1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/blkdev.h>
18#include <linux/pagemap.h>
19#include <linux/export.h>
20#include <linux/hid.h>
21#include <linux/module.h>
22#include <linux/sched/signal.h>
23#include <linux/uio.h>
24#include <asm/unaligned.h>
25
26#include <linux/usb/composite.h>
27#include <linux/usb/functionfs.h>
28
29#include <linux/aio.h>
30#include <linux/mmu_context.h>
31#include <linux/poll.h>
32#include <linux/eventfd.h>
33
34#include "u_fs.h"
35#include "u_f.h"
36#include "u_os_desc.h"
37#include "configfs.h"
38
39#define FUNCTIONFS_MAGIC 0xa647361
40
41
42static void ffs_data_get(struct ffs_data *ffs);
43static void ffs_data_put(struct ffs_data *ffs);
44
45static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
46 __attribute__((malloc));
47
48
49static void ffs_data_opened(struct ffs_data *ffs);
50static void ffs_data_closed(struct ffs_data *ffs);
51
52
53static int __must_check
54__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
55static int __must_check
56__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
57
58
59
60
61struct ffs_ep;
62
63struct ffs_function {
64 struct usb_configuration *conf;
65 struct usb_gadget *gadget;
66 struct ffs_data *ffs;
67
68 struct ffs_ep *eps;
69 u8 eps_revmap[16];
70 short *interfaces_nums;
71
72 struct usb_function function;
73};
74
75
76static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
77{
78 return container_of(f, struct ffs_function, function);
79}
80
81
82static inline enum ffs_setup_state
83ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
84{
85 return (enum ffs_setup_state)
86 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
87}
88
89
90static void ffs_func_eps_disable(struct ffs_function *func);
91static int __must_check ffs_func_eps_enable(struct ffs_function *func);
92
93static int ffs_func_bind(struct usb_configuration *,
94 struct usb_function *);
95static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
96static void ffs_func_disable(struct usb_function *);
97static int ffs_func_setup(struct usb_function *,
98 const struct usb_ctrlrequest *);
99static bool ffs_func_req_match(struct usb_function *,
100 const struct usb_ctrlrequest *,
101 bool config0);
102static void ffs_func_suspend(struct usb_function *);
103static void ffs_func_resume(struct usb_function *);
104
105
106static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
107static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
108
109
110
111
112struct ffs_ep {
113 struct usb_ep *ep;
114 struct usb_request *req;
115
116
117 struct usb_endpoint_descriptor *descs[3];
118
119 u8 num;
120
121 int status;
122};
123
124struct ffs_epfile {
125
126 struct mutex mutex;
127
128 struct ffs_data *ffs;
129 struct ffs_ep *ep;
130
131 struct dentry *dentry;
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188 struct ffs_buffer *read_buffer;
189#define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
190
191 char name[5];
192
193 unsigned char in;
194 unsigned char isoc;
195
196 unsigned char _pad;
197};
198
199struct ffs_buffer {
200 size_t length;
201 char *data;
202 char storage[];
203};
204
205
206
207struct ffs_io_data {
208 bool aio;
209 bool read;
210
211 struct kiocb *kiocb;
212 struct iov_iter data;
213 const void *to_free;
214 char *buf;
215
216 struct mm_struct *mm;
217 struct work_struct work;
218
219 struct usb_ep *ep;
220 struct usb_request *req;
221
222 struct ffs_data *ffs;
223};
224
225struct ffs_desc_helper {
226 struct ffs_data *ffs;
227 unsigned interfaces_count;
228 unsigned eps_count;
229};
230
231static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
232static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
233
234static struct dentry *
235ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
236 const struct file_operations *fops);
237
238
239
240DEFINE_MUTEX(ffs_lock);
241EXPORT_SYMBOL_GPL(ffs_lock);
242
243static struct ffs_dev *_ffs_find_dev(const char *name);
244static struct ffs_dev *_ffs_alloc_dev(void);
245static void _ffs_free_dev(struct ffs_dev *dev);
246static void *ffs_acquire_dev(const char *dev_name);
247static void ffs_release_dev(struct ffs_data *ffs_data);
248static int ffs_ready(struct ffs_data *ffs);
249static void ffs_closed(struct ffs_data *ffs);
250
251
252
253static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
254 __attribute__((warn_unused_result, nonnull));
255static char *ffs_prepare_buffer(const char __user *buf, size_t len)
256 __attribute__((warn_unused_result, nonnull));
257
258
259
260
261static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
262{
263 struct ffs_data *ffs = req->context;
264
265 complete(&ffs->ep0req_completion);
266}
267
268static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
269 __releases(&ffs->ev.waitq.lock)
270{
271 struct usb_request *req = ffs->ep0req;
272 int ret;
273
274 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
275
276 spin_unlock_irq(&ffs->ev.waitq.lock);
277
278 req->buf = data;
279 req->length = len;
280
281
282
283
284
285
286 if (req->buf == NULL)
287 req->buf = (void *)0xDEADBABE;
288
289 reinit_completion(&ffs->ep0req_completion);
290
291 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
292 if (unlikely(ret < 0))
293 return ret;
294
295 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
296 if (unlikely(ret)) {
297 usb_ep_dequeue(ffs->gadget->ep0, req);
298 return -EINTR;
299 }
300
301 ffs->setup_state = FFS_NO_SETUP;
302 return req->status ? req->status : req->actual;
303}
304
305static int __ffs_ep0_stall(struct ffs_data *ffs)
306{
307 if (ffs->ev.can_stall) {
308 pr_vdebug("ep0 stall\n");
309 usb_ep_set_halt(ffs->gadget->ep0);
310 ffs->setup_state = FFS_NO_SETUP;
311 return -EL2HLT;
312 } else {
313 pr_debug("bogus ep0 stall!\n");
314 return -ESRCH;
315 }
316}
317
318static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
319 size_t len, loff_t *ptr)
320{
321 struct ffs_data *ffs = file->private_data;
322 ssize_t ret;
323 char *data;
324
325 ENTER();
326
327
328 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
329 return -EIDRM;
330
331
332 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
333 if (unlikely(ret < 0))
334 return ret;
335
336
337 switch (ffs->state) {
338 case FFS_READ_DESCRIPTORS:
339 case FFS_READ_STRINGS:
340
341 if (unlikely(len < 16)) {
342 ret = -EINVAL;
343 break;
344 }
345
346 data = ffs_prepare_buffer(buf, len);
347 if (IS_ERR(data)) {
348 ret = PTR_ERR(data);
349 break;
350 }
351
352
353 if (ffs->state == FFS_READ_DESCRIPTORS) {
354 pr_info("read descriptors\n");
355 ret = __ffs_data_got_descs(ffs, data, len);
356 if (unlikely(ret < 0))
357 break;
358
359 ffs->state = FFS_READ_STRINGS;
360 ret = len;
361 } else {
362 pr_info("read strings\n");
363 ret = __ffs_data_got_strings(ffs, data, len);
364 if (unlikely(ret < 0))
365 break;
366
367 ret = ffs_epfiles_create(ffs);
368 if (unlikely(ret)) {
369 ffs->state = FFS_CLOSING;
370 break;
371 }
372
373 ffs->state = FFS_ACTIVE;
374 mutex_unlock(&ffs->mutex);
375
376 ret = ffs_ready(ffs);
377 if (unlikely(ret < 0)) {
378 ffs->state = FFS_CLOSING;
379 return ret;
380 }
381
382 return len;
383 }
384 break;
385
386 case FFS_ACTIVE:
387 data = NULL;
388
389
390
391
392 spin_lock_irq(&ffs->ev.waitq.lock);
393 switch (ffs_setup_state_clear_cancelled(ffs)) {
394 case FFS_SETUP_CANCELLED:
395 ret = -EIDRM;
396 goto done_spin;
397
398 case FFS_NO_SETUP:
399 ret = -ESRCH;
400 goto done_spin;
401
402 case FFS_SETUP_PENDING:
403 break;
404 }
405
406
407 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
408 spin_unlock_irq(&ffs->ev.waitq.lock);
409 ret = __ffs_ep0_stall(ffs);
410 break;
411 }
412
413
414 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
415
416 spin_unlock_irq(&ffs->ev.waitq.lock);
417
418 data = ffs_prepare_buffer(buf, len);
419 if (IS_ERR(data)) {
420 ret = PTR_ERR(data);
421 break;
422 }
423
424 spin_lock_irq(&ffs->ev.waitq.lock);
425
426
427
428
429
430
431
432
433
434
435
436
437
438 if (ffs_setup_state_clear_cancelled(ffs) ==
439 FFS_SETUP_CANCELLED) {
440 ret = -EIDRM;
441done_spin:
442 spin_unlock_irq(&ffs->ev.waitq.lock);
443 } else {
444
445 ret = __ffs_ep0_queue_wait(ffs, data, len);
446 }
447 kfree(data);
448 break;
449
450 default:
451 ret = -EBADFD;
452 break;
453 }
454
455 mutex_unlock(&ffs->mutex);
456 return ret;
457}
458
459
460static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
461 size_t n)
462 __releases(&ffs->ev.waitq.lock)
463{
464
465
466
467
468
469 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
470 const size_t size = n * sizeof *events;
471 unsigned i = 0;
472
473 memset(events, 0, size);
474
475 do {
476 events[i].type = ffs->ev.types[i];
477 if (events[i].type == FUNCTIONFS_SETUP) {
478 events[i].u.setup = ffs->ev.setup;
479 ffs->setup_state = FFS_SETUP_PENDING;
480 }
481 } while (++i < n);
482
483 ffs->ev.count -= n;
484 if (ffs->ev.count)
485 memmove(ffs->ev.types, ffs->ev.types + n,
486 ffs->ev.count * sizeof *ffs->ev.types);
487
488 spin_unlock_irq(&ffs->ev.waitq.lock);
489 mutex_unlock(&ffs->mutex);
490
491 return unlikely(copy_to_user(buf, events, size)) ? -EFAULT : size;
492}
493
494static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
495 size_t len, loff_t *ptr)
496{
497 struct ffs_data *ffs = file->private_data;
498 char *data = NULL;
499 size_t n;
500 int ret;
501
502 ENTER();
503
504
505 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
506 return -EIDRM;
507
508
509 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
510 if (unlikely(ret < 0))
511 return ret;
512
513
514 if (ffs->state != FFS_ACTIVE) {
515 ret = -EBADFD;
516 goto done_mutex;
517 }
518
519
520
521
522
523 spin_lock_irq(&ffs->ev.waitq.lock);
524
525 switch (ffs_setup_state_clear_cancelled(ffs)) {
526 case FFS_SETUP_CANCELLED:
527 ret = -EIDRM;
528 break;
529
530 case FFS_NO_SETUP:
531 n = len / sizeof(struct usb_functionfs_event);
532 if (unlikely(!n)) {
533 ret = -EINVAL;
534 break;
535 }
536
537 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
538 ret = -EAGAIN;
539 break;
540 }
541
542 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
543 ffs->ev.count)) {
544 ret = -EINTR;
545 break;
546 }
547
548
549 return __ffs_ep0_read_events(ffs, buf,
550 min(n, (size_t)ffs->ev.count));
551
552 case FFS_SETUP_PENDING:
553 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
