1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/blkdev.h>
18#include <linux/pagemap.h>
19#include <linux/export.h>
20#include <linux/fs_parser.h>
21#include <linux/hid.h>
22#include <linux/mm.h>
23#include <linux/module.h>
24#include <linux/scatterlist.h>
25#include <linux/sched/signal.h>
26#include <linux/uio.h>
27#include <linux/vmalloc.h>
28#include <asm/unaligned.h>
29
30#include <linux/usb/ccid.h>
31#include <linux/usb/composite.h>
32#include <linux/usb/functionfs.h>
33
34#include <linux/aio.h>
35#include <linux/mmu_context.h>
36#include <linux/poll.h>
37#include <linux/eventfd.h>
38
39#include "u_fs.h"
40#include "u_f.h"
41#include "u_os_desc.h"
42#include "configfs.h"
43
44#define FUNCTIONFS_MAGIC 0xa647361
45
46
47static void ffs_data_get(struct ffs_data *ffs);
48static void ffs_data_put(struct ffs_data *ffs);
49
50static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
51 __attribute__((malloc));
52
53
54static void ffs_data_opened(struct ffs_data *ffs);
55static void ffs_data_closed(struct ffs_data *ffs);
56
57
58static int __must_check
59__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
60static int __must_check
61__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
62
63
64
65
66struct ffs_ep;
67
68struct ffs_function {
69 struct usb_configuration *conf;
70 struct usb_gadget *gadget;
71 struct ffs_data *ffs;
72
73 struct ffs_ep *eps;
74 u8 eps_revmap[16];
75 short *interfaces_nums;
76
77 struct usb_function function;
78};
79
80
81static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
82{
83 return container_of(f, struct ffs_function, function);
84}
85
86
87static inline enum ffs_setup_state
88ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
89{
90 return (enum ffs_setup_state)
91 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
92}
93
94
95static void ffs_func_eps_disable(struct ffs_function *func);
96static int __must_check ffs_func_eps_enable(struct ffs_function *func);
97
98static int ffs_func_bind(struct usb_configuration *,
99 struct usb_function *);
100static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
101static void ffs_func_disable(struct usb_function *);
102static int ffs_func_setup(struct usb_function *,
103 const struct usb_ctrlrequest *);
104static bool ffs_func_req_match(struct usb_function *,
105 const struct usb_ctrlrequest *,
106 bool config0);
107static void ffs_func_suspend(struct usb_function *);
108static void ffs_func_resume(struct usb_function *);
109
110
111static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
112static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
113
114
115
116
117struct ffs_ep {
118 struct usb_ep *ep;
119 struct usb_request *req;
120
121
122 struct usb_endpoint_descriptor *descs[3];
123
124 u8 num;
125
126 int status;
127};
128
129struct ffs_epfile {
130
131 struct mutex mutex;
132
133 struct ffs_data *ffs;
134 struct ffs_ep *ep;
135
136 struct dentry *dentry;
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193 struct ffs_buffer *read_buffer;
194#define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
195
196 char name[5];
197
198 unsigned char in;
199 unsigned char isoc;
200
201 unsigned char _pad;
202};
203
204struct ffs_buffer {
205 size_t length;
206 char *data;
207 char storage[];
208};
209
210
211
212struct ffs_io_data {
213 bool aio;
214 bool read;
215
216 struct kiocb *kiocb;
217 struct iov_iter data;
218 const void *to_free;
219 char *buf;
220
221 struct mm_struct *mm;
222 struct work_struct work;
223
224 struct usb_ep *ep;
225 struct usb_request *req;
226 struct sg_table sgt;
227 bool use_sg;
228
229 struct ffs_data *ffs;
230};
231
232struct ffs_desc_helper {
233 struct ffs_data *ffs;
234 unsigned interfaces_count;
235 unsigned eps_count;
236};
237
238static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
239static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
240
241static struct dentry *
242ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
243 const struct file_operations *fops);
244
245
246
247DEFINE_MUTEX(ffs_lock);
248EXPORT_SYMBOL_GPL(ffs_lock);
249
250static struct ffs_dev *_ffs_find_dev(const char *name);
251static struct ffs_dev *_ffs_alloc_dev(void);
252static void _ffs_free_dev(struct ffs_dev *dev);
253static void *ffs_acquire_dev(const char *dev_name);
254static void ffs_release_dev(struct ffs_data *ffs_data);
255static int ffs_ready(struct ffs_data *ffs);
256static void ffs_closed(struct ffs_data *ffs);
257
258
259
260static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
261 __attribute__((warn_unused_result, nonnull));
262static char *ffs_prepare_buffer(const char __user *buf, size_t len)
263 __attribute__((warn_unused_result, nonnull));
264
265
266
267
268static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
269{
270 struct ffs_data *ffs = req->context;
271
272 complete(&ffs->ep0req_completion);
273}
274
275static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
276 __releases(&ffs->ev.waitq.lock)
277{
278 struct usb_request *req = ffs->ep0req;
279 int ret;
280
281 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
282
283 spin_unlock_irq(&ffs->ev.waitq.lock);
284
285 req->buf = data;
286 req->length = len;
287
288
289
290
291
292
293 if (req->buf == NULL)
294 req->buf = (void *)0xDEADBABE;
295
296 reinit_completion(&ffs->ep0req_completion);
297
298 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
299 if (unlikely(ret < 0))
300 return ret;
301
302 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
303 if (unlikely(ret)) {
304 usb_ep_dequeue(ffs->gadget->ep0, req);
305 return -EINTR;
306 }
307
308 ffs->setup_state = FFS_NO_SETUP;
309 return req->status ? req->status : req->actual;
310}
311
312static int __ffs_ep0_stall(struct ffs_data *ffs)
313{
314 if (ffs->ev.can_stall) {
315 pr_vdebug("ep0 stall\n");
316 usb_ep_set_halt(ffs->gadget->ep0);
317 ffs->setup_state = FFS_NO_SETUP;
318 return -EL2HLT;
319 } else {
320 pr_debug("bogus ep0 stall!\n");
321 return -ESRCH;
322 }
323}
324
325static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
326 size_t len, loff_t *ptr)
327{
328 struct ffs_data *ffs = file->private_data;
329 ssize_t ret;
330 char *data;
331
332 ENTER();
333
334
335 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
336 return -EIDRM;
337
338
339 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
340 if (unlikely(ret < 0))
341 return ret;
342
343
344 switch (ffs->state) {
345 case FFS_READ_DESCRIPTORS:
346 case FFS_READ_STRINGS:
347
348 if (unlikely(len < 16)) {
349 ret = -EINVAL;
350 break;
351 }
352
353 data = ffs_prepare_buffer(buf, len);
354 if (IS_ERR(data)) {
355 ret = PTR_ERR(data);
356 break;
357 }
358
359
360 if (ffs->state == FFS_READ_DESCRIPTORS) {
361 pr_info("read descriptors\n");
362 ret = __ffs_data_got_descs(ffs, data, len);
363 if (unlikely(ret < 0))
364 break;
365
366 ffs->state = FFS_READ_STRINGS;
367 ret = len;
368 } else {
369 pr_info("read strings\n");
370 ret = __ffs_data_got_strings(ffs, data, len);
371 if (unlikely(ret < 0))
372 break;
373
374 ret = ffs_epfiles_create(ffs);
375 if (unlikely(ret)) {
376 ffs->state = FFS_CLOSING;
377 break;
378 }
379
380 ffs->state = FFS_ACTIVE;
381 mutex_unlock(&ffs->mutex);
382
383 ret = ffs_ready(ffs);
384 if (unlikely(ret < 0)) {
385 ffs->state = FFS_CLOSING;
386 return ret;
387 }
388
389 return len;
390 }
391 break;
392
393 case FFS_ACTIVE:
394 data = NULL;
395
396
397
398
399 spin_lock_irq(&ffs->ev.waitq.lock);
400 switch (ffs_setup_state_clear_cancelled(ffs)) {
401 case FFS_SETUP_CANCELLED:
402 ret = -EIDRM;
403 goto done_spin;
404
405 case FFS_NO_SETUP:
406 ret = -ESRCH;
407 goto done_spin;
408
409 case FFS_SETUP_PENDING:
410 break;
411 }
412
413
414 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
415 spin_unlock_irq(&ffs->ev.waitq.lock);
416 ret = __ffs_ep0_stall(ffs);
417 break;
418 }
419
420
421 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
422
423 spin_unlock_irq(&ffs->ev.waitq.lock);
424
425 data = ffs_prepare_buffer(buf, len);
426 if (IS_ERR(data)) {
427 ret = PTR_ERR(data);
428 break;
429 }
430
431 spin_lock_irq(&ffs->ev.waitq.lock);
432
433
434
435
436
437
438
439
440
441
442
443
444
445 if (ffs_setup_state_clear_cancelled(ffs) ==
446 FFS_SETUP_CANCELLED) {
447 ret = -EIDRM;
448done_spin:
449 spin_unlock_irq(&ffs->ev.waitq.lock);
450 } else {
451
452 ret = __ffs_ep0_queue_wait(ffs, data, len);
453 }
454 kfree(data);
455 break;
456
457 default:
458 ret = -EBADFD;
459 break;
460 }
461
462 mutex_unlock(&ffs->mutex);
463 return ret;
464}
465
466
467static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
468 size_t n)
469 __releases(&ffs->ev.waitq.lock)
470{
471
472
473
474
475
476 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
477 const size_t size = n * sizeof *events;
478 unsigned i = 0;
479
480 memset(events, 0, size);
481
482 do {
483 events[i].type = ffs->ev.types[i];
484 if (events[i].type == FUNCTIONFS_SETUP) {
485 events[i].u.setup = ffs->ev.setup;
486 ffs->setup_state = FFS_SETUP_PENDING;
487 }
488 } while (++i < n);
489
490 ffs->ev.count -= n;
491 if (ffs->ev.count)
492 memmove(ffs->ev.types, ffs->ev.types + n,
493 ffs->ev.count * sizeof *ffs->ev.types);
494
495 spin_unlock_irq(&ffs->ev.waitq.lock);
496 mutex_unlock(&ffs->mutex);
497
498 return unlikely(copy_to_user(buf, events, size)) ? -EFAULT : size;
499}
500
501static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
502 size_t len, loff_t *ptr)
503{
504 struct ffs_data *ffs = file->private_data;
505 char *data = NULL;
506 size_t n;
507 int ret;
508
509 ENTER();
510
511
512 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
513 return -EIDRM;
514
515
516 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
517 if (unlikely(ret < 0))
518 return ret;
519
520
521 if (ffs->state != FFS_ACTIVE) {
522 ret = -EBADFD;
523 goto done_mutex;
524 }
525
526
527
528
529
530 spin_lock_irq(&ffs->ev.waitq.lock);
531
532 switch (ffs_setup_state_clear_cancelled(ffs)) {
533 case FFS_SETUP_CANCELLED:
534 ret = -EIDRM;
535 break;
536
537 case FFS_NO_SETUP:
538 n = len / sizeof(struct usb_functionfs_event);
539 if (unlikely(!n)) {
540 ret = -EINVAL;
541 break;
542 }
543
544 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
545 ret = -EAGAIN;
546 break;
547 }
548
549 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
550 ffs->ev.count)) {
551 ret = -EINTR;
552 break;
553 }
554
555
556 return __ffs_ep0_read_events(ffs, buf,
557 min(n, (size_t)ffs->ev.count));
558
559 case FFS_SETUP_PENDING:
560 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
561 spin_unlock_irq(&ffs->ev.waitq.lock);
562 ret = __ffs_ep0_stall(ffs);
563 goto done_mutex;
564 }
565
566 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
567
568 spin_unlock_irq(&ffs->ev.waitq.lock);
569
570 if (likely(len)) {
