1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243#include <config.h>
244#include <malloc.h>
245#include <common.h>
246#include <g_dnl.h>
247
248#include <linux/err.h>
249#include <linux/usb/ch9.h>
250#include <linux/usb/gadget.h>
251#include <usb_mass_storage.h>
252
253#include <asm/unaligned.h>
254#include <linux/usb/gadget.h>
255#include <linux/usb/gadget.h>
256#include <linux/usb/composite.h>
257#include <usb/lin_gadget_compat.h>
258#include <g_dnl.h>
259
260
261
262#define FSG_DRIVER_DESC "Mass Storage Function"
263#define FSG_DRIVER_VERSION "2012/06/5"
264
265static const char fsg_string_interface[] = "Mass Storage";
266
267#define FSG_NO_INTR_EP 1
268#define FSG_NO_DEVICE_STRINGS 1
269#define FSG_NO_OTG 1
270#define FSG_NO_INTR_EP 1
271
272#include "storage_common.c"
273
274
275
276#define GFP_ATOMIC ((gfp_t) 0)
277#define PAGE_CACHE_SHIFT 12
278#define PAGE_CACHE_SIZE (1 << PAGE_CACHE_SHIFT)
279#define kthread_create(...) __builtin_return_address(0)
280#define wait_for_completion(...) do {} while (0)
281
282struct kref {int x; };
283struct completion {int x; };
284
285inline void set_bit(int nr, volatile void *addr)
286{
287 int mask;
288 unsigned int *a = (unsigned int *) addr;
289
290 a += nr >> 5;
291 mask = 1 << (nr & 0x1f);
292 *a |= mask;
293}
294
295inline void clear_bit(int nr, volatile void *addr)
296{
297 int mask;
298 unsigned int *a = (unsigned int *) addr;
299
300 a += nr >> 5;
301 mask = 1 << (nr & 0x1f);
302 *a &= ~mask;
303}
304
305struct fsg_dev;
306struct fsg_common;
307
308
309struct fsg_common {
310 struct usb_gadget *gadget;
311 struct fsg_dev *fsg, *new_fsg;
312
313 struct usb_ep *ep0;
314 struct usb_request *ep0req;
315 unsigned int ep0_req_tag;
316
317 struct fsg_buffhd *next_buffhd_to_fill;
318 struct fsg_buffhd *next_buffhd_to_drain;
319 struct fsg_buffhd buffhds[FSG_NUM_BUFFERS];
320
321 int cmnd_size;
322 u8 cmnd[MAX_COMMAND_SIZE];
323
324 unsigned int nluns;
325 unsigned int lun;
326 struct fsg_lun luns[FSG_MAX_LUNS];
327
328 unsigned int bulk_out_maxpacket;
329 enum fsg_state state;
330 unsigned int exception_req_tag;
331
332 enum data_direction data_dir;
333 u32 data_size;
334 u32 data_size_from_cmnd;
335 u32 tag;
336 u32 residue;
337 u32 usb_amount_left;
338
339 unsigned int can_stall:1;
340 unsigned int free_storage_on_release:1;
341 unsigned int phase_error:1;
342 unsigned int short_packet_received:1;
343 unsigned int bad_lun_okay:1;
344 unsigned int running:1;
345
346 int thread_wakeup_needed;
347 struct completion thread_notifier;
348 struct task_struct *thread_task;
349
350
351 const struct fsg_operations *ops;
352
353 void *private_data;
354
355 const char *vendor_name;
356 const char *product_name;
357 u16 release;
358
359
360
361 char inquiry_string[8 + 16 + 4 + 1];
362
363 struct kref ref;
364};
365
366struct fsg_config {
367 unsigned nluns;
368 struct fsg_lun_config {
369 const char *filename;
370 char ro;
371 char removable;
372 char cdrom;
373 char nofua;
374 } luns[FSG_MAX_LUNS];
375
376
377 const struct fsg_operations *ops;
378
379 void *private_data;
380
381 const char *vendor_name;
382 const char *product_name;
383
384 char can_stall;
385};
386
387struct fsg_dev {
388 struct usb_function function;
389 struct usb_gadget *gadget;
390 struct fsg_common *common;
391
392 u16 interface_number;
393
394 unsigned int bulk_in_enabled:1;
395 unsigned int bulk_out_enabled:1;
396
397 unsigned long atomic_bitflags;
398#define IGNORE_BULK_OUT 0
399
400 struct usb_ep *bulk_in;
401 struct usb_ep *bulk_out;
402};
403
404
405static inline int __fsg_is_set(struct fsg_common *common,
406 const char *func, unsigned line)
407{
408 if (common->fsg)
409 return 1;
410 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line);
411 WARN_ON(1);
412 return 0;
413}
414
415#define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__))
416
417
418static inline struct fsg_dev *fsg_from_func(struct usb_function *f)
419{
420 return container_of(f, struct fsg_dev, function);
421}
422
423
424typedef void (*fsg_routine_t)(struct fsg_dev *);
425
426static int exception_in_progress(struct fsg_common *common)
427{
428 return common->state > FSG_STATE_IDLE;
429}
430
431
432static void set_bulk_out_req_length(struct fsg_common *common,
433 struct fsg_buffhd *bh, unsigned int length)
434{
435 unsigned int rem;
436
437 bh->bulk_out_intended_length = length;
438 rem = length % common->bulk_out_maxpacket;
439 if (rem > 0)
440 length += common->bulk_out_maxpacket - rem;
441 bh->outreq->length = length;
442}
443
444
445
446struct ums *ums;
447struct fsg_common *the_fsg_common;
448
449static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
450{
451 const char *name;
452
453 if (ep == fsg->bulk_in)
454 name = "bulk-in";
455 else if (ep == fsg->bulk_out)
456 name = "bulk-out";
457 else
458 name = ep->name;
459 DBG(fsg, "%s set halt\n", name);
460 return usb_ep_set_halt(ep);
461}
462
463
464
465
466
467
468static void wakeup_thread(struct fsg_common *common)
469{
470 common->thread_wakeup_needed = 1;
471}
472
473static void raise_exception(struct fsg_common *common, enum fsg_state new_state)
474{
475
476
477
478 if (common->state <= new_state) {
479 common->exception_req_tag = common->ep0_req_tag;
480 common->state = new_state;
481 common->thread_wakeup_needed = 1;
482 }
483}
484
485
486
487static int ep0_queue(struct fsg_common *common)
488{
489 int rc;
490
491 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC);
492 common->ep0->driver_data = common;
493 if (rc != 0 && rc != -ESHUTDOWN) {
494
495 WARNING(common, "error in submission: %s --> %d\n",
496 common->ep0->name, rc);
497 }
498 return rc;
499}
500
501
502
503
504
505
506static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
507{
508 struct fsg_common *common = ep->driver_data;
509 struct fsg_buffhd *bh = req->context;
510
511 if (req->status || req->actual != req->length)
512 DBG(common, "%s --> %d, %u/%u\n", __func__,
513 req->status, req->actual, req->length);
514 if (req->status == -ECONNRESET)
515 usb_ep_fifo_flush(ep);
516
517
518 bh->inreq_busy = 0;
519 bh->state = BUF_STATE_EMPTY;
520 wakeup_thread(common);
521}
522
523static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
524{
525 struct fsg_common *common = ep->driver_data;
526 struct fsg_buffhd *bh = req->context;
527
528 dump_msg(common, "bulk-out", req->buf, req->actual);
529 if (req->status || req->actual != bh->bulk_out_intended_length)
530 DBG(common, "%s --> %d, %u/%u\n", __func__,
531 req->status, req->actual,
532 bh->bulk_out_intended_length);
533 if (req->status == -ECONNRESET)
534 usb_ep_fifo_flush(ep);
535
536
537 bh->outreq_busy = 0;
538 bh->state = BUF_STATE_FULL;
539 wakeup_thread(common);
540}
541
542
543
544
545
546static int fsg_setup(struct usb_function *f,
547 const struct usb_ctrlrequest *ctrl)
548{
549 struct fsg_dev *fsg = fsg_from_func(f);
550 struct usb_request *req = fsg->common->ep0req;
551 u16 w_index = get_unaligned_le16(&ctrl->wIndex);
552 u16 w_value = get_unaligned_le16(&ctrl->wValue);
553 u16 w_length = get_unaligned_le16(&ctrl->wLength);
554
555 if (!fsg_is_set(fsg->common))
556 return -EOPNOTSUPP;
557
558 switch (ctrl->bRequest) {
559
560 case USB_BULK_RESET_REQUEST:
561 if (ctrl->bRequestType !=
562 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
