1
2
3
4
5
6
7
8
9
10
11
12#include "qemu/osdep.h"
13#include "qapi/error.h"
14#include <wchar.h>
15#include <dirent.h>
16
17#include <sys/statvfs.h>
18#ifdef CONFIG_INOTIFY1
19#include <sys/inotify.h>
20#include "qemu/main-loop.h"
21#endif
22
23#include "qemu-common.h"
24#include "qemu/iov.h"
25#include "trace.h"
26#include "hw/usb.h"
27#include "hw/usb/desc.h"
28
29
30
31enum mtp_container_type {
32 TYPE_COMMAND = 1,
33 TYPE_DATA = 2,
34 TYPE_RESPONSE = 3,
35 TYPE_EVENT = 4,
36};
37
38enum mtp_code {
39
40 CMD_GET_DEVICE_INFO = 0x1001,
41 CMD_OPEN_SESSION = 0x1002,
42 CMD_CLOSE_SESSION = 0x1003,
43 CMD_GET_STORAGE_IDS = 0x1004,
44 CMD_GET_STORAGE_INFO = 0x1005,
45 CMD_GET_NUM_OBJECTS = 0x1006,
46 CMD_GET_OBJECT_HANDLES = 0x1007,
47 CMD_GET_OBJECT_INFO = 0x1008,
48 CMD_GET_OBJECT = 0x1009,
49 CMD_GET_PARTIAL_OBJECT = 0x101b,
50 CMD_GET_OBJECT_PROPS_SUPPORTED = 0x9801,
51 CMD_GET_OBJECT_PROP_DESC = 0x9802,
52 CMD_GET_OBJECT_PROP_VALUE = 0x9803,
53
54
55 RES_OK = 0x2001,
56 RES_GENERAL_ERROR = 0x2002,
57 RES_SESSION_NOT_OPEN = 0x2003,
58 RES_INVALID_TRANSACTION_ID = 0x2004,
59 RES_OPERATION_NOT_SUPPORTED = 0x2005,
60 RES_PARAMETER_NOT_SUPPORTED = 0x2006,
61 RES_INCOMPLETE_TRANSFER = 0x2007,
62 RES_INVALID_STORAGE_ID = 0x2008,
63 RES_INVALID_OBJECT_HANDLE = 0x2009,
64 RES_INVALID_OBJECT_FORMAT_CODE = 0x200b,
65 RES_SPEC_BY_FORMAT_UNSUPPORTED = 0x2014,
66 RES_INVALID_PARENT_OBJECT = 0x201a,
67 RES_INVALID_PARAMETER = 0x201d,
68 RES_SESSION_ALREADY_OPEN = 0x201e,
69 RES_INVALID_OBJECT_PROP_CODE = 0xA801,
70
71
72 FMT_UNDEFINED_OBJECT = 0x3000,
73 FMT_ASSOCIATION = 0x3001,
74
75
76 EVT_OBJ_ADDED = 0x4002,
77 EVT_OBJ_REMOVED = 0x4003,
78 EVT_OBJ_INFO_CHANGED = 0x4007,
79
80
81 PROP_STORAGE_ID = 0xDC01,
82 PROP_OBJECT_FORMAT = 0xDC02,
83 PROP_OBJECT_COMPRESSED_SIZE = 0xDC04,
84 PROP_PARENT_OBJECT = 0xDC0B,
85 PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER = 0xDC41,
86 PROP_NAME = 0xDC44,
87};
88
89enum mtp_data_type {
90 DATA_TYPE_UINT16 = 0x0004,
91 DATA_TYPE_UINT32 = 0x0006,
92 DATA_TYPE_UINT64 = 0x0008,
93 DATA_TYPE_UINT128 = 0x000a,
94 DATA_TYPE_STRING = 0xffff,
95};
96
97typedef struct {
98 uint32_t length;
99 uint16_t type;
100 uint16_t code;
101 uint32_t trans;
102} QEMU_PACKED mtp_container;
103
104
105
106typedef struct MTPState MTPState;
107typedef struct MTPControl MTPControl;
108typedef struct MTPData MTPData;
109typedef struct MTPObject MTPObject;
110
111enum {
112 EP_DATA_IN = 1,
113 EP_DATA_OUT,
114 EP_EVENT,
115};
116
117#ifdef CONFIG_INOTIFY1
118typedef struct MTPMonEntry MTPMonEntry;
119
120struct MTPMonEntry {
121 uint32_t event;
122 uint32_t handle;
123
124 QTAILQ_ENTRY(MTPMonEntry) next;
125};
126#endif
127
128struct MTPControl {
129 uint16_t code;
130 uint32_t trans;
131 int argc;
132 uint32_t argv[5];
133};
134
135struct MTPData {
136 uint16_t code;
137 uint32_t trans;
138 uint64_t offset;
139 uint64_t length;
140 uint32_t alloc;
141 uint8_t *data;
142 bool first;
143 int fd;
144};
145
146struct MTPObject {
147 uint32_t handle;
148 uint16_t format;
149 char *name;
150 char *path;
151 struct stat stat;
152#ifdef CONFIG_INOTIFY1
153
154 int watchfd;
155#endif
156 MTPObject *parent;
157 uint32_t nchildren;
158 QLIST_HEAD(, MTPObject) children;
159 QLIST_ENTRY(MTPObject) list;
160 bool have_children;
161 QTAILQ_ENTRY(MTPObject) next;
162};
163
164struct MTPState {
165 USBDevice dev;
166 char *root;
167 char *desc;
168 uint32_t flags;
169
170 MTPData *data_in;
171 MTPData *data_out;
172 MTPControl *result;
173 uint32_t session;
174 uint32_t next_handle;
175
176 QTAILQ_HEAD(, MTPObject) objects;
177#ifdef CONFIG_INOTIFY1
178
179 int inotifyfd;
180 QTAILQ_HEAD(events, MTPMonEntry) events;
181#endif
182};
183
184#define TYPE_USB_MTP "usb-mtp"
185#define USB_MTP(obj) OBJECT_CHECK(MTPState, (obj), TYPE_USB_MTP)
186
187#define QEMU_STORAGE_ID 0x00010001
188
189#define MTP_FLAG_WRITABLE 0
190
191#define FLAG_SET(_mtp, _flag) ((_mtp)->flags & (1 << (_flag)))
192
193
194
195#define MTP_MANUFACTURER "QEMU"
196#define MTP_PRODUCT "QEMU filesharing"
197
198enum {
199 STR_MANUFACTURER = 1,
200 STR_PRODUCT,
201 STR_SERIALNUMBER,
202 STR_MTP,
203 STR_CONFIG_FULL,
204 STR_CONFIG_HIGH,
205 STR_CONFIG_SUPER,
206};
207
208static const USBDescStrings desc_strings = {
209 [STR_MANUFACTURER] = MTP_MANUFACTURER,
210 [STR_PRODUCT] = MTP_PRODUCT,
211 [STR_SERIALNUMBER] = "34617",
212 [STR_MTP] = "MTP",
213 [STR_CONFIG_FULL] = "Full speed config (usb 1.1)",
214 [STR_CONFIG_HIGH] = "High speed config (usb 2.0)",
215 [STR_CONFIG_SUPER] = "Super speed config (usb 3.0)",
216};
217
218static const USBDescIface desc_iface_full = {
219 .bInterfaceNumber = 0,
220 .bNumEndpoints = 3,
221 .bInterfaceClass = USB_CLASS_STILL_IMAGE,
222 .bInterfaceSubClass = 0x01,
223 .bInterfaceProtocol = 0x01,
224 .iInterface = STR_MTP,
225 .eps = (USBDescEndpoint[]) {
226 {
227 .bEndpointAddress = USB_DIR_IN | EP_DATA_IN,
228 .bmAttributes = USB_ENDPOINT_XFER_BULK,
229 .wMaxPacketSize = 64,
230 },{
231 .bEndpointAddress = USB_DIR_OUT | EP_DATA_OUT,
