1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/blkdev.h>
18#include <linux/pagemap.h>
19#include <linux/export.h>
20#include <linux/fs_parser.h>
21#include <linux/hid.h>
22#include <linux/mm.h>
23#include <linux/module.h>
24#include <linux/scatterlist.h>
25#include <linux/sched/signal.h>
26#include <linux/uio.h>
27#include <linux/vmalloc.h>
28#include <asm/unaligned.h>
29
30#include <linux/usb/ccid.h>
31#include <linux/usb/composite.h>
32#include <linux/usb/functionfs.h>
33
34#include <linux/aio.h>
35#include <linux/kthread.h>
36#include <linux/poll.h>
37#include <linux/eventfd.h>
38
39#include "u_fs.h"
40#include "u_f.h"
41#include "u_os_desc.h"
42#include "configfs.h"
43
44#define FUNCTIONFS_MAGIC 0xa647361
45
46
47static void ffs_data_get(struct ffs_data *ffs);
48static void ffs_data_put(struct ffs_data *ffs);
49
50static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
51 __attribute__((malloc));
52
53
54static void ffs_data_opened(struct ffs_data *ffs);
55static void ffs_data_closed(struct ffs_data *ffs);
56
57
58static int __must_check
59__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
60static int __must_check
61__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
62
63
64
65
66struct ffs_ep;
67
68struct ffs_function {
69 struct usb_configuration *conf;
70 struct usb_gadget *gadget;
71 struct ffs_data *ffs;
72
73 struct ffs_ep *eps;
74 u8 eps_revmap[16];
75 short *interfaces_nums;
76
77 struct usb_function function;
78};
79
80
81static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
82{
83 return container_of(f, struct ffs_function, function);
84}
85
86
87static inline enum ffs_setup_state
88ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
89{
90 return (enum ffs_setup_state)
91 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
92}
93
94
95static void ffs_func_eps_disable(struct ffs_function *func);
96static int __must_check ffs_func_eps_enable(struct ffs_function *func);
97
98static int ffs_func_bind(struct usb_configuration *,
99 struct usb_function *);
100static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
101static void ffs_func_disable(struct usb_function *);
102static int ffs_func_setup(struct usb_function *,
103 const struct usb_ctrlrequest *);
104static bool ffs_func_req_match(struct usb_function *,
105 const struct usb_ctrlrequest *,
106 bool config0);
107static void ffs_func_suspend(struct usb_function *);
108static void ffs_func_resume(struct usb_function *);
109
110
111static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
112static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
113
114
115
116
117struct ffs_ep {
118 struct usb_ep *ep;
119 struct usb_request *req;
120
121
122 struct usb_endpoint_descriptor *descs[3];
123
124 u8 num;
125
126 int status;
127};
128
129struct ffs_epfile {
130
131 struct mutex mutex;
132
133 struct ffs_data *ffs;
134 struct ffs_ep *ep;
135
136 struct dentry *dentry;
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193 struct ffs_buffer *read_buffer;
194#define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
195
196 char name[5];
197
198 unsigned char in;
199 unsigned char isoc;
200
201 unsigned char _pad;
202};
203
204struct ffs_buffer {
205 size_t length;
206 char *data;
207 char storage[];
208};
209
210
211
212struct ffs_io_data {
213 bool aio;
214 bool read;
215
216 struct kiocb *kiocb;
217 struct iov_iter data;
218 const void *to_free;
219 char *buf;
220
221 struct mm_struct *mm;
222 struct work_struct work;
223
224 struct usb_ep *ep;
225 struct usb_request *req;
226 struct sg_table sgt;
227 bool use_sg;
228
229 struct ffs_data *ffs;
230};
231
232struct ffs_desc_helper {
233 struct ffs_data *ffs;
234 unsigned interfaces_count;
235 unsigned eps_count;
236};
237
238static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
239static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
240
241static struct dentry *
242ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
243 const struct file_operations *fops);
244
245
246
247DEFINE_MUTEX(ffs_lock);
248EXPORT_SYMBOL_GPL(ffs_lock);
249
250static struct ffs_dev *_ffs_find_dev(const char *name);
251static struct ffs_dev *_ffs_alloc_dev(void);
252static void _ffs_free_dev(struct ffs_dev *dev);
253static int ffs_acquire_dev(const char *dev_name, struct ffs_data *ffs_data);
254static void ffs_release_dev(struct ffs_dev *ffs_dev);
255static int ffs_ready(struct ffs_data *ffs);
256static void ffs_closed(struct ffs_data *ffs);
257
258
259
260static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
261 __attribute__((warn_unused_result, nonnull));
262static char *ffs_prepare_buffer(const char __user *buf, size_t len)
263 __attribute__((warn_unused_result, nonnull));
264
265
266
267
268static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
269{
270 struct ffs_data *ffs = req->context;
271
272 complete(&ffs->ep0req_completion);
273}
274
275static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
276 __releases(&ffs->ev.waitq.lock)
277{
278 struct usb_request *req = ffs->ep0req;
279 int ret;
280
281 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
282
283 spin_unlock_irq(&ffs->ev.waitq.lock);
284
285 req->buf = data;
286 req->length = len;
287
288
289
290
291
292
293 if (req->buf == NULL)
294 req->buf = (void *)0xDEADBABE;
295
296 reinit_completion(&ffs->ep0req_completion);
297
298 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
299 if (ret < 0)
300 return ret;
301
302 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
303 if (ret) {
304 usb_ep_dequeue(ffs->gadget->ep0, req);
305 return -EINTR;
306 }
307
308 ffs->setup_state = FFS_NO_SETUP;
309 return req->status ? req->status : req->actual;
310}
311
312static int __ffs_ep0_stall(struct ffs_data *ffs)
313{
314 if (ffs->ev.can_stall) {
315 pr_vdebug("ep0 stall\n");
316 usb_ep_set_halt(ffs->gadget->ep0);
317 ffs->setup_state = FFS_NO_SETUP;
318 return -EL2HLT;
319 } else {
320 pr_debug("bogus ep0 stall!\n");
321 return -ESRCH;
322 }
323}
324
325static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
326 size_t len, loff_t *ptr)
327{
328 struct ffs_data *ffs = file->private_data;
329 ssize_t ret;
330 char *data;
331
332 ENTER();
333
334
335 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
336 return -EIDRM;
337
338
339 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
340 if (ret < 0)
341 return ret;
342
343
344 switch (ffs->state) {
345 case FFS_READ_DESCRIPTORS:
346 case FFS_READ_STRINGS:
347
348 if (len < 16) {
349 ret = -EINVAL;
350 break;
351 }
352
353 data = ffs_prepare_buffer(buf, len);
354 if (IS_ERR(data)) {
355 ret = PTR_ERR(data);
356 break;
357 }
358
359
360 if (ffs->state == FFS_READ_DESCRIPTORS) {
361 pr_info("read descriptors\n");
362 ret = __ffs_data_got_descs(ffs, data, len);
363 if (ret < 0)
364 break;
365
366 ffs->state = FFS_READ_STRINGS;
367 ret = len;
368 } else {
369 pr_info("read strings\n");
370 ret = __ffs_data_got_strings(ffs, data, len);
371 if (ret < 0)
372 break;
373
374 ret = ffs_epfiles_create(ffs);
375 if (ret) {
376 ffs->state = FFS_CLOSING;
377 break;
378 }
379
380 ffs->state = FFS_ACTIVE;
381 mutex_unlock(&ffs->mutex);
382
383 ret = ffs_ready(ffs);
384 if (ret < 0) {
385 ffs->state = FFS_CLOSING;
386 return ret;
387 }
388
389 return len;
390 }
391 break;
392
393 case FFS_ACTIVE:
394 data = NULL;
395
396
397
398
399 spin_lock_irq(&ffs->ev.waitq.lock);
400 switch (ffs_setup_state_clear_cancelled(ffs)) {
401 case FFS_SETUP_CANCELLED:
402 ret = -EIDRM;
403 goto done_spin;
404
405 case FFS_NO_SETUP:
406 ret = -ESRCH;
407 goto done_spin;
408
409 case FFS_SETUP_PENDING:
410 break;
411 }
412
413
414 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
415 spin_unlock_irq(&ffs->ev.waitq.lock);
416 ret = __ffs_ep0_stall(ffs);
417 break;
418 }
419
420
421 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
422
423 spin_unlock_irq(&ffs->ev.waitq.lock);
424
425 data = ffs_prepare_buffer(buf, len);
426 if (IS_ERR(data)) {
427 ret = PTR_ERR(data);
428 break;
429 }
430
431 spin_lock_irq(&ffs->ev.waitq.lock);
432
433
434
435
436
437
438
439
440
441
442
443
444
445 if (ffs_setup_state_clear_cancelled(ffs) ==
446 FFS_SETUP_CANCELLED) {
447 ret = -EIDRM;
448done_spin:
449 spin_unlock_irq(&ffs->ev.waitq.lock);
450 } else {
451
452 ret = __ffs_ep0_queue_wait(ffs, data, len);
453 }
454 kfree(data);
455 break;
456
457 default:
458 ret = -EBADFD;
459 break;
460 }
461
462 mutex_unlock(&ffs->mutex);
463 return ret;
464}
465
466
467static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
468 size_t n)
469 __releases(&ffs->ev.waitq.lock)
470{
471
472
473
474
475
476 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
477 const size_t size = n * sizeof *events;
478 unsigned i = 0;
479
480 memset(events, 0, size);
481
482 do {
483 events[i].type = ffs->ev.types[i];
484 if (events[i].type == FUNCTIONFS_SETUP) {
485 events[i].u.setup = ffs->ev.setup;
486 ffs->setup_state = FFS_SETUP_PENDING;
487 }
488 } while (++i < n);
489
490 ffs->ev.count -= n;
491 if (ffs->ev.count)
492 memmove(ffs->ev.types, ffs->ev.types + n,
493 ffs->ev.count * sizeof *ffs->ev.types);
494
495 spin_unlock_irq(&ffs->ev.waitq.lock);
496 mutex_unlock(&ffs->mutex);
497
498 return copy_to_user(buf, events, size) ? -EFAULT : size;
499}
500
501static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
502 size_t len, loff_t *ptr)
503{
504 struct ffs_data *ffs = file->private_data;
505 char *data = NULL;
506 size_t n;
507 int ret;
508
509 ENTER();
510
511
512 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
513 return -EIDRM;
514
515
516 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
517 if (ret < 0)
518 return ret;
519
520
521 if (ffs->state != FFS_ACTIVE) {
522 ret = -EBADFD;
523 goto done_mutex;
524 }
525
526
527
528
529
530 spin_lock_irq(&ffs->ev.waitq.lock);
531
532 switch (ffs_setup_state_clear_cancelled(ffs)) {
533 case FFS_SETUP_CANCELLED:
534 ret = -EIDRM;
535 break;
536
537 case FFS_NO_SETUP:
538 n = len / sizeof(struct usb_functionfs_event);
539 if (!n) {
540 ret = -EINVAL;
541 break;
542 }
543
544 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
545 ret = -EAGAIN;
546 break;
547 }
548
549 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
550 ffs->ev.count)) {
551 ret = -EINTR;
552 break;
553 }
554
555
556 return __ffs_ep0_read_events(ffs, buf,
557 min(n, (size_t)ffs->ev.count));
558
559 case FFS_SETUP_PENDING:
560 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
561 spin_unlock_irq(&ffs->ev.waitq.lock);
562 ret = __ffs_ep0_stall(ffs);
563 goto done_mutex;
564 }
565
566 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
567
568 spin_unlock_irq(&ffs->ev.waitq.lock);
569
570 if (len) {
571 data = kmalloc(len, GFP_KERNEL);
