1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/blkdev.h>
18#include <linux/pagemap.h>
19#include <linux/export.h>
20#include <linux/hid.h>
21#include <linux/mm.h>
22#include <linux/module.h>
23#include <linux/scatterlist.h>
24#include <linux/sched/signal.h>
25#include <linux/uio.h>
26#include <linux/vmalloc.h>
27#include <asm/unaligned.h>
28
29#include <linux/usb/ccid.h>
30#include <linux/usb/composite.h>
31#include <linux/usb/functionfs.h>
32
33#include <linux/aio.h>
34#include <linux/mmu_context.h>
35#include <linux/poll.h>
36#include <linux/eventfd.h>
37
38#include "u_fs.h"
39#include "u_f.h"
40#include "u_os_desc.h"
41#include "configfs.h"
42
43#define FUNCTIONFS_MAGIC 0xa647361
44
45
46static void ffs_data_get(struct ffs_data *ffs);
47static void ffs_data_put(struct ffs_data *ffs);
48
49static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
50 __attribute__((malloc));
51
52
53static void ffs_data_opened(struct ffs_data *ffs);
54static void ffs_data_closed(struct ffs_data *ffs);
55
56
57static int __must_check
58__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
59static int __must_check
60__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
61
62
63
64
65struct ffs_ep;
66
67struct ffs_function {
68 struct usb_configuration *conf;
69 struct usb_gadget *gadget;
70 struct ffs_data *ffs;
71
72 struct ffs_ep *eps;
73 u8 eps_revmap[16];
74 short *interfaces_nums;
75
76 struct usb_function function;
77};
78
79
80static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
81{
82 return container_of(f, struct ffs_function, function);
83}
84
85
86static inline enum ffs_setup_state
87ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
88{
89 return (enum ffs_setup_state)
90 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
91}
92
93
94static void ffs_func_eps_disable(struct ffs_function *func);
95static int __must_check ffs_func_eps_enable(struct ffs_function *func);
96
97static int ffs_func_bind(struct usb_configuration *,
98 struct usb_function *);
99static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
100static void ffs_func_disable(struct usb_function *);
101static int ffs_func_setup(struct usb_function *,
102 const struct usb_ctrlrequest *);
103static bool ffs_func_req_match(struct usb_function *,
104 const struct usb_ctrlrequest *,
105 bool config0);
106static void ffs_func_suspend(struct usb_function *);
107static void ffs_func_resume(struct usb_function *);
108
109
110static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
111static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
112
113
114
115
116struct ffs_ep {
117 struct usb_ep *ep;
118 struct usb_request *req;
119
120
121 struct usb_endpoint_descriptor *descs[3];
122
123 u8 num;
124
125 int status;
126};
127
128struct ffs_epfile {
129
130 struct mutex mutex;
131
132 struct ffs_data *ffs;
133 struct ffs_ep *ep;
134
135 struct dentry *dentry;
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192 struct ffs_buffer *read_buffer;
193#define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
194
195 char name[5];
196
197 unsigned char in;
198 unsigned char isoc;
199
200 unsigned char _pad;
201};
202
203struct ffs_buffer {
204 size_t length;
205 char *data;
206 char storage[];
207};
208
209
210
211struct ffs_io_data {
212 bool aio;
213 bool read;
214
215 struct kiocb *kiocb;
216 struct iov_iter data;
217 const void *to_free;
218 char *buf;
219
220 struct mm_struct *mm;
221 struct work_struct work;
222
223 struct usb_ep *ep;
224 struct usb_request *req;
225 struct sg_table sgt;
226 bool use_sg;
227
228 struct ffs_data *ffs;
229};
230
231struct ffs_desc_helper {
232 struct ffs_data *ffs;
233 unsigned interfaces_count;
234 unsigned eps_count;
235};
236
237static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
238static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
239
240static struct dentry *
241ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
242 const struct file_operations *fops);
243
244
245
246DEFINE_MUTEX(ffs_lock);
247EXPORT_SYMBOL_GPL(ffs_lock);
248
249static struct ffs_dev *_ffs_find_dev(const char *name);
250static struct ffs_dev *_ffs_alloc_dev(void);
251static void _ffs_free_dev(struct ffs_dev *dev);
252static void *ffs_acquire_dev(const char *dev_name);
253static void ffs_release_dev(struct ffs_data *ffs_data);
254static int ffs_ready(struct ffs_data *ffs);
255static void ffs_closed(struct ffs_data *ffs);
256
257
258
259static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
260 __attribute__((warn_unused_result, nonnull));
261static char *ffs_prepare_buffer(const char __user *buf, size_t len)
262 __attribute__((warn_unused_result, nonnull));
263
264
265
266
267static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
268{
269 struct ffs_data *ffs = req->context;
270
271 complete(&ffs->ep0req_completion);
272}
273
274static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
275 __releases(&ffs->ev.waitq.lock)
276{
277 struct usb_request *req = ffs->ep0req;
278 int ret;
279
280 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
281
282 spin_unlock_irq(&ffs->ev.waitq.lock);
283
284 req->buf = data;
285 req->length = len;
286
287
288
289
290
291
292 if (req->buf == NULL)
293 req->buf = (void *)0xDEADBABE;
294
295 reinit_completion(&ffs->ep0req_completion);
296
297 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
298 if (unlikely(ret < 0))
299 return ret;
300
301 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
302 if (unlikely(ret)) {
303 usb_ep_dequeue(ffs->gadget->ep0, req);
304 return -EINTR;
305 }
306
307 ffs->setup_state = FFS_NO_SETUP;
308 return req->status ? req->status : req->actual;
309}
310
311static int __ffs_ep0_stall(struct ffs_data *ffs)
312{
313 if (ffs->ev.can_stall) {
314 pr_vdebug("ep0 stall\n");
315 usb_ep_set_halt(ffs->gadget->ep0);
316 ffs->setup_state = FFS_NO_SETUP;
317 return -EL2HLT;
318 } else {
319 pr_debug("bogus ep0 stall!\n");
320 return -ESRCH;
321 }
322}
323
324static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
325 size_t len, loff_t *ptr)
326{
327 struct ffs_data *ffs = file->private_data;
328 ssize_t ret;
329 char *data;
330
331 ENTER();
332
333
334 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
335 return -EIDRM;
336
337
338 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
339 if (unlikely(ret < 0))
340 return ret;
341
342
343 switch (ffs->state) {
344 case FFS_READ_DESCRIPTORS:
345 case FFS_READ_STRINGS:
346
347 if (unlikely(len < 16)) {
348 ret = -EINVAL;
349 break;
350 }
351
352 data = ffs_prepare_buffer(buf, len);
353 if (IS_ERR(data)) {
354 ret = PTR_ERR(data);
355 break;
356 }
357
358
359 if (ffs->state == FFS_READ_DESCRIPTORS) {
360 pr_info("read descriptors\n");
361 ret = __ffs_data_got_descs(ffs, data, len);
362 if (unlikely(ret < 0))
363 break;
364
365 ffs->state = FFS_READ_STRINGS;
366 ret = len;
367 } else {
368 pr_info("read strings\n");
369 ret = __ffs_data_got_strings(ffs, data, len);
370 if (unlikely(ret < 0))
371 break;
372
373 ret = ffs_epfiles_create(ffs);
374 if (unlikely(ret)) {
375 ffs->state = FFS_CLOSING;
376 break;
377 }
378
379 ffs->state = FFS_ACTIVE;
380 mutex_unlock(&ffs->mutex);
381
382 ret = ffs_ready(ffs);
383 if (unlikely(ret < 0)) {
384 ffs->state = FFS_CLOSING;
385 return ret;
386 }
387
388 return len;
389 }
390 break;
391
392 case FFS_ACTIVE:
393 data = NULL;
394
395
396
397
398 spin_lock_irq(&ffs->ev.waitq.lock);
399 switch (ffs_setup_state_clear_cancelled(ffs)) {
400 case FFS_SETUP_CANCELLED:
401 ret = -EIDRM;
402 goto done_spin;
403
404 case FFS_NO_SETUP:
405 ret = -ESRCH;
406 goto done_spin;
407
408 case FFS_SETUP_PENDING:
409 break;
410 }
411
412
413 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
414 spin_unlock_irq(&ffs->ev.waitq.lock);
415 ret = __ffs_ep0_stall(ffs);
416 break;
417 }
418
419
420 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
421
422 spin_unlock_irq(&ffs->ev.waitq.lock);
423
424 data = ffs_prepare_buffer(buf, len);
425 if (IS_ERR(data)) {
426 ret = PTR_ERR(data);
427 break;
428 }
429
430 spin_lock_irq(&ffs->ev.waitq.lock);
431
432
433
434
435
436
437
438
439
440
441
442
443
444 if (ffs_setup_state_clear_cancelled(ffs) ==
445 FFS_SETUP_CANCELLED) {
446 ret = -EIDRM;
447done_spin:
448 spin_unlock_irq(&ffs->ev.waitq.lock);
449 } else {
450
451 ret = __ffs_ep0_queue_wait(ffs, data, len);
452 }
453 kfree(data);
454 break;
455
456 default:
457 ret = -EBADFD;
458 break;
459 }
460
461 mutex_unlock(&ffs->mutex);
462 return ret;
463}
464
465
466static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
467 size_t n)
468 __releases(&ffs->ev.waitq.lock)
469{
470
471
472
473
474
475 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
476 const size_t size = n * sizeof *events;
477 unsigned i = 0;
478
479 memset(events, 0, size);
480
481 do {
482 events[i].type = ffs->ev.types[i];
483 if (events[i].type == FUNCTIONFS_SETUP) {
484 events[i].u.setup = ffs->ev.setup;
485 ffs->setup_state = FFS_SETUP_PENDING;
486 }
487 } while (++i < n);
488
489 ffs->ev.count -= n;
490 if (ffs->ev.count)
491 memmove(ffs->ev.types, ffs->ev.types + n,
492 ffs->ev.count * sizeof *ffs->ev.types);
493
494 spin_unlock_irq(&ffs->ev.waitq.lock);
495 mutex_unlock(&ffs->mutex);
496
497 return unlikely(copy_to_user(buf, events, size)) ? -EFAULT : size;
498}
499
500static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
501 size_t len, loff_t *ptr)
502{
503 struct ffs_data *ffs = file->private_data;
504 char *data = NULL;
505 size_t n;
506 int ret;
507
508 ENTER();
509
510
511 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
512 return -EIDRM;
513
514
515 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
516 if (unlikely(ret < 0))
517 return ret;
518
519
520 if (ffs->state != FFS_ACTIVE) {
521 ret = -EBADFD;
522 goto done_mutex;
523 }
524
525
526
527
528
529 spin_lock_irq(&ffs->ev.waitq.lock);
530
531 switch (ffs_setup_state_clear_cancelled(ffs)) {
532 case FFS_SETUP_CANCELLED:
533 ret = -EIDRM;
534 break;
535
536 case FFS_NO_SETUP:
537 n = len / sizeof(struct usb_functionfs_event);
538 if (unlikely(!n)) {
539 ret = -EINVAL;
540 break;
541 }
542
543 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
544 ret = -EAGAIN;
545 break;
546 }
547
548 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
549 ffs->ev.count)) {
550 ret = -EINTR;
551 break;
552 }
553
554
555 return __ffs_ep0_read_events(ffs, buf,
556 min(n, (size_t)ffs->ev.count));
557
558 case FFS_SETUP_PENDING:
559 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
560 spin_unlock_irq(&ffs->ev.waitq.lock);
561 ret = __ffs_ep0_stall(ffs);
562 goto done_mutex;
563 }
564
565 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
566
567 spin_unlock_irq(&ffs->ev.waitq.lock);
568
569 if (likely(len)) {
