1 | // SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause) |
2 | /* |
3 | * f_mass_storage.c -- Mass Storage USB Composite Function |
4 | * |
5 | * Copyright (C) 2003-2008 Alan Stern |
6 | * Copyright (C) 2009 Samsung Electronics |
7 | * Author: Michal Nazarewicz <mina86@mina86.com> |
8 | * All rights reserved. |
9 | */ |
10 | |
11 | /* |
12 | * The Mass Storage Function acts as a USB Mass Storage device, |
13 | * appearing to the host as a disk drive or as a CD-ROM drive. In |
14 | * addition to providing an example of a genuinely useful composite |
15 | * function for a USB device, it also illustrates a technique of |
16 | * double-buffering for increased throughput. |
17 | * |
18 | * For more information about MSF and in particular its module |
19 | * parameters and sysfs interface read the |
20 | * <Documentation/usb/mass-storage.rst> file. |
21 | */ |
22 | |
23 | /* |
24 | * MSF is configured by specifying a fsg_config structure. It has the |
25 | * following fields: |
26 | * |
27 | * nluns Number of LUNs function have (anywhere from 1 |
28 | * to FSG_MAX_LUNS). |
29 | * luns An array of LUN configuration values. This |
30 | * should be filled for each LUN that |
31 | * function will include (ie. for "nluns" |
32 | * LUNs). Each element of the array has |
33 | * the following fields: |
34 | * ->filename The path to the backing file for the LUN. |
35 | * Required if LUN is not marked as |
36 | * removable. |
37 | * ->ro Flag specifying access to the LUN shall be |
38 | * read-only. This is implied if CD-ROM |
39 | * emulation is enabled as well as when |
40 | * it was impossible to open "filename" |
41 | * in R/W mode. |
42 | * ->removable Flag specifying that LUN shall be indicated as |
43 | * being removable. |
44 | * ->cdrom Flag specifying that LUN shall be reported as |
45 | * being a CD-ROM. |
46 | * ->nofua Flag specifying that FUA flag in SCSI WRITE(10,12) |
47 | * commands for this LUN shall be ignored. |
48 | * |
49 | * vendor_name |
50 | * product_name |
51 | * release Information used as a reply to INQUIRY |
52 | * request. To use default set to NULL, |
53 | * NULL, 0xffff respectively. The first |
54 | * field should be 8 and the second 16 |
55 | * characters or less. |
56 | * |
57 | * can_stall Set to permit function to halt bulk endpoints. |
58 | * Disabled on some USB devices known not |
59 | * to work correctly. You should set it |
60 | * to true. |
61 | * |
62 | * If "removable" is not set for a LUN then a backing file must be |
63 | * specified. If it is set, then NULL filename means the LUN's medium |
64 | * is not loaded (an empty string as "filename" in the fsg_config |
65 | * structure causes error). The CD-ROM emulation includes a single |
66 | * data track and no audio tracks; hence there need be only one |
67 | * backing file per LUN. |
68 | * |
69 | * This function is heavily based on "File-backed Storage Gadget" by |
70 | * Alan Stern which in turn is heavily based on "Gadget Zero" by David |
71 | * Brownell. The driver's SCSI command interface was based on the |
72 | * "Information technology - Small Computer System Interface - 2" |
73 | * document from X3T9.2 Project 375D, Revision 10L, 7-SEP-93, |
74 | * available at <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>. |
75 | * The single exception is opcode 0x23 (READ FORMAT CAPACITIES), which |
76 | * was based on the "Universal Serial Bus Mass Storage Class UFI |
77 | * Command Specification" document, Revision 1.0, December 14, 1998, |
78 | * available at |
79 | * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>. |
80 | */ |
81 | |
82 | /* |
83 | * Driver Design |
84 | * |
85 | * The MSF is fairly straightforward. There is a main kernel |
86 | * thread that handles most of the work. Interrupt routines field |
87 | * callbacks from the controller driver: bulk- and interrupt-request |
88 | * completion notifications, endpoint-0 events, and disconnect events. |
89 | * Completion events are passed to the main thread by wakeup calls. Many |
90 | * ep0 requests are handled at interrupt time, but SetInterface, |
91 | * SetConfiguration, and device reset requests are forwarded to the |
92 | * thread in the form of "exceptions" using SIGUSR1 signals (since they |
93 | * should interrupt any ongoing file I/O operations). |
94 | * |
95 | * The thread's main routine implements the standard command/data/status |
96 | * parts of a SCSI interaction. It and its subroutines are full of tests |
97 | * for pending signals/exceptions -- all this polling is necessary since |
98 | * the kernel has no setjmp/longjmp equivalents. (Maybe this is an |
99 | * indication that the driver really wants to be running in userspace.) |
100 | * An important point is that so long as the thread is alive it keeps an |
101 | * open reference to the backing file. This will prevent unmounting |
102 | * the backing file's underlying filesystem and could cause problems |
103 | * during system shutdown, for example. To prevent such problems, the |
104 | * thread catches INT, TERM, and KILL signals and converts them into |
105 | * an EXIT exception. |
106 | * |
107 | * In normal operation the main thread is started during the gadget's |
108 | * fsg_bind() callback and stopped during fsg_unbind(). But it can |
109 | * also exit when it receives a signal, and there's no point leaving |
110 | * the gadget running when the thread is dead. As of this moment, MSF |
111 | * provides no way to deregister the gadget when thread dies -- maybe |
112 | * a callback functions is needed. |
113 | * |
114 | * To provide maximum throughput, the driver uses a circular pipeline of |
115 | * buffer heads (struct fsg_buffhd). In principle the pipeline can be |
116 | * arbitrarily long; in practice the benefits don't justify having more |
117 | * than 2 stages (i.e., double buffering). But it helps to think of the |
118 | * pipeline as being a long one. Each buffer head contains a bulk-in and |
119 | * a bulk-out request pointer (since the buffer can be used for both |
120 | * output and input -- directions always are given from the host's |
121 | * point of view) as well as a pointer to the buffer and various state |
122 | * variables. |
123 | * |
124 | * Use of the pipeline follows a simple protocol. There is a variable |
125 | * (fsg->next_buffhd_to_fill) that points to the next buffer head to use. |
126 | * At any time that buffer head may still be in use from an earlier |
127 | * request, so each buffer head has a state variable indicating whether |
128 | * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the |
129 | * buffer head to be EMPTY, filling the buffer either by file I/O or by |
130 | * USB I/O (during which the buffer head is BUSY), and marking the buffer |
131 | * head FULL when the I/O is complete. Then the buffer will be emptied |
132 | * (again possibly by USB I/O, during which it is marked BUSY) and |
133 | * finally marked EMPTY again (possibly by a completion routine). |
134 | * |
135 | * A module parameter tells the driver to avoid stalling the bulk |
136 | * endpoints wherever the transport specification allows. This is |
137 | * necessary for some UDCs like the SuperH, which cannot reliably clear a |
138 | * halt on a bulk endpoint. However, under certain circumstances the |
139 | * Bulk-only specification requires a stall. In such cases the driver |
140 | * will halt the endpoint and set a flag indicating that it should clear |
141 | * the halt in software during the next device reset. Hopefully this |
142 | * will permit everything to work correctly. Furthermore, although the |
143 | * specification allows the bulk-out endpoint to halt when the host sends |
144 | * too much data, implementing this would cause an unavoidable race. |
145 | * The driver will always use the "no-stall" approach for OUT transfers. |
146 | * |
147 | * One subtle point concerns sending status-stage responses for ep0 |
148 | * requests. Some of these requests, such as device reset, can involve |
149 | * interrupting an ongoing file I/O operation, which might take an |
150 | * arbitrarily long time. During that delay the host might give up on |
151 | * the original ep0 request and issue a new one. When that happens the |
152 | * driver should not notify the host about completion of the original |
153 | * request, as the host will no longer be waiting for it. So the driver |
154 | * assigns to each ep0 request a unique tag, and it keeps track of the |
155 | * tag value of the request associated with a long-running exception |
156 | * (device-reset, interface-change, or configuration-change). When the |
157 | * exception handler is finished, the status-stage response is submitted |
158 | * only if the current ep0 request tag is equal to the exception request |
159 | * tag. Thus only the most recently received ep0 request will get a |
160 | * status-stage response. |
161 | * |
162 | * Warning: This driver source file is too long. It ought to be split up |
163 | * into a header file plus about 3 separate .c files, to handle the details |
164 | * of the Gadget, USB Mass Storage, and SCSI protocols. |
165 | */ |
166 | |
167 | |
168 | /* #define VERBOSE_DEBUG */ |
169 | /* #define DUMP_MSGS */ |
170 | |
171 | #include <linux/blkdev.h> |
172 | #include <linux/completion.h> |
173 | #include <linux/dcache.h> |
174 | #include <linux/delay.h> |
175 | #include <linux/device.h> |
176 | #include <linux/fcntl.h> |
177 | #include <linux/file.h> |
178 | #include <linux/fs.h> |
179 | #include <linux/kstrtox.h> |
180 | #include <linux/kthread.h> |
181 | #include <linux/sched/signal.h> |
182 | #include <linux/limits.h> |
183 | #include <linux/pagemap.h> |
184 | #include <linux/rwsem.h> |
185 | #include <linux/slab.h> |
186 | #include <linux/spinlock.h> |
187 | #include <linux/string.h> |
188 | #include <linux/freezer.h> |
189 | #include <linux/module.h> |
190 | #include <linux/uaccess.h> |
191 | #include <asm/unaligned.h> |
192 | |
193 | #include <linux/usb/ch9.h> |
194 | #include <linux/usb/gadget.h> |
195 | #include <linux/usb/composite.h> |
196 | |
197 | #include <linux/nospec.h> |
198 | |
199 | #include "configfs.h" |
200 | |
201 | |
202 | /*------------------------------------------------------------------------*/ |
203 | |
204 | #define FSG_DRIVER_DESC "Mass Storage Function" |
205 | #define FSG_DRIVER_VERSION "2009/09/11" |
206 | |
207 | static const char fsg_string_interface[] = "Mass Storage" ; |
208 | |
209 | #include "storage_common.h" |
210 | #include "f_mass_storage.h" |
211 | |
212 | /* Static strings, in UTF-8 (for simplicity we use only ASCII characters) */ |
213 | static struct usb_string fsg_strings[] = { |
214 | {FSG_STRING_INTERFACE, fsg_string_interface}, |
215 | {} |
216 | }; |
217 | |
218 | static struct usb_gadget_strings fsg_stringtab = { |
219 | .language = 0x0409, /* en-us */ |
220 | .strings = fsg_strings, |
221 | }; |
222 | |
223 | static struct usb_gadget_strings *fsg_strings_array[] = { |
224 | &fsg_stringtab, |
225 | NULL, |
226 | }; |
227 | |
228 | /*-------------------------------------------------------------------------*/ |
229 | |
230 | struct fsg_dev; |
231 | struct fsg_common; |
232 | |
233 | /* Data shared by all the FSG instances. */ |
234 | struct fsg_common { |
235 | struct usb_gadget *gadget; |
236 | struct usb_composite_dev *cdev; |
237 | struct fsg_dev *fsg; |
238 | wait_queue_head_t io_wait; |
239 | wait_queue_head_t fsg_wait; |
240 | |
241 | /* filesem protects: backing files in use */ |
242 | struct rw_semaphore filesem; |
243 | |
244 | /* lock protects: state and thread_task */ |
245 | spinlock_t lock; |
246 | |
247 | struct usb_ep *ep0; /* Copy of gadget->ep0 */ |
248 | struct usb_request *ep0req; /* Copy of cdev->req */ |
249 | unsigned int ep0_req_tag; |
250 | |
251 | struct fsg_buffhd *next_buffhd_to_fill; |
252 | struct fsg_buffhd *next_buffhd_to_drain; |
253 | struct fsg_buffhd *buffhds; |
254 | unsigned int fsg_num_buffers; |
255 | |
256 | int cmnd_size; |
257 | u8 cmnd[MAX_COMMAND_SIZE]; |
258 | |
259 | unsigned int lun; |
260 | struct fsg_lun *luns[FSG_MAX_LUNS]; |
261 | struct fsg_lun *curlun; |
262 | |
263 | unsigned int bulk_out_maxpacket; |
264 | enum fsg_state state; /* For exception handling */ |
265 | unsigned int exception_req_tag; |
266 | void *exception_arg; |
267 | |
268 | enum data_direction data_dir; |
269 | u32 data_size; |
270 | u32 data_size_from_cmnd; |
271 | u32 tag; |
272 | u32 residue; |
273 | u32 usb_amount_left; |
274 | |
275 | unsigned int can_stall:1; |
276 | unsigned int free_storage_on_release:1; |
277 | unsigned int phase_error:1; |
278 | unsigned int short_packet_received:1; |
279 | unsigned int bad_lun_okay:1; |
280 | unsigned int running:1; |
281 | unsigned int sysfs:1; |
282 | |
283 | struct completion thread_notifier; |
284 | struct task_struct *thread_task; |
285 | |
286 | /* Gadget's private data. */ |
287 | void *private_data; |
288 | |
289 | char inquiry_string[INQUIRY_STRING_LEN]; |
290 | }; |
291 | |
292 | struct fsg_dev { |
293 | struct usb_function function; |
294 | struct usb_gadget *gadget; /* Copy of cdev->gadget */ |
295 | struct fsg_common *common; |
296 | |
297 | u16 interface_number; |
298 | |
299 | unsigned int bulk_in_enabled:1; |
300 | unsigned int bulk_out_enabled:1; |
301 | |
302 | unsigned long atomic_bitflags; |
303 | #define IGNORE_BULK_OUT 0 |
304 | |
305 | struct usb_ep *bulk_in; |
306 | struct usb_ep *bulk_out; |
307 | }; |
308 | |
309 | static inline int __fsg_is_set(struct fsg_common *common, |
310 | const char *func, unsigned line) |
311 | { |
312 | if (common->fsg) |
313 | return 1; |
314 | ERROR(common, "common->fsg is NULL in %s at %u\n" , func, line); |
315 | WARN_ON(1); |
316 | return 0; |
317 | } |
318 | |
319 | #define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__)) |
320 | |
321 | static inline struct fsg_dev *fsg_from_func(struct usb_function *f) |
322 | { |
323 | return container_of(f, struct fsg_dev, function); |
324 | } |
325 | |
326 | static int exception_in_progress(struct fsg_common *common) |
327 | { |
328 | return common->state > FSG_STATE_NORMAL; |
329 | } |
330 | |
331 | /* Make bulk-out requests be divisible by the maxpacket size */ |
332 | static void set_bulk_out_req_length(struct fsg_common *common, |
333 | struct fsg_buffhd *bh, unsigned int length) |
334 | { |
335 | unsigned int rem; |
336 | |
337 | bh->bulk_out_intended_length = length; |
338 | rem = length % common->bulk_out_maxpacket; |
339 | if (rem > 0) |
340 | length += common->bulk_out_maxpacket - rem; |
341 | bh->outreq->length = length; |
342 | } |
343 | |
344 | |
345 | /*-------------------------------------------------------------------------*/ |
346 | |
347 | static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep) |
348 | { |
349 | const char *name; |
350 | |
351 | if (ep == fsg->bulk_in) |
352 | name = "bulk-in" ; |
353 | else if (ep == fsg->bulk_out) |
354 | name = "bulk-out" ; |
355 | else |
356 | name = ep->name; |
357 | DBG(fsg, "%s set halt\n" , name); |
358 | return usb_ep_set_halt(ep); |
359 | } |
360 | |
361 | |
362 | /*-------------------------------------------------------------------------*/ |
363 | |
364 | /* These routines may be called in process context or in_irq */ |
365 | |
366 | static void __raise_exception(struct fsg_common *common, enum fsg_state new_state, |
367 | void *arg) |
368 | { |
369 | unsigned long flags; |
370 | |
371 | /* |
372 | * Do nothing if a higher-priority exception is already in progress. |
373 | * If a lower-or-equal priority exception is in progress, preempt it |
374 | * and notify the main thread by sending it a signal. |
375 | */ |
376 | spin_lock_irqsave(&common->lock, flags); |
377 | if (common->state <= new_state) { |
378 | common->exception_req_tag = common->ep0_req_tag; |
