1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include <linux/blkdev.h>
22#include <linux/pagemap.h>
23#include <linux/export.h>
24#include <linux/hid.h>
25#include <linux/module.h>
26#include <linux/uio.h>
27#include <asm/unaligned.h>
28
29#include <linux/usb/composite.h>
30#include <linux/usb/functionfs.h>
31
32#include <linux/aio.h>
33#include <linux/mmu_context.h>
34#include <linux/poll.h>
35#include <linux/eventfd.h>
36
37#include "u_fs.h"
38#include "u_f.h"
39#include "u_os_desc.h"
40#include "configfs.h"
41
42#define FUNCTIONFS_MAGIC 0xa647361
43
44
45static void ffs_data_get(struct ffs_data *ffs);
46static void ffs_data_put(struct ffs_data *ffs);
47
48static struct ffs_data *__must_check ffs_data_new(void) __attribute__((malloc));
49
50
51static void ffs_data_opened(struct ffs_data *ffs);
52static void ffs_data_closed(struct ffs_data *ffs);
53
54
55static int __must_check
56__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
57static int __must_check
58__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
59
60
61
62
63struct ffs_ep;
64
65struct ffs_function {
66 struct usb_configuration *conf;
67 struct usb_gadget *gadget;
68 struct ffs_data *ffs;
69
70 struct ffs_ep *eps;
71 u8 eps_revmap[16];
72 short *interfaces_nums;
73
74 struct usb_function function;
75};
76
77
78static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
79{
80 return container_of(f, struct ffs_function, function);
81}
82
83
84static inline enum ffs_setup_state
85ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
86{
87 return (enum ffs_setup_state)
88 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
89}
90
91
92static void ffs_func_eps_disable(struct ffs_function *func);
93static int __must_check ffs_func_eps_enable(struct ffs_function *func);
94
95static int ffs_func_bind(struct usb_configuration *,
96 struct usb_function *);
97static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
98static void ffs_func_disable(struct usb_function *);
99static int ffs_func_setup(struct usb_function *,
100 const struct usb_ctrlrequest *);
101static bool ffs_func_req_match(struct usb_function *,
102 const struct usb_ctrlrequest *,
103 bool config0);
104static void ffs_func_suspend(struct usb_function *);
105static void ffs_func_resume(struct usb_function *);
106
107
108static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
109static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
110
111
112
113
114struct ffs_ep {
115 struct usb_ep *ep;
116 struct usb_request *req;
117
118
119 struct usb_endpoint_descriptor *descs[3];
120
121 u8 num;
122
123 int status;
124};
125
126struct ffs_epfile {
127
128 struct mutex mutex;
129 wait_queue_head_t wait;
130
131 struct ffs_data *ffs;
132 struct ffs_ep *ep;
133
134 struct dentry *dentry;
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191 struct ffs_buffer *read_buffer;
192#define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
193
194 char name[5];
195
196 unsigned char in;
197 unsigned char isoc;
198
199 unsigned char _pad;
200};
201
202struct ffs_buffer {
203 size_t length;
204 char *data;
205 char storage[];
206};
207
208
209
210struct ffs_io_data {
211 bool aio;
212 bool read;
213
214 struct kiocb *kiocb;
215 struct iov_iter data;
216 const void *to_free;
217 char *buf;
218
219 struct mm_struct *mm;
220 struct work_struct work;
221
222 struct usb_ep *ep;
223 struct usb_request *req;
224
225 struct ffs_data *ffs;
226};
227
228struct ffs_desc_helper {
229 struct ffs_data *ffs;
230 unsigned interfaces_count;
231 unsigned eps_count;
232};
233
234static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
235static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
236
237static struct dentry *
238ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
239 const struct file_operations *fops);
240
241
242
243DEFINE_MUTEX(ffs_lock);
244EXPORT_SYMBOL_GPL(ffs_lock);
245
246static struct ffs_dev *_ffs_find_dev(const char *name);
247static struct ffs_dev *_ffs_alloc_dev(void);
248static int _ffs_name_dev(struct ffs_dev *dev, const char *name);
249static void _ffs_free_dev(struct ffs_dev *dev);
250static void *ffs_acquire_dev(const char *dev_name);
251static void ffs_release_dev(struct ffs_data *ffs_data);
252static int ffs_ready(struct ffs_data *ffs);
253static void ffs_closed(struct ffs_data *ffs);
254
255
256
257static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
258 __attribute__((warn_unused_result, nonnull));
259static char *ffs_prepare_buffer(const char __user *buf, size_t len)
260 __attribute__((warn_unused_result, nonnull));
261
262
263
264
265static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
266{
267 struct ffs_data *ffs = req->context;
268
269 complete_all(&ffs->ep0req_completion);
270}
271
272static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
273{
274 struct usb_request *req = ffs->ep0req;
275 int ret;
276
277 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
278
279 spin_unlock_irq(&ffs->ev.waitq.lock);
280
281 req->buf = data;
282 req->length = len;
283
284
285
286
287
288
289 if (req->buf == NULL)
290 req->buf = (void *)0xDEADBABE;
291
292 reinit_completion(&ffs->ep0req_completion);
293
294 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
295 if (unlikely(ret < 0))
296 return ret;
297
298 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
299 if (unlikely(ret)) {
300 usb_ep_dequeue(ffs->gadget->ep0, req);
301 return -EINTR;
302 }
303
304 ffs->setup_state = FFS_NO_SETUP;
305 return req->status ? req->status : req->actual;
306}
307
308static int __ffs_ep0_stall(struct ffs_data *ffs)
309{
310 if (ffs->ev.can_stall) {
311 pr_vdebug("ep0 stall\n");
312 usb_ep_set_halt(ffs->gadget->ep0);
313 ffs->setup_state = FFS_NO_SETUP;
314 return -EL2HLT;
315 } else {
316 pr_debug("bogus ep0 stall!\n");
317 return -ESRCH;
318 }
319}
320
321static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
322 size_t len, loff_t *ptr)
323{
324 struct ffs_data *ffs = file->private_data;
325 ssize_t ret;
326 char *data;
327
328 ENTER();
329
330
331 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
332 return -EIDRM;
333
334
335 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
336 if (unlikely(ret < 0))
337 return ret;
338
339
340 switch (ffs->state) {
341 case FFS_READ_DESCRIPTORS:
342 case FFS_READ_STRINGS:
343
344 if (unlikely(len < 16)) {
345 ret = -EINVAL;
346 break;
347 }
348
349 data = ffs_prepare_buffer(buf, len);
350 if (IS_ERR(data)) {
351 ret = PTR_ERR(data);
352 break;
353 }
354
355
356 if (ffs->state == FFS_READ_DESCRIPTORS) {
357 pr_info("read descriptors\n");
358 ret = __ffs_data_got_descs(ffs, data, len);
359 if (unlikely(ret < 0))
360 break;
361
362 ffs->state = FFS_READ_STRINGS;
363 ret = len;
364 } else {
365 pr_info("read strings\n");
366 ret = __ffs_data_got_strings(ffs, data, len);
367 if (unlikely(ret < 0))
368 break;
369
370 ret = ffs_epfiles_create(ffs);
371 if (unlikely(ret)) {
372 ffs->state = FFS_CLOSING;
373 break;
374 }
375
376 ffs->state = FFS_ACTIVE;
377 mutex_unlock(&ffs->mutex);
378
379 ret = ffs_ready(ffs);
380 if (unlikely(ret < 0)) {
381 ffs->state = FFS_CLOSING;
382 return ret;
383 }
384
385 return len;
386 }
387 break;
388
389 case FFS_ACTIVE:
390 data = NULL;
391
392
393
394
395 spin_lock_irq(&ffs->ev.waitq.lock);
396 switch (ffs_setup_state_clear_cancelled(ffs)) {
397 case FFS_SETUP_CANCELLED:
398 ret = -EIDRM;
399 goto done_spin;
400
401 case FFS_NO_SETUP:
402 ret = -ESRCH;
403 goto done_spin;
404
405 case FFS_SETUP_PENDING:
406 break;
407 }
408
409
410 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
411 spin_unlock_irq(&ffs->ev.waitq.lock);
412 ret = __ffs_ep0_stall(ffs);
413 break;
414 }
415
416
417 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
418
419 spin_unlock_irq(&ffs->ev.waitq.lock);
420
421 data = ffs_prepare_buffer(buf, len);
422 if (IS_ERR(data)) {
423 ret = PTR_ERR(data);
424 break;
425 }
426
427 spin_lock_irq(&ffs->ev.waitq.lock);
428
429
430
431
432
433
434
435
436
437
438
439
440
441 if (ffs_setup_state_clear_cancelled(ffs) ==
442 FFS_SETUP_CANCELLED) {
443 ret = -EIDRM;
444done_spin:
445 spin_unlock_irq(&ffs->ev.waitq.lock);
446 } else {
447
448 ret = __ffs_ep0_queue_wait(ffs, data, len);
449 }
450 kfree(data);
451 break;
452
453 default:
454 ret = -EBADFD;
455 break;
456 }
457
458 mutex_unlock(&ffs->mutex);
459 return ret;
460}
461
462
463static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
464 size_t n)
465{
466
467
468
469
470
471 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
472 const size_t size = n * sizeof *events;
473 unsigned i = 0;
474
475 memset(events, 0, size);
476
477 do {
478 events[i].type = ffs->ev.types[i];
479 if (events[i].type == FUNCTIONFS_SETUP) {
480 events[i].u.setup = ffs->ev.setup;
481 ffs->setup_state = FFS_SETUP_PENDING;
482 }
483 } while (++i < n);
484
485 ffs->ev.count -= n;
486 if (ffs->ev.count)
487 memmove(ffs->ev.types, ffs->ev.types + n,
488 ffs->ev.count * sizeof *ffs->ev.types);
489
490 spin_unlock_irq(&ffs->ev.waitq.lock);
491 mutex_unlock(&ffs->mutex);
492
493 return unlikely(copy_to_user(buf, events, size)) ? -EFAULT : size;
494}
495
496static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
497 size_t len, loff_t *ptr)
498{
499 struct ffs_data *ffs = file->private_data;
500 char *data = NULL;
501 size_t n;
502 int ret;
503
504 ENTER();
505
506
507 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
508 return -EIDRM;
509
510
511 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
512 if (unlikely(ret < 0))
513 return ret;
514
515
516 if (ffs->state != FFS_ACTIVE) {
517 ret = -EBADFD;
518 goto done_mutex;
519 }
520
521
522
523
524
525 spin_lock_irq(&ffs->ev.waitq.lock);
526
527 switch (ffs_setup_state_clear_cancelled(ffs)) {
528 case FFS_SETUP_CANCELLED:
529 ret = -EIDRM;
530 break;
531
532 case FFS_NO_SETUP:
533 n = len / sizeof(struct usb_functionfs_event);
534 if (unlikely(!n)) {
535 ret = -EINVAL;
536 break;
537 }
538
539 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
540 ret = -EAGAIN;
541 break;
542 }
543
544 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
545 ffs->ev.count)) {
546 ret = -EINTR;
547 break;
548 }
549
550 return __ffs_ep0_read_events(ffs, buf,
551 min(n, (size_t)ffs->ev.count));
552
553 case FFS_SETUP_PENDING:
554 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
