1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include <linux/blkdev.h>
22#include <linux/pagemap.h>
23#include <linux/export.h>
24#include <linux/hid.h>
25#include <asm/unaligned.h>
26
27#include <linux/usb/composite.h>
28#include <linux/usb/functionfs.h>
29
30
31#define FUNCTIONFS_MAGIC 0xa647361
32
33
34
35
36#ifdef VERBOSE_DEBUG
37# define pr_vdebug pr_debug
38# define ffs_dump_mem(prefix, ptr, len) \
39 print_hex_dump_bytes(pr_fmt(prefix ": "), DUMP_PREFIX_NONE, ptr, len)
40#else
41# define pr_vdebug(...) do { } while (0)
42# define ffs_dump_mem(prefix, ptr, len) do { } while (0)
43#endif
44
45#define ENTER() pr_vdebug("%s()\n", __func__)
46
47
48
49
50enum ffs_state {
51
52
53
54
55
56
57
58 FFS_READ_DESCRIPTORS,
59 FFS_READ_STRINGS,
60
61
62
63
64
65
66
67
68
69 FFS_ACTIVE,
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84 FFS_CLOSING
85};
86
87
88enum ffs_setup_state {
89
90 FFS_NO_SETUP,
91
92
93
94
95
96 FFS_SETUP_PENDING,
97
98
99
100
101
102
103 FFS_SETUP_CANCELED
104};
105
106
107
108struct ffs_epfile;
109struct ffs_function;
110
111struct ffs_data {
112 struct usb_gadget *gadget;
113
114
115
116
117
118
119
120 struct mutex mutex;
121
122
123
124
125
126
127 spinlock_t eps_lock;
128
129
130
131
132
133
134
135
136
137 struct usb_request *ep0req;
138 struct completion ep0req_completion;
139 int ep0req_status;
140
141
142 atomic_t ref;
143
144 atomic_t opened;
145
146
147 enum ffs_state state;
148
149
150
151
152
153
154
155
156
157
158 enum ffs_setup_state setup_state;
159
160#define FFS_SETUP_STATE(ffs) \
161 ((enum ffs_setup_state)cmpxchg(&(ffs)->setup_state, \
162 FFS_SETUP_CANCELED, FFS_NO_SETUP))
163
164
165 struct {
166 u8 types[4];
167 unsigned short count;
168
169 unsigned short can_stall;
170 struct usb_ctrlrequest setup;
171
172 wait_queue_head_t waitq;
173 } ev;
174
175
176 unsigned long flags;
177#define FFS_FL_CALL_CLOSED_CALLBACK 0
178#define FFS_FL_BOUND 1
179
180
181 struct ffs_function *func;
182
183
184
185
186
187 const char *dev_name;
188
189 void *private_data;
190
191
192
193
194
195
196
197
198 const void *raw_descs;
199 unsigned raw_descs_length;
200 unsigned raw_fs_descs_length;
201 unsigned fs_descs_count;
202 unsigned hs_descs_count;
203
204 unsigned short strings_count;
205 unsigned short interfaces_count;
206 unsigned short eps_count;
207 unsigned short _pad1;
208
209
210
211 const void *raw_strings;
212 struct usb_gadget_strings **stringtabs;
213
214
215
216
217
218 struct super_block *sb;
219
220
221 struct ffs_file_perms {
222 umode_t mode;
223 uid_t uid;
224 gid_t gid;
225 } file_perms;
226
227
228
229
230
231 struct ffs_epfile *epfiles;
232};
233
234
235static void ffs_data_get(struct ffs_data *ffs);
236static void ffs_data_put(struct ffs_data *ffs);
237
238static struct ffs_data *__must_check ffs_data_new(void) __attribute__((malloc));
239
240
241static void ffs_data_opened(struct ffs_data *ffs);
242static void ffs_data_closed(struct ffs_data *ffs);
243
244
245static int __must_check
246__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
247static int __must_check
248__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
249
250
251
252
253struct ffs_ep;
254
255struct ffs_function {
256 struct usb_configuration *conf;
257 struct usb_gadget *gadget;
258 struct ffs_data *ffs;
259
260 struct ffs_ep *eps;
261 u8 eps_revmap[16];
262 short *interfaces_nums;
263
264 struct usb_function function;
265};
266
267
268static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
269{
270 return container_of(f, struct ffs_function, function);
271}
272
273static void ffs_func_free(struct ffs_function *func);
274
275static void ffs_func_eps_disable(struct ffs_function *func);
276static int __must_check ffs_func_eps_enable(struct ffs_function *func);
277
278static int ffs_func_bind(struct usb_configuration *,
279 struct usb_function *);
280static void ffs_func_unbind(struct usb_configuration *,
281 struct usb_function *);
282static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
283static void ffs_func_disable(struct usb_function *);
284static int ffs_func_setup(struct usb_function *,
285 const struct usb_ctrlrequest *);
286static void ffs_func_suspend(struct usb_function *);
287static void ffs_func_resume(struct usb_function *);
288
289
290static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
291static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
292
293
294
295
296struct ffs_ep {
297 struct usb_ep *ep;
298 struct usb_request *req;
299
300
301 struct usb_endpoint_descriptor *descs[2];
302
303 u8 num;
304
305 int status;
306};
307
308struct ffs_epfile {
309
310 struct mutex mutex;
311 wait_queue_head_t wait;
312
313 struct ffs_data *ffs;
314 struct ffs_ep *ep;
315
316 struct dentry *dentry;
317
318 char name[5];
319
320 unsigned char in;
321 unsigned char isoc;
322
323 unsigned char _pad;
324};
325
326static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
327static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
328
329static struct inode *__must_check
330ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
331 const struct file_operations *fops,
332 struct dentry **dentry_p);
333
334
335
336
337static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
338 __attribute__((warn_unused_result, nonnull));
339static char *ffs_prepare_buffer(const char * __user buf, size_t len)
340 __attribute__((warn_unused_result, nonnull));
341
342
343
344
345static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
346{
347 struct ffs_data *ffs = req->context;
348
349 complete_all(&ffs->ep0req_completion);
350}
351
352static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
353{
354 struct usb_request *req = ffs->ep0req;
355 int ret;
356
357 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
358
359 spin_unlock_irq(&ffs->ev.waitq.lock);
360
361 req->buf = data;
362 req->length = len;
363
364
365
366
367
368
369 if (req->buf == NULL)
370 req->buf = (void *)0xDEADBABE;
371
372 INIT_COMPLETION(ffs->ep0req_completion);
373
374 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
375 if (unlikely(ret < 0))
376 return ret;
377
378 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
379 if (unlikely(ret)) {
380 usb_ep_dequeue(ffs->gadget->ep0, req);
381 return -EINTR;
382 }
383
384 ffs->setup_state = FFS_NO_SETUP;
385 return ffs->ep0req_status;
386}
387
388static int __ffs_ep0_stall(struct ffs_data *ffs)
389{
390 if (ffs->ev.can_stall) {