379 | common->state = new_state; |
380 | common->exception_arg = arg; |
381 | if (common->thread_task) |
382 | send_sig_info(SIGUSR1, SEND_SIG_PRIV, |
383 | common->thread_task); |
384 | } |
385 | spin_unlock_irqrestore(lock: &common->lock, flags); |
386 | } |
387 | |
388 | static void raise_exception(struct fsg_common *common, enum fsg_state new_state) |
389 | { |
390 | __raise_exception(common, new_state, NULL); |
391 | } |
392 | |
393 | /*-------------------------------------------------------------------------*/ |
394 | |
395 | static int ep0_queue(struct fsg_common *common) |
396 | { |
397 | int rc; |
398 | |
399 | rc = usb_ep_queue(ep: common->ep0, req: common->ep0req, GFP_ATOMIC); |
400 | common->ep0->driver_data = common; |
401 | if (rc != 0 && rc != -ESHUTDOWN) { |
402 | /* We can't do much more than wait for a reset */ |
403 | WARNING(common, "error in submission: %s --> %d\n" , |
404 | common->ep0->name, rc); |
405 | } |
406 | return rc; |
407 | } |
408 | |
409 | |
410 | /*-------------------------------------------------------------------------*/ |
411 | |
412 | /* Completion handlers. These always run in_irq. */ |
413 | |
414 | static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req) |
415 | { |
416 | struct fsg_common *common = ep->driver_data; |
417 | struct fsg_buffhd *bh = req->context; |
418 | |
419 | if (req->status || req->actual != req->length) |
420 | DBG(common, "%s --> %d, %u/%u\n" , __func__, |
421 | req->status, req->actual, req->length); |
422 | if (req->status == -ECONNRESET) /* Request was cancelled */ |
423 | usb_ep_fifo_flush(ep); |
424 | |
425 | /* Synchronize with the smp_load_acquire() in sleep_thread() */ |
426 | smp_store_release(&bh->state, BUF_STATE_EMPTY); |
427 | wake_up(&common->io_wait); |
428 | } |
429 | |
430 | static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req) |
431 | { |
432 | struct fsg_common *common = ep->driver_data; |
433 | struct fsg_buffhd *bh = req->context; |
434 | |
435 | dump_msg(common, "bulk-out" , req->buf, req->actual); |
436 | if (req->status || req->actual != bh->bulk_out_intended_length) |
437 | DBG(common, "%s --> %d, %u/%u\n" , __func__, |
438 | req->status, req->actual, bh->bulk_out_intended_length); |
439 | if (req->status == -ECONNRESET) /* Request was cancelled */ |
440 | usb_ep_fifo_flush(ep); |
441 | |
442 | /* Synchronize with the smp_load_acquire() in sleep_thread() */ |
443 | smp_store_release(&bh->state, BUF_STATE_FULL); |
444 | wake_up(&common->io_wait); |
445 | } |
446 | |
447 | static int _fsg_common_get_max_lun(struct fsg_common *common) |
448 | { |
449 | int i = ARRAY_SIZE(common->luns) - 1; |
450 | |
451 | while (i >= 0 && !common->luns[i]) |
452 | --i; |
453 | |
454 | return i; |
455 | } |
456 | |
457 | static int fsg_setup(struct usb_function *f, |
458 | const struct usb_ctrlrequest *ctrl) |
459 | { |
460 | struct fsg_dev *fsg = fsg_from_func(f); |
461 | struct usb_request *req = fsg->common->ep0req; |
462 | u16 w_index = le16_to_cpu(ctrl->wIndex); |
463 | u16 w_value = le16_to_cpu(ctrl->wValue); |
464 | u16 w_length = le16_to_cpu(ctrl->wLength); |
465 | |
466 | if (!fsg_is_set(fsg->common)) |
467 | return -EOPNOTSUPP; |
468 | |
469 | ++fsg->common->ep0_req_tag; /* Record arrival of a new request */ |
470 | req->context = NULL; |
471 | req->length = 0; |
472 | dump_msg(fsg, "ep0-setup" , (u8 *) ctrl, sizeof(*ctrl)); |
473 | |
474 | switch (ctrl->bRequest) { |
475 | |
476 | case US_BULK_RESET_REQUEST: |
477 | if (ctrl->bRequestType != |
478 | (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE)) |
479 | break; |
480 | if (w_index != fsg->interface_number || w_value != 0 || |
481 | w_length != 0) |
482 | return -EDOM; |
483 | |
484 | /* |
485 | * Raise an exception to stop the current operation |
486 | * and reinitialize our state. |
487 | */ |
488 | DBG(fsg, "bulk reset request\n" ); |
489 | raise_exception(common: fsg->common, new_state: FSG_STATE_PROTOCOL_RESET); |
490 | return USB_GADGET_DELAYED_STATUS; |
491 | |
492 | case US_BULK_GET_MAX_LUN: |
493 | if (ctrl->bRequestType != |
494 | (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE)) |
495 | break; |
496 | if (w_index != fsg->interface_number || w_value != 0 || |
497 | w_length != 1) |
498 | return -EDOM; |
499 | VDBG(fsg, "get max LUN\n" ); |
500 | *(u8 *)req->buf = _fsg_common_get_max_lun(common: fsg->common); |
501 | |
502 | /* Respond with data/status */ |
503 | req->length = min((u16)1, w_length); |
504 | return ep0_queue(common: fsg->common); |
505 | } |
506 | |
507 | VDBG(fsg, |
508 | "unknown class-specific control req %02x.%02x v%04x i%04x l%u\n" , |
509 | ctrl->bRequestType, ctrl->bRequest, |
510 | le16_to_cpu(ctrl->wValue), w_index, w_length); |
511 | return -EOPNOTSUPP; |
512 | } |
513 | |
514 | |
515 | /*-------------------------------------------------------------------------*/ |
516 | |
517 | /* All the following routines run in process context */ |
518 | |
519 | /* Use this for bulk or interrupt transfers, not ep0 */ |
520 | static int start_transfer(struct fsg_dev *fsg, struct usb_ep *ep, |
521 | struct usb_request *req) |
522 | { |
523 | int rc; |
524 | |
525 | if (ep == fsg->bulk_in) |
526 | dump_msg(fsg, "bulk-in" , req->buf, req->length); |
527 | |
528 | rc = usb_ep_queue(ep, req, GFP_KERNEL); |
529 | if (rc) { |
530 | |
531 | /* We can't do much more than wait for a reset */ |
532 | req->status = rc; |
533 | |
534 | /* |
535 | * Note: currently the net2280 driver fails zero-length |
536 | * submissions if DMA is enabled. |
537 | */ |
538 | if (rc != -ESHUTDOWN && |
539 | !(rc == -EOPNOTSUPP && req->length == 0)) |
540 | WARNING(fsg, "error in submission: %s --> %d\n" , |
541 | ep->name, rc); |
542 | } |
543 | return rc; |
544 | } |
545 | |
546 | static bool start_in_transfer(struct fsg_common *common, struct fsg_buffhd *bh) |
547 | { |
548 | int rc; |
549 | |
550 | if (!fsg_is_set(common)) |
551 | return false; |
552 | bh->state = BUF_STATE_SENDING; |
553 | rc = start_transfer(fsg: common->fsg, ep: common->fsg->bulk_in, req: bh->inreq); |
554 | if (rc) { |
555 | bh->state = BUF_STATE_EMPTY; |
556 | if (rc == -ESHUTDOWN) { |
557 | common->running = 0; |
558 | return false; |
559 | } |
560 | } |
561 | return true; |
562 | } |
563 | |
564 | static bool start_out_transfer(struct fsg_common *common, struct fsg_buffhd *bh) |
565 | { |
566 | int rc; |
567 | |
568 | if (!fsg_is_set(common)) |
569 | return false; |
570 | bh->state = BUF_STATE_RECEIVING; |
571 | rc = start_transfer(fsg: common->fsg, ep: common->fsg->bulk_out, req: bh->outreq); |
572 | if (rc) { |
573 | bh->state = BUF_STATE_FULL; |
574 | if (rc == -ESHUTDOWN) { |
575 | common->running = 0; |
576 | return false; |
577 | } |
578 | } |
579 | return true; |
580 | } |
581 | |
582 | static int sleep_thread(struct fsg_common *common, bool can_freeze, |
583 | struct fsg_buffhd *bh) |
584 | { |
585 | int rc; |
586 | |
587 | /* Wait until a signal arrives or bh is no longer busy */ |
588 | if (can_freeze) |
589 | /* |
590 | * synchronize with the smp_store_release(&bh->state) in |
591 | * bulk_in_complete() or bulk_out_complete() |
592 | */ |
593 | rc = wait_event_freezable(common->io_wait, |
594 | bh && smp_load_acquire(&bh->state) >= |
595 | BUF_STATE_EMPTY); |
596 | else |
597 | rc = wait_event_interruptible(common->io_wait, |
598 | bh && smp_load_acquire(&bh->state) >= |
599 | BUF_STATE_EMPTY); |
600 | return rc ? -EINTR : 0; |
601 | } |
602 | |
603 | |
604 | /*-------------------------------------------------------------------------*/ |
605 | |
606 | static int do_read(struct fsg_common *common) |
607 | { |
608 | struct fsg_lun *curlun = common->curlun; |
609 | u64 lba; |
610 | struct fsg_buffhd *bh; |
611 | int rc; |
612 | u32 amount_left; |
613 | loff_t file_offset, file_offset_tmp; |
614 | unsigned int amount; |
615 | ssize_t nread; |
616 | |
617 | /* |
618 | * Get the starting Logical Block Address and check that it's |
619 | * not too big. |
620 | */ |
621 | if (common->cmnd[0] == READ_6) |
622 | lba = get_unaligned_be24(p: &common->cmnd[1]); |
623 | else { |
624 | if (common->cmnd[0] == READ_16) |
625 | lba = get_unaligned_be64(p: &common->cmnd[2]); |
626 | else /* READ_10 or READ_12 */ |
627 | lba = get_unaligned_be32(p: &common->cmnd[2]); |
628 | |
629 | /* |
630 | * We allow DPO (Disable Page Out = don't save data in the |
631 | * cache) and FUA (Force Unit Access = don't read from the |
632 | * cache), but we don't implement them. |
633 | */ |
634 | if ((common->cmnd[1] & ~0x18) != 0) { |
635 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
636 | return -EINVAL; |
637 | } |
638 | } |
639 | if (lba >= curlun->num_sectors) { |
640 | curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; |
641 | return -EINVAL; |
642 | } |
643 | file_offset = ((loff_t) lba) << curlun->blkbits; |
644 | |
645 | /* Carry out the file reads */ |
646 | amount_left = common->data_size_from_cmnd; |
647 | if (unlikely(amount_left == 0)) |
648 | return -EIO; /* No default reply */ |
649 | |
650 | for (;;) { |
651 | /* |
652 | * Figure out how much we need to read: |
653 | * Try to read the remaining amount. |
654 | * But don't read more than the buffer size. |
655 | * And don't try to read past the end of the file. |
656 | */ |
657 | amount = min(amount_left, FSG_BUFLEN); |
658 | amount = min((loff_t)amount, |
659 | curlun->file_length - file_offset); |
660 | |
661 | /* Wait for the next buffer to become available */ |
662 | bh = common->next_buffhd_to_fill; |
663 | rc = sleep_thread(common, can_freeze: false, bh); |
664 | if (rc) |
665 | return rc; |
666 | |
667 | /* |
668 | * If we were asked to read past the end of file, |
669 | * end with an empty buffer. |
670 | */ |
671 | if (amount == 0) { |
672 | curlun->sense_data = |
673 | SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; |
674 | curlun->sense_data_info = |
675 | file_offset >> curlun->blkbits; |
676 | curlun->info_valid = 1; |
677 | bh->inreq->length = 0; |
678 | bh->state = BUF_STATE_FULL; |
679 | break; |
680 | } |
681 | |
682 | /* Perform the read */ |
683 | file_offset_tmp = file_offset; |
684 | nread = kernel_read(curlun->filp, bh->buf, amount, |
685 | &file_offset_tmp); |
686 | VLDBG(curlun, "file read %u @ %llu -> %d\n" , amount, |
687 | (unsigned long long)file_offset, (int)nread); |
688 | if (signal_pending(current)) |
689 | return -EINTR; |
690 | |
691 | if (nread < 0) { |
692 | LDBG(curlun, "error in file read: %d\n" , (int)nread); |
693 | nread = 0; |
694 | } else if (nread < amount) { |
695 | LDBG(curlun, "partial file read: %d/%u\n" , |
696 | (int)nread, amount); |
697 | nread = round_down(nread, curlun->blksize); |
698 | } |
699 | file_offset += nread; |
700 | amount_left -= nread; |
701 | common->residue -= nread; |
702 | |
703 | /* |
704 | * Except at the end of the transfer, nread will be |
705 | * equal to the buffer size, which is divisible by the |
706 | * bulk-in maxpacket size. |
707 | */ |
708 | bh->inreq->length = nread; |
709 | bh->state = BUF_STATE_FULL; |
710 | |
711 | /* If an error occurred, report it and its position */ |
712 | if (nread < amount) { |
713 | curlun->sense_data = SS_UNRECOVERED_READ_ERROR; |
714 | curlun->sense_data_info = |
715 | file_offset >> curlun->blkbits; |
716 | curlun->info_valid = 1; |
717 | break; |
718 | } |
719 | |
720 | if (amount_left == 0) |
721 | break; /* No more left to read */ |
722 | |
723 | /* Send this buffer and go read some more */ |
724 | bh->inreq->zero = 0; |
725 | if (!start_in_transfer(common, bh)) |
726 | /* Don't know what to do if common->fsg is NULL */ |
727 | return -EIO; |
728 | common->next_buffhd_to_fill = bh->next; |
729 | } |
730 | |
731 | return -EIO; /* No default reply */ |
732 | } |
733 | |
734 | |
735 | /*-------------------------------------------------------------------------*/ |
736 | |
737 | static int do_write(struct fsg_common *common) |
738 | { |
739 | struct fsg_lun *curlun = common->curlun; |
740 | u64 lba; |
741 | struct fsg_buffhd *bh; |
742 | int get_some_more; |
743 | u32 amount_left_to_req, amount_left_to_write; |
744 | loff_t usb_offset, file_offset, file_offset_tmp; |
745 | unsigned int amount; |
746 | ssize_t nwritten; |
747 | int rc; |
748 | |
749 | if (curlun->ro) { |
750 | curlun->sense_data = SS_WRITE_PROTECTED; |
751 | return -EINVAL; |
752 | } |
753 | spin_lock(lock: &curlun->filp->f_lock); |
754 | curlun->filp->f_flags &= ~O_SYNC; /* Default is not to wait */ |
755 | spin_unlock(lock: &curlun->filp->f_lock); |
756 | |
757 | /* |
758 | * Get the starting Logical Block Address and check that it's |
759 | * not too big |
760 | */ |
761 | if (common->cmnd[0] == WRITE_6) |
762 | lba = get_unaligned_be24(p: &common->cmnd[1]); |
763 | else { |
764 | if (common->cmnd[0] == WRITE_16) |
765 | lba = get_unaligned_be64(p: &common->cmnd[2]); |
766 | else /* WRITE_10 or WRITE_12 */ |
767 | lba = get_unaligned_be32(p: &common->cmnd[2]); |
768 | |
769 | /* |
770 | * We allow DPO (Disable Page Out = don't save data in the |
771 | * cache) and FUA (Force Unit Access = write directly to the |
772 | * medium). We don't implement DPO; we implement FUA by |
773 | * performing synchronous output. |
774 | */ |
775 | if (common->cmnd[1] & ~0x18) { |
776 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
777 | return -EINVAL; |
778 | } |
779 | if (!curlun->nofua && (common->cmnd[1] & 0x08)) { /* FUA */ |
780 | spin_lock(lock: &curlun->filp->f_lock); |
781 | curlun->filp->f_flags |= O_SYNC; |
782 | spin_unlock(lock: &curlun->filp->f_lock); |
783 | } |
784 | } |
785 | if (lba >= curlun->num_sectors) { |
786 | curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; |
787 | return -EINVAL; |
788 | } |
789 | |
790 | /* Carry out the file writes */ |
791 | get_some_more = 1; |
792 | file_offset = usb_offset = ((loff_t) lba) << curlun->blkbits; |
793 | amount_left_to_req = common->data_size_from_cmnd; |
794 | amount_left_to_write = common->data_size_from_cmnd; |
795 | |
796 | while (amount_left_to_write > 0) { |
797 | |
798 | /* Queue a request for more data from the host */ |
799 | bh = common->next_buffhd_to_fill; |
800 | if (bh->state == BUF_STATE_EMPTY && get_some_more) { |
801 | |
802 | /* |
803 | * Figure out how much we want to get: |
804 | * Try to get the remaining amount, |
805 | * but not more than the buffer size. |
806 | */ |
807 | amount = min(amount_left_to_req, FSG_BUFLEN); |
808 | |
809 | /* Beyond the end of the backing file? */ |
810 | if (usb_offset >= curlun->file_length) { |
811 | get_some_more = 0; |
812 | curlun->sense_data = |
813 | SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; |
814 | curlun->sense_data_info = |
815 | usb_offset >> curlun->blkbits; |
816 | curlun->info_valid = 1; |
817 | continue; |
818 | } |
819 | |
820 | /* Get the next buffer */ |
821 | usb_offset += amount; |
822 | common->usb_amount_left -= amount; |
823 | amount_left_to_req -= amount; |
824 | if (amount_left_to_req == 0) |
825 | get_some_more = 0; |
826 | |
827 | /* |
828 | * Except at the end of the transfer, amount will be |
829 | * equal to the buffer size, which is divisible by |
830 | * the bulk-out maxpacket size. |
831 | */ |
832 | set_bulk_out_req_length(common, bh, length: amount); |
833 | if (!start_out_transfer(common, bh)) |
834 | /* Dunno what to do if common->fsg is NULL */ |
835 | return -EIO; |
836 | common->next_buffhd_to_fill = bh->next; |
837 | continue; |
838 | } |
839 | |
840 | /* Write the received data to the backing file */ |
841 | bh = common->next_buffhd_to_drain; |
842 | if (bh->state == BUF_STATE_EMPTY && !get_some_more) |
843 | break; /* We stopped early */ |
844 | |
845 | /* Wait for the data to be received */ |
846 | rc = sleep_thread(common, can_freeze: false, bh); |
847 | if (rc) |
848 | return rc; |
849 | |
850 | common->next_buffhd_to_drain = bh->next; |
