1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243#include <config.h>
244#include <malloc.h>
245#include <common.h>
246#include <console.h>
247#include <g_dnl.h>
248
249#include <linux/err.h>
250#include <linux/usb/ch9.h>
251#include <linux/usb/gadget.h>
252#include <usb_mass_storage.h>
253
254#include <asm/unaligned.h>
255#include <linux/usb/gadget.h>
256#include <linux/usb/gadget.h>
257#include <linux/usb/composite.h>
258#include <usb/lin_gadget_compat.h>
259#include <g_dnl.h>
260
261
262
263#define FSG_DRIVER_DESC "Mass Storage Function"
264#define FSG_DRIVER_VERSION "2012/06/5"
265
266static const char fsg_string_interface[] = "Mass Storage";
267
268#define FSG_NO_INTR_EP 1
269#define FSG_NO_DEVICE_STRINGS 1
270#define FSG_NO_OTG 1
271#define FSG_NO_INTR_EP 1
272
273#include "storage_common.c"
274
275
276
277#define GFP_ATOMIC ((gfp_t) 0)
278#define PAGE_CACHE_SHIFT 12
279#define PAGE_CACHE_SIZE (1 << PAGE_CACHE_SHIFT)
280#define kthread_create(...) __builtin_return_address(0)
281#define wait_for_completion(...) do {} while (0)
282
283struct kref {int x; };
284struct completion {int x; };
285
286inline void set_bit(int nr, volatile void *addr)
287{
288 int mask;
289 unsigned int *a = (unsigned int *) addr;
290
291 a += nr >> 5;
292 mask = 1 << (nr & 0x1f);
293 *a |= mask;
294}
295
296inline void clear_bit(int nr, volatile void *addr)
297{
298 int mask;
299 unsigned int *a = (unsigned int *) addr;
300
301 a += nr >> 5;
302 mask = 1 << (nr & 0x1f);
303 *a &= ~mask;
304}
305
306struct fsg_dev;
307struct fsg_common;
308
309
310struct fsg_common {
311 struct usb_gadget *gadget;
312 struct fsg_dev *fsg, *new_fsg;
313
314 struct usb_ep *ep0;
315 struct usb_request *ep0req;
316 unsigned int ep0_req_tag;
317
318 struct fsg_buffhd *next_buffhd_to_fill;
319 struct fsg_buffhd *next_buffhd_to_drain;
320 struct fsg_buffhd buffhds[FSG_NUM_BUFFERS];
321
322 int cmnd_size;
323 u8 cmnd[MAX_COMMAND_SIZE];
324
325 unsigned int nluns;
326 unsigned int lun;
327 struct fsg_lun luns[FSG_MAX_LUNS];
328
329 unsigned int bulk_out_maxpacket;
330 enum fsg_state state;
331 unsigned int exception_req_tag;
332
333 enum data_direction data_dir;
334 u32 data_size;
335 u32 data_size_from_cmnd;
336 u32 tag;
337 u32 residue;
338 u32 usb_amount_left;
339
340 unsigned int can_stall:1;
341 unsigned int free_storage_on_release:1;
342 unsigned int phase_error:1;
343 unsigned int short_packet_received:1;
344 unsigned int bad_lun_okay:1;
345 unsigned int running:1;
346
347 int thread_wakeup_needed;
348 struct completion thread_notifier;
349 struct task_struct *thread_task;
350
351
352 const struct fsg_operations *ops;
353
354 void *private_data;
355
356 const char *vendor_name;
357 const char *product_name;
358 u16 release;
359
360
361
362 char inquiry_string[8 + 16 + 4 + 1];
363
364 struct kref ref;
365};
366
367struct fsg_config {
368 unsigned nluns;
369 struct fsg_lun_config {
370 const char *filename;
371 char ro;
372 char removable;
373 char cdrom;
374 char nofua;
375 } luns[FSG_MAX_LUNS];
376
377
378 const struct fsg_operations *ops;
379
380 void *private_data;
381
382 const char *vendor_name;
383 const char *product_name;
384
385 char can_stall;
386};
387
388struct fsg_dev {
389 struct usb_function function;
390 struct usb_gadget *gadget;
391 struct fsg_common *common;
392
393 u16 interface_number;
394
395 unsigned int bulk_in_enabled:1;
396 unsigned int bulk_out_enabled:1;
397
398 unsigned long atomic_bitflags;
399#define IGNORE_BULK_OUT 0
400
401 struct usb_ep *bulk_in;
402 struct usb_ep *bulk_out;
403};
404
405
406static inline int __fsg_is_set(struct fsg_common *common,
407 const char *func, unsigned line)
408{
409 if (common->fsg)
410 return 1;
411 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line);
412 WARN_ON(1);
413 return 0;
414}
415
416#define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__))
417
418
419static inline struct fsg_dev *fsg_from_func(struct usb_function *f)
420{
421 return container_of(f, struct fsg_dev, function);
422}
423
424
425typedef void (*fsg_routine_t)(struct fsg_dev *);
426
427static int exception_in_progress(struct fsg_common *common)
428{
429 return common->state > FSG_STATE_IDLE;
430}
431
432
433static void set_bulk_out_req_length(struct fsg_common *common,
434 struct fsg_buffhd *bh, unsigned int length)
435{
436 unsigned int rem;
437
438 bh->bulk_out_intended_length = length;
439 rem = length % common->bulk_out_maxpacket;
440 if (rem > 0)
441 length += common->bulk_out_maxpacket - rem;
442 bh->outreq->length = length;
443}
444
445
446
447static struct ums *ums;
448static int ums_count;
449static struct fsg_common *the_fsg_common;
450
451static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
452{
453 const char *name;
454
455 if (ep == fsg->bulk_in)
456 name = "bulk-in";
457 else if (ep == fsg->bulk_out)
458 name = "bulk-out";
459 else
460 name = ep->name;
461 DBG(fsg, "%s set halt\n", name);
462 return usb_ep_set_halt(ep);
463}
464
465
466
467
468
469
470static void wakeup_thread(struct fsg_common *common)
471{
472 common->thread_wakeup_needed = 1;
473}
474
475static void raise_exception(struct fsg_common *common, enum fsg_state new_state)
476{
477
478
479
480 if (common->state <= new_state) {
481 common->exception_req_tag = common->ep0_req_tag;
482 common->state = new_state;
483 common->thread_wakeup_needed = 1;
484 }
485}
486
487
488
489static int ep0_queue(struct fsg_common *common)
490{
491 int rc;
492
493 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC);
494 common->ep0->driver_data = common;
495 if (rc != 0 && rc != -ESHUTDOWN) {
496
497 WARNING(common, "error in submission: %s --> %d\n",
498 common->ep0->name, rc);
499 }
500 return rc;
501}
502
503
504
505
506
507
508static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
509{
510 struct fsg_common *common = ep->driver_data;
511 struct fsg_buffhd *bh = req->context;
512
513 if (req->status || req->actual != req->length)
514 DBG(common, "%s --> %d, %u/%u\n", __func__,
515 req->status, req->actual, req->length);
516 if (req->status == -ECONNRESET)
517 usb_ep_fifo_flush(ep);
518
519
520 bh->inreq_busy = 0;
521 bh->state = BUF_STATE_EMPTY;
522 wakeup_thread(common);
523}
524
525static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
526{
527 struct fsg_common *common = ep->driver_data;
528 struct fsg_buffhd *bh = req->context;
529
530 dump_msg(common, "bulk-out", req->buf, req->actual);
531 if (req->status || req->actual != bh->bulk_out_intended_length)
532 DBG(common, "%s --> %d, %u/%u\n", __func__,
533 req->status, req->actual,
534 bh->bulk_out_intended_length);
535 if (req->status == -ECONNRESET)
536 usb_ep_fifo_flush(ep);
537
538
539 bh->outreq_busy = 0;
540 bh->state = BUF_STATE_FULL;
541 wakeup_thread(common);
542}
543
544
545
546
547
548static int fsg_setup(struct usb_function *f,
549 const struct usb_ctrlrequest *ctrl)
550{
551 struct fsg_dev *fsg = fsg_from_func(f);
552 struct usb_request *req = fsg->common->ep0req;
553 u16 w_index = get_unaligned_le16(&ctrl->wIndex);
554 u16 w_value = get_unaligned_le16(&ctrl->wValue);
555 u16 w_length = get_unaligned_le16(&ctrl->wLength);
556
557 if (!fsg_is_set(fsg->common))
558 return -EOPNOTSUPP;
559
560 switch (ctrl->bRequest) {
561
562 case USB_BULK_RESET_REQUEST:
563 if (ctrl->bRequestType !=
