1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/blkdev.h>
18#include <linux/pagemap.h>
19#include <linux/export.h>
20#include <linux/hid.h>
21#include <linux/mm.h>
22#include <linux/module.h>
23#include <linux/scatterlist.h>
24#include <linux/sched/signal.h>
25#include <linux/uio.h>
26#include <linux/vmalloc.h>
27#include <asm/unaligned.h>
28
29#include <linux/usb/ccid.h>
30#include <linux/usb/composite.h>
31#include <linux/usb/functionfs.h>
32
33#include <linux/aio.h>
34#include <linux/kthread.h>
35#include <linux/poll.h>
36#include <linux/eventfd.h>
37
38#include "u_fs.h"
39#include "u_f.h"
40#include "u_os_desc.h"
41#include "configfs.h"
42
43#define FUNCTIONFS_MAGIC 0xa647361
44
45
46static void ffs_data_get(struct ffs_data *ffs);
47static void ffs_data_put(struct ffs_data *ffs);
48
49static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
50 __attribute__((malloc));
51
52
53static void ffs_data_opened(struct ffs_data *ffs);
54static void ffs_data_closed(struct ffs_data *ffs);
55
56
57static int __must_check
58__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
59static int __must_check
60__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
61
62
63
64
65struct ffs_ep;
66
67struct ffs_function {
68 struct usb_configuration *conf;
69 struct usb_gadget *gadget;
70 struct ffs_data *ffs;
71
72 struct ffs_ep *eps;
73 u8 eps_revmap[16];
74 short *interfaces_nums;
75
76 struct usb_function function;
77};
78
79
80static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
81{
82 return container_of(f, struct ffs_function, function);
83}
84
85
86static inline enum ffs_setup_state
87ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
88{
89 return (enum ffs_setup_state)
90 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
91}
92
93
94static void ffs_func_eps_disable(struct ffs_function *func);
95static int __must_check ffs_func_eps_enable(struct ffs_function *func);
96
97static int ffs_func_bind(struct usb_configuration *,
98 struct usb_function *);
99static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
100static void ffs_func_disable(struct usb_function *);
101static int ffs_func_setup(struct usb_function *,
102 const struct usb_ctrlrequest *);
103static bool ffs_func_req_match(struct usb_function *,
104 const struct usb_ctrlrequest *,
105 bool config0);
106static void ffs_func_suspend(struct usb_function *);
107static void ffs_func_resume(struct usb_function *);
108
109
110static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
111static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
112
113
114
115
116struct ffs_ep {
117 struct usb_ep *ep;
118 struct usb_request *req;
119
120
121 struct usb_endpoint_descriptor *descs[3];
122
123 u8 num;
124
125 int status;
126};
127
128struct ffs_epfile {
129
130 struct mutex mutex;
131
132 struct ffs_data *ffs;
133 struct ffs_ep *ep;
134
135 struct dentry *dentry;
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192 struct ffs_buffer *read_buffer;
193#define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
194
195 char name[5];
196
197 unsigned char in;
198 unsigned char isoc;
199
200 unsigned char _pad;
201};
202
203struct ffs_buffer {
204 size_t length;
205 char *data;
206 char storage[];
207};
208
209
210
211struct ffs_io_data {
212 bool aio;
213 bool read;
214
215 struct kiocb *kiocb;
216 struct iov_iter data;
217 const void *to_free;
218 char *buf;
219
220 struct mm_struct *mm;
221 struct work_struct work;
222
223 struct usb_ep *ep;
224 struct usb_request *req;
225 struct sg_table sgt;
226 bool use_sg;
227
228 struct ffs_data *ffs;
229};
230
231struct ffs_desc_helper {
232 struct ffs_data *ffs;
233 unsigned interfaces_count;
234 unsigned eps_count;
235};
236
237static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
238static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
239
240static struct dentry *
241ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
242 const struct file_operations *fops);
243
244
245
246DEFINE_MUTEX(ffs_lock);
247EXPORT_SYMBOL_GPL(ffs_lock);
248
249static struct ffs_dev *_ffs_find_dev(const char *name);
250static struct ffs_dev *_ffs_alloc_dev(void);
251static void _ffs_free_dev(struct ffs_dev *dev);
252static void *ffs_acquire_dev(const char *dev_name);
253static void ffs_release_dev(struct ffs_data *ffs_data);
254static int ffs_ready(struct ffs_data *ffs);
255static void ffs_closed(struct ffs_data *ffs);
256
257
258
259static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
260 __attribute__((warn_unused_result, nonnull));
261static char *ffs_prepare_buffer(const char __user *buf, size_t len)
262 __attribute__((warn_unused_result, nonnull));
263
264
265
266
267static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
268{
269 struct ffs_data *ffs = req->context;
270
271 complete(&ffs->ep0req_completion);
272}
273
274static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
275 __releases(&ffs->ev.waitq.lock)
276{
277 struct usb_request *req = ffs->ep0req;
278 int ret;
279
280 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
281
282 spin_unlock_irq(&ffs->ev.waitq.lock);
283
284 req->buf = data;
285 req->length = len;
286
287
288
289
290
291
292 if (req->buf == NULL)
293 req->buf = (void *)0xDEADBABE;
294
295 reinit_completion(&ffs->ep0req_completion);
296
297 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
298 if (unlikely(ret < 0))
299 return ret;
300
301 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
302 if (unlikely(ret)) {
303 usb_ep_dequeue(ffs->gadget->ep0, req);
304 return -EINTR;
305 }
306
307 ffs->setup_state = FFS_NO_SETUP;
308 return req->status ? req->status : req->actual;
309}
310
311static int __ffs_ep0_stall(struct ffs_data *ffs)
312{
313 if (ffs->ev.can_stall) {
314 pr_vdebug("ep0 stall\n");
315 usb_ep_set_halt(ffs->gadget->ep0);
316 ffs->setup_state = FFS_NO_SETUP;
317 return -EL2HLT;
318 } else {
319 pr_debug("bogus ep0 stall!\n");
320 return -ESRCH;
321 }
322}
323
324static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
325 size_t len, loff_t *ptr)
326{
327 struct ffs_data *ffs = file->private_data;
328 ssize_t ret;
329 char *data;
330
331 ENTER();
332
333
334 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
335 return -EIDRM;
336
337
338 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
339 if (unlikely(ret < 0))
340 return ret;
341
342
343 switch (ffs->state) {
344 case FFS_READ_DESCRIPTORS:
345 case FFS_READ_STRINGS:
346
347 if (unlikely(len < 16)) {
348 ret = -EINVAL;
349 break;
350 }
351
352 data = ffs_prepare_buffer(buf, len);
353 if (IS_ERR(data)) {
354 ret = PTR_ERR(data);
355 break;
356 }
357
358
359 if (ffs->state == FFS_READ_DESCRIPTORS) {
360 pr_info("read descriptors\n");
361 ret = __ffs_data_got_descs(ffs, data, len);
362 if (unlikely(ret < 0))
363 break;
364
365 ffs->state = FFS_READ_STRINGS;
366 ret = len;
367 } else {
368 pr_info("read strings\n");
369 ret = __ffs_data_got_strings(ffs, data, len);
370 if (unlikely(ret < 0))
371 break;
372
373 ret = ffs_epfiles_create(ffs);
374 if (unlikely(ret)) {
375 ffs->state = FFS_CLOSING;
376 break;
377 }
378
379 ffs->state = FFS_ACTIVE;
380 mutex_unlock(&ffs->mutex);
381
382 ret = ffs_ready(ffs);
383 if (unlikely(ret < 0)) {
384 ffs->state = FFS_CLOSING;
385 return ret;
386 }
387
388 return len;
389 }
390 break;
391
392 case FFS_ACTIVE:
393 data = NULL;
394
395
396
397
398 spin_lock_irq(&ffs->ev.waitq.lock);
399 switch (ffs_setup_state_clear_cancelled(ffs)) {
400 case FFS_SETUP_CANCELLED:
401 ret = -EIDRM;
402 goto done_spin;
403
404 case FFS_NO_SETUP:
405 ret = -ESRCH;
406 goto done_spin;
407
408 case FFS_SETUP_PENDING:
409 break;
410 }
411
412
413 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
414 spin_unlock_irq(&ffs->ev.waitq.lock);
415 ret = __ffs_ep0_stall(ffs);
416 break;
417 }
418
419
420 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
421
422 spin_unlock_irq(&ffs->ev.waitq.lock);
423
424 data = ffs_prepare_buffer(buf, len);
425 if (IS_ERR(data)) {
426 ret = PTR_ERR(data);
427 break;
428 }
429
430 spin_lock_irq(&ffs->ev.waitq.lock);
431
432
433
434
435
436
437
438
439
440
441
442
443
444 if (ffs_setup_state_clear_cancelled(ffs) ==
445 FFS_SETUP_CANCELLED) {
446 ret = -EIDRM;
447done_spin:
448 spin_unlock_irq(&ffs->ev.waitq.lock);
449 } else {
450
451 ret = __ffs_ep0_queue_wait(ffs, data, len);
452 }
453 kfree(data);
454 break;
455
456 default:
457 ret = -EBADFD;
458 break;
459 }
460
461 mutex_unlock(&ffs->mutex);
462 return ret;
463}
464
465
466static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
467 size_t n)
468 __releases(&ffs->ev.waitq.lock)
469{
470
471
472
473
474
475 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
476 const size_t size = n * sizeof *events;
477 unsigned i = 0;
478
479 memset(events, 0, size);
480
481 do {
482 events[i].type = ffs->ev.types[i];
483 if (events[i].type == FUNCTIONFS_SETUP) {
484 events[i].u.setup = ffs->ev.setup;
485 ffs->setup_state = FFS_SETUP_PENDING;
486 }
487 } while (++i < n);
488
489 ffs->ev.count -= n;
490 if (ffs->ev.count)
491 memmove(ffs->ev.types, ffs->ev.types + n,
492 ffs->ev.count * sizeof *ffs->ev.types);
493
494 spin_unlock_irq(&ffs->ev.waitq.lock);
495 mutex_unlock(&ffs->mutex);
496
497 return unlikely(copy_to_user(buf, events, size)) ? -EFAULT : size;
498}
499
500static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
501 size_t len, loff_t *ptr)
502{
503 struct ffs_data *ffs = file->private_data;
504 char *data = NULL;
505 size_t n;
506 int ret;
507
508 ENTER();
509
510
511 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
512 return -EIDRM;
513
514
515 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
516 if (unlikely(ret < 0))
517 return ret;
518
519
520 if (ffs->state != FFS_ACTIVE) {
521 ret = -EBADFD;
522 goto done_mutex;
523 }
524
525
526
527
528
529 spin_lock_irq(&ffs->ev.waitq.lock);
530
531 switch (ffs_setup_state_clear_cancelled(ffs)) {
532 case FFS_SETUP_CANCELLED:
533 ret = -EIDRM;
534 break;
535
536 case FFS_NO_SETUP:
537 n = len / sizeof(struct usb_functionfs_event);
538 if (unlikely(!n)) {
539 ret = -EINVAL;
540 break;
541 }
542
543 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
544 ret = -EAGAIN;
545 break;
546 }
547
548 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
549 ffs->ev.count)) {
550 ret = -EINTR;
551 break;
552 }
553
554
555 return __ffs_ep0_read_events(ffs, buf,
556 min(n, (size_t)ffs->ev.count));
557
558 case FFS_SETUP_PENDING:
559 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
560 spin_unlock_irq(&ffs->ev.waitq.lock);
561 ret = __ffs_ep0_stall(ffs);
562 goto done_mutex;
563 }
564
565 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
566
567 spin_unlock_irq(&ffs->ev.waitq.lock);
568