572 if (!data) {
573 ret = -ENOMEM;
574 goto done_mutex;
575 }
576 }
577
578 spin_lock_irq(&ffs->ev.waitq.lock);
579
580
581 if (ffs_setup_state_clear_cancelled(ffs) ==
582 FFS_SETUP_CANCELLED) {
583 ret = -EIDRM;
584 break;
585 }
586
587
588 ret = __ffs_ep0_queue_wait(ffs, data, len);
589 if ((ret > 0) && (copy_to_user(buf, data, len)))
590 ret = -EFAULT;
591 goto done_mutex;
592
593 default:
594 ret = -EBADFD;
595 break;
596 }
597
598 spin_unlock_irq(&ffs->ev.waitq.lock);
599done_mutex:
600 mutex_unlock(&ffs->mutex);
601 kfree(data);
602 return ret;
603}
604
605static int ffs_ep0_open(struct inode *inode, struct file *file)
606{
607 struct ffs_data *ffs = inode->i_private;
608
609 ENTER();
610
611 if (ffs->state == FFS_CLOSING)
612 return -EBUSY;
613
614 file->private_data = ffs;
615 ffs_data_opened(ffs);
616
617 return 0;
618}
619
620static int ffs_ep0_release(struct inode *inode, struct file *file)
621{
622 struct ffs_data *ffs = file->private_data;
623
624 ENTER();
625
626 ffs_data_closed(ffs);
627
628 return 0;
629}
630
631static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
632{
633 struct ffs_data *ffs = file->private_data;
634 struct usb_gadget *gadget = ffs->gadget;
635 long ret;
636
637 ENTER();
638
639 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
640 struct ffs_function *func = ffs->func;
641 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
642 } else if (gadget && gadget->ops->ioctl) {
643 ret = gadget->ops->ioctl(gadget, code, value);
644 } else {
645 ret = -ENOTTY;
646 }
647
648 return ret;
649}
650
651static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
652{
653 struct ffs_data *ffs = file->private_data;
654 __poll_t mask = EPOLLWRNORM;
655 int ret;
656
657 poll_wait(file, &ffs->ev.waitq, wait);
658
659 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
660 if (ret < 0)
661 return mask;
662
663 switch (ffs->state) {
664 case FFS_READ_DESCRIPTORS:
665 case FFS_READ_STRINGS:
666 mask |= EPOLLOUT;
667 break;
668
669 case FFS_ACTIVE:
670 switch (ffs->setup_state) {
671 case FFS_NO_SETUP:
672 if (ffs->ev.count)
673 mask |= EPOLLIN;
674 break;
675
676 case FFS_SETUP_PENDING:
677 case FFS_SETUP_CANCELLED:
678 mask |= (EPOLLIN | EPOLLOUT);
679 break;
680 }
681 break;
682
683 case FFS_CLOSING:
684 break;
685 case FFS_DEACTIVATED:
686 break;
687 }
688
689 mutex_unlock(&ffs->mutex);
690
691 return mask;
692}
693
694static const struct file_operations ffs_ep0_operations = {
695 .llseek = no_llseek,
696
697 .open = ffs_ep0_open,
698 .write = ffs_ep0_write,
699 .read = ffs_ep0_read,
700 .release = ffs_ep0_release,
701 .unlocked_ioctl = ffs_ep0_ioctl,
702 .poll = ffs_ep0_poll,
703};
704
705
706
707
708static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
709{
710 ENTER();
711 if (req->context) {
712 struct ffs_ep *ep = _ep->driver_data;
713 ep->status = req->status ? req->status : req->actual;
714 complete(req->context);
715 }
716}
717
718static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
719{
720 ssize_t ret = copy_to_iter(data, data_len, iter);
721 if (ret == data_len)
722 return ret;
723
724 if (iov_iter_count(iter))
725 return -EFAULT;
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
755 "Align read buffer size to max packet size to avoid the problem.\n",
756 data_len, ret);
757
758 return ret;
759}
760
761
762
763
764
765
766static void *ffs_build_sg_list(struct sg_table *sgt, size_t sz)
767{
768 struct page **pages;
769 void *vaddr, *ptr;
770 unsigned int n_pages;
771 int i;
772
773 vaddr = vmalloc(sz);
774 if (!vaddr)
775 return NULL;
776
777 n_pages = PAGE_ALIGN(sz) >> PAGE_SHIFT;
778 pages = kvmalloc_array(n_pages, sizeof(struct page *), GFP_KERNEL);
779 if (!pages) {
780 vfree(vaddr);
781
782 return NULL;
783 }
784 for (i = 0, ptr = vaddr; i < n_pages; ++i, ptr += PAGE_SIZE)
785 pages[i] = vmalloc_to_page(ptr);
786
787 if (sg_alloc_table_from_pages(sgt, pages, n_pages, 0, sz, GFP_KERNEL)) {
788 kvfree(pages);
789 vfree(vaddr);
790
791 return NULL;
792 }
793 kvfree(pages);
794
795 return vaddr;
796}
797
798static inline void *ffs_alloc_buffer(struct ffs_io_data *io_data,
799 size_t data_len)
800{
801 if (io_data->use_sg)
802 return ffs_build_sg_list(&io_data->sgt, data_len);
803
804 return kmalloc(data_len, GFP_KERNEL);
805}
806
807static inline void ffs_free_buffer(struct ffs_io_data *io_data)
808{
809 if (!io_data->buf)
810 return;
811
812 if (io_data->use_sg) {
813 sg_free_table(&io_data->sgt);
814 vfree(io_data->buf);
815 } else {
816 kfree(io_data->buf);
817 }
818}
819
820static void ffs_user_copy_worker(struct work_struct *work)
821{
822 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
823 work);
824 int ret = io_data->req->status ? io_data->req->status :
825 io_data->req->actual;
826 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
827
828 if (io_data->read && ret > 0) {
829 kthread_use_mm(io_data->mm);
830 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
831 kthread_unuse_mm(io_data->mm);
832 }
833
834 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
835
836 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
837 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
838
839 usb_ep_free_request(io_data->ep, io_data->req);
840
841 if (io_data->read)
842 kfree(io_data->to_free);
843 ffs_free_buffer(io_data);
844 kfree(io_data);
845}
846
847static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
848 struct usb_request *req)
849{
850 struct ffs_io_data *io_data = req->context;
851 struct ffs_data *ffs = io_data->ffs;
852
853 ENTER();
854
855 INIT_WORK(&io_data->work, ffs_user_copy_worker);
856 queue_work(ffs->io_completion_wq, &io_data->work);
857}
858
859static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
860{
861
862
863
864
865 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
866 if (buf && buf != READ_BUFFER_DROP)
867 kfree(buf);
868}
869
870
871static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
872 struct iov_iter *iter)
873{
874
875
876
877
878
879 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
880 ssize_t ret;
881 if (!buf || buf == READ_BUFFER_DROP)
882 return 0;
883
884 ret = copy_to_iter(buf->data, buf->length, iter);
885 if (buf->length == ret) {
886 kfree(buf);
887 return ret;
888 }
889
890 if (iov_iter_count(iter)) {
891 ret = -EFAULT;
892 } else {
893 buf->length -= ret;
894 buf->data += ret;
895 }
896
897 if (cmpxchg(&epfile->read_buffer, NULL, buf))
898 kfree(buf);
899
900 return ret;
901}
902
903
904static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
905 void *data, int data_len,
906 struct iov_iter *iter)
907{
908 struct ffs_buffer *buf;
909
910 ssize_t ret = copy_to_iter(data, data_len, iter);
911 if (data_len == ret)
912 return ret;
913
914 if (iov_iter_count(iter))
915 return -EFAULT;
916
917
918 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
919 data_len, ret);
920
921 data_len -= ret;
922 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
923 if (!buf)
924 return -ENOMEM;
925 buf->length = data_len;
926 buf->data = buf->storage;
927 memcpy(buf->storage, data + ret, data_len);
928
929
930
931
932
933
934
935 if (cmpxchg(&epfile->read_buffer, NULL, buf))
936 kfree(buf);
937
938 return ret;
939}
940
941static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
942{
943 struct ffs_epfile *epfile = file->private_data;
944 struct usb_request *req;
945 struct ffs_ep *ep;
946 char *data = NULL;
947 ssize_t ret, data_len = -EINVAL;
948 int halt;
949
950
951 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
952 return -ENODEV;
953
954
955 ep = epfile->ep;
956 if (!ep) {
957 if (file->f_flags & O_NONBLOCK)
958 return -EAGAIN;
959
960 ret = wait_event_interruptible(
961 epfile->ffs->wait, (ep = epfile->ep));
962 if (ret)
963 return -EINTR;
964 }
965
966
967 halt = (!io_data->read == !epfile->in);
968 if (halt && epfile->isoc)
969 return -EINVAL;
970
971
972 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
973 if (ret)
974 goto error;
975
976
977 if (!halt) {
978 struct usb_gadget *gadget;
979
980
981
982
983
984
985
986
987 if (!io_data->aio && io_data->read) {
988 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
989 if (ret)
990 goto error_mutex;
991 }
992
993
994
995
996
997
998 gadget = epfile->ffs->gadget;
999
1000 spin_lock_irq(&epfile->ffs->eps_lock);
1001
1002 if (epfile->ep != ep) {
1003 ret = -ESHUTDOWN;
1004 goto error_lock;
1005 }
1006 data_len = iov_iter_count(&io_data->data);
1007
1008
1009
1010
1011 if (io_data->read)
1012 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
1013
1014 io_data->use_sg = gadget->sg_supported && data_len > PAGE_SIZE;
1015 spin_unlock_irq(&epfile->ffs->eps_lock);
1016
1017 data = ffs_alloc_buffer(io_data, data_len);
1018 if (!data) {
1019 ret = -ENOMEM;
1020 goto error_mutex;
1021 }
1022 if (!io_data->read &&
1023 !copy_from_iter_full(data, data_len, &io_data->data)) {
1024 ret = -EFAULT;
1025 goto error_mutex;
1026 }
1027 }
1028
1029 spin_lock_irq(&epfile->ffs->eps_lock);
1030
1031 if (epfile->ep != ep) {
1032
1033 ret = -ESHUTDOWN;
1034 } else if (halt) {
1035 ret = usb_ep_set_halt(ep->ep);
1036 if (!ret)
1037 ret = -EBADMSG;
1038 } else if (data_len == -EINVAL) {
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050 WARN(1, "%s: data_len == -EINVAL\n", __func__);
1051 ret = -EINVAL;
1052 } else if (!io_data->aio) {
1053 DECLARE_COMPLETION_ONSTACK(done);
1054 bool interrupted = false;
1055
1056 req = ep->req;
1057 if (io_data->use_sg) {
1058 req->buf = NULL;
1059 req->sg = io_data->sgt.sgl;
1060 req->num_sgs = io_data->sgt.nents;
1061 } else {
1062 req->buf = data;
1063 req->num_sgs = 0;
1064 }
1065 req->length = data_len;
1066
1067 io_data->buf = data;
1068
1069 req->context = &done;
1070 req->complete = ffs_epfile_io_complete;
1071
1072 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1073 if (ret < 0)
1074 goto error_lock;
1075
1076 spin_unlock_irq(&epfile->ffs->eps_lock);
1077
1078 if (wait_for_completion_interruptible(&done)) {
1079
1080
1081
1082
1083
1084
1085 usb_ep_dequeue(ep->ep, req);
1086 wait_for_completion(&done);
1087 interrupted = ep->status < 0;
1088 }
1089
1090 if (interrupted)
1091 ret = -EINTR;
1092 else if (io_data->read && ep->status > 0)
1093 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1094 &io_data->data);
1095 else
1096 ret = ep->status;
1097 goto error_mutex;
1098 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
1099 ret = -ENOMEM;
1100 } else {
1101 if (io_data->use_sg) {
1102 req->buf = NULL;
1103 req->sg = io_data->sgt.sgl;
1104 req->num_sgs = io_data->sgt.nents;
1105 } else {
1106 req->buf = data;
1107 req->num_sgs = 0;
1108 }
1109 req->length = data_len;
1110
1111 io_data->buf = data;
1112 io_data->ep = ep->ep;