554 spin_unlock_irq(&ffs->ev.waitq.lock);
555 ret = __ffs_ep0_stall(ffs);
556 goto done_mutex;
557 }
558
559 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
560
561 spin_unlock_irq(&ffs->ev.waitq.lock);
562
563 if (likely(len)) {
564 data = kmalloc(len, GFP_KERNEL);
565 if (unlikely(!data)) {
566 ret = -ENOMEM;
567 goto done_mutex;
568 }
569 }
570
571 spin_lock_irq(&ffs->ev.waitq.lock);
572
573
574 if (ffs_setup_state_clear_cancelled(ffs) ==
575 FFS_SETUP_CANCELLED) {
576 ret = -EIDRM;
577 break;
578 }
579
580
581 ret = __ffs_ep0_queue_wait(ffs, data, len);
582 if (likely(ret > 0) && unlikely(copy_to_user(buf, data, len)))
583 ret = -EFAULT;
584 goto done_mutex;
585
586 default:
587 ret = -EBADFD;
588 break;
589 }
590
591 spin_unlock_irq(&ffs->ev.waitq.lock);
592done_mutex:
593 mutex_unlock(&ffs->mutex);
594 kfree(data);
595 return ret;
596}
597
598static int ffs_ep0_open(struct inode *inode, struct file *file)
599{
600 struct ffs_data *ffs = inode->i_private;
601
602 ENTER();
603
604 if (unlikely(ffs->state == FFS_CLOSING))
605 return -EBUSY;
606
607 file->private_data = ffs;
608 ffs_data_opened(ffs);
609
610 return 0;
611}
612
613static int ffs_ep0_release(struct inode *inode, struct file *file)
614{
615 struct ffs_data *ffs = file->private_data;
616
617 ENTER();
618
619 ffs_data_closed(ffs);
620
621 return 0;
622}
623
624static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
625{
626 struct ffs_data *ffs = file->private_data;
627 struct usb_gadget *gadget = ffs->gadget;
628 long ret;
629
630 ENTER();
631
632 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
633 struct ffs_function *func = ffs->func;
634 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
635 } else if (gadget && gadget->ops->ioctl) {
636 ret = gadget->ops->ioctl(gadget, code, value);
637 } else {
638 ret = -ENOTTY;
639 }
640
641 return ret;
642}
643
644static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
645{
646 struct ffs_data *ffs = file->private_data;
647 __poll_t mask = EPOLLWRNORM;
648 int ret;
649
650 poll_wait(file, &ffs->ev.waitq, wait);
651
652 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
653 if (unlikely(ret < 0))
654 return mask;
655
656 switch (ffs->state) {
657 case FFS_READ_DESCRIPTORS:
658 case FFS_READ_STRINGS:
659 mask |= EPOLLOUT;
660 break;
661
662 case FFS_ACTIVE:
663 switch (ffs->setup_state) {
664 case FFS_NO_SETUP:
665 if (ffs->ev.count)
666 mask |= EPOLLIN;
667 break;
668
669 case FFS_SETUP_PENDING:
670 case FFS_SETUP_CANCELLED:
671 mask |= (EPOLLIN | EPOLLOUT);
672 break;
673 }
674 case FFS_CLOSING:
675 break;
676 case FFS_DEACTIVATED:
677 break;
678 }
679
680 mutex_unlock(&ffs->mutex);
681
682 return mask;
683}
684
685static const struct file_operations ffs_ep0_operations = {
686 .llseek = no_llseek,
687
688 .open = ffs_ep0_open,
689 .write = ffs_ep0_write,
690 .read = ffs_ep0_read,
691 .release = ffs_ep0_release,
692 .unlocked_ioctl = ffs_ep0_ioctl,
693 .poll = ffs_ep0_poll,
694};
695
696
697
698
699static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
700{
701 ENTER();
702 if (likely(req->context)) {
703 struct ffs_ep *ep = _ep->driver_data;
704 ep->status = req->status ? req->status : req->actual;
705 complete(req->context);
706 }
707}
708
709static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
710{
711 ssize_t ret = copy_to_iter(data, data_len, iter);
712 if (likely(ret == data_len))
713 return ret;
714
715 if (unlikely(iov_iter_count(iter)))
716 return -EFAULT;
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
746 "Align read buffer size to max packet size to avoid the problem.\n",
747 data_len, ret);
748
749 return ret;
750}
751
752static void ffs_user_copy_worker(struct work_struct *work)
753{
754 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
755 work);
756 int ret = io_data->req->status ? io_data->req->status :
757 io_data->req->actual;
758 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
759
760 if (io_data->read && ret > 0) {
761 use_mm(io_data->mm);
762 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
763 unuse_mm(io_data->mm);
764 }
765
766 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
767
768 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
769 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
770
771 usb_ep_free_request(io_data->ep, io_data->req);
772
773 if (io_data->read)
774 kfree(io_data->to_free);
775 kfree(io_data->buf);
776 kfree(io_data);
777}
778
779static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
780 struct usb_request *req)
781{
782 struct ffs_io_data *io_data = req->context;
783 struct ffs_data *ffs = io_data->ffs;
784
785 ENTER();
786
787 INIT_WORK(&io_data->work, ffs_user_copy_worker);
788 queue_work(ffs->io_completion_wq, &io_data->work);
789}
790
791static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
792{
793
794
795
796
797 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
798 if (buf && buf != READ_BUFFER_DROP)
799 kfree(buf);
800}
801
802
803static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
804 struct iov_iter *iter)
805{
806
807
808
809
810
811 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
812 ssize_t ret;
813 if (!buf || buf == READ_BUFFER_DROP)
814 return 0;
815
816 ret = copy_to_iter(buf->data, buf->length, iter);
817 if (buf->length == ret) {
818 kfree(buf);
819 return ret;
820 }
821
822 if (unlikely(iov_iter_count(iter))) {
823 ret = -EFAULT;
824 } else {
825 buf->length -= ret;
826 buf->data += ret;
827 }
828
829 if (cmpxchg(&epfile->read_buffer, NULL, buf))
830 kfree(buf);
831
832 return ret;
833}
834
835
836static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
837 void *data, int data_len,
838 struct iov_iter *iter)
839{
840 struct ffs_buffer *buf;
841
842 ssize_t ret = copy_to_iter(data, data_len, iter);
843 if (likely(data_len == ret))
844 return ret;
845
846 if (unlikely(iov_iter_count(iter)))
847 return -EFAULT;
848
849
850 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
851 data_len, ret);
852
853 data_len -= ret;
854 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
855 if (!buf)
856 return -ENOMEM;
857 buf->length = data_len;
858 buf->data = buf->storage;
859 memcpy(buf->storage, data + ret, data_len);
860
861
862
863
864
865
866
867 if (unlikely(cmpxchg(&epfile->read_buffer, NULL, buf)))
868 kfree(buf);
869
870 return ret;
871}
872
873static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
874{
875 struct ffs_epfile *epfile = file->private_data;
876 struct usb_request *req;
877 struct ffs_ep *ep;
878 char *data = NULL;
879 ssize_t ret, data_len = -EINVAL;
880 int halt;
881
882
883 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
884 return -ENODEV;
885
886
887 ep = epfile->ep;
888 if (!ep) {
889 if (file->f_flags & O_NONBLOCK)
890 return -EAGAIN;
891
892 ret = wait_event_interruptible(
893 epfile->ffs->wait, (ep = epfile->ep));
894 if (ret)
895 return -EINTR;
896 }
897
898
899 halt = (!io_data->read == !epfile->in);
900 if (halt && epfile->isoc)
901 return -EINVAL;
902
903
904 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
905 if (unlikely(ret))
906 goto error;
907
908
909 if (!halt) {
910 struct usb_gadget *gadget;
911
912
913
914
915
916
917
918
919 if (!io_data->aio && io_data->read) {
920 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
921 if (ret)
922 goto error_mutex;
923 }
924
925
926
927
928
929
930 gadget = epfile->ffs->gadget;
931
932 spin_lock_irq(&epfile->ffs->eps_lock);
933
934 if (epfile->ep != ep) {
935 ret = -ESHUTDOWN;
936 goto error_lock;
937 }
938 data_len = iov_iter_count(&io_data->data);
939
940
941
942
943 if (io_data->read)
944 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
945 spin_unlock_irq(&epfile->ffs->eps_lock);
946
947 data = kmalloc(data_len, GFP_KERNEL);
948 if (unlikely(!data)) {
949 ret = -ENOMEM;
950 goto error_mutex;
951 }
952 if (!io_data->read &&
953 !copy_from_iter_full(data, data_len, &io_data->data)) {
954 ret = -EFAULT;
955 goto error_mutex;
956 }
957 }
958
959 spin_lock_irq(&epfile->ffs->eps_lock);
960
961 if (epfile->ep != ep) {
962
963 ret = -ESHUTDOWN;
964 } else if (halt) {
965 ret = usb_ep_set_halt(ep->ep);
966 if (!ret)
967 ret = -EBADMSG;
968 } else if (unlikely(data_len == -EINVAL)) {
969
970
971
972
973
974
975
976
977
978
979
980 WARN(1, "%s: data_len == -EINVAL\n", __func__);
981 ret = -EINVAL;
982 } else if (!io_data->aio) {
983 DECLARE_COMPLETION_ONSTACK(done);
984 bool interrupted = false;
985
986 req = ep->req;
987 req->buf = data;
988 req->length = data_len;
989
990 req->context = &done;
991 req->complete = ffs_epfile_io_complete;
992
993 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
994 if (unlikely(ret < 0))
995 goto error_lock;
996
997 spin_unlock_irq(&epfile->ffs->eps_lock);
998
999 if (unlikely(wait_for_completion_interruptible(&done))) {
1000
1001
1002
1003
1004
1005
1006 usb_ep_dequeue(ep->ep, req);
1007 interrupted = ep->status < 0;
1008 }
1009
1010 if (interrupted)
1011 ret = -EINTR;
1012 else if (io_data->read && ep->status > 0)
1013 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1014 &io_data->data);
1015 else
1016 ret = ep->status;
1017 goto error_mutex;
1018 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
1019 ret = -ENOMEM;
1020 } else {
1021 req->buf = data;
1022 req->length = data_len;
1023
1024 io_data->buf = data;
1025 io_data->ep = ep->ep;
1026 io_data->req = req;
1027 io_data->ffs = epfile->ffs;
1028
1029 req->context = io_data;
1030 req->complete = ffs_epfile_async_io_complete;
1031
1032 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1033 if (unlikely(ret)) {
1034 usb_ep_free_request(ep->ep, req);
1035 goto error_lock;
1036 }
1037
1038 ret = -EIOCBQUEUED;
1039
1040
1041
1042
1043 data = NULL;
1044 }
1045
1046error_lock:
1047 spin_unlock_irq(&epfile->ffs->eps_lock);
1048error_mutex:
1049 mutex_unlock(&epfile->mutex);
1050error:
1051 kfree(data);
1052 return ret;
1053}
1054
1055static int
1056ffs_epfile_open(struct inode *inode, struct file *file)
1057{
1058 struct ffs_epfile *epfile = inode->i_private;
1059
1060 ENTER();
1061
1062 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1063 return -ENODEV;
1064
1065 file->private_data = epfile;
1066 ffs_data_opened(epfile->ffs);
1067
1068 return 0;
1069}
1070
1071static int ffs_aio_cancel(struct kiocb *kiocb)
1072{
1073 struct ffs_io_data *io_data = kiocb->private;
