1
2
3
4
5
6
7
8
9
10
11
12#include "qemu/osdep.h"
13#include "qapi/error.h"
14#include <wchar.h>
15#include <dirent.h>
16
17#include <sys/statvfs.h>
18#ifdef CONFIG_INOTIFY1
19#include <sys/inotify.h>
20#include "qapi/error.h"
21#include "qemu/main-loop.h"
22#endif
23
24#include "qemu-common.h"
25#include "qemu/iov.h"
26#include "trace.h"
27#include "hw/usb.h"
28#include "hw/usb/desc.h"
29
30
31
32enum mtp_container_type {
33 TYPE_COMMAND = 1,
34 TYPE_DATA = 2,
35 TYPE_RESPONSE = 3,
36 TYPE_EVENT = 4,
37};
38
39enum mtp_code {
40
41 CMD_GET_DEVICE_INFO = 0x1001,
42 CMD_OPEN_SESSION = 0x1002,
43 CMD_CLOSE_SESSION = 0x1003,
44 CMD_GET_STORAGE_IDS = 0x1004,
45 CMD_GET_STORAGE_INFO = 0x1005,
46 CMD_GET_NUM_OBJECTS = 0x1006,
47 CMD_GET_OBJECT_HANDLES = 0x1007,
48 CMD_GET_OBJECT_INFO = 0x1008,
49 CMD_GET_OBJECT = 0x1009,
50 CMD_GET_PARTIAL_OBJECT = 0x101b,
51
52
53 RES_OK = 0x2001,
54 RES_GENERAL_ERROR = 0x2002,
55 RES_SESSION_NOT_OPEN = 0x2003,
56 RES_INVALID_TRANSACTION_ID = 0x2004,
57 RES_OPERATION_NOT_SUPPORTED = 0x2005,
58 RES_PARAMETER_NOT_SUPPORTED = 0x2006,
59 RES_INCOMPLETE_TRANSFER = 0x2007,
60 RES_INVALID_STORAGE_ID = 0x2008,
61 RES_INVALID_OBJECT_HANDLE = 0x2009,
62 RES_SPEC_BY_FORMAT_UNSUPPORTED = 0x2014,
63 RES_INVALID_PARENT_OBJECT = 0x201a,
64 RES_INVALID_PARAMETER = 0x201d,
65 RES_SESSION_ALREADY_OPEN = 0x201e,
66
67
68 FMT_UNDEFINED_OBJECT = 0x3000,
69 FMT_ASSOCIATION = 0x3001,
70
71
72 EVT_OBJ_ADDED = 0x4002,
73 EVT_OBJ_REMOVED = 0x4003,
74 EVT_OBJ_INFO_CHANGED = 0x4007,
75};
76
77typedef struct {
78 uint32_t length;
79 uint16_t type;
80 uint16_t code;
81 uint32_t trans;
82} QEMU_PACKED mtp_container;
83
84
85
86typedef struct MTPState MTPState;
87typedef struct MTPControl MTPControl;
88typedef struct MTPData MTPData;
89typedef struct MTPObject MTPObject;
90
91enum {
92 EP_DATA_IN = 1,
93 EP_DATA_OUT,
94 EP_EVENT,
95};
96
97#ifdef CONFIG_INOTIFY1
98typedef struct MTPMonEntry MTPMonEntry;
99
100struct MTPMonEntry {
101 uint32_t event;
102 uint32_t handle;
103
104 QTAILQ_ENTRY(MTPMonEntry) next;
105};
106#endif
107
108struct MTPControl {
109 uint16_t code;
110 uint32_t trans;
111 int argc;
112 uint32_t argv[5];
113};
114
115struct MTPData {
116 uint16_t code;
117 uint32_t trans;
118 uint32_t offset;
119 uint32_t length;
120 uint32_t alloc;
121 uint8_t *data;
122 bool first;
123 int fd;
124};
125
126struct MTPObject {
127 uint32_t handle;
128 uint16_t format;
129 char *name;
130 char *path;
131 struct stat stat;
132#ifdef CONFIG_INOTIFY1
133
134 int watchfd;
135#endif
136 MTPObject *parent;
137 uint32_t nchildren;
138 QLIST_HEAD(, MTPObject) children;
139 QLIST_ENTRY(MTPObject) list;
140 bool have_children;
141 QTAILQ_ENTRY(MTPObject) next;
142};
143
144struct MTPState {
145 USBDevice dev;
146 char *root;
147 char *desc;
148 uint32_t flags;
149
150 MTPData *data_in;
151 MTPData *data_out;
152 MTPControl *result;
153 uint32_t session;
154 uint32_t next_handle;
155
156 QTAILQ_HEAD(, MTPObject) objects;
157#ifdef CONFIG_INOTIFY1
158
159 int inotifyfd;
160 QTAILQ_HEAD(events, MTPMonEntry) events;
161#endif
162};
163
164#define TYPE_USB_MTP "usb-mtp"
165#define USB_MTP(obj) OBJECT_CHECK(MTPState, (obj), TYPE_USB_MTP)
166
167#define QEMU_STORAGE_ID 0x00010001
168
169#define MTP_FLAG_WRITABLE 0
170
171#define FLAG_SET(_mtp, _flag) ((_mtp)->flags & (1 << (_flag)))
172
173
174
175#define MTP_MANUFACTURER "QEMU"
176#define MTP_PRODUCT "QEMU filesharing"
177
178enum {
179 STR_MANUFACTURER = 1,
180 STR_PRODUCT,
181 STR_SERIALNUMBER,
182 STR_MTP,
183 STR_CONFIG_FULL,
184 STR_CONFIG_HIGH,
185 STR_CONFIG_SUPER,
186};
187
188static const USBDescStrings desc_strings = {
189 [STR_MANUFACTURER] = MTP_MANUFACTURER,
190 [STR_PRODUCT] = MTP_PRODUCT,
191 [STR_SERIALNUMBER] = "34617",
192 [STR_MTP] = "MTP",
193 [STR_CONFIG_FULL] = "Full speed config (usb 1.1)",
194 [STR_CONFIG_HIGH] = "High speed config (usb 2.0)",
195 [STR_CONFIG_SUPER] = "Super speed config (usb 3.0)",
196};
197
198static const USBDescIface desc_iface_full = {
199 .bInterfaceNumber = 0,
200 .bNumEndpoints = 3,
201 .bInterfaceClass = USB_CLASS_STILL_IMAGE,
202 .bInterfaceSubClass = 0x01,
203 .bInterfaceProtocol = 0x01,
204 .iInterface = STR_MTP,
205 .eps = (USBDescEndpoint[]) {
206 {
207 .bEndpointAddress = USB_DIR_IN | EP_DATA_IN,
208 .bmAttributes = USB_ENDPOINT_XFER_BULK,
209 .wMaxPacketSize = 64,
