1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include <linux/blkdev.h>
22#include <linux/pagemap.h>
23#include <linux/export.h>
24#include <linux/hid.h>
25#include <linux/module.h>
26#include <linux/uio.h>
27#include <asm/unaligned.h>
28
29#include <linux/usb/composite.h>
30#include <linux/usb/functionfs.h>
31
32#include <linux/aio.h>
33#include <linux/mmu_context.h>
34#include <linux/poll.h>
35#include <linux/eventfd.h>
36
37#include "u_fs.h"
38#include "u_f.h"
39#include "u_os_desc.h"
40#include "configfs.h"
41
42#define FUNCTIONFS_MAGIC 0xa647361
43
44
45static void ffs_data_get(struct ffs_data *ffs);
46static void ffs_data_put(struct ffs_data *ffs);
47
48static struct ffs_data *__must_check ffs_data_new(void) __attribute__((malloc));
49
50
51static void ffs_data_opened(struct ffs_data *ffs);
52static void ffs_data_closed(struct ffs_data *ffs);
53
54
55static int __must_check
56__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
57static int __must_check
58__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
59
60
61
62
63struct ffs_ep;
64
65struct ffs_function {
66 struct usb_configuration *conf;
67 struct usb_gadget *gadget;
68 struct ffs_data *ffs;
69
70 struct ffs_ep *eps;
71 u8 eps_revmap[16];
72 short *interfaces_nums;
73
74 struct usb_function function;
75};
76
77
78static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
79{
80 return container_of(f, struct ffs_function, function);
81}
82
83
84static inline enum ffs_setup_state
85ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
86{
87 return (enum ffs_setup_state)
88 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
89}
90
91
92static void ffs_func_eps_disable(struct ffs_function *func);
93static int __must_check ffs_func_eps_enable(struct ffs_function *func);
94
95static int ffs_func_bind(struct usb_configuration *,
96 struct usb_function *);
97static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
98static void ffs_func_disable(struct usb_function *);
99static int ffs_func_setup(struct usb_function *,
100 const struct usb_ctrlrequest *);
101static void ffs_func_suspend(struct usb_function *);
102static void ffs_func_resume(struct usb_function *);
103
104
105static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
106static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
107
108
109
110
111struct ffs_ep {
112 struct usb_ep *ep;
113 struct usb_request *req;
114
115
116 struct usb_endpoint_descriptor *descs[3];
117
118 u8 num;
119
120 int status;
121};
122
123struct ffs_epfile {
124
125 struct mutex mutex;
126 wait_queue_head_t wait;
127
128 struct ffs_data *ffs;
129 struct ffs_ep *ep;
130
131 struct dentry *dentry;
132
133 char name[5];
134
135 unsigned char in;
136 unsigned char isoc;
137
138 unsigned char _pad;
139};
140
141
142
143struct ffs_io_data {
144 bool aio;
145 bool read;
146
147 struct kiocb *kiocb;
148 struct iov_iter data;
149 const void *to_free;
150 char *buf;
151
152 struct mm_struct *mm;
153 struct work_struct work;
154
155 struct usb_ep *ep;
156 struct usb_request *req;
157
158 struct ffs_data *ffs;
159};
160
161struct ffs_desc_helper {
162 struct ffs_data *ffs;
163 unsigned interfaces_count;
164 unsigned eps_count;
165};
166
167static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
168static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
169
170static struct dentry *
171ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
172 const struct file_operations *fops);
173
174
175
176DEFINE_MUTEX(ffs_lock);
177EXPORT_SYMBOL_GPL(ffs_lock);
178
179static struct ffs_dev *_ffs_find_dev(const char *name);
180static struct ffs_dev *_ffs_alloc_dev(void);
181static int _ffs_name_dev(struct ffs_dev *dev, const char *name);
182static void _ffs_free_dev(struct ffs_dev *dev);
183static void *ffs_acquire_dev(const char *dev_name);
184static void ffs_release_dev(struct ffs_data *ffs_data);
185static int ffs_ready(struct ffs_data *ffs);
186static void ffs_closed(struct ffs_data *ffs);
187
188
189
190static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
191 __attribute__((warn_unused_result, nonnull));
192static char *ffs_prepare_buffer(const char __user *buf, size_t len)
193 __attribute__((warn_unused_result, nonnull));
194
195
196
197
198static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
199{
200 struct ffs_data *ffs = req->context;
201
202 complete_all(&ffs->ep0req_completion);
203}
204
205static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
206{
207 struct usb_request *req = ffs->ep0req;
208 int ret;
209
210 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
211
212 spin_unlock_irq(&ffs->ev.waitq.lock);
213
214 req->buf = data;
215 req->length = len;
216
217
218
219
220
221
222 if (req->buf == NULL)
223 req->buf = (void *)0xDEADBABE;
224
225 reinit_completion(&ffs->ep0req_completion);
226
227 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
228 if (unlikely(ret < 0))
229 return ret;
230
231 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
232 if (unlikely(ret)) {
233 usb_ep_dequeue(ffs->gadget->ep0, req);
234 return -EINTR;
235 }
236
237 ffs->setup_state = FFS_NO_SETUP;
238 return req->status ? req->status : req->actual;
239}
240
241static int __ffs_ep0_stall(struct ffs_data *ffs)
242{
243 if (ffs->ev.can_stall) {
244 pr_vdebug("ep0 stall\n");
245 usb_ep_set_halt(ffs->gadget->ep0);
246 ffs->setup_state = FFS_NO_SETUP;
247 return -EL2HLT;
248 } else {
249 pr_debug("bogus ep0 stall!\n");
250 return -ESRCH;
251 }
252}
253
254static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
255 size_t len, loff_t *ptr)
256{
257 struct ffs_data *ffs = file->private_data;
258 ssize_t ret;
259 char *data;
260
261 ENTER();
262
263
264 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
265 return -EIDRM;
266
267
268 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
269 if (unlikely(ret < 0))
270 return ret;
271
272
273 switch (ffs->state) {
274 case FFS_READ_DESCRIPTORS:
275 case FFS_READ_STRINGS:
276
277 if (unlikely(len < 16)) {
278 ret = -EINVAL;
279 break;
280 }
281
282 data = ffs_prepare_buffer(buf, len);
283 if (IS_ERR(data)) {
284 ret = PTR_ERR(data);
285 break;
286 }
287
288
289 if (ffs->state == FFS_READ_DESCRIPTORS) {
290 pr_info("read descriptors\n");
291 ret = __ffs_data_got_descs(ffs, data, len);
292 if (unlikely(ret < 0))
293 break;
294
295 ffs->state = FFS_READ_STRINGS;
296 ret = len;
297 } else {
298 pr_info("read strings\n");
299 ret = __ffs_data_got_strings(ffs, data, len);
300 if (unlikely(ret < 0))
301 break;
302
303 ret = ffs_epfiles_create(ffs);
304 if (unlikely(ret)) {
305 ffs->state = FFS_CLOSING;
306 break;
307 }
308
309 ffs->state = FFS_ACTIVE;
310 mutex_unlock(&ffs->mutex);
311
312 ret = ffs_ready(ffs);
313 if (unlikely(ret < 0)) {
314 ffs->state = FFS_CLOSING;
315 return ret;
316 }
317
318 return len;
319 }
320 break;
321
322 case FFS_ACTIVE:
323 data = NULL;
324
325
326
327
328 spin_lock_irq(&ffs->ev.waitq.lock);
329 switch (ffs_setup_state_clear_cancelled(ffs)) {
330 case FFS_SETUP_CANCELLED:
331 ret = -EIDRM;
332 goto done_spin;
333
334 case FFS_NO_SETUP:
335 ret = -ESRCH;
336 goto done_spin;
337
338 case FFS_SETUP_PENDING:
339 break;
340 }
341
342
343 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
344 spin_unlock_irq(&ffs->ev.waitq.lock);
345 ret = __ffs_ep0_stall(ffs);
346 break;
347 }
348
349
350 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
351
352 spin_unlock_irq(&ffs->ev.waitq.lock);
353
354 data = ffs_prepare_buffer(buf, len);
355 if (IS_ERR(data)) {
356 ret = PTR_ERR(data);
357 break;
358 }
359
360 spin_lock_irq(&ffs->ev.waitq.lock);
361
362
363
364
365
366
367
368
369
370
371
372
373
374 if (ffs_setup_state_clear_cancelled(ffs) ==
375 FFS_SETUP_CANCELLED) {
376 ret = -EIDRM;
377done_spin:
378 spin_unlock_irq(&ffs->ev.waitq.lock);
379 } else {
380
381 ret = __ffs_ep0_queue_wait(ffs, data, len);
382 }
383 kfree(data);
384 break;
385
386 default:
387 ret = -EBADFD;
388 break;
389 }
390
391 mutex_unlock(&ffs->mutex);
392 return ret;
393}
394
395
396static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
397 size_t n)
398{
399
400
401
402
403
404 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
405 const size_t size = n * sizeof *events;
406 unsigned i = 0;
407
408 memset(events, 0, size);
409
410 do {
411 events[i].type = ffs->ev.types[i];
412 if (events[i].type == FUNCTIONFS_SETUP) {
413 events[i].u.setup = ffs->ev.setup;
414 ffs->setup_state = FFS_SETUP_PENDING;
415 }
416 } while (++i < n);
417
418 ffs->ev.count -= n;
419 if (ffs->ev.count)
420 memmove(ffs->ev.types, ffs->ev.types + n,
421 ffs->ev.count * sizeof *ffs->ev.types);
422
423 spin_unlock_irq(&ffs->ev.waitq.lock);
424 mutex_unlock(&ffs->mutex);
425
426 return unlikely(__copy_to_user(buf, events, size)) ? -EFAULT : size;
427}
428
429static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
430 size_t len, loff_t *ptr)
431{
432 struct ffs_data *ffs = file->private_data;
433 char *data = NULL;
434 size_t n;
435 int ret;
436
437 ENTER();
438
439
440 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
441 return -EIDRM;
442
443
444 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
445 if (unlikely(ret < 0))
446 return ret;
447
448
449 if (ffs->state != FFS_ACTIVE) {
450 ret = -EBADFD;
451 goto done_mutex;
452 }
453
454
455
456
457
458 spin_lock_irq(&ffs->ev.waitq.lock);
459
460 switch (ffs_setup_state_clear_cancelled(ffs)) {
461 case FFS_SETUP_CANCELLED:
462 ret = -EIDRM;
463 break;
464
465 case FFS_NO_SETUP:
466 n = len / sizeof(struct usb_functionfs_event);
467 if (unlikely(!n)) {
468 ret = -EINVAL;
469 break;
470 }
471
472 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
473 ret = -EAGAIN;
474 break;
475 }
476
477 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
478 ffs->ev.count)) {
479 ret = -EINTR;
480 break;
481 }
482
483 return __ffs_ep0_read_events(ffs, buf,
484 min(n, (size_t)ffs->ev.count));
