file_storage.c revision 7ca46b862f0e30fe0dcc4a4aef5b32f6b6a3fda5
1/* 2 * file_storage.c -- File-backed USB Storage Gadget, for USB development 3 * 4 * Copyright (C) 2003-2005 Alan Stern 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions, and the following disclaimer, 12 * without modification. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The names of the above-listed copyright holders may not be used 17 * to endorse or promote products derived from this software without 18 * specific prior written permission. 19 * 20 * ALTERNATIVELY, this software may be distributed under the terms of the 21 * GNU General Public License ("GPL") as published by the Free Software 22 * Foundation, either version 2 of that License or (at your option) any 23 * later version. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 26 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 27 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 29 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 30 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 31 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 39/* 40 * The File-backed Storage Gadget acts as a USB Mass Storage device, 41 * appearing to the host as a disk drive. In addition to providing an 42 * example of a genuinely useful gadget driver for a USB device, it also 43 * illustrates a technique of double-buffering for increased throughput. 44 * Last but not least, it gives an easy way to probe the behavior of the 45 * Mass Storage drivers in a USB host. 46 * 47 * Backing storage is provided by a regular file or a block device, specified 48 * by the "file" module parameter. Access can be limited to read-only by 49 * setting the optional "ro" module parameter. The gadget will indicate that 50 * it has removable media if the optional "removable" module parameter is set. 51 * 52 * The gadget supports the Control-Bulk (CB), Control-Bulk-Interrupt (CBI), 53 * and Bulk-Only (also known as Bulk-Bulk-Bulk or BBB) transports, selected 54 * by the optional "transport" module parameter. It also supports the 55 * following protocols: RBC (0x01), ATAPI or SFF-8020i (0x02), QIC-157 (0c03), 56 * UFI (0x04), SFF-8070i (0x05), and transparent SCSI (0x06), selected by 57 * the optional "protocol" module parameter. In addition, the default 58 * Vendor ID, Product ID, and release number can be overridden. 59 * 60 * There is support for multiple logical units (LUNs), each of which has 61 * its own backing file. The number of LUNs can be set using the optional 62 * "luns" module parameter (anywhere from 1 to 8), and the corresponding 63 * files are specified using comma-separated lists for "file" and "ro". 64 * The default number of LUNs is taken from the number of "file" elements; 65 * it is 1 if "file" is not given. If "removable" is not set then a backing 66 * file must be specified for each LUN. If it is set, then an unspecified 67 * or empty backing filename means the LUN's medium is not loaded. 68 * 69 * Requirements are modest; only a bulk-in and a bulk-out endpoint are 70 * needed (an interrupt-out endpoint is also needed for CBI). The memory 71 * requirement amounts to two 16K buffers, size configurable by a parameter. 72 * Support is included for both full-speed and high-speed operation. 73 * 74 * Note that the driver is slightly non-portable in that it assumes a 75 * single memory/DMA buffer will be useable for bulk-in, bulk-out, and 76 * interrupt-in endpoints. With most device controllers this isn't an 77 * issue, but there may be some with hardware restrictions that prevent 78 * a buffer from being used by more than one endpoint. 79 * 80 * Module options: 81 * 82 * file=filename[,filename...] 83 * Required if "removable" is not set, names of 84 * the files or block devices used for 85 * backing storage 86 * ro=b[,b...] Default false, booleans for read-only access 87 * removable Default false, boolean for removable media 88 * luns=N Default N = number of filenames, number of 89 * LUNs to support 90 * stall Default determined according to the type of 91 * USB device controller (usually true), 92 * boolean to permit the driver to halt 93 * bulk endpoints 94 * transport=XXX Default BBB, transport name (CB, CBI, or BBB) 95 * protocol=YYY Default SCSI, protocol name (RBC, 8020 or 96 * ATAPI, QIC, UFI, 8070, or SCSI; 97 * also 1 - 6) 98 * vendor=0xVVVV Default 0x0525 (NetChip), USB Vendor ID 99 * product=0xPPPP Default 0xa4a5 (FSG), USB Product ID 100 * release=0xRRRR Override the USB release number (bcdDevice) 101 * buflen=N Default N=16384, buffer size used (will be 102 * rounded down to a multiple of 103 * PAGE_CACHE_SIZE) 104 * 105 * If CONFIG_USB_FILE_STORAGE_TEST is not set, only the "file", "ro", 106 * "removable", "luns", and "stall" options are available; default values 107 * are used for everything else. 108 * 109 * The pathnames of the backing files and the ro settings are available in 110 * the attribute files "file" and "ro" in the lun<n> subdirectory of the 111 * gadget's sysfs directory. If the "removable" option is set, writing to 112 * these files will simulate ejecting/loading the medium (writing an empty 113 * line means eject) and adjusting a write-enable tab. Changes to the ro 114 * setting are not allowed when the medium is loaded. 115 * 116 * This gadget driver is heavily based on "Gadget Zero" by David Brownell. 117 * The driver's SCSI command interface was based on the "Information 118 * technology - Small Computer System Interface - 2" document from 119 * X3T9.2 Project 375D, Revision 10L, 7-SEP-93, available at 120 * <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>. The single exception 121 * is opcode 0x23 (READ FORMAT CAPACITIES), which was based on the 122 * "Universal Serial Bus Mass Storage Class UFI Command Specification" 123 * document, Revision 1.0, December 14, 1998, available at 124 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>. 125 */ 126 127 128/* 129 * Driver Design 130 * 131 * The FSG driver is fairly straightforward. There is a main kernel 132 * thread that handles most of the work. Interrupt routines field 133 * callbacks from the controller driver: bulk- and interrupt-request 134 * completion notifications, endpoint-0 events, and disconnect events. 135 * Completion events are passed to the main thread by wakeup calls. Many 136 * ep0 requests are handled at interrupt time, but SetInterface, 137 * SetConfiguration, and device reset requests are forwarded to the 138 * thread in the form of "exceptions" using SIGUSR1 signals (since they 139 * should interrupt any ongoing file I/O operations). 140 * 141 * The thread's main routine implements the standard command/data/status 142 * parts of a SCSI interaction. It and its subroutines are full of tests 143 * for pending signals/exceptions -- all this polling is necessary since 144 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an 145 * indication that the driver really wants to be running in userspace.) 146 * An important point is that so long as the thread is alive it keeps an 147 * open reference to the backing file. This will prevent unmounting 148 * the backing file's underlying filesystem and could cause problems 149 * during system shutdown, for example. To prevent such problems, the 150 * thread catches INT, TERM, and KILL signals and converts them into 151 * an EXIT exception. 152 * 153 * In normal operation the main thread is started during the gadget's 154 * fsg_bind() callback and stopped during fsg_unbind(). But it can also 155 * exit when it receives a signal, and there's no point leaving the 156 * gadget running when the thread is dead. So just before the thread 157 * exits, it deregisters the gadget driver. This makes things a little 158 * tricky: The driver is deregistered at two places, and the exiting 159 * thread can indirectly call fsg_unbind() which in turn can tell the 160 * thread to exit. The first problem is resolved through the use of the 161 * REGISTERED atomic bitflag; the driver will only be deregistered once. 162 * The second problem is resolved by having fsg_unbind() check 163 * fsg->state; it won't try to stop the thread if the state is already 164 * FSG_STATE_TERMINATED. 165 * 166 * To provide maximum throughput, the driver uses a circular pipeline of 167 * buffer heads (struct fsg_buffhd). In principle the pipeline can be 168 * arbitrarily long; in practice the benefits don't justify having more 169 * than 2 stages (i.e., double buffering). But it helps to think of the 170 * pipeline as being a long one. Each buffer head contains a bulk-in and 171 * a bulk-out request pointer (since the buffer can be used for both 172 * output and input -- directions always are given from the host's 173 * point of view) as well as a pointer to the buffer and various state 174 * variables. 175 * 176 * Use of the pipeline follows a simple protocol. There is a variable 177 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use. 178 * At any time that buffer head may still be in use from an earlier 179 * request, so each buffer head has a state variable indicating whether 180 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the 181 * buffer head to be EMPTY, filling the buffer either by file I/O or by 182 * USB I/O (during which the buffer head is BUSY), and marking the buffer 183 * head FULL when the I/O is complete. Then the buffer will be emptied 184 * (again possibly by USB I/O, during which it is marked BUSY) and 185 * finally marked EMPTY again (possibly by a completion routine). 186 * 187 * A module parameter tells the driver to avoid stalling the bulk 188 * endpoints wherever the transport specification allows. This is 189 * necessary for some UDCs like the SuperH, which cannot reliably clear a 190 * halt on a bulk endpoint. However, under certain circumstances the 191 * Bulk-only specification requires a stall. In such cases the driver 192 * will halt the endpoint and set a flag indicating that it should clear 193 * the halt in software during the next device reset. Hopefully this 194 * will permit everything to work correctly. Furthermore, although the 195 * specification allows the bulk-out endpoint to halt when the host sends 196 * too much data, implementing this would cause an unavoidable race. 197 * The driver will always use the "no-stall" approach for OUT transfers. 198 * 199 * One subtle point concerns sending status-stage responses for ep0 200 * requests. Some of these requests, such as device reset, can involve 201 * interrupting an ongoing file I/O operation, which might take an 202 * arbitrarily long time. During that delay the host might give up on 203 * the original ep0 request and issue a new one. When that happens the 204 * driver should not notify the host about completion of the original 205 * request, as the host will no longer be waiting for it. So the driver 206 * assigns to each ep0 request a unique tag, and it keeps track of the 207 * tag value of the request associated with a long-running exception 208 * (device-reset, interface-change, or configuration-change). When the 209 * exception handler is finished, the status-stage response is submitted 210 * only if the current ep0 request tag is equal to the exception request 211 * tag. Thus only the most recently received ep0 request will get a 212 * status-stage response. 213 * 214 * Warning: This driver source file is too long. It ought to be split up 215 * into a header file plus about 3 separate .c files, to handle the details 216 * of the Gadget, USB Mass Storage, and SCSI protocols. 217 */ 218 219 220#undef DEBUG 221#undef VERBOSE 222#undef DUMP_MSGS 223 224 225#include <asm/system.h> 226#include <asm/uaccess.h> 227 228#include <linux/bitops.h> 229#include <linux/blkdev.h> 230#include <linux/compiler.h> 231#include <linux/completion.h> 232#include <linux/dcache.h> 233#include <linux/delay.h> 234#include <linux/device.h> 235#include <linux/fcntl.h> 236#include <linux/file.h> 237#include <linux/fs.h> 238#include <linux/init.h> 239#include <linux/kernel.h> 240#include <linux/kref.h> 241#include <linux/kthread.h> 242#include <linux/limits.h> 243#include <linux/list.h> 244#include <linux/module.h> 245#include <linux/moduleparam.h> 246#include <linux/pagemap.h> 247#include <linux/rwsem.h> 248#include <linux/sched.h> 249#include <linux/signal.h> 250#include <linux/slab.h> 251#include <linux/spinlock.h> 252#include <linux/string.h> 253#include <linux/freezer.h> 254#include <linux/utsname.h> 255 256#include <linux/usb/ch9.h> 257#include <linux/usb_gadget.h> 258 259#include "gadget_chips.h" 260 261 262/*-------------------------------------------------------------------------*/ 263 264#define DRIVER_DESC "File-backed Storage Gadget" 265#define DRIVER_NAME "g_file_storage" 266#define DRIVER_VERSION "28 November 2005" 267 268static const char longname[] = DRIVER_DESC; 269static const char shortname[] = DRIVER_NAME; 270 271MODULE_DESCRIPTION(DRIVER_DESC); 272MODULE_AUTHOR("Alan Stern"); 273MODULE_LICENSE("Dual BSD/GPL"); 274 275/* Thanks to NetChip Technologies for donating this product ID. 276 * 277 * DO NOT REUSE THESE IDs with any other driver!! Ever!! 278 * Instead: allocate your own, using normal USB-IF procedures. */ 279#define DRIVER_VENDOR_ID 0x0525 // NetChip 280#define DRIVER_PRODUCT_ID 0xa4a5 // Linux-USB File-backed Storage Gadget 281 282 283/* 284 * This driver assumes self-powered hardware and has no way for users to 285 * trigger remote wakeup. It uses autoconfiguration to select endpoints 286 * and endpoint addresses. 287 */ 288 289 290/*-------------------------------------------------------------------------*/ 291 292#define xprintk(f,level,fmt,args...) \ 293 dev_printk(level , &(f)->gadget->dev , fmt , ## args) 294#define yprintk(l,level,fmt,args...) \ 295 dev_printk(level , &(l)->dev , fmt , ## args) 296 297#ifdef DEBUG 298#define DBG(fsg,fmt,args...) \ 299 xprintk(fsg , KERN_DEBUG , fmt , ## args) 300#define LDBG(lun,fmt,args...) \ 301 yprintk(lun , KERN_DEBUG , fmt , ## args) 302#define MDBG(fmt,args...) \ 303 printk(KERN_DEBUG DRIVER_NAME ": " fmt , ## args) 304#else 305#define DBG(fsg,fmt,args...) \ 306 do { } while (0) 307#define LDBG(lun,fmt,args...) \ 308 do { } while (0) 309#define MDBG(fmt,args...) \ 310 do { } while (0) 311#undef VERBOSE 312#undef DUMP_MSGS 313#endif /* DEBUG */ 314 315#ifdef VERBOSE 316#define VDBG DBG 317#define VLDBG LDBG 318#else 319#define VDBG(fsg,fmt,args...) \ 320 do { } while (0) 321#define VLDBG(lun,fmt,args...) \ 322 do { } while (0) 323#endif /* VERBOSE */ 324 325#define ERROR(fsg,fmt,args...) \ 326 xprintk(fsg , KERN_ERR , fmt , ## args) 327#define LERROR(lun,fmt,args...) \ 328 yprintk(lun , KERN_ERR , fmt , ## args) 329 330#define WARN(fsg,fmt,args...) \ 331 xprintk(fsg , KERN_WARNING , fmt , ## args) 332#define LWARN(lun,fmt,args...) \ 333 yprintk(lun , KERN_WARNING , fmt , ## args) 334 335#define INFO(fsg,fmt,args...) \ 336 xprintk(fsg , KERN_INFO , fmt , ## args) 337#define LINFO(lun,fmt,args...) \ 338 yprintk(lun , KERN_INFO , fmt , ## args) 339 340#define MINFO(fmt,args...) \ 341 printk(KERN_INFO DRIVER_NAME ": " fmt , ## args) 342 343 344/*-------------------------------------------------------------------------*/ 345 346/* Encapsulate the module parameter settings */ 347 348#define MAX_LUNS 8 349 350static struct { 351 char *file[MAX_LUNS]; 352 int ro[MAX_LUNS]; 353 int num_filenames; 354 int num_ros; 355 unsigned int nluns; 356 357 int removable; 358 int can_stall; 359 360 char *transport_parm; 361 char *protocol_parm; 362 unsigned short vendor; 363 unsigned short product; 364 unsigned short release; 365 unsigned int buflen; 366 367 int transport_type; 368 char *transport_name; 369 int protocol_type; 370 char *protocol_name; 371 372} mod_data = { // Default values 373 .transport_parm = "BBB", 374 .protocol_parm = "SCSI", 375 .removable = 0, 376 .can_stall = 1, 377 .vendor = DRIVER_VENDOR_ID, 378 .product = DRIVER_PRODUCT_ID, 379 .release = 0xffff, // Use controller chip type 380 .buflen = 16384, 381 }; 382 383 384module_param_array_named(file, mod_data.file, charp, &mod_data.num_filenames, 385 S_IRUGO); 386MODULE_PARM_DESC(file, "names of backing files or devices"); 