1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/usb/storage.h>
28#include <scsi/scsi.h>
29#include <asm/unaligned.h>
30
31
32
33
34
35
36
37
38#define FSG_VENDOR_ID 0x0525
39#define FSG_PRODUCT_ID 0xa4a5
40
41
42
43
44
45#ifndef DEBUG
46#undef VERBOSE_DEBUG
47#undef DUMP_MSGS
48#endif
49
50#ifdef VERBOSE_DEBUG
51#define VLDBG LDBG
52#else
53#define VLDBG(lun, fmt, args...) do { } while (0)
54#endif
55
56#define LDBG(lun, fmt, args...) dev_dbg (&(lun)->dev, fmt, ## args)
57#define LERROR(lun, fmt, args...) dev_err (&(lun)->dev, fmt, ## args)
58#define LWARN(lun, fmt, args...) dev_warn(&(lun)->dev, fmt, ## args)
59#define LINFO(lun, fmt, args...) dev_info(&(lun)->dev, fmt, ## args)
60
61
62#ifdef DUMP_MSGS
63
64# define dump_msg(fsg, label, \
65 buf, length) do { \
66 if (length < 512) { \
67 DBG(fsg, "%s, length %u:\n", label, length); \
68 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, \
69 16, 1, buf, length, 0); \
70 } \
71} while (0)
72
73# define dump_cdb(fsg) do { } while (0)
74
75#else
76
77# define dump_msg(fsg, label, \
78 buf, length) do { } while (0)
79
80# ifdef VERBOSE_DEBUG
81
82# define dump_cdb(fsg) \
83 print_hex_dump(KERN_DEBUG, "SCSI CDB: ", DUMP_PREFIX_NONE, \
84 16, 1, (fsg)->cmnd, (fsg)->cmnd_size, 0) \
85
86# else
87
88# define dump_cdb(fsg) do { } while (0)
89
90# endif
91
92#endif
93
94
95
96
97#define MAX_COMMAND_SIZE 16
98
99
100#define SS_NO_SENSE 0
101#define SS_COMMUNICATION_FAILURE 0x040800
102#define SS_INVALID_COMMAND 0x052000
103#define SS_INVALID_FIELD_IN_CDB 0x052400
104#define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
105#define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
106#define SS_MEDIUM_NOT_PRESENT 0x023a00
107#define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
108#define SS_NOT_READY_TO_READY_TRANSITION 0x062800
109#define SS_RESET_OCCURRED 0x062900
110#define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
111#define SS_UNRECOVERED_READ_ERROR 0x031100
112#define SS_WRITE_ERROR 0x030c02
113#define SS_WRITE_PROTECTED 0x072700
114
115#define SK(x) ((u8) ((x) >> 16))
116#define ASC(x) ((u8) ((x) >> 8))
117#define ASCQ(x) ((u8) (x))
118
119
120
121
122
123struct fsg_lun {
124 struct file *filp;
125 loff_t file_length;
126 loff_t num_sectors;
127
128 unsigned int initially_ro:1;
129 unsigned int ro:1;
130 unsigned int removable:1;
131 unsigned int cdrom:1;
132 unsigned int prevent_medium_removal:1;
133 unsigned int registered:1;
134 unsigned int info_valid:1;
135 unsigned int nofua:1;
136
137 u32 sense_data;
138 u32 sense_data_info;
139 u32 unit_attention_data;
140
141 unsigned int blkbits;
142 unsigned int blksize;
143 struct device dev;
144};
145
146static inline bool fsg_lun_is_open(struct fsg_lun *curlun)
147{
148 return curlun->filp != NULL;
149}
150
151static inline struct fsg_lun *fsg_lun_from_dev(struct device *dev)
152{