210 },{
211 .bEndpointAddress = USB_DIR_OUT | EP_DATA_OUT,
212 .bmAttributes = USB_ENDPOINT_XFER_BULK,
213 .wMaxPacketSize = 64,
214 },{
215 .bEndpointAddress = USB_DIR_IN | EP_EVENT,
216 .bmAttributes = USB_ENDPOINT_XFER_INT,
217 .wMaxPacketSize = 64,
218 .bInterval = 0x0a,
219 },
220 }
221};
222
223static const USBDescDevice desc_device_full = {
224 .bcdUSB = 0x0200,
225 .bMaxPacketSize0 = 8,
226 .bNumConfigurations = 1,
227 .confs = (USBDescConfig[]) {
228 {
229 .bNumInterfaces = 1,
230 .bConfigurationValue = 1,
231 .iConfiguration = STR_CONFIG_FULL,
232 .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_WAKEUP,
233 .bMaxPower = 2,
234 .nif = 1,
235 .ifs = &desc_iface_full,
236 },
237 },
238};
239
240static const USBDescIface desc_iface_high = {
241 .bInterfaceNumber = 0,
242 .bNumEndpoints = 3,
243 .bInterfaceClass = USB_CLASS_STILL_IMAGE,
244 .bInterfaceSubClass = 0x01,
245 .bInterfaceProtocol = 0x01,
246 .iInterface = STR_MTP,
247 .eps = (USBDescEndpoint[]) {
248 {
249 .bEndpointAddress = USB_DIR_IN | EP_DATA_IN,
250 .bmAttributes = USB_ENDPOINT_XFER_BULK,
251 .wMaxPacketSize = 512,
252 },{
253 .bEndpointAddress = USB_DIR_OUT | EP_DATA_OUT,
254 .bmAttributes = USB_ENDPOINT_XFER_BULK,
255 .wMaxPacketSize = 512,
256 },{
257 .bEndpointAddress = USB_DIR_IN | EP_EVENT,
258 .bmAttributes = USB_ENDPOINT_XFER_INT,
259 .wMaxPacketSize = 64,
260 .bInterval = 0x0a,
261 },
262 }
263};
264
265static const USBDescDevice desc_device_high = {
266 .bcdUSB = 0x0200,
267 .bMaxPacketSize0 = 64,
268 .bNumConfigurations = 1,
269 .confs = (USBDescConfig[]) {
270 {
271 .bNumInterfaces = 1,
272 .bConfigurationValue = 1,
273 .iConfiguration = STR_CONFIG_HIGH,
274 .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_WAKEUP,
275 .bMaxPower = 2,
276 .nif = 1,
277 .ifs = &desc_iface_high,
278 },
279 },
280};
281
282static const USBDescMSOS desc_msos = {
283 .CompatibleID = "MTP",
284 .SelectiveSuspendEnabled = true,
285};
286
287static const USBDesc desc = {
288 .id = {
289 .idVendor = 0x46f4,
290 .idProduct = 0x0004,
291 .bcdDevice = 0,
292 .iManufacturer = STR_MANUFACTURER,
293 .iProduct = STR_PRODUCT,
294 .iSerialNumber = STR_SERIALNUMBER,
295 },
296 .full = &desc_device_full,
297 .high = &desc_device_high,
298 .str = desc_strings,
299 .msos = &desc_msos,
300};
301
302
303
304static MTPObject *usb_mtp_object_alloc(MTPState *s, uint32_t handle,
305 MTPObject *parent, char *name)
306{
307 MTPObject *o = g_new0(MTPObject, 1);
308
309 if (name[0] == '.') {
310 goto ignore;
311 }
312
313 o->handle = handle;
314 o->parent = parent;
315 o->name = g_strdup(name);
316 if (parent == NULL) {
317 o->path = g_strdup(name);
318 } else {
319 o->path = g_strdup_printf("%s/%s", parent->path, name);
320 }
321
322 if (lstat(o->path, &o->stat) != 0) {
323 goto ignore;
324 }
325 if (S_ISREG(o->stat.st_mode)) {
326 o->format = FMT_UNDEFINED_OBJECT;
327 } else if (S_ISDIR(o->stat.st_mode)) {
328 o->format = FMT_ASSOCIATION;
329 } else {
330 goto ignore;
331 }
332
333 if (access(o->path, R_OK) != 0) {
334 goto ignore;
335 }
336
337 trace_usb_mtp_object_alloc(s->dev.addr, o->handle, o->path);
338
339 QTAILQ_INSERT_TAIL(&s->objects, o, next);
340 return o;
341
342ignore:
343 g_free(o->name);
344 g_free(o->path);
345 g_free(o);
346 return NULL;
347}
348
349static void usb_mtp_object_free(MTPState *s, MTPObject *o)
350{
351 MTPObject *iter;
352
353 if (!o) {
354 return;
355 }
356
357 trace_usb_mtp_object_free(s->dev.addr, o->handle, o->path);
358
359 QTAILQ_REMOVE(&s->objects, o, next);
360 if (o->parent) {
361 QLIST_REMOVE(o, list);
362 o->parent->nchildren--;
363 }
364
365 while (!QLIST_EMPTY(&o->children)) {
366 iter = QLIST_FIRST(&o->children);
367 usb_mtp_object_free(s, iter);
368 }
369 g_free(o->name);
370 g_free(o->path);
371 g_free(o);
372}
373
374static MTPObject *usb_mtp_object_lookup(MTPState *s, uint32_t handle)
375{
376 MTPObject *o;
377
378 QTAILQ_FOREACH(o, &s->objects, next) {
379 if (o->handle == handle) {
380 return o;
381 }
382 }
383 return NULL;
384}
385
386static MTPObject *usb_mtp_add_child(MTPState *s, MTPObject *o,
387 char *name)
388{
389 MTPObject *child =
390 usb_mtp_object_alloc(s, s->next_handle++, o, name);
391
392 if (child) {
393 trace_usb_mtp_add_child(s->dev.addr, child->handle, child->path);
394 QLIST_INSERT_HEAD(&o->children, child, list);
