1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200#include <linux/blkdev.h>
201#include <linux/completion.h>
202#include <linux/dcache.h>
203#include <linux/delay.h>
204#include <linux/device.h>
205#include <linux/fcntl.h>
206#include <linux/file.h>
207#include <linux/fs.h>
208#include <linux/kref.h>
209#include <linux/kthread.h>
210#include <linux/limits.h>
211#include <linux/rwsem.h>
212#include <linux/slab.h>
213#include <linux/spinlock.h>
214#include <linux/string.h>
215#include <linux/freezer.h>
216
217#include <linux/usb/ch9.h>
218#include <linux/usb/gadget.h>
219#include <linux/usb/composite.h>
220
221#include "gadget_chips.h"
222
223
224
225
226#define FSG_DRIVER_DESC "Mass Storage Function"
227#define FSG_DRIVER_VERSION "2009/09/11"
228
229static const char fsg_string_interface[] = "Mass Storage";
230
231#include "storage_common.c"
232
233
234
235
236struct fsg_dev;
237struct fsg_common;
238
239
240struct fsg_operations {
241
242
243
244
245
246
247
248 int (*thread_exits)(struct fsg_common *common);
249};
250
251
252struct fsg_common {
253 struct usb_gadget *gadget;
254 struct usb_composite_dev *cdev;
255 struct fsg_dev *fsg, *new_fsg;
256 wait_queue_head_t fsg_wait;
257
258
259 struct rw_semaphore filesem;
260
261
262 spinlock_t lock;
263
264 struct usb_ep *ep0;
265 struct usb_request *ep0req;
266 unsigned int ep0_req_tag;
267
268 struct fsg_buffhd *next_buffhd_to_fill;
269 struct fsg_buffhd *next_buffhd_to_drain;
270 struct fsg_buffhd *buffhds;
271
272 int cmnd_size;
273 u8 cmnd[MAX_COMMAND_SIZE];
274
275 unsigned int nluns;
276 unsigned int lun;
277 struct fsg_lun *luns;
278 struct fsg_lun *curlun;
279
280 unsigned int bulk_out_maxpacket;
281 enum fsg_state state;
282 unsigned int exception_req_tag;
283
284 enum data_direction data_dir;
285 u32 data_size;
286 u32 data_size_from_cmnd;
287 u32 tag;
288 u32 residue;
289 u32 usb_amount_left;
290
291 unsigned int can_stall:1;
292 unsigned int free_storage_on_release:1;
293 unsigned int phase_error:1;
294 unsigned int short_packet_received:1;
295 unsigned int bad_lun_okay:1;
296 unsigned int running:1;
297
298 int thread_wakeup_needed;
299 struct completion thread_notifier;
300 struct task_struct *thread_task;
301
302
303 const struct fsg_operations *ops;
304
305 void *private_data;
306
307
308
309
310
311 char inquiry_string[8 + 16 + 4 + 1];
312
313 struct kref ref;
314};
315
316struct fsg_config {
317 unsigned nluns;
318 struct fsg_lun_config {
319 const char *filename;
320 char ro;
321 char removable;
322 char cdrom;
323 char nofua;
324 } luns[FSG_MAX_LUNS];
325
326
327 const struct fsg_operations *ops;
328
329 void *private_data;
330
331 const char *vendor_name;
332 const char *product_name;
333
334 char can_stall;
335};
336
337struct fsg_dev {
338 struct usb_function function;
339 struct usb_gadget *gadget;
340 struct fsg_common *common;
341
342 u16 interface_number;
343
344 unsigned int bulk_in_enabled:1;
345 unsigned int bulk_out_enabled:1;
346
347 unsigned long atomic_bitflags;
348#define IGNORE_BULK_OUT 0
349
350 struct usb_ep *bulk_in;
351 struct usb_ep *bulk_out;
352};
353
354static inline int __fsg_is_set(struct fsg_common *common,
355 const char *func, unsigned line)
356{
357 if (common->fsg)
358 return 1;
359 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line);
360 WARN_ON(1);
361 return 0;
362}
363
364#define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__))
365
366static inline struct fsg_dev *fsg_from_func(struct usb_function *f)
367{
368 return container_of(f, struct fsg_dev, function);
369}
370
371typedef void (*fsg_routine_t)(struct fsg_dev *);
372
373static int exception_in_progress(struct fsg_common *common)
374{
375 return common->state > FSG_STATE_IDLE;
376}
377
378
379static void set_bulk_out_req_length(struct fsg_common *common,
380 struct fsg_buffhd *bh, unsigned int length)
381{
382 unsigned int rem;
383
384 bh->bulk_out_intended_length = length;
385 rem = length % common->bulk_out_maxpacket;
386 if (rem > 0)
387 length += common->bulk_out_maxpacket - rem;
388 bh->outreq->length = length;
389}
390
391
392
393
394static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
395{
396 const char *name;
397
398 if (ep == fsg->bulk_in)
399 name = "bulk-in";
400 else if (ep == fsg->bulk_out)
401 name = "bulk-out";
402 else
403 name = ep->name;
404 DBG(fsg, "%s set halt\n", name);
405 return usb_ep_set_halt(ep);
406}
407
408
409
410
411
412
413
414static void wakeup_thread(struct fsg_common *common)
415{
416 smp_wmb();
417
418 common->thread_wakeup_needed = 1;
419 if (common->thread_task)
420 wake_up_process(common->thread_task);
421}
422
423static void raise_exception(struct fsg_common *common, enum fsg_state new_state)
424{
425 unsigned long flags;
426
427
428
429
430
431
432 spin_lock_irqsave(&common->lock, flags);
433 if (common->state <= new_state) {
434 common->exception_req_tag = common->ep0_req_tag;
435 common->state = new_state;
436 if (common->thread_task)
437 send_sig_info(SIGUSR1, SEND_SIG_FORCED,
438 common->thread_task);
439 }
440 spin_unlock_irqrestore(&common->lock, flags);
441}
442
443
444
445
446static int ep0_queue(struct fsg_common *common)
447{
448 int rc;
449
450 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC);
451 common->ep0->driver_data = common;
452 if (rc != 0 && rc != -ESHUTDOWN) {
453
454 WARNING(common, "error in submission: %s --> %d\n",
455 common->ep0->name, rc);
456 }
457 return rc;
458}
459
460
461
462
463
464
465static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
466{
467 struct fsg_common *common = ep->driver_data;
468 struct fsg_buffhd *bh = req->context;
469
470 if (req->status || req->actual != req->length)
471 DBG(common, "%s --> %d, %u/%u\n", __func__,
472 req->status, req->actual, req->length);
473 if (req->status == -ECONNRESET)
474 usb_ep_fifo_flush(ep);
475
476
477 smp_wmb();
478 spin_lock(&common->lock);
479 bh->inreq_busy = 0;
480 bh->state = BUF_STATE_EMPTY;
481 wakeup_thread(common);
482 spin_unlock(&common->lock);
483}
484
485static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
486{
487 struct fsg_common *common = ep->driver_data;
488 struct fsg_buffhd *bh = req->context;
489
490 dump_msg(common, "bulk-out", req->buf, req->actual);
491 if (req->status || req->actual != bh->bulk_out_intended_length)
492 DBG(common, "%s --> %d, %u/%u\n", __func__,
493 req->status, req->actual, bh->bulk_out_intended_length);
494 if (req->status == -ECONNRESET)
495 usb_ep_fifo_flush(ep);
496
497
498 smp_wmb();
499 spin_lock(&common->lock);
500 bh->outreq_busy = 0;
501 bh->state = BUF_STATE_FULL;
502 wakeup_thread(common);
503 spin_unlock(&common->lock);
504}
505
506static int fsg_setup(struct usb_function *f,
507 const struct usb_ctrlrequest *ctrl)
508{
509 struct fsg_dev *fsg = fsg_from_func(f);
510 struct usb_request *req = fsg->common->ep0req;
511 u16 w_index = le16_to_cpu(ctrl->wIndex);
512 u16 w_value = le16_to_cpu(ctrl->wValue);
513 u16 w_length = le16_to_cpu(ctrl->wLength);
514
515 if (!fsg_is_set(fsg->common))
516 return -EOPNOTSUPP;
517
518 ++fsg->common->ep0_req_tag;
519 req->context = NULL;
520 req->length = 0;
521 dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl));
522
523 switch (ctrl->bRequest) {
524
525 case US_BULK_RESET_REQUEST:
526 if (ctrl->bRequestType !=
527 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
528 break;
529 if (w_index != fsg->interface_number || w_value != 0 ||
530 w_length != 0)
531 return -EDOM;
532
533
534
535
536
537 DBG(fsg, "bulk reset request\n");
538 raise_exception(fsg->common, FSG_STATE_RESET);
539 return DELAYED_STATUS;
540
541 case US_BULK_GET_MAX_LUN:
542 if (ctrl->bRequestType !=
543 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
544 break;
545 if (w_index != fsg->interface_number || w_value != 0 ||
546 w_length != 1)
547 return -EDOM;
548 VDBG(fsg, "get max LUN\n");
549 *(u8 *)req->buf = fsg->common->nluns - 1;
550
551
552 req->length = min((u16)1, w_length);
553 return ep0_queue(fsg->common);
554 }
555
556 VDBG(fsg,
557 "unknown class-specific control req %02x.%02x v%04x i%04x l%u\n",
558 ctrl->bRequestType, ctrl->bRequest,
559 le16_to_cpu(ctrl->wValue), w_index, w_length);
560 return -EOPNOTSUPP;
561}
562
563
564
565
566
567
568
569static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
570 struct usb_request *req, int *pbusy,
571 enum fsg_buffer_state *state)
572{
573 int rc;
574
575 if (ep == fsg->bulk_in)