153 return container_of(dev, struct fsg_lun, dev);
154}
155
156
157
158#define EP0_BUFSIZE 256
159#define DELAYED_STATUS (EP0_BUFSIZE + 999)
160
161#ifdef CONFIG_USB_GADGET_DEBUG_FILES
162
163static unsigned int fsg_num_buffers = CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS;
164module_param_named(num_buffers, fsg_num_buffers, uint, S_IRUGO);
165MODULE_PARM_DESC(num_buffers, "Number of pipeline buffers");
166
167#else
168
169
170
171
172
173#define fsg_num_buffers CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS
174
175#endif
176
177
178static inline int fsg_num_buffers_validate(void)
179{
180 if (fsg_num_buffers >= 2 && fsg_num_buffers <= 4)
181 return 0;
182 pr_err("fsg_num_buffers %u is out of range (%d to %d)\n",
183 fsg_num_buffers, 2 ,4);
184 return -EINVAL;
185}
186
187
188#define FSG_BUFLEN ((u32)16384)
189
190
191#define FSG_MAX_LUNS 8
192
193enum fsg_buffer_state {
194 BUF_STATE_EMPTY = 0,
195 BUF_STATE_FULL,
196 BUF_STATE_BUSY
197};
198
199struct fsg_buffhd {
200 void *buf;
201 enum fsg_buffer_state state;
202 struct fsg_buffhd *next;
203
204
205
206
207
208
209 unsigned int bulk_out_intended_length;
210
211 struct usb_request *inreq;
212 int inreq_busy;
213 struct usb_request *outreq;
214 int outreq_busy;
215};
216
217enum fsg_state {
218
219 FSG_STATE_COMMAND_PHASE = -10,
220 FSG_STATE_DATA_PHASE,
221 FSG_STATE_STATUS_PHASE,
222
223 FSG_STATE_IDLE = 0,
224 FSG_STATE_ABORT_BULK_OUT,
225 FSG_STATE_RESET,
226 FSG_STATE_INTERFACE_CHANGE,
227 FSG_STATE_CONFIG_CHANGE,
228 FSG_STATE_DISCONNECT,
229 FSG_STATE_EXIT,
230 FSG_STATE_TERMINATED
231};
232
233enum data_direction {
234 DATA_DIR_UNKNOWN = 0,
235 DATA_DIR_FROM_HOST,
236 DATA_DIR_TO_HOST,
237 DATA_DIR_NONE
238};
239
240
241
242
243
244static inline u32 get_unaligned_be24(u8 *buf)
245{
246 return 0xffffff & (u32) get_unaligned_be32(buf - 1);
247}
248
249
250
251
252
253enum {
254 FSG_STRING_INTERFACE
255};
256
257
258
259
260static struct usb_interface_descriptor
261fsg_intf_desc = {
262 .bLength = sizeof fsg_intf_desc,
263 .bDescriptorType = USB_DT_INTERFACE,
264
265 .bNumEndpoints = 2,
266 .bInterfaceClass = USB_CLASS_MASS_STORAGE,
267 .bInterfaceSubClass = USB_SC_SCSI,
268 .bInterfaceProtocol = USB_PR_BULK,
269 .iInterface = FSG_STRING_INTERFACE,
270};
271
272
273
274
275
276
277static struct usb_endpoint_descriptor
278fsg_fs_bulk_in_desc = {
279 .bLength = USB_DT_ENDPOINT_SIZE,
280 .bDescriptorType = USB_DT_ENDPOINT,
281
282 .bEndpointAddress = USB_DIR_IN,
283 .bmAttributes = USB_ENDPOINT_XFER_BULK,
284
285};
286
287static struct usb_endpoint_descriptor
288fsg_fs_bulk_out_desc = {
289 .bLength = USB_DT_ENDPOINT_SIZE,
290 .bDescriptorType = USB_DT_ENDPOINT,
291
292 .bEndpointAddress = USB_DIR_OUT,
293 .bmAttributes = USB_ENDPOINT_XFER_BULK,
294
295};
296
297static struct usb_descriptor_header *fsg_fs_function[] = {
298 (struct usb_descriptor_header *) &fsg_intf_desc,
