1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/blkdev.h>
18#include <linux/pagemap.h>
19#include <linux/export.h>
20#include <linux/fs_parser.h>
21#include <linux/hid.h>
22#include <linux/mm.h>
23#include <linux/module.h>
24#include <linux/scatterlist.h>
25#include <linux/sched/signal.h>
26#include <linux/uio.h>
27#include <linux/vmalloc.h>
28#include <asm/unaligned.h>
29
30#include <linux/usb/ccid.h>
31#include <linux/usb/composite.h>
32#include <linux/usb/functionfs.h>
33
34#include <linux/aio.h>
35#include <linux/kthread.h>
36#include <linux/poll.h>
37#include <linux/eventfd.h>
38
39#include "u_fs.h"
40#include "u_f.h"
41#include "u_os_desc.h"
42#include "configfs.h"
43
44#define FUNCTIONFS_MAGIC 0xa647361
45
46
47static void ffs_data_get(struct ffs_data *ffs);
48static void ffs_data_put(struct ffs_data *ffs);
49
50static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
51 __attribute__((malloc));
52
53
54static void ffs_data_opened(struct ffs_data *ffs);
55static void ffs_data_closed(struct ffs_data *ffs);
56
57
58static int __must_check
59__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
60static int __must_check
61__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
62
63
64
65
66struct ffs_ep;
67
68struct ffs_function {
69 struct usb_configuration *conf;
70 struct usb_gadget *gadget;
71 struct ffs_data *ffs;
72
73 struct ffs_ep *eps;
74 u8 eps_revmap[16];
75 short *interfaces_nums;
76
77 struct usb_function function;
78};
79
80
81static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
82{
83 return container_of(f, struct ffs_function, function);
84}
85
86
87static inline enum ffs_setup_state
88ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
89{
90 return (enum ffs_setup_state)
91 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
92}
93
94
95static void ffs_func_eps_disable(struct ffs_function *func);
96static int __must_check ffs_func_eps_enable(struct ffs_function *func);
97
98static int ffs_func_bind(struct usb_configuration *,
99 struct usb_function *);
100static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
101static void ffs_func_disable(struct usb_function *);
102static int ffs_func_setup(struct usb_function *,
103 const struct usb_ctrlrequest *);
104static bool ffs_func_req_match(struct usb_function *,
105 const struct usb_ctrlrequest *,
106 bool config0);
107static void ffs_func_suspend(struct usb_function *);
108static void ffs_func_resume(struct usb_function *);
109
110
111static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
112static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
113
114
115
116
117struct ffs_ep {
118 struct usb_ep *ep;
119 struct usb_request *req;
120
121
122 struct usb_endpoint_descriptor *descs[3];
123
124 u8 num;
125
126 int status;
127};
128
129struct ffs_epfile {
130
131 struct mutex mutex;
132
133 struct ffs_data *ffs;
134 struct ffs_ep *ep;
135
136 struct dentry *dentry;
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193 struct ffs_buffer *read_buffer;
194#define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
195
196 char name[5];
197
198 unsigned char in;
199 unsigned char isoc;
200
201 unsigned char _pad;
202};
203
204struct ffs_buffer {
205 size_t length;
206 char *data;
207 char storage[];
208};
209
210
211
212struct ffs_io_data {
213 bool aio;
214 bool read;
215
216 struct kiocb *kiocb;
217 struct iov_iter data;
218 const void *to_free;
219 char *buf;
220
221 struct mm_struct *mm;
222 struct work_struct work;
223
224 struct usb_ep *ep;
225 struct usb_request *req;
226 struct sg_table sgt;
227 bool use_sg;
228
229 struct ffs_data *ffs;
230};
231
232struct ffs_desc_helper {
233 struct ffs_data *ffs;
234 unsigned interfaces_count;
235 unsigned eps_count;
236};
237
238static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
239static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
240
241static struct dentry *
242ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
243 const struct file_operations *fops);
244
245
246
247DEFINE_MUTEX(ffs_lock);
248EXPORT_SYMBOL_GPL(ffs_lock);
249
250static struct ffs_dev *_ffs_find_dev(const char *name);
251static struct ffs_dev *_ffs_alloc_dev(void);
252static void _ffs_free_dev(struct ffs_dev *dev);
253static void *ffs_acquire_dev(const char *dev_name);
254static void ffs_release_dev(struct ffs_data *ffs_data);
255static int ffs_ready(struct ffs_data *ffs);
256static void ffs_closed(struct ffs_data *ffs);
257
258
259
260static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
261 __attribute__((warn_unused_result, nonnull));
262static char *ffs_prepare_buffer(const char __user *buf, size_t len)
263 __attribute__((warn_unused_result, nonnull));
264
265
266
267
268static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
269{
270 struct ffs_data *ffs = req->context;
271
272 complete(&ffs->ep0req_completion);
273}
274
275static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
276 __releases(&ffs->ev.waitq.lock)
277{
278 struct usb_request *req = ffs->ep0req;
279 int ret;
280
281 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
282
283 spin_unlock_irq(&ffs->ev.waitq.lock);
284
285 req->buf = data;
286 req->length = len;
287
288
289
290
291
292
293 if (req->buf == NULL)
294 req->buf = (void *)0xDEADBABE;
295
296 reinit_completion(&ffs->ep0req_completion);
297
298 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
299 if (unlikely(ret < 0))
300 return ret;
301
302 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
303 if (unlikely(ret)) {
304 usb_ep_dequeue(ffs->gadget->ep0, req);
305 return -EINTR;
306 }
307
308 ffs->setup_state = FFS_NO_SETUP;
309 return req->status ? req->status : req->actual;
310}
311
312static int __ffs_ep0_stall(struct ffs_data *ffs)
313{
314 if (ffs->ev.can_stall) {
315 pr_vdebug("ep0 stall\n");
316 usb_ep_set_halt(ffs->gadget->ep0);
317 ffs->setup_state = FFS_NO_SETUP;
318 return -EL2HLT;
319 } else {
320 pr_debug("bogus ep0 stall!\n");
321 return -ESRCH;
322 }
323}
324
325static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
326 size_t len, loff_t *ptr)
327{
328 struct ffs_data *ffs = file->private_data;
329 ssize_t ret;
330 char *data;
331
332 ENTER();
333
334
335 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
336 return -EIDRM;
337
338
339 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
340 if (unlikely(ret < 0))
341 return ret;
342
343
344 switch (ffs->state) {
345 case FFS_READ_DESCRIPTORS:
346 case FFS_READ_STRINGS:
347
348 if (unlikely(len < 16)) {
349 ret = -EINVAL;
350 break;
351 }
352
353 data = ffs_prepare_buffer(buf, len);
354 if (IS_ERR(data)) {
355 ret = PTR_ERR(data);
356 break;
357 }
358
359
360 if (ffs->state == FFS_READ_DESCRIPTORS) {
361 pr_info("read descriptors\n");
362 ret = __ffs_data_got_descs(ffs, data, len);
363 if (unlikely(ret < 0))
364 break;
365
366 ffs->state = FFS_READ_STRINGS;
367 ret = len;
368 } else {
369 pr_info("read strings\n");
370 ret = __ffs_data_got_strings(ffs, data, len);
371 if (unlikely(ret < 0))
372 break;
373
374 ret = ffs_epfiles_create(ffs);
375 if (unlikely(ret)) {
376 ffs->state = FFS_CLOSING;
377 break;
378 }
379
380 ffs->state = FFS_ACTIVE;
381 mutex_unlock(&ffs->mutex);
382
383 ret = ffs_ready(ffs);
384 if (unlikely(ret < 0)) {
385 ffs->state = FFS_CLOSING;
386 return ret;
387 }
388
389 return len;
390 }
391 break;
392
393 case FFS_ACTIVE:
394 data = NULL;
395
396
397
398
399 spin_lock_irq(&ffs->ev.waitq.lock);
400 switch (ffs_setup_state_clear_cancelled(ffs)) {
401 case FFS_SETUP_CANCELLED:
402 ret = -EIDRM;
403 goto done_spin;
404
405 case FFS_NO_SETUP:
406 ret = -ESRCH;
407 goto done_spin;
408
409 case FFS_SETUP_PENDING:
410 break;
411 }
412
413
414 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
415 spin_unlock_irq(&ffs->ev.waitq.lock);
416 ret = __ffs_ep0_stall(ffs);
417 break;
418 }
419
420
421 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
422
423 spin_unlock_irq(&ffs->ev.waitq.lock);
424
425 data = ffs_prepare_buffer(buf, len);
426 if (IS_ERR(data)) {
427 ret = PTR_ERR(data);
428 break;
429 }
430
431 spin_lock_irq(&ffs->ev.waitq.lock);
432
433
434
435
436
437
438
439
440
441
442
443
444
445 if (ffs_setup_state_clear_cancelled(ffs) ==
446 FFS_SETUP_CANCELLED) {
447 ret = -EIDRM;
448done_spin:
449 spin_unlock_irq(&ffs->ev.waitq.lock);
450 } else {
451
452 ret = __ffs_ep0_queue_wait(ffs, data, len);
453 }
454 kfree(data);
455 break;
456
457 default:
458 ret = -EBADFD;
459 break;
460 }
461
462 mutex_unlock(&ffs->mutex);
463 return ret;
464}
465
466
467static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
468 size_t n)
469 __releases(&ffs->ev.waitq.lock)
470{
471
472
473
474
475
476 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
477 const size_t size = n * sizeof *events;
478 unsigned i = 0;
479
480 memset(events, 0, size);
481
482 do {
483 events[i].type = ffs->ev.types[i];
484 if (events[i].type == FUNCTIONFS_SETUP) {
485 events[i].u.setup = ffs->ev.setup;
486 ffs->setup_state = FFS_SETUP_PENDING;
487 }
488 } while (++i < n);
489
490 ffs->ev.count -= n;
491 if (ffs->ev.count)
492 memmove(ffs->ev.types, ffs->ev.types + n,
493 ffs->ev.count * sizeof *ffs->ev.types);
494
495 spin_unlock_irq(&ffs->ev.waitq.lock);
496 mutex_unlock(&ffs->mutex);
497
498 return unlikely(copy_to_user(buf, events, size)) ? -EFAULT : size;
499}
500
501static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
502 size_t len, loff_t *ptr)
503{
504 struct ffs_data *ffs = file->private_data;
505 char *data = NULL;
506 size_t n;
507 int ret;
508
509 ENTER();
510
511
512 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
513 return -EIDRM;
514
515
516 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
517 if (unlikely(ret < 0))
518 return ret;
519
520
521 if (ffs->state != FFS_ACTIVE) {
522 ret = -EBADFD;
523 goto done_mutex;
524 }
525
526
527
528
529
530 spin_lock_irq(&ffs->ev.waitq.lock);
531
532 switch (ffs_setup_state_clear_cancelled(ffs)) {
533 case FFS_SETUP_CANCELLED:
534 ret = -EIDRM;
535 break;
536
537 case FFS_NO_SETUP:
538 n = len / sizeof(struct usb_functionfs_event);
539 if (unlikely(!n)) {
540 ret = -EINVAL;
541 break;
542 }
543
544 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
545 ret = -EAGAIN;
546 break;
547 }
548
549 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
550 ffs->ev.count)) {
551 ret = -EINTR;
552 break;
553 }
554
555
556 return __ffs_ep0_read_events(ffs, buf,
557 min(n, (size_t)ffs->ev.count));
558
559 case FFS_SETUP_PENDING:
560 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
561 spin_unlock_irq(&ffs->ev.waitq.lock);
562 ret = __ffs_ep0_stall(ffs);
563 goto done_mutex;
564 }
565
566 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
567
568 spin_unlock_irq(&ffs->ev.waitq.lock);
569
570 if (likely(len)) {
571 data = kmalloc(len, GFP_KERNEL);