1113 io_data->req = req;
1114 io_data->ffs = epfile->ffs;
1115
1116 req->context = io_data;
1117 req->complete = ffs_epfile_async_io_complete;
1118
1119 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1120 if (ret) {
1121 io_data->req = NULL;
1122 usb_ep_free_request(ep->ep, req);
1123 goto error_lock;
1124 }
1125
1126 ret = -EIOCBQUEUED;
1127
1128
1129
1130
1131 data = NULL;
1132 }
1133
1134error_lock:
1135 spin_unlock_irq(&epfile->ffs->eps_lock);
1136error_mutex:
1137 mutex_unlock(&epfile->mutex);
1138error:
1139 if (ret != -EIOCBQUEUED)
1140 ffs_free_buffer(io_data);
1141 return ret;
1142}
1143
1144static int
1145ffs_epfile_open(struct inode *inode, struct file *file)
1146{
1147 struct ffs_epfile *epfile = inode->i_private;
1148
1149 ENTER();
1150
1151 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1152 return -ENODEV;
1153
1154 file->private_data = epfile;
1155 ffs_data_opened(epfile->ffs);
1156
1157 return 0;
1158}
1159
1160static int ffs_aio_cancel(struct kiocb *kiocb)
1161{
1162 struct ffs_io_data *io_data = kiocb->private;
1163 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1164 unsigned long flags;
1165 int value;
1166
1167 ENTER();
1168
1169 spin_lock_irqsave(&epfile->ffs->eps_lock, flags);
1170
1171 if (io_data && io_data->ep && io_data->req)
1172 value = usb_ep_dequeue(io_data->ep, io_data->req);
1173 else
1174 value = -EINVAL;
1175
1176 spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags);
1177
1178 return value;
1179}
1180
1181static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
1182{
1183 struct ffs_io_data io_data, *p = &io_data;
1184 ssize_t res;
1185
1186 ENTER();
1187
1188 if (!is_sync_kiocb(kiocb)) {
1189 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1190 if (!p)
1191 return -ENOMEM;
1192 p->aio = true;
1193 } else {
1194 memset(p, 0, sizeof(*p));
1195 p->aio = false;
1196 }
1197
1198 p->read = false;
1199 p->kiocb = kiocb;
1200 p->data = *from;
1201 p->mm = current->mm;
1202
1203 kiocb->private = p;
1204
1205 if (p->aio)
1206 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1207
1208 res = ffs_epfile_io(kiocb->ki_filp, p);
1209 if (res == -EIOCBQUEUED)
1210 return res;
1211 if (p->aio)
1212 kfree(p);
1213 else
1214 *from = p->data;
1215 return res;
1216}
1217
1218static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
1219{
1220 struct ffs_io_data io_data, *p = &io_data;
1221 ssize_t res;
1222
1223 ENTER();
1224
1225 if (!is_sync_kiocb(kiocb)) {
1226 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1227 if (!p)
1228 return -ENOMEM;
1229 p->aio = true;
1230 } else {
1231 memset(p, 0, sizeof(*p));
1232 p->aio = false;
1233 }
1234
1235 p->read = true;
1236 p->kiocb = kiocb;
1237 if (p->aio) {
1238 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1239 if (!p->to_free) {
1240 kfree(p);
1241 return -ENOMEM;
1242 }
1243 } else {
1244 p->data = *to;
1245 p->to_free = NULL;
1246 }
1247 p->mm = current->mm;
1248
1249 kiocb->private = p;
1250
1251 if (p->aio)
1252 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1253
1254 res = ffs_epfile_io(kiocb->ki_filp, p);
1255 if (res == -EIOCBQUEUED)
1256 return res;
1257
1258 if (p->aio) {
1259 kfree(p->to_free);
1260 kfree(p);
1261 } else {
1262 *to = p->data;
1263 }
1264 return res;
1265}
1266
1267static int
1268ffs_epfile_release(struct inode *inode, struct file *file)
1269{
1270 struct ffs_epfile *epfile = inode->i_private;
1271
1272 ENTER();
1273
1274 __ffs_epfile_read_buffer_free(epfile);
1275 ffs_data_closed(epfile->ffs);
1276
1277 return 0;
1278}
1279
1280static long ffs_epfile_ioctl(struct file *file, unsigned code,
1281 unsigned long value)
1282{
1283 struct ffs_epfile *epfile = file->private_data;
1284 struct ffs_ep *ep;
1285 int ret;
1286
1287 ENTER();
1288
1289 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1290 return -ENODEV;
1291
1292
1293 ep = epfile->ep;
1294 if (!ep) {
1295 if (file->f_flags & O_NONBLOCK)
1296 return -EAGAIN;
1297
1298 ret = wait_event_interruptible(
1299 epfile->ffs->wait, (ep = epfile->ep));
1300 if (ret)
1301 return -EINTR;
1302 }
1303
1304 spin_lock_irq(&epfile->ffs->eps_lock);
1305
1306
1307 if (epfile->ep != ep) {
1308 spin_unlock_irq(&epfile->ffs->eps_lock);
1309 return -ESHUTDOWN;
1310 }
1311
1312 switch (code) {
1313 case FUNCTIONFS_FIFO_STATUS:
1314 ret = usb_ep_fifo_status(epfile->ep->ep);
1315 break;
1316 case FUNCTIONFS_FIFO_FLUSH:
1317 usb_ep_fifo_flush(epfile->ep->ep);
1318 ret = 0;
1319 break;
1320 case FUNCTIONFS_CLEAR_HALT:
1321 ret = usb_ep_clear_halt(epfile->ep->ep);
1322 break;
1323 case FUNCTIONFS_ENDPOINT_REVMAP:
1324 ret = epfile->ep->num;
1325 break;
1326 case FUNCTIONFS_ENDPOINT_DESC:
1327 {
1328 int desc_idx;
1329 struct usb_endpoint_descriptor desc1, *desc;
1330
1331 switch (epfile->ffs->gadget->speed) {
1332 case USB_SPEED_SUPER:
1333 case USB_SPEED_SUPER_PLUS:
1334 desc_idx = 2;
1335 break;
1336 case USB_SPEED_HIGH:
1337 desc_idx = 1;
1338 break;
1339 default:
1340 desc_idx = 0;
1341 }
1342
1343 desc = epfile->ep->descs[desc_idx];
1344 memcpy(&desc1, desc, desc->bLength);
1345
1346 spin_unlock_irq(&epfile->ffs->eps_lock);
1347 ret = copy_to_user((void __user *)value, &desc1, desc1.bLength);
1348 if (ret)
1349 ret = -EFAULT;
1350 return ret;
1351 }
1352 default:
1353 ret = -ENOTTY;
1354 }
1355 spin_unlock_irq(&epfile->ffs->eps_lock);
1356
1357 return ret;
1358}
1359
1360static const struct file_operations ffs_epfile_operations = {
1361 .llseek = no_llseek,
1362
1363 .open = ffs_epfile_open,
1364 .write_iter = ffs_epfile_write_iter,
1365 .read_iter = ffs_epfile_read_iter,
1366 .release = ffs_epfile_release,
1367 .unlocked_ioctl = ffs_epfile_ioctl,
1368 .compat_ioctl = compat_ptr_ioctl,
1369};
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379static struct inode *__must_check
1380ffs_sb_make_inode(struct super_block *sb, void *data,
1381 const struct file_operations *fops,
1382 const struct inode_operations *iops,
1383 struct ffs_file_perms *perms)
1384{
1385 struct inode *inode;
1386
1387 ENTER();
1388
1389 inode = new_inode(sb);
1390
1391 if (inode) {
1392 struct timespec64 ts = current_time(inode);
1393
1394 inode->i_ino = get_next_ino();
1395 inode->i_mode = perms->mode;
1396 inode->i_uid = perms->uid;
1397 inode->i_gid = perms->gid;
1398 inode->i_atime = ts;
1399 inode->i_mtime = ts;
1400 inode->i_ctime = ts;
1401 inode->i_private = data;
1402 if (fops)
1403 inode->i_fop = fops;
1404 if (iops)
1405 inode->i_op = iops;
1406 }
1407
1408 return inode;
1409}
1410
1411
1412static struct dentry *ffs_sb_create_file(struct super_block *sb,
1413 const char *name, void *data,
1414 const struct file_operations *fops)
1415{
1416 struct ffs_data *ffs = sb->s_fs_info;
1417 struct dentry *dentry;
1418 struct inode *inode;
1419
1420 ENTER();
1421
1422 dentry = d_alloc_name(sb->s_root, name);
1423 if (!dentry)
1424 return NULL;
1425
1426 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1427 if (!inode) {
1428 dput(dentry);
1429 return NULL;
1430 }
1431
1432 d_add(dentry, inode);
1433 return dentry;
1434}
1435
1436
1437static const struct super_operations ffs_sb_operations = {
1438 .statfs = simple_statfs,
1439 .drop_inode = generic_delete_inode,
1440};
1441
1442struct ffs_sb_fill_data {
1443 struct ffs_file_perms perms;
1444 umode_t root_mode;
1445 const char *dev_name;
1446 bool no_disconnect;
1447 struct ffs_data *ffs_data;
1448};
1449
1450static int ffs_sb_fill(struct super_block *sb, struct fs_context *fc)
1451{
1452 struct ffs_sb_fill_data *data = fc->fs_private;
1453 struct inode *inode;
1454 struct ffs_data *ffs = data->ffs_data;
1455
1456 ENTER();
1457
1458 ffs->sb = sb;
1459 data->ffs_data = NULL;
1460 sb->s_fs_info = ffs;
1461 sb->s_blocksize = PAGE_SIZE;
1462 sb->s_blocksize_bits = PAGE_SHIFT;
1463 sb->s_magic = FUNCTIONFS_MAGIC;
1464 sb->s_op = &ffs_sb_operations;
1465 sb->s_time_gran = 1;
1466
1467
1468 data->perms.mode = data->root_mode;
1469 inode = ffs_sb_make_inode(sb, NULL,
1470 &simple_dir_operations,
1471 &simple_dir_inode_operations,
1472 &data->perms);
1473 sb->s_root = d_make_root(inode);
1474 if (!sb->s_root)
1475 return -ENOMEM;
1476
1477
1478 if (!ffs_sb_create_file(sb, "ep0", ffs, &ffs_ep0_operations))
1479 return -ENOMEM;
1480
1481 return 0;
1482}
1483
1484enum {
1485 Opt_no_disconnect,
1486 Opt_rmode,
1487 Opt_fmode,
1488 Opt_mode,
1489 Opt_uid,
1490 Opt_gid,
1491};
1492
1493static const struct fs_parameter_spec ffs_fs_fs_parameters[] = {
1494 fsparam_bool ("no_disconnect", Opt_no_disconnect),
1495 fsparam_u32 ("rmode", Opt_rmode),
1496 fsparam_u32 ("fmode", Opt_fmode),
1497 fsparam_u32 ("mode", Opt_mode),
1498 fsparam_u32 ("uid", Opt_uid),
1499 fsparam_u32 ("gid", Opt_gid),
1500 {}
1501};
1502
1503static int ffs_fs_parse_param(struct fs_context *fc, struct fs_parameter *param)
1504{
1505 struct ffs_sb_fill_data *data = fc->fs_private;
1506 struct fs_parse_result result;
1507 int opt;
1508
1509 ENTER();
1510
1511 opt = fs_parse(fc, ffs_fs_fs_parameters, param, &result);
1512 if (opt < 0)
1513 return opt;
1514
1515 switch (opt) {
1516 case Opt_no_disconnect:
1517 data->no_disconnect = result.boolean;
1518 break;
1519 case Opt_rmode:
1520 data->root_mode = (result.uint_32 & 0555) | S_IFDIR;
1521 break;
1522 case Opt_fmode:
1523 data->perms.mode = (result.uint_32 & 0666) | S_IFREG;
1524 break;
1525 case Opt_mode:
1526 data->root_mode = (result.uint_32 & 0555) | S_IFDIR;
1527 data->perms.mode = (result.uint_32 & 0666) | S_IFREG;
1528 break;
1529
1530 case Opt_uid:
1531 data->perms.uid = make_kuid(current_user_ns(), result.uint_32);
1532 if (!uid_valid(data->perms.uid))
1533 goto unmapped_value;
1534 break;
1535 case Opt_gid:
1536 data->perms.gid = make_kgid(current_user_ns(), result.uint_32);
1537 if (!gid_valid(data->perms.gid))
1538 goto unmapped_value;
1539 break;
1540
1541 default:
1542 return -ENOPARAM;
1543 }
1544
1545 return 0;
1546
1547unmapped_value:
1548 return invalf(fc, "%s: unmapped value: %u", param->key, result.uint_32);
1549}
1550
1551
1552
1553
1554static int ffs_fs_get_tree(struct fs_context *fc)
1555{
1556 struct ffs_sb_fill_data *ctx = fc->fs_private;
1557 struct ffs_data *ffs;
1558 int ret;
1559
1560 ENTER();
1561
1562 if (!fc->source)
1563 return invalf(fc, "No source specified");
1564
1565 ffs = ffs_data_new(fc->source);
1566 if (!ffs)
1567 return -ENOMEM;
1568 ffs->file_perms = ctx->perms;
1569 ffs->no_disconnect = ctx->no_disconnect;
1570
1571 ffs->dev_name = kstrdup(fc->source, GFP_KERNEL);
1572 if (!ffs->dev_name) {
1573 ffs_data_put(ffs);
1574 return -ENOMEM;
1575 }
1576
1577 ret = ffs_acquire_dev(ffs->dev_name, ffs);
1578 if (ret) {
1579 ffs_data_put(ffs);
1580 return ret;
1581 }
1582
1583 ctx->ffs_data = ffs;
