search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PM / sleep: Asynchronous threads for suspend_noirq
[linux/fpc-iii.git] / drivers / usb / gadget / f_fs.c
blob306a2b52125c8e7ee2eba91bcf1156e689ae133e
1 /*
2 * f_fs.c -- user mode file system API for USB composite function controllers
3 *
4 * Copyright (C) 2010 Samsung Electronics
5 * Author: Michal Nazarewicz <mina86@mina86.com>
6 *
7 * Based on inode.c (GadgetFS) which was:
8 * Copyright (C) 2003-2004 David Brownell
9 * Copyright (C) 2003 Agilent Technologies
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 */
16
17
18 /* #define DEBUG */
19 /* #define VERBOSE_DEBUG */
20
21 #include <linux/blkdev.h>
22 #include <linux/pagemap.h>
23 #include <linux/export.h>
24 #include <linux/hid.h>
25 #include <linux/module.h>
26 #include <asm/unaligned.h>
27
28 #include <linux/usb/composite.h>
29 #include <linux/usb/functionfs.h>
30
31 #include "u_fs.h"
32 #include "configfs.h"
33
34 #define FUNCTIONFS_MAGIC 0xa647361 /* Chosen by a honest dice roll ;) */
35
36 /* Variable Length Array Macros **********************************************/
37 #define vla_group(groupname) size_t groupname##__next = 0
38 #define vla_group_size(groupname) groupname##__next
39
40 #define vla_item(groupname, type, name, n) \
41 size_t groupname##_##name##__offset = ({ \
42 size_t align_mask = __alignof__(type) - 1; \
43 size_t offset = (groupname##__next + align_mask) & ~align_mask;\
44 size_t size = (n) * sizeof(type); \
45 groupname##__next = offset + size; \
46 offset; \
47 })
48
49 #define vla_item_with_sz(groupname, type, name, n) \
50 size_t groupname##_##name##__sz = (n) * sizeof(type); \
51 size_t groupname##_##name##__offset = ({ \
52 size_t align_mask = __alignof__(type) - 1; \
53 size_t offset = (groupname##__next + align_mask) & ~align_mask;\
54 size_t size = groupname##_##name##__sz; \
55 groupname##__next = offset + size; \
56 offset; \
57 })
58
59 #define vla_ptr(ptr, groupname, name) \
60 ((void *) ((char *)ptr + groupname##_##name##__offset))
61
62 /* Reference counter handling */
63 static void ffs_data_get(struct ffs_data *ffs);
64 static void ffs_data_put(struct ffs_data *ffs);
65 /* Creates new ffs_data object. */
66 static struct ffs_data *__must_check ffs_data_new(void) __attribute__((malloc));
67
68 /* Opened counter handling. */
69 static void ffs_data_opened(struct ffs_data *ffs);
70 static void ffs_data_closed(struct ffs_data *ffs);
71
72 /* Called with ffs->mutex held; take over ownership of data. */
73 static int __must_check
74 __ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
75 static int __must_check
76 __ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
77
78
79 /* The function structure ***************************************************/
80
81 struct ffs_ep;
82
83 struct ffs_function {
84 struct usb_configuration *conf;
85 struct usb_gadget *gadget;
86 struct ffs_data *ffs;
87
88 struct ffs_ep *eps;
89 u8 eps_revmap[16];
90 short *interfaces_nums;
91
92 struct usb_function function;
93 };
94
95
96 static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
97 {
98 return container_of(f, struct ffs_function, function);
99 }
100
101
102 static void ffs_func_eps_disable(struct ffs_function *func);
103 static int __must_check ffs_func_eps_enable(struct ffs_function *func);
104
105 static int ffs_func_bind(struct usb_configuration *,
106 struct usb_function *);
107 static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
108 static void ffs_func_disable(struct usb_function *);
109 static int ffs_func_setup(struct usb_function *,
110 const struct usb_ctrlrequest *);
111 static void ffs_func_suspend(struct usb_function *);
112 static void ffs_func_resume(struct usb_function *);
113
114
115 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
116 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
117
118
119 /* The endpoints structures *************************************************/
120
121 struct ffs_ep {
122 struct usb_ep *ep; /* P: ffs->eps_lock */
123 struct usb_request *req; /* P: epfile->mutex */
124
125 /* [0]: full speed, [1]: high speed */
126 struct usb_endpoint_descriptor *descs[2];
127
128 u8 num;
129
130 int status; /* P: epfile->mutex */
131 };
132
133 struct ffs_epfile {
134 /* Protects ep->ep and ep->req. */
135 struct mutex mutex;
136 wait_queue_head_t wait;
137
138 struct ffs_data *ffs;
139 struct ffs_ep *ep; /* P: ffs->eps_lock */
140
141 struct dentry *dentry;
142
143 char name[5];
144
145 unsigned char in; /* P: ffs->eps_lock */
146 unsigned char isoc; /* P: ffs->eps_lock */
147
148 unsigned char _pad;
149 };
150
151 static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
152 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
153
154 static struct inode *__must_check
155 ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
156 const struct file_operations *fops,
157 struct dentry **dentry_p);
158
159 /* Devices management *******************************************************/
160
161 DEFINE_MUTEX(ffs_lock);
162 EXPORT_SYMBOL(ffs_lock);
163
164 static struct ffs_dev *ffs_find_dev(const char *name);
165 static int _ffs_name_dev(struct ffs_dev *dev, const char *name);
166 static void *ffs_acquire_dev(const char *dev_name);
167 static void ffs_release_dev(struct ffs_data *ffs_data);
168 static int ffs_ready(struct ffs_data *ffs);
169 static void ffs_closed(struct ffs_data *ffs);
170
171 /* Misc helper functions ****************************************************/
172
173 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
174 __attribute__((warn_unused_result, nonnull));
175 static char *ffs_prepare_buffer(const char __user *buf, size_t len)
176 __attribute__((warn_unused_result, nonnull));
177
178
179 /* Control file aka ep0 *****************************************************/
180
181 static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
182 {
183 struct ffs_data *ffs = req->context;
184
185 complete_all(&ffs->ep0req_completion);
186 }
187
188 static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
189 {
190 struct usb_request *req = ffs->ep0req;
191 int ret;
192
193 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
194
195 spin_unlock_irq(&ffs->ev.waitq.lock);
196
197 req->buf = data;
198 req->length = len;
199
200 /*
201 * UDC layer requires to provide a buffer even for ZLP, but should
202 * not use it at all. Let's provide some poisoned pointer to catch
203 * possible bug in the driver.