571 data = kmalloc(len, GFP_KERNEL);
572 if (unlikely(!data)) {
573 ret = -ENOMEM;
574 goto done_mutex;
575 }
576 }
577
578 spin_lock_irq(&ffs->ev.waitq.lock);
579
580
581 if (ffs_setup_state_clear_cancelled(ffs) ==
582 FFS_SETUP_CANCELLED) {
583 ret = -EIDRM;
584 break;
585 }
586
587
588 ret = __ffs_ep0_queue_wait(ffs, data, len);
589 if (likely(ret > 0) && unlikely(copy_to_user(buf, data, len)))
590 ret = -EFAULT;
591 goto done_mutex;
592
593 default:
594 ret = -EBADFD;
595 break;
596 }
597
598 spin_unlock_irq(&ffs->ev.waitq.lock);
599done_mutex:
600 mutex_unlock(&ffs->mutex);
601 kfree(data);
602 return ret;
603}
604
605static int ffs_ep0_open(struct inode *inode, struct file *file)
606{
607 struct ffs_data *ffs = inode->i_private;
608
609 ENTER();
610
611 if (unlikely(ffs->state == FFS_CLOSING))
612 return -EBUSY;
613
614 file->private_data = ffs;
615 ffs_data_opened(ffs);
616
617 return 0;
618}
619
620static int ffs_ep0_release(struct inode *inode, struct file *file)
621{
622 struct ffs_data *ffs = file->private_data;
623
624 ENTER();
625
626 ffs_data_closed(ffs);
627
628 return 0;
629}
630
631static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
632{
633 struct ffs_data *ffs = file->private_data;
634 struct usb_gadget *gadget = ffs->gadget;
635 long ret;
636
637 ENTER();
638
639 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
640 struct ffs_function *func = ffs->func;
641 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
642 } else if (gadget && gadget->ops->ioctl) {
643 ret = gadget->ops->ioctl(gadget, code, value);
644 } else {
645 ret = -ENOTTY;
646 }
647
648 return ret;
649}
650
651static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
652{
653 struct ffs_data *ffs = file->private_data;
654 __poll_t mask = EPOLLWRNORM;
655 int ret;
656
657 poll_wait(file, &ffs->ev.waitq, wait);
658
659 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
660 if (unlikely(ret < 0))
661 return mask;
662
663 switch (ffs->state) {
664 case FFS_READ_DESCRIPTORS:
665 case FFS_READ_STRINGS:
666 mask |= EPOLLOUT;
667 break;
668
669 case FFS_ACTIVE:
670 switch (ffs->setup_state) {
671 case FFS_NO_SETUP:
672 if (ffs->ev.count)
673 mask |= EPOLLIN;
674 break;
675
676 case FFS_SETUP_PENDING:
677 case FFS_SETUP_CANCELLED:
678 mask |= (EPOLLIN | EPOLLOUT);
679 break;
680 }
681 case FFS_CLOSING:
682 break;
683 case FFS_DEACTIVATED:
684 break;
685 }
686
687 mutex_unlock(&ffs->mutex);
688
689 return mask;
690}
691
692static const struct file_operations ffs_ep0_operations = {
693 .llseek = no_llseek,
694
695 .open = ffs_ep0_open,
696 .write = ffs_ep0_write,
697 .read = ffs_ep0_read,
698 .release = ffs_ep0_release,
699 .unlocked_ioctl = ffs_ep0_ioctl,
700 .poll = ffs_ep0_poll,
701};
702
703
704
705
706static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
707{
708 ENTER();
709 if (likely(req->context)) {
710 struct ffs_ep *ep = _ep->driver_data;
711 ep->status = req->status ? req->status : req->actual;
712 complete(req->context);
713 }
714}
715
716static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
717{
718 ssize_t ret = copy_to_iter(data, data_len, iter);
719 if (likely(ret == data_len))
720 return ret;
721
722 if (unlikely(iov_iter_count(iter)))
723 return -EFAULT;
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
753 "Align read buffer size to max packet size to avoid the problem.\n",
754 data_len, ret);
755
756 return ret;
757}
758
759
760
761
762
763
764static void *ffs_build_sg_list(struct sg_table *sgt, size_t sz)
765{
766 struct page **pages;
767 void *vaddr, *ptr;
768 unsigned int n_pages;
769 int i;
770
771 vaddr = vmalloc(sz);
772 if (!vaddr)
773 return NULL;
774
775 n_pages = PAGE_ALIGN(sz) >> PAGE_SHIFT;
776 pages = kvmalloc_array(n_pages, sizeof(struct page *), GFP_KERNEL);
777 if (!pages) {
778 vfree(vaddr);
779
780 return NULL;
781 }
782 for (i = 0, ptr = vaddr; i < n_pages; ++i, ptr += PAGE_SIZE)
783 pages[i] = vmalloc_to_page(ptr);
784
785 if (sg_alloc_table_from_pages(sgt, pages, n_pages, 0, sz, GFP_KERNEL)) {
786 kvfree(pages);
787 vfree(vaddr);
788
789 return NULL;
790 }
791 kvfree(pages);
792
793 return vaddr;
794}
795
796static inline void *ffs_alloc_buffer(struct ffs_io_data *io_data,
797 size_t data_len)
798{
799 if (io_data->use_sg)
800 return ffs_build_sg_list(&io_data->sgt, data_len);
801
802 return kmalloc(data_len, GFP_KERNEL);
803}
804
805static inline void ffs_free_buffer(struct ffs_io_data *io_data)
806{
807 if (!io_data->buf)
808 return;
809
810 if (io_data->use_sg) {
811 sg_free_table(&io_data->sgt);
812 vfree(io_data->buf);
813 } else {
814 kfree(io_data->buf);
815 }
816}
817
818static void ffs_user_copy_worker(struct work_struct *work)
819{
820 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
821 work);
822 int ret = io_data->req->status ? io_data->req->status :
823 io_data->req->actual;
824 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
825
826 if (io_data->read && ret > 0) {
827 mm_segment_t oldfs = get_fs();
828
829 set_fs(USER_DS);
830 use_mm(io_data->mm);
831 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
832 unuse_mm(io_data->mm);
833 set_fs(oldfs);
834 }
835
836 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
837
838 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
839 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
840
841 usb_ep_free_request(io_data->ep, io_data->req);
842
843 if (io_data->read)
844 kfree(io_data->to_free);
845 ffs_free_buffer(io_data);
846 kfree(io_data);
847}
848
849static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
850 struct usb_request *req)
851{
852 struct ffs_io_data *io_data = req->context;
853 struct ffs_data *ffs = io_data->ffs;
854
855 ENTER();
856
857 INIT_WORK(&io_data->work, ffs_user_copy_worker);
858 queue_work(ffs->io_completion_wq, &io_data->work);
859}
860
861static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
862{
863
864
865
866
867 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
868 if (buf && buf != READ_BUFFER_DROP)
869 kfree(buf);
870}
871
872
873static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
874 struct iov_iter *iter)
875{
876
877
878
879
880
881 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
882 ssize_t ret;
883 if (!buf || buf == READ_BUFFER_DROP)
884 return 0;
885
886 ret = copy_to_iter(buf->data, buf->length, iter);
887 if (buf->length == ret) {
888 kfree(buf);
889 return ret;
890 }
891
892 if (unlikely(iov_iter_count(iter))) {
893 ret = -EFAULT;
894 } else {
895 buf->length -= ret;
896 buf->data += ret;
897 }
898
899 if (cmpxchg(&epfile->read_buffer, NULL, buf))
900 kfree(buf);
901
902 return ret;
903}
904
905
906static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
907 void *data, int data_len,
908 struct iov_iter *iter)
909{
910 struct ffs_buffer *buf;
911
912 ssize_t ret = copy_to_iter(data, data_len, iter);
913 if (likely(data_len == ret))
914 return ret;
915
916 if (unlikely(iov_iter_count(iter)))
917 return -EFAULT;
918
919
920 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
921 data_len, ret);
922
923 data_len -= ret;
924 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
925 if (!buf)
926 return -ENOMEM;
927 buf->length = data_len;
928 buf->data = buf->storage;
929 memcpy(buf->storage, data + ret, data_len);
930
931
932
933
934
935
936
937 if (unlikely(cmpxchg(&epfile->read_buffer, NULL, buf)))
938 kfree(buf);
939
940 return ret;
941}
942
943static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
944{
945 struct ffs_epfile *epfile = file->private_data;
946 struct usb_request *req;
947 struct ffs_ep *ep;
948 char *data = NULL;
949 ssize_t ret, data_len = -EINVAL;
950 int halt;
951
952
953 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
954 return -ENODEV;
955
956
957 ep = epfile->ep;
958 if (!ep) {
959 if (file->f_flags & O_NONBLOCK)
960 return -EAGAIN;
961
962 ret = wait_event_interruptible(
963 epfile->ffs->wait, (ep = epfile->ep));
964 if (ret)
965 return -EINTR;
966 }
967
968
969 halt = (!io_data->read == !epfile->in);
970 if (halt && epfile->isoc)
971 return -EINVAL;
972
973
974 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
975 if (unlikely(ret))
976 goto error;
977
978
979 if (!halt) {
980 struct usb_gadget *gadget;
981
982
983
984
985
986
987
988
989 if (!io_data->aio && io_data->read) {
990 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
991 if (ret)
992 goto error_mutex;
993 }
994
995
996
997
998
999
1000 gadget = epfile->ffs->gadget;
1001
1002 spin_lock_irq(&epfile->ffs->eps_lock);
1003
1004 if (epfile->ep != ep) {
1005 ret = -ESHUTDOWN;
1006 goto error_lock;
1007 }
1008 data_len = iov_iter_count(&io_data->data);
1009
1010
1011
1012
1013 if (io_data->read)
1014 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
1015
1016 io_data->use_sg = gadget->sg_supported && data_len > PAGE_SIZE;
1017 spin_unlock_irq(&epfile->ffs->eps_lock);
1018
1019 data = ffs_alloc_buffer(io_data, data_len);
1020 if (unlikely(!data)) {
1021 ret = -ENOMEM;
1022 goto error_mutex;
1023 }
1024 if (!io_data->read &&
1025 !copy_from_iter_full(data, data_len, &io_data->data)) {
1026 ret = -EFAULT;
1027 goto error_mutex;
1028 }
1029 }
1030
1031 spin_lock_irq(&epfile->ffs->eps_lock);
1032
1033 if (epfile->ep != ep) {
1034
1035 ret = -ESHUTDOWN;
1036 } else if (halt) {
1037 ret = usb_ep_set_halt(ep->ep);
1038 if (!ret)
1039 ret = -EBADMSG;
1040 } else if (unlikely(data_len == -EINVAL)) {
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052 WARN(1, "%s: data_len == -EINVAL\n", __func__);
1053 ret = -EINVAL;
1054 } else if (!io_data->aio) {
1055 DECLARE_COMPLETION_ONSTACK(done);
1056 bool interrupted = false;
1057
1058 req = ep->req;
1059 if (io_data->use_sg) {
1060 req->buf = NULL;
1061 req->sg = io_data->sgt.sgl;
1062 req->num_sgs = io_data->sgt.nents;
1063 } else {
1064 req->buf = data;
1065 req->num_sgs = 0;
1066 }
1067 req->length = data_len;
1068
1069 io_data->buf = data;
1070
1071 req->context = &done;
1072 req->complete = ffs_epfile_io_complete;
1073
1074 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1075 if (unlikely(ret < 0))
1076 goto error_lock;
1077
1078 spin_unlock_irq(&epfile->ffs->eps_lock);
1079
1080 if (unlikely(wait_for_completion_interruptible(&done))) {
1081
1082
1083
1084
1085
1086
1087 usb_ep_dequeue(ep->ep, req);
1088 wait_for_completion(&done);
1089 interrupted = ep->status < 0;
1090 }
1091
1092 if (interrupted)
1093 ret = -EINTR;
1094 else if (io_data->read && ep->status > 0)
1095 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1096 &io_data->data);
1097 else
1098 ret = ep->status;
1099 goto error_mutex;
1100 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
1101 ret = -ENOMEM;
1102 } else {
1103 if (io_data->use_sg) {
1104 req->buf = NULL;
1105 req->sg = io_data->sgt.sgl;