576 dump_msg(fsg, "bulk-in", req->buf, req->length);
577
578 spin_lock_irq(&fsg->common->lock);
579 *pbusy = 1;
580 *state = BUF_STATE_BUSY;
581 spin_unlock_irq(&fsg->common->lock);
582 rc = usb_ep_queue(ep, req, GFP_KERNEL);
583 if (rc != 0) {
584 *pbusy = 0;
585 *state = BUF_STATE_EMPTY;
586
587
588
589
590
591
592
593 if (rc != -ESHUTDOWN &&
594 !(rc == -EOPNOTSUPP && req->length == 0))
595 WARNING(fsg, "error in submission: %s --> %d\n",
596 ep->name, rc);
597 }
598}
599
600static bool start_in_transfer(struct fsg_common *common, struct fsg_buffhd *bh)
601{
602 if (!fsg_is_set(common))
603 return false;
604 start_transfer(common->fsg, common->fsg->bulk_in,
605 bh->inreq, &bh->inreq_busy, &bh->state);
606 return true;
607}
608
609static bool start_out_transfer(struct fsg_common *common, struct fsg_buffhd *bh)
610{
611 if (!fsg_is_set(common))
612 return false;
613 start_transfer(common->fsg, common->fsg->bulk_out,
614 bh->outreq, &bh->outreq_busy, &bh->state);
615 return true;
616}
617
618static int sleep_thread(struct fsg_common *common)
619{
620 int rc = 0;
621
622
623 for (;;) {
624 try_to_freeze();
625 set_current_state(TASK_INTERRUPTIBLE);
626 if (signal_pending(current)) {
627 rc = -EINTR;
628 break;
629 }
630 if (common->thread_wakeup_needed)
631 break;
632 schedule();
633 }
634 __set_current_state(TASK_RUNNING);
635 common->thread_wakeup_needed = 0;
636 smp_rmb();
637 return rc;
638}
639
640
641
642
643static int do_read(struct fsg_common *common)
644{
645 struct fsg_lun *curlun = common->curlun;
646 u32 lba;
647 struct fsg_buffhd *bh;
648 int rc;
649 u32 amount_left;
650 loff_t file_offset, file_offset_tmp;
651 unsigned int amount;
652 ssize_t nread;
653
654
655
656
657
658 if (common->cmnd[0] == READ_6)
659 lba = get_unaligned_be24(&common->cmnd[1]);
660 else {
661 lba = get_unaligned_be32(&common->cmnd[2]);
662
663
664
665
666
667
668 if ((common->cmnd[1] & ~0x18) != 0) {
669 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
670 return -EINVAL;
671 }
672 }
673 if (lba >= curlun->num_sectors) {
674 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
675 return -EINVAL;
676 }
677 file_offset = ((loff_t) lba) << curlun->blkbits;
678
679
680 amount_left = common->data_size_from_cmnd;
681 if (unlikely(amount_left == 0))
682 return -EIO;
683
684 for (;;) {
685
686
687
688
689
690
691 amount = min(amount_left, FSG_BUFLEN);
692 amount = min((loff_t)amount,
693 curlun->file_length - file_offset);
694
695
696 bh = common->next_buffhd_to_fill;
697 while (bh->state != BUF_STATE_EMPTY) {
698 rc = sleep_thread(common);
699 if (rc)
700 return rc;
701 }
702
703
704
705
706
707 if (amount == 0) {
708 curlun->sense_data =
709 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
710 curlun->sense_data_info =
711 file_offset >> curlun->blkbits;
712 curlun->info_valid = 1;
713 bh->inreq->length = 0;
714 bh->state = BUF_STATE_FULL;
715 break;
716 }
717
718
719 file_offset_tmp = file_offset;
720 nread = vfs_read(curlun->filp,
721 (char __user *)bh->buf,
722 amount, &file_offset_tmp);
723 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
724 (unsigned long long)file_offset, (int)nread);
725 if (signal_pending(current))
726 return -EINTR;
727
728 if (nread < 0) {
729 LDBG(curlun, "error in file read: %d\n", (int)nread);
730 nread = 0;
731 } else if (nread < amount) {
732 LDBG(curlun, "partial file read: %d/%u\n",
733 (int)nread, amount);
734 nread = round_down(nread, curlun->blksize);
735 }
736 file_offset += nread;
737 amount_left -= nread;
738 common->residue -= nread;
739
740
741
742
743
744
745 bh->inreq->length = nread;
746 bh->state = BUF_STATE_FULL;
747
748
749 if (nread < amount) {
750 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
751 curlun->sense_data_info =
752 file_offset >> curlun->blkbits;
753 curlun->info_valid = 1;
754 break;
755 }
756
757 if (amount_left == 0)
758 break;
759
760
761 bh->inreq->zero = 0;
762 if (!start_in_transfer(common, bh))
763
764 return -EIO;
765 common->next_buffhd_to_fill = bh->next;
766 }
767
768 return -EIO;
769}
770
771
772
773
774static int do_write(struct fsg_common *common)
775{
776 struct fsg_lun *curlun = common->curlun;
777 u32 lba;
778 struct fsg_buffhd *bh;
779 int get_some_more;
780 u32 amount_left_to_req, amount_left_to_write;
781 loff_t usb_offset, file_offset, file_offset_tmp;
782 unsigned int amount;
783 ssize_t nwritten;
784 int rc;
785
786 if (curlun->ro) {
787 curlun->sense_data = SS_WRITE_PROTECTED;
788 return -EINVAL;
789 }
790 spin_lock(&curlun->filp->f_lock);
791 curlun->filp->f_flags &= ~O_SYNC;
792 spin_unlock(&curlun->filp->f_lock);
793
794
795
796
797
798 if (common->cmnd[0] == WRITE_6)
799 lba = get_unaligned_be24(&common->cmnd[1]);
800 else {
801 lba = get_unaligned_be32(&common->cmnd[2]);
802
803
804
805
806
807
808
809 if (common->cmnd[1] & ~0x18) {
810 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
811 return -EINVAL;
812 }
813 if (!curlun->nofua && (common->cmnd[1] & 0x08)) {
814 spin_lock(&curlun->filp->f_lock);
815 curlun->filp->f_flags |= O_SYNC;
816 spin_unlock(&curlun->filp->f_lock);
817 }
818 }
819 if (lba >= curlun->num_sectors) {
820 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
821 return -EINVAL;
822 }
823
824
825 get_some_more = 1;
826 file_offset = usb_offset = ((loff_t) lba) << curlun->blkbits;
827 amount_left_to_req = common->data_size_from_cmnd;
828 amount_left_to_write = common->data_size_from_cmnd;
829
830 while (amount_left_to_write > 0) {
831
832
833 bh = common->next_buffhd_to_fill;
834 if (bh->state == BUF_STATE_EMPTY && get_some_more) {
835
836
837
838
839
840
841 amount = min(amount_left_to_req, FSG_BUFLEN);
842
843
844 if (usb_offset >= curlun->file_length) {
845 get_some_more = 0;
846 curlun->sense_data =
847 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
848 curlun->sense_data_info =
849 usb_offset >> curlun->blkbits;
850 curlun->info_valid = 1;
851 continue;
852 }
853
854
855 usb_offset += amount;
856 common->usb_amount_left -= amount;
857 amount_left_to_req -= amount;
858 if (amount_left_to_req == 0)
859 get_some_more = 0;
860
861
862
863
864
865
866 set_bulk_out_req_length(common, bh, amount);
867 if (!start_out_transfer(common, bh))
868
869 return -EIO;
870 common->next_buffhd_to_fill = bh->next;
871 continue;
872 }
873
874
875 bh = common->next_buffhd_to_drain;
876 if (bh->state == BUF_STATE_EMPTY && !get_some_more)
877 break;
878 if (bh->state == BUF_STATE_FULL) {
879 smp_rmb();
880 common->next_buffhd_to_drain = bh->next;
881 bh->state = BUF_STATE_EMPTY;
882
883
884 if (bh->outreq->status != 0) {
885 curlun->sense_data = SS_COMMUNICATION_FAILURE;
886 curlun->sense_data_info =
887 file_offset >> curlun->blkbits;
888 curlun->info_valid = 1;
889 break;
890 }
891
892 amount = bh->outreq->actual;
893 if (curlun->file_length - file_offset < amount) {
894 LERROR(curlun,
895 "write %u @ %llu beyond end %llu\n",
896 amount, (unsigned long long)file_offset,
897 (unsigned long long)curlun->file_length);
898 amount = curlun->file_length - file_offset;
899 }
900
901
902
903
904 amount = min(amount, bh->bulk_out_intended_length);
905
906
907 amount = round_down(amount, curlun->blksize);
908 if (amount == 0)
909 goto empty_write;
910
911
912 file_offset_tmp = file_offset;
913 nwritten = vfs_write(curlun->filp,
914 (char __user *)bh->buf,
915 amount, &file_offset_tmp);
916 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
917 (unsigned long long)file_offset, (int)nwritten);
918 if (signal_pending(current))
919 return -EINTR;
920
921 if (nwritten < 0) {
922 LDBG(curlun, "error in file write: %d\n",
923 (int)nwritten);
924 nwritten = 0;
925 } else if (nwritten < amount) {
926 LDBG(curlun, "partial file write: %d/%u\n",
927 (int)nwritten, amount);
928 nwritten = round_down(nwritten, curlun->blksize);
929 }
930 file_offset += nwritten;
931 amount_left_to_write -= nwritten;
932 common->residue -= nwritten;
933
934
935 if (nwritten < amount) {
936 curlun->sense_data = SS_WRITE_ERROR;
937 curlun->sense_data_info =
938 file_offset >> curlun->blkbits;
939 curlun->info_valid = 1;
940 break;
941 }
942
943 empty_write:
944
945 if (bh->outreq->actual < bh->bulk_out_intended_length) {
946 common->short_packet_received = 1;
947 break;
948 }
949 continue;
950 }
951
952
953 rc = sleep_thread(common);
954 if (rc)
955 return rc;
956 }
957
958 return -EIO;
959}
960
961
962
963
964static int do_synchronize_cache(struct fsg_common *common)