564 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
565 break;
566 if (w_index != fsg->interface_number || w_value != 0)
567 return -EDOM;
568
569
570
571 DBG(fsg, "bulk reset request\n");
572 raise_exception(fsg->common, FSG_STATE_RESET);
573 return DELAYED_STATUS;
574
575 case USB_BULK_GET_MAX_LUN_REQUEST:
576 if (ctrl->bRequestType !=
577 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
578 break;
579 if (w_index != fsg->interface_number || w_value != 0)
580 return -EDOM;
581 VDBG(fsg, "get max LUN\n");
582 *(u8 *) req->buf = fsg->common->nluns - 1;
583
584
585 req->length = min((u16)1, w_length);
586 return ep0_queue(fsg->common);
587 }
588
589 VDBG(fsg,
590 "unknown class-specific control req "
591 "%02x.%02x v%04x i%04x l%u\n",
592 ctrl->bRequestType, ctrl->bRequest,
593 get_unaligned_le16(&ctrl->wValue), w_index, w_length);
594 return -EOPNOTSUPP;
595}
596
597
598
599
600
601
602static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
603 struct usb_request *req, int *pbusy,
604 enum fsg_buffer_state *state)
605{
606 int rc;
607
608 if (ep == fsg->bulk_in)
609 dump_msg(fsg, "bulk-in", req->buf, req->length);
610
611 *pbusy = 1;
612 *state = BUF_STATE_BUSY;
613 rc = usb_ep_queue(ep, req, GFP_KERNEL);
614 if (rc != 0) {
615 *pbusy = 0;
616 *state = BUF_STATE_EMPTY;
617
618
619
620
621
622 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP &&
623 req->length == 0))
624 WARNING(fsg, "error in submission: %s --> %d\n",
625 ep->name, rc);
626 }
627}
628
629#define START_TRANSFER_OR(common, ep_name, req, pbusy, state) \
630 if (fsg_is_set(common)) \
631 start_transfer((common)->fsg, (common)->fsg->ep_name, \
632 req, pbusy, state); \
633 else
634
635#define START_TRANSFER(common, ep_name, req, pbusy, state) \
636 START_TRANSFER_OR(common, ep_name, req, pbusy, state) (void)0
637
638static void busy_indicator(void)
639{
640 static int state;
641
642 switch (state) {
643 case 0:
644 puts("\r|"); break;
645 case 1:
646 puts("\r/"); break;
647 case 2:
648 puts("\r-"); break;
649 case 3:
650 puts("\r\\"); break;
651 case 4:
652 puts("\r|"); break;
653 case 5:
654 puts("\r/"); break;
655 case 6:
656 puts("\r-"); break;
657 case 7:
658 puts("\r\\"); break;
659 default:
660 state = 0;
661 }
662 if (state++ == 8)
663 state = 0;
664}
665
666static int sleep_thread(struct fsg_common *common)
667{
668 int rc = 0;
669 int i = 0, k = 0;
670
671
672 for (;;) {
673 if (common->thread_wakeup_needed)
674 break;
675
676 if (++i == 20000) {
677 busy_indicator();
678 i = 0;
679 k++;
680 }
681
682 if (k == 10) {
683
684 if (ctrlc())
685 return -EPIPE;
686
687
688 if (!g_dnl_board_usb_cable_connected())
689 return -EIO;
690
691 k = 0;
692 }
693
694 usb_gadget_handle_interrupts(0);
695 }
696 common->thread_wakeup_needed = 0;
697 return rc;
698}
699
700
701
702static int do_read(struct fsg_common *common)
703{
704 struct fsg_lun *curlun = &common->luns[common->lun];
705 u32 lba;
706 struct fsg_buffhd *bh;
707 int rc;
708 u32 amount_left;
709 loff_t file_offset;
710 unsigned int amount;
711 unsigned int partial_page;
712 ssize_t nread;
713
714
715
716 if (common->cmnd[0] == SC_READ_6)
717 lba = get_unaligned_be24(&common->cmnd[1]);
718 else {
719 lba = get_unaligned_be32(&common->cmnd[2]);
720
721
722
723
724 if ((common->cmnd[1] & ~0x18) != 0) {
725 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
726 return -EINVAL;
727 }
728 }
729 if (lba >= curlun->num_sectors) {
730 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
731 return -EINVAL;
732 }
733 file_offset = ((loff_t) lba) << 9;
734
735
736 amount_left = common->data_size_from_cmnd;
737 if (unlikely(amount_left == 0))
738 return -EIO;
739
740 for (;;) {
741
742
743
744
745
746
747
748
749
750 amount = min(amount_left, FSG_BUFLEN);
751 partial_page = file_offset & (PAGE_CACHE_SIZE - 1);
752 if (partial_page > 0)
753 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE -
754 partial_page);
755
756
757 bh = common->next_buffhd_to_fill;
758 while (bh->state != BUF_STATE_EMPTY) {
759 rc = sleep_thread(common);
760 if (rc)
761 return rc;
762 }
763
764
765
766 if (amount == 0) {
767 curlun->sense_data =
768 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
769 curlun->info_valid = 1;
770 bh->inreq->length = 0;
771 bh->state = BUF_STATE_FULL;
772 break;
773 }
774
775
776 rc = ums[common->lun].read_sector(&ums[common->lun],
777 file_offset / SECTOR_SIZE,
778 amount / SECTOR_SIZE,
779 (char __user *)bh->buf);
780 if (!rc)
781 return -EIO;
782
783 nread = rc * SECTOR_SIZE;
784
785 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
786 (unsigned long long) file_offset,
787 (int) nread);
788
789 if (nread < 0) {
790 LDBG(curlun, "error in file read: %d\n",
791 (int) nread);
792 nread = 0;
793 } else if (nread < amount) {
794 LDBG(curlun, "partial file read: %d/%u\n",
795 (int) nread, amount);
796 nread -= (nread & 511);
797 }
798 file_offset += nread;
799 amount_left -= nread;
800 common->residue -= nread;
801 bh->inreq->length = nread;
802 bh->state = BUF_STATE_FULL;
803
804
805 if (nread < amount) {
806 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
807 curlun->info_valid = 1;
808 break;
809 }
810
811 if (amount_left == 0)
812 break;
813
814
815 bh->inreq->zero = 0;
816 START_TRANSFER_OR(common, bulk_in, bh->inreq,
817 &bh->inreq_busy, &bh->state)
818
819
820 return -EIO;
821 common->next_buffhd_to_fill = bh->next;
822 }
823
824 return -EIO;
825}
826
827
828
829static int do_write(struct fsg_common *common)
830{
831 struct fsg_lun *curlun = &common->luns[common->lun];
832 u32 lba;
833 struct fsg_buffhd *bh;
834 int get_some_more;
835 u32 amount_left_to_req, amount_left_to_write;
836 loff_t usb_offset, file_offset;
837 unsigned int amount;
838 unsigned int partial_page;
839 ssize_t nwritten;
840 int rc;
841
842 if (curlun->ro) {
843 curlun->sense_data = SS_WRITE_PROTECTED;
844 return -EINVAL;
845 }
846
847
848
849 if (common->cmnd[0] == SC_WRITE_6)
850 lba = get_unaligned_be24(&common->cmnd[1]);
851 else {
852 lba = get_unaligned_be32(&common->cmnd[2]);
853
854
855
856
857
858 if (common->cmnd[1] & ~0x18) {
859 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
860 return -EINVAL;
861 }
862 }
863 if (lba >= curlun->num_sectors) {
864 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
865 return -EINVAL;
866 }
867
868
869 get_some_more = 1;
870 file_offset = usb_offset = ((loff_t) lba) << 9;
871 amount_left_to_req = common->data_size_from_cmnd;
872 amount_left_to_write = common->data_size_from_cmnd;
873
874 while (amount_left_to_write > 0) {
875
876
877 bh = common->next_buffhd_to_fill;
878 if (bh->state == BUF_STATE_EMPTY && get_some_more) {
879
880
881
882
883
884
885
886
887
888
889 amount = min(amount_left_to_req, FSG_BUFLEN);
890 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1);
891 if (partial_page > 0)
892 amount = min(amount,
893 (unsigned int) PAGE_CACHE_SIZE - partial_page);
894
895 if (amount == 0) {
896 get_some_more = 0;
897 curlun->sense_data =
898 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
899 curlun->info_valid = 1;
900 continue;
901 }
902 amount -= (amount & 511);
903 if (amount == 0) {
904
905
906
907 get_some_more = 0;
908 continue;
909 }
910
911
912 usb_offset += amount;
913 common->usb_amount_left -= amount;
914 amount_left_to_req -= amount;
915 if (amount_left_to_req == 0)