391 pr_vdebug("ep0 stall\n");
392 usb_ep_set_halt(ffs->gadget->ep0);
393 ffs->setup_state = FFS_NO_SETUP;
394 return -EL2HLT;
395 } else {
396 pr_debug("bogus ep0 stall!\n");
397 return -ESRCH;
398 }
399}
400
401static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
402 size_t len, loff_t *ptr)
403{
404 struct ffs_data *ffs = file->private_data;
405 ssize_t ret;
406 char *data;
407
408 ENTER();
409
410
411 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED)
412 return -EIDRM;
413
414
415 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
416 if (unlikely(ret < 0))
417 return ret;
418
419
420 switch (ffs->state) {
421 case FFS_READ_DESCRIPTORS:
422 case FFS_READ_STRINGS:
423
424 if (unlikely(len < 16)) {
425 ret = -EINVAL;
426 break;
427 }
428
429 data = ffs_prepare_buffer(buf, len);
430 if (IS_ERR(data)) {
431 ret = PTR_ERR(data);
432 break;
433 }
434
435
436 if (ffs->state == FFS_READ_DESCRIPTORS) {
437 pr_info("read descriptors\n");
438 ret = __ffs_data_got_descs(ffs, data, len);
439 if (unlikely(ret < 0))
440 break;
441
442 ffs->state = FFS_READ_STRINGS;
443 ret = len;
444 } else {
445 pr_info("read strings\n");
446 ret = __ffs_data_got_strings(ffs, data, len);
447 if (unlikely(ret < 0))
448 break;
449
450 ret = ffs_epfiles_create(ffs);
451 if (unlikely(ret)) {
452 ffs->state = FFS_CLOSING;
453 break;
454 }
455
456 ffs->state = FFS_ACTIVE;
457 mutex_unlock(&ffs->mutex);
458
459 ret = functionfs_ready_callback(ffs);
460 if (unlikely(ret < 0)) {
461 ffs->state = FFS_CLOSING;
462 return ret;
463 }
464
465 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
466 return len;
467 }
468 break;
469
470 case FFS_ACTIVE:
471 data = NULL;
472
473
474
475
476 spin_lock_irq(&ffs->ev.waitq.lock);
477 switch (FFS_SETUP_STATE(ffs)) {
478 case FFS_SETUP_CANCELED:
479 ret = -EIDRM;
480 goto done_spin;
481
482 case FFS_NO_SETUP:
483 ret = -ESRCH;
484 goto done_spin;
485
486 case FFS_SETUP_PENDING:
487 break;
488 }
489
490
491 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
492 spin_unlock_irq(&ffs->ev.waitq.lock);
493 ret = __ffs_ep0_stall(ffs);
494 break;
495 }
496
497
498 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
499
500 spin_unlock_irq(&ffs->ev.waitq.lock);
501
502 data = ffs_prepare_buffer(buf, len);
503 if (IS_ERR(data)) {
504 ret = PTR_ERR(data);
505 break;
506 }
507
508 spin_lock_irq(&ffs->ev.waitq.lock);
509
510
511
512
513
514
515
516
517
518
519
520
521
522 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) {
523 ret = -EIDRM;
524done_spin:
525 spin_unlock_irq(&ffs->ev.waitq.lock);
526 } else {
527
528 ret = __ffs_ep0_queue_wait(ffs, data, len);
529 }
530 kfree(data);
531 break;
532
533 default:
534 ret = -EBADFD;
535 break;
536 }
537
538 mutex_unlock(&ffs->mutex);
539 return ret;
540}
541
542static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
543 size_t n)
544{
545
546
547
548
549 struct usb_functionfs_event events[n];
550 unsigned i = 0;
551
552 memset(events, 0, sizeof events);
553
554 do {
555 events[i].type = ffs->ev.types[i];
556 if (events[i].type == FUNCTIONFS_SETUP) {
557 events[i].u.setup = ffs->ev.setup;
558 ffs->setup_state = FFS_SETUP_PENDING;
559 }
560 } while (++i < n);
561
562 if (n < ffs->ev.count) {
563 ffs->ev.count -= n;
564 memmove(ffs->ev.types, ffs->ev.types + n,
565 ffs->ev.count * sizeof *ffs->ev.types);
566 } else {
567 ffs->ev.count = 0;
568 }
569
570 spin_unlock_irq(&ffs->ev.waitq.lock);
571 mutex_unlock(&ffs->mutex);
572
573 return unlikely(__copy_to_user(buf, events, sizeof events))
574 ? -EFAULT : sizeof events;
575}
576
577static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
578 size_t len, loff_t *ptr)
579{
580 struct ffs_data *ffs = file->private_data;
581 char *data = NULL;
582 size_t n;
583 int ret;
584
585 ENTER();
586
587
588 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED)
589 return -EIDRM;
590
591
592 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
593 if (unlikely(ret < 0))
594 return ret;
595
596
597 if (ffs->state != FFS_ACTIVE) {
598 ret = -EBADFD;
599 goto done_mutex;
600 }
601
602
603
604
605
606 spin_lock_irq(&ffs->ev.waitq.lock);
607
608 switch (FFS_SETUP_STATE(ffs)) {
609 case FFS_SETUP_CANCELED:
610 ret = -EIDRM;
611 break;
612
613 case FFS_NO_SETUP:
614 n = len / sizeof(struct usb_functionfs_event);
615 if (unlikely(!n)) {
616 ret = -EINVAL;
617 break;
618 }
619
620 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
621 ret = -EAGAIN;
622 break;
623 }
624
625 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
626 ffs->ev.count)) {
627 ret = -EINTR;
628 break;
629 }
630
631 return __ffs_ep0_read_events(ffs, buf,
632 min(n, (size_t)ffs->ev.count));
633
634 case FFS_SETUP_PENDING:
635 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
636 spin_unlock_irq(&ffs->ev.waitq.lock);
637 ret = __ffs_ep0_stall(ffs);
638 goto done_mutex;
639 }
640
641 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
642
643 spin_unlock_irq(&ffs->ev.waitq.lock);
644
645 if (likely(len)) {
646 data = kmalloc(len, GFP_KERNEL);
647 if (unlikely(!data)) {
648 ret = -ENOMEM;
649 goto done_mutex;
650 }
651 }
652
653 spin_lock_irq(&ffs->ev.waitq.lock);
654
655
656 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) {
657 ret = -EIDRM;
658 break;
659 }
660
661
662 ret = __ffs_ep0_queue_wait(ffs, data, len);
663 if (likely(ret > 0) && unlikely(__copy_to_user(buf, data, len)))
664 ret = -EFAULT;
665 goto done_mutex;
666
667 default:
668 ret = -EBADFD;
669 break;
670 }
671
672 spin_unlock_irq(&ffs->ev.waitq.lock);
673done_mutex:
674 mutex_unlock(&ffs->mutex);
675 kfree(data);
676 return ret;
677}
678
679static int ffs_ep0_open(struct inode *inode, struct file *file)
680{
681 struct ffs_data *ffs = inode->i_private;
682
683 ENTER();
684
685 if (unlikely(ffs->state == FFS_CLOSING))
686 return -EBUSY;
687
688 file->private_data = ffs;
689 ffs_data_opened(ffs);
690
691 return 0;
692}
693
694static int ffs_ep0_release(struct inode *inode, struct file *file)
695{
696 struct ffs_data *ffs = file->private_data;
697
698 ENTER();
699
700 ffs_data_closed(ffs);
701
702 return 0;
703}
704
705static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
706{
707 struct ffs_data *ffs = file->private_data;
708 struct usb_gadget *gadget = ffs->gadget;
709 long ret;
710
711 ENTER();
712
713 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
714 struct ffs_function *func = ffs->func;
715 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