232 .bmAttributes = USB_ENDPOINT_XFER_BULK,
233 .wMaxPacketSize = 64,
234 },{
235 .bEndpointAddress = USB_DIR_IN | EP_EVENT,
236 .bmAttributes = USB_ENDPOINT_XFER_INT,
237 .wMaxPacketSize = 64,
238 .bInterval = 0x0a,
239 },
240 }
241};
242
243static const USBDescDevice desc_device_full = {
244 .bcdUSB = 0x0200,
245 .bMaxPacketSize0 = 8,
246 .bNumConfigurations = 1,
247 .confs = (USBDescConfig[]) {
248 {
249 .bNumInterfaces = 1,
250 .bConfigurationValue = 1,
251 .iConfiguration = STR_CONFIG_FULL,
252 .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_WAKEUP,
253 .bMaxPower = 2,
254 .nif = 1,
255 .ifs = &desc_iface_full,
256 },
257 },
258};
259
260static const USBDescIface desc_iface_high = {
261 .bInterfaceNumber = 0,
262 .bNumEndpoints = 3,
263 .bInterfaceClass = USB_CLASS_STILL_IMAGE,
264 .bInterfaceSubClass = 0x01,
265 .bInterfaceProtocol = 0x01,
266 .iInterface = STR_MTP,
267 .eps = (USBDescEndpoint[]) {
268 {
269 .bEndpointAddress = USB_DIR_IN | EP_DATA_IN,
270 .bmAttributes = USB_ENDPOINT_XFER_BULK,
271 .wMaxPacketSize = 512,
272 },{
273 .bEndpointAddress = USB_DIR_OUT | EP_DATA_OUT,
274 .bmAttributes = USB_ENDPOINT_XFER_BULK,
275 .wMaxPacketSize = 512,
276 },{
277 .bEndpointAddress = USB_DIR_IN | EP_EVENT,
278 .bmAttributes = USB_ENDPOINT_XFER_INT,
279 .wMaxPacketSize = 64,
280 .bInterval = 0x0a,
281 },
282 }
283};
284
285static const USBDescDevice desc_device_high = {
286 .bcdUSB = 0x0200,
287 .bMaxPacketSize0 = 64,
288 .bNumConfigurations = 1,
289 .confs = (USBDescConfig[]) {
290 {
291 .bNumInterfaces = 1,
292 .bConfigurationValue = 1,
293 .iConfiguration = STR_CONFIG_HIGH,
294 .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_WAKEUP,
295 .bMaxPower = 2,
296 .nif = 1,
297 .ifs = &desc_iface_high,
298 },
299 },
300};
301
302static const USBDescMSOS desc_msos = {
303 .CompatibleID = "MTP",
304 .SelectiveSuspendEnabled = true,
305};
306
307static const USBDesc desc = {
308 .id = {
309 .idVendor = 0x46f4,
310 .idProduct = 0x0004,
311 .bcdDevice = 0,
312 .iManufacturer = STR_MANUFACTURER,
313 .iProduct = STR_PRODUCT,
314 .iSerialNumber = STR_SERIALNUMBER,
315 },
316 .full = &desc_device_full,
317 .high = &desc_device_high,
318 .str = desc_strings,
319 .msos = &desc_msos,
320};
321
322
323
324static MTPObject *usb_mtp_object_alloc(MTPState *s, uint32_t handle,
325 MTPObject *parent, char *name)
326{
327 MTPObject *o = g_new0(MTPObject, 1);
328
329 if (name[0] == '.') {
330 goto ignore;
331 }
332
333 o->handle = handle;
334 o->parent = parent;
335 o->name = g_strdup(name);
336 if (parent == NULL) {
337 o->path = g_strdup(name);
338 } else {
339 o->path = g_strdup_printf("%s/%s", parent->path, name);
340 }
341
342 if (lstat(o->path, &o->stat) != 0) {
343 goto ignore;
344 }
345 if (S_ISREG(o->stat.st_mode)) {
346 o->format = FMT_UNDEFINED_OBJECT;
347 } else if (S_ISDIR(o->stat.st_mode)) {
348 o->format = FMT_ASSOCIATION;
349 } else {
350 goto ignore;
351 }
352
353 if (access(o->path, R_OK) != 0) {
354 goto ignore;
355 }
356
357 trace_usb_mtp_object_alloc(s->dev.addr, o->handle, o->path);
358
359 QTAILQ_INSERT_TAIL(&s->objects, o, next);
360 return o;
361
362ignore:
363 g_free(o->name);
364 g_free(o->path);
365 g_free(o);
366 return NULL;
367}
368
369static void usb_mtp_object_free(MTPState *s, MTPObject *o)
370{
371 MTPObject *iter;
372
373 if (!o) {
374 return;
375 }
376
377 trace_usb_mtp_object_free(s->dev.addr, o->handle, o->path);
378
379 QTAILQ_REMOVE(&s->objects, o, next);
380 if (o->parent) {
381 QLIST_REMOVE(o, list);
382 o->parent->nchildren--;
383 }
384
385 while (!QLIST_EMPTY(&o->children)) {
386 iter = QLIST_FIRST(&o->children);
387 usb_mtp_object_free(s, iter);
388 }
389 g_free(o->name);
390 g_free(o->path);
391 g_free(o);
392}
393
394static MTPObject *usb_mtp_object_lookup(MTPState *s, uint32_t handle)
395{
396 MTPObject *o;
397
398 QTAILQ_FOREACH(o, &s->objects, next) {
399 if (o->handle == handle) {
400 return o;
401 }
402 }
403 return NULL;
404}
405
406static MTPObject *usb_mtp_add_child(MTPState *s, MTPObject *o,
407 char *name)
408{
409 MTPObject *child =
410 usb_mtp_object_alloc(s, s->next_handle++, o, name);
411
412 if (child) {
413 trace_usb_mtp_add_child(s->dev.addr, child->handle, child->path);
414 QLIST_INSERT_HEAD(&o->children, child, list);
415 o->nchildren++;
416
417 if (child->format == FMT_ASSOCIATION) {
418 QLIST_INIT(&child->children);
419 }
420 }
421
422 return child;
423}
424
425#ifdef CONFIG_INOTIFY1
426static MTPObject *usb_mtp_object_lookup_name(MTPObject *parent,
427 char *name, int len)
428{
429 MTPObject *iter;
430
431 QLIST_FOREACH(iter, &parent->children, list) {
432 if (strncmp(iter->name, name, len) == 0) {
433 return iter;
434 }
435 }
436
437 return NULL;
438}
439
440static MTPObject *usb_mtp_object_lookup_wd(MTPState *s, int wd)
441{
442 MTPObject *iter;
443
444 QTAILQ_FOREACH(iter, &s->objects, next) {
445 if (iter->watchfd == wd) {
446 return iter;
447 }
448 }
449
450 return NULL;
451}
452
453static void inotify_watchfn(void *arg)
454{
455 MTPState *s = arg;