569 if (likely(len)) {
570 data = kmalloc(len, GFP_KERNEL);
571 if (unlikely(!data)) {
572 ret = -ENOMEM;
573 goto done_mutex;
574 }
575 }
576
577 spin_lock_irq(&ffs->ev.waitq.lock);
578
579
580 if (ffs_setup_state_clear_cancelled(ffs) ==
581 FFS_SETUP_CANCELLED) {
582 ret = -EIDRM;
583 break;
584 }
585
586
587 ret = __ffs_ep0_queue_wait(ffs, data, len);
588 if (likely(ret > 0) && unlikely(copy_to_user(buf, data, len)))
589 ret = -EFAULT;
590 goto done_mutex;
591
592 default:
593 ret = -EBADFD;
594 break;
595 }
596
597 spin_unlock_irq(&ffs->ev.waitq.lock);
598done_mutex:
599 mutex_unlock(&ffs->mutex);
600 kfree(data);
601 return ret;
602}
603
604static int ffs_ep0_open(struct inode *inode, struct file *file)
605{
606 struct ffs_data *ffs = inode->i_private;
607
608 ENTER();
609
610 if (unlikely(ffs->state == FFS_CLOSING))
611 return -EBUSY;
612
613 file->private_data = ffs;
614 ffs_data_opened(ffs);
615
616 return 0;
617}
618
619static int ffs_ep0_release(struct inode *inode, struct file *file)
620{
621 struct ffs_data *ffs = file->private_data;
622
623 ENTER();
624
625 ffs_data_closed(ffs);
626
627 return 0;
628}
629
630static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
631{
632 struct ffs_data *ffs = file->private_data;
633 struct usb_gadget *gadget = ffs->gadget;
634 long ret;
635
636 ENTER();
637
638 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
639 struct ffs_function *func = ffs->func;
640 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
641 } else if (gadget && gadget->ops->ioctl) {
642 ret = gadget->ops->ioctl(gadget, code, value);
643 } else {
644 ret = -ENOTTY;
645 }
646
647 return ret;
648}
649
650static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
651{
652 struct ffs_data *ffs = file->private_data;
653 __poll_t mask = EPOLLWRNORM;
654 int ret;
655
656 poll_wait(file, &ffs->ev.waitq, wait);
657
658 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
659 if (unlikely(ret < 0))
660 return mask;
661
662 switch (ffs->state) {
663 case FFS_READ_DESCRIPTORS:
664 case FFS_READ_STRINGS:
665 mask |= EPOLLOUT;
666 break;
667
668 case FFS_ACTIVE:
669 switch (ffs->setup_state) {
670 case FFS_NO_SETUP:
671 if (ffs->ev.count)
672 mask |= EPOLLIN;
673 break;
674
675 case FFS_SETUP_PENDING:
676 case FFS_SETUP_CANCELLED:
677 mask |= (EPOLLIN | EPOLLOUT);
678 break;
679 }
680 case FFS_CLOSING:
681 break;
682 case FFS_DEACTIVATED:
683 break;
684 }
685
686 mutex_unlock(&ffs->mutex);
687
688 return mask;
689}
690
691static const struct file_operations ffs_ep0_operations = {
692 .llseek = no_llseek,
693
694 .open = ffs_ep0_open,
695 .write = ffs_ep0_write,
696 .read = ffs_ep0_read,
697 .release = ffs_ep0_release,
698 .unlocked_ioctl = ffs_ep0_ioctl,
699 .poll = ffs_ep0_poll,
700};
701
702
703
704
705static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
706{
707 ENTER();
708 if (likely(req->context)) {
709 struct ffs_ep *ep = _ep->driver_data;
710 ep->status = req->status ? req->status : req->actual;
711 complete(req->context);
712 }
713}
714
715static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
716{
717 ssize_t ret = copy_to_iter(data, data_len, iter);
718 if (likely(ret == data_len))
719 return ret;
720
721 if (unlikely(iov_iter_count(iter)))
722 return -EFAULT;
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
752 "Align read buffer size to max packet size to avoid the problem.\n",
753 data_len, ret);
754
755 return ret;
756}
757
758
759
760
761
762
763static void *ffs_build_sg_list(struct sg_table *sgt, size_t sz)
764{
765 struct page **pages;
766 void *vaddr, *ptr;
767 unsigned int n_pages;
768 int i;
769
770 vaddr = vmalloc(sz);
771 if (!vaddr)
772 return NULL;
773
774 n_pages = PAGE_ALIGN(sz) >> PAGE_SHIFT;
775 pages = kvmalloc_array(n_pages, sizeof(struct page *), GFP_KERNEL);
776 if (!pages) {
777 vfree(vaddr);
778
779 return NULL;
780 }
781 for (i = 0, ptr = vaddr; i < n_pages; ++i, ptr += PAGE_SIZE)
782 pages[i] = vmalloc_to_page(ptr);
783
784 if (sg_alloc_table_from_pages(sgt, pages, n_pages, 0, sz, GFP_KERNEL)) {
785 kvfree(pages);
786 vfree(vaddr);
787
788 return NULL;
789 }
790 kvfree(pages);
791
792 return vaddr;
793}
794
795static inline void *ffs_alloc_buffer(struct ffs_io_data *io_data,
796 size_t data_len)
797{
798 if (io_data->use_sg)
799 return ffs_build_sg_list(&io_data->sgt, data_len);
800
801 return kmalloc(data_len, GFP_KERNEL);
802}
803
804static inline void ffs_free_buffer(struct ffs_io_data *io_data)
805{
806 if (!io_data->buf)
807 return;
808
809 if (io_data->use_sg) {
810 sg_free_table(&io_data->sgt);
811 vfree(io_data->buf);
812 } else {
813 kfree(io_data->buf);
814 }
815}
816
817static void ffs_user_copy_worker(struct work_struct *work)
818{
819 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
820 work);
821 int ret = io_data->req->status ? io_data->req->status :
822 io_data->req->actual;
823 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
824
825 if (io_data->read && ret > 0) {
826 kthread_use_mm(io_data->mm);
827 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
828 kthread_unuse_mm(io_data->mm);
829 }
830
831 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
832
833 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
834 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
835
836 usb_ep_free_request(io_data->ep, io_data->req);
837
838 if (io_data->read)
839 kfree(io_data->to_free);
840 ffs_free_buffer(io_data);
841 kfree(io_data);
842}
843
844static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
845 struct usb_request *req)
846{
847 struct ffs_io_data *io_data = req->context;
848 struct ffs_data *ffs = io_data->ffs;
849
850 ENTER();
851
852 INIT_WORK(&io_data->work, ffs_user_copy_worker);
853 queue_work(ffs->io_completion_wq, &io_data->work);
854}
855
856static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
857{
858
859
860
861
862 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
863 if (buf && buf != READ_BUFFER_DROP)
864 kfree(buf);
865}
866
867
868static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
869 struct iov_iter *iter)
870{
871
872
873
874
875
876 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
877 ssize_t ret;
878 if (!buf || buf == READ_BUFFER_DROP)
879 return 0;
880
881 ret = copy_to_iter(buf->data, buf->length, iter);
882 if (buf->length == ret) {
883 kfree(buf);
884 return ret;
885 }
886
887 if (unlikely(iov_iter_count(iter))) {
888 ret = -EFAULT;
889 } else {
890 buf->length -= ret;
891 buf->data += ret;
892 }
893
894 if (cmpxchg(&epfile->read_buffer, NULL, buf))
895 kfree(buf);
896
897 return ret;
898}
899
900
901static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
902 void *data, int data_len,
903 struct iov_iter *iter)
904{
905 struct ffs_buffer *buf;
906
907 ssize_t ret = copy_to_iter(data, data_len, iter);
908 if (likely(data_len == ret))
909 return ret;
910
911 if (unlikely(iov_iter_count(iter)))
912 return -EFAULT;
913
914
915 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
916 data_len, ret);
917
918 data_len -= ret;
919 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
920 if (!buf)
921 return -ENOMEM;
922 buf->length = data_len;
923 buf->data = buf->storage;
924 memcpy(buf->storage, data + ret, data_len);
925
926
927
928
929
930
931
932 if (unlikely(cmpxchg(&epfile->read_buffer, NULL, buf)))
933 kfree(buf);
934
935 return ret;
936}
937
938static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
939{
940 struct ffs_epfile *epfile = file->private_data;
941 struct usb_request *req;
942 struct ffs_ep *ep;
943 char *data = NULL;
944 ssize_t ret, data_len = -EINVAL;
945 int halt;
946
947
948 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
949 return -ENODEV;
950
951
952 ep = epfile->ep;
953 if (!ep) {
954 if (file->f_flags & O_NONBLOCK)
955 return -EAGAIN;
956
957 ret = wait_event_interruptible(
958 epfile->ffs->wait, (ep = epfile->ep));
959 if (ret)
960 return -EINTR;
961 }
962
963
964 halt = (!io_data->read == !epfile->in);
965 if (halt && epfile->isoc)
966 return -EINVAL;
967
968
969 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
970 if (unlikely(ret))
971 goto error;
972
973
974 if (!halt) {
975 struct usb_gadget *gadget;
976
977
978
979
980
981
982
983
984 if (!io_data->aio && io_data->read) {
985 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
986 if (ret)
987 goto error_mutex;
988 }
989
990
991
992
993
994
995 gadget = epfile->ffs->gadget;
996
997 spin_lock_irq(&epfile->ffs->eps_lock);
998
999 if (epfile->ep != ep) {
1000 ret = -ESHUTDOWN;
1001 goto error_lock;
1002 }
1003 data_len = iov_iter_count(&io_data->data);
1004
1005
1006
1007
1008 if (io_data->read)
1009 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
1010
1011 io_data->use_sg = gadget->sg_supported && data_len > PAGE_SIZE;
1012 spin_unlock_irq(&epfile->ffs->eps_lock);
1013
1014 data = ffs_alloc_buffer(io_data, data_len);
1015 if (unlikely(!data)) {
1016 ret = -ENOMEM;
1017 goto error_mutex;
1018 }
1019 if (!io_data->read &&
1020 !copy_from_iter_full(data, data_len, &io_data->data)) {
1021 ret = -EFAULT;
1022 goto error_mutex;
1023 }
1024 }
1025
1026 spin_lock_irq(&epfile->ffs->eps_lock);
1027
1028 if (epfile->ep != ep) {
1029
1030 ret = -ESHUTDOWN;
1031 } else if (halt) {
1032 ret = usb_ep_set_halt(ep->ep);
1033 if (!ret)
1034 ret = -EBADMSG;
1035 } else if (unlikely(data_len == -EINVAL)) {
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047 WARN(1, "%s: data_len == -EINVAL\n", __func__);
1048 ret = -EINVAL;
1049 } else if (!io_data->aio) {
1050 DECLARE_COMPLETION_ONSTACK(done);
1051 bool interrupted = false;
1052
1053 req = ep->req;
1054 if (io_data->use_sg) {
1055 req->buf = NULL;
1056 req->sg = io_data->sgt.sgl;
1057 req->num_sgs = io_data->sgt.nents;
1058 } else {
1059 req->buf = data;
1060 }
1061 req->length = data_len;
1062
1063 io_data->buf = data;
1064
1065 req->context = &done;
1066 req->complete = ffs_epfile_io_complete;
1067
1068 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1069 if (unlikely(ret < 0))
1070 goto error_lock;
1071
1072 spin_unlock_irq(&epfile->ffs->eps_lock);
1073
1074 if (unlikely(wait_for_completion_interruptible(&done))) {
1075
1076
1077
1078
1079
1080
1081 usb_ep_dequeue(ep->ep, req);
1082 wait_for_completion(&done);
1083 interrupted = ep->status < 0;
1084 }
1085
1086 if (interrupted)
1087 ret = -EINTR;
1088 else if (io_data->read && ep->status > 0)
1089 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1090 &io_data->data);
1091 else
1092 ret = ep->status;
1093 goto error_mutex;
1094 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
1095 ret = -ENOMEM;
1096 } else {
1097 if (io_data->use_sg) {
1098 req->buf = NULL;
1099 req->sg = io_data->sgt.sgl;
1100 req->num_sgs = io_data->sgt.nents;