716 } else if (gadget && gadget->ops->ioctl) {
717 ret = gadget->ops->ioctl(gadget, code, value);
718 } else {
719 ret = -ENOTTY;
720 }
721
722 return ret;
723}
724
725static const struct file_operations ffs_ep0_operations = {
726 .owner = THIS_MODULE,
727 .llseek = no_llseek,
728
729 .open = ffs_ep0_open,
730 .write = ffs_ep0_write,
731 .read = ffs_ep0_read,
732 .release = ffs_ep0_release,
733 .unlocked_ioctl = ffs_ep0_ioctl,
734};
735
736
737
738
739static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
740{
741 ENTER();
742 if (likely(req->context)) {
743 struct ffs_ep *ep = _ep->driver_data;
744 ep->status = req->status ? req->status : req->actual;
745 complete(req->context);
746 }
747}
748
749static ssize_t ffs_epfile_io(struct file *file,
750 char __user *buf, size_t len, int read)
751{
752 struct ffs_epfile *epfile = file->private_data;
753 struct ffs_ep *ep;
754 char *data = NULL;
755 ssize_t ret;
756 int halt;
757
758 goto first_try;
759 do {
760 spin_unlock_irq(&epfile->ffs->eps_lock);
761 mutex_unlock(&epfile->mutex);
762
763first_try:
764
765 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) {
766 ret = -ENODEV;
767 goto error;
768 }
769
770
771 ep = epfile->ep;
772 if (!ep) {
773 if (file->f_flags & O_NONBLOCK) {
774 ret = -EAGAIN;
775 goto error;
776 }
777
778 if (wait_event_interruptible(epfile->wait,
779 (ep = epfile->ep))) {
780 ret = -EINTR;
781 goto error;
782 }
783 }
784
785
786 halt = !read == !epfile->in;
787 if (halt && epfile->isoc) {
788 ret = -EINVAL;
789 goto error;
790 }
791
792
793 if (!halt && !data) {
794 data = kzalloc(len, GFP_KERNEL);
795 if (unlikely(!data))
796 return -ENOMEM;
797
798 if (!read &&
799 unlikely(__copy_from_user(data, buf, len))) {
800 ret = -EFAULT;
801 goto error;
802 }
803 }
804
805
806 ret = ffs_mutex_lock(&epfile->mutex,
807 file->f_flags & O_NONBLOCK);
808 if (unlikely(ret))
809 goto error;
810
811
812
813
814
815 spin_lock_irq(&epfile->ffs->eps_lock);
816
817
818
819
820
821 } while (unlikely(epfile->ep != ep));
822
823
824 if (unlikely(halt)) {
825 if (likely(epfile->ep == ep) && !WARN_ON(!ep->ep))
826 usb_ep_set_halt(ep->ep);
827 spin_unlock_irq(&epfile->ffs->eps_lock);
828 ret = -EBADMSG;
829 } else {
830
831 DECLARE_COMPLETION_ONSTACK(done);
832
833 struct usb_request *req = ep->req;
834 req->context = &done;
835 req->complete = ffs_epfile_io_complete;
836 req->buf = data;
837 req->length = len;
838
839 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
840
841 spin_unlock_irq(&epfile->ffs->eps_lock);
842
843 if (unlikely(ret < 0)) {
844
845 } else if (unlikely(wait_for_completion_interruptible(&done))) {
846 ret = -EINTR;
847 usb_ep_dequeue(ep->ep, req);
848 } else {
849 ret = ep->status;
850 if (read && ret > 0 &&
851 unlikely(copy_to_user(buf, data, ret)))
852 ret = -EFAULT;
853 }
854 }
855
856 mutex_unlock(&epfile->mutex);
857error:
858 kfree(data);
859 return ret;
860}
861
862static ssize_t
863ffs_epfile_write(struct file *file, const char __user *buf, size_t len,
864 loff_t *ptr)
865{
866 ENTER();
867
868 return ffs_epfile_io(file, (char __user *)buf, len, 0);
869}
870
871static ssize_t
872ffs_epfile_read(struct file *file, char __user *buf, size_t len, loff_t *ptr)
873{
874 ENTER();
875
876 return ffs_epfile_io(file, buf, len, 1);
877}
878
879static int
880ffs_epfile_open(struct inode *inode, struct file *file)
881{
882 struct ffs_epfile *epfile = inode->i_private;
883
884 ENTER();
885
886 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
887 return -ENODEV;
888
889 file->private_data = epfile;
890 ffs_data_opened(epfile->ffs);
891
892 return 0;
893}
894
895static int
896ffs_epfile_release(struct inode *inode, struct file *file)
897{
898 struct ffs_epfile *epfile = inode->i_private;
899
900 ENTER();
901
902 ffs_data_closed(epfile->ffs);
903
904 return 0;
905}
906
907static long ffs_epfile_ioctl(struct file *file, unsigned code,
908 unsigned long value)
909{
910 struct ffs_epfile *epfile = file->private_data;
911 int ret;
912
913 ENTER();
914
915 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
916 return -ENODEV;
917
918 spin_lock_irq(&epfile->ffs->eps_lock);
919 if (likely(epfile->ep)) {
920 switch (code) {
921 case FUNCTIONFS_FIFO_STATUS:
922 ret = usb_ep_fifo_status(epfile->ep->ep);
923 break;
924 case FUNCTIONFS_FIFO_FLUSH:
925 usb_ep_fifo_flush(epfile->ep->ep);
926 ret = 0;
927 break;
928 case FUNCTIONFS_CLEAR_HALT:
929 ret = usb_ep_clear_halt(epfile->ep->ep);
930 break;
931 case FUNCTIONFS_ENDPOINT_REVMAP:
932 ret = epfile->ep->num;
933 break;
934 default:
935 ret = -ENOTTY;
936 }
937 } else {
938 ret = -ENODEV;
939 }
940 spin_unlock_irq(&epfile->ffs->eps_lock);
941
942 return ret;
943}
944
945static const struct file_operations ffs_epfile_operations = {
946 .owner = THIS_MODULE,
947 .llseek = no_llseek,
948
949 .open = ffs_epfile_open,
950 .write = ffs_epfile_write,
951 .read = ffs_epfile_read,
952 .release = ffs_epfile_release,
953 .unlocked_ioctl = ffs_epfile_ioctl,
954};
955
956
957
958
959
960
961
962
963
964static struct inode *__must_check
965ffs_sb_make_inode(struct super_block *sb, void *data,
966 const struct file_operations *fops,
967 const struct inode_operations *iops,
968 struct ffs_file_perms *perms)
969{
970 struct inode *inode;
971
972 ENTER();
973
974 inode = new_inode(sb);
975
976 if (likely(inode)) {
977 struct timespec current_time = CURRENT_TIME;
978
979 inode->i_ino = get_next_ino();
980 inode->i_mode = perms->mode;
981 inode->i_uid = perms->uid;
982 inode->i_gid = perms->gid;
983 inode->i_atime = current_time;
984 inode->i_mtime = current_time;
985 inode->i_ctime = current_time;
986 inode->i_private = data;
987 if (fops)
988 inode->i_fop = fops;
989 if (iops)
990 inode->i_op = iops;
991 }
992
993 return inode;
994}
995
996
997static struct inode *ffs_sb_create_file(struct super_block *sb,
998 const char *name, void *data,
999 const struct file_operations *fops,
1000 struct dentry **dentry_p)
1001{
1002 struct ffs_data *ffs = sb->s_fs_info;
1003 struct dentry *dentry;
1004 struct inode *inode;
1005
1006 ENTER();
1007
1008 dentry = d_alloc_name(sb->s_root, name);
1009 if (unlikely(!dentry))
1010 return NULL;
1011
1012 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1013 if (unlikely(!inode)) {
1014 dput(dentry);
1015 return NULL;
1016 }
1017
1018 d_add(dentry, inode);
1019 if (dentry_p)
1020 *dentry_p = dentry;
1021
1022 return inode;
1023}
1024
1025