204 */
205 if (req->buf == NULL)
206 req->buf = (void *)0xDEADBABE;
207
208 reinit_completion(&ffs->ep0req_completion);
209
210 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
211 if (unlikely(ret < 0))
212 return ret;
213
214 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
215 if (unlikely(ret)) {
216 usb_ep_dequeue(ffs->gadget->ep0, req);
217 return -EINTR;
218 }
219
220 ffs->setup_state = FFS_NO_SETUP;
221 return ffs->ep0req_status;
222 }
223
224 static int __ffs_ep0_stall(struct ffs_data *ffs)
225 {
226 if (ffs->ev.can_stall) {
227 pr_vdebug("ep0 stall\n");
228 usb_ep_set_halt(ffs->gadget->ep0);
229 ffs->setup_state = FFS_NO_SETUP;
230 return -EL2HLT;
231 } else {
232 pr_debug("bogus ep0 stall!\n");
233 return -ESRCH;
234 }
235 }
236
237 static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
238 size_t len, loff_t *ptr)
239 {
240 struct ffs_data *ffs = file->private_data;
241 ssize_t ret;
242 char *data;
243
244 ENTER();
245
246 /* Fast check if setup was canceled */
247 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED)
248 return -EIDRM;
249
250 /* Acquire mutex */
251 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
252 if (unlikely(ret < 0))
253 return ret;
254
255 /* Check state */
256 switch (ffs->state) {
257 case FFS_READ_DESCRIPTORS:
258 case FFS_READ_STRINGS:
259 /* Copy data */
260 if (unlikely(len < 16)) {
261 ret = -EINVAL;
262 break;
263 }
264
265 data = ffs_prepare_buffer(buf, len);
266 if (IS_ERR(data)) {
267 ret = PTR_ERR(data);
268 break;
269 }
270
271 /* Handle data */
272 if (ffs->state == FFS_READ_DESCRIPTORS) {
273 pr_info("read descriptors\n");
274 ret = __ffs_data_got_descs(ffs, data, len);
275 if (unlikely(ret < 0))
276 break;
277
278 ffs->state = FFS_READ_STRINGS;
279 ret = len;
280 } else {
281 pr_info("read strings\n");
282 ret = __ffs_data_got_strings(ffs, data, len);
283 if (unlikely(ret < 0))
284 break;
285
286 ret = ffs_epfiles_create(ffs);
287 if (unlikely(ret)) {
288 ffs->state = FFS_CLOSING;
289 break;
290 }
291
292 ffs->state = FFS_ACTIVE;
293 mutex_unlock(&ffs->mutex);
294
295 ret = ffs_ready(ffs);
296 if (unlikely(ret < 0)) {
297 ffs->state = FFS_CLOSING;
298 return ret;
299 }
300
301 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
302 return len;
303 }
304 break;
305
306 case FFS_ACTIVE:
307 data = NULL;
308 /*
309 * We're called from user space, we can use _irq
310 * rather then _irqsave
311 */
312 spin_lock_irq(&ffs->ev.waitq.lock);
313 switch (FFS_SETUP_STATE(ffs)) {
314 case FFS_SETUP_CANCELED:
315 ret = -EIDRM;
316 goto done_spin;
317
318 case FFS_NO_SETUP:
319 ret = -ESRCH;
320 goto done_spin;
321
322 case FFS_SETUP_PENDING:
323 break;
324 }
325
326 /* FFS_SETUP_PENDING */
327 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
328 spin_unlock_irq(&ffs->ev.waitq.lock);
329 ret = __ffs_ep0_stall(ffs);
330 break;
331 }
332
333 /* FFS_SETUP_PENDING and not stall */
334 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
335
336 spin_unlock_irq(&ffs->ev.waitq.lock);
337
338 data = ffs_prepare_buffer(buf, len);
339 if (IS_ERR(data)) {
340 ret = PTR_ERR(data);
341 break;
342 }
343
344 spin_lock_irq(&ffs->ev.waitq.lock);
345
346 /*
347 * We are guaranteed to be still in FFS_ACTIVE state
348 * but the state of setup could have changed from
349 * FFS_SETUP_PENDING to FFS_SETUP_CANCELED so we need
350 * to check for that. If that happened we copied data
351 * from user space in vain but it's unlikely.
352 *
353 * For sure we are not in FFS_NO_SETUP since this is
354 * the only place FFS_SETUP_PENDING -> FFS_NO_SETUP
355 * transition can be performed and it's protected by
356 * mutex.
357 */
358 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) {
359 ret = -EIDRM;
360 done_spin:
361 spin_unlock_irq(&ffs->ev.waitq.lock);
362 } else {
363 /* unlocks spinlock */
364 ret = __ffs_ep0_queue_wait(ffs, data, len);
365 }
366 kfree(data);
367 break;
368
369 default:
370 ret = -EBADFD;
371 break;
372 }
373
374 mutex_unlock(&ffs->mutex);
375 return ret;
376 }
377
378 static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
379 size_t n)
380 {
381 /*
382 * We are holding ffs->ev.waitq.lock and ffs->mutex and we need
383 * to release them.
384 */
385 struct usb_functionfs_event events[n];
386 unsigned i = 0;
387
388 memset(events, 0, sizeof events);
389
390 do {
391 events[i].type = ffs->ev.types[i];
392 if (events[i].type == FUNCTIONFS_SETUP) {
393 events[i].u.setup = ffs->ev.setup;
394 ffs->setup_state = FFS_SETUP_PENDING;
395 }
396 } while (++i < n);
397
398 if (n < ffs->ev.count) {
399 ffs->ev.count -= n;
400 memmove(ffs->ev.types, ffs->ev.types + n,
401 ffs->ev.count * sizeof *ffs->ev.types);
402 } else {
403 ffs->ev.count = 0;
404 }
405
406 spin_unlock_irq(&ffs->ev.waitq.lock);
407 mutex_unlock(&ffs->mutex);
408
409 return unlikely(__copy_to_user(buf, events, sizeof events))
410 ? -EFAULT : sizeof events;
411 }
412
413 static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
414 size_t len, loff_t *ptr)
415 {
416 struct ffs_data *ffs = file->private_data;
417 char *data = NULL;
418 size_t n;
419 int ret;
420
421 ENTER();
422
423 /* Fast check if setup was canceled */
424 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED)
425 return -EIDRM;
426
427 /* Acquire mutex */
428 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
429 if (unlikely(ret < 0))
430 return ret;
431
432 /* Check state */
433 if (ffs->state != FFS_ACTIVE) {
434 ret = -EBADFD;
435 goto done_mutex;
436 }
437
438 /*
439 * We're called from user space, we can use _irq rather then
440 * _irqsave
441 */
442 spin_lock_irq(&ffs->ev.waitq.lock);
443
444 switch (FFS_SETUP_STATE(ffs)) {
445 case FFS_SETUP_CANCELED:
446 ret = -EIDRM;
447 break;
448
449 case FFS_NO_SETUP:
450 n = len / sizeof(struct usb_functionfs_event);
451 if (unlikely(!n)) {
452 ret = -EINVAL;
453 break;
454 }
455
456 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
457 ret = -EAGAIN;
458 break;
459 }
460
461 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
462 ffs->ev.count)) {
463 ret = -EINTR;
464 break;
465 }
466
467 return __ffs_ep0_read_events(ffs, buf,
468 min(n, (size_t)ffs->ev.count));
469
470 case FFS_SETUP_PENDING:
471 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
472 spin_unlock_irq(&ffs->ev.waitq.lock);
473 ret = __ffs_ep0_stall(ffs);
474 goto done_mutex;
475 }
476
477 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
478
479 spin_unlock_irq(&ffs->ev.waitq.lock);
480
481 if (likely(len)) {
482 data = kmalloc(len, GFP_KERNEL);
483 if (unlikely(!data)) {
484 ret = -ENOMEM;
485 goto done_mutex;
486 }
487 }
488
489 spin_lock_irq(&ffs->ev.waitq.lock);
490
491 /* See ffs_ep0_write() */
492 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) {
493 ret = -EIDRM;
494 break;
495 }
496
497 /* unlocks spinlock */
498 ret = __ffs_ep0_queue_wait(ffs, data, len);
499 if (likely(ret > 0) && unlikely(__copy_to_user(buf, data, len)))
500 ret = -EFAULT;
501 goto done_mutex;
502
503 default:
504 ret = -EBADFD;
505 break;
506 }
507
508 spin_unlock_irq(&ffs->ev.waitq.lock);
509 done_mutex:
510 mutex_unlock(&ffs->mutex);
511 kfree(data);
512 return ret;
513 }
514
515 static int ffs_ep0_open(struct inode *inode, struct file *file)
516 {
517 struct ffs_data *ffs = inode->i_private;
518
519 ENTER();
520
521 if (unlikely(ffs->state == FFS_CLOSING))
522 return -EBUSY;
523
524 file->private_data = ffs;
525 ffs_data_opened(ffs);
526
527 return 0;
528 }
529
530 static int ffs_ep0_release(struct inode *inode, struct file *file)
531 {
532 struct ffs_data *ffs = file->private_data;
533
534 ENTER();
535
536 ffs_data_closed(ffs);
537
538 return 0;
539 }
540
541 static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
542 {
543 struct ffs_data *ffs = file->private_data;
544 struct usb_gadget *gadget = ffs->gadget;
545 long ret;
546
547 ENTER();
548
549 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
550 struct ffs_function *func = ffs->func;
551 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
552 } else if (gadget && gadget->ops->ioctl) {
553 ret = gadget->ops->ioctl(gadget, code, value);
554 } else {
555 ret = -ENOTTY;
556 }
557
558 return ret;
559 }
560
561 static const struct file_operations ffs_ep0_operations = {
562 .llseek = no_llseek,
563
564 .open = ffs_ep0_open,
565 .write = ffs_ep0_write,
566 .read = ffs_ep0_read,
567 .release = ffs_ep0_release,
568 .unlocked_ioctl = ffs_ep0_ioctl,
569 };
570
571
572 /* "Normal" endpoints operations ********************************************/
573
574 static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
575 {
576 ENTER();
577 if (likely(req->context)) {
578 struct ffs_ep *ep = _ep->driver_data;
579 ep->status = req->status ? req->status : req->actual;
580 complete(req->context);
581 }
582 }
583
584 static ssize_t ffs_epfile_io(struct file *file,
585 char __user *buf, size_t len, int read)
586 {
587 struct ffs_epfile *epfile = file->private_data;
588 struct usb_gadget *gadget = epfile->ffs->gadget;
589 struct ffs_ep *ep;
590 char *data = NULL;
591 ssize_t ret, data_len;
592 int halt;
593
594 /* Are we still active? */
595 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) {
596 ret = -ENODEV;
597 goto error;
598 }
599
600 /* Wait for endpoint to be enabled */
601 ep = epfile->ep;
602 if (!ep) {
603 if (file->f_flags & O_NONBLOCK) {
604 ret = -EAGAIN;
605 goto error;
606 }
607
608 ret = wait_event_interruptible(epfile->wait, (ep = epfile->ep));
609 if (ret) {
610 ret = -EINTR;
611 goto error;
612 }
613 }
614
615 /* Do we halt? */
616 halt = !read == !epfile->in;
617 if (halt && epfile->isoc) {
618 ret = -EINVAL;
619 goto error;
620 }
621
622 /* Allocate & copy */
623 if (!halt) {
624 /*
625 * Controller may require buffer size to be aligned to
626 * maxpacketsize of an out endpoint.
627 */
628 data_len = read ? usb_ep_align_maybe(gadget, ep->ep, len) : len;
629
630 data = kmalloc(data_len, GFP_KERNEL);
631 if (unlikely(!data))
632 return -ENOMEM;
633
634 if (!read && unlikely(copy_from_user(data, buf, len))) {
635 ret = -EFAULT;
636 goto error;
637 }
638 }
639
640 /* We will be using request */
641 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
642 if (unlikely(ret))
643 goto error;
644
645 spin_lock_irq(&epfile->ffs->eps_lock);
646
647 if (epfile->ep != ep) {
648 /* In the meantime, endpoint got disabled or changed. */
649 ret = -ESHUTDOWN;
650 spin_unlock_irq(&epfile->ffs->eps_lock);
651 } else if (halt) {
652 /* Halt */
653 if (likely(epfile->ep == ep) && !WARN_ON(!ep->ep))
654 usb_ep_set_halt(ep->ep);
655 spin_unlock_irq(&epfile->ffs->eps_lock);
656 ret = -EBADMSG;
657 } else {
658 /* Fire the request */
659 DECLARE_COMPLETION_ONSTACK(done);
660
661 struct usb_request *req = ep->req;
662 req->context = &done;
663 req->complete = ffs_epfile_io_complete;
664 req->buf = data;
665 req->length = data_len;
666
667 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
668
669 spin_unlock_irq(&epfile->ffs->eps_lock);
670
671 if (unlikely(ret < 0)) {
672 /* nop */
673 } else if (unlikely(wait_for_completion_interruptible(&done))) {
674 ret = -EINTR;
675 usb_ep_dequeue(ep->ep, req);
676 } else {
677 /*
678 * XXX We may end up silently droping data here.
679 * Since data_len (i.e. req->length) may be bigger
680 * than len (after being rounded up to maxpacketsize),
681 * we may end up with more data then user space has
682 * space for.