387 388module_param_array_named(ro, mod_data.ro, bool, &mod_data.num_ros, S_IRUGO); 389MODULE_PARM_DESC(ro, "true to force read-only"); 390 391module_param_named(luns, mod_data.nluns, uint, S_IRUGO); 392MODULE_PARM_DESC(luns, "number of LUNs"); 393 394module_param_named(removable, mod_data.removable, bool, S_IRUGO); 395MODULE_PARM_DESC(removable, "true to simulate removable media"); 396 397module_param_named(stall, mod_data.can_stall, bool, S_IRUGO); 398MODULE_PARM_DESC(stall, "false to prevent bulk stalls"); 399 400 401/* In the non-TEST version, only the module parameters listed above 402 * are available. */ 403#ifdef CONFIG_USB_FILE_STORAGE_TEST 404 405module_param_named(transport, mod_data.transport_parm, charp, S_IRUGO); 406MODULE_PARM_DESC(transport, "type of transport (BBB, CBI, or CB)"); 407 408module_param_named(protocol, mod_data.protocol_parm, charp, S_IRUGO); 409MODULE_PARM_DESC(protocol, "type of protocol (RBC, 8020, QIC, UFI, " 410 "8070, or SCSI)"); 411 412module_param_named(vendor, mod_data.vendor, ushort, S_IRUGO); 413MODULE_PARM_DESC(vendor, "USB Vendor ID"); 414 415module_param_named(product, mod_data.product, ushort, S_IRUGO); 416MODULE_PARM_DESC(product, "USB Product ID"); 417 418module_param_named(release, mod_data.release, ushort, S_IRUGO); 419MODULE_PARM_DESC(release, "USB release number"); 420 421module_param_named(buflen, mod_data.buflen, uint, S_IRUGO); 422MODULE_PARM_DESC(buflen, "I/O buffer size"); 423 424#endif /* CONFIG_USB_FILE_STORAGE_TEST */ 425 426 427/*-------------------------------------------------------------------------*/ 428 429/* USB protocol value = the transport method */ 430#define USB_PR_CBI 0x00 // Control/Bulk/Interrupt 431#define USB_PR_CB 0x01 // Control/Bulk w/o interrupt 432#define USB_PR_BULK 0x50 // Bulk-only 433 434/* USB subclass value = the protocol encapsulation */ 435#define USB_SC_RBC 0x01 // Reduced Block Commands (flash) 436#define USB_SC_8020 0x02 // SFF-8020i, MMC-2, ATAPI (CD-ROM) 437#define USB_SC_QIC 0x03 // QIC-157 (tape) 438#define USB_SC_UFI 0x04 // UFI (floppy) 439#define USB_SC_8070 0x05 // SFF-8070i (removable) 440#define USB_SC_SCSI 0x06 // Transparent SCSI 441 442/* Bulk-only data structures */ 443 444/* Command Block Wrapper */ 445struct bulk_cb_wrap { 446 __le32 Signature; // Contains 'USBC' 447 u32 Tag; // Unique per command id 448 __le32 DataTransferLength; // Size of the data 449 u8 Flags; // Direction in bit 7 450 u8 Lun; // LUN (normally 0) 451 u8 Length; // Of the CDB, <= MAX_COMMAND_SIZE 452 u8 CDB[16]; // Command Data Block 453}; 454 455#define USB_BULK_CB_WRAP_LEN 31 456#define USB_BULK_CB_SIG 0x43425355 // Spells out USBC 457#define USB_BULK_IN_FLAG 0x80 458 459/* Command Status Wrapper */ 460struct bulk_cs_wrap { 461 __le32 Signature; // Should = 'USBS' 462 u32 Tag; // Same as original command 463 __le32 Residue; // Amount not transferred 464 u8 Status; // See below 465}; 466 467#define USB_BULK_CS_WRAP_LEN 13 468#define USB_BULK_CS_SIG 0x53425355 // Spells out 'USBS' 469#define USB_STATUS_PASS 0 470#define USB_STATUS_FAIL 1 471#define USB_STATUS_PHASE_ERROR 2 472 473/* Bulk-only class specific requests */ 474#define USB_BULK_RESET_REQUEST 0xff 475#define USB_BULK_GET_MAX_LUN_REQUEST 0xfe 476 477 478/* CBI Interrupt data structure */ 479struct interrupt_data { 480 u8 bType; 481 u8 bValue; 482}; 483 484#define CBI_INTERRUPT_DATA_LEN 2 485 486/* CBI Accept Device-Specific Command request */ 487#define USB_CBI_ADSC_REQUEST 0x00 488 489 490#define MAX_COMMAND_SIZE 16 // Length of a SCSI Command Data Block 491 492/* SCSI commands that we recognize */ 493#define SC_FORMAT_UNIT 0x04 494#define SC_INQUIRY 0x12 495#define SC_MODE_SELECT_6 0x15 496#define SC_MODE_SELECT_10 0x55 497#define SC_MODE_SENSE_6 0x1a 498#define SC_MODE_SENSE_10 0x5a 499#define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e 500#define SC_READ_6 0x08 501#define SC_READ_10 0x28 502#define SC_READ_12 0xa8 503#define SC_READ_CAPACITY 0x25 504#define SC_READ_FORMAT_CAPACITIES 0x23 505#define SC_RELEASE 0x17 506#define SC_REQUEST_SENSE 0x03 507#define SC_RESERVE 0x16 508#define SC_SEND_DIAGNOSTIC 0x1d 509#define SC_START_STOP_UNIT 0x1b 510#define SC_SYNCHRONIZE_CACHE 0x35 511#define SC_TEST_UNIT_READY 0x00 512#define SC_VERIFY 0x2f 513#define SC_WRITE_6 0x0a 514#define SC_WRITE_10 0x2a 515#define SC_WRITE_12 0xaa 516 517/* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */ 518#define SS_NO_SENSE 0 519#define SS_COMMUNICATION_FAILURE 0x040800 520#define SS_INVALID_COMMAND 0x052000 521#define SS_INVALID_FIELD_IN_CDB 0x052400 522#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100 523#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500 524#define SS_MEDIUM_NOT_PRESENT 0x023a00 525#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302 526#define SS_NOT_READY_TO_READY_TRANSITION 0x062800 527#define SS_RESET_OCCURRED 0x062900 528#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900 529#define SS_UNRECOVERED_READ_ERROR 0x031100 530#define SS_WRITE_ERROR 0x030c02 531#define SS_WRITE_PROTECTED 0x072700 532 533#define SK(x) ((u8) ((x) >> 16)) // Sense Key byte, etc. 534#define ASC(x) ((u8) ((x) >> 8)) 535#define ASCQ(x) ((u8) (x)) 536 537 538/*-------------------------------------------------------------------------*/ 539 540/* 541 * These definitions will permit the compiler to avoid generating code for 542 * parts of the driver that aren't used in the non-TEST version. Even gcc 543 * can recognize when a test of a constant expression yields a dead code 544 * path. 545 */ 546 547#ifdef CONFIG_USB_FILE_STORAGE_TEST 548 549#define transport_is_bbb() (mod_data.transport_type == USB_PR_BULK) 550#define transport_is_cbi() (mod_data.transport_type == USB_PR_CBI) 551#define protocol_is_scsi() (mod_data.protocol_type == USB_SC_SCSI) 552 553#else 554 555#define transport_is_bbb() 1 556#define transport_is_cbi() 0 557#define protocol_is_scsi() 1 558 559#endif /* CONFIG_USB_FILE_STORAGE_TEST */ 560 561 562struct lun { 563 struct file *filp; 564 loff_t file_length; 565 loff_t num_sectors; 566 567 unsigned int ro : 1; 568 unsigned int prevent_medium_removal : 1; 569 unsigned int registered : 1; 570 unsigned int info_valid : 1; 571 572 u32 sense_data; 573 u32 sense_data_info; 574 u32 unit_attention_data; 575 576 struct device dev; 577}; 578 579#define backing_file_is_open(curlun) ((curlun)->filp != NULL) 580 581static inline struct lun *dev_to_lun(struct device *dev) 582{ 583 return container_of(dev, struct lun, dev); 584} 585 586 587/* Big enough to hold our biggest descriptor */ 588#define EP0_BUFSIZE 256 589#define DELAYED_STATUS (EP0_BUFSIZE + 999) // An impossibly large value 590 591/* Number of buffers we will use. 2 is enough for double-buffering */ 592#define NUM_BUFFERS 2 593 594enum fsg_buffer_state { 595 BUF_STATE_EMPTY = 0, 596 BUF_STATE_FULL, 597 BUF_STATE_BUSY 598}; 599 600struct fsg_buffhd { 601 void *buf; 602 dma_addr_t dma; 603 enum fsg_buffer_state state; 604 struct fsg_buffhd *next; 605 606 /* The NetChip 2280 is faster, and handles some protocol faults 607 * better, if we don't submit any short bulk-out read requests. 608 * So we will record the intended request length here. */ 609 unsigned int bulk_out_intended_length; 610 611 struct usb_request *inreq; 612 int inreq_busy; 613 struct usb_request *outreq; 614 int outreq_busy; 615}; 616 617enum fsg_state { 618 FSG_STATE_COMMAND_PHASE = -10, // This one isn't used anywhere 619 FSG_STATE_DATA_PHASE, 620 FSG_STATE_STATUS_PHASE, 621 622 FSG_STATE_IDLE = 0, 623 FSG_STATE_ABORT_BULK_OUT, 624 FSG_STATE_RESET, 625 FSG_STATE_INTERFACE_CHANGE, 626 FSG_STATE_CONFIG_CHANGE, 627 FSG_STATE_DISCONNECT, 628 FSG_STATE_EXIT, 629 FSG_STATE_TERMINATED 630}; 631 632enum data_direction { 633 DATA_DIR_UNKNOWN = 0, 634 DATA_DIR_FROM_HOST, 635 DATA_DIR_TO_HOST, 636 DATA_DIR_NONE 637}; 638 639struct fsg_dev { 640 /* lock protects: state, all the req_busy's, and cbbuf_cmnd */ 641 spinlock_t lock; 642 struct usb_gadget *gadget; 643 644 /* filesem protects: backing files in use */ 645 struct rw_semaphore filesem; 646 647 /* reference counting: wait until all LUNs are released */ 648 struct kref ref; 649 650 struct usb_ep *ep0; // Handy copy of gadget->ep0 651 struct usb_request *ep0req; // For control responses 652 unsigned int ep0_req_tag; 653 const char *ep0req_name; 654 655 struct usb_request *intreq; // For interrupt responses 656 int intreq_busy; 657 struct fsg_buffhd *intr_buffhd; 658 659 unsigned int bulk_out_maxpacket; 660 enum fsg_state state; // For exception handling 661 unsigned int exception_req_tag; 662 663 u8 config, new_config; 664 665 unsigned int running : 1; 666 unsigned int bulk_in_enabled : 1; 667 unsigned int bulk_out_enabled : 1; 668 unsigned int intr_in_enabled : 1; 669 unsigned int phase_error : 1; 670 unsigned int short_packet_received : 1; 671 unsigned int bad_lun_okay : 1; 672 673 unsigned long atomic_bitflags; 674#define REGISTERED 0 675#define CLEAR_BULK_HALTS 1 676#define SUSPENDED 2 677 678 struct usb_ep *bulk_in; 679 struct usb_ep *bulk_out; 680 struct usb_ep *intr_in; 681 682 struct fsg_buffhd *next_buffhd_to_fill; 683 struct fsg_buffhd *next_buffhd_to_drain; 684 struct fsg_buffhd buffhds[NUM_BUFFERS]; 685 686 int thread_wakeup_needed; 687 struct completion thread_notifier; 688 struct task_struct *thread_task; 689 sigset_t thread_signal_mask; 690 691 int cmnd_size; 692 u8 cmnd[MAX_COMMAND_SIZE]; 693 enum data_direction data_dir; 694 u32 data_size; 695 u32 data_size_from_cmnd; 696 u32 tag; 697 unsigned int lun; 698 u32 residue; 699 u32 usb_amount_left; 700 701 /* The CB protocol offers no way for a host to know when a command 702 * has completed. As a result the next command may arrive early, 703 * and we will still have to handle it. For that reason we need 704 * a buffer to store new commands when using CB (or CBI, which 705 * does not oblige a host to wait for command completion either). */ 706 int cbbuf_cmnd_size; 707 u8 cbbuf_cmnd[MAX_COMMAND_SIZE]; 708 709 unsigned int nluns; 710 struct lun *luns; 711 struct lun *curlun; 712}; 713 714typedef void (*fsg_routine_t)(struct fsg_dev *); 715 716static int inline exception_in_progress(struct fsg_dev *fsg) 717{ 718 return (fsg->state > FSG_STATE_IDLE); 719} 720 721/* Make bulk-out requests be divisible by the maxpacket size */ 722static void inline set_bulk_out_req_length(struct fsg_dev *fsg, 723 struct fsg_buffhd *bh, unsigned int length) 724{ 725 unsigned int rem; 726 727 bh->bulk_out_intended_length = length; 728 rem = length % fsg->bulk_out_maxpacket; 729 if (rem > 0) 730 length += fsg->bulk_out_maxpacket - rem; 731 bh->outreq->length = length; 732} 733 734static struct fsg_dev *the_fsg; 735static struct usb_gadget_driver fsg_driver; 736 737static void close_backing_file(struct lun *curlun); 738static void close_all_backing_files(struct fsg_dev *fsg); 739 740 741/*-------------------------------------------------------------------------*/ 742 743#ifdef DUMP_MSGS 744 745static void dump_msg(struct fsg_dev *fsg, const char *label, 746 const u8 *buf, unsigned int length) 747{ 748 unsigned int start, num, i; 749 char line[52], *p; 750 751 if (length >= 512) 752 return; 753 DBG(fsg, "%s, length %u:\n", label, length); 754 755 start = 0; 756 while (length > 0) { 757 num = min(length, 16u); 758 p = line; 759 for (i = 0; i < num; ++i) { 760 if (i == 8) 761 *p++ = ' '; 762 sprintf(p, " %02x", buf[i]); 763 p += 3; 764 } 765 *p = 0; 766 printk(KERN_DEBUG "%6x: %s\n", start, line); 767 buf += num; 768 start += num; 769 length -= num; 770 } 771} 772 773static void inline dump_cdb(struct fsg_dev *fsg) 774{} 775 776#else 777 778static void inline dump_msg(struct fsg_dev *fsg, const char *label, 779 const u8 *buf, unsigned int length) 780{} 781 782static void inline dump_cdb(struct fsg_dev *fsg) 783{ 784 int i; 785 char cmdbuf[3*MAX_COMMAND_SIZE + 1]; 786 787 for (i = 0; i < fsg->cmnd_size; ++i) 788 sprintf(cmdbuf + i*3, " %02x", fsg->cmnd[i]); 789 VDBG(fsg, "SCSI CDB: %s\n", cmdbuf); 790} 791 792#endif /* DUMP_MSGS */ 793 794 795static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep) 796{ 797 const char *name; 798 799 if (ep == fsg->bulk_in) 800 name = "bulk-in"; 801 else if (ep == fsg->bulk_out) 802 name = "bulk-out"; 803 else 804 name = ep->name; 805 DBG(fsg, "%s set halt\n", name); 806 return usb_ep_set_halt(ep); 807} 808 809 810/*-------------------------------------------------------------------------*/ 811 812/* Routines for unaligned data access */ 813 814static u16 inline get_be16(u8 *buf) 815{ 816 return ((u16) buf[0] << 8) | ((u16) buf[1]); 817} 818 819static u32 inline get_be32(u8 *buf) 820{ 821 return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | 822 ((u32) buf[2] << 8) | ((u32) buf[3]); 823} 824 825static void inline put_be16(u8 *buf, u16 val) 826{ 827 buf[0] = val >> 8; 828 buf[1] = val; 829} 830 831static void inline put_be32(u8 *buf, u32 val) 832{ 833 buf[0] = val >> 24; 834 buf[1] = val >> 16; 835 buf[2] = val >> 8; 836 buf[3] = val & 0xff; 837} 838 839 840/*-------------------------------------------------------------------------*/ 841 842/* 843 * DESCRIPTORS ... most are static, but strings and (full) configuration 844 * descriptors are built on demand. Also the (static) config and interface 845 * descriptors are adjusted during fsg_bind(). 846 */ 847#define STRING_MANUFACTURER 1 848#define STRING_PRODUCT 2 849#define STRING_SERIAL 3 850#define STRING_CONFIG 4 851#define STRING_INTERFACE 5 852 853/* There is only one configuration. */ 854#define CONFIG_VALUE 1 855 856static struct usb_device_descriptor 857device_desc = { 858 .bLength = sizeof device_desc, 859 .bDescriptorType = USB_DT_DEVICE, 860 861 .bcdUSB = __constant_cpu_to_le16(0x0200), 862 .bDeviceClass = USB_CLASS_PER_INTERFACE, 863 864 /* The next three values can be overridden by module parameters */ 865 .idVendor = __constant_cpu_to_le16(DRIVER_VENDOR_ID), 866 .idProduct = __constant_cpu_to_le16(DRIVER_PRODUCT_ID), 867 .bcdDevice = __constant_cpu_to_le16(0xffff), 868 869 .iManufacturer = STRING_MANUFACTURER, 870 .iProduct = STRING_PRODUCT, 871 .iSerialNumber = STRING_SERIAL, 872 .bNumConfigurations = 1, 873}; 874 875static struct usb_config_descriptor 876config_desc = { 877 .bLength = sizeof config_desc, 878 .bDescriptorType = USB_DT_CONFIG, 879 880 /* wTotalLength computed by usb_gadget_config_buf() */ 881 .bNumInterfaces = 1, 882 .bConfigurationValue = CONFIG_VALUE, 883 .iConfiguration = STRING_CONFIG, 884 .bmAttributes = USB_CONFIG_ATT_ONE | USB_CONFIG_ATT_SELFPOWER, 885 .bMaxPower = 1, // self-powered 886}; 887 888static struct usb_otg_descriptor 889otg_desc = { 890 .bLength = sizeof(otg_desc), 891 .bDescriptorType = USB_DT_OTG, 892 893 .bmAttributes = USB_OTG_SRP, 894}; 895 896/* There is only one interface. */ 897 898static struct usb_interface_descriptor 899intf_desc = { 900 .bLength = sizeof intf_desc, 901 .bDescriptorType = USB_DT_INTERFACE, 902 903 .bNumEndpoints = 2, // Adjusted during fsg_bind() 904 .bInterfaceClass = USB_CLASS_MASS_STORAGE, 905 .bInterfaceSubClass = USB_SC_SCSI, // Adjusted during fsg_bind() 906 .bInterfaceProtocol = USB_PR_BULK, // Adjusted during fsg_bind() 907 .iInterface = STRING_INTERFACE, 908}; 909 910/* Three full-speed endpoint descriptors: bulk-in, bulk-out, 911 * and interrupt-in. */ 912 913static struct usb_endpoint_descriptor 914fs_bulk_in_desc = { 915 .bLength = USB_DT_ENDPOINT_SIZE, 916 .bDescriptorType = USB_DT_ENDPOINT, 917 918 .bEndpointAddress = USB_DIR_IN, 919 .bmAttributes = USB_ENDPOINT_XFER_BULK, 920 /* wMaxPacketSize set by autoconfiguration */ 921}; 922 923static struct usb_endpoint_descriptor 924fs_bulk_out_desc = { 925 .bLength = USB_DT_ENDPOINT_SIZE, 926 .bDescriptorType = USB_DT_ENDPOINT, 927 928 .bEndpointAddress = USB_DIR_OUT, 929 .bmAttributes = USB_ENDPOINT_XFER_BULK, 930 /* wMaxPacketSize set by autoconfiguration */ 931}; 932 933static struct usb_endpoint_descriptor 934fs_intr_in_desc = { 935 .bLength = USB_DT_ENDPOINT_SIZE, 936 .bDescriptorType = USB_DT_ENDPOINT, 937 938 .bEndpointAddress = USB_DIR_IN, 939 .bmAttributes = USB_ENDPOINT_XFER_INT, 940 .wMaxPacketSize = __constant_cpu_to_le16(2), 941 .bInterval = 32, // frames -> 32 ms 942}; 943 944static const struct usb_descriptor_header *fs_function[] = { 945 (struct usb_descriptor_header *) &otg_desc, 946 (struct usb_descriptor_header *) &intf_desc, 947 (struct usb_descriptor_header *) &fs_bulk_in_desc, 948 (struct usb_descriptor_header *) &fs_bulk_out_desc, 949 (struct usb_descriptor_header *) &fs_intr_in_desc, 950 NULL, 951}; 952#define FS_FUNCTION_PRE_EP_ENTRIES 2 953 954 955#ifdef CONFIG_USB_GADGET_DUALSPEED 956 957/* 958 * USB 2.0 devices need to expose both high speed and full speed 959 * descriptors, unless they only run at full speed. 