1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242#include <config.h>
243#include <hexdump.h>
244#include <malloc.h>
245#include <common.h>
246#include <console.h>
247#include <g_dnl.h>
248
249#include <linux/err.h>
250#include <linux/usb/ch9.h>
251#include <linux/usb/gadget.h>
252#include <usb_mass_storage.h>
253
254#include <asm/unaligned.h>
255#include <linux/bitops.h>
256#include <linux/usb/gadget.h>
257#include <linux/usb/gadget.h>
258#include <linux/usb/composite.h>
259#include <linux/bitmap.h>
260#include <g_dnl.h>
261
262
263
264#define FSG_DRIVER_DESC "Mass Storage Function"
265#define FSG_DRIVER_VERSION "2012/06/5"
266
267static const char fsg_string_interface[] = "Mass Storage";
268
269#define FSG_NO_INTR_EP 1
270#define FSG_NO_DEVICE_STRINGS 1
271#define FSG_NO_OTG 1
272#define FSG_NO_INTR_EP 1
273
274#include "storage_common.c"
275
276
277
278#define GFP_ATOMIC ((gfp_t) 0)
279#define PAGE_CACHE_SHIFT 12
280#define PAGE_CACHE_SIZE (1 << PAGE_CACHE_SHIFT)
281#define kthread_create(...) __builtin_return_address(0)
282#define wait_for_completion(...) do {} while (0)
283
284struct kref {int x; };
285struct completion {int x; };
286
287struct fsg_dev;
288struct fsg_common;
289
290
291struct fsg_common {
292 struct usb_gadget *gadget;
293 struct fsg_dev *fsg, *new_fsg;
294
295 struct usb_ep *ep0;
296 struct usb_request *ep0req;
297 unsigned int ep0_req_tag;
298
299 struct fsg_buffhd *next_buffhd_to_fill;
300 struct fsg_buffhd *next_buffhd_to_drain;
301 struct fsg_buffhd buffhds[FSG_NUM_BUFFERS];
302
303 int cmnd_size;
304 u8 cmnd[MAX_COMMAND_SIZE];
305
306 unsigned int nluns;
307 unsigned int lun;
308 struct fsg_lun luns[FSG_MAX_LUNS];
309
310 unsigned int bulk_out_maxpacket;
311 enum fsg_state state;
312 unsigned int exception_req_tag;
313
314 enum data_direction data_dir;
315 u32 data_size;
316 u32 data_size_from_cmnd;
317 u32 tag;
318 u32 residue;
319 u32 usb_amount_left;
320
321 unsigned int can_stall:1;
322 unsigned int free_storage_on_release:1;
323 unsigned int phase_error:1;
324 unsigned int short_packet_received:1;
325 unsigned int bad_lun_okay:1;
326 unsigned int running:1;
327
328 int thread_wakeup_needed;
329 struct completion thread_notifier;
330 struct task_struct *thread_task;
331
332
333 const struct fsg_operations *ops;
334
335 void *private_data;
336
337 const char *vendor_name;
338 const char *product_name;
339 u16 release;
340
341
342
343 char inquiry_string[8 + 16 + 4 + 1];
344
345 struct kref ref;
346};
347
348struct fsg_config {
349 unsigned nluns;
350 struct fsg_lun_config {
351 const char *filename;
352 char ro;
353 char removable;
354 char cdrom;
355 char nofua;
356 } luns[FSG_MAX_LUNS];
357
358
359 const struct fsg_operations *ops;
360
361 void *private_data;
362
363 const char *vendor_name;
364 const char *product_name;
365
366 char can_stall;
367};
368
369struct fsg_dev {
370 struct usb_function function;
371 struct usb_gadget *gadget;
372 struct fsg_common *common;
373
374 u16 interface_number;
375
376 unsigned int bulk_in_enabled:1;
377 unsigned int bulk_out_enabled:1;
378
379 unsigned long atomic_bitflags;
380#define IGNORE_BULK_OUT 0
381
382 struct usb_ep *bulk_in;
383 struct usb_ep *bulk_out;
384};
385
386
387static inline int __fsg_is_set(struct fsg_common *common,
388 const char *func, unsigned line)
389{
390 if (common->fsg)
391 return 1;
392 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line);
393 WARN_ON(1);
394 return 0;
395}
396
397#define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__))
398
399
400static inline struct fsg_dev *fsg_from_func(struct usb_function *f)
401{
402 return container_of(f, struct fsg_dev, function);
403}
404
405
406typedef void (*fsg_routine_t)(struct fsg_dev *);
407
408static int exception_in_progress(struct fsg_common *common)
409{
410 return common->state > FSG_STATE_IDLE;
411}
412
413
414static void set_bulk_out_req_length(struct fsg_common *common,
415 struct fsg_buffhd *bh, unsigned int length)
416{
417 unsigned int rem;
418
419 bh->bulk_out_intended_length = length;
420 rem = length % common->bulk_out_maxpacket;
421 if (rem > 0)
422 length += common->bulk_out_maxpacket - rem;
423 bh->outreq->length = length;
424}
425
426
427
428static struct ums *ums;
429static int ums_count;
430static struct fsg_common *the_fsg_common;
431
432static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
433{
434 const char *name;
435
436 if (ep == fsg->bulk_in)
437 name = "bulk-in";
438 else if (ep == fsg->bulk_out)
439 name = "bulk-out";
440 else
441 name = ep->name;
442 DBG(fsg, "%s set halt\n", name);
443 return usb_ep_set_halt(ep);
444}
445
446
447
448
449
450
451static void wakeup_thread(struct fsg_common *common)
452{
453 common->thread_wakeup_needed = 1;
454}
455
456static void raise_exception(struct fsg_common *common, enum fsg_state new_state)
457{
458
459
460
461 if (common->state <= new_state) {
462 common->exception_req_tag = common->ep0_req_tag;
463 common->state = new_state;
464 common->thread_wakeup_needed = 1;
465 }
466}
467
468
469
470static int ep0_queue(struct fsg_common *common)
471{
472 int rc;
473
474 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC);
475 common->ep0->driver_data = common;
476 if (rc != 0 && rc != -ESHUTDOWN) {
477
478 WARNING(common, "error in submission: %s --> %d\n",
479 common->ep0->name, rc);
480 }
481 return rc;
482}
483
484
485
486
487
488
489static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
490{
491 struct fsg_common *common = ep->driver_data;
492 struct fsg_buffhd *bh = req->context;
493
494 if (req->status || req->actual != req->length)
495 DBG(common, "%s --> %d, %u/%u\n", __func__,
496 req->status, req->actual, req->length);
497 if (req->status == -ECONNRESET)
498 usb_ep_fifo_flush(ep);
499
500
501 bh->inreq_busy = 0;
502 bh->state = BUF_STATE_EMPTY;
503 wakeup_thread(common);
504}
505
506static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
507{
508 struct fsg_common *common = ep->driver_data;
509 struct fsg_buffhd *bh = req->context;
510
511 dump_msg(common, "bulk-out", req->buf, req->actual);
512 if (req->status || req->actual != bh->bulk_out_intended_length)
513 DBG(common, "%s --> %d, %u/%u\n", __func__,
514 req->status, req->actual,
515 bh->bulk_out_intended_length);
516 if (req->status == -ECONNRESET)
517 usb_ep_fifo_flush(ep);
518
519
520 bh->outreq_busy = 0;
521 bh->state = BUF_STATE_FULL;
522 wakeup_thread(common);
523}
524
525
526
527
528
529static int fsg_setup(struct usb_function *f,
530 const struct usb_ctrlrequest *ctrl)
531{
532 struct fsg_dev *fsg = fsg_from_func(f);
533 struct usb_request *req = fsg->common->ep0req;
534 u16 w_index = get_unaligned_le16(&ctrl->wIndex);
535 u16 w_value = get_unaligned_le16(&ctrl->wValue);
536 u16 w_length = get_unaligned_le16(&ctrl->wLength);
537
538 if (!fsg_is_set(fsg->common))
539 return -EOPNOTSUPP;
540
541 switch (ctrl->bRequest) {
542
543 case USB_BULK_RESET_REQUEST:
544 if (ctrl->bRequestType !=
545 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
546 break;
547 if (w_index != fsg->interface_number || w_value != 0)
548 return -EDOM;
549
550
551
552 DBG(fsg, "bulk reset request\n");
553 raise_exception(fsg->common, FSG_STATE_RESET);
554 return DELAYED_STATUS;
555
556 case USB_BULK_GET_MAX_LUN_REQUEST:
557 if (ctrl->bRequestType !=
558 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
559 break;
560 if (w_index != fsg->interface_number || w_value != 0)
561 return -EDOM;
562 VDBG(fsg, "get max LUN\n");
563 *(u8 *) req->buf = fsg->common->nluns - 1;
564
565
566 req->length = min((u16)1, w_length);
567 return ep0_queue(fsg->common);
568 }
569
570 VDBG(fsg,
571 "unknown class-specific control req "
572 "%02x.%02x v%04x i%04x l%u\n",
573 ctrl->bRequestType, ctrl->bRequest,
574 get_unaligned_le16(&ctrl->wValue), w_index, w_length);
575 return -EOPNOTSUPP;
576}
577
578
579
580
581
582
583static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
584 struct usb_request *req, int *pbusy,
585 enum fsg_buffer_state *state)
586{
587 int rc;
588
589 if (ep == fsg->bulk_in)
590 dump_msg(fsg, "bulk-in", req->buf, req->length);
591
592 *pbusy = 1;
593 *state = BUF_STATE_BUSY;
594 rc = usb_ep_queue(ep, req, GFP_KERNEL);
595 if (rc != 0) {
596 *pbusy = 0;
597 *state = BUF_STATE_EMPTY;
598
599
600
601
602
603 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP &&
604 req->length == 0))
605 WARNING(fsg, "error in submission: %s --> %d\n",
606 ep->name, rc);
607 }
608}
609
610#define START_TRANSFER_OR(common, ep_name, req, pbusy, state) \
611 if (fsg_is_set(common)) \
612 start_transfer((common)->fsg, (common)->fsg->ep_name, \
613 req, pbusy, state); \
614 else
615
616#define START_TRANSFER(common, ep_name, req, pbusy, state) \
617 START_TRANSFER_OR(common, ep_name, req, pbusy, state) (void)0
618
619static void busy_indicator(void)
620{
621 static int state;
622
623 switch (state) {
624 case 0:
625 puts("\r|"); break;
626 case 1:
627 puts("\r/"); break;
628 case 2:
629 puts("\r-"); break;
630 case 3:
631 puts("\r\\"); break;
632 case 4:
633 puts("\r|"); break;
634 case 5:
635 puts("\r/"); break;
636 case 6:
637 puts("\r-"); break;
638 case 7:
639 puts("\r\\"); break;
640 default:
641 state = 0;
642 }
643 if (state++ == 8)
644 state = 0;
645}
646
647static int sleep_thread(struct fsg_common *common)
648{
649 int rc = 0;
650 int i = 0, k = 0;
651
652
653 for (;;) {
654 if (common->thread_wakeup_needed)
655 break;
656
657 if (++i == 20000) {
658 busy_indicator();
659 i = 0;
660 k++;
661 }
662
663 if (k == 10) {
664
665 if (ctrlc())
666 return -EPIPE;
667
668
669 if (!g_dnl_board_usb_cable_connected())
670 return -EIO;
671
672 k = 0;
673 }
674
675 usb_gadget_handle_interrupts(0);
676 }
677 common->thread_wakeup_needed = 0;
678 return rc;
679}
680
681
682
683static int do_read(struct fsg_common *common)
684{
685 struct fsg_lun *curlun = &common->luns[common->lun];
686 u32 lba;
687 struct fsg_buffhd *bh;
688 int rc;
689 u32 amount_left;
690 loff_t file_offset;
691 unsigned int amount;
692 unsigned int partial_page;
693 ssize_t nread;
694
695
696
697 if (common->cmnd[0] == SC_READ_6)
698 lba = get_unaligned_be24(&common->cmnd[1]);
699 else {
700 lba = get_unaligned_be32(&common->cmnd[2]);
701
702
703
704
705 if ((common->cmnd[1] & ~0x18) != 0) {
706 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
707 return -EINVAL;
708 }
709 }
710 if (lba >= curlun->num_sectors) {
711 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
712 return -EINVAL;
713 }
714 file_offset = ((loff_t) lba) << 9;
715
716
717 amount_left = common->data_size_from_cmnd;
718 if (unlikely(amount_left == 0))
719 return -EIO;
720
721 for (;;) {
722
723
724
725
726
727
728
729
730
731 amount = min(amount_left, FSG_BUFLEN);
732 partial_page = file_offset & (PAGE_CACHE_SIZE - 1);
733 if (partial_page > 0)
734 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE -
735 partial_page);
736
737
738 bh = common->next_buffhd_to_fill;
739 while (bh->state != BUF_STATE_EMPTY) {
740 rc = sleep_thread(common);
741 if (rc)
742 return rc;
743 }
744
745
746
747 if (amount == 0) {
748 curlun->sense_data =
749 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
750 curlun->info_valid = 1;
751 bh->inreq->length = 0;
752 bh->state = BUF_STATE_FULL;
753 break;
754 }
755
756
757 rc = ums[common->lun].read_sector(&ums[common->lun],
758 file_offset / SECTOR_SIZE,
759 amount / SECTOR_SIZE,
760 (char __user *)bh->buf);
761 if (!rc)
762 return -EIO;
763
764 nread = rc * SECTOR_SIZE;
765
766 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
767 (unsigned long long) file_offset,
768 (int) nread);
769
770 if (nread < 0) {
771 LDBG(curlun, "error in file read: %d\n",
772 (int) nread);
773 nread = 0;
774 } else if (nread < amount) {
775 LDBG(curlun, "partial file read: %d/%u\n",
776 (int) nread, amount);
777 nread -= (nread & 511);
778 }
779 file_offset += nread;
780 amount_left -= nread;
781 common->residue -= nread;
782 bh->inreq->length = nread;
783 bh->state = BUF_STATE_FULL;
784
785
786 if (nread < amount) {
787 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
788 curlun->info_valid = 1;
789 break;
790 }
791
792 if (amount_left == 0)
793 break;
794
795
796 bh->inreq->zero = 0;
797 START_TRANSFER_OR(common, bulk_in, bh->inreq,
798 &bh->inreq_busy, &bh->state)
799
800
801 return -EIO;
802 common->next_buffhd_to_fill = bh->next;
803 }
804
805 return -EIO;
806}
807
808
809
810static int do_write(struct fsg_common *common)
811{
812 struct fsg_lun *curlun = &common->luns[common->lun];
813 u32 lba;
814 struct fsg_buffhd *bh;
815 int get_some_more;
816 u32 amount_left_to_req, amount_left_to_write;
817 loff_t usb_offset, file_offset;
818 unsigned int amount;
819 unsigned int partial_page;
820 ssize_t nwritten;
821 int rc;
822
823 if (curlun->ro) {
824 curlun->sense_data = SS_WRITE_PROTECTED;
825 return -EINVAL;
826 }
827
828
829
830 if (common->cmnd[0] == SC_WRITE_6)
831 lba = get_unaligned_be24(&common->cmnd[1]);
832 else {
833 lba = get_unaligned_be32(&common->cmnd[2]);
834
835
836
837
838
839 if (common->cmnd[1] & ~0x18) {
840 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
841 return -EINVAL;
842 }
843 }
844 if (lba >= curlun->num_sectors) {
845 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
846 return -EINVAL;
847 }
848
849
850 get_some_more = 1;
851 file_offset = usb_offset = ((loff_t) lba) << 9;
852 amount_left_to_req = common->data_size_from_cmnd;
853 amount_left_to_write = common->data_size_from_cmnd;
854
855 while (amount_left_to_write > 0) {
856
857
858 bh = common->next_buffhd_to_fill;
859 if (bh->state == BUF_STATE_EMPTY && get_some_more) {
860
861
862
863
864
865
866
867
868
869
870 amount = min(amount_left_to_req, FSG_BUFLEN);
871 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1);
872 if (partial_page > 0)
873 amount = min(amount,
874 (unsigned int) PAGE_CACHE_SIZE - partial_page);
875
876 if (amount == 0) {
877 get_some_more = 0;
878 curlun->sense_data =
879 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
880 curlun->info_valid = 1;
881 continue;
882 }
883 amount -= (amount & 511);
884 if (amount == 0) {
885
886
887
888 get_some_more = 0;
889 continue;
890 }
891
892
893 usb_offset += amount;
894 common->usb_amount_left -= amount;
895 amount_left_to_req -= amount;
896 if (amount_left_to_req == 0)
897 get_some_more = 0;
898
899
900
901 bh->outreq->length = amount;
902 bh->bulk_out_intended_length = amount;
903 bh->outreq->short_not_ok = 1;
904 START_TRANSFER_OR(common, bulk_out, bh->outreq,
905 &bh->outreq_busy, &bh->state)
906
907
908 return -EIO;