916 get_some_more = 0;
917
918
919
920 bh->outreq->length = amount;
921 bh->bulk_out_intended_length = amount;
922 bh->outreq->short_not_ok = 1;
923 START_TRANSFER_OR(common, bulk_out, bh->outreq,
924 &bh->outreq_busy, &bh->state)
925
926
927 return -EIO;
928 common->next_buffhd_to_fill = bh->next;
929 continue;
930 }
931
932
933 bh = common->next_buffhd_to_drain;
934 if (bh->state == BUF_STATE_EMPTY && !get_some_more)
935 break;
936 if (bh->state == BUF_STATE_FULL) {
937 common->next_buffhd_to_drain = bh->next;
938 bh->state = BUF_STATE_EMPTY;
939
940
941 if (bh->outreq->status != 0) {
942 curlun->sense_data = SS_COMMUNICATION_FAILURE;
943 curlun->info_valid = 1;
944 break;
945 }
946
947 amount = bh->outreq->actual;
948
949
950 rc = ums[common->lun].write_sector(&ums[common->lun],
951 file_offset / SECTOR_SIZE,
952 amount / SECTOR_SIZE,
953 (char __user *)bh->buf);
954 if (!rc)
955 return -EIO;
956 nwritten = rc * SECTOR_SIZE;
957
958 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
959 (unsigned long long) file_offset,
960 (int) nwritten);
961
962 if (nwritten < 0) {
963 LDBG(curlun, "error in file write: %d\n",
964 (int) nwritten);
965 nwritten = 0;
966 } else if (nwritten < amount) {
967 LDBG(curlun, "partial file write: %d/%u\n",
968 (int) nwritten, amount);
969 nwritten -= (nwritten & 511);
970
971 }
972 file_offset += nwritten;
973 amount_left_to_write -= nwritten;
974 common->residue -= nwritten;
975
976
977 if (nwritten < amount) {
978 printf("nwritten:%zd amount:%u\n", nwritten,
979 amount);
980 curlun->sense_data = SS_WRITE_ERROR;
981 curlun->info_valid = 1;
982 break;
983 }
984
985
986 if (bh->outreq->actual != bh->outreq->length) {
987 common->short_packet_received = 1;
988 break;
989 }
990 continue;
991 }
992
993
994 rc = sleep_thread(common);
995 if (rc)
996 return rc;
997 }
998
999 return -EIO;
1000}
1001
1002
1003
1004static int do_synchronize_cache(struct fsg_common *common)
1005{
1006 return 0;
1007}
1008
1009
1010
1011static int do_verify(struct fsg_common *common)
1012{
1013 struct fsg_lun *curlun = &common->luns[common->lun];
1014 u32 lba;
1015 u32 verification_length;
1016 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1017 loff_t file_offset;
1018 u32 amount_left;
1019 unsigned int amount;
1020 ssize_t nread;
1021 int rc;
1022
1023
1024
1025 lba = get_unaligned_be32(&common->cmnd[2]);
1026 if (lba >= curlun->num_sectors) {
1027 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1028 return -EINVAL;
1029 }
1030
1031
1032
1033 if (common->cmnd[1] & ~0x10) {
1034 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1035 return -EINVAL;
1036 }
1037
1038 verification_length = get_unaligned_be16(&common->cmnd[7]);
1039 if (unlikely(verification_length == 0))
1040 return -EIO;
1041
1042
1043 amount_left = verification_length << 9;
1044 file_offset = ((loff_t) lba) << 9;
1045
1046
1047
1048
1049 while (amount_left > 0) {
1050
1051
1052
1053
1054
1055
1056
1057 amount = min(amount_left, FSG_BUFLEN);
1058 if (amount == 0) {
1059 curlun->sense_data =
1060 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1061 curlun->info_valid = 1;
1062 break;
1063 }
1064
1065
1066 rc = ums[common->lun].read_sector(&ums[common->lun],
1067 file_offset / SECTOR_SIZE,
1068 amount / SECTOR_SIZE,
1069 (char __user *)bh->buf);
1070 if (!rc)
1071 return -EIO;
1072 nread = rc * SECTOR_SIZE;
1073
1074 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1075 (unsigned long long) file_offset,
1076 (int) nread);
1077 if (nread < 0) {
1078 LDBG(curlun, "error in file verify: %d\n",
1079 (int) nread);
1080 nread = 0;
1081 } else if (nread < amount) {
1082 LDBG(curlun, "partial file verify: %d/%u\n",
1083 (int) nread, amount);
1084 nread -= (nread & 511);
1085 }
1086 if (nread == 0) {
1087 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1088 curlun->info_valid = 1;
1089 break;
1090 }
1091 file_offset += nread;
1092 amount_left -= nread;
1093 }
1094 return 0;
1095}
1096
1097
1098
1099static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh)
1100{
1101 struct fsg_lun *curlun = &common->luns[common->lun];
1102 static const char vendor_id[] = "Linux ";
1103 u8 *buf = (u8 *) bh->buf;
1104
1105 if (!curlun) {
1106 common->bad_lun_okay = 1;
1107 memset(buf, 0, 36);
1108 buf[0] = 0x7f;
1109 buf[4] = 31;
1110 return 36;
1111 }
1112
1113 memset(buf, 0, 8);
1114 buf[0] = TYPE_DISK;
1115 buf[1] = curlun->removable ? 0x80 : 0;
1116 buf[2] = 2;
1117 buf[3] = 2;
1118 buf[4] = 31;
1119
1120 sprintf((char *) (buf + 8), "%-8s%-16s%04x", (char*) vendor_id ,
1121 ums[common->lun].name, (u16) 0xffff);
1122
1123 return 36;
1124}
1125
1126
1127static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1128{
1129 struct fsg_lun *curlun = &common->luns[common->lun];
1130 u8 *buf = (u8 *) bh->buf;
1131 u32 sd, sdinfo;
1132 int valid;
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149#if 0
1150 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
1151 curlun->sense_data = curlun->unit_attention_data;
1152 curlun->unit_attention_data = SS_NO_SENSE;
1153 }
1154#endif
1155
1156 if (!curlun) {
1157 common->bad_lun_okay = 1;
1158 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1159 sdinfo = 0;
1160 valid = 0;
1161 } else {
1162 sd = curlun->sense_data;
1163 valid = curlun->info_valid << 7;
1164 curlun->sense_data = SS_NO_SENSE;
1165 curlun->info_valid = 0;
1166 }
1167
1168 memset(buf, 0, 18);
1169 buf[0] = valid | 0x70;
1170 buf[2] = SK(sd);
1171 put_unaligned_be32(sdinfo, &buf[3]);
1172 buf[7] = 18 - 8;
1173 buf[12] = ASC(sd);
1174 buf[13] = ASCQ(sd);
1175 return 18;
1176}
1177
1178static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh)
1179{
1180 struct fsg_lun *curlun = &common->luns[common->lun];
1181 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1182 int pmi = common->cmnd[8];
1183 u8 *buf = (u8 *) bh->buf;
1184
1185
1186 if (pmi > 1 || (pmi == 0 && lba != 0)) {
1187 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1188 return -EINVAL;
1189 }
1190
1191 put_unaligned_be32(curlun->num_sectors - 1, &buf[0]);
1192
1193 put_unaligned_be32(512, &buf[4]);
1194 return 8;
1195}
1196
1197static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh)
1198{
1199 struct fsg_lun *curlun = &common->luns[common->lun];
1200 int msf = common->cmnd[1] & 0x02;
1201 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1202 u8 *buf = (u8 *) bh->buf;
1203
1204 if (common->cmnd[1] & ~0x02) {
1205 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1206 return -EINVAL;
1207 }
1208 if (lba >= curlun->num_sectors) {
1209 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1210 return -EINVAL;
1211 }
1212
1213 memset(buf, 0, 8);
1214 buf[0] = 0x01;
1215 store_cdrom_address(&buf[4], msf, lba);
1216 return 8;
1217}
1218
1219
1220static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh)
1221{
1222 struct fsg_lun *curlun = &common->luns[common->lun];
1223 int msf = common->cmnd[1] & 0x02;
1224 int start_track = common->cmnd[6];
1225 u8 *buf = (u8 *) bh->buf;
1226
1227 if ((common->cmnd[1] & ~0x02) != 0 ||
1228 start_track > 1) {
1229 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1230 return -EINVAL;
1231 }
1232
1233 memset(buf, 0, 20);
1234 buf[1] = (20-2);
1235 buf[2] = 1;
1236 buf[3] = 1;
1237 buf[5] = 0x16;
1238 buf[6] = 0x01;
1239 store_cdrom_address(&buf[8], msf, 0);