1584 return get_tree_nodev(fc, ffs_sb_fill);
1585}
1586
1587static void ffs_fs_free_fc(struct fs_context *fc)
1588{
1589 struct ffs_sb_fill_data *ctx = fc->fs_private;
1590
1591 if (ctx) {
1592 if (ctx->ffs_data) {
1593 ffs_data_put(ctx->ffs_data);
1594 }
1595
1596 kfree(ctx);
1597 }
1598}
1599
1600static const struct fs_context_operations ffs_fs_context_ops = {
1601 .free = ffs_fs_free_fc,
1602 .parse_param = ffs_fs_parse_param,
1603 .get_tree = ffs_fs_get_tree,
1604};
1605
1606static int ffs_fs_init_fs_context(struct fs_context *fc)
1607{
1608 struct ffs_sb_fill_data *ctx;
1609
1610 ctx = kzalloc(sizeof(struct ffs_sb_fill_data), GFP_KERNEL);
1611 if (!ctx)
1612 return -ENOMEM;
1613
1614 ctx->perms.mode = S_IFREG | 0600;
1615 ctx->perms.uid = GLOBAL_ROOT_UID;
1616 ctx->perms.gid = GLOBAL_ROOT_GID;
1617 ctx->root_mode = S_IFDIR | 0500;
1618 ctx->no_disconnect = false;
1619
1620 fc->fs_private = ctx;
1621 fc->ops = &ffs_fs_context_ops;
1622 return 0;
1623}
1624
1625static void
1626ffs_fs_kill_sb(struct super_block *sb)
1627{
1628 ENTER();
1629
1630 kill_litter_super(sb);
1631 if (sb->s_fs_info)
1632 ffs_data_closed(sb->s_fs_info);
1633}
1634
1635static struct file_system_type ffs_fs_type = {
1636 .owner = THIS_MODULE,
1637 .name = "functionfs",
1638 .init_fs_context = ffs_fs_init_fs_context,
1639 .parameters = ffs_fs_fs_parameters,
1640 .kill_sb = ffs_fs_kill_sb,
1641};
1642MODULE_ALIAS_FS("functionfs");
1643
1644
1645
1646
1647static int functionfs_init(void)
1648{
1649 int ret;
1650
1651 ENTER();
1652
1653 ret = register_filesystem(&ffs_fs_type);
1654 if (!ret)
1655 pr_info("file system registered\n");
1656 else
1657 pr_err("failed registering file system (%d)\n", ret);
1658
1659 return ret;
1660}
1661
1662static void functionfs_cleanup(void)
1663{
1664 ENTER();
1665
1666 pr_info("unloading\n");
1667 unregister_filesystem(&ffs_fs_type);
1668}
1669
1670
1671
1672
1673static void ffs_data_clear(struct ffs_data *ffs);
1674static void ffs_data_reset(struct ffs_data *ffs);
1675
1676static void ffs_data_get(struct ffs_data *ffs)
1677{
1678 ENTER();
1679
1680 refcount_inc(&ffs->ref);
1681}
1682
1683static void ffs_data_opened(struct ffs_data *ffs)
1684{
1685 ENTER();
1686
1687 refcount_inc(&ffs->ref);
1688 if (atomic_add_return(1, &ffs->opened) == 1 &&
1689 ffs->state == FFS_DEACTIVATED) {
1690 ffs->state = FFS_CLOSING;
1691 ffs_data_reset(ffs);
1692 }
1693}
1694
1695static void ffs_data_put(struct ffs_data *ffs)
1696{
1697 ENTER();
1698
1699 if (refcount_dec_and_test(&ffs->ref)) {
1700 pr_info("%s(): freeing\n", __func__);
1701 ffs_data_clear(ffs);
1702 ffs_release_dev(ffs->private_data);
1703 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1704 swait_active(&ffs->ep0req_completion.wait) ||
1705 waitqueue_active(&ffs->wait));
1706 destroy_workqueue(ffs->io_completion_wq);
1707 kfree(ffs->dev_name);
1708 kfree(ffs);
1709 }
1710}
1711
1712static void ffs_data_closed(struct ffs_data *ffs)
1713{
1714 ENTER();
1715
1716 if (atomic_dec_and_test(&ffs->opened)) {
1717 if (ffs->no_disconnect) {
1718 ffs->state = FFS_DEACTIVATED;
1719 if (ffs->epfiles) {
1720 ffs_epfiles_destroy(ffs->epfiles,
1721 ffs->eps_count);
1722 ffs->epfiles = NULL;
1723 }
1724 if (ffs->setup_state == FFS_SETUP_PENDING)
1725 __ffs_ep0_stall(ffs);
1726 } else {
1727 ffs->state = FFS_CLOSING;
1728 ffs_data_reset(ffs);
1729 }
1730 }
1731 if (atomic_read(&ffs->opened) < 0) {
1732 ffs->state = FFS_CLOSING;
1733 ffs_data_reset(ffs);
1734 }
1735
1736 ffs_data_put(ffs);
1737}
1738
1739static struct ffs_data *ffs_data_new(const char *dev_name)
1740{
1741 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1742 if (!ffs)
1743 return NULL;
1744
1745 ENTER();
1746
1747 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1748 if (!ffs->io_completion_wq) {
1749 kfree(ffs);
1750 return NULL;
1751 }
1752
1753 refcount_set(&ffs->ref, 1);
1754 atomic_set(&ffs->opened, 0);
1755 ffs->state = FFS_READ_DESCRIPTORS;
1756 mutex_init(&ffs->mutex);
1757 spin_lock_init(&ffs->eps_lock);
1758 init_waitqueue_head(&ffs->ev.waitq);
1759 init_waitqueue_head(&ffs->wait);
1760 init_completion(&ffs->ep0req_completion);
1761
1762
1763 ffs->ev.can_stall = 1;
1764
1765 return ffs;
1766}
1767
1768static void ffs_data_clear(struct ffs_data *ffs)
1769{
1770 ENTER();
1771
1772 ffs_closed(ffs);
1773
1774 BUG_ON(ffs->gadget);
1775
1776 if (ffs->epfiles)
1777 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1778
1779 if (ffs->ffs_eventfd)
1780 eventfd_ctx_put(ffs->ffs_eventfd);
1781
1782 kfree(ffs->raw_descs_data);
1783 kfree(ffs->raw_strings);
1784 kfree(ffs->stringtabs);
1785}
1786
1787static void ffs_data_reset(struct ffs_data *ffs)
1788{
1789 ENTER();
1790
1791 ffs_data_clear(ffs);
1792
1793 ffs->epfiles = NULL;
1794 ffs->raw_descs_data = NULL;
1795 ffs->raw_descs = NULL;
1796 ffs->raw_strings = NULL;
1797 ffs->stringtabs = NULL;
1798
1799 ffs->raw_descs_length = 0;
1800 ffs->fs_descs_count = 0;
1801 ffs->hs_descs_count = 0;
1802 ffs->ss_descs_count = 0;
1803
1804 ffs->strings_count = 0;
1805 ffs->interfaces_count = 0;
1806 ffs->eps_count = 0;
1807
1808 ffs->ev.count = 0;
1809
1810 ffs->state = FFS_READ_DESCRIPTORS;
1811 ffs->setup_state = FFS_NO_SETUP;
1812 ffs->flags = 0;
1813
1814 ffs->ms_os_descs_ext_prop_count = 0;
1815 ffs->ms_os_descs_ext_prop_name_len = 0;
1816 ffs->ms_os_descs_ext_prop_data_len = 0;
1817}
1818
1819
1820static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1821{
1822 struct usb_gadget_strings **lang;
1823 int first_id;
1824
1825 ENTER();
1826
1827 if (WARN_ON(ffs->state != FFS_ACTIVE
1828 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1829 return -EBADFD;
1830
1831 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1832 if (first_id < 0)
1833 return first_id;
1834
1835 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1836 if (!ffs->ep0req)
1837 return -ENOMEM;
1838 ffs->ep0req->complete = ffs_ep0_complete;
1839 ffs->ep0req->context = ffs;
1840
1841 lang = ffs->stringtabs;
1842 if (lang) {
1843 for (; *lang; ++lang) {
1844 struct usb_string *str = (*lang)->strings;
1845 int id = first_id;
1846 for (; str->s; ++id, ++str)
1847 str->id = id;
1848 }
1849 }
1850
1851 ffs->gadget = cdev->gadget;
1852 ffs_data_get(ffs);
1853 return 0;
1854}
1855
1856static void functionfs_unbind(struct ffs_data *ffs)
1857{
1858 ENTER();
1859
1860 if (!WARN_ON(!ffs->gadget)) {
1861 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1862 ffs->ep0req = NULL;
1863 ffs->gadget = NULL;
1864 clear_bit(FFS_FL_BOUND, &ffs->flags);
1865 ffs_data_put(ffs);
1866 }
1867}
1868
1869static int ffs_epfiles_create(struct ffs_data *ffs)
1870{
1871 struct ffs_epfile *epfile, *epfiles;
1872 unsigned i, count;
1873
1874 ENTER();
1875
1876 count = ffs->eps_count;
1877 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1878 if (!epfiles)
1879 return -ENOMEM;
1880
1881 epfile = epfiles;
1882 for (i = 1; i <= count; ++i, ++epfile) {
1883 epfile->ffs = ffs;
1884 mutex_init(&epfile->mutex);
1885 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1886 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1887 else
1888 sprintf(epfile->name, "ep%u", i);
1889 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1890 epfile,
1891 &ffs_epfile_operations);
1892 if (!epfile->dentry) {
1893 ffs_epfiles_destroy(epfiles, i - 1);
1894 return -ENOMEM;
1895 }
1896 }
1897
1898 ffs->epfiles = epfiles;
1899 return 0;
1900}
1901
1902static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1903{
1904 struct ffs_epfile *epfile = epfiles;
1905
1906 ENTER();
1907
1908 for (; count; --count, ++epfile) {
1909 BUG_ON(mutex_is_locked(&epfile->mutex));
1910 if (epfile->dentry) {
1911 d_delete(epfile->dentry);
1912 dput(epfile->dentry);
1913 epfile->dentry = NULL;
1914 }
1915 }
1916
1917 kfree(epfiles);
1918}
1919
1920static void ffs_func_eps_disable(struct ffs_function *func)
1921{
1922 struct ffs_ep *ep = func->eps;
1923 struct ffs_epfile *epfile = func->ffs->epfiles;
1924 unsigned count = func->ffs->eps_count;
1925 unsigned long flags;
1926
1927 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1928 while (count--) {
1929
1930 if (ep->ep)
1931 usb_ep_disable(ep->ep);
1932 ++ep;
1933
1934 if (epfile) {
1935 epfile->ep = NULL;
1936 __ffs_epfile_read_buffer_free(epfile);
1937 ++epfile;
1938 }
1939 }
1940 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1941}
1942
1943static int ffs_func_eps_enable(struct ffs_function *func)
1944{
1945 struct ffs_data *ffs = func->ffs;
1946 struct ffs_ep *ep = func->eps;
1947 struct ffs_epfile *epfile = ffs->epfiles;
1948 unsigned count = ffs->eps_count;
1949 unsigned long flags;
1950 int ret = 0;
1951
1952 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1953 while(count--) {
1954 ep->ep->driver_data = ep;
1955
1956 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1957 if (ret) {
1958 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1959 __func__, ep->ep->name, ret);
1960 break;
1961 }
1962
1963 ret = usb_ep_enable(ep->ep);
1964 if (!ret) {
1965 epfile->ep = ep;
1966 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1967 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
1968 } else {
1969 break;
1970 }
1971
1972 ++ep;
1973 ++epfile;
1974 }
1975
1976 wake_up_interruptible(&ffs->wait);
1977 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1978
1979 return ret;
1980}
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992enum ffs_entity_type {
1993 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1994};
1995
1996enum ffs_os_desc_type {
1997 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
1998};
1999
2000typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
2001 u8 *valuep,
2002 struct usb_descriptor_header *desc,
2003 void *priv);
2004
2005typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
2006 struct usb_os_desc_header *h, void *data,
2007 unsigned len, void *priv);
2008
2009static int __must_check ffs_do_single_desc(char *data, unsigned len,
2010 ffs_entity_callback entity,
2011 void *priv, int *current_class)
2012{
2013 struct usb_descriptor_header *_ds = (void *)data;
2014 u8 length;
2015 int ret;
2016
2017 ENTER();
2018
2019
2020 if (len < 2) {
2021 pr_vdebug("descriptor too short\n");
2022 return -EINVAL;
2023 }
2024
2025
2026 length = _ds->bLength;
2027 if (len < length) {
2028 pr_vdebug("descriptor longer then available data\n");
2029 return -EINVAL;
2030 }
2031
2032#define __entity_check_INTERFACE(val) 1
2033#define __entity_check_STRING(val) (val)
2034#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
2035#define __entity(type, val) do { \
2036 pr_vdebug("entity " #type "(%02x)\n", (val)); \
2037 if (!__entity_check_ ##type(val)) { \
2038 pr_vdebug("invalid entity's value\n"); \
