file_storage.c revision d794ac7ae3613c2abfb678617ac7d74c8ff0099c
1/* 2 * file_storage.c -- File-backed USB Storage Gadget, for USB development 3 * 4 * Copyright (C) 2003-2005 Alan Stern 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions, and the following disclaimer, 12 * without modification. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The names of the above-listed copyright holders may not be used 17 * to endorse or promote products derived from this software without 18 * specific prior written permission. 19 * 20 * ALTERNATIVELY, this software may be distributed under the terms of the 21 * GNU General Public License ("GPL") as published by the Free Software 22 * Foundation, either version 2 of that License or (at your option) any 23 * later version. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 26 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 27 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 29 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 30 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 31 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38 39/* 40 * The File-backed Storage Gadget acts as a USB Mass Storage device, 41 * appearing to the host as a disk drive. In addition to providing an 42 * example of a genuinely useful gadget driver for a USB device, it also 43 * illustrates a technique of double-buffering for increased throughput. 44 * Last but not least, it gives an easy way to probe the behavior of the 45 * Mass Storage drivers in a USB host. 46 * 47 * Backing storage is provided by a regular file or a block device, specified 48 * by the "file" module parameter. Access can be limited to read-only by 49 * setting the optional "ro" module parameter. The gadget will indicate that 50 * it has removable media if the optional "removable" module parameter is set. 51 * 52 * The gadget supports the Control-Bulk (CB), Control-Bulk-Interrupt (CBI), 53 * and Bulk-Only (also known as Bulk-Bulk-Bulk or BBB) transports, selected 54 * by the optional "transport" module parameter. It also supports the 55 * following protocols: RBC (0x01), ATAPI or SFF-8020i (0x02), QIC-157 (0c03), 56 * UFI (0x04), SFF-8070i (0x05), and transparent SCSI (0x06), selected by 57 * the optional "protocol" module parameter. In addition, the default 58 * Vendor ID, Product ID, and release number can be overridden. 59 * 60 * There is support for multiple logical units (LUNs), each of which has 61 * its own backing file. The number of LUNs can be set using the optional 62 * "luns" module parameter (anywhere from 1 to 8), and the corresponding 63 * files are specified using comma-separated lists for "file" and "ro". 64 * The default number of LUNs is taken from the number of "file" elements; 65 * it is 1 if "file" is not given. If "removable" is not set then a backing 66 * file must be specified for each LUN. If it is set, then an unspecified 67 * or empty backing filename means the LUN's medium is not loaded. 68 * 69 * Requirements are modest; only a bulk-in and a bulk-out endpoint are 70 * needed (an interrupt-out endpoint is also needed for CBI). The memory 71 * requirement amounts to two 16K buffers, size configurable by a parameter. 72 * Support is included for both full-speed and high-speed operation. 73 * 74 * Module options: 75 * 76 * file=filename[,filename...] 77 * Required if "removable" is not set, names of 78 * the files or block devices used for 79 * backing storage 80 * ro=b[,b...] Default false, booleans for read-only access 81 * removable Default false, boolean for removable media 82 * luns=N Default N = number of filenames, number of 83 * LUNs to support 84 * stall Default determined according to the type of 85 * USB device controller (usually true), 86 * boolean to permit the driver to halt 87 * bulk endpoints 88 * transport=XXX Default BBB, transport name (CB, CBI, or BBB) 89 * protocol=YYY Default SCSI, protocol name (RBC, 8020 or 90 * ATAPI, QIC, UFI, 8070, or SCSI; 91 * also 1 - 6) 92 * vendor=0xVVVV Default 0x0525 (NetChip), USB Vendor ID 93 * product=0xPPPP Default 0xa4a5 (FSG), USB Product ID 94 * release=0xRRRR Override the USB release number (bcdDevice) 95 * buflen=N Default N=16384, buffer size used (will be 96 * rounded down to a multiple of 97 * PAGE_CACHE_SIZE) 98 * 99 * If CONFIG_USB_FILE_STORAGE_TEST is not set, only the "file", "ro", 100 * "removable", "luns", and "stall" options are available; default values 101 * are used for everything else. 102 * 103 * The pathnames of the backing files and the ro settings are available in 104 * the attribute files "file" and "ro" in the lun<n> subdirectory of the 105 * gadget's sysfs directory. If the "removable" option is set, writing to 106 * these files will simulate ejecting/loading the medium (writing an empty 107 * line means eject) and adjusting a write-enable tab. Changes to the ro 108 * setting are not allowed when the medium is loaded. 109 * 110 * This gadget driver is heavily based on "Gadget Zero" by David Brownell. 111 */ 112 113 114/* 115 * Driver Design 116 * 117 * The FSG driver is fairly straightforward. There is a main kernel 118 * thread that handles most of the work. Interrupt routines field 119 * callbacks from the controller driver: bulk- and interrupt-request 120 * completion notifications, endpoint-0 events, and disconnect events. 121 * Completion events are passed to the main thread by wakeup calls. Many 122 * ep0 requests are handled at interrupt time, but SetInterface, 123 * SetConfiguration, and device reset requests are forwarded to the 124 * thread in the form of "exceptions" using SIGUSR1 signals (since they 125 * should interrupt any ongoing file I/O operations). 126 * 127 * The thread's main routine implements the standard command/data/status 128 * parts of a SCSI interaction. It and its subroutines are full of tests 129 * for pending signals/exceptions -- all this polling is necessary since 130 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an 131 * indication that the driver really wants to be running in userspace.) 132 * An important point is that so long as the thread is alive it keeps an 133 * open reference to the backing file. This will prevent unmounting 134 * the backing file's underlying filesystem and could cause problems 135 * during system shutdown, for example. To prevent such problems, the 136 * thread catches INT, TERM, and KILL signals and converts them into 137 * an EXIT exception. 138 * 139 * In normal operation the main thread is started during the gadget's 140 * fsg_bind() callback and stopped during fsg_unbind(). But it can also 141 * exit when it receives a signal, and there's no point leaving the 142 * gadget running when the thread is dead. So just before the thread 143 * exits, it deregisters the gadget driver. This makes things a little 144 * tricky: The driver is deregistered at two places, and the exiting 145 * thread can indirectly call fsg_unbind() which in turn can tell the 146 * thread to exit. The first problem is resolved through the use of the 147 * REGISTERED atomic bitflag; the driver will only be deregistered once. 148 * The second problem is resolved by having fsg_unbind() check 149 * fsg->state; it won't try to stop the thread if the state is already 150 * FSG_STATE_TERMINATED. 151 * 152 * To provide maximum throughput, the driver uses a circular pipeline of 153 * buffer heads (struct fsg_buffhd). In principle the pipeline can be 154 * arbitrarily long; in practice the benefits don't justify having more 155 * than 2 stages (i.e., double buffering). But it helps to think of the 156 * pipeline as being a long one. Each buffer head contains a bulk-in and 157 * a bulk-out request pointer (since the buffer can be used for both 158 * output and input -- directions always are given from the host's 159 * point of view) as well as a pointer to the buffer and various state 160 * variables. 161 * 162 * Use of the pipeline follows a simple protocol. There is a variable 163 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use. 164 * At any time that buffer head may still be in use from an earlier 165 * request, so each buffer head has a state variable indicating whether 166 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the 167 * buffer head to be EMPTY, filling the buffer either by file I/O or by 168 * USB I/O (during which the buffer head is BUSY), and marking the buffer 169 * head FULL when the I/O is complete. Then the buffer will be emptied 170 * (again possibly by USB I/O, during which it is marked BUSY) and 171 * finally marked EMPTY again (possibly by a completion routine). 172 * 173 * A module parameter tells the driver to avoid stalling the bulk 174 * endpoints wherever the transport specification allows. This is 175 * necessary for some UDCs like the SuperH, which cannot reliably clear a 176 * halt on a bulk endpoint. However, under certain circumstances the 177 * Bulk-only specification requires a stall. In such cases the driver 178 * will halt the endpoint and set a flag indicating that it should clear 179 * the halt in software during the next device reset. Hopefully this 180 * will permit everything to work correctly. Furthermore, although the 181 * specification allows the bulk-out endpoint to halt when the host sends 182 * too much data, implementing this would cause an unavoidable race. 183 * The driver will always use the "no-stall" approach for OUT transfers. 184 * 185 * One subtle point concerns sending status-stage responses for ep0 186 * requests. Some of these requests, such as device reset, can involve 187 * interrupting an ongoing file I/O operation, which might take an 188 * arbitrarily long time. During that delay the host might give up on 189 * the original ep0 request and issue a new one. When that happens the 190 * driver should not notify the host about completion of the original 191 * request, as the host will no longer be waiting for it. So the driver 192 * assigns to each ep0 request a unique tag, and it keeps track of the 193 * tag value of the request associated with a long-running exception 194 * (device-reset, interface-change, or configuration-change). When the 195 * exception handler is finished, the status-stage response is submitted 196 * only if the current ep0 request tag is equal to the exception request 197 * tag. Thus only the most recently received ep0 request will get a 198 * status-stage response. 199 * 200 * Warning: This driver source file is too long. It ought to be split up 201 * into a header file plus about 3 separate .c files, to handle the details 202 * of the Gadget, USB Mass Storage, and SCSI protocols. 203 */ 204 205 206#undef DEBUG 207#undef VERBOSE 208#undef DUMP_MSGS 209 210#include <linux/config.h> 211 212#include <asm/system.h> 213#include <asm/uaccess.h> 214 215#include <linux/bitops.h> 216#include <linux/blkdev.h> 217#include <linux/compiler.h> 218#include <linux/completion.h> 219#include <linux/dcache.h> 220#include <linux/delay.h> 221#include <linux/device.h> 222#include <linux/fcntl.h> 223#include <linux/file.h> 224#include <linux/fs.h> 225#include <linux/init.h> 226#include <linux/kernel.h> 227#include <linux/limits.h> 228#include <linux/list.h> 229#include <linux/module.h> 230#include <linux/moduleparam.h> 231#include <linux/pagemap.h> 232#include <linux/rwsem.h> 233#include <linux/sched.h> 234#include <linux/signal.h> 235#include <linux/slab.h> 236#include <linux/spinlock.h> 237#include <linux/string.h> 238#include <linux/suspend.h> 239#include <linux/utsname.h> 240#include <linux/wait.h> 241 242#include <linux/usb_ch9.h> 243#include <linux/usb_gadget.h> 244 245#include "gadget_chips.h" 246 247 248/*-------------------------------------------------------------------------*/ 249 250#define DRIVER_DESC "File-backed Storage Gadget" 251#define DRIVER_NAME "g_file_storage" 252#define DRIVER_VERSION "20 October 2004" 253 254static const char longname[] = DRIVER_DESC; 255static const char shortname[] = DRIVER_NAME; 256 257MODULE_DESCRIPTION(DRIVER_DESC); 258MODULE_AUTHOR("Alan Stern"); 259MODULE_LICENSE("Dual BSD/GPL"); 260 261/* Thanks to NetChip Technologies for donating this product ID. 262 * 263 * DO NOT REUSE THESE IDs with any other driver!! Ever!! 264 * Instead: allocate your own, using normal USB-IF procedures. */ 265#define DRIVER_VENDOR_ID 0x0525 // NetChip 266#define DRIVER_PRODUCT_ID 0xa4a5 // Linux-USB File-backed Storage Gadget 267 268 269/* 270 * This driver assumes self-powered hardware and has no way for users to 271 * trigger remote wakeup. It uses autoconfiguration to select endpoints 272 * and endpoint addresses. 273 */ 274 275 276/*-------------------------------------------------------------------------*/ 277 278#define xprintk(f,level,fmt,args...) \ 279 dev_printk(level , &(f)->gadget->dev , fmt , ## args) 280#define yprintk(l,level,fmt,args...) \ 281 dev_printk(level , &(l)->dev , fmt , ## args) 282 283#ifdef DEBUG 284#define DBG(fsg,fmt,args...) \ 285 xprintk(fsg , KERN_DEBUG , fmt , ## args) 286#define LDBG(lun,fmt,args...) \ 287 yprintk(lun , KERN_DEBUG , fmt , ## args) 288#define MDBG(fmt,args...) \ 289 printk(KERN_DEBUG DRIVER_NAME ": " fmt , ## args) 290#else 291#define DBG(fsg,fmt,args...) \ 292 do { } while (0) 293#define LDBG(lun,fmt,args...) \ 294 do { } while (0) 295#define MDBG(fmt,args...) \ 296 do { } while (0) 297#undef VERBOSE 298#undef DUMP_MSGS 299#endif /* DEBUG */ 300 301#ifdef VERBOSE 302#define VDBG DBG 303#define VLDBG LDBG 304#else 305#define VDBG(fsg,fmt,args...) \ 306 do { } while (0) 307#define VLDBG(lun,fmt,args...) \ 308 do { } while (0) 309#endif /* VERBOSE */ 310 311#define ERROR(fsg,fmt,args...) \ 312 xprintk(fsg , KERN_ERR , fmt , ## args) 313#define LERROR(lun,fmt,args...) \ 314 yprintk(lun , KERN_ERR , fmt , ## args) 315 316#define WARN(fsg,fmt,args...) \ 317 xprintk(fsg , KERN_WARNING , fmt , ## args) 318#define LWARN(lun,fmt,args...) \ 319 yprintk(lun , KERN_WARNING , fmt , ## args) 320 321#define INFO(fsg,fmt,args...) \ 322 xprintk(fsg , KERN_INFO , fmt , ## args) 323#define LINFO(lun,fmt,args...) \ 324 yprintk(lun , KERN_INFO , fmt , ## args) 325 326#define MINFO(fmt,args...) \ 327 printk(KERN_INFO DRIVER_NAME ": " fmt , ## args) 328 329 330/*-------------------------------------------------------------------------*/ 331 332/* Encapsulate the module parameter settings */ 333 334#define MAX_LUNS 8 335 336 /* Arggh! There should be a module_param_array_named macro! */ 337static char *file[MAX_LUNS] = {NULL, }; 338static int ro[MAX_LUNS] = {0, }; 339 340static struct { 341 int num_filenames; 342 int num_ros; 343 unsigned int nluns; 344 345 int removable; 346 int can_stall; 347 348 char *transport_parm; 349 char *protocol_parm; 350 unsigned short vendor; 351 unsigned short product; 352 unsigned short release; 353 unsigned int buflen; 354 355 int transport_type; 356 char *transport_name; 357 int protocol_type; 358 char *protocol_name; 359 360} mod_data = { // Default values 361 .transport_parm = "BBB", 362 .protocol_parm = "SCSI", 363 .removable = 0, 364 .can_stall = 1, 365 .vendor = DRIVER_VENDOR_ID, 366 .product = DRIVER_PRODUCT_ID, 367 .release = 0xffff, // Use controller chip type 368 .buflen = 16384, 369 }; 370 371 372module_param_array(file, charp, &mod_data.num_filenames, S_IRUGO); 373MODULE_PARM_DESC(file, "names of backing files or devices"); 374 375module_param_array(ro, bool, &mod_data.num_ros, S_IRUGO); 376MODULE_PARM_DESC(ro, "true to force read-only"); 377 378module_param_named(luns, mod_data.nluns, uint, S_IRUGO); 379MODULE_PARM_DESC(luns, "number of LUNs"); 380 381module_param_named(removable, mod_data.removable, bool, S_IRUGO); 382MODULE_PARM_DESC(removable, "true to simulate removable media"); 383 384module_param_named(stall, mod_data.can_stall, bool, S_IRUGO); 385MODULE_PARM_DESC(stall, "false to prevent bulk stalls"); 386 387 388/* In the non-TEST version, only the module parameters listed above 389 * are available. */ 390#ifdef CONFIG_USB_FILE_STORAGE_TEST 391 392module_param_named(transport, mod_data.transport_parm, charp, S_IRUGO); 393MODULE_PARM_DESC(transport, "type