456 ssize_t bytes;
457
458 int pos;
459 char buf[sizeof(struct inotify_event) + NAME_MAX + 1];
460
461 for (;;) {
462 bytes = read(s->inotifyfd, buf, sizeof(buf));
463 pos = 0;
464
465 if (bytes <= 0) {
466
467 return;
468 }
469
470
471
472
473
474 while (bytes > 0) {
475 char *p = buf + pos;
476 struct inotify_event *event = (struct inotify_event *)p;
477 int watchfd = 0;
478 uint32_t mask = event->mask & (IN_CREATE | IN_DELETE |
479 IN_MODIFY | IN_IGNORED);
480 MTPObject *parent = usb_mtp_object_lookup_wd(s, event->wd);
481 MTPMonEntry *entry = NULL;
482 MTPObject *o;
483
484 pos = pos + sizeof(struct inotify_event) + event->len;
485 bytes = bytes - pos;
486
487 if (!parent) {
488 continue;
489 }
490
491 switch (mask) {
492 case IN_CREATE:
493 if (usb_mtp_object_lookup_name
494 (parent, event->name, event->len)) {
495
496 continue;
497 }
498 entry = g_new0(MTPMonEntry, 1);
499 entry->handle = s->next_handle;
500 entry->event = EVT_OBJ_ADDED;
501 o = usb_mtp_add_child(s, parent, event->name);
502 if (!o) {
503 g_free(entry);
504 continue;
505 }
506 o->watchfd = watchfd;
507 trace_usb_mtp_inotify_event(s->dev.addr, event->name,
508 event->mask, "Obj Added");
509 break;
510
511 case IN_DELETE:
512
513
514
515
516
517
518 o = usb_mtp_object_lookup_name(parent, event->name, event->len);
519 if (!o) {
520 continue;
521 }
522 entry = g_new0(MTPMonEntry, 1);
523 entry->handle = o->handle;
524 entry->event = EVT_OBJ_REMOVED;
525 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
526 event->mask, "Obj Deleted");
527 usb_mtp_object_free(s, o);
528 break;
529
530 case IN_MODIFY:
531 o = usb_mtp_object_lookup_name(parent, event->name, event->len);
532 if (!o) {
533 continue;
534 }
535 entry = g_new0(MTPMonEntry, 1);
536 entry->handle = o->handle;
537 entry->event = EVT_OBJ_INFO_CHANGED;
538 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
539 event->mask, "Obj Modified");
540 break;
541
542 case IN_IGNORED:
543 o = usb_mtp_object_lookup_name(parent, event->name, event->len);
544 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
545 event->mask, "Obj ignored");
546 break;
547
548 default:
549 fprintf(stderr, "usb-mtp: failed to parse inotify event\n");
550 continue;
551 }
552
553 if (entry) {
554 QTAILQ_INSERT_HEAD(&s->events, entry, next);
555 }
556 }
557 }
558}
559
560static int usb_mtp_inotify_init(MTPState *s)
561{
562 int fd;
563
564 fd = inotify_init1(IN_NONBLOCK);
565 if (fd == -1) {
566 return 1;
567 }
568
569 QTAILQ_INIT(&s->events);
570 s->inotifyfd = fd;
571
572 qemu_set_fd_handler(fd, inotify_watchfn, NULL, s);
573
574 return 0;
575}
576
577static void usb_mtp_inotify_cleanup(MTPState *s)
578{
579 MTPMonEntry *e, *p;
580
581 if (!s->inotifyfd) {
582 return;
583 }
584
585 qemu_set_fd_handler(s->inotifyfd, NULL, NULL, s);
586 close(s->inotifyfd);
587
588 QTAILQ_FOREACH_SAFE(e, &s->events, next, p) {
589 QTAILQ_REMOVE(&s->events, e, next);
590 g_free(e);
591 }
592}
593
594static int usb_mtp_add_watch(int inotifyfd, char *path)
595{
596 uint32_t mask = IN_CREATE | IN_DELETE | IN_MODIFY |
597 IN_ISDIR;
598
599 return inotify_add_watch(inotifyfd, path, mask);
600}
601#endif
602
603static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
604{
605 struct dirent *entry;
606 DIR *dir;
607
608 if (o->have_children) {
609 return;
610 }
611 o->have_children = true;
612
613 dir = opendir(o->path);
614 if (!dir) {
615 return;
616 }
617#ifdef CONFIG_INOTIFY1
618 int watchfd = usb_mtp_add_watch(s->inotifyfd, o->path);
619 if (watchfd == -1) {
620 fprintf(stderr, "usb-mtp: failed to add watch for %s\n", o->path);
621 } else {
622 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
623 0, "Watch Added");
624 o->watchfd = watchfd;
625 }
626#endif
627 while ((entry = readdir(dir)) != NULL) {
628 usb_mtp_add_child(s, o, entry->d_name);
629 }
630 closedir(dir);
631}
632
633
634
635static MTPData *usb_mtp_data_alloc(MTPControl *c)
636{
637 MTPData *data = g_new0(MTPData, 1);
638
639 data->code = c->code;
640 data->trans = c->trans;
641 data->fd = -1;
642 data->first = true;
643 return data;
644}
645
646static void usb_mtp_data_free(MTPData *data)
647{
648 if (data == NULL) {
649 return;
650 }
651 if (data->fd != -1) {
652 close(data->fd);
653 }
654 g_free(data->data);
655 g_free(data);
656}
657
658static void usb_mtp_realloc(MTPData *data, uint32_t bytes)
659{
660 if (data->length + bytes <= data->alloc) {
661 return;
662 }
663 data->alloc = (data->length + bytes + 0xff) & ~0xff;
664 data->data = g_realloc(data->data, data->alloc);
665}
666
667static void usb_mtp_add_u8(MTPData *data, uint8_t val)
668{
669 usb_mtp_realloc(data, 1);
670 data->data[data->length++] = val;
671}
672
673static void usb_mtp_add_u16(MTPData *data, uint16_t val)
674{
675 usb_mtp_realloc(data, 2);
676 data->data[data->length++] = (val >> 0) & 0xff;
677 data->data[data->length++] = (val >> 8) & 0xff;
678}
679
680static void usb_mtp_add_u32(MTPData *data, uint32_t val)
681{
682 usb_mtp_realloc(data, 4);
683 data->data[data->length++] = (val >> 0) & 0xff;