555 spin_unlock_irq(&ffs->ev.waitq.lock);
556 ret = __ffs_ep0_stall(ffs);
557 goto done_mutex;
558 }
559
560 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
561
562 spin_unlock_irq(&ffs->ev.waitq.lock);
563
564 if (likely(len)) {
565 data = kmalloc(len, GFP_KERNEL);
566 if (unlikely(!data)) {
567 ret = -ENOMEM;
568 goto done_mutex;
569 }
570 }
571
572 spin_lock_irq(&ffs->ev.waitq.lock);
573
574
575 if (ffs_setup_state_clear_cancelled(ffs) ==
576 FFS_SETUP_CANCELLED) {
577 ret = -EIDRM;
578 break;
579 }
580
581
582 ret = __ffs_ep0_queue_wait(ffs, data, len);
583 if (likely(ret > 0) && unlikely(copy_to_user(buf, data, len)))
584 ret = -EFAULT;
585 goto done_mutex;
586
587 default:
588 ret = -EBADFD;
589 break;
590 }
591
592 spin_unlock_irq(&ffs->ev.waitq.lock);
593done_mutex:
594 mutex_unlock(&ffs->mutex);
595 kfree(data);
596 return ret;
597}
598
599static int ffs_ep0_open(struct inode *inode, struct file *file)
600{
601 struct ffs_data *ffs = inode->i_private;
602
603 ENTER();
604
605 if (unlikely(ffs->state == FFS_CLOSING))
606 return -EBUSY;
607
608 file->private_data = ffs;
609 ffs_data_opened(ffs);
610
611 return 0;
612}
613
614static int ffs_ep0_release(struct inode *inode, struct file *file)
615{
616 struct ffs_data *ffs = file->private_data;
617
618 ENTER();
619
620 ffs_data_closed(ffs);
621
622 return 0;
623}
624
625static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
626{
627 struct ffs_data *ffs = file->private_data;
628 struct usb_gadget *gadget = ffs->gadget;
629 long ret;
630
631 ENTER();
632
633 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
634 struct ffs_function *func = ffs->func;
635 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
636 } else if (gadget && gadget->ops->ioctl) {
637 ret = gadget->ops->ioctl(gadget, code, value);
638 } else {
639 ret = -ENOTTY;
640 }
641
642 return ret;
643}
644
645static unsigned int ffs_ep0_poll(struct file *file, poll_table *wait)
646{
647 struct ffs_data *ffs = file->private_data;
648 unsigned int mask = POLLWRNORM;
649 int ret;
650
651 poll_wait(file, &ffs->ev.waitq, wait);
652
653 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
654 if (unlikely(ret < 0))
655 return mask;
656
657 switch (ffs->state) {
658 case FFS_READ_DESCRIPTORS:
659 case FFS_READ_STRINGS:
660 mask |= POLLOUT;
661 break;
662
663 case FFS_ACTIVE:
664 switch (ffs->setup_state) {
665 case FFS_NO_SETUP:
666 if (ffs->ev.count)
667 mask |= POLLIN;
668 break;
669
670 case FFS_SETUP_PENDING:
671 case FFS_SETUP_CANCELLED:
672 mask |= (POLLIN | POLLOUT);
673 break;
674 }
675 case FFS_CLOSING:
676 break;
677 case FFS_DEACTIVATED:
678 break;
679 }
680
681 mutex_unlock(&ffs->mutex);
682
683 return mask;
684}
685
686static const struct file_operations ffs_ep0_operations = {
687 .llseek = no_llseek,
688
689 .open = ffs_ep0_open,
690 .write = ffs_ep0_write,
691 .read = ffs_ep0_read,
692 .release = ffs_ep0_release,
693 .unlocked_ioctl = ffs_ep0_ioctl,
694 .poll = ffs_ep0_poll,
695};
696
697
698
699
700static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
701{
702 ENTER();
703 if (likely(req->context)) {
704 struct ffs_ep *ep = _ep->driver_data;
705 ep->status = req->status ? req->status : req->actual;
706 complete(req->context);
707 }
708}
709
710static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
711{
712 ssize_t ret = copy_to_iter(data, data_len, iter);
713 if (likely(ret == data_len))
714 return ret;
715
716 if (unlikely(iov_iter_count(iter)))
717 return -EFAULT;
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
747 "Align read buffer size to max packet size to avoid the problem.\n",
748 data_len, ret);
749
750 return ret;
751}
752
753static void ffs_user_copy_worker(struct work_struct *work)
754{
755 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
756 work);
757 int ret = io_data->req->status ? io_data->req->status :
758 io_data->req->actual;
759 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
760
761 if (io_data->read && ret > 0) {
762 use_mm(io_data->mm);
763 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
764 unuse_mm(io_data->mm);
765 }
766
767 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
768
769 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
770 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
771
772 usb_ep_free_request(io_data->ep, io_data->req);
773
774 if (io_data->read)
775 kfree(io_data->to_free);
776 kfree(io_data->buf);
777 kfree(io_data);
778}
779
780static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
781 struct usb_request *req)
782{
783 struct ffs_io_data *io_data = req->context;
784
785 ENTER();
786
787 INIT_WORK(&io_data->work, ffs_user_copy_worker);
788 schedule_work(&io_data->work);
789}
790
791static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
792{
793
794
795
796
797 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
798 if (buf && buf != READ_BUFFER_DROP)
799 kfree(buf);
800}
801
802
803static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
804 struct iov_iter *iter)
805{
806
807
808
809
810
811 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
812 ssize_t ret;
813 if (!buf || buf == READ_BUFFER_DROP)
814 return 0;
815
816 ret = copy_to_iter(buf->data, buf->length, iter);
817 if (buf->length == ret) {
818 kfree(buf);
819 return ret;
820 }
821
822 if (unlikely(iov_iter_count(iter))) {
823 ret = -EFAULT;
824 } else {
825 buf->length -= ret;
826 buf->data += ret;
827 }
828
829 if (cmpxchg(&epfile->read_buffer, NULL, buf))
830 kfree(buf);
831
832 return ret;
833}
834
835
836static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
837 void *data, int data_len,
838 struct iov_iter *iter)
839{
840 struct ffs_buffer *buf;
841
842 ssize_t ret = copy_to_iter(data, data_len, iter);
843 if (likely(data_len == ret))
844 return ret;
845
846 if (unlikely(iov_iter_count(iter)))
847 return -EFAULT;
848
849
850 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
851 data_len, ret);
852
853 data_len -= ret;
854 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
855 if (!buf)
856 return -ENOMEM;
857 buf->length = data_len;
858 buf->data = buf->storage;
859 memcpy(buf->storage, data + ret, data_len);
860
861
862
863
864
865
866
867 if (unlikely(cmpxchg(&epfile->read_buffer, NULL, buf)))
868 kfree(buf);
869
870 return ret;
871}
872
873static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
874{
875 struct ffs_epfile *epfile = file->private_data;
876 struct usb_request *req;
877 struct ffs_ep *ep;
878 char *data = NULL;
879 ssize_t ret, data_len = -EINVAL;
880 int halt;
881
882
883 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
884 return -ENODEV;
885
886
887 ep = epfile->ep;
888 if (!ep) {
889 if (file->f_flags & O_NONBLOCK)
890 return -EAGAIN;
891
892 ret = wait_event_interruptible(epfile->wait, (ep = epfile->ep));
893 if (ret)
894 return -EINTR;
895 }
896
897
898 halt = (!io_data->read == !epfile->in);
899 if (halt && epfile->isoc)
900 return -EINVAL;
901
902
903 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
904 if (unlikely(ret))
905 goto error;
906
907
908 if (!halt) {
909 struct usb_gadget *gadget;
910
911
912
913
914
915
916
917
918 if (!io_data->aio && io_data->read) {
919 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
920 if (ret)
921 goto error_mutex;
922 }
923
924
925
926
927
928
929 gadget = epfile->ffs->gadget;
930
931 spin_lock_irq(&epfile->ffs->eps_lock);
932
933 if (epfile->ep != ep) {
934 ret = -ESHUTDOWN;
935 goto error_lock;
936 }
937 data_len = iov_iter_count(&io_data->data);
938
939
940
941
942 if (io_data->read)
943 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
944 spin_unlock_irq(&epfile->ffs->eps_lock);
945
946 data = kmalloc(data_len, GFP_KERNEL);
947 if (unlikely(!data)) {
948 ret = -ENOMEM;
949 goto error_mutex;
950 }
951 if (!io_data->read &&
952 copy_from_iter(data, data_len, &io_data->data) != data_len) {
953 ret = -EFAULT;
954 goto error_mutex;
955 }
956 }
957
958 spin_lock_irq(&epfile->ffs->eps_lock);
959
960 if (epfile->ep != ep) {
961
962 ret = -ESHUTDOWN;
963 } else if (halt) {
964
965 if (likely(epfile->ep == ep) && !WARN_ON(!ep->ep))
966 usb_ep_set_halt(ep->ep);
967 ret = -EBADMSG;
968 } else if (unlikely(data_len == -EINVAL)) {
969
970
971
972
973
974
975
976
977
978
979
980 WARN(1, "%s: data_len == -EINVAL\n", __func__);
981 ret = -EINVAL;
982 } else if (!io_data->aio) {
983 DECLARE_COMPLETION_ONSTACK(done);
984 bool interrupted = false;
985
986 req = ep->req;
987 req->buf = data;
988 req->length = data_len;
989
990 req->context = &done;
991 req->complete = ffs_epfile_io_complete;
992
993 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
994 if (unlikely(ret < 0))
995 goto error_lock;
996
997 spin_unlock_irq(&epfile->ffs->eps_lock);
998
999 if (unlikely(wait_for_completion_interruptible(&done))) {
1000
1001
1002
1003
1004
1005
1006 usb_ep_dequeue(ep->ep, req);
1007 interrupted = ep->status < 0;
1008 }
1009
1010 if (interrupted)
1011 ret = -EINTR;
1012 else if (io_data->read && ep->status > 0)
1013 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1014 &io_data->data);
1015 else
1016 ret = ep->status;
1017 goto error_mutex;
1018 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_KERNEL))) {
1019 ret = -ENOMEM;
1020 } else {
1021 req->buf = data;
1022 req->length = data_len;
1023
1024 io_data->buf = data;
1025 io_data->ep = ep->ep;
1026 io_data->req = req;
1027 io_data->ffs = epfile->ffs;
1028
1029 req->context = io_data;
1030 req->complete = ffs_epfile_async_io_complete;
1031
1032 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1033 if (unlikely(ret)) {
1034 usb_ep_free_request(ep->ep, req);
1035 goto error_lock;
1036 }
1037
1038 ret = -EIOCBQUEUED;
1039
1040
1041
1042
1043 data = NULL;
1044 }
1045
1046error_lock:
1047 spin_unlock_irq(&epfile->ffs->eps_lock);
1048error_mutex:
1049 mutex_unlock(&epfile->mutex);
1050error:
1051 kfree(data);
1052 return ret;
1053}
1054
1055static int
1056ffs_epfile_open(struct inode *inode, struct file *file)
1057{
1058 struct ffs_epfile *epfile = inode->i_private;
1059
1060 ENTER();
1061
1062 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1063 return -ENODEV;
1064
1065 file->private_data = epfile;
1066 ffs_data_opened(epfile->ffs);
1067
1068 return 0;
1069}
1070
1071static int ffs_aio_cancel(struct kiocb *kiocb)
1072{
1073 struct ffs_io_data *io_data = kiocb->private;