909 common->next_buffhd_to_fill = bh->next;
910 continue;
911 }
912
913
914 bh = common->next_buffhd_to_drain;
915 if (bh->state == BUF_STATE_EMPTY && !get_some_more)
916 break;
917 if (bh->state == BUF_STATE_FULL) {
918 common->next_buffhd_to_drain = bh->next;
919 bh->state = BUF_STATE_EMPTY;
920
921
922 if (bh->outreq->status != 0) {
923 curlun->sense_data = SS_COMMUNICATION_FAILURE;
924 curlun->info_valid = 1;
925 break;
926 }
927
928 amount = bh->outreq->actual;
929
930
931 rc = ums[common->lun].write_sector(&ums[common->lun],
932 file_offset / SECTOR_SIZE,
933 amount / SECTOR_SIZE,
934 (char __user *)bh->buf);
935 if (!rc)
936 return -EIO;
937 nwritten = rc * SECTOR_SIZE;
938
939 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
940 (unsigned long long) file_offset,
941 (int) nwritten);
942
943 if (nwritten < 0) {
944 LDBG(curlun, "error in file write: %d\n",
945 (int) nwritten);
946 nwritten = 0;
947 } else if (nwritten < amount) {
948 LDBG(curlun, "partial file write: %d/%u\n",
949 (int) nwritten, amount);
950 nwritten -= (nwritten & 511);
951
952 }
953 file_offset += nwritten;
954 amount_left_to_write -= nwritten;
955 common->residue -= nwritten;
956
957
958 if (nwritten < amount) {
959 printf("nwritten:%zd amount:%u\n", nwritten,
960 amount);
961 curlun->sense_data = SS_WRITE_ERROR;
962 curlun->info_valid = 1;
963 break;
964 }
965
966
967 if (bh->outreq->actual != bh->outreq->length) {
968 common->short_packet_received = 1;
969 break;
970 }
971 continue;
972 }
973
974
975 rc = sleep_thread(common);
976 if (rc)
977 return rc;
978 }
979
980 return -EIO;
981}
982
983
984
985static int do_synchronize_cache(struct fsg_common *common)
986{
987 return 0;
988}
989
990
991
992static int do_verify(struct fsg_common *common)
993{
994 struct fsg_lun *curlun = &common->luns[common->lun];
995 u32 lba;
996 u32 verification_length;
997 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
998 loff_t file_offset;
999 u32 amount_left;
1000 unsigned int amount;
1001 ssize_t nread;
1002 int rc;
1003
1004
1005
1006 lba = get_unaligned_be32(&common->cmnd[2]);
1007 if (lba >= curlun->num_sectors) {
1008 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1009 return -EINVAL;
1010 }
1011
1012
1013
1014 if (common->cmnd[1] & ~0x10) {
1015 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1016 return -EINVAL;
1017 }
1018
1019 verification_length = get_unaligned_be16(&common->cmnd[7]);
1020 if (unlikely(verification_length == 0))
1021 return -EIO;
1022
1023
1024 amount_left = verification_length << 9;
1025 file_offset = ((loff_t) lba) << 9;
1026
1027
1028
1029
1030 while (amount_left > 0) {
1031
1032
1033
1034
1035
1036
1037
1038 amount = min(amount_left, FSG_BUFLEN);
1039 if (amount == 0) {
1040 curlun->sense_data =
1041 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1042 curlun->info_valid = 1;
1043 break;
1044 }
1045
1046
1047 rc = ums[common->lun].read_sector(&ums[common->lun],
1048 file_offset / SECTOR_SIZE,
1049 amount / SECTOR_SIZE,
1050 (char __user *)bh->buf);
1051 if (!rc)
1052 return -EIO;
1053 nread = rc * SECTOR_SIZE;
1054
1055 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1056 (unsigned long long) file_offset,
1057 (int) nread);
1058 if (nread < 0) {
1059 LDBG(curlun, "error in file verify: %d\n",
1060 (int) nread);
1061 nread = 0;
1062 } else if (nread < amount) {
1063 LDBG(curlun, "partial file verify: %d/%u\n",
1064 (int) nread, amount);
1065 nread -= (nread & 511);
1066 }
1067 if (nread == 0) {
1068 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1069 curlun->info_valid = 1;
1070 break;
1071 }
1072 file_offset += nread;
1073 amount_left -= nread;
1074 }
1075 return 0;
1076}
1077
1078
1079
1080static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh)
1081{
1082 struct fsg_lun *curlun = &common->luns[common->lun];
1083 static const char vendor_id[] = "Linux ";
1084 u8 *buf = (u8 *) bh->buf;
1085
1086 if (!curlun) {
1087 common->bad_lun_okay = 1;
1088 memset(buf, 0, 36);
1089 buf[0] = 0x7f;
1090 buf[4] = 31;
1091 return 36;
1092 }
1093
1094 memset(buf, 0, 8);
1095 buf[0] = TYPE_DISK;
1096 buf[1] = curlun->removable ? 0x80 : 0;
1097 buf[2] = 2;
1098 buf[3] = 2;
1099 buf[4] = 31;
1100
1101 sprintf((char *) (buf + 8), "%-8s%-16s%04x", (char*) vendor_id ,
1102 ums[common->lun].name, (u16) 0xffff);
1103
1104 return 36;
1105}
1106
1107
1108static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1109{
1110 struct fsg_lun *curlun = &common->luns[common->lun];
1111 u8 *buf = (u8 *) bh->buf;
1112 u32 sd, sdinfo;
1113 int valid;
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130#if 0
1131 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
1132 curlun->sense_data = curlun->unit_attention_data;
1133 curlun->unit_attention_data = SS_NO_SENSE;
1134 }
1135#endif
1136
1137 if (!curlun) {
1138 common->bad_lun_okay = 1;
1139 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1140 sdinfo = 0;
1141 valid = 0;
1142 } else {
1143 sd = curlun->sense_data;
1144 valid = curlun->info_valid << 7;
1145 curlun->sense_data = SS_NO_SENSE;
1146 curlun->info_valid = 0;
1147 }
1148
1149 memset(buf, 0, 18);
1150 buf[0] = valid | 0x70;
1151 buf[2] = SK(sd);
1152 put_unaligned_be32(sdinfo, &buf[3]);
1153 buf[7] = 18 - 8;
1154 buf[12] = ASC(sd);
1155 buf[13] = ASCQ(sd);
1156 return 18;
1157}
1158
1159static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh)
1160{
1161 struct fsg_lun *curlun = &common->luns[common->lun];
1162 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1163 int pmi = common->cmnd[8];
1164 u8 *buf = (u8 *) bh->buf;
1165
1166
1167 if (pmi > 1 || (pmi == 0 && lba != 0)) {
1168 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1169 return -EINVAL;
1170 }
1171
1172 put_unaligned_be32(curlun->num_sectors - 1, &buf[0]);
1173
1174 put_unaligned_be32(512, &buf[4]);
1175 return 8;
1176}
1177
1178static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh)
1179{
1180 struct fsg_lun *curlun = &common->luns[common->lun];
1181 int msf = common->cmnd[1] & 0x02;
1182 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1183 u8 *buf = (u8 *) bh->buf;
1184
1185 if (common->cmnd[1] & ~0x02) {
1186 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1187 return -EINVAL;
1188 }
1189 if (lba >= curlun->num_sectors) {
1190 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1191 return -EINVAL;
1192 }
1193
1194 memset(buf, 0, 8);
1195 buf[0] = 0x01;
1196 store_cdrom_address(&buf[4], msf, lba);
1197 return 8;
1198}
1199
1200
1201static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh)
1202{
1203 struct fsg_lun *curlun = &common->luns[common->lun];
1204 int msf = common->cmnd[1] & 0x02;
1205 int start_track = common->cmnd[6];
1206 u8 *buf = (u8 *) bh->buf;
1207
1208 if ((common->cmnd[1] & ~0x02) != 0 ||
1209 start_track > 1) {
1210 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1211 return -EINVAL;
1212 }
1213
1214 memset(buf, 0, 20);
1215 buf[1] = (20-2);
1216 buf[2] = 1;
1217 buf[3] = 1;
1218 buf[5] = 0x16;
1219 buf[6] = 0x01;
1220 store_cdrom_address(&buf[8], msf, 0);
1221
1222 buf[13] = 0x16;
1223 buf[14] = 0xAA;
1224 store_cdrom_address(&buf[16], msf, curlun->num_sectors);
1225
1226 return 20;
1227}
1228
1229static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1230{