570 data = kmalloc(len, GFP_KERNEL);
571 if (unlikely(!data)) {
572 ret = -ENOMEM;
573 goto done_mutex;
574 }
575 }
576
577 spin_lock_irq(&ffs->ev.waitq.lock);
578
579
580 if (ffs_setup_state_clear_cancelled(ffs) ==
581 FFS_SETUP_CANCELLED) {
582 ret = -EIDRM;
583 break;
584 }
585
586
587 ret = __ffs_ep0_queue_wait(ffs, data, len);
588 if (likely(ret > 0) && unlikely(copy_to_user(buf, data, len)))
589 ret = -EFAULT;
590 goto done_mutex;
591
592 default:
593 ret = -EBADFD;
594 break;
595 }
596
597 spin_unlock_irq(&ffs->ev.waitq.lock);
598done_mutex:
599 mutex_unlock(&ffs->mutex);
600 kfree(data);
601 return ret;
602}
603
604static int ffs_ep0_open(struct inode *inode, struct file *file)
605{
606 struct ffs_data *ffs = inode->i_private;
607
608 ENTER();
609
610 if (unlikely(ffs->state == FFS_CLOSING))
611 return -EBUSY;
612
613 file->private_data = ffs;
614 ffs_data_opened(ffs);
615
616 return 0;
617}
618
619static int ffs_ep0_release(struct inode *inode, struct file *file)
620{
621 struct ffs_data *ffs = file->private_data;
622
623 ENTER();
624
625 ffs_data_closed(ffs);
626
627 return 0;
628}
629
630static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
631{
632 struct ffs_data *ffs = file->private_data;
633 struct usb_gadget *gadget = ffs->gadget;
634 long ret;
635
636 ENTER();
637
638 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
639 struct ffs_function *func = ffs->func;
640 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
641 } else if (gadget && gadget->ops->ioctl) {
642 ret = gadget->ops->ioctl(gadget, code, value);
643 } else {
644 ret = -ENOTTY;
645 }
646
647 return ret;
648}
649
650static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
651{
652 struct ffs_data *ffs = file->private_data;
653 __poll_t mask = EPOLLWRNORM;
654 int ret;
655
656 poll_wait(file, &ffs->ev.waitq, wait);
657
658 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
659 if (unlikely(ret < 0))
660 return mask;
661
662 switch (ffs->state) {
663 case FFS_READ_DESCRIPTORS:
664 case FFS_READ_STRINGS:
665 mask |= EPOLLOUT;
666 break;
667
668 case FFS_ACTIVE:
669 switch (ffs->setup_state) {
670 case FFS_NO_SETUP:
671 if (ffs->ev.count)
672 mask |= EPOLLIN;
673 break;
674
675 case FFS_SETUP_PENDING:
676 case FFS_SETUP_CANCELLED:
677 mask |= (EPOLLIN | EPOLLOUT);
678 break;
679 }
680 case FFS_CLOSING:
681 break;
682 case FFS_DEACTIVATED:
683 break;
684 }
685
686 mutex_unlock(&ffs->mutex);
687
688 return mask;
689}
690
691static const struct file_operations ffs_ep0_operations = {
692 .llseek = no_llseek,
693
694 .open = ffs_ep0_open,
695 .write = ffs_ep0_write,
696 .read = ffs_ep0_read,
697 .release = ffs_ep0_release,
698 .unlocked_ioctl = ffs_ep0_ioctl,
699 .poll = ffs_ep0_poll,
700};
701
702
703
704
705static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
706{
707 ENTER();
708 if (likely(req->context)) {
709 struct ffs_ep *ep = _ep->driver_data;
710 ep->status = req->status ? req->status : req->actual;
711 complete(req->context);
712 }
713}
714
715static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
716{
717 ssize_t ret = copy_to_iter(data, data_len, iter);
718 if (likely(ret == data_len))
719 return ret;
720
721 if (unlikely(iov_iter_count(iter)))
722 return -EFAULT;
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
752 "Align read buffer size to max packet size to avoid the problem.\n",
753 data_len, ret);
754
755 return ret;
756}
757
758
759
760
761
762
763static void *ffs_build_sg_list(struct sg_table *sgt, size_t sz)
764{
765 struct page **pages;
766 void *vaddr, *ptr;
767 unsigned int n_pages;
768 int i;
769
770 vaddr = vmalloc(sz);
771 if (!vaddr)
772 return NULL;
773
774 n_pages = PAGE_ALIGN(sz) >> PAGE_SHIFT;
775 pages = kvmalloc_array(n_pages, sizeof(struct page *), GFP_KERNEL);
776 if (!pages) {
777 vfree(vaddr);
778
779 return NULL;
780 }
781 for (i = 0, ptr = vaddr; i < n_pages; ++i, ptr += PAGE_SIZE)
782 pages[i] = vmalloc_to_page(ptr);
783
784 if (sg_alloc_table_from_pages(sgt, pages, n_pages, 0, sz, GFP_KERNEL)) {
785 kvfree(pages);
786 vfree(vaddr);
787
788 return NULL;
789 }
790 kvfree(pages);
791
792 return vaddr;
793}
794
795static inline void *ffs_alloc_buffer(struct ffs_io_data *io_data,
796 size_t data_len)
797{
798 if (io_data->use_sg)
799 return ffs_build_sg_list(&io_data->sgt, data_len);
800
801 return kmalloc(data_len, GFP_KERNEL);
802}
803
804static inline void ffs_free_buffer(struct ffs_io_data *io_data)
805{
806 if (!io_data->buf)
807 return;
808
809 if (io_data->use_sg) {
810 sg_free_table(&io_data->sgt);
811 vfree(io_data->buf);
812 } else {
813 kfree(io_data->buf);
814 }
815}
816
817static void ffs_user_copy_worker(struct work_struct *work)
818{
819 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
820 work);
821 int ret = io_data->req->status ? io_data->req->status :
822 io_data->req->actual;
823 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
824
825 if (io_data->read && ret > 0) {
826 mm_segment_t oldfs = get_fs();
827
828 set_fs(USER_DS);
829 use_mm(io_data->mm);
830 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
831 unuse_mm(io_data->mm);
832 set_fs(oldfs);
833 }
834
835 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
836
837 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
838 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
839
840 usb_ep_free_request(io_data->ep, io_data->req);
841
842 if (io_data->read)
843 kfree(io_data->to_free);
844 ffs_free_buffer(io_data);
845 kfree(io_data);
846}
847
848static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
849 struct usb_request *req)
850{
851 struct ffs_io_data *io_data = req->context;
852 struct ffs_data *ffs = io_data->ffs;
853
854 ENTER();
855
856 INIT_WORK(&io_data->work, ffs_user_copy_worker);
857 queue_work(ffs->io_completion_wq, &io_data->work);
858}
859
860static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
861{
862
863
864
865
866 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
867 if (buf && buf != READ_BUFFER_DROP)
868 kfree(buf);
869}
870
871
872static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
873 struct iov_iter *iter)
874{
875
876
877
878
879
880 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
881 ssize_t ret;
882 if (!buf || buf == READ_BUFFER_DROP)
883 return 0;
884
885 ret = copy_to_iter(buf->data, buf->length, iter);
886 if (buf->length == ret) {
887 kfree(buf);
888 return ret;
889 }
890
891 if (unlikely(iov_iter_count(iter))) {
892 ret = -EFAULT;
893 } else {
894 buf->length -= ret;
895 buf->data += ret;
896 }
897
898 if (cmpxchg(&epfile->read_buffer, NULL, buf))
899 kfree(buf);
900
901 return ret;
902}
903
904
905static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
906 void *data, int data_len,
907 struct iov_iter *iter)
908{
909 struct ffs_buffer *buf;
910
911 ssize_t ret = copy_to_iter(data, data_len, iter);
912 if (likely(data_len == ret))
913 return ret;
914
915 if (unlikely(iov_iter_count(iter)))
916 return -EFAULT;
917
918
919 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
920 data_len, ret);
921
922 data_len -= ret;
923 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
924 if (!buf)
925 return -ENOMEM;
926 buf->length = data_len;
927 buf->data = buf->storage;
928 memcpy(buf->storage, data + ret, data_len);
929
930
931
932
933
934
935
936 if (unlikely(cmpxchg(&epfile->read_buffer, NULL, buf)))
937 kfree(buf);
938
939 return ret;
940}
941
942static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
943{
944 struct ffs_epfile *epfile = file->private_data;
945 struct usb_request *req;
946 struct ffs_ep *ep;
947 char *data = NULL;
948 ssize_t ret, data_len = -EINVAL;
949 int halt;
950
951
952 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
953 return -ENODEV;
954
955
956 ep = epfile->ep;
957 if (!ep) {
958 if (file->f_flags & O_NONBLOCK)
959 return -EAGAIN;
960
961 ret = wait_event_interruptible(
962 epfile->ffs->wait, (ep = epfile->ep));
963 if (ret)
964 return -EINTR;
965 }
966
967
968 halt = (!io_data->read == !epfile->in);
969 if (halt && epfile->isoc)
970 return -EINVAL;
971
972
973 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
974 if (unlikely(ret))
975 goto error;
976
977
978 if (!halt) {
979 struct usb_gadget *gadget;
980
981
982
983
984
985
986
987
988 if (!io_data->aio && io_data->read) {
989 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
990 if (ret)
991 goto error_mutex;
992 }
993
994
995
996
997
998
999 gadget = epfile->ffs->gadget;
1000
1001 spin_lock_irq(&epfile->ffs->eps_lock);
1002
1003 if (epfile->ep != ep) {
1004 ret = -ESHUTDOWN;
1005 goto error_lock;
1006 }
1007 data_len = iov_iter_count(&io_data->data);
1008
1009
1010
1011
1012 if (io_data->read)
1013 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
1014
1015 io_data->use_sg = gadget->sg_supported && data_len > PAGE_SIZE;
1016 spin_unlock_irq(&epfile->ffs->eps_lock);
1017
1018 data = ffs_alloc_buffer(io_data, data_len);
1019 if (unlikely(!data)) {
1020 ret = -ENOMEM;
1021 goto error_mutex;
1022 }
1023 if (!io_data->read &&
1024 !copy_from_iter_full(data, data_len, &io_data->data)) {
1025 ret = -EFAULT;
1026 goto error_mutex;
1027 }
1028 }
1029
1030 spin_lock_irq(&epfile->ffs->eps_lock);
1031
1032 if (epfile->ep != ep) {
1033
1034 ret = -ESHUTDOWN;
1035 } else if (halt) {
1036 ret = usb_ep_set_halt(ep->ep);
1037 if (!ret)
1038 ret = -EBADMSG;
1039 } else if (unlikely(data_len == -EINVAL)) {
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051 WARN(1, "%s: data_len == -EINVAL\n", __func__);
1052 ret = -EINVAL;
1053 } else if (!io_data->aio) {
1054 DECLARE_COMPLETION_ONSTACK(done);
1055 bool interrupted = false;
1056
1057 req = ep->req;
1058 if (io_data->use_sg) {
1059 req->buf = NULL;
1060 req->sg = io_data->sgt.sgl;
1061 req->num_sgs = io_data->sgt.nents;
1062 } else {
1063 req->buf = data;
1064 }
1065 req->length = data_len;
1066
1067 io_data->buf = data;
1068
1069 req->context = &done;
1070 req->complete = ffs_epfile_io_complete;
1071
1072 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1073 if (unlikely(ret < 0))
1074 goto error_lock;
1075
1076 spin_unlock_irq(&epfile->ffs->eps_lock);
1077
1078 if (unlikely(wait_for_completion_interruptible(&done))) {
1079
1080
1081
1082
1083
1084
1085 usb_ep_dequeue(ep->ep, req);
1086 wait_for_completion(&done);
1087 interrupted = ep->status < 0;
1088 }
1089
1090 if (interrupted)
1091 ret = -EINTR;
1092 else if (io_data->read && ep->status > 0)
1093 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1094 &io_data->data);
1095 else
1096 ret = ep->status;
1097 goto error_mutex;
1098 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
1099 ret = -ENOMEM;
1100 } else {
1101 if (io_data->use_sg) {
1102 req->buf = NULL;
1103 req->sg = io_data->sgt.sgl;