965{
966 struct fsg_lun *curlun = common->curlun;
967 int rc;
968
969
970
971 rc = fsg_lun_fsync_sub(curlun);
972 if (rc)
973 curlun->sense_data = SS_WRITE_ERROR;
974 return 0;
975}
976
977
978
979
980static void invalidate_sub(struct fsg_lun *curlun)
981{
982 struct file *filp = curlun->filp;
983 struct inode *inode = file_inode(filp);
984 unsigned long rc;
985
986 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1);
987 VLDBG(curlun, "invalidate_mapping_pages -> %ld\n", rc);
988}
989
990static int do_verify(struct fsg_common *common)
991{
992 struct fsg_lun *curlun = common->curlun;
993 u32 lba;
994 u32 verification_length;
995 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
996 loff_t file_offset, file_offset_tmp;
997 u32 amount_left;
998 unsigned int amount;
999 ssize_t nread;
1000
1001
1002
1003
1004
1005 lba = get_unaligned_be32(&common->cmnd[2]);
1006 if (lba >= curlun->num_sectors) {
1007 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1008 return -EINVAL;
1009 }
1010
1011
1012
1013
1014
1015 if (common->cmnd[1] & ~0x10) {
1016 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1017 return -EINVAL;
1018 }
1019
1020 verification_length = get_unaligned_be16(&common->cmnd[7]);
1021 if (unlikely(verification_length == 0))
1022 return -EIO;
1023
1024
1025 amount_left = verification_length << curlun->blkbits;
1026 file_offset = ((loff_t) lba) << curlun->blkbits;
1027
1028
1029 fsg_lun_fsync_sub(curlun);
1030 if (signal_pending(current))
1031 return -EINTR;
1032
1033 invalidate_sub(curlun);
1034 if (signal_pending(current))
1035 return -EINTR;
1036
1037
1038 while (amount_left > 0) {
1039
1040
1041
1042
1043
1044
1045 amount = min(amount_left, FSG_BUFLEN);
1046 amount = min((loff_t)amount,
1047 curlun->file_length - file_offset);
1048 if (amount == 0) {
1049 curlun->sense_data =
1050 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1051 curlun->sense_data_info =
1052 file_offset >> curlun->blkbits;
1053 curlun->info_valid = 1;
1054 break;
1055 }
1056
1057
1058 file_offset_tmp = file_offset;
1059 nread = vfs_read(curlun->filp,
1060 (char __user *) bh->buf,
1061 amount, &file_offset_tmp);
1062 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1063 (unsigned long long) file_offset,
1064 (int) nread);
1065 if (signal_pending(current))
1066 return -EINTR;
1067
1068 if (nread < 0) {
1069 LDBG(curlun, "error in file verify: %d\n", (int)nread);
1070 nread = 0;
1071 } else if (nread < amount) {
1072 LDBG(curlun, "partial file verify: %d/%u\n",
1073 (int)nread, amount);
1074 nread = round_down(nread, curlun->blksize);
1075 }
1076 if (nread == 0) {
1077 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1078 curlun->sense_data_info =
1079 file_offset >> curlun->blkbits;
1080 curlun->info_valid = 1;
1081 break;
1082 }
1083 file_offset += nread;
1084 amount_left -= nread;
1085 }
1086 return 0;
1087}
1088
1089
1090
1091
1092static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh)
1093{
1094 struct fsg_lun *curlun = common->curlun;
1095 u8 *buf = (u8 *) bh->buf;
1096
1097 if (!curlun) {
1098 common->bad_lun_okay = 1;
1099 memset(buf, 0, 36);
1100 buf[0] = 0x7f;
1101 buf[4] = 31;
1102 return 36;
1103 }
1104
1105 buf[0] = curlun->cdrom ? TYPE_ROM : TYPE_DISK;
1106 buf[1] = curlun->removable ? 0x80 : 0;
1107 buf[2] = 2;
1108 buf[3] = 2;
1109 buf[4] = 31;
1110 buf[5] = 0;
1111 buf[6] = 0;
1112 buf[7] = 0;
1113 memcpy(buf + 8, common->inquiry_string, sizeof common->inquiry_string);
1114 return 36;
1115}
1116
1117static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1118{
1119 struct fsg_lun *curlun = common->curlun;
1120 u8 *buf = (u8 *) bh->buf;
1121 u32 sd, sdinfo;
1122 int valid;
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139#if 0
1140 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
1141 curlun->sense_data = curlun->unit_attention_data;
1142 curlun->unit_attention_data = SS_NO_SENSE;
1143 }
1144#endif
1145
1146 if (!curlun) {
1147 common->bad_lun_okay = 1;
1148 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1149 sdinfo = 0;
1150 valid = 0;
1151 } else {
1152 sd = curlun->sense_data;
1153 sdinfo = curlun->sense_data_info;
1154 valid = curlun->info_valid << 7;
1155 curlun->sense_data = SS_NO_SENSE;
1156 curlun->sense_data_info = 0;
1157 curlun->info_valid = 0;
1158 }
1159
1160 memset(buf, 0, 18);
1161 buf[0] = valid | 0x70;
1162 buf[2] = SK(sd);
1163 put_unaligned_be32(sdinfo, &buf[3]);
1164 buf[7] = 18 - 8;
1165 buf[12] = ASC(sd);
1166 buf[13] = ASCQ(sd);
1167 return 18;
1168}
1169
1170static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh)
1171{
1172 struct fsg_lun *curlun = common->curlun;
1173 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1174 int pmi = common->cmnd[8];
1175 u8 *buf = (u8 *)bh->buf;
1176
1177
1178 if (pmi > 1 || (pmi == 0 && lba != 0)) {
1179 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1180 return -EINVAL;
1181 }
1182
1183 put_unaligned_be32(curlun->num_sectors - 1, &buf[0]);
1184
1185 put_unaligned_be32(curlun->blksize, &buf[4]);
1186 return 8;
1187}
1188
1189static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh)
1190{
1191 struct fsg_lun *curlun = common->curlun;
1192 int msf = common->cmnd[1] & 0x02;
1193 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1194 u8 *buf = (u8 *)bh->buf;
1195
1196 if (common->cmnd[1] & ~0x02) {
1197 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1198 return -EINVAL;
1199 }
1200 if (lba >= curlun->num_sectors) {
1201 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1202 return -EINVAL;
1203 }
1204
1205 memset(buf, 0, 8);
1206 buf[0] = 0x01;
1207 store_cdrom_address(&buf[4], msf, lba);
1208 return 8;
1209}
1210
1211static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh)
1212{
1213 struct fsg_lun *curlun = common->curlun;
1214 int msf = common->cmnd[1] & 0x02;
1215 int start_track = common->cmnd[6];
1216 u8 *buf = (u8 *)bh->buf;
1217
1218 if ((common->cmnd[1] & ~0x02) != 0 ||
1219 start_track > 1) {
1220 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1221 return -EINVAL;
1222 }
1223
1224 memset(buf, 0, 20);
1225 buf[1] = (20-2);
1226 buf[2] = 1;
1227 buf[3] = 1;
1228 buf[5] = 0x16;
1229 buf[6] = 0x01;
1230 store_cdrom_address(&buf[8], msf, 0);
1231
1232 buf[13] = 0x16;
1233 buf[14] = 0xAA;
1234 store_cdrom_address(&buf[16], msf, curlun->num_sectors);
1235 return 20;
1236}
1237
1238static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1239{
1240 struct fsg_lun *curlun = common->curlun;
1241 int mscmnd = common->cmnd[0];
1242 u8 *buf = (u8 *) bh->buf;
1243 u8 *buf0 = buf;
1244 int pc, page_code;
1245 int changeable_values, all_pages;
1246 int valid_page = 0;
1247 int len, limit;
1248
1249 if ((common->cmnd[1] & ~0x08) != 0) {
1250 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1251 return -EINVAL;
1252 }
1253 pc = common->cmnd[2] >> 6;
1254 page_code = common->cmnd[2] & 0x3f;
1255 if (pc == 3) {
1256 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1257 return -EINVAL;
1258 }
1259 changeable_values = (pc == 1);
1260 all_pages = (page_code == 0x3f);
1261
1262
1263
1264
1265
1266
1267
1268 memset(buf, 0, 8);
1269 if (mscmnd == MODE_SENSE) {
1270 buf[2] = (curlun->ro ? 0x80 : 0x00);
1271 buf += 4;
1272 limit = 255;
1273 } else {
1274 buf[3] = (curlun->ro ? 0x80 : 0x00);
1275 buf += 8;
1276 limit = 65535;
1277 }
1278
1279
1280
1281
1282
1283
1284
1285 if (page_code == 0x08 || all_pages) {
1286 valid_page = 1;
1287 buf[0] = 0x08;
1288 buf[1] = 10;
1289 memset(buf+2, 0, 10);
1290
1291 if (!changeable_values) {
1292 buf[2] = 0x04;
1293
1294
1295 put_unaligned_be16(0xffff, &buf[4]);
1296
1297
1298 put_unaligned_be16(0xffff, &buf[8]);
1299
1300 put_unaligned_be16(0xffff, &buf[10]);
1301
1302 }
1303 buf += 12;
1304 }
1305
1306
1307
1308
1309
1310 len = buf - buf0;
1311 if (!valid_page || len > limit) {
1312 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1313 return -EINVAL;
1314 }
1315
1316
1317 if (mscmnd == MODE_SENSE)
1318 buf0[0] = len - 1;
1319 else
1320 put_unaligned_be16(len - 2, buf0);
1321 return len;
1322}
1323
1324static int do_start_stop(struct fsg_common *common)
1325{
1326 struct fsg_lun *curlun = common->curlun;
1327 int loej, start;
1328
1329 if (!curlun) {
1330 return -EINVAL;
1331 } else if (!curlun->removable) {
1332 curlun->sense_data = SS_INVALID_COMMAND;
1333 return -EINVAL;
1334 } else if ((common->cmnd[1] & ~0x01) != 0 ||
1335 (common->cmnd[4] & ~0x03) != 0) {