1231 struct fsg_lun *curlun = &common->luns[common->lun];
1232 int mscmnd = common->cmnd[0];
1233 u8 *buf = (u8 *) bh->buf;
1234 u8 *buf0 = buf;
1235 int pc, page_code;
1236 int changeable_values, all_pages;
1237 int valid_page = 0;
1238 int len, limit;
1239
1240 if ((common->cmnd[1] & ~0x08) != 0) {
1241 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1242 return -EINVAL;
1243 }
1244 pc = common->cmnd[2] >> 6;
1245 page_code = common->cmnd[2] & 0x3f;
1246 if (pc == 3) {
1247 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1248 return -EINVAL;
1249 }
1250 changeable_values = (pc == 1);
1251 all_pages = (page_code == 0x3f);
1252
1253
1254
1255
1256
1257 memset(buf, 0, 8);
1258 if (mscmnd == SC_MODE_SENSE_6) {
1259 buf[2] = (curlun->ro ? 0x80 : 0x00);
1260 buf += 4;
1261 limit = 255;
1262 } else {
1263 buf[3] = (curlun->ro ? 0x80 : 0x00);
1264 buf += 8;
1265 limit = 65535;
1266 }
1267
1268
1269
1270
1271
1272 if (page_code == 0x08 || all_pages) {
1273 valid_page = 1;
1274 buf[0] = 0x08;
1275 buf[1] = 10;
1276 memset(buf+2, 0, 10);
1277
1278 if (!changeable_values) {
1279 buf[2] = 0x04;
1280
1281
1282 put_unaligned_be16(0xffff, &buf[4]);
1283
1284
1285 put_unaligned_be16(0xffff, &buf[8]);
1286
1287 put_unaligned_be16(0xffff, &buf[10]);
1288
1289 }
1290 buf += 12;
1291 }
1292
1293
1294
1295 len = buf - buf0;
1296 if (!valid_page || len > limit) {
1297 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1298 return -EINVAL;
1299 }
1300
1301
1302 if (mscmnd == SC_MODE_SENSE_6)
1303 buf0[0] = len - 1;
1304 else
1305 put_unaligned_be16(len - 2, buf0);
1306 return len;
1307}
1308
1309
1310static int do_start_stop(struct fsg_common *common)
1311{
1312 struct fsg_lun *curlun = &common->luns[common->lun];
1313
1314 if (!curlun) {
1315 return -EINVAL;
1316 } else if (!curlun->removable) {
1317 curlun->sense_data = SS_INVALID_COMMAND;
1318 return -EINVAL;
1319 }
1320
1321 return 0;
1322}
1323
1324static int do_prevent_allow(struct fsg_common *common)
1325{
1326 struct fsg_lun *curlun = &common->luns[common->lun];
1327 int prevent;
1328
1329 if (!curlun->removable) {
1330 curlun->sense_data = SS_INVALID_COMMAND;
1331 return -EINVAL;
1332 }
1333
1334 prevent = common->cmnd[4] & 0x01;
1335 if ((common->cmnd[4] & ~0x01) != 0) {
1336 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1337 return -EINVAL;
1338 }
1339
1340 if (curlun->prevent_medium_removal && !prevent)
1341 fsg_lun_fsync_sub(curlun);
1342 curlun->prevent_medium_removal = prevent;
1343 return 0;
1344}
1345
1346
1347static int do_read_format_capacities(struct fsg_common *common,
1348 struct fsg_buffhd *bh)
1349{
1350 struct fsg_lun *curlun = &common->luns[common->lun];
1351 u8 *buf = (u8 *) bh->buf;
1352
1353 buf[0] = buf[1] = buf[2] = 0;
1354 buf[3] = 8;
1355 buf += 4;
1356
1357 put_unaligned_be32(curlun->num_sectors, &buf[0]);
1358
1359 put_unaligned_be32(512, &buf[4]);
1360 buf[4] = 0x02;
1361 return 12;
1362}
1363
1364
1365static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh)
1366{
1367 struct fsg_lun *curlun = &common->luns[common->lun];
1368
1369
1370 if (curlun)
1371 curlun->sense_data = SS_INVALID_COMMAND;
1372 return -EINVAL;
1373}
1374
1375
1376
1377
1378static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
1379{
1380 int rc;
1381
1382 rc = fsg_set_halt(fsg, fsg->bulk_in);
1383 if (rc == -EAGAIN)
1384 VDBG(fsg, "delayed bulk-in endpoint halt\n");
1385 while (rc != 0) {
1386 if (rc != -EAGAIN) {
1387 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc);
1388 rc = 0;
1389 break;
1390 }
1391
1392 rc = usb_ep_set_halt(fsg->bulk_in);
1393 }
1394 return rc;
1395}
1396
1397static int wedge_bulk_in_endpoint(struct fsg_dev *fsg)
1398{
1399 int rc;
1400
1401 DBG(fsg, "bulk-in set wedge\n");
1402 rc = 0;
1403 if (rc == -EAGAIN)
1404 VDBG(fsg, "delayed bulk-in endpoint wedge\n");
1405 while (rc != 0) {
1406 if (rc != -EAGAIN) {
1407 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc);
1408 rc = 0;
1409 break;
1410 }
1411 }
1412 return rc;
1413}
1414
1415static int pad_with_zeros(struct fsg_dev *fsg)
1416{
1417 struct fsg_buffhd *bh = fsg->common->next_buffhd_to_fill;
1418 u32 nkeep = bh->inreq->length;
1419 u32 nsend;
1420 int rc;
1421
1422 bh->state = BUF_STATE_EMPTY;
1423 fsg->common->usb_amount_left = nkeep + fsg->common->residue;
1424 while (fsg->common->usb_amount_left > 0) {
1425
1426
1427 while (bh->state != BUF_STATE_EMPTY) {
1428 rc = sleep_thread(fsg->common);
1429 if (rc)
1430 return rc;
1431 }
1432
1433 nsend = min(fsg->common->usb_amount_left, FSG_BUFLEN);
1434 memset(bh->buf + nkeep, 0, nsend - nkeep);
1435 bh->inreq->length = nsend;
1436 bh->inreq->zero = 0;
1437 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1438 &bh->inreq_busy, &bh->state);
1439 bh = fsg->common->next_buffhd_to_fill = bh->next;
1440 fsg->common->usb_amount_left -= nsend;
1441 nkeep = 0;
1442 }
1443 return 0;
1444}
1445
1446static int throw_away_data(struct fsg_common *common)
1447{
1448 struct fsg_buffhd *bh;
1449 u32 amount;
1450 int rc;
1451
1452 for (bh = common->next_buffhd_to_drain;
1453 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0;
1454 bh = common->next_buffhd_to_drain) {
1455
1456
1457 if (bh->state == BUF_STATE_FULL) {
1458 bh->state = BUF_STATE_EMPTY;
1459 common->next_buffhd_to_drain = bh->next;
1460
1461
1462 if (bh->outreq->actual != bh->outreq->length ||
1463 bh->outreq->status != 0) {
1464 raise_exception(common,
1465 FSG_STATE_ABORT_BULK_OUT);
1466 return -EINTR;
1467 }
1468 continue;
1469 }
1470
1471
1472 bh = common->next_buffhd_to_fill;
1473 if (bh->state == BUF_STATE_EMPTY
1474 && common->usb_amount_left > 0) {
1475 amount = min(common->usb_amount_left, FSG_BUFLEN);
1476
1477
1478
1479 bh->outreq->length = amount;
1480 bh->bulk_out_intended_length = amount;
1481 bh->outreq->short_not_ok = 1;
1482 START_TRANSFER_OR(common, bulk_out, bh->outreq,
1483 &bh->outreq_busy, &bh->state)
1484
1485
1486 return -EIO;
1487 common->next_buffhd_to_fill = bh->next;
1488 common->usb_amount_left -= amount;
1489 continue;
1490 }
1491
1492
1493 rc = sleep_thread(common);
1494 if (rc)
1495 return rc;
1496 }
1497 return 0;
1498}
1499
1500
1501static int finish_reply(struct fsg_common *common)
1502{
1503 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1504 int rc = 0;
1505
1506 switch (common->data_dir) {
1507 case DATA_DIR_NONE:
1508 break;
1509
1510
1511
1512
1513
1514 case DATA_DIR_UNKNOWN:
1515 if (!common->can_stall) {
1516
1517 } else if (fsg_is_set(common)) {
1518 fsg_set_halt(common->fsg, common->fsg->bulk_out);
1519 rc = halt_bulk_in_endpoint(common->fsg);
1520 } else {
1521
1522 rc = -EIO;
1523 }
1524 break;
1525
1526
1527 case DATA_DIR_TO_HOST:
1528 if (common->data_size == 0) {
1529
1530
1531
1532 } else if (common->residue == 0) {
1533 bh->inreq->zero = 0;
1534 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1535 &bh->inreq_busy, &bh->state)
1536 return -EIO;
1537 common->next_buffhd_to_fill = bh->next;
1538
1539
1540
1541
1542 } else if (common->can_stall) {
1543 bh->inreq->zero = 1;
1544 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1545 &bh->inreq_busy, &bh->state)
1546
1547
1548 rc = -EIO;
1549 common->next_buffhd_to_fill = bh->next;
1550 if (common->fsg)
1551 rc = halt_bulk_in_endpoint(common->fsg);
1552 } else if (fsg_is_set(common)) {