572 if (unlikely(!data)) {
573 ret = -ENOMEM;
574 goto done_mutex;
575 }
576 }
577
578 spin_lock_irq(&ffs->ev.waitq.lock);
579
580
581 if (ffs_setup_state_clear_cancelled(ffs) ==
582 FFS_SETUP_CANCELLED) {
583 ret = -EIDRM;
584 break;
585 }
586
587
588 ret = __ffs_ep0_queue_wait(ffs, data, len);
589 if (likely(ret > 0) && unlikely(copy_to_user(buf, data, len)))
590 ret = -EFAULT;
591 goto done_mutex;
592
593 default:
594 ret = -EBADFD;
595 break;
596 }
597
598 spin_unlock_irq(&ffs->ev.waitq.lock);
599done_mutex:
600 mutex_unlock(&ffs->mutex);
601 kfree(data);
602 return ret;
603}
604
605static int ffs_ep0_open(struct inode *inode, struct file *file)
606{
607 struct ffs_data *ffs = inode->i_private;
608
609 ENTER();
610
611 if (unlikely(ffs->state == FFS_CLOSING))
612 return -EBUSY;
613
614 file->private_data = ffs;
615 ffs_data_opened(ffs);
616
617 return 0;
618}
619
620static int ffs_ep0_release(struct inode *inode, struct file *file)
621{
622 struct ffs_data *ffs = file->private_data;
623
624 ENTER();
625
626 ffs_data_closed(ffs);
627
628 return 0;
629}
630
631static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
632{
633 struct ffs_data *ffs = file->private_data;
634 struct usb_gadget *gadget = ffs->gadget;
635 long ret;
636
637 ENTER();
638
639 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
640 struct ffs_function *func = ffs->func;
641 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
642 } else if (gadget && gadget->ops->ioctl) {
643 ret = gadget->ops->ioctl(gadget, code, value);
644 } else {
645 ret = -ENOTTY;
646 }
647
648 return ret;
649}
650
651static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
652{
653 struct ffs_data *ffs = file->private_data;
654 __poll_t mask = EPOLLWRNORM;
655 int ret;
656
657 poll_wait(file, &ffs->ev.waitq, wait);
658
659 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
660 if (unlikely(ret < 0))
661 return mask;
662
663 switch (ffs->state) {
664 case FFS_READ_DESCRIPTORS:
665 case FFS_READ_STRINGS:
666 mask |= EPOLLOUT;
667 break;
668
669 case FFS_ACTIVE:
670 switch (ffs->setup_state) {
671 case FFS_NO_SETUP:
672 if (ffs->ev.count)
673 mask |= EPOLLIN;
674 break;
675
676 case FFS_SETUP_PENDING:
677 case FFS_SETUP_CANCELLED:
678 mask |= (EPOLLIN | EPOLLOUT);
679 break;
680 }
681 case FFS_CLOSING:
682 break;
683 case FFS_DEACTIVATED:
684 break;
685 }
686
687 mutex_unlock(&ffs->mutex);
688
689 return mask;
690}
691
692static const struct file_operations ffs_ep0_operations = {
693 .llseek = no_llseek,
694
695 .open = ffs_ep0_open,
696 .write = ffs_ep0_write,
697 .read = ffs_ep0_read,
698 .release = ffs_ep0_release,
699 .unlocked_ioctl = ffs_ep0_ioctl,
700 .poll = ffs_ep0_poll,
701};
702
703
704
705
706static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
707{
708 ENTER();
709 if (likely(req->context)) {
710 struct ffs_ep *ep = _ep->driver_data;
711 ep->status = req->status ? req->status : req->actual;
712 complete(req->context);
713 }
714}
715
716static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
717{
718 ssize_t ret = copy_to_iter(data, data_len, iter);
719 if (likely(ret == data_len))
720 return ret;
721
722 if (unlikely(iov_iter_count(iter)))
723 return -EFAULT;
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
753 "Align read buffer size to max packet size to avoid the problem.\n",
754 data_len, ret);
755
756 return ret;
757}
758
759
760
761
762
763
764static void *ffs_build_sg_list(struct sg_table *sgt, size_t sz)
765{
766 struct page **pages;
767 void *vaddr, *ptr;
768 unsigned int n_pages;
769 int i;
770
771 vaddr = vmalloc(sz);
772 if (!vaddr)
773 return NULL;
774
775 n_pages = PAGE_ALIGN(sz) >> PAGE_SHIFT;
776 pages = kvmalloc_array(n_pages, sizeof(struct page *), GFP_KERNEL);
777 if (!pages) {
778 vfree(vaddr);
779
780 return NULL;
781 }
782 for (i = 0, ptr = vaddr; i < n_pages; ++i, ptr += PAGE_SIZE)
783 pages[i] = vmalloc_to_page(ptr);
784
785 if (sg_alloc_table_from_pages(sgt, pages, n_pages, 0, sz, GFP_KERNEL)) {
786 kvfree(pages);
787 vfree(vaddr);
788
789 return NULL;
790 }
791 kvfree(pages);
792
793 return vaddr;
794}
795
796static inline void *ffs_alloc_buffer(struct ffs_io_data *io_data,
797 size_t data_len)
798{
799 if (io_data->use_sg)
800 return ffs_build_sg_list(&io_data->sgt, data_len);
801
802 return kmalloc(data_len, GFP_KERNEL);
803}
804
805static inline void ffs_free_buffer(struct ffs_io_data *io_data)
806{
807 if (!io_data->buf)
808 return;
809
810 if (io_data->use_sg) {
811 sg_free_table(&io_data->sgt);
812 vfree(io_data->buf);
813 } else {
814 kfree(io_data->buf);
815 }
816}
817
818static void ffs_user_copy_worker(struct work_struct *work)
819{
820 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
821 work);
822 int ret = io_data->req->status ? io_data->req->status :
823 io_data->req->actual;
824 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
825
826 if (io_data->read && ret > 0) {
827 kthread_use_mm(io_data->mm);
828 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
829 kthread_unuse_mm(io_data->mm);
830 }
831
832 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
833
834 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
835 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
836
837 usb_ep_free_request(io_data->ep, io_data->req);
838
839 if (io_data->read)
840 kfree(io_data->to_free);
841 ffs_free_buffer(io_data);
842 kfree(io_data);
843}
844
845static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
846 struct usb_request *req)
847{
848 struct ffs_io_data *io_data = req->context;
849 struct ffs_data *ffs = io_data->ffs;
850
851 ENTER();
852
853 INIT_WORK(&io_data->work, ffs_user_copy_worker);
854 queue_work(ffs->io_completion_wq, &io_data->work);
855}
856
857static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
858{
859
860
861
862
863 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
864 if (buf && buf != READ_BUFFER_DROP)
865 kfree(buf);
866}
867
868
869static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
870 struct iov_iter *iter)
871{
872
873
874
875
876
877 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
878 ssize_t ret;
879 if (!buf || buf == READ_BUFFER_DROP)
880 return 0;
881
882 ret = copy_to_iter(buf->data, buf->length, iter);
883 if (buf->length == ret) {
884 kfree(buf);
885 return ret;
886 }
887
888 if (unlikely(iov_iter_count(iter))) {
889 ret = -EFAULT;
890 } else {
891 buf->length -= ret;
892 buf->data += ret;
893 }
894
895 if (cmpxchg(&epfile->read_buffer, NULL, buf))
896 kfree(buf);
897
898 return ret;
899}
900
901
902static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
903 void *data, int data_len,
904 struct iov_iter *iter)
905{
906 struct ffs_buffer *buf;
907
908 ssize_t ret = copy_to_iter(data, data_len, iter);
909 if (likely(data_len == ret))
910 return ret;
911
912 if (unlikely(iov_iter_count(iter)))
913 return -EFAULT;
914
915
916 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
917 data_len, ret);
918
919 data_len -= ret;
920 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
921 if (!buf)
922 return -ENOMEM;
923 buf->length = data_len;
924 buf->data = buf->storage;
925 memcpy(buf->storage, data + ret, data_len);
926
927
928
929
930
931
932
933 if (unlikely(cmpxchg(&epfile->read_buffer, NULL, buf)))
934 kfree(buf);
935
936 return ret;
937}
938
939static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
940{
941 struct ffs_epfile *epfile = file->private_data;
942 struct usb_request *req;
943 struct ffs_ep *ep;
944 char *data = NULL;
945 ssize_t ret, data_len = -EINVAL;
946 int halt;
947
948
949 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
950 return -ENODEV;
951
952
953 ep = epfile->ep;
954 if (!ep) {
955 if (file->f_flags & O_NONBLOCK)
956 return -EAGAIN;
957
958 ret = wait_event_interruptible(
959 epfile->ffs->wait, (ep = epfile->ep));
960 if (ret)
961 return -EINTR;
962 }
963
964
965 halt = (!io_data->read == !epfile->in);
966 if (halt && epfile->isoc)
967 return -EINVAL;
968
969
970 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
971 if (unlikely(ret))
972 goto error;
973
974
975 if (!halt) {
976 struct usb_gadget *gadget;
977
978
979
980
981
982
983
984
985 if (!io_data->aio && io_data->read) {
986 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
987 if (ret)
988 goto error_mutex;
989 }
990
991
992
993
994
995
996 gadget = epfile->ffs->gadget;
997
998 spin_lock_irq(&epfile->ffs->eps_lock);
999
1000 if (epfile->ep != ep) {
1001 ret = -ESHUTDOWN;
1002 goto error_lock;
1003 }
1004 data_len = iov_iter_count(&io_data->data);
1005
1006
1007
1008
1009 if (io_data->read)
1010 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
1011
1012 io_data->use_sg = gadget->sg_supported && data_len > PAGE_SIZE;
1013 spin_unlock_irq(&epfile->ffs->eps_lock);
1014
1015 data = ffs_alloc_buffer(io_data, data_len);
1016 if (unlikely(!data)) {
1017 ret = -ENOMEM;
1018 goto error_mutex;
1019 }
1020 if (!io_data->read &&
1021 !copy_from_iter_full(data, data_len, &io_data->data)) {
1022 ret = -EFAULT;
1023 goto error_mutex;
1024 }
1025 }
1026
1027 spin_lock_irq(&epfile->ffs->eps_lock);
1028
1029 if (epfile->ep != ep) {
1030
1031 ret = -ESHUTDOWN;
1032 } else if (halt) {
1033 ret = usb_ep_set_halt(ep->ep);
1034 if (!ret)
1035 ret = -EBADMSG;
1036 } else if (unlikely(data_len == -EINVAL)) {
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048 WARN(1, "%s: data_len == -EINVAL\n", __func__);
1049 ret = -EINVAL;
1050 } else if (!io_data->aio) {
1051 DECLARE_COMPLETION_ONSTACK(done);
1052 bool interrupted = false;
1053
1054 req = ep->req;
1055 if (io_data->use_sg) {
1056 req->buf = NULL;
1057 req->sg = io_data->sgt.sgl;
1058 req->num_sgs = io_data->sgt.nents;
1059 } else {
1060 req->buf = data;
1061 req->num_sgs = 0;
1062 }
1063 req->length = data_len;
1064
1065 io_data->buf = data;
1066
1067 req->context = &done;
1068 req->complete = ffs_epfile_io_complete;
1069
1070 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1071 if (unlikely(ret < 0))
1072 goto error_lock;
1073
1074 spin_unlock_irq(&epfile->ffs->eps_lock);
1075
1076 if (unlikely(wait_for_completion_interruptible(&done))) {
1077
1078
1079
1080
1081
1082
1083 usb_ep_dequeue(ep->ep, req);
1084 wait_for_completion(&done);
1085 interrupted = ep->status < 0;
1086 }
1087
1088 if (interrupted)
1089 ret = -EINTR;
1090 else if (io_data->read && ep->status > 0)
1091 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1092 &io_data->data);
1093 else
1094 ret = ep->status;
1095 goto error_mutex;
1096 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
1097 ret = -ENOMEM;
1098 } else {
1099 if (io_data->use_sg) {
1100 req->buf = NULL;
1101 req->sg = io_data->sgt.sgl;
1102 req->num_sgs = io_data->sgt.nents;
1103 } else {
1104 req->buf = data;
1105 req->num_sgs = 0;
1106 }
1107 req->length = data_len;