395 o->nchildren++;
396
397 if (child->format == FMT_ASSOCIATION) {
398 QLIST_INIT(&child->children);
399 }
400 }
401
402 return child;
403}
404
405#ifdef CONFIG_INOTIFY1
406static MTPObject *usb_mtp_object_lookup_name(MTPObject *parent,
407 char *name, int len)
408{
409 MTPObject *iter;
410
411 QLIST_FOREACH(iter, &parent->children, list) {
412 if (strncmp(iter->name, name, len) == 0) {
413 return iter;
414 }
415 }
416
417 return NULL;
418}
419
420static MTPObject *usb_mtp_object_lookup_wd(MTPState *s, int wd)
421{
422 MTPObject *iter;
423
424 QTAILQ_FOREACH(iter, &s->objects, next) {
425 if (iter->watchfd == wd) {
426 return iter;
427 }
428 }
429
430 return NULL;
431}
432
433static void inotify_watchfn(void *arg)
434{
435 MTPState *s = arg;
436 ssize_t bytes;
437
438 int pos;
439 char buf[sizeof(struct inotify_event) + NAME_MAX + 1];
440
441 for (;;) {
442 bytes = read(s->inotifyfd, buf, sizeof(buf));
443 pos = 0;
444
445 if (bytes <= 0) {
446
447 return;
448 }
449
450
451
452
453
454 while (bytes > 0) {
455 char *p = buf + pos;
456 struct inotify_event *event = (struct inotify_event *)p;
457 int watchfd = 0;
458 uint32_t mask = event->mask & (IN_CREATE | IN_DELETE |
459 IN_MODIFY | IN_IGNORED);
460 MTPObject *parent = usb_mtp_object_lookup_wd(s, event->wd);
461 MTPMonEntry *entry = NULL;
462 MTPObject *o;
463
464 pos = pos + sizeof(struct inotify_event) + event->len;
465 bytes = bytes - pos;
466
467 if (!parent) {
468 continue;
469 }
470
471 switch (mask) {
472 case IN_CREATE:
473 if (usb_mtp_object_lookup_name
474 (parent, event->name, event->len)) {
475
476 continue;
477 }
478 entry = g_new0(MTPMonEntry, 1);
479 entry->handle = s->next_handle;
480 entry->event = EVT_OBJ_ADDED;
481 o = usb_mtp_add_child(s, parent, event->name);
482 if (!o) {
483 g_free(entry);
484 continue;
485 }
486 o->watchfd = watchfd;
487 trace_usb_mtp_inotify_event(s->dev.addr, event->name,
488 event->mask, "Obj Added");
489 break;
490
491 case IN_DELETE:
492
493
494
495
496
497
498 o = usb_mtp_object_lookup_name(parent, event->name, event->len);
499 if (!o) {
500 continue;
501 }
502 entry = g_new0(MTPMonEntry, 1);
503 entry->handle = o->handle;
504 entry->event = EVT_OBJ_REMOVED;
505 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
506 event->mask, "Obj Deleted");
507 usb_mtp_object_free(s, o);
508 break;
509
510 case IN_MODIFY:
511 o = usb_mtp_object_lookup_name(parent, event->name, event->len);
512 if (!o) {
513 continue;
514 }
515 entry = g_new0(MTPMonEntry, 1);
516 entry->handle = o->handle;
517 entry->event = EVT_OBJ_INFO_CHANGED;
518 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
519 event->mask, "Obj Modified");
520 break;
521
522 case IN_IGNORED:
523 o = usb_mtp_object_lookup_name(parent, event->name, event->len);
524 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
525 event->mask, "Obj ignored");
526 break;
527
528 default:
529 fprintf(stderr, "usb-mtp: failed to parse inotify event\n");
530 continue;
531 }
532
533 if (entry) {
534 QTAILQ_INSERT_HEAD(&s->events, entry, next);
535 }
536 }
537 }
538}
539
540static int usb_mtp_inotify_init(MTPState *s)
541{
542 int fd;
543
544 fd = inotify_init1(IN_NONBLOCK);
545 if (fd == -1) {
546 return 1;
547 }
548
549 QTAILQ_INIT(&s->events);
550 s->inotifyfd = fd;
551
552 qemu_set_fd_handler(fd, inotify_watchfn, NULL, s);
553
554 return 0;
555}
556
557static void usb_mtp_inotify_cleanup(MTPState *s)
558{
559 MTPMonEntry *e, *p;
560
561 if (!s->inotifyfd) {
562 return;
563 }
564
565 qemu_set_fd_handler(s->inotifyfd, NULL, NULL, s);
566 close(s->inotifyfd);
567
568 QTAILQ_FOREACH_SAFE(e, &s->events, next, p) {
569 QTAILQ_REMOVE(&s->events, e, next);
570 g_free(e);
571 }
572}
573
574static int usb_mtp_add_watch(int inotifyfd, char *path)
575{
576 uint32_t mask = IN_CREATE | IN_DELETE | IN_MODIFY |
577 IN_ISDIR;
578
579 return inotify_add_watch(inotifyfd, path, mask);
580}
581#endif
582
583static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
584{
585 struct dirent *entry;
586 DIR *dir;
587
588 if (o->have_children) {
589 return;
590 }
591 o->have_children = true;
592
593 dir = opendir(o->path);
594 if (!dir) {
595 return;
596 }
597#ifdef CONFIG_INOTIFY1
598 int watchfd = usb_mtp_add_watch(s->inotifyfd, o->path);
599 if (watchfd == -1) {
600 fprintf(stderr, "usb-mtp: failed to add watch for %s\n", o->path);