2039 return -EINVAL; \
2040 } \
2041 ret = entity(FFS_ ##type, &val, _ds, priv); \
2042 if (ret < 0) { \
2043 pr_debug("entity " #type "(%02x); ret = %d\n", \
2044 (val), ret); \
2045 return ret; \
2046 } \
2047 } while (0)
2048
2049
2050 switch (_ds->bDescriptorType) {
2051 case USB_DT_DEVICE:
2052 case USB_DT_CONFIG:
2053 case USB_DT_STRING:
2054 case USB_DT_DEVICE_QUALIFIER:
2055
2056 pr_vdebug("descriptor reserved for gadget: %d\n",
2057 _ds->bDescriptorType);
2058 return -EINVAL;
2059
2060 case USB_DT_INTERFACE: {
2061 struct usb_interface_descriptor *ds = (void *)_ds;
2062 pr_vdebug("interface descriptor\n");
2063 if (length != sizeof *ds)
2064 goto inv_length;
2065
2066 __entity(INTERFACE, ds->bInterfaceNumber);
2067 if (ds->iInterface)
2068 __entity(STRING, ds->iInterface);
2069 *current_class = ds->bInterfaceClass;
2070 }
2071 break;
2072
2073 case USB_DT_ENDPOINT: {
2074 struct usb_endpoint_descriptor *ds = (void *)_ds;
2075 pr_vdebug("endpoint descriptor\n");
2076 if (length != USB_DT_ENDPOINT_SIZE &&
2077 length != USB_DT_ENDPOINT_AUDIO_SIZE)
2078 goto inv_length;
2079 __entity(ENDPOINT, ds->bEndpointAddress);
2080 }
2081 break;
2082
2083 case USB_TYPE_CLASS | 0x01:
2084 if (*current_class == USB_INTERFACE_CLASS_HID) {
2085 pr_vdebug("hid descriptor\n");
2086 if (length != sizeof(struct hid_descriptor))
2087 goto inv_length;
2088 break;
2089 } else if (*current_class == USB_INTERFACE_CLASS_CCID) {
2090 pr_vdebug("ccid descriptor\n");
2091 if (length != sizeof(struct ccid_descriptor))
2092 goto inv_length;
2093 break;
2094 } else {
2095 pr_vdebug("unknown descriptor: %d for class %d\n",
2096 _ds->bDescriptorType, *current_class);
2097 return -EINVAL;
2098 }
2099
2100 case USB_DT_OTG:
2101 if (length != sizeof(struct usb_otg_descriptor))
2102 goto inv_length;
2103 break;
2104
2105 case USB_DT_INTERFACE_ASSOCIATION: {
2106 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
2107 pr_vdebug("interface association descriptor\n");
2108 if (length != sizeof *ds)
2109 goto inv_length;
2110 if (ds->iFunction)
2111 __entity(STRING, ds->iFunction);
2112 }
2113 break;
2114
2115 case USB_DT_SS_ENDPOINT_COMP:
2116 pr_vdebug("EP SS companion descriptor\n");
2117 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2118 goto inv_length;
2119 break;
2120
2121 case USB_DT_OTHER_SPEED_CONFIG:
2122 case USB_DT_INTERFACE_POWER:
2123 case USB_DT_DEBUG:
2124 case USB_DT_SECURITY:
2125 case USB_DT_CS_RADIO_CONTROL:
2126
2127 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2128 return -EINVAL;
2129
2130 default:
2131
2132 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2133 return -EINVAL;
2134
2135inv_length:
2136 pr_vdebug("invalid length: %d (descriptor %d)\n",
2137 _ds->bLength, _ds->bDescriptorType);
2138 return -EINVAL;
2139 }
2140
2141#undef __entity
2142#undef __entity_check_DESCRIPTOR
2143#undef __entity_check_INTERFACE
2144#undef __entity_check_STRING
2145#undef __entity_check_ENDPOINT
2146
2147 return length;
2148}
2149
2150static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2151 ffs_entity_callback entity, void *priv)
2152{
2153 const unsigned _len = len;
2154 unsigned long num = 0;
2155 int current_class = -1;
2156
2157 ENTER();
2158
2159 for (;;) {
2160 int ret;
2161
2162 if (num == count)
2163 data = NULL;
2164
2165
2166 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2167 if (ret < 0) {
2168 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2169 num, ret);
2170 return ret;
2171 }
2172
2173 if (!data)
2174 return _len - len;
2175
2176 ret = ffs_do_single_desc(data, len, entity, priv,
2177 ¤t_class);
2178 if (ret < 0) {
2179 pr_debug("%s returns %d\n", __func__, ret);
2180 return ret;
2181 }
2182
2183 len -= ret;
2184 data += ret;
2185 ++num;
2186 }
2187}
2188
2189static int __ffs_data_do_entity(enum ffs_entity_type type,
2190 u8 *valuep, struct usb_descriptor_header *desc,
2191 void *priv)
2192{
2193 struct ffs_desc_helper *helper = priv;
2194 struct usb_endpoint_descriptor *d;
2195
2196 ENTER();
2197
2198 switch (type) {
2199 case FFS_DESCRIPTOR:
2200 break;
2201
2202 case FFS_INTERFACE:
2203
2204
2205
2206
2207
2208 if (*valuep >= helper->interfaces_count)
2209 helper->interfaces_count = *valuep + 1;
2210 break;
2211
2212 case FFS_STRING:
2213
2214
2215
2216
2217 if (*valuep > helper->ffs->strings_count)
2218 helper->ffs->strings_count = *valuep;
2219 break;
2220
2221 case FFS_ENDPOINT:
2222 d = (void *)desc;
2223 helper->eps_count++;
2224 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
2225 return -EINVAL;
2226
2227 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2228 helper->ffs->eps_addrmap[helper->eps_count] =
2229 d->bEndpointAddress;
2230 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2231 d->bEndpointAddress)
2232 return -EINVAL;
2233 break;
2234 }
2235
2236 return 0;
2237}
2238
2239static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2240 struct usb_os_desc_header *desc)
2241{
2242 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2243 u16 w_index = le16_to_cpu(desc->wIndex);
2244
2245 if (bcd_version != 1) {
2246 pr_vdebug("unsupported os descriptors version: %d",
2247 bcd_version);
2248 return -EINVAL;
2249 }
2250 switch (w_index) {
2251 case 0x4:
2252 *next_type = FFS_OS_DESC_EXT_COMPAT;
2253 break;
2254 case 0x5:
2255 *next_type = FFS_OS_DESC_EXT_PROP;
2256 break;
2257 default:
2258 pr_vdebug("unsupported os descriptor type: %d", w_index);
2259 return -EINVAL;
2260 }
2261
2262 return sizeof(*desc);
2263}
2264
2265
2266
2267
2268
2269static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2270 enum ffs_os_desc_type type,
2271 u16 feature_count,
2272 ffs_os_desc_callback entity,
2273 void *priv,
2274 struct usb_os_desc_header *h)
2275{
2276 int ret;
2277 const unsigned _len = len;
2278
2279 ENTER();
2280
2281
2282 while (feature_count--) {
2283 ret = entity(type, h, data, len, priv);
2284 if (ret < 0) {
2285 pr_debug("bad OS descriptor, type: %d\n", type);
2286 return ret;
2287 }
2288 data += ret;
2289 len -= ret;
2290 }
2291 return _len - len;
2292}
2293
2294
2295static int __must_check ffs_do_os_descs(unsigned count,
2296 char *data, unsigned len,
2297 ffs_os_desc_callback entity, void *priv)
2298{
2299 const unsigned _len = len;
2300 unsigned long num = 0;
2301
2302 ENTER();
2303
2304 for (num = 0; num < count; ++num) {
2305 int ret;
2306 enum ffs_os_desc_type type;
2307 u16 feature_count;
2308 struct usb_os_desc_header *desc = (void *)data;
2309
2310 if (len < sizeof(*desc))
2311 return -EINVAL;
2312
2313
2314
2315
2316
2317
2318
2319
2320 if (le32_to_cpu(desc->dwLength) > len)
2321 return -EINVAL;
2322
2323 ret = __ffs_do_os_desc_header(&type, desc);
2324 if (ret < 0) {
2325 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2326 num, ret);
2327 return ret;
2328 }
2329
2330
2331
2332 feature_count = le16_to_cpu(desc->wCount);
2333 if (type == FFS_OS_DESC_EXT_COMPAT &&
2334 (feature_count > 255 || desc->Reserved))
2335 return -EINVAL;
2336 len -= ret;
2337 data += ret;
2338
2339
2340
2341
2342
2343 ret = ffs_do_single_os_desc(data, len, type,
2344 feature_count, entity, priv, desc);
2345 if (ret < 0) {
2346 pr_debug("%s returns %d\n", __func__, ret);
2347 return ret;
2348 }
2349
2350 len -= ret;
2351 data += ret;
2352 }
2353 return _len - len;
2354}
2355
2356
2357
2358
2359static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2360 struct usb_os_desc_header *h, void *data,
2361 unsigned len, void *priv)
2362{
2363 struct ffs_data *ffs = priv;
2364 u8 length;
2365
2366 ENTER();
2367
2368 switch (type) {
2369 case FFS_OS_DESC_EXT_COMPAT: {
2370 struct usb_ext_compat_desc *d = data;
2371 int i;
2372
2373 if (len < sizeof(*d) ||
2374 d->bFirstInterfaceNumber >= ffs->interfaces_count)
2375 return -EINVAL;
2376 if (d->Reserved1 != 1) {
2377
2378
2379
2380
2381
2382
2383 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2384 d->Reserved1 = 1;
2385 }
2386 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2387 if (d->Reserved2[i])
2388 return -EINVAL;
2389
2390 length = sizeof(struct usb_ext_compat_desc);
2391 }
2392 break;
2393 case FFS_OS_DESC_EXT_PROP: {
2394 struct usb_ext_prop_desc *d = data;
2395 u32 type, pdl;
2396 u16 pnl;
2397
2398 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2399 return -EINVAL;
2400 length = le32_to_cpu(d->dwSize);
2401 if (len < length)
2402 return -EINVAL;
2403 type = le32_to_cpu(d->dwPropertyDataType);
2404 if (type < USB_EXT_PROP_UNICODE ||
2405 type > USB_EXT_PROP_UNICODE_MULTI) {
2406 pr_vdebug("unsupported os descriptor property type: %d",
2407 type);
2408 return -EINVAL;
2409 }
2410 pnl = le16_to_cpu(d->wPropertyNameLength);
2411 if (length < 14 + pnl) {
2412 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2413 length, pnl, type);
2414 return -EINVAL;
2415 }
2416 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
2417 if (length != 14 + pnl + pdl) {
2418 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2419 length, pnl, pdl, type);
2420 return -EINVAL;
2421 }
2422 ++ffs->ms_os_descs_ext_prop_count;
2423
2424 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2425 ffs->ms_os_descs_ext_prop_data_len += pdl;
2426 }
2427 break;
2428 default:
2429 pr_vdebug("unknown descriptor: %d\n", type);
2430 return -EINVAL;
2431 }
2432 return length;
2433}
2434
2435static int __ffs_data_got_descs(struct ffs_data *ffs,
2436 char *const _data, size_t len)
2437{
2438 char *data = _data, *raw_descs;
2439 unsigned os_descs_count = 0, counts[3], flags;
2440 int ret = -EINVAL, i;
2441 struct ffs_desc_helper helper;
2442
2443 ENTER();
2444
2445 if (get_unaligned_le32(data + 4) != len)
2446 goto error;
2447
2448 switch (get_unaligned_le32(data)) {
2449 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2450 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2451 data += 8;
2452 len -= 8;
2453 break;
2454 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2455 flags = get_unaligned_le32(data + 8);
2456 ffs->user_flags = flags;
2457 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2458 FUNCTIONFS_HAS_HS_DESC |
2459 FUNCTIONFS_HAS_SS_DESC |
2460 FUNCTIONFS_HAS_MS_OS_DESC |
2461 FUNCTIONFS_VIRTUAL_ADDR |
2462 FUNCTIONFS_EVENTFD |
2463 FUNCTIONFS_ALL_CTRL_RECIP |
2464 FUNCTIONFS_CONFIG0_SETUP)) {
2465 ret = -ENOSYS;
2466 goto error;
2467 }
2468 data += 12;
2469 len -= 12;
2470 break;
2471 default:
2472 goto error;
2473 }
2474
2475 if (flags & FUNCTIONFS_EVENTFD) {
2476 if (len < 4)
2477 goto error;
2478 ffs->ffs_eventfd =
2479 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2480 if (IS_ERR(ffs->ffs_eventfd)) {
2481 ret = PTR_ERR(ffs->ffs_eventfd);
2482 ffs->ffs_eventfd = NULL;
2483 goto error;
2484 }
2485 data += 4;
2486 len -= 4;
2487 }
2488
2489