1104 req->num_sgs = io_data->sgt.nents;
1105 } else {
1106 req->buf = data;
1107 }
1108 req->length = data_len;
1109
1110 io_data->buf = data;
1111 io_data->ep = ep->ep;
1112 io_data->req = req;
1113 io_data->ffs = epfile->ffs;
1114
1115 req->context = io_data;
1116 req->complete = ffs_epfile_async_io_complete;
1117
1118 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1119 if (unlikely(ret)) {
1120 usb_ep_free_request(ep->ep, req);
1121 goto error_lock;
1122 }
1123
1124 ret = -EIOCBQUEUED;
1125
1126
1127
1128
1129 data = NULL;
1130 }
1131
1132error_lock:
1133 spin_unlock_irq(&epfile->ffs->eps_lock);
1134error_mutex:
1135 mutex_unlock(&epfile->mutex);
1136error:
1137 if (ret != -EIOCBQUEUED)
1138 ffs_free_buffer(io_data);
1139 return ret;
1140}
1141
1142static int
1143ffs_epfile_open(struct inode *inode, struct file *file)
1144{
1145 struct ffs_epfile *epfile = inode->i_private;
1146
1147 ENTER();
1148
1149 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1150 return -ENODEV;
1151
1152 file->private_data = epfile;
1153 ffs_data_opened(epfile->ffs);
1154
1155 return 0;
1156}
1157
1158static int ffs_aio_cancel(struct kiocb *kiocb)
1159{
1160 struct ffs_io_data *io_data = kiocb->private;
1161 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1162 int value;
1163
1164 ENTER();
1165
1166 spin_lock_irq(&epfile->ffs->eps_lock);
1167
1168 if (likely(io_data && io_data->ep && io_data->req))
1169 value = usb_ep_dequeue(io_data->ep, io_data->req);
1170 else
1171 value = -EINVAL;
1172
1173 spin_unlock_irq(&epfile->ffs->eps_lock);
1174
1175 return value;
1176}
1177
1178static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
1179{
1180 struct ffs_io_data io_data, *p = &io_data;
1181 ssize_t res;
1182
1183 ENTER();
1184
1185 if (!is_sync_kiocb(kiocb)) {
1186 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1187 if (unlikely(!p))
1188 return -ENOMEM;
1189 p->aio = true;
1190 } else {
1191 memset(p, 0, sizeof(*p));
1192 p->aio = false;
1193 }
1194
1195 p->read = false;
1196 p->kiocb = kiocb;
1197 p->data = *from;
1198 p->mm = current->mm;
1199
1200 kiocb->private = p;
1201
1202 if (p->aio)
1203 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1204
1205 res = ffs_epfile_io(kiocb->ki_filp, p);
1206 if (res == -EIOCBQUEUED)
1207 return res;
1208 if (p->aio)
1209 kfree(p);
1210 else
1211 *from = p->data;
1212 return res;
1213}
1214
1215static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
1216{
1217 struct ffs_io_data io_data, *p = &io_data;
1218 ssize_t res;
1219
1220 ENTER();
1221
1222 if (!is_sync_kiocb(kiocb)) {
1223 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1224 if (unlikely(!p))
1225 return -ENOMEM;
1226 p->aio = true;
1227 } else {
1228 memset(p, 0, sizeof(*p));
1229 p->aio = false;
1230 }
1231
1232 p->read = true;
1233 p->kiocb = kiocb;
1234 if (p->aio) {
1235 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1236 if (!p->to_free) {
1237 kfree(p);
1238 return -ENOMEM;
1239 }
1240 } else {
1241 p->data = *to;
1242 p->to_free = NULL;
1243 }
1244 p->mm = current->mm;
1245
1246 kiocb->private = p;
1247
1248 if (p->aio)
1249 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1250
1251 res = ffs_epfile_io(kiocb->ki_filp, p);
1252 if (res == -EIOCBQUEUED)
1253 return res;
1254
1255 if (p->aio) {
1256 kfree(p->to_free);
1257 kfree(p);
1258 } else {
1259 *to = p->data;
1260 }
1261 return res;
1262}
1263
1264static int
1265ffs_epfile_release(struct inode *inode, struct file *file)
1266{
1267 struct ffs_epfile *epfile = inode->i_private;
1268
1269 ENTER();
1270
1271 __ffs_epfile_read_buffer_free(epfile);
1272 ffs_data_closed(epfile->ffs);
1273
1274 return 0;
1275}
1276
1277static long ffs_epfile_ioctl(struct file *file, unsigned code,
1278 unsigned long value)
1279{
1280 struct ffs_epfile *epfile = file->private_data;
1281 struct ffs_ep *ep;
1282 int ret;
1283
1284 ENTER();
1285
1286 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1287 return -ENODEV;
1288
1289
1290 ep = epfile->ep;
1291 if (!ep) {
1292 if (file->f_flags & O_NONBLOCK)
1293 return -EAGAIN;
1294
1295 ret = wait_event_interruptible(
1296 epfile->ffs->wait, (ep = epfile->ep));
1297 if (ret)
1298 return -EINTR;
1299 }
1300
1301 spin_lock_irq(&epfile->ffs->eps_lock);
1302
1303
1304 if (epfile->ep != ep) {
1305 spin_unlock_irq(&epfile->ffs->eps_lock);
1306 return -ESHUTDOWN;
1307 }
1308
1309 switch (code) {
1310 case FUNCTIONFS_FIFO_STATUS:
1311 ret = usb_ep_fifo_status(epfile->ep->ep);
1312 break;
1313 case FUNCTIONFS_FIFO_FLUSH:
1314 usb_ep_fifo_flush(epfile->ep->ep);
1315 ret = 0;
1316 break;
1317 case FUNCTIONFS_CLEAR_HALT:
1318 ret = usb_ep_clear_halt(epfile->ep->ep);
1319 break;
1320 case FUNCTIONFS_ENDPOINT_REVMAP:
1321 ret = epfile->ep->num;
1322 break;
1323 case FUNCTIONFS_ENDPOINT_DESC:
1324 {
1325 int desc_idx;
1326 struct usb_endpoint_descriptor *desc;
1327
1328 switch (epfile->ffs->gadget->speed) {
1329 case USB_SPEED_SUPER:
1330 desc_idx = 2;
1331 break;
1332 case USB_SPEED_HIGH:
1333 desc_idx = 1;
1334 break;
1335 default:
1336 desc_idx = 0;
1337 }
1338 desc = epfile->ep->descs[desc_idx];
1339
1340 spin_unlock_irq(&epfile->ffs->eps_lock);
1341 ret = copy_to_user((void __user *)value, desc, desc->bLength);
1342 if (ret)
1343 ret = -EFAULT;
1344 return ret;
1345 }
1346 default:
1347 ret = -ENOTTY;
1348 }
1349 spin_unlock_irq(&epfile->ffs->eps_lock);
1350
1351 return ret;
1352}
1353
1354#ifdef CONFIG_COMPAT
1355static long ffs_epfile_compat_ioctl(struct file *file, unsigned code,
1356 unsigned long value)
1357{
1358 return ffs_epfile_ioctl(file, code, value);
1359}
1360#endif
1361
1362static const struct file_operations ffs_epfile_operations = {
1363 .llseek = no_llseek,
1364
1365 .open = ffs_epfile_open,
1366 .write_iter = ffs_epfile_write_iter,
1367 .read_iter = ffs_epfile_read_iter,
1368 .release = ffs_epfile_release,
1369 .unlocked_ioctl = ffs_epfile_ioctl,
1370#ifdef CONFIG_COMPAT
1371 .compat_ioctl = ffs_epfile_compat_ioctl,
1372#endif
1373};
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383static struct inode *__must_check
1384ffs_sb_make_inode(struct super_block *sb, void *data,
1385 const struct file_operations *fops,
1386 const struct inode_operations *iops,
1387 struct ffs_file_perms *perms)
1388{
1389 struct inode *inode;
1390
1391 ENTER();
1392
1393 inode = new_inode(sb);
1394
1395 if (likely(inode)) {
1396 struct timespec64 ts = current_time(inode);
1397
1398 inode->i_ino = get_next_ino();
1399 inode->i_mode = perms->mode;
1400 inode->i_uid = perms->uid;
1401 inode->i_gid = perms->gid;
1402 inode->i_atime = ts;
1403 inode->i_mtime = ts;
1404 inode->i_ctime = ts;
1405 inode->i_private = data;
1406 if (fops)
1407 inode->i_fop = fops;
1408 if (iops)
1409 inode->i_op = iops;
1410 }
1411
1412 return inode;
1413}
1414
1415
1416static struct dentry *ffs_sb_create_file(struct super_block *sb,
1417 const char *name, void *data,
1418 const struct file_operations *fops)
1419{
1420 struct ffs_data *ffs = sb->s_fs_info;
1421 struct dentry *dentry;
1422 struct inode *inode;
1423
1424 ENTER();
1425
1426 dentry = d_alloc_name(sb->s_root, name);
1427 if (unlikely(!dentry))
1428 return NULL;
1429
1430 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1431 if (unlikely(!inode)) {
1432 dput(dentry);
1433 return NULL;
1434 }
1435
1436 d_add(dentry, inode);
1437 return dentry;
1438}
1439
1440
1441static const struct super_operations ffs_sb_operations = {
1442 .statfs = simple_statfs,
1443 .drop_inode = generic_delete_inode,
1444};
1445
1446struct ffs_sb_fill_data {
1447 struct ffs_file_perms perms;
1448 umode_t root_mode;
1449 const char *dev_name;
1450 bool no_disconnect;
1451 struct ffs_data *ffs_data;
1452};
1453
1454static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
1455{
1456 struct ffs_sb_fill_data *data = _data;
1457 struct inode *inode;
1458 struct ffs_data *ffs = data->ffs_data;
1459
1460 ENTER();
1461
1462 ffs->sb = sb;
1463 data->ffs_data = NULL;
1464 sb->s_fs_info = ffs;
1465 sb->s_blocksize = PAGE_SIZE;
1466 sb->s_blocksize_bits = PAGE_SHIFT;
1467 sb->s_magic = FUNCTIONFS_MAGIC;
1468 sb->s_op = &ffs_sb_operations;
1469 sb->s_time_gran = 1;
1470
1471
1472 data->perms.mode = data->root_mode;
1473 inode = ffs_sb_make_inode(sb, NULL,
1474 &simple_dir_operations,
1475 &simple_dir_inode_operations,
1476 &data->perms);
1477 sb->s_root = d_make_root(inode);
1478 if (unlikely(!sb->s_root))
1479 return -ENOMEM;
1480
1481
1482 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1483 &ffs_ep0_operations)))
1484 return -ENOMEM;
1485
1486 return 0;
1487}
1488
1489static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
1490{
1491 ENTER();
1492
1493 if (!opts || !*opts)
1494 return 0;
1495
1496 for (;;) {
1497 unsigned long value;
1498 char *eq, *comma;
1499
1500
1501 comma = strchr(opts, ',');
1502 if (comma)
1503 *comma = 0;
1504
1505
1506 eq = strchr(opts, '=');
1507 if (unlikely(!eq)) {
1508 pr_err("'=' missing in %s\n", opts);
1509 return -EINVAL;
1510 }
1511 *eq = 0;
1512
1513
1514 if (kstrtoul(eq + 1, 0, &value)) {
1515 pr_err("%s: invalid value: %s\n", opts, eq + 1);
1516 return -EINVAL;
1517 }
1518
1519
1520 switch (eq - opts) {
1521 case 13:
1522 if (!memcmp(opts, "no_disconnect", 13))
1523 data->no_disconnect = !!value;
1524 else
1525 goto invalid;
1526 break;
1527 case 5:
1528 if (!memcmp(opts, "rmode", 5))
1529 data->root_mode = (value & 0555) | S_IFDIR;
1530 else if (!memcmp(opts, "fmode", 5))
1531 data->perms.mode = (value & 0666) | S_IFREG;
1532 else
1533 goto invalid;
1534 break;
1535
1536 case 4:
1537 if (!memcmp(opts, "mode", 4)) {
1538 data->root_mode = (value & 0555) | S_IFDIR;
1539 data->perms.mode = (value & 0666) | S_IFREG;
1540 } else {
1541 goto invalid;
1542 }
1543 break;
1544
1545 case 3:
1546 if (!memcmp(opts, "uid", 3)) {
1547 data->perms.uid = make_kuid(current_user_ns(), value);
1548 if (!uid_valid(data->perms.uid)) {
1549 pr_err("%s: unmapped value: %lu\n", opts, value);
1550 return -EINVAL;
1551 }
1552 } else if (!memcmp(opts, "gid", 3)) {
1553 data->perms.gid = make_kgid(current_user_ns(), value);
1554 if (!gid_valid(data->perms.gid)) {
1555 pr_err("%s: unmapped value: %lu\n", opts, value);
1556 return -EINVAL;
1557 }
1558 } else {
1559 goto invalid;
1560 }
1561 break;
1562
1563 default:
1564invalid:
1565 pr_err("%s: invalid option\n", opts);
1566 return -EINVAL;
1567 }
1568
1569
1570 if (!comma)
1571 break;
1572 opts = comma + 1;
1573 }
1574
1575 return 0;
1576}
1577
1578
1579
1580static struct dentry *
1581ffs_fs_mount(struct file_system_type *t, int flags,
1582 const char *dev_name, void *opts)
1583{
1584 struct ffs_sb_fill_data data = {
1585 .perms = {
1586 .mode = S_IFREG | 0600,
1587 .uid = GLOBAL_ROOT_UID,
1588 .gid = GLOBAL_ROOT_GID,