601 } else {
602 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
603 0, "Watch Added");
604 o->watchfd = watchfd;
605 }
606#endif
607 while ((entry = readdir(dir)) != NULL) {
608 usb_mtp_add_child(s, o, entry->d_name);
609 }
610 closedir(dir);
611}
612
613
614
615static MTPData *usb_mtp_data_alloc(MTPControl *c)
616{
617 MTPData *data = g_new0(MTPData, 1);
618
619 data->code = c->code;
620 data->trans = c->trans;
621 data->fd = -1;
622 data->first = true;
623 return data;
624}
625
626static void usb_mtp_data_free(MTPData *data)
627{
628 if (data == NULL) {
629 return;
630 }
631 if (data->fd != -1) {
632 close(data->fd);
633 }
634 g_free(data->data);
635 g_free(data);
636}
637
638static void usb_mtp_realloc(MTPData *data, uint32_t bytes)
639{
640 if (data->length + bytes <= data->alloc) {
641 return;
642 }
643 data->alloc = (data->length + bytes + 0xff) & ~0xff;
644 data->data = g_realloc(data->data, data->alloc);
645}
646
647static void usb_mtp_add_u8(MTPData *data, uint8_t val)
648{
649 usb_mtp_realloc(data, 1);
650 data->data[data->length++] = val;
651}
652
653static void usb_mtp_add_u16(MTPData *data, uint16_t val)
654{
655 usb_mtp_realloc(data, 2);
656 data->data[data->length++] = (val >> 0) & 0xff;
657 data->data[data->length++] = (val >> 8) & 0xff;
658}
659
660static void usb_mtp_add_u32(MTPData *data, uint32_t val)
661{
662 usb_mtp_realloc(data, 4);
663 data->data[data->length++] = (val >> 0) & 0xff;
664 data->data[data->length++] = (val >> 8) & 0xff;
665 data->data[data->length++] = (val >> 16) & 0xff;
666 data->data[data->length++] = (val >> 24) & 0xff;
667}
668
669static void usb_mtp_add_u64(MTPData *data, uint64_t val)
670{
671 usb_mtp_realloc(data, 8);
672 data->data[data->length++] = (val >> 0) & 0xff;
673 data->data[data->length++] = (val >> 8) & 0xff;
674 data->data[data->length++] = (val >> 16) & 0xff;
675 data->data[data->length++] = (val >> 24) & 0xff;
676 data->data[data->length++] = (val >> 32) & 0xff;
677 data->data[data->length++] = (val >> 40) & 0xff;
678 data->data[data->length++] = (val >> 48) & 0xff;
679 data->data[data->length++] = (val >> 56) & 0xff;
680}
681
682static void usb_mtp_add_u16_array(MTPData *data, uint32_t len,
683 const uint16_t *vals)
684{
685 int i;
686
687 usb_mtp_add_u32(data, len);
688 for (i = 0; i < len; i++) {
689 usb_mtp_add_u16(data, vals[i]);
690 }
691}
692
693static void usb_mtp_add_u32_array(MTPData *data, uint32_t len,
694 const uint32_t *vals)
695{
696 int i;
697
698 usb_mtp_add_u32(data, len);
699 for (i = 0; i < len; i++) {
700 usb_mtp_add_u32(data, vals[i]);
701 }
702}
703
704static void usb_mtp_add_wstr(MTPData *data, const wchar_t *str)
705{
706 uint32_t len = wcslen(str);
707 int i;
708
709 if (len > 0) {
710 len++;
711 }
712
713 usb_mtp_add_u8(data, len);
714 for (i = 0; i < len; i++) {
715 usb_mtp_add_u16(data, str[i]);
716 }
717}
718
719static void usb_mtp_add_str(MTPData *data, const char *str)
720{
721 uint32_t len = strlen(str)+1;
722 wchar_t *wstr = g_new(wchar_t, len);
723 size_t ret;
724
725 ret = mbstowcs(wstr, str, len);
726 if (ret == -1) {
727 usb_mtp_add_wstr(data, L"Oops");
728 } else {
729 usb_mtp_add_wstr(data, wstr);
730 }
731
732 g_free(wstr);
733}
734
735static void usb_mtp_add_time(MTPData *data, time_t time)
736{
737 char buf[16];
738 struct tm tm;
739
740 gmtime_r(&time, &tm);
741 strftime(buf, sizeof(buf), "%Y%m%dT%H%M%S", &tm);
742 usb_mtp_add_str(data, buf);
743}
744
745
746
747static void usb_mtp_queue_result(MTPState *s, uint16_t code, uint32_t trans,
748 int argc, uint32_t arg0, uint32_t arg1)
749{
750 MTPControl *c = g_new0(MTPControl, 1);
751
752 c->code = code;
753 c->trans = trans;
754 c->argc = argc;
755 if (argc > 0) {
756 c->argv[0] = arg0;
757 }
758 if (argc > 1) {
759 c->argv[1] = arg1;
760 }
761
762 assert(s->result == NULL);
763 s->result = c;
764}
765
766
767
768static MTPData *usb_mtp_get_device_info(MTPState *s, MTPControl *c)
769{
770 static const uint16_t ops[] = {
771 CMD_GET_DEVICE_INFO,
772 CMD_OPEN_SESSION,
773 CMD_CLOSE_SESSION,
774 CMD_GET_STORAGE_IDS,
775 CMD_GET_STORAGE_INFO,
776 CMD_GET_NUM_OBJECTS,
777 CMD_GET_OBJECT_HANDLES,
778 CMD_GET_OBJECT_INFO,
779 CMD_GET_OBJECT,
780 CMD_GET_PARTIAL_OBJECT,
781 };
782 static const uint16_t fmt[] = {
783 FMT_UNDEFINED_OBJECT,
784 FMT_ASSOCIATION,
785 };
786 MTPData *d = usb_mtp_data_alloc(c);