684 data->data[data->length++] = (val >> 8) & 0xff;
685 data->data[data->length++] = (val >> 16) & 0xff;
686 data->data[data->length++] = (val >> 24) & 0xff;
687}
688
689static void usb_mtp_add_u64(MTPData *data, uint64_t val)
690{
691 usb_mtp_realloc(data, 8);
692 data->data[data->length++] = (val >> 0) & 0xff;
693 data->data[data->length++] = (val >> 8) & 0xff;
694 data->data[data->length++] = (val >> 16) & 0xff;
695 data->data[data->length++] = (val >> 24) & 0xff;
696 data->data[data->length++] = (val >> 32) & 0xff;
697 data->data[data->length++] = (val >> 40) & 0xff;
698 data->data[data->length++] = (val >> 48) & 0xff;
699 data->data[data->length++] = (val >> 56) & 0xff;
700}
701
702static void usb_mtp_add_u16_array(MTPData *data, uint32_t len,
703 const uint16_t *vals)
704{
705 int i;
706
707 usb_mtp_add_u32(data, len);
708 for (i = 0; i < len; i++) {
709 usb_mtp_add_u16(data, vals[i]);
710 }
711}
712
713static void usb_mtp_add_u32_array(MTPData *data, uint32_t len,
714 const uint32_t *vals)
715{
716 int i;
717
718 usb_mtp_add_u32(data, len);
719 for (i = 0; i < len; i++) {
720 usb_mtp_add_u32(data, vals[i]);
721 }
722}
723
724static void usb_mtp_add_wstr(MTPData *data, const wchar_t *str)
725{
726 uint32_t len = wcslen(str);
727 int i;
728
729 if (len > 0) {
730 len++;
731 }
732
733 usb_mtp_add_u8(data, len);
734 for (i = 0; i < len; i++) {
735 usb_mtp_add_u16(data, str[i]);
736 }
737}
738
739static void usb_mtp_add_str(MTPData *data, const char *str)
740{
741 uint32_t len = strlen(str)+1;
742 wchar_t *wstr = g_new(wchar_t, len);
743 size_t ret;
744
745 ret = mbstowcs(wstr, str, len);
746 if (ret == -1) {
747 usb_mtp_add_wstr(data, L"Oops");
748 } else {
749 usb_mtp_add_wstr(data, wstr);
750 }
751
752 g_free(wstr);
753}
754
755static void usb_mtp_add_time(MTPData *data, time_t time)
756{
757 char buf[16];
758 struct tm tm;
759
760 gmtime_r(&time, &tm);
761 strftime(buf, sizeof(buf), "%Y%m%dT%H%M%S", &tm);
762 usb_mtp_add_str(data, buf);
763}
764
765
766
767static void usb_mtp_queue_result(MTPState *s, uint16_t code, uint32_t trans,
768 int argc, uint32_t arg0, uint32_t arg1)
769{
770 MTPControl *c = g_new0(MTPControl, 1);
771
772 c->code = code;
773 c->trans = trans;
774 c->argc = argc;
775 if (argc > 0) {
776 c->argv[0] = arg0;
777 }
778 if (argc > 1) {
779 c->argv[1] = arg1;
780 }
781
782 assert(s->result == NULL);
783 s->result = c;
784}
785
786
787
788static MTPData *usb_mtp_get_device_info(MTPState *s, MTPControl *c)
789{
790 static const uint16_t ops[] = {
791 CMD_GET_DEVICE_INFO,
792 CMD_OPEN_SESSION,
793 CMD_CLOSE_SESSION,
794 CMD_GET_STORAGE_IDS,
795 CMD_GET_STORAGE_INFO,
796 CMD_GET_NUM_OBJECTS,
797 CMD_GET_OBJECT_HANDLES,
798 CMD_GET_OBJECT_INFO,
799 CMD_GET_OBJECT,
800 CMD_GET_PARTIAL_OBJECT,
801 CMD_GET_OBJECT_PROPS_SUPPORTED,
802 CMD_GET_OBJECT_PROP_DESC,
803 CMD_GET_OBJECT_PROP_VALUE,
804 };
805 static const uint16_t fmt[] = {
806 FMT_UNDEFINED_OBJECT,
807 FMT_ASSOCIATION,
808 };
809 MTPData *d = usb_mtp_data_alloc(c);
810
811 trace_usb_mtp_op_get_device_info(s->dev.addr);
812
813 usb_mtp_add_u16(d, 100);
814 usb_mtp_add_u32(d, 0x00000006);
815 usb_mtp_add_u16(d, 0x0064);
816 usb_mtp_add_wstr(d, L"");
817 usb_mtp_add_u16(d, 0x0000);
818
819 usb_mtp_add_u16_array(d, ARRAY_SIZE(ops), ops);
820 usb_mtp_add_u16_array(d, 0, NULL);
821 usb_mtp_add_u16_array(d, 0, NULL);
822 usb_mtp_add_u16_array(d, 0, NULL);
823 usb_mtp_add_u16_array(d, ARRAY_SIZE(fmt), fmt);
824
825 usb_mtp_add_wstr(d, L"" MTP_MANUFACTURER);
826 usb_mtp_add_wstr(d, L"" MTP_PRODUCT);
827 usb_mtp_add_wstr(d, L"0.1");
828 usb_mtp_add_wstr(d, L"0123456789abcdef0123456789abcdef");
829
830 return d;
831}
832
833static MTPData *usb_mtp_get_storage_ids(MTPState *s, MTPControl *c)
834{
835 static const uint32_t ids[] = {
836 QEMU_STORAGE_ID,
837 };
838 MTPData *d = usb_mtp_data_alloc(c);
839
840 trace_usb_mtp_op_get_storage_ids(s->dev.addr);
841
842 usb_mtp_add_u32_array(d, ARRAY_SIZE(ids), ids);
843
844 return d;
845}
846
847static MTPData *usb_mtp_get_storage_info(MTPState *s, MTPControl *c)
848{
849 MTPData *d = usb_mtp_data_alloc(c);
850 struct statvfs buf;
851 int rc;
852
853 trace_usb_mtp_op_get_storage_info(s->dev.addr);
854
855 if (FLAG_SET(s, MTP_FLAG_WRITABLE)) {
856 usb_mtp_add_u16(d, 0x0003);
857 usb_mtp_add_u16(d, 0x0002);
858 usb_mtp_add_u16(d, 0x0000);
859 } else {
860 usb_mtp_add_u16(d, 0x0001);
861 usb_mtp_add_u16(d, 0x0002);
862 usb_mtp_add_u16(d, 0x0001);
863 }
864
865 rc = statvfs(s->root, &buf);
866 if (rc == 0) {
867 usb_mtp_add_u64(d, (uint64_t)buf.f_frsize * buf.f_blocks);
868 usb_mtp_add_u64(d, (uint64_t)buf.f_bavail * buf.f_blocks);
869 usb_mtp_add_u32(d, buf.f_ffree);
870 } else {
871 usb_mtp_add_u64(d, 0xffffffff);
872 usb_mtp_add_u64(d, 0xffffffff);
873 usb_mtp_add_u32(d, 0xffffffff);
874 }
875
876 usb_mtp_add_str(d, s->desc);
877 usb_mtp_add_wstr(d, L"123456789abcdef");
878 return d;
879}
880
881static MTPData *usb_mtp_get_object_handles(MTPState *s, MTPControl *c,
882 MTPObject *o)
883{