683 */
684 ret = ep->status;
685 if (read && ret > 0 &&
686 unlikely(copy_to_user(buf, data,
687 min_t(size_t, ret, len))))
688 ret = -EFAULT;
689 }
690 }
691
692 mutex_unlock(&epfile->mutex);
693 error:
694 kfree(data);
695 return ret;
696 }
697
698 static ssize_t
699 ffs_epfile_write(struct file *file, const char __user *buf, size_t len,
700 loff_t *ptr)
701 {
702 ENTER();
703
704 return ffs_epfile_io(file, (char __user *)buf, len, 0);
705 }
706
707 static ssize_t
708 ffs_epfile_read(struct file *file, char __user *buf, size_t len, loff_t *ptr)
709 {
710 ENTER();
711
712 return ffs_epfile_io(file, buf, len, 1);
713 }
714
715 static int
716 ffs_epfile_open(struct inode *inode, struct file *file)
717 {
718 struct ffs_epfile *epfile = inode->i_private;
719
720 ENTER();
721
722 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
723 return -ENODEV;
724
725 file->private_data = epfile;
726 ffs_data_opened(epfile->ffs);
727
728 return 0;
729 }
730
731 static int
732 ffs_epfile_release(struct inode *inode, struct file *file)
733 {
734 struct ffs_epfile *epfile = inode->i_private;
735
736 ENTER();
737
738 ffs_data_closed(epfile->ffs);
739
740 return 0;
741 }
742
743 static long ffs_epfile_ioctl(struct file *file, unsigned code,
744 unsigned long value)
745 {
746 struct ffs_epfile *epfile = file->private_data;
747 int ret;
748
749 ENTER();
750
751 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
752 return -ENODEV;
753
754 spin_lock_irq(&epfile->ffs->eps_lock);
755 if (likely(epfile->ep)) {
756 switch (code) {
757 case FUNCTIONFS_FIFO_STATUS:
758 ret = usb_ep_fifo_status(epfile->ep->ep);
759 break;
760 case FUNCTIONFS_FIFO_FLUSH:
761 usb_ep_fifo_flush(epfile->ep->ep);
762 ret = 0;
763 break;
764 case FUNCTIONFS_CLEAR_HALT:
765 ret = usb_ep_clear_halt(epfile->ep->ep);
766 break;
767 case FUNCTIONFS_ENDPOINT_REVMAP:
768 ret = epfile->ep->num;
769 break;
770 default:
771 ret = -ENOTTY;
772 }
773 } else {
774 ret = -ENODEV;
775 }
776 spin_unlock_irq(&epfile->ffs->eps_lock);
777
778 return ret;
779 }
780
781 static const struct file_operations ffs_epfile_operations = {
782 .llseek = no_llseek,
783
784 .open = ffs_epfile_open,
785 .write = ffs_epfile_write,
786 .read = ffs_epfile_read,
787 .release = ffs_epfile_release,
788 .unlocked_ioctl = ffs_epfile_ioctl,
789 };
790
791
792 /* File system and super block operations ***********************************/
793
794 /*
795 * Mounting the file system creates a controller file, used first for
796 * function configuration then later for event monitoring.
797 */
798
799 static struct inode *__must_check
800 ffs_sb_make_inode(struct super_block *sb, void *data,
801 const struct file_operations *fops,
802 const struct inode_operations *iops,
803 struct ffs_file_perms *perms)
804 {
805 struct inode *inode;
806
807 ENTER();
808
809 inode = new_inode(sb);
810
811 if (likely(inode)) {
812 struct timespec current_time = CURRENT_TIME;
813
814 inode->i_ino = get_next_ino();
815 inode->i_mode = perms->mode;
816 inode->i_uid = perms->uid;
817 inode->i_gid = perms->gid;
818 inode->i_atime = current_time;
819 inode->i_mtime = current_time;
820 inode->i_ctime = current_time;
821 inode->i_private = data;
822 if (fops)
823 inode->i_fop = fops;
824 if (iops)
825 inode->i_op = iops;
826 }
827
828 return inode;
829 }
830
831 /* Create "regular" file */
832 static struct inode *ffs_sb_create_file(struct super_block *sb,
833 const char *name, void *data,
834 const struct file_operations *fops,
835 struct dentry **dentry_p)
836 {
837 struct ffs_data *ffs = sb->s_fs_info;
838 struct dentry *dentry;
839 struct inode *inode;
840
841 ENTER();
842
843 dentry = d_alloc_name(sb->s_root, name);
844 if (unlikely(!dentry))
845 return NULL;
846
847 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
848 if (unlikely(!inode)) {
849 dput(dentry);
850 return NULL;
851 }
852
853 d_add(dentry, inode);
854 if (dentry_p)
855 *dentry_p = dentry;
856
857 return inode;
858 }
859
860 /* Super block */
861 static const struct super_operations ffs_sb_operations = {
862 .statfs = simple_statfs,
863 .drop_inode = generic_delete_inode,
864 };
865
866 struct ffs_sb_fill_data {
867 struct ffs_file_perms perms;
868 umode_t root_mode;
869 const char *dev_name;
870 struct ffs_data *ffs_data;
871 };
872
873 static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
874 {
875 struct ffs_sb_fill_data *data = _data;
876 struct inode *inode;
877 struct ffs_data *ffs = data->ffs_data;
878
879 ENTER();
880
881 ffs->sb = sb;
882 data->ffs_data = NULL;
883 sb->s_fs_info = ffs;
884 sb->s_blocksize = PAGE_CACHE_SIZE;
885 sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
886 sb->s_magic = FUNCTIONFS_MAGIC;
887 sb->s_op = &ffs_sb_operations;
888 sb->s_time_gran = 1;
889
890 /* Root inode */
891 data->perms.mode = data->root_mode;
892 inode = ffs_sb_make_inode(sb, NULL,
893 &simple_dir_operations,
894 &simple_dir_inode_operations,
895 &data->perms);
896 sb->s_root = d_make_root(inode);
897 if (unlikely(!sb->s_root))
898 return -ENOMEM;
899
900 /* EP0 file */
901 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
902 &ffs_ep0_operations, NULL)))
903 return -ENOMEM;
904
905 return 0;
906 }
907
908 static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
909 {
910 ENTER();
911
912 if (!opts || !*opts)
913 return 0;
914
915 for (;;) {
916 unsigned long value;