1106 req->num_sgs = io_data->sgt.nents;
1107 } else {
1108 req->buf = data;
1109 req->num_sgs = 0;
1110 }
1111 req->length = data_len;
1112
1113 io_data->buf = data;
1114 io_data->ep = ep->ep;
1115 io_data->req = req;
1116 io_data->ffs = epfile->ffs;
1117
1118 req->context = io_data;
1119 req->complete = ffs_epfile_async_io_complete;
1120
1121 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1122 if (unlikely(ret)) {
1123 usb_ep_free_request(ep->ep, req);
1124 goto error_lock;
1125 }
1126
1127 ret = -EIOCBQUEUED;
1128
1129
1130
1131
1132 data = NULL;
1133 }
1134
1135error_lock:
1136 spin_unlock_irq(&epfile->ffs->eps_lock);
1137error_mutex:
1138 mutex_unlock(&epfile->mutex);
1139error:
1140 if (ret != -EIOCBQUEUED)
1141 ffs_free_buffer(io_data);
1142 return ret;
1143}
1144
1145static int
1146ffs_epfile_open(struct inode *inode, struct file *file)
1147{
1148 struct ffs_epfile *epfile = inode->i_private;
1149
1150 ENTER();
1151
1152 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1153 return -ENODEV;
1154
1155 file->private_data = epfile;
1156 ffs_data_opened(epfile->ffs);
1157
1158 return 0;
1159}
1160
1161static int ffs_aio_cancel(struct kiocb *kiocb)
1162{
1163 struct ffs_io_data *io_data = kiocb->private;
1164 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1165 unsigned long flags;
1166 int value;
1167
1168 ENTER();
1169
1170 spin_lock_irqsave(&epfile->ffs->eps_lock, flags);
1171
1172 if (likely(io_data && io_data->ep && io_data->req))
1173 value = usb_ep_dequeue(io_data->ep, io_data->req);
1174 else
1175 value = -EINVAL;
1176
1177 spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags);
1178
1179 return value;
1180}
1181
1182static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
1183{
1184 struct ffs_io_data io_data, *p = &io_data;
1185 ssize_t res;
1186
1187 ENTER();
1188
1189 if (!is_sync_kiocb(kiocb)) {
1190 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1191 if (unlikely(!p))
1192 return -ENOMEM;
1193 p->aio = true;
1194 } else {
1195 memset(p, 0, sizeof(*p));
1196 p->aio = false;
1197 }
1198
1199 p->read = false;
1200 p->kiocb = kiocb;
1201 p->data = *from;
1202 p->mm = current->mm;
1203
1204 kiocb->private = p;
1205
1206 if (p->aio)
1207 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1208
1209 res = ffs_epfile_io(kiocb->ki_filp, p);
1210 if (res == -EIOCBQUEUED)
1211 return res;
1212 if (p->aio)
1213 kfree(p);
1214 else
1215 *from = p->data;
1216 return res;
1217}
1218
1219static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
1220{
1221 struct ffs_io_data io_data, *p = &io_data;
1222 ssize_t res;
1223
1224 ENTER();
1225
1226 if (!is_sync_kiocb(kiocb)) {
1227 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1228 if (unlikely(!p))
1229 return -ENOMEM;
1230 p->aio = true;
1231 } else {
1232 memset(p, 0, sizeof(*p));
1233 p->aio = false;
1234 }
1235
1236 p->read = true;
1237 p->kiocb = kiocb;
1238 if (p->aio) {
1239 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1240 if (!p->to_free) {
1241 kfree(p);
1242 return -ENOMEM;
1243 }
1244 } else {
1245 p->data = *to;
1246 p->to_free = NULL;
1247 }
1248 p->mm = current->mm;
1249
1250 kiocb->private = p;
1251
1252 if (p->aio)
1253 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1254
1255 res = ffs_epfile_io(kiocb->ki_filp, p);
1256 if (res == -EIOCBQUEUED)
1257 return res;
1258
1259 if (p->aio) {
1260 kfree(p->to_free);
1261 kfree(p);
1262 } else {
1263 *to = p->data;
1264 }
1265 return res;
1266}
1267
1268static int
1269ffs_epfile_release(struct inode *inode, struct file *file)
1270{
1271 struct ffs_epfile *epfile = inode->i_private;
1272
1273 ENTER();
1274
1275 __ffs_epfile_read_buffer_free(epfile);
1276 ffs_data_closed(epfile->ffs);
1277
1278 return 0;
1279}
1280
1281static long ffs_epfile_ioctl(struct file *file, unsigned code,
1282 unsigned long value)
1283{
1284 struct ffs_epfile *epfile = file->private_data;
1285 struct ffs_ep *ep;
1286 int ret;
1287
1288 ENTER();
1289
1290 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1291 return -ENODEV;
1292
1293
1294 ep = epfile->ep;
1295 if (!ep) {
1296 if (file->f_flags & O_NONBLOCK)
1297 return -EAGAIN;
1298
1299 ret = wait_event_interruptible(
1300 epfile->ffs->wait, (ep = epfile->ep));
1301 if (ret)
1302 return -EINTR;
1303 }
1304
1305 spin_lock_irq(&epfile->ffs->eps_lock);
1306
1307
1308 if (epfile->ep != ep) {
1309 spin_unlock_irq(&epfile->ffs->eps_lock);
1310 return -ESHUTDOWN;
1311 }
1312
1313 switch (code) {
1314 case FUNCTIONFS_FIFO_STATUS:
1315 ret = usb_ep_fifo_status(epfile->ep->ep);
1316 break;
1317 case FUNCTIONFS_FIFO_FLUSH:
1318 usb_ep_fifo_flush(epfile->ep->ep);
1319 ret = 0;
1320 break;
1321 case FUNCTIONFS_CLEAR_HALT:
1322 ret = usb_ep_clear_halt(epfile->ep->ep);
1323 break;
1324 case FUNCTIONFS_ENDPOINT_REVMAP:
1325 ret = epfile->ep->num;
1326 break;
1327 case FUNCTIONFS_ENDPOINT_DESC:
1328 {
1329 int desc_idx;
1330 struct usb_endpoint_descriptor *desc;
1331
1332 switch (epfile->ffs->gadget->speed) {
1333 case USB_SPEED_SUPER:
1334 desc_idx = 2;
1335 break;
1336 case USB_SPEED_HIGH:
1337 desc_idx = 1;
1338 break;
1339 default:
1340 desc_idx = 0;
1341 }
1342 desc = epfile->ep->descs[desc_idx];
1343
1344 spin_unlock_irq(&epfile->ffs->eps_lock);
1345 ret = copy_to_user((void __user *)value, desc, desc->bLength);
1346 if (ret)
1347 ret = -EFAULT;
1348 return ret;
1349 }
1350 default:
1351 ret = -ENOTTY;
1352 }
1353 spin_unlock_irq(&epfile->ffs->eps_lock);
1354
1355 return ret;
1356}
1357
1358static const struct file_operations ffs_epfile_operations = {
1359 .llseek = no_llseek,
1360
1361 .open = ffs_epfile_open,
1362 .write_iter = ffs_epfile_write_iter,
1363 .read_iter = ffs_epfile_read_iter,
1364 .release = ffs_epfile_release,
1365 .unlocked_ioctl = ffs_epfile_ioctl,
1366 .compat_ioctl = compat_ptr_ioctl,
1367};
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377static struct inode *__must_check
1378ffs_sb_make_inode(struct super_block *sb, void *data,
1379 const struct file_operations *fops,
1380 const struct inode_operations *iops,
1381 struct ffs_file_perms *perms)
1382{
1383 struct inode *inode;
1384
1385 ENTER();
1386
1387 inode = new_inode(sb);
1388
1389 if (likely(inode)) {
1390 struct timespec64 ts = current_time(inode);
1391
1392 inode->i_ino = get_next_ino();
1393 inode->i_mode = perms->mode;
1394 inode->i_uid = perms->uid;
1395 inode->i_gid = perms->gid;
1396 inode->i_atime = ts;
1397 inode->i_mtime = ts;
1398 inode->i_ctime = ts;
1399 inode->i_private = data;
1400 if (fops)
1401 inode->i_fop = fops;
1402 if (iops)
1403 inode->i_op = iops;
1404 }
1405
1406 return inode;
1407}
1408
1409
1410static struct dentry *ffs_sb_create_file(struct super_block *sb,
1411 const char *name, void *data,
1412 const struct file_operations *fops)
1413{
1414 struct ffs_data *ffs = sb->s_fs_info;
1415 struct dentry *dentry;
1416 struct inode *inode;
1417
1418 ENTER();
1419
1420 dentry = d_alloc_name(sb->s_root, name);
1421 if (unlikely(!dentry))
1422 return NULL;
1423
1424 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1425 if (unlikely(!inode)) {
1426 dput(dentry);
1427 return NULL;
1428 }
1429
1430 d_add(dentry, inode);
1431 return dentry;
1432}
1433
1434
1435static const struct super_operations ffs_sb_operations = {
1436 .statfs = simple_statfs,
1437 .drop_inode = generic_delete_inode,
1438};
1439
1440struct ffs_sb_fill_data {
1441 struct ffs_file_perms perms;
1442 umode_t root_mode;
1443 const char *dev_name;
1444 bool no_disconnect;
1445 struct ffs_data *ffs_data;
1446};
1447
1448static int ffs_sb_fill(struct super_block *sb, struct fs_context *fc)
1449{
1450 struct ffs_sb_fill_data *data = fc->fs_private;
1451 struct inode *inode;
1452 struct ffs_data *ffs = data->ffs_data;
1453
1454 ENTER();
1455
1456 ffs->sb = sb;
1457 data->ffs_data = NULL;
1458 sb->s_fs_info = ffs;
1459 sb->s_blocksize = PAGE_SIZE;
1460 sb->s_blocksize_bits = PAGE_SHIFT;
1461 sb->s_magic = FUNCTIONFS_MAGIC;
1462 sb->s_op = &ffs_sb_operations;
1463 sb->s_time_gran = 1;
1464
1465
1466 data->perms.mode = data->root_mode;
1467 inode = ffs_sb_make_inode(sb, NULL,
1468 &simple_dir_operations,
1469 &simple_dir_inode_operations,
1470 &data->perms);
1471 sb->s_root = d_make_root(inode);
1472 if (unlikely(!sb->s_root))
1473 return -ENOMEM;
1474
1475
1476 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1477 &ffs_ep0_operations)))
1478 return -ENOMEM;
1479
1480 return 0;
1481}
1482
1483enum {
1484 Opt_no_disconnect,
1485 Opt_rmode,
1486 Opt_fmode,
1487 Opt_mode,
1488 Opt_uid,
1489 Opt_gid,
1490};
1491
1492static const struct fs_parameter_spec ffs_fs_fs_parameters[] = {
1493 fsparam_bool ("no_disconnect", Opt_no_disconnect),
1494 fsparam_u32 ("rmode", Opt_rmode),
1495 fsparam_u32 ("fmode", Opt_fmode),
1496 fsparam_u32 ("mode", Opt_mode),
1497 fsparam_u32 ("uid", Opt_uid),
1498 fsparam_u32 ("gid", Opt_gid),
1499 {}
1500};
1501
1502static int ffs_fs_parse_param(struct fs_context *fc, struct fs_parameter *param)
1503{
1504 struct ffs_sb_fill_data *data = fc->fs_private;
1505 struct fs_parse_result result;
1506 int opt;
1507
1508 ENTER();
1509
1510 opt = fs_parse(fc, ffs_fs_fs_parameters, param, &result);
1511 if (opt < 0)
1512 return opt;
1513
1514 switch (opt) {
1515 case Opt_no_disconnect:
1516 data->no_disconnect = result.boolean;
1517 break;
1518 case Opt_rmode:
1519 data->root_mode = (result.uint_32 & 0555) | S_IFDIR;
1520 break;
1521 case Opt_fmode:
1522 data->perms.mode = (result.uint_32 & 0666) | S_IFREG;
1523 break;
1524 case Opt_mode:
1525 data->root_mode = (result.uint_32 & 0555) | S_IFDIR;
1526 data->perms.mode = (result.uint_32 & 0666) | S_IFREG;
1527 break;
1528
1529 case Opt_uid:
1530 data->perms.uid = make_kuid(current_user_ns(), result.uint_32);
1531 if (!uid_valid(data->perms.uid))
1532 goto unmapped_value;
1533 break;
1534 case Opt_gid:
1535 data->perms.gid = make_kgid(current_user_ns(), result.uint_32);
1536 if (!gid_valid(data->perms.gid))
1537 goto unmapped_value;
1538 break;
1539
1540 default:
1541 return -ENOPARAM;
1542 }
1543
1544 return 0;
1545
1546unmapped_value:
1547 return invalf(fc, "%s: unmapped value: %u", param->key, result.uint_32);
1548}
1549
1550
1551
1552
1553static int ffs_fs_get_tree(struct fs_context *fc)
1554{
1555 struct ffs_sb_fill_data *ctx = fc->fs_private;
1556 void *ffs_dev;
1557 struct ffs_data *ffs;
1558
1559 ENTER();
1560
1561 if (!fc->source)
1562 return invalf(fc, "No source specified");
1563
1564 ffs = ffs_data_new(fc->source);
1565 if (unlikely(!ffs))
1566 return -ENOMEM;
1567 ffs->file_perms = ctx->perms;
1568 ffs->no_disconnect = ctx->no_disconnect;
1569
1570 ffs->dev_name = kstrdup(fc->source, GFP_KERNEL);
1571 if (unlikely(!ffs->dev_name)) {
1572 ffs_data_put(ffs);
1573 return -ENOMEM;
1574 }
1575
1576 ffs_dev = ffs_acquire_dev(ffs->dev_name);