1108
1109 io_data->buf = data;
1110 io_data->ep = ep->ep;
1111 io_data->req = req;
1112 io_data->ffs = epfile->ffs;
1113
1114 req->context = io_data;
1115 req->complete = ffs_epfile_async_io_complete;
1116
1117 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1118 if (unlikely(ret)) {
1119 io_data->req = NULL;
1120 usb_ep_free_request(ep->ep, req);
1121 goto error_lock;
1122 }
1123
1124 ret = -EIOCBQUEUED;
1125
1126
1127
1128
1129 data = NULL;
1130 }
1131
1132error_lock:
1133 spin_unlock_irq(&epfile->ffs->eps_lock);
1134error_mutex:
1135 mutex_unlock(&epfile->mutex);
1136error:
1137 if (ret != -EIOCBQUEUED)
1138 ffs_free_buffer(io_data);
1139 return ret;
1140}
1141
1142static int
1143ffs_epfile_open(struct inode *inode, struct file *file)
1144{
1145 struct ffs_epfile *epfile = inode->i_private;
1146
1147 ENTER();
1148
1149 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1150 return -ENODEV;
1151
1152 file->private_data = epfile;
1153 ffs_data_opened(epfile->ffs);
1154
1155 return 0;
1156}
1157
1158static int ffs_aio_cancel(struct kiocb *kiocb)
1159{
1160 struct ffs_io_data *io_data = kiocb->private;
1161 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1162 unsigned long flags;
1163 int value;
1164
1165 ENTER();
1166
1167 spin_lock_irqsave(&epfile->ffs->eps_lock, flags);
1168
1169 if (likely(io_data && io_data->ep && io_data->req))
1170 value = usb_ep_dequeue(io_data->ep, io_data->req);
1171 else
1172 value = -EINVAL;
1173
1174 spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags);
1175
1176 return value;
1177}
1178
1179static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
1180{
1181 struct ffs_io_data io_data, *p = &io_data;
1182 ssize_t res;
1183
1184 ENTER();
1185
1186 if (!is_sync_kiocb(kiocb)) {
1187 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1188 if (unlikely(!p))
1189 return -ENOMEM;
1190 p->aio = true;
1191 } else {
1192 memset(p, 0, sizeof(*p));
1193 p->aio = false;
1194 }
1195
1196 p->read = false;
1197 p->kiocb = kiocb;
1198 p->data = *from;
1199 p->mm = current->mm;
1200
1201 kiocb->private = p;
1202
1203 if (p->aio)
1204 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1205
1206 res = ffs_epfile_io(kiocb->ki_filp, p);
1207 if (res == -EIOCBQUEUED)
1208 return res;
1209 if (p->aio)
1210 kfree(p);
1211 else
1212 *from = p->data;
1213 return res;
1214}
1215
1216static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
1217{
1218 struct ffs_io_data io_data, *p = &io_data;
1219 ssize_t res;
1220
1221 ENTER();
1222
1223 if (!is_sync_kiocb(kiocb)) {
1224 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1225 if (unlikely(!p))
1226 return -ENOMEM;
1227 p->aio = true;
1228 } else {
1229 memset(p, 0, sizeof(*p));
1230 p->aio = false;
1231 }
1232
1233 p->read = true;
1234 p->kiocb = kiocb;
1235 if (p->aio) {
1236 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1237 if (!p->to_free) {
1238 kfree(p);
1239 return -ENOMEM;
1240 }
1241 } else {
1242 p->data = *to;
1243 p->to_free = NULL;
1244 }
1245 p->mm = current->mm;
1246
1247 kiocb->private = p;
1248
1249 if (p->aio)
1250 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1251
1252 res = ffs_epfile_io(kiocb->ki_filp, p);
1253 if (res == -EIOCBQUEUED)
1254 return res;
1255
1256 if (p->aio) {
1257 kfree(p->to_free);
1258 kfree(p);
1259 } else {
1260 *to = p->data;
1261 }
1262 return res;
1263}
1264
1265static int
1266ffs_epfile_release(struct inode *inode, struct file *file)
1267{
1268 struct ffs_epfile *epfile = inode->i_private;
1269
1270 ENTER();
1271
1272 __ffs_epfile_read_buffer_free(epfile);
1273 ffs_data_closed(epfile->ffs);
1274
1275 return 0;
1276}
1277
1278static long ffs_epfile_ioctl(struct file *file, unsigned code,
1279 unsigned long value)
1280{
1281 struct ffs_epfile *epfile = file->private_data;
1282 struct ffs_ep *ep;
1283 int ret;
1284
1285 ENTER();
1286
1287 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1288 return -ENODEV;
1289
1290
1291 ep = epfile->ep;
1292 if (!ep) {
1293 if (file->f_flags & O_NONBLOCK)
1294 return -EAGAIN;
1295
1296 ret = wait_event_interruptible(
1297 epfile->ffs->wait, (ep = epfile->ep));
1298 if (ret)
1299 return -EINTR;
1300 }
1301
1302 spin_lock_irq(&epfile->ffs->eps_lock);
1303
1304
1305 if (epfile->ep != ep) {
1306 spin_unlock_irq(&epfile->ffs->eps_lock);
1307 return -ESHUTDOWN;
1308 }
1309
1310 switch (code) {
1311 case FUNCTIONFS_FIFO_STATUS:
1312 ret = usb_ep_fifo_status(epfile->ep->ep);
1313 break;
1314 case FUNCTIONFS_FIFO_FLUSH:
1315 usb_ep_fifo_flush(epfile->ep->ep);
1316 ret = 0;
1317 break;
1318 case FUNCTIONFS_CLEAR_HALT:
1319 ret = usb_ep_clear_halt(epfile->ep->ep);
1320 break;
1321 case FUNCTIONFS_ENDPOINT_REVMAP:
1322 ret = epfile->ep->num;
1323 break;
1324 case FUNCTIONFS_ENDPOINT_DESC:
1325 {
1326 int desc_idx;
1327 struct usb_endpoint_descriptor desc1, *desc;
1328
1329 switch (epfile->ffs->gadget->speed) {
1330 case USB_SPEED_SUPER:
1331 desc_idx = 2;
1332 break;
1333 case USB_SPEED_HIGH:
1334 desc_idx = 1;
1335 break;
1336 default:
1337 desc_idx = 0;
1338 }
1339
1340 desc = epfile->ep->descs[desc_idx];
1341 memcpy(&desc1, desc, desc->bLength);
1342
1343 spin_unlock_irq(&epfile->ffs->eps_lock);
1344 ret = copy_to_user((void __user *)value, &desc1, desc1.bLength);
1345 if (ret)
1346 ret = -EFAULT;
1347 return ret;
1348 }
1349 default:
1350 ret = -ENOTTY;
1351 }
1352 spin_unlock_irq(&epfile->ffs->eps_lock);
1353
1354 return ret;
1355}
1356
1357static const struct file_operations ffs_epfile_operations = {
1358 .llseek = no_llseek,
1359
1360 .open = ffs_epfile_open,
1361 .write_iter = ffs_epfile_write_iter,
1362 .read_iter = ffs_epfile_read_iter,
1363 .release = ffs_epfile_release,
1364 .unlocked_ioctl = ffs_epfile_ioctl,
1365 .compat_ioctl = compat_ptr_ioctl,
1366};
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376static struct inode *__must_check
1377ffs_sb_make_inode(struct super_block *sb, void *data,
1378 const struct file_operations *fops,
1379 const struct inode_operations *iops,
1380 struct ffs_file_perms *perms)
1381{
1382 struct inode *inode;
1383
1384 ENTER();
1385
1386 inode = new_inode(sb);
1387
1388 if (likely(inode)) {
1389 struct timespec64 ts = current_time(inode);
1390
1391 inode->i_ino = get_next_ino();
1392 inode->i_mode = perms->mode;
1393 inode->i_uid = perms->uid;
1394 inode->i_gid = perms->gid;
1395 inode->i_atime = ts;
1396 inode->i_mtime = ts;
1397 inode->i_ctime = ts;
1398 inode->i_private = data;
1399 if (fops)
1400 inode->i_fop = fops;
1401 if (iops)
1402 inode->i_op = iops;
1403 }
1404
1405 return inode;
1406}
1407
1408
1409static struct dentry *ffs_sb_create_file(struct super_block *sb,
1410 const char *name, void *data,
1411 const struct file_operations *fops)
1412{
1413 struct ffs_data *ffs = sb->s_fs_info;
1414 struct dentry *dentry;
1415 struct inode *inode;
1416
1417 ENTER();
1418
1419 dentry = d_alloc_name(sb->s_root, name);
1420 if (unlikely(!dentry))
1421 return NULL;
1422
1423 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1424 if (unlikely(!inode)) {
1425 dput(dentry);
1426 return NULL;
1427 }
1428
1429 d_add(dentry, inode);
1430 return dentry;
1431}
1432
1433
1434static const struct super_operations ffs_sb_operations = {
1435 .statfs = simple_statfs,
1436 .drop_inode = generic_delete_inode,
1437};
1438
1439struct ffs_sb_fill_data {
1440 struct ffs_file_perms perms;
1441 umode_t root_mode;
1442 const char *dev_name;
1443 bool no_disconnect;
1444 struct ffs_data *ffs_data;
1445};
1446
1447static int ffs_sb_fill(struct super_block *sb, struct fs_context *fc)
1448{
1449 struct ffs_sb_fill_data *data = fc->fs_private;
1450 struct inode *inode;
1451 struct ffs_data *ffs = data->ffs_data;
1452
1453 ENTER();
1454
1455 ffs->sb = sb;
1456 data->ffs_data = NULL;
1457 sb->s_fs_info = ffs;
1458 sb->s_blocksize = PAGE_SIZE;
1459 sb->s_blocksize_bits = PAGE_SHIFT;
1460 sb->s_magic = FUNCTIONFS_MAGIC;
1461 sb->s_op = &ffs_sb_operations;
1462 sb->s_time_gran = 1;
1463
1464
1465 data->perms.mode = data->root_mode;
1466 inode = ffs_sb_make_inode(sb, NULL,
1467 &simple_dir_operations,
1468 &simple_dir_inode_operations,
1469 &data->perms);
1470 sb->s_root = d_make_root(inode);
1471 if (unlikely(!sb->s_root))
1472 return -ENOMEM;
1473
1474
1475 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1476 &ffs_ep0_operations)))
1477 return -ENOMEM;
1478
1479 return 0;
1480}
1481
1482enum {
1483 Opt_no_disconnect,
1484 Opt_rmode,
1485 Opt_fmode,
1486 Opt_mode,
1487 Opt_uid,
1488 Opt_gid,
1489};
1490
1491static const struct fs_parameter_spec ffs_fs_fs_parameters[] = {
1492 fsparam_bool ("no_disconnect", Opt_no_disconnect),
1493 fsparam_u32 ("rmode", Opt_rmode),
1494 fsparam_u32 ("fmode", Opt_fmode),
1495 fsparam_u32 ("mode", Opt_mode),
1496 fsparam_u32 ("uid", Opt_uid),
1497 fsparam_u32 ("gid", Opt_gid),
1498 {}
1499};
1500
1501static int ffs_fs_parse_param(struct fs_context *fc, struct fs_parameter *param)
1502{
1503 struct ffs_sb_fill_data *data = fc->fs_private;
1504 struct fs_parse_result result;
1505 int opt;
1506
1507 ENTER();
1508
1509 opt = fs_parse(fc, ffs_fs_fs_parameters, param, &result);
1510 if (opt < 0)
1511 return opt;
1512
1513 switch (opt) {
1514 case Opt_no_disconnect:
1515 data->no_disconnect = result.boolean;
1516 break;
1517 case Opt_rmode:
1518 data->root_mode = (result.uint_32 & 0555) | S_IFDIR;
1519 break;
1520 case Opt_fmode:
1521 data->perms.mode = (result.uint_32 & 0666) | S_IFREG;
1522 break;
1523 case Opt_mode:
1524 data->root_mode = (result.uint_32 & 0555) | S_IFDIR;
1525 data->perms.mode = (result.uint_32 & 0666) | S_IFREG;
1526 break;
1527
1528 case Opt_uid:
1529 data->perms.uid = make_kuid(current_user_ns(), result.uint_32);
1530 if (!uid_valid(data->perms.uid))
1531 goto unmapped_value;
1532 break;
1533 case Opt_gid:
1534 data->perms.gid = make_kgid(current_user_ns(), result.uint_32);
1535 if (!gid_valid(data->perms.gid))
1536 goto unmapped_value;
1537 break;
1538
1539 default:
1540 return -ENOPARAM;
1541 }
1542
1543 return 0;
1544
1545unmapped_value:
1546 return invalf(fc, "%s: unmapped value: %u", param->key, result.uint_32);
1547}
1548
1549
1550
1551
1552static int ffs_fs_get_tree(struct fs_context *fc)
1553{
1554 struct ffs_sb_fill_data *ctx = fc->fs_private;
1555 void *ffs_dev;
1556 struct ffs_data *ffs;
1557
1558 ENTER();
1559
1560 if (!fc->source)
1561 return invalf(fc, "No source specified");
1562
1563 ffs = ffs_data_new(fc->source);
1564 if (unlikely(!ffs))
1565 return -ENOMEM;
1566 ffs->file_perms = ctx->perms;
1567 ffs->no_disconnect = ctx->no_disconnect;
1568
1569 ffs->dev_name = kstrdup(fc->source, GFP_KERNEL);
1570 if (unlikely(!ffs->dev_name)) {
1571 ffs_data_put(ffs);
1572 return -ENOMEM;
1573 }
1574
1575 ffs_dev = ffs_acquire_dev(ffs->dev_name);
1576 if (IS_ERR(ffs_dev)) {
1577 ffs_data_put(ffs);