1553 rc = pad_with_zeros(common->fsg);
1554 } else {
1555
1556 rc = -EIO;
1557 }
1558 break;
1559
1560
1561
1562 case DATA_DIR_FROM_HOST:
1563 if (common->residue == 0) {
1564
1565
1566
1567 } else if (common->short_packet_received) {
1568 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1569 rc = -EINTR;
1570
1571
1572
1573
1574
1575
1576
1577#if 0
1578 } else if (common->can_stall) {
1579 if (fsg_is_set(common))
1580 fsg_set_halt(common->fsg,
1581 common->fsg->bulk_out);
1582 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1583 rc = -EINTR;
1584#endif
1585
1586
1587
1588 } else {
1589 rc = throw_away_data(common);
1590 }
1591 break;
1592 }
1593 return rc;
1594}
1595
1596
1597static int send_status(struct fsg_common *common)
1598{
1599 struct fsg_lun *curlun = &common->luns[common->lun];
1600 struct fsg_buffhd *bh;
1601 struct bulk_cs_wrap *csw;
1602 int rc;
1603 u8 status = USB_STATUS_PASS;
1604 u32 sd, sdinfo = 0;
1605
1606
1607 bh = common->next_buffhd_to_fill;
1608 while (bh->state != BUF_STATE_EMPTY) {
1609 rc = sleep_thread(common);
1610 if (rc)
1611 return rc;
1612 }
1613
1614 if (curlun)
1615 sd = curlun->sense_data;
1616 else if (common->bad_lun_okay)
1617 sd = SS_NO_SENSE;
1618 else
1619 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1620
1621 if (common->phase_error) {
1622 DBG(common, "sending phase-error status\n");
1623 status = USB_STATUS_PHASE_ERROR;
1624 sd = SS_INVALID_COMMAND;
1625 } else if (sd != SS_NO_SENSE) {
1626 DBG(common, "sending command-failure status\n");
1627 status = USB_STATUS_FAIL;
1628 VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
1629 " info x%x\n",
1630 SK(sd), ASC(sd), ASCQ(sd), sdinfo);
1631 }
1632
1633
1634 csw = (void *)bh->buf;
1635
1636 csw->Signature = cpu_to_le32(USB_BULK_CS_SIG);
1637 csw->Tag = common->tag;
1638 csw->Residue = cpu_to_le32(common->residue);
1639 csw->Status = status;
1640
1641 bh->inreq->length = USB_BULK_CS_WRAP_LEN;
1642 bh->inreq->zero = 0;
1643 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1644 &bh->inreq_busy, &bh->state)
1645
1646 return -EIO;
1647
1648 common->next_buffhd_to_fill = bh->next;
1649 return 0;
1650}
1651
1652
1653
1654
1655
1656
1657static int check_command(struct fsg_common *common, int cmnd_size,
1658 enum data_direction data_dir, unsigned int mask,
1659 int needs_medium, const char *name)
1660{
1661 int i;
1662 int lun = common->cmnd[1] >> 5;
1663 static const char dirletter[4] = {'u', 'o', 'i', 'n'};
1664 char hdlen[20];
1665 struct fsg_lun *curlun;
1666
1667 hdlen[0] = 0;
1668 if (common->data_dir != DATA_DIR_UNKNOWN)
1669 sprintf(hdlen, ", H%c=%u", dirletter[(int) common->data_dir],
1670 common->data_size);
1671 VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
1672 name, cmnd_size, dirletter[(int) data_dir],
1673 common->data_size_from_cmnd, common->cmnd_size, hdlen);
1674
1675
1676
1677 if (common->data_size_from_cmnd == 0)
1678 data_dir = DATA_DIR_NONE;
1679 if (common->data_size < common->data_size_from_cmnd) {
1680
1681
1682
1683 common->data_size_from_cmnd = common->data_size;
1684 common->phase_error = 1;
1685 }
1686 common->residue = common->data_size;
1687 common->usb_amount_left = common->data_size;
1688
1689
1690 if (common->data_dir != data_dir
1691 && common->data_size_from_cmnd > 0) {
1692 common->phase_error = 1;
1693 return -EINVAL;
1694 }
1695
1696
1697 if (cmnd_size != common->cmnd_size) {
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711 if (cmnd_size <= common->cmnd_size) {
1712 DBG(common, "%s is buggy! Expected length %d "
1713 "but we got %d\n", name,
1714 cmnd_size, common->cmnd_size);
1715 cmnd_size = common->cmnd_size;
1716 } else {
1717 common->phase_error = 1;
1718 return -EINVAL;
1719 }
1720 }
1721
1722
1723 if (common->lun != lun)
1724 DBG(common, "using LUN %d from CBW, not LUN %d from CDB\n",
1725 common->lun, lun);
1726
1727
1728 if (common->lun < common->nluns) {
1729 curlun = &common->luns[common->lun];
1730 if (common->cmnd[0] != SC_REQUEST_SENSE) {
1731 curlun->sense_data = SS_NO_SENSE;
1732 curlun->info_valid = 0;
1733 }
1734 } else {
1735 curlun = NULL;
1736 common->bad_lun_okay = 0;
1737
1738
1739
1740 if (common->cmnd[0] != SC_INQUIRY &&
1741 common->cmnd[0] != SC_REQUEST_SENSE) {
1742 DBG(common, "unsupported LUN %d\n", common->lun);
1743 return -EINVAL;
1744 }
1745 }
1746#if 0
1747
1748
1749 if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
1750 common->cmnd[0] != SC_INQUIRY &&
1751 common->cmnd[0] != SC_REQUEST_SENSE) {
1752 curlun->sense_data = curlun->unit_attention_data;
1753 curlun->unit_attention_data = SS_NO_SENSE;
1754 return -EINVAL;
1755 }
1756#endif
1757
1758 common->cmnd[1] &= 0x1f;
1759 for (i = 1; i < cmnd_size; ++i) {
1760 if (common->cmnd[i] && !(mask & (1 << i))) {
1761 if (curlun)
1762 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1763 return -EINVAL;
1764 }
1765 }
1766
1767 return 0;
1768}
1769
1770
1771static int do_scsi_command(struct fsg_common *common)
1772{
1773 struct fsg_buffhd *bh;
1774 int rc;
1775 int reply = -EINVAL;
1776 int i;
1777 static char unknown[16];
1778 struct fsg_lun *curlun = &common->luns[common->lun];
1779
1780 dump_cdb(common);
1781
1782
1783 bh = common->next_buffhd_to_fill;
1784 common->next_buffhd_to_drain = bh;
1785 while (bh->state != BUF_STATE_EMPTY) {
1786 rc = sleep_thread(common);
1787 if (rc)
1788 return rc;
1789 }
1790 common->phase_error = 0;
1791 common->short_packet_received = 0;
1792
1793 down_read(&common->filesem);
1794 switch (common->cmnd[0]) {
1795
1796 case SC_INQUIRY:
1797 common->data_size_from_cmnd = common->cmnd[4];
1798 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1799 (1<<4), 0,
1800 "INQUIRY");
1801 if (reply == 0)
1802 reply = do_inquiry(common, bh);
1803 break;
1804
1805 case SC_MODE_SELECT_6:
1806 common->data_size_from_cmnd = common->cmnd[4];
1807 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1808 (1<<1) | (1<<4), 0,
1809 "MODE SELECT(6)");
1810 if (reply == 0)
1811 reply = do_mode_select(common, bh);
1812 break;
1813
1814 case SC_MODE_SELECT_10:
1815 common->data_size_from_cmnd =
1816 get_unaligned_be16(&common->cmnd[7]);
1817 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
1818 (1<<1) | (3<<7), 0,
1819 "MODE SELECT(10)");
1820 if (reply == 0)
1821 reply = do_mode_select(common, bh);
1822 break;
1823
1824 case SC_MODE_SENSE_6:
1825 common->data_size_from_cmnd = common->cmnd[4];
1826 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1827 (1<<1) | (1<<2) | (1<<4), 0,
1828 "MODE SENSE(6)");
1829 if (reply == 0)
1830 reply = do_mode_sense(common, bh);
1831 break;
1832
1833 case SC_MODE_SENSE_10:
1834 common->data_size_from_cmnd =
1835 get_unaligned_be16(&common->cmnd[7]);
1836 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1837 (1<<1) | (1<<2) | (3<<7), 0,
1838 "MODE SENSE(10)");
1839 if (reply == 0)
1840 reply = do_mode_sense(common, bh);
1841 break;
1842
1843 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1844 common->data_size_from_cmnd = 0;
1845 reply = check_command(common, 6, DATA_DIR_NONE,
1846 (1<<4), 0,
1847 "PREVENT-ALLOW MEDIUM REMOVAL");
1848 if (reply == 0)
1849 reply = do_prevent_allow(common);
1850 break;
1851
1852 case SC_READ_6:
1853 i = common->cmnd[4];