1336 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1337 return -EINVAL;
1338 }
1339
1340 loej = common->cmnd[4] & 0x02;
1341 start = common->cmnd[4] & 0x01;
1342
1343
1344
1345
1346
1347 if (start) {
1348 if (!fsg_lun_is_open(curlun)) {
1349 curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1350 return -EINVAL;
1351 }
1352 return 0;
1353 }
1354
1355
1356 if (curlun->prevent_medium_removal) {
1357 LDBG(curlun, "unload attempt prevented\n");
1358 curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED;
1359 return -EINVAL;
1360 }
1361
1362 if (!loej)
1363 return 0;
1364
1365 up_read(&common->filesem);
1366 down_write(&common->filesem);
1367 fsg_lun_close(curlun);
1368 up_write(&common->filesem);
1369 down_read(&common->filesem);
1370
1371 return 0;
1372}
1373
1374static int do_prevent_allow(struct fsg_common *common)
1375{
1376 struct fsg_lun *curlun = common->curlun;
1377 int prevent;
1378
1379 if (!common->curlun) {
1380 return -EINVAL;
1381 } else if (!common->curlun->removable) {
1382 common->curlun->sense_data = SS_INVALID_COMMAND;
1383 return -EINVAL;
1384 }
1385
1386 prevent = common->cmnd[4] & 0x01;
1387 if ((common->cmnd[4] & ~0x01) != 0) {
1388 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1389 return -EINVAL;
1390 }
1391
1392 if (curlun->prevent_medium_removal && !prevent)
1393 fsg_lun_fsync_sub(curlun);
1394 curlun->prevent_medium_removal = prevent;
1395 return 0;
1396}
1397
1398static int do_read_format_capacities(struct fsg_common *common,
1399 struct fsg_buffhd *bh)
1400{
1401 struct fsg_lun *curlun = common->curlun;
1402 u8 *buf = (u8 *) bh->buf;
1403
1404 buf[0] = buf[1] = buf[2] = 0;
1405 buf[3] = 8;
1406 buf += 4;
1407
1408 put_unaligned_be32(curlun->num_sectors, &buf[0]);
1409
1410 put_unaligned_be32(curlun->blksize, &buf[4]);
1411 buf[4] = 0x02;
1412 return 12;
1413}
1414
1415static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh)
1416{
1417 struct fsg_lun *curlun = common->curlun;
1418
1419
1420 if (curlun)
1421 curlun->sense_data = SS_INVALID_COMMAND;
1422 return -EINVAL;
1423}
1424
1425
1426
1427
1428static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
1429{
1430 int rc;
1431
1432 rc = fsg_set_halt(fsg, fsg->bulk_in);
1433 if (rc == -EAGAIN)
1434 VDBG(fsg, "delayed bulk-in endpoint halt\n");
1435 while (rc != 0) {
1436 if (rc != -EAGAIN) {
1437 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc);
1438 rc = 0;
1439 break;
1440 }
1441
1442
1443 if (msleep_interruptible(100) != 0)
1444 return -EINTR;
1445 rc = usb_ep_set_halt(fsg->bulk_in);
1446 }
1447 return rc;
1448}
1449
1450static int wedge_bulk_in_endpoint(struct fsg_dev *fsg)
1451{
1452 int rc;
1453
1454 DBG(fsg, "bulk-in set wedge\n");
1455 rc = usb_ep_set_wedge(fsg->bulk_in);
1456 if (rc == -EAGAIN)
1457 VDBG(fsg, "delayed bulk-in endpoint wedge\n");
1458 while (rc != 0) {
1459 if (rc != -EAGAIN) {
1460 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc);
1461 rc = 0;
1462 break;
1463 }
1464
1465
1466 if (msleep_interruptible(100) != 0)
1467 return -EINTR;
1468 rc = usb_ep_set_wedge(fsg->bulk_in);
1469 }
1470 return rc;
1471}
1472
1473static int throw_away_data(struct fsg_common *common)
1474{
1475 struct fsg_buffhd *bh;
1476 u32 amount;
1477 int rc;
1478
1479 for (bh = common->next_buffhd_to_drain;
1480 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0;
1481 bh = common->next_buffhd_to_drain) {
1482
1483
1484 if (bh->state == BUF_STATE_FULL) {
1485 smp_rmb();
1486 bh->state = BUF_STATE_EMPTY;
1487 common->next_buffhd_to_drain = bh->next;
1488
1489
1490 if (bh->outreq->actual < bh->bulk_out_intended_length ||
1491 bh->outreq->status != 0) {
1492 raise_exception(common,
1493 FSG_STATE_ABORT_BULK_OUT);
1494 return -EINTR;
1495 }
1496 continue;
1497 }
1498
1499
1500 bh = common->next_buffhd_to_fill;
1501 if (bh->state == BUF_STATE_EMPTY
1502 && common->usb_amount_left > 0) {
1503 amount = min(common->usb_amount_left, FSG_BUFLEN);
1504
1505
1506
1507
1508
1509
1510 set_bulk_out_req_length(common, bh, amount);
1511 if (!start_out_transfer(common, bh))
1512
1513 return -EIO;
1514 common->next_buffhd_to_fill = bh->next;
1515 common->usb_amount_left -= amount;
1516 continue;
1517 }
1518
1519
1520 rc = sleep_thread(common);
1521 if (rc)
1522 return rc;
1523 }
1524 return 0;
1525}
1526
1527static int finish_reply(struct fsg_common *common)
1528{
1529 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1530 int rc = 0;
1531
1532 switch (common->data_dir) {
1533 case DATA_DIR_NONE:
1534 break;
1535
1536
1537
1538
1539
1540
1541
1542 case DATA_DIR_UNKNOWN:
1543 if (!common->can_stall) {
1544
1545 } else if (fsg_is_set(common)) {
1546 fsg_set_halt(common->fsg, common->fsg->bulk_out);
1547 rc = halt_bulk_in_endpoint(common->fsg);
1548 } else {
1549
1550 rc = -EIO;
1551 }
1552 break;
1553
1554
1555 case DATA_DIR_TO_HOST:
1556 if (common->data_size == 0) {
1557
1558
1559
1560 } else if (!fsg_is_set(common)) {
1561 rc = -EIO;
1562
1563
1564 } else if (common->residue == 0) {
1565 bh->inreq->zero = 0;
1566 if (!start_in_transfer(common, bh))
1567 return -EIO;
1568 common->next_buffhd_to_fill = bh->next;
1569
1570
1571
1572
1573
1574
1575
1576
1577 } else {
1578 bh->inreq->zero = 1;
1579 if (!start_in_transfer(common, bh))
1580 rc = -EIO;
1581 common->next_buffhd_to_fill = bh->next;
1582 if (common->can_stall)
1583 rc = halt_bulk_in_endpoint(common->fsg);
1584 }
1585 break;
1586
1587
1588
1589
1590
1591 case DATA_DIR_FROM_HOST:
1592 if (common->residue == 0) {
1593
1594
1595
1596 } else if (common->short_packet_received) {
1597 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1598 rc = -EINTR;
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608#if 0
1609 } else if (common->can_stall) {
1610 if (fsg_is_set(common))
1611 fsg_set_halt(common->fsg,
1612 common->fsg->bulk_out);
1613 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1614 rc = -EINTR;
1615#endif
1616
1617
1618
1619
1620
1621 } else {
1622 rc = throw_away_data(common);
1623 }
1624 break;
1625 }
1626 return rc;
1627}
1628
1629static int send_status(struct fsg_common *common)
1630{
1631 struct fsg_lun *curlun = common->curlun;
1632 struct fsg_buffhd *bh;
1633 struct bulk_cs_wrap *csw;
1634 int rc;
1635 u8 status = US_BULK_STAT_OK;
1636 u32 sd, sdinfo = 0;
1637
1638
1639 bh = common->next_buffhd_to_fill;
1640 while (bh->state != BUF_STATE_EMPTY) {
1641 rc = sleep_thread(common);
1642 if (rc)
1643 return rc;
1644 }
1645
1646 if (curlun) {
1647 sd = curlun->sense_data;
1648 sdinfo = curlun->sense_data_info;
1649 } else if (common->bad_lun_okay)
1650 sd = SS_NO_SENSE;
1651 else
1652 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1653
1654 if (common->phase_error) {
1655 DBG(common, "sending phase-error status\n");
1656 status = US_BULK_STAT_PHASE;
1657 sd = SS_INVALID_COMMAND;
1658 } else if (sd != SS_NO_SENSE) {
1659 DBG(common, "sending command-failure status\n");
1660 status = US_BULK_STAT_FAIL;
1661 VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
1662 " info x%x\n",
1663 SK(sd), ASC(sd), ASCQ(sd), sdinfo);
1664 }
1665
1666
1667 csw = (void *)bh->buf;
1668
1669 csw->Signature = cpu_to_le32(US_BULK_CS_SIGN);
1670 csw->Tag = common->tag;
1671 csw->Residue = cpu_to_le32(common->residue);
1672 csw->Status = status;
1673
1674 bh->inreq->length = US_BULK_CS_WRAP_LEN;
1675 bh->inreq->zero = 0;
1676 if (!start_in_transfer(common, bh))
1677
1678 return -EIO;
1679
1680 common->next_buffhd_to_fill = bh->next;
1681 return 0;
1682}
1683
1684
1685
1686
1687
1688
1689
1690
1691static int check_command(struct fsg_common *common, int cmnd_size,
1692 enum data_direction data_dir, unsigned int mask,
1693 int needs_medium, const char *name)
1694{
1695 int i;
1696 unsigned int lun = common->cmnd[1] >> 5;
1697 static const char dirletter[4] = {'u', 'o', 'i', 'n'};
1698 char hdlen[20];
1699 struct fsg_lun *curlun;
1700
1701 hdlen[0] = 0;
1702 if (common->data_dir != DATA_DIR_UNKNOWN)
1703 sprintf(hdlen, ", H%c=%u", dirletter[(int) common->data_dir],
1704 common->data_size);
1705 VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
1706 name, cmnd_size, dirletter[(int) data_dir],
1707 common->data_size_from_cmnd, common->cmnd_size, hdlen);
1708
1709
1710
1711
1712
1713 if (common->data_size_from_cmnd == 0)
1714 data_dir = DATA_DIR_NONE;
1715 if (common->data_size < common->data_size_from_cmnd) {
1716
1717
1718
1719
1720
1721 common->data_size_from_cmnd = common->data_size;