884 MTPData *d = usb_mtp_data_alloc(c);
885 uint32_t i = 0, handles[o->nchildren];
886 MTPObject *iter;
887
888 trace_usb_mtp_op_get_object_handles(s->dev.addr, o->handle, o->path);
889
890 QLIST_FOREACH(iter, &o->children, list) {
891 handles[i++] = iter->handle;
892 }
893 assert(i == o->nchildren);
894 usb_mtp_add_u32_array(d, o->nchildren, handles);
895
896 return d;
897}
898
899static MTPData *usb_mtp_get_object_info(MTPState *s, MTPControl *c,
900 MTPObject *o)
901{
902 MTPData *d = usb_mtp_data_alloc(c);
903
904 trace_usb_mtp_op_get_object_info(s->dev.addr, o->handle, o->path);
905
906 usb_mtp_add_u32(d, QEMU_STORAGE_ID);
907 usb_mtp_add_u16(d, o->format);
908 usb_mtp_add_u16(d, 0);
909
910 if (o->stat.st_size > 0xFFFFFFFF) {
911 usb_mtp_add_u32(d, 0xFFFFFFFF);
912 } else {
913 usb_mtp_add_u32(d, o->stat.st_size);
914 }
915
916 usb_mtp_add_u16(d, 0);
917 usb_mtp_add_u32(d, 0);
918 usb_mtp_add_u32(d, 0);
919 usb_mtp_add_u32(d, 0);
920 usb_mtp_add_u32(d, 0);
921 usb_mtp_add_u32(d, 0);
922 usb_mtp_add_u32(d, 0);
923
924 if (o->parent) {
925 usb_mtp_add_u32(d, o->parent->handle);
926 } else {
927 usb_mtp_add_u32(d, 0);
928 }
929 if (o->format == FMT_ASSOCIATION) {
930 usb_mtp_add_u16(d, 0x0001);
931 usb_mtp_add_u32(d, 0x00000001);
932 usb_mtp_add_u32(d, 0);
933 } else {
934 usb_mtp_add_u16(d, 0);
935 usb_mtp_add_u32(d, 0);
936 usb_mtp_add_u32(d, 0);
937 }
938
939 usb_mtp_add_str(d, o->name);
940 usb_mtp_add_time(d, o->stat.st_ctime);
941 usb_mtp_add_time(d, o->stat.st_mtime);
942 usb_mtp_add_wstr(d, L"");
943
944 return d;
945}
946
947static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
948 MTPObject *o)
949{
950 MTPData *d = usb_mtp_data_alloc(c);
951
952 trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
953
954 d->fd = open(o->path, O_RDONLY);
955 if (d->fd == -1) {
956 usb_mtp_data_free(d);
957 return NULL;
958 }
959 d->length = o->stat.st_size;
960 d->alloc = 512;
961 d->data = g_malloc(d->alloc);
962 return d;
963}
964
965static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
966 MTPObject *o)
967{
968 MTPData *d = usb_mtp_data_alloc(c);
969 off_t offset;
970
971 trace_usb_mtp_op_get_partial_object(s->dev.addr, o->handle, o->path,
972 c->argv[1], c->argv[2]);
973
974 d->fd = open(o->path, O_RDONLY);
975 if (d->fd == -1) {
976 usb_mtp_data_free(d);
977 return NULL;
978 }
979
980 offset = c->argv[1];
981 if (offset > o->stat.st_size) {
982 offset = o->stat.st_size;
983 }
984 if (lseek(d->fd, offset, SEEK_SET) < 0) {
985 usb_mtp_data_free(d);
986 return NULL;
987 }
988
989 d->length = c->argv[2];
990 if (d->length > o->stat.st_size - offset) {
991 d->length = o->stat.st_size - offset;
992 }
993
994 return d;
995}
996
997static MTPData *usb_mtp_get_object_props_supported(MTPState *s, MTPControl *c)
998{
999 static const uint16_t props[] = {
1000 PROP_STORAGE_ID,
1001 PROP_OBJECT_FORMAT,
1002 PROP_OBJECT_COMPRESSED_SIZE,
1003 PROP_PARENT_OBJECT,
1004 PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER,
1005 PROP_NAME,
1006 };
1007 MTPData *d = usb_mtp_data_alloc(c);
1008 usb_mtp_add_u16_array(d, ARRAY_SIZE(props), props);
1009
1010 return d;
1011}
1012
1013static MTPData *usb_mtp_get_object_prop_desc(MTPState *s, MTPControl *c)
1014{
1015 MTPData *d = usb_mtp_data_alloc(c);
1016 switch (c->argv[0]) {
1017 case PROP_STORAGE_ID:
1018 usb_mtp_add_u16(d, PROP_STORAGE_ID);
1019 usb_mtp_add_u16(d, DATA_TYPE_UINT32);
1020 usb_mtp_add_u8(d, 0x00);
1021 usb_mtp_add_u32(d, 0x00000000);
1022 usb_mtp_add_u32(d, 0x00000000);
1023 usb_mtp_add_u8(d, 0x00);
1024 break;
1025 case PROP_OBJECT_FORMAT:
1026 usb_mtp_add_u16(d, PROP_OBJECT_FORMAT);
1027 usb_mtp_add_u16(d, DATA_TYPE_UINT16);
1028 usb_mtp_add_u8(d, 0x00);
1029 usb_mtp_add_u16(d, 0x0000);
1030 usb_mtp_add_u32(d, 0x00000000);
1031 usb_mtp_add_u8(d, 0x00);
1032 break;
1033 case PROP_OBJECT_COMPRESSED_SIZE:
1034 usb_mtp_add_u16(d, PROP_OBJECT_COMPRESSED_SIZE);
1035 usb_mtp_add_u16(d, DATA_TYPE_UINT64);
1036 usb_mtp_add_u8(d, 0x00);
1037 usb_mtp_add_u64(d, 0x0000000000000000);
1038 usb_mtp_add_u32(d, 0x00000000);
1039 usb_mtp_add_u8(d, 0x00);
1040 break;
1041 case PROP_PARENT_OBJECT:
1042 usb_mtp_add_u16(d, PROP_PARENT_OBJECT);
1043 usb_mtp_add_u16(d, DATA_TYPE_UINT32);
1044 usb_mtp_add_u8(d, 0x00);
1045 usb_mtp_add_u32(d, 0x00000000);
1046 usb_mtp_add_u32(d, 0x00000000);
1047 usb_mtp_add_u8(d, 0x00);
1048 break;
1049 case PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER:
1050 usb_mtp_add_u16(d, PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER);
1051 usb_mtp_add_u16(d, DATA_TYPE_UINT128);
1052 usb_mtp_add_u8(d, 0x00);
1053 usb_mtp_add_u64(d, 0x0000000000000000);
1054 usb_mtp_add_u64(d, 0x0000000000000000);
1055 usb_mtp_add_u32(d, 0x00000000);
1056 usb_mtp_add_u8(d, 0x00);
1057 break;
1058 case PROP_NAME:
1059 usb_mtp_add_u16(d, PROP_NAME);
1060 usb_mtp_add_u16(d, DATA_TYPE_STRING);
1061 usb_mtp_add_u8(d, 0x00);
1062 usb_mtp_add_u8(d, 0x00);
1063 usb_mtp_add_u32(d, 0x00000000);
1064 usb_mtp_add_u8(d, 0x00);
1065 break;
1066 default:
1067 usb_mtp_data_free(d);
1068 return NULL;
1069 }
1070
1071 return d;
1072}
1073
1074static MTPData *usb_mtp_get_object_prop_value(MTPState *s, MTPControl *c,
1075 MTPObject *o)
1076{
1077 MTPData *d = usb_mtp_data_alloc(c);
1078 switch (c->argv[1]) {
1079 case PROP_STORAGE_ID:
1080 usb_mtp_add_u32(d, QEMU_STORAGE_ID);
1081 break;
1082 case PROP_OBJECT_FORMAT:
1083 usb_mtp_add_u16(d, o->format);
1084 break;
1085 case PROP_OBJECT_COMPRESSED_SIZE:
1086 usb_mtp_add_u64(d, o->stat.st_size);
1087 break;
1088 case PROP_PARENT_OBJECT:
1089 if (o->parent == NULL) {
1090 usb_mtp_add_u32(d, 0x00000000);
1091 } else {
1092 usb_mtp_add_u32(d, o->parent->handle);
1093 }
1094 break;
1095 case PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER:
1096
1097
1098
1099 usb_mtp_add_u64(d, 0x0000000000000000);
1100 usb_mtp_add_u64(d, o->handle);
1101 break;
1102 case PROP_NAME:
1103 usb_mtp_add_str(d, o->name);
1104 break;
1105 default:
1106 usb_mtp_data_free(d);
1107 return NULL;
1108 }
1109
1110 return d;
1111}
1112
1113static void usb_mtp_command(MTPState *s, MTPControl *c)
1114{
1115 MTPData *data_in = NULL;
1116 MTPObject *o;
1117 uint32_t nres = 0, res0 = 0;
1118
1119
1120 if (c->code >= CMD_CLOSE_SESSION && s->session == 0) {
1121 usb_mtp_queue_result(s, RES_SESSION_NOT_OPEN,
1122 c->trans, 0, 0, 0);
1123 return;
1124 }
1125
1126
1127 switch (c->code) {
1128 case CMD_GET_DEVICE_INFO:
1129 data_in = usb_mtp_get_device_info(s, c);
1130 break;
1131 case CMD_OPEN_SESSION:
1132 if (s->session) {
1133 usb_mtp_queue_result(s, RES_SESSION_ALREADY_OPEN,
1134 c->trans, 1, s->session, 0);
1135 return;
1136 }
1137 if (c->argv[0] == 0) {
1138 usb_mtp_queue_result(s, RES_INVALID_PARAMETER,
1139 c->trans, 0, 0, 0);
1140 return;
1141 }
1142 trace_usb_mtp_op_open_session(s->dev.addr);
1143 s->session = c->argv[0];
1144 usb_mtp_object_alloc(s, s->next_handle++, NULL, s->root);
1145#ifdef CONFIG_INOTIFY1
1146 if (usb_mtp_inotify_init(s)) {
1147 fprintf(stderr, "usb-mtp: file monitoring init failed\n");
1148 }
1149#endif
1150 break;
1151 case CMD_CLOSE_SESSION:
1152 trace_usb_mtp_op_close_session(s->dev.addr);
1153 s->session = 0;
1154 s->next_handle = 0;
1155#ifdef CONFIG_INOTIFY1
1156 usb_mtp_inotify_cleanup(s);
1157#endif
1158 usb_mtp_object_free(s, QTAILQ_FIRST(&s->objects));
1159 assert(QTAILQ_EMPTY(&s->objects));
1160 break;
1161 case CMD_GET_STORAGE_IDS:
1162 data_in = usb_mtp_get_storage_ids(s, c);
1163 break;
1164 case CMD_GET_STORAGE_INFO:
1165 if (c->argv[0] != QEMU_STORAGE_ID &&
1166 c->argv[0] != 0xffffffff) {
1167 usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID,
1168 c->trans, 0, 0, 0);
1169 return;
1170 }
1171 data_in = usb_mtp_get_storage_info(s, c);
1172 break;
1173 case CMD_GET_NUM_OBJECTS:
1174 case CMD_GET_OBJECT_HANDLES:
1175 if (c->argv[0] != QEMU_STORAGE_ID &&
1176 c->argv[0] != 0xffffffff) {
1177 usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID,
1178 c->trans, 0, 0, 0);
1179 return;
1180 }
1181 if (c->argv[1] != 0x00000000) {
1182 usb_mtp_queue_result(s, RES_SPEC_BY_FORMAT_UNSUPPORTED,
1183 c->trans, 0, 0, 0);
1184 return;
1185 }
1186 if (c->argv[2] == 0x00000000 ||
1187 c->argv[2] == 0xffffffff) {
1188 o = QTAILQ_FIRST(&s->objects);
1189 } else {
1190 o = usb_mtp_object_lookup(s, c->argv[2]);
1191 }
1192 if (o == NULL) {
1193 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1194 c->trans, 0, 0, 0);
1195 return;
1196 }
1197 if (o->format != FMT_ASSOCIATION) {
1198 usb_mtp_queue_result(s, RES_INVALID_PARENT_OBJECT,
1199 c->trans, 0, 0, 0);
1200 return;
1201 }
1202 usb_mtp_object_readdir(s, o);
1203 if (c->code == CMD_GET_NUM_OBJECTS) {
1204 trace_usb_mtp_op_get_num_objects(s->dev.addr, o->handle, o->path);
1205 nres = 1;
1206 res0 = o->nchildren;
1207 } else {
1208 data_in = usb_mtp_get_object_handles(s, c, o);
1209 }
1210 break;
1211 case CMD_GET_OBJECT_INFO:
1212 o = usb_mtp_object_lookup(s, c->argv[0]);
1213 if (o == NULL) {
1214 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1215 c->trans, 0, 0, 0);
1216 return;
1217 }
1218 data_in = usb_mtp_get_object_info(s, c, o);
1219 break;
1220 case CMD_GET_OBJECT:
1221 o = usb_mtp_object_lookup(s, c->argv[0]);
1222 if (o == NULL) {
1223 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1224 c->trans, 0, 0, 0);
1225 return;
1226 }
1227 if (o->format == FMT_ASSOCIATION) {
1228 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1229 c->trans, 0, 0, 0);
1230 return;
1231 }
1232 data_in = usb_mtp_get_object(s, c, o);
1233 if (data_in == NULL) {
1234 usb_mtp_queue_result(s, RES_GENERAL_ERROR,
1235 c->trans, 0, 0, 0);
1236 return;
1237 }
1238 break;
1239 case CMD_GET_PARTIAL_OBJECT:
1240 o = usb_mtp_object_lookup(s, c->argv[0]);
1241 if (o == NULL) {
1242 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1243 c->trans, 0, 0, 0);
1244 return;
1245 }
1246 if (o->format == FMT_ASSOCIATION) {
1247 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1248 c->trans, 0, 0, 0);
1249 return;
1250 }
1251 data_in = usb_mtp_get_partial_object(s, c, o);
1252 if (data_in == NULL) {