1026static const struct super_operations ffs_sb_operations = {
1027 .statfs = simple_statfs,
1028 .drop_inode = generic_delete_inode,
1029};
1030
1031struct ffs_sb_fill_data {
1032 struct ffs_file_perms perms;
1033 umode_t root_mode;
1034 const char *dev_name;
1035 union {
1036
1037 void *private_data;
1038
1039 struct ffs_data *ffs_data;
1040 };
1041};
1042
1043static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
1044{
1045 struct ffs_sb_fill_data *data = _data;
1046 struct inode *inode;
1047 struct ffs_data *ffs;
1048
1049 ENTER();
1050
1051
1052 ffs = ffs_data_new();
1053 if (unlikely(!ffs))
1054 goto Enomem;
1055
1056 ffs->sb = sb;
1057 ffs->dev_name = kstrdup(data->dev_name, GFP_KERNEL);
1058 if (unlikely(!ffs->dev_name))
1059 goto Enomem;
1060 ffs->file_perms = data->perms;
1061 ffs->private_data = data->private_data;
1062
1063
1064 data->ffs_data = ffs;
1065
1066 sb->s_fs_info = ffs;
1067 sb->s_blocksize = PAGE_CACHE_SIZE;
1068 sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
1069 sb->s_magic = FUNCTIONFS_MAGIC;
1070 sb->s_op = &ffs_sb_operations;
1071 sb->s_time_gran = 1;
1072
1073
1074 data->perms.mode = data->root_mode;
1075 inode = ffs_sb_make_inode(sb, NULL,
1076 &simple_dir_operations,
1077 &simple_dir_inode_operations,
1078 &data->perms);
1079 sb->s_root = d_make_root(inode);
1080 if (unlikely(!sb->s_root))
1081 goto Enomem;
1082
1083
1084 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1085 &ffs_ep0_operations, NULL)))
1086 goto Enomem;
1087
1088 return 0;
1089
1090Enomem:
1091 return -ENOMEM;
1092}
1093
1094static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
1095{
1096 ENTER();
1097
1098 if (!opts || !*opts)
1099 return 0;
1100
1101 for (;;) {
1102 char *end, *eq, *comma;
1103 unsigned long value;
1104
1105
1106 comma = strchr(opts, ',');
1107 if (comma)
1108 *comma = 0;
1109
1110
1111 eq = strchr(opts, '=');
1112 if (unlikely(!eq)) {
1113 pr_err("'=' missing in %s\n", opts);
1114 return -EINVAL;
1115 }
1116 *eq = 0;
1117
1118
1119 value = simple_strtoul(eq + 1, &end, 0);
1120 if (unlikely(*end != ',' && *end != 0)) {
1121 pr_err("%s: invalid value: %s\n", opts, eq + 1);
1122 return -EINVAL;
1123 }
1124
1125
1126 switch (eq - opts) {
1127 case 5:
1128 if (!memcmp(opts, "rmode", 5))
1129 data->root_mode = (value & 0555) | S_IFDIR;
1130 else if (!memcmp(opts, "fmode", 5))
1131 data->perms.mode = (value & 0666) | S_IFREG;
1132 else
1133 goto invalid;
1134 break;
1135
1136 case 4:
1137 if (!memcmp(opts, "mode", 4)) {
1138 data->root_mode = (value & 0555) | S_IFDIR;
1139 data->perms.mode = (value & 0666) | S_IFREG;
1140 } else {
1141 goto invalid;
1142 }
1143 break;
1144
1145 case 3:
1146 if (!memcmp(opts, "uid", 3))
1147 data->perms.uid = value;
1148 else if (!memcmp(opts, "gid", 3))
1149 data->perms.gid = value;
1150 else
1151 goto invalid;
1152 break;
1153
1154 default:
1155invalid:
1156 pr_err("%s: invalid option\n", opts);
1157 return -EINVAL;
1158 }
1159
1160
1161 if (!comma)
1162 break;
1163 opts = comma + 1;
1164 }
1165
1166 return 0;
1167}
1168
1169
1170
1171static struct dentry *
1172ffs_fs_mount(struct file_system_type *t, int flags,
1173 const char *dev_name, void *opts)
1174{
1175 struct ffs_sb_fill_data data = {
1176 .perms = {
1177 .mode = S_IFREG | 0600,
1178 .uid = 0,
1179 .gid = 0
1180 },
1181 .root_mode = S_IFDIR | 0500,
1182 };
1183 struct dentry *rv;
1184 int ret;
1185 void *ffs_dev;
1186
1187 ENTER();
1188
1189 ret = ffs_fs_parse_opts(&data, opts);
1190 if (unlikely(ret < 0))
1191 return ERR_PTR(ret);
1192
1193 ffs_dev = functionfs_acquire_dev_callback(dev_name);
1194 if (IS_ERR(ffs_dev))
1195 return ffs_dev;
1196
1197 data.dev_name = dev_name;
1198 data.private_data = ffs_dev;
1199 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1200
1201
1202 if (IS_ERR(rv))
1203 functionfs_release_dev_callback(data.ffs_data);
1204
1205 return rv;
1206}
1207
1208static void
1209ffs_fs_kill_sb(struct super_block *sb)
1210{
1211 ENTER();
1212
1213 kill_litter_super(sb);
1214 if (sb->s_fs_info) {
1215 functionfs_release_dev_callback(sb->s_fs_info);
1216 ffs_data_put(sb->s_fs_info);
1217 }
1218}
1219
1220static struct file_system_type ffs_fs_type = {
1221 .owner = THIS_MODULE,
1222 .name = "functionfs",
1223 .mount = ffs_fs_mount,
1224 .kill_sb = ffs_fs_kill_sb,
1225};
1226
1227
1228
1229
1230static int functionfs_init(void)
1231{
1232 int ret;
1233
1234 ENTER();
1235
1236 ret = register_filesystem(&ffs_fs_type);
1237 if (likely(!ret))
1238 pr_info("file system registered\n");
1239 else
1240 pr_err("failed registering file system (%d)\n", ret);
1241
1242 return ret;
1243}
1244
1245static void functionfs_cleanup(void)
1246{
1247 ENTER();
1248
1249 pr_info("unloading\n");
1250 unregister_filesystem(&ffs_fs_type);
1251}
1252
1253
1254
1255
1256static void ffs_data_clear(struct ffs_data *ffs);
1257static void ffs_data_reset(struct ffs_data *ffs);
1258
1259static void ffs_data_get(struct ffs_data *ffs)
1260{
1261 ENTER();
1262
1263 atomic_inc(&ffs->ref);
1264}
1265
1266static void ffs_data_opened(struct ffs_data *ffs)
1267{
1268 ENTER();
1269
1270 atomic_inc(&ffs->ref);
1271 atomic_inc(&ffs->opened);
1272}
1273
1274static void ffs_data_put(struct ffs_data *ffs)
1275{
1276 ENTER();
1277
1278 if (unlikely(atomic_dec_and_test(&ffs->ref))) {
1279 pr_info("%s(): freeing\n", __func__);
1280 ffs_data_clear(ffs);
1281 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1282 waitqueue_active(&ffs->ep0req_completion.wait));
1283 kfree(ffs->dev_name);
1284 kfree(ffs);
1285 }
1286}
1287
1288static void ffs_data_closed(struct ffs_data *ffs)
1289{
1290 ENTER();
1291
1292 if (atomic_dec_and_test(&ffs->opened)) {
1293 ffs->state = FFS_CLOSING;
1294 ffs_data_reset(ffs);
1295 }
1296
1297 ffs_data_put(ffs);
1298}
1299
1300static struct ffs_data *ffs_data_new(void)
1301{
1302 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1303 if (unlikely(!ffs))
1304 return 0;
1305
1306 ENTER();
1307
1308 atomic_set(&ffs->ref, 1);
1309 atomic_set(&ffs->opened, 0);
1310 ffs->state = FFS_READ_DESCRIPTORS;
1311 mutex_init(&ffs->mutex);
1312 spin_lock_init(&ffs->eps_lock);
1313 init_waitqueue_head(&ffs->ev.waitq);
1314 init_completion(&ffs->ep0req_completion);
1315
1316
1317 ffs->ev.can_stall = 1;
1318
1319 return ffs;
1320}
1321
1322static void ffs_data_clear(struct ffs_data *ffs)
1323{
1324 ENTER();
1325
1326 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags))
1327 functionfs_closed_callback(ffs);
1328