1854 common->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1855 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1856 (7<<1) | (1<<4), 1,
1857 "READ(6)");
1858 if (reply == 0)
1859 reply = do_read(common);
1860 break;
1861
1862 case SC_READ_10:
1863 common->data_size_from_cmnd =
1864 get_unaligned_be16(&common->cmnd[7]) << 9;
1865 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1866 (1<<1) | (0xf<<2) | (3<<7), 1,
1867 "READ(10)");
1868 if (reply == 0)
1869 reply = do_read(common);
1870 break;
1871
1872 case SC_READ_12:
1873 common->data_size_from_cmnd =
1874 get_unaligned_be32(&common->cmnd[6]) << 9;
1875 reply = check_command(common, 12, DATA_DIR_TO_HOST,
1876 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1877 "READ(12)");
1878 if (reply == 0)
1879 reply = do_read(common);
1880 break;
1881
1882 case SC_READ_CAPACITY:
1883 common->data_size_from_cmnd = 8;
1884 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1885 (0xf<<2) | (1<<8), 1,
1886 "READ CAPACITY");
1887 if (reply == 0)
1888 reply = do_read_capacity(common, bh);
1889 break;
1890
1891 case SC_READ_HEADER:
1892 if (!common->luns[common->lun].cdrom)
1893 goto unknown_cmnd;
1894 common->data_size_from_cmnd =
1895 get_unaligned_be16(&common->cmnd[7]);
1896 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1897 (3<<7) | (0x1f<<1), 1,
1898 "READ HEADER");
1899 if (reply == 0)
1900 reply = do_read_header(common, bh);
1901 break;
1902
1903 case SC_READ_TOC:
1904 if (!common->luns[common->lun].cdrom)
1905 goto unknown_cmnd;
1906 common->data_size_from_cmnd =
1907 get_unaligned_be16(&common->cmnd[7]);
1908 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1909 (7<<6) | (1<<1), 1,
1910 "READ TOC");
1911 if (reply == 0)
1912 reply = do_read_toc(common, bh);
1913 break;
1914
1915 case SC_READ_FORMAT_CAPACITIES:
1916 common->data_size_from_cmnd =
1917 get_unaligned_be16(&common->cmnd[7]);
1918 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1919 (3<<7), 1,
1920 "READ FORMAT CAPACITIES");
1921 if (reply == 0)
1922 reply = do_read_format_capacities(common, bh);
1923 break;
1924
1925 case SC_REQUEST_SENSE:
1926 common->data_size_from_cmnd = common->cmnd[4];
1927 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1928 (1<<4), 0,
1929 "REQUEST SENSE");
1930 if (reply == 0)
1931 reply = do_request_sense(common, bh);
1932 break;
1933
1934 case SC_START_STOP_UNIT:
1935 common->data_size_from_cmnd = 0;
1936 reply = check_command(common, 6, DATA_DIR_NONE,
1937 (1<<1) | (1<<4), 0,
1938 "START-STOP UNIT");
1939 if (reply == 0)
1940 reply = do_start_stop(common);
1941 break;
1942
1943 case SC_SYNCHRONIZE_CACHE:
1944 common->data_size_from_cmnd = 0;
1945 reply = check_command(common, 10, DATA_DIR_NONE,
1946 (0xf<<2) | (3<<7), 1,
1947 "SYNCHRONIZE CACHE");
1948 if (reply == 0)
1949 reply = do_synchronize_cache(common);
1950 break;
1951
1952 case SC_TEST_UNIT_READY:
1953 common->data_size_from_cmnd = 0;
1954 reply = check_command(common, 6, DATA_DIR_NONE,
1955 0, 1,
1956 "TEST UNIT READY");
1957 break;
1958
1959
1960
1961 case SC_VERIFY:
1962 common->data_size_from_cmnd = 0;
1963 reply = check_command(common, 10, DATA_DIR_NONE,
1964 (1<<1) | (0xf<<2) | (3<<7), 1,
1965 "VERIFY");
1966 if (reply == 0)
1967 reply = do_verify(common);
1968 break;
1969
1970 case SC_WRITE_6:
1971 i = common->cmnd[4];
1972 common->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1973 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1974 (7<<1) | (1<<4), 1,
1975 "WRITE(6)");
1976 if (reply == 0)
1977 reply = do_write(common);
1978 break;
1979
1980 case SC_WRITE_10:
1981 common->data_size_from_cmnd =
1982 get_unaligned_be16(&common->cmnd[7]) << 9;
1983 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
1984 (1<<1) | (0xf<<2) | (3<<7), 1,
1985 "WRITE(10)");
1986 if (reply == 0)
1987 reply = do_write(common);
1988 break;
1989
1990 case SC_WRITE_12:
1991 common->data_size_from_cmnd =
1992 get_unaligned_be32(&common->cmnd[6]) << 9;
1993 reply = check_command(common, 12, DATA_DIR_FROM_HOST,
1994 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1995 "WRITE(12)");
1996 if (reply == 0)
1997 reply = do_write(common);
1998 break;
1999
2000
2001
2002
2003
2004 case SC_FORMAT_UNIT:
2005 case SC_RELEASE:
2006 case SC_RESERVE:
2007 case SC_SEND_DIAGNOSTIC:
2008
2009
2010 default:
2011unknown_cmnd:
2012 common->data_size_from_cmnd = 0;
2013 sprintf(unknown, "Unknown x%02x", common->cmnd[0]);
2014 reply = check_command(common, common->cmnd_size,
2015 DATA_DIR_UNKNOWN, 0xff, 0, unknown);
2016 if (reply == 0) {
2017 curlun->sense_data = SS_INVALID_COMMAND;
2018 reply = -EINVAL;
2019 }
2020 break;
2021 }
2022 up_read(&common->filesem);
2023
2024 if (reply == -EINTR)
2025 return -EINTR;
2026
2027
2028 if (reply == -EINVAL)
2029 reply = 0;
2030 if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) {
2031 reply = min((u32) reply, common->data_size_from_cmnd);
2032 bh->inreq->length = reply;
2033 bh->state = BUF_STATE_FULL;
2034 common->residue -= reply;
2035 }
2036
2037 return 0;
2038}
2039
2040
2041
2042static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2043{
2044 struct usb_request *req = bh->outreq;
2045 struct fsg_bulk_cb_wrap *cbw = req->buf;
2046 struct fsg_common *common = fsg->common;
2047
2048
2049 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
2050 return -EINVAL;
2051
2052
2053 if (req->actual != USB_BULK_CB_WRAP_LEN ||
2054 cbw->Signature != cpu_to_le32(
2055 USB_BULK_CB_SIG)) {
2056 DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
2057 req->actual,
2058 le32_to_cpu(cbw->Signature));
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069 wedge_bulk_in_endpoint(fsg);
2070 generic_set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2071 return -EINVAL;
2072 }
2073
2074
2075 if (cbw->Lun >= FSG_MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG ||
2076 cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
2077 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2078 "cmdlen %u\n",
2079 cbw->Lun, cbw->Flags, cbw->Length);
2080
2081
2082
2083 if (common->can_stall) {
2084 fsg_set_halt(fsg, fsg->bulk_out);
2085 halt_bulk_in_endpoint(fsg);
2086 }
2087 return -EINVAL;
2088 }
2089
2090
2091 common->cmnd_size = cbw->Length;
2092 memcpy(common->cmnd, cbw->CDB, common->cmnd_size);
2093 if (cbw->Flags & USB_BULK_IN_FLAG)
2094 common->data_dir = DATA_DIR_TO_HOST;
2095 else
2096 common->data_dir = DATA_DIR_FROM_HOST;
2097 common->data_size = le32_to_cpu(cbw->DataTransferLength);
2098 if (common->data_size == 0)
2099 common->data_dir = DATA_DIR_NONE;
2100 common->lun = cbw->Lun;
2101 common->tag = cbw->Tag;
2102 return 0;
2103}
2104
2105
2106static int get_next_command(struct fsg_common *common)
2107{
2108 struct fsg_buffhd *bh;
2109 int rc = 0;
2110
2111
2112 bh = common->next_buffhd_to_fill;
2113 while (bh->state != BUF_STATE_EMPTY) {
2114 rc = sleep_thread(common);
2115 if (rc)
2116 return rc;
2117 }
2118
2119
2120 set_bulk_out_req_length(common, bh, USB_BULK_CB_WRAP_LEN);
2121 bh->outreq->short_not_ok = 1;
2122 START_TRANSFER_OR(common, bulk_out, bh->outreq,
2123 &bh->outreq_busy, &bh->state)
2124
2125 return -EIO;
2126
2127
2128
2129
2130
2131
2132 while (bh->state != BUF_STATE_FULL) {
2133 rc = sleep_thread(common);
2134 if (rc)
2135 return rc;
2136 }
2137