563 break;
564 if (w_index != fsg->interface_number || w_value != 0)
565 return -EDOM;
566
567
568
569 DBG(fsg, "bulk reset request\n");
570 raise_exception(fsg->common, FSG_STATE_RESET);
571 return DELAYED_STATUS;
572
573 case USB_BULK_GET_MAX_LUN_REQUEST:
574 if (ctrl->bRequestType !=
575 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
576 break;
577 if (w_index != fsg->interface_number || w_value != 0)
578 return -EDOM;
579 VDBG(fsg, "get max LUN\n");
580 *(u8 *) req->buf = fsg->common->nluns - 1;
581
582
583 req->length = min((u16)1, w_length);
584 return ep0_queue(fsg->common);
585 }
586
587 VDBG(fsg,
588 "unknown class-specific control req "
589 "%02x.%02x v%04x i%04x l%u\n",
590 ctrl->bRequestType, ctrl->bRequest,
591 get_unaligned_le16(&ctrl->wValue), w_index, w_length);
592 return -EOPNOTSUPP;
593}
594
595
596
597
598
599
600static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
601 struct usb_request *req, int *pbusy,
602 enum fsg_buffer_state *state)
603{
604 int rc;
605
606 if (ep == fsg->bulk_in)
607 dump_msg(fsg, "bulk-in", req->buf, req->length);
608
609 *pbusy = 1;
610 *state = BUF_STATE_BUSY;
611 rc = usb_ep_queue(ep, req, GFP_KERNEL);
612 if (rc != 0) {
613 *pbusy = 0;
614 *state = BUF_STATE_EMPTY;
615
616
617
618
619
620 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP &&
621 req->length == 0))
622 WARNING(fsg, "error in submission: %s --> %d\n",
623 ep->name, rc);
624 }
625}
626
627#define START_TRANSFER_OR(common, ep_name, req, pbusy, state) \
628 if (fsg_is_set(common)) \
629 start_transfer((common)->fsg, (common)->fsg->ep_name, \
630 req, pbusy, state); \
631 else
632
633#define START_TRANSFER(common, ep_name, req, pbusy, state) \
634 START_TRANSFER_OR(common, ep_name, req, pbusy, state) (void)0
635
636static void busy_indicator(void)
637{
638 static int state;
639
640 switch (state) {
641 case 0:
642 puts("\r|"); break;
643 case 1:
644 puts("\r/"); break;
645 case 2:
646 puts("\r-"); break;
647 case 3:
648 puts("\r\\"); break;
649 case 4:
650 puts("\r|"); break;
651 case 5:
652 puts("\r/"); break;
653 case 6:
654 puts("\r-"); break;
655 case 7:
656 puts("\r\\"); break;
657 default:
658 state = 0;
659 }
660 if (state++ == 8)
661 state = 0;
662}
663
664static int sleep_thread(struct fsg_common *common)
665{
666 int rc = 0;
667 int i = 0, k = 0;
668
669
670 for (;;) {
671 if (common->thread_wakeup_needed)
672 break;
673
674 if (++i == 50000) {
675 busy_indicator();
676 i = 0;
677 k++;
678 }
679
680 if (k == 10) {
681
682 if (ctrlc())
683 return -EPIPE;
684
685
686 if (!g_dnl_board_usb_cable_connected())
687 return -EIO;
688
689 k = 0;
690 }
691
692 usb_gadget_handle_interrupts();
693 }
694 common->thread_wakeup_needed = 0;
695 return rc;
696}
697
698
699
700static int do_read(struct fsg_common *common)
701{
702 struct fsg_lun *curlun = &common->luns[common->lun];
703 u32 lba;
704 struct fsg_buffhd *bh;
705 int rc;
706 u32 amount_left;
707 loff_t file_offset;
708 unsigned int amount;
709 unsigned int partial_page;
710 ssize_t nread;
711
712
713
714 if (common->cmnd[0] == SC_READ_6)
715 lba = get_unaligned_be24(&common->cmnd[1]);
716 else {
717 lba = get_unaligned_be32(&common->cmnd[2]);
718
719
720
721
722 if ((common->cmnd[1] & ~0x18) != 0) {
723 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
724 return -EINVAL;
725 }
726 }
727 if (lba >= curlun->num_sectors) {
728 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
729 return -EINVAL;
730 }
731 file_offset = ((loff_t) lba) << 9;
732
733
734 amount_left = common->data_size_from_cmnd;
735 if (unlikely(amount_left == 0))
736 return -EIO;
737
738 for (;;) {
739
740
741
742
743
744
745
746
747
748 amount = min(amount_left, FSG_BUFLEN);
749 partial_page = file_offset & (PAGE_CACHE_SIZE - 1);
750 if (partial_page > 0)
751 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE -
752 partial_page);
753
754
755 bh = common->next_buffhd_to_fill;
756 while (bh->state != BUF_STATE_EMPTY) {
757 rc = sleep_thread(common);
758 if (rc)
759 return rc;
760 }
761
762
763
764 if (amount == 0) {
765 curlun->sense_data =
766 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
767 curlun->info_valid = 1;
768 bh->inreq->length = 0;
769 bh->state = BUF_STATE_FULL;
770 break;
771 }
772
773
774 rc = ums->read_sector(ums,
775 file_offset / SECTOR_SIZE,
776 amount / SECTOR_SIZE,
777 (char __user *)bh->buf);
778 if (!rc)
779 return -EIO;
780
781 nread = rc * SECTOR_SIZE;
782
783 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
784 (unsigned long long) file_offset,
785 (int) nread);
786
787 if (nread < 0) {
788 LDBG(curlun, "error in file read: %d\n",
789 (int) nread);
790 nread = 0;
791 } else if (nread < amount) {
792 LDBG(curlun, "partial file read: %d/%u\n",
793 (int) nread, amount);
794 nread -= (nread & 511);
795 }
796 file_offset += nread;
797 amount_left -= nread;
798 common->residue -= nread;
799 bh->inreq->length = nread;
800 bh->state = BUF_STATE_FULL;
801
802
803 if (nread < amount) {
804 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
805 curlun->info_valid = 1;
806 break;
807 }
808
809 if (amount_left == 0)
810 break;
811
812
813 bh->inreq->zero = 0;
814 START_TRANSFER_OR(common, bulk_in, bh->inreq,
815 &bh->inreq_busy, &bh->state)
816
817
818 return -EIO;
819 common->next_buffhd_to_fill = bh->next;
820 }
821
822 return -EIO;
823}
824
825
826
827static int do_write(struct fsg_common *common)
828{
829 struct fsg_lun *curlun = &common->luns[common->lun];
830 u32 lba;
831 struct fsg_buffhd *bh;
832 int get_some_more;
833 u32 amount_left_to_req, amount_left_to_write;
834 loff_t usb_offset, file_offset;
835 unsigned int amount;
836 unsigned int partial_page;
837 ssize_t nwritten;
838 int rc;
839
840 if (curlun->ro) {
841 curlun->sense_data = SS_WRITE_PROTECTED;
842 return -EINVAL;
843 }
844
845
846
847 if (common->cmnd[0] == SC_WRITE_6)
848 lba = get_unaligned_be24(&common->cmnd[1]);
849 else {
850 lba = get_unaligned_be32(&common->cmnd[2]);
851
852
853
854
855
856 if (common->cmnd[1] & ~0x18) {
857 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
858 return -EINVAL;
859 }
860 }
861 if (lba >= curlun->num_sectors) {
862 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
863 return -EINVAL;
864 }
865
866
867 get_some_more = 1;
868 file_offset = usb_offset = ((loff_t) lba) << 9;
869 amount_left_to_req = common->data_size_from_cmnd;
870 amount_left_to_write = common->data_size_from_cmnd;
871
872 while (amount_left_to_write > 0) {
873
874
875 bh = common->next_buffhd_to_fill;
876 if (bh->state == BUF_STATE_EMPTY && get_some_more) {
877
878
879
880
881
882
883
884
885
886
887 amount = min(amount_left_to_req, FSG_BUFLEN);
888 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1);
889 if (partial_page > 0)
890 amount = min(amount,
891 (unsigned int) PAGE_CACHE_SIZE - partial_page);
892
893 if (amount == 0) {
894 get_some_more = 0;
895 curlun->sense_data =
896 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
897 curlun->info_valid = 1;
898 continue;
899 }
900 amount -= (amount & 511);
901 if (amount == 0) {
902
903
904
905 get_some_more = 0;
906 continue;
907 }
908
909
910 usb_offset += amount;
911 common->usb_amount_left -= amount;
912 amount_left_to_req -= amount;
913 if (amount_left_to_req == 0)
914 get_some_more = 0;
915
916
917