960 * 961 * That means alternate endpoint descriptors (bigger packets) 962 * and a "device qualifier" ... plus more construction options 963 * for the config descriptor. 964 */ 965static struct usb_qualifier_descriptor 966dev_qualifier = { 967 .bLength = sizeof dev_qualifier, 968 .bDescriptorType = USB_DT_DEVICE_QUALIFIER, 969 970 .bcdUSB = __constant_cpu_to_le16(0x0200), 971 .bDeviceClass = USB_CLASS_PER_INTERFACE, 972 973 .bNumConfigurations = 1, 974}; 975 976static struct usb_endpoint_descriptor 977hs_bulk_in_desc = { 978 .bLength = USB_DT_ENDPOINT_SIZE, 979 .bDescriptorType = USB_DT_ENDPOINT, 980 981 /* bEndpointAddress copied from fs_bulk_in_desc during fsg_bind() */ 982 .bmAttributes = USB_ENDPOINT_XFER_BULK, 983 .wMaxPacketSize = __constant_cpu_to_le16(512), 984}; 985 986static struct usb_endpoint_descriptor 987hs_bulk_out_desc = { 988 .bLength = USB_DT_ENDPOINT_SIZE, 989 .bDescriptorType = USB_DT_ENDPOINT, 990 991 /* bEndpointAddress copied from fs_bulk_out_desc during fsg_bind() */ 992 .bmAttributes = USB_ENDPOINT_XFER_BULK, 993 .wMaxPacketSize = __constant_cpu_to_le16(512), 994 .bInterval = 1, // NAK every 1 uframe 995}; 996 997static struct usb_endpoint_descriptor 998hs_intr_in_desc = { 999 .bLength = USB_DT_ENDPOINT_SIZE, 1000 .bDescriptorType = USB_DT_ENDPOINT, 1001 1002 /* bEndpointAddress copied from fs_intr_in_desc during fsg_bind() */ 1003 .bmAttributes = USB_ENDPOINT_XFER_INT, 1004 .wMaxPacketSize = __constant_cpu_to_le16(2), 1005 .bInterval = 9, // 2**(9-1) = 256 uframes -> 32 ms 1006}; 1007 1008static const struct usb_descriptor_header *hs_function[] = { 1009 (struct usb_descriptor_header *) &otg_desc, 1010 (struct usb_descriptor_header *) &intf_desc, 1011 (struct usb_descriptor_header *) &hs_bulk_in_desc, 1012 (struct usb_descriptor_header *) &hs_bulk_out_desc, 1013 (struct usb_descriptor_header *) &hs_intr_in_desc, 1014 NULL, 1015}; 1016#define HS_FUNCTION_PRE_EP_ENTRIES 2 1017 1018/* Maxpacket and other transfer characteristics vary by speed. */ 1019#define ep_desc(g,fs,hs) (((g)->speed==USB_SPEED_HIGH) ? (hs) : (fs)) 1020 1021#else 1022 1023/* If there's no high speed support, always use the full-speed descriptor. */ 1024#define ep_desc(g,fs,hs) fs 1025 1026#endif /* !CONFIG_USB_GADGET_DUALSPEED */ 1027 1028 1029/* The CBI specification limits the serial string to 12 uppercase hexadecimal 1030 * characters. */ 1031static char manufacturer[64]; 1032static char serial[13]; 1033 1034/* Static strings, in UTF-8 (for simplicity we use only ASCII characters) */ 1035static struct usb_string strings[] = { 1036 {STRING_MANUFACTURER, manufacturer}, 1037 {STRING_PRODUCT, longname}, 1038 {STRING_SERIAL, serial}, 1039 {STRING_CONFIG, "Self-powered"}, 1040 {STRING_INTERFACE, "Mass Storage"}, 1041 {} 1042}; 1043 1044static struct usb_gadget_strings stringtab = { 1045 .language = 0x0409, // en-us 1046 .strings = strings, 1047}; 1048 1049 1050/* 1051 * Config descriptors must agree with the code that sets configurations 1052 * and with code managing interfaces and their altsettings. They must 1053 * also handle different speeds and other-speed requests. 1054 */ 1055static int populate_config_buf(struct usb_gadget *gadget, 1056 u8 *buf, u8 type, unsigned index) 1057{ 1058#ifdef CONFIG_USB_GADGET_DUALSPEED 1059 enum usb_device_speed speed = gadget->speed; 1060#endif 1061 int len; 1062 const struct usb_descriptor_header **function; 1063 1064 if (index > 0) 1065 return -EINVAL; 1066 1067#ifdef CONFIG_USB_GADGET_DUALSPEED 1068 if (type == USB_DT_OTHER_SPEED_CONFIG) 1069 speed = (USB_SPEED_FULL + USB_SPEED_HIGH) - speed; 1070 if (speed == USB_SPEED_HIGH) 1071 function = hs_function; 1072 else 1073#endif 1074 function = fs_function; 1075 1076 /* for now, don't advertise srp-only devices */ 1077 if (!gadget->is_otg) 1078 function++; 1079 1080 len = usb_gadget_config_buf(&config_desc, buf, EP0_BUFSIZE, function); 1081 ((struct usb_config_descriptor *) buf)->bDescriptorType = type; 1082 return len; 1083} 1084 1085 1086/*-------------------------------------------------------------------------*/ 1087 1088/* These routines may be called in process context or in_irq */ 1089 1090/* Caller must hold fsg->lock */ 1091static void wakeup_thread(struct fsg_dev *fsg) 1092{ 1093 /* Tell the main thread that something has happened */ 1094 fsg->thread_wakeup_needed = 1; 1095 if (fsg->thread_task) 1096 wake_up_process(fsg->thread_task); 1097} 1098 1099 1100static void raise_exception(struct fsg_dev *fsg, enum fsg_state new_state) 1101{ 1102 unsigned long flags; 1103 1104 /* Do nothing if a higher-priority exception is already in progress. 1105 * If a lower-or-equal priority exception is in progress, preempt it 1106 * and notify the main thread by sending it a signal. */ 1107 spin_lock_irqsave(&fsg->lock, flags); 1108 if (fsg->state <= new_state) { 1109 fsg->exception_req_tag = fsg->ep0_req_tag; 1110 fsg->state = new_state; 1111 if (fsg->thread_task) 1112 send_sig_info(SIGUSR1, SEND_SIG_FORCED, 1113 fsg->thread_task); 1114 } 1115 spin_unlock_irqrestore(&fsg->lock, flags); 1116} 1117 1118 1119/*-------------------------------------------------------------------------*/ 1120 1121/* The disconnect callback and ep0 routines. These always run in_irq, 1122 * except that ep0_queue() is called in the main thread to acknowledge 1123 * completion of various requests: set config, set interface, and 1124 * Bulk-only device reset. */ 1125 1126static void fsg_disconnect(struct usb_gadget *gadget) 1127{ 1128 struct fsg_dev *fsg = get_gadget_data(gadget); 1129 1130 DBG(fsg, "disconnect or port reset\n"); 1131 raise_exception(fsg, FSG_STATE_DISCONNECT); 1132} 1133 1134 1135static int ep0_queue(struct fsg_dev *fsg) 1136{ 1137 int rc; 1138 1139 rc = usb_ep_queue(fsg->ep0, fsg->ep0req, GFP_ATOMIC); 1140 if (rc != 0 && rc != -ESHUTDOWN) { 1141 1142 /* We can't do much more than wait for a reset */ 1143 WARN(fsg, "error in submission: %s --> %d\n", 1144 fsg->ep0->name, rc); 1145 } 1146 return rc; 1147} 1148 1149static void ep0_complete(struct usb_ep *ep, struct usb_request *req) 1150{ 1151 struct fsg_dev *fsg = ep->driver_data; 1152 1153 if (req->actual > 0) 1154 dump_msg(fsg, fsg->ep0req_name, req->buf, req->actual); 1155 if (req->status || req->actual != req->length) 1156 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1157 req->status, req->actual, req->length); 1158 if (req->status == -ECONNRESET) // Request was cancelled 1159 usb_ep_fifo_flush(ep); 1160 1161 if (req->status == 0 && req->context) 1162 ((fsg_routine_t) (req->context))(fsg); 1163} 1164 1165 1166/*-------------------------------------------------------------------------*/ 1167 1168/* Bulk and interrupt endpoint completion handlers. 1169 * These always run in_irq. */ 1170 1171static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req) 1172{ 1173 struct fsg_dev *fsg = ep->driver_data; 1174 struct fsg_buffhd *bh = req->context; 1175 1176 if (req->status || req->actual != req->length) 1177 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1178 req->status, req->actual, req->length); 1179 if (req->status == -ECONNRESET) // Request was cancelled 1180 usb_ep_fifo_flush(ep); 1181 1182 /* Hold the lock while we update the request and buffer states */ 1183 smp_wmb(); 1184 spin_lock(&fsg->lock); 1185 bh->inreq_busy = 0; 1186 bh->state = BUF_STATE_EMPTY; 1187 wakeup_thread(fsg); 1188 spin_unlock(&fsg->lock); 1189} 1190 1191static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req) 1192{ 1193 struct fsg_dev *fsg = ep->driver_data; 1194 struct fsg_buffhd *bh = req->context; 1195 1196 dump_msg(fsg, "bulk-out", req->buf, req->actual); 1197 if (req->status || req->actual != bh->bulk_out_intended_length) 1198 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1199 req->status, req->actual, 1200 bh->bulk_out_intended_length); 1201 if (req->status == -ECONNRESET) // Request was cancelled 1202 usb_ep_fifo_flush(ep); 1203 1204 /* Hold the lock while we update the request and buffer states */ 1205 smp_wmb(); 1206 spin_lock(&fsg->lock); 1207 bh->outreq_busy = 0; 1208 bh->state = BUF_STATE_FULL; 1209 wakeup_thread(fsg); 1210 spin_unlock(&fsg->lock); 1211} 1212 1213 1214#ifdef CONFIG_USB_FILE_STORAGE_TEST 1215static void intr_in_complete(struct usb_ep *ep, struct usb_request *req) 1216{ 1217 struct fsg_dev *fsg = ep->driver_data; 1218 struct fsg_buffhd *bh = req->context; 1219 1220 if (req->status || req->actual != req->length) 1221 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1222 req->status, req->actual, req->length); 1223 if (req->status == -ECONNRESET) // Request was cancelled 1224 usb_ep_fifo_flush(ep); 1225 1226 /* Hold the lock while we update the request and buffer states */ 1227 smp_wmb(); 1228 spin_lock(&fsg->lock); 1229 fsg->intreq_busy = 0; 1230 bh->state = BUF_STATE_EMPTY; 1231 wakeup_thread(fsg); 1232 spin_unlock(&fsg->lock); 1233} 1234 1235#else 1236static void intr_in_complete(struct usb_ep *ep, struct usb_request *req) 1237{} 1238#endif /* CONFIG_USB_FILE_STORAGE_TEST */ 1239 1240 1241/*-------------------------------------------------------------------------*/ 1242 1243/* Ep0 class-specific handlers. These always run in_irq. */ 1244 1245#ifdef CONFIG_USB_FILE_STORAGE_TEST 1246static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh) 1247{ 1248 struct usb_request *req = fsg->ep0req; 1249 static u8 cbi_reset_cmnd[6] = { 1250 SC_SEND_DIAGNOSTIC, 4, 0xff, 0xff, 0xff, 0xff}; 1251 1252 /* Error in command transfer? */ 1253 if (req->status || req->length != req->actual || 1254 req->actual < 6 || req->actual > MAX_COMMAND_SIZE) { 1255 1256 /* Not all controllers allow a protocol stall after 1257 * receiving control-out data, but we'll try anyway. */ 1258 fsg_set_halt(fsg, fsg->ep0); 1259 return; // Wait for reset 1260 } 1261 1262 /* Is it the special reset command? */ 1263 if (req->actual >= sizeof cbi_reset_cmnd && 1264 memcmp(req->buf, cbi_reset_cmnd, 1265 sizeof cbi_reset_cmnd) == 0) { 1266 1267 /* Raise an exception to stop the current operation 1268 * and reinitialize our state. */ 1269 DBG(fsg, "cbi reset request\n"); 1270 raise_exception(fsg, FSG_STATE_RESET); 1271 return; 1272 } 1273 1274 VDBG(fsg, "CB[I] accept device-specific command\n"); 1275 spin_lock(&fsg->lock); 1276 1277 /* Save the command for later */ 1278 if (fsg->cbbuf_cmnd_size) 1279 WARN(fsg, "CB[I] overwriting previous command\n"); 1280 fsg->cbbuf_cmnd_size = req->actual; 1281 memcpy(fsg->cbbuf_cmnd, req->buf, fsg->cbbuf_cmnd_size); 1282 1283 wakeup_thread(fsg); 1284 spin_unlock(&fsg->lock); 1285} 1286 1287#else 1288static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh) 1289{} 1290#endif /* CONFIG_USB_FILE_STORAGE_TEST */ 1291 1292 1293static int class_setup_req(struct fsg_dev *fsg, 1294 const struct usb_ctrlrequest *ctrl) 1295{ 1296 struct usb_request *req = fsg->ep0req; 1297 int value = -EOPNOTSUPP; 1298 u16 w_index = le16_to_cpu(ctrl->wIndex); 1299 u16 w_length = le16_to_cpu(ctrl->wLength); 1300 1301 if (!fsg->config) 1302 return value; 1303 1304 /* Handle Bulk-only class-specific requests */ 1305 if (transport_is_bbb()) { 1306 switch (ctrl->bRequest) { 1307 1308 case USB_BULK_RESET_REQUEST: 1309 if (ctrl->bRequestType != (USB_DIR_OUT | 1310 USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 1311 break; 1312 if (w_index != 0) { 1313 value = -EDOM; 1314 break; 1315 } 1316 1317 /* Raise an exception to stop the current operation 1318 * and reinitialize our state. */ 1319 DBG(fsg, "bulk reset request\n"); 1320 raise_exception(fsg, FSG_STATE_RESET); 1321 value = DELAYED_STATUS; 1322 break; 1323 1324 case USB_BULK_GET_MAX_LUN_REQUEST: 1325 if (ctrl->bRequestType != (USB_DIR_IN | 1326 USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 1327 break; 1328 if (w_index != 0) { 1329 value = -EDOM; 1330 break; 1331 } 1332 VDBG(fsg, "get max LUN\n"); 1333 *(u8 *) req->buf = fsg->nluns - 1; 1334 value = 1; 1335 break; 1336 } 1337 } 1338 1339 /* Handle CBI class-specific requests */ 1340 else { 1341 switch (ctrl->bRequest) { 1342 1343 case USB_CBI_ADSC_REQUEST: 1344 if (ctrl->bRequestType != (USB_DIR_OUT | 1345 USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 1346 break; 1347 if (w_index != 0) { 1348 value = -EDOM; 1349 break; 1350 } 1351 if (w_length > MAX_COMMAND_SIZE) { 1352 value = -EOVERFLOW; 1353 break; 1354 } 1355 value = w_length; 1356 fsg->ep0req->context = received_cbi_adsc; 1357 break; 1358 } 1359 } 1360 1361 if (value == -EOPNOTSUPP) 1362 VDBG(fsg, 1363 "unknown class-specific control req " 1364 "%02x.%02x v%04x i%04x l%u\n", 1365 ctrl->bRequestType, ctrl->bRequest, 1366 le16_to_cpu(ctrl->wValue), w_index, w_length); 1367 return value; 1368} 1369 1370 1371/*-------------------------------------------------------------------------*/ 1372 1373/* Ep0 standard request handlers. These always run in_irq. */ 1374 1375static int standard_setup_req(struct fsg_dev *fsg, 1376 const struct usb_ctrlrequest *ctrl) 1377{ 1378 struct usb_request *req = fsg->ep0req; 1379 int value = -EOPNOTSUPP; 1380 u16 w_index = le16_to_cpu(ctrl->wIndex); 1381 u16 w_value = le16_to_cpu(ctrl->wValue); 1382 1383 /* Usually this just stores reply data in the pre-allocated ep0 buffer, 1384 * but config change events will also reconfigure hardware. */ 1385 switch (ctrl->bRequest) { 1386 1387 case USB_REQ_GET_DESCRIPTOR: 1388 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD | 1389 USB_RECIP_DEVICE)) 1390 break; 1391 switch (w_value >> 8) { 1392 1393 case USB_DT_DEVICE: 1394 VDBG(fsg, "get device descriptor\n"); 1395 value = sizeof device_desc; 1396 memcpy(req->buf, &device_desc, value); 1397 break; 1398#ifdef CONFIG_USB_GADGET_DUALSPEED 1399 case USB_DT_DEVICE_QUALIFIER: 1400 VDBG(fsg, "get device qualifier\n"); 1401 if (!fsg->gadget->is_dualspeed) 1402 break; 1403 value = sizeof dev_qualifier; 1404 memcpy(req->buf, &dev_qualifier, value); 1405 break; 1406 1407 case USB_DT_OTHER_SPEED_CONFIG: 1408 VDBG(fsg, "get other-speed config descriptor\n"); 1409 if (!fsg->gadget->is_dualspeed) 1410 break; 1411 goto get_config; 1412#endif 1413 case USB_DT_CONFIG: 1414 VDBG(fsg, "get configuration descriptor\n"); 1415#ifdef CONFIG_USB_GADGET_DUALSPEED 1416 get_config: 1417#endif 1418 value = populate_config_buf(fsg->gadget, 1419 req->buf, 1420 w_value >> 8, 1421 w_value & 0xff); 1422 break; 1423 1424 case USB_DT_STRING: 1425 VDBG(fsg, "get string descriptor\n"); 1426 1427 /* wIndex == language code */ 1428 value = usb_gadget_get_string(&stringtab, 1429 w_value & 0xff, req->buf); 1430 break; 1431 } 1432 break; 1433 1434 /* One config, two speeds */ 1435 case USB_REQ_SET_CONFIGURATION: 1436 if (ctrl->bRequestType != (USB_DIR_OUT | USB_TYPE_STANDARD | 1437 USB_RECIP_DEVICE)) 1438 break; 1439 VDBG(fsg, "set configuration\n"); 1440 if (w_value == CONFIG_VALUE || w_value == 0) { 1441 fsg->new_config = w_value; 1442 1443 /* Raise an exception to wipe out previous transaction 1444 * state (queued bufs, etc) and set the new config. */ 1445 raise_exception(fsg, FSG_STATE_CONFIG_CHANGE); 1446 value = DELAYED_STATUS; 1447 } 1448 break; 1449 case USB_REQ_GET_CONFIGURATION: 1450 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD | 1451 USB_RECIP_DEVICE)) 1452 break; 1453 VDBG(fsg, "get configuration\n"); 1454 *(u8 *) req->buf = fsg->config; 1455 value = 1; 1456 break; 1457 1458 case USB_REQ_SET_INTERFACE: 1459 if (ctrl->bRequestType != (USB_DIR_OUT| USB_TYPE_STANDARD | 1460 USB_RECIP_INTERFACE)) 1461 break; 1462 if (fsg->config && w_index == 0) { 1463 1464 /* Raise an exception to wipe out previous transaction 1465 * state (queued bufs, etc) and install the new 1466 * interface altsetting. */ 1467 raise_exception(fsg, FSG_STATE_INTERFACE_CHANGE); 1468 value = DELAYED_STATUS; 1469 } 1470 break; 1471 case USB_REQ_GET_INTERFACE: 1472 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD | 1473 USB_RECIP_INTERFACE)) 1474 break; 1475 if (!fsg->config) 1476 break; 1477 if (w_index != 0) { 1478 value = -EDOM; 1479 break; 1480 } 1481 VDBG(fsg, "get interface\n"); 1482 *(u8 *) req->buf = 0; 1483 value = 1; 1484 break; 1485 1486 default: 1487 VDBG(fsg, 1488 "unknown control req %02x.