descs_count = hs_count; 1815 1816 return 0; 1817 1818einval: 1819 ret = -EINVAL; 1820error: 1821 kfree(_data); 1822 return ret; 1823} 1824 1825static int __ffs_data_got_strings(struct ffs_data *ffs, 1826 char *const _data, size_t len) 1827{ 1828 u32 str_count, needed_count, lang_count; 1829 struct usb_gadget_strings **stringtabs, *t; 1830 struct usb_string *strings, *s; 1831 const char *data = _data; 1832 1833 ENTER(); 1834 1835 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC || 1836 get_unaligned_le32(data + 4) != len)) 1837 goto error; 1838 str_count = get_unaligned_le32(data + 8); 1839 lang_count = get_unaligned_le32(data + 12); 1840 1841 /* if one is zero the other must be zero */ 1842 if (unlikely(!str_count != !lang_count)) 1843 goto error; 1844 1845 /* Do we have at least as many strings as descriptors need? */ 1846 needed_count = ffs->strings_count; 1847 if (unlikely(str_count < needed_count)) 1848 goto error; 1849 1850 /* 1851 * If we don't need any strings just return and free all 1852 * memory. 1853 */ 1854 if (!needed_count) { 1855 kfree(_data); 1856 return 0; 1857 } 1858 1859 /* Allocate everything in one chunk so there's less maintenance. */ 1860 { 1861 struct { 1862 struct usb_gadget_strings *stringtabs[lang_count + 1]; 1863 struct usb_gadget_strings stringtab[lang_count]; 1864 struct usb_string strings[lang_count*(needed_count+1)]; 1865 } *d; 1866 unsigned i = 0; 1867 1868 d = kmalloc(sizeof *d, GFP_KERNEL); 1869 if (unlikely(!d)) { 1870 kfree(_data); 1871 return -ENOMEM; 1872 } 1873 1874 stringtabs = d->stringtabs; 1875 t = d->stringtab; 1876 i = lang_count; 1877 do { 1878 *stringtabs++ = t++; 1879 } while (--i); 1880 *stringtabs = NULL; 1881 1882 stringtabs = d->stringtabs; 1883 t = d->stringtab; 1884 s = d->strings; 1885 strings = s; 1886 } 1887 1888 /* For each language */ 1889 data += 16; 1890 len -= 16; 1891 1892 do { /* lang_count > 0 so we can use do-while */ 1893 unsigned needed = needed_count; 1894 1895 if (unlikely(len < 3)) 1896 goto error_free; 1897 t->language = get_unaligned_le16(data); 1898 t->strings = s; 1899 ++t; 1900 1901 data += 2; 1902 len -= 2; 1903 1904 /* For each string */ 1905 do { /* str_count > 0 so we can use do-while */ 1906 size_t length = strnlen(data, len); 1907 1908 if (unlikely(length == len)) 1909 goto error_free; 1910 1911 /* 1912 * User may provide more strings then we need, 1913 * if that's the case we simply ignore the 1914 * rest 1915 */ 1916 if (likely(needed)) { 1917 /* 1918 * s->id will be set while adding 1919 * function to configuration so for 1920 * now just leave garbage here. 1921 */ 1922 s->s = data; 1923 --needed; 1924 ++s; 1925 } 1926 1927 data += length + 1; 1928 len -= length + 1; 1929 } while (--str_count); 1930 1931 s->id = 0; /* terminator */ 1932 s->s = NULL; 1933 ++s; 1934 1935 } while (--lang_count); 1936 1937 /* Some garbage left? */ 1938 if (unlikely(len)) 1939 goto error_free; 1940 1941 /* Done! */ 1942 ffs->stringtabs = stringtabs; 1943 ffs->raw_strings = _data; 1944 1945 return 0; 1946 1947error_free: 1948 kfree(stringtabs); 1949error: 1950 kfree(_data); 1951 return -EINVAL; 1952} 1953 1954 1955/* Events handling and management *******************************************/ 