of transport (BBB, CBI, or CB)"); 394 395module_param_named(protocol, mod_data.protocol_parm, charp, S_IRUGO); 396MODULE_PARM_DESC(protocol, "type of protocol (RBC, 8020, QIC, UFI, " 397 "8070, or SCSI)"); 398 399module_param_named(vendor, mod_data.vendor, ushort, S_IRUGO); 400MODULE_PARM_DESC(vendor, "USB Vendor ID"); 401 402module_param_named(product, mod_data.product, ushort, S_IRUGO); 403MODULE_PARM_DESC(product, "USB Product ID"); 404 405module_param_named(release, mod_data.release, ushort, S_IRUGO); 406MODULE_PARM_DESC(release, "USB release number"); 407 408module_param_named(buflen, mod_data.buflen, uint, S_IRUGO); 409MODULE_PARM_DESC(buflen, "I/O buffer size"); 410 411#endif /* CONFIG_USB_FILE_STORAGE_TEST */ 412 413 414/*-------------------------------------------------------------------------*/ 415 416/* USB protocol value = the transport method */ 417#define USB_PR_CBI 0x00 // Control/Bulk/Interrupt 418#define USB_PR_CB 0x01 // Control/Bulk w/o interrupt 419#define USB_PR_BULK 0x50 // Bulk-only 420 421/* USB subclass value = the protocol encapsulation */ 422#define USB_SC_RBC 0x01 // Reduced Block Commands (flash) 423#define USB_SC_8020 0x02 // SFF-8020i, MMC-2, ATAPI (CD-ROM) 424#define USB_SC_QIC 0x03 // QIC-157 (tape) 425#define USB_SC_UFI 0x04 // UFI (floppy) 426#define USB_SC_8070 0x05 // SFF-8070i (removable) 427#define USB_SC_SCSI 0x06 // Transparent SCSI 428 429/* Bulk-only data structures */ 430 431/* Command Block Wrapper */ 432struct bulk_cb_wrap { 433 __le32 Signature; // Contains 'USBC' 434 u32 Tag; // Unique per command id 435 __le32 DataTransferLength; // Size of the data 436 u8 Flags; // Direction in bit 7 437 u8 Lun; // LUN (normally 0) 438 u8 Length; // Of the CDB, <= MAX_COMMAND_SIZE 439 u8 CDB[16]; // Command Data Block 440}; 441 442#define USB_BULK_CB_WRAP_LEN 31 443#define USB_BULK_CB_SIG 0x43425355 // Spells out USBC 444#define USB_BULK_IN_FLAG 0x80 445 446/* Command Status Wrapper */ 447struct bulk_cs_wrap { 448 __le32 Signature; // Should = 'USBS' 449 u32 Tag; // Same as original command 450 __le32 Residue; // Amount not transferred 451 u8 Status; // See below 452}; 453 454#define USB_BULK_CS_WRAP_LEN 13 455#define USB_BULK_CS_SIG 0x53425355 // Spells out 'USBS' 456#define USB_STATUS_PASS 0 457#define USB_STATUS_FAIL 1 458#define USB_STATUS_PHASE_ERROR 2 459 460/* Bulk-only class specific requests */ 461#define USB_BULK_RESET_REQUEST 0xff 462#define USB_BULK_GET_MAX_LUN_REQUEST 0xfe 463 464 465/* CBI Interrupt data structure */ 466struct interrupt_data { 467 u8 bType; 468 u8 bValue; 469}; 470 471#define CBI_INTERRUPT_DATA_LEN 2 472 473/* CBI Accept Device-Specific Command request */ 474#define USB_CBI_ADSC_REQUEST 0x00 475 476 477#define MAX_COMMAND_SIZE 16 // Length of a SCSI Command Data Block 478 479/* SCSI commands that we recognize */ 480#define SC_FORMAT_UNIT 0x04 481#define SC_INQUIRY 0x12 482#define SC_MODE_SELECT_6 0x15 483#define SC_MODE_SELECT_10 0x55 484#define SC_MODE_SENSE_6 0x1a 485#define SC_MODE_SENSE_10 0x5a 486#define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e 487#define SC_READ_6 0x08 488#define SC_READ_10 0x28 489#define SC_READ_12 0xa8 490#define SC_READ_CAPACITY 0x25 491#define SC_READ_FORMAT_CAPACITIES 0x23 492#define SC_RELEASE 0x17 493#define SC_REQUEST_SENSE 0x03 494#define SC_RESERVE 0x16 495#define SC_SEND_DIAGNOSTIC 0x1d 496#define SC_START_STOP_UNIT 0x1b 497#define SC_SYNCHRONIZE_CACHE 0x35 498#define SC_TEST_UNIT_READY 0x00 499#define SC_VERIFY 0x2f 500#define SC_WRITE_6 0x0a 501#define SC_WRITE_10 0x2a 502#define SC_WRITE_12 0xaa 503 504/* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */ 505#define SS_NO_SENSE 0 506#define SS_COMMUNICATION_FAILURE 0x040800 507#define SS_INVALID_COMMAND 0x052000 508#define SS_INVALID_FIELD_IN_CDB 0x052400 509#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100 510#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500 511#define SS_MEDIUM_NOT_PRESENT 0x023a00 512#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302 513#define SS_NOT_READY_TO_READY_TRANSITION 0x062800 514#define SS_RESET_OCCURRED 0x062900 515#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900 516#define SS_UNRECOVERED_READ_ERROR 0x031100 517#define SS_WRITE_ERROR 0x030c02 518#define SS_WRITE_PROTECTED 0x072700 519 520#define SK(x) ((u8) ((x) >> 16)) // Sense Key byte, etc. 521#define ASC(x) ((u8) ((x) >> 8)) 522#define ASCQ(x) ((u8) (x)) 523 524 525/*-------------------------------------------------------------------------*/ 526 527/* 528 * These definitions will permit the compiler to avoid generating code for 529 * parts of the driver that aren't used in the non-TEST version. Even gcc 530 * can recognize when a test of a constant expression yields a dead code 531 * path. 532 */ 533 534#ifdef CONFIG_USB_FILE_STORAGE_TEST 535 536#define transport_is_bbb() (mod_data.transport_type == USB_PR_BULK) 537#define transport_is_cbi() (mod_data.transport_type == USB_PR_CBI) 538#define protocol_is_scsi() (mod_data.protocol_type == USB_SC_SCSI) 539 540#else 541 542#define transport_is_bbb() 1 543#define transport_is_cbi() 0 544#define protocol_is_scsi() 1 545 546#endif /* CONFIG_USB_FILE_STORAGE_TEST */ 547 548 549struct lun { 550 struct file *filp; 551 loff_t file_length; 552 loff_t num_sectors; 553 554 unsigned int ro : 1; 555 unsigned int prevent_medium_removal : 1; 556 unsigned int registered : 1; 557 558 u32 sense_data; 559 u32 sense_data_info; 560 u32 unit_attention_data; 561 562 struct device dev; 563}; 564 565#define backing_file_is_open(curlun) ((curlun)->filp != NULL) 566 567static inline struct lun *dev_to_lun(struct device *dev) 568{ 569 return container_of(dev, struct lun, dev); 570} 571 572 573/* Big enough to hold our biggest descriptor */ 574#define EP0_BUFSIZE 256 575#define DELAYED_STATUS (EP0_BUFSIZE + 999) // An impossibly large value 576 577/* Number of buffers we will use. 2 is enough for double-buffering */ 578#define NUM_BUFFERS 2 579 580enum fsg_buffer_state { 581 BUF_STATE_EMPTY = 0, 582 BUF_STATE_FULL, 583 BUF_STATE_BUSY 584}; 585 586struct fsg_buffhd { 587 void *buf; 588 dma_addr_t dma; 589 volatile enum fsg_buffer_state state; 590 struct fsg_buffhd *next; 591 592 /* The NetChip 2280 is faster, and handles some protocol faults 593 * better, if we don't submit any short bulk-out read requests. 594 * So we will record the intended request length here. */ 595 unsigned int bulk_out_intended_length; 596 597 struct usb_request *inreq; 598 volatile int inreq_busy; 599 struct usb_request *outreq; 600 volatile int outreq_busy; 601}; 602 603enum fsg_state { 604 FSG_STATE_COMMAND_PHASE = -10, // This one isn't used anywhere 605 FSG_STATE_DATA_PHASE, 606 FSG_STATE_STATUS_PHASE, 607 608 FSG_STATE_IDLE = 0, 609 FSG_STATE_ABORT_BULK_OUT, 610 FSG_STATE_RESET, 611 FSG_STATE_INTERFACE_CHANGE, 612 FSG_STATE_CONFIG_CHANGE, 613 FSG_STATE_DISCONNECT, 614 FSG_STATE_EXIT, 615 FSG_STATE_TERMINATED 616}; 617 618enum data_direction { 619 DATA_DIR_UNKNOWN = 0, 620 DATA_DIR_FROM_HOST, 621 DATA_DIR_TO_HOST, 622 DATA_DIR_NONE 623}; 624 625struct fsg_dev { 626 /* lock protects: state, all the req_busy's, and cbbuf_cmnd */ 627 spinlock_t lock; 628 struct usb_gadget *gadget; 629 630 /* filesem protects: backing files in use */ 631 struct rw_semaphore filesem; 632 633 struct usb_ep *ep0; // Handy copy of gadget->ep0 634 struct usb_request *ep0req; // For control responses 635 volatile unsigned int ep0_req_tag; 636 const char *ep0req_name; 637 638 struct usb_request *intreq; // For interrupt responses 639 volatile int intreq_busy; 640 struct fsg_buffhd *intr_buffhd; 641 642 unsigned int bulk_out_maxpacket; 643 enum fsg_state state; // For exception handling 644 unsigned int exception_req_tag; 645 646 u8 config, new_config; 647 648 unsigned int running : 1; 649 unsigned int bulk_in_enabled : 1; 650 unsigned int bulk_out_enabled : 1; 651 unsigned int intr_in_enabled : 1; 652 unsigned int phase_error : 1; 653 unsigned int short_packet_received : 1; 654 unsigned int bad_lun_okay : 1; 655 656 unsigned long atomic_bitflags; 657#define REGISTERED 0 658#define CLEAR_BULK_HALTS 1 659#define SUSPENDED 2 660 661 struct usb_ep *bulk_in; 662 struct usb_ep *bulk_out; 663 struct usb_ep *intr_in; 664 665 struct fsg_buffhd *next_buffhd_to_fill; 666 struct fsg_buffhd *next_buffhd_to_drain; 667 struct fsg_buffhd buffhds[NUM_BUFFERS]; 668 669 wait_queue_head_t thread_wqh; 670 int thread_wakeup_needed; 671 struct completion thread_notifier; 672 int thread_pid; 673 struct task_struct *thread_task; 674 sigset_t thread_signal_mask; 675 676 int cmnd_size; 677 u8 cmnd[MAX_COMMAND_SIZE]; 678 enum data_direction data_dir; 679 u32 data_size; 680 u32 data_size_from_cmnd; 681 u32 tag; 682 unsigned int lun; 683 u32 residue; 684 u32 usb_amount_left; 685 686 /* The CB protocol offers no way for a host to know when a command 687 * has completed. As a result the next command may arrive early, 688 * and we will still have to handle it. For that reason we need 689 * a buffer to store new commands when using CB (or CBI, which 690 * does not oblige a host to wait for command completion either). */ 691 int cbbuf_cmnd_size; 692 u8 cbbuf_cmnd[MAX_COMMAND_SIZE]; 693 694 unsigned int nluns; 695 struct lun *luns; 696 struct lun *curlun; 697 struct completion lun_released; 698}; 699 700typedef void (*fsg_routine_t)(struct fsg_dev *); 701 702static int inline exception_in_progress(struct fsg_dev *fsg) 703{ 704 return (fsg->state > FSG_STATE_IDLE); 705} 706 707/* Make bulk-out requests be divisible by the maxpacket size */ 708static void inline set_bulk_out_req_length(struct fsg_dev *fsg, 709 struct fsg_buffhd *bh, unsigned int length) 710{ 711 unsigned int rem; 712 713 bh->bulk_out_intended_length = length; 714 rem = length % fsg->bulk_out_maxpacket; 715 if (rem > 0) 716 length += fsg->bulk_out_maxpacket - rem; 717 bh->outreq->length = length; 718} 719 720static struct fsg_dev *the_fsg; 721static struct usb_gadget_driver fsg_driver; 722 723static void close_backing_file(struct lun *curlun); 724static void close_all_backing_files(struct fsg_dev *fsg); 725 726 727/*-------------------------------------------------------------------------*/ 728 729#ifdef DUMP_MSGS 730 731static void dump_msg(struct fsg_dev *fsg, const char *label, 732 const u8 *buf, unsigned int length) 733{ 734 unsigned int start, num, i; 735 char line[52], *p; 736 737 if (length >= 512) 738 return; 739 DBG(fsg, "%s, length %u:\n", label, length); 740 741 start = 0; 742 while (length > 0) { 743 num = min(length, 16u); 744 p = line; 745 for (i = 0; i < num; ++i) { 746 if (i == 8) 747 *p++ = ' '; 748 sprintf(p, " %02x", buf[i]); 749 p += 3; 750 } 751 *p = 0; 752 printk(KERN_DEBUG "%6x: %s\n", start, line); 753 buf += num; 754 start += num; 755 length -= num; 756 } 757} 758 759static void inline dump_cdb(struct fsg_dev *fsg) 760{} 761 762#else 763 764static void inline dump_msg(struct fsg_dev *fsg, const char *label, 765 const u8 *buf, unsigned int length) 766{} 767 768static void inline dump_cdb(struct fsg_dev *fsg) 769{ 770 int i; 771 char cmdbuf[3*MAX_COMMAND_SIZE + 1]; 772 773 for (i = 0; i < fsg->cmnd_size; ++i) 774 sprintf(cmdbuf + i*3, " %02x", fsg->cmnd[i]); 775 VDBG(fsg, "SCSI CDB: %s\n", cmdbuf); 776} 777 778#endif /* DUMP_MSGS */ 779 780 781static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep) 782{ 783 const char *name; 784 785 if (ep == fsg->bulk_in) 786 name = "bulk-in"; 787 else if (ep == fsg->bulk_out) 788 name = "bulk-out"; 789 else 790 name = ep->name; 791 DBG(fsg, "%s set halt\n", name); 792 return usb_ep_set_halt(ep); 793} 794 795 796/*-------------------------------------------------------------------------*/ 797 798/* Routines for unaligned data access */ 799 800static u16 inline get_be16(u8 *buf) 801{ 802 return ((u16) buf[0] << 8) | ((u16) buf[1]); 803} 804 805static u32 inline get_be32(u8 *buf) 806{ 807 return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | 808 ((u32) buf[2] << 8) | ((u32) buf[3]); 809} 810 811static void inline put_be16(u8 *buf, u16 val) 812{ 813 buf[0] = val >> 8; 814 buf[1] = val; 815} 816 817static void inline put_be32(u8 *buf, u32 val) 818{ 819 buf[0] = val >> 24; 820 buf[1] = val >> 16; 821 buf[2] = val >> 8; 822 buf[3] = val; 823} 824 825 826/*-------------------------------------------------------------------------*/ 827 828/* 829 * DESCRIPTORS ... most are static, but strings and (full) configuration 830 * descriptors are built on demand. Also the (static) config and interface 831 * descriptors are adjusted during fsg_bind(). 832 */ 833#define STRING_MANUFACTURER 1 834#define STRING_PRODUCT 2 835#define STRING_SERIAL 3 836#define STRING_CONFIG 4 837#define STRING_INTERFACE 5 838 839/* There is only one configuration. */ 840#define CONFIG_VALUE 1 841 842static struct usb_device_descriptor 843device_desc = { 844 .bLength = sizeof device_desc, 845 .bDescriptorType = USB_DT_DEVICE, 846 847 .bcdUSB = __constant_cpu_to_le16(0x0200), 848 .bDeviceClass = USB_CLASS_PER_INTERFACE, 849 850 /* The next three values can be overridden by module parameters */ 851 .idVendor = __constant_cpu_to_le16(DRIVER_VENDOR_ID), 852 .idProduct = __constant_cpu_to_le16(DRIVER_PRODUCT_ID), 853 .bcdDevice = __constant_cpu_to_le16(0xffff), 854 855 .iManufacturer = STRING_MANUFACTURER, 856 .iProduct = STRING_PRODUCT, 857 .iSerialNumber = STRING_SERIAL, 858 .bNumConfigurations = 1, 859}; 860 861static struct usb_config_descriptor 862config_desc = { 863 .bLength = sizeof config_desc, 864 .bDescriptorType = USB_DT_CONFIG, 865 866 /* wTotalLength computed by usb_gadget_config_buf() */ 867 .bNumInterfaces = 1, 868 .bConfigurationValue = CONFIG_VALUE, 869 .iConfiguration = STRING_CONFIG, 870 .bmAttributes = USB_CONFIG_ATT_ONE | USB_CONFIG_ATT_SELFPOWER, 871 .bMaxPower = 1, // self-powered 872}; 873 874static struct usb_otg_descriptor 875otg_desc = { 876 .bLength = sizeof(otg_desc), 877 .bDescriptorType = USB_DT_OTG, 878 879 .bmAttributes = USB_OTG_SRP, 880}; 881 882/* There is only one interface. */ 883 884static struct usb_interface_descriptor 885intf_desc = { 886 .bLength = sizeof intf_desc, 887 .bDescriptorType = USB_DT_INTERFACE, 888 889 .bNumEndpoints = 2, // Adjusted during fsg_bind() 890 .bInterfaceClass = USB_CLASS_MASS_STORAGE, 891 .bInterfaceSubClass = USB_SC_SCSI, // Adjusted during fsg_bind() 892 .bInterfaceProtocol = USB_PR_BULK, // Adjusted during fsg_bind() 893 .iInterface = STRING_INTERFACE, 894}; 895 896/* Three full-speed endpoint descriptors: bulk-in, bulk-out, 897 * and interrupt-in. */ 898 899static struct usb_endpoint_descriptor 900fs_bulk_in_desc = { 901 .bLength = USB_DT_ENDPOINT_SIZE, 902 .bDescriptorType = USB_DT_ENDPOINT, 903 904 .bEndpointAddress = USB_DIR_IN, 905 .bmAttributes = USB_ENDPOINT_XFER_BULK, 906 /* wMaxPacketSize set by autoconfiguration */ 907}; 908 909static struct usb_endpoint_descriptor 910fs_bulk_out_desc = { 911 .bLength = USB_DT_ENDPOINT_SIZE, 912 .bDescriptorType = USB_DT_ENDPOINT, 913 914 .bEndpointAddress = USB_DIR_OUT, 915 .bmAttributes = USB_ENDPOINT_XFER_BULK, 916 /* wMaxPacketSize set by autoconfiguration */ 917}; 918 919static struct usb_endpoint_descriptor 920fs_intr_in_desc = { 921 .bLength = USB_DT_ENDPOINT_SIZE, 922 .bDescriptorType = USB_DT_ENDPOINT, 923 924 .bEndpointAddress = USB_DIR_IN, 925 .bmAttributes = USB_ENDPOINT_XFER_INT, 926 .wMaxPacketSize = __constant_cpu_to_le16(2), 927 .bInterval = 32, // frames -> 32 ms 928}; 929 930static const struct usb_descriptor_header *fs_function[] = { 931 (struct usb_descriptor_header *) &otg_desc, 932 (struct usb_descriptor_header *) &intf_desc, 933 (struct usb_descriptor_header *) &fs_bulk_in_desc, 934 (struct usb_descriptor_header *) &fs_bulk_out_desc, 935 (struct usb_descriptor_header *) &fs_intr_in_desc, 936 NULL, 937}; 938#define FS_FUNCTION_PRE_EP_ENTRIES 2 939 940 941#ifdef CONFIG_USB_GADGET_DUALSPEED 942 943/* 944 * USB 2.0 devices need to expose both high speed and full speed 945 * descriptors, unless they only run at full speed. 946 * 947 * That means alternate endpoint descriptors (bigger packets) 948 * and a "device qualifier" ... plus more construction options 949 * for the config descriptor. 