1240
1241 buf[13] = 0x16;
1242 buf[14] = 0xAA;
1243 store_cdrom_address(&buf[16], msf, curlun->num_sectors);
1244
1245 return 20;
1246}
1247
1248static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1249{
1250 struct fsg_lun *curlun = &common->luns[common->lun];
1251 int mscmnd = common->cmnd[0];
1252 u8 *buf = (u8 *) bh->buf;
1253 u8 *buf0 = buf;
1254 int pc, page_code;
1255 int changeable_values, all_pages;
1256 int valid_page = 0;
1257 int len, limit;
1258
1259 if ((common->cmnd[1] & ~0x08) != 0) {
1260 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1261 return -EINVAL;
1262 }
1263 pc = common->cmnd[2] >> 6;
1264 page_code = common->cmnd[2] & 0x3f;
1265 if (pc == 3) {
1266 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1267 return -EINVAL;
1268 }
1269 changeable_values = (pc == 1);
1270 all_pages = (page_code == 0x3f);
1271
1272
1273
1274
1275
1276 memset(buf, 0, 8);
1277 if (mscmnd == SC_MODE_SENSE_6) {
1278 buf[2] = (curlun->ro ? 0x80 : 0x00);
1279 buf += 4;
1280 limit = 255;
1281 } else {
1282 buf[3] = (curlun->ro ? 0x80 : 0x00);
1283 buf += 8;
1284 limit = 65535;
1285 }
1286
1287
1288
1289
1290
1291 if (page_code == 0x08 || all_pages) {
1292 valid_page = 1;
1293 buf[0] = 0x08;
1294 buf[1] = 10;
1295 memset(buf+2, 0, 10);
1296
1297 if (!changeable_values) {
1298 buf[2] = 0x04;
1299
1300
1301 put_unaligned_be16(0xffff, &buf[4]);
1302
1303
1304 put_unaligned_be16(0xffff, &buf[8]);
1305
1306 put_unaligned_be16(0xffff, &buf[10]);
1307
1308 }
1309 buf += 12;
1310 }
1311
1312
1313
1314 len = buf - buf0;
1315 if (!valid_page || len > limit) {
1316 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1317 return -EINVAL;
1318 }
1319
1320
1321 if (mscmnd == SC_MODE_SENSE_6)
1322 buf0[0] = len - 1;
1323 else
1324 put_unaligned_be16(len - 2, buf0);
1325 return len;
1326}
1327
1328
1329static int do_start_stop(struct fsg_common *common)
1330{
1331 struct fsg_lun *curlun = &common->luns[common->lun];
1332
1333 if (!curlun) {
1334 return -EINVAL;
1335 } else if (!curlun->removable) {
1336 curlun->sense_data = SS_INVALID_COMMAND;
1337 return -EINVAL;
1338 }
1339
1340 return 0;
1341}
1342
1343static int do_prevent_allow(struct fsg_common *common)
1344{
1345 struct fsg_lun *curlun = &common->luns[common->lun];
1346 int prevent;
1347
1348 if (!curlun->removable) {
1349 curlun->sense_data = SS_INVALID_COMMAND;
1350 return -EINVAL;
1351 }
1352
1353 prevent = common->cmnd[4] & 0x01;
1354 if ((common->cmnd[4] & ~0x01) != 0) {
1355 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1356 return -EINVAL;
1357 }
1358
1359 if (curlun->prevent_medium_removal && !prevent)
1360 fsg_lun_fsync_sub(curlun);
1361 curlun->prevent_medium_removal = prevent;
1362 return 0;
1363}
1364
1365
1366static int do_read_format_capacities(struct fsg_common *common,
1367 struct fsg_buffhd *bh)
1368{
1369 struct fsg_lun *curlun = &common->luns[common->lun];
1370 u8 *buf = (u8 *) bh->buf;
1371
1372 buf[0] = buf[1] = buf[2] = 0;
1373 buf[3] = 8;
1374 buf += 4;
1375
1376 put_unaligned_be32(curlun->num_sectors, &buf[0]);
1377
1378 put_unaligned_be32(512, &buf[4]);
1379 buf[4] = 0x02;
1380 return 12;
1381}
1382
1383
1384static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh)
1385{
1386 struct fsg_lun *curlun = &common->luns[common->lun];
1387
1388
1389 if (curlun)
1390 curlun->sense_data = SS_INVALID_COMMAND;
1391 return -EINVAL;
1392}
1393
1394
1395
1396
1397static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
1398{
1399 int rc;
1400
1401 rc = fsg_set_halt(fsg, fsg->bulk_in);
1402 if (rc == -EAGAIN)
1403 VDBG(fsg, "delayed bulk-in endpoint halt\n");
1404 while (rc != 0) {
1405 if (rc != -EAGAIN) {
1406 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc);
1407 rc = 0;
1408 break;
1409 }
1410
1411 rc = usb_ep_set_halt(fsg->bulk_in);
1412 }
1413 return rc;
1414}
1415
1416static int wedge_bulk_in_endpoint(struct fsg_dev *fsg)
1417{
1418 int rc;
1419
1420 DBG(fsg, "bulk-in set wedge\n");
1421 rc = 0;
1422 if (rc == -EAGAIN)
1423 VDBG(fsg, "delayed bulk-in endpoint wedge\n");
1424 while (rc != 0) {
1425 if (rc != -EAGAIN) {
1426 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc);
1427 rc = 0;
1428 break;
1429 }
1430 }
1431 return rc;
1432}
1433
1434static int pad_with_zeros(struct fsg_dev *fsg)
1435{
1436 struct fsg_buffhd *bh = fsg->common->next_buffhd_to_fill;
1437 u32 nkeep = bh->inreq->length;
1438 u32 nsend;
1439 int rc;
1440
1441 bh->state = BUF_STATE_EMPTY;
1442 fsg->common->usb_amount_left = nkeep + fsg->common->residue;
1443 while (fsg->common->usb_amount_left > 0) {
1444
1445
1446 while (bh->state != BUF_STATE_EMPTY) {
1447 rc = sleep_thread(fsg->common);
1448 if (rc)
1449 return rc;
1450 }
1451
1452 nsend = min(fsg->common->usb_amount_left, FSG_BUFLEN);
1453 memset(bh->buf + nkeep, 0, nsend - nkeep);
1454 bh->inreq->length = nsend;
1455 bh->inreq->zero = 0;
1456 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1457 &bh->inreq_busy, &bh->state);
1458 bh = fsg->common->next_buffhd_to_fill = bh->next;
1459 fsg->common->usb_amount_left -= nsend;
1460 nkeep = 0;
1461 }
1462 return 0;
1463}
1464
1465static int throw_away_data(struct fsg_common *common)
1466{
1467 struct fsg_buffhd *bh;
1468 u32 amount;
1469 int rc;
1470
1471 for (bh = common->next_buffhd_to_drain;
1472 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0;
1473 bh = common->next_buffhd_to_drain) {
1474
1475
1476 if (bh->state == BUF_STATE_FULL) {
1477 bh->state = BUF_STATE_EMPTY;
1478 common->next_buffhd_to_drain = bh->next;
1479
1480
1481 if (bh->outreq->actual != bh->outreq->length ||
1482 bh->outreq->status != 0) {
1483 raise_exception(common,
1484 FSG_STATE_ABORT_BULK_OUT);
1485 return -EINTR;
1486 }
1487 continue;
1488 }
1489
1490
1491 bh = common->next_buffhd_to_fill;
1492 if (bh->state == BUF_STATE_EMPTY
1493 && common->usb_amount_left > 0) {
1494 amount = min(common->usb_amount_left, FSG_BUFLEN);
1495
1496
1497
1498 bh->outreq->length = amount;
1499 bh->bulk_out_intended_length = amount;
1500 bh->outreq->short_not_ok = 1;
1501 START_TRANSFER_OR(common, bulk_out, bh->outreq,
1502 &bh->outreq_busy, &bh->state)
1503
1504
1505 return -EIO;
1506 common->next_buffhd_to_fill = bh->next;
1507 common->usb_amount_left -= amount;
1508 continue;
1509 }
1510
1511
1512 rc = sleep_thread(common);
1513 if (rc)
1514 return rc;
1515 }
1516 return 0;
1517}
1518
1519
1520static int finish_reply(struct fsg_common *common)
1521{
1522 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1523 int rc = 0;
1524
1525 switch (common->data_dir) {
1526 case DATA_DIR_NONE:
1527 break;
1528
1529
1530
1531
1532
1533 case DATA_DIR_UNKNOWN:
1534 if (!common->can_stall) {
1535
1536 } else if (fsg_is_set(common)) {
1537 fsg_set_halt(common->fsg, common->fsg->bulk_out);
1538 rc = halt_bulk_in_endpoint(common->fsg);
1539 } else {
1540
1541 rc = -EIO;
1542 }
1543 break;
1544
1545
1546 case DATA_DIR_TO_HOST:
1547 if (common->data_size == 0) {
1548
1549
1550
1551 } else if (common->residue == 0) {
1552 bh->inreq->zero = 0;
1553 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1554 &bh->inreq_busy, &bh->state)
1555 return -EIO;
1556 common->next_buffhd_to_fill = bh->next;
1557
1558
1559
1560
1561 } else if (common->can_stall) {
1562 bh->inreq->zero = 1;
1563 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1564 &bh->inreq_busy, &bh->state)