787
788 trace_usb_mtp_op_get_device_info(s->dev.addr);
789
790 usb_mtp_add_u16(d, 100);
791 usb_mtp_add_u32(d, 0x00000006);
792 usb_mtp_add_u16(d, 0x0064);
793 usb_mtp_add_wstr(d, L"");
794 usb_mtp_add_u16(d, 0x0000);
795
796 usb_mtp_add_u16_array(d, ARRAY_SIZE(ops), ops);
797 usb_mtp_add_u16_array(d, 0, NULL);
798 usb_mtp_add_u16_array(d, 0, NULL);
799 usb_mtp_add_u16_array(d, 0, NULL);
800 usb_mtp_add_u16_array(d, ARRAY_SIZE(fmt), fmt);
801
802 usb_mtp_add_wstr(d, L"" MTP_MANUFACTURER);
803 usb_mtp_add_wstr(d, L"" MTP_PRODUCT);
804 usb_mtp_add_wstr(d, L"0.1");
805 usb_mtp_add_wstr(d, L"0123456789abcdef0123456789abcdef");
806
807 return d;
808}
809
810static MTPData *usb_mtp_get_storage_ids(MTPState *s, MTPControl *c)
811{
812 static const uint32_t ids[] = {
813 QEMU_STORAGE_ID,
814 };
815 MTPData *d = usb_mtp_data_alloc(c);
816
817 trace_usb_mtp_op_get_storage_ids(s->dev.addr);
818
819 usb_mtp_add_u32_array(d, ARRAY_SIZE(ids), ids);
820
821 return d;
822}
823
824static MTPData *usb_mtp_get_storage_info(MTPState *s, MTPControl *c)
825{
826 MTPData *d = usb_mtp_data_alloc(c);
827 struct statvfs buf;
828 int rc;
829
830 trace_usb_mtp_op_get_storage_info(s->dev.addr);
831
832 if (FLAG_SET(s, MTP_FLAG_WRITABLE)) {
833 usb_mtp_add_u16(d, 0x0003);
834 usb_mtp_add_u16(d, 0x0002);
835 usb_mtp_add_u16(d, 0x0000);
836 } else {
837 usb_mtp_add_u16(d, 0x0001);
838 usb_mtp_add_u16(d, 0x0002);
839 usb_mtp_add_u16(d, 0x0001);
840 }
841
842 rc = statvfs(s->root, &buf);
843 if (rc == 0) {
844 usb_mtp_add_u64(d, (uint64_t)buf.f_frsize * buf.f_blocks);
845 usb_mtp_add_u64(d, (uint64_t)buf.f_bavail * buf.f_blocks);
846 usb_mtp_add_u32(d, buf.f_ffree);
847 } else {
848 usb_mtp_add_u64(d, 0xffffffff);
849 usb_mtp_add_u64(d, 0xffffffff);
850 usb_mtp_add_u32(d, 0xffffffff);
851 }
852
853 usb_mtp_add_str(d, s->desc);
854 usb_mtp_add_wstr(d, L"123456789abcdef");
855 return d;
856}
857
858static MTPData *usb_mtp_get_object_handles(MTPState *s, MTPControl *c,
859 MTPObject *o)
860{
861 MTPData *d = usb_mtp_data_alloc(c);
862 uint32_t i = 0, handles[o->nchildren];
863 MTPObject *iter;
864
865 trace_usb_mtp_op_get_object_handles(s->dev.addr, o->handle, o->path);
866
867 QLIST_FOREACH(iter, &o->children, list) {
868 handles[i++] = iter->handle;
869 }
870 assert(i == o->nchildren);
871 usb_mtp_add_u32_array(d, o->nchildren, handles);
872
873 return d;
874}
875
876static MTPData *usb_mtp_get_object_info(MTPState *s, MTPControl *c,
877 MTPObject *o)
878{
879 MTPData *d = usb_mtp_data_alloc(c);
880
881 trace_usb_mtp_op_get_object_info(s->dev.addr, o->handle, o->path);
882
883 usb_mtp_add_u32(d, QEMU_STORAGE_ID);
884 usb_mtp_add_u16(d, o->format);
885 usb_mtp_add_u16(d, 0);
886 usb_mtp_add_u32(d, o->stat.st_size);
887
888 usb_mtp_add_u16(d, 0);
889 usb_mtp_add_u32(d, 0);
890 usb_mtp_add_u32(d, 0);
891 usb_mtp_add_u32(d, 0);
892 usb_mtp_add_u32(d, 0);
893 usb_mtp_add_u32(d, 0);
894 usb_mtp_add_u32(d, 0);
895
896 if (o->parent) {
897 usb_mtp_add_u32(d, o->parent->handle);
898 } else {
899 usb_mtp_add_u32(d, 0);
900 }
901 if (o->format == FMT_ASSOCIATION) {
902 usb_mtp_add_u16(d, 0x0001);
903 usb_mtp_add_u32(d, 0x00000001);
904 usb_mtp_add_u32(d, 0);
905 } else {
906 usb_mtp_add_u16(d, 0);
907 usb_mtp_add_u32(d, 0);
908 usb_mtp_add_u32(d, 0);
909 }
910
911 usb_mtp_add_str(d, o->name);
912 usb_mtp_add_time(d, o->stat.st_ctime);
913 usb_mtp_add_time(d, o->stat.st_mtime);
914 usb_mtp_add_wstr(d, L"");
915
916 return d;
917}
918
919static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
920 MTPObject *o)
921{
922 MTPData *d = usb_mtp_data_alloc(c);
923
924 trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
925
926 d->fd = open(o->path, O_RDONLY);
927 if (d->fd == -1) {
928 usb_mtp_data_free(d);
929 return NULL;
930 }
931 d->length = o->stat.st_size;
932 d->alloc = 512;
933 d->data = g_malloc(d->alloc);
934 return d;
935}
936
937static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
938 MTPObject *o)
939{
940 MTPData *d = usb_mtp_data_alloc(c);
941 off_t offset;
942
943 trace_usb_mtp_op_get_partial_object(s->dev.addr, o->handle, o->path,
944 c->argv[1], c->argv[2]);
945
946 d->fd = open(o->path, O_RDONLY);
947 if (d->fd == -1) {
948 usb_mtp_data_free(d);
949 return NULL;
950 }
951
952 offset = c->argv[1];
953 if (offset > o->stat.st_size) {
954 offset = o->stat.st_size;
