1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/blkdev.h>
18#include <linux/pagemap.h>
19#include <linux/export.h>
20#include <linux/fs_parser.h>
21#include <linux/hid.h>
22#include <linux/mm.h>
23#include <linux/module.h>
24#include <linux/scatterlist.h>
25#include <linux/sched/signal.h>
26#include <linux/uio.h>
27#include <linux/vmalloc.h>
28#include <asm/unaligned.h>
29
30#include <linux/usb/ccid.h>
31#include <linux/usb/composite.h>
32#include <linux/usb/functionfs.h>
33
34#include <linux/aio.h>
35#include <linux/kthread.h>
36#include <linux/poll.h>
37#include <linux/eventfd.h>
38
39#include "u_fs.h"
40#include "u_f.h"
41#include "u_os_desc.h"
42#include "configfs.h"
43
44#define FUNCTIONFS_MAGIC 0xa647361
45
46
47static void ffs_data_get(struct ffs_data *ffs);
48static void ffs_data_put(struct ffs_data *ffs);
49
50static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
51 __attribute__((malloc));
52
53
54static void ffs_data_opened(struct ffs_data *ffs);
55static void ffs_data_closed(struct ffs_data *ffs);
56
57
58static int __must_check
59__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
60static int __must_check
61__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
62
63
64
65
66struct ffs_ep;
67
68struct ffs_function {
69 struct usb_configuration *conf;
70 struct usb_gadget *gadget;
71 struct ffs_data *ffs;
72
73 struct ffs_ep *eps;
74 u8 eps_revmap[16];
75 short *interfaces_nums;
76
77 struct usb_function function;
78};
79
80
81static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
82{
83 return container_of(f, struct ffs_function, function);
84}
85
86
87static inline enum ffs_setup_state
88ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
89{
90 return (enum ffs_setup_state)
91 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
92}
93
94
95static void ffs_func_eps_disable(struct ffs_function *func);
96static int __must_check ffs_func_eps_enable(struct ffs_function *func);
97
98static int ffs_func_bind(struct usb_configuration *,
99 struct usb_function *);
100static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
101static void ffs_func_disable(struct usb_function *);
102static int ffs_func_setup(struct usb_function *,
103 const struct usb_ctrlrequest *);
104static bool ffs_func_req_match(struct usb_function *,
105 const struct usb_ctrlrequest *,
106 bool config0);
107static void ffs_func_suspend(struct usb_function *);
108static void ffs_func_resume(struct usb_function *);
109
110
111static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
112static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
113
114
115
116
117struct ffs_ep {
118 struct usb_ep *ep;
119 struct usb_request *req;
120
121
122 struct usb_endpoint_descriptor *descs[3];
123
124 u8 num;
125
126 int status;
127};
128
129struct ffs_epfile {
130
131 struct mutex mutex;
132
133 struct ffs_data *ffs;
134 struct ffs_ep *ep;
135
136 struct dentry *dentry;
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193 struct ffs_buffer *read_buffer;
194#define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
195
196 char name[5];
197
198 unsigned char in;
199 unsigned char isoc;
200
201 unsigned char _pad;
202};
203
204struct ffs_buffer {
205 size_t length;
206 char *data;
207 char storage[];
208};
209
210
211
212struct ffs_io_data {
213 bool aio;
214 bool read;
215
216 struct kiocb *kiocb;
217 struct iov_iter data;
218 const void *to_free;
219 char *buf;
220
221 struct mm_struct *mm;
222 struct work_struct work;
223
224 struct usb_ep *ep;
225 struct usb_request *req;
226 struct sg_table sgt;
227 bool use_sg;
228
229 struct ffs_data *ffs;
230};
231
232struct ffs_desc_helper {
233 struct ffs_data *ffs;
234 unsigned interfaces_count;
235 unsigned eps_count;
236};
237
238static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
239static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
240
241static struct dentry *
242ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
243 const struct file_operations *fops);
244
245
246
247DEFINE_MUTEX(ffs_lock);
248EXPORT_SYMBOL_GPL(ffs_lock);
249
250static struct ffs_dev *_ffs_find_dev(const char *name);
251static struct ffs_dev *_ffs_alloc_dev(void);
252static void _ffs_free_dev(struct ffs_dev *dev);
253static int ffs_acquire_dev(const char *dev_name, struct ffs_data *ffs_data);
254static void ffs_release_dev(struct ffs_dev *ffs_dev);
255static int ffs_ready(struct ffs_data *ffs);
256static void ffs_closed(struct ffs_data *ffs);
257
258
259
260static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
261 __attribute__((warn_unused_result, nonnull));
262static char *ffs_prepare_buffer(const char __user *buf, size_t len)
263 __attribute__((warn_unused_result, nonnull));
264
265
266
267
268static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
269{
270 struct ffs_data *ffs = req->context;
271
272 complete(&ffs->ep0req_completion);
273}
274
275static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
276 __releases(&ffs->ev.waitq.lock)
277{
278 struct usb_request *req = ffs->ep0req;
279 int ret;
280
281 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
282
283 spin_unlock_irq(&ffs->ev.waitq.lock);
284
285 req->buf = data;
286 req->length = len;
287
288
289
290
291
292
293 if (req->buf == NULL)
294 req->buf = (void *)0xDEADBABE;
295
296 reinit_completion(&ffs->ep0req_completion);
297
298 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
299 if (ret < 0)
300 return ret;
301
302 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
303 if (ret) {
304 usb_ep_dequeue(ffs->gadget->ep0, req);
305 return -EINTR;
306 }
307
308 ffs->setup_state = FFS_NO_SETUP;
309 return req->status ? req->status : req->actual;
310}
311
312static int __ffs_ep0_stall(struct ffs_data *ffs)
313{
314 if (ffs->ev.can_stall) {
315 pr_vdebug("ep0 stall\n");
316 usb_ep_set_halt(ffs->gadget->ep0);
317 ffs->setup_state = FFS_NO_SETUP;
318 return -EL2HLT;
319 } else {
320 pr_debug("bogus ep0 stall!\n");
321 return -ESRCH;
322 }
323}
324
325static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
326 size_t len, loff_t *ptr)
327{
328 struct ffs_data *ffs = file->private_data;
329 ssize_t ret;
330 char *data;
331
332 ENTER();
333
334
335 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
336 return -EIDRM;
337
338
339 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
340 if (ret < 0)
341 return ret;
342
343
344 switch (ffs->state) {
345 case FFS_READ_DESCRIPTORS:
346 case FFS_READ_STRINGS:
347
348 if (len < 16) {
349 ret = -EINVAL;
350 break;
351 }
352
353 data = ffs_prepare_buffer(buf, len);
354 if (IS_ERR(data)) {
355 ret = PTR_ERR(data);
356 break;
357 }
358
359
360 if (ffs->state == FFS_READ_DESCRIPTORS) {
361 pr_info("read descriptors\n");
362 ret = __ffs_data_got_descs(ffs, data, len);
363 if (ret < 0)
364 break;
365
366 ffs->state = FFS_READ_STRINGS;
367 ret = len;
368 } else {
369 pr_info("read strings\n");
370 ret = __ffs_data_got_strings(ffs, data, len);
371 if (ret < 0)
372 break;
373
374 ret = ffs_epfiles_create(ffs);
375 if (ret) {
376 ffs->state = FFS_CLOSING;
377 break;
378 }
379
380 ffs->state = FFS_ACTIVE;
381 mutex_unlock(&ffs->mutex);
382
383 ret = ffs_ready(ffs);
384 if (ret < 0) {
385 ffs->state = FFS_CLOSING;
386 return ret;
387 }
388
389 return len;
390 }
391 break;
392
393 case FFS_ACTIVE:
394 data = NULL;
395
396
397
398
399 spin_lock_irq(&ffs->ev.waitq.lock);
400 switch (ffs_setup_state_clear_cancelled(ffs)) {
401 case FFS_SETUP_CANCELLED:
402 ret = -EIDRM;
403 goto done_spin;
404
405 case FFS_NO_SETUP:
406 ret = -ESRCH;
407 goto done_spin;
408
409 case FFS_SETUP_PENDING:
410 break;
411 }
412
413
414 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
415 spin_unlock_irq(&ffs->ev.waitq.lock);
416 ret = __ffs_ep0_stall(ffs);
417 break;
418 }
419
420
421 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
422
423 spin_unlock_irq(&ffs->ev.waitq.lock);
424
425 data = ffs_prepare_buffer(buf, len);
426 if (IS_ERR(data)) {
427 ret = PTR_ERR(data);
428 break;
429 }
430
431 spin_lock_irq(&ffs->ev.waitq.lock);
432
433
434
435
436
437
438
439
440
441
442
443
444
445 if (ffs_setup_state_clear_cancelled(ffs) ==
446 FFS_SETUP_CANCELLED) {
447 ret = -EIDRM;
448done_spin:
449 spin_unlock_irq(&ffs->ev.waitq.lock);
450 } else {
451
452 ret = __ffs_ep0_queue_wait(ffs, data, len);
453 }
454 kfree(data);
455 break;
456
457 default:
458 ret = -EBADFD;
459 break;
460 }
461
462 mutex_unlock(&ffs->mutex);
463 return ret;
464}
465
466
467static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
468 size_t n)
469 __releases(&ffs->ev.waitq.lock)
470{
471
472
473
474
475
476 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
477 const size_t size = n * sizeof *events;
478 unsigned i = 0;
479
480 memset(events, 0, size);
481
482 do {
483 events[i].type = ffs->ev.types[i];
484 if (events[i].type == FUNCTIONFS_SETUP) {
485 events[i].u.setup = ffs->ev.setup;
486 ffs->setup_state = FFS_SETUP_PENDING;
487 }
488 } while (++i < n);
489
490 ffs->ev.count -= n;
491 if (ffs->ev.count)
492 memmove(ffs->ev.types, ffs->ev.types + n,
493 ffs->ev.count * sizeof *ffs->ev.types);
494
495 spin_unlock_irq(&ffs->ev.waitq.lock);
496 mutex_unlock(&ffs->mutex);
497
498 return copy_to_user(buf, events, size) ? -EFAULT : size;
499}
500
501static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
502 size_t len, loff_t *ptr)
503{
504 struct ffs_data *ffs = file->private_data;
505 char *data = NULL;
506 size_t n;
507 int ret;
508
509 ENTER();
510
511
512 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
513 return -EIDRM;
514
515
516 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
517 if (ret < 0)
518 return ret;
519
520
521 if (ffs->state != FFS_ACTIVE) {
522 ret = -EBADFD;
523 goto done_mutex;
524 }
525
526
527
528
529
530 spin_lock_irq(&ffs->ev.waitq.lock);
531
532 switch (ffs_setup_state_clear_cancelled(ffs)) {
533 case FFS_SETUP_CANCELLED:
534 ret = -EIDRM;
535 break;
536
537 case FFS_NO_SETUP:
538 n = len / sizeof(struct usb_functionfs_event);
539 if (!n) {
540 ret = -EINVAL;
541 break;
542 }
543
544 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
545 ret = -EAGAIN;
546 break;
547 }
548
549 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
550 ffs->ev.count)) {
551 ret = -EINTR;
552 break;
553 }
554
555
556 return __ffs_ep0_read_events(ffs, buf,
557 min(n, (size_t)ffs->ev.count));
558
559 case FFS_SETUP_PENDING:
560 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
561 spin_unlock_irq(&ffs->ev.waitq.lock);
562 ret = __ffs_ep0_stall(ffs);
563 goto done_mutex;
564 }
565
566 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
567
568 spin_unlock_irq(&ffs->ev.waitq.lock);
569
570 if (len) {
571 data = kmalloc(len, GFP_KERNEL);