918 bh->outreq->length = amount;
919 bh->bulk_out_intended_length = amount;
920 bh->outreq->short_not_ok = 1;
921 START_TRANSFER_OR(common, bulk_out, bh->outreq,
922 &bh->outreq_busy, &bh->state)
923
924
925 return -EIO;
926 common->next_buffhd_to_fill = bh->next;
927 continue;
928 }
929
930
931 bh = common->next_buffhd_to_drain;
932 if (bh->state == BUF_STATE_EMPTY && !get_some_more)
933 break;
934 if (bh->state == BUF_STATE_FULL) {
935 common->next_buffhd_to_drain = bh->next;
936 bh->state = BUF_STATE_EMPTY;
937
938
939 if (bh->outreq->status != 0) {
940 curlun->sense_data = SS_COMMUNICATION_FAILURE;
941 curlun->info_valid = 1;
942 break;
943 }
944
945 amount = bh->outreq->actual;
946
947
948 rc = ums->write_sector(ums,
949 file_offset / SECTOR_SIZE,
950 amount / SECTOR_SIZE,
951 (char __user *)bh->buf);
952 if (!rc)
953 return -EIO;
954 nwritten = rc * SECTOR_SIZE;
955
956 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
957 (unsigned long long) file_offset,
958 (int) nwritten);
959
960 if (nwritten < 0) {
961 LDBG(curlun, "error in file write: %d\n",
962 (int) nwritten);
963 nwritten = 0;
964 } else if (nwritten < amount) {
965 LDBG(curlun, "partial file write: %d/%u\n",
966 (int) nwritten, amount);
967 nwritten -= (nwritten & 511);
968
969 }
970 file_offset += nwritten;
971 amount_left_to_write -= nwritten;
972 common->residue -= nwritten;
973
974
975 if (nwritten < amount) {
976 printf("nwritten:%d amount:%d\n", nwritten,
977 amount);
978 curlun->sense_data = SS_WRITE_ERROR;
979 curlun->info_valid = 1;
980 break;
981 }
982
983
984 if (bh->outreq->actual != bh->outreq->length) {
985 common->short_packet_received = 1;
986 break;
987 }
988 continue;
989 }
990
991
992 rc = sleep_thread(common);
993 if (rc)
994 return rc;
995 }
996
997 return -EIO;
998}
999
1000
1001
1002static int do_synchronize_cache(struct fsg_common *common)
1003{
1004 return 0;
1005}
1006
1007
1008
1009static int do_verify(struct fsg_common *common)
1010{
1011 struct fsg_lun *curlun = &common->luns[common->lun];
1012 u32 lba;
1013 u32 verification_length;
1014 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1015 loff_t file_offset;
1016 u32 amount_left;
1017 unsigned int amount;
1018 ssize_t nread;
1019 int rc;
1020
1021
1022
1023 lba = get_unaligned_be32(&common->cmnd[2]);
1024 if (lba >= curlun->num_sectors) {
1025 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1026 return -EINVAL;
1027 }
1028
1029
1030
1031 if (common->cmnd[1] & ~0x10) {
1032 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1033 return -EINVAL;
1034 }
1035
1036 verification_length = get_unaligned_be16(&common->cmnd[7]);
1037 if (unlikely(verification_length == 0))
1038 return -EIO;
1039
1040
1041 amount_left = verification_length << 9;
1042 file_offset = ((loff_t) lba) << 9;
1043
1044
1045
1046
1047 while (amount_left > 0) {
1048
1049
1050
1051
1052
1053
1054
1055 amount = min(amount_left, FSG_BUFLEN);
1056 if (amount == 0) {
1057 curlun->sense_data =
1058 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1059 curlun->info_valid = 1;
1060 break;
1061 }
1062
1063
1064 rc = ums->read_sector(ums,
1065 file_offset / SECTOR_SIZE,
1066 amount / SECTOR_SIZE,
1067 (char __user *)bh->buf);
1068 if (!rc)
1069 return -EIO;
1070 nread = rc * SECTOR_SIZE;
1071
1072 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1073 (unsigned long long) file_offset,
1074 (int) nread);
1075 if (nread < 0) {
1076 LDBG(curlun, "error in file verify: %d\n",
1077 (int) nread);
1078 nread = 0;
1079 } else if (nread < amount) {
1080 LDBG(curlun, "partial file verify: %d/%u\n",
1081 (int) nread, amount);
1082 nread -= (nread & 511);
1083 }
1084 if (nread == 0) {
1085 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1086 curlun->info_valid = 1;
1087 break;
1088 }
1089 file_offset += nread;
1090 amount_left -= nread;
1091 }
1092 return 0;
1093}
1094
1095
1096
1097static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh)
1098{
1099 struct fsg_lun *curlun = &common->luns[common->lun];
1100 static const char vendor_id[] = "Linux ";
1101 u8 *buf = (u8 *) bh->buf;
1102
1103 if (!curlun) {
1104 common->bad_lun_okay = 1;
1105 memset(buf, 0, 36);
1106 buf[0] = 0x7f;
1107 buf[4] = 31;
1108 return 36;
1109 }
1110
1111 memset(buf, 0, 8);
1112 buf[0] = TYPE_DISK;
1113 buf[1] = curlun->removable ? 0x80 : 0;
1114 buf[2] = 2;
1115 buf[3] = 2;
1116 buf[4] = 31;
1117
1118 sprintf((char *) (buf + 8), "%-8s%-16s%04x", (char*) vendor_id ,
1119 ums->name, (u16) 0xffff);
1120
1121 return 36;
1122}
1123
1124
1125static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1126{
1127 struct fsg_lun *curlun = &common->luns[common->lun];
1128 u8 *buf = (u8 *) bh->buf;
1129 u32 sd, sdinfo;
1130 int valid;
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147#if 0
1148 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
1149 curlun->sense_data = curlun->unit_attention_data;
1150 curlun->unit_attention_data = SS_NO_SENSE;
1151 }
1152#endif
1153
1154 if (!curlun) {
1155 common->bad_lun_okay = 1;
1156 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1157 sdinfo = 0;
1158 valid = 0;
1159 } else {
1160 sd = curlun->sense_data;
1161 valid = curlun->info_valid << 7;
1162 curlun->sense_data = SS_NO_SENSE;
1163 curlun->info_valid = 0;
1164 }
1165
1166 memset(buf, 0, 18);
1167 buf[0] = valid | 0x70;
1168 buf[2] = SK(sd);
1169 put_unaligned_be32(sdinfo, &buf[3]);
1170 buf[7] = 18 - 8;
1171 buf[12] = ASC(sd);
1172 buf[13] = ASCQ(sd);
1173 return 18;
1174}
1175
1176static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh)
1177{
1178 struct fsg_lun *curlun = &common->luns[common->lun];
1179 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1180 int pmi = common->cmnd[8];
1181 u8 *buf = (u8 *) bh->buf;
1182
1183
1184 if (pmi > 1 || (pmi == 0 && lba != 0)) {
1185 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1186 return -EINVAL;
1187 }
1188
1189 put_unaligned_be32(curlun->num_sectors - 1, &buf[0]);
1190
1191 put_unaligned_be32(512, &buf[4]);
1192 return 8;
1193}
1194
1195static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh)
1196{
1197 struct fsg_lun *curlun = &common->luns[common->lun];
1198 int msf = common->cmnd[1] & 0x02;
1199 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1200 u8 *buf = (u8 *) bh->buf;
1201
1202 if (common->cmnd[1] & ~0x02) {
1203 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1204 return -EINVAL;
1205 }
1206 if (lba >= curlun->num_sectors) {
1207 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1208 return -EINVAL;
1209 }
1210
1211 memset(buf, 0, 8);
1212 buf[0] = 0x01;
1213 store_cdrom_address(&buf[4], msf, lba);
1214 return 8;
1215}
1216
1217
1218static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh)
1219{
1220 struct fsg_lun *curlun = &common->luns[common->lun];
1221 int msf = common->cmnd[1] & 0x02;
1222 int start_track = common->cmnd[6];
1223 u8 *buf = (u8 *) bh->buf;
1224
1225 if ((common->cmnd[1] & ~0x02) != 0 ||
1226 start_track > 1) {
1227 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1228 return -EINVAL;
1229 }
1230
1231 memset(buf, 0, 20);
1232 buf[1] = (20-2);
1233 buf[2] = 1;
1234 buf[3] = 1;
1235 buf[5] = 0x16;
1236 buf[6] = 0x01;
1237 store_cdrom_address(&buf[8], msf, 0);
1238
1239 buf[13] = 0x16;
1240 buf[14] = 0xAA;