1329 BUG_ON(ffs->gadget);
1330
1331 if (ffs->epfiles)
1332 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1333
1334 kfree(ffs->raw_descs);
1335 kfree(ffs->raw_strings);
1336 kfree(ffs->stringtabs);
1337}
1338
1339static void ffs_data_reset(struct ffs_data *ffs)
1340{
1341 ENTER();
1342
1343 ffs_data_clear(ffs);
1344
1345 ffs->epfiles = NULL;
1346 ffs->raw_descs = NULL;
1347 ffs->raw_strings = NULL;
1348 ffs->stringtabs = NULL;
1349
1350 ffs->raw_descs_length = 0;
1351 ffs->raw_fs_descs_length = 0;
1352 ffs->fs_descs_count = 0;
1353 ffs->hs_descs_count = 0;
1354
1355 ffs->strings_count = 0;
1356 ffs->interfaces_count = 0;
1357 ffs->eps_count = 0;
1358
1359 ffs->ev.count = 0;
1360
1361 ffs->state = FFS_READ_DESCRIPTORS;
1362 ffs->setup_state = FFS_NO_SETUP;
1363 ffs->flags = 0;
1364}
1365
1366
1367static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1368{
1369 struct usb_gadget_strings **lang;
1370 int first_id;
1371
1372 ENTER();
1373
1374 if (WARN_ON(ffs->state != FFS_ACTIVE
1375 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1376 return -EBADFD;
1377
1378 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1379 if (unlikely(first_id < 0))
1380 return first_id;
1381
1382 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1383 if (unlikely(!ffs->ep0req))
1384 return -ENOMEM;
1385 ffs->ep0req->complete = ffs_ep0_complete;
1386 ffs->ep0req->context = ffs;
1387
1388 lang = ffs->stringtabs;
1389 for (lang = ffs->stringtabs; *lang; ++lang) {
1390 struct usb_string *str = (*lang)->strings;
1391 int id = first_id;
1392 for (; str->s; ++id, ++str)
1393 str->id = id;
1394 }
1395
1396 ffs->gadget = cdev->gadget;
1397 ffs_data_get(ffs);
1398 return 0;
1399}
1400
1401static void functionfs_unbind(struct ffs_data *ffs)
1402{
1403 ENTER();
1404
1405 if (!WARN_ON(!ffs->gadget)) {
1406 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1407 ffs->ep0req = NULL;
1408 ffs->gadget = NULL;
1409 ffs_data_put(ffs);
1410 clear_bit(FFS_FL_BOUND, &ffs->flags);
1411 }
1412}
1413
1414static int ffs_epfiles_create(struct ffs_data *ffs)
1415{
1416 struct ffs_epfile *epfile, *epfiles;
1417 unsigned i, count;
1418
1419 ENTER();
1420
1421 count = ffs->eps_count;
1422 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1423 if (!epfiles)
1424 return -ENOMEM;
1425
1426 epfile = epfiles;
1427 for (i = 1; i <= count; ++i, ++epfile) {
1428 epfile->ffs = ffs;
1429 mutex_init(&epfile->mutex);
1430 init_waitqueue_head(&epfile->wait);
1431 sprintf(epfiles->name, "ep%u", i);
1432 if (!unlikely(ffs_sb_create_file(ffs->sb, epfiles->name, epfile,
1433 &ffs_epfile_operations,
1434 &epfile->dentry))) {
1435 ffs_epfiles_destroy(epfiles, i - 1);
1436 return -ENOMEM;
1437 }
1438 }
1439
1440 ffs->epfiles = epfiles;
1441 return 0;
1442}
1443
1444static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1445{
1446 struct ffs_epfile *epfile = epfiles;
1447
1448 ENTER();
1449
1450 for (; count; --count, ++epfile) {
1451 BUG_ON(mutex_is_locked(&epfile->mutex) ||
1452 waitqueue_active(&epfile->wait));
1453 if (epfile->dentry) {
1454 d_delete(epfile->dentry);
1455 dput(epfile->dentry);
1456 epfile->dentry = NULL;
1457 }
1458 }
1459
1460 kfree(epfiles);
1461}
1462
1463static int functionfs_bind_config(struct usb_composite_dev *cdev,
1464 struct usb_configuration *c,
1465 struct ffs_data *ffs)
1466{
1467 struct ffs_function *func;
1468 int ret;
1469
1470 ENTER();
1471
1472 func = kzalloc(sizeof *func, GFP_KERNEL);
1473 if (unlikely(!func))
1474 return -ENOMEM;
1475
1476 func->function.name = "Function FS Gadget";
1477 func->function.strings = ffs->stringtabs;
1478
1479 func->function.bind = ffs_func_bind;
1480 func->function.unbind = ffs_func_unbind;
1481 func->function.set_alt = ffs_func_set_alt;
1482 func->function.disable = ffs_func_disable;
1483 func->function.setup = ffs_func_setup;
1484 func->function.suspend = ffs_func_suspend;
1485 func->function.resume = ffs_func_resume;
1486
1487 func->conf = c;
1488 func->gadget = cdev->gadget;
1489 func->ffs = ffs;
1490 ffs_data_get(ffs);
1491
1492 ret = usb_add_function(c, &func->function);
1493 if (unlikely(ret))
1494 ffs_func_free(func);
1495
1496 return ret;
1497}
1498
1499static void ffs_func_free(struct ffs_function *func)
1500{
1501 struct ffs_ep *ep = func->eps;
1502 unsigned count = func->ffs->eps_count;
1503 unsigned long flags;
1504
1505 ENTER();
1506
1507
1508 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1509 do {
1510 if (ep->ep && ep->req)
1511 usb_ep_free_request(ep->ep, ep->req);
1512 ep->req = NULL;
1513 ++ep;
1514 } while (--count);
1515 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1516
1517 ffs_data_put(func->ffs);
1518
1519 kfree(func->eps);
1520
1521
1522
1523
1524
1525
1526 kfree(func);
1527}
1528
1529static void ffs_func_eps_disable(struct ffs_function *func)
1530{
1531 struct ffs_ep *ep = func->eps;
1532 struct ffs_epfile *epfile = func->ffs->epfiles;
1533 unsigned count = func->ffs->eps_count;
1534 unsigned long flags;
1535
1536 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1537 do {
1538
1539 if (likely(ep->ep))
1540 usb_ep_disable(ep->ep);
1541 epfile->ep = NULL;
1542
1543 ++ep;
1544 ++epfile;
1545 } while (--count);
1546 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1547}
1548
1549static int ffs_func_eps_enable(struct ffs_function *func)
1550{
1551 struct ffs_data *ffs = func->ffs;
1552 struct ffs_ep *ep = func->eps;
1553 struct ffs_epfile *epfile = ffs->epfiles;
1554 unsigned count = ffs->eps_count;
1555 unsigned long flags;
1556 int ret = 0;
1557
1558 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1559 do {
1560 struct usb_endpoint_descriptor *ds;
1561 ds = ep->descs[ep->descs[1] ? 1 : 0];
1562
1563 ep->ep->driver_data = ep;
1564 ep->ep->desc = ds;
1565 ret = usb_ep_enable(ep->ep);
1566 if (likely(!ret)) {
1567 epfile->ep = ep;
1568 epfile->in = usb_endpoint_dir_in(ds);
1569 epfile->isoc = usb_endpoint_xfer_isoc(ds);
1570 } else {
1571 break;
1572 }
1573
1574 wake_up(&epfile->wait);
1575
1576 ++ep;
1577 ++epfile;
1578 } while (--count);
1579 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1580
1581 return ret;
1582}
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594enum ffs_entity_type {
1595 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1596};
1597
1598typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1599 u8 *valuep,
1600 struct usb_descriptor_header *desc,
1601 void *priv);
1602