1074 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1075 int value;
1076
1077 ENTER();
1078
1079 spin_lock_irq(&epfile->ffs->eps_lock);
1080
1081 if (likely(io_data && io_data->ep && io_data->req))
1082 value = usb_ep_dequeue(io_data->ep, io_data->req);
1083 else
1084 value = -EINVAL;
1085
1086 spin_unlock_irq(&epfile->ffs->eps_lock);
1087
1088 return value;
1089}
1090
1091static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
1092{
1093 struct ffs_io_data io_data, *p = &io_data;
1094 ssize_t res;
1095
1096 ENTER();
1097
1098 if (!is_sync_kiocb(kiocb)) {
1099 p = kmalloc(sizeof(io_data), GFP_KERNEL);
1100 if (unlikely(!p))
1101 return -ENOMEM;
1102 p->aio = true;
1103 } else {
1104 p->aio = false;
1105 }
1106
1107 p->read = false;
1108 p->kiocb = kiocb;
1109 p->data = *from;
1110 p->mm = current->mm;
1111
1112 kiocb->private = p;
1113
1114 if (p->aio)
1115 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1116
1117 res = ffs_epfile_io(kiocb->ki_filp, p);
1118 if (res == -EIOCBQUEUED)
1119 return res;
1120 if (p->aio)
1121 kfree(p);
1122 else
1123 *from = p->data;
1124 return res;
1125}
1126
1127static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
1128{
1129 struct ffs_io_data io_data, *p = &io_data;
1130 ssize_t res;
1131
1132 ENTER();
1133
1134 if (!is_sync_kiocb(kiocb)) {
1135 p = kmalloc(sizeof(io_data), GFP_KERNEL);
1136 if (unlikely(!p))
1137 return -ENOMEM;
1138 p->aio = true;
1139 } else {
1140 p->aio = false;
1141 }
1142
1143 p->read = true;
1144 p->kiocb = kiocb;
1145 if (p->aio) {
1146 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1147 if (!p->to_free) {
1148 kfree(p);
1149 return -ENOMEM;
1150 }
1151 } else {
1152 p->data = *to;
1153 p->to_free = NULL;
1154 }
1155 p->mm = current->mm;
1156
1157 kiocb->private = p;
1158
1159 if (p->aio)
1160 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1161
1162 res = ffs_epfile_io(kiocb->ki_filp, p);
1163 if (res == -EIOCBQUEUED)
1164 return res;
1165
1166 if (p->aio) {
1167 kfree(p->to_free);
1168 kfree(p);
1169 } else {
1170 *to = p->data;
1171 }
1172 return res;
1173}
1174
1175static int
1176ffs_epfile_release(struct inode *inode, struct file *file)
1177{
1178 struct ffs_epfile *epfile = inode->i_private;
1179
1180 ENTER();
1181
1182 __ffs_epfile_read_buffer_free(epfile);
1183 ffs_data_closed(epfile->ffs);
1184
1185 return 0;
1186}
1187
1188static long ffs_epfile_ioctl(struct file *file, unsigned code,
1189 unsigned long value)
1190{
1191 struct ffs_epfile *epfile = file->private_data;
1192 struct ffs_ep *ep;
1193 int ret;
1194
1195 ENTER();
1196
1197 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1198 return -ENODEV;
1199
1200
1201 ep = epfile->ep;
1202 if (!ep) {
1203 if (file->f_flags & O_NONBLOCK)
1204 return -EAGAIN;
1205
1206 ret = wait_event_interruptible(
1207 epfile->ffs->wait, (ep = epfile->ep));
1208 if (ret)
1209 return -EINTR;
1210 }
1211
1212 spin_lock_irq(&epfile->ffs->eps_lock);
1213
1214
1215 if (epfile->ep != ep) {
1216 spin_unlock_irq(&epfile->ffs->eps_lock);
1217 return -ESHUTDOWN;
1218 }
1219
1220 switch (code) {
1221 case FUNCTIONFS_FIFO_STATUS:
1222 ret = usb_ep_fifo_status(epfile->ep->ep);
1223 break;
1224 case FUNCTIONFS_FIFO_FLUSH:
1225 usb_ep_fifo_flush(epfile->ep->ep);
1226 ret = 0;
1227 break;
1228 case FUNCTIONFS_CLEAR_HALT:
1229 ret = usb_ep_clear_halt(epfile->ep->ep);
1230 break;
1231 case FUNCTIONFS_ENDPOINT_REVMAP:
1232 ret = epfile->ep->num;
1233 break;
1234 case FUNCTIONFS_ENDPOINT_DESC:
1235 {
1236 int desc_idx;
1237 struct usb_endpoint_descriptor *desc;
1238
1239 switch (epfile->ffs->gadget->speed) {
1240 case USB_SPEED_SUPER:
1241 desc_idx = 2;
1242 break;
1243 case USB_SPEED_HIGH:
1244 desc_idx = 1;
1245 break;
1246 default:
1247 desc_idx = 0;
1248 }
1249 desc = epfile->ep->descs[desc_idx];
1250
1251 spin_unlock_irq(&epfile->ffs->eps_lock);
1252 ret = copy_to_user((void __user *)value, desc, desc->bLength);
1253 if (ret)
1254 ret = -EFAULT;
1255 return ret;
1256 }
1257 default:
1258 ret = -ENOTTY;
1259 }
1260 spin_unlock_irq(&epfile->ffs->eps_lock);
1261
1262 return ret;
1263}
1264
1265static const struct file_operations ffs_epfile_operations = {
1266 .llseek = no_llseek,
1267
1268 .open = ffs_epfile_open,
1269 .write_iter = ffs_epfile_write_iter,
1270 .read_iter = ffs_epfile_read_iter,
1271 .release = ffs_epfile_release,
1272 .unlocked_ioctl = ffs_epfile_ioctl,
1273};
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283static struct inode *__must_check
1284ffs_sb_make_inode(struct super_block *sb, void *data,
1285 const struct file_operations *fops,
1286 const struct inode_operations *iops,
1287 struct ffs_file_perms *perms)
1288{
1289 struct inode *inode;
1290
1291 ENTER();
1292
1293 inode = new_inode(sb);
1294
1295 if (likely(inode)) {
1296 struct timespec ts = current_time(inode);
1297
1298 inode->i_ino = get_next_ino();
1299 inode->i_mode = perms->mode;
1300 inode->i_uid = perms->uid;
1301 inode->i_gid = perms->gid;
1302 inode->i_atime = ts;
1303 inode->i_mtime = ts;
1304 inode->i_ctime = ts;
1305 inode->i_private = data;
1306 if (fops)
1307 inode->i_fop = fops;
1308 if (iops)
1309 inode->i_op = iops;
1310 }
1311
1312 return inode;
1313}
1314
1315
1316static struct dentry *ffs_sb_create_file(struct super_block *sb,
1317 const char *name, void *data,
1318 const struct file_operations *fops)
1319{
1320 struct ffs_data *ffs = sb->s_fs_info;
1321 struct dentry *dentry;
1322 struct inode *inode;
1323
1324 ENTER();
1325
1326 dentry = d_alloc_name(sb->s_root, name);
1327 if (unlikely(!dentry))
1328 return NULL;
1329
1330 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1331 if (unlikely(!inode)) {
1332 dput(dentry);
1333 return NULL;
1334 }
1335
1336 d_add(dentry, inode);
1337 return dentry;
1338}
1339
1340
1341static const struct super_operations ffs_sb_operations = {
1342 .statfs = simple_statfs,
1343 .drop_inode = generic_delete_inode,
1344};
1345
1346struct ffs_sb_fill_data {
1347 struct ffs_file_perms perms;
1348 umode_t root_mode;
1349 const char *dev_name;
1350 bool no_disconnect;
1351 struct ffs_data *ffs_data;
1352};
1353
1354static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
1355{
1356 struct ffs_sb_fill_data *data = _data;
1357 struct inode *inode;
1358 struct ffs_data *ffs = data->ffs_data;
1359
1360 ENTER();
1361
1362 ffs->sb = sb;
1363 data->ffs_data = NULL;
1364 sb->s_fs_info = ffs;
1365 sb->s_blocksize = PAGE_SIZE;
1366 sb->s_blocksize_bits = PAGE_SHIFT;
1367 sb->s_magic = FUNCTIONFS_MAGIC;
1368 sb->s_op = &ffs_sb_operations;
1369 sb->s_time_gran = 1;
1370
1371
1372 data->perms.mode = data->root_mode;
1373 inode = ffs_sb_make_inode(sb, NULL,
1374 &simple_dir_operations,
1375 &simple_dir_inode_operations,
1376 &data->perms);
1377 sb->s_root = d_make_root(inode);
1378 if (unlikely(!sb->s_root))
1379 return -ENOMEM;
1380
1381
1382 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1383 &ffs_ep0_operations)))
1384 return -ENOMEM;
1385
1386 return 0;
1387}
1388
1389static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
1390{
1391 ENTER();
1392
1393 if (!opts || !*opts)
1394 return 0;
1395
1396 for (;;) {
1397 unsigned long value;
1398 char *eq, *comma;
1399
1400
1401 comma = strchr(opts, ',');
1402 if (comma)
1403 *comma = 0;
1404
1405
1406 eq = strchr(opts, '=');
1407 if (unlikely(!eq)) {
1408 pr_err("'=' missing in %s\n", opts);
1409 return -EINVAL;
1410 }
1411 *eq = 0;
1412
1413
1414 if (kstrtoul(eq + 1, 0, &value)) {
1415 pr_err("%s: invalid value: %s\n", opts, eq + 1);
1416 return -EINVAL;
1417 }
1418
1419
1420 switch (eq - opts) {
1421 case 13:
1422 if (!memcmp(opts, "no_disconnect", 13))
1423 data->no_disconnect = !!value;
1424 else
1425 goto invalid;
1426 break;
1427 case 5:
1428 if (!memcmp(opts, "rmode", 5))
1429 data->root_mode = (value & 0555) | S_IFDIR;
1430 else if (!memcmp(opts, "fmode", 5))
1431 data->perms.mode = (value & 0666) | S_IFREG;
1432 else
1433 goto invalid;
1434 break;
1435
1436 case 4:
1437 if (!memcmp(opts, "mode", 4)) {
1438 data->root_mode = (value & 0555) | S_IFDIR;
1439 data->perms.mode = (value & 0666) | S_IFREG;
1440 } else {
1441 goto invalid;
1442 }
1443 break;
1444
1445 case 3:
1446 if (!memcmp(opts, "uid", 3)) {
1447 data->perms.uid = make_kuid(current_user_ns(), value);
1448 if (!uid_valid(data->perms.uid)) {
1449 pr_err("%s: unmapped value: %lu\n", opts, value);
1450 return -EINVAL;
1451 }
1452 } else if (!memcmp(opts, "gid", 3)) {
1453 data->perms.gid = make_kgid(current_user_ns(), value);
1454 if (!gid_valid(data->perms.gid)) {
1455 pr_err("%s: unmapped value: %lu\n", opts, value);
1456 return -EINVAL;
1457 }
1458 } else {
1459 goto invalid;
1460 }
1461 break;
1462
1463 default:
1464invalid:
1465 pr_err("%s: invalid option\n", opts);
1466 return -EINVAL;
1467 }
1468
1469
1470 if (!comma)
1471 break;
1472 opts = comma + 1;
1473 }
1474
1475 return 0;
1476}
1477
1478
1479
1480static struct dentry *
1481ffs_fs_mount(struct file_system_type *t, int flags,
1482 const char *dev_name, void *opts)
1483{
1484 struct ffs_sb_fill_data data = {
1485 .perms = {
1486 .mode = S_IFREG | 0600,
1487 .uid = GLOBAL_ROOT_UID,
1488 .gid = GLOBAL_ROOT_GID,
1489 },
1490 .root_mode = S_IFDIR | 0500,
1491 .no_disconnect = false,
1492 };
1493 struct dentry *rv;
1494 int ret;
1495 void *ffs_dev;
1496 struct ffs_data *ffs;
1497
1498 ENTER();
1499
1500 ret = ffs_fs_parse_opts(&data, opts);
1501 if (unlikely(ret < 0))
1502 return ERR_PTR(ret);
1503
1504 ffs = ffs_data_new(dev_name);
1505 if (unlikely(!ffs))
1506 return ERR_PTR(-ENOMEM);
1507 ffs->file_perms = data.perms;
1508 ffs->no_disconnect = data.no_disconnect;
1509
1510 ffs->dev_name = kstrdup(dev_name, GFP_KERNEL);
1511 if (unlikely(!ffs->dev_name)) {
1512 ffs_data_put(ffs);
1513 return ERR_PTR(-ENOMEM);
1514 }
1515
1516 ffs_dev = ffs_acquire_dev(dev_name);
1517 if (IS_ERR(ffs_dev)) {
1518 ffs_data_put(ffs);
1519 return ERR_CAST(ffs_dev);
1520 }
1521 ffs->private_data = ffs_dev;
1522 data.ffs_data = ffs;
1523
1524 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1525 if (IS_ERR(rv) && data.ffs_data) {
1526 ffs_release_dev(data.ffs_data);
1527 ffs_data_put(data.ffs_data);
1528 }
1529 return rv;
1530}
1531
1532static void
1533ffs_fs_kill_sb(struct super_block *sb)
1534{
1535 ENTER();
1536
1537 kill_litter_super(sb);
1538 if (sb->s_fs_info) {
1539 ffs_release_dev(sb->s_fs_info);