950 */ 951static struct usb_qualifier_descriptor 952dev_qualifier = { 953 .bLength = sizeof dev_qualifier, 954 .bDescriptorType = USB_DT_DEVICE_QUALIFIER, 955 956 .bcdUSB = __constant_cpu_to_le16(0x0200), 957 .bDeviceClass = USB_CLASS_PER_INTERFACE, 958 959 .bNumConfigurations = 1, 960}; 961 962static struct usb_endpoint_descriptor 963hs_bulk_in_desc = { 964 .bLength = USB_DT_ENDPOINT_SIZE, 965 .bDescriptorType = USB_DT_ENDPOINT, 966 967 /* bEndpointAddress copied from fs_bulk_in_desc during fsg_bind() */ 968 .bmAttributes = USB_ENDPOINT_XFER_BULK, 969 .wMaxPacketSize = __constant_cpu_to_le16(512), 970}; 971 972static struct usb_endpoint_descriptor 973hs_bulk_out_desc = { 974 .bLength = USB_DT_ENDPOINT_SIZE, 975 .bDescriptorType = USB_DT_ENDPOINT, 976 977 /* bEndpointAddress copied from fs_bulk_out_desc during fsg_bind() */ 978 .bmAttributes = USB_ENDPOINT_XFER_BULK, 979 .wMaxPacketSize = __constant_cpu_to_le16(512), 980 .bInterval = 1, // NAK every 1 uframe 981}; 982 983static struct usb_endpoint_descriptor 984hs_intr_in_desc = { 985 .bLength = USB_DT_ENDPOINT_SIZE, 986 .bDescriptorType = USB_DT_ENDPOINT, 987 988 /* bEndpointAddress copied from fs_intr_in_desc during fsg_bind() */ 989 .bmAttributes = USB_ENDPOINT_XFER_INT, 990 .wMaxPacketSize = __constant_cpu_to_le16(2), 991 .bInterval = 9, // 2**(9-1) = 256 uframes -> 32 ms 992}; 993 994static const struct usb_descriptor_header *hs_function[] = { 995 (struct usb_descriptor_header *) &otg_desc, 996 (struct usb_descriptor_header *) &intf_desc, 997 (struct usb_descriptor_header *) &hs_bulk_in_desc, 998 (struct usb_descriptor_header *) &hs_bulk_out_desc, 999 (struct usb_descriptor_header *) &hs_intr_in_desc, 1000 NULL, 1001}; 1002#define HS_FUNCTION_PRE_EP_ENTRIES 2 1003 1004/* Maxpacket and other transfer characteristics vary by speed. */ 1005#define ep_desc(g,fs,hs) (((g)->speed==USB_SPEED_HIGH) ? (hs) : (fs)) 1006 1007#else 1008 1009/* If there's no high speed support, always use the full-speed descriptor. */ 1010#define ep_desc(g,fs,hs) fs 1011 1012#endif /* !CONFIG_USB_GADGET_DUALSPEED */ 1013 1014 1015/* The CBI specification limits the serial string to 12 uppercase hexadecimal 1016 * characters. */ 1017static char manufacturer[64]; 1018static char serial[13]; 1019 1020/* Static strings, in UTF-8 (for simplicity we use only ASCII characters) */ 1021static struct usb_string strings[] = { 1022 {STRING_MANUFACTURER, manufacturer}, 1023 {STRING_PRODUCT, longname}, 1024 {STRING_SERIAL, serial}, 1025 {STRING_CONFIG, "Self-powered"}, 1026 {STRING_INTERFACE, "Mass Storage"}, 1027 {} 1028}; 1029 1030static struct usb_gadget_strings stringtab = { 1031 .language = 0x0409, // en-us 1032 .strings = strings, 1033}; 1034 1035 1036/* 1037 * Config descriptors must agree with the code that sets configurations 1038 * and with code managing interfaces and their altsettings. They must 1039 * also handle different speeds and other-speed requests. 1040 */ 1041static int populate_config_buf(struct usb_gadget *gadget, 1042 u8 *buf, u8 type, unsigned index) 1043{ 1044#ifdef CONFIG_USB_GADGET_DUALSPEED 1045 enum usb_device_speed speed = gadget->speed; 1046#endif 1047 int len; 1048 const struct usb_descriptor_header **function; 1049 1050 if (index > 0) 1051 return -EINVAL; 1052 1053#ifdef CONFIG_USB_GADGET_DUALSPEED 1054 if (type == USB_DT_OTHER_SPEED_CONFIG) 1055 speed = (USB_SPEED_FULL + USB_SPEED_HIGH) - speed; 1056 if (speed == USB_SPEED_HIGH) 1057 function = hs_function; 1058 else 1059#endif 1060 function = fs_function; 1061 1062 /* for now, don't advertise srp-only devices */ 1063 if (!gadget->is_otg) 1064 function++; 1065 1066 len = usb_gadget_config_buf(&config_desc, buf, EP0_BUFSIZE, function); 1067 ((struct usb_config_descriptor *) buf)->bDescriptorType = type; 1068 return len; 1069} 1070 1071 1072/*-------------------------------------------------------------------------*/ 1073 1074/* These routines may be called in process context or in_irq */ 1075 1076static void wakeup_thread(struct fsg_dev *fsg) 1077{ 1078 /* Tell the main thread that something has happened */ 1079 fsg->thread_wakeup_needed = 1; 1080 wake_up_all(&fsg->thread_wqh); 1081} 1082 1083 1084static void raise_exception(struct fsg_dev *fsg, enum fsg_state new_state) 1085{ 1086 unsigned long flags; 1087 struct task_struct *thread_task; 1088 1089 /* Do nothing if a higher-priority exception is already in progress. 1090 * If a lower-or-equal priority exception is in progress, preempt it 1091 * and notify the main thread by sending it a signal. */ 1092 spin_lock_irqsave(&fsg->lock, flags); 1093 if (fsg->state <= new_state) { 1094 fsg->exception_req_tag = fsg->ep0_req_tag; 1095 fsg->state = new_state; 1096 thread_task = fsg->thread_task; 1097 if (thread_task) 1098 send_sig_info(SIGUSR1, SEND_SIG_FORCED, thread_task); 1099 } 1100 spin_unlock_irqrestore(&fsg->lock, flags); 1101} 1102 1103 1104/*-------------------------------------------------------------------------*/ 1105 1106/* The disconnect callback and ep0 routines. These always run in_irq, 1107 * except that ep0_queue() is called in the main thread to acknowledge 1108 * completion of various requests: set config, set interface, and 1109 * Bulk-only device reset. */ 1110 1111static void fsg_disconnect(struct usb_gadget *gadget) 1112{ 1113 struct fsg_dev *fsg = get_gadget_data(gadget); 1114 1115 DBG(fsg, "disconnect or port reset\n"); 1116 raise_exception(fsg, FSG_STATE_DISCONNECT); 1117} 1118 1119 1120static int ep0_queue(struct fsg_dev *fsg) 1121{ 1122 int rc; 1123 1124 rc = usb_ep_queue(fsg->ep0, fsg->ep0req, GFP_ATOMIC); 1125 if (rc != 0 && rc != -ESHUTDOWN) { 1126 1127 /* We can't do much more than wait for a reset */ 1128 WARN(fsg, "error in submission: %s --> %d\n", 1129 fsg->ep0->name, rc); 1130 } 1131 return rc; 1132} 1133 1134static void ep0_complete(struct usb_ep *ep, struct usb_request *req) 1135{ 1136 struct fsg_dev *fsg = (struct fsg_dev *) ep->driver_data; 1137 1138 if (req->actual > 0) 1139 dump_msg(fsg, fsg->ep0req_name, req->buf, req->actual); 1140 if (req->status || req->actual != req->length) 1141 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1142 req->status, req->actual, req->length); 1143 if (req->status == -ECONNRESET) // Request was cancelled 1144 usb_ep_fifo_flush(ep); 1145 1146 if (req->status == 0 && req->context) 1147 ((fsg_routine_t) (req->context))(fsg); 1148} 1149 1150 1151/*-------------------------------------------------------------------------*/ 1152 1153/* Bulk and interrupt endpoint completion handlers. 1154 * These always run in_irq. */ 1155 1156static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req) 1157{ 1158 struct fsg_dev *fsg = (struct fsg_dev *) ep->driver_data; 1159 struct fsg_buffhd *bh = (struct fsg_buffhd *) req->context; 1160 1161 if (req->status || req->actual != req->length) 1162 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1163 req->status, req->actual, req->length); 1164 if (req->status == -ECONNRESET) // Request was cancelled 1165 usb_ep_fifo_flush(ep); 1166 1167 /* Hold the lock while we update the request and buffer states */ 1168 spin_lock(&fsg->lock); 1169 bh->inreq_busy = 0; 1170 bh->state = BUF_STATE_EMPTY; 1171 spin_unlock(&fsg->lock); 1172 wakeup_thread(fsg); 1173} 1174 1175static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req) 1176{ 1177 struct fsg_dev *fsg = (struct fsg_dev *) ep->driver_data; 1178 struct fsg_buffhd *bh = (struct fsg_buffhd *) req->context; 1179 1180 dump_msg(fsg, "bulk-out", req->buf, req->actual); 1181 if (req->status || req->actual != bh->bulk_out_intended_length) 1182 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1183 req->status, req->actual, 1184 bh->bulk_out_intended_length); 1185 if (req->status == -ECONNRESET) // Request was cancelled 1186 usb_ep_fifo_flush(ep); 1187 1188 /* Hold the lock while we update the request and buffer states */ 1189 spin_lock(&fsg->lock); 1190 bh->outreq_busy = 0; 1191 bh->state = BUF_STATE_FULL; 1192 spin_unlock(&fsg->lock); 1193 wakeup_thread(fsg); 1194} 1195 1196 1197#ifdef CONFIG_USB_FILE_STORAGE_TEST 1198static void intr_in_complete(struct usb_ep *ep, struct usb_request *req) 1199{ 1200 struct fsg_dev *fsg = (struct fsg_dev *) ep->driver_data; 1201 struct fsg_buffhd *bh = (struct fsg_buffhd *) req->context; 1202 1203 if (req->status || req->actual != req->length) 1204 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1205 req->status, req->actual, req->length); 1206 if (req->status == -ECONNRESET) // Request was cancelled 1207 usb_ep_fifo_flush(ep); 1208 1209 /* Hold the lock while we update the request and buffer states */ 1210 spin_lock(&fsg->lock); 1211 fsg->intreq_busy = 0; 1212 bh->state = BUF_STATE_EMPTY; 1213 spin_unlock(&fsg->lock); 1214 wakeup_thread(fsg); 1215} 1216 1217#else 1218static void intr_in_complete(struct usb_ep *ep, struct usb_request *req) 1219{} 1220#endif /* CONFIG_USB_FILE_STORAGE_TEST */ 1221 1222 1223/*-------------------------------------------------------------------------*/ 1224 1225/* Ep0 class-specific handlers. These always run in_irq. */ 1226 1227#ifdef CONFIG_USB_FILE_STORAGE_TEST 1228static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh) 1229{ 1230 struct usb_request *req = fsg->ep0req; 1231 static u8 cbi_reset_cmnd[6] = { 1232 SC_SEND_DIAGNOSTIC, 4, 0xff, 0xff, 0xff, 0xff}; 1233 1234 /* Error in command transfer? */ 1235 if (req->status || req->length != req->actual || 1236 req->actual < 6 || req->actual > MAX_COMMAND_SIZE) { 1237 1238 /* Not all controllers allow a protocol stall after 1239 * receiving control-out data, but we'll try anyway. */ 1240 fsg_set_halt(fsg, fsg->ep0); 1241 return; // Wait for reset 1242 } 1243 1244 /* Is it the special reset command? */ 1245 if (req->actual >= sizeof cbi_reset_cmnd && 1246 memcmp(req->buf, cbi_reset_cmnd, 1247 sizeof cbi_reset_cmnd) == 0) { 1248 1249 /* Raise an exception to stop the current operation 1250 * and reinitialize our state. */ 1251 DBG(fsg, "cbi reset request\n"); 1252 raise_exception(fsg, FSG_STATE_RESET); 1253 return; 1254 } 1255 1256 VDBG(fsg, "CB[I] accept device-specific command\n"); 1257 spin_lock(&fsg->lock); 1258 1259 /* Save the command for later */ 1260 if (fsg->cbbuf_cmnd_size) 1261 WARN(fsg, "CB[I] overwriting previous command\n"); 1262 fsg->cbbuf_cmnd_size = req->actual; 1263 memcpy(fsg->cbbuf_cmnd, req->buf, fsg->cbbuf_cmnd_size); 1264 1265 spin_unlock(&fsg->lock); 1266 wakeup_thread(fsg); 1267} 1268 1269#else 1270static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh) 1271{} 1272#endif /* CONFIG_USB_FILE_STORAGE_TEST */ 1273 1274 1275static int class_setup_req(struct fsg_dev *fsg, 1276 const struct usb_ctrlrequest *ctrl) 1277{ 1278 struct usb_request *req = fsg->ep0req; 1279 int value = -EOPNOTSUPP; 1280 u16 w_index = ctrl->wIndex; 1281 u16 w_length = ctrl->wLength; 1282 1283 if (!fsg->config) 1284 return value; 1285 1286 /* Handle Bulk-only class-specific requests */ 1287 if (transport_is_bbb()) { 1288 switch (ctrl->bRequest) { 1289 1290 case USB_BULK_RESET_REQUEST: 1291 if (ctrl->bRequestType != (USB_DIR_OUT | 1292 USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 1293 break; 1294 if (w_index != 0) { 1295 value = -EDOM; 1296 break; 1297 } 1298 1299 /* Raise an exception to stop the current operation 1300 * and reinitialize our state. */ 1301 DBG(fsg, "bulk reset request\n"); 1302 raise_exception(fsg, FSG_STATE_RESET); 1303 value = DELAYED_STATUS; 1304 break; 1305 1306 case USB_BULK_GET_MAX_LUN_REQUEST: 1307 if (ctrl->bRequestType != (USB_DIR_IN | 1308 USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 1309 break; 1310 if (w_index != 0) { 1311 value = -EDOM; 1312 break; 1313 } 1314 VDBG(fsg, "get max LUN\n"); 1315 *(u8 *) req->buf = fsg->nluns - 1; 1316 value = 1; 1317 break; 1318 } 1319 } 1320 1321 /* Handle CBI class-specific requests */ 1322 else { 1323 switch (ctrl->bRequest) { 1324 1325 case USB_CBI_ADSC_REQUEST: 1326 if (ctrl->bRequestType != (USB_DIR_OUT | 1327 USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 1328 break; 1329 if (w_index != 0) { 1330 value = -EDOM; 1331 break; 1332 } 1333 if (w_length > MAX_COMMAND_SIZE) { 1334 value = -EOVERFLOW; 1335 break; 1336 } 1337 value = w_length; 1338 fsg->ep0req->context = received_cbi_adsc; 1339 break; 1340 } 1341 } 1342 1343 if (value == -EOPNOTSUPP) 1344 VDBG(fsg, 1345 "unknown class-specific control req " 1346 "%02x.%02x v%04x i%04x l%u\n", 1347 ctrl->bRequestType, ctrl->bRequest, 1348 ctrl->wValue, w_index, w_length); 1349 return value; 1350} 1351 1352 1353/*-------------------------------------------------------------------------*/ 1354 1355/* Ep0 standard request handlers. These always run in_irq. */ 1356 1357static int standard_setup_req(struct fsg_dev *fsg, 1358 const struct usb_ctrlrequest *ctrl) 1359{ 1360 struct usb_request *req = fsg->ep0req; 1361 int value = -EOPNOTSUPP; 1362 u16 w_index = ctrl->wIndex; 1363 u16 w_value = ctrl->wValue; 1364 1365 /* Usually this just stores reply data in the pre-allocated ep0 buffer, 1366 * but config change events will also reconfigure hardware. */ 1367 switch (ctrl->bRequest) { 1368 1369 case USB_REQ_GET_DESCRIPTOR: 1370 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD | 1371 USB_RECIP_DEVICE)) 1372 break; 1373 switch (w_value >> 8) { 1374 1375 case USB_DT_DEVICE: 1376 VDBG(fsg, "get device descriptor\n"); 1377 value = sizeof device_desc; 1378 memcpy(req->buf, &device_desc, value); 1379 break; 1380#ifdef CONFIG_USB_GADGET_DUALSPEED 1381 case USB_DT_DEVICE_QUALIFIER: 1382 VDBG(fsg, "get device qualifier\n"); 1383 if (!fsg->gadget->is_dualspeed) 1384 break; 1385 value = sizeof dev_qualifier; 1386 memcpy(req->buf, &dev_qualifier, value); 1387 break; 1388 1389 case USB_DT_OTHER_SPEED_CONFIG: 1390 VDBG(fsg, "get other-speed config descriptor\n"); 1391 if (!fsg->gadget->is_dualspeed) 1392 break; 1393 goto get_config; 1394#endif 1395 case USB_DT_CONFIG: 1396 VDBG(fsg, "get configuration descriptor\n"); 1397#ifdef CONFIG_USB_GADGET_DUALSPEED 1398 get_config: 1399#endif 1400 value = populate_config_buf(fsg->gadget, 1401 req->buf, 1402 w_value >> 8, 1403 w_value & 0xff); 1404 break; 1405 1406 case USB_DT_STRING: 1407 VDBG(fsg, "get string descriptor\n"); 1408 1409 /* wIndex == language code */ 1410 value = usb_gadget_get_string(&stringtab, 1411 w_value & 0xff, req->buf); 1412 break; 1413 } 1414 break; 1415 1416 /* One config, two speeds */ 1417 case USB_REQ_SET_CONFIGURATION: 1418 if (ctrl->bRequestType != (USB_DIR_OUT | USB_TYPE_STANDARD | 1419 USB_RECIP_DEVICE)) 1420 break; 1421 VDBG(fsg, "set configuration\n"); 1422 if (w_value == CONFIG_VALUE || w_value == 0) { 1423 fsg->new_config = w_value; 1424 1425 /* Raise an exception to wipe out previous transaction 1426 * state (queued bufs, etc) and set the new config. */ 1427 raise_exception(fsg, FSG_STATE_CONFIG_CHANGE); 1428 value = DELAYED_STATUS; 1429 } 1430 break; 1431 case USB_REQ_GET_CONFIGURATION: 1432 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD | 1433 USB_RECIP_DEVICE)) 1434 break; 1435 VDBG(fsg, "get configuration\n"); 1436 *(u8 *) req->buf = fsg->config; 1437 value = 1; 1438 break; 1439 1440 case USB_REQ_SET_INTERFACE: 1441 if (ctrl->bRequestType != (USB_DIR_OUT| USB_TYPE_STANDARD | 1442 USB_RECIP_INTERFACE)) 1443 break; 1444 if (fsg->config && w_index == 0) { 1445 1446 /* Raise an exception to wipe out previous transaction 1447 * state (queued bufs, etc) and install the new 1448 * interface altsetting. */ 1449 raise_exception(fsg, FSG_STATE_INTERFACE_CHANGE); 1450 value = DELAYED_STATUS; 1451 } 1452 break; 1453 case USB_REQ_GET_INTERFACE: 1454 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD | 1455 USB_RECIP_INTERFACE)) 1456 break; 1457 if (!fsg->config) 1458 break; 1459 if (w_index != 0) { 1460 value = -EDOM; 1461 break; 1462 } 1463 VDBG(fsg, "get interface\n"); 1464 *(u8 *) req->buf = 0; 1465 value = 1; 1466 break; 1467 1468 default: 1469 VDBG(fsg, 1470 "unknown control req %02x.