1101 } else {
1102 req->buf = data;
1103 }
1104 req->length = data_len;
1105
1106 io_data->buf = data;
1107 io_data->ep = ep->ep;
1108 io_data->req = req;
1109 io_data->ffs = epfile->ffs;
1110
1111 req->context = io_data;
1112 req->complete = ffs_epfile_async_io_complete;
1113
1114 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1115 if (unlikely(ret)) {
1116 usb_ep_free_request(ep->ep, req);
1117 goto error_lock;
1118 }
1119
1120 ret = -EIOCBQUEUED;
1121
1122
1123
1124
1125 data = NULL;
1126 }
1127
1128error_lock:
1129 spin_unlock_irq(&epfile->ffs->eps_lock);
1130error_mutex:
1131 mutex_unlock(&epfile->mutex);
1132error:
1133 if (ret != -EIOCBQUEUED)
1134 ffs_free_buffer(io_data);
1135 return ret;
1136}
1137
1138static int
1139ffs_epfile_open(struct inode *inode, struct file *file)
1140{
1141 struct ffs_epfile *epfile = inode->i_private;
1142
1143 ENTER();
1144
1145 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1146 return -ENODEV;
1147
1148 file->private_data = epfile;
1149 ffs_data_opened(epfile->ffs);
1150
1151 return 0;
1152}
1153
1154static int ffs_aio_cancel(struct kiocb *kiocb)
1155{
1156 struct ffs_io_data *io_data = kiocb->private;
1157 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1158 int value;
1159
1160 ENTER();
1161
1162 spin_lock_irq(&epfile->ffs->eps_lock);
1163
1164 if (likely(io_data && io_data->ep && io_data->req))
1165 value = usb_ep_dequeue(io_data->ep, io_data->req);
1166 else
1167 value = -EINVAL;
1168
1169 spin_unlock_irq(&epfile->ffs->eps_lock);
1170
1171 return value;
1172}
1173
1174static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
1175{
1176 struct ffs_io_data io_data, *p = &io_data;
1177 ssize_t res;
1178
1179 ENTER();
1180
1181 if (!is_sync_kiocb(kiocb)) {
1182 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1183 if (unlikely(!p))
1184 return -ENOMEM;
1185 p->aio = true;
1186 } else {
1187 memset(p, 0, sizeof(*p));
1188 p->aio = false;
1189 }
1190
1191 p->read = false;
1192 p->kiocb = kiocb;
1193 p->data = *from;
1194 p->mm = current->mm;
1195
1196 kiocb->private = p;
1197
1198 if (p->aio)
1199 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1200
1201 res = ffs_epfile_io(kiocb->ki_filp, p);
1202 if (res == -EIOCBQUEUED)
1203 return res;
1204 if (p->aio)
1205 kfree(p);
1206 else
1207 *from = p->data;
1208 return res;
1209}
1210
1211static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
1212{
1213 struct ffs_io_data io_data, *p = &io_data;
1214 ssize_t res;
1215
1216 ENTER();
1217
1218 if (!is_sync_kiocb(kiocb)) {
1219 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1220 if (unlikely(!p))
1221 return -ENOMEM;
1222 p->aio = true;
1223 } else {
1224 memset(p, 0, sizeof(*p));
1225 p->aio = false;
1226 }
1227
1228 p->read = true;
1229 p->kiocb = kiocb;
1230 if (p->aio) {
1231 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1232 if (!p->to_free) {
1233 kfree(p);
1234 return -ENOMEM;
1235 }
1236 } else {
1237 p->data = *to;
1238 p->to_free = NULL;
1239 }
1240 p->mm = current->mm;
1241
1242 kiocb->private = p;
1243
1244 if (p->aio)
1245 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1246
1247 res = ffs_epfile_io(kiocb->ki_filp, p);
1248 if (res == -EIOCBQUEUED)
1249 return res;
1250
1251 if (p->aio) {
1252 kfree(p->to_free);
1253 kfree(p);
1254 } else {
1255 *to = p->data;
1256 }
1257 return res;
1258}
1259
1260static int
1261ffs_epfile_release(struct inode *inode, struct file *file)
1262{
1263 struct ffs_epfile *epfile = inode->i_private;
1264
1265 ENTER();
1266
1267 __ffs_epfile_read_buffer_free(epfile);
1268 ffs_data_closed(epfile->ffs);
1269
1270 return 0;
1271}
1272
1273static long ffs_epfile_ioctl(struct file *file, unsigned code,
1274 unsigned long value)
1275{
1276 struct ffs_epfile *epfile = file->private_data;
1277 struct ffs_ep *ep;
1278 int ret;
1279
1280 ENTER();
1281
1282 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1283 return -ENODEV;
1284
1285
1286 ep = epfile->ep;
1287 if (!ep) {
1288 if (file->f_flags & O_NONBLOCK)
1289 return -EAGAIN;
1290
1291 ret = wait_event_interruptible(
1292 epfile->ffs->wait, (ep = epfile->ep));
1293 if (ret)
1294 return -EINTR;
1295 }
1296
1297 spin_lock_irq(&epfile->ffs->eps_lock);
1298
1299
1300 if (epfile->ep != ep) {
1301 spin_unlock_irq(&epfile->ffs->eps_lock);
1302 return -ESHUTDOWN;
1303 }
1304
1305 switch (code) {
1306 case FUNCTIONFS_FIFO_STATUS:
1307 ret = usb_ep_fifo_status(epfile->ep->ep);
1308 break;
1309 case FUNCTIONFS_FIFO_FLUSH:
1310 usb_ep_fifo_flush(epfile->ep->ep);
1311 ret = 0;
1312 break;
1313 case FUNCTIONFS_CLEAR_HALT:
1314 ret = usb_ep_clear_halt(epfile->ep->ep);
1315 break;
1316 case FUNCTIONFS_ENDPOINT_REVMAP:
1317 ret = epfile->ep->num;
1318 break;
1319 case FUNCTIONFS_ENDPOINT_DESC:
1320 {
1321 int desc_idx;
1322 struct usb_endpoint_descriptor *desc;
1323
1324 switch (epfile->ffs->gadget->speed) {
1325 case USB_SPEED_SUPER:
1326 desc_idx = 2;
1327 break;
1328 case USB_SPEED_HIGH:
1329 desc_idx = 1;
1330 break;
1331 default:
1332 desc_idx = 0;
1333 }
1334 desc = epfile->ep->descs[desc_idx];
1335
1336 spin_unlock_irq(&epfile->ffs->eps_lock);
1337 ret = copy_to_user((void __user *)value, desc, desc->bLength);
1338 if (ret)
1339 ret = -EFAULT;
1340 return ret;
1341 }
1342 default:
1343 ret = -ENOTTY;
1344 }
1345 spin_unlock_irq(&epfile->ffs->eps_lock);
1346
1347 return ret;
1348}
1349
1350#ifdef CONFIG_COMPAT
1351static long ffs_epfile_compat_ioctl(struct file *file, unsigned code,
1352 unsigned long value)
1353{
1354 return ffs_epfile_ioctl(file, code, value);
1355}
1356#endif
1357
1358static const struct file_operations ffs_epfile_operations = {
1359 .llseek = no_llseek,
1360
1361 .open = ffs_epfile_open,
1362 .write_iter = ffs_epfile_write_iter,
1363 .read_iter = ffs_epfile_read_iter,
1364 .release = ffs_epfile_release,
1365 .unlocked_ioctl = ffs_epfile_ioctl,
1366#ifdef CONFIG_COMPAT
1367 .compat_ioctl = ffs_epfile_compat_ioctl,
1368#endif
1369};
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379static struct inode *__must_check
1380ffs_sb_make_inode(struct super_block *sb, void *data,
1381 const struct file_operations *fops,
1382 const struct inode_operations *iops,
1383 struct ffs_file_perms *perms)
1384{
1385 struct inode *inode;
1386
1387 ENTER();
1388
1389 inode = new_inode(sb);
1390
1391 if (likely(inode)) {
1392 struct timespec64 ts = current_time(inode);
1393
1394 inode->i_ino = get_next_ino();
1395 inode->i_mode = perms->mode;
1396 inode->i_uid = perms->uid;
1397 inode->i_gid = perms->gid;
1398 inode->i_atime = ts;
1399 inode->i_mtime = ts;
1400 inode->i_ctime = ts;
1401 inode->i_private = data;
1402 if (fops)
1403 inode->i_fop = fops;
1404 if (iops)
1405 inode->i_op = iops;
1406 }
1407
1408 return inode;
1409}
1410
1411
1412static struct dentry *ffs_sb_create_file(struct super_block *sb,
1413 const char *name, void *data,
1414 const struct file_operations *fops)
1415{
1416 struct ffs_data *ffs = sb->s_fs_info;
1417 struct dentry *dentry;
1418 struct inode *inode;
1419
1420 ENTER();
1421
1422 dentry = d_alloc_name(sb->s_root, name);
1423 if (unlikely(!dentry))
1424 return NULL;
1425
1426 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1427 if (unlikely(!inode)) {
1428 dput(dentry);
1429 return NULL;
1430 }
1431
1432 d_add(dentry, inode);
1433 return dentry;
1434}
1435
1436
1437static const struct super_operations ffs_sb_operations = {
1438 .statfs = simple_statfs,
1439 .drop_inode = generic_delete_inode,
1440};
1441
1442struct ffs_sb_fill_data {
1443 struct ffs_file_perms perms;
1444 umode_t root_mode;
1445 const char *dev_name;
1446 bool no_disconnect;
1447 struct ffs_data *ffs_data;
1448};
1449
1450static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
1451{
1452 struct ffs_sb_fill_data *data = _data;
1453 struct inode *inode;
1454 struct ffs_data *ffs = data->ffs_data;
1455
1456 ENTER();
1457
1458 ffs->sb = sb;
1459 data->ffs_data = NULL;
1460 sb->s_fs_info = ffs;
1461 sb->s_blocksize = PAGE_SIZE;
1462 sb->s_blocksize_bits = PAGE_SHIFT;
1463 sb->s_magic = FUNCTIONFS_MAGIC;
1464 sb->s_op = &ffs_sb_operations;
1465 sb->s_time_gran = 1;
1466
1467
1468 data->perms.mode = data->root_mode;
1469 inode = ffs_sb_make_inode(sb, NULL,
1470 &simple_dir_operations,
1471 &simple_dir_inode_operations,
1472 &data->perms);
1473 sb->s_root = d_make_root(inode);
1474 if (unlikely(!sb->s_root))
1475 return -ENOMEM;
1476
1477
1478 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1479 &ffs_ep0_operations)))
1480 return -ENOMEM;
1481
1482 return 0;
1483}
1484
1485static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
1486{
1487 ENTER();
1488
1489 if (!opts || !*opts)
1490 return 0;
1491
1492 for (;;) {
1493 unsigned long value;
1494 char *eq, *comma;
1495
1496
1497 comma = strchr(opts, ',');
1498 if (comma)
1499 *comma = 0;
1500
1501
1502 eq = strchr(opts, '=');
1503 if (unlikely(!eq)) {
1504 pr_err("'=' missing in %s\n", opts);
1505 return -EINVAL;
1506 }
1507 *eq = 0;
1508
1509
1510 if (kstrtoul(eq + 1, 0, &value)) {
1511 pr_err("%s: invalid value: %s\n", opts, eq + 1);
1512 return -EINVAL;
1513 }
1514
1515
1516 switch (eq - opts) {
1517 case 13:
1518 if (!memcmp(opts, "no_disconnect", 13))
1519 data->no_disconnect = !!value;
1520 else
1521 goto invalid;
1522 break;
1523 case 5:
1524 if (!memcmp(opts, "rmode", 5))
1525 data->root_mode = (value & 0555) | S_IFDIR;
1526 else if (!memcmp(opts, "fmode", 5))
1527 data->perms.mode = (value & 0666) | S_IFREG;
1528 else
1529 goto invalid;
1530 break;
1531
1532 case 4:
1533 if (!memcmp(opts, "mode", 4)) {
1534 data->root_mode = (value & 0555) | S_IFDIR;
1535 data->perms.mode = (value & 0666) | S_IFREG;
1536 } else {
1537 goto invalid;
1538 }
1539 break;
1540
1541 case 3:
1542 if (!memcmp(opts, "uid", 3)) {
1543 data->perms.uid = make_kuid(current_user_ns(), value);
1544 if (!uid_valid(data->perms.uid)) {
1545 pr_err("%s: unmapped value: %lu\n", opts, value);
1546 return -EINVAL;
1547 }
1548 } else if (!memcmp(opts, "gid", 3)) {
1549 data->perms.gid = make_kgid(current_user_ns(), value);
1550 if (!gid_valid(data->perms.gid)) {
1551 pr_err("%s: unmapped value: %lu\n", opts, value);
1552 return -EINVAL;
1553 }
1554 } else {
1555 goto invalid;
1556 }
1557 break;
1558
1559 default:
1560invalid:
1561 pr_err("%s: invalid option\n", opts);
1562 return -EINVAL;
1563 }
1564
1565
1566 if (!comma)
1567 break;
1568 opts = comma + 1;
1569 }
1570
1571 return 0;
1572}
1573
1574
1575
1576static struct dentry *
1577ffs_fs_mount(struct file_system_type *t, int flags,
1578 const char *dev_name, void *opts)
1579{
1580 struct ffs_sb_fill_data data = {
1581 .perms = {
1582 .mode = S_IFREG | 0600,
1583 .uid = GLOBAL_ROOT_UID,
1584 .gid = GLOBAL_ROOT_GID,
1585 },
1586 .root_mode = S_IFDIR | 0500,
