1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/blkdev.h>
18#include <linux/pagemap.h>
19#include <linux/export.h>
20#include <linux/hid.h>
21#include <linux/module.h>
22#include <linux/sched/signal.h>
23#include <linux/uio.h>
24#include <asm/unaligned.h>
25
26#include <linux/usb/composite.h>
27#include <linux/usb/functionfs.h>
28
29#include <linux/aio.h>
30#include <linux/mmu_context.h>
31#include <linux/poll.h>
32#include <linux/eventfd.h>
33
34#include "u_fs.h"
35#include "u_f.h"
36#include "u_os_desc.h"
37#include "configfs.h"
38
39#define FUNCTIONFS_MAGIC 0xa647361
40
41
42static void ffs_data_get(struct ffs_data *ffs);
43static void ffs_data_put(struct ffs_data *ffs);
44
45static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
46 __attribute__((malloc));
47
48
49static void ffs_data_opened(struct ffs_data *ffs);
50static void ffs_data_closed(struct ffs_data *ffs);
51
52
53static int __must_check
54__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
55static int __must_check
56__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
57
58
59
60
61struct ffs_ep;
62
63struct ffs_function {
64 struct usb_configuration *conf;
65 struct usb_gadget *gadget;
66 struct ffs_data *ffs;
67
68 struct ffs_ep *eps;
69 u8 eps_revmap[16];
70 short *interfaces_nums;
71
72 struct usb_function function;
73};
74
75
76static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
77{
78 return container_of(f, struct ffs_function, function);
79}
80
81
82static inline enum ffs_setup_state
83ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
84{
85 return (enum ffs_setup_state)
86 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
87}
88
89
90static void ffs_func_eps_disable(struct ffs_function *func);
91static int __must_check ffs_func_eps_enable(struct ffs_function *func);
92
93static int ffs_func_bind(struct usb_configuration *,
94 struct usb_function *);
95static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
96static void ffs_func_disable(struct usb_function *);
97static int ffs_func_setup(struct usb_function *,
98 const struct usb_ctrlrequest *);
99static bool ffs_func_req_match(struct usb_function *,
100 const struct usb_ctrlrequest *,
101 bool config0);
102static void ffs_func_suspend(struct usb_function *);
103static void ffs_func_resume(struct usb_function *);
104
105
106static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
107static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
108
109
110
111
112struct ffs_ep {
113 struct usb_ep *ep;
114 struct usb_request *req;
115
116
117 struct usb_endpoint_descriptor *descs[3];
118
119 u8 num;
120
121 int status;
122};
123
124struct ffs_epfile {
125
126 struct mutex mutex;
127
128 struct ffs_data *ffs;
129 struct ffs_ep *ep;
130
131 struct dentry *dentry;
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188 struct ffs_buffer *read_buffer;
189#define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
190
191 char name[5];
192
193 unsigned char in;
194 unsigned char isoc;
195
196 unsigned char _pad;
197};
198
199struct ffs_buffer {
200 size_t length;
201 char *data;
202 char storage[];
203};
204
205
206
207struct ffs_io_data {
208 bool aio;
209 bool read;
210
211 struct kiocb *kiocb;
212 struct iov_iter data;
213 const void *to_free;
214 char *buf;
215
216 struct mm_struct *mm;
217 struct work_struct work;
218
219 struct usb_ep *ep;
220 struct usb_request *req;
221
222 struct ffs_data *ffs;
223};
224
225struct ffs_desc_helper {
226 struct ffs_data *ffs;
227 unsigned interfaces_count;
228 unsigned eps_count;
229};
230
231static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
232static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
233
234static struct dentry *
235ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
236 const struct file_operations *fops);
237
238
239
240DEFINE_MUTEX(ffs_lock);
241EXPORT_SYMBOL_GPL(ffs_lock);
242
243static struct ffs_dev *_ffs_find_dev(const char *name);
244static struct ffs_dev *_ffs_alloc_dev(void);
245static void _ffs_free_dev(struct ffs_dev *dev);
246static void *ffs_acquire_dev(const char *dev_name);
247static void ffs_release_dev(struct ffs_data *ffs_data);
248static int ffs_ready(struct ffs_data *ffs);
249static void ffs_closed(struct ffs_data *ffs);
250
251
252
253static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
254 __attribute__((warn_unused_result, nonnull));
255static char *ffs_prepare_buffer(const char __user *buf, size_t len)
256 __attribute__((warn_unused_result, nonnull));
257
258
259
260
261static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
262{
263 struct ffs_data *ffs = req->context;
264
265 complete(&ffs->ep0req_completion);
266}
267
268static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
269 __releases(&ffs->ev.waitq.lock)
270{
271 struct usb_request *req = ffs->ep0req;
272 int ret;
273
274 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
275
276 spin_unlock_irq(&ffs->ev.waitq.lock);
277
278 req->buf = data;
279 req->length = len;
280
281
282
283
284
285
286 if (req->buf == NULL)
287 req->buf = (void *)0xDEADBABE;
288
289 reinit_completion(&ffs->ep0req_completion);
290
291 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
292 if (unlikely(ret < 0))
293 return ret;
294
295 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
296 if (unlikely(ret)) {
297 usb_ep_dequeue(ffs->gadget->ep0, req);
298 return -EINTR;
299 }
300
301 ffs->setup_state = FFS_NO_SETUP;
302 return req->status ? req->status : req->actual;
303}
304
305static int __ffs_ep0_stall(struct ffs_data *ffs)
306{
307 if (ffs->ev.can_stall) {
308 pr_vdebug("ep0 stall\n");
309 usb_ep_set_halt(ffs->gadget->ep0);
310 ffs->setup_state = FFS_NO_SETUP;
311 return -EL2HLT;
312 } else {
313 pr_debug("bogus ep0 stall!\n");
314 return -ESRCH;
315 }
316}
317
318static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
319 size_t len, loff_t *ptr)
320{
321 struct ffs_data *ffs = file->private_data;
322 ssize_t ret;
323 char *data;
324
325 ENTER();
326
327
328 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
329 return -EIDRM;
330
331
332 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
333 if (unlikely(ret < 0))
334 return ret;
335
336
337 switch (ffs->state) {
338 case FFS_READ_DESCRIPTORS:
339 case FFS_READ_STRINGS:
340
341 if (unlikely(len < 16)) {
342 ret = -EINVAL;
343 break;
344 }
345
346 data = ffs_prepare_buffer(buf, len);
347 if (IS_ERR(data)) {
348 ret = PTR_ERR(data);
349 break;
350 }
351
352
353 if (ffs->state == FFS_READ_DESCRIPTORS) {
354 pr_info("read descriptors\n");
355 ret = __ffs_data_got_descs(ffs, data, len);
356 if (unlikely(ret < 0))
357 break;
358
359 ffs->state = FFS_READ_STRINGS;
360 ret = len;
361 } else {
362 pr_info("read strings\n");
363 ret = __ffs_data_got_strings(ffs, data, len);
364 if (unlikely(ret < 0))
365 break;
366
367 ret = ffs_epfiles_create(ffs);
368 if (unlikely(ret)) {
369 ffs->state = FFS_CLOSING;
370 break;
371 }
372
373 ffs->state = FFS_ACTIVE;
374 mutex_unlock(&ffs->mutex);
375
376 ret = ffs_ready(ffs);
377 if (unlikely(ret < 0)) {
378 ffs->state = FFS_CLOSING;
379 return ret;
380 }
381
382 return len;
383 }
384 break;
385
386 case FFS_ACTIVE:
387 data = NULL;
388
389
390
391
392 spin_lock_irq(&ffs->ev.waitq.lock);
393 switch (ffs_setup_state_clear_cancelled(ffs)) {
394 case FFS_SETUP_CANCELLED:
395 ret = -EIDRM;
396 goto done_spin;
397
398 case FFS_NO_SETUP:
399 ret = -ESRCH;
400 goto done_spin;
401
402 case FFS_SETUP_PENDING:
403 break;
404 }
405
406
407 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
408 spin_unlock_irq(&ffs->ev.waitq.lock);
409 ret = __ffs_ep0_stall(ffs);
410 break;
411 }
412
413
414 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
415
416 spin_unlock_irq(&ffs->ev.waitq.lock);
417
418 data = ffs_prepare_buffer(buf, len);
419 if (IS_ERR(data)) {
420 ret = PTR_ERR(data);
421 break;
422 }
423
424 spin_lock_irq(&ffs->ev.waitq.lock);
425
426
427
428
429
430
431
432
433
434
435
436
437
438 if (ffs_setup_state_clear_cancelled(ffs) ==
439 FFS_SETUP_CANCELLED) {
440 ret = -EIDRM;
441done_spin:
442 spin_unlock_irq(&ffs->ev.waitq.lock);
443 } else {
444
445 ret = __ffs_ep0_queue_wait(ffs, data, len);
446 }
447 kfree(data);
448 break;
449
450 default:
451 ret = -EBADFD;
452 break;
453 }
454
455 mutex_unlock(&ffs->mutex);
456 return ret;
457}
458
459
460static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
461 size_t n)
462 __releases(&ffs->ev.waitq.lock)
463{
464
465
466
467
468
469 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
470 const size_t size = n * sizeof *events;
471 unsigned i = 0;
472
473 memset(events, 0, size);
474
475 do {
476 events[i].type = ffs->ev.types[i];
477 if (events[i].type == FUNCTIONFS_SETUP) {
478 events[i].u.setup = ffs->ev.setup;
479 ffs->setup_state = FFS_SETUP_PENDING;
480 }
481 } while (++i < n);
482
483 ffs->ev.count -= n;
484 if (ffs->ev.count)
485 memmove(ffs->ev.types, ffs->ev.types + n,
486 ffs->ev.count * sizeof *ffs->ev.types);
487
488 spin_unlock_irq(&ffs->ev.waitq.lock);
489 mutex_unlock(&ffs->mutex);
490
491 return unlikely(copy_to_user(buf, events, size)) ? -EFAULT : size;
492}
493
494static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
495 size_t len, loff_t *ptr)
496{
497 struct ffs_data *ffs = file->private_data;
498 char *data = NULL;
499 size_t n;
500 int ret;
501
502 ENTER();
503
504
505 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
506 return -EIDRM;
507
508
509 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
510 if (unlikely(ret < 0))
511 return ret;
512
513
514 if (ffs->state != FFS_ACTIVE) {
515 ret = -EBADFD;
516 goto done_mutex;
517 }
518
519
520
521
522
523 spin_lock_irq(&ffs->ev.waitq.lock);
524
525 switch (ffs_setup_state_clear_cancelled(ffs)) {
526 case FFS_SETUP_CANCELLED:
527 ret = -EIDRM;
528 break;
529
530 case FFS_NO_SETUP:
531 n = len / sizeof(struct usb_functionfs_event);
532 if (unlikely(!n)) {
533 ret = -EINVAL;
534 break;
535 }
536
537 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
538 ret = -EAGAIN;
539 break;
540 }
541
542 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
543 ffs->ev.count)) {
544 ret = -EINTR;
545 break;
546 }
547
548
549 return __ffs_ep0_read_events(ffs, buf,
550 min(n, (size_t)ffs->ev.count));
551
552 case FFS_SETUP_PENDING:
553 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
554 spin_unlock_irq(&ffs->ev.waitq.lock);