1253 usb_mtp_queue_result(s, RES_GENERAL_ERROR,
1254 c->trans, 0, 0, 0);
1255 return;
1256 }
1257 nres = 1;
1258 res0 = data_in->length;
1259 break;
1260 case CMD_GET_OBJECT_PROPS_SUPPORTED:
1261 if (c->argv[0] != FMT_UNDEFINED_OBJECT &&
1262 c->argv[0] != FMT_ASSOCIATION) {
1263 usb_mtp_queue_result(s, RES_INVALID_OBJECT_FORMAT_CODE,
1264 c->trans, 0, 0, 0);
1265 return;
1266 }
1267 data_in = usb_mtp_get_object_props_supported(s, c);
1268 break;
1269 case CMD_GET_OBJECT_PROP_DESC:
1270 if (c->argv[1] != FMT_UNDEFINED_OBJECT &&
1271 c->argv[1] != FMT_ASSOCIATION) {
1272 usb_mtp_queue_result(s, RES_INVALID_OBJECT_FORMAT_CODE,
1273 c->trans, 0, 0, 0);
1274 return;
1275 }
1276 data_in = usb_mtp_get_object_prop_desc(s, c);
1277 if (data_in == NULL) {
1278 usb_mtp_queue_result(s, RES_INVALID_OBJECT_PROP_CODE,
1279 c->trans, 0, 0, 0);
1280 return;
1281 }
1282 break;
1283 case CMD_GET_OBJECT_PROP_VALUE:
1284 o = usb_mtp_object_lookup(s, c->argv[0]);
1285 if (o == NULL) {
1286 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1287 c->trans, 0, 0, 0);
1288 return;
1289 }
1290 data_in = usb_mtp_get_object_prop_value(s, c, o);
1291 if (data_in == NULL) {
1292 usb_mtp_queue_result(s, RES_INVALID_OBJECT_PROP_CODE,
1293 c->trans, 0, 0, 0);
1294 return;
1295 }
1296 break;
1297 default:
1298 trace_usb_mtp_op_unknown(s->dev.addr, c->code);
1299 usb_mtp_queue_result(s, RES_OPERATION_NOT_SUPPORTED,
1300 c->trans, 0, 0, 0);
1301 return;
1302 }
1303
1304
1305 if (data_in) {
1306 assert(s->data_in == NULL);
1307 s->data_in = data_in;
1308 }
1309 usb_mtp_queue_result(s, RES_OK, c->trans, nres, res0, 0);
1310}
1311
1312
1313
1314static void usb_mtp_handle_reset(USBDevice *dev)
1315{
1316 MTPState *s = USB_MTP(dev);
1317
1318 trace_usb_mtp_reset(s->dev.addr);
1319
1320#ifdef CONFIG_INOTIFY1
1321 usb_mtp_inotify_cleanup(s);
1322#endif
1323 usb_mtp_object_free(s, QTAILQ_FIRST(&s->objects));
1324 s->session = 0;
1325 usb_mtp_data_free(s->data_in);
1326 s->data_in = NULL;
1327 usb_mtp_data_free(s->data_out);
1328 s->data_out = NULL;
1329 g_free(s->result);
1330 s->result = NULL;
1331}
1332
1333static void usb_mtp_handle_control(USBDevice *dev, USBPacket *p,
1334 int request, int value, int index,
1335 int length, uint8_t *data)
1336{
1337 int ret;
1338
1339 ret = usb_desc_handle_control(dev, p, request, value, index, length, data);
1340 if (ret >= 0) {
1341 return;
1342 }
1343
1344 trace_usb_mtp_stall(dev->addr, "unknown control request");
1345 p->status = USB_RET_STALL;
1346}
1347
1348static void usb_mtp_cancel_packet(USBDevice *dev, USBPacket *p)
1349{
1350
1351 fprintf(stderr, "%s\n", __func__);
1352}
1353
1354static void usb_mtp_handle_data(USBDevice *dev, USBPacket *p)
1355{
1356 MTPState *s = USB_MTP(dev);
1357 MTPControl cmd;
1358 mtp_container container;
1359 uint32_t params[5];
1360 int i, rc;
1361
1362 switch (p->ep->nr) {
1363 case EP_DATA_IN:
1364 if (s->data_out != NULL) {
1365
1366 trace_usb_mtp_stall(s->dev.addr, "awaiting data-out");
1367 p->status = USB_RET_STALL;
1368 return;
1369 }
1370 if (p->iov.size < sizeof(container)) {
1371 trace_usb_mtp_stall(s->dev.addr, "packet too small");
1372 p->status = USB_RET_STALL;
1373 return;
1374 }
1375 if (s->data_in != NULL) {
1376 MTPData *d = s->data_in;
1377 uint64_t dlen = d->length - d->offset;
1378 if (d->first) {
1379 trace_usb_mtp_data_in(s->dev.addr, d->trans, d->length);
1380 if (d->length + sizeof(container) > 0xFFFFFFFF) {
1381 container.length = cpu_to_le32(0xFFFFFFFF);
1382 } else {
1383 container.length =
1384 cpu_to_le32(d->length + sizeof(container));
1385 }
1386 container.type = cpu_to_le16(TYPE_DATA);
1387 container.code = cpu_to_le16(d->code);
1388 container.trans = cpu_to_le32(d->trans);
1389 usb_packet_copy(p, &container, sizeof(container));
1390 d->first = false;
1391 if (dlen > p->iov.size - sizeof(container)) {
1392 dlen = p->iov.size - sizeof(container);
1393 }
1394 } else {
1395 if (dlen > p->iov.size) {
1396 dlen = p->iov.size;
1397 }
1398 }
1399 if (d->fd == -1) {
1400 usb_packet_copy(p, d->data + d->offset, dlen);
1401 } else {
1402 if (d->alloc < p->iov.size) {
1403 d->alloc = p->iov.size;
1404 d->data = g_realloc(d->data, d->alloc);
1405 }
1406 rc = read(d->fd, d->data, dlen);
1407 if (rc != dlen) {
1408 memset(d->data, 0, dlen);
1409 s->result->code = RES_INCOMPLETE_TRANSFER;
1410 }
1411 usb_packet_copy(p, d->data, dlen);
1412 }
1413 d->offset += dlen;
1414 if (d->offset == d->length) {
1415 usb_mtp_data_free(s->data_in);
1416 s->data_in = NULL;
1417 }
1418 } else if (s->result != NULL) {
1419 MTPControl *r = s->result;
1420 int length = sizeof(container) + r->argc * sizeof(uint32_t);
1421 if (r->code == RES_OK) {
1422 trace_usb_mtp_success(s->dev.addr, r->trans,
1423 (r->argc > 0) ? r->argv[0] : 0,
1424 (r->argc > 1) ? r->argv[1] : 0);
1425 } else {
1426 trace_usb_mtp_error(s->dev.addr, r->code, r->trans,
1427 (r->argc > 0) ? r->argv[0] : 0,
1428 (r->argc > 1) ? r->argv[1] : 0);
1429 }
1430 container.length = cpu_to_le32(length);