1074 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1075 int value;
1076
1077 ENTER();
1078
1079 spin_lock_irq(&epfile->ffs->eps_lock);
1080
1081 if (likely(io_data && io_data->ep && io_data->req))
1082 value = usb_ep_dequeue(io_data->ep, io_data->req);
1083 else
1084 value = -EINVAL;
1085
1086 spin_unlock_irq(&epfile->ffs->eps_lock);
1087
1088 return value;
1089}
1090
1091static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
1092{
1093 struct ffs_io_data io_data, *p = &io_data;
1094 ssize_t res;
1095
1096 ENTER();
1097
1098 if (!is_sync_kiocb(kiocb)) {
1099 p = kmalloc(sizeof(io_data), GFP_KERNEL);
1100 if (unlikely(!p))
1101 return -ENOMEM;
1102 p->aio = true;
1103 } else {
1104 p->aio = false;
1105 }
1106
1107 p->read = false;
1108 p->kiocb = kiocb;
1109 p->data = *from;
1110 p->mm = current->mm;
1111
1112 kiocb->private = p;
1113
1114 if (p->aio)
1115 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1116
1117 res = ffs_epfile_io(kiocb->ki_filp, p);
1118 if (res == -EIOCBQUEUED)
1119 return res;
1120 if (p->aio)
1121 kfree(p);
1122 else
1123 *from = p->data;
1124 return res;
1125}
1126
1127static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
1128{
1129 struct ffs_io_data io_data, *p = &io_data;
1130 ssize_t res;
1131
1132 ENTER();
1133
1134 if (!is_sync_kiocb(kiocb)) {
1135 p = kmalloc(sizeof(io_data), GFP_KERNEL);
1136 if (unlikely(!p))
1137 return -ENOMEM;
1138 p->aio = true;
1139 } else {
1140 p->aio = false;
1141 }
1142
1143 p->read = true;
1144 p->kiocb = kiocb;
1145 if (p->aio) {
1146 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1147 if (!p->to_free) {
1148 kfree(p);
1149 return -ENOMEM;
1150 }
1151 } else {
1152 p->data = *to;
1153 p->to_free = NULL;
1154 }
1155 p->mm = current->mm;
1156
1157 kiocb->private = p;
1158
1159 if (p->aio)
1160 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1161
1162 res = ffs_epfile_io(kiocb->ki_filp, p);
1163 if (res == -EIOCBQUEUED)
1164 return res;
1165
1166 if (p->aio) {
1167 kfree(p->to_free);
1168 kfree(p);
1169 } else {
1170 *to = p->data;
1171 }
1172 return res;
1173}
1174
1175static int
1176ffs_epfile_release(struct inode *inode, struct file *file)
1177{
1178 struct ffs_epfile *epfile = inode->i_private;
1179
1180 ENTER();
1181
1182 __ffs_epfile_read_buffer_free(epfile);
1183 ffs_data_closed(epfile->ffs);
1184
1185 return 0;
1186}
1187
1188static long ffs_epfile_ioctl(struct file *file, unsigned code,
1189 unsigned long value)
1190{
1191 struct ffs_epfile *epfile = file->private_data;
1192 int ret;
1193
1194 ENTER();
1195
1196 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1197 return -ENODEV;
1198
1199 spin_lock_irq(&epfile->ffs->eps_lock);
1200 if (likely(epfile->ep)) {
1201 switch (code) {
1202 case FUNCTIONFS_FIFO_STATUS:
1203 ret = usb_ep_fifo_status(epfile->ep->ep);
1204 break;
1205 case FUNCTIONFS_FIFO_FLUSH:
1206 usb_ep_fifo_flush(epfile->ep->ep);
1207 ret = 0;
1208 break;
1209 case FUNCTIONFS_CLEAR_HALT:
1210 ret = usb_ep_clear_halt(epfile->ep->ep);
1211 break;
1212 case FUNCTIONFS_ENDPOINT_REVMAP:
1213 ret = epfile->ep->num;
1214 break;
1215 case FUNCTIONFS_ENDPOINT_DESC:
1216 {
1217 int desc_idx;
1218 struct usb_endpoint_descriptor *desc;
1219
1220 switch (epfile->ffs->gadget->speed) {
1221 case USB_SPEED_SUPER:
1222 desc_idx = 2;
1223 break;
1224 case USB_SPEED_HIGH:
1225 desc_idx = 1;
1226 break;
1227 default:
1228 desc_idx = 0;
1229 }
1230 desc = epfile->ep->descs[desc_idx];
1231
1232 spin_unlock_irq(&epfile->ffs->eps_lock);
1233 ret = copy_to_user((void *)value, desc, sizeof(*desc));
1234 if (ret)
1235 ret = -EFAULT;
1236 return ret;
1237 }
1238 default:
1239 ret = -ENOTTY;
1240 }
1241 } else {
1242 ret = -ENODEV;
1243 }
1244 spin_unlock_irq(&epfile->ffs->eps_lock);
1245
1246 return ret;
1247}
1248
1249static const struct file_operations ffs_epfile_operations = {
1250 .llseek = no_llseek,
1251
1252 .open = ffs_epfile_open,
1253 .write_iter = ffs_epfile_write_iter,
1254 .read_iter = ffs_epfile_read_iter,
1255 .release = ffs_epfile_release,
1256 .unlocked_ioctl = ffs_epfile_ioctl,
1257};
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267static struct inode *__must_check
1268ffs_sb_make_inode(struct super_block *sb, void *data,
1269 const struct file_operations *fops,
1270 const struct inode_operations *iops,
1271 struct ffs_file_perms *perms)
1272{
1273 struct inode *inode;
1274
1275 ENTER();
1276
1277 inode = new_inode(sb);
1278
1279 if (likely(inode)) {
1280 struct timespec ts = current_time(inode);
1281
1282 inode->i_ino = get_next_ino();
1283 inode->i_mode = perms->mode;
1284 inode->i_uid = perms->uid;
1285 inode->i_gid = perms->gid;
1286 inode->i_atime = ts;
1287 inode->i_mtime = ts;
1288 inode->i_ctime = ts;
1289 inode->i_private = data;
1290 if (fops)
1291 inode->i_fop = fops;
1292 if (iops)
1293 inode->i_op = iops;
1294 }
1295
1296 return inode;
1297}
1298
1299
1300static struct dentry *ffs_sb_create_file(struct super_block *sb,
1301 const char *name, void *data,
1302 const struct file_operations *fops)
1303{
1304 struct ffs_data *ffs = sb->s_fs_info;
1305 struct dentry *dentry;
1306 struct inode *inode;
1307
1308 ENTER();
1309
1310 dentry = d_alloc_name(sb->s_root, name);
1311 if (unlikely(!dentry))
1312 return NULL;
1313
1314 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1315 if (unlikely(!inode)) {
1316 dput(dentry);
1317 return NULL;
1318 }
1319
1320 d_add(dentry, inode);
1321 return dentry;
1322}
1323
1324
1325static const struct super_operations ffs_sb_operations = {
1326 .statfs = simple_statfs,
1327 .drop_inode = generic_delete_inode,
1328};
1329
1330struct ffs_sb_fill_data {
1331 struct ffs_file_perms perms;
1332 umode_t root_mode;
1333 const char *dev_name;
1334 bool no_disconnect;
1335 struct ffs_data *ffs_data;
1336};
1337
1338static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
1339{
1340 struct ffs_sb_fill_data *data = _data;
1341 struct inode *inode;
1342 struct ffs_data *ffs = data->ffs_data;
1343
1344 ENTER();
1345
1346 ffs->sb = sb;
1347 data->ffs_data = NULL;
1348 sb->s_fs_info = ffs;
1349 sb->s_blocksize = PAGE_SIZE;
1350 sb->s_blocksize_bits = PAGE_SHIFT;
1351 sb->s_magic = FUNCTIONFS_MAGIC;
1352 sb->s_op = &ffs_sb_operations;
1353 sb->s_time_gran = 1;
1354
1355
1356 data->perms.mode = data->root_mode;
1357 inode = ffs_sb_make_inode(sb, NULL,
1358 &simple_dir_operations,
1359 &simple_dir_inode_operations,
1360 &data->perms);
1361 sb->s_root = d_make_root(inode);
1362 if (unlikely(!sb->s_root))
1363 return -ENOMEM;
1364
1365
1366 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1367 &ffs_ep0_operations)))
1368 return -ENOMEM;
1369
1370 return 0;
1371}
1372
1373static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
1374{
1375 ENTER();
1376
1377 if (!opts || !*opts)
1378 return 0;
1379
1380 for (;;) {
1381 unsigned long value;
1382 char *eq, *comma;
1383
1384
1385 comma = strchr(opts, ',');
1386 if (comma)
1387 *comma = 0;
1388
1389
1390 eq = strchr(opts, '=');
1391 if (unlikely(!eq)) {
1392 pr_err("'=' missing in %s\n", opts);
1393 return -EINVAL;
1394 }
1395 *eq = 0;
1396
1397
1398 if (kstrtoul(eq + 1, 0, &value)) {
1399 pr_err("%s: invalid value: %s\n", opts, eq + 1);
1400 return -EINVAL;
1401 }
1402
1403
1404 switch (eq - opts) {
1405 case 13:
1406 if (!memcmp(opts, "no_disconnect", 13))
1407 data->no_disconnect = !!value;
1408 else
1409 goto invalid;
1410 break;
1411 case 5:
1412 if (!memcmp(opts, "rmode", 5))
1413 data->root_mode = (value & 0555) | S_IFDIR;
1414 else if (!memcmp(opts, "fmode", 5))
1415 data->perms.mode = (value & 0666) | S_IFREG;
1416 else
1417 goto invalid;
1418 break;
1419
1420 case 4:
1421 if (!memcmp(opts, "mode", 4)) {
1422 data->root_mode = (value & 0555) | S_IFDIR;
1423 data->perms.mode = (value & 0666) | S_IFREG;
1424 } else {
1425 goto invalid;
1426 }
1427 break;
1428
1429 case 3:
1430 if (!memcmp(opts, "uid", 3)) {
1431 data->perms.uid = make_kuid(current_user_ns(), value);
1432 if (!uid_valid(data->perms.uid)) {
1433 pr_err("%s: unmapped value: %lu\n", opts, value);
1434 return -EINVAL;
1435 }
1436 } else if (!memcmp(opts, "gid", 3)) {
1437 data->perms.gid = make_kgid(current_user_ns(), value);
1438 if (!gid_valid(data->perms.gid)) {
1439 pr_err("%s: unmapped value: %lu\n", opts, value);
1440 return -EINVAL;
1441 }
1442 } else {
1443 goto invalid;
1444 }
1445 break;
1446
1447 default:
1448invalid:
1449 pr_err("%s: invalid option\n", opts);
1450 return -EINVAL;
1451 }
1452
1453
1454 if (!comma)
1455 break;
1456 opts = comma + 1;
1457 }
1458
1459 return 0;
1460}
1461
1462
1463
1464static struct dentry *
1465ffs_fs_mount(struct file_system_type *t, int flags,
1466 const char *dev_name, void *opts)
1467{
1468 struct ffs_sb_fill_data data = {
1469 .perms = {
1470 .mode = S_IFREG | 0600,
1471 .uid = GLOBAL_ROOT_UID,
1472 .gid = GLOBAL_ROOT_GID,
1473 },
1474 .root_mode = S_IFDIR | 0500,
1475 .no_disconnect = false,
1476 };
1477 struct dentry *rv;
1478 int ret;
1479 void *ffs_dev;
1480 struct ffs_data *ffs;
1481
1482 ENTER();
1483
1484 ret = ffs_fs_parse_opts(&data, opts);
1485 if (unlikely(ret < 0))
1486 return ERR_PTR(ret);
1487
1488 ffs = ffs_data_new();
1489 if (unlikely(!ffs))
1490 return ERR_PTR(-ENOMEM);
1491 ffs->file_perms = data.perms;
1492 ffs->no_disconnect = data.no_disconnect;
1493
1494 ffs->dev_name = kstrdup(dev_name, GFP_KERNEL);
1495 if (unlikely(!ffs->dev_name)) {
1496 ffs_data_put(ffs);
1497 return ERR_PTR(-ENOMEM);
1498 }
1499
1500 ffs_dev = ffs_acquire_dev(dev_name);
1501 if (IS_ERR(ffs_dev)) {
1502 ffs_data_put(ffs);
1503 return ERR_CAST(ffs_dev);
1504 }
1505 ffs->private_data = ffs_dev;
1506 data.ffs_data = ffs;
1507
1508 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1509 if (IS_ERR(rv) && data.ffs_data) {
1510 ffs_release_dev(data.ffs_data);
1511 ffs_data_put(data.ffs_data);
1512 }
1513 return rv;
1514}
1515
1516static void
1517ffs_fs_kill_sb(struct super_block *sb)
1518{
1519 ENTER();
1520
1521 kill_litter_super(sb);
1522 if (sb->s_fs_info) {
1523 ffs_release_dev(sb->s_fs_info);
1524 ffs_data_closed(sb->s_fs_info);
1525 ffs_data_put(sb->s_fs_info);
1526 }
1527}
1528
1529static struct file_system_type ffs_fs_type = {
1530 .owner = THIS_MODULE,
1531 .name = "functionfs",
1532 .mount = ffs_fs_mount,
1533 .kill_sb = ffs_fs_kill_sb,
1534};
1535MODULE_ALIAS_FS("functionfs");
1536
1537
1538