555 ret = __ffs_ep0_stall(ffs);
556 goto done_mutex;
557 }
558
559 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
560
561 spin_unlock_irq(&ffs->ev.waitq.lock);
562
563 if (likely(len)) {
564 data = kmalloc(len, GFP_KERNEL);
565 if (unlikely(!data)) {
566 ret = -ENOMEM;
567 goto done_mutex;
568 }
569 }
570
571 spin_lock_irq(&ffs->ev.waitq.lock);
572
573
574 if (ffs_setup_state_clear_cancelled(ffs) ==
575 FFS_SETUP_CANCELLED) {
576 ret = -EIDRM;
577 break;
578 }
579
580
581 ret = __ffs_ep0_queue_wait(ffs, data, len);
582 if (likely(ret > 0) && unlikely(copy_to_user(buf, data, len)))
583 ret = -EFAULT;
584 goto done_mutex;
585
586 default:
587 ret = -EBADFD;
588 break;
589 }
590
591 spin_unlock_irq(&ffs->ev.waitq.lock);
592done_mutex:
593 mutex_unlock(&ffs->mutex);
594 kfree(data);
595 return ret;
596}
597
598static int ffs_ep0_open(struct inode *inode, struct file *file)
599{
600 struct ffs_data *ffs = inode->i_private;
601
602 ENTER();
603
604 if (unlikely(ffs->state == FFS_CLOSING))
605 return -EBUSY;
606
607 file->private_data = ffs;
608 ffs_data_opened(ffs);
609
610 return 0;
611}
612
613static int ffs_ep0_release(struct inode *inode, struct file *file)
614{
615 struct ffs_data *ffs = file->private_data;
616
617 ENTER();
618
619 ffs_data_closed(ffs);
620
621 return 0;
622}
623
624static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
625{
626 struct ffs_data *ffs = file->private_data;
627 struct usb_gadget *gadget = ffs->gadget;
628 long ret;
629
630 ENTER();
631
632 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
633 struct ffs_function *func = ffs->func;
634 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
635 } else if (gadget && gadget->ops->ioctl) {
636 ret = gadget->ops->ioctl(gadget, code, value);
637 } else {
638 ret = -ENOTTY;
639 }
640
641 return ret;
642}
643
644static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
645{
646 struct ffs_data *ffs = file->private_data;
647 __poll_t mask = EPOLLWRNORM;
648 int ret;
649
650 poll_wait(file, &ffs->ev.waitq, wait);
651
652 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
653 if (unlikely(ret < 0))
654 return mask;
655
656 switch (ffs->state) {
657 case FFS_READ_DESCRIPTORS:
658 case FFS_READ_STRINGS:
659 mask |= EPOLLOUT;
660 break;
661
662 case FFS_ACTIVE:
663 switch (ffs->setup_state) {
664 case FFS_NO_SETUP:
665 if (ffs->ev.count)
666 mask |= EPOLLIN;
667 break;
668
669 case FFS_SETUP_PENDING:
670 case FFS_SETUP_CANCELLED:
671 mask |= (EPOLLIN | EPOLLOUT);
672 break;
673 }
674 case FFS_CLOSING:
675 break;
676 case FFS_DEACTIVATED:
677 break;
678 }
679
680 mutex_unlock(&ffs->mutex);
681
682 return mask;
683}
684
685static const struct file_operations ffs_ep0_operations = {
686 .llseek = no_llseek,
687
688 .open = ffs_ep0_open,
689 .write = ffs_ep0_write,
690 .read = ffs_ep0_read,
691 .release = ffs_ep0_release,
692 .unlocked_ioctl = ffs_ep0_ioctl,
693 .poll = ffs_ep0_poll,
694};
695
696
697
698
699static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
700{
701 ENTER();
702 if (likely(req->context)) {
703 struct ffs_ep *ep = _ep->driver_data;
704 ep->status = req->status ? req->status : req->actual;
705 complete(req->context);
706 }
707}
708
709static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
710{
711 ssize_t ret = copy_to_iter(data, data_len, iter);
712 if (likely(ret == data_len))
713 return ret;
714
715 if (unlikely(iov_iter_count(iter)))
716 return -EFAULT;
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
746 "Align read buffer size to max packet size to avoid the problem.\n",
747 data_len, ret);
748
749 return ret;
750}
751
752static void ffs_user_copy_worker(struct work_struct *work)
753{
754 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
755 work);
756 int ret = io_data->req->status ? io_data->req->status :
757 io_data->req->actual;
758 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
759
760 if (io_data->read && ret > 0) {
761 mm_segment_t oldfs = get_fs();
762
763 set_fs(USER_DS);
764 use_mm(io_data->mm);
765 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
766 unuse_mm(io_data->mm);
767 set_fs(oldfs);
768 }
769
770 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
771
772 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
773 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
774
775 usb_ep_free_request(io_data->ep, io_data->req);
776
777 if (io_data->read)
778 kfree(io_data->to_free);
779 kfree(io_data->buf);
780 kfree(io_data);
781}
782
783static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
784 struct usb_request *req)
785{
786 struct ffs_io_data *io_data = req->context;
787 struct ffs_data *ffs = io_data->ffs;
788
789 ENTER();
790
791 INIT_WORK(&io_data->work, ffs_user_copy_worker);
792 queue_work(ffs->io_completion_wq, &io_data->work);
793}
794
795static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
796{
797
798
799
800
801 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
802 if (buf && buf != READ_BUFFER_DROP)
803 kfree(buf);
804}
805
806
807static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
808 struct iov_iter *iter)
809{
810
811
812
813
814
815 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
816 ssize_t ret;
817 if (!buf || buf == READ_BUFFER_DROP)
818 return 0;
819
820 ret = copy_to_iter(buf->data, buf->length, iter);
821 if (buf->length == ret) {
822 kfree(buf);
823 return ret;
824 }
825
826 if (unlikely(iov_iter_count(iter))) {
827 ret = -EFAULT;
828 } else {
829 buf->length -= ret;
830 buf->data += ret;
831 }
832
833 if (cmpxchg(&epfile->read_buffer, NULL, buf))
834 kfree(buf);
835
836 return ret;
837}
838
839
840static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
841 void *data, int data_len,
842 struct iov_iter *iter)
843{
844 struct ffs_buffer *buf;
845
846 ssize_t ret = copy_to_iter(data, data_len, iter);
847 if (likely(data_len == ret))
848 return ret;
849
850 if (unlikely(iov_iter_count(iter)))
851 return -EFAULT;
852
853
854 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
855 data_len, ret);
856
857 data_len -= ret;
858 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
859 if (!buf)
860 return -ENOMEM;
861 buf->length = data_len;
862 buf->data = buf->storage;
863 memcpy(buf->storage, data + ret, data_len);
864
865
866
867
868
869
870
871 if (unlikely(cmpxchg(&epfile->read_buffer, NULL, buf)))
872 kfree(buf);
873
874 return ret;
875}
876
877static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
878{
879 struct ffs_epfile *epfile = file->private_data;
880 struct usb_request *req;
881 struct ffs_ep *ep;
882 char *data = NULL;
883 ssize_t ret, data_len = -EINVAL;
884 int halt;
885
886
887 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
888 return -ENODEV;
889
890
891 ep = epfile->ep;
892 if (!ep) {
893 if (file->f_flags & O_NONBLOCK)
894 return -EAGAIN;
895
896 ret = wait_event_interruptible(
897 epfile->ffs->wait, (ep = epfile->ep));
898 if (ret)
899 return -EINTR;
900 }
901
902
903 halt = (!io_data->read == !epfile->in);
904 if (halt && epfile->isoc)
905 return -EINVAL;
906
907
908 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
909 if (unlikely(ret))
910 goto error;
911
912
913 if (!halt) {
914 struct usb_gadget *gadget;
915
916
917
918
919
920
921
922
923 if (!io_data->aio && io_data->read) {
924 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
925 if (ret)
926 goto error_mutex;
927 }
928
929
930
931
932
933
934 gadget = epfile->ffs->gadget;
935
936 spin_lock_irq(&epfile->ffs->eps_lock);
937
938 if (epfile->ep != ep) {
939 ret = -ESHUTDOWN;
940 goto error_lock;
941 }
942 data_len = iov_iter_count(&io_data->data);
943
944
945
946
947 if (io_data->read)
948 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
949 spin_unlock_irq(&epfile->ffs->eps_lock);
950
951 data = kmalloc(data_len, GFP_KERNEL);
952 if (unlikely(!data)) {
953 ret = -ENOMEM;
954 goto error_mutex;
955 }
956 if (!io_data->read &&
957 !copy_from_iter_full(data, data_len, &io_data->data)) {
958 ret = -EFAULT;
959 goto error_mutex;
960 }
961 }
962
963 spin_lock_irq(&epfile->ffs->eps_lock);
964
965 if (epfile->ep != ep) {
966
967 ret = -ESHUTDOWN;
968 } else if (halt) {
969 ret = usb_ep_set_halt(ep->ep);
970 if (!ret)
971 ret = -EBADMSG;
972 } else if (unlikely(data_len == -EINVAL)) {
973
974
975
976
977
978
979
980
981
982
983
984 WARN(1, "%s: data_len == -EINVAL\n", __func__);
985 ret = -EINVAL;
986 } else if (!io_data->aio) {
987 DECLARE_COMPLETION_ONSTACK(done);
988 bool interrupted = false;
989
990 req = ep->req;
991 req->buf = data;
992 req->length = data_len;
993
994 req->context = &done;
995 req->complete = ffs_epfile_io_complete;
996
997 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
998 if (unlikely(ret < 0))
999 goto error_lock;
1000
1001 spin_unlock_irq(&epfile->ffs->eps_lock);
1002
1003 if (unlikely(wait_for_completion_interruptible(&done))) {
1004
1005
1006
1007
1008
1009
1010 usb_ep_dequeue(ep->ep, req);
1011 interrupted = ep->status < 0;
1012 }
1013
1014 if (interrupted)
1015 ret = -EINTR;
1016 else if (io_data->read && ep->status > 0)
1017 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1018 &io_data->data);
1019 else
1020 ret = ep->status;
1021 goto error_mutex;
1022 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
1023 ret = -ENOMEM;
1024 } else {
1025 req->buf = data;
1026 req->length = data_len;
1027
1028 io_data->buf = data;
1029 io_data->ep = ep->ep;
1030 io_data->req = req;
1031 io_data->ffs = epfile->ffs;
1032
1033 req->context = io_data;
1034 req->complete = ffs_epfile_async_io_complete;
1035
1036 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1037 if (unlikely(ret)) {
1038 usb_ep_free_request(ep->ep, req);
1039 goto error_lock;
1040 }
1041
1042 ret = -EIOCBQUEUED;
1043
1044
1045
1046
1047 data = NULL;
1048 }
1049
1050error_lock:
1051 spin_unlock_irq(&epfile->ffs->eps_lock);
1052error_mutex:
1053 mutex_unlock(&epfile->mutex);
1054error:
1055 kfree(data);
1056 return ret;
1057}
1058
1059static int
1060ffs_epfile_open(struct inode *inode, struct file *file)
1061{
1062 struct ffs_epfile *epfile = inode->i_private;
1063
1064 ENTER();
1065
1066 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1067 return -ENODEV;
1068
1069 file->private_data = epfile;
1070 ffs_data_opened(epfile->ffs);
1071
1072 return 0;
1073}
1074
1075static int ffs_aio_cancel(struct kiocb *kiocb)