1603static int __must_check ffs_do_desc(char *data, unsigned len,
1604 ffs_entity_callback entity, void *priv)
1605{
1606 struct usb_descriptor_header *_ds = (void *)data;
1607 u8 length;
1608 int ret;
1609
1610 ENTER();
1611
1612
1613 if (len < 2) {
1614 pr_vdebug("descriptor too short\n");
1615 return -EINVAL;
1616 }
1617
1618
1619 length = _ds->bLength;
1620 if (len < length) {
1621 pr_vdebug("descriptor longer then available data\n");
1622 return -EINVAL;
1623 }
1624
1625#define __entity_check_INTERFACE(val) 1
1626#define __entity_check_STRING(val) (val)
1627#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1628#define __entity(type, val) do { \
1629 pr_vdebug("entity " #type "(%02x)\n", (val)); \
1630 if (unlikely(!__entity_check_ ##type(val))) { \
1631 pr_vdebug("invalid entity's value\n"); \
1632 return -EINVAL; \
1633 } \
1634 ret = entity(FFS_ ##type, &val, _ds, priv); \
1635 if (unlikely(ret < 0)) { \
1636 pr_debug("entity " #type "(%02x); ret = %d\n", \
1637 (val), ret); \
1638 return ret; \
1639 } \
1640 } while (0)
1641
1642
1643 switch (_ds->bDescriptorType) {
1644 case USB_DT_DEVICE:
1645 case USB_DT_CONFIG:
1646 case USB_DT_STRING:
1647 case USB_DT_DEVICE_QUALIFIER:
1648
1649 pr_vdebug("descriptor reserved for gadget: %d\n",
1650 _ds->bDescriptorType);
1651 return -EINVAL;
1652
1653 case USB_DT_INTERFACE: {
1654 struct usb_interface_descriptor *ds = (void *)_ds;
1655 pr_vdebug("interface descriptor\n");
1656 if (length != sizeof *ds)
1657 goto inv_length;
1658
1659 __entity(INTERFACE, ds->bInterfaceNumber);
1660 if (ds->iInterface)
1661 __entity(STRING, ds->iInterface);
1662 }
1663 break;
1664
1665 case USB_DT_ENDPOINT: {
1666 struct usb_endpoint_descriptor *ds = (void *)_ds;
1667 pr_vdebug("endpoint descriptor\n");
1668 if (length != USB_DT_ENDPOINT_SIZE &&
1669 length != USB_DT_ENDPOINT_AUDIO_SIZE)
1670 goto inv_length;
1671 __entity(ENDPOINT, ds->bEndpointAddress);
1672 }
1673 break;
1674
1675 case HID_DT_HID:
1676 pr_vdebug("hid descriptor\n");
1677 if (length != sizeof(struct hid_descriptor))
1678 goto inv_length;
1679 break;
1680
1681 case USB_DT_OTG:
1682 if (length != sizeof(struct usb_otg_descriptor))
1683 goto inv_length;
1684 break;
1685
1686 case USB_DT_INTERFACE_ASSOCIATION: {
1687 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
1688 pr_vdebug("interface association descriptor\n");
1689 if (length != sizeof *ds)
1690 goto inv_length;
1691 if (ds->iFunction)
1692 __entity(STRING, ds->iFunction);
1693 }
1694 break;
1695
1696 case USB_DT_OTHER_SPEED_CONFIG:
1697 case USB_DT_INTERFACE_POWER:
1698 case USB_DT_DEBUG:
1699 case USB_DT_SECURITY:
1700 case USB_DT_CS_RADIO_CONTROL:
1701
1702 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
1703 return -EINVAL;
1704
1705 default:
1706
1707 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
1708 return -EINVAL;
1709
1710inv_length:
1711 pr_vdebug("invalid length: %d (descriptor %d)\n",
1712 _ds->bLength, _ds->bDescriptorType);
1713 return -EINVAL;
1714 }
1715
1716#undef __entity
1717#undef __entity_check_DESCRIPTOR
1718#undef __entity_check_INTERFACE
1719#undef __entity_check_STRING
1720#undef __entity_check_ENDPOINT
1721
1722 return length;
1723}
1724
1725static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
1726 ffs_entity_callback entity, void *priv)
1727{
1728 const unsigned _len = len;
1729 unsigned long num = 0;
1730
1731 ENTER();
1732
1733 for (;;) {
1734 int ret;
1735
1736 if (num == count)
1737 data = NULL;
1738
1739
1740 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
1741 if (unlikely(ret < 0)) {
1742 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
1743 num, ret);
1744 return ret;
1745 }
1746
1747 if (!data)
1748 return _len - len;
1749
1750 ret = ffs_do_desc(data, len, entity, priv);
1751 if (unlikely(ret < 0)) {
1752 pr_debug("%s returns %d\n", __func__, ret);
1753 return ret;
1754 }
1755
1756 len -= ret;
1757 data += ret;
1758 ++num;
1759 }
1760}
1761
1762static int __ffs_data_do_entity(enum ffs_entity_type type,
1763 u8 *valuep, struct usb_descriptor_header *desc,
1764 void *priv)
1765{
1766 struct ffs_data *ffs = priv;
1767
1768 ENTER();
1769
1770 switch (type) {
1771 case FFS_DESCRIPTOR:
1772 break;
1773
1774 case FFS_INTERFACE:
1775
1776
1777
1778
1779
1780 if (*valuep >= ffs->interfaces_count)
1781 ffs->interfaces_count = *valuep + 1;
1782 break;
1783
1784 case FFS_STRING:
1785
1786
1787
1788
1789 if (*valuep > ffs->strings_count)
1790 ffs->strings_count = *valuep;
1791 break;
1792
1793 case FFS_ENDPOINT:
1794
1795 if ((*valuep & USB_ENDPOINT_NUMBER_MASK) > ffs->eps_count)
1796 ffs->eps_count = (*valuep & USB_ENDPOINT_NUMBER_MASK);
1797 break;
1798 }
1799
1800 return 0;
1801}
1802
1803static int __ffs_data_got_descs(struct ffs_data *ffs,
1804 char *const _data, size_t len)
1805{
1806 unsigned fs_count, hs_count;
1807 int fs_len, ret = -EINVAL;
1808 char *data = _data;
1809
1810 ENTER();
1811
1812 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_DESCRIPTORS_MAGIC ||
1813 get_unaligned_le32(data + 4) != len))
1814 goto error;
1815 fs_count = get_unaligned_le32(data + 8);
1816 hs_count = get_unaligned_le32(data + 12);
1817
1818 if (!fs_count && !hs_count)
1819 goto einval;
1820
1821 data += 16;
1822 len -= 16;
1823
1824 if (likely(fs_count)) {
1825 fs_len = ffs_do_descs(fs_count, data, len,
1826 __ffs_data_do_entity, ffs);
1827 if (unlikely(fs_len < 0)) {
1828 ret = fs_len;
1829 goto error;
1830 }
1831
1832 data += fs_len;
1833 len -= fs_len;
1834 } else {
1835 fs_len = 0;
1836 }
1837
1838 if (likely(hs_count)) {
1839 ret = ffs_do_descs(hs_count, data, len,
1840 __ffs_data_do_entity, ffs);
1841 if (unlikely(ret < 0))
1842 goto error;
1843 } else {
1844 ret = 0;
1845 }
1846
1847 if (unlikely(len != ret))
1848 goto einval;
1849
1850 ffs->raw_fs_descs_length = fs_len;
1851 ffs->raw_descs_length = fs_len + ret;
1852 ffs->raw_descs = _data;
1853 ffs->fs_descs_count = fs_count;
1854 ffs->hs_descs_count = hs_count;
1855
1856 return 0;
1857
1858einval:
1859 ret = -EINVAL;
1860error:
1861 kfree(_data);
1862 return ret;
1863}
1864
1865static int __ffs_data_got_strings(struct ffs_data *ffs,
1866 char *const _data, size_t len)
1867{
1868 u32 str_count, needed_count, lang_count;
1869 struct usb_gadget_strings **stringtabs, *t;
1870 struct usb_string *strings, *s;
1871 const char *data = _data;
1872
1873 ENTER();
1874
1875 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
1876 get_unaligned_le32(data + 4) != len))