1540 ffs_data_closed(sb->s_fs_info);
1541 }
1542}
1543
1544static struct file_system_type ffs_fs_type = {
1545 .owner = THIS_MODULE,
1546 .name = "functionfs",
1547 .mount = ffs_fs_mount,
1548 .kill_sb = ffs_fs_kill_sb,
1549};
1550MODULE_ALIAS_FS("functionfs");
1551
1552
1553
1554
1555static int functionfs_init(void)
1556{
1557 int ret;
1558
1559 ENTER();
1560
1561 ret = register_filesystem(&ffs_fs_type);
1562 if (likely(!ret))
1563 pr_info("file system registered\n");
1564 else
1565 pr_err("failed registering file system (%d)\n", ret);
1566
1567 return ret;
1568}
1569
1570static void functionfs_cleanup(void)
1571{
1572 ENTER();
1573
1574 pr_info("unloading\n");
1575 unregister_filesystem(&ffs_fs_type);
1576}
1577
1578
1579
1580
1581static void ffs_data_clear(struct ffs_data *ffs);
1582static void ffs_data_reset(struct ffs_data *ffs);
1583
1584static void ffs_data_get(struct ffs_data *ffs)
1585{
1586 ENTER();
1587
1588 refcount_inc(&ffs->ref);
1589}
1590
1591static void ffs_data_opened(struct ffs_data *ffs)
1592{
1593 ENTER();
1594
1595 refcount_inc(&ffs->ref);
1596 if (atomic_add_return(1, &ffs->opened) == 1 &&
1597 ffs->state == FFS_DEACTIVATED) {
1598 ffs->state = FFS_CLOSING;
1599 ffs_data_reset(ffs);
1600 }
1601}
1602
1603static void ffs_data_put(struct ffs_data *ffs)
1604{
1605 ENTER();
1606
1607 if (unlikely(refcount_dec_and_test(&ffs->ref))) {
1608 pr_info("%s(): freeing\n", __func__);
1609 ffs_data_clear(ffs);
1610 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1611 waitqueue_active(&ffs->ep0req_completion.wait) ||
1612 waitqueue_active(&ffs->wait));
1613 destroy_workqueue(ffs->io_completion_wq);
1614 kfree(ffs->dev_name);
1615 kfree(ffs);
1616 }
1617}
1618
1619static void ffs_data_closed(struct ffs_data *ffs)
1620{
1621 ENTER();
1622
1623 if (atomic_dec_and_test(&ffs->opened)) {
1624 if (ffs->no_disconnect) {
1625 ffs->state = FFS_DEACTIVATED;
1626 if (ffs->epfiles) {
1627 ffs_epfiles_destroy(ffs->epfiles,
1628 ffs->eps_count);
1629 ffs->epfiles = NULL;
1630 }
1631 if (ffs->setup_state == FFS_SETUP_PENDING)
1632 __ffs_ep0_stall(ffs);
1633 } else {
1634 ffs->state = FFS_CLOSING;
1635 ffs_data_reset(ffs);
1636 }
1637 }
1638 if (atomic_read(&ffs->opened) < 0) {
1639 ffs->state = FFS_CLOSING;
1640 ffs_data_reset(ffs);
1641 }
1642
1643 ffs_data_put(ffs);
1644}
1645
1646static struct ffs_data *ffs_data_new(const char *dev_name)
1647{
1648 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1649 if (unlikely(!ffs))
1650 return NULL;
1651
1652 ENTER();
1653
1654 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1655 if (!ffs->io_completion_wq) {
1656 kfree(ffs);
1657 return NULL;
1658 }
1659
1660 refcount_set(&ffs->ref, 1);
1661 atomic_set(&ffs->opened, 0);
1662 ffs->state = FFS_READ_DESCRIPTORS;
1663 mutex_init(&ffs->mutex);
1664 spin_lock_init(&ffs->eps_lock);
1665 init_waitqueue_head(&ffs->ev.waitq);
1666 init_waitqueue_head(&ffs->wait);
1667 init_completion(&ffs->ep0req_completion);
1668
1669
1670 ffs->ev.can_stall = 1;
1671
1672 return ffs;
1673}
1674
1675static void ffs_data_clear(struct ffs_data *ffs)
1676{
1677 ENTER();
1678
1679 ffs_closed(ffs);
1680
1681 BUG_ON(ffs->gadget);
1682
1683 if (ffs->epfiles)
1684 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1685
1686 if (ffs->ffs_eventfd)
1687 eventfd_ctx_put(ffs->ffs_eventfd);
1688
1689 kfree(ffs->raw_descs_data);
1690 kfree(ffs->raw_strings);
1691 kfree(ffs->stringtabs);
1692}
1693
1694static void ffs_data_reset(struct ffs_data *ffs)
1695{
1696 ENTER();
1697
1698 ffs_data_clear(ffs);
1699
1700 ffs->epfiles = NULL;
1701 ffs->raw_descs_data = NULL;
1702 ffs->raw_descs = NULL;
1703 ffs->raw_strings = NULL;
1704 ffs->stringtabs = NULL;
1705
1706 ffs->raw_descs_length = 0;
1707 ffs->fs_descs_count = 0;
1708 ffs->hs_descs_count = 0;
1709 ffs->ss_descs_count = 0;
1710
1711 ffs->strings_count = 0;
1712 ffs->interfaces_count = 0;
1713 ffs->eps_count = 0;
1714
1715 ffs->ev.count = 0;
1716
1717 ffs->state = FFS_READ_DESCRIPTORS;
1718 ffs->setup_state = FFS_NO_SETUP;
1719 ffs->flags = 0;
1720}
1721
1722
1723static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1724{
1725 struct usb_gadget_strings **lang;
1726 int first_id;
1727
1728 ENTER();
1729
1730 if (WARN_ON(ffs->state != FFS_ACTIVE
1731 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1732 return -EBADFD;
1733
1734 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1735 if (unlikely(first_id < 0))
1736 return first_id;
1737
1738 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1739 if (unlikely(!ffs->ep0req))
1740 return -ENOMEM;
1741 ffs->ep0req->complete = ffs_ep0_complete;
1742 ffs->ep0req->context = ffs;
1743
1744 lang = ffs->stringtabs;
1745 if (lang) {
1746 for (; *lang; ++lang) {
1747 struct usb_string *str = (*lang)->strings;
1748 int id = first_id;
1749 for (; str->s; ++id, ++str)
1750 str->id = id;
1751 }
1752 }
1753
1754 ffs->gadget = cdev->gadget;
1755 ffs_data_get(ffs);
1756 return 0;
1757}
1758
1759static void functionfs_unbind(struct ffs_data *ffs)
1760{
1761 ENTER();
1762
1763 if (!WARN_ON(!ffs->gadget)) {
1764 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1765 ffs->ep0req = NULL;
1766 ffs->gadget = NULL;
1767 clear_bit(FFS_FL_BOUND, &ffs->flags);
1768 ffs_data_put(ffs);
1769 }
1770}
1771
1772static int ffs_epfiles_create(struct ffs_data *ffs)
1773{
1774 struct ffs_epfile *epfile, *epfiles;
1775 unsigned i, count;
1776
1777 ENTER();
1778
1779 count = ffs->eps_count;
1780 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1781 if (!epfiles)
1782 return -ENOMEM;
1783
1784 epfile = epfiles;
1785 for (i = 1; i <= count; ++i, ++epfile) {
1786 epfile->ffs = ffs;
1787 mutex_init(&epfile->mutex);
1788 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1789 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1790 else
1791 sprintf(epfile->name, "ep%u", i);
1792 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1793 epfile,
1794 &ffs_epfile_operations);
1795 if (unlikely(!epfile->dentry)) {
1796 ffs_epfiles_destroy(epfiles, i - 1);
1797 return -ENOMEM;
1798 }
1799 }
1800
1801 ffs->epfiles = epfiles;
1802 return 0;
1803}
1804
1805static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1806{
1807 struct ffs_epfile *epfile = epfiles;
1808
1809 ENTER();
1810
1811 for (; count; --count, ++epfile) {
1812 BUG_ON(mutex_is_locked(&epfile->mutex));
1813 if (epfile->dentry) {
1814 d_delete(epfile->dentry);
1815 dput(epfile->dentry);
1816 epfile->dentry = NULL;
1817 }
1818 }
1819
1820 kfree(epfiles);
1821}
1822
1823static void ffs_func_eps_disable(struct ffs_function *func)
1824{
1825 struct ffs_ep *ep = func->eps;
1826 struct ffs_epfile *epfile = func->ffs->epfiles;
1827 unsigned count = func->ffs->eps_count;
1828 unsigned long flags;
1829
1830 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1831 while (count--) {
1832
1833 if (likely(ep->ep))
1834 usb_ep_disable(ep->ep);
1835 ++ep;
1836
1837 if (epfile) {
1838 epfile->ep = NULL;
1839 __ffs_epfile_read_buffer_free(epfile);
1840 ++epfile;
1841 }
1842 }
1843 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1844}
1845
1846static int ffs_func_eps_enable(struct ffs_function *func)
1847{
1848 struct ffs_data *ffs = func->ffs;
1849 struct ffs_ep *ep = func->eps;
1850 struct ffs_epfile *epfile = ffs->epfiles;
1851 unsigned count = ffs->eps_count;
1852 unsigned long flags;
1853 int ret = 0;
1854
1855 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1856 while(count--) {
1857 ep->ep->driver_data = ep;
1858
1859 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1860 if (ret) {
1861 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1862 __func__, ep->ep->name, ret);
1863 break;
1864 }
1865
1866 ret = usb_ep_enable(ep->ep);
1867 if (likely(!ret)) {
1868 epfile->ep = ep;
1869 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1870 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
1871 } else {
1872 break;
1873 }
1874
1875 ++ep;
1876 ++epfile;
1877 }
1878
1879 wake_up_interruptible(&ffs->wait);
1880 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1881
1882 return ret;
1883}
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895enum ffs_entity_type {
1896 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1897};
1898
1899enum ffs_os_desc_type {
1900 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
1901};
1902
1903typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1904 u8 *valuep,
1905 struct usb_descriptor_header *desc,
1906 void *priv);
1907
1908typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
1909 struct usb_os_desc_header *h, void *data,
1910 unsigned len, void *priv);
1911
1912static int __must_check ffs_do_single_desc(char *data, unsigned len,
1913 ffs_entity_callback entity,
1914 void *priv)
1915{
1916 struct usb_descriptor_header *_ds = (void *)data;
1917 u8 length;
1918 int ret;
1919
1920 ENTER();
1921
1922
1923 if (len < 2) {
1924 pr_vdebug("descriptor too short\n");
1925 return -EINVAL;
1926 }
1927
1928
1929 length = _ds->bLength;
1930 if (len < length) {
1931 pr_vdebug("descriptor longer then available data\n");
1932 return -EINVAL;
1933 }
1934
1935#define __entity_check_INTERFACE(val) 1
1936#define __entity_check_STRING(val) (val)
1937#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1938#define __entity(type, val) do { \
1939 pr_vdebug("entity " #type "(%02x)\n", (val)); \
1940 if (unlikely(!__entity_check_ ##type(val))) { \
1941 pr_vdebug("invalid entity's value\n"); \
1942 return -EINVAL; \
1943 } \
1944 ret = entity(FFS_ ##type, &val, _ds, priv); \
1945 if (unlikely(ret < 0)) { \
1946 pr_debug("entity " #type "(%02x); ret = %d\n", \
1947 (val), ret); \
1948 return ret; \
1949 } \
1950 } while (0)
1951
1952
1953 switch (_ds->bDescriptorType) {
1954 case USB_DT_DEVICE:
1955 case USB_DT_CONFIG:
1956 case USB_DT_STRING:
1957 case USB_DT_DEVICE_QUALIFIER:
1958
1959 pr_vdebug("descriptor reserved for gadget: %d\n",
1960 _ds->bDescriptorType);
1961 return -EINVAL;
1962
1963 case USB_DT_INTERFACE: {
1964 struct usb_interface_descriptor *ds = (void *)_ds;
1965 pr_vdebug("interface descriptor\n");
1966 if (length != sizeof *ds)
1967 goto inv_length;
1968
1969 __entity(INTERFACE, ds->bInterfaceNumber);
1970 if (ds->iInterface)
1971 __entity(STRING, ds->iInterface);
1972 }
1973 break;
1974
1975 case USB_DT_ENDPOINT: {
1976 struct usb_endpoint_descriptor *ds = (void *)_ds;