572 if (!data) {
573 ret = -ENOMEM;
574 goto done_mutex;
575 }
576 }
577
578 spin_lock_irq(&ffs->ev.waitq.lock);
579
580
581 if (ffs_setup_state_clear_cancelled(ffs) ==
582 FFS_SETUP_CANCELLED) {
583 ret = -EIDRM;
584 break;
585 }
586
587
588 ret = __ffs_ep0_queue_wait(ffs, data, len);
589 if ((ret > 0) && (copy_to_user(buf, data, len)))
590 ret = -EFAULT;
591 goto done_mutex;
592
593 default:
594 ret = -EBADFD;
595 break;
596 }
597
598 spin_unlock_irq(&ffs->ev.waitq.lock);
599done_mutex:
600 mutex_unlock(&ffs->mutex);
601 kfree(data);
602 return ret;
603}
604
605static int ffs_ep0_open(struct inode *inode, struct file *file)
606{
607 struct ffs_data *ffs = inode->i_private;
608
609 ENTER();
610
611 if (ffs->state == FFS_CLOSING)
612 return -EBUSY;
613
614 file->private_data = ffs;
615 ffs_data_opened(ffs);
616
617 return 0;
618}
619
620static int ffs_ep0_release(struct inode *inode, struct file *file)
621{
622 struct ffs_data *ffs = file->private_data;
623
624 ENTER();
625
626 ffs_data_closed(ffs);
627
628 return 0;
629}
630
631static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
632{
633 struct ffs_data *ffs = file->private_data;
634 struct usb_gadget *gadget = ffs->gadget;
635 long ret;
636
637 ENTER();
638
639 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
640 struct ffs_function *func = ffs->func;
641 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
642 } else if (gadget && gadget->ops->ioctl) {
643 ret = gadget->ops->ioctl(gadget, code, value);
644 } else {
645 ret = -ENOTTY;
646 }
647
648 return ret;
649}
650
651static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
652{
653 struct ffs_data *ffs = file->private_data;
654 __poll_t mask = EPOLLWRNORM;
655 int ret;
656
657 poll_wait(file, &ffs->ev.waitq, wait);
658
659 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
660 if (ret < 0)
661 return mask;
662
663 switch (ffs->state) {
664 case FFS_READ_DESCRIPTORS:
665 case FFS_READ_STRINGS:
666 mask |= EPOLLOUT;
667 break;
668
669 case FFS_ACTIVE:
670 switch (ffs->setup_state) {
671 case FFS_NO_SETUP:
672 if (ffs->ev.count)
673 mask |= EPOLLIN;
674 break;
675
676 case FFS_SETUP_PENDING:
677 case FFS_SETUP_CANCELLED:
678 mask |= (EPOLLIN | EPOLLOUT);
679 break;
680 }
681 break;
682
683 case FFS_CLOSING:
684 break;
685 case FFS_DEACTIVATED:
686 break;
687 }
688
689 mutex_unlock(&ffs->mutex);
690
691 return mask;
692}
693
694static const struct file_operations ffs_ep0_operations = {
695 .llseek = no_llseek,
696
697 .open = ffs_ep0_open,
698 .write = ffs_ep0_write,
699 .read = ffs_ep0_read,
700 .release = ffs_ep0_release,
701 .unlocked_ioctl = ffs_ep0_ioctl,
702 .poll = ffs_ep0_poll,
703};
704
705
706
707
708static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
709{
710 ENTER();
711 if (req->context) {
712 struct ffs_ep *ep = _ep->driver_data;
713 ep->status = req->status ? req->status : req->actual;
714 complete(req->context);
715 }
716}
717
718static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
719{
720 ssize_t ret = copy_to_iter(data, data_len, iter);
721 if (ret == data_len)
722 return ret;
723
724 if (iov_iter_count(iter))
725 return -EFAULT;
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
755 "Align read buffer size to max packet size to avoid the problem.\n",
756 data_len, ret);
757
758 return ret;
759}
760
761
762
763
764
765
766static void *ffs_build_sg_list(struct sg_table *sgt, size_t sz)
767{
768 struct page **pages;
769 void *vaddr, *ptr;
770 unsigned int n_pages;
771 int i;
772
773 vaddr = vmalloc(sz);
774 if (!vaddr)
775 return NULL;
776
777 n_pages = PAGE_ALIGN(sz) >> PAGE_SHIFT;
778 pages = kvmalloc_array(n_pages, sizeof(struct page *), GFP_KERNEL);
779 if (!pages) {
780 vfree(vaddr);
781
782 return NULL;
783 }
784 for (i = 0, ptr = vaddr; i < n_pages; ++i, ptr += PAGE_SIZE)
785 pages[i] = vmalloc_to_page(ptr);
786
787 if (sg_alloc_table_from_pages(sgt, pages, n_pages, 0, sz, GFP_KERNEL)) {
788 kvfree(pages);
789 vfree(vaddr);
790
791 return NULL;
792 }
793 kvfree(pages);
794
795 return vaddr;
796}
797
798static inline void *ffs_alloc_buffer(struct ffs_io_data *io_data,
799 size_t data_len)
800{
801 if (io_data->use_sg)
802 return ffs_build_sg_list(&io_data->sgt, data_len);
803
804 return kmalloc(data_len, GFP_KERNEL);
805}
806
807static inline void ffs_free_buffer(struct ffs_io_data *io_data)
808{
809 if (!io_data->buf)
810 return;
811
812 if (io_data->use_sg) {
813 sg_free_table(&io_data->sgt);
814 vfree(io_data->buf);
815 } else {
816 kfree(io_data->buf);
817 }
818}
819
820static void ffs_user_copy_worker(struct work_struct *work)
821{
822 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
823 work);
824 int ret = io_data->req->status ? io_data->req->status :
825 io_data->req->actual;
826 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
827
828 if (io_data->read && ret > 0) {
829 kthread_use_mm(io_data->mm);
830 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
831 kthread_unuse_mm(io_data->mm);
832 }
833
834 io_data->kiocb->ki_complete(io_data->kiocb, ret);
835
836 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
837 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
838
839 usb_ep_free_request(io_data->ep, io_data->req);
840
841 if (io_data->read)
842 kfree(io_data->to_free);
843 ffs_free_buffer(io_data);
844 kfree(io_data);
845}
846
847static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
848 struct usb_request *req)
849{
850 struct ffs_io_data *io_data = req->context;
851 struct ffs_data *ffs = io_data->ffs;
852
853 ENTER();
854
855 INIT_WORK(&io_data->work, ffs_user_copy_worker);
856 queue_work(ffs->io_completion_wq, &io_data->work);
857}
858
859static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
860{
861
862
863
864
865 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
866 if (buf && buf != READ_BUFFER_DROP)
867 kfree(buf);
868}
869
870
871static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
872 struct iov_iter *iter)
873{
874
875
876
877
878
879 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
880 ssize_t ret;
881 if (!buf || buf == READ_BUFFER_DROP)
882 return 0;
883
884 ret = copy_to_iter(buf->data, buf->length, iter);
885 if (buf->length == ret) {
886 kfree(buf);
887 return ret;
888 }
889
890 if (iov_iter_count(iter)) {
891 ret = -EFAULT;
892 } else {
893 buf->length -= ret;
894 buf->data += ret;
895 }
896
897 if (cmpxchg(&epfile->read_buffer, NULL, buf))
898 kfree(buf);
899
900 return ret;
901}
902
903
904static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
905 void *data, int data_len,
906 struct iov_iter *iter)
907{
908 struct ffs_buffer *buf;
909
910 ssize_t ret = copy_to_iter(data, data_len, iter);
911 if (data_len == ret)
912 return ret;
913
914 if (iov_iter_count(iter))
915 return -EFAULT;
916
917
918 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
919 data_len, ret);
920
921 data_len -= ret;
922 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
923 if (!buf)
924 return -ENOMEM;
925 buf->length = data_len;
926 buf->data = buf->storage;
927 memcpy(buf->storage, data + ret, data_len);
928
929
930
931
932
933
934
935 if (cmpxchg(&epfile->read_buffer, NULL, buf))
936 kfree(buf);
937
938 return ret;
939}
940
941static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
942{
943 struct ffs_epfile *epfile = file->private_data;
944 struct usb_request *req;
945 struct ffs_ep *ep;
946 char *data = NULL;
947 ssize_t ret, data_len = -EINVAL;
948 int halt;
949
950
951 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
952 return -ENODEV;
953
954
955 ep = epfile->ep;
956 if (!ep) {
957 if (file->f_flags & O_NONBLOCK)
958 return -EAGAIN;
959
960 ret = wait_event_interruptible(
961 epfile->ffs->wait, (ep = epfile->ep));
962 if (ret)
963 return -EINTR;
964 }
965
966
967 halt = (!io_data->read == !epfile->in);
968 if (halt && epfile->isoc)
969 return -EINVAL;
970
971
972 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
973 if (ret)
974 goto error;
975
976
977 if (!halt) {
978 struct usb_gadget *gadget;
979
980
981
982
983
984
985
986
987 if (!io_data->aio && io_data->read) {
988 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
989 if (ret)
990 goto error_mutex;
991 }
992
993
994
995
996
997
998 gadget = epfile->ffs->gadget;
999
1000 spin_lock_irq(&epfile->ffs->eps_lock);
1001
1002 if (epfile->ep != ep) {
1003 ret = -ESHUTDOWN;
1004 goto error_lock;
1005 }
1006 data_len = iov_iter_count(&io_data->data);
1007
1008
1009
1010
1011 if (io_data->read)
1012 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
1013
1014 io_data->use_sg = gadget->sg_supported && data_len > PAGE_SIZE;
1015 spin_unlock_irq(&epfile->ffs->eps_lock);
1016
1017 data = ffs_alloc_buffer(io_data, data_len);
1018 if (!data) {
1019 ret = -ENOMEM;
1020 goto error_mutex;
1021 }
1022 if (!io_data->read &&
1023 !copy_from_iter_full(data, data_len, &io_data->data)) {
1024 ret = -EFAULT;
1025 goto error_mutex;
1026 }
1027 }
1028
1029 spin_lock_irq(&epfile->ffs->eps_lock);
1030
1031 if (epfile->ep != ep) {
1032
1033 ret = -ESHUTDOWN;
1034 } else if (halt) {
1035 ret = usb_ep_set_halt(ep->ep);
1036 if (!ret)
1037 ret = -EBADMSG;
1038 } else if (data_len == -EINVAL) {
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050 WARN(1, "%s: data_len == -EINVAL\n", __func__);
1051 ret = -EINVAL;
1052 } else if (!io_data->aio) {
1053 DECLARE_COMPLETION_ONSTACK(done);
1054 bool interrupted = false;
1055
1056 req = ep->req;
1057 if (io_data->use_sg) {
1058 req->buf = NULL;
1059 req->sg = io_data->sgt.sgl;
1060 req->num_sgs = io_data->sgt.nents;
1061 } else {
1062 req->buf = data;
1063 req->num_sgs = 0;
1064 }
1065 req->length = data_len;
1066
1067 io_data->buf = data;
1068
1069 req->context = &done;
1070 req->complete = ffs_epfile_io_complete;
1071
1072 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1073 if (ret < 0)
1074 goto error_lock;
1075
1076 spin_unlock_irq(&epfile->ffs->eps_lock);
1077
1078 if (wait_for_completion_interruptible(&done)) {
1079
1080
1081
1082
1083
1084
1085 usb_ep_dequeue(ep->ep, req);
1086 wait_for_completion(&done);
1087 interrupted = ep->status < 0;
1088 }
1089
1090 if (interrupted)
1091 ret = -EINTR;
1092 else if (io_data->read && ep->status > 0)
1093 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1094 &io_data->data);
1095 else
1096 ret = ep->status;
1097 goto error_mutex;
1098 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
1099 ret = -ENOMEM;
1100 } else {
1101 if (io_data->use_sg) {
1102 req->buf = NULL;
1103 req->sg = io_data->sgt.sgl;
1104 req->num_sgs = io_data->sgt.nents;
1105 } else {
1106 req->buf = data;
1107 req->num_sgs = 0;
1108 }
1109 req->length = data_len;
1110
1111 io_data->buf = data;
1112 io_data->ep = ep->ep;