1076{
1077 struct ffs_io_data *io_data = kiocb->private;
1078 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1079 int value;
1080
1081 ENTER();
1082
1083 spin_lock_irq(&epfile->ffs->eps_lock);
1084
1085 if (likely(io_data && io_data->ep && io_data->req))
1086 value = usb_ep_dequeue(io_data->ep, io_data->req);
1087 else
1088 value = -EINVAL;
1089
1090 spin_unlock_irq(&epfile->ffs->eps_lock);
1091
1092 return value;
1093}
1094
1095static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
1096{
1097 struct ffs_io_data io_data, *p = &io_data;
1098 ssize_t res;
1099
1100 ENTER();
1101
1102 if (!is_sync_kiocb(kiocb)) {
1103 p = kmalloc(sizeof(io_data), GFP_KERNEL);
1104 if (unlikely(!p))
1105 return -ENOMEM;
1106 p->aio = true;
1107 } else {
1108 p->aio = false;
1109 }
1110
1111 p->read = false;
1112 p->kiocb = kiocb;
1113 p->data = *from;
1114 p->mm = current->mm;
1115
1116 kiocb->private = p;
1117
1118 if (p->aio)
1119 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1120
1121 res = ffs_epfile_io(kiocb->ki_filp, p);
1122 if (res == -EIOCBQUEUED)
1123 return res;
1124 if (p->aio)
1125 kfree(p);
1126 else
1127 *from = p->data;
1128 return res;
1129}
1130
1131static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
1132{
1133 struct ffs_io_data io_data, *p = &io_data;
1134 ssize_t res;
1135
1136 ENTER();
1137
1138 if (!is_sync_kiocb(kiocb)) {
1139 p = kmalloc(sizeof(io_data), GFP_KERNEL);
1140 if (unlikely(!p))
1141 return -ENOMEM;
1142 p->aio = true;
1143 } else {
1144 p->aio = false;
1145 }
1146
1147 p->read = true;
1148 p->kiocb = kiocb;
1149 if (p->aio) {
1150 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1151 if (!p->to_free) {
1152 kfree(p);
1153 return -ENOMEM;
1154 }
1155 } else {
1156 p->data = *to;
1157 p->to_free = NULL;
1158 }
1159 p->mm = current->mm;
1160
1161 kiocb->private = p;
1162
1163 if (p->aio)
1164 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1165
1166 res = ffs_epfile_io(kiocb->ki_filp, p);
1167 if (res == -EIOCBQUEUED)
1168 return res;
1169
1170 if (p->aio) {
1171 kfree(p->to_free);
1172 kfree(p);
1173 } else {
1174 *to = p->data;
1175 }
1176 return res;
1177}
1178
1179static int
1180ffs_epfile_release(struct inode *inode, struct file *file)
1181{
1182 struct ffs_epfile *epfile = inode->i_private;
1183
1184 ENTER();
1185
1186 __ffs_epfile_read_buffer_free(epfile);
1187 ffs_data_closed(epfile->ffs);
1188
1189 return 0;
1190}
1191
1192static long ffs_epfile_ioctl(struct file *file, unsigned code,
1193 unsigned long value)
1194{
1195 struct ffs_epfile *epfile = file->private_data;
1196 struct ffs_ep *ep;
1197 int ret;
1198
1199 ENTER();
1200
1201 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1202 return -ENODEV;
1203
1204
1205 ep = epfile->ep;
1206 if (!ep) {
1207 if (file->f_flags & O_NONBLOCK)
1208 return -EAGAIN;
1209
1210 ret = wait_event_interruptible(
1211 epfile->ffs->wait, (ep = epfile->ep));
1212 if (ret)
1213 return -EINTR;
1214 }
1215
1216 spin_lock_irq(&epfile->ffs->eps_lock);
1217
1218
1219 if (epfile->ep != ep) {
1220 spin_unlock_irq(&epfile->ffs->eps_lock);
1221 return -ESHUTDOWN;
1222 }
1223
1224 switch (code) {
1225 case FUNCTIONFS_FIFO_STATUS:
1226 ret = usb_ep_fifo_status(epfile->ep->ep);
1227 break;
1228 case FUNCTIONFS_FIFO_FLUSH:
1229 usb_ep_fifo_flush(epfile->ep->ep);
1230 ret = 0;
1231 break;
1232 case FUNCTIONFS_CLEAR_HALT:
1233 ret = usb_ep_clear_halt(epfile->ep->ep);
1234 break;
1235 case FUNCTIONFS_ENDPOINT_REVMAP:
1236 ret = epfile->ep->num;
1237 break;
1238 case FUNCTIONFS_ENDPOINT_DESC:
1239 {
1240 int desc_idx;
1241 struct usb_endpoint_descriptor *desc;
1242
1243 switch (epfile->ffs->gadget->speed) {
1244 case USB_SPEED_SUPER:
1245 desc_idx = 2;
1246 break;
1247 case USB_SPEED_HIGH:
1248 desc_idx = 1;
1249 break;
1250 default:
1251 desc_idx = 0;
1252 }
1253 desc = epfile->ep->descs[desc_idx];
1254
1255 spin_unlock_irq(&epfile->ffs->eps_lock);
1256 ret = copy_to_user((void __user *)value, desc, desc->bLength);
1257 if (ret)
1258 ret = -EFAULT;
1259 return ret;
1260 }
1261 default:
1262 ret = -ENOTTY;
1263 }
1264 spin_unlock_irq(&epfile->ffs->eps_lock);
1265
1266 return ret;
1267}
1268
1269static const struct file_operations ffs_epfile_operations = {
1270 .llseek = no_llseek,
1271
1272 .open = ffs_epfile_open,
1273 .write_iter = ffs_epfile_write_iter,
1274 .read_iter = ffs_epfile_read_iter,
1275 .release = ffs_epfile_release,
1276 .unlocked_ioctl = ffs_epfile_ioctl,
1277};
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287static struct inode *__must_check
1288ffs_sb_make_inode(struct super_block *sb, void *data,
1289 const struct file_operations *fops,
1290 const struct inode_operations *iops,
1291 struct ffs_file_perms *perms)
1292{
1293 struct inode *inode;
1294
1295 ENTER();
1296
1297 inode = new_inode(sb);
1298
1299 if (likely(inode)) {
1300 struct timespec ts = current_time(inode);
1301
1302 inode->i_ino = get_next_ino();
1303 inode->i_mode = perms->mode;
1304 inode->i_uid = perms->uid;
1305 inode->i_gid = perms->gid;
1306 inode->i_atime = ts;
1307 inode->i_mtime = ts;
1308 inode->i_ctime = ts;
1309 inode->i_private = data;
1310 if (fops)
1311 inode->i_fop = fops;
1312 if (iops)
1313 inode->i_op = iops;
1314 }
1315
1316 return inode;
1317}
1318
1319
1320static struct dentry *ffs_sb_create_file(struct super_block *sb,
1321 const char *name, void *data,
1322 const struct file_operations *fops)
1323{
1324 struct ffs_data *ffs = sb->s_fs_info;
1325 struct dentry *dentry;
1326 struct inode *inode;
1327
1328 ENTER();
1329
1330 dentry = d_alloc_name(sb->s_root, name);
1331 if (unlikely(!dentry))
1332 return NULL;
1333
1334 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1335 if (unlikely(!inode)) {
1336 dput(dentry);
1337 return NULL;
1338 }
1339
1340 d_add(dentry, inode);
1341 return dentry;
1342}
1343
1344
1345static const struct super_operations ffs_sb_operations = {
1346 .statfs = simple_statfs,
1347 .drop_inode = generic_delete_inode,
1348};
1349
1350struct ffs_sb_fill_data {
1351 struct ffs_file_perms perms;
1352 umode_t root_mode;
1353 const char *dev_name;
1354 bool no_disconnect;
1355 struct ffs_data *ffs_data;
1356};
1357
1358static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
1359{
1360 struct ffs_sb_fill_data *data = _data;
1361 struct inode *inode;
1362 struct ffs_data *ffs = data->ffs_data;
1363
1364 ENTER();
1365
1366 ffs->sb = sb;
1367 data->ffs_data = NULL;
1368 sb->s_fs_info = ffs;
1369 sb->s_blocksize = PAGE_SIZE;
1370 sb->s_blocksize_bits = PAGE_SHIFT;
1371 sb->s_magic = FUNCTIONFS_MAGIC;
1372 sb->s_op = &ffs_sb_operations;
1373 sb->s_time_gran = 1;
1374
1375
1376 data->perms.mode = data->root_mode;
1377 inode = ffs_sb_make_inode(sb, NULL,
1378 &simple_dir_operations,
1379 &simple_dir_inode_operations,
1380 &data->perms);
1381 sb->s_root = d_make_root(inode);
1382 if (unlikely(!sb->s_root))
1383 return -ENOMEM;
1384
1385
1386 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1387 &ffs_ep0_operations)))
1388 return -ENOMEM;
1389
1390 return 0;
1391}
1392
1393static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
1394{
1395 ENTER();
1396
1397 if (!opts || !*opts)
1398 return 0;
1399
1400 for (;;) {
1401 unsigned long value;
1402 char *eq, *comma;
1403
1404
1405 comma = strchr(opts, ',');
1406 if (comma)
1407 *comma = 0;
1408
1409
1410 eq = strchr(opts, '=');
1411 if (unlikely(!eq)) {
1412 pr_err("'=' missing in %s\n", opts);
1413 return -EINVAL;
1414 }
1415 *eq = 0;
1416
1417
1418 if (kstrtoul(eq + 1, 0, &value)) {
1419 pr_err("%s: invalid value: %s\n", opts, eq + 1);
1420 return -EINVAL;
1421 }
1422
1423
1424 switch (eq - opts) {
1425 case 13:
1426 if (!memcmp(opts, "no_disconnect", 13))
1427 data->no_disconnect = !!value;
1428 else
1429 goto invalid;
1430 break;
1431 case 5:
1432 if (!memcmp(opts, "rmode", 5))
1433 data->root_mode = (value & 0555) | S_IFDIR;
1434 else if (!memcmp(opts, "fmode", 5))
1435 data->perms.mode = (value & 0666) | S_IFREG;
1436 else
1437 goto invalid;
1438 break;
1439
1440 case 4:
1441 if (!memcmp(opts, "mode", 4)) {
1442 data->root_mode = (value & 0555) | S_IFDIR;
1443 data->perms.mode = (value & 0666) | S_IFREG;
1444 } else {
1445 goto invalid;
1446 }
1447 break;
1448
1449 case 3:
1450 if (!memcmp(opts, "uid", 3)) {
1451 data->perms.uid = make_kuid(current_user_ns(), value);
1452 if (!uid_valid(data->perms.uid)) {
1453 pr_err("%s: unmapped value: %lu\n", opts, value);
1454 return -EINVAL;
1455 }
1456 } else if (!memcmp(opts, "gid", 3)) {
1457 data->perms.gid = make_kgid(current_user_ns(), value);
1458 if (!gid_valid(data->perms.gid)) {
1459 pr_err("%s: unmapped value: %lu\n", opts, value);
1460 return -EINVAL;
1461 }
1462 } else {
1463 goto invalid;
1464 }
1465 break;
1466
1467 default:
1468invalid:
1469 pr_err("%s: invalid option\n", opts);
1470 return -EINVAL;
1471 }
1472
1473
1474 if (!comma)
1475 break;
1476 opts = comma + 1;
1477 }
1478
1479 return 0;
1480}
1481
1482
1483
1484static struct dentry *
1485ffs_fs_mount(struct file_system_type *t, int flags,
1486 const char *dev_name, void *opts)
1487{
1488 struct ffs_sb_fill_data data = {
1489 .perms = {
1490 .mode = S_IFREG | 0600,
1491 .uid = GLOBAL_ROOT_UID,
1492 .gid = GLOBAL_ROOT_GID,
1493 },
1494 .root_mode = S_IFDIR | 0500,
1495 .no_disconnect = false,
1496 };
1497 struct dentry *rv;
1498 int ret;
1499 void *ffs_dev;
1500 struct ffs_data *ffs;
1501
1502 ENTER();
1503
1504 ret = ffs_fs_parse_opts(&data, opts);
1505 if (unlikely(ret < 0))
1506 return ERR_PTR(ret);
1507
1508 ffs = ffs_data_new(dev_name);
1509 if (unlikely(!ffs))
1510 return ERR_PTR(-ENOMEM);
1511 ffs->file_perms = data.perms;
1512 ffs->no_disconnect = data.no_disconnect;
1513
1514 ffs->dev_name = kstrdup(dev_name, GFP_KERNEL);
1515 if (unlikely(!ffs->dev_name)) {
1516 ffs_data_put(ffs);
1517 return ERR_PTR(-ENOMEM);
1518 }
1519
1520 ffs_dev = ffs_acquire_dev(dev_name);
1521 if (IS_ERR(ffs_dev)) {
1522 ffs_data_put(ffs);
1523 return ERR_CAST(ffs_dev);
1524 }
1525 ffs->private_data = ffs_dev;
1526 data.ffs_data = ffs;
1527
1528 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1529 if (IS_ERR(rv) && data.ffs_data) {
1530 ffs_release_dev(data.ffs_data);
1531 ffs_data_put(data.ffs_data);
1532 }
1533 return rv;
1534}
1535
1536static void
1537ffs_fs_kill_sb(struct super_block *sb)
1538{
1539 ENTER();
1540
1541 kill_litter_super(sb);
1542 if (sb->s_fs_info) {