2490 for (i = 0; i < 3; ++i) {
2491 if (!(flags & (1 << i))) {
2492 counts[i] = 0;
2493 } else if (len < 4) {
2494 goto error;
2495 } else {
2496 counts[i] = get_unaligned_le32(data);
2497 data += 4;
2498 len -= 4;
2499 }
2500 }
2501 if (flags & (1 << i)) {
2502 if (len < 4) {
2503 goto error;
2504 }
2505 os_descs_count = get_unaligned_le32(data);
2506 data += 4;
2507 len -= 4;
2508 }
2509
2510
2511 raw_descs = data;
2512 helper.ffs = ffs;
2513 for (i = 0; i < 3; ++i) {
2514 if (!counts[i])
2515 continue;
2516 helper.interfaces_count = 0;
2517 helper.eps_count = 0;
2518 ret = ffs_do_descs(counts[i], data, len,
2519 __ffs_data_do_entity, &helper);
2520 if (ret < 0)
2521 goto error;
2522 if (!ffs->eps_count && !ffs->interfaces_count) {
2523 ffs->eps_count = helper.eps_count;
2524 ffs->interfaces_count = helper.interfaces_count;
2525 } else {
2526 if (ffs->eps_count != helper.eps_count) {
2527 ret = -EINVAL;
2528 goto error;
2529 }
2530 if (ffs->interfaces_count != helper.interfaces_count) {
2531 ret = -EINVAL;
2532 goto error;
2533 }
2534 }
2535 data += ret;
2536 len -= ret;
2537 }
2538 if (os_descs_count) {
2539 ret = ffs_do_os_descs(os_descs_count, data, len,
2540 __ffs_data_do_os_desc, ffs);
2541 if (ret < 0)
2542 goto error;
2543 data += ret;
2544 len -= ret;
2545 }
2546
2547 if (raw_descs == data || len) {
2548 ret = -EINVAL;
2549 goto error;
2550 }
2551
2552 ffs->raw_descs_data = _data;
2553 ffs->raw_descs = raw_descs;
2554 ffs->raw_descs_length = data - raw_descs;
2555 ffs->fs_descs_count = counts[0];
2556 ffs->hs_descs_count = counts[1];
2557 ffs->ss_descs_count = counts[2];
2558 ffs->ms_os_descs_count = os_descs_count;
2559
2560 return 0;
2561
2562error:
2563 kfree(_data);
2564 return ret;
2565}
2566
2567static int __ffs_data_got_strings(struct ffs_data *ffs,
2568 char *const _data, size_t len)
2569{
2570 u32 str_count, needed_count, lang_count;
2571 struct usb_gadget_strings **stringtabs, *t;
2572 const char *data = _data;
2573 struct usb_string *s;
2574
2575 ENTER();
2576
2577 if (len < 16 ||
2578 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2579 get_unaligned_le32(data + 4) != len)
2580 goto error;
2581 str_count = get_unaligned_le32(data + 8);
2582 lang_count = get_unaligned_le32(data + 12);
2583
2584
2585 if (!str_count != !lang_count)
2586 goto error;
2587
2588
2589 needed_count = ffs->strings_count;
2590 if (str_count < needed_count)
2591 goto error;
2592
2593
2594
2595
2596
2597 if (!needed_count) {
2598 kfree(_data);
2599 return 0;
2600 }
2601
2602
2603 {
2604 unsigned i = 0;
2605 vla_group(d);
2606 vla_item(d, struct usb_gadget_strings *, stringtabs,
2607 lang_count + 1);
2608 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2609 vla_item(d, struct usb_string, strings,
2610 lang_count*(needed_count+1));
2611
2612 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2613
2614 if (!vlabuf) {
2615 kfree(_data);
2616 return -ENOMEM;
2617 }
2618
2619
2620 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2621 t = vla_ptr(vlabuf, d, stringtab);
2622 i = lang_count;
2623 do {
2624 *stringtabs++ = t++;
2625 } while (--i);
2626 *stringtabs = NULL;
2627
2628
2629 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2630 t = vla_ptr(vlabuf, d, stringtab);
2631 s = vla_ptr(vlabuf, d, strings);
2632 }
2633
2634
2635 data += 16;
2636 len -= 16;
2637
2638 do {
2639 unsigned needed = needed_count;
2640 u32 str_per_lang = str_count;
2641
2642 if (len < 3)
2643 goto error_free;
2644 t->language = get_unaligned_le16(data);
2645 t->strings = s;
2646 ++t;
2647
2648 data += 2;
2649 len -= 2;
2650
2651
2652 do {
2653 size_t length = strnlen(data, len);
2654
2655 if (length == len)
2656 goto error_free;
2657
2658
2659
2660
2661
2662
2663 if (needed) {
2664
2665
2666
2667
2668
2669 s->s = data;
2670 --needed;
2671 ++s;
2672 }
2673
2674 data += length + 1;
2675 len -= length + 1;
2676 } while (--str_per_lang);
2677
2678 s->id = 0;
2679 s->s = NULL;
2680 ++s;
2681
2682 } while (--lang_count);
2683
2684
2685 if (len)
2686 goto error_free;
2687
2688
2689 ffs->stringtabs = stringtabs;
2690 ffs->raw_strings = _data;
2691
2692 return 0;
2693
2694error_free:
2695 kfree(stringtabs);
2696error:
2697 kfree(_data);
2698 return -EINVAL;
2699}
2700
2701
2702
2703
2704static void __ffs_event_add(struct ffs_data *ffs,
2705 enum usb_functionfs_event_type type)
2706{
2707 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2708 int neg = 0;
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718 if (ffs->setup_state == FFS_SETUP_PENDING)
2719 ffs->setup_state = FFS_SETUP_CANCELLED;
2720
2721
2722
2723
2724
2725
2726
2727
2728 switch (type) {
2729 case FUNCTIONFS_RESUME:
2730 rem_type2 = FUNCTIONFS_SUSPEND;
2731 fallthrough;
2732 case FUNCTIONFS_SUSPEND:
2733 case FUNCTIONFS_SETUP:
2734 rem_type1 = type;
2735
2736 break;
2737
2738 case FUNCTIONFS_BIND:
2739 case FUNCTIONFS_UNBIND:
2740 case FUNCTIONFS_DISABLE:
2741 case FUNCTIONFS_ENABLE:
2742
2743 rem_type1 = FUNCTIONFS_SUSPEND;
2744 rem_type2 = FUNCTIONFS_RESUME;
2745 neg = 1;
2746 break;
2747
2748 default:
2749 WARN(1, "%d: unknown event, this should not happen\n", type);
2750 return;
2751 }
2752
2753 {
2754 u8 *ev = ffs->ev.types, *out = ev;
2755 unsigned n = ffs->ev.count;
2756 for (; n; --n, ++ev)
2757 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2758 *out++ = *ev;
2759 else
2760 pr_vdebug("purging event %d\n", *ev);
2761 ffs->ev.count = out - ffs->ev.types;
2762 }
2763
2764 pr_vdebug("adding event %d\n", type);
2765 ffs->ev.types[ffs->ev.count++] = type;
2766 wake_up_locked(&ffs->ev.waitq);
2767 if (ffs->ffs_eventfd)
2768 eventfd_signal(ffs->ffs_eventfd, 1);
2769}
2770
2771static void ffs_event_add(struct ffs_data *ffs,
2772 enum usb_functionfs_event_type type)
2773{
2774 unsigned long flags;
2775 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2776 __ffs_event_add(ffs, type);
2777 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2778}
2779
2780
2781
2782static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2783{
2784 int i;
2785
2786 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2787 if (ffs->eps_addrmap[i] == endpoint_address)
2788 return i;
2789 return -ENOENT;
2790}
2791
2792static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2793 struct usb_descriptor_header *desc,
2794 void *priv)
2795{
2796 struct usb_endpoint_descriptor *ds = (void *)desc;
2797 struct ffs_function *func = priv;
2798 struct ffs_ep *ffs_ep;
2799 unsigned ep_desc_id;
2800 int idx;
2801 static const char *speed_names[] = { "full", "high", "super" };
2802
2803 if (type != FFS_DESCRIPTOR)
2804 return 0;
2805
2806
2807
2808
2809
2810
2811
2812 if (func->function.ss_descriptors) {
2813 ep_desc_id = 2;
2814 func->function.ss_descriptors[(long)valuep] = desc;
2815 } else if (func->function.hs_descriptors) {
2816 ep_desc_id = 1;
2817 func->function.hs_descriptors[(long)valuep] = desc;
2818 } else {
2819 ep_desc_id = 0;
2820 func->function.fs_descriptors[(long)valuep] = desc;
2821 }
2822
2823 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2824 return 0;
2825
2826 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2827 if (idx < 0)
2828 return idx;
2829
2830 ffs_ep = func->eps + idx;
2831
2832 if (ffs_ep->descs[ep_desc_id]) {
2833 pr_err("two %sspeed descriptors for EP %d\n",
2834 speed_names[ep_desc_id],
2835 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2836 return -EINVAL;
2837 }
2838 ffs_ep->descs[ep_desc_id] = ds;
2839
2840 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2841 if (ffs_ep->ep) {
2842 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2843 if (!ds->wMaxPacketSize)
2844 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2845 } else {
2846 struct usb_request *req;
2847 struct usb_ep *ep;
2848 u8 bEndpointAddress;
2849 u16 wMaxPacketSize;
2850
2851
2852
2853
2854
2855 bEndpointAddress = ds->bEndpointAddress;
2856
2857
2858
2859
2860 wMaxPacketSize = ds->wMaxPacketSize;
2861 pr_vdebug("autoconfig\n");
2862 ep = usb_ep_autoconfig(func->gadget, ds);
2863 if (!ep)
2864 return -ENOTSUPP;
2865 ep->driver_data = func->eps + idx;
2866
2867 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2868 if (!req)
2869 return -ENOMEM;
2870
2871 ffs_ep->ep = ep;
2872 ffs_ep->req = req;
2873 func->eps_revmap[ds->bEndpointAddress &
2874 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2875
2876
2877
2878
2879 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2880 ds->bEndpointAddress = bEndpointAddress;
2881
2882
2883
2884
2885 ds->wMaxPacketSize = wMaxPacketSize;
2886 }
2887 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2888
2889 return 0;
2890}
2891
2892static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2893 struct usb_descriptor_header *desc,
2894 void *priv)
2895{
2896 struct ffs_function *func = priv;
2897 unsigned idx;
2898 u8 newValue;
2899
2900 switch (type) {
2901 default:
2902 case FFS_DESCRIPTOR:
2903
2904 return 0;
2905
2906 case FFS_INTERFACE:
2907 idx = *valuep;
2908 if (func->interfaces_nums[idx] < 0) {
2909 int id = usb_interface_id(func->conf, &func->function);
2910 if (id < 0)
2911 return id;
2912 func->interfaces_nums[idx] = id;
2913 }
2914 newValue = func->interfaces_nums[idx];
2915 break;
2916
2917 case FFS_STRING:
2918
2919 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2920 break;
2921
2922 case FFS_ENDPOINT:
2923
2924
2925
2926
2927 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2928 return 0;
2929
2930 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2931 if (!func->eps[idx].ep)
2932 return -EINVAL;
2933
2934 {
2935 struct usb_endpoint_descriptor **descs;
2936 descs = func->eps[idx].descs;
2937 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2938 }
2939 break;
2940 }
2941
2942 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2943 *valuep = newValue;
2944 return 0;
2945}
2946
2947static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2948 struct usb_os_desc_header *h, void *data,
2949 unsigned len, void *priv)
2950{
2951 struct ffs_function *func = priv;
2952 u8 length = 0;
2953
2954 switch (type) {
2955 case FFS_OS_DESC_EXT_COMPAT: {
2956 struct usb_ext_compat_desc *desc = data;
2957 struct usb_os_desc_table *t;
2958
2959 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2960 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2961 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2962 ARRAY_SIZE(desc->CompatibleID) +
2963 ARRAY_SIZE(desc->SubCompatibleID));
2964 length = sizeof(*desc);
2965 }
2966 break;
2967 case FFS_OS_DESC_EXT_PROP: {
2968 struct usb_ext_prop_desc *desc = data;
2969 struct usb_os_desc_table *t;
2970 struct usb_os_desc_ext_prop *ext_prop;
2971 char *ext_prop_name;
2972 char *ext_prop_data;
2973