955 }
956 if (lseek(d->fd, offset, SEEK_SET) < 0) {
957 usb_mtp_data_free(d);
958 return NULL;
959 }
960
961 d->length = c->argv[2];
962 if (d->length > o->stat.st_size - offset) {
963 d->length = o->stat.st_size - offset;
964 }
965
966 return d;
967}
968
969static void usb_mtp_command(MTPState *s, MTPControl *c)
970{
971 MTPData *data_in = NULL;
972 MTPObject *o;
973 uint32_t nres = 0, res0 = 0;
974
975
976 if (c->code >= CMD_CLOSE_SESSION && s->session == 0) {
977 usb_mtp_queue_result(s, RES_SESSION_NOT_OPEN,
978 c->trans, 0, 0, 0);
979 return;
980 }
981
982
983 switch (c->code) {
984 case CMD_GET_DEVICE_INFO:
985 data_in = usb_mtp_get_device_info(s, c);
986 break;
987 case CMD_OPEN_SESSION:
988 if (s->session) {
989 usb_mtp_queue_result(s, RES_SESSION_ALREADY_OPEN,
990 c->trans, 1, s->session, 0);
991 return;
992 }
993 if (c->argv[0] == 0) {
994 usb_mtp_queue_result(s, RES_INVALID_PARAMETER,
995 c->trans, 0, 0, 0);
996 return;
997 }
998 trace_usb_mtp_op_open_session(s->dev.addr);
999 s->session = c->argv[0];
1000 usb_mtp_object_alloc(s, s->next_handle++, NULL, s->root);
1001#ifdef CONFIG_INOTIFY1
1002 if (usb_mtp_inotify_init(s)) {
1003 fprintf(stderr, "usb-mtp: file monitoring init failed\n");
1004 }
1005#endif
1006 break;
1007 case CMD_CLOSE_SESSION:
1008 trace_usb_mtp_op_close_session(s->dev.addr);
1009 s->session = 0;
1010 s->next_handle = 0;
1011#ifdef CONFIG_INOTIFY1
1012 usb_mtp_inotify_cleanup(s);
1013#endif
1014 usb_mtp_object_free(s, QTAILQ_FIRST(&s->objects));
1015 assert(QTAILQ_EMPTY(&s->objects));
1016 break;
1017 case CMD_GET_STORAGE_IDS:
1018 data_in = usb_mtp_get_storage_ids(s, c);
1019 break;
1020 case CMD_GET_STORAGE_INFO:
1021 if (c->argv[0] != QEMU_STORAGE_ID &&
1022 c->argv[0] != 0xffffffff) {
1023 usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID,
1024 c->trans, 0, 0, 0);
1025 return;
1026 }
1027 data_in = usb_mtp_get_storage_info(s, c);
1028 break;
1029 case CMD_GET_NUM_OBJECTS:
1030 case CMD_GET_OBJECT_HANDLES:
1031 if (c->argv[0] != QEMU_STORAGE_ID &&
1032 c->argv[0] != 0xffffffff) {
1033 usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID,
1034 c->trans, 0, 0, 0);
1035 return;
1036 }
1037 if (c->argv[1] != 0x00000000) {
1038 usb_mtp_queue_result(s, RES_SPEC_BY_FORMAT_UNSUPPORTED,
1039 c->trans, 0, 0, 0);
1040 return;
1041 }
1042 if (c->argv[2] == 0x00000000 ||
1043 c->argv[2] == 0xffffffff) {
1044 o = QTAILQ_FIRST(&s->objects);
1045 } else {
1046 o = usb_mtp_object_lookup(s, c->argv[2]);
1047 }
1048 if (o == NULL) {
1049 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1050 c->trans, 0, 0, 0);
1051 return;
1052 }
1053 if (o->format != FMT_ASSOCIATION) {
1054 usb_mtp_queue_result(s, RES_INVALID_PARENT_OBJECT,
1055 c->trans, 0, 0, 0);
1056 return;
1057 }
1058 usb_mtp_object_readdir(s, o);
1059 if (c->code == CMD_GET_NUM_OBJECTS) {
1060 trace_usb_mtp_op_get_num_objects(s->dev.addr, o->handle, o->path);
1061 nres = 1;
1062 res0 = o->nchildren;
1063 } else {
1064 data_in = usb_mtp_get_object_handles(s, c, o);
1065 }
1066 break;
1067 case CMD_GET_OBJECT_INFO:
1068 o = usb_mtp_object_lookup(s, c->argv[0]);
1069 if (o == NULL) {
1070 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1071 c->trans, 0, 0, 0);
1072 return;
1073 }
1074 data_in = usb_mtp_get_object_info(s, c, o);
1075 break;
1076 case CMD_GET_OBJECT:
1077 o = usb_mtp_object_lookup(s, c->argv[0]);
1078 if (o == NULL) {
1079 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1080 c->trans, 0, 0, 0);
1081 return;
1082 }
1083 if (o->format == FMT_ASSOCIATION) {
1084 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1085 c->trans, 0, 0, 0);
1086 return;
1087 }
1088 data_in = usb_mtp_get_object(s, c, o);
1089 if (data_in == NULL) {
1090 usb_mtp_queue_result(s, RES_GENERAL_ERROR,
1091 c->trans, 0, 0, 0);
1092 return;
1093 }
1094 break;
1095 case CMD_GET_PARTIAL_OBJECT:
1096 o = usb_mtp_object_lookup(s, c->argv[0]);
1097 if (o == NULL) {
1098 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1099 c->trans, 0, 0, 0);
1100 return;
1101 }
1102 if (o->format == FMT_ASSOCIATION) {
1103 usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1104 c->trans, 0, 0, 0);
1105 return;
1106 }
1107 data_in = usb_mtp_get_partial_object(s, c, o);
1108 if (data_in == NULL) {
1109 usb_mtp_queue_result(s, RES_GENERAL_ERROR,
1110 c->trans, 0, 0, 0);
1111 return;