1587 .no_disconnect = false,
1588 };
1589 struct dentry *rv;
1590 int ret;
1591 void *ffs_dev;
1592 struct ffs_data *ffs;
1593
1594 ENTER();
1595
1596 ret = ffs_fs_parse_opts(&data, opts);
1597 if (unlikely(ret < 0))
1598 return ERR_PTR(ret);
1599
1600 ffs = ffs_data_new(dev_name);
1601 if (unlikely(!ffs))
1602 return ERR_PTR(-ENOMEM);
1603 ffs->file_perms = data.perms;
1604 ffs->no_disconnect = data.no_disconnect;
1605
1606 ffs->dev_name = kstrdup(dev_name, GFP_KERNEL);
1607 if (unlikely(!ffs->dev_name)) {
1608 ffs_data_put(ffs);
1609 return ERR_PTR(-ENOMEM);
1610 }
1611
1612 ffs_dev = ffs_acquire_dev(dev_name);
1613 if (IS_ERR(ffs_dev)) {
1614 ffs_data_put(ffs);
1615 return ERR_CAST(ffs_dev);
1616 }
1617 ffs->private_data = ffs_dev;
1618 data.ffs_data = ffs;
1619
1620 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1621 if (IS_ERR(rv) && data.ffs_data) {
1622 ffs_release_dev(data.ffs_data);
1623 ffs_data_put(data.ffs_data);
1624 }
1625 return rv;
1626}
1627
1628static void
1629ffs_fs_kill_sb(struct super_block *sb)
1630{
1631 ENTER();
1632
1633 kill_litter_super(sb);
1634 if (sb->s_fs_info) {
1635 ffs_release_dev(sb->s_fs_info);
1636 ffs_data_closed(sb->s_fs_info);
1637 }
1638}
1639
1640static struct file_system_type ffs_fs_type = {
1641 .owner = THIS_MODULE,
1642 .name = "functionfs",
1643 .mount = ffs_fs_mount,
1644 .kill_sb = ffs_fs_kill_sb,
1645};
1646MODULE_ALIAS_FS("functionfs");
1647
1648
1649
1650
1651static int functionfs_init(void)
1652{
1653 int ret;
1654
1655 ENTER();
1656
1657 ret = register_filesystem(&ffs_fs_type);
1658 if (likely(!ret))
1659 pr_info("file system registered\n");
1660 else
1661 pr_err("failed registering file system (%d)\n", ret);
1662
1663 return ret;
1664}
1665
1666static void functionfs_cleanup(void)
1667{
1668 ENTER();
1669
1670 pr_info("unloading\n");
1671 unregister_filesystem(&ffs_fs_type);
1672}
1673
1674
1675
1676
1677static void ffs_data_clear(struct ffs_data *ffs);
1678static void ffs_data_reset(struct ffs_data *ffs);
1679
1680static void ffs_data_get(struct ffs_data *ffs)
1681{
1682 ENTER();
1683
1684 refcount_inc(&ffs->ref);
1685}
1686
1687static void ffs_data_opened(struct ffs_data *ffs)
1688{
1689 ENTER();
1690
1691 refcount_inc(&ffs->ref);
1692 if (atomic_add_return(1, &ffs->opened) == 1 &&
1693 ffs->state == FFS_DEACTIVATED) {
1694 ffs->state = FFS_CLOSING;
1695 ffs_data_reset(ffs);
1696 }
1697}
1698
1699static void ffs_data_put(struct ffs_data *ffs)
1700{
1701 ENTER();
1702
1703 if (unlikely(refcount_dec_and_test(&ffs->ref))) {
1704 pr_info("%s(): freeing\n", __func__);
1705 ffs_data_clear(ffs);
1706 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1707 swait_active(&ffs->ep0req_completion.wait) ||
1708 waitqueue_active(&ffs->wait));
1709 destroy_workqueue(ffs->io_completion_wq);
1710 kfree(ffs->dev_name);
1711 kfree(ffs);
1712 }
1713}
1714
1715static void ffs_data_closed(struct ffs_data *ffs)
1716{
1717 ENTER();
1718
1719 if (atomic_dec_and_test(&ffs->opened)) {
1720 if (ffs->no_disconnect) {
1721 ffs->state = FFS_DEACTIVATED;
1722 if (ffs->epfiles) {
1723 ffs_epfiles_destroy(ffs->epfiles,
1724 ffs->eps_count);
1725 ffs->epfiles = NULL;
1726 }
1727 if (ffs->setup_state == FFS_SETUP_PENDING)
1728 __ffs_ep0_stall(ffs);
1729 } else {
1730 ffs->state = FFS_CLOSING;
1731 ffs_data_reset(ffs);
1732 }
1733 }
1734 if (atomic_read(&ffs->opened) < 0) {
1735 ffs->state = FFS_CLOSING;
1736 ffs_data_reset(ffs);
1737 }
1738
1739 ffs_data_put(ffs);
1740}
1741
1742static struct ffs_data *ffs_data_new(const char *dev_name)
1743{
1744 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1745 if (unlikely(!ffs))
1746 return NULL;
1747
1748 ENTER();
1749
1750 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1751 if (!ffs->io_completion_wq) {
1752 kfree(ffs);
1753 return NULL;
1754 }
1755
1756 refcount_set(&ffs->ref, 1);
1757 atomic_set(&ffs->opened, 0);
1758 ffs->state = FFS_READ_DESCRIPTORS;
1759 mutex_init(&ffs->mutex);
1760 spin_lock_init(&ffs->eps_lock);
1761 init_waitqueue_head(&ffs->ev.waitq);
1762 init_waitqueue_head(&ffs->wait);
1763 init_completion(&ffs->ep0req_completion);
1764
1765
1766 ffs->ev.can_stall = 1;
1767
1768 return ffs;
1769}
1770
1771static void ffs_data_clear(struct ffs_data *ffs)
1772{
1773 ENTER();
1774
1775 ffs_closed(ffs);
1776
1777 BUG_ON(ffs->gadget);
1778
1779 if (ffs->epfiles)
1780 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1781
1782 if (ffs->ffs_eventfd)
1783 eventfd_ctx_put(ffs->ffs_eventfd);
1784
1785 kfree(ffs->raw_descs_data);
1786 kfree(ffs->raw_strings);
1787 kfree(ffs->stringtabs);
1788}
1789
1790static void ffs_data_reset(struct ffs_data *ffs)
1791{
1792 ENTER();
1793
1794 ffs_data_clear(ffs);
1795
1796 ffs->epfiles = NULL;
1797 ffs->raw_descs_data = NULL;
1798 ffs->raw_descs = NULL;
1799 ffs->raw_strings = NULL;
1800 ffs->stringtabs = NULL;
1801
1802 ffs->raw_descs_length = 0;
1803 ffs->fs_descs_count = 0;
1804 ffs->hs_descs_count = 0;
1805 ffs->ss_descs_count = 0;
1806
1807 ffs->strings_count = 0;
1808 ffs->interfaces_count = 0;
1809 ffs->eps_count = 0;
1810
1811 ffs->ev.count = 0;
1812
1813 ffs->state = FFS_READ_DESCRIPTORS;
1814 ffs->setup_state = FFS_NO_SETUP;
1815 ffs->flags = 0;
1816}
1817
1818
1819static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1820{
1821 struct usb_gadget_strings **lang;
1822 int first_id;
1823
1824 ENTER();
1825
1826 if (WARN_ON(ffs->state != FFS_ACTIVE
1827 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1828 return -EBADFD;
1829
1830 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1831 if (unlikely(first_id < 0))
1832 return first_id;
1833
1834 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1835 if (unlikely(!ffs->ep0req))
1836 return -ENOMEM;
1837 ffs->ep0req->complete = ffs_ep0_complete;
1838 ffs->ep0req->context = ffs;
1839
1840 lang = ffs->stringtabs;
1841 if (lang) {
1842 for (; *lang; ++lang) {
1843 struct usb_string *str = (*lang)->strings;
1844 int id = first_id;
1845 for (; str->s; ++id, ++str)
1846 str->id = id;
1847 }
1848 }
1849
1850 ffs->gadget = cdev->gadget;
1851 ffs_data_get(ffs);
1852 return 0;
1853}
1854
1855static void functionfs_unbind(struct ffs_data *ffs)
1856{
1857 ENTER();
1858
1859 if (!WARN_ON(!ffs->gadget)) {
1860 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1861 ffs->ep0req = NULL;
1862 ffs->gadget = NULL;
1863 clear_bit(FFS_FL_BOUND, &ffs->flags);
1864 ffs_data_put(ffs);
1865 }
1866}
1867
1868static int ffs_epfiles_create(struct ffs_data *ffs)
1869{
1870 struct ffs_epfile *epfile, *epfiles;
1871 unsigned i, count;
1872
1873 ENTER();
1874
1875 count = ffs->eps_count;
1876 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1877 if (!epfiles)
1878 return -ENOMEM;
1879
1880 epfile = epfiles;
1881 for (i = 1; i <= count; ++i, ++epfile) {
1882 epfile->ffs = ffs;
1883 mutex_init(&epfile->mutex);
1884 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1885 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1886 else
1887 sprintf(epfile->name, "ep%u", i);
1888 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1889 epfile,
1890 &ffs_epfile_operations);
1891 if (unlikely(!epfile->dentry)) {
1892 ffs_epfiles_destroy(epfiles, i - 1);
1893 return -ENOMEM;
1894 }
1895 }
1896
1897 ffs->epfiles = epfiles;
1898 return 0;
1899}
1900
1901static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1902{
1903 struct ffs_epfile *epfile = epfiles;
1904
1905 ENTER();
1906
1907 for (; count; --count, ++epfile) {
1908 BUG_ON(mutex_is_locked(&epfile->mutex));
1909 if (epfile->dentry) {
1910 d_delete(epfile->dentry);
1911 dput(epfile->dentry);
1912 epfile->dentry = NULL;
1913 }
1914 }
1915
1916 kfree(epfiles);
1917}
1918
1919static void ffs_func_eps_disable(struct ffs_function *func)
1920{
1921 struct ffs_ep *ep = func->eps;
1922 struct ffs_epfile *epfile = func->ffs->epfiles;
1923 unsigned count = func->ffs->eps_count;
1924 unsigned long flags;
1925
1926 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1927 while (count--) {
1928
1929 if (likely(ep->ep))
1930 usb_ep_disable(ep->ep);
1931 ++ep;
1932
1933 if (epfile) {
1934 epfile->ep = NULL;
1935 __ffs_epfile_read_buffer_free(epfile);
1936 ++epfile;
1937 }
1938 }
1939 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1940}
1941
1942static int ffs_func_eps_enable(struct ffs_function *func)
1943{
1944 struct ffs_data *ffs = func->ffs;
1945 struct ffs_ep *ep = func->eps;
1946 struct ffs_epfile *epfile = ffs->epfiles;
1947 unsigned count = ffs->eps_count;
1948 unsigned long flags;
1949 int ret = 0;
1950
1951 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1952 while(count--) {
1953 ep->ep->driver_data = ep;
1954
1955 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1956 if (ret) {
1957 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1958 __func__, ep->ep->name, ret);
1959 break;
1960 }
1961
1962 ret = usb_ep_enable(ep->ep);
1963 if (likely(!ret)) {
1964 epfile->ep = ep;
1965 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1966 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
1967 } else {
1968 break;
1969 }
1970
1971 ++ep;
1972 ++epfile;
1973 }
1974
1975 wake_up_interruptible(&ffs->wait);
1976 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1977
1978 return ret;
1979}
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991enum ffs_entity_type {
1992 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1993};
1994
1995enum ffs_os_desc_type {
1996 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
1997};
1998
1999typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
2000 u8 *valuep,
2001 struct usb_descriptor_header *desc,
2002 void *priv);
2003
2004typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
2005 struct usb_os_desc_header *h, void *data,
2006 unsigned len, void *priv);
2007
2008static int __must_check ffs_do_single_desc(char *data, unsigned len,
2009 ffs_entity_callback entity,
2010 void *priv, int *current_class)
2011{
2012 struct usb_descriptor_header *_ds = (void *)data;
2013 u8 length;
2014 int ret;
2015
2016 ENTER();
2017
2018
2019 if (len < 2) {
2020 pr_vdebug("descriptor too short\n");
2021 return -EINVAL;
2022 }
2023
2024
2025 length = _ds->bLength;
2026 if (len < length) {
2027 pr_vdebug("descriptor longer then available data\n");
2028 return -EINVAL;
2029 }
2030
2031#define __entity_check_INTERFACE(val) 1
2032#define __entity_check_STRING(val) (val)
2033#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
2034#define __entity(type, val) do { \
2035 pr_vdebug("entity " #type "(%02x)\n", (val)); \
2036 if (unlikely(!__entity_check_ ##type(val))) { \
2037 pr_vdebug("invalid entity's value\n"); \
2038 return -EINVAL; \
2039 } \
2040 ret = entity(FFS_ ##type, &val, _ds, priv); \
2041 if (unlikely(ret < 0)) { \