299 (struct usb_descriptor_header *) &fsg_fs_bulk_in_desc,
300 (struct usb_descriptor_header *) &fsg_fs_bulk_out_desc,
301 NULL,
302};
303
304
305
306
307
308
309
310
311
312
313static struct usb_endpoint_descriptor
314fsg_hs_bulk_in_desc = {
315 .bLength = USB_DT_ENDPOINT_SIZE,
316 .bDescriptorType = USB_DT_ENDPOINT,
317
318
319 .bmAttributes = USB_ENDPOINT_XFER_BULK,
320 .wMaxPacketSize = cpu_to_le16(512),
321};
322
323static struct usb_endpoint_descriptor
324fsg_hs_bulk_out_desc = {
325 .bLength = USB_DT_ENDPOINT_SIZE,
326 .bDescriptorType = USB_DT_ENDPOINT,
327
328
329 .bmAttributes = USB_ENDPOINT_XFER_BULK,
330 .wMaxPacketSize = cpu_to_le16(512),
331 .bInterval = 1,
332};
333
334
335static struct usb_descriptor_header *fsg_hs_function[] = {
336 (struct usb_descriptor_header *) &fsg_intf_desc,
337 (struct usb_descriptor_header *) &fsg_hs_bulk_in_desc,
338 (struct usb_descriptor_header *) &fsg_hs_bulk_out_desc,
339 NULL,
340};
341
342static struct usb_endpoint_descriptor
343fsg_ss_bulk_in_desc = {
344 .bLength = USB_DT_ENDPOINT_SIZE,
345 .bDescriptorType = USB_DT_ENDPOINT,
346
347
348 .bmAttributes = USB_ENDPOINT_XFER_BULK,
349 .wMaxPacketSize = cpu_to_le16(1024),
350};
351
352static struct usb_ss_ep_comp_descriptor fsg_ss_bulk_in_comp_desc = {
353 .bLength = sizeof(fsg_ss_bulk_in_comp_desc),
354 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
355
356
357};
358
359static struct usb_endpoint_descriptor
360fsg_ss_bulk_out_desc = {
361 .bLength = USB_DT_ENDPOINT_SIZE,
362 .bDescriptorType = USB_DT_ENDPOINT,
363
364
365 .bmAttributes = USB_ENDPOINT_XFER_BULK,
366 .wMaxPacketSize = cpu_to_le16(1024),
367};
368
369static struct usb_ss_ep_comp_descriptor fsg_ss_bulk_out_comp_desc = {
370 .bLength = sizeof(fsg_ss_bulk_in_comp_desc),
371 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
372
373
374};
375
376static struct usb_descriptor_header *fsg_ss_function[] = {
377 (struct usb_descriptor_header *) &fsg_intf_desc,
378 (struct usb_descriptor_header *) &fsg_ss_bulk_in_desc,
379 (struct usb_descriptor_header *) &fsg_ss_bulk_in_comp_desc,
380 (struct usb_descriptor_header *) &fsg_ss_bulk_out_desc,
381 (struct usb_descriptor_header *) &fsg_ss_bulk_out_comp_desc,
382 NULL,
383};
384
385
386static struct usb_string fsg_strings[] = {
387 {FSG_STRING_INTERFACE, fsg_string_interface},
388 {}
389};
390
391static struct usb_gadget_strings fsg_stringtab = {
392 .language = 0x0409,
393 .strings = fsg_strings,
394};
395
396
397
398
399
400
401
402
403
404static void fsg_lun_close(struct fsg_lun *curlun)
405{
406 if (curlun->filp) {
407 LDBG(curlun, "close backing file\n");
408 fput(curlun->filp);
409 curlun->filp = NULL;
410 }
411}
412
413
414static int fsg_lun_open(struct fsg_lun *curlun, const char *filename)
415{
416 int ro;
417 struct file *filp = NULL;
418 int rc = -EINVAL;
419 struct inode *inode = NULL;
420 loff_t size;