1577 if (IS_ERR(ffs_dev)) {
1578 ffs_data_put(ffs);
1579 return PTR_ERR(ffs_dev);
1580 }
1581
1582 ffs->private_data = ffs_dev;
1583 ctx->ffs_data = ffs;
1584 return get_tree_nodev(fc, ffs_sb_fill);
1585}
1586
1587static void ffs_fs_free_fc(struct fs_context *fc)
1588{
1589 struct ffs_sb_fill_data *ctx = fc->fs_private;
1590
1591 if (ctx) {
1592 if (ctx->ffs_data) {
1593 ffs_release_dev(ctx->ffs_data);
1594 ffs_data_put(ctx->ffs_data);
1595 }
1596
1597 kfree(ctx);
1598 }
1599}
1600
1601static const struct fs_context_operations ffs_fs_context_ops = {
1602 .free = ffs_fs_free_fc,
1603 .parse_param = ffs_fs_parse_param,
1604 .get_tree = ffs_fs_get_tree,
1605};
1606
1607static int ffs_fs_init_fs_context(struct fs_context *fc)
1608{
1609 struct ffs_sb_fill_data *ctx;
1610
1611 ctx = kzalloc(sizeof(struct ffs_sb_fill_data), GFP_KERNEL);
1612 if (!ctx)
1613 return -ENOMEM;
1614
1615 ctx->perms.mode = S_IFREG | 0600;
1616 ctx->perms.uid = GLOBAL_ROOT_UID;
1617 ctx->perms.gid = GLOBAL_ROOT_GID;
1618 ctx->root_mode = S_IFDIR | 0500;
1619 ctx->no_disconnect = false;
1620
1621 fc->fs_private = ctx;
1622 fc->ops = &ffs_fs_context_ops;
1623 return 0;
1624}
1625
1626static void
1627ffs_fs_kill_sb(struct super_block *sb)
1628{
1629 ENTER();
1630
1631 kill_litter_super(sb);
1632 if (sb->s_fs_info) {
1633 ffs_release_dev(sb->s_fs_info);
1634 ffs_data_closed(sb->s_fs_info);
1635 }
1636}
1637
1638static struct file_system_type ffs_fs_type = {
1639 .owner = THIS_MODULE,
1640 .name = "functionfs",
1641 .init_fs_context = ffs_fs_init_fs_context,
1642 .parameters = ffs_fs_fs_parameters,
1643 .kill_sb = ffs_fs_kill_sb,
1644};
1645MODULE_ALIAS_FS("functionfs");
1646
1647
1648
1649
1650static int functionfs_init(void)
1651{
1652 int ret;
1653
1654 ENTER();
1655
1656 ret = register_filesystem(&ffs_fs_type);
1657 if (likely(!ret))
1658 pr_info("file system registered\n");
1659 else
1660 pr_err("failed registering file system (%d)\n", ret);
1661
1662 return ret;
1663}
1664
1665static void functionfs_cleanup(void)
1666{
1667 ENTER();
1668
1669 pr_info("unloading\n");
1670 unregister_filesystem(&ffs_fs_type);
1671}
1672
1673
1674
1675
1676static void ffs_data_clear(struct ffs_data *ffs);
1677static void ffs_data_reset(struct ffs_data *ffs);
1678
1679static void ffs_data_get(struct ffs_data *ffs)
1680{
1681 ENTER();
1682
1683 refcount_inc(&ffs->ref);
1684}
1685
1686static void ffs_data_opened(struct ffs_data *ffs)
1687{
1688 ENTER();
1689
1690 refcount_inc(&ffs->ref);
1691 if (atomic_add_return(1, &ffs->opened) == 1 &&
1692 ffs->state == FFS_DEACTIVATED) {
1693 ffs->state = FFS_CLOSING;
1694 ffs_data_reset(ffs);
1695 }
1696}
1697
1698static void ffs_data_put(struct ffs_data *ffs)
1699{
1700 ENTER();
1701
1702 if (unlikely(refcount_dec_and_test(&ffs->ref))) {
1703 pr_info("%s(): freeing\n", __func__);
1704 ffs_data_clear(ffs);
1705 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1706 waitqueue_active(&ffs->ep0req_completion.wait) ||
1707 waitqueue_active(&ffs->wait));
1708 destroy_workqueue(ffs->io_completion_wq);
1709 kfree(ffs->dev_name);
1710 kfree(ffs);
1711 }
1712}
1713
1714static void ffs_data_closed(struct ffs_data *ffs)
1715{
1716 ENTER();
1717
1718 if (atomic_dec_and_test(&ffs->opened)) {
1719 if (ffs->no_disconnect) {
1720 ffs->state = FFS_DEACTIVATED;
1721 if (ffs->epfiles) {
1722 ffs_epfiles_destroy(ffs->epfiles,
1723 ffs->eps_count);
1724 ffs->epfiles = NULL;
1725 }
1726 if (ffs->setup_state == FFS_SETUP_PENDING)
1727 __ffs_ep0_stall(ffs);
1728 } else {
1729 ffs->state = FFS_CLOSING;
1730 ffs_data_reset(ffs);
1731 }
1732 }
1733 if (atomic_read(&ffs->opened) < 0) {
1734 ffs->state = FFS_CLOSING;
1735 ffs_data_reset(ffs);
1736 }
1737
1738 ffs_data_put(ffs);
1739}
1740
1741static struct ffs_data *ffs_data_new(const char *dev_name)
1742{
1743 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1744 if (unlikely(!ffs))
1745 return NULL;
1746
1747 ENTER();
1748
1749 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1750 if (!ffs->io_completion_wq) {
1751 kfree(ffs);
1752 return NULL;
1753 }
1754
1755 refcount_set(&ffs->ref, 1);
1756 atomic_set(&ffs->opened, 0);
1757 ffs->state = FFS_READ_DESCRIPTORS;
1758 mutex_init(&ffs->mutex);
1759 spin_lock_init(&ffs->eps_lock);
1760 init_waitqueue_head(&ffs->ev.waitq);
1761 init_waitqueue_head(&ffs->wait);
1762 init_completion(&ffs->ep0req_completion);
1763
1764
1765 ffs->ev.can_stall = 1;
1766
1767 return ffs;
1768}
1769
1770static void ffs_data_clear(struct ffs_data *ffs)
1771{
1772 ENTER();
1773
1774 ffs_closed(ffs);
1775
1776 BUG_ON(ffs->gadget);
1777
1778 if (ffs->epfiles)
1779 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1780
1781 if (ffs->ffs_eventfd)
1782 eventfd_ctx_put(ffs->ffs_eventfd);
1783
1784 kfree(ffs->raw_descs_data);
1785 kfree(ffs->raw_strings);
1786 kfree(ffs->stringtabs);
1787}
1788
1789static void ffs_data_reset(struct ffs_data *ffs)
1790{
1791 ENTER();
1792
1793 ffs_data_clear(ffs);
1794
1795 ffs->epfiles = NULL;
1796 ffs->raw_descs_data = NULL;
1797 ffs->raw_descs = NULL;
1798 ffs->raw_strings = NULL;
1799 ffs->stringtabs = NULL;
1800
1801 ffs->raw_descs_length = 0;
1802 ffs->fs_descs_count = 0;
1803 ffs->hs_descs_count = 0;
1804 ffs->ss_descs_count = 0;
1805
1806 ffs->strings_count = 0;
1807 ffs->interfaces_count = 0;
1808 ffs->eps_count = 0;
1809
1810 ffs->ev.count = 0;
1811
1812 ffs->state = FFS_READ_DESCRIPTORS;
1813 ffs->setup_state = FFS_NO_SETUP;
1814 ffs->flags = 0;
1815}
1816
1817
1818static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1819{
1820 struct usb_gadget_strings **lang;
1821 int first_id;
1822
1823 ENTER();
1824
1825 if (WARN_ON(ffs->state != FFS_ACTIVE
1826 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1827 return -EBADFD;
1828
1829 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1830 if (unlikely(first_id < 0))
1831 return first_id;
1832
1833 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1834 if (unlikely(!ffs->ep0req))
1835 return -ENOMEM;
1836 ffs->ep0req->complete = ffs_ep0_complete;
1837 ffs->ep0req->context = ffs;
1838
1839 lang = ffs->stringtabs;
1840 if (lang) {
1841 for (; *lang; ++lang) {
1842 struct usb_string *str = (*lang)->strings;
1843 int id = first_id;
1844 for (; str->s; ++id, ++str)
1845 str->id = id;
1846 }
1847 }
1848
1849 ffs->gadget = cdev->gadget;
1850 ffs_data_get(ffs);
1851 return 0;
1852}
1853
1854static void functionfs_unbind(struct ffs_data *ffs)
1855{
1856 ENTER();
1857
1858 if (!WARN_ON(!ffs->gadget)) {
1859 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1860 ffs->ep0req = NULL;
1861 ffs->gadget = NULL;
1862 clear_bit(FFS_FL_BOUND, &ffs->flags);
1863 ffs_data_put(ffs);
1864 }
1865}
1866
1867static int ffs_epfiles_create(struct ffs_data *ffs)
1868{
1869 struct ffs_epfile *epfile, *epfiles;
1870 unsigned i, count;
1871
1872 ENTER();
1873
1874 count = ffs->eps_count;
1875 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1876 if (!epfiles)
1877 return -ENOMEM;
1878
1879 epfile = epfiles;
1880 for (i = 1; i <= count; ++i, ++epfile) {
1881 epfile->ffs = ffs;
1882 mutex_init(&epfile->mutex);
1883 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1884 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1885 else
1886 sprintf(epfile->name, "ep%u", i);
1887 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1888 epfile,
1889 &ffs_epfile_operations);
1890 if (unlikely(!epfile->dentry)) {
1891 ffs_epfiles_destroy(epfiles, i - 1);
1892 return -ENOMEM;
1893 }
1894 }
1895
1896 ffs->epfiles = epfiles;
1897 return 0;
1898}
1899
1900static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1901{
1902 struct ffs_epfile *epfile = epfiles;
1903
1904 ENTER();
1905
1906 for (; count; --count, ++epfile) {
1907 BUG_ON(mutex_is_locked(&epfile->mutex));
1908 if (epfile->dentry) {
1909 d_delete(epfile->dentry);
1910 dput(epfile->dentry);
1911 epfile->dentry = NULL;
1912 }
1913 }
1914
1915 kfree(epfiles);
1916}
1917
1918static void ffs_func_eps_disable(struct ffs_function *func)
1919{
1920 struct ffs_ep *ep = func->eps;
1921 struct ffs_epfile *epfile = func->ffs->epfiles;
1922 unsigned count = func->ffs->eps_count;
1923 unsigned long flags;
1924
1925 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1926 while (count--) {
1927
1928 if (likely(ep->ep))
1929 usb_ep_disable(ep->ep);
1930 ++ep;
1931
1932 if (epfile) {
1933 epfile->ep = NULL;
1934 __ffs_epfile_read_buffer_free(epfile);
1935 ++epfile;
1936 }
1937 }
1938 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1939}
1940
1941static int ffs_func_eps_enable(struct ffs_function *func)
1942{
1943 struct ffs_data *ffs = func->ffs;
1944 struct ffs_ep *ep = func->eps;
1945 struct ffs_epfile *epfile = ffs->epfiles;
1946 unsigned count = ffs->eps_count;
1947 unsigned long flags;
1948 int ret = 0;
1949
1950 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1951 while(count--) {
1952 ep->ep->driver_data = ep;
1953
1954 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1955 if (ret) {
1956 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1957 __func__, ep->ep->name, ret);
1958 break;
1959 }
1960
1961 ret = usb_ep_enable(ep->ep);
1962 if (likely(!ret)) {
1963 epfile->ep = ep;
1964 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1965 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
1966 } else {
1967 break;
1968 }
1969
1970 ++ep;
1971 ++epfile;
1972 }
1973
1974 wake_up_interruptible(&ffs->wait);
1975 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1976
1977 return ret;
1978}
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990enum ffs_entity_type {
1991 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1992};
1993
1994enum ffs_os_desc_type {
1995 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
1996};
1997
1998typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1999 u8 *valuep,
2000 struct usb_descriptor_header *desc,
2001 void *priv);
2002
2003typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
2004 struct usb_os_desc_header *h, void *data,
2005 unsigned len, void *priv);
2006
2007static int __must_check ffs_do_single_desc(char *data, unsigned len,
2008 ffs_entity_callback entity,
2009 void *priv, int *current_class)
2010{
2011 struct usb_descriptor_header *_ds = (void *)data;
2012 u8 length;
2013 int ret;
2014
2015 ENTER();
2016
2017
2018 if (len < 2) {
2019 pr_vdebug("descriptor too short\n");
2020 return -EINVAL;
2021 }
2022
2023
2024 length = _ds->bLength;
2025 if (len < length) {
2026 pr_vdebug("descriptor longer then available data\n");
2027 return -EINVAL;
2028 }
2029
2030#define __entity_check_INTERFACE(val) 1
2031#define __entity_check_STRING(val) (val)
2032#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
2033#define __entity(type, val) do { \
2034 pr_vdebug("entity " #type "(%02x)\n", (val)); \