1565
1566
1567 rc = -EIO;
1568 common->next_buffhd_to_fill = bh->next;
1569 if (common->fsg)
1570 rc = halt_bulk_in_endpoint(common->fsg);
1571 } else if (fsg_is_set(common)) {
1572 rc = pad_with_zeros(common->fsg);
1573 } else {
1574
1575 rc = -EIO;
1576 }
1577 break;
1578
1579
1580
1581 case DATA_DIR_FROM_HOST:
1582 if (common->residue == 0) {
1583
1584
1585
1586 } else if (common->short_packet_received) {
1587 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1588 rc = -EINTR;
1589
1590
1591
1592
1593
1594
1595
1596#if 0
1597 } else if (common->can_stall) {
1598 if (fsg_is_set(common))
1599 fsg_set_halt(common->fsg,
1600 common->fsg->bulk_out);
1601 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1602 rc = -EINTR;
1603#endif
1604
1605
1606
1607 } else {
1608 rc = throw_away_data(common);
1609 }
1610 break;
1611 }
1612 return rc;
1613}
1614
1615
1616static int send_status(struct fsg_common *common)
1617{
1618 struct fsg_lun *curlun = &common->luns[common->lun];
1619 struct fsg_buffhd *bh;
1620 struct bulk_cs_wrap *csw;
1621 int rc;
1622 u8 status = USB_STATUS_PASS;
1623 u32 sd, sdinfo = 0;
1624
1625
1626 bh = common->next_buffhd_to_fill;
1627 while (bh->state != BUF_STATE_EMPTY) {
1628 rc = sleep_thread(common);
1629 if (rc)
1630 return rc;
1631 }
1632
1633 if (curlun)
1634 sd = curlun->sense_data;
1635 else if (common->bad_lun_okay)
1636 sd = SS_NO_SENSE;
1637 else
1638 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1639
1640 if (common->phase_error) {
1641 DBG(common, "sending phase-error status\n");
1642 status = USB_STATUS_PHASE_ERROR;
1643 sd = SS_INVALID_COMMAND;
1644 } else if (sd != SS_NO_SENSE) {
1645 DBG(common, "sending command-failure status\n");
1646 status = USB_STATUS_FAIL;
1647 VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
1648 " info x%x\n",
1649 SK(sd), ASC(sd), ASCQ(sd), sdinfo);
1650 }
1651
1652
1653 csw = (void *)bh->buf;
1654
1655 csw->Signature = cpu_to_le32(USB_BULK_CS_SIG);
1656 csw->Tag = common->tag;
1657 csw->Residue = cpu_to_le32(common->residue);
1658 csw->Status = status;
1659
1660 bh->inreq->length = USB_BULK_CS_WRAP_LEN;
1661 bh->inreq->zero = 0;
1662 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1663 &bh->inreq_busy, &bh->state)
1664
1665 return -EIO;
1666
1667 common->next_buffhd_to_fill = bh->next;
1668 return 0;
1669}
1670
1671
1672
1673
1674
1675
1676static int check_command(struct fsg_common *common, int cmnd_size,
1677 enum data_direction data_dir, unsigned int mask,
1678 int needs_medium, const char *name)
1679{
1680 int i;
1681 int lun = common->cmnd[1] >> 5;
1682 static const char dirletter[4] = {'u', 'o', 'i', 'n'};
1683 char hdlen[20];
1684 struct fsg_lun *curlun;
1685
1686 hdlen[0] = 0;
1687 if (common->data_dir != DATA_DIR_UNKNOWN)
1688 sprintf(hdlen, ", H%c=%u", dirletter[(int) common->data_dir],
1689 common->data_size);
1690 VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
1691 name, cmnd_size, dirletter[(int) data_dir],
1692 common->data_size_from_cmnd, common->cmnd_size, hdlen);
1693
1694
1695
1696 if (common->data_size_from_cmnd == 0)
1697 data_dir = DATA_DIR_NONE;
1698 if (common->data_size < common->data_size_from_cmnd) {
1699
1700
1701
1702 common->data_size_from_cmnd = common->data_size;
1703 common->phase_error = 1;
1704 }
1705 common->residue = common->data_size;
1706 common->usb_amount_left = common->data_size;
1707
1708
1709 if (common->data_dir != data_dir
1710 && common->data_size_from_cmnd > 0) {
1711 common->phase_error = 1;
1712 return -EINVAL;
1713 }
1714
1715
1716 if (cmnd_size != common->cmnd_size) {
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730 if (cmnd_size <= common->cmnd_size) {
1731 DBG(common, "%s is buggy! Expected length %d "
1732 "but we got %d\n", name,
1733 cmnd_size, common->cmnd_size);
1734 cmnd_size = common->cmnd_size;
1735 } else {
1736 common->phase_error = 1;
1737 return -EINVAL;
1738 }
1739 }
1740
1741
1742 if (common->lun != lun)
1743 DBG(common, "using LUN %d from CBW, not LUN %d from CDB\n",
1744 common->lun, lun);
1745
1746
1747 if (common->lun >= 0 && common->lun < common->nluns) {
1748 curlun = &common->luns[common->lun];
1749 if (common->cmnd[0] != SC_REQUEST_SENSE) {
1750 curlun->sense_data = SS_NO_SENSE;
1751 curlun->info_valid = 0;
1752 }
1753 } else {
1754 curlun = NULL;
1755 common->bad_lun_okay = 0;
1756
1757
1758
1759 if (common->cmnd[0] != SC_INQUIRY &&
1760 common->cmnd[0] != SC_REQUEST_SENSE) {
1761 DBG(common, "unsupported LUN %d\n", common->lun);
1762 return -EINVAL;
1763 }
1764 }
1765#if 0
1766
1767
1768 if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
1769 common->cmnd[0] != SC_INQUIRY &&
1770 common->cmnd[0] != SC_REQUEST_SENSE) {
1771 curlun->sense_data = curlun->unit_attention_data;
1772 curlun->unit_attention_data = SS_NO_SENSE;
1773 return -EINVAL;
1774 }
1775#endif
1776
1777 common->cmnd[1] &= 0x1f;
1778 for (i = 1; i < cmnd_size; ++i) {
1779 if (common->cmnd[i] && !(mask & (1 << i))) {
1780 if (curlun)
1781 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1782 return -EINVAL;
1783 }
1784 }
1785
1786 return 0;
1787}
1788
1789
1790static int do_scsi_command(struct fsg_common *common)
1791{
1792 struct fsg_buffhd *bh;
1793 int rc;
1794 int reply = -EINVAL;
1795 int i;
1796 static char unknown[16];
1797 struct fsg_lun *curlun = &common->luns[common->lun];
1798
1799 dump_cdb(common);
1800
1801
1802 bh = common->next_buffhd_to_fill;
1803 common->next_buffhd_to_drain = bh;
1804 while (bh->state != BUF_STATE_EMPTY) {
1805 rc = sleep_thread(common);
1806 if (rc)
1807 return rc;
1808 }
1809 common->phase_error = 0;
1810 common->short_packet_received = 0;
1811
1812 down_read(&common->filesem);
1813 switch (common->cmnd[0]) {
1814
1815 case SC_INQUIRY:
1816 common->data_size_from_cmnd = common->cmnd[4];
1817 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1818 (1<<4), 0,
1819 "INQUIRY");
1820 if (reply == 0)
1821 reply = do_inquiry(common, bh);
1822 break;
1823
1824 case SC_MODE_SELECT_6:
1825 common->data_size_from_cmnd = common->cmnd[4];
1826 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1827 (1<<1) | (1<<4), 0,
1828 "MODE SELECT(6)");
1829 if (reply == 0)
1830 reply = do_mode_select(common, bh);
1831 break;
1832
1833 case SC_MODE_SELECT_10:
1834 common->data_size_from_cmnd =
1835 get_unaligned_be16(&common->cmnd[7]);
1836 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
1837 (1<<1) | (3<<7), 0,
1838 "MODE SELECT(10)");
1839 if (reply == 0)
1840 reply = do_mode_select(common, bh);
1841 break;
1842
1843 case SC_MODE_SENSE_6:
1844 common->data_size_from_cmnd = common->cmnd[4];
1845 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1846 (1<<1) | (1<<2) | (1<<4), 0,
1847 "MODE SENSE(6)");
1848 if (reply == 0)
1849 reply = do_mode_sense(common, bh);
1850 break;
1851
1852 case SC_MODE_SENSE_10:
1853 common->data_size_from_cmnd =
1854 get_unaligned_be16(&common->cmnd[7]);
1855 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1856 (1<<1) | (1<<2) | (3<<7), 0,
1857 "MODE SENSE(10)");
1858 if (reply == 0)
1859 reply = do_mode_sense(common, bh);
1860 break;
1861
1862 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1863 common->data_size_from_cmnd = 0;
1864 reply = check_command(common, 6, DATA_DIR_NONE,
1865 (1<<4), 0,
1866 "PREVENT-ALLOW MEDIUM REMOVAL");