1578 return PTR_ERR(ffs_dev);
1579 }
1580
1581 ffs->private_data = ffs_dev;
1582 ctx->ffs_data = ffs;
1583 return get_tree_nodev(fc, ffs_sb_fill);
1584}
1585
1586static void ffs_fs_free_fc(struct fs_context *fc)
1587{
1588 struct ffs_sb_fill_data *ctx = fc->fs_private;
1589
1590 if (ctx) {
1591 if (ctx->ffs_data) {
1592 ffs_release_dev(ctx->ffs_data);
1593 ffs_data_put(ctx->ffs_data);
1594 }
1595
1596 kfree(ctx);
1597 }
1598}
1599
1600static const struct fs_context_operations ffs_fs_context_ops = {
1601 .free = ffs_fs_free_fc,
1602 .parse_param = ffs_fs_parse_param,
1603 .get_tree = ffs_fs_get_tree,
1604};
1605
1606static int ffs_fs_init_fs_context(struct fs_context *fc)
1607{
1608 struct ffs_sb_fill_data *ctx;
1609
1610 ctx = kzalloc(sizeof(struct ffs_sb_fill_data), GFP_KERNEL);
1611 if (!ctx)
1612 return -ENOMEM;
1613
1614 ctx->perms.mode = S_IFREG | 0600;
1615 ctx->perms.uid = GLOBAL_ROOT_UID;
1616 ctx->perms.gid = GLOBAL_ROOT_GID;
1617 ctx->root_mode = S_IFDIR | 0500;
1618 ctx->no_disconnect = false;
1619
1620 fc->fs_private = ctx;
1621 fc->ops = &ffs_fs_context_ops;
1622 return 0;
1623}
1624
1625static void
1626ffs_fs_kill_sb(struct super_block *sb)
1627{
1628 ENTER();
1629
1630 kill_litter_super(sb);
1631 if (sb->s_fs_info) {
1632 ffs_release_dev(sb->s_fs_info);
1633 ffs_data_closed(sb->s_fs_info);
1634 }
1635}
1636
1637static struct file_system_type ffs_fs_type = {
1638 .owner = THIS_MODULE,
1639 .name = "functionfs",
1640 .init_fs_context = ffs_fs_init_fs_context,
1641 .parameters = ffs_fs_fs_parameters,
1642 .kill_sb = ffs_fs_kill_sb,
1643};
1644MODULE_ALIAS_FS("functionfs");
1645
1646
1647
1648
1649static int functionfs_init(void)
1650{
1651 int ret;
1652
1653 ENTER();
1654
1655 ret = register_filesystem(&ffs_fs_type);
1656 if (likely(!ret))
1657 pr_info("file system registered\n");
1658 else
1659 pr_err("failed registering file system (%d)\n", ret);
1660
1661 return ret;
1662}
1663
1664static void functionfs_cleanup(void)
1665{
1666 ENTER();
1667
1668 pr_info("unloading\n");
1669 unregister_filesystem(&ffs_fs_type);
1670}
1671
1672
1673
1674
1675static void ffs_data_clear(struct ffs_data *ffs);
1676static void ffs_data_reset(struct ffs_data *ffs);
1677
1678static void ffs_data_get(struct ffs_data *ffs)
1679{
1680 ENTER();
1681
1682 refcount_inc(&ffs->ref);
1683}
1684
1685static void ffs_data_opened(struct ffs_data *ffs)
1686{
1687 ENTER();
1688
1689 refcount_inc(&ffs->ref);
1690 if (atomic_add_return(1, &ffs->opened) == 1 &&
1691 ffs->state == FFS_DEACTIVATED) {
1692 ffs->state = FFS_CLOSING;
1693 ffs_data_reset(ffs);
1694 }
1695}
1696
1697static void ffs_data_put(struct ffs_data *ffs)
1698{
1699 ENTER();
1700
1701 if (unlikely(refcount_dec_and_test(&ffs->ref))) {
1702 pr_info("%s(): freeing\n", __func__);
1703 ffs_data_clear(ffs);
1704 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1705 swait_active(&ffs->ep0req_completion.wait) ||
1706 waitqueue_active(&ffs->wait));
1707 destroy_workqueue(ffs->io_completion_wq);
1708 kfree(ffs->dev_name);
1709 kfree(ffs);
1710 }
1711}
1712
1713static void ffs_data_closed(struct ffs_data *ffs)
1714{
1715 ENTER();
1716
1717 if (atomic_dec_and_test(&ffs->opened)) {
1718 if (ffs->no_disconnect) {
1719 ffs->state = FFS_DEACTIVATED;
1720 if (ffs->epfiles) {
1721 ffs_epfiles_destroy(ffs->epfiles,
1722 ffs->eps_count);
1723 ffs->epfiles = NULL;
1724 }
1725 if (ffs->setup_state == FFS_SETUP_PENDING)
1726 __ffs_ep0_stall(ffs);
1727 } else {
1728 ffs->state = FFS_CLOSING;
1729 ffs_data_reset(ffs);
1730 }
1731 }
1732 if (atomic_read(&ffs->opened) < 0) {
1733 ffs->state = FFS_CLOSING;
1734 ffs_data_reset(ffs);
1735 }
1736
1737 ffs_data_put(ffs);
1738}
1739
1740static struct ffs_data *ffs_data_new(const char *dev_name)
1741{
1742 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1743 if (unlikely(!ffs))
1744 return NULL;
1745
1746 ENTER();
1747
1748 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1749 if (!ffs->io_completion_wq) {
1750 kfree(ffs);
1751 return NULL;
1752 }
1753
1754 refcount_set(&ffs->ref, 1);
1755 atomic_set(&ffs->opened, 0);
1756 ffs->state = FFS_READ_DESCRIPTORS;
1757 mutex_init(&ffs->mutex);
1758 spin_lock_init(&ffs->eps_lock);
1759 init_waitqueue_head(&ffs->ev.waitq);
1760 init_waitqueue_head(&ffs->wait);
1761 init_completion(&ffs->ep0req_completion);
1762
1763
1764 ffs->ev.can_stall = 1;
1765
1766 return ffs;
1767}
1768
1769static void ffs_data_clear(struct ffs_data *ffs)
1770{
1771 ENTER();
1772
1773 ffs_closed(ffs);
1774
1775 BUG_ON(ffs->gadget);
1776
1777 if (ffs->epfiles)
1778 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1779
1780 if (ffs->ffs_eventfd)
1781 eventfd_ctx_put(ffs->ffs_eventfd);
1782
1783 kfree(ffs->raw_descs_data);
1784 kfree(ffs->raw_strings);
1785 kfree(ffs->stringtabs);
1786}
1787
1788static void ffs_data_reset(struct ffs_data *ffs)
1789{
1790 ENTER();
1791
1792 ffs_data_clear(ffs);
1793
1794 ffs->epfiles = NULL;
1795 ffs->raw_descs_data = NULL;
1796 ffs->raw_descs = NULL;
1797 ffs->raw_strings = NULL;
1798 ffs->stringtabs = NULL;
1799
1800 ffs->raw_descs_length = 0;
1801 ffs->fs_descs_count = 0;
1802 ffs->hs_descs_count = 0;
1803 ffs->ss_descs_count = 0;
1804
1805 ffs->strings_count = 0;
1806 ffs->interfaces_count = 0;
1807 ffs->eps_count = 0;
1808
1809 ffs->ev.count = 0;
1810
1811 ffs->state = FFS_READ_DESCRIPTORS;
1812 ffs->setup_state = FFS_NO_SETUP;
1813 ffs->flags = 0;
1814
1815 ffs->ms_os_descs_ext_prop_count = 0;
1816 ffs->ms_os_descs_ext_prop_name_len = 0;
1817 ffs->ms_os_descs_ext_prop_data_len = 0;
1818}
1819
1820
1821static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1822{
1823 struct usb_gadget_strings **lang;
1824 int first_id;
1825
1826 ENTER();
1827
1828 if (WARN_ON(ffs->state != FFS_ACTIVE
1829 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1830 return -EBADFD;
1831
1832 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1833 if (unlikely(first_id < 0))
1834 return first_id;
1835
1836 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1837 if (unlikely(!ffs->ep0req))
1838 return -ENOMEM;
1839 ffs->ep0req->complete = ffs_ep0_complete;
1840 ffs->ep0req->context = ffs;
1841
1842 lang = ffs->stringtabs;
1843 if (lang) {
1844 for (; *lang; ++lang) {
1845 struct usb_string *str = (*lang)->strings;
1846 int id = first_id;
1847 for (; str->s; ++id, ++str)
1848 str->id = id;
1849 }
1850 }
1851
1852 ffs->gadget = cdev->gadget;
1853 ffs_data_get(ffs);
1854 return 0;
1855}
1856
1857static void functionfs_unbind(struct ffs_data *ffs)
1858{
1859 ENTER();
1860
1861 if (!WARN_ON(!ffs->gadget)) {
1862 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1863 ffs->ep0req = NULL;
1864 ffs->gadget = NULL;
1865 clear_bit(FFS_FL_BOUND, &ffs->flags);
1866 ffs_data_put(ffs);
1867 }
1868}
1869
1870static int ffs_epfiles_create(struct ffs_data *ffs)
1871{
1872 struct ffs_epfile *epfile, *epfiles;
1873 unsigned i, count;
1874
1875 ENTER();
1876
1877 count = ffs->eps_count;
1878 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1879 if (!epfiles)
1880 return -ENOMEM;
1881
1882 epfile = epfiles;
1883 for (i = 1; i <= count; ++i, ++epfile) {
1884 epfile->ffs = ffs;
1885 mutex_init(&epfile->mutex);
1886 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1887 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1888 else
1889 sprintf(epfile->name, "ep%u", i);
1890 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1891 epfile,
1892 &ffs_epfile_operations);
1893 if (unlikely(!epfile->dentry)) {
1894 ffs_epfiles_destroy(epfiles, i - 1);
1895 return -ENOMEM;
1896 }
1897 }
1898
1899 ffs->epfiles = epfiles;
1900 return 0;
1901}
1902
1903static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1904{
1905 struct ffs_epfile *epfile = epfiles;
1906
1907 ENTER();
1908
1909 for (; count; --count, ++epfile) {
1910 BUG_ON(mutex_is_locked(&epfile->mutex));
1911 if (epfile->dentry) {
1912 d_delete(epfile->dentry);
1913 dput(epfile->dentry);
1914 epfile->dentry = NULL;
1915 }
1916 }
1917
1918 kfree(epfiles);
1919}
1920
1921static void ffs_func_eps_disable(struct ffs_function *func)
1922{
1923 struct ffs_ep *ep = func->eps;
1924 struct ffs_epfile *epfile = func->ffs->epfiles;
1925 unsigned count = func->ffs->eps_count;
1926 unsigned long flags;
1927
1928 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1929 while (count--) {
1930
1931 if (likely(ep->ep))
1932 usb_ep_disable(ep->ep);
1933 ++ep;
1934
1935 if (epfile) {
1936 epfile->ep = NULL;
1937 __ffs_epfile_read_buffer_free(epfile);
1938 ++epfile;
1939 }
1940 }
1941 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1942}
1943
1944static int ffs_func_eps_enable(struct ffs_function *func)
1945{
1946 struct ffs_data *ffs = func->ffs;
1947 struct ffs_ep *ep = func->eps;
1948 struct ffs_epfile *epfile = ffs->epfiles;
1949 unsigned count = ffs->eps_count;
1950 unsigned long flags;
1951 int ret = 0;
1952
1953 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1954 while(count--) {
1955 ep->ep->driver_data = ep;
1956
1957 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1958 if (ret) {
1959 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1960 __func__, ep->ep->name, ret);
1961 break;
1962 }
1963
1964 ret = usb_ep_enable(ep->ep);
1965 if (likely(!ret)) {
1966 epfile->ep = ep;
1967 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1968 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
1969 } else {
1970 break;
1971 }
1972
1973 ++ep;
1974 ++epfile;
1975 }
1976
1977 wake_up_interruptible(&ffs->wait);
1978 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1979
1980 return ret;
1981}
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993enum ffs_entity_type {
1994 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1995};
1996
1997enum ffs_os_desc_type {
1998 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
1999};
2000
2001typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
2002 u8 *valuep,
2003 struct usb_descriptor_header *desc,
2004 void *priv);
2005
2006typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
2007 struct usb_os_desc_header *h, void *data,
2008 unsigned len, void *priv);
2009
2010static int __must_check ffs_do_single_desc(char *data, unsigned len,
2011 ffs_entity_callback entity,
2012 void *priv, int *current_class)
2013{
2014 struct usb_descriptor_header *_ds = (void *)data;
2015 u8 length;
2016 int ret;
2017
2018 ENTER();
2019
2020
2021 if (len < 2) {
2022 pr_vdebug("descriptor too short\n");
2023 return -EINVAL;
2024 }
2025
2026
2027 length = _ds->bLength;
2028 if (len < length) {
2029 pr_vdebug("descriptor longer then available data\n");
2030 return -EINVAL;
2031 }
2032
2033#define __entity_check_INTERFACE(val) 1
2034#define __entity_check_STRING(val) (val)
2035#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
2036#define __entity(type, val) do { \