1241 store_cdrom_address(&buf[16], msf, curlun->num_sectors);
1242
1243 return 20;
1244}
1245
1246static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1247{
1248 struct fsg_lun *curlun = &common->luns[common->lun];
1249 int mscmnd = common->cmnd[0];
1250 u8 *buf = (u8 *) bh->buf;
1251 u8 *buf0 = buf;
1252 int pc, page_code;
1253 int changeable_values, all_pages;
1254 int valid_page = 0;
1255 int len, limit;
1256
1257 if ((common->cmnd[1] & ~0x08) != 0) {
1258 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1259 return -EINVAL;
1260 }
1261 pc = common->cmnd[2] >> 6;
1262 page_code = common->cmnd[2] & 0x3f;
1263 if (pc == 3) {
1264 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1265 return -EINVAL;
1266 }
1267 changeable_values = (pc == 1);
1268 all_pages = (page_code == 0x3f);
1269
1270
1271
1272
1273
1274 memset(buf, 0, 8);
1275 if (mscmnd == SC_MODE_SENSE_6) {
1276 buf[2] = (curlun->ro ? 0x80 : 0x00);
1277 buf += 4;
1278 limit = 255;
1279 } else {
1280 buf[3] = (curlun->ro ? 0x80 : 0x00);
1281 buf += 8;
1282 limit = 65535;
1283 }
1284
1285
1286
1287
1288
1289 if (page_code == 0x08 || all_pages) {
1290 valid_page = 1;
1291 buf[0] = 0x08;
1292 buf[1] = 10;
1293 memset(buf+2, 0, 10);
1294
1295 if (!changeable_values) {
1296 buf[2] = 0x04;
1297
1298
1299 put_unaligned_be16(0xffff, &buf[4]);
1300
1301
1302 put_unaligned_be16(0xffff, &buf[8]);
1303
1304 put_unaligned_be16(0xffff, &buf[10]);
1305
1306 }
1307 buf += 12;
1308 }
1309
1310
1311
1312 len = buf - buf0;
1313 if (!valid_page || len > limit) {
1314 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1315 return -EINVAL;
1316 }
1317
1318
1319 if (mscmnd == SC_MODE_SENSE_6)
1320 buf0[0] = len - 1;
1321 else
1322 put_unaligned_be16(len - 2, buf0);
1323 return len;
1324}
1325
1326
1327static int do_start_stop(struct fsg_common *common)
1328{
1329 struct fsg_lun *curlun = &common->luns[common->lun];
1330
1331 if (!curlun) {
1332 return -EINVAL;
1333 } else if (!curlun->removable) {
1334 curlun->sense_data = SS_INVALID_COMMAND;
1335 return -EINVAL;
1336 }
1337
1338 return 0;
1339}
1340
1341static int do_prevent_allow(struct fsg_common *common)
1342{
1343 struct fsg_lun *curlun = &common->luns[common->lun];
1344 int prevent;
1345
1346 if (!curlun->removable) {
1347 curlun->sense_data = SS_INVALID_COMMAND;
1348 return -EINVAL;
1349 }
1350
1351 prevent = common->cmnd[4] & 0x01;
1352 if ((common->cmnd[4] & ~0x01) != 0) {
1353 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1354 return -EINVAL;
1355 }
1356
1357 if (curlun->prevent_medium_removal && !prevent)
1358 fsg_lun_fsync_sub(curlun);
1359 curlun->prevent_medium_removal = prevent;
1360 return 0;
1361}
1362
1363
1364static int do_read_format_capacities(struct fsg_common *common,
1365 struct fsg_buffhd *bh)
1366{
1367 struct fsg_lun *curlun = &common->luns[common->lun];
1368 u8 *buf = (u8 *) bh->buf;
1369
1370 buf[0] = buf[1] = buf[2] = 0;
1371 buf[3] = 8;
1372 buf += 4;
1373
1374 put_unaligned_be32(curlun->num_sectors, &buf[0]);
1375
1376 put_unaligned_be32(512, &buf[4]);
1377 buf[4] = 0x02;
1378 return 12;
1379}
1380
1381
1382static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh)
1383{
1384 struct fsg_lun *curlun = &common->luns[common->lun];
1385
1386
1387 if (curlun)
1388 curlun->sense_data = SS_INVALID_COMMAND;
1389 return -EINVAL;
1390}
1391
1392
1393
1394
1395static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
1396{
1397 int rc;
1398
1399 rc = fsg_set_halt(fsg, fsg->bulk_in);
1400 if (rc == -EAGAIN)
1401 VDBG(fsg, "delayed bulk-in endpoint halt\n");
1402 while (rc != 0) {
1403 if (rc != -EAGAIN) {
1404 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc);
1405 rc = 0;
1406 break;
1407 }
1408
1409 rc = usb_ep_set_halt(fsg->bulk_in);
1410 }
1411 return rc;
1412}
1413
1414static int wedge_bulk_in_endpoint(struct fsg_dev *fsg)
1415{
1416 int rc;
1417
1418 DBG(fsg, "bulk-in set wedge\n");
1419 rc = 0;
1420 if (rc == -EAGAIN)
1421 VDBG(fsg, "delayed bulk-in endpoint wedge\n");
1422 while (rc != 0) {
1423 if (rc != -EAGAIN) {
1424 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc);
1425 rc = 0;
1426 break;
1427 }
1428 }
1429 return rc;
1430}
1431
1432static int pad_with_zeros(struct fsg_dev *fsg)
1433{
1434 struct fsg_buffhd *bh = fsg->common->next_buffhd_to_fill;
1435 u32 nkeep = bh->inreq->length;
1436 u32 nsend;
1437 int rc;
1438
1439 bh->state = BUF_STATE_EMPTY;
1440 fsg->common->usb_amount_left = nkeep + fsg->common->residue;
1441 while (fsg->common->usb_amount_left > 0) {
1442
1443
1444 while (bh->state != BUF_STATE_EMPTY) {
1445 rc = sleep_thread(fsg->common);
1446 if (rc)
1447 return rc;
1448 }
1449
1450 nsend = min(fsg->common->usb_amount_left, FSG_BUFLEN);
1451 memset(bh->buf + nkeep, 0, nsend - nkeep);
1452 bh->inreq->length = nsend;
1453 bh->inreq->zero = 0;
1454 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1455 &bh->inreq_busy, &bh->state);
1456 bh = fsg->common->next_buffhd_to_fill = bh->next;
1457 fsg->common->usb_amount_left -= nsend;
1458 nkeep = 0;
1459 }
1460 return 0;
1461}
1462
1463static int throw_away_data(struct fsg_common *common)
1464{
1465 struct fsg_buffhd *bh;
1466 u32 amount;
1467 int rc;
1468
1469 for (bh = common->next_buffhd_to_drain;
1470 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0;
1471 bh = common->next_buffhd_to_drain) {
1472
1473
1474 if (bh->state == BUF_STATE_FULL) {
1475 bh->state = BUF_STATE_EMPTY;
1476 common->next_buffhd_to_drain = bh->next;
1477
1478
1479 if (bh->outreq->actual != bh->outreq->length ||
1480 bh->outreq->status != 0) {
1481 raise_exception(common,
1482 FSG_STATE_ABORT_BULK_OUT);
1483 return -EINTR;
1484 }
1485 continue;
1486 }
1487
1488
1489 bh = common->next_buffhd_to_fill;
1490 if (bh->state == BUF_STATE_EMPTY
1491 && common->usb_amount_left > 0) {
1492 amount = min(common->usb_amount_left, FSG_BUFLEN);
1493
1494
1495
1496 bh->outreq->length = amount;
1497 bh->bulk_out_intended_length = amount;
1498 bh->outreq->short_not_ok = 1;
1499 START_TRANSFER_OR(common, bulk_out, bh->outreq,
1500 &bh->outreq_busy, &bh->state)
1501
1502
1503 return -EIO;
1504 common->next_buffhd_to_fill = bh->next;
1505 common->usb_amount_left -= amount;
1506 continue;
1507 }
1508
1509
1510 rc = sleep_thread(common);
1511 if (rc)
1512 return rc;
1513 }
1514 return 0;
1515}
1516
1517
1518static int finish_reply(struct fsg_common *common)
1519{
1520 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1521 int rc = 0;
1522
1523 switch (common->data_dir) {
1524 case DATA_DIR_NONE:
1525 break;
1526
1527
1528
1529
1530
1531 case DATA_DIR_UNKNOWN:
1532 if (!common->can_stall) {
1533
1534 } else if (fsg_is_set(common)) {
1535 fsg_set_halt(common->fsg, common->fsg->bulk_out);
1536 rc = halt_bulk_in_endpoint(common->fsg);
1537 } else {
1538
1539 rc = -EIO;
1540 }
1541 break;
1542
1543
1544 case DATA_DIR_TO_HOST:
1545 if (common->data_size == 0) {
1546
1547
1548
1549 } else if (common->residue == 0) {
1550 bh->inreq->zero = 0;
1551 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1552 &bh->inreq_busy, &bh->state)
1553 return -EIO;
1554 common->next_buffhd_to_fill = bh->next;
1555
1556
1557
1558
1559 } else if (common->can_stall) {
1560 bh->inreq->zero = 1;
1561 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1562 &bh->inreq_busy, &bh->state)
1563
1564
1565 rc = -EIO;