485
486 case FFS_SETUP_PENDING:
487 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
488 spin_unlock_irq(&ffs->ev.waitq.lock);
489 ret = __ffs_ep0_stall(ffs);
490 goto done_mutex;
491 }
492
493 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
494
495 spin_unlock_irq(&ffs->ev.waitq.lock);
496
497 if (likely(len)) {
498 data = kmalloc(len, GFP_KERNEL);
499 if (unlikely(!data)) {
500 ret = -ENOMEM;
501 goto done_mutex;
502 }
503 }
504
505 spin_lock_irq(&ffs->ev.waitq.lock);
506
507
508 if (ffs_setup_state_clear_cancelled(ffs) ==
509 FFS_SETUP_CANCELLED) {
510 ret = -EIDRM;
511 break;
512 }
513
514
515 ret = __ffs_ep0_queue_wait(ffs, data, len);
516 if (likely(ret > 0) && unlikely(__copy_to_user(buf, data, len)))
517 ret = -EFAULT;
518 goto done_mutex;
519
520 default:
521 ret = -EBADFD;
522 break;
523 }
524
525 spin_unlock_irq(&ffs->ev.waitq.lock);
526done_mutex:
527 mutex_unlock(&ffs->mutex);
528 kfree(data);
529 return ret;
530}
531
532static int ffs_ep0_open(struct inode *inode, struct file *file)
533{
534 struct ffs_data *ffs = inode->i_private;
535
536 ENTER();
537
538 if (unlikely(ffs->state == FFS_CLOSING))
539 return -EBUSY;
540
541 file->private_data = ffs;
542 ffs_data_opened(ffs);
543
544 return 0;
545}
546
547static int ffs_ep0_release(struct inode *inode, struct file *file)
548{
549 struct ffs_data *ffs = file->private_data;
550
551 ENTER();
552
553 ffs_data_closed(ffs);
554
555 return 0;
556}
557
558static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
559{
560 struct ffs_data *ffs = file->private_data;
561 struct usb_gadget *gadget = ffs->gadget;
562 long ret;
563
564 ENTER();
565
566 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
567 struct ffs_function *func = ffs->func;
568 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
569 } else if (gadget && gadget->ops->ioctl) {
570 ret = gadget->ops->ioctl(gadget, code, value);
571 } else {
572 ret = -ENOTTY;
573 }
574
575 return ret;
576}
577
578static unsigned int ffs_ep0_poll(struct file *file, poll_table *wait)
579{
580 struct ffs_data *ffs = file->private_data;
581 unsigned int mask = POLLWRNORM;
582 int ret;
583
584 poll_wait(file, &ffs->ev.waitq, wait);
585
586 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
587 if (unlikely(ret < 0))
588 return mask;
589
590 switch (ffs->state) {
591 case FFS_READ_DESCRIPTORS:
592 case FFS_READ_STRINGS:
593 mask |= POLLOUT;
594 break;
595
596 case FFS_ACTIVE:
597 switch (ffs->setup_state) {
598 case FFS_NO_SETUP:
599 if (ffs->ev.count)
600 mask |= POLLIN;
601 break;
602
603 case FFS_SETUP_PENDING:
604 case FFS_SETUP_CANCELLED:
605 mask |= (POLLIN | POLLOUT);
606 break;
607 }
608 case FFS_CLOSING:
609 break;
610 case FFS_DEACTIVATED:
611 break;
612 }
613
614 mutex_unlock(&ffs->mutex);
615
616 return mask;
617}
618
619static const struct file_operations ffs_ep0_operations = {
620 .llseek = no_llseek,
621
622 .open = ffs_ep0_open,
623 .write = ffs_ep0_write,
624 .read = ffs_ep0_read,
625 .release = ffs_ep0_release,
626 .unlocked_ioctl = ffs_ep0_ioctl,
627 .poll = ffs_ep0_poll,
628};
629
630
631
632
633static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
634{
635 ENTER();
636 if (likely(req->context)) {
637 struct ffs_ep *ep = _ep->driver_data;
638 ep->status = req->status ? req->status : req->actual;
639 complete(req->context);
640 }
641}
642
643static void ffs_user_copy_worker(struct work_struct *work)
644{
645 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
646 work);
647 int ret = io_data->req->status ? io_data->req->status :
648 io_data->req->actual;
649
650 if (io_data->read && ret > 0) {
651 use_mm(io_data->mm);
652 ret = copy_to_iter(io_data->buf, ret, &io_data->data);
653 if (iov_iter_count(&io_data->data))
654 ret = -EFAULT;
655 unuse_mm(io_data->mm);
656 }
657
658 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
659
660 if (io_data->ffs->ffs_eventfd &&
661 !(io_data->kiocb->ki_flags & IOCB_EVENTFD))
662 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
663
664 usb_ep_free_request(io_data->ep, io_data->req);
665
666 io_data->kiocb->private = NULL;
667 if (io_data->read)
668 kfree(io_data->to_free);
669 kfree(io_data->buf);
670 kfree(io_data);
671}
672
673static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
674 struct usb_request *req)
675{
676 struct ffs_io_data *io_data = req->context;
677
678 ENTER();
679
680 INIT_WORK(&io_data->work, ffs_user_copy_worker);
681 schedule_work(&io_data->work);
682}
683
684static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
685{
686 struct ffs_epfile *epfile = file->private_data;
687 struct ffs_ep *ep;
688 char *data = NULL;
689 ssize_t ret, data_len = -EINVAL;
690 int halt;
691
692
693 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) {
694 ret = -ENODEV;
695 goto error;
696 }
697
698
699 ep = epfile->ep;
700 if (!ep) {
701 if (file->f_flags & O_NONBLOCK) {
702 ret = -EAGAIN;
703 goto error;
704 }
705
706 ret = wait_event_interruptible(epfile->wait, (ep = epfile->ep));
707 if (ret) {
708 ret = -EINTR;
709 goto error;
710 }
711 }
712
713
714 halt = (!io_data->read == !epfile->in);
715 if (halt && epfile->isoc) {
716 ret = -EINVAL;
717 goto error;
718 }
719
720
721 if (!halt) {
722
723
724
725
726 struct usb_gadget *gadget = epfile->ffs->gadget;
727 size_t copied;
728
729 spin_lock_irq(&epfile->ffs->eps_lock);
730
731 if (epfile->ep != ep) {
732 spin_unlock_irq(&epfile->ffs->eps_lock);
733 return -ESHUTDOWN;
734 }
735 data_len = iov_iter_count(&io_data->data);
736
737
738
739
740 if (io_data->read)
741 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
742 spin_unlock_irq(&epfile->ffs->eps_lock);
743
744 data = kmalloc(data_len, GFP_KERNEL);
745 if (unlikely(!data))
746 return -ENOMEM;
747 if (!io_data->read) {
748 copied = copy_from_iter(data, data_len, &io_data->data);
749 if (copied != data_len) {
750 ret = -EFAULT;
751 goto error;
752 }
753 }
754 }
755
756
757 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
758 if (unlikely(ret))
759 goto error;
760
761 spin_lock_irq(&epfile->ffs->eps_lock);
762
763 if (epfile->ep != ep) {
764
765 ret = -ESHUTDOWN;
766 spin_unlock_irq(&epfile->ffs->eps_lock);
767 } else if (halt) {
768
769 if (likely(epfile->ep == ep) && !WARN_ON(!ep->ep))
770 usb_ep_set_halt(ep->ep);
771 spin_unlock_irq(&epfile->ffs->eps_lock);
772 ret = -EBADMSG;
773 } else {
774
775 struct usb_request *req;
776
777
778
779
780
781
782
783
784
785
786
787
788 if (unlikely(data_len == -EINVAL)) {
789 WARN(1, "%s: data_len == -EINVAL\n", __func__);
790 ret = -EINVAL;
791 goto error_lock;
792 }
793
794 if (io_data->aio) {
795 req = usb_ep_alloc_request(ep->ep, GFP_KERNEL);
796 if (unlikely(!req))
797 goto error_lock;
798
799 req->buf = data;
800 req->length = data_len;
801
802 io_data->buf = data;
803 io_data->ep = ep->ep;
804 io_data->req = req;
805 io_data->ffs = epfile->ffs;
806
807 req->context = io_data;
808 req->complete = ffs_epfile_async_io_complete;
809
810 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
811 if (unlikely(ret)) {
812 usb_ep_free_request(ep->ep, req);
813 goto error_lock;
814 }
815 ret = -EIOCBQUEUED;
816
817 spin_unlock_irq(&epfile->ffs->eps_lock);
818 } else {
819 DECLARE_COMPLETION_ONSTACK(done);
820
821 req = ep->req;
822 req->buf = data;
823 req->length = data_len;
824
825 req->context = &done;
826 req->complete = ffs_epfile_io_complete;
827
828 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
829
830 spin_unlock_irq(&epfile->ffs->eps_lock);
831
832 if (unlikely(ret < 0)) {
833
834 } else if (unlikely(
835 wait_for_completion_interruptible(&done))) {
836 ret = -EINTR;
837 usb_ep_dequeue(ep->ep, req);
838 } else {
839
840
841
842
843
844
845
846 ret = ep->status;
847 if (io_data->read && ret > 0) {
848 ret = copy_to_iter(data, ret, &io_data->data);
849 if (!ret)
850 ret = -EFAULT;
851 }
852 }
853 kfree(data);
854 }
855 }
856
857 mutex_unlock(&epfile->mutex);
858 return ret;
859
860error_lock:
861 spin_unlock_irq(&epfile->ffs->eps_lock);
862 mutex_unlock(&epfile->mutex);
863error:
864 kfree(data);
865 return ret;
866}
867
868static int
869ffs_epfile_open(struct inode *inode, struct file *file)
870{
871 struct ffs_epfile *epfile = inode->i_private;
872
873 ENTER();
874
875 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
876 return -ENODEV;
877
878 file->private_data = epfile;
879 ffs_data_opened(epfile->ffs);
880
881 return 0;
882}
883
884static int ffs_aio_cancel(struct kiocb *kiocb)
885{
886 struct ffs_io_data *io_data = kiocb->private;
887 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
888 int value;
889
890 ENTER();
891
892 spin_lock_irq(&epfile->ffs->eps_lock);
893
894 if (likely(io_data && io_data->ep && io_data->req))
895 value = usb_ep_dequeue(io_data->ep, io_data->req);
896 else
897 value = -EINVAL;
898
899 spin_unlock_irq(&epfile->ffs->eps_lock);
900
901 return value;
902}
903
904static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
905{
906 struct ffs_io_data io_data, *p = &io_data;
907 ssize_t res;
908
909 ENTER();
910
911 if (!is_sync_kiocb(kiocb)) {
912 p = kmalloc(sizeof(io_data), GFP_KERNEL);
913 if (unlikely(!p))
914 return -ENOMEM;
915 p->aio = true;
916 } else {
917 p->aio = false;
918 }
919
920 p->read = false;
921 p->kiocb = kiocb;
922 p->data = *from;
923 p->mm = current->mm;
924
925 kiocb->private = p;
926
927 if (p->aio)
928 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
929
930 res = ffs_epfile_io(kiocb->ki_filp, p);
931 if (res == -EIOCBQUEUED)
932 return res;
933 if (p->aio)
934 kfree(p);
935 else
936 *from = p->data;
937 return res;
938}
939
940static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
941{
942 struct ffs_io_data io_data, *p = &io_data;
943 ssize_t res;
944
945 ENTER();
946
947 if (!is_sync_kiocb(kiocb)) {
948 p = kmalloc(sizeof(io_data), GFP_KERNEL);
949 if (unlikely(!p))
950 return -ENOMEM;
951 p->aio = true;
952 } else {
953 p->aio = false;
954 }
955