1113 io_data->req = req;
1114 io_data->ffs = epfile->ffs;
1115
1116 req->context = io_data;
1117 req->complete = ffs_epfile_async_io_complete;
1118
1119 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1120 if (ret) {
1121 io_data->req = NULL;
1122 usb_ep_free_request(ep->ep, req);
1123 goto error_lock;
1124 }
1125
1126 ret = -EIOCBQUEUED;
1127
1128
1129
1130
1131 data = NULL;
1132 }
1133
1134error_lock:
1135 spin_unlock_irq(&epfile->ffs->eps_lock);
1136error_mutex:
1137 mutex_unlock(&epfile->mutex);
1138error:
1139 if (ret != -EIOCBQUEUED)
1140 ffs_free_buffer(io_data);
1141 return ret;
1142}
1143
1144static int
1145ffs_epfile_open(struct inode *inode, struct file *file)
1146{
1147 struct ffs_epfile *epfile = inode->i_private;
1148
1149 ENTER();
1150
1151 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1152 return -ENODEV;
1153
1154 file->private_data = epfile;
1155 ffs_data_opened(epfile->ffs);
1156
1157 return 0;
1158}
1159
1160static int ffs_aio_cancel(struct kiocb *kiocb)
1161{
1162 struct ffs_io_data *io_data = kiocb->private;
1163 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1164 unsigned long flags;
1165 int value;
1166
1167 ENTER();
1168
1169 spin_lock_irqsave(&epfile->ffs->eps_lock, flags);
1170
1171 if (io_data && io_data->ep && io_data->req)
1172 value = usb_ep_dequeue(io_data->ep, io_data->req);
1173 else
1174 value = -EINVAL;
1175
1176 spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags);
1177
1178 return value;
1179}
1180
1181static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
1182{
1183 struct ffs_io_data io_data, *p = &io_data;
1184 ssize_t res;
1185
1186 ENTER();
1187
1188 if (!is_sync_kiocb(kiocb)) {
1189 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1190 if (!p)
1191 return -ENOMEM;
1192 p->aio = true;
1193 } else {
1194 memset(p, 0, sizeof(*p));
1195 p->aio = false;
1196 }
1197
1198 p->read = false;
1199 p->kiocb = kiocb;
1200 p->data = *from;
1201 p->mm = current->mm;
1202
1203 kiocb->private = p;
1204
1205 if (p->aio)
1206 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1207
1208 res = ffs_epfile_io(kiocb->ki_filp, p);
1209 if (res == -EIOCBQUEUED)
1210 return res;
1211 if (p->aio)
1212 kfree(p);
1213 else
1214 *from = p->data;
1215 return res;
1216}
1217
1218static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
1219{
1220 struct ffs_io_data io_data, *p = &io_data;
1221 ssize_t res;
1222
1223 ENTER();
1224
1225 if (!is_sync_kiocb(kiocb)) {
1226 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1227 if (!p)
1228 return -ENOMEM;
1229 p->aio = true;
1230 } else {
1231 memset(p, 0, sizeof(*p));
1232 p->aio = false;
1233 }
1234
1235 p->read = true;
1236 p->kiocb = kiocb;
1237 if (p->aio) {
1238 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1239 if (!p->to_free) {
1240 kfree(p);
1241 return -ENOMEM;
1242 }
1243 } else {
1244 p->data = *to;
1245 p->to_free = NULL;
1246 }
1247 p->mm = current->mm;
1248
1249 kiocb->private = p;
1250
1251 if (p->aio)
1252 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1253
1254 res = ffs_epfile_io(kiocb->ki_filp, p);
1255 if (res == -EIOCBQUEUED)
1256 return res;
1257
1258 if (p->aio) {
1259 kfree(p->to_free);
1260 kfree(p);
1261 } else {
1262 *to = p->data;
1263 }
1264 return res;
1265}
1266
1267static int
1268ffs_epfile_release(struct inode *inode, struct file *file)
1269{
1270 struct ffs_epfile *epfile = inode->i_private;
1271
1272 ENTER();
1273
1274 __ffs_epfile_read_buffer_free(epfile);
1275 ffs_data_closed(epfile->ffs);
1276
1277 return 0;
1278}
1279
1280static long ffs_epfile_ioctl(struct file *file, unsigned code,
1281 unsigned long value)
1282{
1283 struct ffs_epfile *epfile = file->private_data;
1284 struct ffs_ep *ep;
1285 int ret;
1286
1287 ENTER();
1288
1289 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1290 return -ENODEV;
1291
1292
1293 ep = epfile->ep;
1294 if (!ep) {
1295 if (file->f_flags & O_NONBLOCK)
1296 return -EAGAIN;
1297
1298 ret = wait_event_interruptible(
1299 epfile->ffs->wait, (ep = epfile->ep));
1300 if (ret)
1301 return -EINTR;
1302 }
1303
1304 spin_lock_irq(&epfile->ffs->eps_lock);
1305
1306
1307 if (epfile->ep != ep) {
1308 spin_unlock_irq(&epfile->ffs->eps_lock);
1309 return -ESHUTDOWN;
1310 }
1311
1312 switch (code) {
1313 case FUNCTIONFS_FIFO_STATUS:
1314 ret = usb_ep_fifo_status(epfile->ep->ep);
1315 break;
1316 case FUNCTIONFS_FIFO_FLUSH:
1317 usb_ep_fifo_flush(epfile->ep->ep);
1318 ret = 0;
1319 break;
1320 case FUNCTIONFS_CLEAR_HALT:
1321 ret = usb_ep_clear_halt(epfile->ep->ep);
1322 break;
1323 case FUNCTIONFS_ENDPOINT_REVMAP:
1324 ret = epfile->ep->num;
1325 break;
1326 case FUNCTIONFS_ENDPOINT_DESC:
1327 {
1328 int desc_idx;
1329 struct usb_endpoint_descriptor desc1, *desc;
1330
1331 switch (epfile->ffs->gadget->speed) {
1332 case USB_SPEED_SUPER:
1333 case USB_SPEED_SUPER_PLUS:
1334 desc_idx = 2;
1335 break;
1336 case USB_SPEED_HIGH:
1337 desc_idx = 1;
1338 break;
1339 default:
1340 desc_idx = 0;
1341 }
1342
1343 desc = epfile->ep->descs[desc_idx];
1344 memcpy(&desc1, desc, desc->bLength);
1345
1346 spin_unlock_irq(&epfile->ffs->eps_lock);
1347 ret = copy_to_user((void __user *)value, &desc1, desc1.bLength);
1348 if (ret)
1349 ret = -EFAULT;
1350 return ret;
1351 }
1352 default:
1353 ret = -ENOTTY;
1354 }
1355 spin_unlock_irq(&epfile->ffs->eps_lock);
1356
1357 return ret;
1358}
1359
1360static const struct file_operations ffs_epfile_operations = {
1361 .llseek = no_llseek,
1362
1363 .open = ffs_epfile_open,
1364 .write_iter = ffs_epfile_write_iter,
1365 .read_iter = ffs_epfile_read_iter,
1366 .release = ffs_epfile_release,
1367 .unlocked_ioctl = ffs_epfile_ioctl,
1368 .compat_ioctl = compat_ptr_ioctl,
1369};
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379static struct inode *__must_check
1380ffs_sb_make_inode(struct super_block *sb, void *data,
1381 const struct file_operations *fops,
1382 const struct inode_operations *iops,
1383 struct ffs_file_perms *perms)
1384{
1385 struct inode *inode;
1386
1387 ENTER();
1388
1389 inode = new_inode(sb);
1390
1391 if (inode) {
1392 struct timespec64 ts = current_time(inode);
1393
1394 inode->i_ino = get_next_ino();
1395 inode->i_mode = perms->mode;
1396 inode->i_uid = perms->uid;
1397 inode->i_gid = perms->gid;
1398 inode->i_atime = ts;
1399 inode->i_mtime = ts;
1400 inode->i_ctime = ts;
1401 inode->i_private = data;
1402 if (fops)
1403 inode->i_fop = fops;
1404 if (iops)
1405 inode->i_op = iops;
1406 }
1407
1408 return inode;
1409}
1410
1411
1412static struct dentry *ffs_sb_create_file(struct super_block *sb,
1413 const char *name, void *data,
1414 const struct file_operations *fops)
1415{
1416 struct ffs_data *ffs = sb->s_fs_info;
1417 struct dentry *dentry;
1418 struct inode *inode;
1419
1420 ENTER();
1421
1422 dentry = d_alloc_name(sb->s_root, name);
1423 if (!dentry)
1424 return NULL;
1425
1426 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1427 if (!inode) {
1428 dput(dentry);
1429 return NULL;
1430 }
1431
1432 d_add(dentry, inode);
1433 return dentry;
1434}
1435
1436
1437static const struct super_operations ffs_sb_operations = {
1438 .statfs = simple_statfs,
1439 .drop_inode = generic_delete_inode,
1440};
1441
1442struct ffs_sb_fill_data {
1443 struct ffs_file_perms perms;
1444 umode_t root_mode;
1445 const char *dev_name;
1446 bool no_disconnect;
1447 struct ffs_data *ffs_data;
1448};
1449
1450static int ffs_sb_fill(struct super_block *sb, struct fs_context *fc)
1451{
1452 struct ffs_sb_fill_data *data = fc->fs_private;
1453 struct inode *inode;
1454 struct ffs_data *ffs = data->ffs_data;
1455
1456 ENTER();
1457
1458 ffs->sb = sb;
1459 data->ffs_data = NULL;
1460 sb->s_fs_info = ffs;
1461 sb->s_blocksize = PAGE_SIZE;
1462 sb->s_blocksize_bits = PAGE_SHIFT;
1463 sb->s_magic = FUNCTIONFS_MAGIC;
1464 sb->s_op = &ffs_sb_operations;
1465 sb->s_time_gran = 1;
1466
1467
1468 data->perms.mode = data->root_mode;
1469 inode = ffs_sb_make_inode(sb, NULL,
1470 &simple_dir_operations,
1471 &simple_dir_inode_operations,
1472 &data->perms);
1473 sb->s_root = d_make_root(inode);
1474 if (!sb->s_root)
1475 return -ENOMEM;
1476
1477
1478 if (!ffs_sb_create_file(sb, "ep0", ffs, &ffs_ep0_operations))
1479 return -ENOMEM;
1480
1481 return 0;
1482}
1483
1484enum {
1485 Opt_no_disconnect,
1486 Opt_rmode,
1487 Opt_fmode,
1488 Opt_mode,
1489 Opt_uid,
1490 Opt_gid,
1491};
1492
1493static const struct fs_parameter_spec ffs_fs_fs_parameters[] = {
1494 fsparam_bool ("no_disconnect", Opt_no_disconnect),
1495 fsparam_u32 ("rmode", Opt_rmode),
1496 fsparam_u32 ("fmode", Opt_fmode),
1497 fsparam_u32 ("mode", Opt_mode),
1498 fsparam_u32 ("uid", Opt_uid),
1499 fsparam_u32 ("gid", Opt_gid),
1500 {}
1501};
1502
1503static int ffs_fs_parse_param(struct fs_context *fc, struct fs_parameter *param)
1504{
1505 struct ffs_sb_fill_data *data = fc->fs_private;
1506 struct fs_parse_result result;
1507 int opt;
1508
1509 ENTER();
1510
1511 opt = fs_parse(fc, ffs_fs_fs_parameters, param, &result);
1512 if (opt < 0)
1513 return opt;
1514
1515 switch (opt) {
1516 case Opt_no_disconnect:
1517 data->no_disconnect = result.boolean;
1518 break;
1519 case Opt_rmode:
1520 data->root_mode = (result.uint_32 & 0555) | S_IFDIR;
1521 break;
1522 case Opt_fmode:
1523 data->perms.mode = (result.uint_32 & 0666) | S_IFREG;
1524 break;
1525 case Opt_mode:
1526 data->root_mode = (result.uint_32 & 0555) | S_IFDIR;
1527 data->perms.mode = (result.uint_32 & 0666) | S_IFREG;
1528 break;
1529
1530 case Opt_uid:
1531 data->perms.uid = make_kuid(current_user_ns(), result.uint_32);
1532 if (!uid_valid(data->perms.uid))
1533 goto unmapped_value;
1534 break;
1535 case Opt_gid:
1536 data->perms.gid = make_kgid(current_user_ns(), result.uint_32);
1537 if (!gid_valid(data->perms.gid))
1538 goto unmapped_value;
1539 break;
1540
1541 default:
1542 return -ENOPARAM;
1543 }
1544
1545 return 0;
1546
1547unmapped_value:
1548 return invalf(fc, "%s: unmapped value: %u", param->key, result.uint_32);
1549}
1550
1551
1552
1553
1554static int ffs_fs_get_tree(struct fs_context *fc)
1555{
1556 struct ffs_sb_fill_data *ctx = fc->fs_private;
1557 struct ffs_data *ffs;
1558 int ret;
1559
1560 ENTER();
1561
1562 if (!fc->source)
1563 return invalf(fc, "No source specified");
1564
1565 ffs = ffs_data_new(fc->source);
1566 if (!ffs)
1567 return -ENOMEM;
1568 ffs->file_perms = ctx->perms;
1569 ffs->no_disconnect = ctx->no_disconnect;
1570
1571 ffs->dev_name = kstrdup(fc->source, GFP_KERNEL);
1572 if (!ffs->dev_name) {
1573 ffs_data_put(ffs);
1574 return -ENOMEM;
1575 }
1576
1577 ret = ffs_acquire_dev(ffs->dev_name, ffs);
1578 if (ret) {
1579 ffs_data_put(ffs);
1580 return ret;
1581 }
1582
1583 ctx->ffs_data = ffs;
1584 return get_tree_nodev(fc, ffs_sb_fill);