2035 if (unlikely(!__entity_check_ ##type(val))) { \
2036 pr_vdebug("invalid entity's value\n"); \
2037 return -EINVAL; \
2038 } \
2039 ret = entity(FFS_ ##type, &val, _ds, priv); \
2040 if (unlikely(ret < 0)) { \
2041 pr_debug("entity " #type "(%02x); ret = %d\n", \
2042 (val), ret); \
2043 return ret; \
2044 } \
2045 } while (0)
2046
2047
2048 switch (_ds->bDescriptorType) {
2049 case USB_DT_DEVICE:
2050 case USB_DT_CONFIG:
2051 case USB_DT_STRING:
2052 case USB_DT_DEVICE_QUALIFIER:
2053
2054 pr_vdebug("descriptor reserved for gadget: %d\n",
2055 _ds->bDescriptorType);
2056 return -EINVAL;
2057
2058 case USB_DT_INTERFACE: {
2059 struct usb_interface_descriptor *ds = (void *)_ds;
2060 pr_vdebug("interface descriptor\n");
2061 if (length != sizeof *ds)
2062 goto inv_length;
2063
2064 __entity(INTERFACE, ds->bInterfaceNumber);
2065 if (ds->iInterface)
2066 __entity(STRING, ds->iInterface);
2067 *current_class = ds->bInterfaceClass;
2068 }
2069 break;
2070
2071 case USB_DT_ENDPOINT: {
2072 struct usb_endpoint_descriptor *ds = (void *)_ds;
2073 pr_vdebug("endpoint descriptor\n");
2074 if (length != USB_DT_ENDPOINT_SIZE &&
2075 length != USB_DT_ENDPOINT_AUDIO_SIZE)
2076 goto inv_length;
2077 __entity(ENDPOINT, ds->bEndpointAddress);
2078 }
2079 break;
2080
2081 case USB_TYPE_CLASS | 0x01:
2082 if (*current_class == USB_INTERFACE_CLASS_HID) {
2083 pr_vdebug("hid descriptor\n");
2084 if (length != sizeof(struct hid_descriptor))
2085 goto inv_length;
2086 break;
2087 } else if (*current_class == USB_INTERFACE_CLASS_CCID) {
2088 pr_vdebug("ccid descriptor\n");
2089 if (length != sizeof(struct ccid_descriptor))
2090 goto inv_length;
2091 break;
2092 } else {
2093 pr_vdebug("unknown descriptor: %d for class %d\n",
2094 _ds->bDescriptorType, *current_class);
2095 return -EINVAL;
2096 }
2097
2098 case USB_DT_OTG:
2099 if (length != sizeof(struct usb_otg_descriptor))
2100 goto inv_length;
2101 break;
2102
2103 case USB_DT_INTERFACE_ASSOCIATION: {
2104 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
2105 pr_vdebug("interface association descriptor\n");
2106 if (length != sizeof *ds)
2107 goto inv_length;
2108 if (ds->iFunction)
2109 __entity(STRING, ds->iFunction);
2110 }
2111 break;
2112
2113 case USB_DT_SS_ENDPOINT_COMP:
2114 pr_vdebug("EP SS companion descriptor\n");
2115 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2116 goto inv_length;
2117 break;
2118
2119 case USB_DT_OTHER_SPEED_CONFIG:
2120 case USB_DT_INTERFACE_POWER:
2121 case USB_DT_DEBUG:
2122 case USB_DT_SECURITY:
2123 case USB_DT_CS_RADIO_CONTROL:
2124
2125 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2126 return -EINVAL;
2127
2128 default:
2129
2130 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2131 return -EINVAL;
2132
2133inv_length:
2134 pr_vdebug("invalid length: %d (descriptor %d)\n",
2135 _ds->bLength, _ds->bDescriptorType);
2136 return -EINVAL;
2137 }
2138
2139#undef __entity
2140#undef __entity_check_DESCRIPTOR
2141#undef __entity_check_INTERFACE
2142#undef __entity_check_STRING
2143#undef __entity_check_ENDPOINT
2144
2145 return length;
2146}
2147
2148static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2149 ffs_entity_callback entity, void *priv)
2150{
2151 const unsigned _len = len;
2152 unsigned long num = 0;
2153 int current_class = -1;
2154
2155 ENTER();
2156
2157 for (;;) {
2158 int ret;
2159
2160 if (num == count)
2161 data = NULL;
2162
2163
2164 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2165 if (unlikely(ret < 0)) {
2166 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2167 num, ret);
2168 return ret;
2169 }
2170
2171 if (!data)
2172 return _len - len;
2173
2174 ret = ffs_do_single_desc(data, len, entity, priv,
2175 ¤t_class);
2176 if (unlikely(ret < 0)) {
2177 pr_debug("%s returns %d\n", __func__, ret);
2178 return ret;
2179 }
2180
2181 len -= ret;
2182 data += ret;
2183 ++num;
2184 }
2185}
2186
2187static int __ffs_data_do_entity(enum ffs_entity_type type,
2188 u8 *valuep, struct usb_descriptor_header *desc,
2189 void *priv)
2190{
2191 struct ffs_desc_helper *helper = priv;
2192 struct usb_endpoint_descriptor *d;
2193
2194 ENTER();
2195
2196 switch (type) {
2197 case FFS_DESCRIPTOR:
2198 break;
2199
2200 case FFS_INTERFACE:
2201
2202
2203
2204
2205
2206 if (*valuep >= helper->interfaces_count)
2207 helper->interfaces_count = *valuep + 1;
2208 break;
2209
2210 case FFS_STRING:
2211
2212
2213
2214
2215 if (*valuep > helper->ffs->strings_count)
2216 helper->ffs->strings_count = *valuep;
2217 break;
2218
2219 case FFS_ENDPOINT:
2220 d = (void *)desc;
2221 helper->eps_count++;
2222 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
2223 return -EINVAL;
2224
2225 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2226 helper->ffs->eps_addrmap[helper->eps_count] =
2227 d->bEndpointAddress;
2228 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2229 d->bEndpointAddress)
2230 return -EINVAL;
2231 break;
2232 }
2233
2234 return 0;
2235}
2236
2237static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2238 struct usb_os_desc_header *desc)
2239{
2240 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2241 u16 w_index = le16_to_cpu(desc->wIndex);
2242
2243 if (bcd_version != 1) {
2244 pr_vdebug("unsupported os descriptors version: %d",
2245 bcd_version);
2246 return -EINVAL;
2247 }
2248 switch (w_index) {
2249 case 0x4:
2250 *next_type = FFS_OS_DESC_EXT_COMPAT;
2251 break;
2252 case 0x5:
2253 *next_type = FFS_OS_DESC_EXT_PROP;
2254 break;
2255 default:
2256 pr_vdebug("unsupported os descriptor type: %d", w_index);
2257 return -EINVAL;
2258 }
2259
2260 return sizeof(*desc);
2261}
2262
2263
2264
2265
2266
2267static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2268 enum ffs_os_desc_type type,
2269 u16 feature_count,
2270 ffs_os_desc_callback entity,
2271 void *priv,
2272 struct usb_os_desc_header *h)
2273{
2274 int ret;
2275 const unsigned _len = len;
2276
2277 ENTER();
2278
2279
2280 while (feature_count--) {
2281 ret = entity(type, h, data, len, priv);
2282 if (unlikely(ret < 0)) {
2283 pr_debug("bad OS descriptor, type: %d\n", type);
2284 return ret;
2285 }
2286 data += ret;
2287 len -= ret;
2288 }
2289 return _len - len;
2290}
2291
2292
2293static int __must_check ffs_do_os_descs(unsigned count,
2294 char *data, unsigned len,
2295 ffs_os_desc_callback entity, void *priv)
2296{
2297 const unsigned _len = len;
2298 unsigned long num = 0;
2299
2300 ENTER();
2301
2302 for (num = 0; num < count; ++num) {
2303 int ret;
2304 enum ffs_os_desc_type type;
2305 u16 feature_count;
2306 struct usb_os_desc_header *desc = (void *)data;
2307
2308 if (len < sizeof(*desc))
2309 return -EINVAL;
2310
2311
2312
2313
2314
2315
2316
2317
2318 if (le32_to_cpu(desc->dwLength) > len)
2319 return -EINVAL;
2320
2321 ret = __ffs_do_os_desc_header(&type, desc);
2322 if (unlikely(ret < 0)) {
2323 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2324 num, ret);
2325 return ret;
2326 }
2327
2328
2329
2330 feature_count = le16_to_cpu(desc->wCount);
2331 if (type == FFS_OS_DESC_EXT_COMPAT &&
2332 (feature_count > 255 || desc->Reserved))
2333 return -EINVAL;
2334 len -= ret;
2335 data += ret;
2336
2337
2338
2339
2340
2341 ret = ffs_do_single_os_desc(data, len, type,
2342 feature_count, entity, priv, desc);
2343 if (unlikely(ret < 0)) {
2344 pr_debug("%s returns %d\n", __func__, ret);
2345 return ret;
2346 }
2347
2348 len -= ret;
2349 data += ret;
2350 }
2351 return _len - len;
2352}
2353
2354
2355
2356
2357static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2358 struct usb_os_desc_header *h, void *data,
2359 unsigned len, void *priv)
2360{
2361 struct ffs_data *ffs = priv;
2362 u8 length;
2363
2364 ENTER();
2365
2366 switch (type) {
2367 case FFS_OS_DESC_EXT_COMPAT: {
2368 struct usb_ext_compat_desc *d = data;
2369 int i;
2370
2371 if (len < sizeof(*d) ||
2372 d->bFirstInterfaceNumber >= ffs->interfaces_count)
2373 return -EINVAL;
2374 if (d->Reserved1 != 1) {
2375
2376
2377
2378
2379
2380
2381 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2382 d->Reserved1 = 1;
2383 }
2384 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2385 if (d->Reserved2[i])
2386 return -EINVAL;
2387
2388 length = sizeof(struct usb_ext_compat_desc);
2389 }
2390 break;
2391 case FFS_OS_DESC_EXT_PROP: {
2392 struct usb_ext_prop_desc *d = data;
2393 u32 type, pdl;
2394 u16 pnl;
2395
2396 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2397 return -EINVAL;
2398 length = le32_to_cpu(d->dwSize);
2399 if (len < length)
2400 return -EINVAL;
2401 type = le32_to_cpu(d->dwPropertyDataType);
2402 if (type < USB_EXT_PROP_UNICODE ||
2403 type > USB_EXT_PROP_UNICODE_MULTI) {
2404 pr_vdebug("unsupported os descriptor property type: %d",
2405 type);
2406 return -EINVAL;
2407 }
2408 pnl = le16_to_cpu(d->wPropertyNameLength);
2409 if (length < 14 + pnl) {
2410 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2411 length, pnl, type);
2412 return -EINVAL;
2413 }
2414 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
2415 if (length != 14 + pnl + pdl) {
2416 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2417 length, pnl, pdl, type);
2418 return -EINVAL;
2419 }
2420 ++ffs->ms_os_descs_ext_prop_count;
2421
2422 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2423 ffs->ms_os_descs_ext_prop_data_len += pdl;
2424 }
2425 break;
2426 default:
2427 pr_vdebug("unknown descriptor: %d\n", type);
2428 return -EINVAL;
2429 }
2430 return length;
2431}
2432
2433static int __ffs_data_got_descs(struct ffs_data *ffs,
2434 char *const _data, size_t len)
2435{
2436 char *data = _data, *raw_descs;
2437 unsigned os_descs_count = 0, counts[3], flags;
2438 int ret = -EINVAL, i;
2439 struct ffs_desc_helper helper;
2440
2441 ENTER();
2442
2443 if (get_unaligned_le32(data + 4) != len)
2444 goto error;
2445
2446 switch (get_unaligned_le32(data)) {
2447 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2448 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2449 data += 8;
2450 len -= 8;
2451 break;
2452 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2453 flags = get_unaligned_le32(data + 8);
2454 ffs->user_flags = flags;
2455 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2456 FUNCTIONFS_HAS_HS_DESC |
2457 FUNCTIONFS_HAS_SS_DESC |
2458 FUNCTIONFS_HAS_MS_OS_DESC |
2459 FUNCTIONFS_VIRTUAL_ADDR |
2460 FUNCTIONFS_EVENTFD |
2461 FUNCTIONFS_ALL_CTRL_RECIP |
2462 FUNCTIONFS_CONFIG0_SETUP)) {
2463 ret = -ENOSYS;
2464 goto error;
2465 }
2466 data += 12;
2467 len -= 12;
2468 break;
2469 default:
2470 goto error;
2471 }
2472
2473 if (flags & FUNCTIONFS_EVENTFD) {
2474 if (len < 4)
2475 goto error;
2476 ffs->ffs_eventfd =
2477 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2478 if (IS_ERR(ffs->ffs_eventfd)) {
2479 ret = PTR_ERR(ffs->ffs_eventfd);
2480 ffs->ffs_eventfd = NULL;