%02x v%04x i%04x l%u\n", 1471 ctrl->bRequestType, ctrl->bRequest, 1472 w_value, w_index, ctrl->wLength); 1473 } 1474 1475 return value; 1476} 1477 1478 1479static int fsg_setup(struct usb_gadget *gadget, 1480 const struct usb_ctrlrequest *ctrl) 1481{ 1482 struct fsg_dev *fsg = get_gadget_data(gadget); 1483 int rc; 1484 int w_length = ctrl->wLength; 1485 1486 ++fsg->ep0_req_tag; // Record arrival of a new request 1487 fsg->ep0req->context = NULL; 1488 fsg->ep0req->length = 0; 1489 dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl)); 1490 1491 if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS) 1492 rc = class_setup_req(fsg, ctrl); 1493 else 1494 rc = standard_setup_req(fsg, ctrl); 1495 1496 /* Respond with data/status or defer until later? */ 1497 if (rc >= 0 && rc != DELAYED_STATUS) { 1498 rc = min(rc, w_length); 1499 fsg->ep0req->length = rc; 1500 fsg->ep0req->zero = (rc < w_length && 1501 (rc % gadget->ep0->maxpacket) == 0); 1502 fsg->ep0req_name = (ctrl->bRequestType & USB_DIR_IN ? 1503 "ep0-in" : "ep0-out"); 1504 rc = ep0_queue(fsg); 1505 } 1506 1507 /* Device either stalls (rc < 0) or reports success */ 1508 return rc; 1509} 1510 1511 1512/*-------------------------------------------------------------------------*/ 1513 1514/* All the following routines run in process context */ 1515 1516 1517/* Use this for bulk or interrupt transfers, not ep0 */ 1518static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep, 1519 struct usb_request *req, volatile int *pbusy, 1520 volatile enum fsg_buffer_state *state) 1521{ 1522 int rc; 1523 1524 if (ep == fsg->bulk_in) 1525 dump_msg(fsg, "bulk-in", req->buf, req->length); 1526 else if (ep == fsg->intr_in) 1527 dump_msg(fsg, "intr-in", req->buf, req->length); 1528 *pbusy = 1; 1529 *state = BUF_STATE_BUSY; 1530 rc = usb_ep_queue(ep, req, GFP_KERNEL); 1531 if (rc != 0) { 1532 *pbusy = 0; 1533 *state = BUF_STATE_EMPTY; 1534 1535 /* We can't do much more than wait for a reset */ 1536 1537 /* Note: currently the net2280 driver fails zero-length 1538 * submissions if DMA is enabled. */ 1539 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP && 1540 req->length == 0)) 1541 WARN(fsg, "error in submission: %s --> %d\n", 1542 ep->name, rc); 1543 } 1544} 1545 1546 1547static int sleep_thread(struct fsg_dev *fsg) 1548{ 1549 int rc; 1550 1551 /* Wait until a signal arrives or we are woken up */ 1552 rc = wait_event_interruptible(fsg->thread_wqh, 1553 fsg->thread_wakeup_needed); 1554 fsg->thread_wakeup_needed = 0; 1555 try_to_freeze(); 1556 return (rc ? -EINTR : 0); 1557} 1558 1559 1560/*-------------------------------------------------------------------------*/ 1561 1562static int do_read(struct fsg_dev *fsg) 1563{ 1564 struct lun *curlun = fsg->curlun; 1565 u32 lba; 1566 struct fsg_buffhd *bh; 1567 int rc; 1568 u32 amount_left; 1569 loff_t file_offset, file_offset_tmp; 1570 unsigned int amount; 1571 unsigned int partial_page; 1572 ssize_t nread; 1573 1574 /* Get the starting Logical Block Address and check that it's 1575 * not too big */ 1576 if (fsg->cmnd[0] == SC_READ_6) 1577 lba = (fsg->cmnd[1] << 16) | get_be16(&fsg->cmnd[2]); 1578 else { 1579 lba = get_be32(&fsg->cmnd[2]); 1580 1581 /* We allow DPO (Disable Page Out = don't save data in the 1582 * cache) and FUA (Force Unit Access = don't read from the 1583 * cache), but we don't implement them. */ 1584 if ((fsg->cmnd[1] & ~0x18) != 0) { 1585 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1586 return -EINVAL; 1587 } 1588 } 1589 if (lba >= curlun->num_sectors) { 1590 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1591 return -EINVAL; 1592 } 1593 file_offset = ((loff_t) lba) << 9; 1594 1595 /* Carry out the file reads */ 1596 amount_left = fsg->data_size_from_cmnd; 1597 if (unlikely(amount_left == 0)) 1598 return -EIO; // No default reply 1599 1600 for (;;) { 1601 1602 /* Figure out how much we need to read: 1603 * Try to read the remaining amount. 1604 * But don't read more than the buffer size. 1605 * And don't try to read past the end of the file. 1606 * Finally, if we're not at a page boundary, don't read past 1607 * the next page. 1608 * If this means reading 0 then we were asked to read past 1609 * the end of file. */ 1610 amount = min((unsigned int) amount_left, mod_data.buflen); 1611 amount = min((loff_t) amount, 1612 curlun->file_length - file_offset); 1613 partial_page = file_offset & (PAGE_CACHE_SIZE - 1); 1614 if (partial_page > 0) 1615 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE - 1616 partial_page); 1617 1618 /* Wait for the next buffer to become available */ 1619 bh = fsg->next_buffhd_to_fill; 1620 while (bh->state != BUF_STATE_EMPTY) { 1621 if ((rc = sleep_thread(fsg)) != 0) 1622 return rc; 1623 } 1624 1625 /* If we were asked to read past the end of file, 1626 * end with an empty buffer. */ 1627 if (amount == 0) { 1628 curlun->sense_data = 1629 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1630 curlun->sense_data_info = file_offset >> 9; 1631 bh->inreq->length = 0; 1632 bh->state = BUF_STATE_FULL; 1633 break; 1634 } 1635 1636 /* Perform the read */ 1637 file_offset_tmp = file_offset; 1638 nread = vfs_read(curlun->filp, 1639 (char __user *) bh->buf, 1640 amount, &file_offset_tmp); 1641 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 1642 (unsigned long long) file_offset, 1643 (int) nread); 1644 if (signal_pending(current)) 1645 return -EINTR; 1646 1647 if (nread < 0) { 1648 LDBG(curlun, "error in file read: %d\n", 1649 (int) nread); 1650 nread = 0; 1651 } else if (nread < amount) { 1652 LDBG(curlun, "partial file read: %d/%u\n", 1653 (int) nread, amount); 1654 nread -= (nread & 511); // Round down to a block 1655 } 1656 file_offset += nread; 1657 amount_left -= nread; 1658 fsg->residue -= nread; 1659 bh->inreq->length = nread; 1660 bh->state = BUF_STATE_FULL; 1661 1662 /* If an error occurred, report it and its position */ 1663 if (nread < amount) { 1664 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 1665 curlun->sense_data_info = file_offset >> 9; 1666 break; 1667 } 1668 1669 if (amount_left == 0) 1670 break; // No more left to read 1671 1672 /* Send this buffer and go read some more */ 1673 bh->inreq->zero = 0; 1674 start_transfer(fsg, fsg->bulk_in, bh->inreq, 1675 &bh->inreq_busy, &bh->state); 1676 fsg->next_buffhd_to_fill = bh->next; 1677 } 1678 1679 return -EIO; // No default reply 1680} 1681 1682 1683/*-------------------------------------------------------------------------*/ 1684 1685static int do_write(struct fsg_dev *fsg) 1686{ 1687 struct lun *curlun = fsg->curlun; 1688 u32 lba; 1689 struct fsg_buffhd *bh; 1690 int get_some_more; 1691 u32 amount_left_to_req, amount_left_to_write; 1692 loff_t usb_offset, file_offset, file_offset_tmp; 1693 unsigned int amount; 1694 unsigned int partial_page; 1695 ssize_t nwritten; 1696 int rc; 1697 1698 if (curlun->ro) { 1699 curlun->sense_data = SS_WRITE_PROTECTED; 1700 return -EINVAL; 1701 } 1702 curlun->filp->f_flags &= ~O_SYNC; // Default is not to wait 1703 1704 /* Get the starting Logical Block Address and check that it's 1705 * not too big */ 1706 if (fsg->cmnd[0] == SC_WRITE_6) 1707 lba = (fsg->cmnd[1] << 16) | get_be16(&fsg->cmnd[2]); 1708 else { 1709 lba = get_be32(&fsg->cmnd[2]); 1710 1711 /* We allow DPO (Disable Page Out = don't save data in the 1712 * cache) and FUA (Force Unit Access = write directly to the 1713 * medium). We don't implement DPO; we implement FUA by 1714 * performing synchronous output. */ 1715 if ((fsg->cmnd[1] & ~0x18) != 0) { 1716 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1717 return -EINVAL; 1718 } 1719 if (fsg->cmnd[1] & 0x08) // FUA 1720 curlun->filp->f_flags |= O_SYNC; 1721 } 1722 if (lba >= curlun->num_sectors) { 1723 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1724 return -EINVAL; 1725 } 1726 1727 /* Carry out the file writes */ 1728 get_some_more = 1; 1729 file_offset = usb_offset = ((loff_t) lba) << 9; 1730 amount_left_to_req = amount_left_to_write = fsg->data_size_from_cmnd; 1731 1732 while (amount_left_to_write > 0) { 1733 1734 /* Queue a request for more data from the host */ 1735 bh = fsg->next_buffhd_to_fill; 1736 if (bh->state == BUF_STATE_EMPTY && get_some_more) { 1737 1738 /* Figure out how much we want to get: 1739 * Try to get the remaining amount. 1740 * But don't get more than the buffer size. 1741 * And don't try to go past the end of the file. 1742 * If we're not at a page boundary, 1743 * don't go past the next page. 1744 * If this means getting 0, then we were asked 1745 * to write past the end of file. 1746 * Finally, round down to a block boundary. */ 1747 amount = min(amount_left_to_req, mod_data.buflen); 1748 amount = min((loff_t) amount, curlun->file_length - 1749 usb_offset); 1750 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1); 1751 if (partial_page > 0) 1752 amount = min(amount, 1753 (unsigned int) PAGE_CACHE_SIZE - partial_page); 1754 1755 if (amount == 0) { 1756 get_some_more = 0; 1757 curlun->sense_data = 1758 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1759 curlun->sense_data_info = usb_offset >> 9; 1760 continue; 1761 } 1762 amount -= (amount & 511); 1763 if (amount == 0) { 1764 1765 /* Why were we were asked to transfer a 1766 * partial block? */ 1767 get_some_more = 0; 1768 continue; 1769 } 1770 1771 /* Get the next buffer */ 1772 usb_offset += amount; 1773 fsg->usb_amount_left -= amount; 1774 amount_left_to_req -= amount; 1775 if (amount_left_to_req == 0) 1776 get_some_more = 0; 1777 1778 /* amount is always divisible by 512, hence by 1779 * the bulk-out maxpacket size */ 1780 bh->outreq->length = bh->bulk_out_intended_length = 1781 amount; 1782 start_transfer(fsg, fsg->bulk_out, bh->outreq, 1783 &bh->outreq_busy, &bh->state); 1784 fsg->next_buffhd_to_fill = bh->next; 1785 continue; 1786 } 1787 1788 /* Write the received data to the backing file */ 1789 bh = fsg->next_buffhd_to_drain; 1790 if (bh->state == BUF_STATE_EMPTY && !get_some_more) 1791 break; // We stopped early 1792 if (bh->state == BUF_STATE_FULL) { 1793 fsg->next_buffhd_to_drain = bh->next; 1794 bh->state = BUF_STATE_EMPTY; 1795 1796 /* Did something go wrong with the transfer? */ 1797 if (bh->outreq->status != 0) { 1798 curlun->sense_data = SS_COMMUNICATION_FAILURE; 1799 curlun->sense_data_info = file_offset >> 9; 1800 break; 1801 } 1802 1803 amount = bh->outreq->actual; 1804 if (curlun->file_length - file_offset < amount) { 1805 LERROR(curlun, 1806 "write %u @ %llu beyond end %llu\n", 1807 amount, (unsigned long long) file_offset, 1808 (unsigned long long) curlun->file_length); 1809 amount = curlun->file_length - file_offset; 1810 } 1811 1812 /* Perform the write */ 1813 file_offset_tmp = file_offset; 1814 nwritten = vfs_write(curlun->filp, 1815 (char __user *) bh->buf, 1816 amount, &file_offset_tmp); 1817 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount, 1818 (unsigned long long) file_offset, 1819 (int) nwritten); 1820 if (signal_pending(current)) 1821 return -EINTR; // Interrupted! 1822 1823 if (nwritten < 0) { 1824 LDBG(curlun, "error in file write: %d\n", 1825 (int) nwritten); 1826 nwritten = 0; 1827 } else if (nwritten < amount) { 1828 LDBG(curlun, "partial file write: %d/%u\n", 1829 (int) nwritten, amount); 1830 nwritten -= (nwritten & 511); 1831 // Round down to a block 1832 } 1833 file_offset += nwritten; 1834 amount_left_to_write -= nwritten; 1835 fsg->residue -= nwritten; 1836 1837 /* If an error occurred, report it and its position */ 1838 if (nwritten < amount) { 1839 curlun->sense_data = SS_WRITE_ERROR; 1840 curlun->sense_data_info = file_offset >> 9; 1841 break; 1842 } 1843 1844 /* Did the host decide to stop early? */ 1845 if (bh->outreq->actual != bh->outreq->length) { 1846 fsg->short_packet_received = 1; 1847 break; 1848 } 1849 continue; 1850 } 1851 1852 /* Wait for something to happen */ 1853 if ((rc = sleep_thread(fsg)) != 0) 1854 return rc; 1855 } 1856 1857 return -EIO; // No default reply 1858} 1859 1860 1861/*-------------------------------------------------------------------------*/ 1862 1863/* Sync the file data, don't bother with the metadata. 1864 * This code was copied from fs/buffer.c:sys_fdatasync(). */ 1865static int fsync_sub(struct lun *curlun) 1866{ 1867 struct file *filp = curlun->filp; 1868 struct inode *inode; 1869 int rc, err; 1870 1871 if (curlun->ro || !filp) 1872 return 0; 1873 if (!filp->f_op->fsync) 1874 return -EINVAL; 1875 1876 inode = filp->f_dentry->d_inode; 1877 down(&inode->i_sem); 1878 current->flags |= PF_SYNCWRITE; 1879 rc = filemap_fdatawrite(inode->i_mapping); 1880 err = filp->f_op->fsync(filp, filp->f_dentry, 1); 1881 if (!rc) 1882 rc = err; 1883 err = filemap_fdatawait(inode->i_mapping); 1884 if (!rc) 1885 rc = err; 1886 current->flags &= ~PF_SYNCWRITE; 1887 up(&inode->i_sem); 1888 VLDBG(curlun, "fdatasync -> %d\n", rc); 1889 return rc; 1890} 1891 1892static void fsync_all(struct fsg_dev *fsg) 1893{ 1894 int i; 1895 1896 for (i = 0; i < fsg->nluns; ++i) 1897 fsync_sub(&fsg->luns[i]); 1898} 1899 1900static int do_synchronize_cache(struct fsg_dev *fsg) 1901{ 1902 struct lun *curlun = fsg->curlun; 1903 int rc; 1904 1905 /* We ignore the requested LBA and write out all file's 1906 * dirty data buffers. */ 1907 rc = fsync_sub(curlun); 1908 if (rc) 1909 curlun->sense_data = SS_WRITE_ERROR; 1910 return 0; 1911} 1912 1913 1914/*-------------------------------------------------------------------------*/ 1915 1916static void invalidate_sub(struct lun *curlun) 1917{ 1918 struct file *filp = curlun->filp; 1919 struct inode *inode = filp->f_dentry->d_inode; 1920 unsigned long rc; 1921 1922 rc = invalidate_inode_pages(inode->i_mapping); 1923 VLDBG(curlun, "invalidate_inode_pages -> %ld\n", rc); 1924} 1925 1926static int do_verify(struct fsg_dev *fsg) 1927{ 1928 struct lun *curlun = fsg->curlun; 1929 u32 lba; 1930 u32 verification_length; 1931 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill; 1932 loff_t file_offset, file_offset_tmp; 1933 u32 amount_left; 1934 unsigned int amount; 1935 ssize_t nread; 1936 1937 /* Get the starting Logical Block Address and check that it's 1938 * not too big */ 1939 lba = get_be32(&fsg->cmnd[2]); 1940 if (lba >= curlun->num_sectors) { 1941 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1942 return -EINVAL; 1943 } 1944 1945 /* We allow DPO (Disable Page Out = don't save data in the 1946 * cache) but we don't implement it. */ 1947 if ((fsg->cmnd[1] & ~0x10) != 0) { 1948 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1949 return -EINVAL; 1950 } 1951 1952 verification_length = get_be16(&fsg->cmnd[7]); 1953 if (unlikely(verification_length == 0)) 1954 return -EIO; // No default reply 1955 1956 /* Prepare to carry out the file verify */ 1957 amount_left = verification_length << 9; 1958 file_offset = ((loff_t) lba) << 9; 1959 1960 /* Write out all the dirty buffers before invalidating them */ 1961 fsync_sub(curlun); 1962 if (signal_pending(current)) 1963 return -EINTR; 1964 1965 invalidate_sub(curlun); 1966 if (signal_pending(current)) 1967 return -EINTR; 1968 1969 /* Just try to read the requested blocks */ 1970 while (amount_left > 0) { 1971 1972 /* Figure out how much we need to read: 1973 * Try to read the remaining amount, but not more than 1974 * the buffer size. 1975 * And don't try to read past the end of the file. 1976 * If this means reading 0 then we were asked to read 1977 * past the end of file. */ 1978 amount = min((unsigned int) amount_left, mod_data.buflen); 1979 amount = min((loff_t) amount, 1980 curlun->file_length - file_offset); 1981 if (amount == 0) { 1982 curlun->sense_data = 1983 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1984 curlun->sense_data_info = file_offset >> 9; 1985 break; 1986 } 1987 1988 /* Perform the read */ 1989 file_offset_tmp = file_offset; 1990 nread = vfs_read(curlun->filp, 1991 (char __user *) bh->buf, 1992 amount, &file_offset_tmp); 1993 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 1994 (unsigned long long) file_offset, 1995 (int) nread); 1996 if (signal_pending(current)) 1997 return -EINTR; 1998 1999 if (nread < 0) { 2000 LDBG(curlun, "error in file verify: %d\n", 2001 (int) nread); 2002 nread = 0; 2003 } else if (nread < amount) { 2004 LDBG(curlun, "partial file verify: %d/%u\n", 2005 (int) nread, amount); 2006 nread -= (nread & 511); // Round down to a sector 2007 } 2008 if (nread == 0) { 2009 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 2010 curlun->sense_data_info = file_offset >> 9; 2011 break; 2012 } 2013 file_offset += nread; 2014 amount_left -= nread; 2015 } 2016 return 0; 2017} 2018 2019 2020/*-------------------------------------------------------------------------*/ 2021 2022static int do_inquiry(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2023{ 2024 u8 *buf = (u8 *) bh->buf; 2025 2026 static char vendor_id[] = "Linux "; 2027 static char product_id[] = "File-Stor Gadget"; 2028 2029 if (!fsg->curlun) { // Unsupported LUNs are okay 2030 fsg->bad_lun_okay = 1; 2031 memset(buf, 0, 36); 2032 buf[0] = 0x7f; // Unsupported, no device-type 2033 return 36; 2034 } 2035 2036 memset(buf, 0, 8); // Non-removable, direct-access device 2037 if (mod_data.removable) 2038 buf[1] = 0x80; 2039 buf[2] = 2; // ANSI SCSI level 2 2040 buf[3] = 2; // SCSI-2 INQUIRY data format 2041 buf[4] = 31; // Additional length 2042 // No special options 2043 sprintf(buf + 8, "%-8s%-16s%04x", vendor_id, product_id, 2044 mod_data.release); 2045 return 36; 2046} 2047 2048 2049static int do_request_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2050{ 2051 struct lun *curlun = fsg->curlun; 2052 u8 *buf = (u8 *) bh->buf; 2053 u32 sd, sdinfo; 2054 2055 /* 2056 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 2057 * 2058 * If a REQUEST SENSE command is received from an initiator 2059 * with a pending unit attention condition (before the target 2060 * generates the contingent allegiance condition), then the 2061 * target shall either: 2062 * a) report any pending sense data and preserve the unit 2063 * attention condition on the logical unit, or, 2064 * b) report the unit attention condition, may discard any 2065 * pending sense data, and clear the unit attention 2066 * condition on the logical unit for that initiator. 