1585}
1586
1587static void ffs_fs_free_fc(struct fs_context *fc)
1588{
1589 struct ffs_sb_fill_data *ctx = fc->fs_private;
1590
1591 if (ctx) {
1592 if (ctx->ffs_data) {
1593 ffs_data_put(ctx->ffs_data);
1594 }
1595
1596 kfree(ctx);
1597 }
1598}
1599
1600static const struct fs_context_operations ffs_fs_context_ops = {
1601 .free = ffs_fs_free_fc,
1602 .parse_param = ffs_fs_parse_param,
1603 .get_tree = ffs_fs_get_tree,
1604};
1605
1606static int ffs_fs_init_fs_context(struct fs_context *fc)
1607{
1608 struct ffs_sb_fill_data *ctx;
1609
1610 ctx = kzalloc(sizeof(struct ffs_sb_fill_data), GFP_KERNEL);
1611 if (!ctx)
1612 return -ENOMEM;
1613
1614 ctx->perms.mode = S_IFREG | 0600;
1615 ctx->perms.uid = GLOBAL_ROOT_UID;
1616 ctx->perms.gid = GLOBAL_ROOT_GID;
1617 ctx->root_mode = S_IFDIR | 0500;
1618 ctx->no_disconnect = false;
1619
1620 fc->fs_private = ctx;
1621 fc->ops = &ffs_fs_context_ops;
1622 return 0;
1623}
1624
1625static void
1626ffs_fs_kill_sb(struct super_block *sb)
1627{
1628 ENTER();
1629
1630 kill_litter_super(sb);
1631 if (sb->s_fs_info)
1632 ffs_data_closed(sb->s_fs_info);
1633}
1634
1635static struct file_system_type ffs_fs_type = {
1636 .owner = THIS_MODULE,
1637 .name = "functionfs",
1638 .init_fs_context = ffs_fs_init_fs_context,
1639 .parameters = ffs_fs_fs_parameters,
1640 .kill_sb = ffs_fs_kill_sb,
1641};
1642MODULE_ALIAS_FS("functionfs");
1643
1644
1645
1646
1647static int functionfs_init(void)
1648{
1649 int ret;
1650
1651 ENTER();
1652
1653 ret = register_filesystem(&ffs_fs_type);
1654 if (!ret)
1655 pr_info("file system registered\n");
1656 else
1657 pr_err("failed registering file system (%d)\n", ret);
1658
1659 return ret;
1660}
1661
1662static void functionfs_cleanup(void)
1663{
1664 ENTER();
1665
1666 pr_info("unloading\n");
1667 unregister_filesystem(&ffs_fs_type);
1668}
1669
1670
1671
1672
1673static void ffs_data_clear(struct ffs_data *ffs);
1674static void ffs_data_reset(struct ffs_data *ffs);
1675
1676static void ffs_data_get(struct ffs_data *ffs)
1677{
1678 ENTER();
1679
1680 refcount_inc(&ffs->ref);
1681}
1682
1683static void ffs_data_opened(struct ffs_data *ffs)
1684{
1685 ENTER();
1686
1687 refcount_inc(&ffs->ref);
1688 if (atomic_add_return(1, &ffs->opened) == 1 &&
1689 ffs->state == FFS_DEACTIVATED) {
1690 ffs->state = FFS_CLOSING;
1691 ffs_data_reset(ffs);
1692 }
1693}
1694
1695static void ffs_data_put(struct ffs_data *ffs)
1696{
1697 ENTER();
1698
1699 if (refcount_dec_and_test(&ffs->ref)) {
1700 pr_info("%s(): freeing\n", __func__);
1701 ffs_data_clear(ffs);
1702 ffs_release_dev(ffs->private_data);
1703 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1704 swait_active(&ffs->ep0req_completion.wait) ||
1705 waitqueue_active(&ffs->wait));
1706 destroy_workqueue(ffs->io_completion_wq);
1707 kfree(ffs->dev_name);
1708 kfree(ffs);
1709 }
1710}
1711
1712static void ffs_data_closed(struct ffs_data *ffs)
1713{
1714 ENTER();
1715
1716 if (atomic_dec_and_test(&ffs->opened)) {
1717 if (ffs->no_disconnect) {
1718 ffs->state = FFS_DEACTIVATED;
1719 if (ffs->epfiles) {
1720 ffs_epfiles_destroy(ffs->epfiles,
1721 ffs->eps_count);
1722 ffs->epfiles = NULL;
1723 }
1724 if (ffs->setup_state == FFS_SETUP_PENDING)
1725 __ffs_ep0_stall(ffs);
1726 } else {
1727 ffs->state = FFS_CLOSING;
1728 ffs_data_reset(ffs);
1729 }
1730 }
1731 if (atomic_read(&ffs->opened) < 0) {
1732 ffs->state = FFS_CLOSING;
1733 ffs_data_reset(ffs);
1734 }
1735
1736 ffs_data_put(ffs);
1737}
1738
1739static struct ffs_data *ffs_data_new(const char *dev_name)
1740{
1741 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1742 if (!ffs)
1743 return NULL;
1744
1745 ENTER();
1746
1747 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1748 if (!ffs->io_completion_wq) {
1749 kfree(ffs);
1750 return NULL;
1751 }
1752
1753 refcount_set(&ffs->ref, 1);
1754 atomic_set(&ffs->opened, 0);
1755 ffs->state = FFS_READ_DESCRIPTORS;
1756 mutex_init(&ffs->mutex);
1757 spin_lock_init(&ffs->eps_lock);
1758 init_waitqueue_head(&ffs->ev.waitq);
1759 init_waitqueue_head(&ffs->wait);
1760 init_completion(&ffs->ep0req_completion);
1761
1762
1763 ffs->ev.can_stall = 1;
1764
1765 return ffs;
1766}
1767
1768static void ffs_data_clear(struct ffs_data *ffs)
1769{
1770 ENTER();
1771
1772 ffs_closed(ffs);
1773
1774 BUG_ON(ffs->gadget);
1775
1776 if (ffs->epfiles) {
1777 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1778 ffs->epfiles = NULL;
1779 }
1780
1781 if (ffs->ffs_eventfd) {
1782 eventfd_ctx_put(ffs->ffs_eventfd);
1783 ffs->ffs_eventfd = NULL;
1784 }
1785
1786 kfree(ffs->raw_descs_data);
1787 kfree(ffs->raw_strings);
1788 kfree(ffs->stringtabs);
1789}
1790
1791static void ffs_data_reset(struct ffs_data *ffs)
1792{
1793 ENTER();
1794
1795 ffs_data_clear(ffs);
1796
1797 ffs->raw_descs_data = NULL;
1798 ffs->raw_descs = NULL;
1799 ffs->raw_strings = NULL;
1800 ffs->stringtabs = NULL;
1801
1802 ffs->raw_descs_length = 0;
1803 ffs->fs_descs_count = 0;
1804 ffs->hs_descs_count = 0;
1805 ffs->ss_descs_count = 0;
1806
1807 ffs->strings_count = 0;
1808 ffs->interfaces_count = 0;
1809 ffs->eps_count = 0;
1810
1811 ffs->ev.count = 0;
1812
1813 ffs->state = FFS_READ_DESCRIPTORS;
1814 ffs->setup_state = FFS_NO_SETUP;
1815 ffs->flags = 0;
1816
1817 ffs->ms_os_descs_ext_prop_count = 0;
1818 ffs->ms_os_descs_ext_prop_name_len = 0;
1819 ffs->ms_os_descs_ext_prop_data_len = 0;
1820}
1821
1822
1823static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1824{
1825 struct usb_gadget_strings **lang;
1826 int first_id;
1827
1828 ENTER();
1829
1830 if (WARN_ON(ffs->state != FFS_ACTIVE
1831 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1832 return -EBADFD;
1833
1834 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1835 if (first_id < 0)
1836 return first_id;
1837
1838 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1839 if (!ffs->ep0req)
1840 return -ENOMEM;
1841 ffs->ep0req->complete = ffs_ep0_complete;
1842 ffs->ep0req->context = ffs;
1843
1844 lang = ffs->stringtabs;
1845 if (lang) {
1846 for (; *lang; ++lang) {
1847 struct usb_string *str = (*lang)->strings;
1848 int id = first_id;
1849 for (; str->s; ++id, ++str)
1850 str->id = id;
1851 }
1852 }
1853
1854 ffs->gadget = cdev->gadget;
1855 ffs_data_get(ffs);
1856 return 0;
1857}
1858
1859static void functionfs_unbind(struct ffs_data *ffs)
1860{
1861 ENTER();
1862
1863 if (!WARN_ON(!ffs->gadget)) {
1864 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1865 ffs->ep0req = NULL;
1866 ffs->gadget = NULL;
1867 clear_bit(FFS_FL_BOUND, &ffs->flags);
1868 ffs_data_put(ffs);
1869 }
1870}
1871
1872static int ffs_epfiles_create(struct ffs_data *ffs)
1873{
1874 struct ffs_epfile *epfile, *epfiles;
1875 unsigned i, count;
1876
1877 ENTER();
1878
1879 count = ffs->eps_count;
1880 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1881 if (!epfiles)
1882 return -ENOMEM;
1883
1884 epfile = epfiles;
1885 for (i = 1; i <= count; ++i, ++epfile) {
1886 epfile->ffs = ffs;
1887 mutex_init(&epfile->mutex);
1888 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1889 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1890 else
1891 sprintf(epfile->name, "ep%u", i);
1892 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1893 epfile,
1894 &ffs_epfile_operations);
1895 if (!epfile->dentry) {
1896 ffs_epfiles_destroy(epfiles, i - 1);
1897 return -ENOMEM;
1898 }
1899 }
1900
1901 ffs->epfiles = epfiles;
1902 return 0;
1903}
1904
1905static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1906{
1907 struct ffs_epfile *epfile = epfiles;
1908
1909 ENTER();
1910
1911 for (; count; --count, ++epfile) {
1912 BUG_ON(mutex_is_locked(&epfile->mutex));
1913 if (epfile->dentry) {
1914 d_delete(epfile->dentry);
1915 dput(epfile->dentry);
1916 epfile->dentry = NULL;
1917 }
1918 }
1919
1920 kfree(epfiles);
1921}
1922
1923static void ffs_func_eps_disable(struct ffs_function *func)
1924{
1925 struct ffs_ep *ep = func->eps;
1926 struct ffs_epfile *epfile = func->ffs->epfiles;
1927 unsigned count = func->ffs->eps_count;
1928 unsigned long flags;
1929
1930 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1931 while (count--) {
1932
1933 if (ep->ep)
1934 usb_ep_disable(ep->ep);
1935 ++ep;
1936
1937 if (epfile) {
1938 epfile->ep = NULL;
1939 __ffs_epfile_read_buffer_free(epfile);
1940 ++epfile;
1941 }
1942 }
1943 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1944}
1945
1946static int ffs_func_eps_enable(struct ffs_function *func)
1947{
1948 struct ffs_data *ffs = func->ffs;
1949 struct ffs_ep *ep = func->eps;
1950 struct ffs_epfile *epfile = ffs->epfiles;
1951 unsigned count = ffs->eps_count;
1952 unsigned long flags;
1953 int ret = 0;
1954
1955 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1956 while(count--) {
1957 ep->ep->driver_data = ep;
1958
1959 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1960 if (ret) {
1961 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1962 __func__, ep->ep->name, ret);
1963 break;
1964 }
1965
1966 ret = usb_ep_enable(ep->ep);
1967 if (!ret) {
1968 epfile->ep = ep;
1969 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1970 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
1971 } else {
1972 break;
1973 }
1974
1975 ++ep;
1976 ++epfile;
1977 }
1978
1979 wake_up_interruptible(&ffs->wait);
1980 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1981
1982 return ret;
1983}
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995enum ffs_entity_type {
1996 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1997};
1998
1999enum ffs_os_desc_type {
2000 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
2001};
2002
2003typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
2004 u8 *valuep,
2005 struct usb_descriptor_header *desc,
2006 void *priv);
2007
2008typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
2009 struct usb_os_desc_header *h, void *data,
2010 unsigned len, void *priv);
2011
2012static int __must_check ffs_do_single_desc(char *data, unsigned len,
2013 ffs_entity_callback entity,
2014 void *priv, int *current_class)
2015{
2016 struct usb_descriptor_header *_ds = (void *)data;
2017 u8 length;
2018 int ret;
2019
2020 ENTER();
2021
2022
2023 if (len < 2) {
2024 pr_vdebug("descriptor too short\n");
2025 return -EINVAL;
2026 }
2027
2028
2029 length = _ds->bLength;
2030 if (len < length) {
2031 pr_vdebug("descriptor longer then available data\n");
2032 return -EINVAL;
2033 }
2034
2035#define __entity_check_INTERFACE(val) 1
2036#define __entity_check_STRING(val) (val)
2037#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
2038#define __entity(type, val) do { \
2039 pr_vdebug("entity " #type "(%02x)\n", (val)); \
2040 if (!__entity_check_ ##type(val)) { \