2974 t = &func->function.os_desc_table[h->interface];
2975 t->if_id = func->interfaces_nums[h->interface];
2976
2977 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2978 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2979
2980 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2981 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2982 ext_prop->data_len = le32_to_cpu(*(__le32 *)
2983 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2984 length = ext_prop->name_len + ext_prop->data_len + 14;
2985
2986 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2987 func->ffs->ms_os_descs_ext_prop_name_avail +=
2988 ext_prop->name_len;
2989
2990 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2991 func->ffs->ms_os_descs_ext_prop_data_avail +=
2992 ext_prop->data_len;
2993 memcpy(ext_prop_data,
2994 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2995 ext_prop->data_len);
2996
2997 switch (ext_prop->type) {
2998 case USB_EXT_PROP_UNICODE:
2999 case USB_EXT_PROP_UNICODE_ENV:
3000 case USB_EXT_PROP_UNICODE_LINK:
3001 case USB_EXT_PROP_UNICODE_MULTI:
3002 ext_prop->data_len *= 2;
3003 break;
3004 }
3005 ext_prop->data = ext_prop_data;
3006
3007 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
3008 ext_prop->name_len);
3009
3010 ext_prop->name_len *= 2;
3011 ext_prop->name = ext_prop_name;
3012
3013 t->os_desc->ext_prop_len +=
3014 ext_prop->name_len + ext_prop->data_len + 14;
3015 ++t->os_desc->ext_prop_count;
3016 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
3017 }
3018 break;
3019 default:
3020 pr_vdebug("unknown descriptor: %d\n", type);
3021 }
3022
3023 return length;
3024}
3025
3026static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
3027 struct usb_configuration *c)
3028{
3029 struct ffs_function *func = ffs_func_from_usb(f);
3030 struct f_fs_opts *ffs_opts =
3031 container_of(f->fi, struct f_fs_opts, func_inst);
3032 struct ffs_data *ffs_data;
3033 int ret;
3034
3035 ENTER();
3036
3037
3038
3039
3040
3041
3042
3043
3044 if (!ffs_opts->no_configfs)
3045 ffs_dev_lock();
3046 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
3047 ffs_data = ffs_opts->dev->ffs_data;
3048 if (!ffs_opts->no_configfs)
3049 ffs_dev_unlock();
3050 if (ret)
3051 return ERR_PTR(ret);
3052
3053 func->ffs = ffs_data;
3054 func->conf = c;
3055 func->gadget = c->cdev->gadget;
3056
3057
3058
3059
3060
3061
3062
3063
3064 if (!ffs_opts->refcnt) {
3065 ret = functionfs_bind(func->ffs, c->cdev);
3066 if (ret)
3067 return ERR_PTR(ret);
3068 }
3069 ffs_opts->refcnt++;
3070 func->function.strings = func->ffs->stringtabs;
3071
3072 return ffs_opts;
3073}
3074
3075static int _ffs_func_bind(struct usb_configuration *c,
3076 struct usb_function *f)
3077{
3078 struct ffs_function *func = ffs_func_from_usb(f);
3079 struct ffs_data *ffs = func->ffs;
3080
3081 const int full = !!func->ffs->fs_descs_count;
3082 const int high = !!func->ffs->hs_descs_count;
3083 const int super = !!func->ffs->ss_descs_count;
3084
3085 int fs_len, hs_len, ss_len, ret, i;
3086 struct ffs_ep *eps_ptr;
3087
3088
3089 vla_group(d);
3090 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
3091 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
3092 full ? ffs->fs_descs_count + 1 : 0);
3093 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
3094 high ? ffs->hs_descs_count + 1 : 0);
3095 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
3096 super ? ffs->ss_descs_count + 1 : 0);
3097 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
3098 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
3099 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3100 vla_item_with_sz(d, char[16], ext_compat,
3101 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3102 vla_item_with_sz(d, struct usb_os_desc, os_desc,
3103 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3104 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
3105 ffs->ms_os_descs_ext_prop_count);
3106 vla_item_with_sz(d, char, ext_prop_name,
3107 ffs->ms_os_descs_ext_prop_name_len);
3108 vla_item_with_sz(d, char, ext_prop_data,
3109 ffs->ms_os_descs_ext_prop_data_len);
3110 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
3111 char *vlabuf;
3112
3113 ENTER();
3114
3115
3116 if (!(full | high | super))
3117 return -ENOTSUPP;
3118
3119
3120 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
3121 if (!vlabuf)
3122 return -ENOMEM;
3123
3124 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
3125 ffs->ms_os_descs_ext_prop_name_avail =
3126 vla_ptr(vlabuf, d, ext_prop_name);
3127 ffs->ms_os_descs_ext_prop_data_avail =
3128 vla_ptr(vlabuf, d, ext_prop_data);
3129
3130
3131 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
3132 ffs->raw_descs_length);
3133
3134 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
3135 eps_ptr = vla_ptr(vlabuf, d, eps);
3136 for (i = 0; i < ffs->eps_count; i++)
3137 eps_ptr[i].num = -1;
3138
3139
3140
3141
3142 func->eps = vla_ptr(vlabuf, d, eps);
3143 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
3144
3145
3146
3147
3148
3149
3150 if (full) {
3151 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3152 fs_len = ffs_do_descs(ffs->fs_descs_count,
3153 vla_ptr(vlabuf, d, raw_descs),
3154 d_raw_descs__sz,
3155 __ffs_func_bind_do_descs, func);
3156 if (fs_len < 0) {
3157 ret = fs_len;
3158 goto error;
3159 }
3160 } else {
3161 fs_len = 0;
3162 }
3163
3164 if (high) {
3165 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3166 hs_len = ffs_do_descs(ffs->hs_descs_count,
3167 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3168 d_raw_descs__sz - fs_len,
3169 __ffs_func_bind_do_descs, func);
3170 if (hs_len < 0) {
3171 ret = hs_len;
3172 goto error;
3173 }
3174 } else {
3175 hs_len = 0;
3176 }
3177
3178 if (super) {
3179 func->function.ss_descriptors = func->function.ssp_descriptors =
3180 vla_ptr(vlabuf, d, ss_descs);
3181 ss_len = ffs_do_descs(ffs->ss_descs_count,
3182 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3183 d_raw_descs__sz - fs_len - hs_len,
3184 __ffs_func_bind_do_descs, func);
3185 if (ss_len < 0) {
3186 ret = ss_len;
3187 goto error;
3188 }
3189 } else {
3190 ss_len = 0;
3191 }
3192
3193
3194
3195
3196
3197
3198 ret = ffs_do_descs(ffs->fs_descs_count +
3199 (high ? ffs->hs_descs_count : 0) +
3200 (super ? ffs->ss_descs_count : 0),
3201 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3202 __ffs_func_bind_do_nums, func);
3203 if (ret < 0)
3204 goto error;
3205
3206 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3207 if (c->cdev->use_os_string) {
3208 for (i = 0; i < ffs->interfaces_count; ++i) {
3209 struct usb_os_desc *desc;
3210
3211 desc = func->function.os_desc_table[i].os_desc =
3212 vla_ptr(vlabuf, d, os_desc) +
3213 i * sizeof(struct usb_os_desc);
3214 desc->ext_compat_id =
3215 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3216 INIT_LIST_HEAD(&desc->ext_prop);
3217 }
3218 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3219 vla_ptr(vlabuf, d, raw_descs) +
3220 fs_len + hs_len + ss_len,
3221 d_raw_descs__sz - fs_len - hs_len -
3222 ss_len,
3223 __ffs_func_bind_do_os_desc, func);
3224 if (ret < 0)
3225 goto error;
3226 }
3227 func->function.os_desc_n =
3228 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3229
3230
3231 ffs_event_add(ffs, FUNCTIONFS_BIND);
3232 return 0;
3233
3234error:
3235
3236 return ret;
3237}
3238
3239static int ffs_func_bind(struct usb_configuration *c,
3240 struct usb_function *f)
3241{
3242 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3243 struct ffs_function *func = ffs_func_from_usb(f);
3244 int ret;
3245
3246 if (IS_ERR(ffs_opts))
3247 return PTR_ERR(ffs_opts);
3248
3249 ret = _ffs_func_bind(c, f);
3250 if (ret && !--ffs_opts->refcnt)
3251 functionfs_unbind(func->ffs);
3252
3253 return ret;
3254}
3255
3256
3257
3258
3259static void ffs_reset_work(struct work_struct *work)
3260{
3261 struct ffs_data *ffs = container_of(work,
3262 struct ffs_data, reset_work);
3263 ffs_data_reset(ffs);
3264}
3265
3266static int ffs_func_set_alt(struct usb_function *f,
3267 unsigned interface, unsigned alt)
3268{
3269 struct ffs_function *func = ffs_func_from_usb(f);
3270 struct ffs_data *ffs = func->ffs;
3271 int ret = 0, intf;
3272
3273 if (alt != (unsigned)-1) {
3274 intf = ffs_func_revmap_intf(func, interface);
3275 if (intf < 0)
3276 return intf;
3277 }
3278
3279 if (ffs->func)
3280 ffs_func_eps_disable(ffs->func);
3281
3282 if (ffs->state == FFS_DEACTIVATED) {
3283 ffs->state = FFS_CLOSING;
3284 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3285 schedule_work(&ffs->reset_work);
3286 return -ENODEV;
3287 }
3288
3289 if (ffs->state != FFS_ACTIVE)
3290 return -ENODEV;
3291
3292 if (alt == (unsigned)-1) {
3293 ffs->func = NULL;
3294 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3295 return 0;
3296 }
3297
3298 ffs->func = func;
3299 ret = ffs_func_eps_enable(func);
3300 if (ret >= 0)
3301 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3302 return ret;
3303}
3304
3305static void ffs_func_disable(struct usb_function *f)
3306{
3307 ffs_func_set_alt(f, 0, (unsigned)-1);
3308}
3309
3310static int ffs_func_setup(struct usb_function *f,
3311 const struct usb_ctrlrequest *creq)
3312{
3313 struct ffs_function *func = ffs_func_from_usb(f);
3314 struct ffs_data *ffs = func->ffs;
3315 unsigned long flags;
3316 int ret;
3317
3318 ENTER();
3319
3320 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3321 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3322 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3323 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3324 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336 if (ffs->state != FFS_ACTIVE)
3337 return -ENODEV;
3338
3339 switch (creq->bRequestType & USB_RECIP_MASK) {
3340 case USB_RECIP_INTERFACE:
3341 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3342 if (ret < 0)
3343 return ret;
3344 break;
3345
3346 case USB_RECIP_ENDPOINT:
3347 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3348 if (ret < 0)
3349 return ret;
3350 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3351 ret = func->ffs->eps_addrmap[ret];
3352 break;
3353
3354 default:
3355 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3356 ret = le16_to_cpu(creq->wIndex);
3357 else
3358 return -EOPNOTSUPP;
3359 }
3360
3361 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3362 ffs->ev.setup = *creq;
3363 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3364 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3365 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3366
3367 return creq->wLength == 0 ? USB_GADGET_DELAYED_STATUS : 0;
3368}
3369
3370static bool ffs_func_req_match(struct usb_function *f,
3371 const struct usb_ctrlrequest *creq,