2042 pr_debug("entity " #type "(%02x); ret = %d\n", \
2043 (val), ret); \
2044 return ret; \
2045 } \
2046 } while (0)
2047
2048
2049 switch (_ds->bDescriptorType) {
2050 case USB_DT_DEVICE:
2051 case USB_DT_CONFIG:
2052 case USB_DT_STRING:
2053 case USB_DT_DEVICE_QUALIFIER:
2054
2055 pr_vdebug("descriptor reserved for gadget: %d\n",
2056 _ds->bDescriptorType);
2057 return -EINVAL;
2058
2059 case USB_DT_INTERFACE: {
2060 struct usb_interface_descriptor *ds = (void *)_ds;
2061 pr_vdebug("interface descriptor\n");
2062 if (length != sizeof *ds)
2063 goto inv_length;
2064
2065 __entity(INTERFACE, ds->bInterfaceNumber);
2066 if (ds->iInterface)
2067 __entity(STRING, ds->iInterface);
2068 *current_class = ds->bInterfaceClass;
2069 }
2070 break;
2071
2072 case USB_DT_ENDPOINT: {
2073 struct usb_endpoint_descriptor *ds = (void *)_ds;
2074 pr_vdebug("endpoint descriptor\n");
2075 if (length != USB_DT_ENDPOINT_SIZE &&
2076 length != USB_DT_ENDPOINT_AUDIO_SIZE)
2077 goto inv_length;
2078 __entity(ENDPOINT, ds->bEndpointAddress);
2079 }
2080 break;
2081
2082 case USB_TYPE_CLASS | 0x01:
2083 if (*current_class == USB_INTERFACE_CLASS_HID) {
2084 pr_vdebug("hid descriptor\n");
2085 if (length != sizeof(struct hid_descriptor))
2086 goto inv_length;
2087 break;
2088 } else if (*current_class == USB_INTERFACE_CLASS_CCID) {
2089 pr_vdebug("ccid descriptor\n");
2090 if (length != sizeof(struct ccid_descriptor))
2091 goto inv_length;
2092 break;
2093 } else {
2094 pr_vdebug("unknown descriptor: %d for class %d\n",
2095 _ds->bDescriptorType, *current_class);
2096 return -EINVAL;
2097 }
2098
2099 case USB_DT_OTG:
2100 if (length != sizeof(struct usb_otg_descriptor))
2101 goto inv_length;
2102 break;
2103
2104 case USB_DT_INTERFACE_ASSOCIATION: {
2105 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
2106 pr_vdebug("interface association descriptor\n");
2107 if (length != sizeof *ds)
2108 goto inv_length;
2109 if (ds->iFunction)
2110 __entity(STRING, ds->iFunction);
2111 }
2112 break;
2113
2114 case USB_DT_SS_ENDPOINT_COMP:
2115 pr_vdebug("EP SS companion descriptor\n");
2116 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2117 goto inv_length;
2118 break;
2119
2120 case USB_DT_OTHER_SPEED_CONFIG:
2121 case USB_DT_INTERFACE_POWER:
2122 case USB_DT_DEBUG:
2123 case USB_DT_SECURITY:
2124 case USB_DT_CS_RADIO_CONTROL:
2125
2126 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2127 return -EINVAL;
2128
2129 default:
2130
2131 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2132 return -EINVAL;
2133
2134inv_length:
2135 pr_vdebug("invalid length: %d (descriptor %d)\n",
2136 _ds->bLength, _ds->bDescriptorType);
2137 return -EINVAL;
2138 }
2139
2140#undef __entity
2141#undef __entity_check_DESCRIPTOR
2142#undef __entity_check_INTERFACE
2143#undef __entity_check_STRING
2144#undef __entity_check_ENDPOINT
2145
2146 return length;
2147}
2148
2149static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2150 ffs_entity_callback entity, void *priv)
2151{
2152 const unsigned _len = len;
2153 unsigned long num = 0;
2154 int current_class = -1;
2155
2156 ENTER();
2157
2158 for (;;) {
2159 int ret;
2160
2161 if (num == count)
2162 data = NULL;
2163
2164
2165 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2166 if (unlikely(ret < 0)) {
2167 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2168 num, ret);
2169 return ret;
2170 }
2171
2172 if (!data)
2173 return _len - len;
2174
2175 ret = ffs_do_single_desc(data, len, entity, priv,
2176 ¤t_class);
2177 if (unlikely(ret < 0)) {
2178 pr_debug("%s returns %d\n", __func__, ret);
2179 return ret;
2180 }
2181
2182 len -= ret;
2183 data += ret;
2184 ++num;
2185 }
2186}
2187
2188static int __ffs_data_do_entity(enum ffs_entity_type type,
2189 u8 *valuep, struct usb_descriptor_header *desc,
2190 void *priv)
2191{
2192 struct ffs_desc_helper *helper = priv;
2193 struct usb_endpoint_descriptor *d;
2194
2195 ENTER();
2196
2197 switch (type) {
2198 case FFS_DESCRIPTOR:
2199 break;
2200
2201 case FFS_INTERFACE:
2202
2203
2204
2205
2206
2207 if (*valuep >= helper->interfaces_count)
2208 helper->interfaces_count = *valuep + 1;
2209 break;
2210
2211 case FFS_STRING:
2212
2213
2214
2215
2216 if (*valuep > helper->ffs->strings_count)
2217 helper->ffs->strings_count = *valuep;
2218 break;
2219
2220 case FFS_ENDPOINT:
2221 d = (void *)desc;
2222 helper->eps_count++;
2223 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
2224 return -EINVAL;
2225
2226 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2227 helper->ffs->eps_addrmap[helper->eps_count] =
2228 d->bEndpointAddress;
2229 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2230 d->bEndpointAddress)
2231 return -EINVAL;
2232 break;
2233 }
2234
2235 return 0;
2236}
2237
2238static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2239 struct usb_os_desc_header *desc)
2240{
2241 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2242 u16 w_index = le16_to_cpu(desc->wIndex);
2243
2244 if (bcd_version != 1) {
2245 pr_vdebug("unsupported os descriptors version: %d",
2246 bcd_version);
2247 return -EINVAL;
2248 }
2249 switch (w_index) {
2250 case 0x4:
2251 *next_type = FFS_OS_DESC_EXT_COMPAT;
2252 break;
2253 case 0x5:
2254 *next_type = FFS_OS_DESC_EXT_PROP;
2255 break;
2256 default:
2257 pr_vdebug("unsupported os descriptor type: %d", w_index);
2258 return -EINVAL;
2259 }
2260
2261 return sizeof(*desc);
2262}
2263
2264
2265
2266
2267
2268static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2269 enum ffs_os_desc_type type,
2270 u16 feature_count,
2271 ffs_os_desc_callback entity,
2272 void *priv,
2273 struct usb_os_desc_header *h)
2274{
2275 int ret;
2276 const unsigned _len = len;
2277
2278 ENTER();
2279
2280
2281 while (feature_count--) {
2282 ret = entity(type, h, data, len, priv);
2283 if (unlikely(ret < 0)) {
2284 pr_debug("bad OS descriptor, type: %d\n", type);
2285 return ret;
2286 }
2287 data += ret;
2288 len -= ret;
2289 }
2290 return _len - len;
2291}
2292
2293
2294static int __must_check ffs_do_os_descs(unsigned count,
2295 char *data, unsigned len,
2296 ffs_os_desc_callback entity, void *priv)
2297{
2298 const unsigned _len = len;
2299 unsigned long num = 0;
2300
2301 ENTER();
2302
2303 for (num = 0; num < count; ++num) {
2304 int ret;
2305 enum ffs_os_desc_type type;
2306 u16 feature_count;
2307 struct usb_os_desc_header *desc = (void *)data;
2308
2309 if (len < sizeof(*desc))
2310 return -EINVAL;
2311
2312
2313
2314
2315
2316
2317
2318
2319 if (le32_to_cpu(desc->dwLength) > len)
2320 return -EINVAL;
2321
2322 ret = __ffs_do_os_desc_header(&type, desc);
2323 if (unlikely(ret < 0)) {
2324 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2325 num, ret);
2326 return ret;
2327 }
2328
2329
2330
2331 feature_count = le16_to_cpu(desc->wCount);
2332 if (type == FFS_OS_DESC_EXT_COMPAT &&
2333 (feature_count > 255 || desc->Reserved))
2334 return -EINVAL;
2335 len -= ret;
2336 data += ret;
2337
2338
2339
2340
2341
2342 ret = ffs_do_single_os_desc(data, len, type,
2343 feature_count, entity, priv, desc);
2344 if (unlikely(ret < 0)) {
2345 pr_debug("%s returns %d\n", __func__, ret);
2346 return ret;
2347 }
2348
2349 len -= ret;
2350 data += ret;
2351 }
2352 return _len - len;
2353}
2354
2355
2356
2357
2358static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2359 struct usb_os_desc_header *h, void *data,
2360 unsigned len, void *priv)
2361{
2362 struct ffs_data *ffs = priv;
2363 u8 length;
2364
2365 ENTER();
2366
2367 switch (type) {
2368 case FFS_OS_DESC_EXT_COMPAT: {
2369 struct usb_ext_compat_desc *d = data;
2370 int i;
2371
2372 if (len < sizeof(*d) ||
2373 d->bFirstInterfaceNumber >= ffs->interfaces_count)
2374 return -EINVAL;
2375 if (d->Reserved1 != 1) {
2376
2377
2378
2379
2380
2381
2382 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2383 d->Reserved1 = 1;
2384 }
2385 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2386 if (d->Reserved2[i])
2387 return -EINVAL;
2388
2389 length = sizeof(struct usb_ext_compat_desc);
2390 }
2391 break;
2392 case FFS_OS_DESC_EXT_PROP: {
2393 struct usb_ext_prop_desc *d = data;
2394 u32 type, pdl;
2395 u16 pnl;
2396
2397 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2398 return -EINVAL;
2399 length = le32_to_cpu(d->dwSize);
2400 if (len < length)
2401 return -EINVAL;
2402 type = le32_to_cpu(d->dwPropertyDataType);
2403 if (type < USB_EXT_PROP_UNICODE ||
2404 type > USB_EXT_PROP_UNICODE_MULTI) {
2405 pr_vdebug("unsupported os descriptor property type: %d",
2406 type);
2407 return -EINVAL;
2408 }
2409 pnl = le16_to_cpu(d->wPropertyNameLength);
2410 if (length < 14 + pnl) {
2411 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2412 length, pnl, type);
2413 return -EINVAL;
2414 }
2415 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
2416 if (length != 14 + pnl + pdl) {
2417 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2418 length, pnl, pdl, type);
2419 return -EINVAL;
2420 }
2421 ++ffs->ms_os_descs_ext_prop_count;
2422
2423 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2424 ffs->ms_os_descs_ext_prop_data_len += pdl;
2425 }
2426 break;
2427 default:
2428 pr_vdebug("unknown descriptor: %d\n", type);
2429 return -EINVAL;
2430 }
2431 return length;
2432}
2433
2434static int __ffs_data_got_descs(struct ffs_data *ffs,
2435 char *const _data, size_t len)
2436{
2437 char *data = _data, *raw_descs;
2438 unsigned os_descs_count = 0, counts[3], flags;
2439 int ret = -EINVAL, i;
2440 struct ffs_desc_helper helper;
2441
2442 ENTER();
2443
2444 if (get_unaligned_le32(data + 4) != len)
2445 goto error;
2446
2447 switch (get_unaligned_le32(data)) {
2448 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2449 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2450 data += 8;
2451 len -= 8;
2452 break;
2453 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2454 flags = get_unaligned_le32(data + 8);
2455 ffs->user_flags = flags;
2456 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2457 FUNCTIONFS_HAS_HS_DESC |
2458 FUNCTIONFS_HAS_SS_DESC |
2459 FUNCTIONFS_HAS_MS_OS_DESC |
2460 FUNCTIONFS_VIRTUAL_ADDR |
2461 FUNCTIONFS_EVENTFD |
2462 FUNCTIONFS_ALL_CTRL_RECIP |
2463 FUNCTIONFS_CONFIG0_SETUP)) {
2464 ret = -ENOSYS;
2465 goto error;
2466 }
2467 data += 12;
2468 len -= 12;
2469 break;
2470 default:
2471 goto error;
2472 }
2473
2474 if (flags & FUNCTIONFS_EVENTFD) {
2475 if (len < 4)
2476 goto error;
2477 ffs->ffs_eventfd =
2478 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2479 if (IS_ERR(ffs->ffs_eventfd)) {
2480 ret = PTR_ERR(ffs->ffs_eventfd);
2481 ffs->ffs_eventfd = NULL;
2482 goto error;
2483 }
2484 data += 4;
2485 len -= 4;
2486 }
2487
2488
2489 for (i = 0; i < 3; ++i) {
2490 if (!(flags & (1 << i))) {
2491 counts[i] = 0;