956 p->read = true;
957 p->kiocb = kiocb;
958 if (p->aio) {
959 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
960 if (!p->to_free) {
961 kfree(p);
962 return -ENOMEM;
963 }
964 } else {
965 p->data = *to;
966 p->to_free = NULL;
967 }
968 p->mm = current->mm;
969
970 kiocb->private = p;
971
972 if (p->aio)
973 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
974
975 res = ffs_epfile_io(kiocb->ki_filp, p);
976 if (res == -EIOCBQUEUED)
977 return res;
978
979 if (p->aio) {
980 kfree(p->to_free);
981 kfree(p);
982 } else {
983 *to = p->data;
984 }
985 return res;
986}
987
988static int
989ffs_epfile_release(struct inode *inode, struct file *file)
990{
991 struct ffs_epfile *epfile = inode->i_private;
992
993 ENTER();
994
995 ffs_data_closed(epfile->ffs);
996
997 return 0;
998}
999
1000static long ffs_epfile_ioctl(struct file *file, unsigned code,
1001 unsigned long value)
1002{
1003 struct ffs_epfile *epfile = file->private_data;
1004 int ret;
1005
1006 ENTER();
1007
1008 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1009 return -ENODEV;
1010
1011 spin_lock_irq(&epfile->ffs->eps_lock);
1012 if (likely(epfile->ep)) {
1013 switch (code) {
1014 case FUNCTIONFS_FIFO_STATUS:
1015 ret = usb_ep_fifo_status(epfile->ep->ep);
1016 break;
1017 case FUNCTIONFS_FIFO_FLUSH:
1018 usb_ep_fifo_flush(epfile->ep->ep);
1019 ret = 0;
1020 break;
1021 case FUNCTIONFS_CLEAR_HALT:
1022 ret = usb_ep_clear_halt(epfile->ep->ep);
1023 break;
1024 case FUNCTIONFS_ENDPOINT_REVMAP:
1025 ret = epfile->ep->num;
1026 break;
1027 case FUNCTIONFS_ENDPOINT_DESC:
1028 {
1029 int desc_idx;
1030 struct usb_endpoint_descriptor *desc;
1031
1032 switch (epfile->ffs->gadget->speed) {
1033 case USB_SPEED_SUPER:
1034 desc_idx = 2;
1035 break;
1036 case USB_SPEED_HIGH:
1037 desc_idx = 1;
1038 break;
1039 default:
1040 desc_idx = 0;
1041 }
1042 desc = epfile->ep->descs[desc_idx];
1043
1044 spin_unlock_irq(&epfile->ffs->eps_lock);
1045 ret = copy_to_user((void *)value, desc, sizeof(*desc));
1046 if (ret)
1047 ret = -EFAULT;
1048 return ret;
1049 }
1050 default:
1051 ret = -ENOTTY;
1052 }
1053 } else {
1054 ret = -ENODEV;
1055 }
1056 spin_unlock_irq(&epfile->ffs->eps_lock);
1057
1058 return ret;
1059}
1060
1061static const struct file_operations ffs_epfile_operations = {
1062 .llseek = no_llseek,
1063
1064 .open = ffs_epfile_open,
1065 .write_iter = ffs_epfile_write_iter,
1066 .read_iter = ffs_epfile_read_iter,
1067 .release = ffs_epfile_release,
1068 .unlocked_ioctl = ffs_epfile_ioctl,
1069};
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079static struct inode *__must_check
1080ffs_sb_make_inode(struct super_block *sb, void *data,
1081 const struct file_operations *fops,
1082 const struct inode_operations *iops,
1083 struct ffs_file_perms *perms)
1084{
1085 struct inode *inode;
1086
1087 ENTER();
1088
1089 inode = new_inode(sb);
1090
1091 if (likely(inode)) {
1092 struct timespec current_time = CURRENT_TIME;
1093
1094 inode->i_ino = get_next_ino();
1095 inode->i_mode = perms->mode;
1096 inode->i_uid = perms->uid;
1097 inode->i_gid = perms->gid;
1098 inode->i_atime = current_time;
1099 inode->i_mtime = current_time;
1100 inode->i_ctime = current_time;
1101 inode->i_private = data;
1102 if (fops)
1103 inode->i_fop = fops;
1104 if (iops)
1105 inode->i_op = iops;
1106 }
1107
1108 return inode;
1109}
1110
1111
1112static struct dentry *ffs_sb_create_file(struct super_block *sb,
1113 const char *name, void *data,
1114 const struct file_operations *fops)
1115{
1116 struct ffs_data *ffs = sb->s_fs_info;
1117 struct dentry *dentry;
1118 struct inode *inode;
1119
1120 ENTER();
1121
1122 dentry = d_alloc_name(sb->s_root, name);
1123 if (unlikely(!dentry))
1124 return NULL;
1125
1126 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1127 if (unlikely(!inode)) {
1128 dput(dentry);
1129 return NULL;
1130 }
1131
1132 d_add(dentry, inode);
1133 return dentry;
1134}
1135
1136
1137static const struct super_operations ffs_sb_operations = {
1138 .statfs = simple_statfs,
1139 .drop_inode = generic_delete_inode,
1140};
1141
1142struct ffs_sb_fill_data {
1143 struct ffs_file_perms perms;
1144 umode_t root_mode;
1145 const char *dev_name;
1146 bool no_disconnect;
1147 struct ffs_data *ffs_data;
1148};
1149
1150static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
1151{
1152 struct ffs_sb_fill_data *data = _data;
1153 struct inode *inode;
1154 struct ffs_data *ffs = data->ffs_data;
1155
1156 ENTER();
1157
1158 ffs->sb = sb;
1159 data->ffs_data = NULL;
1160 sb->s_fs_info = ffs;
1161 sb->s_blocksize = PAGE_CACHE_SIZE;
1162 sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
1163 sb->s_magic = FUNCTIONFS_MAGIC;
1164 sb->s_op = &ffs_sb_operations;
1165 sb->s_time_gran = 1;
1166
1167
1168 data->perms.mode = data->root_mode;
1169 inode = ffs_sb_make_inode(sb, NULL,
1170 &simple_dir_operations,
1171 &simple_dir_inode_operations,
1172 &data->perms);
1173 sb->s_root = d_make_root(inode);
1174 if (unlikely(!sb->s_root))
1175 return -ENOMEM;
1176
1177
1178 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1179 &ffs_ep0_operations)))
1180 return -ENOMEM;
1181
1182 return 0;
1183}
1184
1185static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
1186{
1187 ENTER();
1188
1189 if (!opts || !*opts)
1190 return 0;
1191
1192 for (;;) {
1193 unsigned long value;
1194 char *eq, *comma;
1195
1196
1197 comma = strchr(opts, ',');
1198 if (comma)
1199 *comma = 0;
1200
1201
1202 eq = strchr(opts, '=');
1203 if (unlikely(!eq)) {
1204 pr_err("'=' missing in %s\n", opts);
1205 return -EINVAL;
1206 }
1207 *eq = 0;
1208
1209
1210 if (kstrtoul(eq + 1, 0, &value)) {
1211 pr_err("%s: invalid value: %s\n", opts, eq + 1);
1212 return -EINVAL;
1213 }
1214
1215
1216 switch (eq - opts) {
1217 case 13:
1218 if (!memcmp(opts, "no_disconnect", 13))
1219 data->no_disconnect = !!value;
1220 else
1221 goto invalid;
1222 break;
1223 case 5:
1224 if (!memcmp(opts, "rmode", 5))
1225 data->root_mode = (value & 0555) | S_IFDIR;
1226 else if (!memcmp(opts, "fmode", 5))
1227 data->perms.mode = (value & 0666) | S_IFREG;
1228 else
1229 goto invalid;
1230 break;
1231
1232 case 4:
1233 if (!memcmp(opts, "mode", 4)) {
1234 data->root_mode = (value & 0555) | S_IFDIR;
1235 data->perms.mode = (value & 0666) | S_IFREG;
1236 } else {
1237 goto invalid;
1238 }
1239 break;
1240
1241 case 3:
1242 if (!memcmp(opts, "uid", 3)) {
1243 data->perms.uid = make_kuid(current_user_ns(), value);
1244 if (!uid_valid(data->perms.uid)) {
1245 pr_err("%s: unmapped value: %lu\n", opts, value);
1246 return -EINVAL;
1247 }
1248 } else if (!memcmp(opts, "gid", 3)) {
1249 data->perms.gid = make_kgid(current_user_ns(), value);
1250 if (!gid_valid(data->perms.gid)) {
1251 pr_err("%s: unmapped value: %lu\n", opts, value);
1252 return -EINVAL;
1253 }
1254 } else {
1255 goto invalid;
1256 }
1257 break;
1258
1259 default:
1260invalid:
1261 pr_err("%s: invalid option\n", opts);
1262 return -EINVAL;
1263 }
1264
1265
1266 if (!comma)
1267 break;
1268 opts = comma + 1;
1269 }
1270
1271 return 0;
1272}
1273
1274
1275
1276static struct dentry *
1277ffs_fs_mount(struct file_system_type *t, int flags,
1278 const char *dev_name, void *opts)
1279{
1280 struct ffs_sb_fill_data data = {
1281 .perms = {
1282 .mode = S_IFREG | 0600,
1283 .uid = GLOBAL_ROOT_UID,
1284 .gid = GLOBAL_ROOT_GID,
1285 },
1286 .root_mode = S_IFDIR | 0500,
1287 .no_disconnect = false,
1288 };
1289 struct dentry *rv;
1290 int ret;
1291 void *ffs_dev;
1292 struct ffs_data *ffs;
1293
1294 ENTER();
1295
1296 ret = ffs_fs_parse_opts(&data, opts);
1297 if (unlikely(ret < 0))
1298 return ERR_PTR(ret);
1299
1300 ffs = ffs_data_new();
1301 if (unlikely(!ffs))
1302 return ERR_PTR(-ENOMEM);
1303 ffs->file_perms = data.perms;
1304 ffs->no_disconnect = data.no_disconnect;
1305
1306 ffs->dev_name = kstrdup(dev_name, GFP_KERNEL);
1307 if (unlikely(!ffs->dev_name)) {
1308 ffs_data_put(ffs);
1309 return ERR_PTR(-ENOMEM);
1310 }
1311
1312 ffs_dev = ffs_acquire_dev(dev_name);
1313 if (IS_ERR(ffs_dev)) {
1314 ffs_data_put(ffs);
1315 return ERR_CAST(ffs_dev);
1316 }
1317 ffs->private_data = ffs_dev;
1318 data.ffs_data = ffs;
1319
1320 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1321 if (IS_ERR(rv) && data.ffs_data) {
1322 ffs_release_dev(data.ffs_data);
1323 ffs_data_put(data.ffs_data);
1324 }
1325 return rv;
1326}
1327
1328static void
1329ffs_fs_kill_sb(struct super_block *sb)
1330{
1331 ENTER();
1332
1333 kill_litter_super(sb);
1334 if (sb->s_fs_info) {
1335 ffs_release_dev(sb->s_fs_info);
1336 ffs_data_closed(sb->s_fs_info);
1337 ffs_data_put(sb->s_fs_info);
1338 }
1339}
1340
1341static struct file_system_type ffs_fs_type = {
1342 .owner = THIS_MODULE,
1343 .name = "functionfs",
1344 .mount = ffs_fs_mount,
1345 .kill_sb = ffs_fs_kill_sb,
1346};
1347MODULE_ALIAS_FS("functionfs");
1348
1349
1350
1351
1352static int functionfs_init(void)
1353{
1354 int ret;
1355
1356 ENTER();
1357
1358 ret = register_filesystem(&ffs_fs_type);
1359 if (likely(!ret))
1360 pr_info("file system registered\n");
1361 else
1362 pr_err("failed registering file system (%d)\n", ret);
1363
1364 return ret;
1365}
1366
1367static void functionfs_cleanup(void)
1368{
1369 ENTER();
1370
1371 pr_info("unloading\n");
1372 unregister_filesystem(&ffs_fs_type);
1373}
1374
1375
1376
1377
1378static void ffs_data_clear(struct ffs_data *ffs);
1379static void ffs_data_reset(struct ffs_data *ffs);
1380
1381static void ffs_data_get(struct ffs_data *ffs)
1382{
1383 ENTER();
1384
1385 atomic_inc(&ffs->ref);
1386}
1387
1388static void ffs_data_opened(struct ffs_data *ffs)
1389{
1390 ENTER();
1391
1392 atomic_inc(&ffs->ref);
1393 if (atomic_add_return(1, &ffs->opened) == 1 &&
1394 ffs->state == FFS_DEACTIVATED) {
1395 ffs->state = FFS_CLOSING;
1396 ffs_data_reset(ffs);
1397 }
1398}
1399
1400static void ffs_data_put(struct ffs_data *ffs)
1401{
1402 ENTER();
1403
1404 if (unlikely(atomic_dec_and_test(&ffs->ref))) {