1539
1540static int functionfs_init(void)
1541{
1542 int ret;
1543
1544 ENTER();
1545
1546 ret = register_filesystem(&ffs_fs_type);
1547 if (likely(!ret))
1548 pr_info("file system registered\n");
1549 else
1550 pr_err("failed registering file system (%d)\n", ret);
1551
1552 return ret;
1553}
1554
1555static void functionfs_cleanup(void)
1556{
1557 ENTER();
1558
1559 pr_info("unloading\n");
1560 unregister_filesystem(&ffs_fs_type);
1561}
1562
1563
1564
1565
1566static void ffs_data_clear(struct ffs_data *ffs);
1567static void ffs_data_reset(struct ffs_data *ffs);
1568
1569static void ffs_data_get(struct ffs_data *ffs)
1570{
1571 ENTER();
1572
1573 atomic_inc(&ffs->ref);
1574}
1575
1576static void ffs_data_opened(struct ffs_data *ffs)
1577{
1578 ENTER();
1579
1580 atomic_inc(&ffs->ref);
1581 if (atomic_add_return(1, &ffs->opened) == 1 &&
1582 ffs->state == FFS_DEACTIVATED) {
1583 ffs->state = FFS_CLOSING;
1584 ffs_data_reset(ffs);
1585 }
1586}
1587
1588static void ffs_data_put(struct ffs_data *ffs)
1589{
1590 ENTER();
1591
1592 if (unlikely(atomic_dec_and_test(&ffs->ref))) {
1593 pr_info("%s(): freeing\n", __func__);
1594 ffs_data_clear(ffs);
1595 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1596 waitqueue_active(&ffs->ep0req_completion.wait));
1597 kfree(ffs->dev_name);
1598 kfree(ffs);
1599 }
1600}
1601
1602static void ffs_data_closed(struct ffs_data *ffs)
1603{
1604 ENTER();
1605
1606 if (atomic_dec_and_test(&ffs->opened)) {
1607 if (ffs->no_disconnect) {
1608 ffs->state = FFS_DEACTIVATED;
1609 if (ffs->epfiles) {
1610 ffs_epfiles_destroy(ffs->epfiles,
1611 ffs->eps_count);
1612 ffs->epfiles = NULL;
1613 }
1614 if (ffs->setup_state == FFS_SETUP_PENDING)
1615 __ffs_ep0_stall(ffs);
1616 } else {
1617 ffs->state = FFS_CLOSING;
1618 ffs_data_reset(ffs);
1619 }
1620 }
1621 if (atomic_read(&ffs->opened) < 0) {
1622 ffs->state = FFS_CLOSING;
1623 ffs_data_reset(ffs);
1624 }
1625
1626 ffs_data_put(ffs);
1627}
1628
1629static struct ffs_data *ffs_data_new(void)
1630{
1631 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1632 if (unlikely(!ffs))
1633 return NULL;
1634
1635 ENTER();
1636
1637 atomic_set(&ffs->ref, 1);
1638 atomic_set(&ffs->opened, 0);
1639 ffs->state = FFS_READ_DESCRIPTORS;
1640 mutex_init(&ffs->mutex);
1641 spin_lock_init(&ffs->eps_lock);
1642 init_waitqueue_head(&ffs->ev.waitq);
1643 init_completion(&ffs->ep0req_completion);
1644
1645
1646 ffs->ev.can_stall = 1;
1647
1648 return ffs;
1649}
1650
1651static void ffs_data_clear(struct ffs_data *ffs)
1652{
1653 ENTER();
1654
1655 ffs_closed(ffs);
1656
1657 BUG_ON(ffs->gadget);
1658
1659 if (ffs->epfiles)
1660 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1661
1662 if (ffs->ffs_eventfd)
1663 eventfd_ctx_put(ffs->ffs_eventfd);
1664
1665 kfree(ffs->raw_descs_data);
1666 kfree(ffs->raw_strings);
1667 kfree(ffs->stringtabs);
1668}
1669
1670static void ffs_data_reset(struct ffs_data *ffs)
1671{
1672 ENTER();
1673
1674 ffs_data_clear(ffs);
1675
1676 ffs->epfiles = NULL;
1677 ffs->raw_descs_data = NULL;
1678 ffs->raw_descs = NULL;
1679 ffs->raw_strings = NULL;
1680 ffs->stringtabs = NULL;
1681
1682 ffs->raw_descs_length = 0;
1683 ffs->fs_descs_count = 0;
1684 ffs->hs_descs_count = 0;
1685 ffs->ss_descs_count = 0;
1686
1687 ffs->strings_count = 0;
1688 ffs->interfaces_count = 0;
1689 ffs->eps_count = 0;
1690
1691 ffs->ev.count = 0;
1692
1693 ffs->state = FFS_READ_DESCRIPTORS;
1694 ffs->setup_state = FFS_NO_SETUP;
1695 ffs->flags = 0;
1696}
1697
1698
1699static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1700{
1701 struct usb_gadget_strings **lang;
1702 int first_id;
1703
1704 ENTER();
1705
1706 if (WARN_ON(ffs->state != FFS_ACTIVE
1707 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1708 return -EBADFD;
1709
1710 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1711 if (unlikely(first_id < 0))
1712 return first_id;
1713
1714 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1715 if (unlikely(!ffs->ep0req))
1716 return -ENOMEM;
1717 ffs->ep0req->complete = ffs_ep0_complete;
1718 ffs->ep0req->context = ffs;
1719
1720 lang = ffs->stringtabs;
1721 if (lang) {
1722 for (; *lang; ++lang) {
1723 struct usb_string *str = (*lang)->strings;
1724 int id = first_id;
1725 for (; str->s; ++id, ++str)
1726 str->id = id;
1727 }
1728 }
1729
1730 ffs->gadget = cdev->gadget;
1731 ffs_data_get(ffs);
1732 return 0;
1733}
1734
1735static void functionfs_unbind(struct ffs_data *ffs)
1736{
1737 ENTER();
1738
1739 if (!WARN_ON(!ffs->gadget)) {
1740 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1741 ffs->ep0req = NULL;
1742 ffs->gadget = NULL;
1743 clear_bit(FFS_FL_BOUND, &ffs->flags);
1744 ffs_data_put(ffs);
1745 }
1746}
1747
1748static int ffs_epfiles_create(struct ffs_data *ffs)
1749{
1750 struct ffs_epfile *epfile, *epfiles;
1751 unsigned i, count;
1752
1753 ENTER();
1754
1755 count = ffs->eps_count;
1756 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1757 if (!epfiles)
1758 return -ENOMEM;
1759
1760 epfile = epfiles;
1761 for (i = 1; i <= count; ++i, ++epfile) {
1762 epfile->ffs = ffs;
1763 mutex_init(&epfile->mutex);
1764 init_waitqueue_head(&epfile->wait);
1765 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1766 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1767 else
1768 sprintf(epfile->name, "ep%u", i);
1769 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1770 epfile,
1771 &ffs_epfile_operations);
1772 if (unlikely(!epfile->dentry)) {
1773 ffs_epfiles_destroy(epfiles, i - 1);
1774 return -ENOMEM;
1775 }
1776 }
1777
1778 ffs->epfiles = epfiles;
1779 return 0;
1780}
1781
1782static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1783{
1784 struct ffs_epfile *epfile = epfiles;
1785
1786 ENTER();
1787
1788 for (; count; --count, ++epfile) {
1789 BUG_ON(mutex_is_locked(&epfile->mutex) ||
1790 waitqueue_active(&epfile->wait));
1791 if (epfile->dentry) {
1792 d_delete(epfile->dentry);
1793 dput(epfile->dentry);
1794 epfile->dentry = NULL;
1795 }
1796 }
1797
1798 kfree(epfiles);
1799}
1800
1801static void ffs_func_eps_disable(struct ffs_function *func)
1802{
1803 struct ffs_ep *ep = func->eps;
1804 struct ffs_epfile *epfile = func->ffs->epfiles;
1805 unsigned count = func->ffs->eps_count;
1806 unsigned long flags;
1807
1808 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1809 do {
1810
1811 if (likely(ep->ep))
1812 usb_ep_disable(ep->ep);
1813 ++ep;
1814
1815 if (epfile) {
1816 epfile->ep = NULL;
1817 __ffs_epfile_read_buffer_free(epfile);
1818 ++epfile;
1819 }
1820 } while (--count);
1821 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1822}
1823
1824static int ffs_func_eps_enable(struct ffs_function *func)
1825{
1826 struct ffs_data *ffs = func->ffs;
1827 struct ffs_ep *ep = func->eps;
1828 struct ffs_epfile *epfile = ffs->epfiles;
1829 unsigned count = ffs->eps_count;
1830 unsigned long flags;
1831 int ret = 0;
1832
1833 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1834 do {
1835 struct usb_endpoint_descriptor *ds;
1836 int desc_idx;
1837
1838 if (ffs->gadget->speed == USB_SPEED_SUPER)
1839 desc_idx = 2;
1840 else if (ffs->gadget->speed == USB_SPEED_HIGH)
1841 desc_idx = 1;
1842 else
1843 desc_idx = 0;
1844
1845
1846 do {
1847 ds = ep->descs[desc_idx];
1848 } while (!ds && --desc_idx >= 0);
1849
1850 if (!ds) {
1851 ret = -EINVAL;
1852 break;
1853 }
1854
1855 ep->ep->driver_data = ep;
1856 ep->ep->desc = ds;
1857 ret = usb_ep_enable(ep->ep);
1858 if (likely(!ret)) {
1859 epfile->ep = ep;
1860 epfile->in = usb_endpoint_dir_in(ds);
1861 epfile->isoc = usb_endpoint_xfer_isoc(ds);
1862 } else {
1863 break;
1864 }
1865
1866 wake_up(&epfile->wait);
1867
1868 ++ep;
1869 ++epfile;
1870 } while (--count);
1871 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1872
1873 return ret;
1874}
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886enum ffs_entity_type {
1887 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1888};
1889
1890enum ffs_os_desc_type {
1891 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
1892};
1893
1894typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1895 u8 *valuep,
1896 struct usb_descriptor_header *desc,
1897 void *priv);
1898
1899typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
1900 struct usb_os_desc_header *h, void *data,
1901 unsigned len, void *priv);
1902
1903static int __must_check ffs_do_single_desc(char *data, unsigned len,
1904 ffs_entity_callback entity,
1905 void *priv)
1906{
1907 struct usb_descriptor_header *_ds = (void *)data;
1908 u8 length;
1909 int ret;
1910
1911 ENTER();
1912
1913
1914 if (len < 2) {
1915 pr_vdebug("descriptor too short\n");
1916 return -EINVAL;
1917 }
1918
1919
1920 length = _ds->bLength;
1921 if (len < length) {
1922 pr_vdebug("descriptor longer then available data\n");
1923 return -EINVAL;
1924 }
1925
1926#define __entity_check_INTERFACE(val) 1
1927#define __entity_check_STRING(val) (val)
1928#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1929#define __entity(type, val) do { \
1930 pr_vdebug("entity " #type "(%02x)\n", (val)); \
1931 if (unlikely(!__entity_check_ ##type(val))) { \
1932 pr_vdebug("invalid entity's value\n"); \
1933 return -EINVAL; \
1934 } \
1935 ret = entity(FFS_ ##type, &val, _ds, priv); \
1936 if (unlikely(ret < 0)) { \
1937 pr_debug("entity " #type "(%02x); ret = %d\n", \
1938 (val), ret); \
1939 return ret; \
1940 } \
1941 } while (0)
1942
1943
1944 switch (_ds->bDescriptorType) {
1945 case USB_DT_DEVICE:
1946 case USB_DT_CONFIG:
1947 case USB_DT_STRING:
1948 case USB_DT_DEVICE_QUALIFIER:
1949
1950 pr_vdebug("descriptor reserved for gadget: %d\n",
1951 _ds->bDescriptorType);
1952 return -EINVAL;
1953
1954 case USB_DT_INTERFACE: {
1955 struct usb_interface_descriptor *ds = (void *)_ds;
1956 pr_vdebug("interface descriptor\n");
1957 if (length != sizeof *ds)
1958 goto inv_length;
1959
1960 __entity(INTERFACE, ds->bInterfaceNumber);
1961 if (ds->iInterface)
1962 __entity(STRING, ds->iInterface);
1963 }
1964 break;
1965
1966 case USB_DT_ENDPOINT: {
1967 struct usb_endpoint_descriptor *ds = (void *)_ds;
1968 pr_vdebug("endpoint descriptor\n");
1969 if (length != USB_DT_ENDPOINT_SIZE &&
1970 length != USB_DT_ENDPOINT_AUDIO_SIZE)
1971 goto inv_length;
1972 __entity(ENDPOINT, ds->bEndpointAddress);
1973 }
1974 break;
1975
1976 case HID_DT_HID:
1977 pr_vdebug("hid descriptor\n");