2481 goto error;
2482 }
2483 data += 4;
2484 len -= 4;
2485 }
2486
2487
2488 for (i = 0; i < 3; ++i) {
2489 if (!(flags & (1 << i))) {
2490 counts[i] = 0;
2491 } else if (len < 4) {
2492 goto error;
2493 } else {
2494 counts[i] = get_unaligned_le32(data);
2495 data += 4;
2496 len -= 4;
2497 }
2498 }
2499 if (flags & (1 << i)) {
2500 if (len < 4) {
2501 goto error;
2502 }
2503 os_descs_count = get_unaligned_le32(data);
2504 data += 4;
2505 len -= 4;
2506 };
2507
2508
2509 raw_descs = data;
2510 helper.ffs = ffs;
2511 for (i = 0; i < 3; ++i) {
2512 if (!counts[i])
2513 continue;
2514 helper.interfaces_count = 0;
2515 helper.eps_count = 0;
2516 ret = ffs_do_descs(counts[i], data, len,
2517 __ffs_data_do_entity, &helper);
2518 if (ret < 0)
2519 goto error;
2520 if (!ffs->eps_count && !ffs->interfaces_count) {
2521 ffs->eps_count = helper.eps_count;
2522 ffs->interfaces_count = helper.interfaces_count;
2523 } else {
2524 if (ffs->eps_count != helper.eps_count) {
2525 ret = -EINVAL;
2526 goto error;
2527 }
2528 if (ffs->interfaces_count != helper.interfaces_count) {
2529 ret = -EINVAL;
2530 goto error;
2531 }
2532 }
2533 data += ret;
2534 len -= ret;
2535 }
2536 if (os_descs_count) {
2537 ret = ffs_do_os_descs(os_descs_count, data, len,
2538 __ffs_data_do_os_desc, ffs);
2539 if (ret < 0)
2540 goto error;
2541 data += ret;
2542 len -= ret;
2543 }
2544
2545 if (raw_descs == data || len) {
2546 ret = -EINVAL;
2547 goto error;
2548 }
2549
2550 ffs->raw_descs_data = _data;
2551 ffs->raw_descs = raw_descs;
2552 ffs->raw_descs_length = data - raw_descs;
2553 ffs->fs_descs_count = counts[0];
2554 ffs->hs_descs_count = counts[1];
2555 ffs->ss_descs_count = counts[2];
2556 ffs->ms_os_descs_count = os_descs_count;
2557
2558 return 0;
2559
2560error:
2561 kfree(_data);
2562 return ret;
2563}
2564
2565static int __ffs_data_got_strings(struct ffs_data *ffs,
2566 char *const _data, size_t len)
2567{
2568 u32 str_count, needed_count, lang_count;
2569 struct usb_gadget_strings **stringtabs, *t;
2570 const char *data = _data;
2571 struct usb_string *s;
2572
2573 ENTER();
2574
2575 if (unlikely(len < 16 ||
2576 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2577 get_unaligned_le32(data + 4) != len))
2578 goto error;
2579 str_count = get_unaligned_le32(data + 8);
2580 lang_count = get_unaligned_le32(data + 12);
2581
2582
2583 if (unlikely(!str_count != !lang_count))
2584 goto error;
2585
2586
2587 needed_count = ffs->strings_count;
2588 if (unlikely(str_count < needed_count))
2589 goto error;
2590
2591
2592
2593
2594
2595 if (!needed_count) {
2596 kfree(_data);
2597 return 0;
2598 }
2599
2600
2601 {
2602 unsigned i = 0;
2603 vla_group(d);
2604 vla_item(d, struct usb_gadget_strings *, stringtabs,
2605 lang_count + 1);
2606 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2607 vla_item(d, struct usb_string, strings,
2608 lang_count*(needed_count+1));
2609
2610 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2611
2612 if (unlikely(!vlabuf)) {
2613 kfree(_data);
2614 return -ENOMEM;
2615 }
2616
2617
2618 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2619 t = vla_ptr(vlabuf, d, stringtab);
2620 i = lang_count;
2621 do {
2622 *stringtabs++ = t++;
2623 } while (--i);
2624 *stringtabs = NULL;
2625
2626
2627 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2628 t = vla_ptr(vlabuf, d, stringtab);
2629 s = vla_ptr(vlabuf, d, strings);
2630 }
2631
2632
2633 data += 16;
2634 len -= 16;
2635
2636 do {
2637 unsigned needed = needed_count;
2638
2639 if (unlikely(len < 3))
2640 goto error_free;
2641 t->language = get_unaligned_le16(data);
2642 t->strings = s;
2643 ++t;
2644
2645 data += 2;
2646 len -= 2;
2647
2648
2649 do {
2650 size_t length = strnlen(data, len);
2651
2652 if (unlikely(length == len))
2653 goto error_free;
2654
2655
2656
2657
2658
2659
2660 if (likely(needed)) {
2661
2662
2663
2664
2665
2666 s->s = data;
2667 --needed;
2668 ++s;
2669 }
2670
2671 data += length + 1;
2672 len -= length + 1;
2673 } while (--str_count);
2674
2675 s->id = 0;
2676 s->s = NULL;
2677 ++s;
2678
2679 } while (--lang_count);
2680
2681
2682 if (unlikely(len))
2683 goto error_free;
2684
2685
2686 ffs->stringtabs = stringtabs;
2687 ffs->raw_strings = _data;
2688
2689 return 0;
2690
2691error_free:
2692 kfree(stringtabs);
2693error:
2694 kfree(_data);
2695 return -EINVAL;
2696}
2697
2698
2699
2700
2701static void __ffs_event_add(struct ffs_data *ffs,
2702 enum usb_functionfs_event_type type)
2703{
2704 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2705 int neg = 0;
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715 if (ffs->setup_state == FFS_SETUP_PENDING)
2716 ffs->setup_state = FFS_SETUP_CANCELLED;
2717
2718
2719
2720
2721
2722
2723
2724
2725 switch (type) {
2726 case FUNCTIONFS_RESUME:
2727 rem_type2 = FUNCTIONFS_SUSPEND;
2728
2729 case FUNCTIONFS_SUSPEND:
2730 case FUNCTIONFS_SETUP:
2731 rem_type1 = type;
2732
2733 break;
2734
2735 case FUNCTIONFS_BIND:
2736 case FUNCTIONFS_UNBIND:
2737 case FUNCTIONFS_DISABLE:
2738 case FUNCTIONFS_ENABLE:
2739
2740 rem_type1 = FUNCTIONFS_SUSPEND;
2741 rem_type2 = FUNCTIONFS_RESUME;
2742 neg = 1;
2743 break;
2744
2745 default:
2746 WARN(1, "%d: unknown event, this should not happen\n", type);
2747 return;
2748 }
2749
2750 {
2751 u8 *ev = ffs->ev.types, *out = ev;
2752 unsigned n = ffs->ev.count;
2753 for (; n; --n, ++ev)
2754 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2755 *out++ = *ev;
2756 else
2757 pr_vdebug("purging event %d\n", *ev);
2758 ffs->ev.count = out - ffs->ev.types;
2759 }
2760
2761 pr_vdebug("adding event %d\n", type);
2762 ffs->ev.types[ffs->ev.count++] = type;
2763 wake_up_locked(&ffs->ev.waitq);
2764 if (ffs->ffs_eventfd)
2765 eventfd_signal(ffs->ffs_eventfd, 1);
2766}
2767
2768static void ffs_event_add(struct ffs_data *ffs,
2769 enum usb_functionfs_event_type type)
2770{
2771 unsigned long flags;
2772 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2773 __ffs_event_add(ffs, type);
2774 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2775}
2776
2777
2778
2779static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2780{
2781 int i;
2782
2783 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2784 if (ffs->eps_addrmap[i] == endpoint_address)
2785 return i;
2786 return -ENOENT;
2787}
2788
2789static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2790 struct usb_descriptor_header *desc,
2791 void *priv)
2792{
2793 struct usb_endpoint_descriptor *ds = (void *)desc;
2794 struct ffs_function *func = priv;
2795 struct ffs_ep *ffs_ep;
2796 unsigned ep_desc_id;
2797 int idx;
2798 static const char *speed_names[] = { "full", "high", "super" };
2799
2800 if (type != FFS_DESCRIPTOR)
2801 return 0;
2802
2803
2804
2805
2806
2807
2808
2809 if (func->function.ss_descriptors) {
2810 ep_desc_id = 2;
2811 func->function.ss_descriptors[(long)valuep] = desc;
2812 } else if (func->function.hs_descriptors) {
2813 ep_desc_id = 1;
2814 func->function.hs_descriptors[(long)valuep] = desc;
2815 } else {
2816 ep_desc_id = 0;
2817 func->function.fs_descriptors[(long)valuep] = desc;
2818 }
2819
2820 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2821 return 0;
2822
2823 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2824 if (idx < 0)
2825 return idx;
2826
2827 ffs_ep = func->eps + idx;
2828
2829 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2830 pr_err("two %sspeed descriptors for EP %d\n",
2831 speed_names[ep_desc_id],
2832 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2833 return -EINVAL;
2834 }
2835 ffs_ep->descs[ep_desc_id] = ds;
2836
2837 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2838 if (ffs_ep->ep) {
2839 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2840 if (!ds->wMaxPacketSize)
2841 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2842 } else {
2843 struct usb_request *req;
2844 struct usb_ep *ep;
2845 u8 bEndpointAddress;
2846 u16 wMaxPacketSize;
2847
2848
2849
2850
2851
2852 bEndpointAddress = ds->bEndpointAddress;
2853
2854
2855
2856
2857 wMaxPacketSize = ds->wMaxPacketSize;
2858 pr_vdebug("autoconfig\n");
2859 ep = usb_ep_autoconfig(func->gadget, ds);
2860 if (unlikely(!ep))
2861 return -ENOTSUPP;
2862 ep->driver_data = func->eps + idx;
2863
2864 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2865 if (unlikely(!req))
2866 return -ENOMEM;
2867
2868 ffs_ep->ep = ep;
2869 ffs_ep->req = req;
2870 func->eps_revmap[ds->bEndpointAddress &
2871 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2872
2873
2874
2875
2876 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2877 ds->bEndpointAddress = bEndpointAddress;
2878
2879
2880
2881
2882 ds->wMaxPacketSize = wMaxPacketSize;
2883 }
2884 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2885
2886 return 0;
2887}
2888
2889static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2890 struct usb_descriptor_header *desc,
2891 void *priv)
2892{
2893 struct ffs_function *func = priv;
2894 unsigned idx;
2895 u8 newValue;
2896
2897 switch (type) {
2898 default:
2899 case FFS_DESCRIPTOR:
2900
2901 return 0;
2902
2903 case FFS_INTERFACE:
2904 idx = *valuep;
2905 if (func->interfaces_nums[idx] < 0) {
2906 int id = usb_interface_id(func->conf, &func->function);
2907 if (unlikely(id < 0))
2908 return id;
2909 func->interfaces_nums[idx] = id;
2910 }
2911 newValue = func->interfaces_nums[idx];
2912 break;
2913
2914 case FFS_STRING:
2915
2916 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2917 break;
2918
2919 case FFS_ENDPOINT:
2920
2921
2922
2923
2924 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2925 return 0;
2926
2927 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2928 if (unlikely(!func->eps[idx].ep))
2929 return -EINVAL;
2930
2931 {
2932 struct usb_endpoint_descriptor **descs;
2933 descs = func->eps[idx].descs;
2934 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2935 }
2936 break;
2937 }
2938
2939 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2940 *valuep = newValue;
2941 return 0;
2942}
2943
2944static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2945 struct usb_os_desc_header *h, void *data,
2946 unsigned len, void *priv)
2947{
2948 struct ffs_function *func = priv;
2949 u8 length = 0;
2950
2951 switch (type) {
2952 case FFS_OS_DESC_EXT_COMPAT: {
2953 struct usb_ext_compat_desc *desc = data;
2954 struct usb_os_desc_table *t;
2955
2956 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2957 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2958 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2959 ARRAY_SIZE(desc->CompatibleID) +
2960 ARRAY_SIZE(desc->SubCompatibleID));
2961 length = sizeof(*desc);
2962 }
2963 break;
2964 case FFS_OS_DESC_EXT_PROP: {
2965 struct usb_ext_prop_desc *desc = data;
2966 struct usb_os_desc_table *t;