1867 if (reply == 0)
1868 reply = do_prevent_allow(common);
1869 break;
1870
1871 case SC_READ_6:
1872 i = common->cmnd[4];
1873 common->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1874 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1875 (7<<1) | (1<<4), 1,
1876 "READ(6)");
1877 if (reply == 0)
1878 reply = do_read(common);
1879 break;
1880
1881 case SC_READ_10:
1882 common->data_size_from_cmnd =
1883 get_unaligned_be16(&common->cmnd[7]) << 9;
1884 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1885 (1<<1) | (0xf<<2) | (3<<7), 1,
1886 "READ(10)");
1887 if (reply == 0)
1888 reply = do_read(common);
1889 break;
1890
1891 case SC_READ_12:
1892 common->data_size_from_cmnd =
1893 get_unaligned_be32(&common->cmnd[6]) << 9;
1894 reply = check_command(common, 12, DATA_DIR_TO_HOST,
1895 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1896 "READ(12)");
1897 if (reply == 0)
1898 reply = do_read(common);
1899 break;
1900
1901 case SC_READ_CAPACITY:
1902 common->data_size_from_cmnd = 8;
1903 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1904 (0xf<<2) | (1<<8), 1,
1905 "READ CAPACITY");
1906 if (reply == 0)
1907 reply = do_read_capacity(common, bh);
1908 break;
1909
1910 case SC_READ_HEADER:
1911 if (!common->luns[common->lun].cdrom)
1912 goto unknown_cmnd;
1913 common->data_size_from_cmnd =
1914 get_unaligned_be16(&common->cmnd[7]);
1915 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1916 (3<<7) | (0x1f<<1), 1,
1917 "READ HEADER");
1918 if (reply == 0)
1919 reply = do_read_header(common, bh);
1920 break;
1921
1922 case SC_READ_TOC:
1923 if (!common->luns[common->lun].cdrom)
1924 goto unknown_cmnd;
1925 common->data_size_from_cmnd =
1926 get_unaligned_be16(&common->cmnd[7]);
1927 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1928 (7<<6) | (1<<1), 1,
1929 "READ TOC");
1930 if (reply == 0)
1931 reply = do_read_toc(common, bh);
1932 break;
1933
1934 case SC_READ_FORMAT_CAPACITIES:
1935 common->data_size_from_cmnd =
1936 get_unaligned_be16(&common->cmnd[7]);
1937 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1938 (3<<7), 1,
1939 "READ FORMAT CAPACITIES");
1940 if (reply == 0)
1941 reply = do_read_format_capacities(common, bh);
1942 break;
1943
1944 case SC_REQUEST_SENSE:
1945 common->data_size_from_cmnd = common->cmnd[4];
1946 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1947 (1<<4), 0,
1948 "REQUEST SENSE");
1949 if (reply == 0)
1950 reply = do_request_sense(common, bh);
1951 break;
1952
1953 case SC_START_STOP_UNIT:
1954 common->data_size_from_cmnd = 0;
1955 reply = check_command(common, 6, DATA_DIR_NONE,
1956 (1<<1) | (1<<4), 0,
1957 "START-STOP UNIT");
1958 if (reply == 0)
1959 reply = do_start_stop(common);
1960 break;
1961
1962 case SC_SYNCHRONIZE_CACHE:
1963 common->data_size_from_cmnd = 0;
1964 reply = check_command(common, 10, DATA_DIR_NONE,
1965 (0xf<<2) | (3<<7), 1,
1966 "SYNCHRONIZE CACHE");
1967 if (reply == 0)
1968 reply = do_synchronize_cache(common);
1969 break;
1970
1971 case SC_TEST_UNIT_READY:
1972 common->data_size_from_cmnd = 0;
1973 reply = check_command(common, 6, DATA_DIR_NONE,
1974 0, 1,
1975 "TEST UNIT READY");
1976 break;
1977
1978
1979
1980 case SC_VERIFY:
1981 common->data_size_from_cmnd = 0;
1982 reply = check_command(common, 10, DATA_DIR_NONE,
1983 (1<<1) | (0xf<<2) | (3<<7), 1,
1984 "VERIFY");
1985 if (reply == 0)
1986 reply = do_verify(common);
1987 break;
1988
1989 case SC_WRITE_6:
1990 i = common->cmnd[4];
1991 common->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1992 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1993 (7<<1) | (1<<4), 1,
1994 "WRITE(6)");
1995 if (reply == 0)
1996 reply = do_write(common);
1997 break;
1998
1999 case SC_WRITE_10:
2000 common->data_size_from_cmnd =
2001 get_unaligned_be16(&common->cmnd[7]) << 9;
2002 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
2003 (1<<1) | (0xf<<2) | (3<<7), 1,
2004 "WRITE(10)");
2005 if (reply == 0)
2006 reply = do_write(common);
2007 break;
2008
2009 case SC_WRITE_12:
2010 common->data_size_from_cmnd =
2011 get_unaligned_be32(&common->cmnd[6]) << 9;
2012 reply = check_command(common, 12, DATA_DIR_FROM_HOST,
2013 (1<<1) | (0xf<<2) | (0xf<<6), 1,
2014 "WRITE(12)");
2015 if (reply == 0)
2016 reply = do_write(common);
2017 break;
2018
2019
2020
2021
2022
2023 case SC_FORMAT_UNIT:
2024 case SC_RELEASE:
2025 case SC_RESERVE:
2026 case SC_SEND_DIAGNOSTIC:
2027
2028
2029 default:
2030unknown_cmnd:
2031 common->data_size_from_cmnd = 0;
2032 sprintf(unknown, "Unknown x%02x", common->cmnd[0]);
2033 reply = check_command(common, common->cmnd_size,
2034 DATA_DIR_UNKNOWN, 0xff, 0, unknown);
2035 if (reply == 0) {
2036 curlun->sense_data = SS_INVALID_COMMAND;
2037 reply = -EINVAL;
2038 }
2039 break;
2040 }
2041 up_read(&common->filesem);
2042
2043 if (reply == -EINTR)
2044 return -EINTR;
2045
2046
2047 if (reply == -EINVAL)
2048 reply = 0;
2049 if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) {
2050 reply = min((u32) reply, common->data_size_from_cmnd);
2051 bh->inreq->length = reply;
2052 bh->state = BUF_STATE_FULL;
2053 common->residue -= reply;
2054 }
2055
2056 return 0;
2057}
2058
2059
2060
2061static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2062{
2063 struct usb_request *req = bh->outreq;
2064 struct fsg_bulk_cb_wrap *cbw = req->buf;
2065 struct fsg_common *common = fsg->common;
2066
2067
2068 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
2069 return -EINVAL;
2070
2071
2072 if (req->actual != USB_BULK_CB_WRAP_LEN ||
2073 cbw->Signature != cpu_to_le32(
2074 USB_BULK_CB_SIG)) {
2075 DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
2076 req->actual,
2077 le32_to_cpu(cbw->Signature));
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088 wedge_bulk_in_endpoint(fsg);
2089 set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2090 return -EINVAL;
2091 }
2092
2093
2094 if (cbw->Lun >= FSG_MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG ||
2095 cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
2096 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2097 "cmdlen %u\n",
2098 cbw->Lun, cbw->Flags, cbw->Length);
2099
2100
2101
2102 if (common->can_stall) {
2103 fsg_set_halt(fsg, fsg->bulk_out);
2104 halt_bulk_in_endpoint(fsg);
2105 }
2106 return -EINVAL;
2107 }
2108
2109
2110 common->cmnd_size = cbw->Length;
2111 memcpy(common->cmnd, cbw->CDB, common->cmnd_size);
2112 if (cbw->Flags & USB_BULK_IN_FLAG)
2113 common->data_dir = DATA_DIR_TO_HOST;
2114 else
2115 common->data_dir = DATA_DIR_FROM_HOST;
2116 common->data_size = le32_to_cpu(cbw->DataTransferLength);
2117 if (common->data_size == 0)
2118 common->data_dir = DATA_DIR_NONE;
2119 common->lun = cbw->Lun;
2120 common->tag = cbw->Tag;
2121 return 0;
2122}
2123
2124
2125static int get_next_command(struct fsg_common *common)
2126{
2127 struct fsg_buffhd *bh;
2128 int rc = 0;
2129
2130
2131 bh = common->next_buffhd_to_fill;
2132 while (bh->state != BUF_STATE_EMPTY) {
2133 rc = sleep_thread(common);
2134 if (rc)
2135 return rc;
2136 }
2137
2138
2139 set_bulk_out_req_length(common, bh, USB_BULK_CB_WRAP_LEN);
2140 bh->outreq->short_not_ok = 1;
2141 START_TRANSFER_OR(common, bulk_out, bh->outreq,
2142 &bh->outreq_busy, &bh->state)
2143
2144 return -EIO;
2145
2146
2147
2148
2149
2150
2151 while (bh->state != BUF_STATE_FULL) {