1589 },
1590 .root_mode = S_IFDIR | 0500,
1591 .no_disconnect = false,
1592 };
1593 struct dentry *rv;
1594 int ret;
1595 void *ffs_dev;
1596 struct ffs_data *ffs;
1597
1598 ENTER();
1599
1600 ret = ffs_fs_parse_opts(&data, opts);
1601 if (unlikely(ret < 0))
1602 return ERR_PTR(ret);
1603
1604 ffs = ffs_data_new(dev_name);
1605 if (unlikely(!ffs))
1606 return ERR_PTR(-ENOMEM);
1607 ffs->file_perms = data.perms;
1608 ffs->no_disconnect = data.no_disconnect;
1609
1610 ffs->dev_name = kstrdup(dev_name, GFP_KERNEL);
1611 if (unlikely(!ffs->dev_name)) {
1612 ffs_data_put(ffs);
1613 return ERR_PTR(-ENOMEM);
1614 }
1615
1616 ffs_dev = ffs_acquire_dev(dev_name);
1617 if (IS_ERR(ffs_dev)) {
1618 ffs_data_put(ffs);
1619 return ERR_CAST(ffs_dev);
1620 }
1621 ffs->private_data = ffs_dev;
1622 data.ffs_data = ffs;
1623
1624 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1625 if (IS_ERR(rv) && data.ffs_data) {
1626 ffs_release_dev(data.ffs_data);
1627 ffs_data_put(data.ffs_data);
1628 }
1629 return rv;
1630}
1631
1632static void
1633ffs_fs_kill_sb(struct super_block *sb)
1634{
1635 ENTER();
1636
1637 kill_litter_super(sb);
1638 if (sb->s_fs_info) {
1639 ffs_release_dev(sb->s_fs_info);
1640 ffs_data_closed(sb->s_fs_info);
1641 }
1642}
1643
1644static struct file_system_type ffs_fs_type = {
1645 .owner = THIS_MODULE,
1646 .name = "functionfs",
1647 .mount = ffs_fs_mount,
1648 .kill_sb = ffs_fs_kill_sb,
1649};
1650MODULE_ALIAS_FS("functionfs");
1651
1652
1653
1654
1655static int functionfs_init(void)
1656{
1657 int ret;
1658
1659 ENTER();
1660
1661 ret = register_filesystem(&ffs_fs_type);
1662 if (likely(!ret))
1663 pr_info("file system registered\n");
1664 else
1665 pr_err("failed registering file system (%d)\n", ret);
1666
1667 return ret;
1668}
1669
1670static void functionfs_cleanup(void)
1671{
1672 ENTER();
1673
1674 pr_info("unloading\n");
1675 unregister_filesystem(&ffs_fs_type);
1676}
1677
1678
1679
1680
1681static void ffs_data_clear(struct ffs_data *ffs);
1682static void ffs_data_reset(struct ffs_data *ffs);
1683
1684static void ffs_data_get(struct ffs_data *ffs)
1685{
1686 ENTER();
1687
1688 refcount_inc(&ffs->ref);
1689}
1690
1691static void ffs_data_opened(struct ffs_data *ffs)
1692{
1693 ENTER();
1694
1695 refcount_inc(&ffs->ref);
1696 if (atomic_add_return(1, &ffs->opened) == 1 &&
1697 ffs->state == FFS_DEACTIVATED) {
1698 ffs->state = FFS_CLOSING;
1699 ffs_data_reset(ffs);
1700 }
1701}
1702
1703static void ffs_data_put(struct ffs_data *ffs)
1704{
1705 ENTER();
1706
1707 if (unlikely(refcount_dec_and_test(&ffs->ref))) {
1708 pr_info("%s(): freeing\n", __func__);
1709 ffs_data_clear(ffs);
1710 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1711 waitqueue_active(&ffs->ep0req_completion.wait) ||
1712 waitqueue_active(&ffs->wait));
1713 destroy_workqueue(ffs->io_completion_wq);
1714 kfree(ffs->dev_name);
1715 kfree(ffs);
1716 }
1717}
1718
1719static void ffs_data_closed(struct ffs_data *ffs)
1720{
1721 ENTER();
1722
1723 if (atomic_dec_and_test(&ffs->opened)) {
1724 if (ffs->no_disconnect) {
1725 ffs->state = FFS_DEACTIVATED;
1726 if (ffs->epfiles) {
1727 ffs_epfiles_destroy(ffs->epfiles,
1728 ffs->eps_count);
1729 ffs->epfiles = NULL;
1730 }
1731 if (ffs->setup_state == FFS_SETUP_PENDING)
1732 __ffs_ep0_stall(ffs);
1733 } else {
1734 ffs->state = FFS_CLOSING;
1735 ffs_data_reset(ffs);
1736 }
1737 }
1738 if (atomic_read(&ffs->opened) < 0) {
1739 ffs->state = FFS_CLOSING;
1740 ffs_data_reset(ffs);
1741 }
1742
1743 ffs_data_put(ffs);
1744}
1745
1746static struct ffs_data *ffs_data_new(const char *dev_name)
1747{
1748 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1749 if (unlikely(!ffs))
1750 return NULL;
1751
1752 ENTER();
1753
1754 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1755 if (!ffs->io_completion_wq) {
1756 kfree(ffs);
1757 return NULL;
1758 }
1759
1760 refcount_set(&ffs->ref, 1);
1761 atomic_set(&ffs->opened, 0);
1762 ffs->state = FFS_READ_DESCRIPTORS;
1763 mutex_init(&ffs->mutex);
1764 spin_lock_init(&ffs->eps_lock);
1765 init_waitqueue_head(&ffs->ev.waitq);
1766 init_waitqueue_head(&ffs->wait);
1767 init_completion(&ffs->ep0req_completion);
1768
1769
1770 ffs->ev.can_stall = 1;
1771
1772 return ffs;
1773}
1774
1775static void ffs_data_clear(struct ffs_data *ffs)
1776{
1777 ENTER();
1778
1779 ffs_closed(ffs);
1780
1781 BUG_ON(ffs->gadget);
1782
1783 if (ffs->epfiles)
1784 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1785
1786 if (ffs->ffs_eventfd)
1787 eventfd_ctx_put(ffs->ffs_eventfd);
1788
1789 kfree(ffs->raw_descs_data);
1790 kfree(ffs->raw_strings);
1791 kfree(ffs->stringtabs);
1792}
1793
1794static void ffs_data_reset(struct ffs_data *ffs)
1795{
1796 ENTER();
1797
1798 ffs_data_clear(ffs);
1799
1800 ffs->epfiles = NULL;
1801 ffs->raw_descs_data = NULL;
1802 ffs->raw_descs = NULL;
1803 ffs->raw_strings = NULL;
1804 ffs->stringtabs = NULL;
1805
1806 ffs->raw_descs_length = 0;
1807 ffs->fs_descs_count = 0;
1808 ffs->hs_descs_count = 0;
1809 ffs->ss_descs_count = 0;
1810
1811 ffs->strings_count = 0;
1812 ffs->interfaces_count = 0;
1813 ffs->eps_count = 0;
1814
1815 ffs->ev.count = 0;
1816
1817 ffs->state = FFS_READ_DESCRIPTORS;
1818 ffs->setup_state = FFS_NO_SETUP;
1819 ffs->flags = 0;
1820}
1821
1822
1823static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1824{
1825 struct usb_gadget_strings **lang;
1826 int first_id;
1827
1828 ENTER();
1829
1830 if (WARN_ON(ffs->state != FFS_ACTIVE
1831 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1832 return -EBADFD;
1833
1834 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1835 if (unlikely(first_id < 0))
1836 return first_id;
1837
1838 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1839 if (unlikely(!ffs->ep0req))
1840 return -ENOMEM;
1841 ffs->ep0req->complete = ffs_ep0_complete;
1842 ffs->ep0req->context = ffs;
1843
1844 lang = ffs->stringtabs;
1845 if (lang) {
1846 for (; *lang; ++lang) {
1847 struct usb_string *str = (*lang)->strings;
1848 int id = first_id;
1849 for (; str->s; ++id, ++str)
1850 str->id = id;
1851 }
1852 }
1853
1854 ffs->gadget = cdev->gadget;
1855 ffs_data_get(ffs);
1856 return 0;
1857}
1858
1859static void functionfs_unbind(struct ffs_data *ffs)
1860{
1861 ENTER();
1862
1863 if (!WARN_ON(!ffs->gadget)) {
1864 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1865 ffs->ep0req = NULL;
1866 ffs->gadget = NULL;
1867 clear_bit(FFS_FL_BOUND, &ffs->flags);
1868 ffs_data_put(ffs);
1869 }
1870}
1871
1872static int ffs_epfiles_create(struct ffs_data *ffs)
1873{
1874 struct ffs_epfile *epfile, *epfiles;
1875 unsigned i, count;
1876
1877 ENTER();
1878
1879 count = ffs->eps_count;
1880 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1881 if (!epfiles)
1882 return -ENOMEM;
1883
1884 epfile = epfiles;
1885 for (i = 1; i <= count; ++i, ++epfile) {
1886 epfile->ffs = ffs;
1887 mutex_init(&epfile->mutex);
1888 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1889 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1890 else
1891 sprintf(epfile->name, "ep%u", i);
1892 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1893 epfile,
1894 &ffs_epfile_operations);
1895 if (unlikely(!epfile->dentry)) {
1896 ffs_epfiles_destroy(epfiles, i - 1);
1897 return -ENOMEM;
1898 }
1899 }
1900
1901 ffs->epfiles = epfiles;
1902 return 0;
1903}
1904
1905static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1906{
1907 struct ffs_epfile *epfile = epfiles;
1908
1909 ENTER();
1910
1911 for (; count; --count, ++epfile) {
1912 BUG_ON(mutex_is_locked(&epfile->mutex));
1913 if (epfile->dentry) {
1914 d_delete(epfile->dentry);
1915 dput(epfile->dentry);
1916 epfile->dentry = NULL;
1917 }
1918 }
1919
1920 kfree(epfiles);
1921}
1922
1923static void ffs_func_eps_disable(struct ffs_function *func)
1924{
1925 struct ffs_ep *ep = func->eps;
1926 struct ffs_epfile *epfile = func->ffs->epfiles;
1927 unsigned count = func->ffs->eps_count;
1928 unsigned long flags;
1929
1930 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1931 while (count--) {
1932
1933 if (likely(ep->ep))
1934 usb_ep_disable(ep->ep);
1935 ++ep;
1936
1937 if (epfile) {
1938 epfile->ep = NULL;
1939 __ffs_epfile_read_buffer_free(epfile);
1940 ++epfile;
1941 }
1942 }
1943 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1944}
1945
1946static int ffs_func_eps_enable(struct ffs_function *func)
1947{
1948 struct ffs_data *ffs = func->ffs;
1949 struct ffs_ep *ep = func->eps;
1950 struct ffs_epfile *epfile = ffs->epfiles;
1951 unsigned count = ffs->eps_count;
1952 unsigned long flags;
1953 int ret = 0;
1954
1955 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1956 while(count--) {
1957 ep->ep->driver_data = ep;
1958
1959 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1960 if (ret) {
1961 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1962 __func__, ep->ep->name, ret);
1963 break;
1964 }
1965
1966 ret = usb_ep_enable(ep->ep);
1967 if (likely(!ret)) {
1968 epfile->ep = ep;
1969 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1970 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
1971 } else {
1972 break;
1973 }
1974
1975 ++ep;
1976 ++epfile;
1977 }
1978
1979 wake_up_interruptible(&ffs->wait);
1980 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1981
1982 return ret;
1983}
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995enum ffs_entity_type {
1996 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1997};
1998
1999enum ffs_os_desc_type {
2000 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
2001};
2002
2003typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
2004 u8 *valuep,
2005 struct usb_descriptor_header *desc,
2006 void *priv);
2007
2008typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
2009 struct usb_os_desc_header *h, void *data,
2010 unsigned len, void *priv);
2011
2012static int __must_check ffs_do_single_desc(char *data, unsigned len,
2013 ffs_entity_callback entity,
2014 void *priv, int *current_class)
2015{
2016 struct usb_descriptor_header *_ds = (void *)data;
2017 u8 length;
2018 int ret;
2019
2020 ENTER();
2021
2022
2023 if (len < 2) {
2024 pr_vdebug("descriptor too short\n");
2025 return -EINVAL;
2026 }
2027
2028
2029 length = _ds->bLength;
2030 if (len < length) {
2031 pr_vdebug("descriptor longer then available data\n");
2032 return -EINVAL;
2033 }
2034
2035#define __entity_check_INTERFACE(val) 1
2036#define __entity_check_STRING(val) (val)
2037#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
2038#define __entity(type, val) do { \
2039 pr_vdebug("entity " #type "(%02x)\n", (val)); \
2040 if (unlikely(!__entity_check_ ##type(val))) { \
2041 pr_vdebug("invalid entity's value\n"); \
2042 return -EINVAL; \
2043 } \
2044 ret = entity(FFS_ ##type, &val, _ds, priv); \