%02x v%04x i%04x l%u\n", 1489 ctrl->bRequestType, ctrl->bRequest, 1490 w_value, w_index, le16_to_cpu(ctrl->wLength)); 1491 } 1492 1493 return value; 1494} 1495 1496 1497static int fsg_setup(struct usb_gadget *gadget, 1498 const struct usb_ctrlrequest *ctrl) 1499{ 1500 struct fsg_dev *fsg = get_gadget_data(gadget); 1501 int rc; 1502 int w_length = le16_to_cpu(ctrl->wLength); 1503 1504 ++fsg->ep0_req_tag; // Record arrival of a new request 1505 fsg->ep0req->context = NULL; 1506 fsg->ep0req->length = 0; 1507 dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl)); 1508 1509 if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS) 1510 rc = class_setup_req(fsg, ctrl); 1511 else 1512 rc = standard_setup_req(fsg, ctrl); 1513 1514 /* Respond with data/status or defer until later? */ 1515 if (rc >= 0 && rc != DELAYED_STATUS) { 1516 rc = min(rc, w_length); 1517 fsg->ep0req->length = rc; 1518 fsg->ep0req->zero = rc < w_length; 1519 fsg->ep0req_name = (ctrl->bRequestType & USB_DIR_IN ? 1520 "ep0-in" : "ep0-out"); 1521 rc = ep0_queue(fsg); 1522 } 1523 1524 /* Device either stalls (rc < 0) or reports success */ 1525 return rc; 1526} 1527 1528 1529/*-------------------------------------------------------------------------*/ 1530 1531/* All the following routines run in process context */ 1532 1533 1534/* Use this for bulk or interrupt transfers, not ep0 */ 1535static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep, 1536 struct usb_request *req, int *pbusy, 1537 enum fsg_buffer_state *state) 1538{ 1539 int rc; 1540 1541 if (ep == fsg->bulk_in) 1542 dump_msg(fsg, "bulk-in", req->buf, req->length); 1543 else if (ep == fsg->intr_in) 1544 dump_msg(fsg, "intr-in", req->buf, req->length); 1545 1546 spin_lock_irq(&fsg->lock); 1547 *pbusy = 1; 1548 *state = BUF_STATE_BUSY; 1549 spin_unlock_irq(&fsg->lock); 1550 rc = usb_ep_queue(ep, req, GFP_KERNEL); 1551 if (rc != 0) { 1552 *pbusy = 0; 1553 *state = BUF_STATE_EMPTY; 1554 1555 /* We can't do much more than wait for a reset */ 1556 1557 /* Note: currently the net2280 driver fails zero-length 1558 * submissions if DMA is enabled. */ 1559 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP && 1560 req->length == 0)) 1561 WARN(fsg, "error in submission: %s --> %d\n", 1562 ep->name, rc); 1563 } 1564} 1565 1566 1567static int sleep_thread(struct fsg_dev *fsg) 1568{ 1569 int rc = 0; 1570 1571 /* Wait until a signal arrives or we are woken up */ 1572 for (;;) { 1573 try_to_freeze(); 1574 set_current_state(TASK_INTERRUPTIBLE); 1575 if (signal_pending(current)) { 1576 rc = -EINTR; 1577 break; 1578 } 1579 if (fsg->thread_wakeup_needed) 1580 break; 1581 schedule(); 1582 } 1583 __set_current_state(TASK_RUNNING); 1584 fsg->thread_wakeup_needed = 0; 1585 return rc; 1586} 1587 1588 1589/*-------------------------------------------------------------------------*/ 1590 1591static int do_read(struct fsg_dev *fsg) 1592{ 1593 struct lun *curlun = fsg->curlun; 1594 u32 lba; 1595 struct fsg_buffhd *bh; 1596 int rc; 1597 u32 amount_left; 1598 loff_t file_offset, file_offset_tmp; 1599 unsigned int amount; 1600 unsigned int partial_page; 1601 ssize_t nread; 1602 1603 /* Get the starting Logical Block Address and check that it's 1604 * not too big */ 1605 if (fsg->cmnd[0] == SC_READ_6) 1606 lba = (fsg->cmnd[1] << 16) | get_be16(&fsg->cmnd[2]); 1607 else { 1608 lba = get_be32(&fsg->cmnd[2]); 1609 1610 /* We allow DPO (Disable Page Out = don't save data in the 1611 * cache) and FUA (Force Unit Access = don't read from the 1612 * cache), but we don't implement them. */ 1613 if ((fsg->cmnd[1] & ~0x18) != 0) { 1614 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1615 return -EINVAL; 1616 } 1617 } 1618 if (lba >= curlun->num_sectors) { 1619 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1620 return -EINVAL; 1621 } 1622 file_offset = ((loff_t) lba) << 9; 1623 1624 /* Carry out the file reads */ 1625 amount_left = fsg->data_size_from_cmnd; 1626 if (unlikely(amount_left == 0)) 1627 return -EIO; // No default reply 1628 1629 for (;;) { 1630 1631 /* Figure out how much we need to read: 1632 * Try to read the remaining amount. 1633 * But don't read more than the buffer size. 1634 * And don't try to read past the end of the file. 1635 * Finally, if we're not at a page boundary, don't read past 1636 * the next page. 1637 * If this means reading 0 then we were asked to read past 1638 * the end of file. */ 1639 amount = min((unsigned int) amount_left, mod_data.buflen); 1640 amount = min((loff_t) amount, 1641 curlun->file_length - file_offset); 1642 partial_page = file_offset & (PAGE_CACHE_SIZE - 1); 1643 if (partial_page > 0) 1644 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE - 1645 partial_page); 1646 1647 /* Wait for the next buffer to become available */ 1648 bh = fsg->next_buffhd_to_fill; 1649 while (bh->state != BUF_STATE_EMPTY) { 1650 if ((rc = sleep_thread(fsg)) != 0) 1651 return rc; 1652 } 1653 1654 /* If we were asked to read past the end of file, 1655 * end with an empty buffer. */ 1656 if (amount == 0) { 1657 curlun->sense_data = 1658 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1659 curlun->sense_data_info = file_offset >> 9; 1660 curlun->info_valid = 1; 1661 bh->inreq->length = 0; 1662 bh->state = BUF_STATE_FULL; 1663 break; 1664 } 1665 1666 /* Perform the read */ 1667 file_offset_tmp = file_offset; 1668 nread = vfs_read(curlun->filp, 1669 (char __user *) bh->buf, 1670 amount, &file_offset_tmp); 1671 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 1672 (unsigned long long) file_offset, 1673 (int) nread); 1674 if (signal_pending(current)) 1675 return -EINTR; 1676 1677 if (nread < 0) { 1678 LDBG(curlun, "error in file read: %d\n", 1679 (int) nread); 1680 nread = 0; 1681 } else if (nread < amount) { 1682 LDBG(curlun, "partial file read: %d/%u\n", 1683 (int) nread, amount); 1684 nread -= (nread & 511); // Round down to a block 1685 } 1686 file_offset += nread; 1687 amount_left -= nread; 1688 fsg->residue -= nread; 1689 bh->inreq->length = nread; 1690 bh->state = BUF_STATE_FULL; 1691 1692 /* If an error occurred, report it and its position */ 1693 if (nread < amount) { 1694 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 1695 curlun->sense_data_info = file_offset >> 9; 1696 curlun->info_valid = 1; 1697 break; 1698 } 1699 1700 if (amount_left == 0) 1701 break; // No more left to read 1702 1703 /* Send this buffer and go read some more */ 1704 bh->inreq->zero = 0; 1705 start_transfer(fsg, fsg->bulk_in, bh->inreq, 1706 &bh->inreq_busy, &bh->state); 1707 fsg->next_buffhd_to_fill = bh->next; 1708 } 1709 1710 return -EIO; // No default reply 1711} 1712 1713 1714/*-------------------------------------------------------------------------*/ 1715 1716static int do_write(struct fsg_dev *fsg) 1717{ 1718 struct lun *curlun = fsg->curlun; 1719 u32 lba; 1720 struct fsg_buffhd *bh; 1721 int get_some_more; 1722 u32 amount_left_to_req, amount_left_to_write; 1723 loff_t usb_offset, file_offset, file_offset_tmp; 1724 unsigned int amount; 1725 unsigned int partial_page; 1726 ssize_t nwritten; 1727 int rc; 1728 1729 if (curlun->ro) { 1730 curlun->sense_data = SS_WRITE_PROTECTED; 1731 return -EINVAL; 1732 } 1733 curlun->filp->f_flags &= ~O_SYNC; // Default is not to wait 1734 1735 /* Get the starting Logical Block Address and check that it's 1736 * not too big */ 1737 if (fsg->cmnd[0] == SC_WRITE_6) 1738 lba = (fsg->cmnd[1] << 16) | get_be16(&fsg->cmnd[2]); 1739 else { 1740 lba = get_be32(&fsg->cmnd[2]); 1741 1742 /* We allow DPO (Disable Page Out = don't save data in the 1743 * cache) and FUA (Force Unit Access = write directly to the 1744 * medium). We don't implement DPO; we implement FUA by 1745 * performing synchronous output. */ 1746 if ((fsg->cmnd[1] & ~0x18) != 0) { 1747 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1748 return -EINVAL; 1749 } 1750 if (fsg->cmnd[1] & 0x08) // FUA 1751 curlun->filp->f_flags |= O_SYNC; 1752 } 1753 if (lba >= curlun->num_sectors) { 1754 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1755 return -EINVAL; 1756 } 1757 1758 /* Carry out the file writes */ 1759 get_some_more = 1; 1760 file_offset = usb_offset = ((loff_t) lba) << 9; 1761 amount_left_to_req = amount_left_to_write = fsg->data_size_from_cmnd; 1762 1763 while (amount_left_to_write > 0) { 1764 1765 /* Queue a request for more data from the host */ 1766 bh = fsg->next_buffhd_to_fill; 1767 if (bh->state == BUF_STATE_EMPTY && get_some_more) { 1768 1769 /* Figure out how much we want to get: 1770 * Try to get the remaining amount. 1771 * But don't get more than the buffer size. 1772 * And don't try to go past the end of the file. 1773 * If we're not at a page boundary, 1774 * don't go past the next page. 1775 * If this means getting 0, then we were asked 1776 * to write past the end of file. 1777 * Finally, round down to a block boundary. */ 1778 amount = min(amount_left_to_req, mod_data.buflen); 1779 amount = min((loff_t) amount, curlun->file_length - 1780 usb_offset); 1781 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1); 1782 if (partial_page > 0) 1783 amount = min(amount, 1784 (unsigned int) PAGE_CACHE_SIZE - partial_page); 1785 1786 if (amount == 0) { 1787 get_some_more = 0; 1788 curlun->sense_data = 1789 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1790 curlun->sense_data_info = usb_offset >> 9; 1791 curlun->info_valid = 1; 1792 continue; 1793 } 1794 amount -= (amount & 511); 1795 if (amount == 0) { 1796 1797 /* Why were we were asked to transfer a 1798 * partial block? */ 1799 get_some_more = 0; 1800 continue; 1801 } 1802 1803 /* Get the next buffer */ 1804 usb_offset += amount; 1805 fsg->usb_amount_left -= amount; 1806 amount_left_to_req -= amount; 1807 if (amount_left_to_req == 0) 1808 get_some_more = 0; 1809 1810 /* amount is always divisible by 512, hence by 1811 * the bulk-out maxpacket size */ 1812 bh->outreq->length = bh->bulk_out_intended_length = 1813 amount; 1814 bh->outreq->short_not_ok = 1; 1815 start_transfer(fsg, fsg->bulk_out, bh->outreq, 1816 &bh->outreq_busy, &bh->state); 1817 fsg->next_buffhd_to_fill = bh->next; 1818 continue; 1819 } 1820 1821 /* Write the received data to the backing file */ 1822 bh = fsg->next_buffhd_to_drain; 1823 if (bh->state == BUF_STATE_EMPTY && !get_some_more) 1824 break; // We stopped early 1825 if (bh->state == BUF_STATE_FULL) { 1826 smp_rmb(); 1827 fsg->next_buffhd_to_drain = bh->next; 1828 bh->state = BUF_STATE_EMPTY; 1829 1830 /* Did something go wrong with the transfer? */ 1831 if (bh->outreq->status != 0) { 1832 curlun->sense_data = SS_COMMUNICATION_FAILURE; 1833 curlun->sense_data_info = file_offset >> 9; 1834 curlun->info_valid = 1; 1835 break; 1836 } 1837 1838 amount = bh->outreq->actual; 1839 if (curlun->file_length - file_offset < amount) { 1840 LERROR(curlun, 1841 "write %u @ %llu beyond end %llu\n", 1842 amount, (unsigned long long) file_offset, 1843 (unsigned long long) curlun->file_length); 1844 amount = curlun->file_length - file_offset; 1845 } 1846 1847 /* Perform the write */ 1848 file_offset_tmp = file_offset; 1849 nwritten = vfs_write(curlun->filp, 1850 (char __user *) bh->buf, 1851 amount, &file_offset_tmp); 1852 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount, 1853 (unsigned long long) file_offset, 1854 (int) nwritten); 1855 if (signal_pending(current)) 1856 return -EINTR; // Interrupted! 1857 1858 if (nwritten < 0) { 1859 LDBG(curlun, "error in file write: %d\n", 1860 (int) nwritten); 1861 nwritten = 0; 1862 } else if (nwritten < amount) { 1863 LDBG(curlun, "partial file write: %d/%u\n", 1864 (int) nwritten, amount); 1865 nwritten -= (nwritten & 511); 1866 // Round down to a block 1867 } 1868 file_offset += nwritten; 1869 amount_left_to_write -= nwritten; 1870 fsg->residue -= nwritten; 1871 1872 /* If an error occurred, report it and its position */ 1873 if (nwritten < amount) { 1874 curlun->sense_data = SS_WRITE_ERROR; 1875 curlun->sense_data_info = file_offset >> 9; 1876 curlun->info_valid = 1; 1877 break; 1878 } 1879 1880 /* Did the host decide to stop early? */ 1881 if (bh->outreq->actual != bh->outreq->length) { 1882 fsg->short_packet_received = 1; 1883 break; 1884 } 1885 continue; 1886 } 1887 1888 /* Wait for something to happen */ 1889 if ((rc = sleep_thread(fsg)) != 0) 1890 return rc; 1891 } 1892 1893 return -EIO; // No default reply 1894} 1895 1896 1897/*-------------------------------------------------------------------------*/ 1898 1899/* Sync the file data, don't bother with the metadata. 1900 * This code was copied from fs/buffer.c:sys_fdatasync(). */ 1901static int fsync_sub(struct lun *curlun) 1902{ 1903 struct file *filp = curlun->filp; 1904 struct inode *inode; 1905 int rc, err; 1906 1907 if (curlun->ro || !filp) 1908 return 0; 1909 if (!filp->f_op->fsync) 1910 return -EINVAL; 1911 1912 inode = filp->f_path.dentry->d_inode; 1913 mutex_lock(&inode->i_mutex); 1914 rc = filemap_fdatawrite(inode->i_mapping); 1915 err = filp->f_op->fsync(filp, filp->f_path.dentry, 1); 1916 if (!rc) 1917 rc = err; 1918 err = filemap_fdatawait(inode->i_mapping); 1919 if (!rc) 1920 rc = err; 1921 mutex_unlock(&inode->i_mutex); 1922 VLDBG(curlun, "fdatasync -> %d\n", rc); 1923 return rc; 1924} 1925 1926static void fsync_all(struct fsg_dev *fsg) 1927{ 1928 int i; 1929 1930 for (i = 0; i < fsg->nluns; ++i) 1931 fsync_sub(&fsg->luns[i]); 1932} 1933 1934static int do_synchronize_cache(struct fsg_dev *fsg) 1935{ 1936 struct lun *curlun = fsg->curlun; 1937 int rc; 1938 1939 /* We ignore the requested LBA and write out all file's 1940 * dirty data buffers. */ 1941 rc = fsync_sub(curlun); 1942 if (rc) 1943 curlun->sense_data = SS_WRITE_ERROR; 1944 return 0; 1945} 1946 1947 1948/*-------------------------------------------------------------------------*/ 1949 1950static void invalidate_sub(struct lun *curlun) 1951{ 1952 struct file *filp = curlun->filp; 1953 struct inode *inode = filp->f_path.dentry->d_inode; 1954 unsigned long rc; 1955 1956 rc = invalidate_inode_pages(inode->i_mapping); 1957 VLDBG(curlun, "invalidate_inode_pages -> %ld\n", rc); 1958} 1959 1960static int do_verify(struct fsg_dev *fsg) 1961{ 1962 struct lun *curlun = fsg->curlun; 1963 u32 lba; 1964 u32 verification_length; 1965 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill; 1966 loff_t file_offset, file_offset_tmp; 1967 u32 amount_left; 1968 unsigned int amount; 1969 ssize_t nread; 1970 1971 /* Get the starting Logical Block Address and check that it's 1972 * not too big */ 1973 lba = get_be32(&fsg->cmnd[2]); 1974 if (lba >= curlun->num_sectors) { 1975 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1976 return -EINVAL; 1977 } 1978 1979 /* We allow DPO (Disable Page Out = don't save data in the 1980 * cache) but we don't implement it. */ 1981 if ((fsg->cmnd[1] & ~0x10) != 0) { 1982 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1983 return -EINVAL; 1984 } 1985 1986 verification_length = get_be16(&fsg->cmnd[7]); 1987 if (unlikely(verification_length == 0)) 1988 return -EIO; // No default reply 1989 1990 /* Prepare to carry out the file verify */ 1991 amount_left = verification_length << 9; 1992 file_offset = ((loff_t) lba) << 9; 1993 1994 /* Write out all the dirty buffers before invalidating them */ 1995 fsync_sub(curlun); 1996 if (signal_pending(current)) 1997 return -EINTR; 1998 1999 invalidate_sub(curlun); 2000 if (signal_pending(current)) 2001 return -EINTR; 2002 2003 /* Just try to read the requested blocks */ 2004 while (amount_left > 0) { 2005 2006 /* Figure out how much we need to read: 2007 * Try to read the remaining amount, but not more than 2008 * the buffer size. 2009 * And don't try to read past the end of the file. 2010 * If this means reading 0 then we were asked to read 2011 * past the end of file. */ 