1722 common->phase_error = 1;
1723 }
1724 common->residue = common->data_size;
1725 common->usb_amount_left = common->data_size;
1726
1727
1728 if (common->data_dir != data_dir && common->data_size_from_cmnd > 0) {
1729 common->phase_error = 1;
1730 return -EINVAL;
1731 }
1732
1733
1734 if (cmnd_size != common->cmnd_size) {
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749 if (cmnd_size <= common->cmnd_size) {
1750 DBG(common, "%s is buggy! Expected length %d "
1751 "but we got %d\n", name,
1752 cmnd_size, common->cmnd_size);
1753 cmnd_size = common->cmnd_size;
1754 } else {
1755 common->phase_error = 1;
1756 return -EINVAL;
1757 }
1758 }
1759
1760
1761 if (common->lun != lun)
1762 DBG(common, "using LUN %u from CBW, not LUN %u from CDB\n",
1763 common->lun, lun);
1764
1765
1766 curlun = common->curlun;
1767 if (curlun) {
1768 if (common->cmnd[0] != REQUEST_SENSE) {
1769 curlun->sense_data = SS_NO_SENSE;
1770 curlun->sense_data_info = 0;
1771 curlun->info_valid = 0;
1772 }
1773 } else {
1774 common->bad_lun_okay = 0;
1775
1776
1777
1778
1779
1780 if (common->cmnd[0] != INQUIRY &&
1781 common->cmnd[0] != REQUEST_SENSE) {
1782 DBG(common, "unsupported LUN %u\n", common->lun);
1783 return -EINVAL;
1784 }
1785 }
1786
1787
1788
1789
1790
1791 if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
1792 common->cmnd[0] != INQUIRY &&
1793 common->cmnd[0] != REQUEST_SENSE) {
1794 curlun->sense_data = curlun->unit_attention_data;
1795 curlun->unit_attention_data = SS_NO_SENSE;
1796 return -EINVAL;
1797 }
1798
1799
1800 common->cmnd[1] &= 0x1f;
1801 for (i = 1; i < cmnd_size; ++i) {
1802 if (common->cmnd[i] && !(mask & (1 << i))) {
1803 if (curlun)
1804 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1805 return -EINVAL;
1806 }
1807 }
1808
1809
1810
1811 if (curlun && !fsg_lun_is_open(curlun) && needs_medium) {
1812 curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1813 return -EINVAL;
1814 }
1815
1816 return 0;
1817}
1818
1819
1820static int check_command_size_in_blocks(struct fsg_common *common,
1821 int cmnd_size, enum data_direction data_dir,
1822 unsigned int mask, int needs_medium, const char *name)
1823{
1824 if (common->curlun)
1825 common->data_size_from_cmnd <<= common->curlun->blkbits;
1826 return check_command(common, cmnd_size, data_dir,
1827 mask, needs_medium, name);
1828}
1829
1830static int do_scsi_command(struct fsg_common *common)
1831{
1832 struct fsg_buffhd *bh;
1833 int rc;
1834 int reply = -EINVAL;
1835 int i;
1836 static char unknown[16];
1837
1838 dump_cdb(common);
1839
1840
1841 bh = common->next_buffhd_to_fill;
1842 common->next_buffhd_to_drain = bh;
1843 while (bh->state != BUF_STATE_EMPTY) {
1844 rc = sleep_thread(common);
1845 if (rc)
1846 return rc;
1847 }
1848 common->phase_error = 0;
1849 common->short_packet_received = 0;
1850
1851 down_read(&common->filesem);
1852 switch (common->cmnd[0]) {
1853
1854 case INQUIRY:
1855 common->data_size_from_cmnd = common->cmnd[4];
1856 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1857 (1<<4), 0,
1858 "INQUIRY");
1859 if (reply == 0)
1860 reply = do_inquiry(common, bh);
1861 break;
1862
1863 case MODE_SELECT:
1864 common->data_size_from_cmnd = common->cmnd[4];
1865 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1866 (1<<1) | (1<<4), 0,
1867 "MODE SELECT(6)");
1868 if (reply == 0)
1869 reply = do_mode_select(common, bh);
1870 break;
1871
1872 case MODE_SELECT_10:
1873 common->data_size_from_cmnd =
1874 get_unaligned_be16(&common->cmnd[7]);
1875 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
1876 (1<<1) | (3<<7), 0,
1877 "MODE SELECT(10)");
1878 if (reply == 0)
1879 reply = do_mode_select(common, bh);
1880 break;
1881
1882 case MODE_SENSE:
1883 common->data_size_from_cmnd = common->cmnd[4];
1884 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1885 (1<<1) | (1<<2) | (1<<4), 0,
1886 "MODE SENSE(6)");
1887 if (reply == 0)
1888 reply = do_mode_sense(common, bh);
1889 break;
1890
1891 case MODE_SENSE_10:
1892 common->data_size_from_cmnd =
1893 get_unaligned_be16(&common->cmnd[7]);
1894 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1895 (1<<1) | (1<<2) | (3<<7), 0,
1896 "MODE SENSE(10)");
1897 if (reply == 0)
1898 reply = do_mode_sense(common, bh);
1899 break;
1900
1901 case ALLOW_MEDIUM_REMOVAL:
1902 common->data_size_from_cmnd = 0;
1903 reply = check_command(common, 6, DATA_DIR_NONE,
1904 (1<<4), 0,
1905 "PREVENT-ALLOW MEDIUM REMOVAL");
1906 if (reply == 0)
1907 reply = do_prevent_allow(common);
1908 break;
1909
1910 case READ_6:
1911 i = common->cmnd[4];
1912 common->data_size_from_cmnd = (i == 0) ? 256 : i;
1913 reply = check_command_size_in_blocks(common, 6,
1914 DATA_DIR_TO_HOST,
1915 (7<<1) | (1<<4), 1,
1916 "READ(6)");
1917 if (reply == 0)
1918 reply = do_read(common);
1919 break;
1920
1921 case READ_10:
1922 common->data_size_from_cmnd =
1923 get_unaligned_be16(&common->cmnd[7]);
1924 reply = check_command_size_in_blocks(common, 10,
1925 DATA_DIR_TO_HOST,
1926 (1<<1) | (0xf<<2) | (3<<7), 1,
1927 "READ(10)");
1928 if (reply == 0)
1929 reply = do_read(common);
1930 break;
1931
1932 case READ_12:
1933 common->data_size_from_cmnd =
1934 get_unaligned_be32(&common->cmnd[6]);
1935 reply = check_command_size_in_blocks(common, 12,
1936 DATA_DIR_TO_HOST,
1937 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1938 "READ(12)");
1939 if (reply == 0)
1940 reply = do_read(common);
1941 break;
1942
1943 case READ_CAPACITY:
1944 common->data_size_from_cmnd = 8;
1945 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1946 (0xf<<2) | (1<<8), 1,
1947 "READ CAPACITY");
1948 if (reply == 0)
1949 reply = do_read_capacity(common, bh);
1950 break;
1951
1952 case READ_HEADER:
1953 if (!common->curlun || !common->curlun->cdrom)
1954 goto unknown_cmnd;
1955 common->data_size_from_cmnd =
1956 get_unaligned_be16(&common->cmnd[7]);
1957 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1958 (3<<7) | (0x1f<<1), 1,
1959 "READ HEADER");
1960 if (reply == 0)
1961 reply = do_read_header(common, bh);
1962 break;
1963
1964 case READ_TOC:
1965 if (!common->curlun || !common->curlun->cdrom)
1966 goto unknown_cmnd;
1967 common->data_size_from_cmnd =
1968 get_unaligned_be16(&common->cmnd[7]);
1969 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1970 (7<<6) | (1<<1), 1,
1971 "READ TOC");
1972 if (reply == 0)
1973 reply = do_read_toc(common, bh);
1974 break;
1975
1976 case READ_FORMAT_CAPACITIES:
1977 common->data_size_from_cmnd =
1978 get_unaligned_be16(&common->cmnd[7]);
1979 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1980 (3<<7), 1,
1981 "READ FORMAT CAPACITIES");
1982 if (reply == 0)
1983 reply = do_read_format_capacities(common, bh);
1984 break;
1985
1986 case REQUEST_SENSE:
1987 common->data_size_from_cmnd = common->cmnd[4];
1988 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1989 (1<<4), 0,
1990 "REQUEST SENSE");
1991 if (reply == 0)
1992 reply = do_request_sense(common, bh);
1993 break;
1994
1995 case START_STOP:
1996 common->data_size_from_cmnd = 0;
1997 reply = check_command(common, 6, DATA_DIR_NONE,
1998 (1<<1) | (1<<4), 0,
1999 "START-STOP UNIT");
2000 if (reply == 0)
2001 reply = do_start_stop(common);
2002 break;
2003
2004 case SYNCHRONIZE_CACHE:
2005 common->data_size_from_cmnd = 0;
2006 reply = check_command(common, 10, DATA_DIR_NONE,
2007 (0xf<<2) | (3<<7), 1,
2008 "SYNCHRONIZE CACHE");
2009 if (reply == 0)
2010 reply = do_synchronize_cache(common);
2011 break;
2012
2013 case TEST_UNIT_READY:
2014 common->data_size_from_cmnd = 0;
2015 reply = check_command(common, 6, DATA_DIR_NONE,
2016 0, 1,
2017 "TEST UNIT READY");
2018 break;
2019
2020
2021
2022
2023
2024 case VERIFY:
2025 common->data_size_from_cmnd = 0;
2026 reply = check_command(common, 10, DATA_DIR_NONE,
2027 (1<<1) | (0xf<<2) | (3<<7), 1,
2028 "VERIFY");
2029 if (reply == 0)
2030 reply = do_verify(common);
2031 break;
2032
2033 case WRITE_6:
2034 i = common->cmnd[4];
2035 common->data_size_from_cmnd = (i == 0) ? 256 : i;
2036 reply = check_command_size_in_blocks(common, 6,
2037 DATA_DIR_FROM_HOST,
2038 (7<<1) | (1<<4), 1,
2039 "WRITE(6)");
2040 if (reply == 0)
2041 reply = do_write(common);
2042 break;
2043
2044 case WRITE_10:
2045 common->data_size_from_cmnd =
2046 get_unaligned_be16(&common->cmnd[7]);
2047 reply = check_command_size_in_blocks(common, 10,
2048 DATA_DIR_FROM_HOST,
2049 (1<<1) | (0xf<<2) | (3<<7), 1,
2050 "WRITE(10)");
2051 if (reply == 0)