2037 pr_vdebug("entity " #type "(%02x)\n", (val)); \
2038 if (unlikely(!__entity_check_ ##type(val))) { \
2039 pr_vdebug("invalid entity's value\n"); \
2040 return -EINVAL; \
2041 } \
2042 ret = entity(FFS_ ##type, &val, _ds, priv); \
2043 if (unlikely(ret < 0)) { \
2044 pr_debug("entity " #type "(%02x); ret = %d\n", \
2045 (val), ret); \
2046 return ret; \
2047 } \
2048 } while (0)
2049
2050
2051 switch (_ds->bDescriptorType) {
2052 case USB_DT_DEVICE:
2053 case USB_DT_CONFIG:
2054 case USB_DT_STRING:
2055 case USB_DT_DEVICE_QUALIFIER:
2056
2057 pr_vdebug("descriptor reserved for gadget: %d\n",
2058 _ds->bDescriptorType);
2059 return -EINVAL;
2060
2061 case USB_DT_INTERFACE: {
2062 struct usb_interface_descriptor *ds = (void *)_ds;
2063 pr_vdebug("interface descriptor\n");
2064 if (length != sizeof *ds)
2065 goto inv_length;
2066
2067 __entity(INTERFACE, ds->bInterfaceNumber);
2068 if (ds->iInterface)
2069 __entity(STRING, ds->iInterface);
2070 *current_class = ds->bInterfaceClass;
2071 }
2072 break;
2073
2074 case USB_DT_ENDPOINT: {
2075 struct usb_endpoint_descriptor *ds = (void *)_ds;
2076 pr_vdebug("endpoint descriptor\n");
2077 if (length != USB_DT_ENDPOINT_SIZE &&
2078 length != USB_DT_ENDPOINT_AUDIO_SIZE)
2079 goto inv_length;
2080 __entity(ENDPOINT, ds->bEndpointAddress);
2081 }
2082 break;
2083
2084 case USB_TYPE_CLASS | 0x01:
2085 if (*current_class == USB_INTERFACE_CLASS_HID) {
2086 pr_vdebug("hid descriptor\n");
2087 if (length != sizeof(struct hid_descriptor))
2088 goto inv_length;
2089 break;
2090 } else if (*current_class == USB_INTERFACE_CLASS_CCID) {
2091 pr_vdebug("ccid descriptor\n");
2092 if (length != sizeof(struct ccid_descriptor))
2093 goto inv_length;
2094 break;
2095 } else {
2096 pr_vdebug("unknown descriptor: %d for class %d\n",
2097 _ds->bDescriptorType, *current_class);
2098 return -EINVAL;
2099 }
2100
2101 case USB_DT_OTG:
2102 if (length != sizeof(struct usb_otg_descriptor))
2103 goto inv_length;
2104 break;
2105
2106 case USB_DT_INTERFACE_ASSOCIATION: {
2107 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
2108 pr_vdebug("interface association descriptor\n");
2109 if (length != sizeof *ds)
2110 goto inv_length;
2111 if (ds->iFunction)
2112 __entity(STRING, ds->iFunction);
2113 }
2114 break;
2115
2116 case USB_DT_SS_ENDPOINT_COMP:
2117 pr_vdebug("EP SS companion descriptor\n");
2118 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2119 goto inv_length;
2120 break;
2121
2122 case USB_DT_OTHER_SPEED_CONFIG:
2123 case USB_DT_INTERFACE_POWER:
2124 case USB_DT_DEBUG:
2125 case USB_DT_SECURITY:
2126 case USB_DT_CS_RADIO_CONTROL:
2127
2128 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2129 return -EINVAL;
2130
2131 default:
2132
2133 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2134 return -EINVAL;
2135
2136inv_length:
2137 pr_vdebug("invalid length: %d (descriptor %d)\n",
2138 _ds->bLength, _ds->bDescriptorType);
2139 return -EINVAL;
2140 }
2141
2142#undef __entity
2143#undef __entity_check_DESCRIPTOR
2144#undef __entity_check_INTERFACE
2145#undef __entity_check_STRING
2146#undef __entity_check_ENDPOINT
2147
2148 return length;
2149}
2150
2151static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2152 ffs_entity_callback entity, void *priv)
2153{
2154 const unsigned _len = len;
2155 unsigned long num = 0;
2156 int current_class = -1;
2157
2158 ENTER();
2159
2160 for (;;) {
2161 int ret;
2162
2163 if (num == count)
2164 data = NULL;
2165
2166
2167 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2168 if (unlikely(ret < 0)) {
2169 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2170 num, ret);
2171 return ret;
2172 }
2173
2174 if (!data)
2175 return _len - len;
2176
2177 ret = ffs_do_single_desc(data, len, entity, priv,
2178 ¤t_class);
2179 if (unlikely(ret < 0)) {
2180 pr_debug("%s returns %d\n", __func__, ret);
2181 return ret;
2182 }
2183
2184 len -= ret;
2185 data += ret;
2186 ++num;
2187 }
2188}
2189
2190static int __ffs_data_do_entity(enum ffs_entity_type type,
2191 u8 *valuep, struct usb_descriptor_header *desc,
2192 void *priv)
2193{
2194 struct ffs_desc_helper *helper = priv;
2195 struct usb_endpoint_descriptor *d;
2196
2197 ENTER();
2198
2199 switch (type) {
2200 case FFS_DESCRIPTOR:
2201 break;
2202
2203 case FFS_INTERFACE:
2204
2205
2206
2207
2208
2209 if (*valuep >= helper->interfaces_count)
2210 helper->interfaces_count = *valuep + 1;
2211 break;
2212
2213 case FFS_STRING:
2214
2215
2216
2217
2218 if (*valuep > helper->ffs->strings_count)
2219 helper->ffs->strings_count = *valuep;
2220 break;
2221
2222 case FFS_ENDPOINT:
2223 d = (void *)desc;
2224 helper->eps_count++;
2225 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
2226 return -EINVAL;
2227
2228 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2229 helper->ffs->eps_addrmap[helper->eps_count] =
2230 d->bEndpointAddress;
2231 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2232 d->bEndpointAddress)
2233 return -EINVAL;
2234 break;
2235 }
2236
2237 return 0;
2238}
2239
2240static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2241 struct usb_os_desc_header *desc)
2242{
2243 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2244 u16 w_index = le16_to_cpu(desc->wIndex);
2245
2246 if (bcd_version != 1) {
2247 pr_vdebug("unsupported os descriptors version: %d",
2248 bcd_version);
2249 return -EINVAL;
2250 }
2251 switch (w_index) {
2252 case 0x4:
2253 *next_type = FFS_OS_DESC_EXT_COMPAT;
2254 break;
2255 case 0x5:
2256 *next_type = FFS_OS_DESC_EXT_PROP;
2257 break;
2258 default:
2259 pr_vdebug("unsupported os descriptor type: %d", w_index);
2260 return -EINVAL;
2261 }
2262
2263 return sizeof(*desc);
2264}
2265
2266
2267
2268
2269
2270static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2271 enum ffs_os_desc_type type,
2272 u16 feature_count,
2273 ffs_os_desc_callback entity,
2274 void *priv,
2275 struct usb_os_desc_header *h)
2276{
2277 int ret;
2278 const unsigned _len = len;
2279
2280 ENTER();
2281
2282
2283 while (feature_count--) {
2284 ret = entity(type, h, data, len, priv);
2285 if (unlikely(ret < 0)) {
2286 pr_debug("bad OS descriptor, type: %d\n", type);
2287 return ret;
2288 }
2289 data += ret;
2290 len -= ret;
2291 }
2292 return _len - len;
2293}
2294
2295
2296static int __must_check ffs_do_os_descs(unsigned count,
2297 char *data, unsigned len,
2298 ffs_os_desc_callback entity, void *priv)
2299{
2300 const unsigned _len = len;
2301 unsigned long num = 0;
2302
2303 ENTER();
2304
2305 for (num = 0; num < count; ++num) {
2306 int ret;
2307 enum ffs_os_desc_type type;
2308 u16 feature_count;
2309 struct usb_os_desc_header *desc = (void *)data;
2310
2311 if (len < sizeof(*desc))
2312 return -EINVAL;
2313
2314
2315
2316
2317
2318
2319
2320
2321 if (le32_to_cpu(desc->dwLength) > len)
2322 return -EINVAL;
2323
2324 ret = __ffs_do_os_desc_header(&type, desc);
2325 if (unlikely(ret < 0)) {
2326 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2327 num, ret);
2328 return ret;
2329 }
2330
2331
2332
2333 feature_count = le16_to_cpu(desc->wCount);
2334 if (type == FFS_OS_DESC_EXT_COMPAT &&
2335 (feature_count > 255 || desc->Reserved))
2336 return -EINVAL;
2337 len -= ret;
2338 data += ret;
2339
2340
2341
2342
2343
2344 ret = ffs_do_single_os_desc(data, len, type,
2345 feature_count, entity, priv, desc);
2346 if (unlikely(ret < 0)) {
2347 pr_debug("%s returns %d\n", __func__, ret);
2348 return ret;
2349 }
2350
2351 len -= ret;
2352 data += ret;
2353 }
2354 return _len - len;
2355}
2356
2357
2358
2359
2360static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2361 struct usb_os_desc_header *h, void *data,
2362 unsigned len, void *priv)
2363{
2364 struct ffs_data *ffs = priv;
2365 u8 length;
2366
2367 ENTER();
2368
2369 switch (type) {
2370 case FFS_OS_DESC_EXT_COMPAT: {
2371 struct usb_ext_compat_desc *d = data;
2372 int i;
2373
2374 if (len < sizeof(*d) ||
2375 d->bFirstInterfaceNumber >= ffs->interfaces_count)
2376 return -EINVAL;
2377 if (d->Reserved1 != 1) {
2378
2379
2380
2381
2382
2383
2384 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2385 d->Reserved1 = 1;
2386 }
2387 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2388 if (d->Reserved2[i])
2389 return -EINVAL;
2390
2391 length = sizeof(struct usb_ext_compat_desc);
2392 }
2393 break;
2394 case FFS_OS_DESC_EXT_PROP: {
2395 struct usb_ext_prop_desc *d = data;
2396 u32 type, pdl;
2397 u16 pnl;
2398
2399 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2400 return -EINVAL;
2401 length = le32_to_cpu(d->dwSize);
2402 if (len < length)
2403 return -EINVAL;
2404 type = le32_to_cpu(d->dwPropertyDataType);
2405 if (type < USB_EXT_PROP_UNICODE ||
2406 type > USB_EXT_PROP_UNICODE_MULTI) {
2407 pr_vdebug("unsupported os descriptor property type: %d",
2408 type);
2409 return -EINVAL;
2410 }
2411 pnl = le16_to_cpu(d->wPropertyNameLength);
2412 if (length < 14 + pnl) {
2413 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2414 length, pnl, type);
2415 return -EINVAL;
2416 }
2417 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
2418 if (length != 14 + pnl + pdl) {
2419 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2420 length, pnl, pdl, type);
2421 return -EINVAL;
2422 }
2423 ++ffs->ms_os_descs_ext_prop_count;
2424
2425 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2426 ffs->ms_os_descs_ext_prop_data_len += pdl;
2427 }
2428 break;
2429 default:
2430 pr_vdebug("unknown descriptor: %d\n", type);
2431 return -EINVAL;
2432 }
2433 return length;
2434}
2435
2436static int __ffs_data_got_descs(struct ffs_data *ffs,
2437 char *const _data, size_t len)
2438{
2439 char *data = _data, *raw_descs;
2440 unsigned os_descs_count = 0, counts[3], flags;
2441 int ret = -EINVAL, i;
2442 struct ffs_desc_helper helper;
2443
2444 ENTER();
2445
2446 if (get_unaligned_le32(data + 4) != len)
2447 goto error;
2448
2449 switch (get_unaligned_le32(data)) {
2450 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2451 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2452 data += 8;
2453 len -= 8;
2454 break;
2455 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2456 flags = get_unaligned_le32(data + 8);
2457 ffs->user_flags = flags;
2458 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2459 FUNCTIONFS_HAS_HS_DESC |
2460 FUNCTIONFS_HAS_SS_DESC |
2461 FUNCTIONFS_HAS_MS_OS_DESC |
2462 FUNCTIONFS_VIRTUAL_ADDR |
2463 FUNCTIONFS_EVENTFD |
2464 FUNCTIONFS_ALL_CTRL_RECIP |
2465 FUNCTIONFS_CONFIG0_SETUP)) {
2466 ret = -ENOSYS;
2467 goto error;
2468 }
2469 data += 12;
2470 len -= 12;
2471 break;
2472 default:
2473 goto error;
2474 }
2475
2476 if (flags & FUNCTIONFS_EVENTFD) {
2477 if (len < 4)
2478 goto error;
2479 ffs->ffs_eventfd =
2480 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2481 if (IS_ERR(ffs->ffs_eventfd)) {
2482 ret = PTR_ERR(ffs->ffs_eventfd);