421 loff_t num_sectors;
422 loff_t min_sectors;
423 unsigned int blkbits;
424 unsigned int blksize;
425
426
427 ro = curlun->initially_ro;
428 if (!ro) {
429 filp = filp_open(filename, O_RDWR | O_LARGEFILE, 0);
430 if (PTR_ERR(filp) == -EROFS || PTR_ERR(filp) == -EACCES)
431 ro = 1;
432 }
433 if (ro)
434 filp = filp_open(filename, O_RDONLY | O_LARGEFILE, 0);
435 if (IS_ERR(filp)) {
436 LINFO(curlun, "unable to open backing file: %s\n", filename);
437 return PTR_ERR(filp);
438 }
439
440 if (!(filp->f_mode & FMODE_WRITE))
441 ro = 1;
442
443 inode = file_inode(filp);
444 if ((!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))) {
445 LINFO(curlun, "invalid file type: %s\n", filename);
446 goto out;
447 }
448
449
450
451
452
453 if (!(filp->f_op->read || filp->f_op->aio_read)) {
454 LINFO(curlun, "file not readable: %s\n", filename);
455 goto out;
456 }
457 if (!(filp->f_op->write || filp->f_op->aio_write))
458 ro = 1;
459
460 size = i_size_read(inode->i_mapping->host);
461 if (size < 0) {
462 LINFO(curlun, "unable to find file size: %s\n", filename);
463 rc = (int) size;
464 goto out;
465 }
466
467 if (curlun->cdrom) {
468 blksize = 2048;
469 blkbits = 11;
470 } else if (inode->i_bdev) {
471 blksize = bdev_logical_block_size(inode->i_bdev);
472 blkbits = blksize_bits(blksize);
473 } else {
474 blksize = 512;
475 blkbits = 9;
476 }
477
478 num_sectors = size >> blkbits;
479 min_sectors = 1;
480 if (curlun->cdrom) {
481 min_sectors = 300;
482 if (num_sectors >= 256*60*75) {
483 num_sectors = 256*60*75 - 1;
484 LINFO(curlun, "file too big: %s\n", filename);
485 LINFO(curlun, "using only first %d blocks\n",
486 (int) num_sectors);
487 }
488 }
489 if (num_sectors < min_sectors) {
490 LINFO(curlun, "file too small: %s\n", filename);
491 rc = -ETOOSMALL;
492 goto out;
493 }
494
495 if (fsg_lun_is_open(curlun))
496 fsg_lun_close(curlun);
497
498 curlun->blksize = blksize;
499 curlun->blkbits = blkbits;
500 curlun->ro = ro;
501 curlun->filp = filp;
502 curlun->file_length = size;
503 curlun->num_sectors = num_sectors;
504 LDBG(curlun, "open backing file: %s\n", filename);
505 return 0;
506
507out:
508 fput(filp);
509 return rc;
510}
511
512
513
514
515
516
517
518
519static int fsg_lun_fsync_sub(struct fsg_lun *curlun)
520{
521 struct file *filp = curlun->filp;
522
523 if (curlun->ro || !filp)
524 return 0;
525 return vfs_fsync(filp, 1);
526}
527
528static void store_cdrom_address(u8 *dest, int msf, u32 addr)
529{
530 if (msf) {
531
532 addr >>= 2;
533 addr += 2*75;
534 dest[3] = addr % 75;
535 addr /= 75;
536 dest[2] = addr % 60;
537 addr /= 60;
538 dest[1] = addr;
539 dest[0] = 0;
540 } else {
541
542 put_unaligned_be32(addr, dest);
543 }
544}
545
546
547
548
549
550static ssize_t fsg_show_ro(struct device *dev, struct device_attribute *attr,
551 char *buf)
552{
553 struct fsg_lun *curlun = fsg_lun_from_dev(dev);
554