2045 if (unlikely(ret < 0)) { \
2046 pr_debug("entity " #type "(%02x); ret = %d\n", \
2047 (val), ret); \
2048 return ret; \
2049 } \
2050 } while (0)
2051
2052
2053 switch (_ds->bDescriptorType) {
2054 case USB_DT_DEVICE:
2055 case USB_DT_CONFIG:
2056 case USB_DT_STRING:
2057 case USB_DT_DEVICE_QUALIFIER:
2058
2059 pr_vdebug("descriptor reserved for gadget: %d\n",
2060 _ds->bDescriptorType);
2061 return -EINVAL;
2062
2063 case USB_DT_INTERFACE: {
2064 struct usb_interface_descriptor *ds = (void *)_ds;
2065 pr_vdebug("interface descriptor\n");
2066 if (length != sizeof *ds)
2067 goto inv_length;
2068
2069 __entity(INTERFACE, ds->bInterfaceNumber);
2070 if (ds->iInterface)
2071 __entity(STRING, ds->iInterface);
2072 *current_class = ds->bInterfaceClass;
2073 }
2074 break;
2075
2076 case USB_DT_ENDPOINT: {
2077 struct usb_endpoint_descriptor *ds = (void *)_ds;
2078 pr_vdebug("endpoint descriptor\n");
2079 if (length != USB_DT_ENDPOINT_SIZE &&
2080 length != USB_DT_ENDPOINT_AUDIO_SIZE)
2081 goto inv_length;
2082 __entity(ENDPOINT, ds->bEndpointAddress);
2083 }
2084 break;
2085
2086 case USB_TYPE_CLASS | 0x01:
2087 if (*current_class == USB_INTERFACE_CLASS_HID) {
2088 pr_vdebug("hid descriptor\n");
2089 if (length != sizeof(struct hid_descriptor))
2090 goto inv_length;
2091 break;
2092 } else if (*current_class == USB_INTERFACE_CLASS_CCID) {
2093 pr_vdebug("ccid descriptor\n");
2094 if (length != sizeof(struct ccid_descriptor))
2095 goto inv_length;
2096 break;
2097 } else {
2098 pr_vdebug("unknown descriptor: %d for class %d\n",
2099 _ds->bDescriptorType, *current_class);
2100 return -EINVAL;
2101 }
2102
2103 case USB_DT_OTG:
2104 if (length != sizeof(struct usb_otg_descriptor))
2105 goto inv_length;
2106 break;
2107
2108 case USB_DT_INTERFACE_ASSOCIATION: {
2109 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
2110 pr_vdebug("interface association descriptor\n");
2111 if (length != sizeof *ds)
2112 goto inv_length;
2113 if (ds->iFunction)
2114 __entity(STRING, ds->iFunction);
2115 }
2116 break;
2117
2118 case USB_DT_SS_ENDPOINT_COMP:
2119 pr_vdebug("EP SS companion descriptor\n");
2120 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2121 goto inv_length;
2122 break;
2123
2124 case USB_DT_OTHER_SPEED_CONFIG:
2125 case USB_DT_INTERFACE_POWER:
2126 case USB_DT_DEBUG:
2127 case USB_DT_SECURITY:
2128 case USB_DT_CS_RADIO_CONTROL:
2129
2130 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2131 return -EINVAL;
2132
2133 default:
2134
2135 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2136 return -EINVAL;
2137
2138inv_length:
2139 pr_vdebug("invalid length: %d (descriptor %d)\n",
2140 _ds->bLength, _ds->bDescriptorType);
2141 return -EINVAL;
2142 }
2143
2144#undef __entity
2145#undef __entity_check_DESCRIPTOR
2146#undef __entity_check_INTERFACE
2147#undef __entity_check_STRING
2148#undef __entity_check_ENDPOINT
2149
2150 return length;
2151}
2152
2153static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2154 ffs_entity_callback entity, void *priv)
2155{
2156 const unsigned _len = len;
2157 unsigned long num = 0;
2158 int current_class = -1;
2159
2160 ENTER();
2161
2162 for (;;) {
2163 int ret;
2164
2165 if (num == count)
2166 data = NULL;
2167
2168
2169 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2170 if (unlikely(ret < 0)) {
2171 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2172 num, ret);
2173 return ret;
2174 }
2175
2176 if (!data)
2177 return _len - len;
2178
2179 ret = ffs_do_single_desc(data, len, entity, priv,
2180 ¤t_class);
2181 if (unlikely(ret < 0)) {
2182 pr_debug("%s returns %d\n", __func__, ret);
2183 return ret;
2184 }
2185
2186 len -= ret;
2187 data += ret;
2188 ++num;
2189 }
2190}
2191
2192static int __ffs_data_do_entity(enum ffs_entity_type type,
2193 u8 *valuep, struct usb_descriptor_header *desc,
2194 void *priv)
2195{
2196 struct ffs_desc_helper *helper = priv;
2197 struct usb_endpoint_descriptor *d;
2198
2199 ENTER();
2200
2201 switch (type) {
2202 case FFS_DESCRIPTOR:
2203 break;
2204
2205 case FFS_INTERFACE:
2206
2207
2208
2209
2210
2211 if (*valuep >= helper->interfaces_count)
2212 helper->interfaces_count = *valuep + 1;
2213 break;
2214
2215 case FFS_STRING:
2216
2217
2218
2219
2220 if (*valuep > helper->ffs->strings_count)
2221 helper->ffs->strings_count = *valuep;
2222 break;
2223
2224 case FFS_ENDPOINT:
2225 d = (void *)desc;
2226 helper->eps_count++;
2227 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
2228 return -EINVAL;
2229
2230 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2231 helper->ffs->eps_addrmap[helper->eps_count] =
2232 d->bEndpointAddress;
2233 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2234 d->bEndpointAddress)
2235 return -EINVAL;
2236 break;
2237 }
2238
2239 return 0;
2240}
2241
2242static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2243 struct usb_os_desc_header *desc)
2244{
2245 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2246 u16 w_index = le16_to_cpu(desc->wIndex);
2247
2248 if (bcd_version != 1) {
2249 pr_vdebug("unsupported os descriptors version: %d",
2250 bcd_version);
2251 return -EINVAL;
2252 }
2253 switch (w_index) {
2254 case 0x4:
2255 *next_type = FFS_OS_DESC_EXT_COMPAT;
2256 break;
2257 case 0x5:
2258 *next_type = FFS_OS_DESC_EXT_PROP;
2259 break;
2260 default:
2261 pr_vdebug("unsupported os descriptor type: %d", w_index);
2262 return -EINVAL;
2263 }
2264
2265 return sizeof(*desc);
2266}
2267
2268
2269
2270
2271
2272static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2273 enum ffs_os_desc_type type,
2274 u16 feature_count,
2275 ffs_os_desc_callback entity,
2276 void *priv,
2277 struct usb_os_desc_header *h)
2278{
2279 int ret;
2280 const unsigned _len = len;
2281
2282 ENTER();
2283
2284
2285 while (feature_count--) {
2286 ret = entity(type, h, data, len, priv);
2287 if (unlikely(ret < 0)) {
2288 pr_debug("bad OS descriptor, type: %d\n", type);
2289 return ret;
2290 }
2291 data += ret;
2292 len -= ret;
2293 }
2294 return _len - len;
2295}
2296
2297
2298static int __must_check ffs_do_os_descs(unsigned count,
2299 char *data, unsigned len,
2300 ffs_os_desc_callback entity, void *priv)
2301{
2302 const unsigned _len = len;
2303 unsigned long num = 0;
2304
2305 ENTER();
2306
2307 for (num = 0; num < count; ++num) {
2308 int ret;
2309 enum ffs_os_desc_type type;
2310 u16 feature_count;
2311 struct usb_os_desc_header *desc = (void *)data;
2312
2313 if (len < sizeof(*desc))
2314 return -EINVAL;
2315
2316
2317
2318
2319
2320
2321
2322
2323 if (le32_to_cpu(desc->dwLength) > len)
2324 return -EINVAL;
2325
2326 ret = __ffs_do_os_desc_header(&type, desc);
2327 if (unlikely(ret < 0)) {
2328 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2329 num, ret);
2330 return ret;
2331 }
2332
2333
2334
2335 feature_count = le16_to_cpu(desc->wCount);
2336 if (type == FFS_OS_DESC_EXT_COMPAT &&
2337 (feature_count > 255 || desc->Reserved))
2338 return -EINVAL;
2339 len -= ret;
2340 data += ret;
2341
2342
2343
2344
2345
2346 ret = ffs_do_single_os_desc(data, len, type,
2347 feature_count, entity, priv, desc);
2348 if (unlikely(ret < 0)) {
2349 pr_debug("%s returns %d\n", __func__, ret);
2350 return ret;
2351 }
2352
2353 len -= ret;
2354 data += ret;
2355 }
2356 return _len - len;
2357}
2358
2359
2360
2361
2362static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2363 struct usb_os_desc_header *h, void *data,
2364 unsigned len, void *priv)
2365{
2366 struct ffs_data *ffs = priv;
2367 u8 length;
2368
2369 ENTER();
2370
2371 switch (type) {
2372 case FFS_OS_DESC_EXT_COMPAT: {
2373 struct usb_ext_compat_desc *d = data;
2374 int i;
2375
2376 if (len < sizeof(*d) ||
2377 d->bFirstInterfaceNumber >= ffs->interfaces_count)
2378 return -EINVAL;
2379 if (d->Reserved1 != 1) {
2380
2381
2382
2383
2384
2385
2386 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2387 d->Reserved1 = 1;
2388 }
2389 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2390 if (d->Reserved2[i])
2391 return -EINVAL;
2392
2393 length = sizeof(struct usb_ext_compat_desc);
2394 }
2395 break;
2396 case FFS_OS_DESC_EXT_PROP: {
2397 struct usb_ext_prop_desc *d = data;
2398 u32 type, pdl;
2399 u16 pnl;
2400
2401 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2402 return -EINVAL;
2403 length = le32_to_cpu(d->dwSize);
2404 if (len < length)
2405 return -EINVAL;
2406 type = le32_to_cpu(d->dwPropertyDataType);
2407 if (type < USB_EXT_PROP_UNICODE ||
2408 type > USB_EXT_PROP_UNICODE_MULTI) {
2409 pr_vdebug("unsupported os descriptor property type: %d",
2410 type);
2411 return -EINVAL;
2412 }
2413 pnl = le16_to_cpu(d->wPropertyNameLength);
2414 if (length < 14 + pnl) {
2415 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2416 length, pnl, type);
2417 return -EINVAL;
2418 }
2419 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
2420 if (length != 14 + pnl + pdl) {
2421 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2422 length, pnl, pdl, type);
2423 return -EINVAL;
2424 }
2425 ++ffs->ms_os_descs_ext_prop_count;
2426
2427 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2428 ffs->ms_os_descs_ext_prop_data_len += pdl;
2429 }
2430 break;
2431 default:
2432 pr_vdebug("unknown descriptor: %d\n", type);
2433 return -EINVAL;
2434 }
2435 return length;
2436}
2437
2438static int __ffs_data_got_descs(struct ffs_data *ffs,
2439 char *const _data, size_t len)
2440{
2441 char *data = _data, *raw_descs;
2442 unsigned os_descs_count = 0, counts[3], flags;
2443 int ret = -EINVAL, i;
2444 struct ffs_desc_helper helper;
2445
2446 ENTER();
2447
2448 if (get_unaligned_le32(data + 4) != len)
2449 goto error;
2450
2451 switch (get_unaligned_le32(data)) {
2452 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2453 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2454 data += 8;
2455 len -= 8;
2456 break;
2457 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2458 flags = get_unaligned_le32(data + 8);
2459 ffs->user_flags = flags;
2460 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2461 FUNCTIONFS_HAS_HS_DESC |
2462 FUNCTIONFS_HAS_SS_DESC |
2463 FUNCTIONFS_HAS_MS_OS_DESC |
2464 FUNCTIONFS_VIRTUAL_ADDR |
2465 FUNCTIONFS_EVENTFD |
2466 FUNCTIONFS_ALL_CTRL_RECIP |
2467 FUNCTIONFS_CONFIG0_SETUP)) {
2468 ret = -ENOSYS;
2469 goto error;
2470 }
2471 data += 12;
2472 len -= 12;
2473 break;
2474 default:
2475 goto error;
2476 }
2477
2478 if (flags & FUNCTIONFS_EVENTFD) {
2479 if (len < 4)
2480 goto error;
2481 ffs->ffs_eventfd =
2482 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2483 if (IS_ERR(ffs->ffs_eventfd)) {
2484 ret = PTR_ERR(ffs->ffs_eventfd);
2485 ffs->ffs_eventfd = NULL;
2486 goto error;
2487 }
2488 data += 4;
2489 len -= 4;
2490 }
2491
2492
2493 for (i = 0; i < 3; ++i) {