1112 }
1113 nres = 1;
1114 res0 = data_in->length;
1115 break;
1116 default:
1117 trace_usb_mtp_op_unknown(s->dev.addr, c->code);
1118 usb_mtp_queue_result(s, RES_OPERATION_NOT_SUPPORTED,
1119 c->trans, 0, 0, 0);
1120 return;
1121 }
1122
1123
1124 if (data_in) {
1125 assert(s->data_in == NULL);
1126 s->data_in = data_in;
1127 }
1128 usb_mtp_queue_result(s, RES_OK, c->trans, nres, res0, 0);
1129}
1130
1131
1132
1133static void usb_mtp_handle_reset(USBDevice *dev)
1134{
1135 MTPState *s = USB_MTP(dev);
1136
1137 trace_usb_mtp_reset(s->dev.addr);
1138
1139#ifdef CONFIG_INOTIFY1
1140 usb_mtp_inotify_cleanup(s);
1141#endif
1142 usb_mtp_object_free(s, QTAILQ_FIRST(&s->objects));
1143 s->session = 0;
1144 usb_mtp_data_free(s->data_in);
1145 s->data_in = NULL;
1146 usb_mtp_data_free(s->data_out);
1147 s->data_out = NULL;
1148 g_free(s->result);
1149 s->result = NULL;
1150}
1151
1152static void usb_mtp_handle_control(USBDevice *dev, USBPacket *p,
1153 int request, int value, int index,
1154 int length, uint8_t *data)
1155{
1156 int ret;
1157
1158 ret = usb_desc_handle_control(dev, p, request, value, index, length, data);
1159 if (ret >= 0) {
1160 return;
1161 }
1162
1163 trace_usb_mtp_stall(dev->addr, "unknown control request");
1164 p->status = USB_RET_STALL;
1165}
1166
1167static void usb_mtp_cancel_packet(USBDevice *dev, USBPacket *p)
1168{
1169
1170 fprintf(stderr, "%s\n", __func__);
1171}
1172
1173static void usb_mtp_handle_data(USBDevice *dev, USBPacket *p)
1174{
1175 MTPState *s = USB_MTP(dev);
1176 MTPControl cmd;
1177 mtp_container container;
1178 uint32_t params[5];
1179 int i, rc;
1180
1181 switch (p->ep->nr) {
1182 case EP_DATA_IN:
1183 if (s->data_out != NULL) {
1184
1185 trace_usb_mtp_stall(s->dev.addr, "awaiting data-out");
1186 p->status = USB_RET_STALL;
1187 return;
1188 }
1189 if (p->iov.size < sizeof(container)) {
1190 trace_usb_mtp_stall(s->dev.addr, "packet too small");
1191 p->status = USB_RET_STALL;
1192 return;
1193 }
1194 if (s->data_in != NULL) {
1195 MTPData *d = s->data_in;
1196 int dlen = d->length - d->offset;
1197 if (d->first) {
1198 trace_usb_mtp_data_in(s->dev.addr, d->trans, d->length);
1199 container.length = cpu_to_le32(d->length + sizeof(container));
1200 container.type = cpu_to_le16(TYPE_DATA);
1201 container.code = cpu_to_le16(d->code);
1202 container.trans = cpu_to_le32(d->trans);
1203 usb_packet_copy(p, &container, sizeof(container));
1204 d->first = false;
1205 if (dlen > p->iov.size - sizeof(container)) {
1206 dlen = p->iov.size - sizeof(container);
1207 }
1208 } else {
1209 if (dlen > p->iov.size) {
1210 dlen = p->iov.size;
1211 }
1212 }
1213 if (d->fd == -1) {
1214 usb_packet_copy(p, d->data + d->offset, dlen);
1215 } else {
1216 if (d->alloc < p->iov.size) {
1217 d->alloc = p->iov.size;
1218 d->data = g_realloc(d->data, d->alloc);
1219 }
1220 rc = read(d->fd, d->data, dlen);
1221 if (rc != dlen) {
1222 memset(d->data, 0, dlen);
1223 s->result->code = RES_INCOMPLETE_TRANSFER;
1224 }
1225 usb_packet_copy(p, d->data, dlen);
1226 }
1227 d->offset += dlen;
1228 if (d->offset == d->length) {
1229 usb_mtp_data_free(s->data_in);
1230 s->data_in = NULL;
1231 }
1232 } else if (s->result != NULL) {
1233 MTPControl *r = s->result;
1234 int length = sizeof(container) + r->argc * sizeof(uint32_t);
1235 if (r->code == RES_OK) {
1236 trace_usb_mtp_success(s->dev.addr, r->trans,
1237 (r->argc > 0) ? r->argv[0] : 0,
1238 (r->argc > 1) ? r->argv[1] : 0);
1239 } else {
1240 trace_usb_mtp_error(s->dev.addr, r->code, r->trans,
1241 (r->argc > 0) ? r->argv[0] : 0,
1242 (r->argc > 1) ? r->argv[1] : 0);
1243 }
1244 container.length = cpu_to_le32(length);
1245 container.type = cpu_to_le16(TYPE_RESPONSE);
1246 container.code = cpu_to_le16(r->code);
1247 container.trans = cpu_to_le32(r->trans);
1248 for (i = 0; i < r->argc; i++) {
1249 params[i] = cpu_to_le32(r->argv[i]);
1250 }
1251 usb_packet_copy(p, &container, sizeof(container));
1252 usb_packet_copy(p, ¶ms, length - sizeof(container));
1253 g_free(s->result);
1254 s->result = NULL;
1255 }
1256 break;
1257 case EP_DATA_OUT:
1258 if (p->iov.size < sizeof(container)) {
1259 trace_usb_mtp_stall(s->dev.addr, "packet too small");
1260 p->status = USB_RET_STALL;
1261 return;
1262 }
1263 usb_packet_copy(p, &container, sizeof(container));
1264 switch (le16_to_cpu(container.type)) {