1977 pr_vdebug("endpoint descriptor\n");
1978 if (length != USB_DT_ENDPOINT_SIZE &&
1979 length != USB_DT_ENDPOINT_AUDIO_SIZE)
1980 goto inv_length;
1981 __entity(ENDPOINT, ds->bEndpointAddress);
1982 }
1983 break;
1984
1985 case HID_DT_HID:
1986 pr_vdebug("hid descriptor\n");
1987 if (length != sizeof(struct hid_descriptor))
1988 goto inv_length;
1989 break;
1990
1991 case USB_DT_OTG:
1992 if (length != sizeof(struct usb_otg_descriptor))
1993 goto inv_length;
1994 break;
1995
1996 case USB_DT_INTERFACE_ASSOCIATION: {
1997 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
1998 pr_vdebug("interface association descriptor\n");
1999 if (length != sizeof *ds)
2000 goto inv_length;
2001 if (ds->iFunction)
2002 __entity(STRING, ds->iFunction);
2003 }
2004 break;
2005
2006 case USB_DT_SS_ENDPOINT_COMP:
2007 pr_vdebug("EP SS companion descriptor\n");
2008 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2009 goto inv_length;
2010 break;
2011
2012 case USB_DT_OTHER_SPEED_CONFIG:
2013 case USB_DT_INTERFACE_POWER:
2014 case USB_DT_DEBUG:
2015 case USB_DT_SECURITY:
2016 case USB_DT_CS_RADIO_CONTROL:
2017
2018 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2019 return -EINVAL;
2020
2021 default:
2022
2023 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2024 return -EINVAL;
2025
2026inv_length:
2027 pr_vdebug("invalid length: %d (descriptor %d)\n",
2028 _ds->bLength, _ds->bDescriptorType);
2029 return -EINVAL;
2030 }
2031
2032#undef __entity
2033#undef __entity_check_DESCRIPTOR
2034#undef __entity_check_INTERFACE
2035#undef __entity_check_STRING
2036#undef __entity_check_ENDPOINT
2037
2038 return length;
2039}
2040
2041static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2042 ffs_entity_callback entity, void *priv)
2043{
2044 const unsigned _len = len;
2045 unsigned long num = 0;
2046
2047 ENTER();
2048
2049 for (;;) {
2050 int ret;
2051
2052 if (num == count)
2053 data = NULL;
2054
2055
2056 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2057 if (unlikely(ret < 0)) {
2058 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2059 num, ret);
2060 return ret;
2061 }
2062
2063 if (!data)
2064 return _len - len;
2065
2066 ret = ffs_do_single_desc(data, len, entity, priv);
2067 if (unlikely(ret < 0)) {
2068 pr_debug("%s returns %d\n", __func__, ret);
2069 return ret;
2070 }
2071
2072 len -= ret;
2073 data += ret;
2074 ++num;
2075 }
2076}
2077
2078static int __ffs_data_do_entity(enum ffs_entity_type type,
2079 u8 *valuep, struct usb_descriptor_header *desc,
2080 void *priv)
2081{
2082 struct ffs_desc_helper *helper = priv;
2083 struct usb_endpoint_descriptor *d;
2084
2085 ENTER();
2086
2087 switch (type) {
2088 case FFS_DESCRIPTOR:
2089 break;
2090
2091 case FFS_INTERFACE:
2092
2093
2094
2095
2096
2097 if (*valuep >= helper->interfaces_count)
2098 helper->interfaces_count = *valuep + 1;
2099 break;
2100
2101 case FFS_STRING:
2102
2103
2104
2105
2106 if (*valuep > helper->ffs->strings_count)
2107 helper->ffs->strings_count = *valuep;
2108 break;
2109
2110 case FFS_ENDPOINT:
2111 d = (void *)desc;
2112 helper->eps_count++;
2113 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
2114 return -EINVAL;
2115
2116 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2117 helper->ffs->eps_addrmap[helper->eps_count] =
2118 d->bEndpointAddress;
2119 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2120 d->bEndpointAddress)
2121 return -EINVAL;
2122 break;
2123 }
2124
2125 return 0;
2126}
2127
2128static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2129 struct usb_os_desc_header *desc)
2130{
2131 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2132 u16 w_index = le16_to_cpu(desc->wIndex);
2133
2134 if (bcd_version != 1) {
2135 pr_vdebug("unsupported os descriptors version: %d",
2136 bcd_version);
2137 return -EINVAL;
2138 }
2139 switch (w_index) {
2140 case 0x4:
2141 *next_type = FFS_OS_DESC_EXT_COMPAT;
2142 break;
2143 case 0x5:
2144 *next_type = FFS_OS_DESC_EXT_PROP;
2145 break;
2146 default:
2147 pr_vdebug("unsupported os descriptor type: %d", w_index);
2148 return -EINVAL;
2149 }
2150
2151 return sizeof(*desc);
2152}
2153
2154
2155
2156
2157
2158static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2159 enum ffs_os_desc_type type,
2160 u16 feature_count,
2161 ffs_os_desc_callback entity,
2162 void *priv,
2163 struct usb_os_desc_header *h)
2164{
2165 int ret;
2166 const unsigned _len = len;
2167
2168 ENTER();
2169
2170
2171 while (feature_count--) {
2172 ret = entity(type, h, data, len, priv);
2173 if (unlikely(ret < 0)) {
2174 pr_debug("bad OS descriptor, type: %d\n", type);
2175 return ret;
2176 }
2177 data += ret;
2178 len -= ret;
2179 }
2180 return _len - len;
2181}
2182
2183
2184static int __must_check ffs_do_os_descs(unsigned count,
2185 char *data, unsigned len,
2186 ffs_os_desc_callback entity, void *priv)
2187{
2188 const unsigned _len = len;
2189 unsigned long num = 0;
2190
2191 ENTER();
2192
2193 for (num = 0; num < count; ++num) {
2194 int ret;
2195 enum ffs_os_desc_type type;
2196 u16 feature_count;
2197 struct usb_os_desc_header *desc = (void *)data;
2198
2199 if (len < sizeof(*desc))
2200 return -EINVAL;
2201
2202
2203
2204
2205
2206
2207
2208
2209 if (le32_to_cpu(desc->dwLength) > len)
2210 return -EINVAL;
2211
2212 ret = __ffs_do_os_desc_header(&type, desc);
2213 if (unlikely(ret < 0)) {
2214 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2215 num, ret);
2216 return ret;
2217 }
2218
2219
2220
2221 feature_count = le16_to_cpu(desc->wCount);
2222 if (type == FFS_OS_DESC_EXT_COMPAT &&
2223 (feature_count > 255 || desc->Reserved))
2224 return -EINVAL;
2225 len -= ret;
2226 data += ret;
2227
2228
2229
2230
2231
2232 ret = ffs_do_single_os_desc(data, len, type,
2233 feature_count, entity, priv, desc);
2234 if (unlikely(ret < 0)) {
2235 pr_debug("%s returns %d\n", __func__, ret);
2236 return ret;
2237 }
2238
2239 len -= ret;
2240 data += ret;
2241 }
2242 return _len - len;
2243}
2244
2245
2246
2247
2248static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2249 struct usb_os_desc_header *h, void *data,
2250 unsigned len, void *priv)
2251{
2252 struct ffs_data *ffs = priv;
2253 u8 length;
2254
2255 ENTER();
2256
2257 switch (type) {
2258 case FFS_OS_DESC_EXT_COMPAT: {
2259 struct usb_ext_compat_desc *d = data;
2260 int i;
2261
2262 if (len < sizeof(*d) ||
2263 d->bFirstInterfaceNumber >= ffs->interfaces_count)
2264 return -EINVAL;
2265 if (d->Reserved1 != 1) {
2266
2267
2268
2269
2270
2271
2272 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2273 d->Reserved1 = 1;
2274 }
2275 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2276 if (d->Reserved2[i])
2277 return -EINVAL;
2278
2279 length = sizeof(struct usb_ext_compat_desc);
2280 }
2281 break;
2282 case FFS_OS_DESC_EXT_PROP: {
2283 struct usb_ext_prop_desc *d = data;
2284 u32 type, pdl;
2285 u16 pnl;
2286
2287 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2288 return -EINVAL;
2289 length = le32_to_cpu(d->dwSize);
2290 if (len < length)
2291 return -EINVAL;
2292 type = le32_to_cpu(d->dwPropertyDataType);
2293 if (type < USB_EXT_PROP_UNICODE ||
2294 type > USB_EXT_PROP_UNICODE_MULTI) {
2295 pr_vdebug("unsupported os descriptor property type: %d",
2296 type);
2297 return -EINVAL;
2298 }
2299 pnl = le16_to_cpu(d->wPropertyNameLength);
2300 if (length < 14 + pnl) {
2301 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2302 length, pnl, type);
2303 return -EINVAL;
2304 }
2305 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
2306 if (length != 14 + pnl + pdl) {
2307 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2308 length, pnl, pdl, type);
2309 return -EINVAL;
2310 }
2311 ++ffs->ms_os_descs_ext_prop_count;
2312
2313 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2314 ffs->ms_os_descs_ext_prop_data_len += pdl;
2315 }
2316 break;
2317 default:
2318 pr_vdebug("unknown descriptor: %d\n", type);
2319 return -EINVAL;
2320 }
2321 return length;
2322}
2323
2324static int __ffs_data_got_descs(struct ffs_data *ffs,
2325 char *const _data, size_t len)
2326{
2327 char *data = _data, *raw_descs;
2328 unsigned os_descs_count = 0, counts[3], flags;
2329 int ret = -EINVAL, i;
2330 struct ffs_desc_helper helper;
2331
2332 ENTER();
2333
2334 if (get_unaligned_le32(data + 4) != len)
2335 goto error;
2336
2337 switch (get_unaligned_le32(data)) {
2338 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2339 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2340 data += 8;
2341 len -= 8;
2342 break;
2343 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2344 flags = get_unaligned_le32(data + 8);
2345 ffs->user_flags = flags;
2346 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2347 FUNCTIONFS_HAS_HS_DESC |
2348 FUNCTIONFS_HAS_SS_DESC |
2349 FUNCTIONFS_HAS_MS_OS_DESC |
2350 FUNCTIONFS_VIRTUAL_ADDR |
2351 FUNCTIONFS_EVENTFD |
2352 FUNCTIONFS_ALL_CTRL_RECIP |
2353 FUNCTIONFS_CONFIG0_SETUP)) {
2354 ret = -ENOSYS;
2355 goto error;
2356 }
2357 data += 12;
2358 len -= 12;
2359 break;
2360 default:
2361 goto error;
2362 }
2363
2364 if (flags & FUNCTIONFS_EVENTFD) {
2365 if (len < 4)
2366 goto error;
2367 ffs->ffs_eventfd =
2368 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2369 if (IS_ERR(ffs->ffs_eventfd)) {
2370 ret = PTR_ERR(ffs->ffs_eventfd);
2371 ffs->ffs_eventfd = NULL;
2372 goto error;
2373 }
2374 data += 4;
2375 len -= 4;
2376 }
2377
2378
2379 for (i = 0; i < 3; ++i) {
2380 if (!(flags & (1 << i))) {
2381 counts[i] = 0;
2382 } else if (len < 4) {
2383 goto error;
2384 } else {
2385 counts[i] = get_unaligned_le32(data);
2386 data += 4;
2387 len -= 4;
2388 }
2389 }
2390 if (flags & (1 << i)) {
2391 if (len < 4) {
2392 goto error;
2393 }
2394 os_descs_count = get_unaligned_le32(data);
2395 data += 4;
2396 len -= 4;
2397 };
2398
2399
2400 raw_descs = data;
2401 helper.ffs = ffs;
2402 for (i = 0; i < 3; ++i) {
2403 if (!counts[i])
2404 continue;
2405 helper.interfaces_count = 0;
2406 helper.eps_count = 0;
2407 ret = ffs_do_descs(counts[i], data, len,
2408 __ffs_data_do_entity, &helper);
2409 if (ret < 0)
2410 goto error;
2411 if (!ffs->eps_count && !ffs->interfaces_count) {
2412 ffs->eps_count = helper.eps_count;
2413 ffs->interfaces_count = helper.interfaces_count;
2414 } else {
2415 if (ffs->eps_count != helper.eps_count) {
2416 ret = -EINVAL;
2417 goto error;
2418 }
2419 if (ffs->interfaces_count != helper.interfaces_count) {