851 | bh->state = BUF_STATE_EMPTY; |
852 | |
853 | /* Did something go wrong with the transfer? */ |
854 | if (bh->outreq->status != 0) { |
855 | curlun->sense_data = SS_COMMUNICATION_FAILURE; |
856 | curlun->sense_data_info = |
857 | file_offset >> curlun->blkbits; |
858 | curlun->info_valid = 1; |
859 | break; |
860 | } |
861 | |
862 | amount = bh->outreq->actual; |
863 | if (curlun->file_length - file_offset < amount) { |
864 | LERROR(curlun, "write %u @ %llu beyond end %llu\n" , |
865 | amount, (unsigned long long)file_offset, |
866 | (unsigned long long)curlun->file_length); |
867 | amount = curlun->file_length - file_offset; |
868 | } |
869 | |
870 | /* |
871 | * Don't accept excess data. The spec doesn't say |
872 | * what to do in this case. We'll ignore the error. |
873 | */ |
874 | amount = min(amount, bh->bulk_out_intended_length); |
875 | |
876 | /* Don't write a partial block */ |
877 | amount = round_down(amount, curlun->blksize); |
878 | if (amount == 0) |
879 | goto empty_write; |
880 | |
881 | /* Perform the write */ |
882 | file_offset_tmp = file_offset; |
883 | nwritten = kernel_write(curlun->filp, bh->buf, amount, |
884 | &file_offset_tmp); |
885 | VLDBG(curlun, "file write %u @ %llu -> %d\n" , amount, |
886 | (unsigned long long)file_offset, (int)nwritten); |
887 | if (signal_pending(current)) |
888 | return -EINTR; /* Interrupted! */ |
889 | |
890 | if (nwritten < 0) { |
891 | LDBG(curlun, "error in file write: %d\n" , |
892 | (int) nwritten); |
893 | nwritten = 0; |
894 | } else if (nwritten < amount) { |
895 | LDBG(curlun, "partial file write: %d/%u\n" , |
896 | (int) nwritten, amount); |
897 | nwritten = round_down(nwritten, curlun->blksize); |
898 | } |
899 | file_offset += nwritten; |
900 | amount_left_to_write -= nwritten; |
901 | common->residue -= nwritten; |
902 | |
903 | /* If an error occurred, report it and its position */ |
904 | if (nwritten < amount) { |
905 | curlun->sense_data = SS_WRITE_ERROR; |
906 | curlun->sense_data_info = |
907 | file_offset >> curlun->blkbits; |
908 | curlun->info_valid = 1; |
909 | break; |
910 | } |
911 | |
912 | empty_write: |
913 | /* Did the host decide to stop early? */ |
914 | if (bh->outreq->actual < bh->bulk_out_intended_length) { |
915 | common->short_packet_received = 1; |
916 | break; |
917 | } |
918 | } |
919 | |
920 | return -EIO; /* No default reply */ |
921 | } |
922 | |
923 | |
924 | /*-------------------------------------------------------------------------*/ |
925 | |
926 | static int do_synchronize_cache(struct fsg_common *common) |
927 | { |
928 | struct fsg_lun *curlun = common->curlun; |
929 | int rc; |
930 | |
931 | /* We ignore the requested LBA and write out all file's |
932 | * dirty data buffers. */ |
933 | rc = fsg_lun_fsync_sub(curlun); |
934 | if (rc) |
935 | curlun->sense_data = SS_WRITE_ERROR; |
936 | return 0; |
937 | } |
938 | |
939 | |
940 | /*-------------------------------------------------------------------------*/ |
941 | |
942 | static void invalidate_sub(struct fsg_lun *curlun) |
943 | { |
944 | struct file *filp = curlun->filp; |
945 | struct inode *inode = file_inode(f: filp); |
946 | unsigned long __maybe_unused rc; |
947 | |
948 | rc = invalidate_mapping_pages(mapping: inode->i_mapping, start: 0, end: -1); |
949 | VLDBG(curlun, "invalidate_mapping_pages -> %ld\n" , rc); |
950 | } |
951 | |
952 | static int do_verify(struct fsg_common *common) |
953 | { |
954 | struct fsg_lun *curlun = common->curlun; |
955 | u32 lba; |
956 | u32 verification_length; |
957 | struct fsg_buffhd *bh = common->next_buffhd_to_fill; |
958 | loff_t file_offset, file_offset_tmp; |
959 | u32 amount_left; |
960 | unsigned int amount; |
961 | ssize_t nread; |
962 | |
963 | /* |
964 | * Get the starting Logical Block Address and check that it's |
965 | * not too big. |
966 | */ |
967 | lba = get_unaligned_be32(p: &common->cmnd[2]); |
968 | if (lba >= curlun->num_sectors) { |
969 | curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; |
970 | return -EINVAL; |
971 | } |
972 | |
973 | /* |
974 | * We allow DPO (Disable Page Out = don't save data in the |
975 | * cache) but we don't implement it. |
976 | */ |
977 | if (common->cmnd[1] & ~0x10) { |
978 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
979 | return -EINVAL; |
980 | } |
981 | |
982 | verification_length = get_unaligned_be16(p: &common->cmnd[7]); |
983 | if (unlikely(verification_length == 0)) |
984 | return -EIO; /* No default reply */ |
985 | |
986 | /* Prepare to carry out the file verify */ |
987 | amount_left = verification_length << curlun->blkbits; |
988 | file_offset = ((loff_t) lba) << curlun->blkbits; |
989 | |
990 | /* Write out all the dirty buffers before invalidating them */ |
991 | fsg_lun_fsync_sub(curlun); |
992 | if (signal_pending(current)) |
993 | return -EINTR; |
994 | |
995 | invalidate_sub(curlun); |
996 | if (signal_pending(current)) |
997 | return -EINTR; |
998 | |
999 | /* Just try to read the requested blocks */ |
1000 | while (amount_left > 0) { |
1001 | /* |
1002 | * Figure out how much we need to read: |
1003 | * Try to read the remaining amount, but not more than |
1004 | * the buffer size. |
1005 | * And don't try to read past the end of the file. |
1006 | */ |
1007 | amount = min(amount_left, FSG_BUFLEN); |
1008 | amount = min((loff_t)amount, |
1009 | curlun->file_length - file_offset); |
1010 | if (amount == 0) { |
1011 | curlun->sense_data = |
1012 | SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; |
1013 | curlun->sense_data_info = |
1014 | file_offset >> curlun->blkbits; |
1015 | curlun->info_valid = 1; |
1016 | break; |
1017 | } |
1018 | |
1019 | /* Perform the read */ |
1020 | file_offset_tmp = file_offset; |
1021 | nread = kernel_read(curlun->filp, bh->buf, amount, |
1022 | &file_offset_tmp); |
1023 | VLDBG(curlun, "file read %u @ %llu -> %d\n" , amount, |
1024 | (unsigned long long) file_offset, |
1025 | (int) nread); |
1026 | if (signal_pending(current)) |
1027 | return -EINTR; |
1028 | |
1029 | if (nread < 0) { |
1030 | LDBG(curlun, "error in file verify: %d\n" , (int)nread); |
1031 | nread = 0; |
1032 | } else if (nread < amount) { |
1033 | LDBG(curlun, "partial file verify: %d/%u\n" , |
1034 | (int)nread, amount); |
1035 | nread = round_down(nread, curlun->blksize); |
1036 | } |
1037 | if (nread == 0) { |
1038 | curlun->sense_data = SS_UNRECOVERED_READ_ERROR; |
1039 | curlun->sense_data_info = |
1040 | file_offset >> curlun->blkbits; |
1041 | curlun->info_valid = 1; |
1042 | break; |
1043 | } |
1044 | file_offset += nread; |
1045 | amount_left -= nread; |
1046 | } |
1047 | return 0; |
1048 | } |
1049 | |
1050 | |
1051 | /*-------------------------------------------------------------------------*/ |
1052 | |
1053 | static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh) |
1054 | { |
1055 | struct fsg_lun *curlun = common->curlun; |
1056 | u8 *buf = (u8 *) bh->buf; |
1057 | |
1058 | if (!curlun) { /* Unsupported LUNs are okay */ |
1059 | common->bad_lun_okay = 1; |
1060 | memset(buf, 0, 36); |
1061 | buf[0] = TYPE_NO_LUN; /* Unsupported, no device-type */ |
1062 | buf[4] = 31; /* Additional length */ |
1063 | return 36; |
1064 | } |
1065 | |
1066 | buf[0] = curlun->cdrom ? TYPE_ROM : TYPE_DISK; |
1067 | buf[1] = curlun->removable ? 0x80 : 0; |
1068 | buf[2] = 2; /* ANSI SCSI level 2 */ |
1069 | buf[3] = 2; /* SCSI-2 INQUIRY data format */ |
1070 | buf[4] = 31; /* Additional length */ |
1071 | buf[5] = 0; /* No special options */ |
1072 | buf[6] = 0; |
1073 | buf[7] = 0; |
1074 | if (curlun->inquiry_string[0]) |
1075 | memcpy(buf + 8, curlun->inquiry_string, |
1076 | sizeof(curlun->inquiry_string)); |
1077 | else |
1078 | memcpy(buf + 8, common->inquiry_string, |
1079 | sizeof(common->inquiry_string)); |
1080 | return 36; |
1081 | } |
1082 | |
1083 | static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh) |
1084 | { |
1085 | struct fsg_lun *curlun = common->curlun; |
1086 | u8 *buf = (u8 *) bh->buf; |
1087 | u32 sd, sdinfo; |
1088 | int valid; |
1089 | |
1090 | /* |
1091 | * From the SCSI-2 spec., section 7.9 (Unit attention condition): |
1092 | * |
1093 | * If a REQUEST SENSE command is received from an initiator |
1094 | * with a pending unit attention condition (before the target |
1095 | * generates the contingent allegiance condition), then the |
1096 | * target shall either: |
1097 | * a) report any pending sense data and preserve the unit |
1098 | * attention condition on the logical unit, or, |
1099 | * b) report the unit attention condition, may discard any |
1100 | * pending sense data, and clear the unit attention |
1101 | * condition on the logical unit for that initiator. |
1102 | * |
1103 | * FSG normally uses option a); enable this code to use option b). |
1104 | */ |
1105 | #if 0 |
1106 | if (curlun && curlun->unit_attention_data != SS_NO_SENSE) { |
1107 | curlun->sense_data = curlun->unit_attention_data; |
1108 | curlun->unit_attention_data = SS_NO_SENSE; |
1109 | } |
1110 | #endif |
1111 | |
1112 | if (!curlun) { /* Unsupported LUNs are okay */ |
1113 | common->bad_lun_okay = 1; |
1114 | sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; |
1115 | sdinfo = 0; |
1116 | valid = 0; |
1117 | } else { |
1118 | sd = curlun->sense_data; |
1119 | sdinfo = curlun->sense_data_info; |
1120 | valid = curlun->info_valid << 7; |
1121 | curlun->sense_data = SS_NO_SENSE; |
1122 | curlun->sense_data_info = 0; |
1123 | curlun->info_valid = 0; |
1124 | } |
1125 | |
1126 | memset(buf, 0, 18); |
1127 | buf[0] = valid | 0x70; /* Valid, current error */ |
1128 | buf[2] = SK(sd); |
1129 | put_unaligned_be32(val: sdinfo, p: &buf[3]); /* Sense information */ |
1130 | buf[7] = 18 - 8; /* Additional sense length */ |
1131 | buf[12] = ASC(sd); |
1132 | buf[13] = ASCQ(sd); |
1133 | return 18; |
1134 | } |
1135 | |
1136 | static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh) |
1137 | { |
1138 | struct fsg_lun *curlun = common->curlun; |
1139 | u32 lba = get_unaligned_be32(p: &common->cmnd[2]); |
1140 | int pmi = common->cmnd[8]; |
1141 | u8 *buf = (u8 *)bh->buf; |
1142 | u32 max_lba; |
1143 | |
1144 | /* Check the PMI and LBA fields */ |
1145 | if (pmi > 1 || (pmi == 0 && lba != 0)) { |
1146 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
1147 | return -EINVAL; |
1148 | } |
1149 | |
1150 | if (curlun->num_sectors < 0x100000000ULL) |
1151 | max_lba = curlun->num_sectors - 1; |
1152 | else |
1153 | max_lba = 0xffffffff; |
1154 | put_unaligned_be32(val: max_lba, p: &buf[0]); /* Max logical block */ |
1155 | put_unaligned_be32(val: curlun->blksize, p: &buf[4]); /* Block length */ |
1156 | return 8; |
1157 | } |
1158 | |
1159 | static int do_read_capacity_16(struct fsg_common *common, struct fsg_buffhd *bh) |
1160 | { |
1161 | struct fsg_lun *curlun = common->curlun; |
1162 | u64 lba = get_unaligned_be64(p: &common->cmnd[2]); |
1163 | int pmi = common->cmnd[14]; |
1164 | u8 *buf = (u8 *)bh->buf; |
1165 | |
1166 | /* Check the PMI and LBA fields */ |
1167 | if (pmi > 1 || (pmi == 0 && lba != 0)) { |
1168 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
1169 | return -EINVAL; |
1170 | } |
1171 | |
1172 | put_unaligned_be64(val: curlun->num_sectors - 1, p: &buf[0]); |
1173 | /* Max logical block */ |
1174 | put_unaligned_be32(val: curlun->blksize, p: &buf[8]); /* Block length */ |
1175 | |
1176 | /* It is safe to keep other fields zeroed */ |
1177 | memset(&buf[12], 0, 32 - 12); |
1178 | return 32; |
1179 | } |
1180 | |
1181 | static int (struct fsg_common *common, struct fsg_buffhd *bh) |
1182 | { |
1183 | struct fsg_lun *curlun = common->curlun; |
1184 | int msf = common->cmnd[1] & 0x02; |
1185 | u32 lba = get_unaligned_be32(p: &common->cmnd[2]); |
1186 | u8 *buf = (u8 *)bh->buf; |
1187 | |
1188 | if (common->cmnd[1] & ~0x02) { /* Mask away MSF */ |
1189 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
1190 | return -EINVAL; |
1191 | } |
1192 | if (lba >= curlun->num_sectors) { |
1193 | curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; |
1194 | return -EINVAL; |
1195 | } |
1196 | |
1197 | memset(buf, 0, 8); |
1198 | buf[0] = 0x01; /* 2048 bytes of user data, rest is EC */ |
1199 | store_cdrom_address(dest: &buf[4], msf, addr: lba); |
1200 | return 8; |
1201 | } |
1202 | |
1203 | static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh) |
1204 | { |
1205 | struct fsg_lun *curlun = common->curlun; |
1206 | int msf = common->cmnd[1] & 0x02; |
1207 | int start_track = common->cmnd[6]; |
1208 | u8 *buf = (u8 *)bh->buf; |
1209 | u8 format; |
1210 | int i, len; |
1211 | |
1212 | format = common->cmnd[2] & 0xf; |
1213 | |
1214 | if ((common->cmnd[1] & ~0x02) != 0 || /* Mask away MSF */ |
1215 | (start_track > 1 && format != 0x1)) { |
1216 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
1217 | return -EINVAL; |
1218 | } |
1219 | |
1220 | /* |
1221 | * Check if CDB is old style SFF-8020i |
1222 | * i.e. format is in 2 MSBs of byte 9 |
1223 | * Mac OS-X host sends us this. |
1224 | */ |
1225 | if (format == 0) |
1226 | format = (common->cmnd[9] >> 6) & 0x3; |
1227 | |
1228 | switch (format) { |
1229 | case 0: /* Formatted TOC */ |
1230 | case 1: /* Multi-session info */ |
1231 | len = 4 + 2*8; /* 4 byte header + 2 descriptors */ |
1232 | memset(buf, 0, len); |
1233 | buf[1] = len - 2; /* TOC Length excludes length field */ |
1234 | buf[2] = 1; /* First track number */ |
1235 | buf[3] = 1; /* Last track number */ |
1236 | buf[5] = 0x16; /* Data track, copying allowed */ |
1237 | buf[6] = 0x01; /* Only track is number 1 */ |
1238 | store_cdrom_address(dest: &buf[8], msf, addr: 0); |
1239 | |
1240 | buf[13] = 0x16; /* Lead-out track is data */ |
1241 | buf[14] = 0xAA; /* Lead-out track number */ |
1242 | store_cdrom_address(dest: &buf[16], msf, addr: curlun->num_sectors); |
1243 | return len; |
1244 | |
1245 | case 2: |
1246 | /* Raw TOC */ |
1247 | len = 4 + 3*11; /* 4 byte header + 3 descriptors */ |
1248 | memset(buf, 0, len); /* Header + A0, A1 & A2 descriptors */ |
1249 | buf[1] = len - 2; /* TOC Length excludes length field */ |
1250 | buf[2] = 1; /* First complete session */ |
1251 | buf[3] = 1; /* Last complete session */ |
1252 | |
1253 | buf += 4; |
1254 | /* fill in A0, A1 and A2 points */ |
1255 | for (i = 0; i < 3; i++) { |
1256 | buf[0] = 1; /* Session number */ |
1257 | buf[1] = 0x16; /* Data track, copying allowed */ |
1258 | /* 2 - Track number 0 -> TOC */ |
1259 | buf[3] = 0xA0 + i; /* A0, A1, A2 point */ |
1260 | /* 4, 5, 6 - Min, sec, frame is zero */ |
1261 | buf[8] = 1; /* Pmin: last track number */ |
1262 | buf += 11; /* go to next track descriptor */ |
1263 | } |
1264 | buf -= 11; /* go back to A2 descriptor */ |
1265 | |
1266 | /* For A2, 7, 8, 9, 10 - zero, Pmin, Psec, Pframe of Lead out */ |
1267 | store_cdrom_address(dest: &buf[7], msf, addr: curlun->num_sectors); |
1268 | return len; |
1269 | |
1270 | default: |
1271 | /* PMA, ATIP, CD-TEXT not supported/required */ |
1272 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
1273 | return -EINVAL; |
1274 | } |
1275 | } |
1276 | |
1277 | static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh) |
1278 | { |
1279 | struct fsg_lun *curlun = common->curlun; |
1280 | int mscmnd = common->cmnd[0]; |
1281 | u8 *buf = (u8 *) bh->buf; |
1282 | u8 *buf0 = buf; |
1283 | int pc, page_code; |
1284 | int changeable_values, all_pages; |
1285 | int valid_page = 0; |
1286 | int len, limit; |
1287 | |
1288 | if ((common->cmnd[1] & ~0x08) != 0) { /* Mask away DBD */ |
1289 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
1290 | return -EINVAL; |
1291 | } |
1292 | pc = common->cmnd[2] >> 6; |
1293 | page_code = common->cmnd[2] & 0x3f; |
1294 | if (pc == 3) { |
1295 | curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; |
1296 | return -EINVAL; |
1297 | } |
1298 | changeable_values = (pc == 1); |