1265 case TYPE_COMMAND:
1266 if (s->data_in || s->data_out || s->result) {
1267 trace_usb_mtp_stall(s->dev.addr, "transaction inflight");
1268 p->status = USB_RET_STALL;
1269 return;
1270 }
1271 cmd.code = le16_to_cpu(container.code);
1272 cmd.argc = (le32_to_cpu(container.length) - sizeof(container))
1273 / sizeof(uint32_t);
1274 cmd.trans = le32_to_cpu(container.trans);
1275 if (cmd.argc > ARRAY_SIZE(cmd.argv)) {
1276 cmd.argc = ARRAY_SIZE(cmd.argv);
1277 }
1278 if (p->iov.size < sizeof(container) + cmd.argc * sizeof(uint32_t)) {
1279 trace_usb_mtp_stall(s->dev.addr, "packet too small");
1280 p->status = USB_RET_STALL;
1281 return;
1282 }
1283 usb_packet_copy(p, ¶ms, cmd.argc * sizeof(uint32_t));
1284 for (i = 0; i < cmd.argc; i++) {
1285 cmd.argv[i] = le32_to_cpu(params[i]);
1286 }
1287 trace_usb_mtp_command(s->dev.addr, cmd.code, cmd.trans,
1288 (cmd.argc > 0) ? cmd.argv[0] : 0,
1289 (cmd.argc > 1) ? cmd.argv[1] : 0,
1290 (cmd.argc > 2) ? cmd.argv[2] : 0,
1291 (cmd.argc > 3) ? cmd.argv[3] : 0,
1292 (cmd.argc > 4) ? cmd.argv[4] : 0);
1293 usb_mtp_command(s, &cmd);
1294 break;
1295 default:
1296
1297 p->status = USB_RET_STALL;
1298 return;
1299 }
1300 break;
1301 case EP_EVENT:
1302#ifdef CONFIG_INOTIFY1
1303 if (!QTAILQ_EMPTY(&s->events)) {
1304 struct MTPMonEntry *e = QTAILQ_LAST(&s->events, events);
1305 uint32_t handle;
1306 int len = sizeof(container) + sizeof(uint32_t);
1307
1308 if (p->iov.size < len) {
1309 trace_usb_mtp_stall(s->dev.addr,
1310 "packet too small to send event");
1311 p->status = USB_RET_STALL;
1312 return;
1313 }
1314
1315 QTAILQ_REMOVE(&s->events, e, next);
1316 container.length = cpu_to_le32(len);
1317 container.type = cpu_to_le32(TYPE_EVENT);
1318 container.code = cpu_to_le16(e->event);
1319 container.trans = 0;
1320 handle = cpu_to_le32(e->handle);
1321 usb_packet_copy(p, &container, sizeof(container));
1322 usb_packet_copy(p, &handle, sizeof(uint32_t));
1323 g_free(e);
1324 return;
1325 }
1326#endif
1327 p->status = USB_RET_NAK;
1328 return;
1329 default:
1330 trace_usb_mtp_stall(s->dev.addr, "invalid endpoint");
1331 p->status = USB_RET_STALL;
1332 return;
1333 }
1334
1335 if (p->actual_length == 0) {
1336 trace_usb_mtp_nak(s->dev.addr, p->ep->nr);
1337 p->status = USB_RET_NAK;
1338 return;
1339 } else {
1340 trace_usb_mtp_xfer(s->dev.addr, p->ep->nr, p->actual_length,
1341 p->iov.size);
1342 return;
1343 }
1344}
1345
1346static void usb_mtp_realize(USBDevice *dev, Error **errp)
1347{
1348 MTPState *s = USB_MTP(dev);
1349
1350 usb_desc_create_serial(dev);
1351 usb_desc_init(dev);
1352 QTAILQ_INIT(&s->objects);
1353 if (s->desc == NULL) {
1354 if (s->root == NULL) {
1355 error_setg(errp, "usb-mtp: x-root property must be configured");
1356 return;
1357 }
1358 s->desc = strrchr(s->root, '/');
1359 if (s->desc && s->desc[0]) {
1360 s->desc = g_strdup(s->desc + 1);
1361 } else {
1362 s->desc = g_strdup("none");
1363 }
1364 }
1365}
1366
1367static const VMStateDescription vmstate_usb_mtp = {
1368 .name = "usb-mtp",
1369 .unmigratable = 1,
1370 .version_id = 1,
1371 .minimum_version_id = 1,
1372 .fields = (VMStateField[]) {
1373 VMSTATE_USB_DEVICE(dev, MTPState),
1374 VMSTATE_END_OF_LIST()
1375 }
1376};
1377
1378static Property mtp_properties[] = {
1379 DEFINE_PROP_STRING("x-root", MTPState, root),
1380 DEFINE_PROP_STRING("desc", MTPState, desc),
1381 DEFINE_PROP_END_OF_LIST(),
1382};
1383
1384static void usb_mtp_class_initfn(ObjectClass *klass, void *data)
1385{
1386 DeviceClass *dc = DEVICE_CLASS(klass);
1387 USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
1388
1389 uc->realize = usb_mtp_realize;
1390 uc->product_desc = "QEMU USB MTP";
1391 uc->usb_desc = &desc;
1392 uc->cancel_packet = usb_mtp_cancel_packet;
1393 uc->handle_attach = usb_desc_attach;
1394 uc->handle_reset = usb_mtp_handle_reset;
1395 uc->handle_control = usb_mtp_handle_control;
1396 uc->handle_data = usb_mtp_handle_data;
1397 dc->fw_name = "mtp";
1398 dc->vmsd = &vmstate_usb_mtp;
1399 dc->props = mtp_properties;
1400}
1401
1402static TypeInfo mtp_info = {
1403 .name = TYPE_USB_MTP,
1404 .parent = TYPE_USB_DEVICE,
1405 .instance_size = sizeof(MTPState),
1406 .class_init = usb_mtp_class_initfn,
1407};
1408
1409static void usb_mtp_register_types(void)
1410{
1411 type_register_static(&mtp_info);
1412}
1413
1414type_init(usb_mtp_register_types)
1415