2492 } else if (len < 4) {
2493 goto error;
2494 } else {
2495 counts[i] = get_unaligned_le32(data);
2496 data += 4;
2497 len -= 4;
2498 }
2499 }
2500 if (flags & (1 << i)) {
2501 if (len < 4) {
2502 goto error;
2503 }
2504 os_descs_count = get_unaligned_le32(data);
2505 data += 4;
2506 len -= 4;
2507 };
2508
2509
2510 raw_descs = data;
2511 helper.ffs = ffs;
2512 for (i = 0; i < 3; ++i) {
2513 if (!counts[i])
2514 continue;
2515 helper.interfaces_count = 0;
2516 helper.eps_count = 0;
2517 ret = ffs_do_descs(counts[i], data, len,
2518 __ffs_data_do_entity, &helper);
2519 if (ret < 0)
2520 goto error;
2521 if (!ffs->eps_count && !ffs->interfaces_count) {
2522 ffs->eps_count = helper.eps_count;
2523 ffs->interfaces_count = helper.interfaces_count;
2524 } else {
2525 if (ffs->eps_count != helper.eps_count) {
2526 ret = -EINVAL;
2527 goto error;
2528 }
2529 if (ffs->interfaces_count != helper.interfaces_count) {
2530 ret = -EINVAL;
2531 goto error;
2532 }
2533 }
2534 data += ret;
2535 len -= ret;
2536 }
2537 if (os_descs_count) {
2538 ret = ffs_do_os_descs(os_descs_count, data, len,
2539 __ffs_data_do_os_desc, ffs);
2540 if (ret < 0)
2541 goto error;
2542 data += ret;
2543 len -= ret;
2544 }
2545
2546 if (raw_descs == data || len) {
2547 ret = -EINVAL;
2548 goto error;
2549 }
2550
2551 ffs->raw_descs_data = _data;
2552 ffs->raw_descs = raw_descs;
2553 ffs->raw_descs_length = data - raw_descs;
2554 ffs->fs_descs_count = counts[0];
2555 ffs->hs_descs_count = counts[1];
2556 ffs->ss_descs_count = counts[2];
2557 ffs->ms_os_descs_count = os_descs_count;
2558
2559 return 0;
2560
2561error:
2562 kfree(_data);
2563 return ret;
2564}
2565
2566static int __ffs_data_got_strings(struct ffs_data *ffs,
2567 char *const _data, size_t len)
2568{
2569 u32 str_count, needed_count, lang_count;
2570 struct usb_gadget_strings **stringtabs, *t;
2571 const char *data = _data;
2572 struct usb_string *s;
2573
2574 ENTER();
2575
2576 if (unlikely(len < 16 ||
2577 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2578 get_unaligned_le32(data + 4) != len))
2579 goto error;
2580 str_count = get_unaligned_le32(data + 8);
2581 lang_count = get_unaligned_le32(data + 12);
2582
2583
2584 if (unlikely(!str_count != !lang_count))
2585 goto error;
2586
2587
2588 needed_count = ffs->strings_count;
2589 if (unlikely(str_count < needed_count))
2590 goto error;
2591
2592
2593
2594
2595
2596 if (!needed_count) {
2597 kfree(_data);
2598 return 0;
2599 }
2600
2601
2602 {
2603 unsigned i = 0;
2604 vla_group(d);
2605 vla_item(d, struct usb_gadget_strings *, stringtabs,
2606 lang_count + 1);
2607 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2608 vla_item(d, struct usb_string, strings,
2609 lang_count*(needed_count+1));
2610
2611 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2612
2613 if (unlikely(!vlabuf)) {
2614 kfree(_data);
2615 return -ENOMEM;
2616 }
2617
2618
2619 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2620 t = vla_ptr(vlabuf, d, stringtab);
2621 i = lang_count;
2622 do {
2623 *stringtabs++ = t++;
2624 } while (--i);
2625 *stringtabs = NULL;
2626
2627
2628 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2629 t = vla_ptr(vlabuf, d, stringtab);
2630 s = vla_ptr(vlabuf, d, strings);
2631 }
2632
2633
2634 data += 16;
2635 len -= 16;
2636
2637 do {
2638 unsigned needed = needed_count;
2639
2640 if (unlikely(len < 3))
2641 goto error_free;
2642 t->language = get_unaligned_le16(data);
2643 t->strings = s;
2644 ++t;
2645
2646 data += 2;
2647 len -= 2;
2648
2649
2650 do {
2651 size_t length = strnlen(data, len);
2652
2653 if (unlikely(length == len))
2654 goto error_free;
2655
2656
2657
2658
2659
2660
2661 if (likely(needed)) {
2662
2663
2664
2665
2666
2667 s->s = data;
2668 --needed;
2669 ++s;
2670 }
2671
2672 data += length + 1;
2673 len -= length + 1;
2674 } while (--str_count);
2675
2676 s->id = 0;
2677 s->s = NULL;
2678 ++s;
2679
2680 } while (--lang_count);
2681
2682
2683 if (unlikely(len))
2684 goto error_free;
2685
2686
2687 ffs->stringtabs = stringtabs;
2688 ffs->raw_strings = _data;
2689
2690 return 0;
2691
2692error_free:
2693 kfree(stringtabs);
2694error:
2695 kfree(_data);
2696 return -EINVAL;
2697}
2698
2699
2700
2701
2702static void __ffs_event_add(struct ffs_data *ffs,
2703 enum usb_functionfs_event_type type)
2704{
2705 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2706 int neg = 0;
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716 if (ffs->setup_state == FFS_SETUP_PENDING)
2717 ffs->setup_state = FFS_SETUP_CANCELLED;
2718
2719
2720
2721
2722
2723
2724
2725
2726 switch (type) {
2727 case FUNCTIONFS_RESUME:
2728 rem_type2 = FUNCTIONFS_SUSPEND;
2729
2730 case FUNCTIONFS_SUSPEND:
2731 case FUNCTIONFS_SETUP:
2732 rem_type1 = type;
2733
2734 break;
2735
2736 case FUNCTIONFS_BIND:
2737 case FUNCTIONFS_UNBIND:
2738 case FUNCTIONFS_DISABLE:
2739 case FUNCTIONFS_ENABLE:
2740
2741 rem_type1 = FUNCTIONFS_SUSPEND;
2742 rem_type2 = FUNCTIONFS_RESUME;
2743 neg = 1;
2744 break;
2745
2746 default:
2747 WARN(1, "%d: unknown event, this should not happen\n", type);
2748 return;
2749 }
2750
2751 {
2752 u8 *ev = ffs->ev.types, *out = ev;
2753 unsigned n = ffs->ev.count;
2754 for (; n; --n, ++ev)
2755 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2756 *out++ = *ev;
2757 else
2758 pr_vdebug("purging event %d\n", *ev);
2759 ffs->ev.count = out - ffs->ev.types;
2760 }
2761
2762 pr_vdebug("adding event %d\n", type);
2763 ffs->ev.types[ffs->ev.count++] = type;
2764 wake_up_locked(&ffs->ev.waitq);
2765 if (ffs->ffs_eventfd)
2766 eventfd_signal(ffs->ffs_eventfd, 1);
2767}
2768
2769static void ffs_event_add(struct ffs_data *ffs,
2770 enum usb_functionfs_event_type type)
2771{
2772 unsigned long flags;
2773 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2774 __ffs_event_add(ffs, type);
2775 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2776}
2777
2778
2779
2780static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2781{
2782 int i;
2783
2784 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2785 if (ffs->eps_addrmap[i] == endpoint_address)
2786 return i;
2787 return -ENOENT;
2788}
2789
2790static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2791 struct usb_descriptor_header *desc,
2792 void *priv)
2793{
2794 struct usb_endpoint_descriptor *ds = (void *)desc;
2795 struct ffs_function *func = priv;
2796 struct ffs_ep *ffs_ep;
2797 unsigned ep_desc_id;
2798 int idx;
2799 static const char *speed_names[] = { "full", "high", "super" };
2800
2801 if (type != FFS_DESCRIPTOR)
2802 return 0;
2803
2804
2805
2806
2807
2808
2809
2810 if (func->function.ss_descriptors) {
2811 ep_desc_id = 2;
2812 func->function.ss_descriptors[(long)valuep] = desc;
2813 } else if (func->function.hs_descriptors) {
2814 ep_desc_id = 1;
2815 func->function.hs_descriptors[(long)valuep] = desc;
2816 } else {
2817 ep_desc_id = 0;
2818 func->function.fs_descriptors[(long)valuep] = desc;
2819 }
2820
2821 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2822 return 0;
2823
2824 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2825 if (idx < 0)
2826 return idx;
2827
2828 ffs_ep = func->eps + idx;
2829
2830 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2831 pr_err("two %sspeed descriptors for EP %d\n",
2832 speed_names[ep_desc_id],
2833 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2834 return -EINVAL;
2835 }
2836 ffs_ep->descs[ep_desc_id] = ds;
2837
2838 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2839 if (ffs_ep->ep) {
2840 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2841 if (!ds->wMaxPacketSize)
2842 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2843 } else {
2844 struct usb_request *req;
2845 struct usb_ep *ep;
2846 u8 bEndpointAddress;
2847 u16 wMaxPacketSize;
2848
2849
2850
2851
2852
2853 bEndpointAddress = ds->bEndpointAddress;
2854
2855
2856
2857
2858 wMaxPacketSize = ds->wMaxPacketSize;
2859 pr_vdebug("autoconfig\n");
2860 ep = usb_ep_autoconfig(func->gadget, ds);
2861 if (unlikely(!ep))
2862 return -ENOTSUPP;
2863 ep->driver_data = func->eps + idx;
2864
2865 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2866 if (unlikely(!req))
2867 return -ENOMEM;
2868
2869 ffs_ep->ep = ep;
2870 ffs_ep->req = req;
2871 func->eps_revmap[ds->bEndpointAddress &
2872 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2873
2874
2875
2876
2877 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2878 ds->bEndpointAddress = bEndpointAddress;
2879
2880
2881
2882
2883 ds->wMaxPacketSize = wMaxPacketSize;
2884 }
2885 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2886
2887 return 0;
2888}
2889
2890static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2891 struct usb_descriptor_header *desc,
2892 void *priv)
2893{
2894 struct ffs_function *func = priv;
2895 unsigned idx;
2896 u8 newValue;
2897
2898 switch (type) {
2899 default:
2900 case FFS_DESCRIPTOR:
2901
2902 return 0;
2903
2904 case FFS_INTERFACE:
2905 idx = *valuep;
2906 if (func->interfaces_nums[idx] < 0) {
2907 int id = usb_interface_id(func->conf, &func->function);
2908 if (unlikely(id < 0))
2909 return id;
2910 func->interfaces_nums[idx] = id;
2911 }
2912 newValue = func->interfaces_nums[idx];
2913 break;
2914
2915 case FFS_STRING:
2916
2917 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2918 break;
2919
2920 case FFS_ENDPOINT:
2921
2922
2923
2924
2925 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2926 return 0;
2927
2928 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2929 if (unlikely(!func->eps[idx].ep))
2930 return -EINVAL;
2931
2932 {
2933 struct usb_endpoint_descriptor **descs;
2934 descs = func->eps[idx].descs;
2935 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2936 }
2937 break;
2938 }
2939
2940 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2941 *valuep = newValue;
2942 return 0;
2943}
2944
2945static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2946 struct usb_os_desc_header *h, void *data,
2947 unsigned len, void *priv)
2948{
2949 struct ffs_function *func = priv;
2950 u8 length = 0;
2951
2952 switch (type) {
2953 case FFS_OS_DESC_EXT_COMPAT: {
2954 struct usb_ext_compat_desc *desc = data;
2955 struct usb_os_desc_table *t;
2956
2957 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2958 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2959 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2960 ARRAY_SIZE(desc->CompatibleID) +
2961 ARRAY_SIZE(desc->SubCompatibleID));
2962 length = sizeof(*desc);
2963 }
2964 break;
2965 case FFS_OS_DESC_EXT_PROP: {
2966 struct usb_ext_prop_desc *desc = data;
2967 struct usb_os_desc_table *t;
2968 struct usb_os_desc_ext_prop *ext_prop;
2969 char *ext_prop_name;
2970 char *ext_prop_data;
2971