917 char *eq, *comma;
918
919 /* Option limit */
920 comma = strchr(opts, ',');
921 if (comma)
922 *comma = 0;
923
924 /* Value limit */
925 eq = strchr(opts, '=');
926 if (unlikely(!eq)) {
927 pr_err("'=' missing in %s\n", opts);
928 return -EINVAL;
929 }
930 *eq = 0;
931
932 /* Parse value */
933 if (kstrtoul(eq + 1, 0, &value)) {
934 pr_err("%s: invalid value: %s\n", opts, eq + 1);
935 return -EINVAL;
936 }
937
938 /* Interpret option */
939 switch (eq - opts) {
940 case 5:
941 if (!memcmp(opts, "rmode", 5))
942 data->root_mode = (value & 0555) | S_IFDIR;
943 else if (!memcmp(opts, "fmode", 5))
944 data->perms.mode = (value & 0666) | S_IFREG;
945 else
946 goto invalid;
947 break;
948
949 case 4:
950 if (!memcmp(opts, "mode", 4)) {
951 data->root_mode = (value & 0555) | S_IFDIR;
952 data->perms.mode = (value & 0666) | S_IFREG;
953 } else {
954 goto invalid;
955 }
956 break;
957
958 case 3:
959 if (!memcmp(opts, "uid", 3)) {
960 data->perms.uid = make_kuid(current_user_ns(), value);
961 if (!uid_valid(data->perms.uid)) {
962 pr_err("%s: unmapped value: %lu\n", opts, value);
963 return -EINVAL;
964 }
965 } else if (!memcmp(opts, "gid", 3)) {
966 data->perms.gid = make_kgid(current_user_ns(), value);
967 if (!gid_valid(data->perms.gid)) {
968 pr_err("%s: unmapped value: %lu\n", opts, value);
969 return -EINVAL;
970 }
971 } else {
972 goto invalid;
973 }
974 break;
975
976 default:
977 invalid:
978 pr_err("%s: invalid option\n", opts);
979 return -EINVAL;
980 }
981
982 /* Next iteration */
983 if (!comma)
984 break;
985 opts = comma + 1;
986 }
987
988 return 0;
989 }
990
991 /* "mount -t functionfs dev_name /dev/function" ends up here */
992
993 static struct dentry *
994 ffs_fs_mount(struct file_system_type *t, int flags,
995 const char *dev_name, void *opts)
996 {
997 struct ffs_sb_fill_data data = {
998 .perms = {
999 .mode = S_IFREG | 0600,
1000 .uid = GLOBAL_ROOT_UID,
1001 .gid = GLOBAL_ROOT_GID,
1002 },
1003 .root_mode = S_IFDIR | 0500,
1004 };
1005 struct dentry *rv;
1006 int ret;
1007 void *ffs_dev;
1008 struct ffs_data *ffs;
1009
1010 ENTER();
1011
1012 ret = ffs_fs_parse_opts(&data, opts);
1013 if (unlikely(ret < 0))
1014 return ERR_PTR(ret);
1015
1016 ffs = ffs_data_new();
1017 if (unlikely(!ffs))
1018 return ERR_PTR(-ENOMEM);
1019 ffs->file_perms = data.perms;
1020
1021 ffs->dev_name = kstrdup(dev_name, GFP_KERNEL);
1022 if (unlikely(!ffs->dev_name)) {
1023 ffs_data_put(ffs);
1024 return ERR_PTR(-ENOMEM);
1025 }
1026
1027 ffs_dev = ffs_acquire_dev(dev_name);
1028 if (IS_ERR(ffs_dev)) {
1029 ffs_data_put(ffs);
1030 return ERR_CAST(ffs_dev);
1031 }
1032 ffs->private_data = ffs_dev;
1033 data.ffs_data = ffs;
1034
1035 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1036 if (IS_ERR(rv) && data.ffs_data) {
1037 ffs_release_dev(data.ffs_data);
1038 ffs_data_put(data.ffs_data);
1039 }
1040 return rv;
1041 }
1042
1043 static void
1044 ffs_fs_kill_sb(struct super_block *sb)
1045 {
1046 ENTER();
1047
1048 kill_litter_super(sb);
1049 if (sb->s_fs_info) {
1050 ffs_release_dev(sb->s_fs_info);
1051 ffs_data_put(sb->s_fs_info);
1052 }
1053 }
1054
1055 static struct file_system_type ffs_fs_type = {
1056 .owner = THIS_MODULE,
1057 .name = "functionfs",
1058 .mount = ffs_fs_mount,
1059 .kill_sb = ffs_fs_kill_sb,
1060 };
1061 MODULE_ALIAS_FS("functionfs");
1062
1063
1064 /* Driver's main init/cleanup functions *************************************/
1065
1066 static int functionfs_init(void)
1067 {
1068 int ret;
1069
1070 ENTER();
1071
1072 ret = register_filesystem(&ffs_fs_type);
1073 if (likely(!ret))
1074 pr_info("file system registered\n");
1075 else
1076 pr_err("failed registering file system (%d)\n", ret);
1077
1078 return ret;
1079 }
1080
1081 static void functionfs_cleanup(void)
1082 {
1083 ENTER();
1084
1085 pr_info("unloading\n");
1086 unregister_filesystem(&ffs_fs_type);
1087 }
1088
1089
1090 /* ffs_data and ffs_function construction and destruction code **************/
1091
1092 static void ffs_data_clear(struct ffs_data *ffs);
1093 static void ffs_data_reset(struct ffs_data *ffs);
1094
1095 static void ffs_data_get(struct ffs_data *ffs)
1096 {
1097 ENTER();
1098
1099 atomic_inc(&ffs->ref);
1100 }
1101
1102 static void ffs_data_opened(struct ffs_data *ffs)
1103 {
1104 ENTER();
1105
1106 atomic_inc(&ffs->ref);
1107 atomic_inc(&ffs->opened);
1108 }
1109
1110 static void ffs_data_put(struct ffs_data *ffs)
1111 {
1112 ENTER();
1113
1114 if (unlikely(atomic_dec_and_test(&ffs->ref))) {
1115 pr_info("%s(): freeing\n", __func__);
1116 ffs_data_clear(ffs);
1117 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1118 waitqueue_active(&ffs->ep0req_completion.wait));
1119 kfree(ffs->dev_name);
1120 kfree(ffs);
1121 }
1122 }
1123
1124 static void ffs_data_closed(struct ffs_data *ffs)
1125 {
1126 ENTER();
1127
1128 if (atomic_dec_and_test(&ffs->opened)) {
1129 ffs->state = FFS_CLOSING;
1130 ffs_data_reset(ffs);
1131 }
1132
1133 ffs_data_put(ffs);
1134 }
1135
1136 static struct ffs_data *ffs_data_new(void)
1137 {
1138 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1139 if (unlikely(!ffs))
1140 return NULL;
1141
1142 ENTER();
1143
1144 atomic_set(&ffs->ref, 1);
1145 atomic_set(&ffs->opened, 0);
1146 ffs->state = FFS_READ_DESCRIPTORS;
1147 mutex_init(&ffs->mutex);
1148 spin_lock_init(&ffs->eps_lock);
1149 init_waitqueue_head(&ffs->ev.waitq);