2420 ret = -EINVAL;
2421 goto error;
2422 }
2423 }
2424 data += ret;
2425 len -= ret;
2426 }
2427 if (os_descs_count) {
2428 ret = ffs_do_os_descs(os_descs_count, data, len,
2429 __ffs_data_do_os_desc, ffs);
2430 if (ret < 0)
2431 goto error;
2432 data += ret;
2433 len -= ret;
2434 }
2435
2436 if (raw_descs == data || len) {
2437 ret = -EINVAL;
2438 goto error;
2439 }
2440
2441 ffs->raw_descs_data = _data;
2442 ffs->raw_descs = raw_descs;
2443 ffs->raw_descs_length = data - raw_descs;
2444 ffs->fs_descs_count = counts[0];
2445 ffs->hs_descs_count = counts[1];
2446 ffs->ss_descs_count = counts[2];
2447 ffs->ms_os_descs_count = os_descs_count;
2448
2449 return 0;
2450
2451error:
2452 kfree(_data);
2453 return ret;
2454}
2455
2456static int __ffs_data_got_strings(struct ffs_data *ffs,
2457 char *const _data, size_t len)
2458{
2459 u32 str_count, needed_count, lang_count;
2460 struct usb_gadget_strings **stringtabs, *t;
2461 const char *data = _data;
2462 struct usb_string *s;
2463
2464 ENTER();
2465
2466 if (unlikely(len < 16 ||
2467 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2468 get_unaligned_le32(data + 4) != len))
2469 goto error;
2470 str_count = get_unaligned_le32(data + 8);
2471 lang_count = get_unaligned_le32(data + 12);
2472
2473
2474 if (unlikely(!str_count != !lang_count))
2475 goto error;
2476
2477
2478 needed_count = ffs->strings_count;
2479 if (unlikely(str_count < needed_count))
2480 goto error;
2481
2482
2483
2484
2485
2486 if (!needed_count) {
2487 kfree(_data);
2488 return 0;
2489 }
2490
2491
2492 {
2493 unsigned i = 0;
2494 vla_group(d);
2495 vla_item(d, struct usb_gadget_strings *, stringtabs,
2496 lang_count + 1);
2497 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2498 vla_item(d, struct usb_string, strings,
2499 lang_count*(needed_count+1));
2500
2501 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2502
2503 if (unlikely(!vlabuf)) {
2504 kfree(_data);
2505 return -ENOMEM;
2506 }
2507
2508
2509 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2510 t = vla_ptr(vlabuf, d, stringtab);
2511 i = lang_count;
2512 do {
2513 *stringtabs++ = t++;
2514 } while (--i);
2515 *stringtabs = NULL;
2516
2517
2518 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2519 t = vla_ptr(vlabuf, d, stringtab);
2520 s = vla_ptr(vlabuf, d, strings);
2521 }
2522
2523
2524 data += 16;
2525 len -= 16;
2526
2527 do {
2528 unsigned needed = needed_count;
2529
2530 if (unlikely(len < 3))
2531 goto error_free;
2532 t->language = get_unaligned_le16(data);
2533 t->strings = s;
2534 ++t;
2535
2536 data += 2;
2537 len -= 2;
2538
2539
2540 do {
2541 size_t length = strnlen(data, len);
2542
2543 if (unlikely(length == len))
2544 goto error_free;
2545
2546
2547
2548
2549
2550
2551 if (likely(needed)) {
2552
2553
2554
2555
2556
2557 s->s = data;
2558 --needed;
2559 ++s;
2560 }
2561
2562 data += length + 1;
2563 len -= length + 1;
2564 } while (--str_count);
2565
2566 s->id = 0;
2567 s->s = NULL;
2568 ++s;
2569
2570 } while (--lang_count);
2571
2572
2573 if (unlikely(len))
2574 goto error_free;
2575
2576
2577 ffs->stringtabs = stringtabs;
2578 ffs->raw_strings = _data;
2579
2580 return 0;
2581
2582error_free:
2583 kfree(stringtabs);
2584error:
2585 kfree(_data);
2586 return -EINVAL;
2587}
2588
2589
2590
2591
2592static void __ffs_event_add(struct ffs_data *ffs,
2593 enum usb_functionfs_event_type type)
2594{
2595 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2596 int neg = 0;
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606 if (ffs->setup_state == FFS_SETUP_PENDING)
2607 ffs->setup_state = FFS_SETUP_CANCELLED;
2608
2609
2610
2611
2612
2613
2614
2615
2616 switch (type) {
2617 case FUNCTIONFS_RESUME:
2618 rem_type2 = FUNCTIONFS_SUSPEND;
2619
2620 case FUNCTIONFS_SUSPEND:
2621 case FUNCTIONFS_SETUP:
2622 rem_type1 = type;
2623
2624 break;
2625
2626 case FUNCTIONFS_BIND:
2627 case FUNCTIONFS_UNBIND:
2628 case FUNCTIONFS_DISABLE:
2629 case FUNCTIONFS_ENABLE:
2630
2631 rem_type1 = FUNCTIONFS_SUSPEND;
2632 rem_type2 = FUNCTIONFS_RESUME;
2633 neg = 1;
2634 break;
2635
2636 default:
2637 WARN(1, "%d: unknown event, this should not happen\n", type);
2638 return;
2639 }
2640
2641 {
2642 u8 *ev = ffs->ev.types, *out = ev;
2643 unsigned n = ffs->ev.count;
2644 for (; n; --n, ++ev)
2645 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2646 *out++ = *ev;
2647 else
2648 pr_vdebug("purging event %d\n", *ev);
2649 ffs->ev.count = out - ffs->ev.types;
2650 }
2651
2652 pr_vdebug("adding event %d\n", type);
2653 ffs->ev.types[ffs->ev.count++] = type;
2654 wake_up_locked(&ffs->ev.waitq);
2655 if (ffs->ffs_eventfd)
2656 eventfd_signal(ffs->ffs_eventfd, 1);
2657}
2658
2659static void ffs_event_add(struct ffs_data *ffs,
2660 enum usb_functionfs_event_type type)
2661{
2662 unsigned long flags;
2663 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2664 __ffs_event_add(ffs, type);
2665 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2666}
2667
2668
2669
2670static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2671{
2672 int i;
2673
2674 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2675 if (ffs->eps_addrmap[i] == endpoint_address)
2676 return i;
2677 return -ENOENT;
2678}
2679
2680static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2681 struct usb_descriptor_header *desc,
2682 void *priv)
2683{
2684 struct usb_endpoint_descriptor *ds = (void *)desc;
2685 struct ffs_function *func = priv;
2686 struct ffs_ep *ffs_ep;
2687 unsigned ep_desc_id;
2688 int idx;
2689 static const char *speed_names[] = { "full", "high", "super" };
2690
2691 if (type != FFS_DESCRIPTOR)
2692 return 0;
2693
2694
2695
2696
2697
2698
2699
2700 if (func->function.ss_descriptors) {
2701 ep_desc_id = 2;
2702 func->function.ss_descriptors[(long)valuep] = desc;
2703 } else if (func->function.hs_descriptors) {
2704 ep_desc_id = 1;
2705 func->function.hs_descriptors[(long)valuep] = desc;
2706 } else {
2707 ep_desc_id = 0;
2708 func->function.fs_descriptors[(long)valuep] = desc;
2709 }
2710
2711 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2712 return 0;
2713
2714 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2715 if (idx < 0)
2716 return idx;
2717
2718 ffs_ep = func->eps + idx;
2719
2720 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2721 pr_err("two %sspeed descriptors for EP %d\n",
2722 speed_names[ep_desc_id],
2723 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2724 return -EINVAL;
2725 }
2726 ffs_ep->descs[ep_desc_id] = ds;
2727
2728 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2729 if (ffs_ep->ep) {
2730 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2731 if (!ds->wMaxPacketSize)
2732 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2733 } else {
2734 struct usb_request *req;
2735 struct usb_ep *ep;
2736 u8 bEndpointAddress;
2737
2738
2739
2740
2741
2742 bEndpointAddress = ds->bEndpointAddress;
2743 pr_vdebug("autoconfig\n");
2744 ep = usb_ep_autoconfig(func->gadget, ds);
2745 if (unlikely(!ep))
2746 return -ENOTSUPP;
2747 ep->driver_data = func->eps + idx;
2748
2749 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2750 if (unlikely(!req))
2751 return -ENOMEM;
2752
2753 ffs_ep->ep = ep;
2754 ffs_ep->req = req;
2755 func->eps_revmap[ds->bEndpointAddress &
2756 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2757
2758
2759
2760
2761 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2762 ds->bEndpointAddress = bEndpointAddress;
2763 }
2764 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2765
2766 return 0;
2767}
2768
2769static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2770 struct usb_descriptor_header *desc,
2771 void *priv)
2772{
2773 struct ffs_function *func = priv;
2774 unsigned idx;
2775 u8 newValue;
2776
2777 switch (type) {
2778 default:
2779 case FFS_DESCRIPTOR:
2780
2781 return 0;
2782
2783 case FFS_INTERFACE:
2784 idx = *valuep;
2785 if (func->interfaces_nums[idx] < 0) {
2786 int id = usb_interface_id(func->conf, &func->function);
2787 if (unlikely(id < 0))
2788 return id;
2789 func->interfaces_nums[idx] = id;
2790 }
2791 newValue = func->interfaces_nums[idx];
2792 break;
2793
2794 case FFS_STRING:
2795
2796 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2797 break;
2798
2799 case FFS_ENDPOINT:
2800
2801
2802
2803
2804 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2805 return 0;
2806
2807 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2808 if (unlikely(!func->eps[idx].ep))
2809 return -EINVAL;
2810
2811 {
2812 struct usb_endpoint_descriptor **descs;
2813 descs = func->eps[idx].descs;
2814 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2815 }
2816 break;
2817 }
2818
2819 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2820 *valuep = newValue;
2821 return 0;
2822}
2823
2824static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2825 struct usb_os_desc_header *h, void *data,
2826 unsigned len, void *priv)
2827{
2828 struct ffs_function *func = priv;
2829 u8 length = 0;
2830
2831 switch (type) {
2832 case FFS_OS_DESC_EXT_COMPAT: {
2833 struct usb_ext_compat_desc *desc = data;
2834 struct usb_os_desc_table *t;
2835
2836 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2837 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2838 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2839 ARRAY_SIZE(desc->CompatibleID) +
2840 ARRAY_SIZE(desc->SubCompatibleID));
2841 length = sizeof(*desc);
2842 }
2843 break;
2844 case FFS_OS_DESC_EXT_PROP: {
2845 struct usb_ext_prop_desc *desc = data;
2846 struct usb_os_desc_table *t;
2847 struct usb_os_desc_ext_prop *ext_prop;
2848 char *ext_prop_name;
2849 char *ext_prop_data;
2850
2851 t = &func->function.os_desc_table[h->interface];
2852 t->if_id = func->interfaces_nums[h->interface];
2853
2854 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2855 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2856
2857 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2858 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2859 ext_prop->data_len = le32_to_cpu(*(__le32 *)
2860 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2861 length = ext_prop->name_len + ext_prop->data_len + 14;
2862
2863 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2864 func->ffs->ms_os_descs_ext_prop_name_avail +=
2865 ext_prop->name_len;
2866