2972 t = &func->function.os_desc_table[h->interface];
2973 t->if_id = func->interfaces_nums[h->interface];
2974
2975 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2976 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2977
2978 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2979 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2980 ext_prop->data_len = le32_to_cpu(*(__le32 *)
2981 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2982 length = ext_prop->name_len + ext_prop->data_len + 14;
2983
2984 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2985 func->ffs->ms_os_descs_ext_prop_name_avail +=
2986 ext_prop->name_len;
2987
2988 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2989 func->ffs->ms_os_descs_ext_prop_data_avail +=
2990 ext_prop->data_len;
2991 memcpy(ext_prop_data,
2992 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2993 ext_prop->data_len);
2994
2995 switch (ext_prop->type) {
2996 case USB_EXT_PROP_UNICODE:
2997 case USB_EXT_PROP_UNICODE_ENV:
2998 case USB_EXT_PROP_UNICODE_LINK:
2999 case USB_EXT_PROP_UNICODE_MULTI:
3000 ext_prop->data_len *= 2;
3001 break;
3002 }
3003 ext_prop->data = ext_prop_data;
3004
3005 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
3006 ext_prop->name_len);
3007
3008 ext_prop->name_len *= 2;
3009 ext_prop->name = ext_prop_name;
3010
3011 t->os_desc->ext_prop_len +=
3012 ext_prop->name_len + ext_prop->data_len + 14;
3013 ++t->os_desc->ext_prop_count;
3014 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
3015 }
3016 break;
3017 default:
3018 pr_vdebug("unknown descriptor: %d\n", type);
3019 }
3020
3021 return length;
3022}
3023
3024static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
3025 struct usb_configuration *c)
3026{
3027 struct ffs_function *func = ffs_func_from_usb(f);
3028 struct f_fs_opts *ffs_opts =
3029 container_of(f->fi, struct f_fs_opts, func_inst);
3030 int ret;
3031
3032 ENTER();
3033
3034
3035
3036
3037
3038
3039
3040
3041 if (!ffs_opts->no_configfs)
3042 ffs_dev_lock();
3043 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
3044 func->ffs = ffs_opts->dev->ffs_data;
3045 if (!ffs_opts->no_configfs)
3046 ffs_dev_unlock();
3047 if (ret)
3048 return ERR_PTR(ret);
3049
3050 func->conf = c;
3051 func->gadget = c->cdev->gadget;
3052
3053
3054
3055
3056
3057
3058
3059
3060 if (!ffs_opts->refcnt) {
3061 ret = functionfs_bind(func->ffs, c->cdev);
3062 if (ret)
3063 return ERR_PTR(ret);
3064 }
3065 ffs_opts->refcnt++;
3066 func->function.strings = func->ffs->stringtabs;
3067
3068 return ffs_opts;
3069}
3070
3071static int _ffs_func_bind(struct usb_configuration *c,
3072 struct usb_function *f)
3073{
3074 struct ffs_function *func = ffs_func_from_usb(f);
3075 struct ffs_data *ffs = func->ffs;
3076
3077 const int full = !!func->ffs->fs_descs_count;
3078 const int high = !!func->ffs->hs_descs_count;
3079 const int super = !!func->ffs->ss_descs_count;
3080
3081 int fs_len, hs_len, ss_len, ret, i;
3082 struct ffs_ep *eps_ptr;
3083
3084
3085 vla_group(d);
3086 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
3087 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
3088 full ? ffs->fs_descs_count + 1 : 0);
3089 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
3090 high ? ffs->hs_descs_count + 1 : 0);
3091 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
3092 super ? ffs->ss_descs_count + 1 : 0);
3093 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
3094 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
3095 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3096 vla_item_with_sz(d, char[16], ext_compat,
3097 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3098 vla_item_with_sz(d, struct usb_os_desc, os_desc,
3099 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3100 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
3101 ffs->ms_os_descs_ext_prop_count);
3102 vla_item_with_sz(d, char, ext_prop_name,
3103 ffs->ms_os_descs_ext_prop_name_len);
3104 vla_item_with_sz(d, char, ext_prop_data,
3105 ffs->ms_os_descs_ext_prop_data_len);
3106 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
3107 char *vlabuf;
3108
3109 ENTER();
3110
3111
3112 if (unlikely(!(full | high | super)))
3113 return -ENOTSUPP;
3114
3115
3116 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
3117 if (unlikely(!vlabuf))
3118 return -ENOMEM;
3119
3120 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
3121 ffs->ms_os_descs_ext_prop_name_avail =
3122 vla_ptr(vlabuf, d, ext_prop_name);
3123 ffs->ms_os_descs_ext_prop_data_avail =
3124 vla_ptr(vlabuf, d, ext_prop_data);
3125
3126
3127 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
3128 ffs->raw_descs_length);
3129
3130 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
3131 eps_ptr = vla_ptr(vlabuf, d, eps);
3132 for (i = 0; i < ffs->eps_count; i++)
3133 eps_ptr[i].num = -1;
3134
3135
3136
3137
3138 func->eps = vla_ptr(vlabuf, d, eps);
3139 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
3140
3141
3142
3143
3144
3145
3146 if (likely(full)) {
3147 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3148 fs_len = ffs_do_descs(ffs->fs_descs_count,
3149 vla_ptr(vlabuf, d, raw_descs),
3150 d_raw_descs__sz,
3151 __ffs_func_bind_do_descs, func);
3152 if (unlikely(fs_len < 0)) {
3153 ret = fs_len;
3154 goto error;
3155 }
3156 } else {
3157 fs_len = 0;
3158 }
3159
3160 if (likely(high)) {
3161 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3162 hs_len = ffs_do_descs(ffs->hs_descs_count,
3163 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3164 d_raw_descs__sz - fs_len,
3165 __ffs_func_bind_do_descs, func);
3166 if (unlikely(hs_len < 0)) {
3167 ret = hs_len;
3168 goto error;
3169 }
3170 } else {
3171 hs_len = 0;
3172 }
3173
3174 if (likely(super)) {
3175 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
3176 ss_len = ffs_do_descs(ffs->ss_descs_count,
3177 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3178 d_raw_descs__sz - fs_len - hs_len,
3179 __ffs_func_bind_do_descs, func);
3180 if (unlikely(ss_len < 0)) {
3181 ret = ss_len;
3182 goto error;
3183 }
3184 } else {
3185 ss_len = 0;
3186 }
3187
3188
3189
3190
3191
3192
3193 ret = ffs_do_descs(ffs->fs_descs_count +
3194 (high ? ffs->hs_descs_count : 0) +
3195 (super ? ffs->ss_descs_count : 0),
3196 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3197 __ffs_func_bind_do_nums, func);
3198 if (unlikely(ret < 0))
3199 goto error;
3200
3201 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3202 if (c->cdev->use_os_string) {
3203 for (i = 0; i < ffs->interfaces_count; ++i) {
3204 struct usb_os_desc *desc;
3205
3206 desc = func->function.os_desc_table[i].os_desc =
3207 vla_ptr(vlabuf, d, os_desc) +
3208 i * sizeof(struct usb_os_desc);
3209 desc->ext_compat_id =
3210 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3211 INIT_LIST_HEAD(&desc->ext_prop);
3212 }
3213 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3214 vla_ptr(vlabuf, d, raw_descs) +
3215 fs_len + hs_len + ss_len,
3216 d_raw_descs__sz - fs_len - hs_len -
3217 ss_len,
3218 __ffs_func_bind_do_os_desc, func);
3219 if (unlikely(ret < 0))
3220 goto error;
3221 }
3222 func->function.os_desc_n =
3223 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3224
3225
3226 ffs_event_add(ffs, FUNCTIONFS_BIND);
3227 return 0;
3228
3229error:
3230
3231 return ret;
3232}
3233
3234static int ffs_func_bind(struct usb_configuration *c,
3235 struct usb_function *f)
3236{
3237 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3238 struct ffs_function *func = ffs_func_from_usb(f);
3239 int ret;
3240
3241 if (IS_ERR(ffs_opts))
3242 return PTR_ERR(ffs_opts);
3243
3244 ret = _ffs_func_bind(c, f);
3245 if (ret && !--ffs_opts->refcnt)
3246 functionfs_unbind(func->ffs);
3247
3248 return ret;
3249}
3250
3251
3252
3253
3254static void ffs_reset_work(struct work_struct *work)
3255{
3256 struct ffs_data *ffs = container_of(work,
3257 struct ffs_data, reset_work);
3258 ffs_data_reset(ffs);
3259}
3260
3261static int ffs_func_set_alt(struct usb_function *f,
3262 unsigned interface, unsigned alt)
3263{
3264 struct ffs_function *func = ffs_func_from_usb(f);
3265 struct ffs_data *ffs = func->ffs;
3266 int ret = 0, intf;
3267
3268 if (alt != (unsigned)-1) {
3269 intf = ffs_func_revmap_intf(func, interface);
3270 if (unlikely(intf < 0))
3271 return intf;
3272 }
3273
3274 if (ffs->func)
3275 ffs_func_eps_disable(ffs->func);
3276
3277 if (ffs->state == FFS_DEACTIVATED) {
3278 ffs->state = FFS_CLOSING;
3279 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3280 schedule_work(&ffs->reset_work);
3281 return -ENODEV;
3282 }
3283
3284 if (ffs->state != FFS_ACTIVE)
3285 return -ENODEV;
3286
3287 if (alt == (unsigned)-1) {
3288 ffs->func = NULL;
3289 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3290 return 0;
3291 }
3292
3293 ffs->func = func;
3294 ret = ffs_func_eps_enable(func);
3295 if (likely(ret >= 0))
3296 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3297 return ret;
3298}
3299
3300static void ffs_func_disable(struct usb_function *f)
3301{
3302 ffs_func_set_alt(f, 0, (unsigned)-1);
3303}
3304
3305static int ffs_func_setup(struct usb_function *f,
3306 const struct usb_ctrlrequest *creq)
3307{
3308 struct ffs_function *func = ffs_func_from_usb(f);
3309 struct ffs_data *ffs = func->ffs;
3310 unsigned long flags;
3311 int ret;
3312
3313 ENTER();
3314
3315 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3316 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3317 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3318 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3319 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331 if (ffs->state != FFS_ACTIVE)
3332 return -ENODEV;
3333
3334 switch (creq->bRequestType & USB_RECIP_MASK) {
3335 case USB_RECIP_INTERFACE:
3336 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3337 if (unlikely(ret < 0))
3338 return ret;
3339 break;
3340
3341 case USB_RECIP_ENDPOINT:
3342 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3343 if (unlikely(ret < 0))
3344 return ret;
3345 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3346 ret = func->ffs->eps_addrmap[ret];
3347 break;
3348
3349 default:
3350 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3351 ret = le16_to_cpu(creq->wIndex);
3352 else
3353 return -EOPNOTSUPP;
3354 }
3355
3356 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3357 ffs->ev.setup = *creq;
3358 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3359 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3360 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3361
3362 return creq->wLength == 0 ? USB_GADGET_DELAYED_STATUS : 0;
3363}
3364
3365static bool ffs_func_req_match(struct usb_function *f,
3366 const struct usb_ctrlrequest *creq,