2494 if (!(flags & (1 << i))) {
2495 counts[i] = 0;
2496 } else if (len < 4) {
2497 goto error;
2498 } else {
2499 counts[i] = get_unaligned_le32(data);
2500 data += 4;
2501 len -= 4;
2502 }
2503 }
2504 if (flags & (1 << i)) {
2505 if (len < 4) {
2506 goto error;
2507 }
2508 os_descs_count = get_unaligned_le32(data);
2509 data += 4;
2510 len -= 4;
2511 };
2512
2513
2514 raw_descs = data;
2515 helper.ffs = ffs;
2516 for (i = 0; i < 3; ++i) {
2517 if (!counts[i])
2518 continue;
2519 helper.interfaces_count = 0;
2520 helper.eps_count = 0;
2521 ret = ffs_do_descs(counts[i], data, len,
2522 __ffs_data_do_entity, &helper);
2523 if (ret < 0)
2524 goto error;
2525 if (!ffs->eps_count && !ffs->interfaces_count) {
2526 ffs->eps_count = helper.eps_count;
2527 ffs->interfaces_count = helper.interfaces_count;
2528 } else {
2529 if (ffs->eps_count != helper.eps_count) {
2530 ret = -EINVAL;
2531 goto error;
2532 }
2533 if (ffs->interfaces_count != helper.interfaces_count) {
2534 ret = -EINVAL;
2535 goto error;
2536 }
2537 }
2538 data += ret;
2539 len -= ret;
2540 }
2541 if (os_descs_count) {
2542 ret = ffs_do_os_descs(os_descs_count, data, len,
2543 __ffs_data_do_os_desc, ffs);
2544 if (ret < 0)
2545 goto error;
2546 data += ret;
2547 len -= ret;
2548 }
2549
2550 if (raw_descs == data || len) {
2551 ret = -EINVAL;
2552 goto error;
2553 }
2554
2555 ffs->raw_descs_data = _data;
2556 ffs->raw_descs = raw_descs;
2557 ffs->raw_descs_length = data - raw_descs;
2558 ffs->fs_descs_count = counts[0];
2559 ffs->hs_descs_count = counts[1];
2560 ffs->ss_descs_count = counts[2];
2561 ffs->ms_os_descs_count = os_descs_count;
2562
2563 return 0;
2564
2565error:
2566 kfree(_data);
2567 return ret;
2568}
2569
2570static int __ffs_data_got_strings(struct ffs_data *ffs,
2571 char *const _data, size_t len)
2572{
2573 u32 str_count, needed_count, lang_count;
2574 struct usb_gadget_strings **stringtabs, *t;
2575 const char *data = _data;
2576 struct usb_string *s;
2577
2578 ENTER();
2579
2580 if (unlikely(len < 16 ||
2581 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2582 get_unaligned_le32(data + 4) != len))
2583 goto error;
2584 str_count = get_unaligned_le32(data + 8);
2585 lang_count = get_unaligned_le32(data + 12);
2586
2587
2588 if (unlikely(!str_count != !lang_count))
2589 goto error;
2590
2591
2592 needed_count = ffs->strings_count;
2593 if (unlikely(str_count < needed_count))
2594 goto error;
2595
2596
2597
2598
2599
2600 if (!needed_count) {
2601 kfree(_data);
2602 return 0;
2603 }
2604
2605
2606 {
2607 unsigned i = 0;
2608 vla_group(d);
2609 vla_item(d, struct usb_gadget_strings *, stringtabs,
2610 lang_count + 1);
2611 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2612 vla_item(d, struct usb_string, strings,
2613 lang_count*(needed_count+1));
2614
2615 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2616
2617 if (unlikely(!vlabuf)) {
2618 kfree(_data);
2619 return -ENOMEM;
2620 }
2621
2622
2623 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2624 t = vla_ptr(vlabuf, d, stringtab);
2625 i = lang_count;
2626 do {
2627 *stringtabs++ = t++;
2628 } while (--i);
2629 *stringtabs = NULL;
2630
2631
2632 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2633 t = vla_ptr(vlabuf, d, stringtab);
2634 s = vla_ptr(vlabuf, d, strings);
2635 }
2636
2637
2638 data += 16;
2639 len -= 16;
2640
2641 do {
2642 unsigned needed = needed_count;
2643
2644 if (unlikely(len < 3))
2645 goto error_free;
2646 t->language = get_unaligned_le16(data);
2647 t->strings = s;
2648 ++t;
2649
2650 data += 2;
2651 len -= 2;
2652
2653
2654 do {
2655 size_t length = strnlen(data, len);
2656
2657 if (unlikely(length == len))
2658 goto error_free;
2659
2660
2661
2662
2663
2664
2665 if (likely(needed)) {
2666
2667
2668
2669
2670
2671 s->s = data;
2672 --needed;
2673 ++s;
2674 }
2675
2676 data += length + 1;
2677 len -= length + 1;
2678 } while (--str_count);
2679
2680 s->id = 0;
2681 s->s = NULL;
2682 ++s;
2683
2684 } while (--lang_count);
2685
2686
2687 if (unlikely(len))
2688 goto error_free;
2689
2690
2691 ffs->stringtabs = stringtabs;
2692 ffs->raw_strings = _data;
2693
2694 return 0;
2695
2696error_free:
2697 kfree(stringtabs);
2698error:
2699 kfree(_data);
2700 return -EINVAL;
2701}
2702
2703
2704
2705
2706static void __ffs_event_add(struct ffs_data *ffs,
2707 enum usb_functionfs_event_type type)
2708{
2709 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2710 int neg = 0;
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720 if (ffs->setup_state == FFS_SETUP_PENDING)
2721 ffs->setup_state = FFS_SETUP_CANCELLED;
2722
2723
2724
2725
2726
2727
2728
2729
2730 switch (type) {
2731 case FUNCTIONFS_RESUME:
2732 rem_type2 = FUNCTIONFS_SUSPEND;
2733
2734 case FUNCTIONFS_SUSPEND:
2735 case FUNCTIONFS_SETUP:
2736 rem_type1 = type;
2737
2738 break;
2739
2740 case FUNCTIONFS_BIND:
2741 case FUNCTIONFS_UNBIND:
2742 case FUNCTIONFS_DISABLE:
2743 case FUNCTIONFS_ENABLE:
2744
2745 rem_type1 = FUNCTIONFS_SUSPEND;
2746 rem_type2 = FUNCTIONFS_RESUME;
2747 neg = 1;
2748 break;
2749
2750 default:
2751 WARN(1, "%d: unknown event, this should not happen\n", type);
2752 return;
2753 }
2754
2755 {
2756 u8 *ev = ffs->ev.types, *out = ev;
2757 unsigned n = ffs->ev.count;
2758 for (; n; --n, ++ev)
2759 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2760 *out++ = *ev;
2761 else
2762 pr_vdebug("purging event %d\n", *ev);
2763 ffs->ev.count = out - ffs->ev.types;
2764 }
2765
2766 pr_vdebug("adding event %d\n", type);
2767 ffs->ev.types[ffs->ev.count++] = type;
2768 wake_up_locked(&ffs->ev.waitq);
2769 if (ffs->ffs_eventfd)
2770 eventfd_signal(ffs->ffs_eventfd, 1);
2771}
2772
2773static void ffs_event_add(struct ffs_data *ffs,
2774 enum usb_functionfs_event_type type)
2775{
2776 unsigned long flags;
2777 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2778 __ffs_event_add(ffs, type);
2779 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2780}
2781
2782
2783
2784static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2785{
2786 int i;
2787
2788 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2789 if (ffs->eps_addrmap[i] == endpoint_address)
2790 return i;
2791 return -ENOENT;
2792}
2793
2794static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2795 struct usb_descriptor_header *desc,
2796 void *priv)
2797{
2798 struct usb_endpoint_descriptor *ds = (void *)desc;
2799 struct ffs_function *func = priv;
2800 struct ffs_ep *ffs_ep;
2801 unsigned ep_desc_id;
2802 int idx;
2803 static const char *speed_names[] = { "full", "high", "super" };
2804
2805 if (type != FFS_DESCRIPTOR)
2806 return 0;
2807
2808
2809
2810
2811
2812
2813
2814 if (func->function.ss_descriptors) {
2815 ep_desc_id = 2;
2816 func->function.ss_descriptors[(long)valuep] = desc;
2817 } else if (func->function.hs_descriptors) {
2818 ep_desc_id = 1;
2819 func->function.hs_descriptors[(long)valuep] = desc;
2820 } else {
2821 ep_desc_id = 0;
2822 func->function.fs_descriptors[(long)valuep] = desc;
2823 }
2824
2825 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2826 return 0;
2827
2828 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2829 if (idx < 0)
2830 return idx;
2831
2832 ffs_ep = func->eps + idx;
2833
2834 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2835 pr_err("two %sspeed descriptors for EP %d\n",
2836 speed_names[ep_desc_id],
2837 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2838 return -EINVAL;
2839 }
2840 ffs_ep->descs[ep_desc_id] = ds;
2841
2842 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2843 if (ffs_ep->ep) {
2844 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2845 if (!ds->wMaxPacketSize)
2846 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2847 } else {
2848 struct usb_request *req;
2849 struct usb_ep *ep;
2850 u8 bEndpointAddress;
2851 u16 wMaxPacketSize;
2852
2853
2854
2855
2856
2857 bEndpointAddress = ds->bEndpointAddress;
2858
2859
2860
2861
2862 wMaxPacketSize = ds->wMaxPacketSize;
2863 pr_vdebug("autoconfig\n");
2864 ep = usb_ep_autoconfig(func->gadget, ds);
2865 if (unlikely(!ep))
2866 return -ENOTSUPP;
2867 ep->driver_data = func->eps + idx;
2868
2869 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2870 if (unlikely(!req))
2871 return -ENOMEM;
2872
2873 ffs_ep->ep = ep;
2874 ffs_ep->req = req;
2875 func->eps_revmap[ds->bEndpointAddress &
2876 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2877
2878
2879
2880
2881 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2882 ds->bEndpointAddress = bEndpointAddress;
2883
2884
2885
2886
2887 ds->wMaxPacketSize = wMaxPacketSize;
2888 }
2889 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2890
2891 return 0;
2892}
2893
2894static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2895 struct usb_descriptor_header *desc,
2896 void *priv)
2897{
2898 struct ffs_function *func = priv;
2899 unsigned idx;
2900 u8 newValue;
2901
2902 switch (type) {
2903 default:
2904 case FFS_DESCRIPTOR:
2905
2906 return 0;
2907
2908 case FFS_INTERFACE:
2909 idx = *valuep;
2910 if (func->interfaces_nums[idx] < 0) {
2911 int id = usb_interface_id(func->conf, &func->function);
2912 if (unlikely(id < 0))
2913 return id;
2914 func->interfaces_nums[idx] = id;
2915 }
2916 newValue = func->interfaces_nums[idx];
2917 break;
2918
2919 case FFS_STRING:
2920
2921 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2922 break;
2923
2924 case FFS_ENDPOINT:
2925
2926
2927
2928
2929 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2930 return 0;
2931
2932 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2933 if (unlikely(!func->eps[idx].ep))
2934 return -EINVAL;
2935
2936 {
2937 struct usb_endpoint_descriptor **descs;
2938 descs = func->eps[idx].descs;
2939 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2940 }
2941 break;
2942 }
2943
2944 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2945 *valuep = newValue;
2946 return 0;
2947}
2948
2949static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2950 struct usb_os_desc_header *h, void *data,
2951 unsigned len, void *priv)
2952{
2953 struct ffs_function *func = priv;
2954 u8 length = 0;
2955
2956 switch (type) {
2957 case FFS_OS_DESC_EXT_COMPAT: {
2958 struct usb_ext_compat_desc *desc = data;
2959 struct usb_os_desc_table *t;
2960
2961 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2962 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2963 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2964 ARRAY_SIZE(desc->CompatibleID) +
2965 ARRAY_SIZE(desc->SubCompatibleID));
2966 length = sizeof(*desc);
2967 }
2968 break;
2969 case FFS_OS_DESC_EXT_PROP: {
2970 struct usb_ext_prop_desc *desc = data;
2971 struct usb_os_desc_table *t;
2972 struct usb_os_desc_ext_prop *ext_prop;
2973 char *ext_prop_name;
2974 char *ext_prop_data;