2012 amount = min((unsigned int) amount_left, mod_data.buflen); 2013 amount = min((loff_t) amount, 2014 curlun->file_length - file_offset); 2015 if (amount == 0) { 2016 curlun->sense_data = 2017 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 2018 curlun->sense_data_info = file_offset >> 9; 2019 curlun->info_valid = 1; 2020 break; 2021 } 2022 2023 /* Perform the read */ 2024 file_offset_tmp = file_offset; 2025 nread = vfs_read(curlun->filp, 2026 (char __user *) bh->buf, 2027 amount, &file_offset_tmp); 2028 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 2029 (unsigned long long) file_offset, 2030 (int) nread); 2031 if (signal_pending(current)) 2032 return -EINTR; 2033 2034 if (nread < 0) { 2035 LDBG(curlun, "error in file verify: %d\n", 2036 (int) nread); 2037 nread = 0; 2038 } else if (nread < amount) { 2039 LDBG(curlun, "partial file verify: %d/%u\n", 2040 (int) nread, amount); 2041 nread -= (nread & 511); // Round down to a sector 2042 } 2043 if (nread == 0) { 2044 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 2045 curlun->sense_data_info = file_offset >> 9; 2046 curlun->info_valid = 1; 2047 break; 2048 } 2049 file_offset += nread; 2050 amount_left -= nread; 2051 } 2052 return 0; 2053} 2054 2055 2056/*-------------------------------------------------------------------------*/ 2057 2058static int do_inquiry(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2059{ 2060 u8 *buf = (u8 *) bh->buf; 2061 2062 static char vendor_id[] = "Linux "; 2063 static char product_id[] = "File-Stor Gadget"; 2064 2065 if (!fsg->curlun) { // Unsupported LUNs are okay 2066 fsg->bad_lun_okay = 1; 2067 memset(buf, 0, 36); 2068 buf[0] = 0x7f; // Unsupported, no device-type 2069 return 36; 2070 } 2071 2072 memset(buf, 0, 8); // Non-removable, direct-access device 2073 if (mod_data.removable) 2074 buf[1] = 0x80; 2075 buf[2] = 2; // ANSI SCSI level 2 2076 buf[3] = 2; // SCSI-2 INQUIRY data format 2077 buf[4] = 31; // Additional length 2078 // No special options 2079 sprintf(buf + 8, "%-8s%-16s%04x", vendor_id, product_id, 2080 mod_data.release); 2081 return 36; 2082} 2083 2084 2085static int do_request_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2086{ 2087 struct lun *curlun = fsg->curlun; 2088 u8 *buf = (u8 *) bh->buf; 2089 u32 sd, sdinfo; 2090 int valid; 2091 2092 /* 2093 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 2094 * 2095 * If a REQUEST SENSE command is received from an initiator 2096 * with a pending unit attention condition (before the target 2097 * generates the contingent allegiance condition), then the 2098 * target shall either: 2099 * a) report any pending sense data and preserve the unit 2100 * attention condition on the logical unit, or, 2101 * b) report the unit attention condition, may discard any 2102 * pending sense data, and clear the unit attention 2103 * condition on the logical unit for that initiator. 2104 * 2105 * FSG normally uses option a); enable this code to use option b). 2106 */ 2107#if 0 2108 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) { 2109 curlun->sense_data = curlun->unit_attention_data; 2110 curlun->unit_attention_data = SS_NO_SENSE; 2111 } 2112#endif 2113 2114 if (!curlun) { // Unsupported LUNs are okay 2115 fsg->bad_lun_okay = 1; 2116 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 2117 sdinfo = 0; 2118 valid = 0; 2119 } else { 2120 sd = curlun->sense_data; 2121 sdinfo = curlun->sense_data_info; 2122 valid = curlun->info_valid << 7; 2123 curlun->sense_data = SS_NO_SENSE; 2124 curlun->sense_data_info = 0; 2125 curlun->info_valid = 0; 2126 } 2127 2128 memset(buf, 0, 18); 2129 buf[0] = valid | 0x70; // Valid, current error 2130 buf[2] = SK(sd); 2131 put_be32(&buf[3], sdinfo); // Sense information 2132 buf[7] = 18 - 8; // Additional sense length 2133 buf[12] = ASC(sd); 2134 buf[13] = ASCQ(sd); 2135 return 18; 2136} 2137 2138 2139static int do_read_capacity(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2140{ 2141 struct lun *curlun = fsg->curlun; 2142 u32 lba = get_be32(&fsg->cmnd[2]); 2143 int pmi = fsg->cmnd[8]; 2144 u8 *buf = (u8 *) bh->buf; 2145 2146 /* Check the PMI and LBA fields */ 2147 if (pmi > 1 || (pmi == 0 && lba != 0)) { 2148 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2149 return -EINVAL; 2150 } 2151 2152 put_be32(&buf[0], curlun->num_sectors - 1); // Max logical block 2153 put_be32(&buf[4], 512); // Block length 2154 return 8; 2155} 2156 2157 2158static int do_mode_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2159{ 2160 struct lun *curlun = fsg->curlun; 2161 int mscmnd = fsg->cmnd[0]; 2162 u8 *buf = (u8 *) bh->buf; 2163 u8 *buf0 = buf; 2164 int pc, page_code; 2165 int changeable_values, all_pages; 2166 int valid_page = 0; 2167 int len, limit; 2168 2169 if ((fsg->cmnd[1] & ~0x08) != 0) { // Mask away DBD 2170 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2171 return -EINVAL; 2172 } 2173 pc = fsg->cmnd[2] >> 6; 2174 page_code = fsg->cmnd[2] & 0x3f; 2175 if (pc == 3) { 2176 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 2177 return -EINVAL; 2178 } 2179 changeable_values = (pc == 1); 2180 all_pages = (page_code == 0x3f); 2181 2182 /* Write the mode parameter header. Fixed values are: default 2183 * medium type, no cache control (DPOFUA), and no block descriptors. 2184 * The only variable value is the WriteProtect bit. We will fill in 2185 * the mode data length later. */ 2186 memset(buf, 0, 8); 2187 if (mscmnd == SC_MODE_SENSE_6) { 2188 buf[2] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA 2189 buf += 4; 2190 limit = 255; 2191 } else { // SC_MODE_SENSE_10 2192 buf[3] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA 2193 buf += 8; 2194 limit = 65535; // Should really be mod_data.buflen 2195 } 2196 2197 /* No block descriptors */ 2198 2199 /* The mode pages, in numerical order. The only page we support 2200 * is the Caching page. */ 2201 if (page_code == 0x08 || all_pages) { 2202 valid_page = 1; 2203 buf[0] = 0x08; // Page code 2204 buf[1] = 10; // Page length 2205 memset(buf+2, 0, 10); // None of the fields are changeable 2206 2207 if (!changeable_values) { 2208 buf[2] = 0x04; // Write cache enable, 2209 // Read cache not disabled 2210 // No cache retention priorities 2211 put_be16(&buf[4], 0xffff); // Don't disable prefetch 2212 // Minimum prefetch = 0 2213 put_be16(&buf[8], 0xffff); // Maximum prefetch 2214 put_be16(&buf[10], 0xffff); // Maximum prefetch ceiling 2215 } 2216 buf += 12; 2217 } 2218 2219 /* Check that a valid page was requested and the mode data length 2220 * isn't too long. */ 2221 len = buf - buf0; 2222 if (!valid_page || len > limit) { 2223 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2224 return -EINVAL; 2225 } 2226 2227 /* Store the mode data length */ 2228 if (mscmnd == SC_MODE_SENSE_6) 2229 buf0[0] = len - 1; 2230 else 2231 put_be16(buf0, len - 2); 2232 return len; 2233} 2234 2235 2236static int do_start_stop(struct fsg_dev *fsg) 2237{ 2238 struct lun *curlun = fsg->curlun; 2239 int loej, start; 2240 2241 if (!mod_data.removable) { 2242 curlun->sense_data = SS_INVALID_COMMAND; 2243 return -EINVAL; 2244 } 2245 2246 // int immed = fsg->cmnd[1] & 0x01; 2247 loej = fsg->cmnd[4] & 0x02; 2248 start = fsg->cmnd[4] & 0x01; 2249 2250#ifdef CONFIG_USB_FILE_STORAGE_TEST 2251 if ((fsg->cmnd[1] & ~0x01) != 0 || // Mask away Immed 2252 (fsg->cmnd[4] & ~0x03) != 0) { // Mask LoEj, Start 2253 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2254 return -EINVAL; 2255 } 2256 2257 if (!start) { 2258 2259 /* Are we allowed to unload the media? */ 2260 if (curlun->prevent_medium_removal) { 2261 LDBG(curlun, "unload attempt prevented\n"); 2262 curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED; 2263 return -EINVAL; 2264 } 2265 if (loej) { // Simulate an unload/eject 2266 up_read(&fsg->filesem); 2267 down_write(&fsg->filesem); 2268 close_backing_file(curlun); 2269 up_write(&fsg->filesem); 2270 down_read(&fsg->filesem); 2271 } 2272 } else { 2273 2274 /* Our emulation doesn't support mounting; the medium is 2275 * available for use as soon as it is loaded. */ 2276 if (!backing_file_is_open(curlun)) { 2277 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 2278 return -EINVAL; 2279 } 2280 } 2281#endif 2282 return 0; 2283} 2284 2285 2286static int do_prevent_allow(struct fsg_dev *fsg) 2287{ 2288 struct lun *curlun = fsg->curlun; 2289 int prevent; 2290 2291 if (!mod_data.removable) { 2292 curlun->sense_data = SS_INVALID_COMMAND; 2293 return -EINVAL; 2294 } 2295 2296 prevent = fsg->cmnd[4] & 0x01; 2297 if ((fsg->cmnd[4] & ~0x01) != 0) { // Mask away Prevent 2298 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2299 return -EINVAL; 2300 } 2301 2302 if (curlun->prevent_medium_removal && !prevent) 2303 fsync_sub(curlun); 2304 curlun->prevent_medium_removal = prevent; 2305 return 0; 2306} 2307 2308 2309static int do_read_format_capacities(struct fsg_dev *fsg, 2310 struct fsg_buffhd *bh) 2311{ 2312 struct lun *curlun = fsg->curlun; 2313 u8 *buf = (u8 *) bh->buf; 2314 2315 buf[0] = buf[1] = buf[2] = 0; 2316 buf[3] = 8; // Only the Current/Maximum Capacity Descriptor 2317 buf += 4; 2318 2319 put_be32(&buf[0], curlun->num_sectors); // Number of blocks 2320 put_be32(&buf[4], 512); // Block length 2321 buf[4] = 0x02; // Current capacity 2322 return 12; 2323} 2324 2325 2326static int do_mode_select(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2327{ 2328 struct lun *curlun = fsg->curlun; 2329 2330 /* We don't support MODE SELECT */ 2331 curlun->sense_data = SS_INVALID_COMMAND; 2332 return -EINVAL; 2333} 2334 2335 2336/*-------------------------------------------------------------------------*/ 2337 2338static int halt_bulk_in_endpoint(struct fsg_dev *fsg) 2339{ 2340 int rc; 2341 2342 rc = fsg_set_halt(fsg, fsg->bulk_in); 2343 if (rc == -EAGAIN) 2344 VDBG(fsg, "delayed bulk-in endpoint halt\n"); 2345 while (rc != 0) { 2346 if (rc != -EAGAIN) { 2347 WARN(fsg, "usb_ep_set_halt -> %d\n", rc); 2348 rc = 0; 2349 break; 2350 } 2351 2352 /* Wait for a short time and then try again */ 2353 if (msleep_interruptible(100) != 0) 2354 return -EINTR; 2355 rc = usb_ep_set_halt(fsg->bulk_in); 2356 } 2357 return rc; 2358} 2359 2360static int pad_with_zeros(struct fsg_dev *fsg) 2361{ 2362 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill; 2363 u32 nkeep = bh->inreq->length; 2364 u32 nsend; 2365 int rc; 2366 2367 bh->state = BUF_STATE_EMPTY; // For the first iteration 2368 fsg->usb_amount_left = nkeep + fsg->residue; 2369 while (fsg->usb_amount_left > 0) { 2370 2371 /* Wait for the next buffer to be free */ 2372 while (bh->state != BUF_STATE_EMPTY) { 2373 if ((rc = sleep_thread(fsg)) != 0) 2374 return rc; 2375 } 2376 2377 nsend = min(fsg->usb_amount_left, (u32) mod_data.buflen); 2378 memset(bh->buf + nkeep, 0, nsend - nkeep); 2379 bh->inreq->length = nsend; 2380 bh->inreq->zero = 0; 2381 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2382 &bh->inreq_busy, &bh->state); 2383 bh = fsg->next_buffhd_to_fill = bh->next; 2384 fsg->usb_amount_left -= nsend; 2385 nkeep = 0; 2386 } 2387 return 0; 2388} 2389 2390static int throw_away_data(struct fsg_dev *fsg) 2391{ 2392 struct fsg_buffhd *bh; 2393 u32 amount; 2394 int rc; 2395 2396 while ((bh = fsg->next_buffhd_to_drain)->state != BUF_STATE_EMPTY || 2397 fsg->usb_amount_left > 0) { 2398 2399 /* Throw away the data in a filled buffer */ 2400 if (bh->state == BUF_STATE_FULL) { 2401 smp_rmb(); 2402 bh->state = BUF_STATE_EMPTY; 2403 fsg->next_buffhd_to_drain = bh->next; 2404 2405 /* A short packet or an error ends everything */ 2406 if (bh->outreq->actual != bh->outreq->length || 2407 bh->outreq->status != 0) { 2408 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT); 2409 return -EINTR; 2410 } 2411 continue; 2412 } 2413 2414 /* Try to submit another request if we need one */ 2415 bh = fsg->next_buffhd_to_fill; 2416 if (bh->state == BUF_STATE_EMPTY && fsg->usb_amount_left > 0) { 2417 amount = min(fsg->usb_amount_left, 2418 (u32) mod_data.buflen); 2419 2420 /* amount is always divisible by 512, hence by 2421 * the bulk-out maxpacket size */ 2422 bh->outreq->length = bh->bulk_out_intended_length = 2423 amount; 2424 bh->outreq->short_not_ok = 1; 2425 start_transfer(fsg, fsg->bulk_out, bh->outreq, 2426 &bh->outreq_busy, &bh->state); 2427 fsg->next_buffhd_to_fill = bh->next; 2428 fsg->usb_amount_left -= amount; 2429 continue; 2430 } 2431 2432 /* Otherwise wait for something to happen */ 2433 if ((rc = sleep_thread(fsg)) != 0) 2434 return rc; 2435 } 2436 return 0; 2437} 2438 2439 2440static int finish_reply(struct fsg_dev *fsg) 2441{ 2442 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill; 2443 int rc = 0; 2444 2445 switch (fsg->data_dir) { 2446 case DATA_DIR_NONE: 2447 break; // Nothing to send 2448 2449 /* If we don't know whether the host wants to read or write, 2450 * this must be CB or CBI with an unknown command. We mustn't 2451 * try to send or receive any data. So stall both bulk pipes 2452 * if we can and wait for a reset. */ 2453 case DATA_DIR_UNKNOWN: 2454 if (mod_data.can_stall) { 2455 fsg_set_halt(fsg, fsg->bulk_out); 2456 rc = halt_bulk_in_endpoint(fsg); 2457 } 2458 break; 2459 2460 /* All but the last buffer of data must have already been sent */ 2461 case DATA_DIR_TO_HOST: 2462 if (fsg->data_size == 0) 2463 ; // Nothing to send 2464 2465 /* If there's no residue, simply send the last buffer */ 2466 else if (fsg->residue == 0) { 2467 bh->inreq->zero = 0; 2468 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2469 &bh->inreq_busy, &bh->state); 2470 fsg->next_buffhd_to_fill = bh->next; 2471 } 2472 2473 /* There is a residue. For CB and CBI, simply mark the end 2474 * of the data with a short packet. However, if we are 2475 * allowed to stall, there was no data at all (residue == 2476 * data_size), and the command failed (invalid LUN or 2477 * sense data is set), then halt the bulk-in endpoint 2478 * instead. */ 2479 else if (!transport_is_bbb()) { 2480 if (mod_data.can_stall && 2481 fsg->residue == fsg->data_size && 2482 (!fsg->curlun || fsg->curlun->sense_data != SS_NO_SENSE)) { 2483 bh->state = BUF_STATE_EMPTY; 2484 rc = halt_bulk_in_endpoint(fsg); 2485 } else { 2486 bh->inreq->zero = 1; 2487 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2488 &bh->inreq_busy, &bh->state); 2489 fsg->next_buffhd_to_fill = bh->next; 2490 } 2491 } 2492 2493 /* For Bulk-only, if we're allowed to stall then send the 2494 * short packet and halt the bulk-in endpoint. If we can't 2495 * stall, pad out the remaining data with 0's. */ 2496 else { 2497 if (mod_data.can_stall) { 2498 bh->inreq->zero = 1; 2499 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2500 &bh->inreq_busy, &bh->state); 2501 fsg->next_buffhd_to_fill = bh->next; 2502 rc = halt_bulk_in_endpoint(fsg); 2503 } else 2504 rc = pad_with_zeros(fsg); 2505 } 2506 break; 2507 2508 /* We have processed all we want from the data the host has sent. 2509 * There may still be outstanding bulk-out requests. */ 2510 case DATA_DIR_FROM_HOST: 2511 if (fsg->residue == 0) 2512 ; // Nothing to receive 2513 2514 /* Did the host stop sending unexpectedly early? */ 2515 else if (fsg->short_packet_received) { 2516 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT); 2517 rc = -EINTR; 2518 } 2519 2520 /* We haven't processed all the incoming data. Even though 2521 * we may be allowed to stall, doing so would cause a race. 2522 * The controller may already have ACK'ed all the remaining 2523 * bulk-out packets, in which case the host wouldn't see a 2524 * STALL. Not realizing the endpoint was halted, it wouldn't 2525 * clear the halt -- leading to problems later on. */ 2526#if 0 2527 else if (mod_data.can_stall) { 2528 fsg_set_halt(fsg, fsg->bulk_out); 2529 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT); 2530 rc = -EINTR; 2531 } 2532#endif 2533 2534 /* We can't stall. Read in the excess data and throw it 2535 * all away. */ 2536 else 2537 rc = throw_away_data(fsg); 2538 break; 2539 } 2540 return rc; 2541} 2542 2543 2544static int send_status(struct fsg_dev *fsg) 2545{ 2546 struct lun *curlun = fsg->curlun; 2547 struct fsg_buffhd *bh; 2548 int rc; 2549 u8 status = USB_STATUS_PASS; 2550 u32 sd, sdinfo = 0; 2551 2552 /* Wait for the