1405 pr_info("%s(): freeing\n", __func__);
1406 ffs_data_clear(ffs);
1407 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1408 waitqueue_active(&ffs->ep0req_completion.wait));
1409 kfree(ffs->dev_name);
1410 kfree(ffs);
1411 }
1412}
1413
1414static void ffs_data_closed(struct ffs_data *ffs)
1415{
1416 ENTER();
1417
1418 if (atomic_dec_and_test(&ffs->opened)) {
1419 if (ffs->no_disconnect) {
1420 ffs->state = FFS_DEACTIVATED;
1421 if (ffs->epfiles) {
1422 ffs_epfiles_destroy(ffs->epfiles,
1423 ffs->eps_count);
1424 ffs->epfiles = NULL;
1425 }
1426 if (ffs->setup_state == FFS_SETUP_PENDING)
1427 __ffs_ep0_stall(ffs);
1428 } else {
1429 ffs->state = FFS_CLOSING;
1430 ffs_data_reset(ffs);
1431 }
1432 }
1433 if (atomic_read(&ffs->opened) < 0) {
1434 ffs->state = FFS_CLOSING;
1435 ffs_data_reset(ffs);
1436 }
1437
1438 ffs_data_put(ffs);
1439}
1440
1441static struct ffs_data *ffs_data_new(void)
1442{
1443 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1444 if (unlikely(!ffs))
1445 return NULL;
1446
1447 ENTER();
1448
1449 atomic_set(&ffs->ref, 1);
1450 atomic_set(&ffs->opened, 0);
1451 ffs->state = FFS_READ_DESCRIPTORS;
1452 mutex_init(&ffs->mutex);
1453 spin_lock_init(&ffs->eps_lock);
1454 init_waitqueue_head(&ffs->ev.waitq);
1455 init_completion(&ffs->ep0req_completion);
1456
1457
1458 ffs->ev.can_stall = 1;
1459
1460 return ffs;
1461}
1462
1463static void ffs_data_clear(struct ffs_data *ffs)
1464{
1465 ENTER();
1466
1467 ffs_closed(ffs);
1468
1469 BUG_ON(ffs->gadget);
1470
1471 if (ffs->epfiles)
1472 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1473
1474 if (ffs->ffs_eventfd)
1475 eventfd_ctx_put(ffs->ffs_eventfd);
1476
1477 kfree(ffs->raw_descs_data);
1478 kfree(ffs->raw_strings);
1479 kfree(ffs->stringtabs);
1480}
1481
1482static void ffs_data_reset(struct ffs_data *ffs)
1483{
1484 ENTER();
1485
1486 ffs_data_clear(ffs);
1487
1488 ffs->epfiles = NULL;
1489 ffs->raw_descs_data = NULL;
1490 ffs->raw_descs = NULL;
1491 ffs->raw_strings = NULL;
1492 ffs->stringtabs = NULL;
1493
1494 ffs->raw_descs_length = 0;
1495 ffs->fs_descs_count = 0;
1496 ffs->hs_descs_count = 0;
1497 ffs->ss_descs_count = 0;
1498
1499 ffs->strings_count = 0;
1500 ffs->interfaces_count = 0;
1501 ffs->eps_count = 0;
1502
1503 ffs->ev.count = 0;
1504
1505 ffs->state = FFS_READ_DESCRIPTORS;
1506 ffs->setup_state = FFS_NO_SETUP;
1507 ffs->flags = 0;
1508}
1509
1510
1511static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1512{
1513 struct usb_gadget_strings **lang;
1514 int first_id;
1515
1516 ENTER();
1517
1518 if (WARN_ON(ffs->state != FFS_ACTIVE
1519 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1520 return -EBADFD;
1521
1522 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1523 if (unlikely(first_id < 0))
1524 return first_id;
1525
1526 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1527 if (unlikely(!ffs->ep0req))
1528 return -ENOMEM;
1529 ffs->ep0req->complete = ffs_ep0_complete;
1530 ffs->ep0req->context = ffs;
1531
1532 lang = ffs->stringtabs;
1533 if (lang) {
1534 for (; *lang; ++lang) {
1535 struct usb_string *str = (*lang)->strings;
1536 int id = first_id;
1537 for (; str->s; ++id, ++str)
1538 str->id = id;
1539 }
1540 }
1541
1542 ffs->gadget = cdev->gadget;
1543 ffs_data_get(ffs);
1544 return 0;
1545}
1546
1547static void functionfs_unbind(struct ffs_data *ffs)
1548{
1549 ENTER();
1550
1551 if (!WARN_ON(!ffs->gadget)) {
1552 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1553 ffs->ep0req = NULL;
1554 ffs->gadget = NULL;
1555 clear_bit(FFS_FL_BOUND, &ffs->flags);
1556 ffs_data_put(ffs);
1557 }
1558}
1559
1560static int ffs_epfiles_create(struct ffs_data *ffs)
1561{
1562 struct ffs_epfile *epfile, *epfiles;
1563 unsigned i, count;
1564
1565 ENTER();
1566
1567 count = ffs->eps_count;
1568 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1569 if (!epfiles)
1570 return -ENOMEM;
1571
1572 epfile = epfiles;
1573 for (i = 1; i <= count; ++i, ++epfile) {
1574 epfile->ffs = ffs;
1575 mutex_init(&epfile->mutex);
1576 init_waitqueue_head(&epfile->wait);
1577 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1578 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1579 else
1580 sprintf(epfile->name, "ep%u", i);
1581 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1582 epfile,
1583 &ffs_epfile_operations);
1584 if (unlikely(!epfile->dentry)) {
1585 ffs_epfiles_destroy(epfiles, i - 1);
1586 return -ENOMEM;
1587 }
1588 }
1589
1590 ffs->epfiles = epfiles;
1591 return 0;
1592}
1593
1594static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1595{
1596 struct ffs_epfile *epfile = epfiles;
1597
1598 ENTER();
1599
1600 for (; count; --count, ++epfile) {
1601 BUG_ON(mutex_is_locked(&epfile->mutex) ||
1602 waitqueue_active(&epfile->wait));
1603 if (epfile->dentry) {
1604 d_delete(epfile->dentry);
1605 dput(epfile->dentry);
1606 epfile->dentry = NULL;
1607 }
1608 }
1609
1610 kfree(epfiles);
1611}
1612
1613static void ffs_func_eps_disable(struct ffs_function *func)
1614{
1615 struct ffs_ep *ep = func->eps;
1616 struct ffs_epfile *epfile = func->ffs->epfiles;
1617 unsigned count = func->ffs->eps_count;
1618 unsigned long flags;
1619
1620 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1621 do {
1622
1623 if (likely(ep->ep))
1624 usb_ep_disable(ep->ep);
1625 ++ep;
1626
1627 if (epfile) {
1628 epfile->ep = NULL;
1629 ++epfile;
1630 }
1631 } while (--count);
1632 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1633}
1634
1635static int ffs_func_eps_enable(struct ffs_function *func)
1636{
1637 struct ffs_data *ffs = func->ffs;
1638 struct ffs_ep *ep = func->eps;
1639 struct ffs_epfile *epfile = ffs->epfiles;
1640 unsigned count = ffs->eps_count;
1641 unsigned long flags;
1642 int ret = 0;
1643
1644 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1645 do {
1646 struct usb_endpoint_descriptor *ds;
1647 int desc_idx;
1648
1649 if (ffs->gadget->speed == USB_SPEED_SUPER)
1650 desc_idx = 2;
1651 else if (ffs->gadget->speed == USB_SPEED_HIGH)
1652 desc_idx = 1;
1653 else
1654 desc_idx = 0;
1655
1656
1657 do {
1658 ds = ep->descs[desc_idx];
1659 } while (!ds && --desc_idx >= 0);
1660
1661 if (!ds) {
1662 ret = -EINVAL;
1663 break;
1664 }
1665
1666 ep->ep->driver_data = ep;
1667 ep->ep->desc = ds;
1668 ret = usb_ep_enable(ep->ep);
1669 if (likely(!ret)) {
1670 epfile->ep = ep;
1671 epfile->in = usb_endpoint_dir_in(ds);
1672 epfile->isoc = usb_endpoint_xfer_isoc(ds);
1673 } else {
1674 break;
1675 }
1676
1677 wake_up(&epfile->wait);
1678
1679 ++ep;
1680 ++epfile;
1681 } while (--count);
1682 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1683
1684 return ret;
1685}
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697enum ffs_entity_type {
1698 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1699};
1700
1701enum ffs_os_desc_type {
1702 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
1703};
1704
1705typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1706 u8 *valuep,
1707 struct usb_descriptor_header *desc,
1708 void *priv);
1709
1710typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
1711 struct usb_os_desc_header *h, void *data,
1712 unsigned len, void *priv);
1713
1714static int __must_check ffs_do_single_desc(char *data, unsigned len,
1715 ffs_entity_callback entity,
1716 void *priv)
1717{
1718 struct usb_descriptor_header *_ds = (void *)data;
1719 u8 length;
1720 int ret;
1721
1722 ENTER();
1723
1724
1725 if (len < 2) {
1726 pr_vdebug("descriptor too short\n");
1727 return -EINVAL;
1728 }
1729
1730
1731 length = _ds->bLength;
1732 if (len < length) {
1733 pr_vdebug("descriptor longer then available data\n");
1734 return -EINVAL;
1735 }
1736
1737#define __entity_check_INTERFACE(val) 1
1738#define __entity_check_STRING(val) (val)
1739#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1740#define __entity(type, val) do { \
1741 pr_vdebug("entity " #type "(%02x)\n", (val)); \
1742 if (unlikely(!__entity_check_ ##type(val))) { \
1743 pr_vdebug("invalid entity's value\n"); \
1744 return -EINVAL; \
1745 } \
1746 ret = entity(FFS_ ##type, &val, _ds, priv); \
1747 if (unlikely(ret < 0)) { \
1748 pr_debug("entity " #type "(%02x); ret = %d\n", \
1749 (val), ret); \
1750 return ret; \
1751 } \
1752 } while (0)
1753
1754
1755 switch (_ds->bDescriptorType) {
1756 case USB_DT_DEVICE:
1757 case USB_DT_CONFIG:
1758 case USB_DT_STRING:
1759 case USB_DT_DEVICE_QUALIFIER:
1760
1761 pr_vdebug("descriptor reserved for gadget: %d\n",
1762 _ds->bDescriptorType);
1763 return -EINVAL;
1764
1765 case USB_DT_INTERFACE: {
1766 struct usb_interface_descriptor *ds = (void *)_ds;
1767 pr_vdebug("interface descriptor\n");
1768 if (length != sizeof *ds)
1769 goto inv_length;
1770
1771 __entity(INTERFACE, ds->bInterfaceNumber);
1772 if (ds->iInterface)
1773 __entity(STRING, ds->iInterface);
1774 }
1775 break;
1776
1777 case USB_DT_ENDPOINT: {
1778 struct usb_endpoint_descriptor *ds = (void *)_ds;
1779 pr_vdebug("endpoint descriptor\n");
1780 if (length != USB_DT_ENDPOINT_SIZE &&
1781 length != USB_DT_ENDPOINT_AUDIO_SIZE)
1782 goto inv_length;
1783 __entity(ENDPOINT, ds->bEndpointAddress);
1784 }
1785 break;
1786
1787 case HID_DT_HID:
1788 pr_vdebug("hid descriptor\n");
1789 if (length != sizeof(struct hid_descriptor))
1790 goto inv_length;
1791 break;
1792
1793 case USB_DT_OTG:
1794 if (length != sizeof(struct usb_otg_descriptor))
1795 goto inv_length;
1796 break;
1797
1798 case USB_DT_INTERFACE_ASSOCIATION: {
1799 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
1800 pr_vdebug("interface association descriptor\n");
1801 if (length != sizeof *ds)
1802 goto inv_length;
1803 if (ds->iFunction)
1804 __entity(STRING, ds->iFunction);
1805 }
1806 break;
1807
1808 case USB_DT_SS_ENDPOINT_COMP:
1809 pr_vdebug("EP SS companion descriptor\n");
1810 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
1811 goto inv_length;
1812 break;
1813