3372 bool config0)
3373{
3374 struct ffs_function *func = ffs_func_from_usb(f);
3375
3376 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3377 return false;
3378
3379 switch (creq->bRequestType & USB_RECIP_MASK) {
3380 case USB_RECIP_INTERFACE:
3381 return (ffs_func_revmap_intf(func,
3382 le16_to_cpu(creq->wIndex)) >= 0);
3383 case USB_RECIP_ENDPOINT:
3384 return (ffs_func_revmap_ep(func,
3385 le16_to_cpu(creq->wIndex)) >= 0);
3386 default:
3387 return (bool) (func->ffs->user_flags &
3388 FUNCTIONFS_ALL_CTRL_RECIP);
3389 }
3390}
3391
3392static void ffs_func_suspend(struct usb_function *f)
3393{
3394 ENTER();
3395 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3396}
3397
3398static void ffs_func_resume(struct usb_function *f)
3399{
3400 ENTER();
3401 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3402}
3403
3404
3405
3406
3407static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3408{
3409 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3410 return num ? num : -EDOM;
3411}
3412
3413static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3414{
3415 short *nums = func->interfaces_nums;
3416 unsigned count = func->ffs->interfaces_count;
3417
3418 for (; count; --count, ++nums) {
3419 if (*nums >= 0 && *nums == intf)
3420 return nums - func->interfaces_nums;
3421 }
3422
3423 return -EDOM;
3424}
3425
3426
3427
3428
3429static LIST_HEAD(ffs_devices);
3430
3431static struct ffs_dev *_ffs_do_find_dev(const char *name)
3432{
3433 struct ffs_dev *dev;
3434
3435 if (!name)
3436 return NULL;
3437
3438 list_for_each_entry(dev, &ffs_devices, entry) {
3439 if (strcmp(dev->name, name) == 0)
3440 return dev;
3441 }
3442
3443 return NULL;
3444}
3445
3446
3447
3448
3449static struct ffs_dev *_ffs_get_single_dev(void)
3450{
3451 struct ffs_dev *dev;
3452
3453 if (list_is_singular(&ffs_devices)) {
3454 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3455 if (dev->single)
3456 return dev;
3457 }
3458
3459 return NULL;
3460}
3461
3462
3463
3464
3465static struct ffs_dev *_ffs_find_dev(const char *name)
3466{
3467 struct ffs_dev *dev;
3468
3469 dev = _ffs_get_single_dev();
3470 if (dev)
3471 return dev;
3472
3473 return _ffs_do_find_dev(name);
3474}
3475
3476
3477
3478static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3479{
3480 return container_of(to_config_group(item), struct f_fs_opts,
3481 func_inst.group);
3482}
3483
3484static void ffs_attr_release(struct config_item *item)
3485{
3486 struct f_fs_opts *opts = to_ffs_opts(item);
3487
3488 usb_put_function_instance(&opts->func_inst);
3489}
3490
3491static struct configfs_item_operations ffs_item_ops = {
3492 .release = ffs_attr_release,
3493};
3494
3495static const struct config_item_type ffs_func_type = {
3496 .ct_item_ops = &ffs_item_ops,
3497 .ct_owner = THIS_MODULE,
3498};
3499
3500
3501
3502
3503static void ffs_free_inst(struct usb_function_instance *f)
3504{
3505 struct f_fs_opts *opts;
3506
3507 opts = to_f_fs_opts(f);
3508 ffs_release_dev(opts->dev);
3509 ffs_dev_lock();
3510 _ffs_free_dev(opts->dev);
3511 ffs_dev_unlock();
3512 kfree(opts);
3513}
3514
3515static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3516{
3517 if (strlen(name) >= sizeof_field(struct ffs_dev, name))
3518 return -ENAMETOOLONG;
3519 return ffs_name_dev(to_f_fs_opts(fi)->dev, name);
3520}
3521
3522static struct usb_function_instance *ffs_alloc_inst(void)
3523{
3524 struct f_fs_opts *opts;
3525 struct ffs_dev *dev;
3526
3527 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3528 if (!opts)
3529 return ERR_PTR(-ENOMEM);
3530
3531 opts->func_inst.set_inst_name = ffs_set_inst_name;
3532 opts->func_inst.free_func_inst = ffs_free_inst;
3533 ffs_dev_lock();
3534 dev = _ffs_alloc_dev();
3535 ffs_dev_unlock();
3536 if (IS_ERR(dev)) {
3537 kfree(opts);
3538 return ERR_CAST(dev);
3539 }
3540 opts->dev = dev;
3541 dev->opts = opts;
3542
3543 config_group_init_type_name(&opts->func_inst.group, "",
3544 &ffs_func_type);
3545 return &opts->func_inst;
3546}
3547
3548static void ffs_free(struct usb_function *f)
3549{
3550 kfree(ffs_func_from_usb(f));
3551}
3552
3553static void ffs_func_unbind(struct usb_configuration *c,
3554 struct usb_function *f)
3555{
3556 struct ffs_function *func = ffs_func_from_usb(f);
3557 struct ffs_data *ffs = func->ffs;
3558 struct f_fs_opts *opts =
3559 container_of(f->fi, struct f_fs_opts, func_inst);
3560 struct ffs_ep *ep = func->eps;
3561 unsigned count = ffs->eps_count;
3562 unsigned long flags;
3563
3564 ENTER();
3565 if (ffs->func == func) {
3566 ffs_func_eps_disable(func);
3567 ffs->func = NULL;
3568 }
3569
3570
3571 drain_workqueue(ffs->io_completion_wq);
3572
3573 if (!--opts->refcnt)
3574 functionfs_unbind(ffs);
3575
3576
3577 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3578 while (count--) {
3579 if (ep->ep && ep->req)
3580 usb_ep_free_request(ep->ep, ep->req);
3581 ep->req = NULL;
3582 ++ep;
3583 }
3584 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3585 kfree(func->eps);
3586 func->eps = NULL;
3587
3588
3589
3590
3591 func->function.fs_descriptors = NULL;
3592 func->function.hs_descriptors = NULL;
3593 func->function.ss_descriptors = NULL;
3594 func->function.ssp_descriptors = NULL;
3595 func->interfaces_nums = NULL;
3596
3597 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3598}
3599
3600static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3601{
3602 struct ffs_function *func;
3603
3604 ENTER();
3605
3606 func = kzalloc(sizeof(*func), GFP_KERNEL);
3607 if (!func)
3608 return ERR_PTR(-ENOMEM);
3609
3610 func->function.name = "Function FS Gadget";
3611
3612 func->function.bind = ffs_func_bind;
3613 func->function.unbind = ffs_func_unbind;
3614 func->function.set_alt = ffs_func_set_alt;
3615 func->function.disable = ffs_func_disable;
3616 func->function.setup = ffs_func_setup;
3617 func->function.req_match = ffs_func_req_match;
3618 func->function.suspend = ffs_func_suspend;
3619 func->function.resume = ffs_func_resume;
3620 func->function.free_func = ffs_free;
3621
3622 return &func->function;
3623}
3624
3625
3626
3627
3628static struct ffs_dev *_ffs_alloc_dev(void)
3629{
3630 struct ffs_dev *dev;
3631 int ret;
3632
3633 if (_ffs_get_single_dev())
3634 return ERR_PTR(-EBUSY);
3635
3636 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3637 if (!dev)
3638 return ERR_PTR(-ENOMEM);
3639
3640 if (list_empty(&ffs_devices)) {
3641 ret = functionfs_init();
3642 if (ret) {
3643 kfree(dev);
3644 return ERR_PTR(ret);
3645 }
3646 }
3647
3648 list_add(&dev->entry, &ffs_devices);
3649
3650 return dev;
3651}
3652
3653int ffs_name_dev(struct ffs_dev *dev, const char *name)
3654{
3655 struct ffs_dev *existing;
3656 int ret = 0;
3657
3658 ffs_dev_lock();
3659
3660 existing = _ffs_do_find_dev(name);
3661 if (!existing)
3662 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3663 else if (existing != dev)
3664 ret = -EBUSY;
3665
3666 ffs_dev_unlock();
3667
3668 return ret;
3669}
3670EXPORT_SYMBOL_GPL(ffs_name_dev);
3671
3672int ffs_single_dev(struct ffs_dev *dev)
3673{
3674 int ret;
3675
3676 ret = 0;
3677 ffs_dev_lock();
3678
3679 if (!list_is_singular(&ffs_devices))
3680 ret = -EBUSY;
3681 else
3682 dev->single = true;
3683
3684 ffs_dev_unlock();
3685 return ret;
3686}
3687EXPORT_SYMBOL_GPL(ffs_single_dev);
3688
3689
3690
3691
3692static void _ffs_free_dev(struct ffs_dev *dev)
3693{
3694 list_del(&dev->entry);
3695
3696 kfree(dev);
3697 if (list_empty(&ffs_devices))
3698 functionfs_cleanup();
3699}
3700
3701static int ffs_acquire_dev(const char *dev_name, struct ffs_data *ffs_data)
3702{
3703 int ret = 0;
3704 struct ffs_dev *ffs_dev;
3705
3706 ENTER();
3707 ffs_dev_lock();
3708
3709 ffs_dev = _ffs_find_dev(dev_name);
3710 if (!ffs_dev) {
3711 ret = -ENOENT;
3712 } else if (ffs_dev->mounted) {
3713 ret = -EBUSY;
3714 } else if (ffs_dev->ffs_acquire_dev_callback &&
3715 ffs_dev->ffs_acquire_dev_callback(ffs_dev)) {
3716 ret = -ENOENT;
3717 } else {
3718 ffs_dev->mounted = true;
3719 ffs_dev->ffs_data = ffs_data;
3720 ffs_data->private_data = ffs_dev;
3721 }
3722
3723 ffs_dev_unlock();
3724 return ret;
3725}
3726
3727static void ffs_release_dev(struct ffs_dev *ffs_dev)
3728{
3729 ENTER();
3730 ffs_dev_lock();
3731
3732 if (ffs_dev && ffs_dev->mounted) {
3733 ffs_dev->mounted = false;
3734 if (ffs_dev->ffs_data) {
3735 ffs_dev->ffs_data->private_data = NULL;
3736 ffs_dev->ffs_data = NULL;
3737 }
3738
3739 if (ffs_dev->ffs_release_dev_callback)
3740 ffs_dev->ffs_release_dev_callback(ffs_dev);
3741 }
3742
3743 ffs_dev_unlock();
3744}
3745
3746static int ffs_ready(struct ffs_data *ffs)
3747{
3748 struct ffs_dev *ffs_obj;
3749 int ret = 0;
3750
3751 ENTER();
3752 ffs_dev_lock();
3753
3754 ffs_obj = ffs->private_data;
3755 if (!ffs_obj) {
3756 ret = -EINVAL;
3757 goto done;
3758 }
3759 if (WARN_ON(ffs_obj->desc_ready)) {
3760 ret = -EBUSY;
3761 goto done;
3762 }
3763
3764 ffs_obj->desc_ready = true;
3765
3766 if (ffs_obj->ffs_ready_callback) {
3767 ret = ffs_obj->ffs_ready_callback(ffs);
3768 if (ret)
3769 goto done;
3770 }
3771
3772 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3773done:
3774 ffs_dev_unlock();
3775 return ret;
3776}
3777
3778static void ffs_closed(struct ffs_data *ffs)
3779{
3780 struct ffs_dev *ffs_obj;
3781 struct f_fs_opts *opts;
3782 struct config_item *ci;
3783
3784 ENTER();
3785 ffs_dev_lock();
3786
3787 ffs_obj = ffs->private_data;
3788 if (!ffs_obj)
3789 goto done;
3790
3791 ffs_obj->desc_ready = false;
3792
3793 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3794 ffs_obj->ffs_closed_callback)
3795 ffs_obj->ffs_closed_callback(ffs);
3796
3797 if (ffs_obj->opts)
3798 opts = ffs_obj->opts;
3799 else
3800 goto done;
3801
3802 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3803 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
3804 goto done;
3805
3806 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3807 ffs_dev_unlock();
3808
3809 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3810 unregister_gadget_item(ci);
3811 return;
3812done:
3813 ffs_dev_unlock();
3814}
3815
3816
3817
3818static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3819{
3820 return nonblock
3821 ? mutex_trylock(mutex) ? 0 : -EAGAIN
3822 : mutex_lock_interruptible(mutex);
3823}
3824
3825static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3826{
3827 char *data;
3828
3829 if (!len)
3830 return NULL;
3831
3832 data = memdup_user(buf, len);
3833 if (IS_ERR(data))
3834 return ERR_PTR(PTR_ERR(data));
3835
3836 pr_vdebug("Buffer from user space:\n");
3837 ffs_dump_mem("", data, len);
3838
3839 return data;
3840}
3841
3842DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3843MODULE_LICENSE("GPL");
3844MODULE_AUTHOR("Michal Nazarewicz");
3845