2867 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2868 func->ffs->ms_os_descs_ext_prop_data_avail +=
2869 ext_prop->data_len;
2870 memcpy(ext_prop_data,
2871 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2872 ext_prop->data_len);
2873
2874 switch (ext_prop->type) {
2875 case USB_EXT_PROP_UNICODE:
2876 case USB_EXT_PROP_UNICODE_ENV:
2877 case USB_EXT_PROP_UNICODE_LINK:
2878 case USB_EXT_PROP_UNICODE_MULTI:
2879 ext_prop->data_len *= 2;
2880 break;
2881 }
2882 ext_prop->data = ext_prop_data;
2883
2884 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
2885 ext_prop->name_len);
2886
2887 ext_prop->name_len *= 2;
2888 ext_prop->name = ext_prop_name;
2889
2890 t->os_desc->ext_prop_len +=
2891 ext_prop->name_len + ext_prop->data_len + 14;
2892 ++t->os_desc->ext_prop_count;
2893 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
2894 }
2895 break;
2896 default:
2897 pr_vdebug("unknown descriptor: %d\n", type);
2898 }
2899
2900 return length;
2901}
2902
2903static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
2904 struct usb_configuration *c)
2905{
2906 struct ffs_function *func = ffs_func_from_usb(f);
2907 struct f_fs_opts *ffs_opts =
2908 container_of(f->fi, struct f_fs_opts, func_inst);
2909 int ret;
2910
2911 ENTER();
2912
2913
2914
2915
2916
2917
2918
2919
2920 if (!ffs_opts->no_configfs)
2921 ffs_dev_lock();
2922 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
2923 func->ffs = ffs_opts->dev->ffs_data;
2924 if (!ffs_opts->no_configfs)
2925 ffs_dev_unlock();
2926 if (ret)
2927 return ERR_PTR(ret);
2928
2929 func->conf = c;
2930 func->gadget = c->cdev->gadget;
2931
2932
2933
2934
2935
2936
2937
2938
2939 if (!ffs_opts->refcnt) {
2940 ret = functionfs_bind(func->ffs, c->cdev);
2941 if (ret)
2942 return ERR_PTR(ret);
2943 }
2944 ffs_opts->refcnt++;
2945 func->function.strings = func->ffs->stringtabs;
2946
2947 return ffs_opts;
2948}
2949
2950static int _ffs_func_bind(struct usb_configuration *c,
2951 struct usb_function *f)
2952{
2953 struct ffs_function *func = ffs_func_from_usb(f);
2954 struct ffs_data *ffs = func->ffs;
2955
2956 const int full = !!func->ffs->fs_descs_count;
2957 const int high = !!func->ffs->hs_descs_count;
2958 const int super = !!func->ffs->ss_descs_count;
2959
2960 int fs_len, hs_len, ss_len, ret, i;
2961 struct ffs_ep *eps_ptr;
2962
2963
2964 vla_group(d);
2965 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
2966 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
2967 full ? ffs->fs_descs_count + 1 : 0);
2968 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
2969 high ? ffs->hs_descs_count + 1 : 0);
2970 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
2971 super ? ffs->ss_descs_count + 1 : 0);
2972 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
2973 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
2974 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2975 vla_item_with_sz(d, char[16], ext_compat,
2976 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2977 vla_item_with_sz(d, struct usb_os_desc, os_desc,
2978 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2979 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
2980 ffs->ms_os_descs_ext_prop_count);
2981 vla_item_with_sz(d, char, ext_prop_name,
2982 ffs->ms_os_descs_ext_prop_name_len);
2983 vla_item_with_sz(d, char, ext_prop_data,
2984 ffs->ms_os_descs_ext_prop_data_len);
2985 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
2986 char *vlabuf;
2987
2988 ENTER();
2989
2990
2991 if (unlikely(!(full | high | super)))
2992 return -ENOTSUPP;
2993
2994
2995 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
2996 if (unlikely(!vlabuf))
2997 return -ENOMEM;
2998
2999 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
3000 ffs->ms_os_descs_ext_prop_name_avail =
3001 vla_ptr(vlabuf, d, ext_prop_name);
3002 ffs->ms_os_descs_ext_prop_data_avail =
3003 vla_ptr(vlabuf, d, ext_prop_data);
3004
3005
3006 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
3007 ffs->raw_descs_length);
3008
3009 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
3010 eps_ptr = vla_ptr(vlabuf, d, eps);
3011 for (i = 0; i < ffs->eps_count; i++)
3012 eps_ptr[i].num = -1;
3013
3014
3015
3016
3017 func->eps = vla_ptr(vlabuf, d, eps);
3018 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
3019
3020
3021
3022
3023
3024
3025 if (likely(full)) {
3026 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3027 fs_len = ffs_do_descs(ffs->fs_descs_count,
3028 vla_ptr(vlabuf, d, raw_descs),
3029 d_raw_descs__sz,
3030 __ffs_func_bind_do_descs, func);
3031 if (unlikely(fs_len < 0)) {
3032 ret = fs_len;
3033 goto error;
3034 }
3035 } else {
3036 fs_len = 0;
3037 }
3038
3039 if (likely(high)) {
3040 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3041 hs_len = ffs_do_descs(ffs->hs_descs_count,
3042 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3043 d_raw_descs__sz - fs_len,
3044 __ffs_func_bind_do_descs, func);
3045 if (unlikely(hs_len < 0)) {
3046 ret = hs_len;
3047 goto error;
3048 }
3049 } else {
3050 hs_len = 0;
3051 }
3052
3053 if (likely(super)) {
3054 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
3055 ss_len = ffs_do_descs(ffs->ss_descs_count,
3056 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3057 d_raw_descs__sz - fs_len - hs_len,
3058 __ffs_func_bind_do_descs, func);
3059 if (unlikely(ss_len < 0)) {
3060 ret = ss_len;
3061 goto error;
3062 }
3063 } else {
3064 ss_len = 0;
3065 }
3066
3067
3068
3069
3070
3071
3072 ret = ffs_do_descs(ffs->fs_descs_count +
3073 (high ? ffs->hs_descs_count : 0) +
3074 (super ? ffs->ss_descs_count : 0),
3075 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3076 __ffs_func_bind_do_nums, func);
3077 if (unlikely(ret < 0))
3078 goto error;
3079
3080 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3081 if (c->cdev->use_os_string) {
3082 for (i = 0; i < ffs->interfaces_count; ++i) {
3083 struct usb_os_desc *desc;
3084
3085 desc = func->function.os_desc_table[i].os_desc =
3086 vla_ptr(vlabuf, d, os_desc) +
3087 i * sizeof(struct usb_os_desc);
3088 desc->ext_compat_id =
3089 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3090 INIT_LIST_HEAD(&desc->ext_prop);
3091 }
3092 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3093 vla_ptr(vlabuf, d, raw_descs) +
3094 fs_len + hs_len + ss_len,
3095 d_raw_descs__sz - fs_len - hs_len -
3096 ss_len,
3097 __ffs_func_bind_do_os_desc, func);
3098 if (unlikely(ret < 0))
3099 goto error;
3100 }
3101 func->function.os_desc_n =
3102 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3103
3104
3105 ffs_event_add(ffs, FUNCTIONFS_BIND);
3106 return 0;
3107
3108error:
3109
3110 return ret;
3111}
3112
3113static int ffs_func_bind(struct usb_configuration *c,
3114 struct usb_function *f)
3115{
3116 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3117 struct ffs_function *func = ffs_func_from_usb(f);
3118 int ret;
3119
3120 if (IS_ERR(ffs_opts))
3121 return PTR_ERR(ffs_opts);
3122
3123 ret = _ffs_func_bind(c, f);
3124 if (ret && !--ffs_opts->refcnt)
3125 functionfs_unbind(func->ffs);
3126
3127 return ret;
3128}
3129
3130
3131
3132
3133static void ffs_reset_work(struct work_struct *work)
3134{
3135 struct ffs_data *ffs = container_of(work,
3136 struct ffs_data, reset_work);
3137 ffs_data_reset(ffs);
3138}
3139
3140static int ffs_func_set_alt(struct usb_function *f,
3141 unsigned interface, unsigned alt)
3142{
3143 struct ffs_function *func = ffs_func_from_usb(f);
3144 struct ffs_data *ffs = func->ffs;
3145 int ret = 0, intf;
3146
3147 if (alt != (unsigned)-1) {
3148 intf = ffs_func_revmap_intf(func, interface);
3149 if (unlikely(intf < 0))
3150 return intf;
3151 }
3152
3153 if (ffs->func)
3154 ffs_func_eps_disable(ffs->func);
3155
3156 if (ffs->state == FFS_DEACTIVATED) {
3157 ffs->state = FFS_CLOSING;
3158 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3159 schedule_work(&ffs->reset_work);
3160 return -ENODEV;
3161 }
3162
3163 if (ffs->state != FFS_ACTIVE)
3164 return -ENODEV;
3165
3166 if (alt == (unsigned)-1) {
3167 ffs->func = NULL;
3168 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3169 return 0;
3170 }
3171
3172 ffs->func = func;
3173 ret = ffs_func_eps_enable(func);
3174 if (likely(ret >= 0))
3175 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3176 return ret;
3177}
3178
3179static void ffs_func_disable(struct usb_function *f)
3180{
3181 ffs_func_set_alt(f, 0, (unsigned)-1);
3182}
3183
3184static int ffs_func_setup(struct usb_function *f,
3185 const struct usb_ctrlrequest *creq)
3186{
3187 struct ffs_function *func = ffs_func_from_usb(f);
3188 struct ffs_data *ffs = func->ffs;
3189 unsigned long flags;
3190 int ret;
3191
3192 ENTER();
3193
3194 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3195 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3196 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3197 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3198 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210 if (ffs->state != FFS_ACTIVE)
3211 return -ENODEV;
3212
3213 switch (creq->bRequestType & USB_RECIP_MASK) {
3214 case USB_RECIP_INTERFACE:
3215 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3216 if (unlikely(ret < 0))
3217 return ret;
3218 break;
3219
3220 case USB_RECIP_ENDPOINT:
3221 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3222 if (unlikely(ret < 0))
3223 return ret;
3224 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3225 ret = func->ffs->eps_addrmap[ret];
3226 break;
3227
3228 default:
3229 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3230 ret = le16_to_cpu(creq->wIndex);
3231 else
3232 return -EOPNOTSUPP;
3233 }
3234
3235 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3236 ffs->ev.setup = *creq;
3237 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3238 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3239 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3240
3241 return 0;
3242}
3243
3244static bool ffs_func_req_match(struct usb_function *f,
3245 const struct usb_ctrlrequest *creq,
3246 bool config0)
3247{
3248 struct ffs_function *func = ffs_func_from_usb(f);
3249
3250 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3251 return false;
3252
3253 switch (creq->bRequestType & USB_RECIP_MASK) {
3254 case USB_RECIP_INTERFACE:
3255 return (ffs_func_revmap_intf(func,
3256 le16_to_cpu(creq->wIndex)) >= 0);
3257 case USB_RECIP_ENDPOINT:
3258 return (ffs_func_revmap_ep(func,
3259 le16_to_cpu(creq->wIndex)) >= 0);
3260 default:
3261 return (bool) (func->ffs->user_flags &
3262 FUNCTIONFS_ALL_CTRL_RECIP);
3263 }
3264}
3265
3266static void ffs_func_suspend(struct usb_function *f)
3267{
3268 ENTER();
3269 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3270}
3271
3272static void ffs_func_resume(struct usb_function *f)
3273{
3274 ENTER();
3275 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3276}
3277
3278
3279
3280
3281static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3282{
3283 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3284 return num ? num : -EDOM;
3285}
3286
3287static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3288{
3289 short *nums = func->interfaces_nums;
3290 unsigned count = func->ffs->interfaces_count;
3291
3292 for (; count; --count, ++nums) {
3293 if (*nums >= 0 && *nums == intf)
3294 return nums - func->interfaces_nums;
3295 }
3296
3297 return -EDOM;
3298}
3299
3300
3301
3302
3303static LIST_HEAD(ffs_devices);
3304
3305static struct ffs_dev *_ffs_do_find_dev(const char *name)
3306{
3307 struct ffs_dev *dev;
3308
3309 if (!name)
3310 return NULL;
3311
3312 list_for_each_entry(dev, &ffs_devices, entry) {
3313 if (strcmp(dev->name, name) == 0)
3314 return dev;
3315 }
3316
3317 return NULL;
3318}
3319
3320
3321
3322
3323static struct ffs_dev *_ffs_get_single_dev(void)
3324{
3325 struct ffs_dev *dev;
3326
3327 if (list_is_singular(&ffs_devices)) {
3328 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3329 if (dev->single)
3330 return dev;
3331 }
3332
3333 return NULL;
3334}
3335
3336
3337
3338
3339static struct ffs_dev *_ffs_find_dev(const char *name)
3340{
3341 struct ffs_dev *dev;
3342
3343 dev = _ffs_get_single_dev();
3344 if (dev)
3345 return dev;
3346
3347 return _ffs_do_find_dev(name);
3348}
3349
3350
3351
3352static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3353{
3354 return container_of(to_config_group(item), struct f_fs_opts,
3355 func_inst.group);
3356}
3357
3358static void ffs_attr_release(struct config_item *item)
3359{
3360 struct f_fs_opts *opts = to_ffs_opts(item);
3361
3362 usb_put_function_instance(&opts->func_inst);
3363}
3364
3365static struct configfs_item_operations ffs_item_ops = {
3366 .release = ffs_attr_release,
3367};
3368
3369static const struct config_item_type ffs_func_type = {
3370 .ct_item_ops = &ffs_item_ops,
3371 .ct_owner = THIS_MODULE,
3372};
3373
3374
3375
3376
3377static void ffs_free_inst(struct usb_function_instance *f)
3378{
3379 struct f_fs_opts *opts;
3380
3381 opts = to_f_fs_opts(f);
3382 ffs_dev_lock();
3383 _ffs_free_dev(opts->dev);
3384 ffs_dev_unlock();
3385 kfree(opts);
3386}
3387
3388static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3389{
3390 if (strlen(name) >= FIELD_SIZEOF(struct ffs_dev, name))
3391 return -ENAMETOOLONG;
3392 return ffs_name_dev(to_f_fs_opts(fi)->dev, name);
3393}
3394
3395static struct usb_function_instance *ffs_alloc_inst(void)
3396{
3397 struct f_fs_opts *opts;
3398 struct ffs_dev *dev;
3399
3400 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3401 if (!opts)
3402 return ERR_PTR(-ENOMEM);
3403
3404 opts->func_inst.set_inst_name = ffs_set_inst_name;
3405 opts->func_inst.free_func_inst = ffs_free_inst;
3406 ffs_dev_lock();
3407 dev = _ffs_alloc_dev();
3408 ffs_dev_unlock();
3409 if (IS_ERR(dev)) {
3410 kfree(opts);
3411 return ERR_CAST(dev);
3412 }
3413 opts->dev = dev;
3414 dev->opts = opts;
3415
3416 config_group_init_type_name(&opts->func_inst.group, "",
3417 &ffs_func_type);
3418 return &opts->func_inst;
3419}
3420
3421static void ffs_free(struct usb_function *f)
3422{
3423 kfree(ffs_func_from_usb(f));
3424}
3425
3426static void ffs_func_unbind(struct usb_configuration *c,
3427 struct usb_function *f)
3428{
3429 struct ffs_function *func = ffs_func_from_usb(f);
3430 struct ffs_data *ffs = func->ffs;
3431 struct f_fs_opts *opts =
3432 container_of(f->fi, struct f_fs_opts, func_inst);
3433 struct ffs_ep *ep = func->eps;
3434 unsigned count = ffs->eps_count;
3435 unsigned long flags;
3436
3437 ENTER();
3438 if (ffs->func == func) {
3439 ffs_func_eps_disable(func);
3440 ffs->func = NULL;
3441 }
3442
3443 if (!--opts->refcnt)
3444 functionfs_unbind(ffs);
3445
3446
3447 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3448 while (count--) {
3449 if (ep->ep && ep->req)
3450 usb_ep_free_request(ep->ep, ep->req);
3451 ep->req = NULL;
3452 ++ep;
3453 }
3454 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3455 kfree(func->eps);
3456 func->eps = NULL;
3457
3458
3459
3460
3461 func->function.fs_descriptors = NULL;
3462 func->function.hs_descriptors = NULL;
3463 func->function.ss_descriptors = NULL;
3464 func->interfaces_nums = NULL;
3465
3466 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3467}
3468
3469static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3470{
3471 struct ffs_function *func;
3472
3473 ENTER();
3474
3475 func = kzalloc(sizeof(*func), GFP_KERNEL);
3476 if (unlikely(!func))
3477 return ERR_PTR(-ENOMEM);
3478
3479 func->function.name = "Function FS Gadget";
3480
3481 func->function.bind = ffs_func_bind;
3482 func->function.unbind = ffs_func_unbind;
3483 func->function.set_alt = ffs_func_set_alt;
3484 func->function.disable = ffs_func_disable;
3485 func->function.setup = ffs_func_setup;
3486 func->function.req_match = ffs_func_req_match;
3487 func->function.suspend = ffs_func_suspend;
3488 func->function.resume = ffs_func_resume;
3489 func->function.free_func = ffs_free;
3490
3491 return &func->function;
3492}
3493
3494
3495
3496
3497static struct ffs_dev *_ffs_alloc_dev(void)
3498{
3499 struct ffs_dev *dev;
3500 int ret;
3501
3502 if (_ffs_get_single_dev())
3503 return ERR_PTR(-EBUSY);
3504
3505 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3506 if (!dev)
3507 return ERR_PTR(-ENOMEM);
3508
3509 if (list_empty(&ffs_devices)) {
3510 ret = functionfs_init();
3511 if (ret) {
3512 kfree(dev);
3513 return ERR_PTR(ret);
3514 }
3515 }
3516
3517 list_add(&dev->entry, &ffs_devices);
3518
3519 return dev;
3520}
3521
3522int ffs_name_dev(struct ffs_dev *dev, const char *name)
3523{
3524 struct ffs_dev *existing;
3525 int ret = 0;
3526
3527 ffs_dev_lock();
3528
3529 existing = _ffs_do_find_dev(name);
3530 if (!existing)
3531 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3532 else if (existing != dev)
3533 ret = -EBUSY;
3534
3535 ffs_dev_unlock();
3536
3537 return ret;
3538}
3539EXPORT_SYMBOL_GPL(ffs_name_dev);
3540
3541int ffs_single_dev(struct ffs_dev *dev)
3542{
3543 int ret;
3544
3545 ret = 0;
3546 ffs_dev_lock();
3547
3548 if (!list_is_singular(&ffs_devices))
3549 ret = -EBUSY;
3550 else
3551 dev->single = true;
3552
3553 ffs_dev_unlock();
3554 return ret;
3555}
3556EXPORT_SYMBOL_GPL(ffs_single_dev);
3557
3558
3559
3560
3561static void _ffs_free_dev(struct ffs_dev *dev)
3562{
3563 list_del(&dev->entry);
3564
3565
3566 if (dev->ffs_data)
3567 dev->ffs_data->private_data = NULL;
3568
3569 kfree(dev);
3570 if (list_empty(&ffs_devices))
3571 functionfs_cleanup();
3572}
3573
3574static void *ffs_acquire_dev(const char *dev_name)
3575{
3576 struct ffs_dev *ffs_dev;
3577
3578 ENTER();
3579 ffs_dev_lock();
3580
3581 ffs_dev = _ffs_find_dev(dev_name);
3582 if (!ffs_dev)
3583 ffs_dev = ERR_PTR(-ENOENT);
3584 else if (ffs_dev->mounted)
3585 ffs_dev = ERR_PTR(-EBUSY);
3586 else if (ffs_dev->ffs_acquire_dev_callback &&
3587 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
3588 ffs_dev = ERR_PTR(-ENOENT);
3589 else
3590 ffs_dev->mounted = true;
3591
3592 ffs_dev_unlock();
3593 return ffs_dev;
3594}
3595
3596static void ffs_release_dev(struct ffs_data *ffs_data)
3597{
3598 struct ffs_dev *ffs_dev;
3599
3600 ENTER();
3601 ffs_dev_lock();
3602
3603 ffs_dev = ffs_data->private_data;
3604 if (ffs_dev) {
3605 ffs_dev->mounted = false;
3606
3607 if (ffs_dev->ffs_release_dev_callback)
3608 ffs_dev->ffs_release_dev_callback(ffs_dev);
3609 }
3610
3611 ffs_dev_unlock();
3612}
3613
3614static int ffs_ready(struct ffs_data *ffs)
3615{
3616 struct ffs_dev *ffs_obj;
3617 int ret = 0;
3618
3619 ENTER();
3620 ffs_dev_lock();
3621
3622 ffs_obj = ffs->private_data;
3623 if (!ffs_obj) {
3624 ret = -EINVAL;
3625 goto done;
3626 }
3627 if (WARN_ON(ffs_obj->desc_ready)) {
3628 ret = -EBUSY;
3629 goto done;
3630 }
3631
3632 ffs_obj->desc_ready = true;
3633 ffs_obj->ffs_data = ffs;
3634
3635 if (ffs_obj->ffs_ready_callback) {
3636 ret = ffs_obj->ffs_ready_callback(ffs);
3637 if (ret)
3638 goto done;
3639 }
3640
3641 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3642done:
3643 ffs_dev_unlock();
3644 return ret;
3645}
3646
3647static void ffs_closed(struct ffs_data *ffs)
3648{
3649 struct ffs_dev *ffs_obj;
3650 struct f_fs_opts *opts;
3651 struct config_item *ci;
3652
3653 ENTER();
3654 ffs_dev_lock();
3655
3656 ffs_obj = ffs->private_data;
3657 if (!ffs_obj)
3658 goto done;
3659
3660 ffs_obj->desc_ready = false;
3661 ffs_obj->ffs_data = NULL;
3662
3663 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3664 ffs_obj->ffs_closed_callback)
3665 ffs_obj->ffs_closed_callback(ffs);
3666
3667 if (ffs_obj->opts)
3668 opts = ffs_obj->opts;
3669 else
3670 goto done;
3671
3672 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3673 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
3674 goto done;
3675
3676 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3677 ffs_dev_unlock();
3678
3679 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3680 unregister_gadget_item(ci);
3681 return;
3682done:
3683 ffs_dev_unlock();
3684}
3685
3686
3687
3688static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3689{
3690 return nonblock
3691 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3692 : mutex_lock_interruptible(mutex);
3693}
3694
3695static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3696{
3697 char *data;
3698
3699 if (unlikely(!len))
3700 return NULL;
3701
3702 data = kmalloc(len, GFP_KERNEL);
3703 if (unlikely(!data))
3704 return ERR_PTR(-ENOMEM);
3705
3706 if (unlikely(copy_from_user(data, buf, len))) {
3707 kfree(data);
3708 return ERR_PTR(-EFAULT);
3709 }
3710
3711 pr_vdebug("Buffer from user space:\n");
3712 ffs_dump_mem("", data, len);
3713
3714 return data;
3715}
3716
3717DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3718MODULE_LICENSE("GPL");
3719MODULE_AUTHOR("Michal Nazarewicz");
3720