2052 reply = do_write(common);
2053 break;
2054
2055 case WRITE_12:
2056 common->data_size_from_cmnd =
2057 get_unaligned_be32(&common->cmnd[6]);
2058 reply = check_command_size_in_blocks(common, 12,
2059 DATA_DIR_FROM_HOST,
2060 (1<<1) | (0xf<<2) | (0xf<<6), 1,
2061 "WRITE(12)");
2062 if (reply == 0)
2063 reply = do_write(common);
2064 break;
2065
2066
2067
2068
2069
2070
2071
2072 case FORMAT_UNIT:
2073 case RELEASE:
2074 case RESERVE:
2075 case SEND_DIAGNOSTIC:
2076
2077
2078 default:
2079unknown_cmnd:
2080 common->data_size_from_cmnd = 0;
2081 sprintf(unknown, "Unknown x%02x", common->cmnd[0]);
2082 reply = check_command(common, common->cmnd_size,
2083 DATA_DIR_UNKNOWN, ~0, 0, unknown);
2084 if (reply == 0) {
2085 common->curlun->sense_data = SS_INVALID_COMMAND;
2086 reply = -EINVAL;
2087 }
2088 break;
2089 }
2090 up_read(&common->filesem);
2091
2092 if (reply == -EINTR || signal_pending(current))
2093 return -EINTR;
2094
2095
2096 if (reply == -EINVAL)
2097 reply = 0;
2098 if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) {
2099 reply = min((u32)reply, common->data_size_from_cmnd);
2100 bh->inreq->length = reply;
2101 bh->state = BUF_STATE_FULL;
2102 common->residue -= reply;
2103 }
2104
2105 return 0;
2106}
2107
2108
2109
2110
2111static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2112{
2113 struct usb_request *req = bh->outreq;
2114 struct bulk_cb_wrap *cbw = req->buf;
2115 struct fsg_common *common = fsg->common;
2116
2117
2118 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
2119 return -EINVAL;
2120
2121
2122 if (req->actual != US_BULK_CB_WRAP_LEN ||
2123 cbw->Signature != cpu_to_le32(
2124 US_BULK_CB_SIGN)) {
2125 DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
2126 req->actual,
2127 le32_to_cpu(cbw->Signature));
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140 wedge_bulk_in_endpoint(fsg);
2141 set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2142 return -EINVAL;
2143 }
2144
2145
2146 if (cbw->Lun >= FSG_MAX_LUNS || cbw->Flags & ~US_BULK_FLAG_IN ||
2147 cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
2148 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2149 "cmdlen %u\n",
2150 cbw->Lun, cbw->Flags, cbw->Length);
2151
2152
2153
2154
2155
2156 if (common->can_stall) {
2157 fsg_set_halt(fsg, fsg->bulk_out);
2158 halt_bulk_in_endpoint(fsg);
2159 }
2160 return -EINVAL;
2161 }
2162
2163
2164 common->cmnd_size = cbw->Length;
2165 memcpy(common->cmnd, cbw->CDB, common->cmnd_size);
2166 if (cbw->Flags & US_BULK_FLAG_IN)
2167 common->data_dir = DATA_DIR_TO_HOST;
2168 else
2169 common->data_dir = DATA_DIR_FROM_HOST;
2170 common->data_size = le32_to_cpu(cbw->DataTransferLength);
2171 if (common->data_size == 0)
2172 common->data_dir = DATA_DIR_NONE;
2173 common->lun = cbw->Lun;
2174 if (common->lun < common->nluns)
2175 common->curlun = &common->luns[common->lun];
2176 else
2177 common->curlun = NULL;
2178 common->tag = cbw->Tag;
2179 return 0;
2180}
2181
2182static int get_next_command(struct fsg_common *common)
2183{
2184 struct fsg_buffhd *bh;
2185 int rc = 0;
2186
2187
2188 bh = common->next_buffhd_to_fill;
2189 while (bh->state != BUF_STATE_EMPTY) {
2190 rc = sleep_thread(common);
2191 if (rc)
2192 return rc;
2193 }
2194
2195
2196 set_bulk_out_req_length(common, bh, US_BULK_CB_WRAP_LEN);
2197 if (!start_out_transfer(common, bh))
2198
2199 return -EIO;
2200
2201
2202
2203
2204
2205
2206
2207
2208 while (bh->state != BUF_STATE_FULL) {
2209 rc = sleep_thread(common);
2210 if (rc)
2211 return rc;
2212 }
2213 smp_rmb();
2214 rc = fsg_is_set(common) ? received_cbw(common->fsg, bh) : -EIO;
2215 bh->state = BUF_STATE_EMPTY;
2216
2217 return rc;
2218}
2219
2220
2221
2222
2223static int alloc_request(struct fsg_common *common, struct usb_ep *ep,
2224 struct usb_request **preq)
2225{
2226 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
2227 if (*preq)
2228 return 0;
2229 ERROR(common, "can't allocate request for %s\n", ep->name);
2230 return -ENOMEM;
2231}
2232
2233
2234static int do_set_interface(struct fsg_common *common, struct fsg_dev *new_fsg)
2235{
2236 struct fsg_dev *fsg;
2237 int i, rc = 0;
2238
2239 if (common->running)
2240 DBG(common, "reset interface\n");
2241
2242reset:
2243
2244 if (common->fsg) {
2245 fsg = common->fsg;
2246
2247 for (i = 0; i < fsg_num_buffers; ++i) {
2248 struct fsg_buffhd *bh = &common->buffhds[i];
2249
2250 if (bh->inreq) {
2251 usb_ep_free_request(fsg->bulk_in, bh->inreq);
2252 bh->inreq = NULL;
2253 }
2254 if (bh->outreq) {
2255 usb_ep_free_request(fsg->bulk_out, bh->outreq);
2256 bh->outreq = NULL;
2257 }
2258 }
2259
2260
2261 if (fsg->bulk_in_enabled) {
2262 usb_ep_disable(fsg->bulk_in);
2263 fsg->bulk_in_enabled = 0;
2264 }
2265 if (fsg->bulk_out_enabled) {
2266 usb_ep_disable(fsg->bulk_out);
2267 fsg->bulk_out_enabled = 0;
2268 }
2269
2270 common->fsg = NULL;
2271 wake_up(&common->fsg_wait);
2272 }
2273
2274 common->running = 0;
2275 if (!new_fsg || rc)
2276 return rc;
2277
2278 common->fsg = new_fsg;
2279 fsg = common->fsg;
2280
2281
2282 rc = config_ep_by_speed(common->gadget, &(fsg->function), fsg->bulk_in);
2283 if (rc)
2284 goto reset;
2285 rc = usb_ep_enable(fsg->bulk_in);
2286 if (rc)
2287 goto reset;
2288 fsg->bulk_in->driver_data = common;
2289 fsg->bulk_in_enabled = 1;
2290
2291 rc = config_ep_by_speed(common->gadget, &(fsg->function),
2292 fsg->bulk_out);
2293 if (rc)
2294 goto reset;
2295 rc = usb_ep_enable(fsg->bulk_out);
2296 if (rc)
2297 goto reset;
2298 fsg->bulk_out->driver_data = common;
2299 fsg->bulk_out_enabled = 1;
2300 common->bulk_out_maxpacket = usb_endpoint_maxp(fsg->bulk_out->desc);
2301 clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2302
2303
2304 for (i = 0; i < fsg_num_buffers; ++i) {
2305 struct fsg_buffhd *bh = &common->buffhds[i];
2306
2307 rc = alloc_request(common, fsg->bulk_in, &bh->inreq);
2308 if (rc)
2309 goto reset;
2310 rc = alloc_request(common, fsg->bulk_out, &bh->outreq);
2311 if (rc)
2312 goto reset;
2313 bh->inreq->buf = bh->outreq->buf = bh->buf;
2314 bh->inreq->context = bh->outreq->context = bh;
2315 bh->inreq->complete = bulk_in_complete;
2316 bh->outreq->complete = bulk_out_complete;
2317 }
2318
2319 common->running = 1;
2320 for (i = 0; i < common->nluns; ++i)
2321 common->luns[i].unit_attention_data = SS_RESET_OCCURRED;
2322 return rc;
2323}
2324
2325
2326
2327
2328static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
2329{
2330 struct fsg_dev *fsg = fsg_from_func(f);
2331 fsg->common->new_fsg = fsg;
2332 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2333 return USB_GADGET_DELAYED_STATUS;
2334}
2335
2336static void fsg_disable(struct usb_function *f)
2337{
2338 struct fsg_dev *fsg = fsg_from_func(f);
2339 fsg->common->new_fsg = NULL;
2340 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2341}
2342
2343
2344
2345
2346static void handle_exception(struct fsg_common *common)
2347{
2348 siginfo_t info;
2349 int i;
2350 struct fsg_buffhd *bh;
2351 enum fsg_state old_state;
2352 struct fsg_lun *curlun;
2353 unsigned int exception_req_tag;
2354
2355
2356
2357
2358
2359 for (;;) {
2360 int sig =
2361 dequeue_signal_lock(current, ¤t->blocked, &info);
2362 if (!sig)
2363 break;
2364 if (sig != SIGUSR1) {
2365 if (common->state < FSG_STATE_EXIT)
2366 DBG(common, "Main thread exiting on signal\n");
2367 raise_exception(common, FSG_STATE_EXIT);
2368 }
2369 }
2370
2371
2372 if (likely(common->fsg)) {
2373 for (i = 0; i < fsg_num_buffers; ++i) {
2374 bh = &common->buffhds[i];
2375 if (bh->inreq_busy)
2376 usb_ep_dequeue(common->fsg->bulk_in, bh->inreq);
2377 if (bh->outreq_busy)
2378 usb_ep_dequeue(common->fsg->bulk_out,
2379 bh->outreq);
2380 }
2381
2382
2383 for (;;) {
2384 int num_active = 0;
2385 for (i = 0; i < fsg_num_buffers; ++i) {
2386 bh = &common->buffhds[i];
2387 num_active += bh->inreq_busy + bh->outreq_busy;
2388 }
2389 if (num_active == 0)
2390 break;
2391 if (sleep_thread(common))
2392 return;
2393 }
2394
2395
2396 if (common->fsg->bulk_in_enabled)
2397 usb_ep_fifo_flush(common->fsg->bulk_in);
2398 if (common->fsg->bulk_out_enabled)
2399 usb_ep_fifo_flush(common->fsg->bulk_out);
2400 }
2401
2402
2403
2404
2405
2406 spin_lock_irq(&common->lock);
2407
2408 for (i = 0; i < fsg_num_buffers; ++i) {
2409 bh = &common->buffhds[i];
2410 bh->state = BUF_STATE_EMPTY;
2411 }
2412 common->next_buffhd_to_fill = &common->buffhds[0];
2413 common->next_buffhd_to_drain = &common->buffhds[0];