1978 if (length != sizeof(struct hid_descriptor))
1979 goto inv_length;
1980 break;
1981
1982 case USB_DT_OTG:
1983 if (length != sizeof(struct usb_otg_descriptor))
1984 goto inv_length;
1985 break;
1986
1987 case USB_DT_INTERFACE_ASSOCIATION: {
1988 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
1989 pr_vdebug("interface association descriptor\n");
1990 if (length != sizeof *ds)
1991 goto inv_length;
1992 if (ds->iFunction)
1993 __entity(STRING, ds->iFunction);
1994 }
1995 break;
1996
1997 case USB_DT_SS_ENDPOINT_COMP:
1998 pr_vdebug("EP SS companion descriptor\n");
1999 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2000 goto inv_length;
2001 break;
2002
2003 case USB_DT_OTHER_SPEED_CONFIG:
2004 case USB_DT_INTERFACE_POWER:
2005 case USB_DT_DEBUG:
2006 case USB_DT_SECURITY:
2007 case USB_DT_CS_RADIO_CONTROL:
2008
2009 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2010 return -EINVAL;
2011
2012 default:
2013
2014 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2015 return -EINVAL;
2016
2017inv_length:
2018 pr_vdebug("invalid length: %d (descriptor %d)\n",
2019 _ds->bLength, _ds->bDescriptorType);
2020 return -EINVAL;
2021 }
2022
2023#undef __entity
2024#undef __entity_check_DESCRIPTOR
2025#undef __entity_check_INTERFACE
2026#undef __entity_check_STRING
2027#undef __entity_check_ENDPOINT
2028
2029 return length;
2030}
2031
2032static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2033 ffs_entity_callback entity, void *priv)
2034{
2035 const unsigned _len = len;
2036 unsigned long num = 0;
2037
2038 ENTER();
2039
2040 for (;;) {
2041 int ret;
2042
2043 if (num == count)
2044 data = NULL;
2045
2046
2047 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2048 if (unlikely(ret < 0)) {
2049 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2050 num, ret);
2051 return ret;
2052 }
2053
2054 if (!data)
2055 return _len - len;
2056
2057 ret = ffs_do_single_desc(data, len, entity, priv);
2058 if (unlikely(ret < 0)) {
2059 pr_debug("%s returns %d\n", __func__, ret);
2060 return ret;
2061 }
2062
2063 len -= ret;
2064 data += ret;
2065 ++num;
2066 }
2067}
2068
2069static int __ffs_data_do_entity(enum ffs_entity_type type,
2070 u8 *valuep, struct usb_descriptor_header *desc,
2071 void *priv)
2072{
2073 struct ffs_desc_helper *helper = priv;
2074 struct usb_endpoint_descriptor *d;
2075
2076 ENTER();
2077
2078 switch (type) {
2079 case FFS_DESCRIPTOR:
2080 break;
2081
2082 case FFS_INTERFACE:
2083
2084
2085
2086
2087
2088 if (*valuep >= helper->interfaces_count)
2089 helper->interfaces_count = *valuep + 1;
2090 break;
2091
2092 case FFS_STRING:
2093
2094
2095
2096
2097 if (*valuep > helper->ffs->strings_count)
2098 helper->ffs->strings_count = *valuep;
2099 break;
2100
2101 case FFS_ENDPOINT:
2102 d = (void *)desc;
2103 helper->eps_count++;
2104 if (helper->eps_count >= 15)
2105 return -EINVAL;
2106
2107 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2108 helper->ffs->eps_addrmap[helper->eps_count] =
2109 d->bEndpointAddress;
2110 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2111 d->bEndpointAddress)
2112 return -EINVAL;
2113 break;
2114 }
2115
2116 return 0;
2117}
2118
2119static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2120 struct usb_os_desc_header *desc)
2121{
2122 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2123 u16 w_index = le16_to_cpu(desc->wIndex);
2124
2125 if (bcd_version != 1) {
2126 pr_vdebug("unsupported os descriptors version: %d",
2127 bcd_version);
2128 return -EINVAL;
2129 }
2130 switch (w_index) {
2131 case 0x4:
2132 *next_type = FFS_OS_DESC_EXT_COMPAT;
2133 break;
2134 case 0x5:
2135 *next_type = FFS_OS_DESC_EXT_PROP;
2136 break;
2137 default:
2138 pr_vdebug("unsupported os descriptor type: %d", w_index);
2139 return -EINVAL;
2140 }
2141
2142 return sizeof(*desc);
2143}
2144
2145
2146
2147
2148
2149static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2150 enum ffs_os_desc_type type,
2151 u16 feature_count,
2152 ffs_os_desc_callback entity,
2153 void *priv,
2154 struct usb_os_desc_header *h)
2155{
2156 int ret;
2157 const unsigned _len = len;
2158
2159 ENTER();
2160
2161
2162 while (feature_count--) {
2163 ret = entity(type, h, data, len, priv);
2164 if (unlikely(ret < 0)) {
2165 pr_debug("bad OS descriptor, type: %d\n", type);
2166 return ret;
2167 }
2168 data += ret;
2169 len -= ret;
2170 }
2171 return _len - len;
2172}
2173
2174
2175static int __must_check ffs_do_os_descs(unsigned count,
2176 char *data, unsigned len,
2177 ffs_os_desc_callback entity, void *priv)
2178{
2179 const unsigned _len = len;
2180 unsigned long num = 0;
2181
2182 ENTER();
2183
2184 for (num = 0; num < count; ++num) {
2185 int ret;
2186 enum ffs_os_desc_type type;
2187 u16 feature_count;
2188 struct usb_os_desc_header *desc = (void *)data;
2189
2190 if (len < sizeof(*desc))
2191 return -EINVAL;
2192
2193
2194
2195
2196
2197
2198
2199
2200 if (le32_to_cpu(desc->dwLength) > len)
2201 return -EINVAL;
2202
2203 ret = __ffs_do_os_desc_header(&type, desc);
2204 if (unlikely(ret < 0)) {
2205 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2206 num, ret);
2207 return ret;
2208 }
2209
2210
2211
2212 feature_count = le16_to_cpu(desc->wCount);
2213 if (type == FFS_OS_DESC_EXT_COMPAT &&
2214 (feature_count > 255 || desc->Reserved))
2215 return -EINVAL;
2216 len -= ret;
2217 data += ret;
2218
2219
2220
2221
2222
2223 ret = ffs_do_single_os_desc(data, len, type,
2224 feature_count, entity, priv, desc);
2225 if (unlikely(ret < 0)) {
2226 pr_debug("%s returns %d\n", __func__, ret);
2227 return ret;
2228 }
2229
2230 len -= ret;
2231 data += ret;
2232 }
2233 return _len - len;
2234}
2235
2236
2237
2238
2239static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2240 struct usb_os_desc_header *h, void *data,
2241 unsigned len, void *priv)
2242{
2243 struct ffs_data *ffs = priv;
2244 u8 length;
2245
2246 ENTER();
2247
2248 switch (type) {
2249 case FFS_OS_DESC_EXT_COMPAT: {
2250 struct usb_ext_compat_desc *d = data;
2251 int i;
2252
2253 if (len < sizeof(*d) ||
2254 d->bFirstInterfaceNumber >= ffs->interfaces_count ||
2255 !d->Reserved1)
2256 return -EINVAL;
2257 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2258 if (d->Reserved2[i])
2259 return -EINVAL;
2260
2261 length = sizeof(struct usb_ext_compat_desc);
2262 }
2263 break;
2264 case FFS_OS_DESC_EXT_PROP: {
2265 struct usb_ext_prop_desc *d = data;
2266 u32 type, pdl;
2267 u16 pnl;
2268
2269 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2270 return -EINVAL;
2271 length = le32_to_cpu(d->dwSize);
2272 type = le32_to_cpu(d->dwPropertyDataType);
2273 if (type < USB_EXT_PROP_UNICODE ||
2274 type > USB_EXT_PROP_UNICODE_MULTI) {
2275 pr_vdebug("unsupported os descriptor property type: %d",
2276 type);
2277 return -EINVAL;
2278 }
2279 pnl = le16_to_cpu(d->wPropertyNameLength);
2280 pdl = le32_to_cpu(*(u32 *)((u8 *)data + 10 + pnl));
2281 if (length != 14 + pnl + pdl) {
2282 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2283 length, pnl, pdl, type);
2284 return -EINVAL;
2285 }
2286 ++ffs->ms_os_descs_ext_prop_count;
2287
2288 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2289 ffs->ms_os_descs_ext_prop_data_len += pdl;
2290 }
2291 break;
2292 default:
2293 pr_vdebug("unknown descriptor: %d\n", type);
2294 return -EINVAL;
2295 }
2296 return length;
2297}
2298
2299static int __ffs_data_got_descs(struct ffs_data *ffs,
2300 char *const _data, size_t len)
2301{
2302 char *data = _data, *raw_descs;
2303 unsigned os_descs_count = 0, counts[3], flags;
2304 int ret = -EINVAL, i;
2305 struct ffs_desc_helper helper;
2306
2307 ENTER();
2308
2309 if (get_unaligned_le32(data + 4) != len)
2310 goto error;
2311
2312 switch (get_unaligned_le32(data)) {
2313 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2314 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2315 data += 8;
2316 len -= 8;
2317 break;
2318 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2319 flags = get_unaligned_le32(data + 8);
2320 ffs->user_flags = flags;
2321 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2322 FUNCTIONFS_HAS_HS_DESC |
2323 FUNCTIONFS_HAS_SS_DESC |
2324 FUNCTIONFS_HAS_MS_OS_DESC |
2325 FUNCTIONFS_VIRTUAL_ADDR |
2326 FUNCTIONFS_EVENTFD |
2327 FUNCTIONFS_ALL_CTRL_RECIP |
2328 FUNCTIONFS_CONFIG0_SETUP)) {
2329 ret = -ENOSYS;
2330 goto error;
2331 }
2332 data += 12;
2333 len -= 12;
2334 break;
2335 default:
2336 goto error;
2337 }
2338
2339 if (flags & FUNCTIONFS_EVENTFD) {
2340 if (len < 4)
2341 goto error;
2342 ffs->ffs_eventfd =
2343 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2344 if (IS_ERR(ffs->ffs_eventfd)) {
2345 ret = PTR_ERR(ffs->ffs_eventfd);
2346 ffs->ffs_eventfd = NULL;
2347 goto error;
2348 }
2349 data += 4;
2350 len -= 4;
2351 }
2352
2353
2354 for (i = 0; i < 3; ++i) {
2355 if (!(flags & (1 << i))) {
2356 counts[i] = 0;
2357 } else if (len < 4) {
2358 goto error;
2359 } else {
2360 counts[i] = get_unaligned_le32(data);
2361 data += 4;
2362 len -= 4;
2363 }
2364 }
2365 if (flags & (1 << i)) {
2366 os_descs_count = get_unaligned_le32(data);
2367 data += 4;
2368 len -= 4;
2369 };
2370
2371
2372 raw_descs = data;
2373 helper.ffs = ffs;
2374 for (i = 0; i < 3; ++i) {
2375 if (!counts[i])
2376 continue;
2377 helper.interfaces_count = 0;
2378 helper.eps_count = 0;
2379 ret = ffs_do_descs(counts[i], data, len,
2380 __ffs_data_do_entity, &helper);
2381 if (ret < 0)
2382 goto error;
2383 if (!ffs->eps_count && !ffs->interfaces_count) {
2384 ffs->eps_count = helper.eps_count;
2385 ffs->interfaces_count = helper.interfaces_count;
2386 } else {
2387 if (ffs->eps_count != helper.eps_count) {
2388 ret = -EINVAL;
2389 goto error;
2390 }
2391 if (ffs->interfaces_count != helper.interfaces_count) {
2392 ret = -EINVAL;
2393 goto error;
2394 }
2395 }
2396 data += ret;
2397 len -= ret;
2398 }
2399 if (os_descs_count) {
2400 ret = ffs_do_os_descs(os_descs_count, data, len,
2401 __ffs_data_do_os_desc, ffs);
2402 if (ret < 0)
2403 goto error;
2404 data += ret;
2405 len -= ret;
2406 }
2407
2408 if (raw_descs == data || len) {
2409 ret = -EINVAL;
2410 goto error;
2411 }
2412
2413 ffs->raw_descs_data = _data;
2414 ffs->raw_descs = raw_descs;
2415 ffs->raw_descs_length = data - raw_descs;
2416 ffs->fs_descs_count = counts[0];
2417 ffs->hs_descs_count = counts[1];
2418 ffs->ss_descs_count = counts[2];
2419 ffs->ms_os_descs_count = os_descs_count;