2975
2976 t = &func->function.os_desc_table[h->interface];
2977 t->if_id = func->interfaces_nums[h->interface];
2978
2979 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2980 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2981
2982 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2983 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2984 ext_prop->data_len = le32_to_cpu(*(__le32 *)
2985 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2986 length = ext_prop->name_len + ext_prop->data_len + 14;
2987
2988 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2989 func->ffs->ms_os_descs_ext_prop_name_avail +=
2990 ext_prop->name_len;
2991
2992 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2993 func->ffs->ms_os_descs_ext_prop_data_avail +=
2994 ext_prop->data_len;
2995 memcpy(ext_prop_data,
2996 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2997 ext_prop->data_len);
2998
2999 switch (ext_prop->type) {
3000 case USB_EXT_PROP_UNICODE:
3001 case USB_EXT_PROP_UNICODE_ENV:
3002 case USB_EXT_PROP_UNICODE_LINK:
3003 case USB_EXT_PROP_UNICODE_MULTI:
3004 ext_prop->data_len *= 2;
3005 break;
3006 }
3007 ext_prop->data = ext_prop_data;
3008
3009 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
3010 ext_prop->name_len);
3011
3012 ext_prop->name_len *= 2;
3013 ext_prop->name = ext_prop_name;
3014
3015 t->os_desc->ext_prop_len +=
3016 ext_prop->name_len + ext_prop->data_len + 14;
3017 ++t->os_desc->ext_prop_count;
3018 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
3019 }
3020 break;
3021 default:
3022 pr_vdebug("unknown descriptor: %d\n", type);
3023 }
3024
3025 return length;
3026}
3027
3028static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
3029 struct usb_configuration *c)
3030{
3031 struct ffs_function *func = ffs_func_from_usb(f);
3032 struct f_fs_opts *ffs_opts =
3033 container_of(f->fi, struct f_fs_opts, func_inst);
3034 int ret;
3035
3036 ENTER();
3037
3038
3039
3040
3041
3042
3043
3044
3045 if (!ffs_opts->no_configfs)
3046 ffs_dev_lock();
3047 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
3048 func->ffs = ffs_opts->dev->ffs_data;
3049 if (!ffs_opts->no_configfs)
3050 ffs_dev_unlock();
3051 if (ret)
3052 return ERR_PTR(ret);
3053
3054 func->conf = c;
3055 func->gadget = c->cdev->gadget;
3056
3057
3058
3059
3060
3061
3062
3063
3064 if (!ffs_opts->refcnt) {
3065 ret = functionfs_bind(func->ffs, c->cdev);
3066 if (ret)
3067 return ERR_PTR(ret);
3068 }
3069 ffs_opts->refcnt++;
3070 func->function.strings = func->ffs->stringtabs;
3071
3072 return ffs_opts;
3073}
3074
3075static int _ffs_func_bind(struct usb_configuration *c,
3076 struct usb_function *f)
3077{
3078 struct ffs_function *func = ffs_func_from_usb(f);
3079 struct ffs_data *ffs = func->ffs;
3080
3081 const int full = !!func->ffs->fs_descs_count;
3082 const int high = !!func->ffs->hs_descs_count;
3083 const int super = !!func->ffs->ss_descs_count;
3084
3085 int fs_len, hs_len, ss_len, ret, i;
3086 struct ffs_ep *eps_ptr;
3087
3088
3089 vla_group(d);
3090 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
3091 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
3092 full ? ffs->fs_descs_count + 1 : 0);
3093 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
3094 high ? ffs->hs_descs_count + 1 : 0);
3095 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
3096 super ? ffs->ss_descs_count + 1 : 0);
3097 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
3098 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
3099 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3100 vla_item_with_sz(d, char[16], ext_compat,
3101 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3102 vla_item_with_sz(d, struct usb_os_desc, os_desc,
3103 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3104 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
3105 ffs->ms_os_descs_ext_prop_count);
3106 vla_item_with_sz(d, char, ext_prop_name,
3107 ffs->ms_os_descs_ext_prop_name_len);
3108 vla_item_with_sz(d, char, ext_prop_data,
3109 ffs->ms_os_descs_ext_prop_data_len);
3110 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
3111 char *vlabuf;
3112
3113 ENTER();
3114
3115
3116 if (unlikely(!(full | high | super)))
3117 return -ENOTSUPP;
3118
3119
3120 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
3121 if (unlikely(!vlabuf))
3122 return -ENOMEM;
3123
3124 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
3125 ffs->ms_os_descs_ext_prop_name_avail =
3126 vla_ptr(vlabuf, d, ext_prop_name);
3127 ffs->ms_os_descs_ext_prop_data_avail =
3128 vla_ptr(vlabuf, d, ext_prop_data);
3129
3130
3131 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
3132 ffs->raw_descs_length);
3133
3134 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
3135 eps_ptr = vla_ptr(vlabuf, d, eps);
3136 for (i = 0; i < ffs->eps_count; i++)
3137 eps_ptr[i].num = -1;
3138
3139
3140
3141
3142 func->eps = vla_ptr(vlabuf, d, eps);
3143 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
3144
3145
3146
3147
3148
3149
3150 if (likely(full)) {
3151 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3152 fs_len = ffs_do_descs(ffs->fs_descs_count,
3153 vla_ptr(vlabuf, d, raw_descs),
3154 d_raw_descs__sz,
3155 __ffs_func_bind_do_descs, func);
3156 if (unlikely(fs_len < 0)) {
3157 ret = fs_len;
3158 goto error;
3159 }
3160 } else {
3161 fs_len = 0;
3162 }
3163
3164 if (likely(high)) {
3165 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3166 hs_len = ffs_do_descs(ffs->hs_descs_count,
3167 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3168 d_raw_descs__sz - fs_len,
3169 __ffs_func_bind_do_descs, func);
3170 if (unlikely(hs_len < 0)) {
3171 ret = hs_len;
3172 goto error;
3173 }
3174 } else {
3175 hs_len = 0;
3176 }
3177
3178 if (likely(super)) {
3179 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
3180 ss_len = ffs_do_descs(ffs->ss_descs_count,
3181 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3182 d_raw_descs__sz - fs_len - hs_len,
3183 __ffs_func_bind_do_descs, func);
3184 if (unlikely(ss_len < 0)) {
3185 ret = ss_len;
3186 goto error;
3187 }
3188 } else {
3189 ss_len = 0;
3190 }
3191
3192
3193
3194
3195
3196
3197 ret = ffs_do_descs(ffs->fs_descs_count +
3198 (high ? ffs->hs_descs_count : 0) +
3199 (super ? ffs->ss_descs_count : 0),
3200 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3201 __ffs_func_bind_do_nums, func);
3202 if (unlikely(ret < 0))
3203 goto error;
3204
3205 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3206 if (c->cdev->use_os_string) {
3207 for (i = 0; i < ffs->interfaces_count; ++i) {
3208 struct usb_os_desc *desc;
3209
3210 desc = func->function.os_desc_table[i].os_desc =
3211 vla_ptr(vlabuf, d, os_desc) +
3212 i * sizeof(struct usb_os_desc);
3213 desc->ext_compat_id =
3214 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3215 INIT_LIST_HEAD(&desc->ext_prop);
3216 }
3217 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3218 vla_ptr(vlabuf, d, raw_descs) +
3219 fs_len + hs_len + ss_len,
3220 d_raw_descs__sz - fs_len - hs_len -
3221 ss_len,
3222 __ffs_func_bind_do_os_desc, func);
3223 if (unlikely(ret < 0))
3224 goto error;
3225 }
3226 func->function.os_desc_n =
3227 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3228
3229
3230 ffs_event_add(ffs, FUNCTIONFS_BIND);
3231 return 0;
3232
3233error:
3234
3235 return ret;
3236}
3237
3238static int ffs_func_bind(struct usb_configuration *c,
3239 struct usb_function *f)
3240{
3241 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3242 struct ffs_function *func = ffs_func_from_usb(f);
3243 int ret;
3244
3245 if (IS_ERR(ffs_opts))
3246 return PTR_ERR(ffs_opts);
3247
3248 ret = _ffs_func_bind(c, f);
3249 if (ret && !--ffs_opts->refcnt)
3250 functionfs_unbind(func->ffs);
3251
3252 return ret;
3253}
3254
3255
3256
3257
3258static void ffs_reset_work(struct work_struct *work)
3259{
3260 struct ffs_data *ffs = container_of(work,
3261 struct ffs_data, reset_work);
3262 ffs_data_reset(ffs);
3263}
3264
3265static int ffs_func_set_alt(struct usb_function *f,
3266 unsigned interface, unsigned alt)
3267{
3268 struct ffs_function *func = ffs_func_from_usb(f);
3269 struct ffs_data *ffs = func->ffs;
3270 int ret = 0, intf;
3271
3272 if (alt != (unsigned)-1) {
3273 intf = ffs_func_revmap_intf(func, interface);
3274 if (unlikely(intf < 0))
3275 return intf;
3276 }
3277
3278 if (ffs->func)
3279 ffs_func_eps_disable(ffs->func);
3280
3281 if (ffs->state == FFS_DEACTIVATED) {
3282 ffs->state = FFS_CLOSING;
3283 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3284 schedule_work(&ffs->reset_work);
3285 return -ENODEV;
3286 }
3287
3288 if (ffs->state != FFS_ACTIVE)
3289 return -ENODEV;
3290
3291 if (alt == (unsigned)-1) {
3292 ffs->func = NULL;
3293 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3294 return 0;
3295 }
3296
3297 ffs->func = func;
3298 ret = ffs_func_eps_enable(func);
3299 if (likely(ret >= 0))
3300 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3301 return ret;
3302}
3303
3304static void ffs_func_disable(struct usb_function *f)
3305{
3306 ffs_func_set_alt(f, 0, (unsigned)-1);
3307}
3308
3309static int ffs_func_setup(struct usb_function *f,
3310 const struct usb_ctrlrequest *creq)
3311{
3312 struct ffs_function *func = ffs_func_from_usb(f);
3313 struct ffs_data *ffs = func->ffs;
3314 unsigned long flags;
3315 int ret;
3316
3317 ENTER();
3318
3319 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3320 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3321 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3322 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3323 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335 if (ffs->state != FFS_ACTIVE)
3336 return -ENODEV;
3337
3338 switch (creq->bRequestType & USB_RECIP_MASK) {
3339 case USB_RECIP_INTERFACE:
3340 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3341 if (unlikely(ret < 0))
3342 return ret;
3343 break;
3344
3345 case USB_RECIP_ENDPOINT:
3346 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3347 if (unlikely(ret < 0))
3348 return ret;
3349 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3350 ret = func->ffs->eps_addrmap[ret];
3351 break;
3352
3353 default:
3354 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3355 ret = le16_to_cpu(creq->wIndex);
3356 else
3357 return -EOPNOTSUPP;
3358 }
3359
3360 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3361 ffs->ev.setup = *creq;
3362 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3363 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3364 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3365
3366 return creq->wLength == 0 ? USB_GADGET_DELAYED_STATUS : 0;
3367}
3368
3369static bool ffs_func_req_match(struct usb_function *f,
3370 const struct usb_ctrlrequest *creq,