2967 struct usb_os_desc_ext_prop *ext_prop;
2968 char *ext_prop_name;
2969 char *ext_prop_data;
2970
2971 t = &func->function.os_desc_table[h->interface];
2972 t->if_id = func->interfaces_nums[h->interface];
2973
2974 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2975 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2976
2977 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2978 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2979 ext_prop->data_len = le32_to_cpu(*(__le32 *)
2980 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2981 length = ext_prop->name_len + ext_prop->data_len + 14;
2982
2983 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2984 func->ffs->ms_os_descs_ext_prop_name_avail +=
2985 ext_prop->name_len;
2986
2987 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2988 func->ffs->ms_os_descs_ext_prop_data_avail +=
2989 ext_prop->data_len;
2990 memcpy(ext_prop_data,
2991 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2992 ext_prop->data_len);
2993
2994 switch (ext_prop->type) {
2995 case USB_EXT_PROP_UNICODE:
2996 case USB_EXT_PROP_UNICODE_ENV:
2997 case USB_EXT_PROP_UNICODE_LINK:
2998 case USB_EXT_PROP_UNICODE_MULTI:
2999 ext_prop->data_len *= 2;
3000 break;
3001 }
3002 ext_prop->data = ext_prop_data;
3003
3004 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
3005 ext_prop->name_len);
3006
3007 ext_prop->name_len *= 2;
3008 ext_prop->name = ext_prop_name;
3009
3010 t->os_desc->ext_prop_len +=
3011 ext_prop->name_len + ext_prop->data_len + 14;
3012 ++t->os_desc->ext_prop_count;
3013 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
3014 }
3015 break;
3016 default:
3017 pr_vdebug("unknown descriptor: %d\n", type);
3018 }
3019
3020 return length;
3021}
3022
3023static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
3024 struct usb_configuration *c)
3025{
3026 struct ffs_function *func = ffs_func_from_usb(f);
3027 struct f_fs_opts *ffs_opts =
3028 container_of(f->fi, struct f_fs_opts, func_inst);
3029 int ret;
3030
3031 ENTER();
3032
3033
3034
3035
3036
3037
3038
3039
3040 if (!ffs_opts->no_configfs)
3041 ffs_dev_lock();
3042 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
3043 func->ffs = ffs_opts->dev->ffs_data;
3044 if (!ffs_opts->no_configfs)
3045 ffs_dev_unlock();
3046 if (ret)
3047 return ERR_PTR(ret);
3048
3049 func->conf = c;
3050 func->gadget = c->cdev->gadget;
3051
3052
3053
3054
3055
3056
3057
3058
3059 if (!ffs_opts->refcnt) {
3060 ret = functionfs_bind(func->ffs, c->cdev);
3061 if (ret)
3062 return ERR_PTR(ret);
3063 }
3064 ffs_opts->refcnt++;
3065 func->function.strings = func->ffs->stringtabs;
3066
3067 return ffs_opts;
3068}
3069
3070static int _ffs_func_bind(struct usb_configuration *c,
3071 struct usb_function *f)
3072{
3073 struct ffs_function *func = ffs_func_from_usb(f);
3074 struct ffs_data *ffs = func->ffs;
3075
3076 const int full = !!func->ffs->fs_descs_count;
3077 const int high = !!func->ffs->hs_descs_count;
3078 const int super = !!func->ffs->ss_descs_count;
3079
3080 int fs_len, hs_len, ss_len, ret, i;
3081 struct ffs_ep *eps_ptr;
3082
3083
3084 vla_group(d);
3085 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
3086 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
3087 full ? ffs->fs_descs_count + 1 : 0);
3088 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
3089 high ? ffs->hs_descs_count + 1 : 0);
3090 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
3091 super ? ffs->ss_descs_count + 1 : 0);
3092 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
3093 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
3094 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3095 vla_item_with_sz(d, char[16], ext_compat,
3096 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3097 vla_item_with_sz(d, struct usb_os_desc, os_desc,
3098 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3099 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
3100 ffs->ms_os_descs_ext_prop_count);
3101 vla_item_with_sz(d, char, ext_prop_name,
3102 ffs->ms_os_descs_ext_prop_name_len);
3103 vla_item_with_sz(d, char, ext_prop_data,
3104 ffs->ms_os_descs_ext_prop_data_len);
3105 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
3106 char *vlabuf;
3107
3108 ENTER();
3109
3110
3111 if (unlikely(!(full | high | super)))
3112 return -ENOTSUPP;
3113
3114
3115 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
3116 if (unlikely(!vlabuf))
3117 return -ENOMEM;
3118
3119 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
3120 ffs->ms_os_descs_ext_prop_name_avail =
3121 vla_ptr(vlabuf, d, ext_prop_name);
3122 ffs->ms_os_descs_ext_prop_data_avail =
3123 vla_ptr(vlabuf, d, ext_prop_data);
3124
3125
3126 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
3127 ffs->raw_descs_length);
3128
3129 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
3130 eps_ptr = vla_ptr(vlabuf, d, eps);
3131 for (i = 0; i < ffs->eps_count; i++)
3132 eps_ptr[i].num = -1;
3133
3134
3135
3136
3137 func->eps = vla_ptr(vlabuf, d, eps);
3138 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
3139
3140
3141
3142
3143
3144
3145 if (likely(full)) {
3146 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3147 fs_len = ffs_do_descs(ffs->fs_descs_count,
3148 vla_ptr(vlabuf, d, raw_descs),
3149 d_raw_descs__sz,
3150 __ffs_func_bind_do_descs, func);
3151 if (unlikely(fs_len < 0)) {
3152 ret = fs_len;
3153 goto error;
3154 }
3155 } else {
3156 fs_len = 0;
3157 }
3158
3159 if (likely(high)) {
3160 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3161 hs_len = ffs_do_descs(ffs->hs_descs_count,
3162 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3163 d_raw_descs__sz - fs_len,
3164 __ffs_func_bind_do_descs, func);
3165 if (unlikely(hs_len < 0)) {
3166 ret = hs_len;
3167 goto error;
3168 }
3169 } else {
3170 hs_len = 0;
3171 }
3172
3173 if (likely(super)) {
3174 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
3175 ss_len = ffs_do_descs(ffs->ss_descs_count,
3176 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3177 d_raw_descs__sz - fs_len - hs_len,
3178 __ffs_func_bind_do_descs, func);
3179 if (unlikely(ss_len < 0)) {
3180 ret = ss_len;
3181 goto error;
3182 }
3183 } else {
3184 ss_len = 0;
3185 }
3186
3187
3188
3189
3190
3191
3192 ret = ffs_do_descs(ffs->fs_descs_count +
3193 (high ? ffs->hs_descs_count : 0) +
3194 (super ? ffs->ss_descs_count : 0),
3195 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3196 __ffs_func_bind_do_nums, func);
3197 if (unlikely(ret < 0))
3198 goto error;
3199
3200 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3201 if (c->cdev->use_os_string) {
3202 for (i = 0; i < ffs->interfaces_count; ++i) {
3203 struct usb_os_desc *desc;
3204
3205 desc = func->function.os_desc_table[i].os_desc =
3206 vla_ptr(vlabuf, d, os_desc) +
3207 i * sizeof(struct usb_os_desc);
3208 desc->ext_compat_id =
3209 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3210 INIT_LIST_HEAD(&desc->ext_prop);
3211 }
3212 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3213 vla_ptr(vlabuf, d, raw_descs) +
3214 fs_len + hs_len + ss_len,
3215 d_raw_descs__sz - fs_len - hs_len -
3216 ss_len,
3217 __ffs_func_bind_do_os_desc, func);
3218 if (unlikely(ret < 0))
3219 goto error;
3220 }
3221 func->function.os_desc_n =
3222 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3223
3224
3225 ffs_event_add(ffs, FUNCTIONFS_BIND);
3226 return 0;
3227
3228error:
3229
3230 return ret;
3231}
3232
3233static int ffs_func_bind(struct usb_configuration *c,
3234 struct usb_function *f)
3235{
3236 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3237 struct ffs_function *func = ffs_func_from_usb(f);
3238 int ret;
3239
3240 if (IS_ERR(ffs_opts))
3241 return PTR_ERR(ffs_opts);
3242
3243 ret = _ffs_func_bind(c, f);
3244 if (ret && !--ffs_opts->refcnt)
3245 functionfs_unbind(func->ffs);
3246
3247 return ret;
3248}
3249
3250
3251
3252
3253static void ffs_reset_work(struct work_struct *work)
3254{
3255 struct ffs_data *ffs = container_of(work,
3256 struct ffs_data, reset_work);
3257 ffs_data_reset(ffs);
3258}
3259
3260static int ffs_func_set_alt(struct usb_function *f,
3261 unsigned interface, unsigned alt)
3262{
3263 struct ffs_function *func = ffs_func_from_usb(f);
3264 struct ffs_data *ffs = func->ffs;
3265 int ret = 0, intf;
3266
3267 if (alt != (unsigned)-1) {
3268 intf = ffs_func_revmap_intf(func, interface);
3269 if (unlikely(intf < 0))
3270 return intf;
3271 }
3272
3273 if (ffs->func)
3274 ffs_func_eps_disable(ffs->func);
3275
3276 if (ffs->state == FFS_DEACTIVATED) {
3277 ffs->state = FFS_CLOSING;
3278 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3279 schedule_work(&ffs->reset_work);
3280 return -ENODEV;
3281 }
3282
3283 if (ffs->state != FFS_ACTIVE)
3284 return -ENODEV;
3285
3286 if (alt == (unsigned)-1) {
3287 ffs->func = NULL;
3288 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3289 return 0;
3290 }
3291
3292 ffs->func = func;
3293 ret = ffs_func_eps_enable(func);
3294 if (likely(ret >= 0))
3295 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3296 return ret;
3297}
3298
3299static void ffs_func_disable(struct usb_function *f)
3300{
3301 ffs_func_set_alt(f, 0, (unsigned)-1);
3302}
3303
3304static int ffs_func_setup(struct usb_function *f,
3305 const struct usb_ctrlrequest *creq)
3306{
3307 struct ffs_function *func = ffs_func_from_usb(f);
3308 struct ffs_data *ffs = func->ffs;
3309 unsigned long flags;
3310 int ret;
3311
3312 ENTER();
3313
3314 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3315 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3316 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3317 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3318 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330 if (ffs->state != FFS_ACTIVE)
3331 return -ENODEV;
3332
3333 switch (creq->bRequestType & USB_RECIP_MASK) {
3334 case USB_RECIP_INTERFACE:
3335 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3336 if (unlikely(ret < 0))
3337 return ret;
3338 break;
3339
3340 case USB_RECIP_ENDPOINT:
3341 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3342 if (unlikely(ret < 0))
3343 return ret;
3344 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3345 ret = func->ffs->eps_addrmap[ret];
3346 break;
3347
3348 default:
3349 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3350 ret = le16_to_cpu(creq->wIndex);
3351 else
3352 return -EOPNOTSUPP;
3353 }
3354
3355 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3356 ffs->ev.setup = *creq;
3357 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3358 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3359 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3360
3361 return creq->wLength == 0 ? USB_GADGET_DELAYED_STATUS : 0;
3362}
3363
3364static bool ffs_func_req_match(struct usb_function *f,