2420
2421 return 0;
2422
2423error:
2424 kfree(_data);
2425 return ret;
2426}
2427
2428static int __ffs_data_got_strings(struct ffs_data *ffs,
2429 char *const _data, size_t len)
2430{
2431 u32 str_count, needed_count, lang_count;
2432 struct usb_gadget_strings **stringtabs, *t;
2433 const char *data = _data;
2434 struct usb_string *s;
2435
2436 ENTER();
2437
2438 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2439 get_unaligned_le32(data + 4) != len))
2440 goto error;
2441 str_count = get_unaligned_le32(data + 8);
2442 lang_count = get_unaligned_le32(data + 12);
2443
2444
2445 if (unlikely(!str_count != !lang_count))
2446 goto error;
2447
2448
2449 needed_count = ffs->strings_count;
2450 if (unlikely(str_count < needed_count))
2451 goto error;
2452
2453
2454
2455
2456
2457 if (!needed_count) {
2458 kfree(_data);
2459 return 0;
2460 }
2461
2462
2463 {
2464 unsigned i = 0;
2465 vla_group(d);
2466 vla_item(d, struct usb_gadget_strings *, stringtabs,
2467 lang_count + 1);
2468 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2469 vla_item(d, struct usb_string, strings,
2470 lang_count*(needed_count+1));
2471
2472 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2473
2474 if (unlikely(!vlabuf)) {
2475 kfree(_data);
2476 return -ENOMEM;
2477 }
2478
2479
2480 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2481 t = vla_ptr(vlabuf, d, stringtab);
2482 i = lang_count;
2483 do {
2484 *stringtabs++ = t++;
2485 } while (--i);
2486 *stringtabs = NULL;
2487
2488
2489 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2490 t = vla_ptr(vlabuf, d, stringtab);
2491 s = vla_ptr(vlabuf, d, strings);
2492 }
2493
2494
2495 data += 16;
2496 len -= 16;
2497
2498 do {
2499 unsigned needed = needed_count;
2500
2501 if (unlikely(len < 3))
2502 goto error_free;
2503 t->language = get_unaligned_le16(data);
2504 t->strings = s;
2505 ++t;
2506
2507 data += 2;
2508 len -= 2;
2509
2510
2511 do {
2512 size_t length = strnlen(data, len);
2513
2514 if (unlikely(length == len))
2515 goto error_free;
2516
2517
2518
2519
2520
2521
2522 if (likely(needed)) {
2523
2524
2525
2526
2527
2528 s->s = data;
2529 --needed;
2530 ++s;
2531 }
2532
2533 data += length + 1;
2534 len -= length + 1;
2535 } while (--str_count);
2536
2537 s->id = 0;
2538 s->s = NULL;
2539 ++s;
2540
2541 } while (--lang_count);
2542
2543
2544 if (unlikely(len))
2545 goto error_free;
2546
2547
2548 ffs->stringtabs = stringtabs;
2549 ffs->raw_strings = _data;
2550
2551 return 0;
2552
2553error_free:
2554 kfree(stringtabs);
2555error:
2556 kfree(_data);
2557 return -EINVAL;
2558}
2559
2560
2561
2562
2563static void __ffs_event_add(struct ffs_data *ffs,
2564 enum usb_functionfs_event_type type)
2565{
2566 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2567 int neg = 0;
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577 if (ffs->setup_state == FFS_SETUP_PENDING)
2578 ffs->setup_state = FFS_SETUP_CANCELLED;
2579
2580
2581
2582
2583
2584
2585
2586
2587 switch (type) {
2588 case FUNCTIONFS_RESUME:
2589 rem_type2 = FUNCTIONFS_SUSPEND;
2590
2591 case FUNCTIONFS_SUSPEND:
2592 case FUNCTIONFS_SETUP:
2593 rem_type1 = type;
2594
2595 break;
2596
2597 case FUNCTIONFS_BIND:
2598 case FUNCTIONFS_UNBIND:
2599 case FUNCTIONFS_DISABLE:
2600 case FUNCTIONFS_ENABLE:
2601
2602 rem_type1 = FUNCTIONFS_SUSPEND;
2603 rem_type2 = FUNCTIONFS_RESUME;
2604 neg = 1;
2605 break;
2606
2607 default:
2608 WARN(1, "%d: unknown event, this should not happen\n", type);
2609 return;
2610 }
2611
2612 {
2613 u8 *ev = ffs->ev.types, *out = ev;
2614 unsigned n = ffs->ev.count;
2615 for (; n; --n, ++ev)
2616 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2617 *out++ = *ev;
2618 else
2619 pr_vdebug("purging event %d\n", *ev);
2620 ffs->ev.count = out - ffs->ev.types;
2621 }
2622
2623 pr_vdebug("adding event %d\n", type);
2624 ffs->ev.types[ffs->ev.count++] = type;
2625 wake_up_locked(&ffs->ev.waitq);
2626 if (ffs->ffs_eventfd)
2627 eventfd_signal(ffs->ffs_eventfd, 1);
2628}
2629
2630static void ffs_event_add(struct ffs_data *ffs,
2631 enum usb_functionfs_event_type type)
2632{
2633 unsigned long flags;
2634 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2635 __ffs_event_add(ffs, type);
2636 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2637}
2638
2639
2640
2641static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2642{
2643 int i;
2644
2645 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2646 if (ffs->eps_addrmap[i] == endpoint_address)
2647 return i;
2648 return -ENOENT;
2649}
2650
2651static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2652 struct usb_descriptor_header *desc,
2653 void *priv)
2654{
2655 struct usb_endpoint_descriptor *ds = (void *)desc;
2656 struct ffs_function *func = priv;
2657 struct ffs_ep *ffs_ep;
2658 unsigned ep_desc_id;
2659 int idx;
2660 static const char *speed_names[] = { "full", "high", "super" };
2661
2662 if (type != FFS_DESCRIPTOR)
2663 return 0;
2664
2665
2666
2667
2668
2669
2670
2671 if (func->function.ss_descriptors) {
2672 ep_desc_id = 2;
2673 func->function.ss_descriptors[(long)valuep] = desc;
2674 } else if (func->function.hs_descriptors) {
2675 ep_desc_id = 1;
2676 func->function.hs_descriptors[(long)valuep] = desc;
2677 } else {
2678 ep_desc_id = 0;
2679 func->function.fs_descriptors[(long)valuep] = desc;
2680 }
2681
2682 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2683 return 0;
2684
2685 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2686 if (idx < 0)
2687 return idx;
2688
2689 ffs_ep = func->eps + idx;
2690
2691 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2692 pr_err("two %sspeed descriptors for EP %d\n",
2693 speed_names[ep_desc_id],
2694 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2695 return -EINVAL;
2696 }
2697 ffs_ep->descs[ep_desc_id] = ds;
2698
2699 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2700 if (ffs_ep->ep) {
2701 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2702 if (!ds->wMaxPacketSize)
2703 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2704 } else {
2705 struct usb_request *req;
2706 struct usb_ep *ep;
2707 u8 bEndpointAddress;
2708
2709
2710
2711
2712
2713 bEndpointAddress = ds->bEndpointAddress;
2714 pr_vdebug("autoconfig\n");
2715 ep = usb_ep_autoconfig(func->gadget, ds);
2716 if (unlikely(!ep))
2717 return -ENOTSUPP;
2718 ep->driver_data = func->eps + idx;
2719
2720 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2721 if (unlikely(!req))
2722 return -ENOMEM;
2723
2724 ffs_ep->ep = ep;
2725 ffs_ep->req = req;
2726 func->eps_revmap[ds->bEndpointAddress &
2727 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2728
2729
2730
2731
2732 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2733 ds->bEndpointAddress = bEndpointAddress;
2734 }
2735 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2736
2737 return 0;
2738}
2739
2740static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2741 struct usb_descriptor_header *desc,
2742 void *priv)
2743{
2744 struct ffs_function *func = priv;
2745 unsigned idx;
2746 u8 newValue;
2747
2748 switch (type) {
2749 default:
2750 case FFS_DESCRIPTOR:
2751
2752 return 0;
2753
2754 case FFS_INTERFACE:
2755 idx = *valuep;
2756 if (func->interfaces_nums[idx] < 0) {
2757 int id = usb_interface_id(func->conf, &func->function);
2758 if (unlikely(id < 0))
2759 return id;
2760 func->interfaces_nums[idx] = id;
2761 }
2762 newValue = func->interfaces_nums[idx];
2763 break;
2764
2765 case FFS_STRING:
2766
2767 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2768 break;
2769
2770 case FFS_ENDPOINT:
2771
2772
2773
2774
2775 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2776 return 0;
2777
2778 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2779 if (unlikely(!func->eps[idx].ep))
2780 return -EINVAL;
2781
2782 {
2783 struct usb_endpoint_descriptor **descs;
2784 descs = func->eps[idx].descs;
2785 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2786 }
2787 break;
2788 }
2789
2790 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2791 *valuep = newValue;
2792 return 0;
2793}
2794
2795static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2796 struct usb_os_desc_header *h, void *data,
2797 unsigned len, void *priv)
2798{
2799 struct ffs_function *func = priv;
2800 u8 length = 0;
2801
2802 switch (type) {
2803 case FFS_OS_DESC_EXT_COMPAT: {
2804 struct usb_ext_compat_desc *desc = data;
2805 struct usb_os_desc_table *t;
2806
2807 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2808 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2809 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2810 ARRAY_SIZE(desc->CompatibleID) +
2811 ARRAY_SIZE(desc->SubCompatibleID));
2812 length = sizeof(*desc);
2813 }
2814 break;
2815 case FFS_OS_DESC_EXT_PROP: {
2816 struct usb_ext_prop_desc *desc = data;
2817 struct usb_os_desc_table *t;
2818 struct usb_os_desc_ext_prop *ext_prop;
2819 char *ext_prop_name;
2820 char *ext_prop_data;
2821
2822 t = &func->function.os_desc_table[h->interface];
2823 t->if_id = func->interfaces_nums[h->interface];
2824
2825 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2826 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2827
2828 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2829 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2830 ext_prop->data_len = le32_to_cpu(*(u32 *)
2831 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2832 length = ext_prop->name_len + ext_prop->data_len + 14;
2833
2834 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2835 func->ffs->ms_os_descs_ext_prop_name_avail +=
2836 ext_prop->name_len;
2837
2838 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2839 func->ffs->ms_os_descs_ext_prop_data_avail +=
2840 ext_prop->data_len;
2841 memcpy(ext_prop_data,
2842 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2843 ext_prop->data_len);
2844
2845 switch (ext_prop->type) {
2846 case USB_EXT_PROP_UNICODE:
2847 case USB_EXT_PROP_UNICODE_ENV:
2848 case USB_EXT_PROP_UNICODE_LINK:
2849 case USB_EXT_PROP_UNICODE_MULTI:
2850 ext_prop->data_len *= 2;
2851 break;
2852 }
2853 ext_prop->data = ext_prop_data;
2854
2855 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
2856 ext_prop->name_len);
2857
2858 ext_prop->name_len *= 2;
2859 ext_prop->name = ext_prop_name;
2860
2861 t->os_desc->ext_prop_len +=