2041 pr_vdebug("invalid entity's value\n"); \
2042 return -EINVAL; \
2043 } \
2044 ret = entity(FFS_ ##type, &val, _ds, priv); \
2045 if (ret < 0) { \
2046 pr_debug("entity " #type "(%02x); ret = %d\n", \
2047 (val), ret); \
2048 return ret; \
2049 } \
2050 } while (0)
2051
2052
2053 switch (_ds->bDescriptorType) {
2054 case USB_DT_DEVICE:
2055 case USB_DT_CONFIG:
2056 case USB_DT_STRING:
2057 case USB_DT_DEVICE_QUALIFIER:
2058
2059 pr_vdebug("descriptor reserved for gadget: %d\n",
2060 _ds->bDescriptorType);
2061 return -EINVAL;
2062
2063 case USB_DT_INTERFACE: {
2064 struct usb_interface_descriptor *ds = (void *)_ds;
2065 pr_vdebug("interface descriptor\n");
2066 if (length != sizeof *ds)
2067 goto inv_length;
2068
2069 __entity(INTERFACE, ds->bInterfaceNumber);
2070 if (ds->iInterface)
2071 __entity(STRING, ds->iInterface);
2072 *current_class = ds->bInterfaceClass;
2073 }
2074 break;
2075
2076 case USB_DT_ENDPOINT: {
2077 struct usb_endpoint_descriptor *ds = (void *)_ds;
2078 pr_vdebug("endpoint descriptor\n");
2079 if (length != USB_DT_ENDPOINT_SIZE &&
2080 length != USB_DT_ENDPOINT_AUDIO_SIZE)
2081 goto inv_length;
2082 __entity(ENDPOINT, ds->bEndpointAddress);
2083 }
2084 break;
2085
2086 case USB_TYPE_CLASS | 0x01:
2087 if (*current_class == USB_INTERFACE_CLASS_HID) {
2088 pr_vdebug("hid descriptor\n");
2089 if (length != sizeof(struct hid_descriptor))
2090 goto inv_length;
2091 break;
2092 } else if (*current_class == USB_INTERFACE_CLASS_CCID) {
2093 pr_vdebug("ccid descriptor\n");
2094 if (length != sizeof(struct ccid_descriptor))
2095 goto inv_length;
2096 break;
2097 } else {
2098 pr_vdebug("unknown descriptor: %d for class %d\n",
2099 _ds->bDescriptorType, *current_class);
2100 return -EINVAL;
2101 }
2102
2103 case USB_DT_OTG:
2104 if (length != sizeof(struct usb_otg_descriptor))
2105 goto inv_length;
2106 break;
2107
2108 case USB_DT_INTERFACE_ASSOCIATION: {
2109 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
2110 pr_vdebug("interface association descriptor\n");
2111 if (length != sizeof *ds)
2112 goto inv_length;
2113 if (ds->iFunction)
2114 __entity(STRING, ds->iFunction);
2115 }
2116 break;
2117
2118 case USB_DT_SS_ENDPOINT_COMP:
2119 pr_vdebug("EP SS companion descriptor\n");
2120 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2121 goto inv_length;
2122 break;
2123
2124 case USB_DT_OTHER_SPEED_CONFIG:
2125 case USB_DT_INTERFACE_POWER:
2126 case USB_DT_DEBUG:
2127 case USB_DT_SECURITY:
2128 case USB_DT_CS_RADIO_CONTROL:
2129
2130 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2131 return -EINVAL;
2132
2133 default:
2134
2135 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2136 return -EINVAL;
2137
2138inv_length:
2139 pr_vdebug("invalid length: %d (descriptor %d)\n",
2140 _ds->bLength, _ds->bDescriptorType);
2141 return -EINVAL;
2142 }
2143
2144#undef __entity
2145#undef __entity_check_DESCRIPTOR
2146#undef __entity_check_INTERFACE
2147#undef __entity_check_STRING
2148#undef __entity_check_ENDPOINT
2149
2150 return length;
2151}
2152
2153static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2154 ffs_entity_callback entity, void *priv)
2155{
2156 const unsigned _len = len;
2157 unsigned long num = 0;
2158 int current_class = -1;
2159
2160 ENTER();
2161
2162 for (;;) {
2163 int ret;
2164
2165 if (num == count)
2166 data = NULL;
2167
2168
2169 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2170 if (ret < 0) {
2171 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2172 num, ret);
2173 return ret;
2174 }
2175
2176 if (!data)
2177 return _len - len;
2178
2179 ret = ffs_do_single_desc(data, len, entity, priv,
2180 ¤t_class);
2181 if (ret < 0) {
2182 pr_debug("%s returns %d\n", __func__, ret);
2183 return ret;
2184 }
2185
2186 len -= ret;
2187 data += ret;
2188 ++num;
2189 }
2190}
2191
2192static int __ffs_data_do_entity(enum ffs_entity_type type,
2193 u8 *valuep, struct usb_descriptor_header *desc,
2194 void *priv)
2195{
2196 struct ffs_desc_helper *helper = priv;
2197 struct usb_endpoint_descriptor *d;
2198
2199 ENTER();
2200
2201 switch (type) {
2202 case FFS_DESCRIPTOR:
2203 break;
2204
2205 case FFS_INTERFACE:
2206
2207
2208
2209
2210
2211 if (*valuep >= helper->interfaces_count)
2212 helper->interfaces_count = *valuep + 1;
2213 break;
2214
2215 case FFS_STRING:
2216
2217
2218
2219
2220 if (*valuep > helper->ffs->strings_count)
2221 helper->ffs->strings_count = *valuep;
2222 break;
2223
2224 case FFS_ENDPOINT:
2225 d = (void *)desc;
2226 helper->eps_count++;
2227 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
2228 return -EINVAL;
2229
2230 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2231 helper->ffs->eps_addrmap[helper->eps_count] =
2232 d->bEndpointAddress;
2233 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2234 d->bEndpointAddress)
2235 return -EINVAL;
2236 break;
2237 }
2238
2239 return 0;
2240}
2241
2242static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2243 struct usb_os_desc_header *desc)
2244{
2245 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2246 u16 w_index = le16_to_cpu(desc->wIndex);
2247
2248 if (bcd_version != 1) {
2249 pr_vdebug("unsupported os descriptors version: %d",
2250 bcd_version);
2251 return -EINVAL;
2252 }
2253 switch (w_index) {
2254 case 0x4:
2255 *next_type = FFS_OS_DESC_EXT_COMPAT;
2256 break;
2257 case 0x5:
2258 *next_type = FFS_OS_DESC_EXT_PROP;
2259 break;
2260 default:
2261 pr_vdebug("unsupported os descriptor type: %d", w_index);
2262 return -EINVAL;
2263 }
2264
2265 return sizeof(*desc);
2266}
2267
2268
2269
2270
2271
2272static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2273 enum ffs_os_desc_type type,
2274 u16 feature_count,
2275 ffs_os_desc_callback entity,
2276 void *priv,
2277 struct usb_os_desc_header *h)
2278{
2279 int ret;
2280 const unsigned _len = len;
2281
2282 ENTER();
2283
2284
2285 while (feature_count--) {
2286 ret = entity(type, h, data, len, priv);
2287 if (ret < 0) {
2288 pr_debug("bad OS descriptor, type: %d\n", type);
2289 return ret;
2290 }
2291 data += ret;
2292 len -= ret;
2293 }
2294 return _len - len;
2295}
2296
2297
2298static int __must_check ffs_do_os_descs(unsigned count,
2299 char *data, unsigned len,
2300 ffs_os_desc_callback entity, void *priv)
2301{
2302 const unsigned _len = len;
2303 unsigned long num = 0;
2304
2305 ENTER();
2306
2307 for (num = 0; num < count; ++num) {
2308 int ret;
2309 enum ffs_os_desc_type type;
2310 u16 feature_count;
2311 struct usb_os_desc_header *desc = (void *)data;
2312
2313 if (len < sizeof(*desc))
2314 return -EINVAL;
2315
2316
2317
2318
2319
2320
2321
2322
2323 if (le32_to_cpu(desc->dwLength) > len)
2324 return -EINVAL;
2325
2326 ret = __ffs_do_os_desc_header(&type, desc);
2327 if (ret < 0) {
2328 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2329 num, ret);
2330 return ret;
2331 }
2332
2333
2334
2335 feature_count = le16_to_cpu(desc->wCount);
2336 if (type == FFS_OS_DESC_EXT_COMPAT &&
2337 (feature_count > 255 || desc->Reserved))
2338 return -EINVAL;
2339 len -= ret;
2340 data += ret;
2341
2342
2343
2344
2345
2346 ret = ffs_do_single_os_desc(data, len, type,
2347 feature_count, entity, priv, desc);
2348 if (ret < 0) {
2349 pr_debug("%s returns %d\n", __func__, ret);
2350 return ret;
2351 }
2352
2353 len -= ret;
2354 data += ret;
2355 }
2356 return _len - len;
2357}
2358
2359
2360
2361
2362static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2363 struct usb_os_desc_header *h, void *data,
2364 unsigned len, void *priv)
2365{
2366 struct ffs_data *ffs = priv;
2367 u8 length;
2368
2369 ENTER();
2370
2371 switch (type) {
2372 case FFS_OS_DESC_EXT_COMPAT: {
2373 struct usb_ext_compat_desc *d = data;
2374 int i;
2375
2376 if (len < sizeof(*d) ||
2377 d->bFirstInterfaceNumber >= ffs->interfaces_count)
2378 return -EINVAL;
2379 if (d->Reserved1 != 1) {
2380
2381
2382
2383
2384
2385
2386 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2387 d->Reserved1 = 1;
2388 }
2389 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2390 if (d->Reserved2[i])
2391 return -EINVAL;
2392
2393 length = sizeof(struct usb_ext_compat_desc);
2394 }
2395 break;
2396 case FFS_OS_DESC_EXT_PROP: {
2397 struct usb_ext_prop_desc *d = data;
2398 u32 type, pdl;
2399 u16 pnl;
2400
2401 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2402 return -EINVAL;
2403 length = le32_to_cpu(d->dwSize);
2404 if (len < length)
2405 return -EINVAL;
2406 type = le32_to_cpu(d->dwPropertyDataType);
2407 if (type < USB_EXT_PROP_UNICODE ||
2408 type > USB_EXT_PROP_UNICODE_MULTI) {
2409 pr_vdebug("unsupported os descriptor property type: %d",
2410 type);
2411 return -EINVAL;
2412 }
2413 pnl = le16_to_cpu(d->wPropertyNameLength);
2414 if (length < 14 + pnl) {
2415 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2416 length, pnl, type);
2417 return -EINVAL;
2418 }
2419 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
2420 if (length != 14 + pnl + pdl) {
2421 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2422 length, pnl, pdl, type);
2423 return -EINVAL;
2424 }
2425 ++ffs->ms_os_descs_ext_prop_count;
2426
2427 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2428 ffs->ms_os_descs_ext_prop_data_len += pdl;
2429 }
2430 break;
2431 default:
2432 pr_vdebug("unknown descriptor: %d\n", type);
2433 return -EINVAL;
2434 }
2435 return length;
2436}
2437
2438static int __ffs_data_got_descs(struct ffs_data *ffs,
2439 char *const _data, size_t len)
2440{
2441 char *data = _data, *raw_descs;
2442 unsigned os_descs_count = 0, counts[3], flags;
2443 int ret = -EINVAL, i;
2444 struct ffs_desc_helper helper;
2445
2446 ENTER();
2447
2448 if (get_unaligned_le32(data + 4) != len)
2449 goto error;
2450
2451 switch (get_unaligned_le32(data)) {
2452 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2453 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2454 data += 8;
2455 len -= 8;
2456 break;
2457 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2458 flags = get_unaligned_le32(data + 8);
2459 ffs->user_flags = flags;
2460 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2461 FUNCTIONFS_HAS_HS_DESC |
2462 FUNCTIONFS_HAS_SS_DESC |
2463 FUNCTIONFS_HAS_MS_OS_DESC |
2464 FUNCTIONFS_VIRTUAL_ADDR |
2465 FUNCTIONFS_EVENTFD |
2466 FUNCTIONFS_ALL_CTRL_RECIP |
2467 FUNCTIONFS_CONFIG0_SETUP)) {
2468 ret = -ENOSYS;
2469 goto error;
2470 }
2471 data += 12;
2472 len -= 12;
2473 break;
2474 default:
2475 goto error;
2476 }
2477
2478 if (flags & FUNCTIONFS_EVENTFD) {
2479 if (len < 4)
2480 goto error;
2481 ffs->ffs_eventfd =
2482 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2483 if (IS_ERR(ffs->ffs_eventfd)) {
2484 ret = PTR_ERR(ffs->ffs_eventfd);
2485 ffs->ffs_eventfd = NULL;
2486 goto error;
2487 }
2488 data += 4;
2489 len -= 4;