2067 * 2068 * FSG normally uses option a); enable this code to use option b). 2069 */ 2070#if 0 2071 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) { 2072 curlun->sense_data = curlun->unit_attention_data; 2073 curlun->unit_attention_data = SS_NO_SENSE; 2074 } 2075#endif 2076 2077 if (!curlun) { // Unsupported LUNs are okay 2078 fsg->bad_lun_okay = 1; 2079 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 2080 sdinfo = 0; 2081 } else { 2082 sd = curlun->sense_data; 2083 sdinfo = curlun->sense_data_info; 2084 curlun->sense_data = SS_NO_SENSE; 2085 curlun->sense_data_info = 0; 2086 } 2087 2088 memset(buf, 0, 18); 2089 buf[0] = 0x80 | 0x70; // Valid, current error 2090 buf[2] = SK(sd); 2091 put_be32(&buf[3], sdinfo); // Sense information 2092 buf[7] = 18 - 8; // Additional sense length 2093 buf[12] = ASC(sd); 2094 buf[13] = ASCQ(sd); 2095 return 18; 2096} 2097 2098 2099static int do_read_capacity(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2100{ 2101 struct lun *curlun = fsg->curlun; 2102 u32 lba = get_be32(&fsg->cmnd[2]); 2103 int pmi = fsg->cmnd[8]; 2104 u8 *buf = (u8 *) bh->buf; 2105 2106 /* Check the PMI and LBA fields */ 2107 if (pmi > 1 || (pmi == 0 && lba != 0)) { 2108 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2109 return -EINVAL; 2110 } 2111 2112 put_be32(&buf[0], curlun->num_sectors - 1); // Max logical block 2113 put_be32(&buf[4], 512); // Block length 2114 return 8; 2115} 2116 2117 2118static int do_mode_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2119{ 2120 struct lun *curlun = fsg->curlun; 2121 int mscmnd = fsg->cmnd[0]; 2122 u8 *buf = (u8 *) bh->buf; 2123 u8 *buf0 = buf; 2124 int pc, page_code; 2125 int changeable_values, all_pages; 2126 int valid_page = 0; 2127 int len, limit; 2128 2129 if ((fsg->cmnd[1] & ~0x08) != 0) { // Mask away DBD 2130 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2131 return -EINVAL; 2132 } 2133 pc = fsg->cmnd[2] >> 6; 2134 page_code = fsg->cmnd[2] & 0x3f; 2135 if (pc == 3) { 2136 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 2137 return -EINVAL; 2138 } 2139 changeable_values = (pc == 1); 2140 all_pages = (page_code == 0x3f); 2141 2142 /* Write the mode parameter header. Fixed values are: default 2143 * medium type, no cache control (DPOFUA), and no block descriptors. 2144 * The only variable value is the WriteProtect bit. We will fill in 2145 * the mode data length later. */ 2146 memset(buf, 0, 8); 2147 if (mscmnd == SC_MODE_SENSE_6) { 2148 buf[2] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA 2149 buf += 4; 2150 limit = 255; 2151 } else { // SC_MODE_SENSE_10 2152 buf[3] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA 2153 buf += 8; 2154 limit = 65535; // Should really be mod_data.buflen 2155 } 2156 2157 /* No block descriptors */ 2158 2159 /* The mode pages, in numerical order. The only page we support 2160 * is the Caching page. */ 2161 if (page_code == 0x08 || all_pages) { 2162 valid_page = 1; 2163 buf[0] = 0x08; // Page code 2164 buf[1] = 10; // Page length 2165 memset(buf+2, 0, 10); // None of the fields are changeable 2166 2167 if (!changeable_values) { 2168 buf[2] = 0x04; // Write cache enable, 2169 // Read cache not disabled 2170 // No cache retention priorities 2171 put_be16(&buf[4], 0xffff); // Don't disable prefetch 2172 // Minimum prefetch = 0 2173 put_be16(&buf[8], 0xffff); // Maximum prefetch 2174 put_be16(&buf[10], 0xffff); // Maximum prefetch ceiling 2175 } 2176 buf += 12; 2177 } 2178 2179 /* Check that a valid page was requested and the mode data length 2180 * isn't too long. */ 2181 len = buf - buf0; 2182 if (!valid_page || len > limit) { 2183 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2184 return -EINVAL; 2185 } 2186 2187 /* Store the mode data length */ 2188 if (mscmnd == SC_MODE_SENSE_6) 2189 buf0[0] = len - 1; 2190 else 2191 put_be16(buf0, len - 2); 2192 return len; 2193} 2194 2195 2196static int do_start_stop(struct fsg_dev *fsg) 2197{ 2198 struct lun *curlun = fsg->curlun; 2199 int loej, start; 2200 2201 if (!mod_data.removable) { 2202 curlun->sense_data = SS_INVALID_COMMAND; 2203 return -EINVAL; 2204 } 2205 2206 // int immed = fsg->cmnd[1] & 0x01; 2207 loej = fsg->cmnd[4] & 0x02; 2208 start = fsg->cmnd[4] & 0x01; 2209 2210#ifdef CONFIG_USB_FILE_STORAGE_TEST 2211 if ((fsg->cmnd[1] & ~0x01) != 0 || // Mask away Immed 2212 (fsg->cmnd[4] & ~0x03) != 0) { // Mask LoEj, Start 2213 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2214 return -EINVAL; 2215 } 2216 2217 if (!start) { 2218 2219 /* Are we allowed to unload the media? */ 2220 if (curlun->prevent_medium_removal) { 2221 LDBG(curlun, "unload attempt prevented\n"); 2222 curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED; 2223 return -EINVAL; 2224 } 2225 if (loej) { // Simulate an unload/eject 2226 up_read(&fsg->filesem); 2227 down_write(&fsg->filesem); 2228 close_backing_file(curlun); 2229 up_write(&fsg->filesem); 2230 down_read(&fsg->filesem); 2231 } 2232 } else { 2233 2234 /* Our emulation doesn't support mounting; the medium is 2235 * available for use as soon as it is loaded. */ 2236 if (!backing_file_is_open(curlun)) { 2237 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 2238 return -EINVAL; 2239 } 2240 } 2241#endif 2242 return 0; 2243} 2244 2245 2246static int do_prevent_allow(struct fsg_dev *fsg) 2247{ 2248 struct lun *curlun = fsg->curlun; 2249 int prevent; 2250 2251 if (!mod_data.removable) { 2252 curlun->sense_data = SS_INVALID_COMMAND; 2253 return -EINVAL; 2254 } 2255 2256 prevent = fsg->cmnd[4] & 0x01; 2257 if ((fsg->cmnd[4] & ~0x01) != 0) { // Mask away Prevent 2258 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2259 return -EINVAL; 2260 } 2261 2262 if (curlun->prevent_medium_removal && !prevent) 2263 fsync_sub(curlun); 2264 curlun->prevent_medium_removal = prevent; 2265 return 0; 2266} 2267 2268 2269static int do_read_format_capacities(struct fsg_dev *fsg, 2270 struct fsg_buffhd *bh) 2271{ 2272 struct lun *curlun = fsg->curlun; 2273 u8 *buf = (u8 *) bh->buf; 2274 2275 buf[0] = buf[1] = buf[2] = 0; 2276 buf[3] = 8; // Only the Current/Maximum Capacity Descriptor 2277 buf += 4; 2278 2279 put_be32(&buf[0], curlun->num_sectors); // Number of blocks 2280 put_be32(&buf[4], 512); // Block length 2281 buf[4] = 0x02; // Current capacity 2282 return 12; 2283} 2284 2285 2286static int do_mode_select(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2287{ 2288 struct lun *curlun = fsg->curlun; 2289 2290 /* We don't support MODE SELECT */ 2291 curlun->sense_data = SS_INVALID_COMMAND; 2292 return -EINVAL; 2293} 2294 2295 2296/*-------------------------------------------------------------------------*/ 2297 2298static int halt_bulk_in_endpoint(struct fsg_dev *fsg) 2299{ 2300 int rc; 2301 2302 rc = fsg_set_halt(fsg, fsg->bulk_in); 2303 if (rc == -EAGAIN) 2304 VDBG(fsg, "delayed bulk-in endpoint halt\n"); 2305 while (rc != 0) { 2306 if (rc != -EAGAIN) { 2307 WARN(fsg, "usb_ep_set_halt -> %d\n", rc); 2308 rc = 0; 2309 break; 2310 } 2311 2312 /* Wait for a short time and then try again */ 2313 if (msleep_interruptible(100) != 0) 2314 return -EINTR; 2315 rc = usb_ep_set_halt(fsg->bulk_in); 2316 } 2317 return rc; 2318} 2319 2320static int pad_with_zeros(struct fsg_dev *fsg) 2321{ 2322 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill; 2323 u32 nkeep = bh->inreq->length; 2324 u32 nsend; 2325 int rc; 2326 2327 bh->state = BUF_STATE_EMPTY; // For the first iteration 2328 fsg->usb_amount_left = nkeep + fsg->residue; 2329 while (fsg->usb_amount_left > 0) { 2330 2331 /* Wait for the next buffer to be free */ 2332 while (bh->state != BUF_STATE_EMPTY) { 2333 if ((rc = sleep_thread(fsg)) != 0) 2334 return rc; 2335 } 2336 2337 nsend = min(fsg->usb_amount_left, (u32) mod_data.buflen); 2338 memset(bh->buf + nkeep, 0, nsend - nkeep); 2339 bh->inreq->length = nsend; 2340 bh->inreq->zero = 0; 2341 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2342 &bh->inreq_busy, &bh->state); 2343 bh = fsg->next_buffhd_to_fill = bh->next; 2344 fsg->usb_amount_left -= nsend; 2345 nkeep = 0; 2346 } 2347 return 0; 2348} 2349 2350static int throw_away_data(struct fsg_dev *fsg) 2351{ 2352 struct fsg_buffhd *bh; 2353 u32 amount; 2354 int rc; 2355 2356 while ((bh = fsg->next_buffhd_to_drain)->state != BUF_STATE_EMPTY || 2357 fsg->usb_amount_left > 0) { 2358 2359 /* Throw away the data in a filled buffer */ 2360 if (bh->state == BUF_STATE_FULL) { 2361 bh->state = BUF_STATE_EMPTY; 2362 fsg->next_buffhd_to_drain = bh->next; 2363 2364 /* A short packet or an error ends everything */ 2365 if (bh->outreq->actual != bh->outreq->length || 2366 bh->outreq->status != 0) { 2367 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT); 2368 return -EINTR; 2369 } 2370 continue; 2371 } 2372 2373 /* Try to submit another request if we need one */ 2374 bh = fsg->next_buffhd_to_fill; 2375 if (bh->state == BUF_STATE_EMPTY && fsg->usb_amount_left > 0) { 2376 amount = min(fsg->usb_amount_left, 2377 (u32) mod_data.buflen); 2378 2379 /* amount is always divisible by 512, hence by 2380 * the bulk-out maxpacket size */ 2381 bh->outreq->length = bh->bulk_out_intended_length = 2382 amount; 2383 start_transfer(fsg, fsg->bulk_out, bh->outreq, 2384 &bh->outreq_busy, &bh->state); 2385 fsg->next_buffhd_to_fill = bh->next; 2386 fsg->usb_amount_left -= amount; 2387 continue; 2388 } 2389 2390 /* Otherwise wait for something to happen */ 2391 if ((rc = sleep_thread(fsg)) != 0) 2392 return rc; 2393 } 2394 return 0; 2395} 2396 2397 2398static int finish_reply(struct fsg_dev *fsg) 2399{ 2400 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill; 2401 int rc = 0; 2402 2403 switch (fsg->data_dir) { 2404 case DATA_DIR_NONE: 2405 break; // Nothing to send 2406 2407 /* If we don't know whether the host wants to read or write, 2408 * this must be CB or CBI with an unknown command. We mustn't 2409 * try to send or receive any data. So stall both bulk pipes 2410 * if we can and wait for a reset. */ 2411 case DATA_DIR_UNKNOWN: 2412 if (mod_data.can_stall) { 2413 fsg_set_halt(fsg, fsg->bulk_out); 2414 rc = halt_bulk_in_endpoint(fsg); 2415 } 2416 break; 2417 2418 /* All but the last buffer of data must have already been sent */ 2419 case DATA_DIR_TO_HOST: 2420 if (fsg->data_size == 0) 2421 ; // Nothing to send 2422 2423 /* If there's no residue, simply send the last buffer */ 2424 else if (fsg->residue == 0) { 2425 bh->inreq->zero = 0; 2426 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2427 &bh->inreq_busy, &bh->state); 2428 fsg->next_buffhd_to_fill = bh->next; 2429 } 2430 2431 /* There is a residue. For CB and CBI, simply mark the end 2432 * of the data with a short packet. However, if we are 2433 * allowed to stall, there was no data at all (residue == 2434 * data_size), and the command failed (invalid LUN or 2435 * sense data is set), then halt the bulk-in endpoint 2436 * instead. */ 2437 else if (!transport_is_bbb()) { 2438 if (mod_data.can_stall && 2439 fsg->residue == fsg->data_size && 2440 (!fsg->curlun || fsg->curlun->sense_data != SS_NO_SENSE)) { 2441 bh->state = BUF_STATE_EMPTY; 2442 rc = halt_bulk_in_endpoint(fsg); 2443 } else { 2444 bh->inreq->zero = 1; 2445 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2446 &bh->inreq_busy, &bh->state); 2447 fsg->next_buffhd_to_fill = bh->next; 2448 } 2449 } 2450 2451 /* For Bulk-only, if we're allowed to stall then send the 2452 * short packet and halt the bulk-in endpoint. If we can't 2453 * stall, pad out the remaining data with 0's. */ 2454 else { 2455 if (mod_data.can_stall) { 2456 bh->inreq->zero = 1; 2457 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2458 &bh->inreq_busy, &bh->state); 2459 fsg->next_buffhd_to_fill = bh->next; 2460 rc = halt_bulk_in_endpoint(fsg); 2461 } else 2462 rc = pad_with_zeros(fsg); 2463 } 2464 break; 2465 2466 /* We have processed all we want from the data the host has sent. 2467 * There may still be outstanding bulk-out requests. */ 2468 case DATA_DIR_FROM_HOST: 2469 if (fsg->residue == 0) 2470 ; // Nothing to receive 2471 2472 /* Did the host stop sending unexpectedly early? */ 2473 else if (fsg->short_packet_received) { 2474 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT); 2475 rc = -EINTR; 2476 } 2477 2478 /* We haven't processed all the incoming data. Even though 2479 * we may be allowed to stall, doing so would cause a race. 2480 * The controller may already have ACK'ed all the remaining 2481 * bulk-out packets, in which case the host wouldn't see a 2482 * STALL. Not realizing the endpoint was halted, it wouldn't 2483 * clear the halt -- leading to problems later on. */ 2484#if 0 2485 else if (mod_data.can_stall) { 2486 fsg_set_halt(fsg, fsg->bulk_out); 2487 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT); 2488 rc = -EINTR; 2489 } 2490#endif 2491 2492 /* We can't stall. Read in the excess data and throw it 2493 * all away. */ 2494 else 2495 rc = throw_away_data(fsg); 2496 break; 2497 } 2498 return rc; 2499} 2500 2501 2502static int send_status(struct fsg_dev *fsg) 2503{ 2504 struct lun *curlun = fsg->curlun; 2505 struct fsg_buffhd *bh; 2506 int rc; 2507 u8 status = USB_STATUS_PASS; 2508 u32 sd, sdinfo = 0; 2509 2510 /* Wait for the next buffer to become available */ 2511 bh = fsg->next_buffhd_to_fill; 2512 while (bh->state != BUF_STATE_EMPTY) { 2513 if ((rc = sleep_thread(fsg)) != 0) 2514 return rc; 2515 } 2516 2517 if (curlun) { 2518 sd = curlun->sense_data; 2519 sdinfo = curlun->sense_data_info; 2520 } else if (fsg->bad_lun_okay) 2521 sd = SS_NO_SENSE; 2522 else 2523 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 2524 2525 if (fsg->phase_error) { 2526 DBG(fsg, "sending phase-error status\n"); 2527 status = USB_STATUS_PHASE_ERROR; 2528 sd = SS_INVALID_COMMAND; 2529 } else if (sd != SS_NO_SENSE) { 2530 DBG(fsg, "sending command-failure status\n"); 2531 status = USB_STATUS_FAIL; 2532 VDBG(fsg, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;" 2533 " info x%x\n", 2534 SK(sd), ASC(sd), ASCQ(sd), sdinfo); 2535 } 2536 2537 if (transport_is_bbb()) { 2538 struct bulk_cs_wrap *csw = (struct bulk_cs_wrap *) bh->buf; 2539 2540 /* Store and send the Bulk-only CSW */ 2541 csw->Signature = __constant_cpu_to_le32(USB_BULK_CS_SIG); 2542 csw->Tag = fsg->tag; 2543 csw->Residue = cpu_to_le32(fsg->residue); 2544 csw->Status = status; 2545 2546 bh->inreq->length = USB_BULK_CS_WRAP_LEN; 2547 bh->inreq->zero = 0; 2548 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2549 &bh->inreq_busy, &bh->state); 2550 2551 } else if (mod_data.transport_type == USB_PR_CB) { 2552 2553 /* Control-Bulk transport has no status phase! */ 2554 return 0; 2555 2556 } else { // USB_PR_CBI 2557 struct interrupt_data *buf = (struct interrupt_data *) 2558 bh->buf; 2559 2560 /* Store and send the Interrupt data. UFI sends the ASC 2561 * and ASCQ bytes. Everything else sends a Type (which 2562 * is always 0) and the status Value. */ 2563 if (mod_data.protocol_type == USB_SC_UFI) { 2564 buf->bType = ASC(sd); 2565 buf->bValue = ASCQ(sd); 2566 } else { 2567 buf->bType = 0; 2568 buf->bValue = status; 2569 } 2570 fsg->intreq->length = CBI_INTERRUPT_DATA_LEN; 2571 2572 fsg->intr_buffhd = bh; // Point to the right buffhd 2573 fsg->intreq->buf = bh->inreq->buf; 2574 fsg->intreq->dma = bh->inreq->dma; 2575 fsg->intreq->context = bh; 2576 start_transfer(fsg, fsg->intr_in, fsg->intreq, 2577 &fsg->intreq_busy, &bh->state); 2578 } 2579 2580 fsg->next_buffhd_to_fill = bh->next; 2581 return 0; 2582} 2583 2584 2585/*-------------------------------------------------------------------------*/ 2586 2587/* Check whether the command is properly formed and whether its data size 2588 * and direction agree with the values we already have. */ 2589static int check_command(struct fsg_dev *fsg, int cmnd_size, 2590 enum data_direction data_dir, unsigned int mask, 2591 int needs_medium, const char *name) 2592{ 2593 int i; 2594 int lun = fsg->cmnd[1] >> 5; 2595 static const char dirletter[4] = {'u', 'o', 'i', 'n'}; 2596 char hdlen[20]; 2597 struct lun *curlun; 2598 2599 /* Adjust the expected cmnd_size for protocol encapsulation padding. 