1299 | all_pages = (page_code == 0x3f); |
1300 | |
1301 | /* |
1302 | * Write the mode parameter header. Fixed values are: default |
1303 | * medium type, no cache control (DPOFUA), and no block descriptors. |
1304 | * The only variable value is the WriteProtect bit. We will fill in |
1305 | * the mode data length later. |
1306 | */ |
1307 | memset(buf, 0, 8); |
1308 | if (mscmnd == MODE_SENSE) { |
1309 | buf[2] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */ |
1310 | buf += 4; |
1311 | limit = 255; |
1312 | } else { /* MODE_SENSE_10 */ |
1313 | buf[3] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */ |
1314 | buf += 8; |
1315 | limit = 65535; /* Should really be FSG_BUFLEN */ |
1316 | } |
1317 | |
1318 | /* No block descriptors */ |
1319 | |
1320 | /* |
1321 | * The mode pages, in numerical order. The only page we support |
1322 | * is the Caching page. |
1323 | */ |
1324 | if (page_code == 0x08 || all_pages) { |
1325 | valid_page = 1; |
1326 | buf[0] = 0x08; /* Page code */ |
1327 | buf[1] = 10; /* Page length */ |
1328 | memset(buf+2, 0, 10); /* None of the fields are changeable */ |
1329 | |
1330 | if (!changeable_values) { |
1331 | buf[2] = 0x04; /* Write cache enable, */ |
1332 | /* Read cache not disabled */ |
1333 | /* No cache retention priorities */ |
1334 | put_unaligned_be16(val: 0xffff, p: &buf[4]); |
1335 | /* Don't disable prefetch */ |
1336 | /* Minimum prefetch = 0 */ |
1337 | put_unaligned_be16(val: 0xffff, p: &buf[8]); |
1338 | /* Maximum prefetch */ |
1339 | put_unaligned_be16(val: 0xffff, p: &buf[10]); |
1340 | /* Maximum prefetch ceiling */ |
1341 | } |
1342 | buf += 12; |
1343 | } |
1344 | |
1345 | /* |
1346 | * Check that a valid page was requested and the mode data length |
1347 | * isn't too long. |
1348 | */ |
1349 | len = buf - buf0; |
1350 | if (!valid_page || len > limit) { |
1351 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
1352 | return -EINVAL; |
1353 | } |
1354 | |
1355 | /* Store the mode data length */ |
1356 | if (mscmnd == MODE_SENSE) |
1357 | buf0[0] = len - 1; |
1358 | else |
1359 | put_unaligned_be16(val: len - 2, p: buf0); |
1360 | return len; |
1361 | } |
1362 | |
1363 | static int do_start_stop(struct fsg_common *common) |
1364 | { |
1365 | struct fsg_lun *curlun = common->curlun; |
1366 | int loej, start; |
1367 | |
1368 | if (!curlun) { |
1369 | return -EINVAL; |
1370 | } else if (!curlun->removable) { |
1371 | curlun->sense_data = SS_INVALID_COMMAND; |
1372 | return -EINVAL; |
1373 | } else if ((common->cmnd[1] & ~0x01) != 0 || /* Mask away Immed */ |
1374 | (common->cmnd[4] & ~0x03) != 0) { /* Mask LoEj, Start */ |
1375 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
1376 | return -EINVAL; |
1377 | } |
1378 | |
1379 | loej = common->cmnd[4] & 0x02; |
1380 | start = common->cmnd[4] & 0x01; |
1381 | |
1382 | /* |
1383 | * Our emulation doesn't support mounting; the medium is |
1384 | * available for use as soon as it is loaded. |
1385 | */ |
1386 | if (start) { |
1387 | if (!fsg_lun_is_open(curlun)) { |
1388 | curlun->sense_data = SS_MEDIUM_NOT_PRESENT; |
1389 | return -EINVAL; |
1390 | } |
1391 | return 0; |
1392 | } |
1393 | |
1394 | /* Are we allowed to unload the media? */ |
1395 | if (curlun->prevent_medium_removal) { |
1396 | LDBG(curlun, "unload attempt prevented\n" ); |
1397 | curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED; |
1398 | return -EINVAL; |
1399 | } |
1400 | |
1401 | if (!loej) |
1402 | return 0; |
1403 | |
1404 | up_read(sem: &common->filesem); |
1405 | down_write(sem: &common->filesem); |
1406 | fsg_lun_close(curlun); |
1407 | up_write(sem: &common->filesem); |
1408 | down_read(sem: &common->filesem); |
1409 | |
1410 | return 0; |
1411 | } |
1412 | |
1413 | static int do_prevent_allow(struct fsg_common *common) |
1414 | { |
1415 | struct fsg_lun *curlun = common->curlun; |
1416 | int prevent; |
1417 | |
1418 | if (!common->curlun) { |
1419 | return -EINVAL; |
1420 | } else if (!common->curlun->removable) { |
1421 | common->curlun->sense_data = SS_INVALID_COMMAND; |
1422 | return -EINVAL; |
1423 | } |
1424 | |
1425 | prevent = common->cmnd[4] & 0x01; |
1426 | if ((common->cmnd[4] & ~0x01) != 0) { /* Mask away Prevent */ |
1427 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
1428 | return -EINVAL; |
1429 | } |
1430 | |
1431 | if (curlun->prevent_medium_removal && !prevent) |
1432 | fsg_lun_fsync_sub(curlun); |
1433 | curlun->prevent_medium_removal = prevent; |
1434 | return 0; |
1435 | } |
1436 | |
1437 | static int do_read_format_capacities(struct fsg_common *common, |
1438 | struct fsg_buffhd *bh) |
1439 | { |
1440 | struct fsg_lun *curlun = common->curlun; |
1441 | u8 *buf = (u8 *) bh->buf; |
1442 | |
1443 | buf[0] = buf[1] = buf[2] = 0; |
1444 | buf[3] = 8; /* Only the Current/Maximum Capacity Descriptor */ |
1445 | buf += 4; |
1446 | |
1447 | put_unaligned_be32(val: curlun->num_sectors, p: &buf[0]); |
1448 | /* Number of blocks */ |
1449 | put_unaligned_be32(val: curlun->blksize, p: &buf[4]);/* Block length */ |
1450 | buf[4] = 0x02; /* Current capacity */ |
1451 | return 12; |
1452 | } |
1453 | |
1454 | static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh) |
1455 | { |
1456 | struct fsg_lun *curlun = common->curlun; |
1457 | |
1458 | /* We don't support MODE SELECT */ |
1459 | if (curlun) |
1460 | curlun->sense_data = SS_INVALID_COMMAND; |
1461 | return -EINVAL; |
1462 | } |
1463 | |
1464 | |
1465 | /*-------------------------------------------------------------------------*/ |
1466 | |
1467 | static int halt_bulk_in_endpoint(struct fsg_dev *fsg) |
1468 | { |
1469 | int rc; |
1470 | |
1471 | rc = fsg_set_halt(fsg, ep: fsg->bulk_in); |
1472 | if (rc == -EAGAIN) |
1473 | VDBG(fsg, "delayed bulk-in endpoint halt\n" ); |
1474 | while (rc != 0) { |
1475 | if (rc != -EAGAIN) { |
1476 | WARNING(fsg, "usb_ep_set_halt -> %d\n" , rc); |
1477 | rc = 0; |
1478 | break; |
1479 | } |
1480 | |
1481 | /* Wait for a short time and then try again */ |
1482 | if (msleep_interruptible(msecs: 100) != 0) |
1483 | return -EINTR; |
1484 | rc = usb_ep_set_halt(ep: fsg->bulk_in); |
1485 | } |
1486 | return rc; |
1487 | } |
1488 | |
1489 | static int wedge_bulk_in_endpoint(struct fsg_dev *fsg) |
1490 | { |
1491 | int rc; |
1492 | |
1493 | DBG(fsg, "bulk-in set wedge\n" ); |
1494 | rc = usb_ep_set_wedge(ep: fsg->bulk_in); |
1495 | if (rc == -EAGAIN) |
1496 | VDBG(fsg, "delayed bulk-in endpoint wedge\n" ); |
1497 | while (rc != 0) { |
1498 | if (rc != -EAGAIN) { |
1499 | WARNING(fsg, "usb_ep_set_wedge -> %d\n" , rc); |
1500 | rc = 0; |
1501 | break; |
1502 | } |
1503 | |
1504 | /* Wait for a short time and then try again */ |
1505 | if (msleep_interruptible(msecs: 100) != 0) |
1506 | return -EINTR; |
1507 | rc = usb_ep_set_wedge(ep: fsg->bulk_in); |
1508 | } |
1509 | return rc; |
1510 | } |
1511 | |
1512 | static int throw_away_data(struct fsg_common *common) |
1513 | { |
1514 | struct fsg_buffhd *bh, *bh2; |
1515 | u32 amount; |
1516 | int rc; |
1517 | |
1518 | for (bh = common->next_buffhd_to_drain; |
1519 | bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0; |
1520 | bh = common->next_buffhd_to_drain) { |
1521 | |
1522 | /* Try to submit another request if we need one */ |
1523 | bh2 = common->next_buffhd_to_fill; |
1524 | if (bh2->state == BUF_STATE_EMPTY && |
1525 | common->usb_amount_left > 0) { |
1526 | amount = min(common->usb_amount_left, FSG_BUFLEN); |
1527 | |
1528 | /* |
1529 | * Except at the end of the transfer, amount will be |
1530 | * equal to the buffer size, which is divisible by |
1531 | * the bulk-out maxpacket size. |
1532 | */ |
1533 | set_bulk_out_req_length(common, bh: bh2, length: amount); |
1534 | if (!start_out_transfer(common, bh: bh2)) |
1535 | /* Dunno what to do if common->fsg is NULL */ |
1536 | return -EIO; |
1537 | common->next_buffhd_to_fill = bh2->next; |
1538 | common->usb_amount_left -= amount; |
1539 | continue; |
1540 | } |
1541 | |
1542 | /* Wait for the data to be received */ |
1543 | rc = sleep_thread(common, can_freeze: false, bh); |
1544 | if (rc) |
1545 | return rc; |
1546 | |
1547 | /* Throw away the data in a filled buffer */ |
1548 | bh->state = BUF_STATE_EMPTY; |
1549 | common->next_buffhd_to_drain = bh->next; |
1550 | |
1551 | /* A short packet or an error ends everything */ |
1552 | if (bh->outreq->actual < bh->bulk_out_intended_length || |
1553 | bh->outreq->status != 0) { |
1554 | raise_exception(common, new_state: FSG_STATE_ABORT_BULK_OUT); |
1555 | return -EINTR; |
1556 | } |
1557 | } |
1558 | return 0; |
1559 | } |
1560 | |
1561 | static int finish_reply(struct fsg_common *common) |
1562 | { |
1563 | struct fsg_buffhd *bh = common->next_buffhd_to_fill; |
1564 | int rc = 0; |
1565 | |
1566 | switch (common->data_dir) { |
1567 | case DATA_DIR_NONE: |
1568 | break; /* Nothing to send */ |
1569 | |
1570 | /* |
1571 | * If we don't know whether the host wants to read or write, |
1572 | * this must be CB or CBI with an unknown command. We mustn't |
1573 | * try to send or receive any data. So stall both bulk pipes |
1574 | * if we can and wait for a reset. |
1575 | */ |
1576 | case DATA_DIR_UNKNOWN: |
1577 | if (!common->can_stall) { |
1578 | /* Nothing */ |
1579 | } else if (fsg_is_set(common)) { |
1580 | fsg_set_halt(fsg: common->fsg, ep: common->fsg->bulk_out); |
1581 | rc = halt_bulk_in_endpoint(fsg: common->fsg); |
1582 | } else { |
1583 | /* Don't know what to do if common->fsg is NULL */ |
1584 | rc = -EIO; |
1585 | } |
1586 | break; |
1587 | |
1588 | /* All but the last buffer of data must have already been sent */ |
1589 | case DATA_DIR_TO_HOST: |
1590 | if (common->data_size == 0) { |
1591 | /* Nothing to send */ |
1592 | |
1593 | /* Don't know what to do if common->fsg is NULL */ |
1594 | } else if (!fsg_is_set(common)) { |
1595 | rc = -EIO; |
1596 | |
1597 | /* If there's no residue, simply send the last buffer */ |
1598 | } else if (common->residue == 0) { |
1599 | bh->inreq->zero = 0; |
1600 | if (!start_in_transfer(common, bh)) |
1601 | return -EIO; |
1602 | common->next_buffhd_to_fill = bh->next; |
1603 | |
1604 | /* |
1605 | * For Bulk-only, mark the end of the data with a short |
1606 | * packet. If we are allowed to stall, halt the bulk-in |
1607 | * endpoint. (Note: This violates the Bulk-Only Transport |
1608 | * specification, which requires us to pad the data if we |
1609 | * don't halt the endpoint. Presumably nobody will mind.) |
1610 | */ |
1611 | } else { |
1612 | bh->inreq->zero = 1; |
1613 | if (!start_in_transfer(common, bh)) |
1614 | rc = -EIO; |
1615 | common->next_buffhd_to_fill = bh->next; |
1616 | if (common->can_stall) |
1617 | rc = halt_bulk_in_endpoint(fsg: common->fsg); |
1618 | } |
1619 | break; |
1620 | |
1621 | /* |
1622 | * We have processed all we want from the data the host has sent. |
1623 | * There may still be outstanding bulk-out requests. |
1624 | */ |
1625 | case DATA_DIR_FROM_HOST: |
1626 | if (common->residue == 0) { |
1627 | /* Nothing to receive */ |
1628 | |
1629 | /* Did the host stop sending unexpectedly early? */ |
1630 | } else if (common->short_packet_received) { |
1631 | raise_exception(common, new_state: FSG_STATE_ABORT_BULK_OUT); |
1632 | rc = -EINTR; |
1633 | |
1634 | /* |
1635 | * We haven't processed all the incoming data. Even though |
1636 | * we may be allowed to stall, doing so would cause a race. |
1637 | * The controller may already have ACK'ed all the remaining |
1638 | * bulk-out packets, in which case the host wouldn't see a |
1639 | * STALL. Not realizing the endpoint was halted, it wouldn't |
1640 | * clear the halt -- leading to problems later on. |
1641 | */ |
1642 | #if 0 |
1643 | } else if (common->can_stall) { |
1644 | if (fsg_is_set(common)) |
1645 | fsg_set_halt(common->fsg, |
1646 | common->fsg->bulk_out); |
1647 | raise_exception(common, FSG_STATE_ABORT_BULK_OUT); |
1648 | rc = -EINTR; |
1649 | #endif |
1650 | |
1651 | /* |
1652 | * We can't stall. Read in the excess data and throw it |
1653 | * all away. |
1654 | */ |
1655 | } else { |
1656 | rc = throw_away_data(common); |
1657 | } |
1658 | break; |
1659 | } |
1660 | return rc; |
1661 | } |
1662 | |
1663 | static void send_status(struct fsg_common *common) |
1664 | { |
1665 | struct fsg_lun *curlun = common->curlun; |
1666 | struct fsg_buffhd *bh; |
1667 | struct bulk_cs_wrap *csw; |
1668 | int rc; |
1669 | u8 status = US_BULK_STAT_OK; |
1670 | u32 sd, sdinfo = 0; |
1671 | |
1672 | /* Wait for the next buffer to become available */ |
1673 | bh = common->next_buffhd_to_fill; |
1674 | rc = sleep_thread(common, can_freeze: false, bh); |
1675 | if (rc) |
1676 | return; |
1677 | |
1678 | if (curlun) { |
1679 | sd = curlun->sense_data; |
1680 | sdinfo = curlun->sense_data_info; |
1681 | } else if (common->bad_lun_okay) |
1682 | sd = SS_NO_SENSE; |
1683 | else |
1684 | sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; |
1685 | |
1686 | if (common->phase_error) { |
1687 | DBG(common, "sending phase-error status\n" ); |
1688 | status = US_BULK_STAT_PHASE; |
1689 | sd = SS_INVALID_COMMAND; |
1690 | } else if (sd != SS_NO_SENSE) { |
1691 | DBG(common, "sending command-failure status\n" ); |
1692 | status = US_BULK_STAT_FAIL; |
1693 | VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;" |
1694 | " info x%x\n" , |
1695 | SK(sd), ASC(sd), ASCQ(sd), sdinfo); |
1696 | } |
1697 | |
1698 | /* Store and send the Bulk-only CSW */ |
1699 | csw = (void *)bh->buf; |
1700 | |
1701 | csw->Signature = cpu_to_le32(US_BULK_CS_SIGN); |
1702 | csw->Tag = common->tag; |
1703 | csw->Residue = cpu_to_le32(common->residue); |
1704 | csw->Status = status; |
1705 | |
1706 | bh->inreq->length = US_BULK_CS_WRAP_LEN; |
1707 | bh->inreq->zero = 0; |
1708 | if (!start_in_transfer(common, bh)) |
1709 | /* Don't know what to do if common->fsg is NULL */ |
1710 | return; |
1711 | |
1712 | common->next_buffhd_to_fill = bh->next; |
1713 | return; |
1714 | } |
1715 | |
1716 | |
1717 | /*-------------------------------------------------------------------------*/ |
1718 | |
1719 | /* |
1720 | * Check whether the command is properly formed and whether its data size |
1721 | * and direction agree with the values we already have. |
1722 | */ |
1723 | static int check_command(struct fsg_common *common, int cmnd_size, |
1724 | enum data_direction data_dir, unsigned int mask, |
1725 | int needs_medium, const char *name) |
1726 | { |
1727 | int i; |
1728 | unsigned int lun = common->cmnd[1] >> 5; |
1729 | static const char dirletter[4] = {'u', 'o', 'i', 'n'}; |
1730 | char hdlen[20]; |
1731 | struct fsg_lun *curlun; |
1732 | |
1733 | hdlen[0] = 0; |
1734 | if (common->data_dir != DATA_DIR_UNKNOWN) |
1735 | sprintf(buf: hdlen, fmt: ", H%c=%u" , dirletter[(int) common->data_dir], |
1736 | common->data_size); |
1737 | VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n" , |
1738 | name, cmnd_size, dirletter[(int) data_dir], |
1739 | common->data_size_from_cmnd, common->cmnd_size, hdlen); |
1740 | |
1741 | /* |
1742 | * We can't reply at all until we know the correct data direction |
1743 | * and size. |
1744 | */ |
1745 | if (common->data_size_from_cmnd == 0) |
1746 | data_dir = DATA_DIR_NONE; |
1747 | if (common->data_size < common->data_size_from_cmnd) { |
1748 | /* |
1749 | * Host data size < Device data size is a phase error. |
1750 | * Carry out the command, but only transfer as much as |
1751 | * we are allowed. |
1752 | */ |
1753 | common->data_size_from_cmnd = common->data_size; |
1754 | common->phase_error = 1; |
1755 | } |
1756 | common->residue = common->data_size; |
1757 | common->usb_amount_left = common->data_size; |
1758 | |
1759 | /* Conflicting data directions is a phase error */ |
1760 | if (common->data_dir != data_dir && common->data_size_from_cmnd > 0) { |
1761 | common->phase_error = 1; |
1762 | return -EINVAL; |
1763 | } |