1956 1957static void __ffs_event_add(struct ffs_data *ffs, 1958 enum usb_functionfs_event_type type) 1959{ 1960 enum usb_functionfs_event_type rem_type1, rem_type2 = type; 1961 int neg = 0; 1962 1963 /* 1964 * Abort any unhandled setup 1965 * 1966 * We do not need to worry about some cmpxchg() changing value 1967 * of ffs->setup_state without holding the lock because when 1968 * state is FFS_SETUP_PENDING cmpxchg() in several places in 1969 * the source does nothing. 1970 */ 1971 if (ffs->setup_state == FFS_SETUP_PENDING) 1972 ffs->setup_state = FFS_SETUP_CANCELED; 1973 1974 switch (type) { 1975 case FUNCTIONFS_RESUME: 1976 rem_type2 = FUNCTIONFS_SUSPEND; 1977 /* FALL THROUGH */ 1978 case FUNCTIONFS_SUSPEND: 1979 case FUNCTIONFS_SETUP: 1980 rem_type1 = type; 1981 /* Discard all similar events */ 1982 break; 1983 1984 case FUNCTIONFS_BIND: 1985 case FUNCTIONFS_UNBIND: 1986 case FUNCTIONFS_DISABLE: 1987 case FUNCTIONFS_ENABLE: 1988 /* Discard everything other then power management. */ 1989 rem_type1 = FUNCTIONFS_SUSPEND; 1990 rem_type2 = FUNCTIONFS_RESUME; 1991 neg = 1; 1992 break; 1993 1994 default: 1995 BUG(); 1996 } 1997 1998 { 1999 u8 *ev = ffs->ev.types, *out = ev; 2000 unsigned n = ffs->ev.count; 2001 for (; n; --n, ++ev) 2002 if ((*ev == rem_type1 || *ev == rem_type2) == neg) 2003 *out++ = *ev; 2004 else 2005 pr_vdebug("purging event %d\n", *ev); 2006 ffs->ev.count = out - ffs->ev.types; 2007 } 2008 2009 pr_vdebug("adding event %d\n", type); 2010 ffs->ev.types[ffs->ev.count++] = type; 2011 wake_up_locked(&ffs->ev.waitq); 2012} 2013 2014static void ffs_event_add(struct ffs_data *ffs, 2015 enum usb_functionfs_event_type type) 2016{ 2017 unsigned long flags; 2018 spin_lock_irqsave(&ffs->ev.waitq.lock, flags); 2019 __ffs_event_add(ffs, type); 2020 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags); 2021} 2022 2023 2024/* Bind/unbind USB function hooks *******************************************/ 2025 2026static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep, 2027 struct usb_descriptor_header *desc, 2028 void *priv) 2029{ 2030 struct usb_endpoint_descriptor *ds = (void *)desc; 2031 struct ffs_function *func = priv; 2032 struct ffs_ep *ffs_ep; 2033 2034 /* 2035 * If hs_descriptors is not NULL then we are reading hs 2036 * descriptors now 2037 */ 2038 const int isHS = func->function.hs_descriptors != NULL; 2039 unsigned idx; 2040 2041 if (type != FFS_DESCRIPTOR) 2042 return 0; 2043 2044 if (isHS) 2045 func->function.hs_descriptors[(long)valuep] = desc; 2046 else 2047 func->function.descriptors[(long)valuep] = desc; 2048 2049 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT) 2050 return 0; 2051 2052 idx = (ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK) - 1; 2053 ffs_ep = func->eps + idx; 2054 2055 if (unlikely(ffs_ep->descs[isHS])) { 2056 pr_vdebug("two %sspeed descriptors for EP %d\n", 2057 isHS ? "high" : "full", 2058 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK); 2059 return -EINVAL; 2060 } 2061 ffs_ep->descs[isHS] = ds; 2062 2063 ffs_dump_mem(": Original ep desc", ds, ds->bLength); 2064 if (ffs_ep->ep) { 2065 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress; 2066 if (!ds->wMaxPacketSize) 2067 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize; 2068 } else { 2069 struct usb_request *req; 2070 struct usb_ep *ep; 2071 2072 pr_vdebug("autoconfig\n"); 2073 ep = usb_ep_autoconfig(func->gadget, ds); 2074 if (unlikely(!ep)) 2075 return -ENOTSUPP; 2076 ep->driver_data = func->eps + idx; 2077 2078 req = usb_ep_alloc_request(ep, GFP_KERNEL); 2079 if (unlikely(!req)) 2080 return -ENOMEM; 2081 2082 ffs_ep->ep = ep; 2083 ffs_ep->req = req; 2084 func->eps_revmap[ds->bEndpointAddress & 2085 USB_ENDPOINT_NUMBER_MASK] = idx + 1; 2086 } 2087 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength); 2088 2089 return 0; 2090} 2091 2092static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep, 2093 struct usb_descriptor_header *desc, 2094 void *priv) 2095{ 2096 struct ffs_function *func = priv; 2097 unsigned idx; 2098 u8 newValue; 2099 2100 switch (type) { 2101 default: 2102 case FFS_DESCRIPTOR: 2103 /* Handled in previous pass by __ffs_func_bind_do_descs() */ 2104 return 0; 2105 2106 case FFS_INTERFACE: 2107 idx = *valuep; 2108 if (func->interfaces_nums[idx] < 0) { 2109 int id = usb_interface_id(func->conf, &func->function); 2110 if (unlikely(id < 0)) 2111 return id; 2112 func->interfaces_nums[idx] = id; 2113 } 2114 newValue = func->interfaces_nums[idx]; 2115 break; 2116 2117 case FFS_STRING: 2118 /* String' IDs are allocated when fsf_data is bound to cdev */ 2119 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id; 2120 break; 2121 2122 case FFS_ENDPOINT: 2123 /* 2124 * USB_DT_ENDPOINT are handled in 2125 * __ffs_func_bind_do_descs(). 2126 */ 2127 if (desc->bDescriptorType == USB_DT_ENDPOINT) 2128 return 0; 2129 2130 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1; 2131 if (unlikely(!func->eps[idx].ep)) 2132 return -EINVAL; 2133 2134 { 2135 struct usb_endpoint_descriptor **descs; 2136 descs = func->eps[idx].descs; 2137 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress; 2138 } 2139 break; 2140 } 2141 2142 pr_vdebug("%02x -> %02x\n", *valuep, newValue); 2143 *valuep = newValue; 2144 return 0; 2145} 2146 2147static int ffs_func_bind(struct usb_configuration *c, 2148 struct usb_function *f) 2149{ 2150 struct ffs_function *func = ffs_func_from_usb(f); 2151 struct ffs_data *ffs = func->ffs; 2152 2153 const int full = !!func->ffs->fs_descs_count; 2154 const int high = gadget_is_dualspeed(func->gadget) && 2155 func->ffs->hs_descs_count; 2156 2157 int ret; 2158 2159 /* Make it a single chunk, less management later on */ 2160 struct { 2161 struct ffs_ep eps[ffs->eps_count]; 2162 struct usb_descriptor_header 2163 *fs_descs[full ? ffs->fs_descs_count + 1 : 0]; 2164 struct usb_descriptor_header 2165 *hs_descs[high ? ffs->hs_descs_count + 1 : 0]; 2166 short inums[ffs->interfaces_count]; 2167 char raw_descs[high ? ffs->raw_descs_length 2168 : ffs->raw_fs_descs_length]; 2169 } *data; 2170 2171 ENTER(); 2172 2173 /* Only high speed but not supported by gadget? */ 2174 if (unlikely(!