next buffer to become available */ 2553 bh = fsg->next_buffhd_to_fill; 2554 while (bh->state != BUF_STATE_EMPTY) { 2555 if ((rc = sleep_thread(fsg)) != 0) 2556 return rc; 2557 } 2558 2559 if (curlun) { 2560 sd = curlun->sense_data; 2561 sdinfo = curlun->sense_data_info; 2562 } else if (fsg->bad_lun_okay) 2563 sd = SS_NO_SENSE; 2564 else 2565 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 2566 2567 if (fsg->phase_error) { 2568 DBG(fsg, "sending phase-error status\n"); 2569 status = USB_STATUS_PHASE_ERROR; 2570 sd = SS_INVALID_COMMAND; 2571 } else if (sd != SS_NO_SENSE) { 2572 DBG(fsg, "sending command-failure status\n"); 2573 status = USB_STATUS_FAIL; 2574 VDBG(fsg, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;" 2575 " info x%x\n", 2576 SK(sd), ASC(sd), ASCQ(sd), sdinfo); 2577 } 2578 2579 if (transport_is_bbb()) { 2580 struct bulk_cs_wrap *csw = bh->buf; 2581 2582 /* Store and send the Bulk-only CSW */ 2583 csw->Signature = __constant_cpu_to_le32(USB_BULK_CS_SIG); 2584 csw->Tag = fsg->tag; 2585 csw->Residue = cpu_to_le32(fsg->residue); 2586 csw->Status = status; 2587 2588 bh->inreq->length = USB_BULK_CS_WRAP_LEN; 2589 bh->inreq->zero = 0; 2590 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2591 &bh->inreq_busy, &bh->state); 2592 2593 } else if (mod_data.transport_type == USB_PR_CB) { 2594 2595 /* Control-Bulk transport has no status phase! */ 2596 return 0; 2597 2598 } else { // USB_PR_CBI 2599 struct interrupt_data *buf = bh->buf; 2600 2601 /* Store and send the Interrupt data. UFI sends the ASC 2602 * and ASCQ bytes. Everything else sends a Type (which 2603 * is always 0) and the status Value. */ 2604 if (mod_data.protocol_type == USB_SC_UFI) { 2605 buf->bType = ASC(sd); 2606 buf->bValue = ASCQ(sd); 2607 } else { 2608 buf->bType = 0; 2609 buf->bValue = status; 2610 } 2611 fsg->intreq->length = CBI_INTERRUPT_DATA_LEN; 2612 2613 fsg->intr_buffhd = bh; // Point to the right buffhd 2614 fsg->intreq->buf = bh->inreq->buf; 2615 fsg->intreq->dma = bh->inreq->dma; 2616 fsg->intreq->context = bh; 2617 start_transfer(fsg, fsg->intr_in, fsg->intreq, 2618 &fsg->intreq_busy, &bh->state); 2619 } 2620 2621 fsg->next_buffhd_to_fill = bh->next; 2622 return 0; 2623} 2624 2625 2626/*-------------------------------------------------------------------------*/ 2627 2628/* Check whether the command is properly formed and whether its data size 2629 * and direction agree with the values we already have. */ 2630static int check_command(struct fsg_dev *fsg, int cmnd_size, 2631 enum data_direction data_dir, unsigned int mask, 2632 int needs_medium, const char *name) 2633{ 2634 int i; 2635 int lun = fsg->cmnd[1] >> 5; 2636 static const char dirletter[4] = {'u', 'o', 'i', 'n'}; 2637 char hdlen[20]; 2638 struct lun *curlun; 2639 2640 /* Adjust the expected cmnd_size for protocol encapsulation padding. 2641 * Transparent SCSI doesn't pad. */ 2642 if (protocol_is_scsi()) 2643 ; 2644 2645 /* There's some disagreement as to whether RBC pads commands or not. 2646 * We'll play it safe and accept either form. */ 2647 else if (mod_data.protocol_type == USB_SC_RBC) { 2648 if (fsg->cmnd_size == 12) 2649 cmnd_size = 12; 2650 2651 /* All the other protocols pad to 12 bytes */ 2652 } else 2653 cmnd_size = 12; 2654 2655 hdlen[0] = 0; 2656 if (fsg->data_dir != DATA_DIR_UNKNOWN) 2657 sprintf(hdlen, ", H%c=%u", dirletter[(int) fsg->data_dir], 2658 fsg->data_size); 2659 VDBG(fsg, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n", 2660 name, cmnd_size, dirletter[(int) data_dir], 2661 fsg->data_size_from_cmnd, fsg->cmnd_size, hdlen); 2662 2663 /* We can't reply at all until we know the correct data direction 2664 * and size. */ 2665 if (fsg->data_size_from_cmnd == 0) 2666 data_dir = DATA_DIR_NONE; 2667 if (fsg->data_dir == DATA_DIR_UNKNOWN) { // CB or CBI 2668 fsg->data_dir = data_dir; 2669 fsg->data_size = fsg->data_size_from_cmnd; 2670 2671 } else { // Bulk-only 2672 if (fsg->data_size < fsg->data_size_from_cmnd) { 2673 2674 /* Host data size < Device data size is a phase error. 2675 * Carry out the command, but only transfer as much 2676 * as we are allowed. */ 2677 fsg->data_size_from_cmnd = fsg->data_size; 2678 fsg->phase_error = 1; 2679 } 2680 } 2681 fsg->residue = fsg->usb_amount_left = fsg->data_size; 2682 2683 /* Conflicting data directions is a phase error */ 2684 if (fsg->data_dir != data_dir && fsg->data_size_from_cmnd > 0) { 2685 fsg->phase_error = 1; 2686 return -EINVAL; 2687 } 2688 2689 /* Verify the length of the command itself */ 2690 if (cmnd_size != fsg->cmnd_size) { 2691 2692 /* Special case workaround: MS-Windows issues REQUEST SENSE 2693 * with cbw->Length == 12 (it should be 6). */ 2694 if (fsg->cmnd[0] == SC_REQUEST_SENSE && fsg->cmnd_size == 12) 2695 cmnd_size = fsg->cmnd_size; 2696 else { 2697 fsg->phase_error = 1; 2698 return -EINVAL; 2699 } 2700 } 2701 2702 /* Check that the LUN values are consistent */ 2703 if (transport_is_bbb()) { 2704 if (fsg->lun != lun) 2705 DBG(fsg, "using LUN %d from CBW, " 2706 "not LUN %d from CDB\n", 2707 fsg->lun, lun); 2708 } else 2709 fsg->lun = lun; // Use LUN from the command 2710 2711 /* Check the LUN */ 2712 if (fsg->lun >= 0 && fsg->lun < fsg->nluns) { 2713 fsg->curlun = curlun = &fsg->luns[fsg->lun]; 2714 if (fsg->cmnd[0] != SC_REQUEST_SENSE) { 2715 curlun->sense_data = SS_NO_SENSE; 2716 curlun->sense_data_info = 0; 2717 curlun->info_valid = 0; 2718 } 2719 } else { 2720 fsg->curlun = curlun = NULL; 2721 fsg->bad_lun_okay = 0; 2722 2723 /* INQUIRY and REQUEST SENSE commands are explicitly allowed 2724 * to use unsupported LUNs; all others may not. */ 2725 if (fsg->cmnd[0] != SC_INQUIRY && 2726 fsg->cmnd[0] != SC_REQUEST_SENSE) { 2727 DBG(fsg, "unsupported LUN %d\n", fsg->lun); 2728 return -EINVAL; 2729 } 2730 } 2731 2732 /* If a unit attention condition exists, only INQUIRY and 2733 * REQUEST SENSE commands are allowed; anything else must fail. */ 2734 if (curlun && curlun->unit_attention_data != SS_NO_SENSE && 2735 fsg->cmnd[0] != SC_INQUIRY && 2736 fsg->cmnd[0] != SC_REQUEST_SENSE) { 2737 curlun->sense_data = curlun->unit_attention_data; 2738 curlun->unit_attention_data = SS_NO_SENSE; 2739 return -EINVAL; 2740 } 2741 2742 /* Check that only command bytes listed in the mask are non-zero */ 2743 fsg->cmnd[1] &= 0x1f; // Mask away the LUN 2744 for (i = 1; i < cmnd_size; ++i) { 2745 if (fsg->cmnd[i] && !(mask & (1 << i))) { 2746 if (curlun) 2747 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2748 return -EINVAL; 2749 } 2750 } 2751 2752 /* If the medium isn't mounted and the command needs to access 2753 * it, return an error. */ 2754 if (curlun && !backing_file_is_open(curlun) && needs_medium) { 2755 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 2756 return -EINVAL; 2757 } 2758 2759 return 0; 2760} 2761 2762 2763static int do_scsi_command(struct fsg_dev *fsg) 2764{ 2765 struct fsg_buffhd *bh; 2766 int rc; 2767 int reply = -EINVAL; 2768 int i; 2769 static char unknown[16]; 2770 2771 dump_cdb(fsg); 2772 2773 /* Wait for the next buffer to become available for data or status */ 2774 bh = fsg->next_buffhd_to_drain = fsg->next_buffhd_to_fill; 2775 while (bh->state != BUF_STATE_EMPTY) { 2776 if ((rc = sleep_thread(fsg)) != 0) 2777 return rc; 2778 } 2779 fsg->phase_error = 0; 2780 fsg->short_packet_received = 0; 2781 2782 down_read(&fsg->filesem); // We're using the backing file 2783 switch (fsg->cmnd[0]) { 2784 2785 case SC_INQUIRY: 2786 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2787 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2788 (1<<4), 0, 2789 "INQUIRY")) == 0) 2790 reply = do_inquiry(fsg, bh); 2791 break; 2792 2793 case SC_MODE_SELECT_6: 2794 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2795 if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST, 2796 (1<<1) | (1<<4), 0, 2797 "MODE SELECT(6)")) == 0) 2798 reply = do_mode_select(fsg, bh); 2799 break; 2800 2801 case SC_MODE_SELECT_10: 2802 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]); 2803 if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST, 2804 (1<<1) | (3<<7), 0, 2805 "MODE SELECT(10)")) == 0) 2806 reply = do_mode_select(fsg, bh); 2807 break; 2808 2809 case SC_MODE_SENSE_6: 2810 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2811 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2812 (1<<1) | (1<<2) | (1<<4), 0, 2813 "MODE SENSE(6)")) == 0) 2814 reply = do_mode_sense(fsg, bh); 2815 break; 2816 2817 case SC_MODE_SENSE_10: 2818 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]); 2819 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2820 (1<<1) | (1<<2) | (3<<7), 0, 2821 "MODE SENSE(10)")) == 0) 2822 reply = do_mode_sense(fsg, bh); 2823 break; 2824 2825 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL: 2826 fsg->data_size_from_cmnd = 0; 2827 if ((reply = check_command(fsg, 6, DATA_DIR_NONE, 2828 (1<<4), 0, 2829 "PREVENT-ALLOW MEDIUM REMOVAL")) == 0) 2830 reply = do_prevent_allow(fsg); 2831 break; 2832 2833 case SC_READ_6: 2834 i = fsg->cmnd[4]; 2835 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9; 2836 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2837 (7<<1) | (1<<4), 1, 2838 "READ(6)")) == 0) 2839 reply = do_read(fsg); 2840 break; 2841 2842 case SC_READ_10: 2843 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]) << 9; 2844 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2845 (1<<1) | (0xf<<2) | (3<<7), 1, 2846 "READ(10)")) == 0) 2847 reply = do_read(fsg); 2848 break; 2849 2850 case SC_READ_12: 2851 fsg->data_size_from_cmnd = get_be32(&fsg->cmnd[6]) << 9; 2852 if ((reply = check_command(fsg, 12, DATA_DIR_TO_HOST, 2853 (1<<1) | (0xf<<2) | (0xf<<6), 1, 2854 "READ(12)")) == 0) 2855 reply = do_read(fsg); 2856 break; 2857 2858 case SC_READ_CAPACITY: 2859 fsg->data_size_from_cmnd = 8; 2860 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2861 (0xf<<2) | (1<<8), 1, 2862 "READ CAPACITY")) == 0) 2863 reply = do_read_capacity(fsg, bh); 2864 break; 2865 2866 case SC_READ_FORMAT_CAPACITIES: 2867 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]); 2868 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2869 (3<<7), 1, 2870 "READ FORMAT CAPACITIES")) == 0) 2871 reply = do_read_format_capacities(fsg, bh); 2872 break; 2873 2874 case SC_REQUEST_SENSE: 2875 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2876 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2877 (1<<4), 0, 2878 "REQUEST SENSE")) == 0) 2879 reply = do_request_sense(fsg, bh); 2880 break; 2881 2882 case SC_START_STOP_UNIT: 2883 fsg->data_size_from_cmnd = 0; 2884 if ((reply = check_command(fsg, 6, DATA_DIR_NONE, 2885 (1<<1) | (1<<4), 0, 2886 "START-STOP UNIT")) == 0) 2887 reply = do_start_stop(fsg); 2888 break; 2889 2890 case SC_SYNCHRONIZE_CACHE: 2891 fsg->data_size_from_cmnd = 0; 2892 if ((reply = check_command(fsg, 10, DATA_DIR_NONE, 2893 (0xf<<2) | (3<<7), 1, 2894 "SYNCHRONIZE CACHE")) == 0) 2895 reply = do_synchronize_cache(fsg); 2896 break; 2897 2898 case SC_TEST_UNIT_READY: 2899 fsg->data_size_from_cmnd = 0; 2900 reply = check_command(fsg, 6, DATA_DIR_NONE, 2901 0, 1, 2902 "TEST UNIT READY"); 2903 break; 2904 2905 /* Although optional, this command is used by MS-Windows. We 2906 * support a minimal version: BytChk must be 0. */ 2907 case SC_VERIFY: 2908 fsg->data_size_from_cmnd = 0; 2909 if ((reply = check_command(fsg, 10, DATA_DIR_NONE, 2910 (1<<1) | (0xf<<2) | (3<<7), 1, 2911 "VERIFY")) == 0) 2912 reply = do_verify(fsg); 2913 break; 2914 2915 case SC_WRITE_6: 2916 i = fsg->cmnd[4]; 2917 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9; 2918 if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST, 2919 (7<<1) | (1<<4), 1, 2920 "WRITE(6)")) == 0) 2921 reply = do_write(fsg); 2922 break; 2923 2924 case SC_WRITE_10: 2925 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]) << 9; 2926 if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST, 2927 (1<<1) | (0xf<<2) | (3<<7), 1, 2928 "WRITE(10)")) == 0) 2929 reply = do_write(fsg); 2930 break; 2931 2932 case SC_WRITE_12: 2933 fsg->data_size_from_cmnd = get_be32(&fsg->cmnd[6]) << 9; 2934 if ((reply = check_command(fsg, 12, DATA_DIR_FROM_HOST, 2935 (1<<1) | (0xf<<2) | (0xf<<6), 1, 2936 "WRITE(12)")) == 0) 2937 reply = do_write(fsg); 2938 break; 2939 2940 /* Some mandatory commands that we recognize but don't implement. 2941 * They don't mean much in this setting. It's left as an exercise 2942 * for anyone interested to implement RESERVE and RELEASE in terms 2943 * of Posix locks. */ 2944 case SC_FORMAT_UNIT: 2945 case SC_RELEASE: 2946 case SC_RESERVE: 2947 case SC_SEND_DIAGNOSTIC: 2948 // Fall through 2949 2950 default: 2951 fsg->data_size_from_cmnd = 0; 2952 sprintf(unknown, "Unknown x%02x", fsg->cmnd[0]); 2953 if ((reply = check_command(fsg, fsg->cmnd_size, 2954 DATA_DIR_UNKNOWN, 0xff, 0, unknown)) == 0) { 2955 fsg->curlun->sense_data = SS_INVALID_COMMAND; 2956 reply = -EINVAL; 2957 } 2958 break; 2959 } 2960 up_read(&fsg->filesem); 2961 2962 if (reply == -EINTR || signal_pending(current)) 2963 return -EINTR; 2964 2965 /* Set up the single reply buffer for finish_reply() */ 2966 if (reply == -EINVAL) 2967 reply = 0; // Error reply length 2968 if (reply >= 0 && fsg->data_dir == DATA_DIR_TO_HOST) { 2969 reply = min((u32) reply, fsg->data_size_from_cmnd); 2970 bh->inreq->length = reply; 2971 bh->state = BUF_STATE_FULL; 2972 fsg->residue -= reply; 2973 } // Otherwise it's already set 2974 2975 return 0; 2976} 2977 2978 2979/*-------------------------------------------------------------------------*/ 2980 2981static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2982{ 2983 struct usb_request *req = bh->outreq; 2984 struct bulk_cb_wrap *cbw = req->buf; 2985 2986 /* Was this a real packet? */ 2987 if (req->status) 2988 return -EINVAL; 2989 2990 /* Is the CBW valid? */ 2991 if (req->actual != USB_BULK_CB_WRAP_LEN || 2992 cbw->Signature != __constant_cpu_to_le32( 2993 USB_BULK_CB_SIG)) { 2994 DBG(fsg, "invalid CBW: len %u sig 0x%x\n", 2995 req->actual, 2996 le32_to_cpu(cbw->Signature)); 2997 2998 /* The Bulk-only spec says we MUST stall the bulk pipes! 2999 * If we want to avoid stalls, set a flag so that we will 3000 * clear the endpoint halts at the next reset. */ 3001 if (!mod_data.can_stall) 3002 set_bit(CLEAR_BULK_HALTS, &fsg->atomic_bitflags); 3003 fsg_set_halt(fsg, fsg->bulk_out); 3004 halt_bulk_in_endpoint(fsg); 3005 return -EINVAL; 3006 } 3007 3008 /* Is the CBW meaningful? */ 3009 if (cbw->Lun >= MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG || 3010 cbw->Length < 6 || cbw->Length > MAX_COMMAND_SIZE) { 3011 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, " 3012 "cmdlen %u\n", 3013 cbw->Lun, cbw->Flags, cbw->Length); 3014 3015 /* We can do anything we want here, so let's stall the 3016 * bulk pipes if we are allowed to. */ 3017 if (mod_data.can_stall) { 3018 fsg_set_halt(fsg, fsg->bulk_out); 3019 halt_bulk_in_endpoint(fsg); 3020 } 3021 return -EINVAL; 3022 } 3023 3024 /* Save the command for later */ 3025 fsg->cmnd_size = cbw->Length; 3026 memcpy(fsg->cmnd, cbw->CDB, fsg->cmnd_size); 3027 if (cbw->Flags & USB_BULK_IN_FLAG) 3028 fsg->data_dir = DATA_DIR_TO_HOST; 3029 else 3030 fsg->data_dir = DATA_DIR_FROM_HOST; 3031 fsg->data_size = le32_to_cpu(cbw->DataTransferLength); 3032 if (fsg->data_size == 0) 3033 fsg->data_dir = DATA_DIR_NONE; 3034 fsg->lun = cbw->Lun; 3035 fsg->tag = cbw->Tag; 3036 return 0; 3037} 3038 3039 3040static int get_next_command(struct fsg_dev *fsg) 3041{ 3042 struct fsg_buffhd *bh; 3043 int rc = 0; 3044 3045 if (transport_is_bbb()) { 3046 3047 /* Wait for the next buffer to become available */ 3048 bh = fsg->next_buffhd_to_fill; 3049 while (bh->state != BUF_STATE_EMPTY) { 3050 if ((rc = sleep_thread(fsg)) != 0) 3051 return rc; 3052 } 3053 3054 /* Queue a request to read a Bulk-only CBW */ 3055 set_bulk_out_req_length(fsg, bh, USB_BULK_CB_WRAP_LEN); 3056 bh->outreq->short_not_ok = 1; 3057 start_transfer(fsg, fsg->bulk_out, bh->outreq, 3058 &bh->outreq_busy, &bh->state); 3059 3060 /* We will drain the buffer in software, which means we 3061 * can reuse it for the next filling. No need to advance 3062 * next_buffhd_to_fill. */ 3063 3064 /* Wait for the CBW to arrive */ 3065 while (bh->state != BUF_STATE_FULL) { 3066 if ((rc = sleep_thread(fsg)) != 0) 3067 return rc; 3068 } 3069 smp_rmb(); 3070 rc = received_cbw(fsg, bh); 3071 bh->state = BUF_STATE_EMPTY; 3072 3073 } else { // USB_PR_CB or USB_PR_CBI 3074 3075 /* Wait for the next command to arrive */ 3076 while (fsg->cbbuf_cmnd_size == 0) { 3077 if ((rc = sleep_thread(fsg)) != 0) 3078 return rc; 3079 } 3080 3081 /* Is the previous status interrupt request still busy? 3082 * The host is allowed to skip reading the status, 3083 * so we must cancel it. */ 3084 if (fsg->intreq_busy) 3085 usb_ep_dequeue(fsg->intr_in, fsg->intreq); 3086 3087 /* Copy the command and mark the buffer empty */ 3088 fsg->data_dir = DATA_DIR_UNKNOWN; 3089 spin_lock_irq(&fsg->lock); 3090 fsg->cmnd_size = fsg->cbbuf_cmnd_size; 3091 memcpy(fsg->cmnd, fsg->cbbuf_cmnd, fsg->cmnd_size); 3092 fsg->cbbuf_cmnd_size = 0; 3093 spin_unlock_irq(&fsg->lock); 3094 } 3095 return rc; 3096} 3097 3098 3099/*-------------------------------------------------------------------------*/ 3100 3101static int enable_endpoint(struct fsg_dev *fsg, struct usb_ep *ep, 3102 const struct usb_endpoint_descriptor *d) 3103{ 3104 int rc; 3105 3106 ep->driver_data = fsg; 3107 rc = usb_ep_enable(ep, d); 3108 if (rc) 3109 ERROR(fsg, "can't enable %s, result %d\n", ep->name, rc); 3110 return rc; 3111} 3112 3113static int alloc_request(struct fsg_dev *fsg, struct usb_ep *ep, 3114 struct usb_request **preq) 3115{ 3116 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC); 3117 if (*preq) 3118 return 0; 3119 ERROR(fsg, "can't allocate request for %s\n", ep->name); 3120 return -ENOMEM; 3121} 3122 3123/* 3124 * Reset interface setting and re-init endpoint state (toggle etc). 