2138 rc = fsg_is_set(common) ? received_cbw(common->fsg, bh) : -EIO;
2139 bh->state = BUF_STATE_EMPTY;
2140
2141 return rc;
2142}
2143
2144
2145
2146
2147static int enable_endpoint(struct fsg_common *common, struct usb_ep *ep,
2148 const struct usb_endpoint_descriptor *d)
2149{
2150 int rc;
2151
2152 ep->driver_data = common;
2153 rc = usb_ep_enable(ep, d);
2154 if (rc)
2155 ERROR(common, "can't enable %s, result %d\n", ep->name, rc);
2156 return rc;
2157}
2158
2159static int alloc_request(struct fsg_common *common, struct usb_ep *ep,
2160 struct usb_request **preq)
2161{
2162 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
2163 if (*preq)
2164 return 0;
2165 ERROR(common, "can't allocate request for %s\n", ep->name);
2166 return -ENOMEM;
2167}
2168
2169
2170static int do_set_interface(struct fsg_common *common, struct fsg_dev *new_fsg)
2171{
2172 const struct usb_endpoint_descriptor *d;
2173 struct fsg_dev *fsg;
2174 int i, rc = 0;
2175
2176 if (common->running)
2177 DBG(common, "reset interface\n");
2178
2179reset:
2180
2181 if (common->fsg) {
2182 fsg = common->fsg;
2183
2184 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2185 struct fsg_buffhd *bh = &common->buffhds[i];
2186
2187 if (bh->inreq) {
2188 usb_ep_free_request(fsg->bulk_in, bh->inreq);
2189 bh->inreq = NULL;
2190 }
2191 if (bh->outreq) {
2192 usb_ep_free_request(fsg->bulk_out, bh->outreq);
2193 bh->outreq = NULL;
2194 }
2195 }
2196
2197
2198 if (fsg->bulk_in_enabled) {
2199 usb_ep_disable(fsg->bulk_in);
2200 fsg->bulk_in_enabled = 0;
2201 }
2202 if (fsg->bulk_out_enabled) {
2203 usb_ep_disable(fsg->bulk_out);
2204 fsg->bulk_out_enabled = 0;
2205 }
2206
2207 common->fsg = NULL;
2208
2209 }
2210
2211 common->running = 0;
2212 if (!new_fsg || rc)
2213 return rc;
2214
2215 common->fsg = new_fsg;
2216 fsg = common->fsg;
2217
2218
2219 d = fsg_ep_desc(common->gadget,
2220 &fsg_fs_bulk_in_desc, &fsg_hs_bulk_in_desc);
2221 rc = enable_endpoint(common, fsg->bulk_in, d);
2222 if (rc)
2223 goto reset;
2224 fsg->bulk_in_enabled = 1;
2225
2226 d = fsg_ep_desc(common->gadget,
2227 &fsg_fs_bulk_out_desc, &fsg_hs_bulk_out_desc);
2228 rc = enable_endpoint(common, fsg->bulk_out, d);
2229 if (rc)
2230 goto reset;
2231 fsg->bulk_out_enabled = 1;
2232 common->bulk_out_maxpacket =
2233 le16_to_cpu(get_unaligned(&d->wMaxPacketSize));
2234 generic_clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2235
2236
2237 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2238 struct fsg_buffhd *bh = &common->buffhds[i];
2239
2240 rc = alloc_request(common, fsg->bulk_in, &bh->inreq);
2241 if (rc)
2242 goto reset;
2243 rc = alloc_request(common, fsg->bulk_out, &bh->outreq);
2244 if (rc)
2245 goto reset;
2246 bh->inreq->buf = bh->outreq->buf = bh->buf;
2247 bh->inreq->context = bh->outreq->context = bh;
2248 bh->inreq->complete = bulk_in_complete;
2249 bh->outreq->complete = bulk_out_complete;
2250 }
2251
2252 common->running = 1;
2253
2254 return rc;
2255}
2256
2257
2258
2259
2260
2261static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
2262{
2263 struct fsg_dev *fsg = fsg_from_func(f);
2264 fsg->common->new_fsg = fsg;
2265 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2266 return 0;
2267}
2268
2269static void fsg_disable(struct usb_function *f)
2270{
2271 struct fsg_dev *fsg = fsg_from_func(f);
2272 fsg->common->new_fsg = NULL;
2273 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2274}
2275
2276
2277
2278static void handle_exception(struct fsg_common *common)
2279{
2280 int i;
2281 struct fsg_buffhd *bh;
2282 enum fsg_state old_state;
2283 struct fsg_lun *curlun;
2284 unsigned int exception_req_tag;
2285
2286
2287 if (common->fsg) {
2288 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2289 bh = &common->buffhds[i];
2290 if (bh->inreq_busy)
2291 usb_ep_dequeue(common->fsg->bulk_in, bh->inreq);
2292 if (bh->outreq_busy)
2293 usb_ep_dequeue(common->fsg->bulk_out,
2294 bh->outreq);
2295 }
2296
2297
2298 for (;;) {
2299 int num_active = 0;
2300 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2301 bh = &common->buffhds[i];
2302 num_active += bh->inreq_busy + bh->outreq_busy;
2303 }
2304 if (num_active == 0)
2305 break;
2306 if (sleep_thread(common))
2307 return;
2308 }
2309
2310
2311 if (common->fsg->bulk_in_enabled)
2312 usb_ep_fifo_flush(common->fsg->bulk_in);
2313 if (common->fsg->bulk_out_enabled)
2314 usb_ep_fifo_flush(common->fsg->bulk_out);
2315 }
2316
2317
2318
2319
2320 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2321 bh = &common->buffhds[i];
2322 bh->state = BUF_STATE_EMPTY;
2323 }
2324 common->next_buffhd_to_fill = &common->buffhds[0];
2325 common->next_buffhd_to_drain = &common->buffhds[0];
2326 exception_req_tag = common->exception_req_tag;
2327 old_state = common->state;
2328
2329 if (old_state == FSG_STATE_ABORT_BULK_OUT)
2330 common->state = FSG_STATE_STATUS_PHASE;
2331 else {
2332 for (i = 0; i < common->nluns; ++i) {
2333 curlun = &common->luns[i];
2334 curlun->sense_data = SS_NO_SENSE;
2335 curlun->info_valid = 0;
2336 }
2337 common->state = FSG_STATE_IDLE;
2338 }
2339
2340
2341 switch (old_state) {
2342 case FSG_STATE_ABORT_BULK_OUT:
2343 send_status(common);
2344
2345 if (common->state == FSG_STATE_STATUS_PHASE)
2346 common->state = FSG_STATE_IDLE;
2347 break;
2348
2349 case FSG_STATE_RESET:
2350
2351
2352
2353 if (!fsg_is_set(common))
2354 break;
2355 if (test_and_clear_bit(IGNORE_BULK_OUT,
2356 &common->fsg->atomic_bitflags))
2357 usb_ep_clear_halt(common->fsg->bulk_in);
2358
2359 if (common->ep0_req_tag == exception_req_tag)
2360 ep0_queue(common);
2361
2362 break;
2363
2364 case FSG_STATE_CONFIG_CHANGE:
2365 do_set_interface(common, common->new_fsg);
2366 break;
2367
2368 case FSG_STATE_EXIT:
2369 case FSG_STATE_TERMINATED:
2370 do_set_interface(common, NULL);
2371 common->state = FSG_STATE_TERMINATED;
2372 break;
2373
2374 case FSG_STATE_INTERFACE_CHANGE:
2375 case FSG_STATE_DISCONNECT:
2376 case FSG_STATE_COMMAND_PHASE:
2377 case FSG_STATE_DATA_PHASE:
2378 case FSG_STATE_STATUS_PHASE:
2379 case FSG_STATE_IDLE:
2380 break;
2381 }
2382}
2383
2384
2385
2386int fsg_main_thread(void *common_)
2387{
2388 int ret;
2389 struct fsg_common *common = the_fsg_common;
2390
2391 do {
2392 if (exception_in_progress(common)) {
2393 handle_exception(common);
2394 continue;
2395 }
2396
2397 if (!common->running) {
2398 ret = sleep_thread(common);
2399 if (ret)
2400 return ret;
2401
2402 continue;
2403 }
2404
2405 ret = get_next_command(common);
2406 if (ret)
2407 return ret;
2408
2409 if (!exception_in_progress(common))
2410 common->state = FSG_STATE_DATA_PHASE;
2411
2412 if (do_scsi_command(common) || finish_reply(common))
2413 continue;
2414
2415 if (!exception_in_progress(common))
2416 common->state = FSG_STATE_STATUS_PHASE;
2417
2418 if (send_status(common))
2419 continue;
2420
2421 if (!exception_in_progress(common))
2422 common->state = FSG_STATE_IDLE;
2423 } while (0);
2424
2425 common->thread_task = NULL;
2426
2427 return 0;
2428}
2429
2430static void fsg_common_release(struct kref *ref);
2431
2432static struct fsg_common *fsg_common_init(struct fsg_common *common,
2433 struct usb_composite_dev *cdev)
2434{
2435 struct usb_gadget *gadget = cdev->gadget;
2436 struct fsg_buffhd *bh;
2437 struct fsg_lun *curlun;
2438 int nluns, i, rc;
2439
2440