1764 | |
1765 | /* Verify the length of the command itself */ |
1766 | if (cmnd_size != common->cmnd_size) { |
1767 | |
1768 | /* |
1769 | * Special case workaround: There are plenty of buggy SCSI |
1770 | * implementations. Many have issues with cbw->Length |
1771 | * field passing a wrong command size. For those cases we |
1772 | * always try to work around the problem by using the length |
1773 | * sent by the host side provided it is at least as large |
1774 | * as the correct command length. |
1775 | * Examples of such cases would be MS-Windows, which issues |
1776 | * REQUEST SENSE with cbw->Length == 12 where it should |
1777 | * be 6, and xbox360 issuing INQUIRY, TEST UNIT READY and |
1778 | * REQUEST SENSE with cbw->Length == 10 where it should |
1779 | * be 6 as well. |
1780 | */ |
1781 | if (cmnd_size <= common->cmnd_size) { |
1782 | DBG(common, "%s is buggy! Expected length %d " |
1783 | "but we got %d\n" , name, |
1784 | cmnd_size, common->cmnd_size); |
1785 | cmnd_size = common->cmnd_size; |
1786 | } else { |
1787 | common->phase_error = 1; |
1788 | return -EINVAL; |
1789 | } |
1790 | } |
1791 | |
1792 | /* Check that the LUN values are consistent */ |
1793 | if (common->lun != lun) |
1794 | DBG(common, "using LUN %u from CBW, not LUN %u from CDB\n" , |
1795 | common->lun, lun); |
1796 | |
1797 | /* Check the LUN */ |
1798 | curlun = common->curlun; |
1799 | if (curlun) { |
1800 | if (common->cmnd[0] != REQUEST_SENSE) { |
1801 | curlun->sense_data = SS_NO_SENSE; |
1802 | curlun->sense_data_info = 0; |
1803 | curlun->info_valid = 0; |
1804 | } |
1805 | } else { |
1806 | common->bad_lun_okay = 0; |
1807 | |
1808 | /* |
1809 | * INQUIRY and REQUEST SENSE commands are explicitly allowed |
1810 | * to use unsupported LUNs; all others may not. |
1811 | */ |
1812 | if (common->cmnd[0] != INQUIRY && |
1813 | common->cmnd[0] != REQUEST_SENSE) { |
1814 | DBG(common, "unsupported LUN %u\n" , common->lun); |
1815 | return -EINVAL; |
1816 | } |
1817 | } |
1818 | |
1819 | /* |
1820 | * If a unit attention condition exists, only INQUIRY and |
1821 | * REQUEST SENSE commands are allowed; anything else must fail. |
1822 | */ |
1823 | if (curlun && curlun->unit_attention_data != SS_NO_SENSE && |
1824 | common->cmnd[0] != INQUIRY && |
1825 | common->cmnd[0] != REQUEST_SENSE) { |
1826 | curlun->sense_data = curlun->unit_attention_data; |
1827 | curlun->unit_attention_data = SS_NO_SENSE; |
1828 | return -EINVAL; |
1829 | } |
1830 | |
1831 | /* Check that only command bytes listed in the mask are non-zero */ |
1832 | common->cmnd[1] &= 0x1f; /* Mask away the LUN */ |
1833 | for (i = 1; i < cmnd_size; ++i) { |
1834 | if (common->cmnd[i] && !(mask & (1 << i))) { |
1835 | if (curlun) |
1836 | curlun->sense_data = SS_INVALID_FIELD_IN_CDB; |
1837 | return -EINVAL; |
1838 | } |
1839 | } |
1840 | |
1841 | /* If the medium isn't mounted and the command needs to access |
1842 | * it, return an error. */ |
1843 | if (curlun && !fsg_lun_is_open(curlun) && needs_medium) { |
1844 | curlun->sense_data = SS_MEDIUM_NOT_PRESENT; |
1845 | return -EINVAL; |
1846 | } |
1847 | |
1848 | return 0; |
1849 | } |
1850 | |
1851 | /* wrapper of check_command for data size in blocks handling */ |
1852 | static int check_command_size_in_blocks(struct fsg_common *common, |
1853 | int cmnd_size, enum data_direction data_dir, |
1854 | unsigned int mask, int needs_medium, const char *name) |
1855 | { |
1856 | if (common->curlun) |
1857 | common->data_size_from_cmnd <<= common->curlun->blkbits; |
1858 | return check_command(common, cmnd_size, data_dir, |
1859 | mask, needs_medium, name); |
1860 | } |
1861 | |
1862 | static int do_scsi_command(struct fsg_common *common) |
1863 | { |
1864 | struct fsg_buffhd *bh; |
1865 | int rc; |
1866 | int reply = -EINVAL; |
1867 | int i; |
1868 | static char unknown[16]; |
1869 | |
1870 | dump_cdb(common); |
1871 | |
1872 | /* Wait for the next buffer to become available for data or status */ |
1873 | bh = common->next_buffhd_to_fill; |
1874 | common->next_buffhd_to_drain = bh; |
1875 | rc = sleep_thread(common, can_freeze: false, bh); |
1876 | if (rc) |
1877 | return rc; |
1878 | |
1879 | common->phase_error = 0; |
1880 | common->short_packet_received = 0; |
1881 | |
1882 | down_read(sem: &common->filesem); /* We're using the backing file */ |
1883 | switch (common->cmnd[0]) { |
1884 | |
1885 | case INQUIRY: |
1886 | common->data_size_from_cmnd = common->cmnd[4]; |
1887 | reply = check_command(common, cmnd_size: 6, data_dir: DATA_DIR_TO_HOST, |
1888 | mask: (1<<4), needs_medium: 0, |
1889 | name: "INQUIRY" ); |
1890 | if (reply == 0) |
1891 | reply = do_inquiry(common, bh); |
1892 | break; |
1893 | |
1894 | case MODE_SELECT: |
1895 | common->data_size_from_cmnd = common->cmnd[4]; |
1896 | reply = check_command(common, cmnd_size: 6, data_dir: DATA_DIR_FROM_HOST, |
1897 | mask: (1<<1) | (1<<4), needs_medium: 0, |
1898 | name: "MODE SELECT(6)" ); |
1899 | if (reply == 0) |
1900 | reply = do_mode_select(common, bh); |
1901 | break; |
1902 | |
1903 | case MODE_SELECT_10: |
1904 | common->data_size_from_cmnd = |
1905 | get_unaligned_be16(p: &common->cmnd[7]); |
1906 | reply = check_command(common, cmnd_size: 10, data_dir: DATA_DIR_FROM_HOST, |
1907 | mask: (1<<1) | (3<<7), needs_medium: 0, |
1908 | name: "MODE SELECT(10)" ); |
1909 | if (reply == 0) |
1910 | reply = do_mode_select(common, bh); |
1911 | break; |
1912 | |
1913 | case MODE_SENSE: |
1914 | common->data_size_from_cmnd = common->cmnd[4]; |
1915 | reply = check_command(common, cmnd_size: 6, data_dir: DATA_DIR_TO_HOST, |
1916 | mask: (1<<1) | (1<<2) | (1<<4), needs_medium: 0, |
1917 | name: "MODE SENSE(6)" ); |
1918 | if (reply == 0) |
1919 | reply = do_mode_sense(common, bh); |
1920 | break; |
1921 | |
1922 | case MODE_SENSE_10: |
1923 | common->data_size_from_cmnd = |
1924 | get_unaligned_be16(p: &common->cmnd[7]); |
1925 | reply = check_command(common, cmnd_size: 10, data_dir: DATA_DIR_TO_HOST, |
1926 | mask: (1<<1) | (1<<2) | (3<<7), needs_medium: 0, |
1927 | name: "MODE SENSE(10)" ); |
1928 | if (reply == 0) |
1929 | reply = do_mode_sense(common, bh); |
1930 | break; |
1931 | |
1932 | case ALLOW_MEDIUM_REMOVAL: |
1933 | common->data_size_from_cmnd = 0; |
1934 | reply = check_command(common, cmnd_size: 6, data_dir: DATA_DIR_NONE, |
1935 | mask: (1<<4), needs_medium: 0, |
1936 | name: "PREVENT-ALLOW MEDIUM REMOVAL" ); |
1937 | if (reply == 0) |
1938 | reply = do_prevent_allow(common); |
1939 | break; |
1940 | |
1941 | case READ_6: |
1942 | i = common->cmnd[4]; |
1943 | common->data_size_from_cmnd = (i == 0) ? 256 : i; |
1944 | reply = check_command_size_in_blocks(common, cmnd_size: 6, |
1945 | data_dir: DATA_DIR_TO_HOST, |
1946 | mask: (7<<1) | (1<<4), needs_medium: 1, |
1947 | name: "READ(6)" ); |
1948 | if (reply == 0) |
1949 | reply = do_read(common); |
1950 | break; |
1951 | |
1952 | case READ_10: |
1953 | common->data_size_from_cmnd = |
1954 | get_unaligned_be16(p: &common->cmnd[7]); |
1955 | reply = check_command_size_in_blocks(common, cmnd_size: 10, |
1956 | data_dir: DATA_DIR_TO_HOST, |
1957 | mask: (1<<1) | (0xf<<2) | (3<<7), needs_medium: 1, |
1958 | name: "READ(10)" ); |
1959 | if (reply == 0) |
1960 | reply = do_read(common); |
1961 | break; |
1962 | |
1963 | case READ_12: |
1964 | common->data_size_from_cmnd = |
1965 | get_unaligned_be32(p: &common->cmnd[6]); |
1966 | reply = check_command_size_in_blocks(common, cmnd_size: 12, |
1967 | data_dir: DATA_DIR_TO_HOST, |
1968 | mask: (1<<1) | (0xf<<2) | (0xf<<6), needs_medium: 1, |
1969 | name: "READ(12)" ); |
1970 | if (reply == 0) |
1971 | reply = do_read(common); |
1972 | break; |
1973 | |
1974 | case READ_16: |
1975 | common->data_size_from_cmnd = |
1976 | get_unaligned_be32(p: &common->cmnd[10]); |
1977 | reply = check_command_size_in_blocks(common, cmnd_size: 16, |
1978 | data_dir: DATA_DIR_TO_HOST, |
1979 | mask: (1<<1) | (0xff<<2) | (0xf<<10), needs_medium: 1, |
1980 | name: "READ(16)" ); |
1981 | if (reply == 0) |
1982 | reply = do_read(common); |
1983 | break; |
1984 | |
1985 | case READ_CAPACITY: |
1986 | common->data_size_from_cmnd = 8; |
1987 | reply = check_command(common, cmnd_size: 10, data_dir: DATA_DIR_TO_HOST, |
1988 | mask: (0xf<<2) | (1<<8), needs_medium: 1, |
1989 | name: "READ CAPACITY" ); |
1990 | if (reply == 0) |
1991 | reply = do_read_capacity(common, bh); |
1992 | break; |
1993 | |
1994 | case READ_HEADER: |
1995 | if (!common->curlun || !common->curlun->cdrom) |
1996 | goto unknown_cmnd; |
1997 | common->data_size_from_cmnd = |
1998 | get_unaligned_be16(p: &common->cmnd[7]); |
1999 | reply = check_command(common, cmnd_size: 10, data_dir: DATA_DIR_TO_HOST, |
2000 | mask: (3<<7) | (0x1f<<1), needs_medium: 1, |
2001 | name: "READ HEADER" ); |
2002 | if (reply == 0) |
2003 | reply = do_read_header(common, bh); |
2004 | break; |
2005 | |
2006 | case READ_TOC: |
2007 | if (!common->curlun || !common->curlun->cdrom) |
2008 | goto unknown_cmnd; |
2009 | common->data_size_from_cmnd = |
2010 | get_unaligned_be16(p: &common->cmnd[7]); |
2011 | reply = check_command(common, cmnd_size: 10, data_dir: DATA_DIR_TO_HOST, |
2012 | mask: (0xf<<6) | (3<<1), needs_medium: 1, |
2013 | name: "READ TOC" ); |
2014 | if (reply == 0) |
2015 | reply = do_read_toc(common, bh); |
2016 | break; |
2017 | |
2018 | case READ_FORMAT_CAPACITIES: |
2019 | common->data_size_from_cmnd = |
2020 | get_unaligned_be16(p: &common->cmnd[7]); |
2021 | reply = check_command(common, cmnd_size: 10, data_dir: DATA_DIR_TO_HOST, |
2022 | mask: (3<<7), needs_medium: 1, |
2023 | name: "READ FORMAT CAPACITIES" ); |
2024 | if (reply == 0) |
2025 | reply = do_read_format_capacities(common, bh); |
2026 | break; |
2027 | |
2028 | case REQUEST_SENSE: |
2029 | common->data_size_from_cmnd = common->cmnd[4]; |
2030 | reply = check_command(common, cmnd_size: 6, data_dir: DATA_DIR_TO_HOST, |
2031 | mask: (1<<4), needs_medium: 0, |
2032 | name: "REQUEST SENSE" ); |
2033 | if (reply == 0) |
2034 | reply = do_request_sense(common, bh); |
2035 | break; |
2036 | |
2037 | case SERVICE_ACTION_IN_16: |
2038 | switch (common->cmnd[1] & 0x1f) { |
2039 | |
2040 | case SAI_READ_CAPACITY_16: |
2041 | common->data_size_from_cmnd = |
2042 | get_unaligned_be32(p: &common->cmnd[10]); |
2043 | reply = check_command(common, cmnd_size: 16, data_dir: DATA_DIR_TO_HOST, |
2044 | mask: (1<<1) | (0xff<<2) | (0xf<<10) | |
2045 | (1<<14), needs_medium: 1, |
2046 | name: "READ CAPACITY(16)" ); |
2047 | if (reply == 0) |
2048 | reply = do_read_capacity_16(common, bh); |
2049 | break; |
2050 | |
2051 | default: |
2052 | goto unknown_cmnd; |
2053 | } |
2054 | break; |
2055 | |
2056 | case START_STOP: |
2057 | common->data_size_from_cmnd = 0; |
2058 | reply = check_command(common, cmnd_size: 6, data_dir: DATA_DIR_NONE, |
2059 | mask: (1<<1) | (1<<4), needs_medium: 0, |
2060 | name: "START-STOP UNIT" ); |
2061 | if (reply == 0) |
2062 | reply = do_start_stop(common); |
2063 | break; |
2064 | |
2065 | case SYNCHRONIZE_CACHE: |
2066 | common->data_size_from_cmnd = 0; |
2067 | reply = check_command(common, cmnd_size: 10, data_dir: DATA_DIR_NONE, |
2068 | mask: (0xf<<2) | (3<<7), needs_medium: 1, |
2069 | name: "SYNCHRONIZE CACHE" ); |
2070 | if (reply == 0) |
2071 | reply = do_synchronize_cache(common); |
2072 | break; |
2073 | |
2074 | case TEST_UNIT_READY: |
2075 | common->data_size_from_cmnd = 0; |
2076 | reply = check_command(common, cmnd_size: 6, data_dir: DATA_DIR_NONE, |
2077 | mask: 0, needs_medium: 1, |
2078 | name: "TEST UNIT READY" ); |
2079 | break; |
2080 | |
2081 | /* |
2082 | * Although optional, this command is used by MS-Windows. We |
2083 | * support a minimal version: BytChk must be 0. |
2084 | */ |
2085 | case VERIFY: |
2086 | common->data_size_from_cmnd = 0; |
2087 | reply = check_command(common, cmnd_size: 10, data_dir: DATA_DIR_NONE, |
2088 | mask: (1<<1) | (0xf<<2) | (3<<7), needs_medium: 1, |
2089 | name: "VERIFY" ); |
2090 | if (reply == 0) |
2091 | reply = do_verify(common); |
2092 | break; |
2093 | |
2094 | case WRITE_6: |
2095 | i = common->cmnd[4]; |
2096 | common->data_size_from_cmnd = (i == 0) ? 256 : i; |
2097 | reply = check_command_size_in_blocks(common, cmnd_size: 6, |
2098 | data_dir: DATA_DIR_FROM_HOST, |
2099 | mask: (7<<1) | (1<<4), needs_medium: 1, |
2100 | name: "WRITE(6)" ); |
2101 | if (reply == 0) |
2102 | reply = do_write(common); |
2103 | break; |
2104 | |
2105 | case WRITE_10: |
2106 | common->data_size_from_cmnd = |
2107 | get_unaligned_be16(p: &common->cmnd[7]); |
2108 | reply = check_command_size_in_blocks(common, cmnd_size: 10, |
2109 | data_dir: DATA_DIR_FROM_HOST, |
2110 | mask: (1<<1) | (0xf<<2) | (3<<7), needs_medium: 1, |
2111 | name: "WRITE(10)" ); |
2112 | if (reply == 0) |
2113 | reply = do_write(common); |
2114 | break; |
2115 | |
2116 | case WRITE_12: |
2117 | common->data_size_from_cmnd = |
2118 | get_unaligned_be32(p: &common->cmnd[6]); |
2119 | reply = check_command_size_in_blocks(common, cmnd_size: 12, |
2120 | data_dir: DATA_DIR_FROM_HOST, |
2121 | mask: (1<<1) | (0xf<<2) | (0xf<<6), needs_medium: 1, |
2122 | name: "WRITE(12)" ); |
2123 | if (reply == 0) |
2124 | reply = do_write(common); |
2125 | break; |
2126 | |
2127 | case WRITE_16: |
2128 | common->data_size_from_cmnd = |
2129 | get_unaligned_be32(p: &common->cmnd[10]); |
2130 | reply = check_command_size_in_blocks(common, cmnd_size: 16, |
2131 | data_dir: DATA_DIR_FROM_HOST, |
2132 | mask: (1<<1) | (0xff<<2) | (0xf<<10), needs_medium: 1, |
2133 | name: "WRITE(16)" ); |
2134 | if (reply == 0) |
2135 | reply = do_write(common); |
2136 | break; |
2137 | |
2138 | /* |
2139 | * Some mandatory commands that we recognize but don't implement. |
2140 | * They don't mean much in this setting. It's left as an exercise |
2141 | * for anyone interested to implement RESERVE and RELEASE in terms |
2142 | * of Posix locks. |
2143 | */ |
2144 | case FORMAT_UNIT: |
2145 | case RELEASE: |
2146 | case RESERVE: |
2147 | case SEND_DIAGNOSTIC: |
2148 | |
2149 | default: |
2150 | unknown_cmnd: |
2151 | common->data_size_from_cmnd = 0; |
2152 | sprintf(buf: unknown, fmt: "Unknown x%02x" , common->cmnd[0]); |
2153 | reply = check_command(common, cmnd_size: common->cmnd_size, |
2154 | data_dir: DATA_DIR_UNKNOWN, mask: ~0, needs_medium: 0, name: unknown); |
2155 | if (reply == 0) { |
2156 | common->curlun->sense_data = SS_INVALID_COMMAND; |
2157 | reply = -EINVAL; |
2158 | } |
2159 | break; |
2160 | } |
2161 | up_read(sem: &common->filesem); |
2162 | |
2163 | if (reply == -EINTR || signal_pending(current)) |
2164 | return -EINTR; |
2165 | |
2166 | /* Set up the single reply buffer for finish_reply() */ |
2167 | if (reply == -EINVAL) |
2168 | reply = 0; /* Error reply length */ |
2169 | if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) { |
2170 | reply = min((u32)reply, common->data_size_from_cmnd); |
2171 | bh->inreq->length = reply; |
2172 | bh->state = BUF_STATE_FULL; |
2173 | common->residue -= reply; |
2174 | } /* Otherwise it's already set */ |
2175 | |
2176 | return 0; |
2177 | } |
2178 | |
2179 | |
2180 | /*-------------------------------------------------------------------------*/ |
2181 | |
2182 | static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh) |
2183 | { |
2184 | struct usb_request *req = bh->outreq; |
2185 | struct bulk_cb_wrap *cbw = req->buf; |
2186 | struct fsg_common *common = fsg->common; |
2187 | |
2188 | /* Was this a real packet? Should it be ignored? */ |
2189 | if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags)) |
2190 | return -EINVAL; |
2191 | |
2192 | /* Is the CBW valid? */ |
2193 | if (req->actual != US_BULK_CB_WRAP_LEN || |
2194 | cbw->Signature != cpu_to_le32( |
2195 | US_BULK_CB_SIGN)) { |
2196 | DBG(fsg, "invalid CBW: len %u sig 0x%x\n" , |
2197 | req->actual, |
2198 | le32_to_cpu(cbw->Signature)); |