2483 ffs->ffs_eventfd = NULL;
2484 goto error;
2485 }
2486 data += 4;
2487 len -= 4;
2488 }
2489
2490
2491 for (i = 0; i < 3; ++i) {
2492 if (!(flags & (1 << i))) {
2493 counts[i] = 0;
2494 } else if (len < 4) {
2495 goto error;
2496 } else {
2497 counts[i] = get_unaligned_le32(data);
2498 data += 4;
2499 len -= 4;
2500 }
2501 }
2502 if (flags & (1 << i)) {
2503 if (len < 4) {
2504 goto error;
2505 }
2506 os_descs_count = get_unaligned_le32(data);
2507 data += 4;
2508 len -= 4;
2509 }
2510
2511
2512 raw_descs = data;
2513 helper.ffs = ffs;
2514 for (i = 0; i < 3; ++i) {
2515 if (!counts[i])
2516 continue;
2517 helper.interfaces_count = 0;
2518 helper.eps_count = 0;
2519 ret = ffs_do_descs(counts[i], data, len,
2520 __ffs_data_do_entity, &helper);
2521 if (ret < 0)
2522 goto error;
2523 if (!ffs->eps_count && !ffs->interfaces_count) {
2524 ffs->eps_count = helper.eps_count;
2525 ffs->interfaces_count = helper.interfaces_count;
2526 } else {
2527 if (ffs->eps_count != helper.eps_count) {
2528 ret = -EINVAL;
2529 goto error;
2530 }
2531 if (ffs->interfaces_count != helper.interfaces_count) {
2532 ret = -EINVAL;
2533 goto error;
2534 }
2535 }
2536 data += ret;
2537 len -= ret;
2538 }
2539 if (os_descs_count) {
2540 ret = ffs_do_os_descs(os_descs_count, data, len,
2541 __ffs_data_do_os_desc, ffs);
2542 if (ret < 0)
2543 goto error;
2544 data += ret;
2545 len -= ret;
2546 }
2547
2548 if (raw_descs == data || len) {
2549 ret = -EINVAL;
2550 goto error;
2551 }
2552
2553 ffs->raw_descs_data = _data;
2554 ffs->raw_descs = raw_descs;
2555 ffs->raw_descs_length = data - raw_descs;
2556 ffs->fs_descs_count = counts[0];
2557 ffs->hs_descs_count = counts[1];
2558 ffs->ss_descs_count = counts[2];
2559 ffs->ms_os_descs_count = os_descs_count;
2560
2561 return 0;
2562
2563error:
2564 kfree(_data);
2565 return ret;
2566}
2567
2568static int __ffs_data_got_strings(struct ffs_data *ffs,
2569 char *const _data, size_t len)
2570{
2571 u32 str_count, needed_count, lang_count;
2572 struct usb_gadget_strings **stringtabs, *t;
2573 const char *data = _data;
2574 struct usb_string *s;
2575
2576 ENTER();
2577
2578 if (unlikely(len < 16 ||
2579 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2580 get_unaligned_le32(data + 4) != len))
2581 goto error;
2582 str_count = get_unaligned_le32(data + 8);
2583 lang_count = get_unaligned_le32(data + 12);
2584
2585
2586 if (unlikely(!str_count != !lang_count))
2587 goto error;
2588
2589
2590 needed_count = ffs->strings_count;
2591 if (unlikely(str_count < needed_count))
2592 goto error;
2593
2594
2595
2596
2597
2598 if (!needed_count) {
2599 kfree(_data);
2600 return 0;
2601 }
2602
2603
2604 {
2605 unsigned i = 0;
2606 vla_group(d);
2607 vla_item(d, struct usb_gadget_strings *, stringtabs,
2608 lang_count + 1);
2609 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2610 vla_item(d, struct usb_string, strings,
2611 lang_count*(needed_count+1));
2612
2613 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2614
2615 if (unlikely(!vlabuf)) {
2616 kfree(_data);
2617 return -ENOMEM;
2618 }
2619
2620
2621 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2622 t = vla_ptr(vlabuf, d, stringtab);
2623 i = lang_count;
2624 do {
2625 *stringtabs++ = t++;
2626 } while (--i);
2627 *stringtabs = NULL;
2628
2629
2630 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2631 t = vla_ptr(vlabuf, d, stringtab);
2632 s = vla_ptr(vlabuf, d, strings);
2633 }
2634
2635
2636 data += 16;
2637 len -= 16;
2638
2639 do {
2640 unsigned needed = needed_count;
2641
2642 if (unlikely(len < 3))
2643 goto error_free;
2644 t->language = get_unaligned_le16(data);
2645 t->strings = s;
2646 ++t;
2647
2648 data += 2;
2649 len -= 2;
2650
2651
2652 do {
2653 size_t length = strnlen(data, len);
2654
2655 if (unlikely(length == len))
2656 goto error_free;
2657
2658
2659
2660
2661
2662
2663 if (likely(needed)) {
2664
2665
2666
2667
2668
2669 s->s = data;
2670 --needed;
2671 ++s;
2672 }
2673
2674 data += length + 1;
2675 len -= length + 1;
2676 } while (--str_count);
2677
2678 s->id = 0;
2679 s->s = NULL;
2680 ++s;
2681
2682 } while (--lang_count);
2683
2684
2685 if (unlikely(len))
2686 goto error_free;
2687
2688
2689 ffs->stringtabs = stringtabs;
2690 ffs->raw_strings = _data;
2691
2692 return 0;
2693
2694error_free:
2695 kfree(stringtabs);
2696error:
2697 kfree(_data);
2698 return -EINVAL;
2699}
2700
2701
2702
2703
2704static void __ffs_event_add(struct ffs_data *ffs,
2705 enum usb_functionfs_event_type type)
2706{
2707 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2708 int neg = 0;
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718 if (ffs->setup_state == FFS_SETUP_PENDING)
2719 ffs->setup_state = FFS_SETUP_CANCELLED;
2720
2721
2722
2723
2724
2725
2726
2727
2728 switch (type) {
2729 case FUNCTIONFS_RESUME:
2730 rem_type2 = FUNCTIONFS_SUSPEND;
2731 fallthrough;
2732 case FUNCTIONFS_SUSPEND:
2733 case FUNCTIONFS_SETUP:
2734 rem_type1 = type;
2735
2736 break;
2737
2738 case FUNCTIONFS_BIND:
2739 case FUNCTIONFS_UNBIND:
2740 case FUNCTIONFS_DISABLE:
2741 case FUNCTIONFS_ENABLE:
2742
2743 rem_type1 = FUNCTIONFS_SUSPEND;
2744 rem_type2 = FUNCTIONFS_RESUME;
2745 neg = 1;
2746 break;
2747
2748 default:
2749 WARN(1, "%d: unknown event, this should not happen\n", type);
2750 return;
2751 }
2752
2753 {
2754 u8 *ev = ffs->ev.types, *out = ev;
2755 unsigned n = ffs->ev.count;
2756 for (; n; --n, ++ev)
2757 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2758 *out++ = *ev;
2759 else
2760 pr_vdebug("purging event %d\n", *ev);
2761 ffs->ev.count = out - ffs->ev.types;
2762 }
2763
2764 pr_vdebug("adding event %d\n", type);
2765 ffs->ev.types[ffs->ev.count++] = type;
2766 wake_up_locked(&ffs->ev.waitq);
2767 if (ffs->ffs_eventfd)
2768 eventfd_signal(ffs->ffs_eventfd, 1);
2769}
2770
2771static void ffs_event_add(struct ffs_data *ffs,
2772 enum usb_functionfs_event_type type)
2773{
2774 unsigned long flags;
2775 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2776 __ffs_event_add(ffs, type);
2777 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2778}
2779
2780
2781
2782static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2783{
2784 int i;
2785
2786 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2787 if (ffs->eps_addrmap[i] == endpoint_address)
2788 return i;
2789 return -ENOENT;
2790}
2791
2792static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2793 struct usb_descriptor_header *desc,
2794 void *priv)
2795{
2796 struct usb_endpoint_descriptor *ds = (void *)desc;
2797 struct ffs_function *func = priv;
2798 struct ffs_ep *ffs_ep;
2799 unsigned ep_desc_id;
2800 int idx;
2801 static const char *speed_names[] = { "full", "high", "super" };
2802
2803 if (type != FFS_DESCRIPTOR)
2804 return 0;
2805
2806
2807
2808
2809
2810
2811
2812 if (func->function.ss_descriptors) {
2813 ep_desc_id = 2;
2814 func->function.ss_descriptors[(long)valuep] = desc;
2815 } else if (func->function.hs_descriptors) {
2816 ep_desc_id = 1;
2817 func->function.hs_descriptors[(long)valuep] = desc;
2818 } else {
2819 ep_desc_id = 0;
2820 func->function.fs_descriptors[(long)valuep] = desc;
2821 }
2822
2823 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2824 return 0;
2825
2826 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2827 if (idx < 0)
2828 return idx;
2829
2830 ffs_ep = func->eps + idx;
2831
2832 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2833 pr_err("two %sspeed descriptors for EP %d\n",
2834 speed_names[ep_desc_id],
2835 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2836 return -EINVAL;
2837 }
2838 ffs_ep->descs[ep_desc_id] = ds;
2839
2840 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2841 if (ffs_ep->ep) {
2842 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2843 if (!ds->wMaxPacketSize)
2844 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2845 } else {
2846 struct usb_request *req;
2847 struct usb_ep *ep;
2848 u8 bEndpointAddress;
2849 u16 wMaxPacketSize;
2850
2851
2852
2853
2854
2855 bEndpointAddress = ds->bEndpointAddress;
2856
2857
2858
2859
2860 wMaxPacketSize = ds->wMaxPacketSize;
2861 pr_vdebug("autoconfig\n");
2862 ep = usb_ep_autoconfig(func->gadget, ds);
2863 if (unlikely(!ep))
2864 return -ENOTSUPP;
2865 ep->driver_data = func->eps + idx;
2866
2867 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2868 if (unlikely(!req))
2869 return -ENOMEM;
2870
2871 ffs_ep->ep = ep;
2872 ffs_ep->req = req;
2873 func->eps_revmap[ds->bEndpointAddress &
2874 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2875
2876
2877
2878
2879 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2880 ds->bEndpointAddress = bEndpointAddress;
2881
2882
2883
2884
2885 ds->wMaxPacketSize = wMaxPacketSize;
2886 }
2887 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2888
2889 return 0;
2890}
2891
2892static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2893 struct usb_descriptor_header *desc,
2894 void *priv)
2895{
2896 struct ffs_function *func = priv;
2897 unsigned idx;
2898 u8 newValue;
2899
2900 switch (type) {
2901 default:
2902 case FFS_DESCRIPTOR:
2903
2904 return 0;
2905
2906 case FFS_INTERFACE:
2907 idx = *valuep;
2908 if (func->interfaces_nums[idx] < 0) {
2909 int id = usb_interface_id(func->conf, &func->function);
2910 if (unlikely(id < 0))
2911 return id;
2912 func->interfaces_nums[idx] = id;
2913 }
2914 newValue = func->interfaces_nums[idx];
2915 break;
2916
2917 case FFS_STRING:
2918
2919 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2920 break;
2921
2922 case FFS_ENDPOINT:
2923
2924
2925
2926
2927 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2928 return 0;
2929
2930 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2931 if (unlikely(!func->eps[idx].ep))
2932 return -EINVAL;
2933
2934 {
2935 struct usb_endpoint_descriptor **descs;
2936 descs = func->eps[idx].descs;
2937 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2938 }
2939 break;
2940 }
2941
2942 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2943 *valuep = newValue;
2944 return 0;
2945}
2946
2947static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2948 struct usb_os_desc_header *h, void *data,
2949 unsigned len, void *priv)
2950{
2951 struct ffs_function *func = priv;
2952 u8 length = 0;
2953
2954 switch (type) {
2955 case FFS_OS_DESC_EXT_COMPAT: {
2956 struct usb_ext_compat_desc *desc = data;
2957 struct usb_os_desc_table *t;
2958
2959 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2960 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2961 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2962 ARRAY_SIZE(desc->CompatibleID) +
2963 ARRAY_SIZE(desc->SubCompatibleID));
2964 length = sizeof(*desc);
2965 }
2966 break;
2967 case FFS_OS_DESC_EXT_PROP: {
2968 struct usb_ext_prop_desc *desc = data;