1150 init_completion(&ffs->ep0req_completion);
1151
1152 /* XXX REVISIT need to update it in some places, or do we? */
1153 ffs->ev.can_stall = 1;
1154
1155 return ffs;
1156 }
1157
1158 static void ffs_data_clear(struct ffs_data *ffs)
1159 {
1160 ENTER();
1161
1162 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags))
1163 ffs_closed(ffs);
1164
1165 BUG_ON(ffs->gadget);
1166
1167 if (ffs->epfiles)
1168 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1169
1170 kfree(ffs->raw_descs);
1171 kfree(ffs->raw_strings);
1172 kfree(ffs->stringtabs);
1173 }
1174
1175 static void ffs_data_reset(struct ffs_data *ffs)
1176 {
1177 ENTER();
1178
1179 ffs_data_clear(ffs);
1180
1181 ffs->epfiles = NULL;
1182 ffs->raw_descs = NULL;
1183 ffs->raw_strings = NULL;
1184 ffs->stringtabs = NULL;
1185
1186 ffs->raw_descs_length = 0;
1187 ffs->raw_fs_descs_length = 0;
1188 ffs->fs_descs_count = 0;
1189 ffs->hs_descs_count = 0;
1190
1191 ffs->strings_count = 0;
1192 ffs->interfaces_count = 0;
1193 ffs->eps_count = 0;
1194
1195 ffs->ev.count = 0;
1196
1197 ffs->state = FFS_READ_DESCRIPTORS;
1198 ffs->setup_state = FFS_NO_SETUP;
1199 ffs->flags = 0;
1200 }
1201
1202
1203 static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1204 {
1205 struct usb_gadget_strings **lang;
1206 int first_id;
1207
1208 ENTER();
1209
1210 if (WARN_ON(ffs->state != FFS_ACTIVE
1211 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1212 return -EBADFD;
1213
1214 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1215 if (unlikely(first_id < 0))
1216 return first_id;
1217
1218 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1219 if (unlikely(!ffs->ep0req))
1220 return -ENOMEM;
1221 ffs->ep0req->complete = ffs_ep0_complete;
1222 ffs->ep0req->context = ffs;
1223
1224 lang = ffs->stringtabs;
1225 for (lang = ffs->stringtabs; *lang; ++lang) {
1226 struct usb_string *str = (*lang)->strings;
1227 int id = first_id;
1228 for (; str->s; ++id, ++str)
1229 str->id = id;
1230 }
1231
1232 ffs->gadget = cdev->gadget;
1233 ffs_data_get(ffs);
1234 return 0;
1235 }
1236
1237 static void functionfs_unbind(struct ffs_data *ffs)
1238 {
1239 ENTER();
1240
1241 if (!WARN_ON(!ffs->gadget)) {
1242 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1243 ffs->ep0req = NULL;
1244 ffs->gadget = NULL;
1245 clear_bit(FFS_FL_BOUND, &ffs->flags);
1246 ffs_data_put(ffs);
1247 }
1248 }
1249
1250 static int ffs_epfiles_create(struct ffs_data *ffs)
1251 {
1252 struct ffs_epfile *epfile, *epfiles;
1253 unsigned i, count;
1254
1255 ENTER();
1256
1257 count = ffs->eps_count;
1258 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1259 if (!epfiles)
1260 return -ENOMEM;
1261
1262 epfile = epfiles;
1263 for (i = 1; i <= count; ++i, ++epfile) {
1264 epfile->ffs = ffs;
1265 mutex_init(&epfile->mutex);
1266 init_waitqueue_head(&epfile->wait);
1267 sprintf(epfiles->name, "ep%u", i);
1268 if (!unlikely(ffs_sb_create_file(ffs->sb, epfiles->name, epfile,
1269 &ffs_epfile_operations,
1270 &epfile->dentry))) {
1271 ffs_epfiles_destroy(epfiles, i - 1);
1272 return -ENOMEM;
1273 }
1274 }
1275
1276 ffs->epfiles = epfiles;
1277 return 0;
1278 }
1279
1280 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1281 {
1282 struct ffs_epfile *epfile = epfiles;
1283
1284 ENTER();
1285
1286 for (; count; --count, ++epfile) {
1287 BUG_ON(mutex_is_locked(&epfile->mutex) ||
1288 waitqueue_active(&epfile->wait));
1289 if (epfile->dentry) {
1290 d_delete(epfile->dentry);
1291 dput(epfile->dentry);
1292 epfile->dentry = NULL;
1293 }
1294 }
1295
1296 kfree(epfiles);
1297 }
1298
1299
1300 static void ffs_func_eps_disable(struct ffs_function *func)
1301 {
1302 struct ffs_ep *ep = func->eps;
1303 struct ffs_epfile *epfile = func->ffs->epfiles;
1304 unsigned count = func->ffs->eps_count;
1305 unsigned long flags;
1306
1307 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1308 do {
1309 /* pending requests get nuked */
1310 if (likely(ep->ep))
1311 usb_ep_disable(ep->ep);
1312 epfile->ep = NULL;
1313
1314 ++ep;
1315 ++epfile;
1316 } while (--count);
1317 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1318 }
1319
1320 static int ffs_func_eps_enable(struct ffs_function *func)
1321 {
1322 struct ffs_data *ffs = func->ffs;
1323 struct ffs_ep *ep = func->eps;
1324 struct ffs_epfile *epfile = ffs->epfiles;
1325 unsigned count = ffs->eps_count;
1326 unsigned long flags;
1327 int ret = 0;
1328
1329 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1330 do {
1331 struct usb_endpoint_descriptor *ds;
1332 ds = ep->descs[ep->descs[1] ? 1 : 0];
1333
1334 ep->ep->driver_data = ep;
1335 ep->ep->desc = ds;
1336 ret = usb_ep_enable(ep->ep);
1337 if (likely(!ret)) {
1338 epfile->ep = ep;
1339 epfile->in = usb_endpoint_dir_in(ds);
1340 epfile->isoc = usb_endpoint_xfer_isoc(ds);
1341 } else {
1342 break;
1343 }
1344
1345 wake_up(&epfile->wait);
1346
1347 ++ep;
1348 ++epfile;
1349 } while (--count);
1350 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1351
1352 return ret;
1353 }
1354
1355
1356 /* Parsing and building descriptors and strings *****************************/
1357
1358 /*
1359 * This validates if data pointed by data is a valid USB descriptor as
1360 * well as record how many interfaces, endpoints and strings are
1361 * required by given configuration. Returns address after the
1362 * descriptor or NULL if data is invalid.