2600 * Transparent SCSI doesn't pad. */ 2601 if (protocol_is_scsi()) 2602 ; 2603 2604 /* There's some disagreement as to whether RBC pads commands or not. 2605 * We'll play it safe and accept either form. */ 2606 else if (mod_data.protocol_type == USB_SC_RBC) { 2607 if (fsg->cmnd_size == 12) 2608 cmnd_size = 12; 2609 2610 /* All the other protocols pad to 12 bytes */ 2611 } else 2612 cmnd_size = 12; 2613 2614 hdlen[0] = 0; 2615 if (fsg->data_dir != DATA_DIR_UNKNOWN) 2616 sprintf(hdlen, ", H%c=%u", dirletter[(int) fsg->data_dir], 2617 fsg->data_size); 2618 VDBG(fsg, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n", 2619 name, cmnd_size, dirletter[(int) data_dir], 2620 fsg->data_size_from_cmnd, fsg->cmnd_size, hdlen); 2621 2622 /* We can't reply at all until we know the correct data direction 2623 * and size. */ 2624 if (fsg->data_size_from_cmnd == 0) 2625 data_dir = DATA_DIR_NONE; 2626 if (fsg->data_dir == DATA_DIR_UNKNOWN) { // CB or CBI 2627 fsg->data_dir = data_dir; 2628 fsg->data_size = fsg->data_size_from_cmnd; 2629 2630 } else { // Bulk-only 2631 if (fsg->data_size < fsg->data_size_from_cmnd) { 2632 2633 /* Host data size < Device data size is a phase error. 2634 * Carry out the command, but only transfer as much 2635 * as we are allowed. */ 2636 fsg->data_size_from_cmnd = fsg->data_size; 2637 fsg->phase_error = 1; 2638 } 2639 } 2640 fsg->residue = fsg->usb_amount_left = fsg->data_size; 2641 2642 /* Conflicting data directions is a phase error */ 2643 if (fsg->data_dir != data_dir && fsg->data_size_from_cmnd > 0) { 2644 fsg->phase_error = 1; 2645 return -EINVAL; 2646 } 2647 2648 /* Verify the length of the command itself */ 2649 if (cmnd_size != fsg->cmnd_size) { 2650 2651 /* Special case workaround: MS-Windows issues REQUEST SENSE 2652 * with cbw->Length == 12 (it should be 6). */ 2653 if (fsg->cmnd[0] == SC_REQUEST_SENSE && fsg->cmnd_size == 12) 2654 cmnd_size = fsg->cmnd_size; 2655 else { 2656 fsg->phase_error = 1; 2657 return -EINVAL; 2658 } 2659 } 2660 2661 /* Check that the LUN values are consistent */ 2662 if (transport_is_bbb()) { 2663 if (fsg->lun != lun) 2664 DBG(fsg, "using LUN %d from CBW, " 2665 "not LUN %d from CDB\n", 2666 fsg->lun, lun); 2667 } else 2668 fsg->lun = lun; // Use LUN from the command 2669 2670 /* Check the LUN */ 2671 if (fsg->lun >= 0 && fsg->lun < fsg->nluns) { 2672 fsg->curlun = curlun = &fsg->luns[fsg->lun]; 2673 if (fsg->cmnd[0] != SC_REQUEST_SENSE) { 2674 curlun->sense_data = SS_NO_SENSE; 2675 curlun->sense_data_info = 0; 2676 } 2677 } else { 2678 fsg->curlun = curlun = NULL; 2679 fsg->bad_lun_okay = 0; 2680 2681 /* INQUIRY and REQUEST SENSE commands are explicitly allowed 2682 * to use unsupported LUNs; all others may not. */ 2683 if (fsg->cmnd[0] != SC_INQUIRY && 2684 fsg->cmnd[0] != SC_REQUEST_SENSE) { 2685 DBG(fsg, "unsupported LUN %d\n", fsg->lun); 2686 return -EINVAL; 2687 } 2688 } 2689 2690 /* If a unit attention condition exists, only INQUIRY and 2691 * REQUEST SENSE commands are allowed; anything else must fail. */ 2692 if (curlun && curlun->unit_attention_data != SS_NO_SENSE && 2693 fsg->cmnd[0] != SC_INQUIRY && 2694 fsg->cmnd[0] != SC_REQUEST_SENSE) { 2695 curlun->sense_data = curlun->unit_attention_data; 2696 curlun->unit_attention_data = SS_NO_SENSE; 2697 return -EINVAL; 2698 } 2699 2700 /* Check that only command bytes listed in the mask are non-zero */ 2701 fsg->cmnd[1] &= 0x1f; // Mask away the LUN 2702 for (i = 1; i < cmnd_size; ++i) { 2703 if (fsg->cmnd[i] && !(mask & (1 << i))) { 2704 if (curlun) 2705 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2706 return -EINVAL; 2707 } 2708 } 2709 2710 /* If the medium isn't mounted and the command needs to access 2711 * it, return an error. */ 2712 if (curlun && !backing_file_is_open(curlun) && needs_medium) { 2713 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 2714 return -EINVAL; 2715 } 2716 2717 return 0; 2718} 2719 2720 2721static int do_scsi_command(struct fsg_dev *fsg) 2722{ 2723 struct fsg_buffhd *bh; 2724 int rc; 2725 int reply = -EINVAL; 2726 int i; 2727 static char unknown[16]; 2728 2729 dump_cdb(fsg); 2730 2731 /* Wait for the next buffer to become available for data or status */ 2732 bh = fsg->next_buffhd_to_drain = fsg->next_buffhd_to_fill; 2733 while (bh->state != BUF_STATE_EMPTY) { 2734 if ((rc = sleep_thread(fsg)) != 0) 2735 return rc; 2736 } 2737 fsg->phase_error = 0; 2738 fsg->short_packet_received = 0; 2739 2740 down_read(&fsg->filesem); // We're using the backing file 2741 switch (fsg->cmnd[0]) { 2742 2743 case SC_INQUIRY: 2744 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2745 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2746 (1<<4), 0, 2747 "INQUIRY")) == 0) 2748 reply = do_inquiry(fsg, bh); 2749 break; 2750 2751 case SC_MODE_SELECT_6: 2752 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2753 if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST, 2754 (1<<1) | (1<<4), 0, 2755 "MODE SELECT(6)")) == 0) 2756 reply = do_mode_select(fsg, bh); 2757 break; 2758 2759 case SC_MODE_SELECT_10: 2760 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]); 2761 if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST, 2762 (1<<1) | (3<<7), 0, 2763 "MODE SELECT(10)")) == 0) 2764 reply = do_mode_select(fsg, bh); 2765 break; 2766 2767 case SC_MODE_SENSE_6: 2768 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2769 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2770 (1<<1) | (1<<2) | (1<<4), 0, 2771 "MODE SENSE(6)")) == 0) 2772 reply = do_mode_sense(fsg, bh); 2773 break; 2774 2775 case SC_MODE_SENSE_10: 2776 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]); 2777 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2778 (1<<1) | (1<<2) | (3<<7), 0, 2779 "MODE SENSE(10)")) == 0) 2780 reply = do_mode_sense(fsg, bh); 2781 break; 2782 2783 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL: 2784 fsg->data_size_from_cmnd = 0; 2785 if ((reply = check_command(fsg, 6, DATA_DIR_NONE, 2786 (1<<4), 0, 2787 "PREVENT-ALLOW MEDIUM REMOVAL")) == 0) 2788 reply = do_prevent_allow(fsg); 2789 break; 2790 2791 case SC_READ_6: 2792 i = fsg->cmnd[4]; 2793 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9; 2794 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2795 (7<<1) | (1<<4), 1, 2796 "READ(6)")) == 0) 2797 reply = do_read(fsg); 2798 break; 2799 2800 case SC_READ_10: 2801 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]) << 9; 2802 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2803 (1<<1) | (0xf<<2) | (3<<7), 1, 2804 "READ(10)")) == 0) 2805 reply = do_read(fsg); 2806 break; 2807 2808 case SC_READ_12: 2809 fsg->data_size_from_cmnd = get_be32(&fsg->cmnd[6]) << 9; 2810 if ((reply = check_command(fsg, 12, DATA_DIR_TO_HOST, 2811 (1<<1) | (0xf<<2) | (0xf<<6), 1, 2812 "READ(12)")) == 0) 2813 reply = do_read(fsg); 2814 break; 2815 2816 case SC_READ_CAPACITY: 2817 fsg->data_size_from_cmnd = 8; 2818 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2819 (0xf<<2) | (1<<8), 1, 2820 "READ CAPACITY")) == 0) 2821 reply = do_read_capacity(fsg, bh); 2822 break; 2823 2824 case SC_READ_FORMAT_CAPACITIES: 2825 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]); 2826 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2827 (3<<7), 1, 2828 "READ FORMAT CAPACITIES")) == 0) 2829 reply = do_read_format_capacities(fsg, bh); 2830 break; 2831 2832 case SC_REQUEST_SENSE: 2833 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2834 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2835 (1<<4), 0, 2836 "REQUEST SENSE")) == 0) 2837 reply = do_request_sense(fsg, bh); 2838 break; 2839 2840 case SC_START_STOP_UNIT: 2841 fsg->data_size_from_cmnd = 0; 2842 if ((reply = check_command(fsg, 6, DATA_DIR_NONE, 2843 (1<<1) | (1<<4), 0, 2844 "START-STOP UNIT")) == 0) 2845 reply = do_start_stop(fsg); 2846 break; 2847 2848 case SC_SYNCHRONIZE_CACHE: 2849 fsg->data_size_from_cmnd = 0; 2850 if ((reply = check_command(fsg, 10, DATA_DIR_NONE, 2851 (0xf<<2) | (3<<7), 1, 2852 "SYNCHRONIZE CACHE")) == 0) 2853 reply = do_synchronize_cache(fsg); 2854 break; 2855 2856 case SC_TEST_UNIT_READY: 2857 fsg->data_size_from_cmnd = 0; 2858 reply = check_command(fsg, 6, DATA_DIR_NONE, 2859 0, 1, 2860 "TEST UNIT READY"); 2861 break; 2862 2863 /* Although optional, this command is used by MS-Windows. We 2864 * support a minimal version: BytChk must be 0. */ 2865 case SC_VERIFY: 2866 fsg->data_size_from_cmnd = 0; 2867 if ((reply = check_command(fsg, 10, DATA_DIR_NONE, 2868 (1<<1) | (0xf<<2) | (3<<7), 1, 2869 "VERIFY")) == 0) 2870 reply = do_verify(fsg); 2871 break; 2872 2873 case SC_WRITE_6: 2874 i = fsg->cmnd[4]; 2875 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9; 2876 if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST, 2877 (7<<1) | (1<<4), 1, 2878 "WRITE(6)")) == 0) 2879 reply = do_write(fsg); 2880 break; 2881 2882 case SC_WRITE_10: 2883 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]) << 9; 2884 if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST, 2885 (1<<1) | (0xf<<2) | (3<<7), 1, 2886 "WRITE(10)")) == 0) 2887 reply = do_write(fsg); 2888 break; 2889 2890 case SC_WRITE_12: 2891 fsg->data_size_from_cmnd = get_be32(&fsg->cmnd[6]) << 9; 2892 if ((reply = check_command(fsg, 12, DATA_DIR_FROM_HOST, 2893 (1<<1) | (0xf<<2) | (0xf<<6), 1, 2894 "WRITE(12)")) == 0) 2895 reply = do_write(fsg); 2896 break; 2897 2898 /* Some mandatory commands that we recognize but don't implement. 2899 * They don't mean much in this setting. It's left as an exercise 2900 * for anyone interested to implement RESERVE and RELEASE in terms 2901 * of Posix locks. */ 2902 case SC_FORMAT_UNIT: 2903 case SC_RELEASE: 2904 case SC_RESERVE: 2905 case SC_SEND_DIAGNOSTIC: 2906 // Fall through 2907 2908 default: 2909 fsg->data_size_from_cmnd = 0; 2910 sprintf(unknown, "Unknown x%02x", fsg->cmnd[0]); 2911 if ((reply = check_command(fsg, fsg->cmnd_size, 2912 DATA_DIR_UNKNOWN, 0xff, 0, unknown)) == 0) { 2913 fsg->curlun->sense_data = SS_INVALID_COMMAND; 2914 reply = -EINVAL; 2915 } 2916 break; 2917 } 2918 up_read(&fsg->filesem); 2919 2920 if (reply == -EINTR || signal_pending(current)) 2921 return -EINTR; 2922 2923 /* Set up the single reply buffer for finish_reply() */ 2924 if (reply == -EINVAL) 2925 reply = 0; // Error reply length 2926 if (reply >= 0 && fsg->data_dir == DATA_DIR_TO_HOST) { 2927 reply = min((u32) reply, fsg->data_size_from_cmnd); 2928 bh->inreq->length = reply; 2929 bh->state = BUF_STATE_FULL; 2930 fsg->residue -= reply; 2931 } // Otherwise it's already set 2932 2933 return 0; 2934} 2935 2936 2937/*-------------------------------------------------------------------------*/ 2938 2939static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2940{ 2941 struct usb_request *req = bh->outreq; 2942 struct bulk_cb_wrap *cbw = (struct bulk_cb_wrap *) req->buf; 2943 2944 /* Was this a real packet? */ 2945 if (req->status) 2946 return -EINVAL; 2947 2948 /* Is the CBW valid? */ 2949 if (req->actual != USB_BULK_CB_WRAP_LEN || 2950 cbw->Signature != __constant_cpu_to_le32( 2951 USB_BULK_CB_SIG)) { 2952 DBG(fsg, "invalid CBW: len %u sig 0x%x\n", 2953 req->actual, 2954 le32_to_cpu(cbw->Signature)); 2955 2956 /* The Bulk-only spec says we MUST stall the bulk pipes! 2957 * If we want to avoid stalls, set a flag so that we will 2958 * clear the endpoint halts at the next reset. */ 2959 if (!mod_data.can_stall) 2960 set_bit(CLEAR_BULK_HALTS, &fsg->atomic_bitflags); 2961 fsg_set_halt(fsg, fsg->bulk_out); 2962 halt_bulk_in_endpoint(fsg); 2963 return -EINVAL; 2964 } 2965 2966 /* Is the CBW meaningful? */ 2967 if (cbw->Lun >= MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG || 2968 cbw->Length < 6 || cbw->Length > MAX_COMMAND_SIZE) { 2969 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, " 2970 "cmdlen %u\n", 2971 cbw->Lun, cbw->Flags, cbw->Length); 2972 2973 /* We can do anything we want here, so let's stall the 2974 * bulk pipes if we are allowed to. */ 2975 if (mod_data.can_stall) { 2976 fsg_set_halt(fsg, fsg->bulk_out); 2977 halt_bulk_in_endpoint(fsg); 2978 } 2979 return -EINVAL; 2980 } 2981 2982 /* Save the command for later */ 2983 fsg->cmnd_size = cbw->Length; 2984 memcpy(fsg->cmnd, cbw->CDB, fsg->cmnd_size); 2985 if (cbw->Flags & USB_BULK_IN_FLAG) 2986 fsg->data_dir = DATA_DIR_TO_HOST; 2987 else 2988 fsg->data_dir = DATA_DIR_FROM_HOST; 2989 fsg->data_size = le32_to_cpu(cbw->DataTransferLength); 2990 if (fsg->data_size == 0) 2991 fsg->data_dir = DATA_DIR_NONE; 2992 fsg->lun = cbw->Lun; 2993 fsg->tag = cbw->Tag; 2994 return 0; 2995} 2996 2997 2998static int get_next_command(struct fsg_dev *fsg) 2999{ 3000 struct fsg_buffhd *bh; 3001 int rc = 0; 3002 3003 if (transport_is_bbb()) { 3004 3005 /* Wait for the next buffer to become available */ 3006 bh = fsg->next_buffhd_to_fill; 3007 while (bh->state != BUF_STATE_EMPTY) { 3008 if ((rc = sleep_thread(fsg)) != 0) 3009 return rc; 3010 } 3011 3012 /* Queue a request to read a Bulk-only CBW */ 3013 set_bulk_out_req_length(fsg, bh, USB_BULK_CB_WRAP_LEN); 3014 start_transfer(fsg, fsg->bulk_out, bh->outreq, 3015 &bh->outreq_busy, &bh->state); 3016 3017 /* We will drain the buffer in software, which means we 3018 * can reuse it for the next filling. No need to advance 3019 * next_buffhd_to_fill. */ 3020 3021 /* Wait for the CBW to arrive */ 3022 while (bh->state != BUF_STATE_FULL) { 3023 if ((rc = sleep_thread(fsg)) != 0) 3024 return rc; 3025 } 3026 rc = received_cbw(fsg, bh); 3027 bh->state = BUF_STATE_EMPTY; 3028 3029 } else { // USB_PR_CB or USB_PR_CBI 3030 3031 /* Wait for the next command to arrive */ 3032 while (fsg->cbbuf_cmnd_size == 0) { 3033 if ((rc = sleep_thread(fsg)) != 0) 3034 return rc; 3035 } 3036 3037 /* Is the previous status interrupt request still busy? 3038 * The host is allowed to skip reading the status, 3039 * so we must cancel it. */ 3040 if (fsg->intreq_busy) 3041 usb_ep_dequeue(fsg->intr_in, fsg->intreq); 3042 3043 /* Copy the command and mark the buffer empty */ 3044 fsg->data_dir = DATA_DIR_UNKNOWN; 3045 spin_lock_irq(&fsg->lock); 3046 fsg->cmnd_size = fsg->cbbuf_cmnd_size; 3047 memcpy(fsg->cmnd, fsg->cbbuf_cmnd, fsg->cmnd_size); 3048 fsg->cbbuf_cmnd_size = 0; 3049 spin_unlock_irq(&fsg->lock); 3050 } 3051 return rc; 3052} 3053 3054 3055/*-------------------------------------------------------------------------*/ 3056 3057static int enable_endpoint(struct fsg_dev *fsg, struct usb_ep *ep, 3058 const struct usb_endpoint_descriptor *d) 3059{ 3060 int rc; 3061 3062 ep->driver_data = fsg; 3063 rc = usb_ep_enable(ep, d); 3064 if (rc) 3065 ERROR(fsg, "can't enable %s, result %d\n", ep->name, rc); 3066 return rc; 3067} 3068 3069static int alloc_request(struct fsg_dev *fsg, struct usb_ep *ep, 3070 struct usb_request **preq) 3071{ 3072 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC); 3073 if (*preq) 3074 return 0; 3075 ERROR(fsg, "can't allocate request for %s\n", ep->name); 3076 return -ENOMEM; 3077} 3078 3079/* 3080 * Reset interface setting and re-init endpoint state (toggle etc). 