2414 exception_req_tag = common->exception_req_tag;
2415 old_state = common->state;
2416
2417 if (old_state == FSG_STATE_ABORT_BULK_OUT)
2418 common->state = FSG_STATE_STATUS_PHASE;
2419 else {
2420 for (i = 0; i < common->nluns; ++i) {
2421 curlun = &common->luns[i];
2422 curlun->prevent_medium_removal = 0;
2423 curlun->sense_data = SS_NO_SENSE;
2424 curlun->unit_attention_data = SS_NO_SENSE;
2425 curlun->sense_data_info = 0;
2426 curlun->info_valid = 0;
2427 }
2428 common->state = FSG_STATE_IDLE;
2429 }
2430 spin_unlock_irq(&common->lock);
2431
2432
2433 switch (old_state) {
2434 case FSG_STATE_ABORT_BULK_OUT:
2435 send_status(common);
2436 spin_lock_irq(&common->lock);
2437 if (common->state == FSG_STATE_STATUS_PHASE)
2438 common->state = FSG_STATE_IDLE;
2439 spin_unlock_irq(&common->lock);
2440 break;
2441
2442 case FSG_STATE_RESET:
2443
2444
2445
2446
2447
2448 if (!fsg_is_set(common))
2449 break;
2450 if (test_and_clear_bit(IGNORE_BULK_OUT,
2451 &common->fsg->atomic_bitflags))
2452 usb_ep_clear_halt(common->fsg->bulk_in);
2453
2454 if (common->ep0_req_tag == exception_req_tag)
2455 ep0_queue(common);
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465 break;
2466
2467 case FSG_STATE_CONFIG_CHANGE:
2468 do_set_interface(common, common->new_fsg);
2469 if (common->new_fsg)
2470 usb_composite_setup_continue(common->cdev);
2471 break;
2472
2473 case FSG_STATE_EXIT:
2474 case FSG_STATE_TERMINATED:
2475 do_set_interface(common, NULL);
2476 spin_lock_irq(&common->lock);
2477 common->state = FSG_STATE_TERMINATED;
2478 spin_unlock_irq(&common->lock);
2479 break;
2480
2481 case FSG_STATE_INTERFACE_CHANGE:
2482 case FSG_STATE_DISCONNECT:
2483 case FSG_STATE_COMMAND_PHASE:
2484 case FSG_STATE_DATA_PHASE:
2485 case FSG_STATE_STATUS_PHASE:
2486 case FSG_STATE_IDLE:
2487 break;
2488 }
2489}
2490
2491
2492
2493
2494static int fsg_main_thread(void *common_)
2495{
2496 struct fsg_common *common = common_;
2497
2498
2499
2500
2501
2502 allow_signal(SIGINT);
2503 allow_signal(SIGTERM);
2504 allow_signal(SIGKILL);
2505 allow_signal(SIGUSR1);
2506
2507
2508 set_freezable();
2509
2510
2511
2512
2513
2514
2515 set_fs(get_ds());
2516
2517
2518 while (common->state != FSG_STATE_TERMINATED) {
2519 if (exception_in_progress(common) || signal_pending(current)) {
2520 handle_exception(common);
2521 continue;
2522 }
2523
2524 if (!common->running) {
2525 sleep_thread(common);
2526 continue;
2527 }
2528
2529 if (get_next_command(common))
2530 continue;
2531
2532 spin_lock_irq(&common->lock);
2533 if (!exception_in_progress(common))
2534 common->state = FSG_STATE_DATA_PHASE;
2535 spin_unlock_irq(&common->lock);
2536
2537 if (do_scsi_command(common) || finish_reply(common))
2538 continue;
2539
2540 spin_lock_irq(&common->lock);
2541 if (!exception_in_progress(common))
2542 common->state = FSG_STATE_STATUS_PHASE;
2543 spin_unlock_irq(&common->lock);
2544
2545 if (send_status(common))
2546 continue;
2547
2548 spin_lock_irq(&common->lock);
2549 if (!exception_in_progress(common))
2550 common->state = FSG_STATE_IDLE;
2551 spin_unlock_irq(&common->lock);
2552 }
2553
2554 spin_lock_irq(&common->lock);
2555 common->thread_task = NULL;
2556 spin_unlock_irq(&common->lock);
2557
2558 if (!common->ops || !common->ops->thread_exits
2559 || common->ops->thread_exits(common) < 0) {
2560 struct fsg_lun *curlun = common->luns;
2561 unsigned i = common->nluns;
2562
2563 down_write(&common->filesem);
2564 for (; i--; ++curlun) {
2565 if (!fsg_lun_is_open(curlun))
2566 continue;
2567
2568 fsg_lun_close(curlun);
2569 curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT;
2570 }
2571 up_write(&common->filesem);
2572 }
2573
2574
2575 complete_and_exit(&common->thread_notifier, 0);
2576}
2577
2578
2579
2580
2581static DEVICE_ATTR(ro, 0644, fsg_show_ro, fsg_store_ro);
2582static DEVICE_ATTR(nofua, 0644, fsg_show_nofua, fsg_store_nofua);
2583static DEVICE_ATTR(file, 0644, fsg_show_file, fsg_store_file);
2584
2585static struct device_attribute dev_attr_ro_cdrom =
2586 __ATTR(ro, 0444, fsg_show_ro, NULL);
2587static struct device_attribute dev_attr_file_nonremovable =
2588 __ATTR(file, 0444, fsg_show_file, NULL);
2589
2590
2591
2592
2593static void fsg_common_release(struct kref *ref);
2594
2595static void fsg_lun_release(struct device *dev)
2596{
2597
2598}
2599
2600static inline void fsg_common_get(struct fsg_common *common)
2601{
2602 kref_get(&common->ref);
2603}
2604
2605static inline void fsg_common_put(struct fsg_common *common)
2606{
2607 kref_put(&common->ref, fsg_common_release);
2608}
2609
2610static struct fsg_common *fsg_common_init(struct fsg_common *common,
2611 struct usb_composite_dev *cdev,
2612 struct fsg_config *cfg)
2613{
2614 struct usb_gadget *gadget = cdev->gadget;
2615 struct fsg_buffhd *bh;
2616 struct fsg_lun *curlun;
2617 struct fsg_lun_config *lcfg;
2618 int nluns, i, rc;
2619 char *pathbuf;
2620
2621 rc = fsg_num_buffers_validate();
2622 if (rc != 0)
2623 return ERR_PTR(rc);
2624
2625
2626 nluns = cfg->nluns;
2627 if (nluns < 1 || nluns > FSG_MAX_LUNS) {
2628 dev_err(&gadget->dev, "invalid number of LUNs: %u\n", nluns);
2629 return ERR_PTR(-EINVAL);
2630 }
2631
2632
2633 if (!common) {
2634 common = kzalloc(sizeof *common, GFP_KERNEL);
2635 if (!common)
2636 return ERR_PTR(-ENOMEM);
2637 common->free_storage_on_release = 1;
2638 } else {
2639 memset(common, 0, sizeof *common);
2640 common->free_storage_on_release = 0;
2641 }
2642
2643 common->buffhds = kcalloc(fsg_num_buffers,
2644 sizeof *(common->buffhds), GFP_KERNEL);
2645 if (!common->buffhds) {
2646 if (common->free_storage_on_release)
2647 kfree(common);
2648 return ERR_PTR(-ENOMEM);
2649 }
2650
2651 common->ops = cfg->ops;
2652 common->private_data = cfg->private_data;
2653
2654 common->gadget = gadget;
2655 common->ep0 = gadget->ep0;
2656 common->ep0req = cdev->req;
2657 common->cdev = cdev;
2658
2659
2660 if (fsg_strings[FSG_STRING_INTERFACE].id == 0) {
2661 rc = usb_string_id(cdev);
2662 if (unlikely(rc < 0))
2663 goto error_release;
2664 fsg_strings[FSG_STRING_INTERFACE].id = rc;
2665 fsg_intf_desc.iInterface = rc;
2666 }
2667
2668
2669
2670
2671
2672 curlun = kcalloc(nluns, sizeof(*curlun), GFP_KERNEL);
2673 if (unlikely(!curlun)) {
2674 rc = -ENOMEM;
2675 goto error_release;
2676 }
2677 common->luns = curlun;
2678
2679 init_rwsem(&common->filesem);
2680
2681 for (i = 0, lcfg = cfg->luns; i < nluns; ++i, ++curlun, ++lcfg) {
2682 curlun->cdrom = !!lcfg->cdrom;
2683 curlun->ro = lcfg->cdrom || lcfg->ro;
2684 curlun->initially_ro = curlun->ro;
2685 curlun->removable = lcfg->removable;
2686 curlun->dev.release = fsg_lun_release;
2687 curlun->dev.parent = &gadget->dev;
2688
2689 dev_set_drvdata(&curlun->dev, &common->filesem);
2690 dev_set_name(&curlun->dev, "lun%d", i);
2691
2692 rc = device_register(&curlun->dev);
2693 if (rc) {
2694 INFO(common, "failed to register LUN%d: %d\n", i, rc);
2695 common->nluns = i;
2696 put_device(&curlun->dev);
2697 goto error_release;
2698 }
2699
2700 rc = device_create_file(&curlun->dev,
2701 curlun->cdrom
2702 ? &dev_attr_ro_cdrom
2703 : &dev_attr_ro);
2704 if (rc)
2705 goto error_luns;
2706 rc = device_create_file(&curlun->dev,
2707 curlun->removable
2708 ? &dev_attr_file
2709 : &dev_attr_file_nonremovable);
2710 if (rc)
2711 goto error_luns;
2712 rc = device_create_file(&curlun->dev, &dev_attr_nofua);
2713 if (rc)
2714 goto error_luns;
2715
2716 if (lcfg->filename) {
2717 rc = fsg_lun_open(curlun, lcfg->filename);
2718 if (rc)
2719 goto error_luns;
2720 } else if (!curlun->removable) {
2721 ERROR(common, "no file given for LUN%d\n", i);
2722 rc = -EINVAL;
2723 goto error_luns;
2724 }
2725 }
2726 common->nluns = nluns;
2727
2728
2729 bh = common->buffhds;
2730 i = fsg_num_buffers;
2731 goto buffhds_first_it;
2732 do {
2733 bh->next = bh + 1;
2734 ++bh;
2735buffhds_first_it:
2736 bh->buf = kmalloc(FSG_BUFLEN, GFP_KERNEL);
2737 if (unlikely(!bh->buf)) {
2738 rc = -ENOMEM;
2739 goto error_release;
2740 }
2741 } while (--i);
2742 bh->next = common->buffhds;
2743
2744
2745 i = get_default_bcdDevice();
2746 snprintf(common->inquiry_string, sizeof common->inquiry_string,
2747 "%-8s%-16s%04x", cfg->vendor_name ?: "Linux",
2748
2749 cfg->product_name ?: (common->luns->cdrom
2750 ? "File-Stor Gadget"
2751 : "File-CD Gadget"),
2752 i);
2753
2754
2755
2756
2757
2758
2759 common->can_stall = cfg->can_stall &&
2760 !(gadget_is_at91(common->gadget));
2761