1877 goto error;
1878 str_count = get_unaligned_le32(data + 8);
1879 lang_count = get_unaligned_le32(data + 12);
1880
1881
1882 if (unlikely(!str_count != !lang_count))
1883 goto error;
1884
1885
1886 needed_count = ffs->strings_count;
1887 if (unlikely(str_count < needed_count))
1888 goto error;
1889
1890
1891
1892
1893
1894 if (!needed_count) {
1895 kfree(_data);
1896 return 0;
1897 }
1898
1899
1900 {
1901 struct {
1902 struct usb_gadget_strings *stringtabs[lang_count + 1];
1903 struct usb_gadget_strings stringtab[lang_count];
1904 struct usb_string strings[lang_count*(needed_count+1)];
1905 } *d;
1906 unsigned i = 0;
1907
1908 d = kmalloc(sizeof *d, GFP_KERNEL);
1909 if (unlikely(!d)) {
1910 kfree(_data);
1911 return -ENOMEM;
1912 }
1913
1914 stringtabs = d->stringtabs;
1915 t = d->stringtab;
1916 i = lang_count;
1917 do {
1918 *stringtabs++ = t++;
1919 } while (--i);
1920 *stringtabs = NULL;
1921
1922 stringtabs = d->stringtabs;
1923 t = d->stringtab;
1924 s = d->strings;
1925 strings = s;
1926 }
1927
1928
1929 data += 16;
1930 len -= 16;
1931
1932 do {
1933 unsigned needed = needed_count;
1934
1935 if (unlikely(len < 3))
1936 goto error_free;
1937 t->language = get_unaligned_le16(data);
1938 t->strings = s;
1939 ++t;
1940
1941 data += 2;
1942 len -= 2;
1943
1944
1945 do {
1946 size_t length = strnlen(data, len);
1947
1948 if (unlikely(length == len))
1949 goto error_free;
1950
1951
1952
1953
1954
1955
1956 if (likely(needed)) {
1957
1958
1959
1960
1961
1962 s->s = data;
1963 --needed;
1964 ++s;
1965 }
1966
1967 data += length + 1;
1968 len -= length + 1;
1969 } while (--str_count);
1970
1971 s->id = 0;
1972 s->s = NULL;
1973 ++s;
1974
1975 } while (--lang_count);
1976
1977
1978 if (unlikely(len))
1979 goto error_free;
1980
1981
1982 ffs->stringtabs = stringtabs;
1983 ffs->raw_strings = _data;
1984
1985 return 0;
1986
1987error_free:
1988 kfree(stringtabs);
1989error:
1990 kfree(_data);
1991 return -EINVAL;
1992}
1993
1994
1995
1996
1997static void __ffs_event_add(struct ffs_data *ffs,
1998 enum usb_functionfs_event_type type)
1999{
2000 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2001 int neg = 0;
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011 if (ffs->setup_state == FFS_SETUP_PENDING)
2012 ffs->setup_state = FFS_SETUP_CANCELED;
2013
2014 switch (type) {
2015 case FUNCTIONFS_RESUME:
2016 rem_type2 = FUNCTIONFS_SUSPEND;
2017
2018 case FUNCTIONFS_SUSPEND:
2019 case FUNCTIONFS_SETUP:
2020 rem_type1 = type;
2021
2022 break;
2023
2024 case FUNCTIONFS_BIND:
2025 case FUNCTIONFS_UNBIND:
2026 case FUNCTIONFS_DISABLE:
2027 case FUNCTIONFS_ENABLE:
2028
2029 rem_type1 = FUNCTIONFS_SUSPEND;
2030 rem_type2 = FUNCTIONFS_RESUME;
2031 neg = 1;
2032 break;
2033
2034 default:
2035 BUG();
2036 }
2037
2038 {
2039 u8 *ev = ffs->ev.types, *out = ev;
2040 unsigned n = ffs->ev.count;
2041 for (; n; --n, ++ev)
2042 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2043 *out++ = *ev;
2044 else
2045 pr_vdebug("purging event %d\n", *ev);
2046 ffs->ev.count = out - ffs->ev.types;
2047 }
2048
2049 pr_vdebug("adding event %d\n", type);
2050 ffs->ev.types[ffs->ev.count++] = type;
2051 wake_up_locked(&ffs->ev.waitq);
2052}
2053
2054static void ffs_event_add(struct ffs_data *ffs,
2055 enum usb_functionfs_event_type type)
2056{
2057 unsigned long flags;
2058 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2059 __ffs_event_add(ffs, type);
2060 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2061}
2062
2063
2064
2065
2066static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2067 struct usb_descriptor_header *desc,
2068 void *priv)
2069{
2070 struct usb_endpoint_descriptor *ds = (void *)desc;
2071 struct ffs_function *func = priv;
2072 struct ffs_ep *ffs_ep;
2073
2074
2075
2076
2077
2078 const int isHS = func->function.hs_descriptors != NULL;
2079 unsigned idx;
2080
2081 if (type != FFS_DESCRIPTOR)
2082 return 0;
2083
2084 if (isHS)
2085 func->function.hs_descriptors[(long)valuep] = desc;
2086 else
2087 func->function.descriptors[(long)valuep] = desc;
2088
2089 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2090 return 0;
2091
2092 idx = (ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK) - 1;
2093 ffs_ep = func->eps + idx;
2094
2095 if (unlikely(ffs_ep->descs[isHS])) {
2096 pr_vdebug("two %sspeed descriptors for EP %d\n",
2097 isHS ? "high" : "full",
2098 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2099 return -EINVAL;
2100 }
2101 ffs_ep->descs[isHS] = ds;
2102
2103 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2104 if (ffs_ep->ep) {
2105 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2106 if (!ds->wMaxPacketSize)
2107 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2108 } else {
2109 struct usb_request *req;
2110 struct usb_ep *ep;
2111
2112 pr_vdebug("autoconfig\n");
2113 ep = usb_ep_autoconfig(func->gadget, ds);
2114 if (unlikely(!ep))
2115 return -ENOTSUPP;
2116 ep->driver_data = func->eps + idx;
2117
2118 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2119 if (unlikely(!req))
2120 return -ENOMEM;
2121
2122 ffs_ep->ep = ep;
2123 ffs_ep->req = req;
2124 func->eps_revmap[ds->bEndpointAddress &
2125 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2126 }
2127 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2128
2129 return 0;
2130}
2131
2132static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2133 struct usb_descriptor_header *desc,
2134 void *priv)
2135{
2136 struct ffs_function *func = priv;
2137 unsigned idx;
2138 u8 newValue;
2139
2140 switch (type) {
2141 default:
2142 case FFS_DESCRIPTOR:
2143
2144 return 0;
2145
2146 case FFS_INTERFACE:
2147 idx = *valuep;
2148 if (func->interfaces_nums[idx] < 0) {
2149 int id = usb_interface_id(func->conf, &func->function);
2150 if (unlikely(id < 0))
2151 return id;
2152 func->interfaces_nums[idx] = id;
2153 }
2154 newValue = func->interfaces_nums[idx];
2155 break;
2156
2157 case FFS_STRING:
2158
2159 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2160 break;
2161
2162 case FFS_ENDPOINT:
2163
2164
2165
2166
2167 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2168 return 0;
2169
2170 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2171 if (unlikely(!func->eps[idx].ep))
2172 return -EINVAL;
2173
2174 {
2175 struct usb_endpoint_descriptor **descs;
2176 descs = func->eps[idx].descs;
2177 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2178 }
2179 break;
2180 }
2181