1543 ffs_release_dev(sb->s_fs_info);
1544 ffs_data_closed(sb->s_fs_info);
1545 }
1546}
1547
1548static struct file_system_type ffs_fs_type = {
1549 .owner = THIS_MODULE,
1550 .name = "functionfs",
1551 .mount = ffs_fs_mount,
1552 .kill_sb = ffs_fs_kill_sb,
1553};
1554MODULE_ALIAS_FS("functionfs");
1555
1556
1557
1558
1559static int functionfs_init(void)
1560{
1561 int ret;
1562
1563 ENTER();
1564
1565 ret = register_filesystem(&ffs_fs_type);
1566 if (likely(!ret))
1567 pr_info("file system registered\n");
1568 else
1569 pr_err("failed registering file system (%d)\n", ret);
1570
1571 return ret;
1572}
1573
1574static void functionfs_cleanup(void)
1575{
1576 ENTER();
1577
1578 pr_info("unloading\n");
1579 unregister_filesystem(&ffs_fs_type);
1580}
1581
1582
1583
1584
1585static void ffs_data_clear(struct ffs_data *ffs);
1586static void ffs_data_reset(struct ffs_data *ffs);
1587
1588static void ffs_data_get(struct ffs_data *ffs)
1589{
1590 ENTER();
1591
1592 refcount_inc(&ffs->ref);
1593}
1594
1595static void ffs_data_opened(struct ffs_data *ffs)
1596{
1597 ENTER();
1598
1599 refcount_inc(&ffs->ref);
1600 if (atomic_add_return(1, &ffs->opened) == 1 &&
1601 ffs->state == FFS_DEACTIVATED) {
1602 ffs->state = FFS_CLOSING;
1603 ffs_data_reset(ffs);
1604 }
1605}
1606
1607static void ffs_data_put(struct ffs_data *ffs)
1608{
1609 ENTER();
1610
1611 if (unlikely(refcount_dec_and_test(&ffs->ref))) {
1612 pr_info("%s(): freeing\n", __func__);
1613 ffs_data_clear(ffs);
1614 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1615 waitqueue_active(&ffs->ep0req_completion.wait) ||
1616 waitqueue_active(&ffs->wait));
1617 destroy_workqueue(ffs->io_completion_wq);
1618 kfree(ffs->dev_name);
1619 kfree(ffs);
1620 }
1621}
1622
1623static void ffs_data_closed(struct ffs_data *ffs)
1624{
1625 ENTER();
1626
1627 if (atomic_dec_and_test(&ffs->opened)) {
1628 if (ffs->no_disconnect) {
1629 ffs->state = FFS_DEACTIVATED;
1630 if (ffs->epfiles) {
1631 ffs_epfiles_destroy(ffs->epfiles,
1632 ffs->eps_count);
1633 ffs->epfiles = NULL;
1634 }
1635 if (ffs->setup_state == FFS_SETUP_PENDING)
1636 __ffs_ep0_stall(ffs);
1637 } else {
1638 ffs->state = FFS_CLOSING;
1639 ffs_data_reset(ffs);
1640 }
1641 }
1642 if (atomic_read(&ffs->opened) < 0) {
1643 ffs->state = FFS_CLOSING;
1644 ffs_data_reset(ffs);
1645 }
1646
1647 ffs_data_put(ffs);
1648}
1649
1650static struct ffs_data *ffs_data_new(const char *dev_name)
1651{
1652 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1653 if (unlikely(!ffs))
1654 return NULL;
1655
1656 ENTER();
1657
1658 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1659 if (!ffs->io_completion_wq) {
1660 kfree(ffs);
1661 return NULL;
1662 }
1663
1664 refcount_set(&ffs->ref, 1);
1665 atomic_set(&ffs->opened, 0);
1666 ffs->state = FFS_READ_DESCRIPTORS;
1667 mutex_init(&ffs->mutex);
1668 spin_lock_init(&ffs->eps_lock);
1669 init_waitqueue_head(&ffs->ev.waitq);
1670 init_waitqueue_head(&ffs->wait);
1671 init_completion(&ffs->ep0req_completion);
1672
1673
1674 ffs->ev.can_stall = 1;
1675
1676 return ffs;
1677}
1678
1679static void ffs_data_clear(struct ffs_data *ffs)
1680{
1681 ENTER();
1682
1683 ffs_closed(ffs);
1684
1685 BUG_ON(ffs->gadget);
1686
1687 if (ffs->epfiles)
1688 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1689
1690 if (ffs->ffs_eventfd)
1691 eventfd_ctx_put(ffs->ffs_eventfd);
1692
1693 kfree(ffs->raw_descs_data);
1694 kfree(ffs->raw_strings);
1695 kfree(ffs->stringtabs);
1696}
1697
1698static void ffs_data_reset(struct ffs_data *ffs)
1699{
1700 ENTER();
1701
1702 ffs_data_clear(ffs);
1703
1704 ffs->epfiles = NULL;
1705 ffs->raw_descs_data = NULL;
1706 ffs->raw_descs = NULL;
1707 ffs->raw_strings = NULL;
1708 ffs->stringtabs = NULL;
1709
1710 ffs->raw_descs_length = 0;
1711 ffs->fs_descs_count = 0;
1712 ffs->hs_descs_count = 0;
1713 ffs->ss_descs_count = 0;
1714
1715 ffs->strings_count = 0;
1716 ffs->interfaces_count = 0;
1717 ffs->eps_count = 0;
1718
1719 ffs->ev.count = 0;
1720
1721 ffs->state = FFS_READ_DESCRIPTORS;
1722 ffs->setup_state = FFS_NO_SETUP;
1723 ffs->flags = 0;
1724}
1725
1726
1727static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1728{
1729 struct usb_gadget_strings **lang;
1730 int first_id;
1731
1732 ENTER();
1733
1734 if (WARN_ON(ffs->state != FFS_ACTIVE
1735 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1736 return -EBADFD;
1737
1738 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1739 if (unlikely(first_id < 0))
1740 return first_id;
1741
1742 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1743 if (unlikely(!ffs->ep0req))
1744 return -ENOMEM;
1745 ffs->ep0req->complete = ffs_ep0_complete;
1746 ffs->ep0req->context = ffs;
1747
1748 lang = ffs->stringtabs;
1749 if (lang) {
1750 for (; *lang; ++lang) {
1751 struct usb_string *str = (*lang)->strings;
1752 int id = first_id;
1753 for (; str->s; ++id, ++str)
1754 str->id = id;
1755 }
1756 }
1757
1758 ffs->gadget = cdev->gadget;
1759 ffs_data_get(ffs);
1760 return 0;
1761}
1762
1763static void functionfs_unbind(struct ffs_data *ffs)
1764{
1765 ENTER();
1766
1767 if (!WARN_ON(!ffs->gadget)) {
1768 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1769 ffs->ep0req = NULL;
1770 ffs->gadget = NULL;
1771 clear_bit(FFS_FL_BOUND, &ffs->flags);
1772 ffs_data_put(ffs);
1773 }
1774}
1775
1776static int ffs_epfiles_create(struct ffs_data *ffs)
1777{
1778 struct ffs_epfile *epfile, *epfiles;
1779 unsigned i, count;
1780
1781 ENTER();
1782
1783 count = ffs->eps_count;
1784 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1785 if (!epfiles)
1786 return -ENOMEM;
1787
1788 epfile = epfiles;
1789 for (i = 1; i <= count; ++i, ++epfile) {
1790 epfile->ffs = ffs;
1791 mutex_init(&epfile->mutex);
1792 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1793 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1794 else
1795 sprintf(epfile->name, "ep%u", i);
1796 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1797 epfile,
1798 &ffs_epfile_operations);
1799 if (unlikely(!epfile->dentry)) {
1800 ffs_epfiles_destroy(epfiles, i - 1);
1801 return -ENOMEM;
1802 }
1803 }
1804
1805 ffs->epfiles = epfiles;
1806 return 0;
1807}
1808
1809static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1810{
1811 struct ffs_epfile *epfile = epfiles;
1812
1813 ENTER();
1814
1815 for (; count; --count, ++epfile) {
1816 BUG_ON(mutex_is_locked(&epfile->mutex));
1817 if (epfile->dentry) {
1818 d_delete(epfile->dentry);
1819 dput(epfile->dentry);
1820 epfile->dentry = NULL;
1821 }
1822 }
1823
1824 kfree(epfiles);
1825}
1826
1827static void ffs_func_eps_disable(struct ffs_function *func)
1828{
1829 struct ffs_ep *ep = func->eps;
1830 struct ffs_epfile *epfile = func->ffs->epfiles;
1831 unsigned count = func->ffs->eps_count;
1832 unsigned long flags;
1833
1834 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1835 while (count--) {
1836
1837 if (likely(ep->ep))
1838 usb_ep_disable(ep->ep);
1839 ++ep;
1840
1841 if (epfile) {
1842 epfile->ep = NULL;
1843 __ffs_epfile_read_buffer_free(epfile);
1844 ++epfile;
1845 }
1846 }
1847 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1848}
1849
1850static int ffs_func_eps_enable(struct ffs_function *func)
1851{
1852 struct ffs_data *ffs = func->ffs;
1853 struct ffs_ep *ep = func->eps;
1854 struct ffs_epfile *epfile = ffs->epfiles;
1855 unsigned count = ffs->eps_count;
1856 unsigned long flags;
1857 int ret = 0;
1858
1859 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1860 while(count--) {
1861 ep->ep->driver_data = ep;
1862
1863 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1864 if (ret) {
1865 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1866 __func__, ep->ep->name, ret);
1867 break;
1868 }
1869
1870 ret = usb_ep_enable(ep->ep);
1871 if (likely(!ret)) {
1872 epfile->ep = ep;
1873 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1874 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
1875 } else {
1876 break;
1877 }
1878
1879 ++ep;
1880 ++epfile;
1881 }
1882
1883 wake_up_interruptible(&ffs->wait);
1884 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1885
1886 return ret;
1887}
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899enum ffs_entity_type {
1900 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1901};
1902
1903enum ffs_os_desc_type {
1904 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
1905};
1906
1907typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1908 u8 *valuep,
1909 struct usb_descriptor_header *desc,
1910 void *priv);
1911
1912typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
1913 struct usb_os_desc_header *h, void *data,
1914 unsigned len, void *priv);
1915
1916static int __must_check ffs_do_single_desc(char *data, unsigned len,
1917 ffs_entity_callback entity,
1918 void *priv)
1919{
1920 struct usb_descriptor_header *_ds = (void *)data;
1921 u8 length;
1922 int ret;
1923
1924 ENTER();
1925
1926
1927 if (len < 2) {
1928 pr_vdebug("descriptor too short\n");
1929 return -EINVAL;
1930 }
1931
1932
1933 length = _ds->bLength;
1934 if (len < length) {
1935 pr_vdebug("descriptor longer then available data\n");
1936 return -EINVAL;
1937 }
1938
1939#define __entity_check_INTERFACE(val) 1
1940#define __entity_check_STRING(val) (val)
1941#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1942#define __entity(type, val) do { \
1943 pr_vdebug("entity " #type "(%02x)\n", (val)); \
1944 if (unlikely(!__entity_check_ ##type(val))) { \
1945 pr_vdebug("invalid entity's value\n"); \
1946 return -EINVAL; \
1947 } \
1948 ret = entity(FFS_ ##type, &val, _ds, priv); \
1949 if (unlikely(ret < 0)) { \
1950 pr_debug("entity " #type "(%02x); ret = %d\n", \
1951 (val), ret); \
1952 return ret; \
1953 } \
1954 } while (0)
1955
1956
1957 switch (_ds->bDescriptorType) {
1958 case USB_DT_DEVICE:
1959 case USB_DT_CONFIG:
1960 case USB_DT_STRING:
1961 case USB_DT_DEVICE_QUALIFIER:
1962
1963 pr_vdebug("descriptor reserved for gadget: %d\n",
1964 _ds->bDescriptorType);
1965 return -EINVAL;
1966
1967 case USB_DT_INTERFACE: {
1968 struct usb_interface_descriptor *ds = (void *)_ds;
1969 pr_vdebug("interface descriptor\n");
1970 if (length != sizeof *ds)
1971 goto inv_length;
1972
1973 __entity(INTERFACE, ds->bInterfaceNumber);
1974 if (ds->iInterface)
1975 __entity(STRING, ds->iInterface);
1976 }
1977 break;
1978
1979 case USB_DT_ENDPOINT: {
1980 struct usb_endpoint_descriptor *ds = (void *)_ds;