2969 struct usb_os_desc_table *t;
2970 struct usb_os_desc_ext_prop *ext_prop;
2971 char *ext_prop_name;
2972 char *ext_prop_data;
2973
2974 t = &func->function.os_desc_table[h->interface];
2975 t->if_id = func->interfaces_nums[h->interface];
2976
2977 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2978 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2979
2980 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2981 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2982 ext_prop->data_len = le32_to_cpu(*(__le32 *)
2983 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2984 length = ext_prop->name_len + ext_prop->data_len + 14;
2985
2986 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2987 func->ffs->ms_os_descs_ext_prop_name_avail +=
2988 ext_prop->name_len;
2989
2990 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2991 func->ffs->ms_os_descs_ext_prop_data_avail +=
2992 ext_prop->data_len;
2993 memcpy(ext_prop_data,
2994 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2995 ext_prop->data_len);
2996
2997 switch (ext_prop->type) {
2998 case USB_EXT_PROP_UNICODE:
2999 case USB_EXT_PROP_UNICODE_ENV:
3000 case USB_EXT_PROP_UNICODE_LINK:
3001 case USB_EXT_PROP_UNICODE_MULTI:
3002 ext_prop->data_len *= 2;
3003 break;
3004 }
3005 ext_prop->data = ext_prop_data;
3006
3007 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
3008 ext_prop->name_len);
3009
3010 ext_prop->name_len *= 2;
3011 ext_prop->name = ext_prop_name;
3012
3013 t->os_desc->ext_prop_len +=
3014 ext_prop->name_len + ext_prop->data_len + 14;
3015 ++t->os_desc->ext_prop_count;
3016 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
3017 }
3018 break;
3019 default:
3020 pr_vdebug("unknown descriptor: %d\n", type);
3021 }
3022
3023 return length;
3024}
3025
3026static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
3027 struct usb_configuration *c)
3028{
3029 struct ffs_function *func = ffs_func_from_usb(f);
3030 struct f_fs_opts *ffs_opts =
3031 container_of(f->fi, struct f_fs_opts, func_inst);
3032 int ret;
3033
3034 ENTER();
3035
3036
3037
3038
3039
3040
3041
3042
3043 if (!ffs_opts->no_configfs)
3044 ffs_dev_lock();
3045 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
3046 func->ffs = ffs_opts->dev->ffs_data;
3047 if (!ffs_opts->no_configfs)
3048 ffs_dev_unlock();
3049 if (ret)
3050 return ERR_PTR(ret);
3051
3052 func->conf = c;
3053 func->gadget = c->cdev->gadget;
3054
3055
3056
3057
3058
3059
3060
3061
3062 if (!ffs_opts->refcnt) {
3063 ret = functionfs_bind(func->ffs, c->cdev);
3064 if (ret)
3065 return ERR_PTR(ret);
3066 }
3067 ffs_opts->refcnt++;
3068 func->function.strings = func->ffs->stringtabs;
3069
3070 return ffs_opts;
3071}
3072
3073static int _ffs_func_bind(struct usb_configuration *c,
3074 struct usb_function *f)
3075{
3076 struct ffs_function *func = ffs_func_from_usb(f);
3077 struct ffs_data *ffs = func->ffs;
3078
3079 const int full = !!func->ffs->fs_descs_count;
3080 const int high = !!func->ffs->hs_descs_count;
3081 const int super = !!func->ffs->ss_descs_count;
3082
3083 int fs_len, hs_len, ss_len, ret, i;
3084 struct ffs_ep *eps_ptr;
3085
3086
3087 vla_group(d);
3088 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
3089 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
3090 full ? ffs->fs_descs_count + 1 : 0);
3091 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
3092 high ? ffs->hs_descs_count + 1 : 0);
3093 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
3094 super ? ffs->ss_descs_count + 1 : 0);
3095 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
3096 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
3097 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3098 vla_item_with_sz(d, char[16], ext_compat,
3099 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3100 vla_item_with_sz(d, struct usb_os_desc, os_desc,
3101 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3102 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
3103 ffs->ms_os_descs_ext_prop_count);
3104 vla_item_with_sz(d, char, ext_prop_name,
3105 ffs->ms_os_descs_ext_prop_name_len);
3106 vla_item_with_sz(d, char, ext_prop_data,
3107 ffs->ms_os_descs_ext_prop_data_len);
3108 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
3109 char *vlabuf;
3110
3111 ENTER();
3112
3113
3114 if (unlikely(!(full | high | super)))
3115 return -ENOTSUPP;
3116
3117
3118 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
3119 if (unlikely(!vlabuf))
3120 return -ENOMEM;
3121
3122 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
3123 ffs->ms_os_descs_ext_prop_name_avail =
3124 vla_ptr(vlabuf, d, ext_prop_name);
3125 ffs->ms_os_descs_ext_prop_data_avail =
3126 vla_ptr(vlabuf, d, ext_prop_data);
3127
3128
3129 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
3130 ffs->raw_descs_length);
3131
3132 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
3133 eps_ptr = vla_ptr(vlabuf, d, eps);
3134 for (i = 0; i < ffs->eps_count; i++)
3135 eps_ptr[i].num = -1;
3136
3137
3138
3139
3140 func->eps = vla_ptr(vlabuf, d, eps);
3141 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
3142
3143
3144
3145
3146
3147
3148 if (likely(full)) {
3149 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3150 fs_len = ffs_do_descs(ffs->fs_descs_count,
3151 vla_ptr(vlabuf, d, raw_descs),
3152 d_raw_descs__sz,
3153 __ffs_func_bind_do_descs, func);
3154 if (unlikely(fs_len < 0)) {
3155 ret = fs_len;
3156 goto error;
3157 }
3158 } else {
3159 fs_len = 0;
3160 }
3161
3162 if (likely(high)) {
3163 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3164 hs_len = ffs_do_descs(ffs->hs_descs_count,
3165 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3166 d_raw_descs__sz - fs_len,
3167 __ffs_func_bind_do_descs, func);
3168 if (unlikely(hs_len < 0)) {
3169 ret = hs_len;
3170 goto error;
3171 }
3172 } else {
3173 hs_len = 0;
3174 }
3175
3176 if (likely(super)) {
3177 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
3178 ss_len = ffs_do_descs(ffs->ss_descs_count,
3179 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3180 d_raw_descs__sz - fs_len - hs_len,
3181 __ffs_func_bind_do_descs, func);
3182 if (unlikely(ss_len < 0)) {
3183 ret = ss_len;
3184 goto error;
3185 }
3186 } else {
3187 ss_len = 0;
3188 }
3189
3190
3191
3192
3193
3194
3195 ret = ffs_do_descs(ffs->fs_descs_count +
3196 (high ? ffs->hs_descs_count : 0) +
3197 (super ? ffs->ss_descs_count : 0),
3198 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3199 __ffs_func_bind_do_nums, func);
3200 if (unlikely(ret < 0))
3201 goto error;
3202
3203 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3204 if (c->cdev->use_os_string) {
3205 for (i = 0; i < ffs->interfaces_count; ++i) {
3206 struct usb_os_desc *desc;
3207
3208 desc = func->function.os_desc_table[i].os_desc =
3209 vla_ptr(vlabuf, d, os_desc) +
3210 i * sizeof(struct usb_os_desc);
3211 desc->ext_compat_id =
3212 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3213 INIT_LIST_HEAD(&desc->ext_prop);
3214 }
3215 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3216 vla_ptr(vlabuf, d, raw_descs) +
3217 fs_len + hs_len + ss_len,
3218 d_raw_descs__sz - fs_len - hs_len -
3219 ss_len,
3220 __ffs_func_bind_do_os_desc, func);
3221 if (unlikely(ret < 0))
3222 goto error;
3223 }
3224 func->function.os_desc_n =
3225 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3226
3227
3228 ffs_event_add(ffs, FUNCTIONFS_BIND);
3229 return 0;
3230
3231error:
3232
3233 return ret;
3234}
3235
3236static int ffs_func_bind(struct usb_configuration *c,
3237 struct usb_function *f)
3238{
3239 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3240 struct ffs_function *func = ffs_func_from_usb(f);
3241 int ret;
3242
3243 if (IS_ERR(ffs_opts))
3244 return PTR_ERR(ffs_opts);
3245
3246 ret = _ffs_func_bind(c, f);
3247 if (ret && !--ffs_opts->refcnt)
3248 functionfs_unbind(func->ffs);
3249
3250 return ret;
3251}
3252
3253
3254
3255
3256static void ffs_reset_work(struct work_struct *work)
3257{
3258 struct ffs_data *ffs = container_of(work,
3259 struct ffs_data, reset_work);
3260 ffs_data_reset(ffs);
3261}
3262
3263static int ffs_func_set_alt(struct usb_function *f,
3264 unsigned interface, unsigned alt)
3265{
3266 struct ffs_function *func = ffs_func_from_usb(f);
3267 struct ffs_data *ffs = func->ffs;
3268 int ret = 0, intf;
3269
3270 if (alt != (unsigned)-1) {
3271 intf = ffs_func_revmap_intf(func, interface);
3272 if (unlikely(intf < 0))
3273 return intf;
3274 }
3275
3276 if (ffs->func)
3277 ffs_func_eps_disable(ffs->func);
3278
3279 if (ffs->state == FFS_DEACTIVATED) {
3280 ffs->state = FFS_CLOSING;
3281 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3282 schedule_work(&ffs->reset_work);
3283 return -ENODEV;
3284 }
3285
3286 if (ffs->state != FFS_ACTIVE)
3287 return -ENODEV;
3288
3289 if (alt == (unsigned)-1) {
3290 ffs->func = NULL;
3291 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3292 return 0;
3293 }
3294
3295 ffs->func = func;
3296 ret = ffs_func_eps_enable(func);
3297 if (likely(ret >= 0))
3298 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3299 return ret;
3300}
3301
3302static void ffs_func_disable(struct usb_function *f)
3303{
3304 ffs_func_set_alt(f, 0, (unsigned)-1);
3305}
3306
3307static int ffs_func_setup(struct usb_function *f,
3308 const struct usb_ctrlrequest *creq)
3309{
3310 struct ffs_function *func = ffs_func_from_usb(f);
3311 struct ffs_data *ffs = func->ffs;
3312 unsigned long flags;
3313 int ret;
3314
3315 ENTER();
3316
3317 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3318 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3319 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3320 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3321 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333 if (ffs->state != FFS_ACTIVE)
3334 return -ENODEV;
3335
3336 switch (creq->bRequestType & USB_RECIP_MASK) {
3337 case USB_RECIP_INTERFACE:
3338 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3339 if (unlikely(ret < 0))
3340 return ret;
3341 break;
3342
3343 case USB_RECIP_ENDPOINT:
3344 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3345 if (unlikely(ret < 0))
3346 return ret;
3347 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3348 ret = func->ffs->eps_addrmap[ret];
3349 break;
3350
3351 default:
3352 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3353 ret = le16_to_cpu(creq->wIndex);
3354 else
3355 return -EOPNOTSUPP;
3356 }
3357
3358 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3359 ffs->ev.setup = *creq;
3360 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3361 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3362 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3363
3364 return creq->wLength == 0 ? USB_GADGET_DELAYED_STATUS : 0;
3365}
3366