1363 */
1364
1365 enum ffs_entity_type {
1366 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1367 };
1368
1369 typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1370 u8 *valuep,
1371 struct usb_descriptor_header *desc,
1372 void *priv);
1373
1374 static int __must_check ffs_do_desc(char *data, unsigned len,
1375 ffs_entity_callback entity, void *priv)
1376 {
1377 struct usb_descriptor_header *_ds = (void *)data;
1378 u8 length;
1379 int ret;
1380
1381 ENTER();
1382
1383 /* At least two bytes are required: length and type */
1384 if (len < 2) {
1385 pr_vdebug("descriptor too short\n");
1386 return -EINVAL;
1387 }
1388
1389 /* If we have at least as many bytes as the descriptor takes? */
1390 length = _ds->bLength;
1391 if (len < length) {
1392 pr_vdebug("descriptor longer then available data\n");
1393 return -EINVAL;
1394 }
1395
1396 #define __entity_check_INTERFACE(val) 1
1397 #define __entity_check_STRING(val) (val)
1398 #define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1399 #define __entity(type, val) do { \
1400 pr_vdebug("entity " #type "(%02x)\n", (val)); \
1401 if (unlikely(!__entity_check_ ##type(val))) { \
1402 pr_vdebug("invalid entity's value\n"); \
1403 return -EINVAL; \
1404 } \
1405 ret = entity(FFS_ ##type, &val, _ds, priv); \
1406 if (unlikely(ret < 0)) { \
1407 pr_debug("entity " #type "(%02x); ret = %d\n", \
1408 (val), ret); \
1409 return ret; \
1410 } \
1411 } while (0)
1412
1413 /* Parse descriptor depending on type. */
1414 switch (_ds->bDescriptorType) {
1415 case USB_DT_DEVICE:
1416 case USB_DT_CONFIG:
1417 case USB_DT_STRING:
1418 case USB_DT_DEVICE_QUALIFIER:
1419 /* function can't have any of those */
1420 pr_vdebug("descriptor reserved for gadget: %d\n",
1421 _ds->bDescriptorType);
1422 return -EINVAL;
1423
1424 case USB_DT_INTERFACE: {
1425 struct usb_interface_descriptor *ds = (void *)_ds;
1426 pr_vdebug("interface descriptor\n");
1427 if (length != sizeof *ds)
1428 goto inv_length;
1429
1430 __entity(INTERFACE, ds->bInterfaceNumber);
1431 if (ds->iInterface)
1432 __entity(STRING, ds->iInterface);
1433 }
1434 break;
1435
1436 case USB_DT_ENDPOINT: {
1437 struct usb_endpoint_descriptor *ds = (void *)_ds;
1438 pr_vdebug("endpoint descriptor\n");
1439 if (length != USB_DT_ENDPOINT_SIZE &&
1440 length != USB_DT_ENDPOINT_AUDIO_SIZE)
1441 goto inv_length;
1442 __entity(ENDPOINT, ds->bEndpointAddress);
1443 }
1444 break;
1445
1446 case HID_DT_HID:
1447 pr_vdebug("hid descriptor\n");
1448 if (length != sizeof(struct hid_descriptor))
1449 goto inv_length;
1450 break;
1451
1452 case USB_DT_OTG:
1453 if (length != sizeof(struct usb_otg_descriptor))
1454 goto inv_length;
1455 break;
1456
1457 case USB_DT_INTERFACE_ASSOCIATION: {
1458 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
1459 pr_vdebug("interface association descriptor\n");
1460 if (length != sizeof *ds)
1461 goto inv_length;
1462 if (ds->iFunction)
1463 __entity(STRING, ds->iFunction);
1464 }
1465 break;
1466
1467 case USB_DT_OTHER_SPEED_CONFIG:
1468 case USB_DT_INTERFACE_POWER:
1469 case USB_DT_DEBUG:
1470 case USB_DT_SECURITY:
1471 case USB_DT_CS_RADIO_CONTROL:
1472 /* TODO */
1473 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
1474 return -EINVAL;
1475
1476 default:
1477 /* We should never be here */
1478 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
1479 return -EINVAL;
1480
1481 inv_length:
1482 pr_vdebug("invalid length: %d (descriptor %d)\n",
1483 _ds->bLength, _ds->bDescriptorType);
1484 return -EINVAL;
1485 }
1486
1487 #undef __entity
1488 #undef __entity_check_DESCRIPTOR
1489 #undef __entity_check_INTERFACE
1490 #undef __entity_check_STRING
1491 #undef __entity_check_ENDPOINT
1492
1493 return length;
1494 }
1495
1496 static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
1497 ffs_entity_callback entity, void *priv)
1498 {
1499 const unsigned _len = len;
1500 unsigned long num = 0;
1501
1502 ENTER();
1503
1504 for (;;) {
1505 int ret;
1506
1507 if (num == count)
1508 data = NULL;
1509
1510 /* Record "descriptor" entity */
1511 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
1512 if (unlikely(ret < 0)) {
1513 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
1514 num, ret);
1515 return ret;
1516 }
1517
1518 if (!data)
1519 return _len - len;
1520
1521 ret = ffs_do_desc(data, len, entity, priv);
1522 if (unlikely(ret < 0)) {
1523 pr_debug("%s returns %d\n", __func__, ret);
1524 return ret;
1525 }
1526
1527 len -= ret;
1528 data += ret;
1529 ++num;
1530 }
1531 }
1532
1533 static int __ffs_data_do_entity(enum ffs_entity_type type,
1534 u8 *valuep, struct usb_descriptor_header *desc,
1535 void *priv)
1536 {
1537 struct ffs_data *ffs = priv;
1538
1539 ENTER();
1540
1541 switch (type) {
1542 case FFS_DESCRIPTOR:
1543 break;
1544
1545 case FFS_INTERFACE:
1546 /*
1547 * Interfaces are indexed from zero so if we
1548 * encountered interface "n" then there are at least
1549 * "n+1" interfaces.
1550 */
1551 if (*valuep >= ffs->interfaces_count)
1552 ffs->interfaces_count = *valuep + 1;
1553 break;
1554
1555 case FFS_STRING:
1556 /*
1557 * Strings are indexed from 1 (0 is magic ;) reserved
1558 * for languages list or some such)
1559 */
1560 if (*valuep > ffs->strings_count)
1561 ffs->strings_count = *valuep;
1562 break;
1563
1564 case FFS_ENDPOINT:
1565 /* Endpoints are indexed from 1 as well. */
1566 if ((*valuep & USB_ENDPOINT_NUMBER_MASK) > ffs->eps_count)
1567 ffs->eps_count = (*valuep & USB_ENDPOINT_NUMBER_MASK);
1568 break;
1569 }
1570
1571 return 0;
1572 }
1573
1574 static int __ffs_data_got_descs(struct ffs_data *ffs,
1575 char *const _data, size_t len)
1576 {
1577 unsigned fs_count, hs_count;
1578 int fs_len, ret = -EINVAL;
1579 char *data = _data;
1580
1581 ENTER();
1582
1583 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_DESCRIPTORS_MAGIC ||
1584 get_unaligned_le32(data + 4) != len))
1585 goto error;
1586 fs_count = get_unaligned_le32(data + 8);
1587 hs_count = get_unaligned_le32(data + 12);
1588
1589 if (!fs_count && !hs_count)
1590 goto einval;
1591
1592 data += 16;
1593 len -= 16;
1594
1595 if (likely(fs_count)) {
1596 fs_len = ffs_do_descs(fs_count, data, len,
1597 __ffs_data_do_entity, ffs);
1598 if (unlikely(fs_len < 0)) {
1599 ret = fs_len;
1600 goto error;
1601 }
1602
1603 data += fs_len;
1604 len -= fs_len;
1605 } else {
1606 fs_len = 0;
1607 }
1608
1609 if (likely(hs_count)) {
1610 ret = ffs_do_descs(hs_count, data, len,
1611 __ffs_data_do_entity, ffs);
1612 if (unlikely(ret < 0))
1613 goto error;
1614 } else {
1615 ret = 0;
1616 }
1617
1618 if (unlikely(len != ret))
1619 goto einval;
1620
1621 ffs->raw_fs_descs_length = fs_len;
1622 ffs->raw_descs_length = fs_len + ret;
1623 ffs->raw_descs = _data;
1624 ffs->fs_descs_count = fs_count;
1625 ffs->hs_descs_count = hs_count;
1626
1627 return 0;
1628
1629 einval:
1630 ret = -EINVAL;
1631 error:
1632 kfree(_data);
1633 return ret;
1634 }
1635
1636 static int __ffs_data_got_strings(struct ffs_data *ffs,
1637 char *const _data, size_t len)
1638 {
1639 u32 str_count, needed_count, lang_count;
1640 struct usb_gadget_strings **stringtabs, *t;
1641 struct usb_string *strings, *s;
1642 const char *data = _data;
1643
1644 ENTER();
1645
1646 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
1647 get_unaligned_le32(data + 4) != len))
1648 goto error;
1649 str_count = get_unaligned_le32(data + 8);
1650 lang_count = get_unaligned_le32(data + 12);
1651
1652 /* if one is zero the other must be zero */
1653 if (unlikely(!str_count != !lang_count))
1654 goto error;
1655
1656 /* Do we have at least as many strings as descriptors need? */
1657 needed_count = ffs->strings_count;
1658 if (unlikely(str_count < needed_count))
1659 goto error;
1660
1661 /*
1662 * If we don't need any strings just return and free all
1663 * memory.