3367 bool config0)
3368{
3369 struct ffs_function *func = ffs_func_from_usb(f);
3370
3371 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3372 return false;
3373
3374 switch (creq->bRequestType & USB_RECIP_MASK) {
3375 case USB_RECIP_INTERFACE:
3376 return (ffs_func_revmap_intf(func,
3377 le16_to_cpu(creq->wIndex)) >= 0);
3378 case USB_RECIP_ENDPOINT:
3379 return (ffs_func_revmap_ep(func,
3380 le16_to_cpu(creq->wIndex)) >= 0);
3381 default:
3382 return (bool) (func->ffs->user_flags &
3383 FUNCTIONFS_ALL_CTRL_RECIP);
3384 }
3385}
3386
3387static void ffs_func_suspend(struct usb_function *f)
3388{
3389 ENTER();
3390 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3391}
3392
3393static void ffs_func_resume(struct usb_function *f)
3394{
3395 ENTER();
3396 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3397}
3398
3399
3400
3401
3402static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3403{
3404 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3405 return num ? num : -EDOM;
3406}
3407
3408static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3409{
3410 short *nums = func->interfaces_nums;
3411 unsigned count = func->ffs->interfaces_count;
3412
3413 for (; count; --count, ++nums) {
3414 if (*nums >= 0 && *nums == intf)
3415 return nums - func->interfaces_nums;
3416 }
3417
3418 return -EDOM;
3419}
3420
3421
3422
3423
3424static LIST_HEAD(ffs_devices);
3425
3426static struct ffs_dev *_ffs_do_find_dev(const char *name)
3427{
3428 struct ffs_dev *dev;
3429
3430 if (!name)
3431 return NULL;
3432
3433 list_for_each_entry(dev, &ffs_devices, entry) {
3434 if (strcmp(dev->name, name) == 0)
3435 return dev;
3436 }
3437
3438 return NULL;
3439}
3440
3441
3442
3443
3444static struct ffs_dev *_ffs_get_single_dev(void)
3445{
3446 struct ffs_dev *dev;
3447
3448 if (list_is_singular(&ffs_devices)) {
3449 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3450 if (dev->single)
3451 return dev;
3452 }
3453
3454 return NULL;
3455}
3456
3457
3458
3459
3460static struct ffs_dev *_ffs_find_dev(const char *name)
3461{
3462 struct ffs_dev *dev;
3463
3464 dev = _ffs_get_single_dev();
3465 if (dev)
3466 return dev;
3467
3468 return _ffs_do_find_dev(name);
3469}
3470
3471
3472
3473static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3474{
3475 return container_of(to_config_group(item), struct f_fs_opts,
3476 func_inst.group);
3477}
3478
3479static void ffs_attr_release(struct config_item *item)
3480{
3481 struct f_fs_opts *opts = to_ffs_opts(item);
3482
3483 usb_put_function_instance(&opts->func_inst);
3484}
3485
3486static struct configfs_item_operations ffs_item_ops = {
3487 .release = ffs_attr_release,
3488};
3489
3490static const struct config_item_type ffs_func_type = {
3491 .ct_item_ops = &ffs_item_ops,
3492 .ct_owner = THIS_MODULE,
3493};
3494
3495
3496
3497
3498static void ffs_free_inst(struct usb_function_instance *f)
3499{
3500 struct f_fs_opts *opts;
3501
3502 opts = to_f_fs_opts(f);
3503 ffs_dev_lock();
3504 _ffs_free_dev(opts->dev);
3505 ffs_dev_unlock();
3506 kfree(opts);
3507}
3508
3509static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3510{
3511 if (strlen(name) >= FIELD_SIZEOF(struct ffs_dev, name))
3512 return -ENAMETOOLONG;
3513 return ffs_name_dev(to_f_fs_opts(fi)->dev, name);
3514}
3515
3516static struct usb_function_instance *ffs_alloc_inst(void)
3517{
3518 struct f_fs_opts *opts;
3519 struct ffs_dev *dev;
3520
3521 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3522 if (!opts)
3523 return ERR_PTR(-ENOMEM);
3524
3525 opts->func_inst.set_inst_name = ffs_set_inst_name;
3526 opts->func_inst.free_func_inst = ffs_free_inst;
3527 ffs_dev_lock();
3528 dev = _ffs_alloc_dev();
3529 ffs_dev_unlock();
3530 if (IS_ERR(dev)) {
3531 kfree(opts);
3532 return ERR_CAST(dev);
3533 }
3534 opts->dev = dev;
3535 dev->opts = opts;
3536
3537 config_group_init_type_name(&opts->func_inst.group, "",
3538 &ffs_func_type);
3539 return &opts->func_inst;
3540}
3541
3542static void ffs_free(struct usb_function *f)
3543{
3544 kfree(ffs_func_from_usb(f));
3545}
3546
3547static void ffs_func_unbind(struct usb_configuration *c,
3548 struct usb_function *f)
3549{
3550 struct ffs_function *func = ffs_func_from_usb(f);
3551 struct ffs_data *ffs = func->ffs;
3552 struct f_fs_opts *opts =
3553 container_of(f->fi, struct f_fs_opts, func_inst);
3554 struct ffs_ep *ep = func->eps;
3555 unsigned count = ffs->eps_count;
3556 unsigned long flags;
3557
3558 ENTER();
3559 if (ffs->func == func) {
3560 ffs_func_eps_disable(func);
3561 ffs->func = NULL;
3562 }
3563
3564 if (!--opts->refcnt)
3565 functionfs_unbind(ffs);
3566
3567
3568 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3569 while (count--) {
3570 if (ep->ep && ep->req)
3571 usb_ep_free_request(ep->ep, ep->req);
3572 ep->req = NULL;
3573 ++ep;
3574 }
3575 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3576 kfree(func->eps);
3577 func->eps = NULL;
3578
3579
3580
3581
3582 func->function.fs_descriptors = NULL;
3583 func->function.hs_descriptors = NULL;
3584 func->function.ss_descriptors = NULL;
3585 func->interfaces_nums = NULL;
3586
3587 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3588}
3589
3590static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3591{
3592 struct ffs_function *func;
3593
3594 ENTER();
3595
3596 func = kzalloc(sizeof(*func), GFP_KERNEL);
3597 if (unlikely(!func))
3598 return ERR_PTR(-ENOMEM);
3599
3600 func->function.name = "Function FS Gadget";
3601
3602 func->function.bind = ffs_func_bind;
3603 func->function.unbind = ffs_func_unbind;
3604 func->function.set_alt = ffs_func_set_alt;
3605 func->function.disable = ffs_func_disable;
3606 func->function.setup = ffs_func_setup;
3607 func->function.req_match = ffs_func_req_match;
3608 func->function.suspend = ffs_func_suspend;
3609 func->function.resume = ffs_func_resume;
3610 func->function.free_func = ffs_free;
3611
3612 return &func->function;
3613}
3614
3615
3616
3617
3618static struct ffs_dev *_ffs_alloc_dev(void)
3619{
3620 struct ffs_dev *dev;
3621 int ret;
3622
3623 if (_ffs_get_single_dev())
3624 return ERR_PTR(-EBUSY);
3625
3626 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3627 if (!dev)
3628 return ERR_PTR(-ENOMEM);
3629
3630 if (list_empty(&ffs_devices)) {
3631 ret = functionfs_init();
3632 if (ret) {
3633 kfree(dev);
3634 return ERR_PTR(ret);
3635 }
3636 }
3637
3638 list_add(&dev->entry, &ffs_devices);
3639
3640 return dev;
3641}
3642
3643int ffs_name_dev(struct ffs_dev *dev, const char *name)
3644{
3645 struct ffs_dev *existing;
3646 int ret = 0;
3647
3648 ffs_dev_lock();
3649
3650 existing = _ffs_do_find_dev(name);
3651 if (!existing)
3652 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3653 else if (existing != dev)
3654 ret = -EBUSY;
3655
3656 ffs_dev_unlock();
3657
3658 return ret;
3659}
3660EXPORT_SYMBOL_GPL(ffs_name_dev);
3661
3662int ffs_single_dev(struct ffs_dev *dev)
3663{
3664 int ret;
3665
3666 ret = 0;
3667 ffs_dev_lock();
3668
3669 if (!list_is_singular(&ffs_devices))
3670 ret = -EBUSY;
3671 else
3672 dev->single = true;
3673
3674 ffs_dev_unlock();
3675 return ret;
3676}
3677EXPORT_SYMBOL_GPL(ffs_single_dev);
3678
3679
3680
3681
3682static void _ffs_free_dev(struct ffs_dev *dev)
3683{
3684 list_del(&dev->entry);
3685
3686
3687 if (dev->ffs_data)
3688 dev->ffs_data->private_data = NULL;
3689
3690 kfree(dev);
3691 if (list_empty(&ffs_devices))
3692 functionfs_cleanup();
3693}
3694
3695static void *ffs_acquire_dev(const char *dev_name)
3696{
3697 struct ffs_dev *ffs_dev;
3698
3699 ENTER();
3700 ffs_dev_lock();
3701
3702 ffs_dev = _ffs_find_dev(dev_name);
3703 if (!ffs_dev)
3704 ffs_dev = ERR_PTR(-ENOENT);
3705 else if (ffs_dev->mounted)
3706 ffs_dev = ERR_PTR(-EBUSY);
3707 else if (ffs_dev->ffs_acquire_dev_callback &&
3708 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
3709 ffs_dev = ERR_PTR(-ENOENT);
3710 else
3711 ffs_dev->mounted = true;
3712
3713 ffs_dev_unlock();
3714 return ffs_dev;
3715}
3716
3717static void ffs_release_dev(struct ffs_data *ffs_data)
3718{
3719 struct ffs_dev *ffs_dev;
3720
3721 ENTER();
3722 ffs_dev_lock();
3723
3724 ffs_dev = ffs_data->private_data;
3725 if (ffs_dev) {
3726 ffs_dev->mounted = false;
3727
3728 if (ffs_dev->ffs_release_dev_callback)
3729 ffs_dev->ffs_release_dev_callback(ffs_dev);
3730 }
3731
3732 ffs_dev_unlock();
3733}
3734
3735static int ffs_ready(struct ffs_data *ffs)
3736{
3737 struct ffs_dev *ffs_obj;
3738 int ret = 0;
3739
3740 ENTER();
3741 ffs_dev_lock();
3742
3743 ffs_obj = ffs->private_data;
3744 if (!ffs_obj) {
3745 ret = -EINVAL;
3746 goto done;
3747 }
3748 if (WARN_ON(ffs_obj->desc_ready)) {
3749 ret = -EBUSY;
3750 goto done;
3751 }
3752
3753 ffs_obj->desc_ready = true;
3754 ffs_obj->ffs_data = ffs;
3755
3756 if (ffs_obj->ffs_ready_callback) {
3757 ret = ffs_obj->ffs_ready_callback(ffs);
3758 if (ret)
3759 goto done;
3760 }
3761
3762 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3763done:
3764 ffs_dev_unlock();
3765 return ret;
3766}
3767
3768static void ffs_closed(struct ffs_data *ffs)
3769{
3770 struct ffs_dev *ffs_obj;
3771 struct f_fs_opts *opts;
3772 struct config_item *ci;
3773
3774 ENTER();
3775 ffs_dev_lock();
3776
3777 ffs_obj = ffs->private_data;
3778 if (!ffs_obj)
3779 goto done;
3780
3781 ffs_obj->desc_ready = false;
3782 ffs_obj->ffs_data = NULL;
3783
3784 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3785 ffs_obj->ffs_closed_callback)
3786 ffs_obj->ffs_closed_callback(ffs);
3787
3788 if (ffs_obj->opts)
3789 opts = ffs_obj->opts;
3790 else
3791 goto done;
3792
3793 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3794 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
3795 goto done;
3796
3797 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3798 ffs_dev_unlock();
3799
3800 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3801 unregister_gadget_item(ci);
3802 return;
3803done:
3804 ffs_dev_unlock();
3805}
3806
3807
3808
3809static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3810{
3811 return nonblock
3812 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3813 : mutex_lock_interruptible(mutex);
3814}
3815
3816static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3817{
3818 char *data;
3819
3820 if (unlikely(!len))
3821 return NULL;
3822
3823 data = kmalloc(len, GFP_KERNEL);
3824 if (unlikely(!data))
3825 return ERR_PTR(-ENOMEM);
3826
3827 if (unlikely(copy_from_user(data, buf, len))) {
3828 kfree(data);
3829 return ERR_PTR(-EFAULT);
3830 }
3831
3832 pr_vdebug("Buffer from user space:\n");
3833 ffs_dump_mem("", data, len);
3834
3835 return data;
3836}
3837
3838DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3839MODULE_LICENSE("GPL");
3840MODULE_AUTHOR("Michal Nazarewicz");
3841