1566 common->next_buffhd_to_fill = bh->next;
1567 if (common->fsg)
1568 rc = halt_bulk_in_endpoint(common->fsg);
1569 } else if (fsg_is_set(common)) {
1570 rc = pad_with_zeros(common->fsg);
1571 } else {
1572
1573 rc = -EIO;
1574 }
1575 break;
1576
1577
1578
1579 case DATA_DIR_FROM_HOST:
1580 if (common->residue == 0) {
1581
1582
1583
1584 } else if (common->short_packet_received) {
1585 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1586 rc = -EINTR;
1587
1588
1589
1590
1591
1592
1593
1594#if 0
1595 } else if (common->can_stall) {
1596 if (fsg_is_set(common))
1597 fsg_set_halt(common->fsg,
1598 common->fsg->bulk_out);
1599 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1600 rc = -EINTR;
1601#endif
1602
1603
1604
1605 } else {
1606 rc = throw_away_data(common);
1607 }
1608 break;
1609 }
1610 return rc;
1611}
1612
1613
1614static int send_status(struct fsg_common *common)
1615{
1616 struct fsg_lun *curlun = &common->luns[common->lun];
1617 struct fsg_buffhd *bh;
1618 struct bulk_cs_wrap *csw;
1619 int rc;
1620 u8 status = USB_STATUS_PASS;
1621 u32 sd, sdinfo = 0;
1622
1623
1624 bh = common->next_buffhd_to_fill;
1625 while (bh->state != BUF_STATE_EMPTY) {
1626 rc = sleep_thread(common);
1627 if (rc)
1628 return rc;
1629 }
1630
1631 if (curlun)
1632 sd = curlun->sense_data;
1633 else if (common->bad_lun_okay)
1634 sd = SS_NO_SENSE;
1635 else
1636 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1637
1638 if (common->phase_error) {
1639 DBG(common, "sending phase-error status\n");
1640 status = USB_STATUS_PHASE_ERROR;
1641 sd = SS_INVALID_COMMAND;
1642 } else if (sd != SS_NO_SENSE) {
1643 DBG(common, "sending command-failure status\n");
1644 status = USB_STATUS_FAIL;
1645 VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
1646 " info x%x\n",
1647 SK(sd), ASC(sd), ASCQ(sd), sdinfo);
1648 }
1649
1650
1651 csw = (void *)bh->buf;
1652
1653 csw->Signature = cpu_to_le32(USB_BULK_CS_SIG);
1654 csw->Tag = common->tag;
1655 csw->Residue = cpu_to_le32(common->residue);
1656 csw->Status = status;
1657
1658 bh->inreq->length = USB_BULK_CS_WRAP_LEN;
1659 bh->inreq->zero = 0;
1660 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1661 &bh->inreq_busy, &bh->state)
1662
1663 return -EIO;
1664
1665 common->next_buffhd_to_fill = bh->next;
1666 return 0;
1667}
1668
1669
1670
1671
1672
1673
1674static int check_command(struct fsg_common *common, int cmnd_size,
1675 enum data_direction data_dir, unsigned int mask,
1676 int needs_medium, const char *name)
1677{
1678 int i;
1679 int lun = common->cmnd[1] >> 5;
1680 static const char dirletter[4] = {'u', 'o', 'i', 'n'};
1681 char hdlen[20];
1682 struct fsg_lun *curlun;
1683
1684 hdlen[0] = 0;
1685 if (common->data_dir != DATA_DIR_UNKNOWN)
1686 sprintf(hdlen, ", H%c=%u", dirletter[(int) common->data_dir],
1687 common->data_size);
1688 VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
1689 name, cmnd_size, dirletter[(int) data_dir],
1690 common->data_size_from_cmnd, common->cmnd_size, hdlen);
1691
1692
1693
1694 if (common->data_size_from_cmnd == 0)
1695 data_dir = DATA_DIR_NONE;
1696 if (common->data_size < common->data_size_from_cmnd) {
1697
1698
1699
1700 common->data_size_from_cmnd = common->data_size;
1701 common->phase_error = 1;
1702 }
1703 common->residue = common->data_size;
1704 common->usb_amount_left = common->data_size;
1705
1706
1707 if (common->data_dir != data_dir
1708 && common->data_size_from_cmnd > 0) {
1709 common->phase_error = 1;
1710 return -EINVAL;
1711 }
1712
1713
1714 if (cmnd_size != common->cmnd_size) {
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728 if (cmnd_size <= common->cmnd_size) {
1729 DBG(common, "%s is buggy! Expected length %d "
1730 "but we got %d\n", name,
1731 cmnd_size, common->cmnd_size);
1732 cmnd_size = common->cmnd_size;
1733 } else {
1734 common->phase_error = 1;
1735 return -EINVAL;
1736 }
1737 }
1738
1739
1740 if (common->lun != lun)
1741 DBG(common, "using LUN %d from CBW, not LUN %d from CDB\n",
1742 common->lun, lun);
1743
1744
1745 if (common->lun >= 0 && common->lun < common->nluns) {
1746 curlun = &common->luns[common->lun];
1747 if (common->cmnd[0] != SC_REQUEST_SENSE) {
1748 curlun->sense_data = SS_NO_SENSE;
1749 curlun->info_valid = 0;
1750 }
1751 } else {
1752 curlun = NULL;
1753 common->bad_lun_okay = 0;
1754
1755
1756
1757 if (common->cmnd[0] != SC_INQUIRY &&
1758 common->cmnd[0] != SC_REQUEST_SENSE) {
1759 DBG(common, "unsupported LUN %d\n", common->lun);
1760 return -EINVAL;
1761 }
1762 }
1763#if 0
1764
1765
1766 if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
1767 common->cmnd[0] != SC_INQUIRY &&
1768 common->cmnd[0] != SC_REQUEST_SENSE) {
1769 curlun->sense_data = curlun->unit_attention_data;
1770 curlun->unit_attention_data = SS_NO_SENSE;
1771 return -EINVAL;
1772 }
1773#endif
1774
1775 common->cmnd[1] &= 0x1f;
1776 for (i = 1; i < cmnd_size; ++i) {
1777 if (common->cmnd[i] && !(mask & (1 << i))) {
1778 if (curlun)
1779 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1780 return -EINVAL;
1781 }
1782 }
1783
1784 return 0;
1785}
1786
1787
1788static int do_scsi_command(struct fsg_common *common)
1789{
1790 struct fsg_buffhd *bh;
1791 int rc;
1792 int reply = -EINVAL;
1793 int i;
1794 static char unknown[16];
1795 struct fsg_lun *curlun = &common->luns[common->lun];
1796
1797 dump_cdb(common);
1798
1799
1800 bh = common->next_buffhd_to_fill;
1801 common->next_buffhd_to_drain = bh;
1802 while (bh->state != BUF_STATE_EMPTY) {
1803 rc = sleep_thread(common);
1804 if (rc)
1805 return rc;
1806 }
1807 common->phase_error = 0;
1808 common->short_packet_received = 0;
1809
1810 down_read(&common->filesem);
1811 switch (common->cmnd[0]) {
1812
1813 case SC_INQUIRY:
1814 common->data_size_from_cmnd = common->cmnd[4];
1815 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1816 (1<<4), 0,
1817 "INQUIRY");
1818 if (reply == 0)
1819 reply = do_inquiry(common, bh);
1820 break;
1821
1822 case SC_MODE_SELECT_6:
1823 common->data_size_from_cmnd = common->cmnd[4];
1824 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1825 (1<<1) | (1<<4), 0,
1826 "MODE SELECT(6)");
1827 if (reply == 0)
1828 reply = do_mode_select(common, bh);
1829 break;
1830
1831 case SC_MODE_SELECT_10:
1832 common->data_size_from_cmnd =
1833 get_unaligned_be16(&common->cmnd[7]);
1834 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
1835 (1<<1) | (3<<7), 0,
1836 "MODE SELECT(10)");
1837 if (reply == 0)
1838 reply = do_mode_select(common, bh);
1839 break;
1840
1841 case SC_MODE_SENSE_6:
1842 common->data_size_from_cmnd = common->cmnd[4];
1843 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1844 (1<<1) | (1<<2) | (1<<4), 0,
1845 "MODE SENSE(6)");
1846 if (reply == 0)
1847 reply = do_mode_sense(common, bh);
1848 break;
1849
1850 case SC_MODE_SENSE_10:
1851 common->data_size_from_cmnd =
1852 get_unaligned_be16(&common->cmnd[7]);
1853 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1854 (1<<1) | (1<<2) | (3<<7), 0,
1855 "MODE SENSE(10)");
1856 if (reply == 0)
1857 reply = do_mode_sense(common, bh);
1858 break;
1859
1860 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1861 common->data_size_from_cmnd = 0;
1862 reply = check_command(common, 6, DATA_DIR_NONE,
1863 (1<<4), 0,
1864 "PREVENT-ALLOW MEDIUM REMOVAL");
1865 if (reply == 0)