1981 pr_vdebug("endpoint descriptor\n");
1982 if (length != USB_DT_ENDPOINT_SIZE &&
1983 length != USB_DT_ENDPOINT_AUDIO_SIZE)
1984 goto inv_length;
1985 __entity(ENDPOINT, ds->bEndpointAddress);
1986 }
1987 break;
1988
1989 case HID_DT_HID:
1990 pr_vdebug("hid descriptor\n");
1991 if (length != sizeof(struct hid_descriptor))
1992 goto inv_length;
1993 break;
1994
1995 case USB_DT_OTG:
1996 if (length != sizeof(struct usb_otg_descriptor))
1997 goto inv_length;
1998 break;
1999
2000 case USB_DT_INTERFACE_ASSOCIATION: {
2001 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
2002 pr_vdebug("interface association descriptor\n");
2003 if (length != sizeof *ds)
2004 goto inv_length;
2005 if (ds->iFunction)
2006 __entity(STRING, ds->iFunction);
2007 }
2008 break;
2009
2010 case USB_DT_SS_ENDPOINT_COMP:
2011 pr_vdebug("EP SS companion descriptor\n");
2012 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2013 goto inv_length;
2014 break;
2015
2016 case USB_DT_OTHER_SPEED_CONFIG:
2017 case USB_DT_INTERFACE_POWER:
2018 case USB_DT_DEBUG:
2019 case USB_DT_SECURITY:
2020 case USB_DT_CS_RADIO_CONTROL:
2021
2022 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2023 return -EINVAL;
2024
2025 default:
2026
2027 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2028 return -EINVAL;
2029
2030inv_length:
2031 pr_vdebug("invalid length: %d (descriptor %d)\n",
2032 _ds->bLength, _ds->bDescriptorType);
2033 return -EINVAL;
2034 }
2035
2036#undef __entity
2037#undef __entity_check_DESCRIPTOR
2038#undef __entity_check_INTERFACE
2039#undef __entity_check_STRING
2040#undef __entity_check_ENDPOINT
2041
2042 return length;
2043}
2044
2045static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2046 ffs_entity_callback entity, void *priv)
2047{
2048 const unsigned _len = len;
2049 unsigned long num = 0;
2050
2051 ENTER();
2052
2053 for (;;) {
2054 int ret;
2055
2056 if (num == count)
2057 data = NULL;
2058
2059
2060 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2061 if (unlikely(ret < 0)) {
2062 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2063 num, ret);
2064 return ret;
2065 }
2066
2067 if (!data)
2068 return _len - len;
2069
2070 ret = ffs_do_single_desc(data, len, entity, priv);
2071 if (unlikely(ret < 0)) {
2072 pr_debug("%s returns %d\n", __func__, ret);
2073 return ret;
2074 }
2075
2076 len -= ret;
2077 data += ret;
2078 ++num;
2079 }
2080}
2081
2082static int __ffs_data_do_entity(enum ffs_entity_type type,
2083 u8 *valuep, struct usb_descriptor_header *desc,
2084 void *priv)
2085{
2086 struct ffs_desc_helper *helper = priv;
2087 struct usb_endpoint_descriptor *d;
2088
2089 ENTER();
2090
2091 switch (type) {
2092 case FFS_DESCRIPTOR:
2093 break;
2094
2095 case FFS_INTERFACE:
2096
2097
2098
2099
2100
2101 if (*valuep >= helper->interfaces_count)
2102 helper->interfaces_count = *valuep + 1;
2103 break;
2104
2105 case FFS_STRING:
2106
2107
2108
2109
2110 if (*valuep > helper->ffs->strings_count)
2111 helper->ffs->strings_count = *valuep;
2112 break;
2113
2114 case FFS_ENDPOINT:
2115 d = (void *)desc;
2116 helper->eps_count++;
2117 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
2118 return -EINVAL;
2119
2120 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2121 helper->ffs->eps_addrmap[helper->eps_count] =
2122 d->bEndpointAddress;
2123 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2124 d->bEndpointAddress)
2125 return -EINVAL;
2126 break;
2127 }
2128
2129 return 0;
2130}
2131
2132static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2133 struct usb_os_desc_header *desc)
2134{
2135 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2136 u16 w_index = le16_to_cpu(desc->wIndex);
2137
2138 if (bcd_version != 1) {
2139 pr_vdebug("unsupported os descriptors version: %d",
2140 bcd_version);
2141 return -EINVAL;
2142 }
2143 switch (w_index) {
2144 case 0x4:
2145 *next_type = FFS_OS_DESC_EXT_COMPAT;
2146 break;
2147 case 0x5:
2148 *next_type = FFS_OS_DESC_EXT_PROP;
2149 break;
2150 default:
2151 pr_vdebug("unsupported os descriptor type: %d", w_index);
2152 return -EINVAL;
2153 }
2154
2155 return sizeof(*desc);
2156}
2157
2158
2159
2160
2161
2162static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2163 enum ffs_os_desc_type type,
2164 u16 feature_count,
2165 ffs_os_desc_callback entity,
2166 void *priv,
2167 struct usb_os_desc_header *h)
2168{
2169 int ret;
2170 const unsigned _len = len;
2171
2172 ENTER();
2173
2174
2175 while (feature_count--) {
2176 ret = entity(type, h, data, len, priv);
2177 if (unlikely(ret < 0)) {
2178 pr_debug("bad OS descriptor, type: %d\n", type);
2179 return ret;
2180 }
2181 data += ret;
2182 len -= ret;
2183 }
2184 return _len - len;
2185}
2186
2187
2188static int __must_check ffs_do_os_descs(unsigned count,
2189 char *data, unsigned len,
2190 ffs_os_desc_callback entity, void *priv)
2191{
2192 const unsigned _len = len;
2193 unsigned long num = 0;
2194
2195 ENTER();
2196
2197 for (num = 0; num < count; ++num) {
2198 int ret;
2199 enum ffs_os_desc_type type;
2200 u16 feature_count;
2201 struct usb_os_desc_header *desc = (void *)data;
2202
2203 if (len < sizeof(*desc))
2204 return -EINVAL;
2205
2206
2207
2208
2209
2210
2211
2212
2213 if (le32_to_cpu(desc->dwLength) > len)
2214 return -EINVAL;
2215
2216 ret = __ffs_do_os_desc_header(&type, desc);
2217 if (unlikely(ret < 0)) {
2218 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2219 num, ret);
2220 return ret;
2221 }
2222
2223
2224
2225 feature_count = le16_to_cpu(desc->wCount);
2226 if (type == FFS_OS_DESC_EXT_COMPAT &&
2227 (feature_count > 255 || desc->Reserved))
2228 return -EINVAL;
2229 len -= ret;
2230 data += ret;
2231
2232
2233
2234
2235
2236 ret = ffs_do_single_os_desc(data, len, type,
2237 feature_count, entity, priv, desc);
2238 if (unlikely(ret < 0)) {
2239 pr_debug("%s returns %d\n", __func__, ret);
2240 return ret;
2241 }
2242
2243 len -= ret;
2244 data += ret;
2245 }
2246 return _len - len;
2247}
2248
2249
2250
2251
2252static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2253 struct usb_os_desc_header *h, void *data,
2254 unsigned len, void *priv)
2255{
2256 struct ffs_data *ffs = priv;
2257 u8 length;
2258
2259 ENTER();
2260
2261 switch (type) {
2262 case FFS_OS_DESC_EXT_COMPAT: {
2263 struct usb_ext_compat_desc *d = data;
2264 int i;
2265
2266 if (len < sizeof(*d) ||
2267 d->bFirstInterfaceNumber >= ffs->interfaces_count)
2268 return -EINVAL;
2269 if (d->Reserved1 != 1) {
2270
2271
2272
2273
2274
2275
2276 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2277 d->Reserved1 = 1;
2278 }
2279 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2280 if (d->Reserved2[i])
2281 return -EINVAL;
2282
2283 length = sizeof(struct usb_ext_compat_desc);
2284 }
2285 break;
2286 case FFS_OS_DESC_EXT_PROP: {
2287 struct usb_ext_prop_desc *d = data;
2288 u32 type, pdl;
2289 u16 pnl;
2290
2291 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2292 return -EINVAL;
2293 length = le32_to_cpu(d->dwSize);
2294 if (len < length)
2295 return -EINVAL;
2296 type = le32_to_cpu(d->dwPropertyDataType);
2297 if (type < USB_EXT_PROP_UNICODE ||
2298 type > USB_EXT_PROP_UNICODE_MULTI) {
2299 pr_vdebug("unsupported os descriptor property type: %d",
2300 type);
2301 return -EINVAL;
2302 }
2303 pnl = le16_to_cpu(d->wPropertyNameLength);
2304 if (length < 14 + pnl) {
2305 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2306 length, pnl, type);
2307 return -EINVAL;
2308 }
2309 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
2310 if (length != 14 + pnl + pdl) {
2311 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2312 length, pnl, pdl, type);
2313 return -EINVAL;
2314 }
2315 ++ffs->ms_os_descs_ext_prop_count;
2316
2317 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2318 ffs->ms_os_descs_ext_prop_data_len += pdl;
2319 }
2320 break;
2321 default:
2322 pr_vdebug("unknown descriptor: %d\n", type);
2323 return -EINVAL;
2324 }
2325 return length;
2326}
2327
2328static int __ffs_data_got_descs(struct ffs_data *ffs,
2329 char *const _data, size_t len)
2330{
2331 char *data = _data, *raw_descs;
2332 unsigned os_descs_count = 0, counts[3], flags;
2333 int ret = -EINVAL, i;
2334 struct ffs_desc_helper helper;
2335
2336 ENTER();
2337
2338 if (get_unaligned_le32(data + 4) != len)
2339 goto error;
2340
2341 switch (get_unaligned_le32(data)) {
2342 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2343 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2344 data += 8;
2345 len -= 8;
2346 break;
2347 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2348 flags = get_unaligned_le32(data + 8);
2349 ffs->user_flags = flags;
2350 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2351 FUNCTIONFS_HAS_HS_DESC |
2352 FUNCTIONFS_HAS_SS_DESC |
2353 FUNCTIONFS_HAS_MS_OS_DESC |
2354 FUNCTIONFS_VIRTUAL_ADDR |
2355 FUNCTIONFS_EVENTFD |
2356 FUNCTIONFS_ALL_CTRL_RECIP |
2357 FUNCTIONFS_CONFIG0_SETUP)) {
2358 ret = -ENOSYS;
2359 goto error;
2360 }
2361 data += 12;
2362 len -= 12;
2363 break;
2364 default:
2365 goto error;
2366 }
2367
2368 if (flags & FUNCTIONFS_EVENTFD) {
2369 if (len < 4)
2370 goto error;
2371 ffs->ffs_eventfd =
2372 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2373 if (IS_ERR(ffs->ffs_eventfd)) {
2374 ret = PTR_ERR(ffs->ffs_eventfd);
2375 ffs->ffs_eventfd = NULL;
2376 goto error;
2377 }
2378 data += 4;
2379 len -= 4;
2380 }
2381
2382
2383 for (i = 0; i < 3; ++i) {
2384 if (!(flags & (1 << i))) {
2385 counts[i] = 0;
2386 } else if (len < 4) {
2387 goto error;
2388 } else {
2389 counts[i] = get_unaligned_le32(data);
2390 data += 4;
2391 len -= 4;
2392 }
2393 }
2394 if (flags & (1 << i)) {
2395 if (len < 4) {
2396 goto error;
2397 }
2398 os_descs_count = get_unaligned_le32(data);
2399 data += 4;
2400 len -= 4;
2401 };
2402
2403
2404 raw_descs = data;
2405 helper.ffs = ffs;
2406 for (i = 0; i < 3; ++i) {
2407 if (!counts[i])
2408 continue;
2409 helper.interfaces_count = 0;
2410 helper.eps_count = 0;
2411 ret = ffs_do_descs(counts[i], data, len,
2412 __ffs_data_do_entity, &helper);
2413 if (ret < 0)
2414 goto error;
2415 if (!ffs->eps_count && !ffs->interfaces_count) {
2416 ffs->eps_count = helper.eps_count;
2417 ffs->interfaces_count = helper.interfaces_count;
2418 } else {
2419 if (ffs->eps_count != helper.eps_count) {
2420 ret = -EINVAL;
2421 goto error;
2422 }
2423 if (ffs->interfaces_count != helper.interfaces_count) {