2490 }
2491
2492
2493 for (i = 0; i < 3; ++i) {
2494 if (!(flags & (1 << i))) {
2495 counts[i] = 0;
2496 } else if (len < 4) {
2497 goto error;
2498 } else {
2499 counts[i] = get_unaligned_le32(data);
2500 data += 4;
2501 len -= 4;
2502 }
2503 }
2504 if (flags & (1 << i)) {
2505 if (len < 4) {
2506 goto error;
2507 }
2508 os_descs_count = get_unaligned_le32(data);
2509 data += 4;
2510 len -= 4;
2511 }
2512
2513
2514 raw_descs = data;
2515 helper.ffs = ffs;
2516 for (i = 0; i < 3; ++i) {
2517 if (!counts[i])
2518 continue;
2519 helper.interfaces_count = 0;
2520 helper.eps_count = 0;
2521 ret = ffs_do_descs(counts[i], data, len,
2522 __ffs_data_do_entity, &helper);
2523 if (ret < 0)
2524 goto error;
2525 if (!ffs->eps_count && !ffs->interfaces_count) {
2526 ffs->eps_count = helper.eps_count;
2527 ffs->interfaces_count = helper.interfaces_count;
2528 } else {
2529 if (ffs->eps_count != helper.eps_count) {
2530 ret = -EINVAL;
2531 goto error;
2532 }
2533 if (ffs->interfaces_count != helper.interfaces_count) {
2534 ret = -EINVAL;
2535 goto error;
2536 }
2537 }
2538 data += ret;
2539 len -= ret;
2540 }
2541 if (os_descs_count) {
2542 ret = ffs_do_os_descs(os_descs_count, data, len,
2543 __ffs_data_do_os_desc, ffs);
2544 if (ret < 0)
2545 goto error;
2546 data += ret;
2547 len -= ret;
2548 }
2549
2550 if (raw_descs == data || len) {
2551 ret = -EINVAL;
2552 goto error;
2553 }
2554
2555 ffs->raw_descs_data = _data;
2556 ffs->raw_descs = raw_descs;
2557 ffs->raw_descs_length = data - raw_descs;
2558 ffs->fs_descs_count = counts[0];
2559 ffs->hs_descs_count = counts[1];
2560 ffs->ss_descs_count = counts[2];
2561 ffs->ms_os_descs_count = os_descs_count;
2562
2563 return 0;
2564
2565error:
2566 kfree(_data);
2567 return ret;
2568}
2569
2570static int __ffs_data_got_strings(struct ffs_data *ffs,
2571 char *const _data, size_t len)
2572{
2573 u32 str_count, needed_count, lang_count;
2574 struct usb_gadget_strings **stringtabs, *t;
2575 const char *data = _data;
2576 struct usb_string *s;
2577
2578 ENTER();
2579
2580 if (len < 16 ||
2581 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2582 get_unaligned_le32(data + 4) != len)
2583 goto error;
2584 str_count = get_unaligned_le32(data + 8);
2585 lang_count = get_unaligned_le32(data + 12);
2586
2587
2588 if (!str_count != !lang_count)
2589 goto error;
2590
2591
2592 needed_count = ffs->strings_count;
2593 if (str_count < needed_count)
2594 goto error;
2595
2596
2597
2598
2599
2600 if (!needed_count) {
2601 kfree(_data);
2602 return 0;
2603 }
2604
2605
2606 {
2607 unsigned i = 0;
2608 vla_group(d);
2609 vla_item(d, struct usb_gadget_strings *, stringtabs,
2610 lang_count + 1);
2611 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2612 vla_item(d, struct usb_string, strings,
2613 lang_count*(needed_count+1));
2614
2615 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2616
2617 if (!vlabuf) {
2618 kfree(_data);
2619 return -ENOMEM;
2620 }
2621
2622
2623 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2624 t = vla_ptr(vlabuf, d, stringtab);
2625 i = lang_count;
2626 do {
2627 *stringtabs++ = t++;
2628 } while (--i);
2629 *stringtabs = NULL;
2630
2631
2632 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2633 t = vla_ptr(vlabuf, d, stringtab);
2634 s = vla_ptr(vlabuf, d, strings);
2635 }
2636
2637
2638 data += 16;
2639 len -= 16;
2640
2641 do {
2642 unsigned needed = needed_count;
2643 u32 str_per_lang = str_count;
2644
2645 if (len < 3)
2646 goto error_free;
2647 t->language = get_unaligned_le16(data);
2648 t->strings = s;
2649 ++t;
2650
2651 data += 2;
2652 len -= 2;
2653
2654
2655 do {
2656 size_t length = strnlen(data, len);
2657
2658 if (length == len)
2659 goto error_free;
2660
2661
2662
2663
2664
2665
2666 if (needed) {
2667
2668
2669
2670
2671
2672 s->s = data;
2673 --needed;
2674 ++s;
2675 }
2676
2677 data += length + 1;
2678 len -= length + 1;
2679 } while (--str_per_lang);
2680
2681 s->id = 0;
2682 s->s = NULL;
2683 ++s;
2684
2685 } while (--lang_count);
2686
2687
2688 if (len)
2689 goto error_free;
2690
2691
2692 ffs->stringtabs = stringtabs;
2693 ffs->raw_strings = _data;
2694
2695 return 0;
2696
2697error_free:
2698 kfree(stringtabs);
2699error:
2700 kfree(_data);
2701 return -EINVAL;
2702}
2703
2704
2705
2706
2707static void __ffs_event_add(struct ffs_data *ffs,
2708 enum usb_functionfs_event_type type)
2709{
2710 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2711 int neg = 0;
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721 if (ffs->setup_state == FFS_SETUP_PENDING)
2722 ffs->setup_state = FFS_SETUP_CANCELLED;
2723
2724
2725
2726
2727
2728
2729
2730
2731 switch (type) {
2732 case FUNCTIONFS_RESUME:
2733 rem_type2 = FUNCTIONFS_SUSPEND;
2734 fallthrough;
2735 case FUNCTIONFS_SUSPEND:
2736 case FUNCTIONFS_SETUP:
2737 rem_type1 = type;
2738
2739 break;
2740
2741 case FUNCTIONFS_BIND:
2742 case FUNCTIONFS_UNBIND:
2743 case FUNCTIONFS_DISABLE:
2744 case FUNCTIONFS_ENABLE:
2745
2746 rem_type1 = FUNCTIONFS_SUSPEND;
2747 rem_type2 = FUNCTIONFS_RESUME;
2748 neg = 1;
2749 break;
2750
2751 default:
2752 WARN(1, "%d: unknown event, this should not happen\n", type);
2753 return;
2754 }
2755
2756 {
2757 u8 *ev = ffs->ev.types, *out = ev;
2758 unsigned n = ffs->ev.count;
2759 for (; n; --n, ++ev)
2760 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2761 *out++ = *ev;
2762 else
2763 pr_vdebug("purging event %d\n", *ev);
2764 ffs->ev.count = out - ffs->ev.types;
2765 }
2766
2767 pr_vdebug("adding event %d\n", type);
2768 ffs->ev.types[ffs->ev.count++] = type;
2769 wake_up_locked(&ffs->ev.waitq);
2770 if (ffs->ffs_eventfd)
2771 eventfd_signal(ffs->ffs_eventfd, 1);
2772}
2773
2774static void ffs_event_add(struct ffs_data *ffs,
2775 enum usb_functionfs_event_type type)
2776{
2777 unsigned long flags;
2778 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2779 __ffs_event_add(ffs, type);
2780 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2781}
2782
2783
2784
2785static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2786{
2787 int i;
2788
2789 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2790 if (ffs->eps_addrmap[i] == endpoint_address)
2791 return i;
2792 return -ENOENT;
2793}
2794
2795static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2796 struct usb_descriptor_header *desc,
2797 void *priv)
2798{
2799 struct usb_endpoint_descriptor *ds = (void *)desc;
2800 struct ffs_function *func = priv;
2801 struct ffs_ep *ffs_ep;
2802 unsigned ep_desc_id;
2803 int idx;
2804 static const char *speed_names[] = { "full", "high", "super" };
2805
2806 if (type != FFS_DESCRIPTOR)
2807 return 0;
2808
2809
2810
2811
2812
2813
2814
2815 if (func->function.ss_descriptors) {
2816 ep_desc_id = 2;
2817 func->function.ss_descriptors[(long)valuep] = desc;
2818 } else if (func->function.hs_descriptors) {
2819 ep_desc_id = 1;
2820 func->function.hs_descriptors[(long)valuep] = desc;
2821 } else {
2822 ep_desc_id = 0;
2823 func->function.fs_descriptors[(long)valuep] = desc;
2824 }
2825
2826 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2827 return 0;
2828
2829 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2830 if (idx < 0)
2831 return idx;
2832
2833 ffs_ep = func->eps + idx;
2834
2835 if (ffs_ep->descs[ep_desc_id]) {
2836 pr_err("two %sspeed descriptors for EP %d\n",
2837 speed_names[ep_desc_id],
2838 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2839 return -EINVAL;
2840 }
2841 ffs_ep->descs[ep_desc_id] = ds;
2842
2843 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2844 if (ffs_ep->ep) {
2845 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2846 if (!ds->wMaxPacketSize)
2847 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2848 } else {
2849 struct usb_request *req;
2850 struct usb_ep *ep;
2851 u8 bEndpointAddress;
2852 u16 wMaxPacketSize;
2853
2854
2855
2856
2857
2858 bEndpointAddress = ds->bEndpointAddress;
2859
2860
2861
2862
2863 wMaxPacketSize = ds->wMaxPacketSize;
2864 pr_vdebug("autoconfig\n");
2865 ep = usb_ep_autoconfig(func->gadget, ds);
2866 if (!ep)
2867 return -ENOTSUPP;
2868 ep->driver_data = func->eps + idx;
2869
2870 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2871 if (!req)
2872 return -ENOMEM;
2873
2874 ffs_ep->ep = ep;
2875 ffs_ep->req = req;
2876 func->eps_revmap[ds->bEndpointAddress &
2877 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2878
2879
2880
2881
2882 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2883 ds->bEndpointAddress = bEndpointAddress;
2884
2885
2886
2887
2888 ds->wMaxPacketSize = wMaxPacketSize;
2889 }
2890 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2891
2892 return 0;
2893}
2894
2895static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2896 struct usb_descriptor_header *desc,
2897 void *priv)
2898{
2899 struct ffs_function *func = priv;
2900 unsigned idx;
2901 u8 newValue;
2902
2903 switch (type) {
2904 default:
2905 case FFS_DESCRIPTOR:
2906
2907 return 0;
2908
2909 case FFS_INTERFACE:
2910 idx = *valuep;
2911 if (func->interfaces_nums[idx] < 0) {
2912 int id = usb_interface_id(func->conf, &func->function);
2913 if (id < 0)
2914 return id;
2915 func->interfaces_nums[idx] = id;
2916 }
2917 newValue = func->interfaces_nums[idx];
2918 break;
2919
2920 case FFS_STRING:
2921
2922 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2923 break;
2924
2925 case FFS_ENDPOINT:
2926
2927
2928
2929
2930 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2931 return 0;
2932
2933 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2934 if (!func->eps[idx].ep)
2935 return -EINVAL;
2936
2937 {
2938 struct usb_endpoint_descriptor **descs;
2939 descs = func->eps[idx].descs;
2940 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2941 }
2942 break;
2943 }
2944
2945 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2946 *valuep = newValue;
2947 return 0;
2948}
2949
2950static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2951 struct usb_os_desc_header *h, void *data,
2952 unsigned len, void *priv)
2953{
2954 struct ffs_function *func = priv;
2955 u8 length = 0;
2956
2957 switch (type) {
2958 case FFS_OS_DESC_EXT_COMPAT: {
2959 struct usb_ext_compat_desc *desc = data;
2960 struct usb_os_desc_table *t;
2961
2962 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2963 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2964 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2965 ARRAY_SIZE(desc->CompatibleID) +
2966 ARRAY_SIZE(desc->SubCompatibleID));
2967 length = sizeof(*desc);
2968 }
2969 break;
2970 case FFS_OS_DESC_EXT_PROP: {
2971 struct usb_ext_prop_desc *desc = data;
2972 struct usb_os_desc_table *t;
2973 struct usb_os_desc_ext_prop *ext_prop;
2974 char *ext_prop_name;
2975 char *ext_prop_data;