1866 reply = do_prevent_allow(common);
1867 break;
1868
1869 case SC_READ_6:
1870 i = common->cmnd[4];
1871 common->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1872 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1873 (7<<1) | (1<<4), 1,
1874 "READ(6)");
1875 if (reply == 0)
1876 reply = do_read(common);
1877 break;
1878
1879 case SC_READ_10:
1880 common->data_size_from_cmnd =
1881 get_unaligned_be16(&common->cmnd[7]) << 9;
1882 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1883 (1<<1) | (0xf<<2) | (3<<7), 1,
1884 "READ(10)");
1885 if (reply == 0)
1886 reply = do_read(common);
1887 break;
1888
1889 case SC_READ_12:
1890 common->data_size_from_cmnd =
1891 get_unaligned_be32(&common->cmnd[6]) << 9;
1892 reply = check_command(common, 12, DATA_DIR_TO_HOST,
1893 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1894 "READ(12)");
1895 if (reply == 0)
1896 reply = do_read(common);
1897 break;
1898
1899 case SC_READ_CAPACITY:
1900 common->data_size_from_cmnd = 8;
1901 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1902 (0xf<<2) | (1<<8), 1,
1903 "READ CAPACITY");
1904 if (reply == 0)
1905 reply = do_read_capacity(common, bh);
1906 break;
1907
1908 case SC_READ_HEADER:
1909 if (!common->luns[common->lun].cdrom)
1910 goto unknown_cmnd;
1911 common->data_size_from_cmnd =
1912 get_unaligned_be16(&common->cmnd[7]);
1913 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1914 (3<<7) | (0x1f<<1), 1,
1915 "READ HEADER");
1916 if (reply == 0)
1917 reply = do_read_header(common, bh);
1918 break;
1919
1920 case SC_READ_TOC:
1921 if (!common->luns[common->lun].cdrom)
1922 goto unknown_cmnd;
1923 common->data_size_from_cmnd =
1924 get_unaligned_be16(&common->cmnd[7]);
1925 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1926 (7<<6) | (1<<1), 1,
1927 "READ TOC");
1928 if (reply == 0)
1929 reply = do_read_toc(common, bh);
1930 break;
1931
1932 case SC_READ_FORMAT_CAPACITIES:
1933 common->data_size_from_cmnd =
1934 get_unaligned_be16(&common->cmnd[7]);
1935 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1936 (3<<7), 1,
1937 "READ FORMAT CAPACITIES");
1938 if (reply == 0)
1939 reply = do_read_format_capacities(common, bh);
1940 break;
1941
1942 case SC_REQUEST_SENSE:
1943 common->data_size_from_cmnd = common->cmnd[4];
1944 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1945 (1<<4), 0,
1946 "REQUEST SENSE");
1947 if (reply == 0)
1948 reply = do_request_sense(common, bh);
1949 break;
1950
1951 case SC_START_STOP_UNIT:
1952 common->data_size_from_cmnd = 0;
1953 reply = check_command(common, 6, DATA_DIR_NONE,
1954 (1<<1) | (1<<4), 0,
1955 "START-STOP UNIT");
1956 if (reply == 0)
1957 reply = do_start_stop(common);
1958 break;
1959
1960 case SC_SYNCHRONIZE_CACHE:
1961 common->data_size_from_cmnd = 0;
1962 reply = check_command(common, 10, DATA_DIR_NONE,
1963 (0xf<<2) | (3<<7), 1,
1964 "SYNCHRONIZE CACHE");
1965 if (reply == 0)
1966 reply = do_synchronize_cache(common);
1967 break;
1968
1969 case SC_TEST_UNIT_READY:
1970 common->data_size_from_cmnd = 0;
1971 reply = check_command(common, 6, DATA_DIR_NONE,
1972 0, 1,
1973 "TEST UNIT READY");
1974 break;
1975
1976
1977
1978 case SC_VERIFY:
1979 common->data_size_from_cmnd = 0;
1980 reply = check_command(common, 10, DATA_DIR_NONE,
1981 (1<<1) | (0xf<<2) | (3<<7), 1,
1982 "VERIFY");
1983 if (reply == 0)
1984 reply = do_verify(common);
1985 break;
1986
1987 case SC_WRITE_6:
1988 i = common->cmnd[4];
1989 common->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1990 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1991 (7<<1) | (1<<4), 1,
1992 "WRITE(6)");
1993 if (reply == 0)
1994 reply = do_write(common);
1995 break;
1996
1997 case SC_WRITE_10:
1998 common->data_size_from_cmnd =
1999 get_unaligned_be16(&common->cmnd[7]) << 9;
2000 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
2001 (1<<1) | (0xf<<2) | (3<<7), 1,
2002 "WRITE(10)");
2003 if (reply == 0)
2004 reply = do_write(common);
2005 break;
2006
2007 case SC_WRITE_12:
2008 common->data_size_from_cmnd =
2009 get_unaligned_be32(&common->cmnd[6]) << 9;
2010 reply = check_command(common, 12, DATA_DIR_FROM_HOST,
2011 (1<<1) | (0xf<<2) | (0xf<<6), 1,
2012 "WRITE(12)");
2013 if (reply == 0)
2014 reply = do_write(common);
2015 break;
2016
2017
2018
2019
2020
2021 case SC_FORMAT_UNIT:
2022 case SC_RELEASE:
2023 case SC_RESERVE:
2024 case SC_SEND_DIAGNOSTIC:
2025
2026
2027 default:
2028unknown_cmnd:
2029 common->data_size_from_cmnd = 0;
2030 sprintf(unknown, "Unknown x%02x", common->cmnd[0]);
2031 reply = check_command(common, common->cmnd_size,
2032 DATA_DIR_UNKNOWN, 0xff, 0, unknown);
2033 if (reply == 0) {
2034 curlun->sense_data = SS_INVALID_COMMAND;
2035 reply = -EINVAL;
2036 }
2037 break;
2038 }
2039 up_read(&common->filesem);
2040
2041 if (reply == -EINTR)
2042 return -EINTR;
2043
2044
2045 if (reply == -EINVAL)
2046 reply = 0;
2047 if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) {
2048 reply = min((u32) reply, common->data_size_from_cmnd);
2049 bh->inreq->length = reply;
2050 bh->state = BUF_STATE_FULL;
2051 common->residue -= reply;
2052 }
2053
2054 return 0;
2055}
2056
2057
2058
2059static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2060{
2061 struct usb_request *req = bh->outreq;
2062 struct fsg_bulk_cb_wrap *cbw = req->buf;
2063 struct fsg_common *common = fsg->common;
2064
2065
2066 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
2067 return -EINVAL;
2068
2069
2070 if (req->actual != USB_BULK_CB_WRAP_LEN ||
2071 cbw->Signature != cpu_to_le32(
2072 USB_BULK_CB_SIG)) {
2073 DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
2074 req->actual,
2075 le32_to_cpu(cbw->Signature));
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086 wedge_bulk_in_endpoint(fsg);
2087 set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2088 return -EINVAL;
2089 }
2090
2091
2092 if (cbw->Lun >= FSG_MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG ||
2093 cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
2094 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2095 "cmdlen %u\n",
2096 cbw->Lun, cbw->Flags, cbw->Length);
2097
2098
2099
2100 if (common->can_stall) {
2101 fsg_set_halt(fsg, fsg->bulk_out);
2102 halt_bulk_in_endpoint(fsg);
2103 }
2104 return -EINVAL;
2105 }
2106
2107
2108 common->cmnd_size = cbw->Length;
2109 memcpy(common->cmnd, cbw->CDB, common->cmnd_size);
2110 if (cbw->Flags & USB_BULK_IN_FLAG)
2111 common->data_dir = DATA_DIR_TO_HOST;
2112 else
2113 common->data_dir = DATA_DIR_FROM_HOST;
2114 common->data_size = le32_to_cpu(cbw->DataTransferLength);
2115 if (common->data_size == 0)
2116 common->data_dir = DATA_DIR_NONE;
2117 common->lun = cbw->Lun;
2118 common->tag = cbw->Tag;
2119 return 0;
2120}
2121
2122
2123static int get_next_command(struct fsg_common *common)
2124{
2125 struct fsg_buffhd *bh;
2126 int rc = 0;
2127
2128
2129 bh = common->next_buffhd_to_fill;
2130 while (bh->state != BUF_STATE_EMPTY) {
2131 rc = sleep_thread(common);
2132 if (rc)
2133 return rc;
2134 }
2135
2136
2137 set_bulk_out_req_length(common, bh, USB_BULK_CB_WRAP_LEN);
2138 bh->outreq->short_not_ok = 1;
2139 START_TRANSFER_OR(common, bulk_out, bh->outreq,
2140 &bh->outreq_busy, &bh->state)
2141
2142 return -EIO;
2143
2144
2145
2146
2147
2148
2149 while (bh->state != BUF_STATE_FULL) {