2424 ret = -EINVAL;
2425 goto error;
2426 }
2427 }
2428 data += ret;
2429 len -= ret;
2430 }
2431 if (os_descs_count) {
2432 ret = ffs_do_os_descs(os_descs_count, data, len,
2433 __ffs_data_do_os_desc, ffs);
2434 if (ret < 0)
2435 goto error;
2436 data += ret;
2437 len -= ret;
2438 }
2439
2440 if (raw_descs == data || len) {
2441 ret = -EINVAL;
2442 goto error;
2443 }
2444
2445 ffs->raw_descs_data = _data;
2446 ffs->raw_descs = raw_descs;
2447 ffs->raw_descs_length = data - raw_descs;
2448 ffs->fs_descs_count = counts[0];
2449 ffs->hs_descs_count = counts[1];
2450 ffs->ss_descs_count = counts[2];
2451 ffs->ms_os_descs_count = os_descs_count;
2452
2453 return 0;
2454
2455error:
2456 kfree(_data);
2457 return ret;
2458}
2459
2460static int __ffs_data_got_strings(struct ffs_data *ffs,
2461 char *const _data, size_t len)
2462{
2463 u32 str_count, needed_count, lang_count;
2464 struct usb_gadget_strings **stringtabs, *t;
2465 const char *data = _data;
2466 struct usb_string *s;
2467
2468 ENTER();
2469
2470 if (unlikely(len < 16 ||
2471 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2472 get_unaligned_le32(data + 4) != len))
2473 goto error;
2474 str_count = get_unaligned_le32(data + 8);
2475 lang_count = get_unaligned_le32(data + 12);
2476
2477
2478 if (unlikely(!str_count != !lang_count))
2479 goto error;
2480
2481
2482 needed_count = ffs->strings_count;
2483 if (unlikely(str_count < needed_count))
2484 goto error;
2485
2486
2487
2488
2489
2490 if (!needed_count) {
2491 kfree(_data);
2492 return 0;
2493 }
2494
2495
2496 {
2497 unsigned i = 0;
2498 vla_group(d);
2499 vla_item(d, struct usb_gadget_strings *, stringtabs,
2500 lang_count + 1);
2501 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2502 vla_item(d, struct usb_string, strings,
2503 lang_count*(needed_count+1));
2504
2505 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2506
2507 if (unlikely(!vlabuf)) {
2508 kfree(_data);
2509 return -ENOMEM;
2510 }
2511
2512
2513 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2514 t = vla_ptr(vlabuf, d, stringtab);
2515 i = lang_count;
2516 do {
2517 *stringtabs++ = t++;
2518 } while (--i);
2519 *stringtabs = NULL;
2520
2521
2522 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2523 t = vla_ptr(vlabuf, d, stringtab);
2524 s = vla_ptr(vlabuf, d, strings);
2525 }
2526
2527
2528 data += 16;
2529 len -= 16;
2530
2531 do {
2532 unsigned needed = needed_count;
2533
2534 if (unlikely(len < 3))
2535 goto error_free;
2536 t->language = get_unaligned_le16(data);
2537 t->strings = s;
2538 ++t;
2539
2540 data += 2;
2541 len -= 2;
2542
2543
2544 do {
2545 size_t length = strnlen(data, len);
2546
2547 if (unlikely(length == len))
2548 goto error_free;
2549
2550
2551
2552
2553
2554
2555 if (likely(needed)) {
2556
2557
2558
2559
2560
2561 s->s = data;
2562 --needed;
2563 ++s;
2564 }
2565
2566 data += length + 1;
2567 len -= length + 1;
2568 } while (--str_count);
2569
2570 s->id = 0;
2571 s->s = NULL;
2572 ++s;
2573
2574 } while (--lang_count);
2575
2576
2577 if (unlikely(len))
2578 goto error_free;
2579
2580
2581 ffs->stringtabs = stringtabs;
2582 ffs->raw_strings = _data;
2583
2584 return 0;
2585
2586error_free:
2587 kfree(stringtabs);
2588error:
2589 kfree(_data);
2590 return -EINVAL;
2591}
2592
2593
2594
2595
2596static void __ffs_event_add(struct ffs_data *ffs,
2597 enum usb_functionfs_event_type type)
2598{
2599 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2600 int neg = 0;
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610 if (ffs->setup_state == FFS_SETUP_PENDING)
2611 ffs->setup_state = FFS_SETUP_CANCELLED;
2612
2613
2614
2615
2616
2617
2618
2619
2620 switch (type) {
2621 case FUNCTIONFS_RESUME:
2622 rem_type2 = FUNCTIONFS_SUSPEND;
2623
2624 case FUNCTIONFS_SUSPEND:
2625 case FUNCTIONFS_SETUP:
2626 rem_type1 = type;
2627
2628 break;
2629
2630 case FUNCTIONFS_BIND:
2631 case FUNCTIONFS_UNBIND:
2632 case FUNCTIONFS_DISABLE:
2633 case FUNCTIONFS_ENABLE:
2634
2635 rem_type1 = FUNCTIONFS_SUSPEND;
2636 rem_type2 = FUNCTIONFS_RESUME;
2637 neg = 1;
2638 break;
2639
2640 default:
2641 WARN(1, "%d: unknown event, this should not happen\n", type);
2642 return;
2643 }
2644
2645 {
2646 u8 *ev = ffs->ev.types, *out = ev;
2647 unsigned n = ffs->ev.count;
2648 for (; n; --n, ++ev)
2649 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2650 *out++ = *ev;
2651 else
2652 pr_vdebug("purging event %d\n", *ev);
2653 ffs->ev.count = out - ffs->ev.types;
2654 }
2655
2656 pr_vdebug("adding event %d\n", type);
2657 ffs->ev.types[ffs->ev.count++] = type;
2658 wake_up_locked(&ffs->ev.waitq);
2659 if (ffs->ffs_eventfd)
2660 eventfd_signal(ffs->ffs_eventfd, 1);
2661}
2662
2663static void ffs_event_add(struct ffs_data *ffs,
2664 enum usb_functionfs_event_type type)
2665{
2666 unsigned long flags;
2667 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2668 __ffs_event_add(ffs, type);
2669 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2670}
2671
2672
2673
2674static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2675{
2676 int i;
2677
2678 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2679 if (ffs->eps_addrmap[i] == endpoint_address)
2680 return i;
2681 return -ENOENT;
2682}
2683
2684static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2685 struct usb_descriptor_header *desc,
2686 void *priv)
2687{
2688 struct usb_endpoint_descriptor *ds = (void *)desc;
2689 struct ffs_function *func = priv;
2690 struct ffs_ep *ffs_ep;
2691 unsigned ep_desc_id;
2692 int idx;
2693 static const char *speed_names[] = { "full", "high", "super" };
2694
2695 if (type != FFS_DESCRIPTOR)
2696 return 0;
2697
2698
2699
2700
2701
2702
2703
2704 if (func->function.ss_descriptors) {
2705 ep_desc_id = 2;
2706 func->function.ss_descriptors[(long)valuep] = desc;
2707 } else if (func->function.hs_descriptors) {
2708 ep_desc_id = 1;
2709 func->function.hs_descriptors[(long)valuep] = desc;
2710 } else {
2711 ep_desc_id = 0;
2712 func->function.fs_descriptors[(long)valuep] = desc;
2713 }
2714
2715 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2716 return 0;
2717
2718 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2719 if (idx < 0)
2720 return idx;
2721
2722 ffs_ep = func->eps + idx;
2723
2724 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2725 pr_err("two %sspeed descriptors for EP %d\n",
2726 speed_names[ep_desc_id],
2727 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2728 return -EINVAL;
2729 }
2730 ffs_ep->descs[ep_desc_id] = ds;
2731
2732 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2733 if (ffs_ep->ep) {
2734 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2735 if (!ds->wMaxPacketSize)
2736 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2737 } else {
2738 struct usb_request *req;
2739 struct usb_ep *ep;
2740 u8 bEndpointAddress;
2741
2742
2743
2744
2745
2746 bEndpointAddress = ds->bEndpointAddress;
2747 pr_vdebug("autoconfig\n");
2748 ep = usb_ep_autoconfig(func->gadget, ds);
2749 if (unlikely(!ep))
2750 return -ENOTSUPP;
2751 ep->driver_data = func->eps + idx;
2752
2753 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2754 if (unlikely(!req))
2755 return -ENOMEM;
2756
2757 ffs_ep->ep = ep;
2758 ffs_ep->req = req;
2759 func->eps_revmap[ds->bEndpointAddress &
2760 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2761
2762
2763
2764
2765 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2766 ds->bEndpointAddress = bEndpointAddress;
2767 }
2768 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2769
2770 return 0;
2771}
2772
2773static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2774 struct usb_descriptor_header *desc,
2775 void *priv)
2776{
2777 struct ffs_function *func = priv;
2778 unsigned idx;
2779 u8 newValue;
2780
2781 switch (type) {
2782 default:
2783 case FFS_DESCRIPTOR:
2784
2785 return 0;
2786
2787 case FFS_INTERFACE:
2788 idx = *valuep;
2789 if (func->interfaces_nums[idx] < 0) {
2790 int id = usb_interface_id(func->conf, &func->function);
2791 if (unlikely(id < 0))
2792 return id;
2793 func->interfaces_nums[idx] = id;
2794 }
2795 newValue = func->interfaces_nums[idx];
2796 break;
2797
2798 case FFS_STRING:
2799
2800 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2801 break;
2802
2803 case FFS_ENDPOINT:
2804
2805
2806
2807
2808 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2809 return 0;
2810
2811 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2812 if (unlikely(!func->eps[idx].ep))
2813 return -EINVAL;
2814
2815 {
2816 struct usb_endpoint_descriptor **descs;
2817 descs = func->eps[idx].descs;
2818 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2819 }
2820 break;
2821 }
2822
2823 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2824 *valuep = newValue;
2825 return 0;
2826}
2827
2828static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2829 struct usb_os_desc_header *h, void *data,
2830 unsigned len, void *priv)
2831{
2832 struct ffs_function *func = priv;
2833 u8 length = 0;
2834
2835 switch (type) {
2836 case FFS_OS_DESC_EXT_COMPAT: {
2837 struct usb_ext_compat_desc *desc = data;
2838 struct usb_os_desc_table *t;
2839
2840 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2841 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2842 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2843 ARRAY_SIZE(desc->CompatibleID) +
2844 ARRAY_SIZE(desc->SubCompatibleID));
2845 length = sizeof(*desc);
2846 }
2847 break;
2848 case FFS_OS_DESC_EXT_PROP: {
2849 struct usb_ext_prop_desc *desc = data;
2850 struct usb_os_desc_table *t;
2851 struct usb_os_desc_ext_prop *ext_prop;
2852 char *ext_prop_name;
2853 char *ext_prop_data;
2854
2855 t = &func->function.os_desc_table[h->interface];
2856 t->if_id = func->interfaces_nums[h->interface];
2857
2858 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2859 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2860
2861 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2862 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2863 ext_prop->data_len = le32_to_cpu(*(__le32 *)
2864 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2865 length = ext_prop->name_len + ext_prop->data_len + 14;
2866
2867 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2868 func->ffs->ms_os_descs_ext_prop_name_avail +=
2869 ext_prop->name_len;
2870