3125 * Call with altsetting < 0 to disable the interface. The only other 3126 * available altsetting is 0, which enables the interface. 3127 */ 3128static int do_set_interface(struct fsg_dev *fsg, int altsetting) 3129{ 3130 int rc = 0; 3131 int i; 3132 const struct usb_endpoint_descriptor *d; 3133 3134 if (fsg->running) 3135 DBG(fsg, "reset interface\n"); 3136 3137reset: 3138 /* Deallocate the requests */ 3139 for (i = 0; i < NUM_BUFFERS; ++i) { 3140 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3141 3142 if (bh->inreq) { 3143 usb_ep_free_request(fsg->bulk_in, bh->inreq); 3144 bh->inreq = NULL; 3145 } 3146 if (bh->outreq) { 3147 usb_ep_free_request(fsg->bulk_out, bh->outreq); 3148 bh->outreq = NULL; 3149 } 3150 } 3151 if (fsg->intreq) { 3152 usb_ep_free_request(fsg->intr_in, fsg->intreq); 3153 fsg->intreq = NULL; 3154 } 3155 3156 /* Disable the endpoints */ 3157 if (fsg->bulk_in_enabled) { 3158 usb_ep_disable(fsg->bulk_in); 3159 fsg->bulk_in_enabled = 0; 3160 } 3161 if (fsg->bulk_out_enabled) { 3162 usb_ep_disable(fsg->bulk_out); 3163 fsg->bulk_out_enabled = 0; 3164 } 3165 if (fsg->intr_in_enabled) { 3166 usb_ep_disable(fsg->intr_in); 3167 fsg->intr_in_enabled = 0; 3168 } 3169 3170 fsg->running = 0; 3171 if (altsetting < 0 || rc != 0) 3172 return rc; 3173 3174 DBG(fsg, "set interface %d\n", altsetting); 3175 3176 /* Enable the endpoints */ 3177 d = ep_desc(fsg->gadget, &fs_bulk_in_desc, &hs_bulk_in_desc); 3178 if ((rc = enable_endpoint(fsg, fsg->bulk_in, d)) != 0) 3179 goto reset; 3180 fsg->bulk_in_enabled = 1; 3181 3182 d = ep_desc(fsg->gadget, &fs_bulk_out_desc, &hs_bulk_out_desc); 3183 if ((rc = enable_endpoint(fsg, fsg->bulk_out, d)) != 0) 3184 goto reset; 3185 fsg->bulk_out_enabled = 1; 3186 fsg->bulk_out_maxpacket = le16_to_cpu(d->wMaxPacketSize); 3187 3188 if (transport_is_cbi()) { 3189 d = ep_desc(fsg->gadget, &fs_intr_in_desc, &hs_intr_in_desc); 3190 if ((rc = enable_endpoint(fsg, fsg->intr_in, d)) != 0) 3191 goto reset; 3192 fsg->intr_in_enabled = 1; 3193 } 3194 3195 /* Allocate the requests */ 3196 for (i = 0; i < NUM_BUFFERS; ++i) { 3197 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3198 3199 if ((rc = alloc_request(fsg, fsg->bulk_in, &bh->inreq)) != 0) 3200 goto reset; 3201 if ((rc = alloc_request(fsg, fsg->bulk_out, &bh->outreq)) != 0) 3202 goto reset; 3203 bh->inreq->buf = bh->outreq->buf = bh->buf; 3204 bh->inreq->dma = bh->outreq->dma = bh->dma; 3205 bh->inreq->context = bh->outreq->context = bh; 3206 bh->inreq->complete = bulk_in_complete; 3207 bh->outreq->complete = bulk_out_complete; 3208 } 3209 if (transport_is_cbi()) { 3210 if ((rc = alloc_request(fsg, fsg->intr_in, &fsg->intreq)) != 0) 3211 goto reset; 3212 fsg->intreq->complete = intr_in_complete; 3213 } 3214 3215 fsg->running = 1; 3216 for (i = 0; i < fsg->nluns; ++i) 3217 fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED; 3218 return rc; 3219} 3220 3221 3222/* 3223 * Change our operational configuration. This code must agree with the code 3224 * that returns config descriptors, and with interface altsetting code. 3225 * 3226 * It's also responsible for power management interactions. Some 3227 * configurations might not work with our current power sources. 3228 * For now we just assume the gadget is always self-powered. 3229 */ 3230static int do_set_config(struct fsg_dev *fsg, u8 new_config) 3231{ 3232 int rc = 0; 3233 3234 /* Disable the single interface */ 3235 if (fsg->config != 0) { 3236 DBG(fsg, "reset config\n"); 3237 fsg->config = 0; 3238 rc = do_set_interface(fsg, -1); 3239 } 3240 3241 /* Enable the interface */ 3242 if (new_config != 0) { 3243 fsg->config = new_config; 3244 if ((rc = do_set_interface(fsg, 0)) != 0) 3245 fsg->config = 0; // Reset on errors 3246 else { 3247 char *speed; 3248 3249 switch (fsg->gadget->speed) { 3250 case USB_SPEED_LOW: speed = "low"; break; 3251 case USB_SPEED_FULL: speed = "full"; break; 3252 case USB_SPEED_HIGH: speed = "high"; break; 3253 default: speed = "?"; break; 3254 } 3255 INFO(fsg, "%s speed config #%d\n", speed, fsg->config); 3256 } 3257 } 3258 return rc; 3259} 3260 3261 3262/*-------------------------------------------------------------------------*/ 3263 3264static void handle_exception(struct fsg_dev *fsg) 3265{ 3266 siginfo_t info; 3267 int sig; 3268 int i; 3269 int num_active; 3270 struct fsg_buffhd *bh; 3271 enum fsg_state old_state; 3272 u8 new_config; 3273 struct lun *curlun; 3274 unsigned int exception_req_tag; 3275 int rc; 3276 3277 /* Clear the existing signals. Anything but SIGUSR1 is converted 3278 * into a high-priority EXIT exception. */ 3279 for (;;) { 3280 sig = dequeue_signal_lock(current, &fsg->thread_signal_mask, 3281 &info); 3282 if (!sig) 3283 break; 3284 if (sig != SIGUSR1) { 3285 if (fsg->state < FSG_STATE_EXIT) 3286 DBG(fsg, "Main thread exiting on signal\n"); 3287 raise_exception(fsg, FSG_STATE_EXIT); 3288 } 3289 } 3290 3291 /* Cancel all the pending transfers */ 3292 if (fsg->intreq_busy) 3293 usb_ep_dequeue(fsg->intr_in, fsg->intreq); 3294 for (i = 0; i < NUM_BUFFERS; ++i) { 3295 bh = &fsg->buffhds[i]; 3296 if (bh->inreq_busy) 3297 usb_ep_dequeue(fsg->bulk_in, bh->inreq); 3298 if (bh->outreq_busy) 3299 usb_ep_dequeue(fsg->bulk_out, bh->outreq); 3300 } 3301 3302 /* Wait until everything is idle */ 3303 for (;;) { 3304 num_active = fsg->intreq_busy; 3305 for (i = 0; i < NUM_BUFFERS; ++i) { 3306 bh = &fsg->buffhds[i]; 3307 num_active += bh->inreq_busy + bh->outreq_busy; 3308 } 3309 if (num_active == 0) 3310 break; 3311 if (sleep_thread(fsg)) 3312 return; 3313 } 3314 3315 /* Clear out the controller's fifos */ 3316 if (fsg->bulk_in_enabled) 3317 usb_ep_fifo_flush(fsg->bulk_in); 3318 if (fsg->bulk_out_enabled) 3319 usb_ep_fifo_flush(fsg->bulk_out); 3320 if (fsg->intr_in_enabled) 3321 usb_ep_fifo_flush(fsg->intr_in); 3322 3323 /* Reset the I/O buffer states and pointers, the SCSI 3324 * state, and the exception. Then invoke the handler. */ 3325 spin_lock_irq(&fsg->lock); 3326 3327 for (i = 0; i < NUM_BUFFERS; ++i) { 3328 bh = &fsg->buffhds[i]; 3329 bh->state = BUF_STATE_EMPTY; 3330 } 3331 fsg->next_buffhd_to_fill = fsg->next_buffhd_to_drain = 3332 &fsg->buffhds[0]; 3333 3334 exception_req_tag = fsg->exception_req_tag; 3335 new_config = fsg->new_config; 3336 old_state = fsg->state; 3337 3338 if (old_state == FSG_STATE_ABORT_BULK_OUT) 3339 fsg->state = FSG_STATE_STATUS_PHASE; 3340 else { 3341 for (i = 0; i < fsg->nluns; ++i) { 3342 curlun = &fsg->luns[i]; 3343 curlun->prevent_medium_removal = 0; 3344 curlun->sense_data = curlun->unit_attention_data = 3345 SS_NO_SENSE; 3346 curlun->sense_data_info = 0; 3347 curlun->info_valid = 0; 3348 } 3349 fsg->state = FSG_STATE_IDLE; 3350 } 3351 spin_unlock_irq(&fsg->lock); 3352 3353 /* Carry out any extra actions required for the exception */ 3354 switch (old_state) { 3355 default: 3356 break; 3357 3358 case FSG_STATE_ABORT_BULK_OUT: 3359 send_status(fsg); 3360 spin_lock_irq(&fsg->lock); 3361 if (fsg->state == FSG_STATE_STATUS_PHASE) 3362 fsg->state = FSG_STATE_IDLE; 3363 spin_unlock_irq(&fsg->lock); 3364 break; 3365 3366 case FSG_STATE_RESET: 3367 /* In case we were forced against our will to halt a 3368 * bulk endpoint, clear the halt now. (The SuperH UDC 3369 * requires this.) */ 3370 if (test_and_clear_bit(CLEAR_BULK_HALTS, 3371 &fsg->atomic_bitflags)) { 3372 usb_ep_clear_halt(fsg->bulk_in); 3373 usb_ep_clear_halt(fsg->bulk_out); 3374 } 3375 3376 if (transport_is_bbb()) { 3377 if (fsg->ep0_req_tag == exception_req_tag) 3378 ep0_queue(fsg); // Complete the status stage 3379 3380 } else if (transport_is_cbi()) 3381 send_status(fsg); // Status by interrupt pipe 3382 3383 /* Technically this should go here, but it would only be 3384 * a waste of time. Ditto for the INTERFACE_CHANGE and 3385 * CONFIG_CHANGE cases. */ 3386 // for (i = 0; i < fsg->nluns; ++i) 3387 // fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED; 3388 break; 3389 3390 case FSG_STATE_INTERFACE_CHANGE: 3391 rc = do_set_interface(fsg, 0); 3392 if (fsg->ep0_req_tag != exception_req_tag) 3393 break; 3394 if (rc != 0) // STALL on errors 3395 fsg_set_halt(fsg, fsg->ep0); 3396 else // Complete the status stage 3397 ep0_queue(fsg); 3398 break; 3399 3400 case FSG_STATE_CONFIG_CHANGE: 3401 rc = do_set_config(fsg, new_config); 3402 if (fsg->ep0_req_tag != exception_req_tag) 3403 break; 3404 if (rc != 0) // STALL on errors 3405 fsg_set_halt(fsg, fsg->ep0); 3406 else // Complete the status stage 3407 ep0_queue(fsg); 3408 break; 3409 3410 case FSG_STATE_DISCONNECT: 3411 fsync_all(fsg); 3412 do_set_config(fsg, 0); // Unconfigured state 3413 break; 3414 3415 case FSG_STATE_EXIT: 3416 case FSG_STATE_TERMINATED: 3417 do_set_config(fsg, 0); // Free resources 3418 spin_lock_irq(&fsg->lock); 3419 fsg->state = FSG_STATE_TERMINATED; // Stop the thread 3420 spin_unlock_irq(&fsg->lock); 3421 break; 3422 } 3423} 3424 3425 3426/*-------------------------------------------------------------------------*/ 3427 3428static int fsg_main_thread(void *fsg_) 3429{ 3430 struct fsg_dev *fsg = fsg_; 3431 3432 /* Allow the thread to be killed by a signal, but set the signal mask 3433 * to block everything but INT, TERM, KILL, and USR1. */ 3434 siginitsetinv(&fsg->thread_signal_mask, sigmask(SIGINT) | 3435 sigmask(SIGTERM) | sigmask(SIGKILL) | 3436 sigmask(SIGUSR1)); 3437 sigprocmask(SIG_SETMASK, &fsg->thread_signal_mask, NULL); 3438 3439 /* Arrange for userspace references to be interpreted as kernel 3440 * pointers. That way we can pass a kernel pointer to a routine 3441 * that expects a __user pointer and it will work okay. */ 3442 set_fs(get_ds()); 3443 3444 /* The main loop */ 3445 while (fsg->state != FSG_STATE_TERMINATED) { 3446 if (exception_in_progress(fsg) || signal_pending(current)) { 3447 handle_exception(fsg); 3448 continue; 3449 } 3450 3451 if (!fsg->running) { 3452 sleep_thread(fsg); 3453 continue; 3454 } 3455 3456 if (get_next_command(fsg)) 3457 continue; 3458 3459 spin_lock_irq(&fsg->lock); 3460 if (!exception_in_progress(fsg)) 3461 fsg->state = FSG_STATE_DATA_PHASE; 3462 spin_unlock_irq(&fsg->lock); 3463 3464 if (do_scsi_command(fsg) || finish_reply(fsg)) 3465 continue; 3466 3467 spin_lock_irq(&fsg->lock); 3468 if (!exception_in_progress(fsg)) 3469 fsg->state = FSG_STATE_STATUS_PHASE; 3470 spin_unlock_irq(&fsg->lock); 3471 3472 if (send_status(fsg)) 3473 continue; 3474 3475 spin_lock_irq(&fsg->lock); 3476 if (!exception_in_progress(fsg)) 3477 fsg->state = FSG_STATE_IDLE; 3478 spin_unlock_irq(&fsg->lock); 3479 } 3480 3481 spin_lock_irq(&fsg->lock); 3482 fsg->thread_task = NULL; 3483 spin_unlock_irq(&fsg->lock); 3484 3485 /* In case we are exiting because of a signal, unregister the 3486 * gadget driver and close the backing file. */ 3487 if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags)) { 3488 usb_gadget_unregister_driver(&fsg_driver); 3489 close_all_backing_files(fsg); 3490 } 3491 3492 /* Let the unbind and cleanup routines know the thread has exited */ 3493 complete_and_exit(&fsg->thread_notifier, 0); 3494} 3495 3496 3497/*-------------------------------------------------------------------------*/ 3498 3499/* If the next two routines are called while the gadget is registered, 3500 * the caller must own fsg->filesem for writing. */ 3501 3502static int open_backing_file(struct lun *curlun, const char *filename) 3503{ 3504 int ro; 3505 struct file *filp = NULL; 3506 int rc = -EINVAL; 3507 struct inode *inode = NULL; 3508 loff_t size; 3509 loff_t num_sectors; 3510 3511 /* R/W if we can, R/O if we must */ 3512 ro = curlun->ro; 3513 if (!ro) { 3514 filp = filp_open(filename, O_RDWR | O_LARGEFILE, 0); 3515 if (-EROFS == PTR_ERR(filp)) 3516 ro = 1; 3517 } 3518 if (ro) 3519 filp = filp_open(filename, O_RDONLY | O_LARGEFILE, 0); 3520 if (IS_ERR(filp)) { 3521 LINFO(curlun, "unable to open backing file: %s\n", filename); 3522 return PTR_ERR(filp); 3523 } 3524 3525 if (!(filp->f_mode & FMODE_WRITE)) 3526 ro = 1; 3527 3528 if (filp->f_path.dentry) 3529 inode = filp->f_path.dentry->d_inode; 3530 if (inode && S_ISBLK(inode->i_mode)) { 3531 if (bdev_read_only(inode->i_bdev)) 3532 ro = 1; 3533 } else if (!inode || !S_ISREG(inode->i_mode)) { 3534 LINFO(curlun, "invalid file type: %s\n", filename); 3535 goto out; 3536 } 3537 3538 /* If we can't read the file, it's no good. 3539 * If we can't write the file, use it read-only. */ 3540 if (!filp->f_op || !(filp->f_op->read || filp->f_op->aio_read)) { 3541 LINFO(curlun, "file not readable: %s\n", filename); 3542 goto out; 3543 } 3544 if (!