1814 case USB_DT_OTHER_SPEED_CONFIG:
1815 case USB_DT_INTERFACE_POWER:
1816 case USB_DT_DEBUG:
1817 case USB_DT_SECURITY:
1818 case USB_DT_CS_RADIO_CONTROL:
1819
1820 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
1821 return -EINVAL;
1822
1823 default:
1824
1825 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
1826 return -EINVAL;
1827
1828inv_length:
1829 pr_vdebug("invalid length: %d (descriptor %d)\n",
1830 _ds->bLength, _ds->bDescriptorType);
1831 return -EINVAL;
1832 }
1833
1834#undef __entity
1835#undef __entity_check_DESCRIPTOR
1836#undef __entity_check_INTERFACE
1837#undef __entity_check_STRING
1838#undef __entity_check_ENDPOINT
1839
1840 return length;
1841}
1842
1843static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
1844 ffs_entity_callback entity, void *priv)
1845{
1846 const unsigned _len = len;
1847 unsigned long num = 0;
1848
1849 ENTER();
1850
1851 for (;;) {
1852 int ret;
1853
1854 if (num == count)
1855 data = NULL;
1856
1857
1858 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
1859 if (unlikely(ret < 0)) {
1860 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
1861 num, ret);
1862 return ret;
1863 }
1864
1865 if (!data)
1866 return _len - len;
1867
1868 ret = ffs_do_single_desc(data, len, entity, priv);
1869 if (unlikely(ret < 0)) {
1870 pr_debug("%s returns %d\n", __func__, ret);
1871 return ret;
1872 }
1873
1874 len -= ret;
1875 data += ret;
1876 ++num;
1877 }
1878}
1879
1880static int __ffs_data_do_entity(enum ffs_entity_type type,
1881 u8 *valuep, struct usb_descriptor_header *desc,
1882 void *priv)
1883{
1884 struct ffs_desc_helper *helper = priv;
1885 struct usb_endpoint_descriptor *d;
1886
1887 ENTER();
1888
1889 switch (type) {
1890 case FFS_DESCRIPTOR:
1891 break;
1892
1893 case FFS_INTERFACE:
1894
1895
1896
1897
1898
1899 if (*valuep >= helper->interfaces_count)
1900 helper->interfaces_count = *valuep + 1;
1901 break;
1902
1903 case FFS_STRING:
1904
1905
1906
1907
1908 if (*valuep > helper->ffs->strings_count)
1909 helper->ffs->strings_count = *valuep;
1910 break;
1911
1912 case FFS_ENDPOINT:
1913 d = (void *)desc;
1914 helper->eps_count++;
1915 if (helper->eps_count >= 15)
1916 return -EINVAL;
1917
1918 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
1919 helper->ffs->eps_addrmap[helper->eps_count] =
1920 d->bEndpointAddress;
1921 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
1922 d->bEndpointAddress)
1923 return -EINVAL;
1924 break;
1925 }
1926
1927 return 0;
1928}
1929
1930static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
1931 struct usb_os_desc_header *desc)
1932{
1933 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
1934 u16 w_index = le16_to_cpu(desc->wIndex);
1935
1936 if (bcd_version != 1) {
1937 pr_vdebug("unsupported os descriptors version: %d",
1938 bcd_version);
1939 return -EINVAL;
1940 }
1941 switch (w_index) {
1942 case 0x4:
1943 *next_type = FFS_OS_DESC_EXT_COMPAT;
1944 break;
1945 case 0x5:
1946 *next_type = FFS_OS_DESC_EXT_PROP;
1947 break;
1948 default:
1949 pr_vdebug("unsupported os descriptor type: %d", w_index);
1950 return -EINVAL;
1951 }
1952
1953 return sizeof(*desc);
1954}
1955
1956
1957
1958
1959
1960static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
1961 enum ffs_os_desc_type type,
1962 u16 feature_count,
1963 ffs_os_desc_callback entity,
1964 void *priv,
1965 struct usb_os_desc_header *h)
1966{
1967 int ret;
1968 const unsigned _len = len;
1969
1970 ENTER();
1971
1972
1973 while (feature_count--) {
1974 ret = entity(type, h, data, len, priv);
1975 if (unlikely(ret < 0)) {
1976 pr_debug("bad OS descriptor, type: %d\n", type);
1977 return ret;
1978 }
1979 data += ret;
1980 len -= ret;
1981 }
1982 return _len - len;
1983}
1984
1985
1986static int __must_check ffs_do_os_descs(unsigned count,
1987 char *data, unsigned len,
1988 ffs_os_desc_callback entity, void *priv)
1989{
1990 const unsigned _len = len;
1991 unsigned long num = 0;
1992
1993 ENTER();
1994
1995 for (num = 0; num < count; ++num) {
1996 int ret;
1997 enum ffs_os_desc_type type;
1998 u16 feature_count;
1999 struct usb_os_desc_header *desc = (void *)data;
2000
2001 if (len < sizeof(*desc))
2002 return -EINVAL;
2003
2004
2005
2006
2007
2008
2009
2010
2011 if (le32_to_cpu(desc->dwLength) > len)
2012 return -EINVAL;
2013
2014 ret = __ffs_do_os_desc_header(&type, desc);
2015 if (unlikely(ret < 0)) {
2016 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2017 num, ret);
2018 return ret;
2019 }
2020
2021
2022
2023 feature_count = le16_to_cpu(desc->wCount);
2024 if (type == FFS_OS_DESC_EXT_COMPAT &&
2025 (feature_count > 255 || desc->Reserved))
2026 return -EINVAL;
2027 len -= ret;
2028 data += ret;
2029
2030
2031
2032
2033
2034 ret = ffs_do_single_os_desc(data, len, type,
2035 feature_count, entity, priv, desc);
2036 if (unlikely(ret < 0)) {
2037 pr_debug("%s returns %d\n", __func__, ret);
2038 return ret;
2039 }
2040
2041 len -= ret;
2042 data += ret;
2043 }
2044 return _len - len;
2045}
2046
2047
2048
2049
2050static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2051 struct usb_os_desc_header *h, void *data,
2052 unsigned len, void *priv)
2053{
2054 struct ffs_data *ffs = priv;
2055 u8 length;
2056
2057 ENTER();
2058
2059 switch (type) {
2060 case FFS_OS_DESC_EXT_COMPAT: {
2061 struct usb_ext_compat_desc *d = data;
2062 int i;
2063
2064 if (len < sizeof(*d) ||
2065 d->bFirstInterfaceNumber >= ffs->interfaces_count ||
2066 d->Reserved1)
2067 return -EINVAL;
2068 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2069 if (d->Reserved2[i])
2070 return -EINVAL;
2071
2072 length = sizeof(struct usb_ext_compat_desc);
2073 }
2074 break;
2075 case FFS_OS_DESC_EXT_PROP: {
2076 struct usb_ext_prop_desc *d = data;
2077 u32 type, pdl;
2078 u16 pnl;
2079
2080 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2081 return -EINVAL;
2082 length = le32_to_cpu(d->dwSize);
2083 type = le32_to_cpu(d->dwPropertyDataType);
2084 if (type < USB_EXT_PROP_UNICODE ||
2085 type > USB_EXT_PROP_UNICODE_MULTI) {
2086 pr_vdebug("unsupported os descriptor property type: %d",
2087 type);
2088 return -EINVAL;
2089 }
2090 pnl = le16_to_cpu(d->wPropertyNameLength);
2091 pdl = le32_to_cpu(*(u32 *)((u8 *)data + 10 + pnl));
2092 if (length != 14 + pnl + pdl) {
2093 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2094 length, pnl, pdl, type);
2095 return -EINVAL;
2096 }
2097 ++ffs->ms_os_descs_ext_prop_count;
2098
2099 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2100 ffs->ms_os_descs_ext_prop_data_len += pdl;
2101 }
2102 break;
2103 default:
2104 pr_vdebug("unknown descriptor: %d\n", type);
2105 return -EINVAL;
2106 }
2107 return length;
2108}
2109
2110static int __ffs_data_got_descs(struct ffs_data *ffs,
2111 char *const _data, size_t len)
2112{
2113 char *data = _data, *raw_descs;
2114 unsigned os_descs_count = 0, counts[3], flags;
2115 int ret = -EINVAL, i;
2116 struct ffs_desc_helper helper;
2117
2118 ENTER();
2119
2120 if (get_unaligned_le32(data + 4) != len)
2121 goto error;
2122
2123 switch (get_unaligned_le32(data)) {
2124 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2125 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2126 data += 8;
2127 len -= 8;
2128 break;
2129 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2130 flags = get_unaligned_le32(data + 8);
2131 ffs->user_flags = flags;
2132 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2133 FUNCTIONFS_HAS_HS_DESC |
2134 FUNCTIONFS_HAS_SS_DESC |
2135 FUNCTIONFS_HAS_MS_OS_DESC |
2136 FUNCTIONFS_VIRTUAL_ADDR |
2137 FUNCTIONFS_EVENTFD)) {
2138 ret = -ENOSYS;
2139 goto error;
2140 }
2141 data += 12;
2142 len -= 12;
2143 break;
2144 default:
2145 goto error;
2146 }
2147
2148 if (flags & FUNCTIONFS_EVENTFD) {
2149 if (len < 4)
2150 goto error;
2151 ffs->ffs_eventfd =
2152 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2153 if (IS_ERR(ffs->ffs_eventfd)) {
2154 ret = PTR_ERR(ffs->ffs_eventfd);
2155 ffs->ffs_eventfd = NULL;
2156 goto error;
2157 }
2158 data += 4;
2159 len -= 4;
2160 }
2161
2162
2163 for (i = 0; i < 3; ++i) {
2164 if (!(flags & (1 << i))) {
2165 counts[i] = 0;
2166 } else if (len < 4) {
2167 goto error;
2168 } else {
2169 counts[i] = get_unaligned_le32(data);
2170 data += 4;
2171 len -= 4;
2172 }
2173 }
2174 if (flags & (1 << i)) {
2175 os_descs_count = get_unaligned_le32(data);
2176 data += 4;
2177 len -= 4;
2178 };
2179
2180
2181 raw_descs = data;
2182 helper.ffs = ffs;
2183 for (i = 0; i < 3; ++i) {
2184 if (!counts[i])
2185 continue;
2186 helper.interfaces_count = 0;
2187 helper.eps_count = 0;
2188 ret = ffs_do_descs(counts[i], data, len,
2189 __ffs_data_do_entity, &helper);
2190 if (ret < 0)
2191 goto error;
2192 if (!ffs->eps_count && !ffs->interfaces_count) {
2193 ffs->eps_count = helper.eps_count;
2194 ffs->interfaces_count = helper.interfaces_count;
2195 } else {
2196 if (ffs->eps_count != helper.eps_count) {
2197 ret = -EINVAL;
2198 goto error;
2199 }
2200 if (ffs->interfaces_count != helper.interfaces_count) {
2201 ret = -EINVAL;
2202 goto error;
2203 }
2204 }
2205 data += ret;
2206 len -= ret;
2207 }
2208 if (os_descs_count) {
2209 ret = ffs_do_os_descs(os_descs_count, data, len,
2210 __ffs_data_do_os_desc, ffs);
2211 if (ret < 0)
2212 goto error;
2213 data += ret;
2214 len -= ret;
2215 }
2216
2217 if (raw_descs == data || len) {
2218 ret = -EINVAL;
2219 goto error;
2220 }
2221
2222 ffs->raw_descs_data = _data;
2223 ffs->raw_descs = raw_descs;
2224 ffs->raw_descs_length = data - raw_descs;
2225 ffs->fs_descs_count = counts[0];
2226 ffs->hs_descs_count = counts[1];
2227 ffs->ss_descs_count = counts[2];
2228 ffs->ms_os_descs_count = os_descs_count;
2229
2230 return 0;
2231
2232error:
2233 kfree(_data);
2234 return ret;
2235}
2236
2237static int __ffs_data_got_strings(struct ffs_data *ffs,
2238 char *const _data, size_t len)
2239{
2240 u32 str_count, needed_count, lang_count;
2241 struct usb_gadget_strings **stringtabs, *t;