1431 container.type = cpu_to_le16(TYPE_RESPONSE);
1432 container.code = cpu_to_le16(r->code);
1433 container.trans = cpu_to_le32(r->trans);
1434 for (i = 0; i < r->argc; i++) {
1435 params[i] = cpu_to_le32(r->argv[i]);
1436 }
1437 usb_packet_copy(p, &container, sizeof(container));
1438 usb_packet_copy(p, ¶ms, length - sizeof(container));
1439 g_free(s->result);
1440 s->result = NULL;
1441 }
1442 break;
1443 case EP_DATA_OUT:
1444 if (p->iov.size < sizeof(container)) {
1445 trace_usb_mtp_stall(s->dev.addr, "packet too small");
1446 p->status = USB_RET_STALL;
1447 return;
1448 }
1449 usb_packet_copy(p, &container, sizeof(container));
1450 switch (le16_to_cpu(container.type)) {
1451 case TYPE_COMMAND:
1452 if (s->data_in || s->data_out || s->result) {
1453 trace_usb_mtp_stall(s->dev.addr, "transaction inflight");
1454 p->status = USB_RET_STALL;
1455 return;
1456 }
1457 cmd.code = le16_to_cpu(container.code);
1458 cmd.argc = (le32_to_cpu(container.length) - sizeof(container))
1459 / sizeof(uint32_t);
1460 cmd.trans = le32_to_cpu(container.trans);
1461 if (cmd.argc > ARRAY_SIZE(cmd.argv)) {
1462 cmd.argc = ARRAY_SIZE(cmd.argv);
1463 }
1464 if (p->iov.size < sizeof(container) + cmd.argc * sizeof(uint32_t)) {
1465 trace_usb_mtp_stall(s->dev.addr, "packet too small");
1466 p->status = USB_RET_STALL;
1467 return;
1468 }
1469 usb_packet_copy(p, ¶ms, cmd.argc * sizeof(uint32_t));
1470 for (i = 0; i < cmd.argc; i++) {
1471 cmd.argv[i] = le32_to_cpu(params[i]);
1472 }
1473 trace_usb_mtp_command(s->dev.addr, cmd.code, cmd.trans,
1474 (cmd.argc > 0) ? cmd.argv[0] : 0,
1475 (cmd.argc > 1) ? cmd.argv[1] : 0,
1476 (cmd.argc > 2) ? cmd.argv[2] : 0,
1477 (cmd.argc > 3) ? cmd.argv[3] : 0,
1478 (cmd.argc > 4) ? cmd.argv[4] : 0);
1479 usb_mtp_command(s, &cmd);
1480 break;
1481 default:
1482
1483 p->status = USB_RET_STALL;
1484 return;
1485 }
1486 break;
1487 case EP_EVENT:
1488#ifdef CONFIG_INOTIFY1
1489 if (!QTAILQ_EMPTY(&s->events)) {
1490 struct MTPMonEntry *e = QTAILQ_LAST(&s->events, events);
1491 uint32_t handle;
1492 int len = sizeof(container) + sizeof(uint32_t);
1493
1494 if (p->iov.size < len) {
1495 trace_usb_mtp_stall(s->dev.addr,
1496 "packet too small to send event");
1497 p->status = USB_RET_STALL;
1498 return;
1499 }
1500
1501 QTAILQ_REMOVE(&s->events, e, next);
1502 container.length = cpu_to_le32(len);
1503 container.type = cpu_to_le32(TYPE_EVENT);
1504 container.code = cpu_to_le16(e->event);
1505 container.trans = 0;
1506 handle = cpu_to_le32(e->handle);
1507 usb_packet_copy(p, &container, sizeof(container));
1508 usb_packet_copy(p, &handle, sizeof(uint32_t));
1509 g_free(e);
1510 return;
1511 }
1512#endif
1513 p->status = USB_RET_NAK;
1514 return;
1515 default:
1516 trace_usb_mtp_stall(s->dev.addr, "invalid endpoint");
1517 p->status = USB_RET_STALL;
1518 return;
1519 }
1520
1521 if (p->actual_length == 0) {
1522 trace_usb_mtp_nak(s->dev.addr, p->ep->nr);
1523 p->status = USB_RET_NAK;
1524 return;
1525 } else {
1526 trace_usb_mtp_xfer(s->dev.addr, p->ep->nr, p->actual_length,
1527 p->iov.size);
1528 return;
1529 }
1530}
1531
1532static void usb_mtp_realize(USBDevice *dev, Error **errp)
1533{
1534 MTPState *s = USB_MTP(dev);
1535
1536 usb_desc_create_serial(dev);
1537 usb_desc_init(dev);
1538 QTAILQ_INIT(&s->objects);
1539 if (s->desc == NULL) {
1540 if (s->root == NULL) {
1541 error_setg(errp, "usb-mtp: x-root property must be configured");
1542 return;
1543 }
1544 s->desc = strrchr(s->root, '/');
1545 if (s->desc && s->desc[0]) {
1546 s->desc = g_strdup(s->desc + 1);
1547 } else {
1548 s->desc = g_strdup("none");
1549 }
1550 }
1551}
1552
1553static const VMStateDescription vmstate_usb_mtp = {
1554 .name = "usb-mtp",
1555 .unmigratable = 1,
1556 .version_id = 1,
1557 .minimum_version_id = 1,
1558 .fields = (VMStateField[]) {
1559 VMSTATE_USB_DEVICE(dev, MTPState),
1560 VMSTATE_END_OF_LIST()
1561 }
1562};
1563
1564static Property mtp_properties[] = {
1565 DEFINE_PROP_STRING("x-root", MTPState, root),
1566 DEFINE_PROP_STRING("desc", MTPState, desc),
1567 DEFINE_PROP_END_OF_LIST(),
1568};
1569
1570static void usb_mtp_class_initfn(ObjectClass *klass, void *data)
1571{
1572 DeviceClass *dc = DEVICE_CLASS(klass);
1573 USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
1574
1575 uc->realize = usb_mtp_realize;
1576 uc->product_desc = "QEMU USB MTP";
1577 uc->usb_desc = &desc;
1578 uc->cancel_packet = usb_mtp_cancel_packet;
1579 uc->handle_attach = usb_desc_attach;
1580 uc->handle_reset = usb_mtp_handle_reset;
1581 uc->handle_control = usb_mtp_handle_control;
1582 uc->handle_data = usb_mtp_handle_data;
1583 dc->fw_name = "mtp";
1584 dc->vmsd = &vmstate_usb_mtp;
1585 dc->props = mtp_properties;
1586}
1587
1588static TypeInfo mtp_info = {
1589 .name = TYPE_USB_MTP,
1590 .parent = TYPE_USB_DEVICE,
1591 .instance_size = sizeof(MTPState),
1592 .class_init = usb_mtp_class_initfn,
1593};
1594
1595static void usb_mtp_register_types(void)
1596{
1597 type_register_static(&mtp_info);
1598}
1599
1600type_init(usb_mtp_register_types)
1601