(filp->f_op->write || filp->f_op->aio_write)) 3545 ro = 1; 3546 3547 size = i_size_read(inode->i_mapping->host); 3548 if (size < 0) { 3549 LINFO(curlun, "unable to find file size: %s\n", filename); 3550 rc = (int) size; 3551 goto out; 3552 } 3553 num_sectors = size >> 9; // File size in 512-byte sectors 3554 if (num_sectors == 0) { 3555 LINFO(curlun, "file too small: %s\n", filename); 3556 rc = -ETOOSMALL; 3557 goto out; 3558 } 3559 3560 get_file(filp); 3561 curlun->ro = ro; 3562 curlun->filp = filp; 3563 curlun->file_length = size; 3564 curlun->num_sectors = num_sectors; 3565 LDBG(curlun, "open backing file: %s\n", filename); 3566 rc = 0; 3567 3568out: 3569 filp_close(filp, current->files); 3570 return rc; 3571} 3572 3573 3574static void close_backing_file(struct lun *curlun) 3575{ 3576 if (curlun->filp) { 3577 LDBG(curlun, "close backing file\n"); 3578 fput(curlun->filp); 3579 curlun->filp = NULL; 3580 } 3581} 3582 3583static void close_all_backing_files(struct fsg_dev *fsg) 3584{ 3585 int i; 3586 3587 for (i = 0; i < fsg->nluns; ++i) 3588 close_backing_file(&fsg->luns[i]); 3589} 3590 3591 3592static ssize_t show_ro(struct device *dev, struct device_attribute *attr, char *buf) 3593{ 3594 struct lun *curlun = dev_to_lun(dev); 3595 3596 return sprintf(buf, "%d\n", curlun->ro); 3597} 3598 3599static ssize_t show_file(struct device *dev, struct device_attribute *attr, char *buf) 3600{ 3601 struct lun *curlun = dev_to_lun(dev); 3602 struct fsg_dev *fsg = dev_get_drvdata(dev); 3603 char *p; 3604 ssize_t rc; 3605 3606 down_read(&fsg->filesem); 3607 if (backing_file_is_open(curlun)) { // Get the complete pathname 3608 p = d_path(curlun->filp->f_path.dentry, curlun->filp->f_path.mnt, 3609 buf, PAGE_SIZE - 1); 3610 if (IS_ERR(p)) 3611 rc = PTR_ERR(p); 3612 else { 3613 rc = strlen(p); 3614 memmove(buf, p, rc); 3615 buf[rc] = '\n'; // Add a newline 3616 buf[++rc] = 0; 3617 } 3618 } else { // No file, return 0 bytes 3619 *buf = 0; 3620 rc = 0; 3621 } 3622 up_read(&fsg->filesem); 3623 return rc; 3624} 3625 3626 3627static ssize_t store_ro(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 3628{ 3629 ssize_t rc = count; 3630 struct lun *curlun = dev_to_lun(dev); 3631 struct fsg_dev *fsg = dev_get_drvdata(dev); 3632 int i; 3633 3634 if (sscanf(buf, "%d", &i) != 1) 3635 return -EINVAL; 3636 3637 /* Allow the write-enable status to change only while the backing file 3638 * is closed. */ 3639 down_read(&fsg->filesem); 3640 if (backing_file_is_open(curlun)) { 3641 LDBG(curlun, "read-only status change prevented\n"); 3642 rc = -EBUSY; 3643 } else { 3644 curlun->ro = !!i; 3645 LDBG(curlun, "read-only status set to %d\n", curlun->ro); 3646 } 3647 up_read(&fsg->filesem); 3648 return rc; 3649} 3650 3651static ssize_t store_file(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 3652{ 3653 struct lun *curlun = dev_to_lun(dev); 3654 struct fsg_dev *fsg = dev_get_drvdata(dev); 3655 int rc = 0; 3656 3657 if (curlun->prevent_medium_removal && backing_file_is_open(curlun)) { 3658 LDBG(curlun, "eject attempt prevented\n"); 3659 return -EBUSY; // "Door is locked" 3660 } 3661 3662 /* Remove a trailing newline */ 3663 if (count > 0 && buf[count-1] == '\n') 3664 ((char *) buf)[count-1] = 0; // Ugh! 3665 3666 /* Eject current medium */ 3667 down_write(&fsg->filesem); 3668 if (backing_file_is_open(curlun)) { 3669 close_backing_file(curlun); 3670 curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT; 3671 } 3672 3673 /* Load new medium */ 3674 if (count > 0 && buf[0]) { 3675 rc = open_backing_file(curlun, buf); 3676 if (rc == 0) 3677 curlun->unit_attention_data = 3678 SS_NOT_READY_TO_READY_TRANSITION; 3679 } 3680 up_write(&fsg->filesem); 3681 return (rc < 0 ? rc : count); 3682} 3683 3684 3685/* The write permissions and store_xxx pointers are set in fsg_bind() */ 3686static DEVICE_ATTR(ro, 0444, show_ro, NULL); 3687static DEVICE_ATTR(file, 0444, show_file, NULL); 3688 3689 3690/*-------------------------------------------------------------------------*/ 3691 3692static void fsg_release(struct kref *ref) 3693{ 3694 struct fsg_dev *fsg = container_of(ref, struct fsg_dev, ref); 3695 3696 kfree(fsg->luns); 3697 kfree(fsg); 3698} 3699 3700static void lun_release(struct device *dev) 3701{ 3702 struct fsg_dev *fsg = dev_get_drvdata(dev); 3703 3704 kref_put(&fsg->ref, fsg_release); 3705} 3706 3707static void /* __init_or_exit */ fsg_unbind(struct usb_gadget *gadget) 3708{ 3709 struct fsg_dev *fsg = get_gadget_data(gadget); 3710 int i; 3711 struct lun *curlun; 3712 struct usb_request *req = fsg->ep0req; 3713 3714 DBG(fsg, "unbind\n"); 3715 clear_bit(REGISTERED, &fsg->atomic_bitflags); 3716 3717 /* Unregister the sysfs attribute files and the LUNs */ 3718 for (i = 0; i < fsg->nluns; ++i) { 3719 curlun = &fsg->luns[i]; 3720 if (curlun->registered) { 3721 device_remove_file(&curlun->dev, &dev_attr_ro); 3722 device_remove_file(&curlun->dev, &dev_attr_file); 3723 device_unregister(&curlun->dev); 3724 curlun->registered = 0; 3725 } 3726 } 3727 3728 /* If the thread isn't already dead, tell it to exit now */ 3729 if (fsg->state != FSG_STATE_TERMINATED) { 3730 raise_exception(fsg, FSG_STATE_EXIT); 3731 wait_for_completion(&fsg->thread_notifier); 3732 3733 /* The cleanup routine waits for this completion also */ 3734 complete(&fsg->thread_notifier); 3735 } 3736 3737 /* Free the data buffers */ 3738 for (i = 0; i < NUM_BUFFERS; ++i) { 3739 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3740 3741 if (bh->buf) 3742 usb_ep_free_buffer(fsg->bulk_in, bh->buf, bh->dma, 3743 mod_data.buflen); 3744 } 3745 3746 /* Free the request and buffer for endpoint 0 */ 3747 if (req) { 3748 if (req->buf) 3749 usb_ep_free_buffer(fsg->ep0, req->buf, 3750 req->dma, EP0_BUFSIZE); 3751 usb_ep_free_request(fsg->ep0, req); 3752 } 3753 3754 set_gadget_data(gadget, NULL); 3755} 3756 3757 3758static int __init check_parameters(struct fsg_dev *fsg) 3759{ 3760 int prot; 3761 int gcnum; 3762 3763 /* Store the default values */ 3764 mod_data.transport_type = USB_PR_BULK; 3765 mod_data.transport_name = "Bulk-only"; 3766 mod_data.protocol_type = USB_SC_SCSI; 3767 mod_data.protocol_name = "Transparent SCSI"; 3768 3769 if (gadget_is_sh(fsg->gadget)) 3770 mod_data.can_stall = 0; 3771 3772 if (mod_data.release == 0xffff) { // Parameter wasn't set 3773 /* The sa1100 controller is not supported */ 3774 if (gadget_is_sa1100(fsg->gadget)) 3775 gcnum = -1; 3776 else 3777 gcnum = usb_gadget_controller_number(fsg->gadget); 3778 if (gcnum >= 0) 3779 mod_data.release = 0x0300 + gcnum; 3780 else { 3781 WARN(fsg, "controller '%s' not recognized\n", 3782 fsg->gadget->name); 3783 mod_data.release = 0x0399; 3784 } 3785 } 3786 3787 prot = simple_strtol(mod_data.protocol_parm, NULL, 0); 3788 3789#ifdef CONFIG_USB_FILE_STORAGE_TEST 3790 if (strnicmp(mod_data.transport_parm, "BBB", 10) == 0) { 3791 ; // Use default setting 3792 } else if (strnicmp(mod_data.transport_parm, "CB", 10) == 0) { 3793 mod_data.transport_type = USB_PR_CB; 3794 mod_data.transport_name = "Control-Bulk"; 3795 } else if (strnicmp(mod_data.transport_parm, "CBI", 10) == 0) { 3796 mod_data.transport_type = USB_PR_CBI; 3797 mod_data.transport_name = "Control-Bulk-Interrupt"; 3798 } else { 3799 ERROR(fsg, "invalid transport: %s\n", mod_data.transport_parm); 3800 return -EINVAL; 3801 } 3802 3803 if (strnicmp(mod_data.protocol_parm, "SCSI", 10) == 0 || 3804 prot == USB_SC_SCSI) { 3805 ; // Use default setting 3806 } else if (strnicmp(mod_data.protocol_parm, "RBC", 10) == 0 || 3807 prot == USB_SC_RBC) { 3808 mod_data.protocol_type = USB_SC_RBC; 3809 mod_data.protocol_name = "RBC"; 3810 } else if (strnicmp(mod_data.protocol_parm, "8020", 4) == 0 || 3811 strnicmp(mod_data.protocol_parm, "ATAPI", 10) == 0 || 3812 prot == USB_SC_8020) { 3813 mod_data.protocol_type = USB_SC_8020; 3814 mod_data.protocol_name = "8020i (ATAPI)"; 3815 } else if (strnicmp(mod_data.protocol_parm, "QIC", 3) == 0 || 3816 prot == USB_SC_QIC) { 3817 mod_data.protocol_type = USB_SC_QIC; 3818 mod_data.protocol_name = "QIC-157"; 3819 } else if (strnicmp(mod_data.protocol_parm, "UFI", 10) == 0 || 3820 prot == USB_SC_UFI) { 3821 mod_data.protocol_type = USB_SC_UFI; 3822 mod_data.protocol_name = "UFI"; 3823 } else if (strnicmp(mod_data.protocol_parm, "8070", 4) == 0 || 3824 prot == USB_SC_8070) { 3825 mod_data.protocol_type = USB_SC_8070; 3826 mod_data.protocol_name = "8070i"; 3827 } else { 3828 ERROR(fsg, "invalid protocol: %s\n", mod_data.protocol_parm); 3829 return -EINVAL; 3830 } 3831 3832 mod_data.buflen &= PAGE_CACHE_MASK; 3833 if (mod_data.buflen <= 0) { 3834 ERROR(fsg, "invalid buflen\n"); 3835 return -ETOOSMALL; 3836 } 3837#endif /* CONFIG_USB_FILE_STORAGE_TEST */ 3838 3839 return 0; 3840} 3841 3842 3843static int __init fsg_bind(struct usb_gadget *gadget) 3844{ 3845 struct fsg_dev *fsg = the_fsg; 3846 int rc; 3847 int i; 3848 struct lun *curlun; 3849 struct usb_ep *ep; 3850 struct usb_request *req; 3851 char *pathbuf, *p; 3852 3853 fsg->gadget = gadget; 3854 set_gadget_data(gadget, fsg); 3855 fsg->ep0 = gadget->ep0; 3856 fsg->ep0->driver_data = fsg; 3857 3858 if ((rc = check_parameters(fsg)) != 0) 3859 goto out; 3860 3861 if (mod_data.removable) { // Enable the store_xxx attributes 3862 dev_attr_ro.attr.mode = dev_attr_file.attr.mode = 0644; 3863 dev_attr_ro.store = store_ro; 3864 dev_attr_file.store = store_file; 3865 } 3866 3867 /* Find out how many LUNs there should be */ 3868 i = mod_data.nluns; 3869 if (i == 0) 3870 i = max(mod_data.num_filenames, 1); 3871 if (i > MAX_LUNS) { 3872 ERROR(fsg, "invalid number of LUNs: %d\n", i); 3873 rc = -EINVAL; 3874 goto out; 3875 } 3876 3877 /* Create the LUNs, open their backing files, and register the 3878 * LUN devices in sysfs. */ 3879 fsg->luns = kzalloc(i * sizeof(struct lun), GFP_KERNEL); 3880 if (!fsg->luns) { 3881 rc = -ENOMEM; 3882 goto out; 3883 } 3884 fsg->nluns = i; 3885 3886 for (i = 0; i < fsg->nluns; ++i) { 3887 curlun = &fsg->luns[i]; 3888 curlun->ro = mod_data.ro[i]; 3889 curlun->dev.release = lun_release; 3890 curlun->dev.parent = &gadget->dev; 3891 curlun->dev.driver = &fsg_driver.driver; 3892 dev_set_drvdata(&curlun->dev, fsg); 3893 snprintf(curlun->dev.bus_id, BUS_ID_SIZE, 3894 "%s-lun%d", gadget->dev.bus_id, i); 3895 3896 if ((rc = device_register(&curlun->dev)) != 0) { 3897 INFO(fsg, "failed to register LUN%d: %d\n", i, rc); 3898 goto out; 3899 } 3900 if ((rc = device_create_file(&curlun->dev, 3901 &dev_attr_ro)) != 0 || 3902 (rc = device_create_file(&curlun->dev, 3903 &dev_attr_file)) != 0) { 3904 device_unregister(&curlun->dev); 3905 goto out; 3906 } 3907 curlun->registered = 1; 3908 kref_get(&fsg->ref); 3909 3910 if (mod_data.file[i] && *mod_data.file[i]) { 3911 if ((rc = open_backing_file(curlun, 3912 mod_data.file[i])) != 0) 3913 goto out; 3914 } else if (!mod_data.removable) { 3915 ERROR(fsg, "no file given for LUN%d\n", i); 3916 rc = -EINVAL; 3917 goto out; 3918 } 3919 } 3920 3921 /* Find all the endpoints we will use */ 3922 usb_ep_autoconfig_reset(gadget); 3923 ep = usb_ep_autoconfig(gadget, &fs_bulk_in_desc); 3924 if (!ep) 3925 goto autoconf_fail; 3926 ep->driver_data = fsg; // claim the endpoint 3927 fsg->bulk_in = ep; 3928 3929 ep = usb_ep_autoconfig(gadget, &fs_bulk_out_desc); 3930 if (!ep) 3931 goto autoconf_fail; 3932 ep->driver_data = fsg; // claim the endpoint 3933 fsg->bulk_out = ep; 3934 3935 if (transport_is_cbi()) { 3936 ep = usb_ep_autoconfig(gadget, &fs_intr_in_desc); 3937 if (!ep) 3938 goto autoconf_fail; 3939 ep->driver_data = fsg; // claim the endpoint 3940 fsg->intr_in = ep; 3941 } 3942 3943 /* Fix up the descriptors */ 3944 device_desc.bMaxPacketSize0 = fsg->ep0->maxpacket; 3945 device_desc.idVendor = cpu_to_le16(mod_data.vendor); 3946 device_desc.idProduct = cpu_to_le16(mod_data.product); 3947 device_desc.bcdDevice = cpu_to_le16(mod_data.release); 3948 3949 i = (transport_is_cbi() ? 3 : 2); // Number of endpoints 3950 intf_desc.bNumEndpoints = i; 3951 intf_desc.bInterfaceSubClass = mod_data.protocol_type; 3952 intf_desc.bInterfaceProtocol = mod_data.transport_type; 3953 fs_function[i + FS_FUNCTION_PRE_EP_ENTRIES] = NULL; 3954 3955#ifdef CONFIG_USB_GADGET_DUALSPEED 3956 hs_function[i + HS_FUNCTION_PRE_EP_ENTRIES] = NULL; 3957 3958 /* Assume ep0 uses the same maxpacket value for both speeds */ 3959 dev_qualifier.bMaxPacketSize0 = fsg->ep0->maxpacket; 3960 3961 /* Assume that all endpoint addresses are the same for both speeds */ 3962 hs_bulk_in_desc.bEndpointAddress = fs_bulk_in_desc.bEndpointAddress; 3963 hs_bulk_out_desc.bEndpointAddress = fs_bulk_out_desc.bEndpointAddress; 3964 hs_intr_in_desc.bEndpointAddress = fs_intr_in_desc.bEndpointAddress; 3965#endif 3966 3967 if (gadget->is_otg) { 3968 otg_desc.bmAttributes |= USB_OTG_HNP, 3969 config_desc.bmAttributes |= USB_CONFIG_ATT_WAKEUP; 3970 } 3971 3972 rc = -ENOMEM; 3973 3974 /* Allocate the request and buffer for endpoint 0 */ 3975 fsg->ep0req = req = usb_ep_alloc_request(fsg->ep0, GFP_KERNEL); 3976 if (!req) 3977 goto out; 3978 req->buf = usb_ep_alloc_buffer(fsg->ep0, EP0_BUFSIZE, 3979 &req->dma, GFP_KERNEL); 3980 if (!req->buf) 3981 goto out; 3982 req->complete = ep0_complete; 3983 3984 /* Allocate the data buffers */ 3985 for (i = 0; i < NUM_BUFFERS; ++i) { 3986 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3987 3988 /* Allocate for the bulk-in endpoint. We assume that 3989 * the buffer will also work with the bulk-out (and 3990 * interrupt-in) endpoint. */ 3991 bh->buf = usb_ep_alloc_buffer(fsg->bulk_in, mod_data.buflen, 3992 &bh->dma, GFP_KERNEL); 3993 if (!bh->buf) 3994 goto out; 3995 bh->next = bh + 1; 3996 } 3997 fsg->buffhds[NUM_BUFFERS - 1].next = &fsg->buffhds[0]; 3998 3999 /* This should reflect the actual gadget power source */ 4000 usb_gadget_set_selfpowered(gadget); 4001 4002 snprintf(manufacturer, sizeof manufacturer, "%s %s with %s", 4003 init_utsname()->sysname, init_utsname()->release, 4004 gadget->name); 4005 4006 /* On a real device, serial[] would be loaded from permanent 4007 * storage. We just encode it from the driver version string. */ 4008 for (i = 0; i < sizeof(serial) - 2; i += 2) { 4009 unsigned char c = DRIVER_VERSION[i / 2]; 4010 4011 if (!c) 4012 break; 4013 sprintf(&serial[i], "%02X", c); 4014 } 4015 4016 fsg->thread_task = kthread_create(fsg_main_thread, fsg, 4017 "file-storage-gadget"); 4018 if (IS_ERR(fsg->thread_task)) { 4019 rc = PTR_ERR(fsg->thread_task); 4020 goto out; 4021 } 4022 4023 INFO(fsg, DRIVER_DESC ", version: " DRIVER_VERSION "\n"); 4024 INFO(fsg, "Number of LUNs=%d\n", fsg->nluns); 4025 4026 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); 4027 for (i = 0; i < fsg->nluns; ++i) { 4028 curlun = &fsg->luns[i]; 4029 if (backing_file_is_open(curlun)) { 4030 p = NULL; 4031 if (pathbuf) { 4032 p = d_path(curlun->filp->f_path.dentry, 4033 curlun->filp->f_path.mnt, 4034 pathbuf, PATH_MAX); 4035 if (IS_ERR(p)) 4036 p = NULL; 4037 } 4038 LINFO(curlun, "ro=%d, file: %s\n", 4039 curlun->ro, (p ? p : "(error)")); 4040 } 4041 } 4042 kfree(pathbuf); 4043 4044 DBG(fsg, "transport=%s (x%02x)\n", 4045 mod_data.transport_name, mod_data.transport_type); 4046 DBG(fsg, "protocol=%s (x%02x)\n", 4047 mod_data.protocol_name, mod_data.protocol_type); 4048 DBG(fsg, "VendorID=x%04x, ProductID=x%04x, Release=x%04x\n", 4049 mod_data.vendor, mod_data.product, mod_data.release); 4050 DBG(fsg, "removable=%d, stall=%d, buflen=%u\n", 4051 mod_data.removable, mod_data.can_stall, 4052 mod_data.buflen); 4053 DBG(fsg, "I/O thread pid: %d\n", fsg->thread_task->pid); 4054 4055 set_bit(REGISTERED, &fsg->atomic_bitflags); 4056 4057 /* Tell the thread to start working */ 4058 wake_up_process(fsg->thread_task); 4059 return 0; 4060 4061autoconf_fail: 4062 ERROR(fsg, "unable to autoconfigure all endpoints\n"); 4063 rc = -ENOTSUPP; 4064 4065out: 4066 fsg->state = FSG_STATE_TERMINATED; // The thread is dead 4067 fsg_unbind(gadget); 4068 close_all_backing_files(fsg); 4069 return rc; 4070} 4071 4072 4073/*-------------------------------------------------------------------------*/ 4074 4075static void fsg_suspend(struct usb_gadget *gadget) 4076{ 4077 struct fsg_dev *fsg = get_gadget_data(gadget); 4078 4079 DBG(fsg, "suspend\n"); 4080 set_bit(SUSPENDED, &fsg->atomic_bitflags); 4081} 4082 4083static void fsg_resume(struct usb_gadget *gadget) 4084{ 4085 struct fsg_dev *fsg = get_gadget_data(gadget); 4086 4087 DBG(fsg, "resume\n"); 4088 clear_bit(SUSPENDED, &fsg->atomic_bitflags); 4089} 4090 4091 4092/*-------------------------------------------------------------------------*/ 4093 4094static struct usb_gadget_driver fsg_driver = { 4095#ifdef CONFIG_USB_GADGET_DUALSPEED 4096 .speed = USB_SPEED_HIGH, 4097#else 4098 .speed = USB_SPEED_FULL, 4099#endif 4100 .function = (char *) longname, 4101 .bind = fsg_bind, 4102 .unbind = fsg_unbind, 4103 .disconnect = fsg_disconnect, 4104 .setup = fsg_setup, 4105 .suspend = fsg_suspend, 4106 .resume = fsg_resume, 4107 4108 .driver = { 4109 .name = (char *) shortname, 4110 .owner = THIS_MODULE, 4111 // .release = ... 4112 // .suspend = ... 4113 // .resume = ... 4114 }, 4115}; 4116 4117 4118static int __init fsg_alloc(void) 4119{ 4120 struct fsg_dev *fsg; 4121 4122 fsg = kzalloc(sizeof *fsg, GFP_KERNEL); 4123 if (!fsg) 4124 return -ENOMEM; 4125 spin_lock_init(&fsg->lock); 4126 init_rwsem(&fsg->filesem); 4127 kref_init(&fsg->ref); 4128 init_completion(&fsg->thread_notifier); 4129 4130 the_fsg = fsg; 4131 return 0; 4132} 4133 4134 4135static int __init fsg_init(void) 4136{ 4137 int rc; 4138 struct fsg_dev *fsg; 4139 4140 if ((rc = fsg_alloc()) != 0) 4141 return rc; 4142 fsg = the_fsg; 4143 if ((rc = usb_gadget_register_driver(&fsg_driver)) != 0) 4144 kref_put(&fsg->ref, fsg_release); 4145 return rc; 4146} 4147module_init(fsg_init); 4148 4149 4150static void __exit fsg_cleanup(void) 4151{ 4152 struct fsg_dev *fsg = the_fsg; 4153 4154 /* Unregister the driver iff the thread hasn't already done so */ 4155 if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags)) 4156 usb_gadget_unregister_driver(&fsg_driver); 4157 4158 /* Wait for the thread to finish up */ 4159 wait_for_completion(&fsg->thread_notifier); 4160 4161 close_all_backing_files(fsg); 4162 kref_put(&fsg->ref, fsg_release); 4163} 4164module_exit(fsg_cleanup); 4165