2242 struct usb_string *strings, *s;
2243 const char *data = _data;
2244
2245 ENTER();
2246
2247 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2248 get_unaligned_le32(data + 4) != len))
2249 goto error;
2250 str_count = get_unaligned_le32(data + 8);
2251 lang_count = get_unaligned_le32(data + 12);
2252
2253
2254 if (unlikely(!str_count != !lang_count))
2255 goto error;
2256
2257
2258 needed_count = ffs->strings_count;
2259 if (unlikely(str_count < needed_count))
2260 goto error;
2261
2262
2263
2264
2265
2266 if (!needed_count) {
2267 kfree(_data);
2268 return 0;
2269 }
2270
2271
2272 {
2273 unsigned i = 0;
2274 vla_group(d);
2275 vla_item(d, struct usb_gadget_strings *, stringtabs,
2276 lang_count + 1);
2277 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2278 vla_item(d, struct usb_string, strings,
2279 lang_count*(needed_count+1));
2280
2281 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2282
2283 if (unlikely(!vlabuf)) {
2284 kfree(_data);
2285 return -ENOMEM;
2286 }
2287
2288
2289 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2290 t = vla_ptr(vlabuf, d, stringtab);
2291 i = lang_count;
2292 do {
2293 *stringtabs++ = t++;
2294 } while (--i);
2295 *stringtabs = NULL;
2296
2297
2298 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2299 t = vla_ptr(vlabuf, d, stringtab);
2300 s = vla_ptr(vlabuf, d, strings);
2301 strings = s;
2302 }
2303
2304
2305 data += 16;
2306 len -= 16;
2307
2308 do {
2309 unsigned needed = needed_count;
2310
2311 if (unlikely(len < 3))
2312 goto error_free;
2313 t->language = get_unaligned_le16(data);
2314 t->strings = s;
2315 ++t;
2316
2317 data += 2;
2318 len -= 2;
2319
2320
2321 do {
2322 size_t length = strnlen(data, len);
2323
2324 if (unlikely(length == len))
2325 goto error_free;
2326
2327
2328
2329
2330
2331
2332 if (likely(needed)) {
2333
2334
2335
2336
2337
2338 s->s = data;
2339 --needed;
2340 ++s;
2341 }
2342
2343 data += length + 1;
2344 len -= length + 1;
2345 } while (--str_count);
2346
2347 s->id = 0;
2348 s->s = NULL;
2349 ++s;
2350
2351 } while (--lang_count);
2352
2353
2354 if (unlikely(len))
2355 goto error_free;
2356
2357
2358 ffs->stringtabs = stringtabs;
2359 ffs->raw_strings = _data;
2360
2361 return 0;
2362
2363error_free:
2364 kfree(stringtabs);
2365error:
2366 kfree(_data);
2367 return -EINVAL;
2368}
2369
2370
2371
2372
2373static void __ffs_event_add(struct ffs_data *ffs,
2374 enum usb_functionfs_event_type type)
2375{
2376 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2377 int neg = 0;
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387 if (ffs->setup_state == FFS_SETUP_PENDING)
2388 ffs->setup_state = FFS_SETUP_CANCELLED;
2389
2390
2391
2392
2393
2394
2395
2396
2397 switch (type) {
2398 case FUNCTIONFS_RESUME:
2399 rem_type2 = FUNCTIONFS_SUSPEND;
2400
2401 case FUNCTIONFS_SUSPEND:
2402 case FUNCTIONFS_SETUP:
2403 rem_type1 = type;
2404
2405 break;
2406
2407 case FUNCTIONFS_BIND:
2408 case FUNCTIONFS_UNBIND:
2409 case FUNCTIONFS_DISABLE:
2410 case FUNCTIONFS_ENABLE:
2411
2412 rem_type1 = FUNCTIONFS_SUSPEND;
2413 rem_type2 = FUNCTIONFS_RESUME;
2414 neg = 1;
2415 break;
2416
2417 default:
2418 WARN(1, "%d: unknown event, this should not happen\n", type);
2419 return;
2420 }
2421
2422 {
2423 u8 *ev = ffs->ev.types, *out = ev;
2424 unsigned n = ffs->ev.count;
2425 for (; n; --n, ++ev)
2426 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2427 *out++ = *ev;
2428 else
2429 pr_vdebug("purging event %d\n", *ev);
2430 ffs->ev.count = out - ffs->ev.types;
2431 }
2432
2433 pr_vdebug("adding event %d\n", type);
2434 ffs->ev.types[ffs->ev.count++] = type;
2435 wake_up_locked(&ffs->ev.waitq);
2436 if (ffs->ffs_eventfd)
2437 eventfd_signal(ffs->ffs_eventfd, 1);
2438}
2439
2440static void ffs_event_add(struct ffs_data *ffs,
2441 enum usb_functionfs_event_type type)
2442{
2443 unsigned long flags;
2444 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2445 __ffs_event_add(ffs, type);
2446 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2447}
2448
2449
2450
2451static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2452{
2453 int i;
2454
2455 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2456 if (ffs->eps_addrmap[i] == endpoint_address)
2457 return i;
2458 return -ENOENT;
2459}
2460
2461static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2462 struct usb_descriptor_header *desc,
2463 void *priv)
2464{
2465 struct usb_endpoint_descriptor *ds = (void *)desc;
2466 struct ffs_function *func = priv;
2467 struct ffs_ep *ffs_ep;
2468 unsigned ep_desc_id;
2469 int idx;
2470 static const char *speed_names[] = { "full", "high", "super" };
2471
2472 if (type != FFS_DESCRIPTOR)
2473 return 0;
2474
2475
2476
2477
2478
2479
2480
2481 if (func->function.ss_descriptors) {
2482 ep_desc_id = 2;
2483 func->function.ss_descriptors[(long)valuep] = desc;
2484 } else if (func->function.hs_descriptors) {
2485 ep_desc_id = 1;
2486 func->function.hs_descriptors[(long)valuep] = desc;
2487 } else {
2488 ep_desc_id = 0;
2489 func->function.fs_descriptors[(long)valuep] = desc;
2490 }
2491
2492 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2493 return 0;
2494
2495 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2496 if (idx < 0)
2497 return idx;
2498
2499 ffs_ep = func->eps + idx;
2500
2501 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2502 pr_err("two %sspeed descriptors for EP %d\n",
2503 speed_names[ep_desc_id],
2504 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2505 return -EINVAL;
2506 }
2507 ffs_ep->descs[ep_desc_id] = ds;
2508
2509 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2510 if (ffs_ep->ep) {
2511 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2512 if (!ds->wMaxPacketSize)
2513 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2514 } else {
2515 struct usb_request *req;
2516 struct usb_ep *ep;
2517 u8 bEndpointAddress;
2518
2519
2520
2521
2522
2523 bEndpointAddress = ds->bEndpointAddress;
2524 pr_vdebug("autoconfig\n");
2525 ep = usb_ep_autoconfig(func->gadget, ds);
2526 if (unlikely(!ep))
2527 return -ENOTSUPP;
2528 ep->driver_data = func->eps + idx;
2529
2530 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2531 if (unlikely(!req))
2532 return -ENOMEM;
2533
2534 ffs_ep->ep = ep;
2535 ffs_ep->req = req;
2536 func->eps_revmap[ds->bEndpointAddress &
2537 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2538
2539
2540
2541
2542 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2543 ds->bEndpointAddress = bEndpointAddress;
2544 }
2545 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2546
2547 return 0;
2548}
2549
2550static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2551 struct usb_descriptor_header *desc,
2552 void *priv)
2553{
2554 struct ffs_function *func = priv;
2555 unsigned idx;
2556 u8 newValue;
2557
2558 switch (type) {
2559 default:
2560 case FFS_DESCRIPTOR:
2561
2562 return 0;
2563
2564 case FFS_INTERFACE:
2565 idx = *valuep;
2566 if (func->interfaces_nums[idx] < 0) {
2567 int id = usb_interface_id(func->conf, &func->function);
2568 if (unlikely(id < 0))
2569 return id;
2570 func->interfaces_nums[idx] = id;
2571 }
2572 newValue = func->interfaces_nums[idx];
2573 break;
2574
2575 case FFS_STRING:
2576
2577 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2578 break;
2579
2580 case FFS_ENDPOINT:
2581
2582
2583
2584
2585 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2586 return 0;
2587
2588 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2589 if (unlikely(!func->eps[idx].ep))
2590 return -EINVAL;
2591
2592 {
2593 struct usb_endpoint_descriptor **descs;
2594 descs = func->eps[idx].descs;
2595 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2596 }
2597 break;
2598 }
2599
2600 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2601 *valuep = newValue;
2602 return 0;
2603}
2604
2605static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2606 struct usb_os_desc_header *h, void *data,
2607 unsigned len, void *priv)
2608{
2609 struct ffs_function *func = priv;
2610 u8 length = 0;
2611
2612 switch (type) {
2613 case FFS_OS_DESC_EXT_COMPAT: {
2614 struct usb_ext_compat_desc *desc = data;
2615 struct usb_os_desc_table *t;
2616
2617 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2618 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2619 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2620 ARRAY_SIZE(desc->CompatibleID) +
2621 ARRAY_SIZE(desc->SubCompatibleID));
2622 length = sizeof(*desc);
2623 }
2624 break;
2625 case FFS_OS_DESC_EXT_PROP: {
2626 struct usb_ext_prop_desc *desc = data;
2627 struct usb_os_desc_table *t;
2628 struct usb_os_desc_ext_prop *ext_prop;
2629 char *ext_prop_name;
2630 char *ext_prop_data;
2631
2632 t = &func->function.os_desc_table[h->interface];
2633 t->if_id = func->interfaces_nums[h->interface];
2634
2635 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2636 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2637
2638 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2639 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2640 ext_prop->data_len = le32_to_cpu(*(u32 *)
2641 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2642 length = ext_prop->name_len + ext_prop->data_len + 14;
2643
2644 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2645 func->ffs->ms_os_descs_ext_prop_name_avail +=
2646 ext_prop->name_len;
2647
2648 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2649 func->ffs->ms_os_descs_ext_prop_data_avail +=
2650 ext_prop->data_len;
2651 memcpy(ext_prop_data,
2652 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2653 ext_prop->data_len);
2654
2655 switch (ext_prop->type) {
2656 case USB_EXT_PROP_UNICODE:
2657 case USB_EXT_PROP_UNICODE_ENV:
2658 case USB_EXT_PROP_UNICODE_LINK:
2659 case USB_EXT_PROP_UNICODE_MULTI:
2660 ext_prop->data_len *= 2;
2661 break;
2662 }
2663 ext_prop->data = ext_prop_data;
2664