3365 const struct usb_ctrlrequest *creq,
3366 bool config0)
3367{
3368 struct ffs_function *func = ffs_func_from_usb(f);
3369
3370 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3371 return false;
3372
3373 switch (creq->bRequestType & USB_RECIP_MASK) {
3374 case USB_RECIP_INTERFACE:
3375 return (ffs_func_revmap_intf(func,
3376 le16_to_cpu(creq->wIndex)) >= 0);
3377 case USB_RECIP_ENDPOINT:
3378 return (ffs_func_revmap_ep(func,
3379 le16_to_cpu(creq->wIndex)) >= 0);
3380 default:
3381 return (bool) (func->ffs->user_flags &
3382 FUNCTIONFS_ALL_CTRL_RECIP);
3383 }
3384}
3385
3386static void ffs_func_suspend(struct usb_function *f)
3387{
3388 ENTER();
3389 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3390}
3391
3392static void ffs_func_resume(struct usb_function *f)
3393{
3394 ENTER();
3395 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3396}
3397
3398
3399
3400
3401static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3402{
3403 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3404 return num ? num : -EDOM;
3405}
3406
3407static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3408{
3409 short *nums = func->interfaces_nums;
3410 unsigned count = func->ffs->interfaces_count;
3411
3412 for (; count; --count, ++nums) {
3413 if (*nums >= 0 && *nums == intf)
3414 return nums - func->interfaces_nums;
3415 }
3416
3417 return -EDOM;
3418}
3419
3420
3421
3422
3423static LIST_HEAD(ffs_devices);
3424
3425static struct ffs_dev *_ffs_do_find_dev(const char *name)
3426{
3427 struct ffs_dev *dev;
3428
3429 if (!name)
3430 return NULL;
3431
3432 list_for_each_entry(dev, &ffs_devices, entry) {
3433 if (strcmp(dev->name, name) == 0)
3434 return dev;
3435 }
3436
3437 return NULL;
3438}
3439
3440
3441
3442
3443static struct ffs_dev *_ffs_get_single_dev(void)
3444{
3445 struct ffs_dev *dev;
3446
3447 if (list_is_singular(&ffs_devices)) {
3448 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3449 if (dev->single)
3450 return dev;
3451 }
3452
3453 return NULL;
3454}
3455
3456
3457
3458
3459static struct ffs_dev *_ffs_find_dev(const char *name)
3460{
3461 struct ffs_dev *dev;
3462
3463 dev = _ffs_get_single_dev();
3464 if (dev)
3465 return dev;
3466
3467 return _ffs_do_find_dev(name);
3468}
3469
3470
3471
3472static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3473{
3474 return container_of(to_config_group(item), struct f_fs_opts,
3475 func_inst.group);
3476}
3477
3478static void ffs_attr_release(struct config_item *item)
3479{
3480 struct f_fs_opts *opts = to_ffs_opts(item);
3481
3482 usb_put_function_instance(&opts->func_inst);
3483}
3484
3485static struct configfs_item_operations ffs_item_ops = {
3486 .release = ffs_attr_release,
3487};
3488
3489static const struct config_item_type ffs_func_type = {
3490 .ct_item_ops = &ffs_item_ops,
3491 .ct_owner = THIS_MODULE,
3492};
3493
3494
3495
3496
3497static void ffs_free_inst(struct usb_function_instance *f)
3498{
3499 struct f_fs_opts *opts;
3500
3501 opts = to_f_fs_opts(f);
3502 ffs_dev_lock();
3503 _ffs_free_dev(opts->dev);
3504 ffs_dev_unlock();
3505 kfree(opts);
3506}
3507
3508static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3509{
3510 if (strlen(name) >= sizeof_field(struct ffs_dev, name))
3511 return -ENAMETOOLONG;
3512 return ffs_name_dev(to_f_fs_opts(fi)->dev, name);
3513}
3514
3515static struct usb_function_instance *ffs_alloc_inst(void)
3516{
3517 struct f_fs_opts *opts;
3518 struct ffs_dev *dev;
3519
3520 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3521 if (!opts)
3522 return ERR_PTR(-ENOMEM);
3523
3524 opts->func_inst.set_inst_name = ffs_set_inst_name;
3525 opts->func_inst.free_func_inst = ffs_free_inst;
3526 ffs_dev_lock();
3527 dev = _ffs_alloc_dev();
3528 ffs_dev_unlock();
3529 if (IS_ERR(dev)) {
3530 kfree(opts);
3531 return ERR_CAST(dev);
3532 }
3533 opts->dev = dev;
3534 dev->opts = opts;
3535
3536 config_group_init_type_name(&opts->func_inst.group, "",
3537 &ffs_func_type);
3538 return &opts->func_inst;
3539}
3540
3541static void ffs_free(struct usb_function *f)
3542{
3543 kfree(ffs_func_from_usb(f));
3544}
3545
3546static void ffs_func_unbind(struct usb_configuration *c,
3547 struct usb_function *f)
3548{
3549 struct ffs_function *func = ffs_func_from_usb(f);
3550 struct ffs_data *ffs = func->ffs;
3551 struct f_fs_opts *opts =
3552 container_of(f->fi, struct f_fs_opts, func_inst);
3553 struct ffs_ep *ep = func->eps;
3554 unsigned count = ffs->eps_count;
3555 unsigned long flags;
3556
3557 ENTER();
3558 if (ffs->func == func) {
3559 ffs_func_eps_disable(func);
3560 ffs->func = NULL;
3561 }
3562
3563 if (!--opts->refcnt)
3564 functionfs_unbind(ffs);
3565
3566
3567 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3568 while (count--) {
3569 if (ep->ep && ep->req)
3570 usb_ep_free_request(ep->ep, ep->req);
3571 ep->req = NULL;
3572 ++ep;
3573 }
3574 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3575 kfree(func->eps);
3576 func->eps = NULL;
3577
3578
3579
3580
3581 func->function.fs_descriptors = NULL;
3582 func->function.hs_descriptors = NULL;
3583 func->function.ss_descriptors = NULL;
3584 func->interfaces_nums = NULL;
3585
3586 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3587}
3588
3589static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3590{
3591 struct ffs_function *func;
3592
3593 ENTER();
3594
3595 func = kzalloc(sizeof(*func), GFP_KERNEL);
3596 if (unlikely(!func))
3597 return ERR_PTR(-ENOMEM);
3598
3599 func->function.name = "Function FS Gadget";
3600
3601 func->function.bind = ffs_func_bind;
3602 func->function.unbind = ffs_func_unbind;
3603 func->function.set_alt = ffs_func_set_alt;
3604 func->function.disable = ffs_func_disable;
3605 func->function.setup = ffs_func_setup;
3606 func->function.req_match = ffs_func_req_match;
3607 func->function.suspend = ffs_func_suspend;
3608 func->function.resume = ffs_func_resume;
3609 func->function.free_func = ffs_free;
3610
3611 return &func->function;
3612}
3613
3614
3615
3616
3617static struct ffs_dev *_ffs_alloc_dev(void)
3618{
3619 struct ffs_dev *dev;
3620 int ret;
3621
3622 if (_ffs_get_single_dev())
3623 return ERR_PTR(-EBUSY);
3624
3625 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3626 if (!dev)
3627 return ERR_PTR(-ENOMEM);
3628
3629 if (list_empty(&ffs_devices)) {
3630 ret = functionfs_init();
3631 if (ret) {
3632 kfree(dev);
3633 return ERR_PTR(ret);
3634 }
3635 }
3636
3637 list_add(&dev->entry, &ffs_devices);
3638
3639 return dev;
3640}
3641
3642int ffs_name_dev(struct ffs_dev *dev, const char *name)
3643{
3644 struct ffs_dev *existing;
3645 int ret = 0;
3646
3647 ffs_dev_lock();
3648
3649 existing = _ffs_do_find_dev(name);
3650 if (!existing)
3651 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3652 else if (existing != dev)
3653 ret = -EBUSY;
3654
3655 ffs_dev_unlock();
3656
3657 return ret;
3658}
3659EXPORT_SYMBOL_GPL(ffs_name_dev);
3660
3661int ffs_single_dev(struct ffs_dev *dev)
3662{
3663 int ret;
3664
3665 ret = 0;
3666 ffs_dev_lock();
3667
3668 if (!list_is_singular(&ffs_devices))
3669 ret = -EBUSY;
3670 else
3671 dev->single = true;
3672
3673 ffs_dev_unlock();
3674 return ret;
3675}
3676EXPORT_SYMBOL_GPL(ffs_single_dev);
3677
3678
3679
3680
3681static void _ffs_free_dev(struct ffs_dev *dev)
3682{
3683 list_del(&dev->entry);
3684
3685
3686 if (dev->ffs_data)
3687 dev->ffs_data->private_data = NULL;
3688
3689 kfree(dev);
3690 if (list_empty(&ffs_devices))
3691 functionfs_cleanup();
3692}
3693
3694static void *ffs_acquire_dev(const char *dev_name)
3695{
3696 struct ffs_dev *ffs_dev;
3697
3698 ENTER();
3699 ffs_dev_lock();
3700
3701 ffs_dev = _ffs_find_dev(dev_name);
3702 if (!ffs_dev)
3703 ffs_dev = ERR_PTR(-ENOENT);
3704 else if (ffs_dev->mounted)
3705 ffs_dev = ERR_PTR(-EBUSY);
3706 else if (ffs_dev->ffs_acquire_dev_callback &&
3707 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
3708 ffs_dev = ERR_PTR(-ENOENT);
3709 else
3710 ffs_dev->mounted = true;
3711
3712 ffs_dev_unlock();
3713 return ffs_dev;
3714}
3715
3716static void ffs_release_dev(struct ffs_data *ffs_data)
3717{
3718 struct ffs_dev *ffs_dev;
3719
3720 ENTER();
3721 ffs_dev_lock();
3722
3723 ffs_dev = ffs_data->private_data;
3724 if (ffs_dev) {
3725 ffs_dev->mounted = false;
3726
3727 if (ffs_dev->ffs_release_dev_callback)
3728 ffs_dev->ffs_release_dev_callback(ffs_dev);
3729 }
3730
3731 ffs_dev_unlock();
3732}
3733
3734static int ffs_ready(struct ffs_data *ffs)
3735{
3736 struct ffs_dev *ffs_obj;
3737 int ret = 0;
3738
3739 ENTER();
3740 ffs_dev_lock();
3741
3742 ffs_obj = ffs->private_data;
3743 if (!ffs_obj) {
3744 ret = -EINVAL;
3745 goto done;
3746 }
3747 if (WARN_ON(ffs_obj->desc_ready)) {
3748 ret = -EBUSY;
3749 goto done;
3750 }
3751
3752 ffs_obj->desc_ready = true;
3753 ffs_obj->ffs_data = ffs;
3754
3755 if (ffs_obj->ffs_ready_callback) {
3756 ret = ffs_obj->ffs_ready_callback(ffs);
3757 if (ret)
3758 goto done;
3759 }
3760
3761 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3762done:
3763 ffs_dev_unlock();
3764 return ret;
3765}
3766
3767static void ffs_closed(struct ffs_data *ffs)
3768{
3769 struct ffs_dev *ffs_obj;
3770 struct f_fs_opts *opts;
3771 struct config_item *ci;
3772
3773 ENTER();
3774 ffs_dev_lock();
3775
3776 ffs_obj = ffs->private_data;
3777 if (!ffs_obj)
3778 goto done;
3779
3780 ffs_obj->desc_ready = false;
3781 ffs_obj->ffs_data = NULL;
3782
3783 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3784 ffs_obj->ffs_closed_callback)
3785 ffs_obj->ffs_closed_callback(ffs);
3786
3787 if (ffs_obj->opts)
3788 opts = ffs_obj->opts;
3789 else
3790 goto done;
3791
3792 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3793 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
3794 goto done;
3795
3796 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3797 ffs_dev_unlock();
3798
3799 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3800 unregister_gadget_item(ci);
3801 return;
3802done:
3803 ffs_dev_unlock();
3804}
3805
3806
3807
3808static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3809{
3810 return nonblock
3811 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3812 : mutex_lock_interruptible(mutex);
3813}
3814
3815static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3816{
3817 char *data;
3818
3819 if (unlikely(!len))
3820 return NULL;
3821
3822 data = kmalloc(len, GFP_KERNEL);
3823 if (unlikely(!data))
3824 return ERR_PTR(-ENOMEM);
3825
3826 if (unlikely(copy_from_user(data, buf, len))) {
3827 kfree(data);
3828 return ERR_PTR(-EFAULT);
3829 }
3830
3831 pr_vdebug("Buffer from user space:\n");
3832 ffs_dump_mem("", data, len);
3833
3834 return data;
3835}
3836
3837DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3838MODULE_LICENSE("GPL");
3839MODULE_AUTHOR("Michal Nazarewicz");
3840