2862 ext_prop->name_len + ext_prop->data_len + 14;
2863 ++t->os_desc->ext_prop_count;
2864 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
2865 }
2866 break;
2867 default:
2868 pr_vdebug("unknown descriptor: %d\n", type);
2869 }
2870
2871 return length;
2872}
2873
2874static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
2875 struct usb_configuration *c)
2876{
2877 struct ffs_function *func = ffs_func_from_usb(f);
2878 struct f_fs_opts *ffs_opts =
2879 container_of(f->fi, struct f_fs_opts, func_inst);
2880 int ret;
2881
2882 ENTER();
2883
2884
2885
2886
2887
2888
2889
2890
2891 if (!ffs_opts->no_configfs)
2892 ffs_dev_lock();
2893 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
2894 func->ffs = ffs_opts->dev->ffs_data;
2895 if (!ffs_opts->no_configfs)
2896 ffs_dev_unlock();
2897 if (ret)
2898 return ERR_PTR(ret);
2899
2900 func->conf = c;
2901 func->gadget = c->cdev->gadget;
2902
2903
2904
2905
2906
2907
2908
2909
2910 if (!ffs_opts->refcnt) {
2911 ret = functionfs_bind(func->ffs, c->cdev);
2912 if (ret)
2913 return ERR_PTR(ret);
2914 }
2915 ffs_opts->refcnt++;
2916 func->function.strings = func->ffs->stringtabs;
2917
2918 return ffs_opts;
2919}
2920
2921static int _ffs_func_bind(struct usb_configuration *c,
2922 struct usb_function *f)
2923{
2924 struct ffs_function *func = ffs_func_from_usb(f);
2925 struct ffs_data *ffs = func->ffs;
2926
2927 const int full = !!func->ffs->fs_descs_count;
2928 const int high = gadget_is_dualspeed(func->gadget) &&
2929 func->ffs->hs_descs_count;
2930 const int super = gadget_is_superspeed(func->gadget) &&
2931 func->ffs->ss_descs_count;
2932
2933 int fs_len, hs_len, ss_len, ret, i;
2934 struct ffs_ep *eps_ptr;
2935
2936
2937 vla_group(d);
2938 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
2939 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
2940 full ? ffs->fs_descs_count + 1 : 0);
2941 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
2942 high ? ffs->hs_descs_count + 1 : 0);
2943 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
2944 super ? ffs->ss_descs_count + 1 : 0);
2945 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
2946 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
2947 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2948 vla_item_with_sz(d, char[16], ext_compat,
2949 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2950 vla_item_with_sz(d, struct usb_os_desc, os_desc,
2951 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2952 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
2953 ffs->ms_os_descs_ext_prop_count);
2954 vla_item_with_sz(d, char, ext_prop_name,
2955 ffs->ms_os_descs_ext_prop_name_len);
2956 vla_item_with_sz(d, char, ext_prop_data,
2957 ffs->ms_os_descs_ext_prop_data_len);
2958 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
2959 char *vlabuf;
2960
2961 ENTER();
2962
2963
2964 if (unlikely(!(full | high | super)))
2965 return -ENOTSUPP;
2966
2967
2968 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
2969 if (unlikely(!vlabuf))
2970 return -ENOMEM;
2971
2972 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
2973 ffs->ms_os_descs_ext_prop_name_avail =
2974 vla_ptr(vlabuf, d, ext_prop_name);
2975 ffs->ms_os_descs_ext_prop_data_avail =
2976 vla_ptr(vlabuf, d, ext_prop_data);
2977
2978
2979 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
2980 ffs->raw_descs_length);
2981
2982 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
2983 eps_ptr = vla_ptr(vlabuf, d, eps);
2984 for (i = 0; i < ffs->eps_count; i++)
2985 eps_ptr[i].num = -1;
2986
2987
2988
2989
2990 func->eps = vla_ptr(vlabuf, d, eps);
2991 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
2992
2993
2994
2995
2996
2997
2998 if (likely(full)) {
2999 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3000 fs_len = ffs_do_descs(ffs->fs_descs_count,
3001 vla_ptr(vlabuf, d, raw_descs),
3002 d_raw_descs__sz,
3003 __ffs_func_bind_do_descs, func);
3004 if (unlikely(fs_len < 0)) {
3005 ret = fs_len;
3006 goto error;
3007 }
3008 } else {
3009 fs_len = 0;
3010 }
3011
3012 if (likely(high)) {
3013 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3014 hs_len = ffs_do_descs(ffs->hs_descs_count,
3015 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3016 d_raw_descs__sz - fs_len,
3017 __ffs_func_bind_do_descs, func);
3018 if (unlikely(hs_len < 0)) {
3019 ret = hs_len;
3020 goto error;
3021 }
3022 } else {
3023 hs_len = 0;
3024 }
3025
3026 if (likely(super)) {
3027 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
3028 ss_len = ffs_do_descs(ffs->ss_descs_count,
3029 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3030 d_raw_descs__sz - fs_len - hs_len,
3031 __ffs_func_bind_do_descs, func);
3032 if (unlikely(ss_len < 0)) {
3033 ret = ss_len;
3034 goto error;
3035 }
3036 } else {
3037 ss_len = 0;
3038 }
3039
3040
3041
3042
3043
3044
3045 ret = ffs_do_descs(ffs->fs_descs_count +
3046 (high ? ffs->hs_descs_count : 0) +
3047 (super ? ffs->ss_descs_count : 0),
3048 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3049 __ffs_func_bind_do_nums, func);
3050 if (unlikely(ret < 0))
3051 goto error;
3052
3053 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3054 if (c->cdev->use_os_string) {
3055 for (i = 0; i < ffs->interfaces_count; ++i) {
3056 struct usb_os_desc *desc;
3057
3058 desc = func->function.os_desc_table[i].os_desc =
3059 vla_ptr(vlabuf, d, os_desc) +
3060 i * sizeof(struct usb_os_desc);
3061 desc->ext_compat_id =
3062 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3063 INIT_LIST_HEAD(&desc->ext_prop);
3064 }
3065 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3066 vla_ptr(vlabuf, d, raw_descs) +
3067 fs_len + hs_len + ss_len,
3068 d_raw_descs__sz - fs_len - hs_len -
3069 ss_len,
3070 __ffs_func_bind_do_os_desc, func);
3071 if (unlikely(ret < 0))
3072 goto error;
3073 }
3074 func->function.os_desc_n =
3075 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3076
3077
3078 ffs_event_add(ffs, FUNCTIONFS_BIND);
3079 return 0;
3080
3081error:
3082
3083 return ret;
3084}
3085
3086static int ffs_func_bind(struct usb_configuration *c,
3087 struct usb_function *f)
3088{
3089 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3090 struct ffs_function *func = ffs_func_from_usb(f);
3091 int ret;
3092
3093 if (IS_ERR(ffs_opts))
3094 return PTR_ERR(ffs_opts);
3095
3096 ret = _ffs_func_bind(c, f);
3097 if (ret && !--ffs_opts->refcnt)
3098 functionfs_unbind(func->ffs);
3099
3100 return ret;
3101}
3102
3103
3104
3105
3106static void ffs_reset_work(struct work_struct *work)
3107{
3108 struct ffs_data *ffs = container_of(work,
3109 struct ffs_data, reset_work);
3110 ffs_data_reset(ffs);
3111}
3112
3113static int ffs_func_set_alt(struct usb_function *f,
3114 unsigned interface, unsigned alt)
3115{
3116 struct ffs_function *func = ffs_func_from_usb(f);
3117 struct ffs_data *ffs = func->ffs;
3118 int ret = 0, intf;
3119
3120 if (alt != (unsigned)-1) {
3121 intf = ffs_func_revmap_intf(func, interface);
3122 if (unlikely(intf < 0))
3123 return intf;
3124 }
3125
3126 if (ffs->func)
3127 ffs_func_eps_disable(ffs->func);
3128
3129 if (ffs->state == FFS_DEACTIVATED) {
3130 ffs->state = FFS_CLOSING;
3131 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3132 schedule_work(&ffs->reset_work);
3133 return -ENODEV;
3134 }
3135
3136 if (ffs->state != FFS_ACTIVE)
3137 return -ENODEV;
3138
3139 if (alt == (unsigned)-1) {
3140 ffs->func = NULL;
3141 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3142 return 0;
3143 }
3144
3145 ffs->func = func;
3146 ret = ffs_func_eps_enable(func);
3147 if (likely(ret >= 0))
3148 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3149 return ret;
3150}
3151
3152static void ffs_func_disable(struct usb_function *f)
3153{
3154 ffs_func_set_alt(f, 0, (unsigned)-1);
3155}
3156
3157static int ffs_func_setup(struct usb_function *f,
3158 const struct usb_ctrlrequest *creq)
3159{
3160 struct ffs_function *func = ffs_func_from_usb(f);
3161 struct ffs_data *ffs = func->ffs;
3162 unsigned long flags;
3163 int ret;
3164
3165 ENTER();
3166
3167 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3168 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3169 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3170 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3171 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183 if (ffs->state != FFS_ACTIVE)
3184 return -ENODEV;
3185
3186 switch (creq->bRequestType & USB_RECIP_MASK) {
3187 case USB_RECIP_INTERFACE:
3188 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3189 if (unlikely(ret < 0))
3190 return ret;
3191 break;
3192
3193 case USB_RECIP_ENDPOINT:
3194 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3195 if (unlikely(ret < 0))
3196 return ret;
3197 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3198 ret = func->ffs->eps_addrmap[ret];
3199 break;
3200
3201 default:
3202 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3203 ret = le16_to_cpu(creq->wIndex);
3204 else
3205 return -EOPNOTSUPP;
3206 }
3207
3208 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3209 ffs->ev.setup = *creq;
3210 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3211 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3212 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3213
3214 return 0;
3215}
3216
3217static bool ffs_func_req_match(struct usb_function *f,
3218 const struct usb_ctrlrequest *creq,
3219 bool config0)
3220{
3221 struct ffs_function *func = ffs_func_from_usb(f);
3222
3223 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3224 return false;
3225
3226 switch (creq->bRequestType & USB_RECIP_MASK) {
3227 case USB_RECIP_INTERFACE:
3228 return (ffs_func_revmap_intf(func,
3229 le16_to_cpu(creq->wIndex)) >= 0);
3230 case USB_RECIP_ENDPOINT:
3231 return (ffs_func_revmap_ep(func,
3232 le16_to_cpu(creq->wIndex)) >= 0);
3233 default:
3234 return (bool) (func->ffs->user_flags &
3235 FUNCTIONFS_ALL_CTRL_RECIP);
3236 }
3237}
3238
3239static void ffs_func_suspend(struct usb_function *f)
3240{
3241 ENTER();
3242 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3243}
3244
3245static void ffs_func_resume(struct usb_function *f)
3246{
3247 ENTER();
3248 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3249}
3250
3251
3252
3253
3254static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3255{