2665 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
2666 ext_prop->name_len);
2667
2668 ext_prop->name_len *= 2;
2669 ext_prop->name = ext_prop_name;
2670
2671 t->os_desc->ext_prop_len +=
2672 ext_prop->name_len + ext_prop->data_len + 14;
2673 ++t->os_desc->ext_prop_count;
2674 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
2675 }
2676 break;
2677 default:
2678 pr_vdebug("unknown descriptor: %d\n", type);
2679 }
2680
2681 return length;
2682}
2683
2684static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
2685 struct usb_configuration *c)
2686{
2687 struct ffs_function *func = ffs_func_from_usb(f);
2688 struct f_fs_opts *ffs_opts =
2689 container_of(f->fi, struct f_fs_opts, func_inst);
2690 int ret;
2691
2692 ENTER();
2693
2694
2695
2696
2697
2698
2699
2700
2701 if (!ffs_opts->no_configfs)
2702 ffs_dev_lock();
2703 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
2704 func->ffs = ffs_opts->dev->ffs_data;
2705 if (!ffs_opts->no_configfs)
2706 ffs_dev_unlock();
2707 if (ret)
2708 return ERR_PTR(ret);
2709
2710 func->conf = c;
2711 func->gadget = c->cdev->gadget;
2712
2713
2714
2715
2716
2717
2718
2719
2720 if (!ffs_opts->refcnt) {
2721 ret = functionfs_bind(func->ffs, c->cdev);
2722 if (ret)
2723 return ERR_PTR(ret);
2724 }
2725 ffs_opts->refcnt++;
2726 func->function.strings = func->ffs->stringtabs;
2727
2728 return ffs_opts;
2729}
2730
2731static int _ffs_func_bind(struct usb_configuration *c,
2732 struct usb_function *f)
2733{
2734 struct ffs_function *func = ffs_func_from_usb(f);
2735 struct ffs_data *ffs = func->ffs;
2736
2737 const int full = !!func->ffs->fs_descs_count;
2738 const int high = gadget_is_dualspeed(func->gadget) &&
2739 func->ffs->hs_descs_count;
2740 const int super = gadget_is_superspeed(func->gadget) &&
2741 func->ffs->ss_descs_count;
2742
2743 int fs_len, hs_len, ss_len, ret, i;
2744
2745
2746 vla_group(d);
2747 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
2748 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
2749 full ? ffs->fs_descs_count + 1 : 0);
2750 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
2751 high ? ffs->hs_descs_count + 1 : 0);
2752 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
2753 super ? ffs->ss_descs_count + 1 : 0);
2754 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
2755 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
2756 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2757 vla_item_with_sz(d, char[16], ext_compat,
2758 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2759 vla_item_with_sz(d, struct usb_os_desc, os_desc,
2760 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2761 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
2762 ffs->ms_os_descs_ext_prop_count);
2763 vla_item_with_sz(d, char, ext_prop_name,
2764 ffs->ms_os_descs_ext_prop_name_len);
2765 vla_item_with_sz(d, char, ext_prop_data,
2766 ffs->ms_os_descs_ext_prop_data_len);
2767 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
2768 char *vlabuf;
2769
2770 ENTER();
2771
2772
2773 if (unlikely(!(full | high | super)))
2774 return -ENOTSUPP;
2775
2776
2777 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
2778 if (unlikely(!vlabuf))
2779 return -ENOMEM;
2780
2781 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
2782 ffs->ms_os_descs_ext_prop_name_avail =
2783 vla_ptr(vlabuf, d, ext_prop_name);
2784 ffs->ms_os_descs_ext_prop_data_avail =
2785 vla_ptr(vlabuf, d, ext_prop_data);
2786
2787
2788 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
2789 ffs->raw_descs_length);
2790
2791 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
2792 for (ret = ffs->eps_count; ret; --ret) {
2793 struct ffs_ep *ptr;
2794
2795 ptr = vla_ptr(vlabuf, d, eps);
2796 ptr[ret].num = -1;
2797 }
2798
2799
2800
2801
2802 func->eps = vla_ptr(vlabuf, d, eps);
2803 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
2804
2805
2806
2807
2808
2809
2810 if (likely(full)) {
2811 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
2812 fs_len = ffs_do_descs(ffs->fs_descs_count,
2813 vla_ptr(vlabuf, d, raw_descs),
2814 d_raw_descs__sz,
2815 __ffs_func_bind_do_descs, func);
2816 if (unlikely(fs_len < 0)) {
2817 ret = fs_len;
2818 goto error;
2819 }
2820 } else {
2821 fs_len = 0;
2822 }
2823
2824 if (likely(high)) {
2825 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
2826 hs_len = ffs_do_descs(ffs->hs_descs_count,
2827 vla_ptr(vlabuf, d, raw_descs) + fs_len,
2828 d_raw_descs__sz - fs_len,
2829 __ffs_func_bind_do_descs, func);
2830 if (unlikely(hs_len < 0)) {
2831 ret = hs_len;
2832 goto error;
2833 }
2834 } else {
2835 hs_len = 0;
2836 }
2837
2838 if (likely(super)) {
2839 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
2840 ss_len = ffs_do_descs(ffs->ss_descs_count,
2841 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
2842 d_raw_descs__sz - fs_len - hs_len,
2843 __ffs_func_bind_do_descs, func);
2844 if (unlikely(ss_len < 0)) {
2845 ret = ss_len;
2846 goto error;
2847 }
2848 } else {
2849 ss_len = 0;
2850 }
2851
2852
2853
2854
2855
2856
2857 ret = ffs_do_descs(ffs->fs_descs_count +
2858 (high ? ffs->hs_descs_count : 0) +
2859 (super ? ffs->ss_descs_count : 0),
2860 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
2861 __ffs_func_bind_do_nums, func);
2862 if (unlikely(ret < 0))
2863 goto error;
2864
2865 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
2866 if (c->cdev->use_os_string)
2867 for (i = 0; i < ffs->interfaces_count; ++i) {
2868 struct usb_os_desc *desc;
2869
2870 desc = func->function.os_desc_table[i].os_desc =
2871 vla_ptr(vlabuf, d, os_desc) +
2872 i * sizeof(struct usb_os_desc);
2873 desc->ext_compat_id =
2874 vla_ptr(vlabuf, d, ext_compat) + i * 16;
2875 INIT_LIST_HEAD(&desc->ext_prop);
2876 }
2877 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
2878 vla_ptr(vlabuf, d, raw_descs) +
2879 fs_len + hs_len + ss_len,
2880 d_raw_descs__sz - fs_len - hs_len - ss_len,
2881 __ffs_func_bind_do_os_desc, func);
2882 if (unlikely(ret < 0))
2883 goto error;
2884 func->function.os_desc_n =
2885 c->cdev->use_os_string ? ffs->interfaces_count : 0;
2886
2887
2888 ffs_event_add(ffs, FUNCTIONFS_BIND);
2889 return 0;
2890
2891error:
2892
2893 return ret;
2894}
2895
2896static int ffs_func_bind(struct usb_configuration *c,
2897 struct usb_function *f)
2898{
2899 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
2900
2901 if (IS_ERR(ffs_opts))
2902 return PTR_ERR(ffs_opts);
2903
2904 return _ffs_func_bind(c, f);
2905}
2906
2907
2908
2909
2910static void ffs_reset_work(struct work_struct *work)
2911{
2912 struct ffs_data *ffs = container_of(work,
2913 struct ffs_data, reset_work);
2914 ffs_data_reset(ffs);
2915}
2916
2917static int ffs_func_set_alt(struct usb_function *f,
2918 unsigned interface, unsigned alt)
2919{
2920 struct ffs_function *func = ffs_func_from_usb(f);
2921 struct ffs_data *ffs = func->ffs;
2922 int ret = 0, intf;
2923
2924 if (alt != (unsigned)-1) {
2925 intf = ffs_func_revmap_intf(func, interface);
2926 if (unlikely(intf < 0))
2927 return intf;
2928 }
2929
2930 if (ffs->func)
2931 ffs_func_eps_disable(ffs->func);
2932
2933 if (ffs->state == FFS_DEACTIVATED) {
2934 ffs->state = FFS_CLOSING;
2935 INIT_WORK(&ffs->reset_work, ffs_reset_work);
2936 schedule_work(&ffs->reset_work);
2937 return -ENODEV;
2938 }
2939
2940 if (ffs->state != FFS_ACTIVE)
2941 return -ENODEV;
2942
2943 if (alt == (unsigned)-1) {
2944 ffs->func = NULL;
2945 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
2946 return 0;
2947 }
2948
2949 ffs->func = func;
2950 ret = ffs_func_eps_enable(func);
2951 if (likely(ret >= 0))
2952 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
2953 return ret;
2954}
2955
2956static void ffs_func_disable(struct usb_function *f)
2957{
2958 ffs_func_set_alt(f, 0, (unsigned)-1);
2959}
2960
2961static int ffs_func_setup(struct usb_function *f,
2962 const struct usb_ctrlrequest *creq)
2963{
2964 struct ffs_function *func = ffs_func_from_usb(f);
2965 struct ffs_data *ffs = func->ffs;
2966 unsigned long flags;
2967 int ret;
2968
2969 ENTER();
2970
2971 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
2972 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
2973 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
2974 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
2975 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986 if (ffs->state != FFS_ACTIVE)
2987 return -ENODEV;
2988
2989 switch (creq->bRequestType & USB_RECIP_MASK) {
2990 case USB_RECIP_INTERFACE:
2991 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
2992 if (unlikely(ret < 0))
2993 return ret;
2994 break;
2995
2996 case USB_RECIP_ENDPOINT:
2997 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
2998 if (unlikely(ret < 0))
2999 return ret;
3000 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3001 ret = func->ffs->eps_addrmap[ret];
3002 break;
3003
3004 default:
3005 return -EOPNOTSUPP;
3006 }
3007
3008 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3009 ffs->ev.setup = *creq;
3010 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3011 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3012 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3013
3014 return 0;
3015}
3016
3017static void ffs_func_suspend(struct usb_function *f)
3018{
3019 ENTER();
3020 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3021}
3022
3023static void ffs_func_resume(struct usb_function *f)
3024{
3025 ENTER();
3026 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3027}
3028
3029
3030
3031
3032static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3033{
3034 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3035 return num ? num : -EDOM;
3036}
3037
3038static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3039{
3040 short *nums = func->interfaces_nums;
3041 unsigned count = func->ffs->interfaces_count;
3042
3043 for (; count; --count, ++nums) {
3044 if (*nums >= 0 && *nums == intf)