(full | high))) 2175 return -ENOTSUPP; 2176 2177 /* Allocate */ 2178 data = kmalloc(sizeof *data, GFP_KERNEL); 2179 if (unlikely(!data)) 2180 return -ENOMEM; 2181 2182 /* Zero */ 2183 memset(data->eps, 0, sizeof data->eps); 2184 memcpy(data->raw_descs, ffs->raw_descs + 16, sizeof data->raw_descs); 2185 memset(data->inums, 0xff, sizeof data->inums); 2186 for (ret = ffs->eps_count; ret; --ret) 2187 data->eps[ret].num = -1; 2188 2189 /* Save pointers */ 2190 func->eps = data->eps; 2191 func->interfaces_nums = data->inums; 2192 2193 /* 2194 * Go through all the endpoint descriptors and allocate 2195 * endpoints first, so that later we can rewrite the endpoint 2196 * numbers without worrying that it may be described later on. 2197 */ 2198 if (likely(full)) { 2199 func->function.descriptors = data->fs_descs; 2200 ret = ffs_do_descs(ffs->fs_descs_count, 2201 data->raw_descs, 2202 sizeof data->raw_descs, 2203 __ffs_func_bind_do_descs, func); 2204 if (unlikely(ret < 0)) 2205 goto error; 2206 } else { 2207 ret = 0; 2208 } 2209 2210 if (likely(high)) { 2211 func->function.hs_descriptors = data->hs_descs; 2212 ret = ffs_do_descs(ffs->hs_descs_count, 2213 data->raw_descs + ret, 2214 (sizeof data->raw_descs) - ret, 2215 __ffs_func_bind_do_descs, func); 2216 } 2217 2218 /* 2219 * Now handle interface numbers allocation and interface and 2220 * endpoint numbers rewriting. We can do that in one go 2221 * now. 2222 */ 2223 ret = ffs_do_descs(ffs->fs_descs_count + 2224 (high ? ffs->hs_descs_count : 0), 2225 data->raw_descs, sizeof data->raw_descs, 2226 __ffs_func_bind_do_nums, func); 2227 if (unlikely(ret < 0)) 2228 goto error; 2229 2230 /* And we're done */ 2231 ffs_event_add(ffs, FUNCTIONFS_BIND); 2232 return 0; 2233 2234error: 2235 /* XXX Do we need to release all claimed endpoints here? */ 2236 return ret; 2237} 2238 2239 2240/* Other USB function hooks *************************************************/ 2241 2242static void ffs_func_unbind(struct usb_configuration *c, 2243 struct usb_function *f) 2244{ 2245 struct ffs_function *func = ffs_func_from_usb(f); 2246 struct ffs_data *ffs = func->ffs; 2247 2248 ENTER(); 2249 2250 if (ffs->func == func) { 2251 ffs_func_eps_disable(func); 2252 ffs->func = NULL; 2253 } 2254 2255 ffs_event_add(ffs, FUNCTIONFS_UNBIND); 2256 2257 ffs_func_free(func); 2258} 2259 2260static int ffs_func_set_alt(struct usb_function *f, 2261 unsigned interface, unsigned alt) 2262{ 2263 struct ffs_function *func = ffs_func_from_usb(f); 2264 struct ffs_data *ffs = func->ffs; 2265 int ret = 0, intf; 2266 2267 if (alt != (unsigned)-1) { 2268 intf = ffs_func_revmap_intf(func, interface); 2269 if (unlikely(intf < 0)) 2270 return intf; 2271 } 2272 2273 if (ffs->func) 2274 ffs_func_eps_disable(ffs->func); 2275 2276 if (ffs->state != FFS_ACTIVE) 2277 return -ENODEV; 2278 2279 if (alt == (unsigned)-1) { 2280 ffs->func = NULL; 2281 ffs_event_add(ffs, FUNCTIONFS_DISABLE); 2282 return 0; 2283 } 2284 2285 ffs->func = func; 2286 ret = ffs_func_eps_enable(func); 2287 if (likely(ret >= 0)) 2288 ffs_event_add(ffs, FUNCTIONFS_ENABLE); 2289 return ret; 2290} 2291 2292static void ffs_func_disable(struct usb_function *f) 2293{ 2294 ffs_func_set_alt(f, 0, (unsigned)-1); 2295} 2296 2297static int ffs_func_setup(struct usb_function *f, 2298 const struct usb_ctrlrequest *creq) 2299{ 2300 struct ffs_function *func = ffs_func_from_usb(f); 2301 struct ffs_data *ffs = func->ffs; 2302 unsigned long flags; 