2199 | |
2200 | /* |
2201 | * The Bulk-only spec says we MUST stall the IN endpoint |
2202 | * (6.6.1), so it's unavoidable. It also says we must |
2203 | * retain this state until the next reset, but there's |
2204 | * no way to tell the controller driver it should ignore |
2205 | * Clear-Feature(HALT) requests. |
2206 | * |
2207 | * We aren't required to halt the OUT endpoint; instead |
2208 | * we can simply accept and discard any data received |
2209 | * until the next reset. |
2210 | */ |
2211 | wedge_bulk_in_endpoint(fsg); |
2212 | set_bit(IGNORE_BULK_OUT, addr: &fsg->atomic_bitflags); |
2213 | return -EINVAL; |
2214 | } |
2215 | |
2216 | /* Is the CBW meaningful? */ |
2217 | if (cbw->Lun >= ARRAY_SIZE(common->luns) || |
2218 | cbw->Flags & ~US_BULK_FLAG_IN || cbw->Length <= 0 || |
2219 | cbw->Length > MAX_COMMAND_SIZE) { |
2220 | DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, " |
2221 | "cmdlen %u\n" , |
2222 | cbw->Lun, cbw->Flags, cbw->Length); |
2223 | |
2224 | /* |
2225 | * We can do anything we want here, so let's stall the |
2226 | * bulk pipes if we are allowed to. |
2227 | */ |
2228 | if (common->can_stall) { |
2229 | fsg_set_halt(fsg, ep: fsg->bulk_out); |
2230 | halt_bulk_in_endpoint(fsg); |
2231 | } |
2232 | return -EINVAL; |
2233 | } |
2234 | |
2235 | /* Save the command for later */ |
2236 | common->cmnd_size = cbw->Length; |
2237 | memcpy(common->cmnd, cbw->CDB, common->cmnd_size); |
2238 | if (cbw->Flags & US_BULK_FLAG_IN) |
2239 | common->data_dir = DATA_DIR_TO_HOST; |
2240 | else |
2241 | common->data_dir = DATA_DIR_FROM_HOST; |
2242 | common->data_size = le32_to_cpu(cbw->DataTransferLength); |
2243 | if (common->data_size == 0) |
2244 | common->data_dir = DATA_DIR_NONE; |
2245 | common->lun = cbw->Lun; |
2246 | if (common->lun < ARRAY_SIZE(common->luns)) |
2247 | common->curlun = common->luns[common->lun]; |
2248 | else |
2249 | common->curlun = NULL; |
2250 | common->tag = cbw->Tag; |
2251 | return 0; |
2252 | } |
2253 | |
2254 | static int get_next_command(struct fsg_common *common) |
2255 | { |
2256 | struct fsg_buffhd *bh; |
2257 | int rc = 0; |
2258 | |
2259 | /* Wait for the next buffer to become available */ |
2260 | bh = common->next_buffhd_to_fill; |
2261 | rc = sleep_thread(common, can_freeze: true, bh); |
2262 | if (rc) |
2263 | return rc; |
2264 | |
2265 | /* Queue a request to read a Bulk-only CBW */ |
2266 | set_bulk_out_req_length(common, bh, US_BULK_CB_WRAP_LEN); |
2267 | if (!start_out_transfer(common, bh)) |
2268 | /* Don't know what to do if common->fsg is NULL */ |
2269 | return -EIO; |
2270 | |
2271 | /* |
2272 | * We will drain the buffer in software, which means we |
2273 | * can reuse it for the next filling. No need to advance |
2274 | * next_buffhd_to_fill. |
2275 | */ |
2276 | |
2277 | /* Wait for the CBW to arrive */ |
2278 | rc = sleep_thread(common, can_freeze: true, bh); |
2279 | if (rc) |
2280 | return rc; |
2281 | |
2282 | rc = fsg_is_set(common) ? received_cbw(fsg: common->fsg, bh) : -EIO; |
2283 | bh->state = BUF_STATE_EMPTY; |
2284 | |
2285 | return rc; |
2286 | } |
2287 | |
2288 | |
2289 | /*-------------------------------------------------------------------------*/ |
2290 | |
2291 | static int alloc_request(struct fsg_common *common, struct usb_ep *ep, |
2292 | struct usb_request **preq) |
2293 | { |
2294 | *preq = usb_ep_alloc_request(ep, GFP_ATOMIC); |
2295 | if (*preq) |
2296 | return 0; |
2297 | ERROR(common, "can't allocate request for %s\n" , ep->name); |
2298 | return -ENOMEM; |
2299 | } |
2300 | |
2301 | /* Reset interface setting and re-init endpoint state (toggle etc). */ |
2302 | static int do_set_interface(struct fsg_common *common, struct fsg_dev *new_fsg) |
2303 | { |
2304 | struct fsg_dev *fsg; |
2305 | int i, rc = 0; |
2306 | |
2307 | if (common->running) |
2308 | DBG(common, "reset interface\n" ); |
2309 | |
2310 | reset: |
2311 | /* Deallocate the requests */ |
2312 | if (common->fsg) { |
2313 | fsg = common->fsg; |
2314 | |
2315 | for (i = 0; i < common->fsg_num_buffers; ++i) { |
2316 | struct fsg_buffhd *bh = &common->buffhds[i]; |
2317 | |
2318 | if (bh->inreq) { |
2319 | usb_ep_free_request(ep: fsg->bulk_in, req: bh->inreq); |
2320 | bh->inreq = NULL; |
2321 | } |
2322 | if (bh->outreq) { |
2323 | usb_ep_free_request(ep: fsg->bulk_out, req: bh->outreq); |
2324 | bh->outreq = NULL; |
2325 | } |
2326 | } |
2327 | |
2328 | /* Disable the endpoints */ |
2329 | if (fsg->bulk_in_enabled) { |
2330 | usb_ep_disable(ep: fsg->bulk_in); |
2331 | fsg->bulk_in_enabled = 0; |
2332 | } |
2333 | if (fsg->bulk_out_enabled) { |
2334 | usb_ep_disable(ep: fsg->bulk_out); |
2335 | fsg->bulk_out_enabled = 0; |
2336 | } |
2337 | |
2338 | common->fsg = NULL; |
2339 | wake_up(&common->fsg_wait); |
2340 | } |
2341 | |
2342 | common->running = 0; |
2343 | if (!new_fsg || rc) |
2344 | return rc; |
2345 | |
2346 | common->fsg = new_fsg; |
2347 | fsg = common->fsg; |
2348 | |
2349 | /* Enable the endpoints */ |
2350 | rc = config_ep_by_speed(g: common->gadget, f: &(fsg->function), ep: fsg->bulk_in); |
2351 | if (rc) |
2352 | goto reset; |
2353 | rc = usb_ep_enable(ep: fsg->bulk_in); |
2354 | if (rc) |
2355 | goto reset; |
2356 | fsg->bulk_in->driver_data = common; |
2357 | fsg->bulk_in_enabled = 1; |
2358 | |
2359 | rc = config_ep_by_speed(g: common->gadget, f: &(fsg->function), |
2360 | ep: fsg->bulk_out); |
2361 | if (rc) |
2362 | goto reset; |
2363 | rc = usb_ep_enable(ep: fsg->bulk_out); |
2364 | if (rc) |
2365 | goto reset; |
2366 | fsg->bulk_out->driver_data = common; |
2367 | fsg->bulk_out_enabled = 1; |
2368 | common->bulk_out_maxpacket = usb_endpoint_maxp(epd: fsg->bulk_out->desc); |
2369 | clear_bit(IGNORE_BULK_OUT, addr: &fsg->atomic_bitflags); |
2370 | |
2371 | /* Allocate the requests */ |
2372 | for (i = 0; i < common->fsg_num_buffers; ++i) { |
2373 | struct fsg_buffhd *bh = &common->buffhds[i]; |
2374 | |
2375 | rc = alloc_request(common, ep: fsg->bulk_in, preq: &bh->inreq); |
2376 | if (rc) |
2377 | goto reset; |
2378 | rc = alloc_request(common, ep: fsg->bulk_out, preq: &bh->outreq); |
2379 | if (rc) |
2380 | goto reset; |
2381 | bh->inreq->buf = bh->outreq->buf = bh->buf; |
2382 | bh->inreq->context = bh->outreq->context = bh; |
2383 | bh->inreq->complete = bulk_in_complete; |
2384 | bh->outreq->complete = bulk_out_complete; |
2385 | } |
2386 | |
2387 | common->running = 1; |
2388 | for (i = 0; i < ARRAY_SIZE(common->luns); ++i) |
2389 | if (common->luns[i]) |
2390 | common->luns[i]->unit_attention_data = |
2391 | SS_RESET_OCCURRED; |
2392 | return rc; |
2393 | } |
2394 | |
2395 | |
2396 | /****************************** ALT CONFIGS ******************************/ |
2397 | |
2398 | static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) |
2399 | { |
2400 | struct fsg_dev *fsg = fsg_from_func(f); |
2401 | |
2402 | __raise_exception(common: fsg->common, new_state: FSG_STATE_CONFIG_CHANGE, arg: fsg); |
2403 | return USB_GADGET_DELAYED_STATUS; |
2404 | } |
2405 | |
2406 | static void fsg_disable(struct usb_function *f) |
2407 | { |
2408 | struct fsg_dev *fsg = fsg_from_func(f); |
2409 | |
2410 | /* Disable the endpoints */ |
2411 | if (fsg->bulk_in_enabled) { |
2412 | usb_ep_disable(ep: fsg->bulk_in); |
2413 | fsg->bulk_in_enabled = 0; |
2414 | } |
2415 | if (fsg->bulk_out_enabled) { |
2416 | usb_ep_disable(ep: fsg->bulk_out); |
2417 | fsg->bulk_out_enabled = 0; |
2418 | } |
2419 | |
2420 | __raise_exception(common: fsg->common, new_state: FSG_STATE_CONFIG_CHANGE, NULL); |
2421 | } |
2422 | |
2423 | |
2424 | /*-------------------------------------------------------------------------*/ |
2425 | |
2426 | static void handle_exception(struct fsg_common *common) |
2427 | { |
2428 | int i; |
2429 | struct fsg_buffhd *bh; |
2430 | enum fsg_state old_state; |
2431 | struct fsg_lun *curlun; |
2432 | unsigned int exception_req_tag; |
2433 | struct fsg_dev *new_fsg; |
2434 | |
2435 | /* |
2436 | * Clear the existing signals. Anything but SIGUSR1 is converted |
2437 | * into a high-priority EXIT exception. |
2438 | */ |
2439 | for (;;) { |
2440 | int sig = kernel_dequeue_signal(); |
2441 | if (!sig) |
2442 | break; |
2443 | if (sig != SIGUSR1) { |
2444 | spin_lock_irq(lock: &common->lock); |
2445 | if (common->state < FSG_STATE_EXIT) |
2446 | DBG(common, "Main thread exiting on signal\n" ); |
2447 | common->state = FSG_STATE_EXIT; |
2448 | spin_unlock_irq(lock: &common->lock); |
2449 | } |
2450 | } |
2451 | |
2452 | /* Cancel all the pending transfers */ |
2453 | if (likely(common->fsg)) { |
2454 | for (i = 0; i < common->fsg_num_buffers; ++i) { |
2455 | bh = &common->buffhds[i]; |
2456 | if (bh->state == BUF_STATE_SENDING) |
2457 | usb_ep_dequeue(ep: common->fsg->bulk_in, req: bh->inreq); |
2458 | if (bh->state == BUF_STATE_RECEIVING) |
2459 | usb_ep_dequeue(ep: common->fsg->bulk_out, |
2460 | req: bh->outreq); |
2461 | |
2462 | /* Wait for a transfer to become idle */ |
2463 | if (sleep_thread(common, can_freeze: false, bh)) |
2464 | return; |
2465 | } |
2466 | |
2467 | /* Clear out the controller's fifos */ |
2468 | if (common->fsg->bulk_in_enabled) |
2469 | usb_ep_fifo_flush(ep: common->fsg->bulk_in); |
2470 | if (common->fsg->bulk_out_enabled) |
2471 | usb_ep_fifo_flush(ep: common->fsg->bulk_out); |
2472 | } |
2473 | |
2474 | /* |
2475 | * Reset the I/O buffer states and pointers, the SCSI |
2476 | * state, and the exception. Then invoke the handler. |
2477 | */ |
2478 | spin_lock_irq(lock: &common->lock); |
2479 | |
2480 | for (i = 0; i < common->fsg_num_buffers; ++i) { |
2481 | bh = &common->buffhds[i]; |
2482 | bh->state = BUF_STATE_EMPTY; |
2483 | } |
2484 | common->next_buffhd_to_fill = &common->buffhds[0]; |
2485 | common->next_buffhd_to_drain = &common->buffhds[0]; |
2486 | exception_req_tag = common->exception_req_tag; |
2487 | new_fsg = common->exception_arg; |
2488 | old_state = common->state; |
2489 | common->state = FSG_STATE_NORMAL; |
2490 | |
2491 | if (old_state != FSG_STATE_ABORT_BULK_OUT) { |
2492 | for (i = 0; i < ARRAY_SIZE(common->luns); ++i) { |
2493 | curlun = common->luns[i]; |
2494 | if (!curlun) |
2495 | continue; |
2496 | curlun->prevent_medium_removal = 0; |
2497 | curlun->sense_data = SS_NO_SENSE; |
2498 | curlun->unit_attention_data = SS_NO_SENSE; |
2499 | curlun->sense_data_info = 0; |
2500 | curlun->info_valid = 0; |
2501 | } |
2502 | } |
2503 | spin_unlock_irq(lock: &common->lock); |
2504 | |
2505 | /* Carry out any extra actions required for the exception */ |
2506 | switch (old_state) { |
2507 | case FSG_STATE_NORMAL: |
2508 | break; |
2509 | |
2510 | case FSG_STATE_ABORT_BULK_OUT: |
2511 | send_status(common); |
2512 | break; |
2513 | |
2514 | case FSG_STATE_PROTOCOL_RESET: |
2515 | /* |
2516 | * In case we were forced against our will to halt a |
2517 | * bulk endpoint, clear the halt now. (The SuperH UDC |
2518 | * requires this.) |
2519 | */ |
2520 | if (!fsg_is_set(common)) |
2521 | break; |
2522 | if (test_and_clear_bit(IGNORE_BULK_OUT, |
2523 | addr: &common->fsg->atomic_bitflags)) |
2524 | usb_ep_clear_halt(ep: common->fsg->bulk_in); |
2525 | |
2526 | if (common->ep0_req_tag == exception_req_tag) |
2527 | ep0_queue(common); /* Complete the status stage */ |
2528 | |
2529 | /* |
2530 | * Technically this should go here, but it would only be |
2531 | * a waste of time. Ditto for the INTERFACE_CHANGE and |
2532 | * CONFIG_CHANGE cases. |
2533 | */ |
2534 | /* for (i = 0; i < common->ARRAY_SIZE(common->luns); ++i) */ |
2535 | /* if (common->luns[i]) */ |
2536 | /* common->luns[i]->unit_attention_data = */ |
2537 | /* SS_RESET_OCCURRED; */ |
2538 | break; |
2539 | |
2540 | case FSG_STATE_CONFIG_CHANGE: |
2541 | do_set_interface(common, new_fsg); |
2542 | if (new_fsg) |
2543 | usb_composite_setup_continue(cdev: common->cdev); |
2544 | break; |
2545 | |
2546 | case FSG_STATE_EXIT: |
2547 | do_set_interface(common, NULL); /* Free resources */ |
2548 | spin_lock_irq(lock: &common->lock); |
2549 | common->state = FSG_STATE_TERMINATED; /* Stop the thread */ |
2550 | spin_unlock_irq(lock: &common->lock); |
2551 | break; |
2552 | |
2553 | case FSG_STATE_TERMINATED: |
2554 | break; |
2555 | } |
2556 | } |
2557 | |
2558 | |
2559 | /*-------------------------------------------------------------------------*/ |
2560 | |
2561 | static int fsg_main_thread(void *common_) |
2562 | { |
2563 | struct fsg_common *common = common_; |
2564 | int i; |
2565 | |
2566 | /* |
2567 | * Allow the thread to be killed by a signal, but set the signal mask |
2568 | * to block everything but INT, TERM, KILL, and USR1. |
2569 | */ |
2570 | allow_signal(SIGINT); |
2571 | allow_signal(SIGTERM); |
2572 | allow_signal(SIGKILL); |
2573 | allow_signal(SIGUSR1); |
2574 | |
2575 | /* Allow the thread to be frozen */ |
2576 | set_freezable(); |
2577 | |
2578 | /* The main loop */ |
2579 | while (common->state != FSG_STATE_TERMINATED) { |
2580 | if (exception_in_progress(common) || signal_pending(current)) { |
2581 | handle_exception(common); |
2582 | continue; |
2583 | } |
2584 | |
2585 | if (!common->running) { |
2586 | sleep_thread(common, can_freeze: true, NULL); |
2587 | continue; |
2588 | } |
2589 | |
2590 | if (get_next_command(common) || exception_in_progress(common)) |
2591 | continue; |
2592 | if (do_scsi_command(common) || exception_in_progress(common)) |
2593 | continue; |
2594 | if (finish_reply(common) || exception_in_progress(common)) |
2595 | continue; |
2596 | send_status(common); |
2597 | } |
2598 | |
2599 | spin_lock_irq(lock: &common->lock); |
2600 | common->thread_task = NULL; |
2601 | spin_unlock_irq(lock: &common->lock); |
2602 | |
2603 | /* Eject media from all LUNs */ |
2604 | |
2605 | down_write(sem: &common->filesem); |
2606 | for (i = 0; i < ARRAY_SIZE(common->luns); i++) { |
2607 | struct fsg_lun *curlun = common->luns[i]; |
2608 | |
2609 | if (curlun && fsg_lun_is_open(curlun)) |
2610 | fsg_lun_close(curlun); |
2611 | } |
2612 | up_write(sem: &common->filesem); |
2613 | |
2614 | /* Let fsg_unbind() know the thread has exited */ |
2615 | kthread_complete_and_exit(&common->thread_notifier, 0); |
2616 | } |
2617 | |
2618 | |
2619 | /*************************** DEVICE ATTRIBUTES ***************************/ |
2620 | |
2621 | static ssize_t ro_show(struct device *dev, struct device_attribute *attr, char *buf) |
2622 | { |
2623 | struct fsg_lun *curlun = fsg_lun_from_dev(dev); |
2624 | |
2625 | return fsg_show_ro(curlun, buf); |
2626 | } |
2627 | |
2628 | static ssize_t nofua_show(struct device *dev, struct device_attribute *attr, |
2629 | char *buf) |
2630 | { |
2631 | struct fsg_lun *curlun = fsg_lun_from_dev(dev); |
2632 | |
2633 | return fsg_show_nofua(curlun, buf); |
2634 | } |
2635 | |
2636 | static ssize_t file_show(struct device *dev, struct device_attribute *attr, |
2637 | char *buf) |
2638 | { |
2639 | struct fsg_lun *curlun = fsg_lun_from_dev(dev); |
2640 | struct rw_semaphore *filesem = dev_get_drvdata(dev); |
2641 | |
2642 | return fsg_show_file(curlun, filesem, buf); |
2643 | } |
2644 | |
2645 | static ssize_t ro_store(struct device *dev, struct device_attribute *attr, |
2646 | const char *buf, size_t count) |
2647 | { |
2648 | struct fsg_lun *curlun = fsg_lun_from_dev(dev); |
2649 | struct rw_semaphore *filesem = dev_get_drvdata(dev); |
2650 | |
2651 | return fsg_store_ro(curlun, filesem, buf, count); |
2652 | } |
2653 | |
2654 | static ssize_t nofua_store(struct device *dev, struct device_attribute *attr, |
2655 | const char *buf, size_t count) |
2656 | { |
2657 | struct fsg_lun *curlun = fsg_lun_from_dev(dev); |
2658 | |
2659 | return fsg_store_nofua(curlun, buf, count); |
2660 | } |
2661 | |
2662 | static ssize_t file_store(struct device *dev, struct device_attribute *attr, |
2663 | const char *buf, size_t count) |
2664 | { |