3045 return nums - func->interfaces_nums;
3046 }
3047
3048 return -EDOM;
3049}
3050
3051
3052
3053
3054static LIST_HEAD(ffs_devices);
3055
3056static struct ffs_dev *_ffs_do_find_dev(const char *name)
3057{
3058 struct ffs_dev *dev;
3059
3060 list_for_each_entry(dev, &ffs_devices, entry) {
3061 if (!dev->name || !name)
3062 continue;
3063 if (strcmp(dev->name, name) == 0)
3064 return dev;
3065 }
3066
3067 return NULL;
3068}
3069
3070
3071
3072
3073static struct ffs_dev *_ffs_get_single_dev(void)
3074{
3075 struct ffs_dev *dev;
3076
3077 if (list_is_singular(&ffs_devices)) {
3078 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3079 if (dev->single)
3080 return dev;
3081 }
3082
3083 return NULL;
3084}
3085
3086
3087
3088
3089static struct ffs_dev *_ffs_find_dev(const char *name)
3090{
3091 struct ffs_dev *dev;
3092
3093 dev = _ffs_get_single_dev();
3094 if (dev)
3095 return dev;
3096
3097 return _ffs_do_find_dev(name);
3098}
3099
3100
3101
3102static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3103{
3104 return container_of(to_config_group(item), struct f_fs_opts,
3105 func_inst.group);
3106}
3107
3108static void ffs_attr_release(struct config_item *item)
3109{
3110 struct f_fs_opts *opts = to_ffs_opts(item);
3111
3112 usb_put_function_instance(&opts->func_inst);
3113}
3114
3115static struct configfs_item_operations ffs_item_ops = {
3116 .release = ffs_attr_release,
3117};
3118
3119static struct config_item_type ffs_func_type = {
3120 .ct_item_ops = &ffs_item_ops,
3121 .ct_owner = THIS_MODULE,
3122};
3123
3124
3125
3126
3127static void ffs_free_inst(struct usb_function_instance *f)
3128{
3129 struct f_fs_opts *opts;
3130
3131 opts = to_f_fs_opts(f);
3132 ffs_dev_lock();
3133 _ffs_free_dev(opts->dev);
3134 ffs_dev_unlock();
3135 kfree(opts);
3136}
3137
3138#define MAX_INST_NAME_LEN 40
3139
3140static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3141{
3142 struct f_fs_opts *opts;
3143 char *ptr;
3144 const char *tmp;
3145 int name_len, ret;
3146
3147 name_len = strlen(name) + 1;
3148 if (name_len > MAX_INST_NAME_LEN)
3149 return -ENAMETOOLONG;
3150
3151 ptr = kstrndup(name, name_len, GFP_KERNEL);
3152 if (!ptr)
3153 return -ENOMEM;
3154
3155 opts = to_f_fs_opts(fi);
3156 tmp = NULL;
3157
3158 ffs_dev_lock();
3159
3160 tmp = opts->dev->name_allocated ? opts->dev->name : NULL;
3161 ret = _ffs_name_dev(opts->dev, ptr);
3162 if (ret) {
3163 kfree(ptr);
3164 ffs_dev_unlock();
3165 return ret;
3166 }
3167 opts->dev->name_allocated = true;
3168
3169 ffs_dev_unlock();
3170
3171 kfree(tmp);
3172
3173 return 0;
3174}
3175
3176static struct usb_function_instance *ffs_alloc_inst(void)
3177{
3178 struct f_fs_opts *opts;
3179 struct ffs_dev *dev;
3180
3181 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3182 if (!opts)
3183 return ERR_PTR(-ENOMEM);
3184
3185 opts->func_inst.set_inst_name = ffs_set_inst_name;
3186 opts->func_inst.free_func_inst = ffs_free_inst;
3187 ffs_dev_lock();
3188 dev = _ffs_alloc_dev();
3189 ffs_dev_unlock();
3190 if (IS_ERR(dev)) {
3191 kfree(opts);
3192 return ERR_CAST(dev);
3193 }
3194 opts->dev = dev;
3195 dev->opts = opts;
3196
3197 config_group_init_type_name(&opts->func_inst.group, "",
3198 &ffs_func_type);
3199 return &opts->func_inst;
3200}
3201
3202static void ffs_free(struct usb_function *f)
3203{
3204 kfree(ffs_func_from_usb(f));
3205}
3206
3207static void ffs_func_unbind(struct usb_configuration *c,
3208 struct usb_function *f)
3209{
3210 struct ffs_function *func = ffs_func_from_usb(f);
3211 struct ffs_data *ffs = func->ffs;
3212 struct f_fs_opts *opts =
3213 container_of(f->fi, struct f_fs_opts, func_inst);
3214 struct ffs_ep *ep = func->eps;
3215 unsigned count = ffs->eps_count;
3216 unsigned long flags;
3217
3218 ENTER();
3219 if (ffs->func == func) {
3220 ffs_func_eps_disable(func);
3221 ffs->func = NULL;
3222 }
3223
3224 if (!--opts->refcnt)
3225 functionfs_unbind(ffs);
3226
3227
3228 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3229 do {
3230 if (ep->ep && ep->req)
3231 usb_ep_free_request(ep->ep, ep->req);
3232 ep->req = NULL;
3233 ++ep;
3234 } while (--count);
3235 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3236 kfree(func->eps);
3237 func->eps = NULL;
3238
3239
3240
3241
3242 func->function.fs_descriptors = NULL;
3243 func->function.hs_descriptors = NULL;
3244 func->function.ss_descriptors = NULL;
3245 func->interfaces_nums = NULL;
3246
3247 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3248}
3249
3250static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3251{
3252 struct ffs_function *func;
3253
3254 ENTER();
3255
3256 func = kzalloc(sizeof(*func), GFP_KERNEL);
3257 if (unlikely(!func))
3258 return ERR_PTR(-ENOMEM);
3259
3260 func->function.name = "Function FS Gadget";
3261
3262 func->function.bind = ffs_func_bind;
3263 func->function.unbind = ffs_func_unbind;
3264 func->function.set_alt = ffs_func_set_alt;
3265 func->function.disable = ffs_func_disable;
3266 func->function.setup = ffs_func_setup;
3267 func->function.suspend = ffs_func_suspend;
3268 func->function.resume = ffs_func_resume;
3269 func->function.free_func = ffs_free;
3270
3271 return &func->function;
3272}
3273
3274
3275
3276
3277static struct ffs_dev *_ffs_alloc_dev(void)
3278{
3279 struct ffs_dev *dev;
3280 int ret;
3281
3282 if (_ffs_get_single_dev())
3283 return ERR_PTR(-EBUSY);
3284
3285 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3286 if (!dev)
3287 return ERR_PTR(-ENOMEM);
3288
3289 if (list_empty(&ffs_devices)) {
3290 ret = functionfs_init();
3291 if (ret) {
3292 kfree(dev);
3293 return ERR_PTR(ret);
3294 }
3295 }
3296
3297 list_add(&dev->entry, &ffs_devices);
3298
3299 return dev;
3300}
3301
3302
3303
3304
3305
3306static int _ffs_name_dev(struct ffs_dev *dev, const char *name)
3307{
3308 struct ffs_dev *existing;
3309
3310 existing = _ffs_do_find_dev(name);
3311 if (existing)
3312 return -EBUSY;
3313
3314 dev->name = name;
3315
3316 return 0;
3317}
3318
3319
3320
3321
3322int ffs_name_dev(struct ffs_dev *dev, const char *name)
3323{
3324 int ret;
3325
3326 ffs_dev_lock();
3327 ret = _ffs_name_dev(dev, name);
3328 ffs_dev_unlock();
3329
3330 return ret;
3331}
3332EXPORT_SYMBOL_GPL(ffs_name_dev);
3333
3334int ffs_single_dev(struct ffs_dev *dev)
3335{
3336 int ret;
3337
3338 ret = 0;
3339 ffs_dev_lock();
3340
3341 if (!list_is_singular(&ffs_devices))
3342 ret = -EBUSY;
3343 else
3344 dev->single = true;
3345
3346 ffs_dev_unlock();
3347 return ret;
3348}
3349EXPORT_SYMBOL_GPL(ffs_single_dev);
3350
3351
3352
3353
3354static void _ffs_free_dev(struct ffs_dev *dev)
3355{
3356 list_del(&dev->entry);
3357 if (dev->name_allocated)
3358 kfree(dev->name);
3359 kfree(dev);
3360 if (list_empty(&ffs_devices))
3361 functionfs_cleanup();
3362}
3363
3364static void *ffs_acquire_dev(const char *dev_name)
3365{
3366 struct ffs_dev *ffs_dev;
3367
3368 ENTER();
3369 ffs_dev_lock();
3370
3371 ffs_dev = _ffs_find_dev(dev_name);
3372 if (!ffs_dev)
3373 ffs_dev = ERR_PTR(-ENOENT);
3374 else if (ffs_dev->mounted)
3375 ffs_dev = ERR_PTR(-EBUSY);
3376 else if (ffs_dev->ffs_acquire_dev_callback &&
3377 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
3378 ffs_dev = ERR_PTR(-ENOENT);
3379 else
3380 ffs_dev->mounted = true;
3381
3382 ffs_dev_unlock();
3383 return ffs_dev;
3384}
3385
3386static void ffs_release_dev(struct ffs_data *ffs_data)
3387{
3388 struct ffs_dev *ffs_dev;
3389
3390 ENTER();
3391 ffs_dev_lock();
3392
3393 ffs_dev = ffs_data->private_data;
3394 if (ffs_dev) {
3395 ffs_dev->mounted = false;
3396
3397 if (ffs_dev->ffs_release_dev_callback)
3398 ffs_dev->ffs_release_dev_callback(ffs_dev);
3399 }
3400
3401 ffs_dev_unlock();
3402}
3403
3404static int ffs_ready(struct ffs_data *ffs)
3405{
3406 struct ffs_dev *ffs_obj;
3407 int ret = 0;
3408
3409 ENTER();
3410 ffs_dev_lock();
3411
3412 ffs_obj = ffs->private_data;
3413 if (!ffs_obj) {
3414 ret = -EINVAL;
3415 goto done;
3416 }
3417 if (WARN_ON(ffs_obj->desc_ready)) {
3418 ret = -EBUSY;
3419 goto done;
3420 }
3421
3422 ffs_obj->desc_ready = true;
3423 ffs_obj->ffs_data = ffs;
3424
3425 if (ffs_obj->ffs_ready_callback) {
3426 ret = ffs_obj->ffs_ready_callback(ffs);
3427 if (ret)
3428 goto done;
3429 }
3430
3431 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3432done:
3433 ffs_dev_unlock();
3434 return ret;
3435}
3436
3437static void ffs_closed(struct ffs_data *ffs)
3438{
3439 struct ffs_dev *ffs_obj;
3440 struct f_fs_opts *opts;
3441
3442 ENTER();
3443 ffs_dev_lock();
3444
3445 ffs_obj = ffs->private_data;
3446 if (!ffs_obj)
3447 goto done;
3448
3449 ffs_obj->desc_ready = false;
3450
3451 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3452 ffs_obj->ffs_closed_callback)
3453 ffs_obj->ffs_closed_callback(ffs);
3454
3455 if (ffs_obj->opts)
3456 opts = ffs_obj->opts;
3457 else
3458 goto done;
3459
3460 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3461 || !atomic_read(&opts->func_inst.group.cg_item.ci_kref.refcount))
3462 goto done;
3463
3464 unregister_gadget_item(ffs_obj->opts->
3465 func_inst.group.cg_item.ci_parent->ci_parent);
3466done:
3467 ffs_dev_unlock();
3468}
3469
3470
3471
3472static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3473{
3474 return nonblock
3475 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3476 : mutex_lock_interruptible(mutex);
3477}
3478
3479static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3480{
3481 char *data;
3482
3483 if (unlikely(!len))
3484 return NULL;
3485
3486 data = kmalloc(len, GFP_KERNEL);
3487 if (unlikely(!data))
3488 return ERR_PTR(-ENOMEM);
3489
3490 if (unlikely(__copy_from_user(data, buf, len))) {
3491 kfree(data);
3492 return ERR_PTR(-EFAULT);
3493 }
3494
3495 pr_vdebug("Buffer from user space:\n");
3496 ffs_dump_mem("", data, len);
3497
3498 return data;
3499}
3500
3501DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3502MODULE_LICENSE("GPL");
3503MODULE_AUTHOR("Michal Nazarewicz");
3504