3081 * Call with altsetting < 0 to disable the interface. The only other 3082 * available altsetting is 0, which enables the interface. 3083 */ 3084static int do_set_interface(struct fsg_dev *fsg, int altsetting) 3085{ 3086 int rc = 0; 3087 int i; 3088 const struct usb_endpoint_descriptor *d; 3089 3090 if (fsg->running) 3091 DBG(fsg, "reset interface\n"); 3092 3093reset: 3094 /* Deallocate the requests */ 3095 for (i = 0; i < NUM_BUFFERS; ++i) { 3096 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3097 3098 if (bh->inreq) { 3099 usb_ep_free_request(fsg->bulk_in, bh->inreq); 3100 bh->inreq = NULL; 3101 } 3102 if (bh->outreq) { 3103 usb_ep_free_request(fsg->bulk_out, bh->outreq); 3104 bh->outreq = NULL; 3105 } 3106 } 3107 if (fsg->intreq) { 3108 usb_ep_free_request(fsg->intr_in, fsg->intreq); 3109 fsg->intreq = NULL; 3110 } 3111 3112 /* Disable the endpoints */ 3113 if (fsg->bulk_in_enabled) { 3114 usb_ep_disable(fsg->bulk_in); 3115 fsg->bulk_in_enabled = 0; 3116 } 3117 if (fsg->bulk_out_enabled) { 3118 usb_ep_disable(fsg->bulk_out); 3119 fsg->bulk_out_enabled = 0; 3120 } 3121 if (fsg->intr_in_enabled) { 3122 usb_ep_disable(fsg->intr_in); 3123 fsg->intr_in_enabled = 0; 3124 } 3125 3126 fsg->running = 0; 3127 if (altsetting < 0 || rc != 0) 3128 return rc; 3129 3130 DBG(fsg, "set interface %d\n", altsetting); 3131 3132 /* Enable the endpoints */ 3133 d = ep_desc(fsg->gadget, &fs_bulk_in_desc, &hs_bulk_in_desc); 3134 if ((rc = enable_endpoint(fsg, fsg->bulk_in, d)) != 0) 3135 goto reset; 3136 fsg->bulk_in_enabled = 1; 3137 3138 d = ep_desc(fsg->gadget, &fs_bulk_out_desc, &hs_bulk_out_desc); 3139 if ((rc = enable_endpoint(fsg, fsg->bulk_out, d)) != 0) 3140 goto reset; 3141 fsg->bulk_out_enabled = 1; 3142 fsg->bulk_out_maxpacket = le16_to_cpu(d->wMaxPacketSize); 3143 3144 if (transport_is_cbi()) { 3145 d = ep_desc(fsg->gadget, &fs_intr_in_desc, &hs_intr_in_desc); 3146 if ((rc = enable_endpoint(fsg, fsg->intr_in, d)) != 0) 3147 goto reset; 3148 fsg->intr_in_enabled = 1; 3149 } 3150 3151 /* Allocate the requests */ 3152 for (i = 0; i < NUM_BUFFERS; ++i) { 3153 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3154 3155 if ((rc = alloc_request(fsg, fsg->bulk_in, &bh->inreq)) != 0) 3156 goto reset; 3157 if ((rc = alloc_request(fsg, fsg->bulk_out, &bh->outreq)) != 0) 3158 goto reset; 3159 bh->inreq->buf = bh->outreq->buf = bh->buf; 3160 bh->inreq->dma = bh->outreq->dma = bh->dma; 3161 bh->inreq->context = bh->outreq->context = bh; 3162 bh->inreq->complete = bulk_in_complete; 3163 bh->outreq->complete = bulk_out_complete; 3164 } 3165 if (transport_is_cbi()) { 3166 if ((rc = alloc_request(fsg, fsg->intr_in, &fsg->intreq)) != 0) 3167 goto reset; 3168 fsg->intreq->complete = intr_in_complete; 3169 } 3170 3171 fsg->running = 1; 3172 for (i = 0; i < fsg->nluns; ++i) 3173 fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED; 3174 return rc; 3175} 3176 3177 3178/* 3179 * Change our operational configuration. This code must agree with the code 3180 * that returns config descriptors, and with interface altsetting code. 3181 * 3182 * It's also responsible for power management interactions. Some 3183 * configurations might not work with our current power sources. 3184 * For now we just assume the gadget is always self-powered. 3185 */ 3186static int do_set_config(struct fsg_dev *fsg, u8 new_config) 3187{ 3188 int rc = 0; 3189 3190 /* Disable the single interface */ 3191 if (fsg->config != 0) { 3192 DBG(fsg, "reset config\n"); 3193 fsg->config = 0; 3194 rc = do_set_interface(fsg, -1); 3195 } 3196 3197 /* Enable the interface */ 3198 if (new_config != 0) { 3199 fsg->config = new_config; 3200 if ((rc = do_set_interface(fsg, 0)) != 0) 3201 fsg->config = 0; // Reset on errors 3202 else { 3203 char *speed; 3204 3205 switch (fsg->gadget->speed) { 3206 case USB_SPEED_LOW: speed = "low"; break; 3207 case USB_SPEED_FULL: speed = "full"; break; 3208 case USB_SPEED_HIGH: speed = "high"; break; 3209 default: speed = "?"; break; 3210 } 3211 INFO(fsg, "%s speed config #%d\n", speed, fsg->config); 3212 } 3213 } 3214 return rc; 3215} 3216 3217 3218/*-------------------------------------------------------------------------*/ 3219 3220static void handle_exception(struct fsg_dev *fsg) 3221{ 3222 siginfo_t info; 3223 int sig; 3224 int i; 3225 int num_active; 3226 struct fsg_buffhd *bh; 3227 enum fsg_state old_state; 3228 u8 new_config; 3229 struct lun *curlun; 3230 unsigned int exception_req_tag; 3231 int rc; 3232 3233 /* Clear the existing signals. Anything but SIGUSR1 is converted 3234 * into a high-priority EXIT exception. */ 3235 for (;;) { 3236 sig = dequeue_signal_lock(current, &fsg->thread_signal_mask, 3237 &info); 3238 if (!sig) 3239 break; 3240 if (sig != SIGUSR1) { 3241 if (fsg->state < FSG_STATE_EXIT) 3242 DBG(fsg, "Main thread exiting on signal\n"); 3243 raise_exception(fsg, FSG_STATE_EXIT); 3244 } 3245 } 3246 3247 /* Cancel all the pending transfers */ 3248 if (fsg->intreq_busy) 3249 usb_ep_dequeue(fsg->intr_in, fsg->intreq); 3250 for (i = 0; i < NUM_BUFFERS; ++i) { 3251 bh = &fsg->buffhds[i]; 3252 if (bh->inreq_busy) 3253 usb_ep_dequeue(fsg->bulk_in, bh->inreq); 3254 if (bh->outreq_busy) 3255 usb_ep_dequeue(fsg->bulk_out, bh->outreq); 3256 } 3257 3258 /* Wait until everything is idle */ 3259 for (;;) { 3260 num_active = fsg->intreq_busy; 3261 for (i = 0; i < NUM_BUFFERS; ++i) { 3262 bh = &fsg->buffhds[i]; 3263 num_active += bh->inreq_busy + bh->outreq_busy; 3264 } 3265 if (num_active == 0) 3266 break; 3267 if (sleep_thread(fsg)) 3268 return; 3269 } 3270 3271 /* Clear out the controller's fifos */ 3272 if (fsg->bulk_in_enabled) 3273 usb_ep_fifo_flush(fsg->bulk_in); 3274 if (fsg->bulk_out_enabled) 3275 usb_ep_fifo_flush(fsg->bulk_out); 3276 if (fsg->intr_in_enabled) 3277 usb_ep_fifo_flush(fsg->intr_in); 3278 3279 /* Reset the I/O buffer states and pointers, the SCSI 3280 * state, and the exception. Then invoke the handler. */ 3281 spin_lock_irq(&fsg->lock); 3282 3283 for (i = 0; i < NUM_BUFFERS; ++i) { 3284 bh = &fsg->buffhds[i]; 3285 bh->state = BUF_STATE_EMPTY; 3286 } 3287 fsg->next_buffhd_to_fill = fsg->next_buffhd_to_drain = 3288 &fsg->buffhds[0]; 3289 3290 exception_req_tag = fsg->exception_req_tag; 3291 new_config = fsg->new_config; 3292 old_state = fsg->state; 3293 3294 if (old_state == FSG_STATE_ABORT_BULK_OUT) 3295 fsg->state = FSG_STATE_STATUS_PHASE; 3296 else { 3297 for (i = 0; i < fsg->nluns; ++i) { 3298 curlun = &fsg->luns[i]; 3299 curlun->prevent_medium_removal = 0; 3300 curlun->sense_data = curlun->unit_attention_data = 3301 SS_NO_SENSE; 3302 curlun->sense_data_info = 0; 3303 } 3304 fsg->state = FSG_STATE_IDLE; 3305 } 3306 spin_unlock_irq(&fsg->lock); 3307 3308 /* Carry out any extra actions required for the exception */ 3309 switch (old_state) { 3310 default: 3311 break; 3312 3313 case FSG_STATE_ABORT_BULK_OUT: 3314 send_status(fsg); 3315 spin_lock_irq(&fsg->lock); 3316 if (fsg->state == FSG_STATE_STATUS_PHASE) 3317 fsg->state = FSG_STATE_IDLE; 3318 spin_unlock_irq(&fsg->lock); 3319 break; 3320 3321 case FSG_STATE_RESET: 3322 /* In case we were forced against our will to halt a 3323 * bulk endpoint, clear the halt now. (The SuperH UDC 3324 * requires this.) */ 3325 if (test_and_clear_bit(CLEAR_BULK_HALTS, 3326 &fsg->atomic_bitflags)) { 3327 usb_ep_clear_halt(fsg->bulk_in); 3328 usb_ep_clear_halt(fsg->bulk_out); 3329 } 3330 3331 if (transport_is_bbb()) { 3332 if (fsg->ep0_req_tag == exception_req_tag) 3333 ep0_queue(fsg); // Complete the status stage 3334 3335 } else if (transport_is_cbi()) 3336 send_status(fsg); // Status by interrupt pipe 3337 3338 /* Technically this should go here, but it would only be 3339 * a waste of time. Ditto for the INTERFACE_CHANGE and 3340 * CONFIG_CHANGE cases. */ 3341 // for (i = 0; i < fsg->nluns; ++i) 3342 // fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED; 3343 break; 3344 3345 case FSG_STATE_INTERFACE_CHANGE: 3346 rc = do_set_interface(fsg, 0); 3347 if (fsg->ep0_req_tag != exception_req_tag) 3348 break; 3349 if (rc != 0) // STALL on errors 3350 fsg_set_halt(fsg, fsg->ep0); 3351 else // Complete the status stage 3352 ep0_queue(fsg); 3353 break; 3354 3355 case FSG_STATE_CONFIG_CHANGE: 3356 rc = do_set_config(fsg, new_config); 3357 if (fsg->ep0_req_tag != exception_req_tag) 3358 break; 3359 if (rc != 0) // STALL on errors 3360 fsg_set_halt(fsg, fsg->ep0); 3361 else // Complete the status stage 3362 ep0_queue(fsg); 3363 break; 3364 3365 case FSG_STATE_DISCONNECT: 3366 fsync_all(fsg); 3367 do_set_config(fsg, 0); // Unconfigured state 3368 break; 3369 3370 case FSG_STATE_EXIT: 3371 case FSG_STATE_TERMINATED: 3372 do_set_config(fsg, 0); // Free resources 3373 spin_lock_irq(&fsg->lock); 3374 fsg->state = FSG_STATE_TERMINATED; // Stop the thread 3375 spin_unlock_irq(&fsg->lock); 3376 break; 3377 } 3378} 3379 3380 3381/*-------------------------------------------------------------------------*/ 3382 3383static int fsg_main_thread(void *fsg_) 3384{ 3385 struct fsg_dev *fsg = (struct fsg_dev *) fsg_; 3386 3387 fsg->thread_task = current; 3388 3389 /* Release all our userspace resources */ 3390 daemonize("file-storage-gadget"); 3391 3392 /* Allow the thread to be killed by a signal, but set the signal mask 3393 * to block everything but INT, TERM, KILL, and USR1. */ 3394 siginitsetinv(&fsg->thread_signal_mask, sigmask(SIGINT) | 3395 sigmask(SIGTERM) | sigmask(SIGKILL) | 3396 sigmask(SIGUSR1)); 3397 sigprocmask(SIG_SETMASK, &fsg->thread_signal_mask, NULL); 3398 3399 /* Arrange for userspace references to be interpreted as kernel 3400 * pointers. That way we can pass a kernel pointer to a routine 3401 * that expects a __user pointer and it will work okay. */ 3402 set_fs(get_ds()); 3403 3404 /* Wait for the gadget registration to finish up */ 3405 wait_for_completion(&fsg->thread_notifier); 3406 3407 /* The main loop */ 3408 while (fsg->state != FSG_STATE_TERMINATED) { 3409 if (exception_in_progress(fsg) || signal_pending(current)) { 3410 handle_exception(fsg); 3411 continue; 3412 } 3413 3414 if (!fsg->running) { 3415 sleep_thread(fsg); 3416 continue; 3417 } 3418 3419 if (get_next_command(fsg)) 3420 continue; 3421 3422 spin_lock_irq(&fsg->lock); 3423 if (!exception_in_progress(fsg)) 3424 fsg->state = FSG_STATE_DATA_PHASE; 3425 spin_unlock_irq(&fsg->lock); 3426 3427 if (do_scsi_command(fsg) || finish_reply(fsg)) 3428 continue; 3429 3430 spin_lock_irq(&fsg->lock); 3431 if (!exception_in_progress(fsg)) 3432 fsg->state = FSG_STATE_STATUS_PHASE; 3433 spin_unlock_irq(&fsg->lock); 3434 3435 if (send_status(fsg)) 3436 continue; 3437 3438 spin_lock_irq(&fsg->lock); 3439 if (!exception_in_progress(fsg)) 3440 fsg->state = FSG_STATE_IDLE; 3441 spin_unlock_irq(&fsg->lock); 3442 } 3443 3444 fsg->thread_task = NULL; 3445 flush_signals(current); 3446 3447 /* In case we are exiting because of a signal, unregister the 3448 * gadget driver and close the backing file. */ 3449 if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags)) { 3450 usb_gadget_unregister_driver(&fsg_driver); 3451 close_all_backing_files(fsg); 3452 } 3453 3454 /* Let the unbind and cleanup routines know the thread has exited */ 3455 complete_and_exit(&fsg->thread_notifier, 0); 3456} 3457 3458 3459/*-------------------------------------------------------------------------*/ 3460 3461/* If the next two routines are called while the gadget is registered, 3462 * the caller must own fsg->filesem for writing. */ 3463 3464static int open_backing_file(struct lun *curlun, const char *filename) 3465{ 3466 int ro; 3467 struct file *filp = NULL; 3468 int rc = -EINVAL; 3469 struct inode *inode = NULL; 3470 loff_t size; 3471 loff_t num_sectors; 3472 3473 /* R/W if we can, R/O if we must */ 3474 ro = curlun->ro; 3475 if (!ro) { 3476 filp = filp_open(filename, O_RDWR | O_LARGEFILE, 0); 3477 if (-EROFS == PTR_ERR(filp)) 3478 ro = 1; 3479 } 3480 if (ro) 3481 filp = filp_open(filename, O_RDONLY | O_LARGEFILE, 0); 3482 if (IS_ERR(filp)) { 3483 LINFO(curlun, "unable to open backing file: %s\n", filename); 3484 return PTR_ERR(filp); 3485 } 3486 3487 if (!(filp->f_mode & FMODE_WRITE)) 3488 ro = 1; 3489 3490 if (filp->f_dentry) 3491 inode = filp->f_dentry->d_inode; 3492 if (inode && S_ISBLK(inode->i_mode)) { 3493 if (bdev_read_only(inode->i_bdev)) 3494 ro = 1; 3495 } else if (!inode || !S_ISREG(inode->i_mode)) { 3496 LINFO(curlun, "invalid file type: %s\n", filename); 3497 goto out; 3498 } 3499 3500 /* If we can't read the file, it's no good. 3501 * If we can't write the file, use it read-only. */ 3502 if (!filp->f_op || !(filp->f_op->read || filp->f_op->aio_read)) { 3503 LINFO(curlun, "file not readable: %s\n", filename); 3504 goto out; 3505 } 3506 if (!(filp->f_op->write || filp->f_op->aio_write)) 3507 ro = 1; 3508 3509 size = i_size_read(inode->i_mapping->host); 3510 if (size < 0) { 3511 LINFO(curlun, "unable to find file size: %s\n", filename); 3512 rc = (int) size; 3513 goto out; 3514 } 3515 num_sectors = size >> 9; // File size in 512-byte sectors 3516 if (num_sectors == 0) { 3517 LINFO(curlun, "file too small: %s\n", filename); 3518 rc = -ETOOSMALL; 3519 goto out; 3520 } 3521 3522 get_file(filp); 3523 curlun->ro = ro; 3524 curlun->filp = filp; 3525 curlun->file_length = size; 3526 curlun->num_sectors = num_sectors; 3527 LDBG(curlun, "open backing file: %s\n", filename); 3528 rc = 0; 3529 3530out: 3531 filp_close(filp, current->files); 3532 return rc; 3533} 3534 3535 3536static void close_backing_file(struct lun *curlun) 3537{ 3538 if (curlun->filp) { 3539 LDBG(curlun, "close backing file\n"); 3540 fput(curlun->filp); 3541 curlun->filp = NULL; 3542 } 3543} 3544 3545static void close_all_backing_files(struct fsg_dev *fsg) 3546{ 3547 int i; 3548 3549 for (i = 0; i < fsg->nluns; ++i) 3550 close_backing_file(&fsg->luns[i]); 3551} 3552 3553 3554static ssize_t show_ro(struct device *dev, struct device_attribute *attr, char *buf) 3555{ 3556 struct lun *curlun = dev_to_lun(dev); 3557 3558 return sprintf(buf, "%d\n", curlun->ro); 3559} 3560 3561static ssize_t show_file(struct device *dev, struct device_attribute *attr, char *buf) 3562{ 3563 struct lun *curlun = dev_to_lun(dev); 3564 struct fsg_dev *fsg = (struct fsg_dev *) dev_get_drvdata(dev); 3565 char *p; 3566 ssize_t rc; 3567 3568 down_read(&fsg->filesem); 3569 if (backing_file_is_open(curlun)) { // Get the complete pathname 3570 p = d_path(curlun->filp->f_dentry, curlun->filp->f_vfsmnt, 3571 buf, PAGE_SIZE - 1); 3572 if (IS_ERR(p)) 3573 rc = PTR_ERR(p); 3574 else { 3575 rc = strlen(p); 3576 memmove(buf, p, rc); 3577 buf[rc] = '\n'; // Add a newline 3578 buf[++rc] = 0; 3579 } 3580 } else { // No file, return 0 bytes 3581 *buf = 0; 3582 rc = 0; 3583 } 3584 up_read(&fsg->filesem); 3585 return rc; 3586} 3587 3588 3589static ssize_t store_ro(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 3590{ 3591 ssize_t rc = count; 3592 struct lun *curlun = dev_to_lun(dev); 3593 struct fsg_dev *fsg = (struct fsg_dev *) dev_get_drvdata(dev); 3594 int i; 3595 3596 if (sscanf(buf, "%d", &i) != 1) 3597 return -EINVAL; 3598 3599 /* Allow the write-enable status to change only while the backing file 3600 * is closed. */ 3601 down_read(&fsg->filesem); 3602 if (backing_file_is_open(curlun)) { 3603 LDBG(curlun, "read-only status change