3256 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3257 return num ? num : -EDOM;
3258}
3259
3260static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3261{
3262 short *nums = func->interfaces_nums;
3263 unsigned count = func->ffs->interfaces_count;
3264
3265 for (; count; --count, ++nums) {
3266 if (*nums >= 0 && *nums == intf)
3267 return nums - func->interfaces_nums;
3268 }
3269
3270 return -EDOM;
3271}
3272
3273
3274
3275
3276static LIST_HEAD(ffs_devices);
3277
3278static struct ffs_dev *_ffs_do_find_dev(const char *name)
3279{
3280 struct ffs_dev *dev;
3281
3282 list_for_each_entry(dev, &ffs_devices, entry) {
3283 if (!dev->name || !name)
3284 continue;
3285 if (strcmp(dev->name, name) == 0)
3286 return dev;
3287 }
3288
3289 return NULL;
3290}
3291
3292
3293
3294
3295static struct ffs_dev *_ffs_get_single_dev(void)
3296{
3297 struct ffs_dev *dev;
3298
3299 if (list_is_singular(&ffs_devices)) {
3300 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3301 if (dev->single)
3302 return dev;
3303 }
3304
3305 return NULL;
3306}
3307
3308
3309
3310
3311static struct ffs_dev *_ffs_find_dev(const char *name)
3312{
3313 struct ffs_dev *dev;
3314
3315 dev = _ffs_get_single_dev();
3316 if (dev)
3317 return dev;
3318
3319 return _ffs_do_find_dev(name);
3320}
3321
3322
3323
3324static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3325{
3326 return container_of(to_config_group(item), struct f_fs_opts,
3327 func_inst.group);
3328}
3329
3330static void ffs_attr_release(struct config_item *item)
3331{
3332 struct f_fs_opts *opts = to_ffs_opts(item);
3333
3334 usb_put_function_instance(&opts->func_inst);
3335}
3336
3337static struct configfs_item_operations ffs_item_ops = {
3338 .release = ffs_attr_release,
3339};
3340
3341static struct config_item_type ffs_func_type = {
3342 .ct_item_ops = &ffs_item_ops,
3343 .ct_owner = THIS_MODULE,
3344};
3345
3346
3347
3348
3349static void ffs_free_inst(struct usb_function_instance *f)
3350{
3351 struct f_fs_opts *opts;
3352
3353 opts = to_f_fs_opts(f);
3354 ffs_dev_lock();
3355 _ffs_free_dev(opts->dev);
3356 ffs_dev_unlock();
3357 kfree(opts);
3358}
3359
3360#define MAX_INST_NAME_LEN 40
3361
3362static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3363{
3364 struct f_fs_opts *opts;
3365 char *ptr;
3366 const char *tmp;
3367 int name_len, ret;
3368
3369 name_len = strlen(name) + 1;
3370 if (name_len > MAX_INST_NAME_LEN)
3371 return -ENAMETOOLONG;
3372
3373 ptr = kstrndup(name, name_len, GFP_KERNEL);
3374 if (!ptr)
3375 return -ENOMEM;
3376
3377 opts = to_f_fs_opts(fi);
3378 tmp = NULL;
3379
3380 ffs_dev_lock();
3381
3382 tmp = opts->dev->name_allocated ? opts->dev->name : NULL;
3383 ret = _ffs_name_dev(opts->dev, ptr);
3384 if (ret) {
3385 kfree(ptr);
3386 ffs_dev_unlock();
3387 return ret;
3388 }
3389 opts->dev->name_allocated = true;
3390
3391 ffs_dev_unlock();
3392
3393 kfree(tmp);
3394
3395 return 0;
3396}
3397
3398static struct usb_function_instance *ffs_alloc_inst(void)
3399{
3400 struct f_fs_opts *opts;
3401 struct ffs_dev *dev;
3402
3403 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3404 if (!opts)
3405 return ERR_PTR(-ENOMEM);
3406
3407 opts->func_inst.set_inst_name = ffs_set_inst_name;
3408 opts->func_inst.free_func_inst = ffs_free_inst;
3409 ffs_dev_lock();
3410 dev = _ffs_alloc_dev();
3411 ffs_dev_unlock();
3412 if (IS_ERR(dev)) {
3413 kfree(opts);
3414 return ERR_CAST(dev);
3415 }
3416 opts->dev = dev;
3417 dev->opts = opts;
3418
3419 config_group_init_type_name(&opts->func_inst.group, "",
3420 &ffs_func_type);
3421 return &opts->func_inst;
3422}
3423
3424static void ffs_free(struct usb_function *f)
3425{
3426 kfree(ffs_func_from_usb(f));
3427}
3428
3429static void ffs_func_unbind(struct usb_configuration *c,
3430 struct usb_function *f)
3431{
3432 struct ffs_function *func = ffs_func_from_usb(f);
3433 struct ffs_data *ffs = func->ffs;
3434 struct f_fs_opts *opts =
3435 container_of(f->fi, struct f_fs_opts, func_inst);
3436 struct ffs_ep *ep = func->eps;
3437 unsigned count = ffs->eps_count;
3438 unsigned long flags;
3439
3440 ENTER();
3441 if (ffs->func == func) {
3442 ffs_func_eps_disable(func);
3443 ffs->func = NULL;
3444 }
3445
3446 if (!--opts->refcnt)
3447 functionfs_unbind(ffs);
3448
3449
3450 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3451 do {
3452 if (ep->ep && ep->req)
3453 usb_ep_free_request(ep->ep, ep->req);
3454 ep->req = NULL;
3455 ++ep;
3456 } while (--count);
3457 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3458 kfree(func->eps);
3459 func->eps = NULL;
3460
3461
3462
3463
3464 func->function.fs_descriptors = NULL;
3465 func->function.hs_descriptors = NULL;
3466 func->function.ss_descriptors = NULL;
3467 func->interfaces_nums = NULL;
3468
3469 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3470}
3471
3472static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3473{
3474 struct ffs_function *func;
3475
3476 ENTER();
3477
3478 func = kzalloc(sizeof(*func), GFP_KERNEL);
3479 if (unlikely(!func))
3480 return ERR_PTR(-ENOMEM);
3481
3482 func->function.name = "Function FS Gadget";
3483
3484 func->function.bind = ffs_func_bind;
3485 func->function.unbind = ffs_func_unbind;
3486 func->function.set_alt = ffs_func_set_alt;
3487 func->function.disable = ffs_func_disable;
3488 func->function.setup = ffs_func_setup;
3489 func->function.req_match = ffs_func_req_match;
3490 func->function.suspend = ffs_func_suspend;
3491 func->function.resume = ffs_func_resume;
3492 func->function.free_func = ffs_free;
3493
3494 return &func->function;
3495}
3496
3497
3498
3499
3500static struct ffs_dev *_ffs_alloc_dev(void)
3501{
3502 struct ffs_dev *dev;
3503 int ret;
3504
3505 if (_ffs_get_single_dev())
3506 return ERR_PTR(-EBUSY);
3507
3508 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3509 if (!dev)
3510 return ERR_PTR(-ENOMEM);
3511
3512 if (list_empty(&ffs_devices)) {
3513 ret = functionfs_init();
3514 if (ret) {
3515 kfree(dev);
3516 return ERR_PTR(ret);
3517 }
3518 }
3519
3520 list_add(&dev->entry, &ffs_devices);
3521
3522 return dev;
3523}
3524
3525
3526
3527
3528
3529static int _ffs_name_dev(struct ffs_dev *dev, const char *name)
3530{
3531 struct ffs_dev *existing;
3532
3533 existing = _ffs_do_find_dev(name);
3534 if (existing)
3535 return -EBUSY;
3536
3537 dev->name = name;
3538
3539 return 0;
3540}
3541
3542
3543
3544
3545int ffs_name_dev(struct ffs_dev *dev, const char *name)
3546{
3547 int ret;
3548
3549 ffs_dev_lock();
3550 ret = _ffs_name_dev(dev, name);
3551 ffs_dev_unlock();
3552
3553 return ret;
3554}
3555EXPORT_SYMBOL_GPL(ffs_name_dev);
3556
3557int ffs_single_dev(struct ffs_dev *dev)
3558{
3559 int ret;
3560
3561 ret = 0;
3562 ffs_dev_lock();
3563
3564 if (!list_is_singular(&ffs_devices))
3565 ret = -EBUSY;
3566 else
3567 dev->single = true;
3568
3569 ffs_dev_unlock();
3570 return ret;
3571}
3572EXPORT_SYMBOL_GPL(ffs_single_dev);
3573
3574
3575
3576
3577static void _ffs_free_dev(struct ffs_dev *dev)
3578{
3579 list_del(&dev->entry);
3580 if (dev->name_allocated)
3581 kfree(dev->name);
3582
3583
3584 if (dev->ffs_data)
3585 dev->ffs_data->private_data = NULL;
3586
3587 kfree(dev);
3588 if (list_empty(&ffs_devices))
3589 functionfs_cleanup();
3590}
3591
3592static void *ffs_acquire_dev(const char *dev_name)
3593{
3594 struct ffs_dev *ffs_dev;
3595
3596 ENTER();
3597 ffs_dev_lock();
3598
3599 ffs_dev = _ffs_find_dev(dev_name);
3600 if (!ffs_dev)
3601 ffs_dev = ERR_PTR(-ENOENT);
3602 else if (ffs_dev->mounted)
3603 ffs_dev = ERR_PTR(-EBUSY);
3604 else if (ffs_dev->ffs_acquire_dev_callback &&
3605 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
3606 ffs_dev = ERR_PTR(-ENOENT);
3607 else
3608 ffs_dev->mounted = true;
3609
3610 ffs_dev_unlock();
3611 return ffs_dev;
3612}
3613
3614static void ffs_release_dev(struct ffs_data *ffs_data)
3615{
3616 struct ffs_dev *ffs_dev;
3617
3618 ENTER();
3619 ffs_dev_lock();
3620
3621 ffs_dev = ffs_data->private_data;
3622 if (ffs_dev) {
3623 ffs_dev->mounted = false;
3624
3625 if (ffs_dev->ffs_release_dev_callback)
3626 ffs_dev->ffs_release_dev_callback(ffs_dev);
3627 }
3628
3629 ffs_dev_unlock();
3630}
3631
3632static int ffs_ready(struct ffs_data *ffs)
3633{
3634 struct ffs_dev *ffs_obj;
3635 int ret = 0;
3636
3637 ENTER();
3638 ffs_dev_lock();
3639
3640 ffs_obj = ffs->private_data;
3641 if (!ffs_obj) {
3642 ret = -EINVAL;
3643 goto done;
3644 }
3645 if (WARN_ON(ffs_obj->desc_ready)) {
3646 ret = -EBUSY;
3647 goto done;
3648 }
3649
3650 ffs_obj->desc_ready = true;
3651 ffs_obj->ffs_data = ffs;
3652
3653 if (ffs_obj->ffs_ready_callback) {
3654 ret = ffs_obj->ffs_ready_callback(ffs);
3655 if (ret)
3656 goto done;
3657 }
3658
3659 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3660done:
3661 ffs_dev_unlock();
3662 return ret;
3663}
3664
3665static void ffs_closed(struct ffs_data *ffs)
3666{
3667 struct ffs_dev *ffs_obj;
3668 struct f_fs_opts *opts;
3669
3670 ENTER();
3671 ffs_dev_lock();
3672
3673 ffs_obj = ffs->private_data;
3674 if (!ffs_obj)
3675 goto done;
3676
3677 ffs_obj->desc_ready = false;
3678
3679 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3680 ffs_obj->ffs_closed_callback)
3681 ffs_obj->ffs_closed_callback(ffs);
3682
3683 if (ffs_obj->opts)
3684 opts = ffs_obj->opts;
3685 else
3686 goto done;
3687
3688 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3689 || !atomic_read(&opts->func_inst.group.cg_item.ci_kref.refcount))
3690 goto done;
3691
3692 unregister_gadget_item(ffs_obj->opts->
3693 func_inst.group.cg_item.ci_parent->ci_parent);
3694done:
3695 ffs_dev_unlock();
3696}
3697
3698
3699
3700static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3701{
3702 return nonblock
3703 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3704 : mutex_lock_interruptible(mutex);
3705}
3706
3707static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3708{
3709 char *data;
3710
3711 if (unlikely(!len))
3712 return NULL;
3713
3714 data = kmalloc(len, GFP_KERNEL);
3715 if (unlikely(!data))
3716 return ERR_PTR(-ENOMEM);
3717
3718 if (unlikely(copy_from_user(data, buf, len))) {
3719 kfree(data);
3720 return ERR_PTR(-EFAULT);
3721 }
3722
3723 pr_vdebug("Buffer from user space:\n");
3724 ffs_dump_mem("", data, len);
3725
3726 return data;
3727}
3728
3729DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3730MODULE_LICENSE("GPL");
3731MODULE_AUTHOR("Michal Nazarewicz");
3732