555 return sprintf(buf, "%d\n", fsg_lun_is_open(curlun)
556 ? curlun->ro
557 : curlun->initially_ro);
558}
559
560static ssize_t fsg_show_nofua(struct device *dev, struct device_attribute *attr,
561 char *buf)
562{
563 struct fsg_lun *curlun = fsg_lun_from_dev(dev);
564
565 return sprintf(buf, "%u\n", curlun->nofua);
566}
567
568static ssize_t fsg_show_file(struct device *dev, struct device_attribute *attr,
569 char *buf)
570{
571 struct fsg_lun *curlun = fsg_lun_from_dev(dev);
572 struct rw_semaphore *filesem = dev_get_drvdata(dev);
573 char *p;
574 ssize_t rc;
575
576 down_read(filesem);
577 if (fsg_lun_is_open(curlun)) {
578 p = d_path(&curlun->filp->f_path, buf, PAGE_SIZE - 1);
579 if (IS_ERR(p))
580 rc = PTR_ERR(p);
581 else {
582 rc = strlen(p);
583 memmove(buf, p, rc);
584 buf[rc] = '\n';
585 buf[++rc] = 0;
586 }
587 } else {
588 *buf = 0;
589 rc = 0;
590 }
591 up_read(filesem);
592 return rc;
593}
594
595
596static ssize_t fsg_store_ro(struct device *dev, struct device_attribute *attr,
597 const char *buf, size_t count)
598{
599 ssize_t rc;
600 struct fsg_lun *curlun = fsg_lun_from_dev(dev);
601 struct rw_semaphore *filesem = dev_get_drvdata(dev);
602 unsigned ro;
603
604 rc = kstrtouint(buf, 2, &ro);
605 if (rc)
606 return rc;
607
608
609
610
611
612 down_read(filesem);
613 if (fsg_lun_is_open(curlun)) {
614 LDBG(curlun, "read-only status change prevented\n");
615 rc = -EBUSY;
616 } else {
617 curlun->ro = ro;
618 curlun->initially_ro = ro;
619 LDBG(curlun, "read-only status set to %d\n", curlun->ro);
620 rc = count;
621 }
622 up_read(filesem);
623 return rc;
624}
625
626static ssize_t fsg_store_nofua(struct device *dev,
627 struct device_attribute *attr,
628 const char *buf, size_t count)
629{
630 struct fsg_lun *curlun = fsg_lun_from_dev(dev);
631 unsigned nofua;
632 int ret;
633
634 ret = kstrtouint(buf, 2, &nofua);
635 if (ret)
636 return ret;
637
638
639 if (!nofua && curlun->nofua)
640 fsg_lun_fsync_sub(curlun);
641
642 curlun->nofua = nofua;
643
644 return count;
645}
646
647static ssize_t fsg_store_file(struct device *dev, struct device_attribute *attr,
648 const char *buf, size_t count)
649{
650 struct fsg_lun *curlun = fsg_lun_from_dev(dev);
651 struct rw_semaphore *filesem = dev_get_drvdata(dev);
652 int rc = 0;
653
654 if (curlun->prevent_medium_removal && fsg_lun_is_open(curlun)) {
655 LDBG(curlun, "eject attempt prevented\n");
656 return -EBUSY;
657 }
658
659
660 if (count > 0 && buf[count-1] == '\n')
661 ((char *) buf)[count-1] = 0;
662
663
664 down_write(filesem);
665 if (count > 0 && buf[0]) {
666
667 rc = fsg_lun_open(curlun, buf);
668 if (rc == 0)
669 curlun->unit_attention_data =
670 SS_NOT_READY_TO_READY_TRANSITION;
671 } else if (fsg_lun_is_open(curlun)) {
672 fsg_lun_close(curlun);
673 curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT;
674 }
675 up_write(filesem);
676 return (rc < 0 ? rc : count);
677}
678