2762 spin_lock_init(&common->lock);
2763 kref_init(&common->ref);
2764
2765
2766 common->thread_task =
2767 kthread_create(fsg_main_thread, common, "file-storage");
2768 if (IS_ERR(common->thread_task)) {
2769 rc = PTR_ERR(common->thread_task);
2770 goto error_release;
2771 }
2772 init_completion(&common->thread_notifier);
2773 init_waitqueue_head(&common->fsg_wait);
2774
2775
2776 INFO(common, FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n");
2777 INFO(common, "Number of LUNs=%d\n", common->nluns);
2778
2779 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
2780 for (i = 0, nluns = common->nluns, curlun = common->luns;
2781 i < nluns;
2782 ++curlun, ++i) {
2783 char *p = "(no medium)";
2784 if (fsg_lun_is_open(curlun)) {
2785 p = "(error)";
2786 if (pathbuf) {
2787 p = d_path(&curlun->filp->f_path,
2788 pathbuf, PATH_MAX);
2789 if (IS_ERR(p))
2790 p = "(error)";
2791 }
2792 }
2793 LINFO(curlun, "LUN: %s%s%sfile: %s\n",
2794 curlun->removable ? "removable " : "",
2795 curlun->ro ? "read only " : "",
2796 curlun->cdrom ? "CD-ROM " : "",
2797 p);
2798 }
2799 kfree(pathbuf);
2800
2801 DBG(common, "I/O thread pid: %d\n", task_pid_nr(common->thread_task));
2802
2803 wake_up_process(common->thread_task);
2804
2805 return common;
2806
2807error_luns:
2808 common->nluns = i + 1;
2809error_release:
2810 common->state = FSG_STATE_TERMINATED;
2811
2812 fsg_common_release(&common->ref);
2813 return ERR_PTR(rc);
2814}
2815
2816static void fsg_common_release(struct kref *ref)
2817{
2818 struct fsg_common *common = container_of(ref, struct fsg_common, ref);
2819
2820
2821 if (common->state != FSG_STATE_TERMINATED) {
2822 raise_exception(common, FSG_STATE_EXIT);
2823 wait_for_completion(&common->thread_notifier);
2824 }
2825
2826 if (likely(common->luns)) {
2827 struct fsg_lun *lun = common->luns;
2828 unsigned i = common->nluns;
2829
2830
2831 for (; i; --i, ++lun) {
2832 device_remove_file(&lun->dev, &dev_attr_nofua);
2833 device_remove_file(&lun->dev,
2834 lun->cdrom
2835 ? &dev_attr_ro_cdrom
2836 : &dev_attr_ro);
2837 device_remove_file(&lun->dev,
2838 lun->removable
2839 ? &dev_attr_file
2840 : &dev_attr_file_nonremovable);
2841 fsg_lun_close(lun);
2842 device_unregister(&lun->dev);
2843 }
2844
2845 kfree(common->luns);
2846 }
2847
2848 {
2849 struct fsg_buffhd *bh = common->buffhds;
2850 unsigned i = fsg_num_buffers;
2851 do {
2852 kfree(bh->buf);
2853 } while (++bh, --i);
2854 }
2855
2856 kfree(common->buffhds);
2857 if (common->free_storage_on_release)
2858 kfree(common);
2859}
2860
2861
2862
2863
2864static void fsg_unbind(struct usb_configuration *c, struct usb_function *f)
2865{
2866 struct fsg_dev *fsg = fsg_from_func(f);
2867 struct fsg_common *common = fsg->common;
2868
2869 DBG(fsg, "unbind\n");
2870 if (fsg->common->fsg == fsg) {
2871 fsg->common->new_fsg = NULL;
2872 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2873
2874 wait_event(common->fsg_wait, common->fsg != fsg);
2875 }
2876
2877 fsg_common_put(common);
2878 usb_free_all_descriptors(&fsg->function);
2879 kfree(fsg);
2880}
2881
2882static int fsg_bind(struct usb_configuration *c, struct usb_function *f)
2883{
2884 struct fsg_dev *fsg = fsg_from_func(f);
2885 struct usb_gadget *gadget = c->cdev->gadget;
2886 int i;
2887 struct usb_ep *ep;
2888 unsigned max_burst;
2889 int ret;
2890
2891 fsg->gadget = gadget;
2892
2893
2894 i = usb_interface_id(c, f);
2895 if (i < 0)
2896 return i;
2897 fsg_intf_desc.bInterfaceNumber = i;
2898 fsg->interface_number = i;
2899
2900
2901 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc);
2902 if (!ep)
2903 goto autoconf_fail;
2904 ep->driver_data = fsg->common;
2905 fsg->bulk_in = ep;
2906
2907 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc);
2908 if (!ep)
2909 goto autoconf_fail;
2910 ep->driver_data = fsg->common;
2911 fsg->bulk_out = ep;
2912
2913
2914 fsg_hs_bulk_in_desc.bEndpointAddress =
2915 fsg_fs_bulk_in_desc.bEndpointAddress;
2916 fsg_hs_bulk_out_desc.bEndpointAddress =
2917 fsg_fs_bulk_out_desc.bEndpointAddress;
2918
2919
2920 max_burst = min_t(unsigned, FSG_BUFLEN / 1024, 15);
2921
2922 fsg_ss_bulk_in_desc.bEndpointAddress =
2923 fsg_fs_bulk_in_desc.bEndpointAddress;
2924 fsg_ss_bulk_in_comp_desc.bMaxBurst = max_burst;
2925
2926 fsg_ss_bulk_out_desc.bEndpointAddress =
2927 fsg_fs_bulk_out_desc.bEndpointAddress;
2928 fsg_ss_bulk_out_comp_desc.bMaxBurst = max_burst;
2929
2930 ret = usb_assign_descriptors(f, fsg_fs_function, fsg_hs_function,
2931 fsg_ss_function);
2932 if (ret)
2933 goto autoconf_fail;
2934
2935 return 0;
2936
2937autoconf_fail:
2938 ERROR(fsg, "unable to autoconfigure all endpoints\n");
2939 return -ENOTSUPP;
2940}
2941
2942
2943
2944static struct usb_gadget_strings *fsg_strings_array[] = {
2945 &fsg_stringtab,
2946 NULL,
2947};
2948
2949static int fsg_bind_config(struct usb_composite_dev *cdev,
2950 struct usb_configuration *c,
2951 struct fsg_common *common)
2952{
2953 struct fsg_dev *fsg;
2954 int rc;
2955
2956 fsg = kzalloc(sizeof *fsg, GFP_KERNEL);
2957 if (unlikely(!fsg))
2958 return -ENOMEM;
2959
2960 fsg->function.name = FSG_DRIVER_DESC;
2961 fsg->function.strings = fsg_strings_array;
2962 fsg->function.bind = fsg_bind;
2963 fsg->function.unbind = fsg_unbind;
2964 fsg->function.setup = fsg_setup;
2965 fsg->function.set_alt = fsg_set_alt;
2966 fsg->function.disable = fsg_disable;
2967
2968 fsg->common = common;
2969
2970
2971
2972
2973
2974
2975
2976
2977 rc = usb_add_function(c, &fsg->function);
2978 if (unlikely(rc))
2979 kfree(fsg);
2980 else
2981 fsg_common_get(fsg->common);
2982 return rc;
2983}
2984
2985
2986
2987
2988struct fsg_module_parameters {
2989 char *file[FSG_MAX_LUNS];
2990 bool ro[FSG_MAX_LUNS];
2991 bool removable[FSG_MAX_LUNS];
2992 bool cdrom[FSG_MAX_LUNS];
2993 bool nofua[FSG_MAX_LUNS];
2994
2995 unsigned int file_count, ro_count, removable_count, cdrom_count;
2996 unsigned int nofua_count;
2997 unsigned int luns;
2998 bool stall;
2999};
3000
3001#define _FSG_MODULE_PARAM_ARRAY(prefix, params, name, type, desc) \
3002 module_param_array_named(prefix ## name, params.name, type, \
3003 &prefix ## params.name ## _count, \
3004 S_IRUGO); \
3005 MODULE_PARM_DESC(prefix ## name, desc)
3006
3007#define _FSG_MODULE_PARAM(prefix, params, name, type, desc) \
3008 module_param_named(prefix ## name, params.name, type, \
3009 S_IRUGO); \
3010 MODULE_PARM_DESC(prefix ## name, desc)
3011
3012#define FSG_MODULE_PARAMETERS(prefix, params) \
3013 _FSG_MODULE_PARAM_ARRAY(prefix, params, file, charp, \
3014 "names of backing files or devices"); \
3015 _FSG_MODULE_PARAM_ARRAY(prefix, params, ro, bool, \
3016 "true to force read-only"); \
3017 _FSG_MODULE_PARAM_ARRAY(prefix, params, removable, bool, \
3018 "true to simulate removable media"); \
3019 _FSG_MODULE_PARAM_ARRAY(prefix, params, cdrom, bool, \
3020 "true to simulate CD-ROM instead of disk"); \
3021 _FSG_MODULE_PARAM_ARRAY(prefix, params, nofua, bool, \
3022 "true to ignore SCSI WRITE(10,12) FUA bit"); \
3023 _FSG_MODULE_PARAM(prefix, params, luns, uint, \
3024 "number of LUNs"); \
3025 _FSG_MODULE_PARAM(prefix, params, stall, bool, \
3026 "false to prevent bulk stalls")
3027
3028static void
3029fsg_config_from_params(struct fsg_config *cfg,
3030 const struct fsg_module_parameters *params)
3031{
3032 struct fsg_lun_config *lun;
3033 unsigned i;
3034
3035
3036 cfg->nluns =
3037 min(params->luns ?: (params->file_count ?: 1u),
3038 (unsigned)FSG_MAX_LUNS);
3039 for (i = 0, lun = cfg->luns; i < cfg->nluns; ++i, ++lun) {
3040 lun->ro = !!params->ro[i];
3041 lun->cdrom = !!params->cdrom[i];
3042 lun->removable = !!params->removable[i];
3043 lun->filename =
3044 params->file_count > i && params->file[i][0]
3045 ? params->file[i]
3046 : 0;
3047 }
3048
3049
3050 cfg->vendor_name = 0;
3051 cfg->product_name = 0;
3052
3053 cfg->ops = NULL;
3054 cfg->private_data = NULL;
3055
3056
3057 cfg->can_stall = params->stall;
3058}
3059
3060static inline struct fsg_common *
3061fsg_common_from_params(struct fsg_common *common,
3062 struct usb_composite_dev *cdev,
3063 const struct fsg_module_parameters *params)
3064 __attribute__((unused));
3065static inline struct fsg_common *
3066fsg_common_from_params(struct fsg_common *common,
3067 struct usb_composite_dev *cdev,
3068 const struct fsg_module_parameters *params)
3069{
3070 struct fsg_config cfg;
3071 fsg_config_from_params(&cfg, params);
3072 return fsg_common_init(common, cdev, &cfg);
3073}
3074