2976
2977 t = &func->function.os_desc_table[h->interface];
2978 t->if_id = func->interfaces_nums[h->interface];
2979
2980 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2981 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2982
2983 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2984 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2985 ext_prop->data_len = le32_to_cpu(*(__le32 *)
2986 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2987 length = ext_prop->name_len + ext_prop->data_len + 14;
2988
2989 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2990 func->ffs->ms_os_descs_ext_prop_name_avail +=
2991 ext_prop->name_len;
2992
2993 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2994 func->ffs->ms_os_descs_ext_prop_data_avail +=
2995 ext_prop->data_len;
2996 memcpy(ext_prop_data,
2997 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2998 ext_prop->data_len);
2999
3000 switch (ext_prop->type) {
3001 case USB_EXT_PROP_UNICODE:
3002 case USB_EXT_PROP_UNICODE_ENV:
3003 case USB_EXT_PROP_UNICODE_LINK:
3004 case USB_EXT_PROP_UNICODE_MULTI:
3005 ext_prop->data_len *= 2;
3006 break;
3007 }
3008 ext_prop->data = ext_prop_data;
3009
3010 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
3011 ext_prop->name_len);
3012
3013 ext_prop->name_len *= 2;
3014 ext_prop->name = ext_prop_name;
3015
3016 t->os_desc->ext_prop_len +=
3017 ext_prop->name_len + ext_prop->data_len + 14;
3018 ++t->os_desc->ext_prop_count;
3019 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
3020 }
3021 break;
3022 default:
3023 pr_vdebug("unknown descriptor: %d\n", type);
3024 }
3025
3026 return length;
3027}
3028
3029static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
3030 struct usb_configuration *c)
3031{
3032 struct ffs_function *func = ffs_func_from_usb(f);
3033 struct f_fs_opts *ffs_opts =
3034 container_of(f->fi, struct f_fs_opts, func_inst);
3035 struct ffs_data *ffs_data;
3036 int ret;
3037
3038 ENTER();
3039
3040
3041
3042
3043
3044
3045
3046
3047 if (!ffs_opts->no_configfs)
3048 ffs_dev_lock();
3049 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
3050 ffs_data = ffs_opts->dev->ffs_data;
3051 if (!ffs_opts->no_configfs)
3052 ffs_dev_unlock();
3053 if (ret)
3054 return ERR_PTR(ret);
3055
3056 func->ffs = ffs_data;
3057 func->conf = c;
3058 func->gadget = c->cdev->gadget;
3059
3060
3061
3062
3063
3064
3065
3066
3067 if (!ffs_opts->refcnt) {
3068 ret = functionfs_bind(func->ffs, c->cdev);
3069 if (ret)
3070 return ERR_PTR(ret);
3071 }
3072 ffs_opts->refcnt++;
3073 func->function.strings = func->ffs->stringtabs;
3074
3075 return ffs_opts;
3076}
3077
3078static int _ffs_func_bind(struct usb_configuration *c,
3079 struct usb_function *f)
3080{
3081 struct ffs_function *func = ffs_func_from_usb(f);
3082 struct ffs_data *ffs = func->ffs;
3083
3084 const int full = !!func->ffs->fs_descs_count;
3085 const int high = !!func->ffs->hs_descs_count;
3086 const int super = !!func->ffs->ss_descs_count;
3087
3088 int fs_len, hs_len, ss_len, ret, i;
3089 struct ffs_ep *eps_ptr;
3090
3091
3092 vla_group(d);
3093 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
3094 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
3095 full ? ffs->fs_descs_count + 1 : 0);
3096 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
3097 high ? ffs->hs_descs_count + 1 : 0);
3098 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
3099 super ? ffs->ss_descs_count + 1 : 0);
3100 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
3101 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
3102 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3103 vla_item_with_sz(d, char[16], ext_compat,
3104 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3105 vla_item_with_sz(d, struct usb_os_desc, os_desc,
3106 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3107 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
3108 ffs->ms_os_descs_ext_prop_count);
3109 vla_item_with_sz(d, char, ext_prop_name,
3110 ffs->ms_os_descs_ext_prop_name_len);
3111 vla_item_with_sz(d, char, ext_prop_data,
3112 ffs->ms_os_descs_ext_prop_data_len);
3113 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
3114 char *vlabuf;
3115
3116 ENTER();
3117
3118
3119 if (!(full | high | super))
3120 return -ENOTSUPP;
3121
3122
3123 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
3124 if (!vlabuf)
3125 return -ENOMEM;
3126
3127 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
3128 ffs->ms_os_descs_ext_prop_name_avail =
3129 vla_ptr(vlabuf, d, ext_prop_name);
3130 ffs->ms_os_descs_ext_prop_data_avail =
3131 vla_ptr(vlabuf, d, ext_prop_data);
3132
3133
3134 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
3135 ffs->raw_descs_length);
3136
3137 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
3138 eps_ptr = vla_ptr(vlabuf, d, eps);
3139 for (i = 0; i < ffs->eps_count; i++)
3140 eps_ptr[i].num = -1;
3141
3142
3143
3144
3145 func->eps = vla_ptr(vlabuf, d, eps);
3146 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
3147
3148
3149
3150
3151
3152
3153 if (full) {
3154 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3155 fs_len = ffs_do_descs(ffs->fs_descs_count,
3156 vla_ptr(vlabuf, d, raw_descs),
3157 d_raw_descs__sz,
3158 __ffs_func_bind_do_descs, func);
3159 if (fs_len < 0) {
3160 ret = fs_len;
3161 goto error;
3162 }
3163 } else {
3164 fs_len = 0;
3165 }
3166
3167 if (high) {
3168 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3169 hs_len = ffs_do_descs(ffs->hs_descs_count,
3170 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3171 d_raw_descs__sz - fs_len,
3172 __ffs_func_bind_do_descs, func);
3173 if (hs_len < 0) {
3174 ret = hs_len;
3175 goto error;
3176 }
3177 } else {
3178 hs_len = 0;
3179 }
3180
3181 if (super) {
3182 func->function.ss_descriptors = func->function.ssp_descriptors =
3183 vla_ptr(vlabuf, d, ss_descs);
3184 ss_len = ffs_do_descs(ffs->ss_descs_count,
3185 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3186 d_raw_descs__sz - fs_len - hs_len,
3187 __ffs_func_bind_do_descs, func);
3188 if (ss_len < 0) {
3189 ret = ss_len;
3190 goto error;
3191 }
3192 } else {
3193 ss_len = 0;
3194 }
3195
3196
3197
3198
3199
3200
3201 ret = ffs_do_descs(ffs->fs_descs_count +
3202 (high ? ffs->hs_descs_count : 0) +
3203 (super ? ffs->ss_descs_count : 0),
3204 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3205 __ffs_func_bind_do_nums, func);
3206 if (ret < 0)
3207 goto error;
3208
3209 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3210 if (c->cdev->use_os_string) {
3211 for (i = 0; i < ffs->interfaces_count; ++i) {
3212 struct usb_os_desc *desc;
3213
3214 desc = func->function.os_desc_table[i].os_desc =
3215 vla_ptr(vlabuf, d, os_desc) +
3216 i * sizeof(struct usb_os_desc);
3217 desc->ext_compat_id =
3218 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3219 INIT_LIST_HEAD(&desc->ext_prop);
3220 }
3221 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3222 vla_ptr(vlabuf, d, raw_descs) +
3223 fs_len + hs_len + ss_len,
3224 d_raw_descs__sz - fs_len - hs_len -
3225 ss_len,
3226 __ffs_func_bind_do_os_desc, func);
3227 if (ret < 0)
3228 goto error;
3229 }
3230 func->function.os_desc_n =
3231 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3232
3233
3234 ffs_event_add(ffs, FUNCTIONFS_BIND);
3235 return 0;
3236
3237error:
3238
3239 return ret;
3240}
3241
3242static int ffs_func_bind(struct usb_configuration *c,
3243 struct usb_function *f)
3244{
3245 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3246 struct ffs_function *func = ffs_func_from_usb(f);
3247 int ret;
3248
3249 if (IS_ERR(ffs_opts))
3250 return PTR_ERR(ffs_opts);
3251
3252 ret = _ffs_func_bind(c, f);
3253 if (ret && !--ffs_opts->refcnt)
3254 functionfs_unbind(func->ffs);
3255
3256 return ret;
3257}
3258
3259
3260
3261
3262static void ffs_reset_work(struct work_struct *work)
3263{
3264 struct ffs_data *ffs = container_of(work,
3265 struct ffs_data, reset_work);
3266 ffs_data_reset(ffs);
3267}
3268
3269static int ffs_func_set_alt(struct usb_function *f,
3270 unsigned interface, unsigned alt)
3271{
3272 struct ffs_function *func = ffs_func_from_usb(f);
3273 struct ffs_data *ffs = func->ffs;
3274 int ret = 0, intf;
3275
3276 if (alt != (unsigned)-1) {
3277 intf = ffs_func_revmap_intf(func, interface);
3278 if (intf < 0)
3279 return intf;
3280 }
3281
3282 if (ffs->func)
3283 ffs_func_eps_disable(ffs->func);
3284
3285 if (ffs->state == FFS_DEACTIVATED) {
3286 ffs->state = FFS_CLOSING;
3287 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3288 schedule_work(&ffs->reset_work);
3289 return -ENODEV;
3290 }
3291
3292 if (ffs->state != FFS_ACTIVE)
3293 return -ENODEV;
3294
3295 if (alt == (unsigned)-1) {
3296 ffs->func = NULL;
3297 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3298 return 0;
3299 }
3300
3301 ffs->func = func;
3302 ret = ffs_func_eps_enable(func);
3303 if (ret >= 0)
3304 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3305 return ret;
3306}
3307
3308static void ffs_func_disable(struct usb_function *f)
3309{
3310 ffs_func_set_alt(f, 0, (unsigned)-1);
3311}
3312
3313static int ffs_func_setup(struct usb_function *f,
3314 const struct usb_ctrlrequest *creq)
3315{
3316 struct ffs_function *func = ffs_func_from_usb(f);
3317 struct ffs_data *ffs = func->ffs;
3318 unsigned long flags;
3319 int ret;
3320
3321 ENTER();
3322
3323 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3324 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3325 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3326 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3327 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339 if (ffs->state != FFS_ACTIVE)
3340 return -ENODEV;
3341
3342 switch (creq->bRequestType & USB_RECIP_MASK) {
3343 case USB_RECIP_INTERFACE:
3344 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3345 if (ret < 0)
3346 return ret;
3347 break;
3348
3349 case USB_RECIP_ENDPOINT:
3350 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3351 if (ret < 0)
3352 return ret;
3353 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3354 ret = func->ffs->eps_addrmap[ret];
3355 break;
3356
3357 default:
3358 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3359 ret = le16_to_cpu(creq->wIndex);
3360 else
3361 return -EOPNOTSUPP;
3362 }
3363
3364 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3365 ffs->ev.setup = *creq;
3366 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3367 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3368 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3369
3370 return creq->wLength == 0 ? USB_GADGET_DELAYED_STATUS : 0;
3371}
3372
3373static bool ffs_func_req_match(struct usb_function *f,