2303 int ret; 2304 2305 ENTER(); 2306 2307 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType); 2308 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest); 2309 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue)); 2310 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex)); 2311 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength)); 2312 2313 /* 2314 * Most requests directed to interface go through here 2315 * (notable exceptions are set/get interface) so we need to 2316 * handle them. All other either handled by composite or 2317 * passed to usb_configuration->setup() (if one is set). No 2318 * matter, we will handle requests directed to endpoint here 2319 * as well (as it's straightforward) but what to do with any 2320 * other request? 2321 */ 2322 if (ffs->state != FFS_ACTIVE) 2323 return -ENODEV; 2324 2325 switch (creq->bRequestType & USB_RECIP_MASK) { 2326 case USB_RECIP_INTERFACE: 2327 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex)); 2328 if (unlikely(ret < 0)) 2329 return ret; 2330 break; 2331 2332 case USB_RECIP_ENDPOINT: 2333 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex)); 2334 if (unlikely(ret < 0)) 2335 return ret; 2336 break; 2337 2338 default: 2339 return -EOPNOTSUPP; 2340 } 2341 2342 spin_lock_irqsave(&ffs->ev.waitq.lock, flags); 2343 ffs->ev.setup = *creq; 2344 ffs->ev.setup.wIndex = cpu_to_le16(ret); 2345 __ffs_event_add(ffs, FUNCTIONFS_SETUP); 2346 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags); 2347 2348 return 0; 2349} 2350 2351static void ffs_func_suspend(struct usb_function *f) 2352{ 2353 ENTER(); 2354 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND); 2355} 2356 2357static void ffs_func_resume(struct usb_function *f) 2358{ 2359 ENTER(); 2360 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME); 2361} 2362 2363 2364/* Endpoint and interface numbers reverse mapping ***************************/ 2365 2366static int ffs_func_revmap_ep(struct ffs_function *func, u8 num) 2367{ 2368 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK]; 2369 return num ? num : -EDOM; 2370} 2371 2372static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf) 2373{ 2374 short *nums = func->interfaces_nums; 2375 unsigned count = func->ffs->interfaces_count; 2376 2377 for (; count; --count, ++nums) { 2378 if (*nums >= 0 && *nums == intf) 2379 return nums - func->interfaces_nums; 2380 } 2381 2382 return -EDOM; 2383} 2384 2385 2386/* Misc helper functions ****************************************************/ 2387 2388static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock) 2389{ 2390 return nonblock 2391 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN 2392 : mutex_lock_interruptible(mutex); 2393} 2394 2395static char *ffs_prepare_buffer(const char * __user buf, size_t len) 2396{ 2397 char *data; 2398 2399 if (unlikely(!len)) 2400 return NULL; 2401 2402 data = kmalloc(len, GFP_KERNEL); 2403 if (unlikely(!data)) 2404 return ERR_PTR(-ENOMEM); 2405 2406 if (unlikely(__copy_from_user(data, buf, len))) { 2407 kfree(data); 2408 return ERR_PTR(-EFAULT); 2409 } 2410 2411 pr_vdebug("Buffer from user space:\n"); 2412 ffs_dump_mem("", data, len); 2413 2414 return data; 2415} 2416