2182 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2183 *valuep = newValue;
2184 return 0;
2185}
2186
2187static int ffs_func_bind(struct usb_configuration *c,
2188 struct usb_function *f)
2189{
2190 struct ffs_function *func = ffs_func_from_usb(f);
2191 struct ffs_data *ffs = func->ffs;
2192
2193 const int full = !!func->ffs->fs_descs_count;
2194 const int high = gadget_is_dualspeed(func->gadget) &&
2195 func->ffs->hs_descs_count;
2196
2197 int ret;
2198
2199
2200 struct {
2201 struct ffs_ep eps[ffs->eps_count];
2202 struct usb_descriptor_header
2203 *fs_descs[full ? ffs->fs_descs_count + 1 : 0];
2204 struct usb_descriptor_header
2205 *hs_descs[high ? ffs->hs_descs_count + 1 : 0];
2206 short inums[ffs->interfaces_count];
2207 char raw_descs[high ? ffs->raw_descs_length
2208 : ffs->raw_fs_descs_length];
2209 } *data;
2210
2211 ENTER();
2212
2213
2214 if (unlikely(!(full | high)))
2215 return -ENOTSUPP;
2216
2217
2218 data = kmalloc(sizeof *data, GFP_KERNEL);
2219 if (unlikely(!data))
2220 return -ENOMEM;
2221
2222
2223 memset(data->eps, 0, sizeof data->eps);
2224 memcpy(data->raw_descs, ffs->raw_descs + 16, sizeof data->raw_descs);
2225 memset(data->inums, 0xff, sizeof data->inums);
2226 for (ret = ffs->eps_count; ret; --ret)
2227 data->eps[ret].num = -1;
2228
2229
2230 func->eps = data->eps;
2231 func->interfaces_nums = data->inums;
2232
2233
2234
2235
2236
2237
2238 if (likely(full)) {
2239 func->function.descriptors = data->fs_descs;
2240 ret = ffs_do_descs(ffs->fs_descs_count,
2241 data->raw_descs,
2242 sizeof data->raw_descs,
2243 __ffs_func_bind_do_descs, func);
2244 if (unlikely(ret < 0))
2245 goto error;
2246 } else {
2247 ret = 0;
2248 }
2249
2250 if (likely(high)) {
2251 func->function.hs_descriptors = data->hs_descs;
2252 ret = ffs_do_descs(ffs->hs_descs_count,
2253 data->raw_descs + ret,
2254 (sizeof data->raw_descs) - ret,
2255 __ffs_func_bind_do_descs, func);
2256 }
2257
2258
2259
2260
2261
2262
2263 ret = ffs_do_descs(ffs->fs_descs_count +
2264 (high ? ffs->hs_descs_count : 0),
2265 data->raw_descs, sizeof data->raw_descs,
2266 __ffs_func_bind_do_nums, func);
2267 if (unlikely(ret < 0))
2268 goto error;
2269
2270
2271 ffs_event_add(ffs, FUNCTIONFS_BIND);
2272 return 0;
2273
2274error:
2275
2276 return ret;
2277}
2278
2279
2280
2281
2282static void ffs_func_unbind(struct usb_configuration *c,
2283 struct usb_function *f)
2284{
2285 struct ffs_function *func = ffs_func_from_usb(f);
2286 struct ffs_data *ffs = func->ffs;
2287
2288 ENTER();
2289
2290 if (ffs->func == func) {
2291 ffs_func_eps_disable(func);
2292 ffs->func = NULL;
2293 }
2294
2295 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
2296
2297 ffs_func_free(func);
2298}
2299
2300static int ffs_func_set_alt(struct usb_function *f,
2301 unsigned interface, unsigned alt)
2302{
2303 struct ffs_function *func = ffs_func_from_usb(f);
2304 struct ffs_data *ffs = func->ffs;
2305 int ret = 0, intf;
2306
2307 if (alt != (unsigned)-1) {
2308 intf = ffs_func_revmap_intf(func, interface);
2309 if (unlikely(intf < 0))
2310 return intf;
2311 }
2312
2313 if (ffs->func)
2314 ffs_func_eps_disable(ffs->func);
2315
2316 if (ffs->state != FFS_ACTIVE)
2317 return -ENODEV;
2318
2319 if (alt == (unsigned)-1) {
2320 ffs->func = NULL;
2321 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
2322 return 0;
2323 }
2324
2325 ffs->func = func;
2326 ret = ffs_func_eps_enable(func);
2327 if (likely(ret >= 0))
2328 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
2329 return ret;
2330}
2331
2332static void ffs_func_disable(struct usb_function *f)
2333{
2334 ffs_func_set_alt(f, 0, (unsigned)-1);
2335}
2336
2337static int ffs_func_setup(struct usb_function *f,
2338 const struct usb_ctrlrequest *creq)
2339{
2340 struct ffs_function *func = ffs_func_from_usb(f);
2341 struct ffs_data *ffs = func->ffs;
2342 unsigned long flags;
2343 int ret;
2344
2345 ENTER();
2346
2347 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
2348 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
2349 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
2350 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
2351 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362 if (ffs->state != FFS_ACTIVE)
2363 return -ENODEV;
2364
2365 switch (creq->bRequestType & USB_RECIP_MASK) {
2366 case USB_RECIP_INTERFACE:
2367 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
2368 if (unlikely(ret < 0))
2369 return ret;
2370 break;
2371
2372 case USB_RECIP_ENDPOINT:
2373 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
2374 if (unlikely(ret < 0))
2375 return ret;
2376 break;
2377
2378 default:
2379 return -EOPNOTSUPP;
2380 }
2381
2382 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2383 ffs->ev.setup = *creq;
2384 ffs->ev.setup.wIndex = cpu_to_le16(ret);
2385 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
2386 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2387
2388 return 0;
2389}
2390
2391static void ffs_func_suspend(struct usb_function *f)
2392{
2393 ENTER();
2394 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
2395}
2396
2397static void ffs_func_resume(struct usb_function *f)
2398{
2399 ENTER();
2400 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
2401}
2402
2403
2404
2405
2406static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
2407{
2408 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
2409 return num ? num : -EDOM;
2410}
2411
2412static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
2413{
2414 short *nums = func->interfaces_nums;
2415 unsigned count = func->ffs->interfaces_count;
2416
2417 for (; count; --count, ++nums) {
2418 if (*nums >= 0 && *nums == intf)
2419 return nums - func->interfaces_nums;
2420 }
2421
2422 return -EDOM;
2423}
2424
2425
2426
2427
2428static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
2429{
2430 return nonblock
2431 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
2432 : mutex_lock_interruptible(mutex);
2433}
2434
2435static char *ffs_prepare_buffer(const char * __user buf, size_t len)
2436{
2437 char *data;
2438
2439 if (unlikely(!len))
2440 return NULL;
2441
2442 data = kmalloc(len, GFP_KERNEL);
2443 if (unlikely(!data))
2444 return ERR_PTR(-ENOMEM);
2445
2446 if (unlikely(__copy_from_user(data, buf, len))) {
2447 kfree(data);
2448 return ERR_PTR(-EFAULT);
2449 }
2450
2451 pr_vdebug("Buffer from user space:\n");
2452 ffs_dump_mem("", data, len);
2453
2454 return data;
2455}
2456