3374 const struct usb_ctrlrequest *creq,
3375 bool config0)
3376{
3377 struct ffs_function *func = ffs_func_from_usb(f);
3378
3379 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3380 return false;
3381
3382 switch (creq->bRequestType & USB_RECIP_MASK) {
3383 case USB_RECIP_INTERFACE:
3384 return (ffs_func_revmap_intf(func,
3385 le16_to_cpu(creq->wIndex)) >= 0);
3386 case USB_RECIP_ENDPOINT:
3387 return (ffs_func_revmap_ep(func,
3388 le16_to_cpu(creq->wIndex)) >= 0);
3389 default:
3390 return (bool) (func->ffs->user_flags &
3391 FUNCTIONFS_ALL_CTRL_RECIP);
3392 }
3393}
3394
3395static void ffs_func_suspend(struct usb_function *f)
3396{
3397 ENTER();
3398 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3399}
3400
3401static void ffs_func_resume(struct usb_function *f)
3402{
3403 ENTER();
3404 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3405}
3406
3407
3408
3409
3410static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3411{
3412 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3413 return num ? num : -EDOM;
3414}
3415
3416static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3417{
3418 short *nums = func->interfaces_nums;
3419 unsigned count = func->ffs->interfaces_count;
3420
3421 for (; count; --count, ++nums) {
3422 if (*nums >= 0 && *nums == intf)
3423 return nums - func->interfaces_nums;
3424 }
3425
3426 return -EDOM;
3427}
3428
3429
3430
3431
3432static LIST_HEAD(ffs_devices);
3433
3434static struct ffs_dev *_ffs_do_find_dev(const char *name)
3435{
3436 struct ffs_dev *dev;
3437
3438 if (!name)
3439 return NULL;
3440
3441 list_for_each_entry(dev, &ffs_devices, entry) {
3442 if (strcmp(dev->name, name) == 0)
3443 return dev;
3444 }
3445
3446 return NULL;
3447}
3448
3449
3450
3451
3452static struct ffs_dev *_ffs_get_single_dev(void)
3453{
3454 struct ffs_dev *dev;
3455
3456 if (list_is_singular(&ffs_devices)) {
3457 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3458 if (dev->single)
3459 return dev;
3460 }
3461
3462 return NULL;
3463}
3464
3465
3466
3467
3468static struct ffs_dev *_ffs_find_dev(const char *name)
3469{
3470 struct ffs_dev *dev;
3471
3472 dev = _ffs_get_single_dev();
3473 if (dev)
3474 return dev;
3475
3476 return _ffs_do_find_dev(name);
3477}
3478
3479
3480
3481static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3482{
3483 return container_of(to_config_group(item), struct f_fs_opts,
3484 func_inst.group);
3485}
3486
3487static void ffs_attr_release(struct config_item *item)
3488{
3489 struct f_fs_opts *opts = to_ffs_opts(item);
3490
3491 usb_put_function_instance(&opts->func_inst);
3492}
3493
3494static struct configfs_item_operations ffs_item_ops = {
3495 .release = ffs_attr_release,
3496};
3497
3498static const struct config_item_type ffs_func_type = {
3499 .ct_item_ops = &ffs_item_ops,
3500 .ct_owner = THIS_MODULE,
3501};
3502
3503
3504
3505
3506static void ffs_free_inst(struct usb_function_instance *f)
3507{
3508 struct f_fs_opts *opts;
3509
3510 opts = to_f_fs_opts(f);
3511 ffs_release_dev(opts->dev);
3512 ffs_dev_lock();
3513 _ffs_free_dev(opts->dev);
3514 ffs_dev_unlock();
3515 kfree(opts);
3516}
3517
3518static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3519{
3520 if (strlen(name) >= sizeof_field(struct ffs_dev, name))
3521 return -ENAMETOOLONG;
3522 return ffs_name_dev(to_f_fs_opts(fi)->dev, name);
3523}
3524
3525static struct usb_function_instance *ffs_alloc_inst(void)
3526{
3527 struct f_fs_opts *opts;
3528 struct ffs_dev *dev;
3529
3530 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3531 if (!opts)
3532 return ERR_PTR(-ENOMEM);
3533
3534 opts->func_inst.set_inst_name = ffs_set_inst_name;
3535 opts->func_inst.free_func_inst = ffs_free_inst;
3536 ffs_dev_lock();
3537 dev = _ffs_alloc_dev();
3538 ffs_dev_unlock();
3539 if (IS_ERR(dev)) {
3540 kfree(opts);
3541 return ERR_CAST(dev);
3542 }
3543 opts->dev = dev;
3544 dev->opts = opts;
3545
3546 config_group_init_type_name(&opts->func_inst.group, "",
3547 &ffs_func_type);
3548 return &opts->func_inst;
3549}
3550
3551static void ffs_free(struct usb_function *f)
3552{
3553 kfree(ffs_func_from_usb(f));
3554}
3555
3556static void ffs_func_unbind(struct usb_configuration *c,
3557 struct usb_function *f)
3558{
3559 struct ffs_function *func = ffs_func_from_usb(f);
3560 struct ffs_data *ffs = func->ffs;
3561 struct f_fs_opts *opts =
3562 container_of(f->fi, struct f_fs_opts, func_inst);
3563 struct ffs_ep *ep = func->eps;
3564 unsigned count = ffs->eps_count;
3565 unsigned long flags;
3566
3567 ENTER();
3568 if (ffs->func == func) {
3569 ffs_func_eps_disable(func);
3570 ffs->func = NULL;
3571 }
3572
3573
3574 drain_workqueue(ffs->io_completion_wq);
3575
3576 if (!--opts->refcnt)
3577 functionfs_unbind(ffs);
3578
3579
3580 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3581 while (count--) {
3582 if (ep->ep && ep->req)
3583 usb_ep_free_request(ep->ep, ep->req);
3584 ep->req = NULL;
3585 ++ep;
3586 }
3587 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3588 kfree(func->eps);
3589 func->eps = NULL;
3590
3591
3592
3593
3594 func->function.fs_descriptors = NULL;
3595 func->function.hs_descriptors = NULL;
3596 func->function.ss_descriptors = NULL;
3597 func->function.ssp_descriptors = NULL;
3598 func->interfaces_nums = NULL;
3599
3600 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3601}
3602
3603static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3604{
3605 struct ffs_function *func;
3606
3607 ENTER();
3608
3609 func = kzalloc(sizeof(*func), GFP_KERNEL);
3610 if (!func)
3611 return ERR_PTR(-ENOMEM);
3612
3613 func->function.name = "Function FS Gadget";
3614
3615 func->function.bind = ffs_func_bind;
3616 func->function.unbind = ffs_func_unbind;
3617 func->function.set_alt = ffs_func_set_alt;
3618 func->function.disable = ffs_func_disable;
3619 func->function.setup = ffs_func_setup;
3620 func->function.req_match = ffs_func_req_match;
3621 func->function.suspend = ffs_func_suspend;
3622 func->function.resume = ffs_func_resume;
3623 func->function.free_func = ffs_free;
3624
3625 return &func->function;
3626}
3627
3628
3629
3630
3631static struct ffs_dev *_ffs_alloc_dev(void)
3632{
3633 struct ffs_dev *dev;
3634 int ret;
3635
3636 if (_ffs_get_single_dev())
3637 return ERR_PTR(-EBUSY);
3638
3639 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3640 if (!dev)
3641 return ERR_PTR(-ENOMEM);
3642
3643 if (list_empty(&ffs_devices)) {
3644 ret = functionfs_init();
3645 if (ret) {
3646 kfree(dev);
3647 return ERR_PTR(ret);
3648 }
3649 }
3650
3651 list_add(&dev->entry, &ffs_devices);
3652
3653 return dev;
3654}
3655
3656int ffs_name_dev(struct ffs_dev *dev, const char *name)
3657{
3658 struct ffs_dev *existing;
3659 int ret = 0;
3660
3661 ffs_dev_lock();
3662
3663 existing = _ffs_do_find_dev(name);
3664 if (!existing)
3665 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3666 else if (existing != dev)
3667 ret = -EBUSY;
3668
3669 ffs_dev_unlock();
3670
3671 return ret;
3672}
3673EXPORT_SYMBOL_GPL(ffs_name_dev);
3674
3675int ffs_single_dev(struct ffs_dev *dev)
3676{
3677 int ret;
3678
3679 ret = 0;
3680 ffs_dev_lock();
3681
3682 if (!list_is_singular(&ffs_devices))
3683 ret = -EBUSY;
3684 else
3685 dev->single = true;
3686
3687 ffs_dev_unlock();
3688 return ret;
3689}
3690EXPORT_SYMBOL_GPL(ffs_single_dev);
3691
3692
3693
3694
3695static void _ffs_free_dev(struct ffs_dev *dev)
3696{
3697 list_del(&dev->entry);
3698
3699 kfree(dev);
3700 if (list_empty(&ffs_devices))
3701 functionfs_cleanup();
3702}
3703
3704static int ffs_acquire_dev(const char *dev_name, struct ffs_data *ffs_data)
3705{
3706 int ret = 0;
3707 struct ffs_dev *ffs_dev;
3708
3709 ENTER();
3710 ffs_dev_lock();
3711
3712 ffs_dev = _ffs_find_dev(dev_name);
3713 if (!ffs_dev) {
3714 ret = -ENOENT;
3715 } else if (ffs_dev->mounted) {
3716 ret = -EBUSY;
3717 } else if (ffs_dev->ffs_acquire_dev_callback &&
3718 ffs_dev->ffs_acquire_dev_callback(ffs_dev)) {
3719 ret = -ENOENT;
3720 } else {
3721 ffs_dev->mounted = true;
3722 ffs_dev->ffs_data = ffs_data;
3723 ffs_data->private_data = ffs_dev;
3724 }
3725
3726 ffs_dev_unlock();
3727 return ret;
3728}
3729
3730static void ffs_release_dev(struct ffs_dev *ffs_dev)
3731{
3732 ENTER();
3733 ffs_dev_lock();
3734
3735 if (ffs_dev && ffs_dev->mounted) {
3736 ffs_dev->mounted = false;
3737 if (ffs_dev->ffs_data) {
3738 ffs_dev->ffs_data->private_data = NULL;
3739 ffs_dev->ffs_data = NULL;
3740 }
3741
3742 if (ffs_dev->ffs_release_dev_callback)
3743 ffs_dev->ffs_release_dev_callback(ffs_dev);
3744 }
3745
3746 ffs_dev_unlock();
3747}
3748
3749static int ffs_ready(struct ffs_data *ffs)
3750{
3751 struct ffs_dev *ffs_obj;
3752 int ret = 0;
3753
3754 ENTER();
3755 ffs_dev_lock();
3756
3757 ffs_obj = ffs->private_data;
3758 if (!ffs_obj) {
3759 ret = -EINVAL;
3760 goto done;
3761 }
3762 if (WARN_ON(ffs_obj->desc_ready)) {
3763 ret = -EBUSY;
3764 goto done;
3765 }
3766
3767 ffs_obj->desc_ready = true;
3768
3769 if (ffs_obj->ffs_ready_callback) {
3770 ret = ffs_obj->ffs_ready_callback(ffs);
3771 if (ret)
3772 goto done;
3773 }
3774
3775 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3776done:
3777 ffs_dev_unlock();
3778 return ret;
3779}
3780
3781static void ffs_closed(struct ffs_data *ffs)
3782{
3783 struct ffs_dev *ffs_obj;
3784 struct f_fs_opts *opts;
3785 struct config_item *ci;
3786
3787 ENTER();
3788 ffs_dev_lock();
3789
3790 ffs_obj = ffs->private_data;
3791 if (!ffs_obj)
3792 goto done;
3793
3794 ffs_obj->desc_ready = false;
3795
3796 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3797 ffs_obj->ffs_closed_callback)
3798 ffs_obj->ffs_closed_callback(ffs);
3799
3800 if (ffs_obj->opts)
3801 opts = ffs_obj->opts;
3802 else
3803 goto done;
3804
3805 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3806 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
3807 goto done;
3808
3809 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3810 ffs_dev_unlock();
3811
3812 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3813 unregister_gadget_item(ci);
3814 return;
3815done:
3816 ffs_dev_unlock();
3817}
3818
3819
3820
3821static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3822{
3823 return nonblock
3824 ? mutex_trylock(mutex) ? 0 : -EAGAIN
3825 : mutex_lock_interruptible(mutex);
3826}
3827
3828static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3829{
3830 char *data;
3831
3832 if (!len)
3833 return NULL;
3834
3835 data = memdup_user(buf, len);
3836 if (IS_ERR(data))
3837 return data;
3838
3839 pr_vdebug("Buffer from user space:\n");
3840 ffs_dump_mem("", data, len);
3841
3842 return data;
3843}
3844
3845DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3846MODULE_LICENSE("GPL");
3847MODULE_AUTHOR("Michal Nazarewicz");
3848