3367static bool ffs_func_req_match(struct usb_function *f,
3368 const struct usb_ctrlrequest *creq,
3369 bool config0)
3370{
3371 struct ffs_function *func = ffs_func_from_usb(f);
3372
3373 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3374 return false;
3375
3376 switch (creq->bRequestType & USB_RECIP_MASK) {
3377 case USB_RECIP_INTERFACE:
3378 return (ffs_func_revmap_intf(func,
3379 le16_to_cpu(creq->wIndex)) >= 0);
3380 case USB_RECIP_ENDPOINT:
3381 return (ffs_func_revmap_ep(func,
3382 le16_to_cpu(creq->wIndex)) >= 0);
3383 default:
3384 return (bool) (func->ffs->user_flags &
3385 FUNCTIONFS_ALL_CTRL_RECIP);
3386 }
3387}
3388
3389static void ffs_func_suspend(struct usb_function *f)
3390{
3391 ENTER();
3392 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3393}
3394
3395static void ffs_func_resume(struct usb_function *f)
3396{
3397 ENTER();
3398 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3399}
3400
3401
3402
3403
3404static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3405{
3406 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3407 return num ? num : -EDOM;
3408}
3409
3410static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3411{
3412 short *nums = func->interfaces_nums;
3413 unsigned count = func->ffs->interfaces_count;
3414
3415 for (; count; --count, ++nums) {
3416 if (*nums >= 0 && *nums == intf)
3417 return nums - func->interfaces_nums;
3418 }
3419
3420 return -EDOM;
3421}
3422
3423
3424
3425
3426static LIST_HEAD(ffs_devices);
3427
3428static struct ffs_dev *_ffs_do_find_dev(const char *name)
3429{
3430 struct ffs_dev *dev;
3431
3432 if (!name)
3433 return NULL;
3434
3435 list_for_each_entry(dev, &ffs_devices, entry) {
3436 if (strcmp(dev->name, name) == 0)
3437 return dev;
3438 }
3439
3440 return NULL;
3441}
3442
3443
3444
3445
3446static struct ffs_dev *_ffs_get_single_dev(void)
3447{
3448 struct ffs_dev *dev;
3449
3450 if (list_is_singular(&ffs_devices)) {
3451 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3452 if (dev->single)
3453 return dev;
3454 }
3455
3456 return NULL;
3457}
3458
3459
3460
3461
3462static struct ffs_dev *_ffs_find_dev(const char *name)
3463{
3464 struct ffs_dev *dev;
3465
3466 dev = _ffs_get_single_dev();
3467 if (dev)
3468 return dev;
3469
3470 return _ffs_do_find_dev(name);
3471}
3472
3473
3474
3475static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3476{
3477 return container_of(to_config_group(item), struct f_fs_opts,
3478 func_inst.group);
3479}
3480
3481static void ffs_attr_release(struct config_item *item)
3482{
3483 struct f_fs_opts *opts = to_ffs_opts(item);
3484
3485 usb_put_function_instance(&opts->func_inst);
3486}
3487
3488static struct configfs_item_operations ffs_item_ops = {
3489 .release = ffs_attr_release,
3490};
3491
3492static const struct config_item_type ffs_func_type = {
3493 .ct_item_ops = &ffs_item_ops,
3494 .ct_owner = THIS_MODULE,
3495};
3496
3497
3498
3499
3500static void ffs_free_inst(struct usb_function_instance *f)
3501{
3502 struct f_fs_opts *opts;
3503
3504 opts = to_f_fs_opts(f);
3505 ffs_dev_lock();
3506 _ffs_free_dev(opts->dev);
3507 ffs_dev_unlock();
3508 kfree(opts);
3509}
3510
3511static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3512{
3513 if (strlen(name) >= sizeof_field(struct ffs_dev, name))
3514 return -ENAMETOOLONG;
3515 return ffs_name_dev(to_f_fs_opts(fi)->dev, name);
3516}
3517
3518static struct usb_function_instance *ffs_alloc_inst(void)
3519{
3520 struct f_fs_opts *opts;
3521 struct ffs_dev *dev;
3522
3523 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3524 if (!opts)
3525 return ERR_PTR(-ENOMEM);
3526
3527 opts->func_inst.set_inst_name = ffs_set_inst_name;
3528 opts->func_inst.free_func_inst = ffs_free_inst;
3529 ffs_dev_lock();
3530 dev = _ffs_alloc_dev();
3531 ffs_dev_unlock();
3532 if (IS_ERR(dev)) {
3533 kfree(opts);
3534 return ERR_CAST(dev);
3535 }
3536 opts->dev = dev;
3537 dev->opts = opts;
3538
3539 config_group_init_type_name(&opts->func_inst.group, "",
3540 &ffs_func_type);
3541 return &opts->func_inst;
3542}
3543
3544static void ffs_free(struct usb_function *f)
3545{
3546 kfree(ffs_func_from_usb(f));
3547}
3548
3549static void ffs_func_unbind(struct usb_configuration *c,
3550 struct usb_function *f)
3551{
3552 struct ffs_function *func = ffs_func_from_usb(f);
3553 struct ffs_data *ffs = func->ffs;
3554 struct f_fs_opts *opts =
3555 container_of(f->fi, struct f_fs_opts, func_inst);
3556 struct ffs_ep *ep = func->eps;
3557 unsigned count = ffs->eps_count;
3558 unsigned long flags;
3559
3560 ENTER();
3561 if (ffs->func == func) {
3562 ffs_func_eps_disable(func);
3563 ffs->func = NULL;
3564 }
3565
3566 if (!--opts->refcnt)
3567 functionfs_unbind(ffs);
3568
3569
3570 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3571 while (count--) {
3572 if (ep->ep && ep->req)
3573 usb_ep_free_request(ep->ep, ep->req);
3574 ep->req = NULL;
3575 ++ep;
3576 }
3577 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3578 kfree(func->eps);
3579 func->eps = NULL;
3580
3581
3582
3583
3584 func->function.fs_descriptors = NULL;
3585 func->function.hs_descriptors = NULL;
3586 func->function.ss_descriptors = NULL;
3587 func->interfaces_nums = NULL;
3588
3589 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3590}
3591
3592static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3593{
3594 struct ffs_function *func;
3595
3596 ENTER();
3597
3598 func = kzalloc(sizeof(*func), GFP_KERNEL);
3599 if (unlikely(!func))
3600 return ERR_PTR(-ENOMEM);
3601
3602 func->function.name = "Function FS Gadget";
3603
3604 func->function.bind = ffs_func_bind;
3605 func->function.unbind = ffs_func_unbind;
3606 func->function.set_alt = ffs_func_set_alt;
3607 func->function.disable = ffs_func_disable;
3608 func->function.setup = ffs_func_setup;
3609 func->function.req_match = ffs_func_req_match;
3610 func->function.suspend = ffs_func_suspend;
3611 func->function.resume = ffs_func_resume;
3612 func->function.free_func = ffs_free;
3613
3614 return &func->function;
3615}
3616
3617
3618
3619
3620static struct ffs_dev *_ffs_alloc_dev(void)
3621{
3622 struct ffs_dev *dev;
3623 int ret;
3624
3625 if (_ffs_get_single_dev())
3626 return ERR_PTR(-EBUSY);
3627
3628 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3629 if (!dev)
3630 return ERR_PTR(-ENOMEM);
3631
3632 if (list_empty(&ffs_devices)) {
3633 ret = functionfs_init();
3634 if (ret) {
3635 kfree(dev);
3636 return ERR_PTR(ret);
3637 }
3638 }
3639
3640 list_add(&dev->entry, &ffs_devices);
3641
3642 return dev;
3643}
3644
3645int ffs_name_dev(struct ffs_dev *dev, const char *name)
3646{
3647 struct ffs_dev *existing;
3648 int ret = 0;
3649
3650 ffs_dev_lock();
3651
3652 existing = _ffs_do_find_dev(name);
3653 if (!existing)
3654 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3655 else if (existing != dev)
3656 ret = -EBUSY;
3657
3658 ffs_dev_unlock();
3659
3660 return ret;
3661}
3662EXPORT_SYMBOL_GPL(ffs_name_dev);
3663
3664int ffs_single_dev(struct ffs_dev *dev)
3665{
3666 int ret;
3667
3668 ret = 0;
3669 ffs_dev_lock();
3670
3671 if (!list_is_singular(&ffs_devices))
3672 ret = -EBUSY;
3673 else
3674 dev->single = true;
3675
3676 ffs_dev_unlock();
3677 return ret;
3678}
3679EXPORT_SYMBOL_GPL(ffs_single_dev);
3680
3681
3682
3683
3684static void _ffs_free_dev(struct ffs_dev *dev)
3685{
3686 list_del(&dev->entry);
3687
3688
3689 if (dev->ffs_data)
3690 dev->ffs_data->private_data = NULL;
3691
3692 kfree(dev);
3693 if (list_empty(&ffs_devices))
3694 functionfs_cleanup();
3695}
3696
3697static void *ffs_acquire_dev(const char *dev_name)
3698{
3699 struct ffs_dev *ffs_dev;
3700
3701 ENTER();
3702 ffs_dev_lock();
3703
3704 ffs_dev = _ffs_find_dev(dev_name);
3705 if (!ffs_dev)
3706 ffs_dev = ERR_PTR(-ENOENT);
3707 else if (ffs_dev->mounted)
3708 ffs_dev = ERR_PTR(-EBUSY);
3709 else if (ffs_dev->ffs_acquire_dev_callback &&
3710 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
3711 ffs_dev = ERR_PTR(-ENOENT);
3712 else
3713 ffs_dev->mounted = true;
3714
3715 ffs_dev_unlock();
3716 return ffs_dev;
3717}
3718
3719static void ffs_release_dev(struct ffs_data *ffs_data)
3720{
3721 struct ffs_dev *ffs_dev;
3722
3723 ENTER();
3724 ffs_dev_lock();
3725
3726 ffs_dev = ffs_data->private_data;
3727 if (ffs_dev) {
3728 ffs_dev->mounted = false;
3729
3730 if (ffs_dev->ffs_release_dev_callback)
3731 ffs_dev->ffs_release_dev_callback(ffs_dev);
3732 }
3733
3734 ffs_dev_unlock();
3735}
3736
3737static int ffs_ready(struct ffs_data *ffs)
3738{
3739 struct ffs_dev *ffs_obj;
3740 int ret = 0;
3741
3742 ENTER();
3743 ffs_dev_lock();
3744
3745 ffs_obj = ffs->private_data;
3746 if (!ffs_obj) {
3747 ret = -EINVAL;
3748 goto done;
3749 }
3750 if (WARN_ON(ffs_obj->desc_ready)) {
3751 ret = -EBUSY;
3752 goto done;
3753 }
3754
3755 ffs_obj->desc_ready = true;
3756 ffs_obj->ffs_data = ffs;
3757
3758 if (ffs_obj->ffs_ready_callback) {
3759 ret = ffs_obj->ffs_ready_callback(ffs);
3760 if (ret)
3761 goto done;
3762 }
3763
3764 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3765done:
3766 ffs_dev_unlock();
3767 return ret;
3768}
3769
3770static void ffs_closed(struct ffs_data *ffs)
3771{
3772 struct ffs_dev *ffs_obj;
3773 struct f_fs_opts *opts;
3774 struct config_item *ci;
3775
3776 ENTER();
3777 ffs_dev_lock();
3778
3779 ffs_obj = ffs->private_data;
3780 if (!ffs_obj)
3781 goto done;
3782
3783 ffs_obj->desc_ready = false;
3784 ffs_obj->ffs_data = NULL;
3785
3786 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3787 ffs_obj->ffs_closed_callback)
3788 ffs_obj->ffs_closed_callback(ffs);
3789
3790 if (ffs_obj->opts)
3791 opts = ffs_obj->opts;
3792 else
3793 goto done;
3794
3795 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3796 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
3797 goto done;
3798
3799 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3800 ffs_dev_unlock();
3801
3802 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3803 unregister_gadget_item(ci);
3804 return;
3805done:
3806 ffs_dev_unlock();
3807}
3808
3809
3810
3811static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3812{
3813 return nonblock
3814 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3815 : mutex_lock_interruptible(mutex);
3816}
3817
3818static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3819{
3820 char *data;
3821
3822 if (unlikely(!len))
3823 return NULL;
3824
3825 data = kmalloc(len, GFP_KERNEL);
3826 if (unlikely(!data))
3827 return ERR_PTR(-ENOMEM);
3828
3829 if (unlikely(copy_from_user(data, buf, len))) {
3830 kfree(data);
3831 return ERR_PTR(-EFAULT);
3832 }
3833
3834 pr_vdebug("Buffer from user space:\n");
3835 ffs_dump_mem("", data, len);
3836
3837 return data;
3838}
3839
3840DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3841MODULE_LICENSE("GPL");
3842MODULE_AUTHOR("Michal Nazarewicz");
3843