prevented\n"); 3604 rc = -EBUSY; 3605 } else { 3606 curlun->ro = !!i; 3607 LDBG(curlun, "read-only status set to %d\n", curlun->ro); 3608 } 3609 up_read(&fsg->filesem); 3610 return rc; 3611} 3612 3613static ssize_t store_file(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 3614{ 3615 struct lun *curlun = dev_to_lun(dev); 3616 struct fsg_dev *fsg = (struct fsg_dev *) dev_get_drvdata(dev); 3617 int rc = 0; 3618 3619 if (curlun->prevent_medium_removal && backing_file_is_open(curlun)) { 3620 LDBG(curlun, "eject attempt prevented\n"); 3621 return -EBUSY; // "Door is locked" 3622 } 3623 3624 /* Remove a trailing newline */ 3625 if (count > 0 && buf[count-1] == '\n') 3626 ((char *) buf)[count-1] = 0; // Ugh! 3627 3628 /* Eject current medium */ 3629 down_write(&fsg->filesem); 3630 if (backing_file_is_open(curlun)) { 3631 close_backing_file(curlun); 3632 curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT; 3633 } 3634 3635 /* Load new medium */ 3636 if (count > 0 && buf[0]) { 3637 rc = open_backing_file(curlun, buf); 3638 if (rc == 0) 3639 curlun->unit_attention_data = 3640 SS_NOT_READY_TO_READY_TRANSITION; 3641 } 3642 up_write(&fsg->filesem); 3643 return (rc < 0 ? rc : count); 3644} 3645 3646 3647/* The write permissions and store_xxx pointers are set in fsg_bind() */ 3648static DEVICE_ATTR(ro, 0444, show_ro, NULL); 3649static DEVICE_ATTR(file, 0444, show_file, NULL); 3650 3651 3652/*-------------------------------------------------------------------------*/ 3653 3654static void lun_release(struct device *dev) 3655{ 3656 struct fsg_dev *fsg = (struct fsg_dev *) dev_get_drvdata(dev); 3657 3658 complete(&fsg->lun_released); 3659} 3660 3661static void fsg_unbind(struct usb_gadget *gadget) 3662{ 3663 struct fsg_dev *fsg = get_gadget_data(gadget); 3664 int i; 3665 struct lun *curlun; 3666 struct usb_request *req = fsg->ep0req; 3667 3668 DBG(fsg, "unbind\n"); 3669 clear_bit(REGISTERED, &fsg->atomic_bitflags); 3670 3671 /* Unregister the sysfs attribute files and the LUNs */ 3672 init_completion(&fsg->lun_released); 3673 for (i = 0; i < fsg->nluns; ++i) { 3674 curlun = &fsg->luns[i]; 3675 if (curlun->registered) { 3676 device_remove_file(&curlun->dev, &dev_attr_ro); 3677 device_remove_file(&curlun->dev, &dev_attr_file); 3678 device_unregister(&curlun->dev); 3679 wait_for_completion(&fsg->lun_released); 3680 curlun->registered = 0; 3681 } 3682 } 3683 3684 /* If the thread isn't already dead, tell it to exit now */ 3685 if (fsg->state != FSG_STATE_TERMINATED) { 3686 raise_exception(fsg, FSG_STATE_EXIT); 3687 wait_for_completion(&fsg->thread_notifier); 3688 3689 /* The cleanup routine waits for this completion also */ 3690 complete(&fsg->thread_notifier); 3691 } 3692 3693 /* Free the data buffers */ 3694 for (i = 0; i < NUM_BUFFERS; ++i) { 3695 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3696 3697 if (bh->buf) 3698 usb_ep_free_buffer(fsg->bulk_in, bh->buf, bh->dma, 3699 mod_data.buflen); 3700 } 3701 3702 /* Free the request and buffer for endpoint 0 */ 3703 if (req) { 3704 if (req->buf) 3705 usb_ep_free_buffer(fsg->ep0, req->buf, 3706 req->dma, EP0_BUFSIZE); 3707 usb_ep_free_request(fsg->ep0, req); 3708 } 3709 3710 set_gadget_data(gadget, NULL); 3711} 3712 3713 3714static int __init check_parameters(struct fsg_dev *fsg) 3715{ 3716 int prot; 3717 3718 /* Store the default values */ 3719 mod_data.transport_type = USB_PR_BULK; 3720 mod_data.transport_name = "Bulk-only"; 3721 mod_data.protocol_type = USB_SC_SCSI; 3722 mod_data.protocol_name = "Transparent SCSI"; 3723 3724 if (gadget_is_sh(fsg->gadget)) 3725 mod_data.can_stall = 0; 3726 3727 if (mod_data.release == 0xffff) { // Parameter wasn't set 3728 if (gadget_is_net2280(fsg->gadget)) 3729 mod_data.release = 0x0301; 3730 else if (gadget_is_dummy(fsg->gadget)) 3731 mod_data.release = 0x0302; 3732 else if (gadget_is_pxa(fsg->gadget)) 3733 mod_data.release = 0x0303; 3734 else if (gadget_is_sh(fsg->gadget)) 3735 mod_data.release = 0x0304; 3736 3737 /* The sa1100 controller is not supported */ 3738 3739 else if (gadget_is_goku(fsg->gadget)) 3740 mod_data.release = 0x0306; 3741 else if (gadget_is_mq11xx(fsg->gadget)) 3742 mod_data.release = 0x0307; 3743 else if (gadget_is_omap(fsg->gadget)) 3744 mod_data.release = 0x0308; 3745 else if (gadget_is_lh7a40x(fsg->gadget)) 3746 mod_data.release = 0x0309; 3747 else if (gadget_is_n9604(fsg->gadget)) 3748 mod_data.release = 0x0310; 3749 else if (gadget_is_pxa27x(fsg->gadget)) 3750 mod_data.release = 0x0311; 3751 else if (gadget_is_s3c2410(gadget)) 3752 mod_data.release = 0x0312; 3753 else if (gadget_is_at91(fsg->gadget)) 3754 mod_data.release = 0x0313; 3755 else { 3756 WARN(fsg, "controller '%s' not recognized\n", 3757 fsg->gadget->name); 3758 mod_data.release = 0x0399; 3759 } 3760 } 3761 3762 prot = simple_strtol(mod_data.protocol_parm, NULL, 0); 3763 3764#ifdef CONFIG_USB_FILE_STORAGE_TEST 3765 if (strnicmp(mod_data.transport_parm, "BBB", 10) == 0) { 3766 ; // Use default setting 3767 } else if (strnicmp(mod_data.transport_parm, "CB", 10) == 0) { 3768 mod_data.transport_type = USB_PR_CB; 3769 mod_data.transport_name = "Control-Bulk"; 3770 } else if (strnicmp(mod_data.transport_parm, "CBI", 10) == 0) { 3771 mod_data.transport_type = USB_PR_CBI; 3772 mod_data.transport_name = "Control-Bulk-Interrupt"; 3773 } else { 3774 ERROR(fsg, "invalid transport: %s\n", mod_data.transport_parm); 3775 return -EINVAL; 3776 } 3777 3778 if (strnicmp(mod_data.protocol_parm, "SCSI", 10) == 0 || 3779 prot == USB_SC_SCSI) { 3780 ; // Use default setting 3781 } else if (strnicmp(mod_data.protocol_parm, "RBC", 10) == 0 || 3782 prot == USB_SC_RBC) { 3783 mod_data.protocol_type = USB_SC_RBC; 3784 mod_data.protocol_name = "RBC"; 3785 } else if (strnicmp(mod_data.protocol_parm, "8020", 4) == 0 || 3786 strnicmp(mod_data.protocol_parm, "ATAPI", 10) == 0 || 3787 prot == USB_SC_8020) { 3788 mod_data.protocol_type = USB_SC_8020; 3789 mod_data.protocol_name = "8020i (ATAPI)"; 3790 } else if (strnicmp(mod_data.protocol_parm, "QIC", 3) == 0 || 3791 prot == USB_SC_QIC) { 3792 mod_data.protocol_type = USB_SC_QIC; 3793 mod_data.protocol_name = "QIC-157"; 3794 } else if (strnicmp(mod_data.protocol_parm, "UFI", 10) == 0 || 3795 prot == USB_SC_UFI) { 3796 mod_data.protocol_type = USB_SC_UFI; 3797 mod_data.protocol_name = "UFI"; 3798 } else if (strnicmp(mod_data.protocol_parm, "8070", 4) == 0 || 3799 prot == USB_SC_8070) { 3800 mod_data.protocol_type = USB_SC_8070; 3801 mod_data.protocol_name = "8070i"; 3802 } else { 3803 ERROR(fsg, "invalid protocol: %s\n", mod_data.protocol_parm); 3804 return -EINVAL; 3805 } 3806 3807 mod_data.buflen &= PAGE_CACHE_MASK; 3808 if (mod_data.buflen <= 0) { 3809 ERROR(fsg, "invalid buflen\n"); 3810 return -ETOOSMALL; 3811 } 3812#endif /* CONFIG_USB_FILE_STORAGE_TEST */ 3813 3814 return 0; 3815} 3816 3817 3818static int __init fsg_bind(struct usb_gadget *gadget) 3819{ 3820 struct fsg_dev *fsg = the_fsg; 3821 int rc; 3822 int i; 3823 struct lun *curlun; 3824 struct usb_ep *ep; 3825 struct usb_request *req; 3826 char *pathbuf, *p; 3827 3828 fsg->gadget = gadget; 3829 set_gadget_data(gadget, fsg); 3830 fsg->ep0 = gadget->ep0; 3831 fsg->ep0->driver_data = fsg; 3832 3833 if ((rc = check_parameters(fsg)) != 0) 3834 goto out; 3835 3836 if (mod_data.removable) { // Enable the store_xxx attributes 3837 dev_attr_ro.attr.mode = dev_attr_file.attr.mode = 0644; 3838 dev_attr_ro.store = store_ro; 3839 dev_attr_file.store = store_file; 3840 } 3841 3842 /* Find out how many LUNs there should be */ 3843 i = mod_data.nluns; 3844 if (i == 0) 3845 i = max(mod_data.num_filenames, 1); 3846 if (i > MAX_LUNS) { 3847 ERROR(fsg, "invalid number of LUNs: %d\n", i); 3848 rc = -EINVAL; 3849 goto out; 3850 } 3851 3852 /* Create the LUNs, open their backing files, and register the 3853 * LUN devices in sysfs. */ 3854 fsg->luns = kmalloc(i * sizeof(struct lun), GFP_KERNEL); 3855 if (!fsg->luns) { 3856 rc = -ENOMEM; 3857 goto out; 3858 } 3859 memset(fsg->luns, 0, i * sizeof(struct lun)); 3860 fsg->nluns = i; 3861 3862 for (i = 0; i < fsg->nluns; ++i) { 3863 curlun = &fsg->luns[i]; 3864 curlun->ro = ro[i]; 3865 curlun->dev.parent = &gadget->dev; 3866 curlun->dev.driver = &fsg_driver.driver; 3867 dev_set_drvdata(&curlun->dev, fsg); 3868 snprintf(curlun->dev.bus_id, BUS_ID_SIZE, 3869 "%s-lun%d", gadget->dev.bus_id, i); 3870 3871 if ((rc = device_register(&curlun->dev)) != 0) 3872 INFO(fsg, "failed to register LUN%d: %d\n", i, rc); 3873 else { 3874 curlun->registered = 1; 3875 curlun->dev.release = lun_release; 3876 device_create_file(&curlun->dev, &dev_attr_ro); 3877 device_create_file(&curlun->dev, &dev_attr_file); 3878 } 3879 3880 if (file[i] && *file[i]) { 3881 if ((rc = open_backing_file(curlun, file[i])) != 0) 3882 goto out; 3883 } else if (!mod_data.removable) { 3884 ERROR(fsg, "no file given for LUN%d\n", i); 3885 rc = -EINVAL; 3886 goto out; 3887 } 3888 } 3889 3890 /* Find all the endpoints we will use */ 3891 usb_ep_autoconfig_reset(gadget); 3892 ep = usb_ep_autoconfig(gadget, &fs_bulk_in_desc); 3893 if (!ep) 3894 goto autoconf_fail; 3895 ep->driver_data = fsg; // claim the endpoint 3896 fsg->bulk_in = ep; 3897 3898 ep = usb_ep_autoconfig(gadget, &fs_bulk_out_desc); 3899 if (!ep) 3900 goto autoconf_fail; 3901 ep->driver_data = fsg; // claim the endpoint 3902 fsg->bulk_out = ep; 3903 3904 if (transport_is_cbi()) { 3905 ep = usb_ep_autoconfig(gadget, &fs_intr_in_desc); 3906 if (!ep) 3907 goto autoconf_fail; 3908 ep->driver_data = fsg; // claim the endpoint 3909 fsg->intr_in = ep; 3910 } 3911 3912 /* Fix up the descriptors */ 3913 device_desc.bMaxPacketSize0 = fsg->ep0->maxpacket; 3914 device_desc.idVendor = cpu_to_le16(mod_data.vendor); 3915 device_desc.idProduct = cpu_to_le16(mod_data.product); 3916 device_desc.bcdDevice = cpu_to_le16(mod_data.release); 3917 3918 i = (transport_is_cbi() ? 3 : 2); // Number of endpoints 3919 intf_desc.bNumEndpoints = i; 3920 intf_desc.bInterfaceSubClass = mod_data.protocol_type; 3921 intf_desc.bInterfaceProtocol = mod_data.transport_type; 3922 fs_function[i + FS_FUNCTION_PRE_EP_ENTRIES] = NULL; 3923 3924#ifdef CONFIG_USB_GADGET_DUALSPEED 3925 hs_function[i + HS_FUNCTION_PRE_EP_ENTRIES] = NULL; 3926 3927 /* Assume ep0 uses the same maxpacket value for both speeds */ 3928 dev_qualifier.bMaxPacketSize0 = fsg->ep0->maxpacket; 3929 3930 /* Assume that all endpoint addresses are the same for both speeds */ 3931 hs_bulk_in_desc.bEndpointAddress = fs_bulk_in_desc.bEndpointAddress; 3932 hs_bulk_out_desc.bEndpointAddress = fs_bulk_out_desc.bEndpointAddress; 3933 hs_intr_in_desc.bEndpointAddress = fs_intr_in_desc.bEndpointAddress; 3934#endif 3935 3936 if (gadget->is_otg) { 3937 otg_desc.bmAttributes |= USB_OTG_HNP, 3938 config_desc.bmAttributes |= USB_CONFIG_ATT_WAKEUP; 3939 } 3940 3941 rc = -ENOMEM; 3942 3943 /* Allocate the request and buffer for endpoint 0 */ 3944 fsg->ep0req = req = usb_ep_alloc_request(fsg->ep0, GFP_KERNEL); 3945 if (!req) 3946 goto out; 3947 req->buf = usb_ep_alloc_buffer(fsg->ep0, EP0_BUFSIZE, 3948 &req->dma, GFP_KERNEL); 3949 if (!req->buf) 3950 goto out; 3951 req->complete = ep0_complete; 3952 3953 /* Allocate the data buffers */ 3954 for (i = 0; i < NUM_BUFFERS; ++i) { 3955 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3956 3957 bh->buf = usb_ep_alloc_buffer(fsg->bulk_in, mod_data.buflen, 3958 &bh->dma, GFP_KERNEL); 3959 if (!bh->buf) 3960 goto out; 3961 bh->next = bh + 1; 3962 } 3963 fsg->buffhds[NUM_BUFFERS - 1].next = &fsg->buffhds[0]; 3964 3965 /* This should reflect the actual gadget power source */ 3966 usb_gadget_set_selfpowered(gadget); 3967 3968 snprintf(manufacturer, sizeof manufacturer, "%s %s with %s", 3969 system_utsname.sysname, system_utsname.release, 3970 gadget->name); 3971 3972 /* On a real device, serial[] would be loaded from permanent 3973 * storage. We just encode it from the driver version string. */ 3974 for (i = 0; i < sizeof(serial) - 2; i += 2) { 3975 unsigned char c = DRIVER_VERSION[i / 2]; 3976 3977 if (!c) 3978 break; 3979 sprintf(&serial[i], "%02X", c); 3980 } 3981 3982 if ((rc = kernel_thread(fsg_main_thread, fsg, (CLONE_VM | CLONE_FS | 3983 CLONE_FILES))) < 0) 3984 goto out; 3985 fsg->thread_pid = rc; 3986 3987 INFO(fsg, DRIVER_DESC ", version: " DRIVER_VERSION "\n"); 3988 INFO(fsg, "Number of LUNs=%d\n", fsg->nluns); 3989 3990 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); 3991 for (i = 0; i < fsg->nluns; ++i) { 3992 curlun = &fsg->luns[i]; 3993 if (backing_file_is_open(curlun)) { 3994 p = NULL; 3995 if (pathbuf) { 3996 p = d_path(curlun->filp->f_dentry, 3997 curlun->filp->f_vfsmnt, 3998 pathbuf, PATH_MAX); 3999 if (IS_ERR(p)) 4000 p = NULL; 4001 } 4002 LINFO(curlun, "ro=%d, file: %s\n", 4003 curlun->ro, (p ? p : "(error)")); 4004 } 4005 } 4006 kfree(pathbuf); 4007 4008 DBG(fsg, "transport=%s (x%02x)\n", 4009 mod_data.transport_name, mod_data.transport_type); 4010 DBG(fsg, "protocol=%s (x%02x)\n", 4011 mod_data.protocol_name, mod_data.protocol_type); 4012 DBG(fsg, "VendorID=x%04x, ProductID=x%04x, Release=x%04x\n", 4013 mod_data.vendor, mod_data.product, mod_data.release); 4014 DBG(fsg, "removable=%d, stall=%d, buflen=%u\n", 4015 mod_data.removable, mod_data.can_stall, 4016 mod_data.buflen); 4017 DBG(fsg, "I/O thread pid: %d\n", fsg->thread_pid); 4018 return 0; 4019 4020autoconf_fail: 4021 ERROR(fsg, "unable to autoconfigure all endpoints\n"); 4022 rc = -ENOTSUPP; 4023 4024out: 4025 fsg->state = FSG_STATE_TERMINATED; // The thread is dead 4026 fsg_unbind(gadget); 4027 close_all_backing_files(fsg); 4028 return rc; 4029} 4030 4031 4032/*-------------------------------------------------------------------------*/ 4033 4034static void fsg_suspend(struct usb_gadget *gadget) 4035{ 4036 struct fsg_dev *fsg = get_gadget_data(gadget); 4037 4038 DBG(fsg, "suspend\n"); 4039 set_bit(SUSPENDED, &fsg->atomic_bitflags); 4040} 4041 4042static void fsg_resume(struct usb_gadget *gadget) 4043{ 4044 struct fsg_dev *fsg = get_gadget_data(gadget); 4045 4046 DBG(fsg, "resume\n"); 4047 clear_bit(SUSPENDED, &fsg->atomic_bitflags); 4048} 4049 4050 4051/*-------------------------------------------------------------------------*/ 4052 4053static struct usb_gadget_driver fsg_driver = { 4054#ifdef CONFIG_USB_GADGET_DUALSPEED 4055 .speed = USB_SPEED_HIGH, 4056#else 4057 .speed = USB_SPEED_FULL, 4058#endif 4059 .function = (char *) longname, 4060 .bind = fsg_bind, 4061 .unbind = fsg_unbind, 4062 .disconnect = fsg_disconnect, 4063 .setup = fsg_setup, 4064 .suspend = fsg_suspend, 4065 .resume = fsg_resume, 4066 4067 .driver = { 4068 .name = (char *) shortname, 4069 // .release = ... 4070 // .suspend = ... 4071 // .resume = ... 4072 }, 4073}; 4074 4075 4076static int __init fsg_alloc(void) 4077{ 4078 struct fsg_dev *fsg; 4079 4080 fsg = kmalloc(sizeof *fsg, GFP_KERNEL); 4081 if (!fsg) 4082 return -ENOMEM; 4083 memset(fsg, 0, sizeof *fsg); 4084 spin_lock_init(&fsg->lock); 4085 init_rwsem(&fsg->filesem); 4086 init_waitqueue_head(&fsg->thread_wqh); 4087 init_completion(&fsg->thread_notifier); 4088 4089 the_fsg = fsg; 4090 return 0; 4091} 4092 4093 4094static void fsg_free(struct fsg_dev *fsg) 4095{ 4096 kfree(fsg->luns); 4097 kfree(fsg); 4098} 4099 4100 4101static int __init fsg_init(void) 4102{ 4103 int rc; 4104 struct fsg_dev *fsg; 4105 4106 if ((rc = fsg_alloc()) != 0) 4107 return rc; 4108 fsg = the_fsg; 4109 if ((rc = usb_gadget_register_driver(&fsg_driver)) != 0) { 4110 fsg_free(fsg); 4111 return rc; 4112 } 4113 set_bit(REGISTERED, &fsg->atomic_bitflags); 4114 4115 /* Tell the thread to start working */ 4116 complete(&fsg->thread_notifier); 4117 return 0; 4118} 4119module_init(fsg_init); 4120 4121 4122static void __exit fsg_cleanup(void) 4123{ 4124 struct fsg_dev *fsg = the_fsg; 4125 4126 /* Unregister the driver iff the thread hasn't already done so */ 4127 if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags)) 4128 usb_gadget_unregister_driver(&fsg_driver); 4129 4130 /* Wait for the thread to finish up */ 4131 wait_for_completion(&fsg->thread_notifier); 4132 4133 close_all_backing_files(fsg); 4134 fsg_free(fsg); 4135} 4136module_exit(fsg_cleanup); 4137