2665 | struct fsg_lun *curlun = fsg_lun_from_dev(dev); |
2666 | struct rw_semaphore *filesem = dev_get_drvdata(dev); |
2667 | |
2668 | return fsg_store_file(curlun, filesem, buf, count); |
2669 | } |
2670 | |
2671 | static ssize_t forced_eject_store(struct device *dev, |
2672 | struct device_attribute *attr, |
2673 | const char *buf, size_t count) |
2674 | { |
2675 | struct fsg_lun *curlun = fsg_lun_from_dev(dev); |
2676 | struct rw_semaphore *filesem = dev_get_drvdata(dev); |
2677 | |
2678 | return fsg_store_forced_eject(curlun, filesem, buf, count); |
2679 | } |
2680 | |
2681 | static DEVICE_ATTR_RW(nofua); |
2682 | static DEVICE_ATTR_WO(forced_eject); |
2683 | |
2684 | /* |
2685 | * Mode of the ro and file attribute files will be overridden in |
2686 | * fsg_lun_dev_is_visible() depending on if this is a cdrom, or if it is a |
2687 | * removable device. |
2688 | */ |
2689 | static DEVICE_ATTR_RW(ro); |
2690 | static DEVICE_ATTR_RW(file); |
2691 | |
2692 | /****************************** FSG COMMON ******************************/ |
2693 | |
2694 | static void fsg_lun_release(struct device *dev) |
2695 | { |
2696 | /* Nothing needs to be done */ |
2697 | } |
2698 | |
2699 | static struct fsg_common *fsg_common_setup(struct fsg_common *common) |
2700 | { |
2701 | if (!common) { |
2702 | common = kzalloc(size: sizeof(*common), GFP_KERNEL); |
2703 | if (!common) |
2704 | return ERR_PTR(error: -ENOMEM); |
2705 | common->free_storage_on_release = 1; |
2706 | } else { |
2707 | common->free_storage_on_release = 0; |
2708 | } |
2709 | init_rwsem(&common->filesem); |
2710 | spin_lock_init(&common->lock); |
2711 | init_completion(x: &common->thread_notifier); |
2712 | init_waitqueue_head(&common->io_wait); |
2713 | init_waitqueue_head(&common->fsg_wait); |
2714 | common->state = FSG_STATE_TERMINATED; |
2715 | memset(common->luns, 0, sizeof(common->luns)); |
2716 | |
2717 | return common; |
2718 | } |
2719 | |
2720 | void fsg_common_set_sysfs(struct fsg_common *common, bool sysfs) |
2721 | { |
2722 | common->sysfs = sysfs; |
2723 | } |
2724 | EXPORT_SYMBOL_GPL(fsg_common_set_sysfs); |
2725 | |
2726 | static void _fsg_common_free_buffers(struct fsg_buffhd *buffhds, unsigned n) |
2727 | { |
2728 | if (buffhds) { |
2729 | struct fsg_buffhd *bh = buffhds; |
2730 | while (n--) { |
2731 | kfree(objp: bh->buf); |
2732 | ++bh; |
2733 | } |
2734 | kfree(objp: buffhds); |
2735 | } |
2736 | } |
2737 | |
2738 | int fsg_common_set_num_buffers(struct fsg_common *common, unsigned int n) |
2739 | { |
2740 | struct fsg_buffhd *bh, *buffhds; |
2741 | int i; |
2742 | |
2743 | buffhds = kcalloc(n, size: sizeof(*buffhds), GFP_KERNEL); |
2744 | if (!buffhds) |
2745 | return -ENOMEM; |
2746 | |
2747 | /* Data buffers cyclic list */ |
2748 | bh = buffhds; |
2749 | i = n; |
2750 | goto buffhds_first_it; |
2751 | do { |
2752 | bh->next = bh + 1; |
2753 | ++bh; |
2754 | buffhds_first_it: |
2755 | bh->buf = kmalloc(FSG_BUFLEN, GFP_KERNEL); |
2756 | if (unlikely(!bh->buf)) |
2757 | goto error_release; |
2758 | } while (--i); |
2759 | bh->next = buffhds; |
2760 | |
2761 | _fsg_common_free_buffers(buffhds: common->buffhds, n: common->fsg_num_buffers); |
2762 | common->fsg_num_buffers = n; |
2763 | common->buffhds = buffhds; |
2764 | |
2765 | return 0; |
2766 | |
2767 | error_release: |
2768 | /* |
2769 | * "buf"s pointed to by heads after n - i are NULL |
2770 | * so releasing them won't hurt |
2771 | */ |
2772 | _fsg_common_free_buffers(buffhds, n); |
2773 | |
2774 | return -ENOMEM; |
2775 | } |
2776 | EXPORT_SYMBOL_GPL(fsg_common_set_num_buffers); |
2777 | |
2778 | void fsg_common_remove_lun(struct fsg_lun *lun) |
2779 | { |
2780 | if (device_is_registered(dev: &lun->dev)) |
2781 | device_unregister(dev: &lun->dev); |
2782 | fsg_lun_close(curlun: lun); |
2783 | kfree(objp: lun); |
2784 | } |
2785 | EXPORT_SYMBOL_GPL(fsg_common_remove_lun); |
2786 | |
2787 | static void _fsg_common_remove_luns(struct fsg_common *common, int n) |
2788 | { |
2789 | int i; |
2790 | |
2791 | for (i = 0; i < n; ++i) |
2792 | if (common->luns[i]) { |
2793 | fsg_common_remove_lun(common->luns[i]); |
2794 | common->luns[i] = NULL; |
2795 | } |
2796 | } |
2797 | |
2798 | void fsg_common_remove_luns(struct fsg_common *common) |
2799 | { |
2800 | _fsg_common_remove_luns(common, ARRAY_SIZE(common->luns)); |
2801 | } |
2802 | EXPORT_SYMBOL_GPL(fsg_common_remove_luns); |
2803 | |
2804 | void fsg_common_free_buffers(struct fsg_common *common) |
2805 | { |
2806 | _fsg_common_free_buffers(buffhds: common->buffhds, n: common->fsg_num_buffers); |
2807 | common->buffhds = NULL; |
2808 | } |
2809 | EXPORT_SYMBOL_GPL(fsg_common_free_buffers); |
2810 | |
2811 | int fsg_common_set_cdev(struct fsg_common *common, |
2812 | struct usb_composite_dev *cdev, bool can_stall) |
2813 | { |
2814 | struct usb_string *us; |
2815 | |
2816 | common->gadget = cdev->gadget; |
2817 | common->ep0 = cdev->gadget->ep0; |
2818 | common->ep0req = cdev->req; |
2819 | common->cdev = cdev; |
2820 | |
2821 | us = usb_gstrings_attach(cdev, sp: fsg_strings_array, |
2822 | ARRAY_SIZE(fsg_strings)); |
2823 | if (IS_ERR(ptr: us)) |
2824 | return PTR_ERR(ptr: us); |
2825 | |
2826 | fsg_intf_desc.iInterface = us[FSG_STRING_INTERFACE].id; |
2827 | |
2828 | /* |
2829 | * Some peripheral controllers are known not to be able to |
2830 | * halt bulk endpoints correctly. If one of them is present, |
2831 | * disable stalls. |
2832 | */ |
2833 | common->can_stall = can_stall && |
2834 | gadget_is_stall_supported(g: common->gadget); |
2835 | |
2836 | return 0; |
2837 | } |
2838 | EXPORT_SYMBOL_GPL(fsg_common_set_cdev); |
2839 | |
2840 | static struct attribute *fsg_lun_dev_attrs[] = { |
2841 | &dev_attr_ro.attr, |
2842 | &dev_attr_file.attr, |
2843 | &dev_attr_nofua.attr, |
2844 | &dev_attr_forced_eject.attr, |
2845 | NULL |
2846 | }; |
2847 | |
2848 | static umode_t fsg_lun_dev_is_visible(struct kobject *kobj, |
2849 | struct attribute *attr, int idx) |
2850 | { |
2851 | struct device *dev = kobj_to_dev(kobj); |
2852 | struct fsg_lun *lun = fsg_lun_from_dev(dev); |
2853 | |
2854 | if (attr == &dev_attr_ro.attr) |
2855 | return lun->cdrom ? S_IRUGO : (S_IWUSR | S_IRUGO); |
2856 | if (attr == &dev_attr_file.attr) |
2857 | return lun->removable ? (S_IWUSR | S_IRUGO) : S_IRUGO; |
2858 | return attr->mode; |
2859 | } |
2860 | |
2861 | static const struct attribute_group fsg_lun_dev_group = { |
2862 | .attrs = fsg_lun_dev_attrs, |
2863 | .is_visible = fsg_lun_dev_is_visible, |
2864 | }; |
2865 | |
2866 | static const struct attribute_group *fsg_lun_dev_groups[] = { |
2867 | &fsg_lun_dev_group, |
2868 | NULL |
2869 | }; |
2870 | |
2871 | int fsg_common_create_lun(struct fsg_common *common, struct fsg_lun_config *cfg, |
2872 | unsigned int id, const char *name, |
2873 | const char **name_pfx) |
2874 | { |
2875 | struct fsg_lun *lun; |
2876 | char *pathbuf = NULL, *p = "(no medium)" ; |
2877 | int rc = -ENOMEM; |
2878 | |
2879 | if (id >= ARRAY_SIZE(common->luns)) |
2880 | return -ENODEV; |
2881 | |
2882 | if (common->luns[id]) |
2883 | return -EBUSY; |
2884 | |
2885 | if (!cfg->filename && !cfg->removable) { |
2886 | pr_err("no file given for LUN%d\n" , id); |
2887 | return -EINVAL; |
2888 | } |
2889 | |
2890 | lun = kzalloc(size: sizeof(*lun), GFP_KERNEL); |
2891 | if (!lun) |
2892 | return -ENOMEM; |
2893 | |
2894 | lun->name_pfx = name_pfx; |
2895 | |
2896 | lun->cdrom = !!cfg->cdrom; |
2897 | lun->ro = cfg->cdrom || cfg->ro; |
2898 | lun->initially_ro = lun->ro; |
2899 | lun->removable = !!cfg->removable; |
2900 | |
2901 | if (!common->sysfs) { |
2902 | /* we DON'T own the name!*/ |
2903 | lun->name = name; |
2904 | } else { |
2905 | lun->dev.release = fsg_lun_release; |
2906 | lun->dev.parent = &common->gadget->dev; |
2907 | lun->dev.groups = fsg_lun_dev_groups; |
2908 | dev_set_drvdata(dev: &lun->dev, data: &common->filesem); |
2909 | dev_set_name(dev: &lun->dev, name: "%s" , name); |
2910 | lun->name = dev_name(dev: &lun->dev); |
2911 | |
2912 | rc = device_register(dev: &lun->dev); |
2913 | if (rc) { |
2914 | pr_info("failed to register LUN%d: %d\n" , id, rc); |
2915 | put_device(dev: &lun->dev); |
2916 | goto error_sysfs; |
2917 | } |
2918 | } |
2919 | |
2920 | common->luns[id] = lun; |
2921 | |
2922 | if (cfg->filename) { |
2923 | rc = fsg_lun_open(curlun: lun, filename: cfg->filename); |
2924 | if (rc) |
2925 | goto error_lun; |
2926 | |
2927 | p = "(error)" ; |
2928 | pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); |
2929 | if (pathbuf) { |
2930 | p = file_path(lun->filp, pathbuf, PATH_MAX); |
2931 | if (IS_ERR(ptr: p)) |
2932 | p = "(error)" ; |
2933 | } |
2934 | } |
2935 | pr_info("LUN: %s%s%sfile: %s\n" , |
2936 | lun->removable ? "removable " : "" , |
2937 | lun->ro ? "read only " : "" , |
2938 | lun->cdrom ? "CD-ROM " : "" , |
2939 | p); |
2940 | kfree(objp: pathbuf); |
2941 | |
2942 | return 0; |
2943 | |
2944 | error_lun: |
2945 | if (device_is_registered(dev: &lun->dev)) |
2946 | device_unregister(dev: &lun->dev); |
2947 | common->luns[id] = NULL; |
2948 | error_sysfs: |
2949 | kfree(objp: lun); |
2950 | return rc; |
2951 | } |
2952 | EXPORT_SYMBOL_GPL(fsg_common_create_lun); |
2953 | |
2954 | int fsg_common_create_luns(struct fsg_common *common, struct fsg_config *cfg) |
2955 | { |
2956 | char buf[8]; /* enough for 100000000 different numbers, decimal */ |
2957 | int i, rc; |
2958 | |
2959 | fsg_common_remove_luns(common); |
2960 | |
2961 | for (i = 0; i < cfg->nluns; ++i) { |
2962 | snprintf(buf, size: sizeof(buf), fmt: "lun%d" , i); |
2963 | rc = fsg_common_create_lun(common, &cfg->luns[i], i, buf, NULL); |
2964 | if (rc) |
2965 | goto fail; |
2966 | } |
2967 | |
2968 | pr_info("Number of LUNs=%d\n" , cfg->nluns); |
2969 | |
2970 | return 0; |
2971 | |
2972 | fail: |
2973 | _fsg_common_remove_luns(common, n: i); |
2974 | return rc; |
2975 | } |
2976 | EXPORT_SYMBOL_GPL(fsg_common_create_luns); |
2977 | |
2978 | void fsg_common_set_inquiry_string(struct fsg_common *common, const char *vn, |
2979 | const char *pn) |
2980 | { |
2981 | int i; |
2982 | |
2983 | /* Prepare inquiryString */ |
2984 | i = get_default_bcdDevice(); |
2985 | snprintf(buf: common->inquiry_string, size: sizeof(common->inquiry_string), |
2986 | fmt: "%-8s%-16s%04x" , vn ?: "Linux" , |
2987 | /* Assume product name dependent on the first LUN */ |
2988 | pn ?: ((*common->luns)->cdrom |
2989 | ? "File-CD Gadget" |
2990 | : "File-Stor Gadget" ), |
2991 | i); |
2992 | } |
2993 | EXPORT_SYMBOL_GPL(fsg_common_set_inquiry_string); |
2994 | |
2995 | static void fsg_common_release(struct fsg_common *common) |
2996 | { |
2997 | int i; |
2998 | |
2999 | /* If the thread isn't already dead, tell it to exit now */ |
3000 | if (common->state != FSG_STATE_TERMINATED) { |
3001 | raise_exception(common, new_state: FSG_STATE_EXIT); |
3002 | wait_for_completion(&common->thread_notifier); |
3003 | } |
3004 | |
3005 | for (i = 0; i < ARRAY_SIZE(common->luns); ++i) { |
3006 | struct fsg_lun *lun = common->luns[i]; |
3007 | if (!lun) |
3008 | continue; |
3009 | fsg_lun_close(curlun: lun); |
3010 | if (device_is_registered(dev: &lun->dev)) |
3011 | device_unregister(dev: &lun->dev); |
3012 | kfree(objp: lun); |
3013 | } |
3014 | |
3015 | _fsg_common_free_buffers(buffhds: common->buffhds, n: common->fsg_num_buffers); |
3016 | if (common->free_storage_on_release) |
3017 | kfree(objp: common); |
3018 | } |
3019 | |
3020 | |
3021 | /*-------------------------------------------------------------------------*/ |
3022 | |
3023 | static int fsg_bind(struct usb_configuration *c, struct usb_function *f) |
3024 | { |
3025 | struct fsg_dev *fsg = fsg_from_func(f); |
3026 | struct fsg_common *common = fsg->common; |
3027 | struct usb_gadget *gadget = c->cdev->gadget; |
3028 | int i; |
3029 | struct usb_ep *ep; |
3030 | unsigned max_burst; |
3031 | int ret; |
3032 | struct fsg_opts *opts; |
3033 | |
3034 | /* Don't allow to bind if we don't have at least one LUN */ |
3035 | ret = _fsg_common_get_max_lun(common); |
3036 | if (ret < 0) { |
3037 | pr_err("There should be at least one LUN.\n" ); |
3038 | return -EINVAL; |
3039 | } |
3040 | |
3041 | opts = fsg_opts_from_func_inst(fi: f->fi); |
3042 | if (!opts->no_configfs) { |
3043 | ret = fsg_common_set_cdev(fsg->common, c->cdev, |
3044 | fsg->common->can_stall); |
3045 | if (ret) |
3046 | return ret; |
3047 | fsg_common_set_inquiry_string(fsg->common, NULL, NULL); |
3048 | } |
3049 | |
3050 | if (!common->thread_task) { |
3051 | common->state = FSG_STATE_NORMAL; |
3052 | common->thread_task = |
3053 | kthread_create(fsg_main_thread, common, "file-storage" ); |
3054 | if (IS_ERR(ptr: common->thread_task)) { |
3055 | ret = PTR_ERR(ptr: common->thread_task); |
3056 | common->thread_task = NULL; |
3057 | common->state = FSG_STATE_TERMINATED; |
3058 | return ret; |
3059 | } |
3060 | DBG(common, "I/O thread pid: %d\n" , |
3061 | task_pid_nr(common->thread_task)); |
3062 | wake_up_process(tsk: common->thread_task); |
3063 | } |
3064 | |
3065 | fsg->gadget = gadget; |
3066 | |
3067 | /* New interface */ |
3068 | i = usb_interface_id(c, f); |
3069 | if (i < 0) |
3070 | goto fail; |
3071 | fsg_intf_desc.bInterfaceNumber = i; |
3072 | fsg->interface_number = i; |
3073 | |
3074 | /* Find all the endpoints we will use */ |
3075 | ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc); |
3076 | if (!ep) |
3077 | goto autoconf_fail; |
3078 | fsg->bulk_in = ep; |
3079 | |
3080 | ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc); |
3081 | if (!ep) |
3082 | goto autoconf_fail; |
3083 | fsg->bulk_out = ep; |
3084 | |
3085 | /* Assume endpoint addresses are the same for both speeds */ |
3086 | fsg_hs_bulk_in_desc.bEndpointAddress = |
3087 | fsg_fs_bulk_in_desc.bEndpointAddress; |
3088 | fsg_hs_bulk_out_desc.bEndpointAddress = |
3089 | fsg_fs_bulk_out_desc.bEndpointAddress; |
3090 | |
3091 | /* Calculate bMaxBurst, we know packet size is 1024 */ |
3092 | max_burst = min_t(unsigned, FSG_BUFLEN / 1024, 15); |
3093 | |
3094 | fsg_ss_bulk_in_desc.bEndpointAddress = |
3095 | fsg_fs_bulk_in_desc.bEndpointAddress; |
3096 | fsg_ss_bulk_in_comp_desc.bMaxBurst = max_burst; |
3097 | |
3098 | fsg_ss_bulk_out_desc.bEndpointAddress = |
3099 | fsg_fs_bulk_out_desc.bEndpointAddress; |
3100 | fsg_ss_bulk_out_comp_desc.bMaxBurst = max_burst; |
3101 | |
3102 | ret = usb_assign_descriptors(f, fs: fsg_fs_function, hs: fsg_hs_function, |
3103 | ss: fsg_ss_function, ssp: fsg_ss_function); |
3104 | if (ret) |
3105 | goto autoconf_fail; |
3106 | |
3107 | return 0; |
3108 | |
3109 | autoconf_fail: |
3110 | ERROR(fsg, "unable to autoconfigure all endpoints\n" ); |
3111 | i = -ENOTSUPP; |
3112 | fail: |
3113 | /* terminate the thread */ |
3114 | if (fsg->common->state != FSG_STATE_TERMINATED) { |
3115 | raise_exception(common: fsg->common, new_state: FSG_STATE_EXIT); |
3116 | wait_for_completion(&fsg->common->thread_notifier); |
3117 | } |
3118 | return i; |
3119 | } |
3120 | |
3121 | /****************************** ALLOCATE FUNCTION *************************/ |
3122 | |
3123 | static void fsg_unbind(struct usb_configuration *c, struct usb_function *f) |
3124 | { |
3125 | struct fsg_dev *fsg = fsg_from_func(f); |
3126 | struct fsg_common *common = fsg->common; |
3127 | |
3128 | DBG(fsg, "unbind\n" ); |
3129 | if (fsg->common->fsg == fsg) { |
3130 | __raise_exception(common: fsg->common, new_state: FSG_STATE_CONFIG_CHANGE, NULL); |
3131 | /* FIXME: make interruptible or killable somehow? */ |
3132 | wait_event(common->fsg_wait, common->fsg != fsg); |
3133 | } |
3134 | |
3135 | usb_free_all_descriptors(f: &fsg->function); |
3136 | } |
3137 | |
3138 | static inline struct fsg_lun_opts *to_fsg_lun_opts(struct config_item *item) |
3139 | { |
3140 | return container_of(to_config_group(item), struct fsg_lun_opts, group); |
3141 | } |
3142 | |