2150 rc = sleep_thread(common);
2151 if (rc)
2152 return rc;
2153 }
2154
2155 rc = fsg_is_set(common) ? received_cbw(common->fsg, bh) : -EIO;
2156 bh->state = BUF_STATE_EMPTY;
2157
2158 return rc;
2159}
2160
2161
2162
2163
2164static int enable_endpoint(struct fsg_common *common, struct usb_ep *ep,
2165 const struct usb_endpoint_descriptor *d)
2166{
2167 int rc;
2168
2169 ep->driver_data = common;
2170 rc = usb_ep_enable(ep, d);
2171 if (rc)
2172 ERROR(common, "can't enable %s, result %d\n", ep->name, rc);
2173 return rc;
2174}
2175
2176static int alloc_request(struct fsg_common *common, struct usb_ep *ep,
2177 struct usb_request **preq)
2178{
2179 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
2180 if (*preq)
2181 return 0;
2182 ERROR(common, "can't allocate request for %s\n", ep->name);
2183 return -ENOMEM;
2184}
2185
2186
2187static int do_set_interface(struct fsg_common *common, struct fsg_dev *new_fsg)
2188{
2189 const struct usb_endpoint_descriptor *d;
2190 struct fsg_dev *fsg;
2191 int i, rc = 0;
2192
2193 if (common->running)
2194 DBG(common, "reset interface\n");
2195
2196reset:
2197
2198 if (common->fsg) {
2199 fsg = common->fsg;
2200
2201 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2202 struct fsg_buffhd *bh = &common->buffhds[i];
2203
2204 if (bh->inreq) {
2205 usb_ep_free_request(fsg->bulk_in, bh->inreq);
2206 bh->inreq = NULL;
2207 }
2208 if (bh->outreq) {
2209 usb_ep_free_request(fsg->bulk_out, bh->outreq);
2210 bh->outreq = NULL;
2211 }
2212 }
2213
2214
2215 if (fsg->bulk_in_enabled) {
2216 usb_ep_disable(fsg->bulk_in);
2217 fsg->bulk_in_enabled = 0;
2218 }
2219 if (fsg->bulk_out_enabled) {
2220 usb_ep_disable(fsg->bulk_out);
2221 fsg->bulk_out_enabled = 0;
2222 }
2223
2224 common->fsg = NULL;
2225
2226 }
2227
2228 common->running = 0;
2229 if (!new_fsg || rc)
2230 return rc;
2231
2232 common->fsg = new_fsg;
2233 fsg = common->fsg;
2234
2235
2236 d = fsg_ep_desc(common->gadget,
2237 &fsg_fs_bulk_in_desc, &fsg_hs_bulk_in_desc);
2238 rc = enable_endpoint(common, fsg->bulk_in, d);
2239 if (rc)
2240 goto reset;
2241 fsg->bulk_in_enabled = 1;
2242
2243 d = fsg_ep_desc(common->gadget,
2244 &fsg_fs_bulk_out_desc, &fsg_hs_bulk_out_desc);
2245 rc = enable_endpoint(common, fsg->bulk_out, d);
2246 if (rc)
2247 goto reset;
2248 fsg->bulk_out_enabled = 1;
2249 common->bulk_out_maxpacket =
2250 le16_to_cpu(get_unaligned(&d->wMaxPacketSize));
2251 clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2252
2253
2254 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2255 struct fsg_buffhd *bh = &common->buffhds[i];
2256
2257 rc = alloc_request(common, fsg->bulk_in, &bh->inreq);
2258 if (rc)
2259 goto reset;
2260 rc = alloc_request(common, fsg->bulk_out, &bh->outreq);
2261 if (rc)
2262 goto reset;
2263 bh->inreq->buf = bh->outreq->buf = bh->buf;
2264 bh->inreq->context = bh->outreq->context = bh;
2265 bh->inreq->complete = bulk_in_complete;
2266 bh->outreq->complete = bulk_out_complete;
2267 }
2268
2269 common->running = 1;
2270
2271 return rc;
2272}
2273
2274
2275
2276
2277
2278static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
2279{
2280 struct fsg_dev *fsg = fsg_from_func(f);
2281 fsg->common->new_fsg = fsg;
2282 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2283 return 0;
2284}
2285
2286static void fsg_disable(struct usb_function *f)
2287{
2288 struct fsg_dev *fsg = fsg_from_func(f);
2289 fsg->common->new_fsg = NULL;
2290 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2291}
2292
2293
2294
2295static void handle_exception(struct fsg_common *common)
2296{
2297 int i;
2298 struct fsg_buffhd *bh;
2299 enum fsg_state old_state;
2300 struct fsg_lun *curlun;
2301 unsigned int exception_req_tag;
2302
2303
2304 if (common->fsg) {
2305 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2306 bh = &common->buffhds[i];
2307 if (bh->inreq_busy)
2308 usb_ep_dequeue(common->fsg->bulk_in, bh->inreq);
2309 if (bh->outreq_busy)
2310 usb_ep_dequeue(common->fsg->bulk_out,
2311 bh->outreq);
2312 }
2313
2314
2315 for (;;) {
2316 int num_active = 0;
2317 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2318 bh = &common->buffhds[i];
2319 num_active += bh->inreq_busy + bh->outreq_busy;
2320 }
2321 if (num_active == 0)
2322 break;
2323 if (sleep_thread(common))
2324 return;
2325 }
2326
2327
2328 if (common->fsg->bulk_in_enabled)
2329 usb_ep_fifo_flush(common->fsg->bulk_in);
2330 if (common->fsg->bulk_out_enabled)
2331 usb_ep_fifo_flush(common->fsg->bulk_out);
2332 }
2333
2334
2335
2336
2337 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2338 bh = &common->buffhds[i];
2339 bh->state = BUF_STATE_EMPTY;
2340 }
2341 common->next_buffhd_to_fill = &common->buffhds[0];
2342 common->next_buffhd_to_drain = &common->buffhds[0];
2343 exception_req_tag = common->exception_req_tag;
2344 old_state = common->state;
2345
2346 if (old_state == FSG_STATE_ABORT_BULK_OUT)
2347 common->state = FSG_STATE_STATUS_PHASE;
2348 else {
2349 for (i = 0; i < common->nluns; ++i) {
2350 curlun = &common->luns[i];
2351 curlun->sense_data = SS_NO_SENSE;
2352 curlun->info_valid = 0;
2353 }
2354 common->state = FSG_STATE_IDLE;
2355 }
2356
2357
2358 switch (old_state) {
2359 case FSG_STATE_ABORT_BULK_OUT:
2360 send_status(common);
2361
2362 if (common->state == FSG_STATE_STATUS_PHASE)
2363 common->state = FSG_STATE_IDLE;
2364 break;
2365
2366 case FSG_STATE_RESET:
2367
2368
2369
2370 if (!fsg_is_set(common))
2371 break;
2372 if (test_and_clear_bit(IGNORE_BULK_OUT,
2373 &common->fsg->atomic_bitflags))
2374 usb_ep_clear_halt(common->fsg->bulk_in);
2375
2376 if (common->ep0_req_tag == exception_req_tag)
2377 ep0_queue(common);
2378
2379 break;
2380
2381 case FSG_STATE_CONFIG_CHANGE:
2382 do_set_interface(common, common->new_fsg);
2383 break;
2384
2385 case FSG_STATE_EXIT:
2386 case FSG_STATE_TERMINATED:
2387 do_set_interface(common, NULL);
2388 common->state = FSG_STATE_TERMINATED;
2389 break;
2390
2391 case FSG_STATE_INTERFACE_CHANGE:
2392 case FSG_STATE_DISCONNECT:
2393 case FSG_STATE_COMMAND_PHASE:
2394 case FSG_STATE_DATA_PHASE:
2395 case FSG_STATE_STATUS_PHASE:
2396 case FSG_STATE_IDLE:
2397 break;
2398 }
2399}
2400
2401
2402
2403int fsg_main_thread(void *common_)
2404{
2405 int ret;
2406 struct fsg_common *common = the_fsg_common;
2407
2408 do {
2409 if (exception_in_progress(common)) {
2410 handle_exception(common);
2411 continue;
2412 }
2413
2414 if (!common->running) {
2415 ret = sleep_thread(common);
2416 if (ret)
2417 return ret;
2418
2419 continue;
2420 }
2421
2422 ret = get_next_command(common);
2423 if (ret)
2424 return ret;
2425
2426 if (!exception_in_progress(common))
2427 common->state = FSG_STATE_DATA_PHASE;
2428
2429 if (do_scsi_command(common) || finish_reply(common))
2430 continue;
2431
2432 if (!exception_in_progress(common))
2433 common->state = FSG_STATE_STATUS_PHASE;
2434
2435 if (send_status(common))
2436 continue;
2437
2438 if (!exception_in_progress(common))
2439 common->state = FSG_STATE_IDLE;
2440 } while (0);
2441
2442 common->thread_task = NULL;
2443
2444 return 0;
2445}
2446
2447static void fsg_common_release(struct kref *ref);
2448
2449static struct fsg_common *fsg_common_init(struct fsg_common *common,
2450 struct usb_composite_dev *cdev)
2451{
2452 struct usb_gadget *gadget = cdev->gadget;
2453 struct fsg_buffhd *bh;