2152 rc = sleep_thread(common);
2153 if (rc)
2154 return rc;
2155 }
2156
2157 rc = fsg_is_set(common) ? received_cbw(common->fsg, bh) : -EIO;
2158 bh->state = BUF_STATE_EMPTY;
2159
2160 return rc;
2161}
2162
2163
2164
2165
2166static int enable_endpoint(struct fsg_common *common, struct usb_ep *ep,
2167 const struct usb_endpoint_descriptor *d)
2168{
2169 int rc;
2170
2171 ep->driver_data = common;
2172 rc = usb_ep_enable(ep, d);
2173 if (rc)
2174 ERROR(common, "can't enable %s, result %d\n", ep->name, rc);
2175 return rc;
2176}
2177
2178static int alloc_request(struct fsg_common *common, struct usb_ep *ep,
2179 struct usb_request **preq)
2180{
2181 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
2182 if (*preq)
2183 return 0;
2184 ERROR(common, "can't allocate request for %s\n", ep->name);
2185 return -ENOMEM;
2186}
2187
2188
2189static int do_set_interface(struct fsg_common *common, struct fsg_dev *new_fsg)
2190{
2191 const struct usb_endpoint_descriptor *d;
2192 struct fsg_dev *fsg;
2193 int i, rc = 0;
2194
2195 if (common->running)
2196 DBG(common, "reset interface\n");
2197
2198reset:
2199
2200 if (common->fsg) {
2201 fsg = common->fsg;
2202
2203 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2204 struct fsg_buffhd *bh = &common->buffhds[i];
2205
2206 if (bh->inreq) {
2207 usb_ep_free_request(fsg->bulk_in, bh->inreq);
2208 bh->inreq = NULL;
2209 }
2210 if (bh->outreq) {
2211 usb_ep_free_request(fsg->bulk_out, bh->outreq);
2212 bh->outreq = NULL;
2213 }
2214 }
2215
2216
2217 if (fsg->bulk_in_enabled) {
2218 usb_ep_disable(fsg->bulk_in);
2219 fsg->bulk_in_enabled = 0;
2220 }
2221 if (fsg->bulk_out_enabled) {
2222 usb_ep_disable(fsg->bulk_out);
2223 fsg->bulk_out_enabled = 0;
2224 }
2225
2226 common->fsg = NULL;
2227
2228 }
2229
2230 common->running = 0;
2231 if (!new_fsg || rc)
2232 return rc;
2233
2234 common->fsg = new_fsg;
2235 fsg = common->fsg;
2236
2237
2238 d = fsg_ep_desc(common->gadget,
2239 &fsg_fs_bulk_in_desc, &fsg_hs_bulk_in_desc);
2240 rc = enable_endpoint(common, fsg->bulk_in, d);
2241 if (rc)
2242 goto reset;
2243 fsg->bulk_in_enabled = 1;
2244
2245 d = fsg_ep_desc(common->gadget,
2246 &fsg_fs_bulk_out_desc, &fsg_hs_bulk_out_desc);
2247 rc = enable_endpoint(common, fsg->bulk_out, d);
2248 if (rc)
2249 goto reset;
2250 fsg->bulk_out_enabled = 1;
2251 common->bulk_out_maxpacket =
2252 le16_to_cpu(get_unaligned(&d->wMaxPacketSize));
2253 clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2254
2255
2256 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2257 struct fsg_buffhd *bh = &common->buffhds[i];
2258
2259 rc = alloc_request(common, fsg->bulk_in, &bh->inreq);
2260 if (rc)
2261 goto reset;
2262 rc = alloc_request(common, fsg->bulk_out, &bh->outreq);
2263 if (rc)
2264 goto reset;
2265 bh->inreq->buf = bh->outreq->buf = bh->buf;
2266 bh->inreq->context = bh->outreq->context = bh;
2267 bh->inreq->complete = bulk_in_complete;
2268 bh->outreq->complete = bulk_out_complete;
2269 }
2270
2271 common->running = 1;
2272
2273 return rc;
2274}
2275
2276
2277
2278
2279
2280static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
2281{
2282 struct fsg_dev *fsg = fsg_from_func(f);
2283 fsg->common->new_fsg = fsg;
2284 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2285 return 0;
2286}
2287
2288static void fsg_disable(struct usb_function *f)
2289{
2290 struct fsg_dev *fsg = fsg_from_func(f);
2291 fsg->common->new_fsg = NULL;
2292 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2293}
2294
2295
2296
2297static void handle_exception(struct fsg_common *common)
2298{
2299 int i;
2300 struct fsg_buffhd *bh;
2301 enum fsg_state old_state;
2302 struct fsg_lun *curlun;
2303 unsigned int exception_req_tag;
2304
2305
2306 if (common->fsg) {
2307 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2308 bh = &common->buffhds[i];
2309 if (bh->inreq_busy)
2310 usb_ep_dequeue(common->fsg->bulk_in, bh->inreq);
2311 if (bh->outreq_busy)
2312 usb_ep_dequeue(common->fsg->bulk_out,
2313 bh->outreq);
2314 }
2315
2316
2317 for (;;) {
2318 int num_active = 0;
2319 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2320 bh = &common->buffhds[i];
2321 num_active += bh->inreq_busy + bh->outreq_busy;
2322 }
2323 if (num_active == 0)
2324 break;
2325 if (sleep_thread(common))
2326 return;
2327 }
2328
2329
2330 if (common->fsg->bulk_in_enabled)
2331 usb_ep_fifo_flush(common->fsg->bulk_in);
2332 if (common->fsg->bulk_out_enabled)
2333 usb_ep_fifo_flush(common->fsg->bulk_out);
2334 }
2335
2336
2337
2338
2339 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2340 bh = &common->buffhds[i];
2341 bh->state = BUF_STATE_EMPTY;
2342 }
2343 common->next_buffhd_to_fill = &common->buffhds[0];
2344 common->next_buffhd_to_drain = &common->buffhds[0];
2345 exception_req_tag = common->exception_req_tag;
2346 old_state = common->state;
2347
2348 if (old_state == FSG_STATE_ABORT_BULK_OUT)
2349 common->state = FSG_STATE_STATUS_PHASE;
2350 else {
2351 for (i = 0; i < common->nluns; ++i) {
2352 curlun = &common->luns[i];
2353 curlun->sense_data = SS_NO_SENSE;
2354 curlun->info_valid = 0;
2355 }
2356 common->state = FSG_STATE_IDLE;
2357 }
2358
2359
2360 switch (old_state) {
2361 case FSG_STATE_ABORT_BULK_OUT:
2362 send_status(common);
2363
2364 if (common->state == FSG_STATE_STATUS_PHASE)
2365 common->state = FSG_STATE_IDLE;
2366 break;
2367
2368 case FSG_STATE_RESET:
2369
2370
2371
2372 if (!fsg_is_set(common))
2373 break;
2374 if (test_and_clear_bit(IGNORE_BULK_OUT,
2375 &common->fsg->atomic_bitflags))
2376 usb_ep_clear_halt(common->fsg->bulk_in);
2377
2378 if (common->ep0_req_tag == exception_req_tag)
2379 ep0_queue(common);
2380
2381 break;
2382
2383 case FSG_STATE_CONFIG_CHANGE:
2384 do_set_interface(common, common->new_fsg);
2385 break;
2386
2387 case FSG_STATE_EXIT:
2388 case FSG_STATE_TERMINATED:
2389 do_set_interface(common, NULL);
2390 common->state = FSG_STATE_TERMINATED;
2391 break;
2392
2393 case FSG_STATE_INTERFACE_CHANGE:
2394 case FSG_STATE_DISCONNECT:
2395 case FSG_STATE_COMMAND_PHASE:
2396 case FSG_STATE_DATA_PHASE:
2397 case FSG_STATE_STATUS_PHASE:
2398 case FSG_STATE_IDLE:
2399 break;
2400 }
2401}
2402
2403
2404
2405int fsg_main_thread(void *common_)
2406{
2407 int ret;
2408 struct fsg_common *common = the_fsg_common;
2409
2410 do {
2411 if (exception_in_progress(common)) {
2412 handle_exception(common);
2413 continue;
2414 }
2415
2416 if (!common->running) {
2417 ret = sleep_thread(common);
2418 if (ret)
2419 return ret;
2420
2421 continue;
2422 }
2423
2424 ret = get_next_command(common);
2425 if (ret)
2426 return ret;
2427
2428 if (!exception_in_progress(common))
2429 common->state = FSG_STATE_DATA_PHASE;
2430
2431 if (do_scsi_command(common) || finish_reply(common))
2432 continue;
2433
2434 if (!exception_in_progress(common))
2435 common->state = FSG_STATE_STATUS_PHASE;
2436
2437 if (send_status(common))
2438 continue;
2439
2440 if (!exception_in_progress(common))
2441 common->state = FSG_STATE_IDLE;
2442 } while (0);
2443
2444 common->thread_task = NULL;
2445
2446 return 0;
2447}
2448
2449static void fsg_common_release(struct kref *ref);
2450
2451static struct fsg_common *fsg_common_init(struct fsg_common *common,
2452 struct usb_composite_dev *cdev)
2453{
2454 struct usb_gadget *gadget = cdev->gadget;
2455 struct fsg_buffhd *bh;
2456 struct fsg_lun *curlun;