2441 nluns = ums_count;
2442 if (nluns < 1 || nluns > FSG_MAX_LUNS) {
2443 printf("invalid number of LUNs: %u\n", nluns);
2444 return ERR_PTR(-EINVAL);
2445 }
2446
2447
2448 if (!common) {
2449 common = calloc(sizeof(*common), 1);
2450 if (!common)
2451 return ERR_PTR(-ENOMEM);
2452 common->free_storage_on_release = 1;
2453 } else {
2454 memset(common, 0, sizeof(*common));
2455 common->free_storage_on_release = 0;
2456 }
2457
2458 common->ops = NULL;
2459 common->private_data = NULL;
2460
2461 common->gadget = gadget;
2462 common->ep0 = gadget->ep0;
2463 common->ep0req = cdev->req;
2464
2465
2466 if (fsg_strings[FSG_STRING_INTERFACE].id == 0) {
2467 rc = usb_string_id(cdev);
2468 if (unlikely(rc < 0))
2469 goto error_release;
2470 fsg_strings[FSG_STRING_INTERFACE].id = rc;
2471 fsg_intf_desc.iInterface = rc;
2472 }
2473
2474
2475
2476 curlun = calloc(nluns, sizeof *curlun);
2477 if (!curlun) {
2478 rc = -ENOMEM;
2479 goto error_release;
2480 }
2481 common->nluns = nluns;
2482
2483 for (i = 0; i < nluns; i++) {
2484 common->luns[i].removable = 1;
2485
2486 rc = fsg_lun_open(&common->luns[i], ums[i].num_sectors, "");
2487 if (rc)
2488 goto error_luns;
2489 }
2490 common->lun = 0;
2491
2492
2493 bh = common->buffhds;
2494
2495 i = FSG_NUM_BUFFERS;
2496 goto buffhds_first_it;
2497 do {
2498 bh->next = bh + 1;
2499 ++bh;
2500buffhds_first_it:
2501 bh->inreq_busy = 0;
2502 bh->outreq_busy = 0;
2503 bh->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, FSG_BUFLEN);
2504 if (unlikely(!bh->buf)) {
2505 rc = -ENOMEM;
2506 goto error_release;
2507 }
2508 } while (--i);
2509 bh->next = common->buffhds;
2510
2511 snprintf(common->inquiry_string, sizeof common->inquiry_string,
2512 "%-8s%-16s%04x",
2513 "Linux ",
2514 "File-Store Gadget",
2515 0xffff);
2516
2517
2518
2519
2520
2521
2522
2523 common->thread_task =
2524 kthread_create(fsg_main_thread, common,
2525 OR(cfg->thread_name, "file-storage"));
2526 if (IS_ERR(common->thread_task)) {
2527 rc = PTR_ERR(common->thread_task);
2528 goto error_release;
2529 }
2530
2531#undef OR
2532
2533 INFO(common, FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n");
2534 INFO(common, "Number of LUNs=%d\n", common->nluns);
2535
2536 return common;
2537
2538error_luns:
2539 common->nluns = i + 1;
2540error_release:
2541 common->state = FSG_STATE_TERMINATED;
2542
2543
2544 fsg_common_release(&common->ref);
2545 return ERR_PTR(rc);
2546}
2547
2548static void fsg_common_release(struct kref *ref)
2549{
2550 struct fsg_common *common = container_of(ref, struct fsg_common, ref);
2551
2552
2553 if (common->state != FSG_STATE_TERMINATED) {
2554 raise_exception(common, FSG_STATE_EXIT);
2555 wait_for_completion(&common->thread_notifier);
2556 }
2557
2558 if (likely(common->luns)) {
2559 struct fsg_lun *lun = common->luns;
2560 unsigned i = common->nluns;
2561
2562
2563 for (; i; --i, ++lun)
2564 fsg_lun_close(lun);
2565
2566 kfree(common->luns);
2567 }
2568
2569 {
2570 struct fsg_buffhd *bh = common->buffhds;
2571 unsigned i = FSG_NUM_BUFFERS;
2572 do {
2573 kfree(bh->buf);
2574 } while (++bh, --i);
2575 }
2576
2577 if (common->free_storage_on_release)
2578 kfree(common);
2579}
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596struct usb_descriptor_header **
2597usb_copy_descriptors(struct usb_descriptor_header **src)
2598{
2599 struct usb_descriptor_header **tmp;
2600 unsigned bytes;
2601 unsigned n_desc;
2602 void *mem;
2603 struct usb_descriptor_header **ret;
2604
2605
2606 for (bytes = 0, n_desc = 0, tmp = src; *tmp; tmp++, n_desc++)
2607 bytes += (*tmp)->bLength;
2608 bytes += (n_desc + 1) * sizeof(*tmp);
2609
2610 mem = memalign(CONFIG_SYS_CACHELINE_SIZE, bytes);
2611 if (!mem)
2612 return NULL;
2613
2614
2615
2616
2617
2618 tmp = mem;
2619 ret = mem;
2620 mem += (n_desc + 1) * sizeof(*tmp);
2621 while (*src) {
2622 memcpy(mem, *src, (*src)->bLength);
2623 *tmp = mem;
2624 tmp++;
2625 mem += (*src)->bLength;
2626 src++;
2627 }
2628 *tmp = NULL;
2629
2630 return ret;
2631}
2632
2633static void fsg_unbind(struct usb_configuration *c, struct usb_function *f)
2634{
2635 struct fsg_dev *fsg = fsg_from_func(f);
2636
2637 DBG(fsg, "unbind\n");
2638 if (fsg->common->fsg == fsg) {
2639 fsg->common->new_fsg = NULL;
2640 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2641 }
2642
2643 free(fsg->function.descriptors);
2644 free(fsg->function.hs_descriptors);
2645 kfree(fsg);
2646}
2647
2648static int fsg_bind(struct usb_configuration *c, struct usb_function *f)
2649{
2650 struct fsg_dev *fsg = fsg_from_func(f);
2651 struct usb_gadget *gadget = c->cdev->gadget;
2652 int i;
2653 struct usb_ep *ep;
2654 fsg->gadget = gadget;
2655
2656
2657 i = usb_interface_id(c, f);
2658 if (i < 0)
2659 return i;
2660 fsg_intf_desc.bInterfaceNumber = i;
2661 fsg->interface_number = i;
2662
2663
2664 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc);
2665 if (!ep)
2666 goto autoconf_fail;
2667 ep->driver_data = fsg->common;
2668 fsg->bulk_in = ep;
2669
2670 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc);
2671 if (!ep)
2672 goto autoconf_fail;
2673 ep->driver_data = fsg->common;
2674 fsg->bulk_out = ep;
2675
2676
2677 f->descriptors = usb_copy_descriptors(fsg_fs_function);
2678 if (unlikely(!f->descriptors))
2679 return -ENOMEM;
2680
2681 if (gadget_is_dualspeed(gadget)) {
2682
2683 fsg_hs_bulk_in_desc.bEndpointAddress =
2684 fsg_fs_bulk_in_desc.bEndpointAddress;
2685 fsg_hs_bulk_out_desc.bEndpointAddress =
2686 fsg_fs_bulk_out_desc.bEndpointAddress;
2687 f->hs_descriptors = usb_copy_descriptors(fsg_hs_function);
2688 if (unlikely(!f->hs_descriptors)) {
2689 free(f->descriptors);
2690 return -ENOMEM;
2691 }
2692 }
2693 return 0;
2694
2695autoconf_fail:
2696 ERROR(fsg, "unable to autoconfigure all endpoints\n");
2697 return -ENOTSUPP;
2698}
2699
2700
2701
2702
2703static struct usb_gadget_strings *fsg_strings_array[] = {
2704 &fsg_stringtab,
2705 NULL,
2706};
2707
2708static int fsg_bind_config(struct usb_composite_dev *cdev,
2709 struct usb_configuration *c,
2710 struct fsg_common *common)
2711{
2712 struct fsg_dev *fsg;
2713 int rc;
2714
2715 fsg = calloc(1, sizeof *fsg);
2716 if (!fsg)
2717 return -ENOMEM;
2718 fsg->function.name = FSG_DRIVER_DESC;
2719 fsg->function.strings = fsg_strings_array;
2720 fsg->function.bind = fsg_bind;
2721 fsg->function.unbind = fsg_unbind;
2722 fsg->function.setup = fsg_setup;
2723 fsg->function.set_alt = fsg_set_alt;
2724 fsg->function.disable = fsg_disable;
2725
2726 fsg->common = common;
2727 common->fsg = fsg;
2728
2729
2730
2731
2732
2733
2734 rc = usb_add_function(c, &fsg->function);
2735
2736 if (rc)
2737 kfree(fsg);
2738
2739 return rc;
2740}
2741
2742int fsg_add(struct usb_configuration *c)
2743{
2744 struct fsg_common *fsg_common;
2745
2746 fsg_common = fsg_common_init(NULL, c->cdev);
2747
2748 fsg_common->vendor_name = 0;
2749 fsg_common->product_name = 0;
2750 fsg_common->release = 0xffff;
2751
2752 fsg_common->ops = NULL;
2753 fsg_common->private_data = NULL;
2754
2755 the_fsg_common = fsg_common;
2756
2757 return fsg_bind_config(c->cdev, c, fsg_common);
2758}
2759
2760int fsg_init(struct ums *ums_devs, int count)
2761{
2762 ums = ums_devs;
2763 ums_count = count;
2764
2765 return 0;
2766}
2767
2768DECLARE_GADGET_BIND_CALLBACK(usb_dnl_ums, fsg_add);
2769