3371 bool config0)
3372{
3373 struct ffs_function *func = ffs_func_from_usb(f);
3374
3375 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3376 return false;
3377
3378 switch (creq->bRequestType & USB_RECIP_MASK) {
3379 case USB_RECIP_INTERFACE:
3380 return (ffs_func_revmap_intf(func,
3381 le16_to_cpu(creq->wIndex)) >= 0);
3382 case USB_RECIP_ENDPOINT:
3383 return (ffs_func_revmap_ep(func,
3384 le16_to_cpu(creq->wIndex)) >= 0);
3385 default:
3386 return (bool) (func->ffs->user_flags &
3387 FUNCTIONFS_ALL_CTRL_RECIP);
3388 }
3389}
3390
3391static void ffs_func_suspend(struct usb_function *f)
3392{
3393 ENTER();
3394 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3395}
3396
3397static void ffs_func_resume(struct usb_function *f)
3398{
3399 ENTER();
3400 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3401}
3402
3403
3404
3405
3406static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3407{
3408 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3409 return num ? num : -EDOM;
3410}
3411
3412static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3413{
3414 short *nums = func->interfaces_nums;
3415 unsigned count = func->ffs->interfaces_count;
3416
3417 for (; count; --count, ++nums) {
3418 if (*nums >= 0 && *nums == intf)
3419 return nums - func->interfaces_nums;
3420 }
3421
3422 return -EDOM;
3423}
3424
3425
3426
3427
3428static LIST_HEAD(ffs_devices);
3429
3430static struct ffs_dev *_ffs_do_find_dev(const char *name)
3431{
3432 struct ffs_dev *dev;
3433
3434 if (!name)
3435 return NULL;
3436
3437 list_for_each_entry(dev, &ffs_devices, entry) {
3438 if (strcmp(dev->name, name) == 0)
3439 return dev;
3440 }
3441
3442 return NULL;
3443}
3444
3445
3446
3447
3448static struct ffs_dev *_ffs_get_single_dev(void)
3449{
3450 struct ffs_dev *dev;
3451
3452 if (list_is_singular(&ffs_devices)) {
3453 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3454 if (dev->single)
3455 return dev;
3456 }
3457
3458 return NULL;
3459}
3460
3461
3462
3463
3464static struct ffs_dev *_ffs_find_dev(const char *name)
3465{
3466 struct ffs_dev *dev;
3467
3468 dev = _ffs_get_single_dev();
3469 if (dev)
3470 return dev;
3471
3472 return _ffs_do_find_dev(name);
3473}
3474
3475
3476
3477static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3478{
3479 return container_of(to_config_group(item), struct f_fs_opts,
3480 func_inst.group);
3481}
3482
3483static void ffs_attr_release(struct config_item *item)
3484{
3485 struct f_fs_opts *opts = to_ffs_opts(item);
3486
3487 usb_put_function_instance(&opts->func_inst);
3488}
3489
3490static struct configfs_item_operations ffs_item_ops = {
3491 .release = ffs_attr_release,
3492};
3493
3494static const struct config_item_type ffs_func_type = {
3495 .ct_item_ops = &ffs_item_ops,
3496 .ct_owner = THIS_MODULE,
3497};
3498
3499
3500
3501
3502static void ffs_free_inst(struct usb_function_instance *f)
3503{
3504 struct f_fs_opts *opts;
3505
3506 opts = to_f_fs_opts(f);
3507 ffs_dev_lock();
3508 _ffs_free_dev(opts->dev);
3509 ffs_dev_unlock();
3510 kfree(opts);
3511}
3512
3513static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3514{
3515 if (strlen(name) >= FIELD_SIZEOF(struct ffs_dev, name))
3516 return -ENAMETOOLONG;
3517 return ffs_name_dev(to_f_fs_opts(fi)->dev, name);
3518}
3519
3520static struct usb_function_instance *ffs_alloc_inst(void)
3521{
3522 struct f_fs_opts *opts;
3523 struct ffs_dev *dev;
3524
3525 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3526 if (!opts)
3527 return ERR_PTR(-ENOMEM);
3528
3529 opts->func_inst.set_inst_name = ffs_set_inst_name;
3530 opts->func_inst.free_func_inst = ffs_free_inst;
3531 ffs_dev_lock();
3532 dev = _ffs_alloc_dev();
3533 ffs_dev_unlock();
3534 if (IS_ERR(dev)) {
3535 kfree(opts);
3536 return ERR_CAST(dev);
3537 }
3538 opts->dev = dev;
3539 dev->opts = opts;
3540
3541 config_group_init_type_name(&opts->func_inst.group, "",
3542 &ffs_func_type);
3543 return &opts->func_inst;
3544}
3545
3546static void ffs_free(struct usb_function *f)
3547{
3548 kfree(ffs_func_from_usb(f));
3549}
3550
3551static void ffs_func_unbind(struct usb_configuration *c,
3552 struct usb_function *f)
3553{
3554 struct ffs_function *func = ffs_func_from_usb(f);
3555 struct ffs_data *ffs = func->ffs;
3556 struct f_fs_opts *opts =
3557 container_of(f->fi, struct f_fs_opts, func_inst);
3558 struct ffs_ep *ep = func->eps;
3559 unsigned count = ffs->eps_count;
3560 unsigned long flags;
3561
3562 ENTER();
3563 if (ffs->func == func) {
3564 ffs_func_eps_disable(func);
3565 ffs->func = NULL;
3566 }
3567
3568 if (!--opts->refcnt)
3569 functionfs_unbind(ffs);
3570
3571
3572 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3573 while (count--) {
3574 if (ep->ep && ep->req)
3575 usb_ep_free_request(ep->ep, ep->req);
3576 ep->req = NULL;
3577 ++ep;
3578 }
3579 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3580 kfree(func->eps);
3581 func->eps = NULL;
3582
3583
3584
3585
3586 func->function.fs_descriptors = NULL;
3587 func->function.hs_descriptors = NULL;
3588 func->function.ss_descriptors = NULL;
3589 func->interfaces_nums = NULL;
3590
3591 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3592}
3593
3594static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3595{
3596 struct ffs_function *func;
3597
3598 ENTER();
3599
3600 func = kzalloc(sizeof(*func), GFP_KERNEL);
3601 if (unlikely(!func))
3602 return ERR_PTR(-ENOMEM);
3603
3604 func->function.name = "Function FS Gadget";
3605
3606 func->function.bind = ffs_func_bind;
3607 func->function.unbind = ffs_func_unbind;
3608 func->function.set_alt = ffs_func_set_alt;
3609 func->function.disable = ffs_func_disable;
3610 func->function.setup = ffs_func_setup;
3611 func->function.req_match = ffs_func_req_match;
3612 func->function.suspend = ffs_func_suspend;
3613 func->function.resume = ffs_func_resume;
3614 func->function.free_func = ffs_free;
3615
3616 return &func->function;
3617}
3618
3619
3620
3621
3622static struct ffs_dev *_ffs_alloc_dev(void)
3623{
3624 struct ffs_dev *dev;
3625 int ret;
3626
3627 if (_ffs_get_single_dev())
3628 return ERR_PTR(-EBUSY);
3629
3630 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3631 if (!dev)
3632 return ERR_PTR(-ENOMEM);
3633
3634 if (list_empty(&ffs_devices)) {
3635 ret = functionfs_init();
3636 if (ret) {
3637 kfree(dev);
3638 return ERR_PTR(ret);
3639 }
3640 }
3641
3642 list_add(&dev->entry, &ffs_devices);
3643
3644 return dev;
3645}
3646
3647int ffs_name_dev(struct ffs_dev *dev, const char *name)
3648{
3649 struct ffs_dev *existing;
3650 int ret = 0;
3651
3652 ffs_dev_lock();
3653
3654 existing = _ffs_do_find_dev(name);
3655 if (!existing)
3656 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3657 else if (existing != dev)
3658 ret = -EBUSY;
3659
3660 ffs_dev_unlock();
3661
3662 return ret;
3663}
3664EXPORT_SYMBOL_GPL(ffs_name_dev);
3665
3666int ffs_single_dev(struct ffs_dev *dev)
3667{
3668 int ret;
3669
3670 ret = 0;
3671 ffs_dev_lock();
3672
3673 if (!list_is_singular(&ffs_devices))
3674 ret = -EBUSY;
3675 else
3676 dev->single = true;
3677
3678 ffs_dev_unlock();
3679 return ret;
3680}
3681EXPORT_SYMBOL_GPL(ffs_single_dev);
3682
3683
3684
3685
3686static void _ffs_free_dev(struct ffs_dev *dev)
3687{
3688 list_del(&dev->entry);
3689
3690
3691 if (dev->ffs_data)
3692 dev->ffs_data->private_data = NULL;
3693
3694 kfree(dev);
3695 if (list_empty(&ffs_devices))
3696 functionfs_cleanup();
3697}
3698
3699static void *ffs_acquire_dev(const char *dev_name)
3700{
3701 struct ffs_dev *ffs_dev;
3702
3703 ENTER();
3704 ffs_dev_lock();
3705
3706 ffs_dev = _ffs_find_dev(dev_name);
3707 if (!ffs_dev)
3708 ffs_dev = ERR_PTR(-ENOENT);
3709 else if (ffs_dev->mounted)
3710 ffs_dev = ERR_PTR(-EBUSY);
3711 else if (ffs_dev->ffs_acquire_dev_callback &&
3712 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
3713 ffs_dev = ERR_PTR(-ENOENT);
3714 else
3715 ffs_dev->mounted = true;
3716
3717 ffs_dev_unlock();
3718 return ffs_dev;
3719}
3720
3721static void ffs_release_dev(struct ffs_data *ffs_data)
3722{
3723 struct ffs_dev *ffs_dev;
3724
3725 ENTER();
3726 ffs_dev_lock();
3727
3728 ffs_dev = ffs_data->private_data;
3729 if (ffs_dev) {
3730 ffs_dev->mounted = false;
3731
3732 if (ffs_dev->ffs_release_dev_callback)
3733 ffs_dev->ffs_release_dev_callback(ffs_dev);
3734 }
3735
3736 ffs_dev_unlock();
3737}
3738
3739static int ffs_ready(struct ffs_data *ffs)
3740{
3741 struct ffs_dev *ffs_obj;
3742 int ret = 0;
3743
3744 ENTER();
3745 ffs_dev_lock();
3746
3747 ffs_obj = ffs->private_data;
3748 if (!ffs_obj) {
3749 ret = -EINVAL;
3750 goto done;
3751 }
3752 if (WARN_ON(ffs_obj->desc_ready)) {
3753 ret = -EBUSY;
3754 goto done;
3755 }
3756
3757 ffs_obj->desc_ready = true;
3758 ffs_obj->ffs_data = ffs;
3759
3760 if (ffs_obj->ffs_ready_callback) {
3761 ret = ffs_obj->ffs_ready_callback(ffs);
3762 if (ret)
3763 goto done;
3764 }
3765
3766 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3767done:
3768 ffs_dev_unlock();
3769 return ret;
3770}
3771
3772static void ffs_closed(struct ffs_data *ffs)
3773{
3774 struct ffs_dev *ffs_obj;
3775 struct f_fs_opts *opts;
3776 struct config_item *ci;
3777
3778 ENTER();
3779 ffs_dev_lock();
3780
3781 ffs_obj = ffs->private_data;
3782 if (!ffs_obj)
3783 goto done;
3784
3785 ffs_obj->desc_ready = false;
3786 ffs_obj->ffs_data = NULL;
3787
3788 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3789 ffs_obj->ffs_closed_callback)
3790 ffs_obj->ffs_closed_callback(ffs);
3791
3792 if (ffs_obj->opts)
3793 opts = ffs_obj->opts;
3794 else
3795 goto done;
3796
3797 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3798 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
3799 goto done;
3800
3801 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3802 ffs_dev_unlock();
3803
3804 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3805 unregister_gadget_item(ci);
3806 return;
3807done:
3808 ffs_dev_unlock();
3809}
3810
3811
3812
3813static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3814{
3815 return nonblock
3816 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3817 : mutex_lock_interruptible(mutex);
3818}
3819
3820static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3821{
3822 char *data;
3823
3824 if (unlikely(!len))
3825 return NULL;
3826
3827 data = kmalloc(len, GFP_KERNEL);
3828 if (unlikely(!data))
3829 return ERR_PTR(-ENOMEM);
3830
3831 if (unlikely(copy_from_user(data, buf, len))) {
3832 kfree(data);
3833 return ERR_PTR(-EFAULT);
3834 }
3835
3836 pr_vdebug("Buffer from user space:\n");
3837 ffs_dump_mem("", data, len);
3838
3839 return data;
3840}
3841
3842DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3843MODULE_LICENSE("GPL");
3844MODULE_AUTHOR("Michal Nazarewicz");
3845