3143 | static inline struct fsg_opts *to_fsg_opts(struct config_item *item) |
3144 | { |
3145 | return container_of(to_config_group(item), struct fsg_opts, |
3146 | func_inst.group); |
3147 | } |
3148 | |
3149 | static void fsg_lun_attr_release(struct config_item *item) |
3150 | { |
3151 | struct fsg_lun_opts *lun_opts; |
3152 | |
3153 | lun_opts = to_fsg_lun_opts(item); |
3154 | kfree(objp: lun_opts); |
3155 | } |
3156 | |
3157 | static struct configfs_item_operations fsg_lun_item_ops = { |
3158 | .release = fsg_lun_attr_release, |
3159 | }; |
3160 | |
3161 | static ssize_t fsg_lun_opts_file_show(struct config_item *item, char *page) |
3162 | { |
3163 | struct fsg_lun_opts *opts = to_fsg_lun_opts(item); |
3164 | struct fsg_opts *fsg_opts = to_fsg_opts(item: opts->group.cg_item.ci_parent); |
3165 | |
3166 | return fsg_show_file(curlun: opts->lun, filesem: &fsg_opts->common->filesem, buf: page); |
3167 | } |
3168 | |
3169 | static ssize_t fsg_lun_opts_file_store(struct config_item *item, |
3170 | const char *page, size_t len) |
3171 | { |
3172 | struct fsg_lun_opts *opts = to_fsg_lun_opts(item); |
3173 | struct fsg_opts *fsg_opts = to_fsg_opts(item: opts->group.cg_item.ci_parent); |
3174 | |
3175 | return fsg_store_file(curlun: opts->lun, filesem: &fsg_opts->common->filesem, buf: page, count: len); |
3176 | } |
3177 | |
3178 | CONFIGFS_ATTR(fsg_lun_opts_, file); |
3179 | |
3180 | static ssize_t fsg_lun_opts_ro_show(struct config_item *item, char *page) |
3181 | { |
3182 | return fsg_show_ro(curlun: to_fsg_lun_opts(item)->lun, buf: page); |
3183 | } |
3184 | |
3185 | static ssize_t fsg_lun_opts_ro_store(struct config_item *item, |
3186 | const char *page, size_t len) |
3187 | { |
3188 | struct fsg_lun_opts *opts = to_fsg_lun_opts(item); |
3189 | struct fsg_opts *fsg_opts = to_fsg_opts(item: opts->group.cg_item.ci_parent); |
3190 | |
3191 | return fsg_store_ro(curlun: opts->lun, filesem: &fsg_opts->common->filesem, buf: page, count: len); |
3192 | } |
3193 | |
3194 | CONFIGFS_ATTR(fsg_lun_opts_, ro); |
3195 | |
3196 | static ssize_t fsg_lun_opts_removable_show(struct config_item *item, |
3197 | char *page) |
3198 | { |
3199 | return fsg_show_removable(curlun: to_fsg_lun_opts(item)->lun, buf: page); |
3200 | } |
3201 | |
3202 | static ssize_t fsg_lun_opts_removable_store(struct config_item *item, |
3203 | const char *page, size_t len) |
3204 | { |
3205 | return fsg_store_removable(curlun: to_fsg_lun_opts(item)->lun, buf: page, count: len); |
3206 | } |
3207 | |
3208 | CONFIGFS_ATTR(fsg_lun_opts_, removable); |
3209 | |
3210 | static ssize_t fsg_lun_opts_cdrom_show(struct config_item *item, char *page) |
3211 | { |
3212 | return fsg_show_cdrom(curlun: to_fsg_lun_opts(item)->lun, buf: page); |
3213 | } |
3214 | |
3215 | static ssize_t fsg_lun_opts_cdrom_store(struct config_item *item, |
3216 | const char *page, size_t len) |
3217 | { |
3218 | struct fsg_lun_opts *opts = to_fsg_lun_opts(item); |
3219 | struct fsg_opts *fsg_opts = to_fsg_opts(item: opts->group.cg_item.ci_parent); |
3220 | |
3221 | return fsg_store_cdrom(curlun: opts->lun, filesem: &fsg_opts->common->filesem, buf: page, |
3222 | count: len); |
3223 | } |
3224 | |
3225 | CONFIGFS_ATTR(fsg_lun_opts_, cdrom); |
3226 | |
3227 | static ssize_t fsg_lun_opts_nofua_show(struct config_item *item, char *page) |
3228 | { |
3229 | return fsg_show_nofua(curlun: to_fsg_lun_opts(item)->lun, buf: page); |
3230 | } |
3231 | |
3232 | static ssize_t fsg_lun_opts_nofua_store(struct config_item *item, |
3233 | const char *page, size_t len) |
3234 | { |
3235 | return fsg_store_nofua(curlun: to_fsg_lun_opts(item)->lun, buf: page, count: len); |
3236 | } |
3237 | |
3238 | CONFIGFS_ATTR(fsg_lun_opts_, nofua); |
3239 | |
3240 | static ssize_t fsg_lun_opts_inquiry_string_show(struct config_item *item, |
3241 | char *page) |
3242 | { |
3243 | return fsg_show_inquiry_string(curlun: to_fsg_lun_opts(item)->lun, buf: page); |
3244 | } |
3245 | |
3246 | static ssize_t fsg_lun_opts_inquiry_string_store(struct config_item *item, |
3247 | const char *page, size_t len) |
3248 | { |
3249 | return fsg_store_inquiry_string(curlun: to_fsg_lun_opts(item)->lun, buf: page, count: len); |
3250 | } |
3251 | |
3252 | CONFIGFS_ATTR(fsg_lun_opts_, inquiry_string); |
3253 | |
3254 | static ssize_t fsg_lun_opts_forced_eject_store(struct config_item *item, |
3255 | const char *page, size_t len) |
3256 | { |
3257 | struct fsg_lun_opts *opts = to_fsg_lun_opts(item); |
3258 | struct fsg_opts *fsg_opts = to_fsg_opts(item: opts->group.cg_item.ci_parent); |
3259 | |
3260 | return fsg_store_forced_eject(curlun: opts->lun, filesem: &fsg_opts->common->filesem, |
3261 | buf: page, count: len); |
3262 | } |
3263 | |
3264 | CONFIGFS_ATTR_WO(fsg_lun_opts_, forced_eject); |
3265 | |
3266 | static struct configfs_attribute *fsg_lun_attrs[] = { |
3267 | &fsg_lun_opts_attr_file, |
3268 | &fsg_lun_opts_attr_ro, |
3269 | &fsg_lun_opts_attr_removable, |
3270 | &fsg_lun_opts_attr_cdrom, |
3271 | &fsg_lun_opts_attr_nofua, |
3272 | &fsg_lun_opts_attr_inquiry_string, |
3273 | &fsg_lun_opts_attr_forced_eject, |
3274 | NULL, |
3275 | }; |
3276 | |
3277 | static const struct config_item_type fsg_lun_type = { |
3278 | .ct_item_ops = &fsg_lun_item_ops, |
3279 | .ct_attrs = fsg_lun_attrs, |
3280 | .ct_owner = THIS_MODULE, |
3281 | }; |
3282 | |
3283 | static struct config_group *fsg_lun_make(struct config_group *group, |
3284 | const char *name) |
3285 | { |
3286 | struct fsg_lun_opts *opts; |
3287 | struct fsg_opts *fsg_opts; |
3288 | struct fsg_lun_config config; |
3289 | char *num_str; |
3290 | u8 num; |
3291 | int ret; |
3292 | |
3293 | num_str = strchr(name, '.'); |
3294 | if (!num_str) { |
3295 | pr_err("Unable to locate . in LUN.NUMBER\n" ); |
3296 | return ERR_PTR(error: -EINVAL); |
3297 | } |
3298 | num_str++; |
3299 | |
3300 | ret = kstrtou8(s: num_str, base: 0, res: &num); |
3301 | if (ret) |
3302 | return ERR_PTR(error: ret); |
3303 | |
3304 | fsg_opts = to_fsg_opts(item: &group->cg_item); |
3305 | if (num >= FSG_MAX_LUNS) |
3306 | return ERR_PTR(error: -ERANGE); |
3307 | num = array_index_nospec(num, FSG_MAX_LUNS); |
3308 | |
3309 | mutex_lock(&fsg_opts->lock); |
3310 | if (fsg_opts->refcnt || fsg_opts->common->luns[num]) { |
3311 | ret = -EBUSY; |
3312 | goto out; |
3313 | } |
3314 | |
3315 | opts = kzalloc(size: sizeof(*opts), GFP_KERNEL); |
3316 | if (!opts) { |
3317 | ret = -ENOMEM; |
3318 | goto out; |
3319 | } |
3320 | |
3321 | memset(&config, 0, sizeof(config)); |
3322 | config.removable = true; |
3323 | |
3324 | ret = fsg_common_create_lun(fsg_opts->common, &config, num, name, |
3325 | (const char **)&group->cg_item.ci_name); |
3326 | if (ret) { |
3327 | kfree(objp: opts); |
3328 | goto out; |
3329 | } |
3330 | opts->lun = fsg_opts->common->luns[num]; |
3331 | opts->lun_id = num; |
3332 | mutex_unlock(lock: &fsg_opts->lock); |
3333 | |
3334 | config_group_init_type_name(group: &opts->group, name, type: &fsg_lun_type); |
3335 | |
3336 | return &opts->group; |
3337 | out: |
3338 | mutex_unlock(lock: &fsg_opts->lock); |
3339 | return ERR_PTR(error: ret); |
3340 | } |
3341 | |
3342 | static void fsg_lun_drop(struct config_group *group, struct config_item *item) |
3343 | { |
3344 | struct fsg_lun_opts *lun_opts; |
3345 | struct fsg_opts *fsg_opts; |
3346 | |
3347 | lun_opts = to_fsg_lun_opts(item); |
3348 | fsg_opts = to_fsg_opts(item: &group->cg_item); |
3349 | |
3350 | mutex_lock(&fsg_opts->lock); |
3351 | if (fsg_opts->refcnt) { |
3352 | struct config_item *gadget; |
3353 | |
3354 | gadget = group->cg_item.ci_parent->ci_parent; |
3355 | unregister_gadget_item(item: gadget); |
3356 | } |
3357 | |
3358 | fsg_common_remove_lun(lun_opts->lun); |
3359 | fsg_opts->common->luns[lun_opts->lun_id] = NULL; |
3360 | lun_opts->lun_id = 0; |
3361 | mutex_unlock(lock: &fsg_opts->lock); |
3362 | |
3363 | config_item_put(item); |
3364 | } |
3365 | |
3366 | static void fsg_attr_release(struct config_item *item) |
3367 | { |
3368 | struct fsg_opts *opts = to_fsg_opts(item); |
3369 | |
3370 | usb_put_function_instance(fi: &opts->func_inst); |
3371 | } |
3372 | |
3373 | static struct configfs_item_operations fsg_item_ops = { |
3374 | .release = fsg_attr_release, |
3375 | }; |
3376 | |
3377 | static ssize_t fsg_opts_stall_show(struct config_item *item, char *page) |
3378 | { |
3379 | struct fsg_opts *opts = to_fsg_opts(item); |
3380 | int result; |
3381 | |
3382 | mutex_lock(&opts->lock); |
3383 | result = sprintf(buf: page, fmt: "%d" , opts->common->can_stall); |
3384 | mutex_unlock(lock: &opts->lock); |
3385 | |
3386 | return result; |
3387 | } |
3388 | |
3389 | static ssize_t fsg_opts_stall_store(struct config_item *item, const char *page, |
3390 | size_t len) |
3391 | { |
3392 | struct fsg_opts *opts = to_fsg_opts(item); |
3393 | int ret; |
3394 | bool stall; |
3395 | |
3396 | mutex_lock(&opts->lock); |
3397 | |
3398 | if (opts->refcnt) { |
3399 | mutex_unlock(lock: &opts->lock); |
3400 | return -EBUSY; |
3401 | } |
3402 | |
3403 | ret = kstrtobool(s: page, res: &stall); |
3404 | if (!ret) { |
3405 | opts->common->can_stall = stall; |
3406 | ret = len; |
3407 | } |
3408 | |
3409 | mutex_unlock(lock: &opts->lock); |
3410 | |
3411 | return ret; |
3412 | } |
3413 | |
3414 | CONFIGFS_ATTR(fsg_opts_, stall); |
3415 | |
3416 | #ifdef CONFIG_USB_GADGET_DEBUG_FILES |
3417 | static ssize_t fsg_opts_num_buffers_show(struct config_item *item, char *page) |
3418 | { |
3419 | struct fsg_opts *opts = to_fsg_opts(item); |
3420 | int result; |
3421 | |
3422 | mutex_lock(&opts->lock); |
3423 | result = sprintf(buf: page, fmt: "%d" , opts->common->fsg_num_buffers); |
3424 | mutex_unlock(lock: &opts->lock); |
3425 | |
3426 | return result; |
3427 | } |
3428 | |
3429 | static ssize_t fsg_opts_num_buffers_store(struct config_item *item, |
3430 | const char *page, size_t len) |
3431 | { |
3432 | struct fsg_opts *opts = to_fsg_opts(item); |
3433 | int ret; |
3434 | u8 num; |
3435 | |
3436 | mutex_lock(&opts->lock); |
3437 | if (opts->refcnt) { |
3438 | ret = -EBUSY; |
3439 | goto end; |
3440 | } |
3441 | ret = kstrtou8(s: page, base: 0, res: &num); |
3442 | if (ret) |
3443 | goto end; |
3444 | |
3445 | ret = fsg_common_set_num_buffers(opts->common, num); |
3446 | if (ret) |
3447 | goto end; |
3448 | ret = len; |
3449 | |
3450 | end: |
3451 | mutex_unlock(lock: &opts->lock); |
3452 | return ret; |
3453 | } |
3454 | |
3455 | CONFIGFS_ATTR(fsg_opts_, num_buffers); |
3456 | #endif |
3457 | |
3458 | static struct configfs_attribute *fsg_attrs[] = { |
3459 | &fsg_opts_attr_stall, |
3460 | #ifdef CONFIG_USB_GADGET_DEBUG_FILES |
3461 | &fsg_opts_attr_num_buffers, |
3462 | #endif |
3463 | NULL, |
3464 | }; |
3465 | |
3466 | static struct configfs_group_operations fsg_group_ops = { |
3467 | .make_group = fsg_lun_make, |
3468 | .drop_item = fsg_lun_drop, |
3469 | }; |
3470 | |
3471 | static const struct config_item_type fsg_func_type = { |
3472 | .ct_item_ops = &fsg_item_ops, |
3473 | .ct_group_ops = &fsg_group_ops, |
3474 | .ct_attrs = fsg_attrs, |
3475 | .ct_owner = THIS_MODULE, |
3476 | }; |
3477 | |
3478 | static void fsg_free_inst(struct usb_function_instance *fi) |
3479 | { |
3480 | struct fsg_opts *opts; |
3481 | |
3482 | opts = fsg_opts_from_func_inst(fi); |
3483 | fsg_common_release(common: opts->common); |
3484 | kfree(objp: opts); |
3485 | } |
3486 | |
3487 | static struct usb_function_instance *fsg_alloc_inst(void) |
3488 | { |
3489 | struct fsg_opts *opts; |
3490 | struct fsg_lun_config config; |
3491 | int rc; |
3492 | |
3493 | opts = kzalloc(size: sizeof(*opts), GFP_KERNEL); |
3494 | if (!opts) |
3495 | return ERR_PTR(error: -ENOMEM); |
3496 | mutex_init(&opts->lock); |
3497 | opts->func_inst.free_func_inst = fsg_free_inst; |
3498 | opts->common = fsg_common_setup(common: opts->common); |
3499 | if (IS_ERR(ptr: opts->common)) { |
3500 | rc = PTR_ERR(ptr: opts->common); |
3501 | goto release_opts; |
3502 | } |
3503 | |
3504 | rc = fsg_common_set_num_buffers(opts->common, |
3505 | CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS); |
3506 | if (rc) |
3507 | goto release_common; |
3508 | |
3509 | pr_info(FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n" ); |
3510 | |
3511 | memset(&config, 0, sizeof(config)); |
3512 | config.removable = true; |
3513 | rc = fsg_common_create_lun(opts->common, &config, 0, "lun.0" , |
3514 | (const char **)&opts->func_inst.group.cg_item.ci_name); |
3515 | if (rc) |
3516 | goto release_buffers; |
3517 | |
3518 | opts->lun0.lun = opts->common->luns[0]; |
3519 | opts->lun0.lun_id = 0; |
3520 | |
3521 | config_group_init_type_name(group: &opts->func_inst.group, name: "" , type: &fsg_func_type); |
3522 | |
3523 | config_group_init_type_name(group: &opts->lun0.group, name: "lun.0" , type: &fsg_lun_type); |
3524 | configfs_add_default_group(new_group: &opts->lun0.group, group: &opts->func_inst.group); |
3525 | |
3526 | return &opts->func_inst; |
3527 | |
3528 | release_buffers: |
3529 | fsg_common_free_buffers(opts->common); |
3530 | release_common: |
3531 | kfree(objp: opts->common); |
3532 | release_opts: |
3533 | kfree(objp: opts); |
3534 | return ERR_PTR(error: rc); |
3535 | } |
3536 | |
3537 | static void fsg_free(struct usb_function *f) |
3538 | { |
3539 | struct fsg_dev *fsg; |
3540 | struct fsg_opts *opts; |
3541 | |
3542 | fsg = container_of(f, struct fsg_dev, function); |
3543 | opts = container_of(f->fi, struct fsg_opts, func_inst); |
3544 | |
3545 | mutex_lock(&opts->lock); |
3546 | opts->refcnt--; |
3547 | mutex_unlock(lock: &opts->lock); |
3548 | |
3549 | kfree(objp: fsg); |
3550 | } |
3551 | |
3552 | static struct usb_function *fsg_alloc(struct usb_function_instance *fi) |
3553 | { |
3554 | struct fsg_opts *opts = fsg_opts_from_func_inst(fi); |
3555 | struct fsg_common *common = opts->common; |
3556 | struct fsg_dev *fsg; |
3557 | |
3558 | fsg = kzalloc(size: sizeof(*fsg), GFP_KERNEL); |
3559 | if (unlikely(!fsg)) |
3560 | return ERR_PTR(error: -ENOMEM); |
3561 | |
3562 | mutex_lock(&opts->lock); |
3563 | opts->refcnt++; |
3564 | mutex_unlock(lock: &opts->lock); |
3565 | |
3566 | fsg->function.name = FSG_DRIVER_DESC; |
3567 | fsg->function.bind = fsg_bind; |
3568 | fsg->function.unbind = fsg_unbind; |
3569 | fsg->function.setup = fsg_setup; |
3570 | fsg->function.set_alt = fsg_set_alt; |
3571 | fsg->function.disable = fsg_disable; |
3572 | fsg->function.free_func = fsg_free; |
3573 | |
3574 | fsg->common = common; |
3575 | |
3576 | return &fsg->function; |
3577 | } |
3578 | |
3579 | DECLARE_USB_FUNCTION_INIT(mass_storage, fsg_alloc_inst, fsg_alloc); |
3580 | MODULE_LICENSE("GPL" ); |
3581 | MODULE_AUTHOR("Michal Nazarewicz" ); |
3582 | |
3583 | /************************* Module parameters *************************/ |
3584 | |
3585 | |
3586 | void fsg_config_from_params(struct fsg_config *cfg, |
3587 | const struct fsg_module_parameters *params, |
3588 | unsigned int fsg_num_buffers) |
3589 | { |
3590 | struct fsg_lun_config *lun; |
3591 | unsigned i; |
3592 | |
3593 | /* Configure LUNs */ |
3594 | cfg->nluns = |
3595 | min(params->luns ?: (params->file_count ?: 1u), |
3596 | (unsigned)FSG_MAX_LUNS); |
3597 | for (i = 0, lun = cfg->luns; i < cfg->nluns; ++i, ++lun) { |
3598 | lun->ro = !!params->ro[i]; |
3599 | lun->cdrom = !!params->cdrom[i]; |
3600 | lun->removable = !!params->removable[i]; |
3601 | lun->filename = |
3602 | params->file_count > i && params->file[i][0] |
3603 | ? params->file[i] |
3604 | : NULL; |
3605 | } |
3606 | |
3607 | /* Let MSF use defaults */ |
3608 | cfg->vendor_name = NULL; |
3609 | cfg->product_name = NULL; |
3610 | |
3611 | cfg->ops = NULL; |
3612 | cfg->private_data = NULL; |
3613 | |
3614 | /* Finalise */ |
3615 | cfg->can_stall = params->stall; |
3616 | cfg->fsg_num_buffers = fsg_num_buffers; |
3617 | } |
3618 | EXPORT_SYMBOL_GPL(fsg_config_from_params); |
3619 | |