2457 int nluns, i, rc;
2458
2459
2460 nluns = ums_count;
2461 if (nluns < 1 || nluns > FSG_MAX_LUNS) {
2462 printf("invalid number of LUNs: %u\n", nluns);
2463 return ERR_PTR(-EINVAL);
2464 }
2465
2466
2467 if (!common) {
2468 common = calloc(sizeof(*common), 1);
2469 if (!common)
2470 return ERR_PTR(-ENOMEM);
2471 common->free_storage_on_release = 1;
2472 } else {
2473 memset(common, 0, sizeof(*common));
2474 common->free_storage_on_release = 0;
2475 }
2476
2477 common->ops = NULL;
2478 common->private_data = NULL;
2479
2480 common->gadget = gadget;
2481 common->ep0 = gadget->ep0;
2482 common->ep0req = cdev->req;
2483
2484
2485 if (fsg_strings[FSG_STRING_INTERFACE].id == 0) {
2486 rc = usb_string_id(cdev);
2487 if (unlikely(rc < 0))
2488 goto error_release;
2489 fsg_strings[FSG_STRING_INTERFACE].id = rc;
2490 fsg_intf_desc.iInterface = rc;
2491 }
2492
2493
2494
2495 curlun = calloc(nluns, sizeof *curlun);
2496 if (!curlun) {
2497 rc = -ENOMEM;
2498 goto error_release;
2499 }
2500 common->nluns = nluns;
2501
2502 for (i = 0; i < nluns; i++) {
2503 common->luns[i].removable = 1;
2504
2505 rc = fsg_lun_open(&common->luns[i], ums[i].num_sectors, "");
2506 if (rc)
2507 goto error_luns;
2508 }
2509 common->lun = 0;
2510
2511
2512 bh = common->buffhds;
2513
2514 i = FSG_NUM_BUFFERS;
2515 goto buffhds_first_it;
2516 do {
2517 bh->next = bh + 1;
2518 ++bh;
2519buffhds_first_it:
2520 bh->inreq_busy = 0;
2521 bh->outreq_busy = 0;
2522 bh->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, FSG_BUFLEN);
2523 if (unlikely(!bh->buf)) {
2524 rc = -ENOMEM;
2525 goto error_release;
2526 }
2527 } while (--i);
2528 bh->next = common->buffhds;
2529
2530 snprintf(common->inquiry_string, sizeof common->inquiry_string,
2531 "%-8s%-16s%04x",
2532 "Linux ",
2533 "File-Store Gadget",
2534 0xffff);
2535
2536
2537
2538
2539
2540
2541
2542 common->thread_task =
2543 kthread_create(fsg_main_thread, common,
2544 OR(cfg->thread_name, "file-storage"));
2545 if (IS_ERR(common->thread_task)) {
2546 rc = PTR_ERR(common->thread_task);
2547 goto error_release;
2548 }
2549
2550#undef OR
2551
2552 INFO(common, FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n");
2553 INFO(common, "Number of LUNs=%d\n", common->nluns);
2554
2555 return common;
2556
2557error_luns:
2558 common->nluns = i + 1;
2559error_release:
2560 common->state = FSG_STATE_TERMINATED;
2561
2562
2563 fsg_common_release(&common->ref);
2564 return ERR_PTR(rc);
2565}
2566
2567static void fsg_common_release(struct kref *ref)
2568{
2569 struct fsg_common *common = container_of(ref, struct fsg_common, ref);
2570
2571
2572 if (common->state != FSG_STATE_TERMINATED) {
2573 raise_exception(common, FSG_STATE_EXIT);
2574 wait_for_completion(&common->thread_notifier);
2575 }
2576
2577 if (likely(common->luns)) {
2578 struct fsg_lun *lun = common->luns;
2579 unsigned i = common->nluns;
2580
2581
2582 for (; i; --i, ++lun)
2583 fsg_lun_close(lun);
2584
2585 kfree(common->luns);
2586 }
2587
2588 {
2589 struct fsg_buffhd *bh = common->buffhds;
2590 unsigned i = FSG_NUM_BUFFERS;
2591 do {
2592 kfree(bh->buf);
2593 } while (++bh, --i);
2594 }
2595
2596 if (common->free_storage_on_release)
2597 kfree(common);
2598}
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615struct usb_descriptor_header **
2616usb_copy_descriptors(struct usb_descriptor_header **src)
2617{
2618 struct usb_descriptor_header **tmp;
2619 unsigned bytes;
2620 unsigned n_desc;
2621 void *mem;
2622 struct usb_descriptor_header **ret;
2623
2624
2625 for (bytes = 0, n_desc = 0, tmp = src; *tmp; tmp++, n_desc++)
2626 bytes += (*tmp)->bLength;
2627 bytes += (n_desc + 1) * sizeof(*tmp);
2628
2629 mem = memalign(CONFIG_SYS_CACHELINE_SIZE, bytes);
2630 if (!mem)
2631 return NULL;
2632
2633
2634
2635
2636
2637 tmp = mem;
2638 ret = mem;
2639 mem += (n_desc + 1) * sizeof(*tmp);
2640 while (*src) {
2641 memcpy(mem, *src, (*src)->bLength);
2642 *tmp = mem;
2643 tmp++;
2644 mem += (*src)->bLength;
2645 src++;
2646 }
2647 *tmp = NULL;
2648
2649 return ret;
2650}
2651
2652static void fsg_unbind(struct usb_configuration *c, struct usb_function *f)
2653{
2654 struct fsg_dev *fsg = fsg_from_func(f);
2655
2656 DBG(fsg, "unbind\n");
2657 if (fsg->common->fsg == fsg) {
2658 fsg->common->new_fsg = NULL;
2659 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2660 }
2661
2662 free(fsg->function.descriptors);
2663 free(fsg->function.hs_descriptors);
2664 kfree(fsg);
2665}
2666
2667static int fsg_bind(struct usb_configuration *c, struct usb_function *f)
2668{
2669 struct fsg_dev *fsg = fsg_from_func(f);
2670 struct usb_gadget *gadget = c->cdev->gadget;
2671 int i;
2672 struct usb_ep *ep;
2673 fsg->gadget = gadget;
2674
2675
2676 i = usb_interface_id(c, f);
2677 if (i < 0)
2678 return i;
2679 fsg_intf_desc.bInterfaceNumber = i;
2680 fsg->interface_number = i;
2681
2682
2683 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc);
2684 if (!ep)
2685 goto autoconf_fail;
2686 ep->driver_data = fsg->common;
2687 fsg->bulk_in = ep;
2688
2689 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc);
2690 if (!ep)
2691 goto autoconf_fail;
2692 ep->driver_data = fsg->common;
2693 fsg->bulk_out = ep;
2694
2695
2696 f->descriptors = usb_copy_descriptors(fsg_fs_function);
2697 if (unlikely(!f->descriptors))
2698 return -ENOMEM;
2699
2700 if (gadget_is_dualspeed(gadget)) {
2701
2702 fsg_hs_bulk_in_desc.bEndpointAddress =
2703 fsg_fs_bulk_in_desc.bEndpointAddress;
2704 fsg_hs_bulk_out_desc.bEndpointAddress =
2705 fsg_fs_bulk_out_desc.bEndpointAddress;
2706 f->hs_descriptors = usb_copy_descriptors(fsg_hs_function);
2707 if (unlikely(!f->hs_descriptors)) {
2708 free(f->descriptors);
2709 return -ENOMEM;
2710 }
2711 }
2712 return 0;
2713
2714autoconf_fail:
2715 ERROR(fsg, "unable to autoconfigure all endpoints\n");
2716 return -ENOTSUPP;
2717}
2718
2719
2720
2721
2722static struct usb_gadget_strings *fsg_strings_array[] = {
2723 &fsg_stringtab,
2724 NULL,
2725};
2726
2727static int fsg_bind_config(struct usb_composite_dev *cdev,
2728 struct usb_configuration *c,
2729 struct fsg_common *common)
2730{
2731 struct fsg_dev *fsg;
2732 int rc;
2733
2734 fsg = calloc(1, sizeof *fsg);
2735 if (!fsg)
2736 return -ENOMEM;
2737 fsg->function.name = FSG_DRIVER_DESC;
2738 fsg->function.strings = fsg_strings_array;
2739 fsg->function.bind = fsg_bind;
2740 fsg->function.unbind = fsg_unbind;
2741 fsg->function.setup = fsg_setup;
2742 fsg->function.set_alt = fsg_set_alt;
2743 fsg->function.disable = fsg_disable;
2744
2745 fsg->common = common;
2746 common->fsg = fsg;
2747
2748
2749
2750
2751
2752
2753 rc = usb_add_function(c, &fsg->function);
2754
2755 if (rc)
2756 kfree(fsg);
2757
2758 return rc;
2759}
2760
2761int fsg_add(struct usb_configuration *c)
2762{
2763 struct fsg_common *fsg_common;
2764
2765 fsg_common = fsg_common_init(NULL, c->cdev);
2766
2767 fsg_common->vendor_name = 0;
2768 fsg_common->product_name = 0;
2769 fsg_common->release = 0xffff;
2770
2771 fsg_common->ops = NULL;
2772 fsg_common->private_data = NULL;
2773
2774 the_fsg_common = fsg_common;
2775
2776 return fsg_bind_config(c->cdev, c, fsg_common);
2777}
2778
2779int fsg_init(struct ums *ums_devs, int count)
2780{
2781 ums = ums_devs;
2782 ums_count = count;
2783
2784 return 0;
2785}
2786
2787DECLARE_GADGET_BIND_CALLBACK(usb_dnl_ums, fsg_add);
2788