2871 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2872 func->ffs->ms_os_descs_ext_prop_data_avail +=
2873 ext_prop->data_len;
2874 memcpy(ext_prop_data,
2875 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2876 ext_prop->data_len);
2877
2878 switch (ext_prop->type) {
2879 case USB_EXT_PROP_UNICODE:
2880 case USB_EXT_PROP_UNICODE_ENV:
2881 case USB_EXT_PROP_UNICODE_LINK:
2882 case USB_EXT_PROP_UNICODE_MULTI:
2883 ext_prop->data_len *= 2;
2884 break;
2885 }
2886 ext_prop->data = ext_prop_data;
2887
2888 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
2889 ext_prop->name_len);
2890
2891 ext_prop->name_len *= 2;
2892 ext_prop->name = ext_prop_name;
2893
2894 t->os_desc->ext_prop_len +=
2895 ext_prop->name_len + ext_prop->data_len + 14;
2896 ++t->os_desc->ext_prop_count;
2897 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
2898 }
2899 break;
2900 default:
2901 pr_vdebug("unknown descriptor: %d\n", type);
2902 }
2903
2904 return length;
2905}
2906
2907static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
2908 struct usb_configuration *c)
2909{
2910 struct ffs_function *func = ffs_func_from_usb(f);
2911 struct f_fs_opts *ffs_opts =
2912 container_of(f->fi, struct f_fs_opts, func_inst);
2913 int ret;
2914
2915 ENTER();
2916
2917
2918
2919
2920
2921
2922
2923
2924 if (!ffs_opts->no_configfs)
2925 ffs_dev_lock();
2926 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
2927 func->ffs = ffs_opts->dev->ffs_data;
2928 if (!ffs_opts->no_configfs)
2929 ffs_dev_unlock();
2930 if (ret)
2931 return ERR_PTR(ret);
2932
2933 func->conf = c;
2934 func->gadget = c->cdev->gadget;
2935
2936
2937
2938
2939
2940
2941
2942
2943 if (!ffs_opts->refcnt) {
2944 ret = functionfs_bind(func->ffs, c->cdev);
2945 if (ret)
2946 return ERR_PTR(ret);
2947 }
2948 ffs_opts->refcnt++;
2949 func->function.strings = func->ffs->stringtabs;
2950
2951 return ffs_opts;
2952}
2953
2954static int _ffs_func_bind(struct usb_configuration *c,
2955 struct usb_function *f)
2956{
2957 struct ffs_function *func = ffs_func_from_usb(f);
2958 struct ffs_data *ffs = func->ffs;
2959
2960 const int full = !!func->ffs->fs_descs_count;
2961 const int high = !!func->ffs->hs_descs_count;
2962 const int super = !!func->ffs->ss_descs_count;
2963
2964 int fs_len, hs_len, ss_len, ret, i;
2965 struct ffs_ep *eps_ptr;
2966
2967
2968 vla_group(d);
2969 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
2970 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
2971 full ? ffs->fs_descs_count + 1 : 0);
2972 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
2973 high ? ffs->hs_descs_count + 1 : 0);
2974 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
2975 super ? ffs->ss_descs_count + 1 : 0);
2976 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
2977 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
2978 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2979 vla_item_with_sz(d, char[16], ext_compat,
2980 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2981 vla_item_with_sz(d, struct usb_os_desc, os_desc,
2982 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2983 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
2984 ffs->ms_os_descs_ext_prop_count);
2985 vla_item_with_sz(d, char, ext_prop_name,
2986 ffs->ms_os_descs_ext_prop_name_len);
2987 vla_item_with_sz(d, char, ext_prop_data,
2988 ffs->ms_os_descs_ext_prop_data_len);
2989 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
2990 char *vlabuf;
2991
2992 ENTER();
2993
2994
2995 if (unlikely(!(full | high | super)))
2996 return -ENOTSUPP;
2997
2998
2999 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
3000 if (unlikely(!vlabuf))
3001 return -ENOMEM;
3002
3003 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
3004 ffs->ms_os_descs_ext_prop_name_avail =
3005 vla_ptr(vlabuf, d, ext_prop_name);
3006 ffs->ms_os_descs_ext_prop_data_avail =
3007 vla_ptr(vlabuf, d, ext_prop_data);
3008
3009
3010 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
3011 ffs->raw_descs_length);
3012
3013 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
3014 eps_ptr = vla_ptr(vlabuf, d, eps);
3015 for (i = 0; i < ffs->eps_count; i++)
3016 eps_ptr[i].num = -1;
3017
3018
3019
3020
3021 func->eps = vla_ptr(vlabuf, d, eps);
3022 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
3023
3024
3025
3026
3027
3028
3029 if (likely(full)) {
3030 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3031 fs_len = ffs_do_descs(ffs->fs_descs_count,
3032 vla_ptr(vlabuf, d, raw_descs),
3033 d_raw_descs__sz,
3034 __ffs_func_bind_do_descs, func);
3035 if (unlikely(fs_len < 0)) {
3036 ret = fs_len;
3037 goto error;
3038 }
3039 } else {
3040 fs_len = 0;
3041 }
3042
3043 if (likely(high)) {
3044 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3045 hs_len = ffs_do_descs(ffs->hs_descs_count,
3046 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3047 d_raw_descs__sz - fs_len,
3048 __ffs_func_bind_do_descs, func);
3049 if (unlikely(hs_len < 0)) {
3050 ret = hs_len;
3051 goto error;
3052 }
3053 } else {
3054 hs_len = 0;
3055 }
3056
3057 if (likely(super)) {
3058 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
3059 ss_len = ffs_do_descs(ffs->ss_descs_count,
3060 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3061 d_raw_descs__sz - fs_len - hs_len,
3062 __ffs_func_bind_do_descs, func);
3063 if (unlikely(ss_len < 0)) {
3064 ret = ss_len;
3065 goto error;
3066 }
3067 } else {
3068 ss_len = 0;
3069 }
3070
3071
3072
3073
3074
3075
3076 ret = ffs_do_descs(ffs->fs_descs_count +
3077 (high ? ffs->hs_descs_count : 0) +
3078 (super ? ffs->ss_descs_count : 0),
3079 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3080 __ffs_func_bind_do_nums, func);
3081 if (unlikely(ret < 0))
3082 goto error;
3083
3084 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3085 if (c->cdev->use_os_string) {
3086 for (i = 0; i < ffs->interfaces_count; ++i) {
3087 struct usb_os_desc *desc;
3088
3089 desc = func->function.os_desc_table[i].os_desc =
3090 vla_ptr(vlabuf, d, os_desc) +
3091 i * sizeof(struct usb_os_desc);
3092 desc->ext_compat_id =
3093 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3094 INIT_LIST_HEAD(&desc->ext_prop);
3095 }
3096 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3097 vla_ptr(vlabuf, d, raw_descs) +
3098 fs_len + hs_len + ss_len,
3099 d_raw_descs__sz - fs_len - hs_len -
3100 ss_len,
3101 __ffs_func_bind_do_os_desc, func);
3102 if (unlikely(ret < 0))
3103 goto error;
3104 }
3105 func->function.os_desc_n =
3106 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3107
3108
3109 ffs_event_add(ffs, FUNCTIONFS_BIND);
3110 return 0;
3111
3112error:
3113
3114 return ret;
3115}
3116
3117static int ffs_func_bind(struct usb_configuration *c,
3118 struct usb_function *f)
3119{
3120 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3121 struct ffs_function *func = ffs_func_from_usb(f);
3122 int ret;
3123
3124 if (IS_ERR(ffs_opts))
3125 return PTR_ERR(ffs_opts);
3126
3127 ret = _ffs_func_bind(c, f);
3128 if (ret && !--ffs_opts->refcnt)
3129 functionfs_unbind(func->ffs);
3130
3131 return ret;
3132}
3133
3134
3135
3136
3137static void ffs_reset_work(struct work_struct *work)
3138{
3139 struct ffs_data *ffs = container_of(work,
3140 struct ffs_data, reset_work);
3141 ffs_data_reset(ffs);
3142}
3143
3144static int ffs_func_set_alt(struct usb_function *f,
3145 unsigned interface, unsigned alt)
3146{
3147 struct ffs_function *func = ffs_func_from_usb(f);
3148 struct ffs_data *ffs = func->ffs;
3149 int ret = 0, intf;
3150
3151 if (alt != (unsigned)-1) {
3152 intf = ffs_func_revmap_intf(func, interface);
3153 if (unlikely(intf < 0))
3154 return intf;
3155 }
3156
3157 if (ffs->func)
3158 ffs_func_eps_disable(ffs->func);
3159
3160 if (ffs->state == FFS_DEACTIVATED) {
3161 ffs->state = FFS_CLOSING;
3162 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3163 schedule_work(&ffs->reset_work);
3164 return -ENODEV;
3165 }
3166
3167 if (ffs->state != FFS_ACTIVE)
3168 return -ENODEV;
3169
3170 if (alt == (unsigned)-1) {
3171 ffs->func = NULL;
3172 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3173 return 0;
3174 }
3175
3176 ffs->func = func;
3177 ret = ffs_func_eps_enable(func);
3178 if (likely(ret >= 0))
3179 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3180 return ret;
3181}
3182
3183static void ffs_func_disable(struct usb_function *f)
3184{
3185 ffs_func_set_alt(f, 0, (unsigned)-1);
3186}
3187
3188static int ffs_func_setup(struct usb_function *f,
3189 const struct usb_ctrlrequest *creq)
3190{
3191 struct ffs_function *func = ffs_func_from_usb(f);
3192 struct ffs_data *ffs = func->ffs;
3193 unsigned long flags;
3194 int ret;
3195
3196 ENTER();
3197
3198 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3199 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3200 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3201 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3202 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214 if (ffs->state != FFS_ACTIVE)
3215 return -ENODEV;
3216
3217 switch (creq->bRequestType & USB_RECIP_MASK) {
3218 case USB_RECIP_INTERFACE:
3219 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3220 if (unlikely(ret < 0))
3221 return ret;
3222 break;
3223
3224 case USB_RECIP_ENDPOINT:
3225 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3226 if (unlikely(ret < 0))
3227 return ret;
3228 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3229 ret = func->ffs->eps_addrmap[ret];
3230 break;
3231
3232 default:
3233 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3234 ret = le16_to_cpu(creq->wIndex);
3235 else
3236 return -EOPNOTSUPP;
3237 }
3238
3239 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3240 ffs->ev.setup = *creq;
3241 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3242 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3243 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3244
3245 return USB_GADGET_DELAYED_STATUS;
3246}
3247
3248static bool ffs_func_req_match(struct usb_function *f,
3249 const struct usb_ctrlrequest *creq,
3250 bool config0)
3251{
3252 struct ffs_function *func = ffs_func_from_usb(f);
3253
3254 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3255 return false;
3256
3257 switch (creq->bRequestType & USB_RECIP_MASK) {
3258 case USB_RECIP_INTERFACE:
3259 return (ffs_func_revmap_intf(func,
3260 le16_to_cpu(creq->wIndex)) >= 0);
3261 case USB_RECIP_ENDPOINT:
3262 return (ffs_func_revmap_ep(func,
3263 le16_to_cpu(creq->wIndex)) >= 0);
3264 default:
3265 return (bool) (func->ffs->user_flags &
3266 FUNCTIONFS_ALL_CTRL_RECIP);
3267 }
3268}
3269
3270static void ffs_func_suspend(struct usb_function *f)
3271{
3272 ENTER();
3273 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3274}
3275
3276static void ffs_func_resume(struct usb_function *f)
3277{
3278 ENTER();
3279 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3280}
3281
3282
3283
3284
3285static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3286{
3287 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3288 return num ? num : -EDOM;
3289}
3290
3291static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3292{
3293 short *nums = func->interfaces_nums;
3294 unsigned count = func->ffs->interfaces_count;
3295
3296 for (; count; --count, ++nums) {
3297 if (*nums >= 0 && *nums == intf)
3298 return nums - func->interfaces_nums;
3299 }
3300
3301 return -EDOM;
3302}
3303
3304
3305
3306
3307static LIST_HEAD(ffs_devices);
3308
3309static struct ffs_dev *_ffs_do_find_dev(const char *name)
3310{
3311 struct ffs_dev *dev;
3312
3313 if (!name)
3314 return NULL;
3315
3316 list_for_each_entry(dev, &ffs_devices, entry) {
3317 if (strcmp(dev->name, name) == 0)
3318 return dev;
3319 }
3320
3321 return NULL;
3322}
3323
3324
3325
3326
3327static struct ffs_dev *_ffs_get_single_dev(void)
3328{
3329 struct ffs_dev *dev;
3330
3331 if (list_is_singular(&ffs_devices)) {
3332 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3333 if (dev->single)
3334 return dev;
3335 }
3336
3337 return NULL;
3338}
3339
3340
3341
3342
3343static struct ffs_dev *_ffs_find_dev(const char *name)
3344{
3345 struct ffs_dev *dev;
3346
3347 dev = _ffs_get_single_dev();
3348 if (dev)
3349 return dev;
3350
3351 return _ffs_do_find_dev(name);
3352}
3353
3354
3355
3356static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3357{
3358 return container_of(to_config_group(item), struct f_fs_opts,
3359 func_inst.group);
3360}
3361
3362static void ffs_attr_release(struct config_item *item)
3363{
3364 struct f_fs_opts *opts = to_ffs_opts(item);
3365
3366 usb_put_function_instance(&opts->func_inst);
3367}
3368
3369static struct configfs_item_operations ffs_item_ops = {
3370 .release = ffs_attr_release,
3371};
3372
3373static const struct config_item_type ffs_func_type = {
3374 .ct_item_ops = &ffs_item_ops,
3375 .ct_owner = THIS_MODULE,
3376};
3377
3378
3379
3380
3381static void ffs_free_inst(struct usb_function_instance *f)
3382{
3383 struct f_fs_opts *opts;
3384
3385 opts = to_f_fs_opts(f);
3386 ffs_dev_lock();
3387 _ffs_free_dev(opts->dev);
3388 ffs_dev_unlock();
3389 kfree(opts);
3390}
3391
3392static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3393{
3394 if (strlen(name) >= FIELD_SIZEOF(struct ffs_dev, name))
3395 return -ENAMETOOLONG;
3396 return ffs_name_dev(to_f_fs_opts(fi)->dev, name);
3397}
3398
3399static struct usb_function_instance *ffs_alloc_inst(void)
3400{
3401 struct f_fs_opts *opts;
3402 struct ffs_dev *dev;
3403
3404 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3405 if (!opts)
3406 return ERR_PTR(-ENOMEM);
3407
3408 opts->func_inst.set_inst_name = ffs_set_inst_name;
3409 opts->func_inst.free_func_inst = ffs_free_inst;
3410 ffs_dev_lock();
3411 dev = _ffs_alloc_dev();
3412 ffs_dev_unlock();
3413 if (IS_ERR(dev)) {
3414 kfree(opts);
3415 return ERR_CAST(dev);
3416 }
3417 opts->dev = dev;
3418 dev->opts = opts;
3419
3420 config_group_init_type_name(&opts->func_inst.group, "",
3421 &ffs_func_type);
3422 return &opts->func_inst;
3423}
3424
3425static void ffs_free(struct usb_function *f)
3426{
3427 kfree(ffs_func_from_usb(f));
3428}
3429
3430static void ffs_func_unbind(struct usb_configuration *c,
3431 struct usb_function *f)
3432{
3433 struct ffs_function *func = ffs_func_from_usb(f);
3434 struct ffs_data *ffs = func->ffs;
3435 struct f_fs_opts *opts =
3436 container_of(f->fi, struct f_fs_opts, func_inst);
3437 struct ffs_ep *ep = func->eps;
3438 unsigned count = ffs->eps_count;
3439 unsigned long flags;
3440
3441 ENTER();
3442 if (ffs->func == func) {
3443 ffs_func_eps_disable(func);
3444 ffs->func = NULL;
3445 }
3446
3447 if (!--opts->refcnt)
3448 functionfs_unbind(ffs);
3449
3450
3451 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3452 while (count--) {
3453 if (ep->ep && ep->req)
3454 usb_ep_free_request(ep->ep, ep->req);
3455 ep->req = NULL;
3456 ++ep;
3457 }
3458 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3459 kfree(func->eps);
3460 func->eps = NULL;
3461
3462
3463
3464
3465 func->function.fs_descriptors = NULL;
3466 func->function.hs_descriptors = NULL;
3467 func->function.ss_descriptors = NULL;
3468 func->interfaces_nums = NULL;
3469
3470 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3471}
3472
3473static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3474{
3475 struct ffs_function *func;
3476
3477 ENTER();
3478
3479 func = kzalloc(sizeof(*func), GFP_KERNEL);
3480 if (unlikely(!func))
3481 return ERR_PTR(-ENOMEM);
3482
3483 func->function.name = "Function FS Gadget";
3484
3485 func->function.bind = ffs_func_bind;
3486 func->function.unbind = ffs_func_unbind;
3487 func->function.set_alt = ffs_func_set_alt;
3488 func->function.disable = ffs_func_disable;
3489 func->function.setup = ffs_func_setup;
3490 func->function.req_match = ffs_func_req_match;
3491 func->function.suspend = ffs_func_suspend;
3492 func->function.resume = ffs_func_resume;
3493 func->function.free_func = ffs_free;
3494
3495 return &func->function;
3496}
3497
3498
3499
3500
3501static struct ffs_dev *_ffs_alloc_dev(void)
3502{
3503 struct ffs_dev *dev;
3504 int ret;
3505
3506 if (_ffs_get_single_dev())
3507 return ERR_PTR(-EBUSY);
3508
3509 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3510 if (!dev)
3511 return ERR_PTR(-ENOMEM);
3512
3513 if (list_empty(&ffs_devices)) {
3514 ret = functionfs_init();
3515 if (ret) {
3516 kfree(dev);
3517 return ERR_PTR(ret);
3518 }
3519 }
3520
3521 list_add(&dev->entry, &ffs_devices);
3522
3523 return dev;
3524}
3525
3526int ffs_name_dev(struct ffs_dev *dev, const char *name)
3527{
3528 struct ffs_dev *existing;
3529 int ret = 0;
3530
3531 ffs_dev_lock();
3532
3533 existing = _ffs_do_find_dev(name);
3534 if (!existing)
3535 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3536 else if (existing != dev)
3537 ret = -EBUSY;
3538
3539 ffs_dev_unlock();
3540
3541 return ret;
3542}
3543EXPORT_SYMBOL_GPL(ffs_name_dev);
3544
3545int ffs_single_dev(struct ffs_dev *dev)
3546{
3547 int ret;
3548
3549 ret = 0;
3550 ffs_dev_lock();
3551
3552 if (!list_is_singular(&ffs_devices))
3553 ret = -EBUSY;
3554 else
3555 dev->single = true;
3556
3557 ffs_dev_unlock();
3558 return ret;
3559}
3560EXPORT_SYMBOL_GPL(ffs_single_dev);
3561
3562
3563
3564
3565static void _ffs_free_dev(struct ffs_dev *dev)
3566{
3567 list_del(&dev->entry);
3568
3569
3570 if (dev->ffs_data)
3571 dev->ffs_data->private_data = NULL;
3572
3573 kfree(dev);
3574 if (list_empty(&ffs_devices))
3575 functionfs_cleanup();
3576}
3577
3578static void *ffs_acquire_dev(const char *dev_name)
3579{
3580 struct ffs_dev *ffs_dev;
3581
3582 ENTER();
3583 ffs_dev_lock();
3584
3585 ffs_dev = _ffs_find_dev(dev_name);
3586 if (!ffs_dev)
3587 ffs_dev = ERR_PTR(-ENOENT);
3588 else if (ffs_dev->mounted)
3589 ffs_dev = ERR_PTR(-EBUSY);
3590 else if (ffs_dev->ffs_acquire_dev_callback &&
3591 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
3592 ffs_dev = ERR_PTR(-ENOENT);
3593 else
3594 ffs_dev->mounted = true;
3595
3596 ffs_dev_unlock();
3597 return ffs_dev;
3598}
3599
3600static void ffs_release_dev(struct ffs_data *ffs_data)
3601{
3602 struct ffs_dev *ffs_dev;
3603
3604 ENTER();
3605 ffs_dev_lock();
3606
3607 ffs_dev = ffs_data->private_data;
3608 if (ffs_dev) {
3609 ffs_dev->mounted = false;
3610
3611 if (ffs_dev->ffs_release_dev_callback)
3612 ffs_dev->ffs_release_dev_callback(ffs_dev);
3613 }
3614
3615 ffs_dev_unlock();
3616}
3617
3618static int ffs_ready(struct ffs_data *ffs)
3619{
3620 struct ffs_dev *ffs_obj;
3621 int ret = 0;
3622
3623 ENTER();
3624 ffs_dev_lock();
3625
3626 ffs_obj = ffs->private_data;
3627 if (!ffs_obj) {
3628 ret = -EINVAL;
3629 goto done;
3630 }
3631 if (WARN_ON(ffs_obj->desc_ready)) {
3632 ret = -EBUSY;
3633 goto done;
3634 }
3635
3636 ffs_obj->desc_ready = true;
3637 ffs_obj->ffs_data = ffs;
3638
3639 if (ffs_obj->ffs_ready_callback) {
3640 ret = ffs_obj->ffs_ready_callback(ffs);
3641 if (ret)
3642 goto done;
3643 }
3644
3645 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3646done:
3647 ffs_dev_unlock();
3648 return ret;
3649}
3650
3651static void ffs_closed(struct ffs_data *ffs)
3652{
3653 struct ffs_dev *ffs_obj;
3654 struct f_fs_opts *opts;
3655 struct config_item *ci;
3656
3657 ENTER();
3658 ffs_dev_lock();
3659
3660 ffs_obj = ffs->private_data;
3661 if (!ffs_obj)
3662 goto done;
3663
3664 ffs_obj->desc_ready = false;
3665 ffs_obj->ffs_data = NULL;
3666
3667 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3668 ffs_obj->ffs_closed_callback)
3669 ffs_obj->ffs_closed_callback(ffs);
3670
3671 if (ffs_obj->opts)
3672 opts = ffs_obj->opts;
3673 else
3674 goto done;
3675
3676 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3677 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
3678 goto done;
3679
3680 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3681 ffs_dev_unlock();
3682
3683 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3684 unregister_gadget_item(ci);
3685 return;
3686done:
3687 ffs_dev_unlock();
3688}
3689
3690
3691
3692static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3693{
3694 return nonblock
3695 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3696 : mutex_lock_interruptible(mutex);
3697}
3698
3699static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3700{
3701 char *data;
3702
3703 if (unlikely(!len))
3704 return NULL;
3705
3706 data = kmalloc(len, GFP_KERNEL);
3707 if (unlikely(!data))
3708 return ERR_PTR(-ENOMEM);
3709
3710 if (unlikely(copy_from_user(data, buf, len))) {
3711 kfree(data);
3712 return ERR_PTR(-EFAULT);
3713 }
3714
3715 pr_vdebug("Buffer from user space:\n");
3716 ffs_dump_mem("", data, len);
3717
3718 return data;
3719}
3720
3721DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3722MODULE_LICENSE("GPL");
3723MODULE_AUTHOR("Michal Nazarewicz");
3724