2454 struct fsg_lun *curlun;
2455 int nluns, i, rc;
2456
2457
2458 nluns = 1;
2459 if (nluns < 1 || nluns > FSG_MAX_LUNS) {
2460 printf("invalid number of LUNs: %u\n", nluns);
2461 return ERR_PTR(-EINVAL);
2462 }
2463
2464
2465 if (!common) {
2466 common = calloc(sizeof(*common), 1);
2467 if (!common)
2468 return ERR_PTR(-ENOMEM);
2469 common->free_storage_on_release = 1;
2470 } else {
2471 memset(common, 0, sizeof(*common));
2472 common->free_storage_on_release = 0;
2473 }
2474
2475 common->ops = NULL;
2476 common->private_data = NULL;
2477
2478 common->gadget = gadget;
2479 common->ep0 = gadget->ep0;
2480 common->ep0req = cdev->req;
2481
2482
2483 if (fsg_strings[FSG_STRING_INTERFACE].id == 0) {
2484 rc = usb_string_id(cdev);
2485 if (unlikely(rc < 0))
2486 goto error_release;
2487 fsg_strings[FSG_STRING_INTERFACE].id = rc;
2488 fsg_intf_desc.iInterface = rc;
2489 }
2490
2491
2492
2493 curlun = calloc(nluns, sizeof *curlun);
2494 if (!curlun) {
2495 rc = -ENOMEM;
2496 goto error_release;
2497 }
2498 common->nluns = nluns;
2499
2500 for (i = 0; i < nluns; i++) {
2501 common->luns[i].removable = 1;
2502
2503 rc = fsg_lun_open(&common->luns[i], "");
2504 if (rc)
2505 goto error_luns;
2506 }
2507 common->lun = 0;
2508
2509
2510 bh = common->buffhds;
2511
2512 i = FSG_NUM_BUFFERS;
2513 goto buffhds_first_it;
2514 do {
2515 bh->next = bh + 1;
2516 ++bh;
2517buffhds_first_it:
2518 bh->inreq_busy = 0;
2519 bh->outreq_busy = 0;
2520 bh->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, FSG_BUFLEN);
2521 if (unlikely(!bh->buf)) {
2522 rc = -ENOMEM;
2523 goto error_release;
2524 }
2525 } while (--i);
2526 bh->next = common->buffhds;
2527
2528 snprintf(common->inquiry_string, sizeof common->inquiry_string,
2529 "%-8s%-16s%04x",
2530 "Linux ",
2531 "File-Store Gadget",
2532 0xffff);
2533
2534
2535
2536
2537
2538
2539
2540 common->thread_task =
2541 kthread_create(fsg_main_thread, common,
2542 OR(cfg->thread_name, "file-storage"));
2543 if (IS_ERR(common->thread_task)) {
2544 rc = PTR_ERR(common->thread_task);
2545 goto error_release;
2546 }
2547
2548#undef OR
2549
2550 INFO(common, FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n");
2551 INFO(common, "Number of LUNs=%d\n", common->nluns);
2552
2553 return common;
2554
2555error_luns:
2556 common->nluns = i + 1;
2557error_release:
2558 common->state = FSG_STATE_TERMINATED;
2559
2560
2561 fsg_common_release(&common->ref);
2562 return ERR_PTR(rc);
2563}
2564
2565static void fsg_common_release(struct kref *ref)
2566{
2567 struct fsg_common *common = container_of(ref, struct fsg_common, ref);
2568
2569
2570 if (common->state != FSG_STATE_TERMINATED) {
2571 raise_exception(common, FSG_STATE_EXIT);
2572 wait_for_completion(&common->thread_notifier);
2573 }
2574
2575 if (likely(common->luns)) {
2576 struct fsg_lun *lun = common->luns;
2577 unsigned i = common->nluns;
2578
2579
2580 for (; i; --i, ++lun)
2581 fsg_lun_close(lun);
2582
2583 kfree(common->luns);
2584 }
2585
2586 {
2587 struct fsg_buffhd *bh = common->buffhds;
2588 unsigned i = FSG_NUM_BUFFERS;
2589 do {
2590 kfree(bh->buf);
2591 } while (++bh, --i);
2592 }
2593
2594 if (common->free_storage_on_release)
2595 kfree(common);
2596}
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613struct usb_descriptor_header **
2614usb_copy_descriptors(struct usb_descriptor_header **src)
2615{
2616 struct usb_descriptor_header **tmp;
2617 unsigned bytes;
2618 unsigned n_desc;
2619 void *mem;
2620 struct usb_descriptor_header **ret;
2621
2622
2623 for (bytes = 0, n_desc = 0, tmp = src; *tmp; tmp++, n_desc++)
2624 bytes += (*tmp)->bLength;
2625 bytes += (n_desc + 1) * sizeof(*tmp);
2626
2627 mem = memalign(CONFIG_SYS_CACHELINE_SIZE, bytes);
2628 if (!mem)
2629 return NULL;
2630
2631
2632
2633
2634
2635 tmp = mem;
2636 ret = mem;
2637 mem += (n_desc + 1) * sizeof(*tmp);
2638 while (*src) {
2639 memcpy(mem, *src, (*src)->bLength);
2640 *tmp = mem;
2641 tmp++;
2642 mem += (*src)->bLength;
2643 src++;
2644 }
2645 *tmp = NULL;
2646
2647 return ret;
2648}
2649
2650static void fsg_unbind(struct usb_configuration *c, struct usb_function *f)
2651{
2652 struct fsg_dev *fsg = fsg_from_func(f);
2653
2654 DBG(fsg, "unbind\n");
2655 if (fsg->common->fsg == fsg) {
2656 fsg->common->new_fsg = NULL;
2657 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2658 }
2659
2660 free(fsg->function.descriptors);
2661 free(fsg->function.hs_descriptors);
2662 kfree(fsg);
2663}
2664
2665static int fsg_bind(struct usb_configuration *c, struct usb_function *f)
2666{
2667 struct fsg_dev *fsg = fsg_from_func(f);
2668 struct usb_gadget *gadget = c->cdev->gadget;
2669 int i;
2670 struct usb_ep *ep;
2671 fsg->gadget = gadget;
2672
2673
2674 i = usb_interface_id(c, f);
2675 if (i < 0)
2676 return i;
2677 fsg_intf_desc.bInterfaceNumber = i;
2678 fsg->interface_number = i;
2679
2680
2681 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc);
2682 if (!ep)
2683 goto autoconf_fail;
2684 ep->driver_data = fsg->common;
2685 fsg->bulk_in = ep;
2686
2687 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc);
2688 if (!ep)
2689 goto autoconf_fail;
2690 ep->driver_data = fsg->common;
2691 fsg->bulk_out = ep;
2692
2693
2694 f->descriptors = usb_copy_descriptors(fsg_fs_function);
2695 if (unlikely(!f->descriptors))
2696 return -ENOMEM;
2697
2698 if (gadget_is_dualspeed(gadget)) {
2699
2700 fsg_hs_bulk_in_desc.bEndpointAddress =
2701 fsg_fs_bulk_in_desc.bEndpointAddress;
2702 fsg_hs_bulk_out_desc.bEndpointAddress =
2703 fsg_fs_bulk_out_desc.bEndpointAddress;
2704 f->hs_descriptors = usb_copy_descriptors(fsg_hs_function);
2705 if (unlikely(!f->hs_descriptors)) {
2706 free(f->descriptors);
2707 return -ENOMEM;
2708 }
2709 }
2710 return 0;
2711
2712autoconf_fail:
2713 ERROR(fsg, "unable to autoconfigure all endpoints\n");
2714 return -ENOTSUPP;
2715}
2716
2717
2718
2719
2720static struct usb_gadget_strings *fsg_strings_array[] = {
2721 &fsg_stringtab,
2722 NULL,
2723};
2724
2725static int fsg_bind_config(struct usb_composite_dev *cdev,
2726 struct usb_configuration *c,
2727 struct fsg_common *common)
2728{
2729 struct fsg_dev *fsg;
2730 int rc;
2731
2732 fsg = calloc(1, sizeof *fsg);
2733 if (!fsg)
2734 return -ENOMEM;
2735 fsg->function.name = FSG_DRIVER_DESC;
2736 fsg->function.strings = fsg_strings_array;
2737 fsg->function.bind = fsg_bind;
2738 fsg->function.unbind = fsg_unbind;
2739 fsg->function.setup = fsg_setup;
2740 fsg->function.set_alt = fsg_set_alt;
2741 fsg->function.disable = fsg_disable;
2742
2743 fsg->common = common;
2744 common->fsg = fsg;
2745
2746
2747
2748
2749
2750
2751 rc = usb_add_function(c, &fsg->function);
2752
2753 if (rc)
2754 kfree(fsg);
2755
2756 return rc;
2757}
2758
2759int fsg_add(struct usb_configuration *c)
2760{
2761 struct fsg_common *fsg_common;
2762
2763 fsg_common = fsg_common_init(NULL, c->cdev);
2764
2765 fsg_common->vendor_name = 0;
2766 fsg_common->product_name = 0;
2767 fsg_common->release = 0xffff;
2768
2769 fsg_common->ops = NULL;
2770 fsg_common->private_data = NULL;
2771
2772 the_fsg_common = fsg_common;
2773
2774 return fsg_bind_config(c->cdev, c, fsg_common);
2775}
2776
2777int fsg_init(struct ums *ums_dev)
2778{
2779 ums = ums_dev;
2780
2781 return 0;
2782}
2783
2784DECLARE_GADGET_BIND_CALLBACK(usb_dnl_ums, fsg_add);
2785