1664 */
1665 if (!needed_count) {
1666 kfree(_data);
1667 return 0;
1668 }
1669
1670 /* Allocate everything in one chunk so there's less maintenance. */
1671 {
1672 unsigned i = 0;
1673 vla_group(d);
1674 vla_item(d, struct usb_gadget_strings *, stringtabs,
1675 lang_count + 1);
1676 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
1677 vla_item(d, struct usb_string, strings,
1678 lang_count*(needed_count+1));
1679
1680 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
1681
1682 if (unlikely(!vlabuf)) {
1683 kfree(_data);
1684 return -ENOMEM;
1685 }
1686
1687 /* Initialize the VLA pointers */
1688 stringtabs = vla_ptr(vlabuf, d, stringtabs);
1689 t = vla_ptr(vlabuf, d, stringtab);
1690 i = lang_count;
1691 do {
1692 *stringtabs++ = t++;
1693 } while (--i);
1694 *stringtabs = NULL;
1695
1696 /* stringtabs = vlabuf = d_stringtabs for later kfree */
1697 stringtabs = vla_ptr(vlabuf, d, stringtabs);
1698 t = vla_ptr(vlabuf, d, stringtab);
1699 s = vla_ptr(vlabuf, d, strings);
1700 strings = s;
1701 }
1702
1703 /* For each language */
1704 data += 16;
1705 len -= 16;
1706
1707 do { /* lang_count > 0 so we can use do-while */
1708 unsigned needed = needed_count;
1709
1710 if (unlikely(len < 3))
1711 goto error_free;
1712 t->language = get_unaligned_le16(data);
1713 t->strings = s;
1714 ++t;
1715
1716 data += 2;
1717 len -= 2;
1718
1719 /* For each string */
1720 do { /* str_count > 0 so we can use do-while */
1721 size_t length = strnlen(data, len);
1722
1723 if (unlikely(length == len))
1724 goto error_free;
1725
1726 /*
1727 * User may provide more strings then we need,
1728 * if that's the case we simply ignore the
1729 * rest
1730 */
1731 if (likely(needed)) {
1732 /*
1733 * s->id will be set while adding
1734 * function to configuration so for
1735 * now just leave garbage here.
1736 */
1737 s->s = data;
1738 --needed;
1739 ++s;
1740 }
1741
1742 data += length + 1;
1743 len -= length + 1;
1744 } while (--str_count);
1745
1746 s->id = 0; /* terminator */
1747 s->s = NULL;
1748 ++s;
1749
1750 } while (--lang_count);
1751
1752 /* Some garbage left? */
1753 if (unlikely(len))
1754 goto error_free;
1755
1756 /* Done! */
1757 ffs->stringtabs = stringtabs;
1758 ffs->raw_strings = _data;
1759
1760 return 0;
1761
1762 error_free:
1763 kfree(stringtabs);
1764 error:
1765 kfree(_data);
1766 return -EINVAL;
1767 }
1768
1769
1770 /* Events handling and management *******************************************/
1771
1772 static void __ffs_event_add(struct ffs_data *ffs,
1773 enum usb_functionfs_event_type type)
1774 {
1775 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
1776 int neg = 0;
1777
1778 /*
1779 * Abort any unhandled setup
1780 *
1781 * We do not need to worry about some cmpxchg() changing value
1782 * of ffs->setup_state without holding the lock because when
1783 * state is FFS_SETUP_PENDING cmpxchg() in several places in
1784 * the source does nothing.
1785 */
1786 if (ffs->setup_state == FFS_SETUP_PENDING)
1787 ffs->setup_state = FFS_SETUP_CANCELED;
1788
1789 switch (type) {
1790 case FUNCTIONFS_RESUME:
1791 rem_type2 = FUNCTIONFS_SUSPEND;
1792 /* FALL THROUGH */
1793 case FUNCTIONFS_SUSPEND:
1794 case FUNCTIONFS_SETUP:
1795 rem_type1 = type;
1796 /* Discard all similar events */
1797 break;
1798
1799 case FUNCTIONFS_BIND:
1800 case FUNCTIONFS_UNBIND:
1801 case FUNCTIONFS_DISABLE:
1802 case FUNCTIONFS_ENABLE:
1803 /* Discard everything other then power management. */
1804 rem_type1 = FUNCTIONFS_SUSPEND;
1805 rem_type2 = FUNCTIONFS_RESUME;
1806 neg = 1;
1807 break;
1808
1809 default:
1810 BUG();
1811 }
1812
1813 {
1814 u8 *ev = ffs->ev.types, *out = ev;
1815 unsigned n = ffs->ev.count;
1816 for (; n; --n, ++ev)
1817 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
1818 *out++ = *ev;
1819 else
1820 pr_vdebug("purging event %d\n", *ev);
1821 ffs->ev.count = out - ffs->ev.types;
1822 }
1823
1824 pr_vdebug("adding event %d\n", type);
1825 ffs->ev.types[ffs->ev.count++] = type;
1826 wake_up_locked(&ffs->ev.waitq);
1827 }
1828
1829 static void ffs_event_add(struct ffs_data *ffs,
1830 enum usb_functionfs_event_type type)
1831 {
1832 unsigned long flags;
1833 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
1834 __ffs_event_add(ffs, type);
1835 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
1836 }
1837
1838
1839 /* Bind/unbind USB function hooks *******************************************/
1840
1841 static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
1842 struct usb_descriptor_header *desc,
1843 void *priv)
1844 {
1845 struct usb_endpoint_descriptor *ds = (void *)desc;
1846 struct ffs_function *func = priv;
1847 struct ffs_ep *ffs_ep;
1848
1849 /*
1850 * If hs_descriptors is not NULL then we are reading hs
1851 * descriptors now
1852 */
1853 const int isHS = func->function.hs_descriptors != NULL;
1854 unsigned idx;
1855
1856 if (type != FFS_DESCRIPTOR)
1857 return 0;
1858
1859 if (isHS)
1860 func->function.hs_descriptors[(long)valuep] = desc;
1861 else
1862 func->function.fs_descriptors[(long)valuep] = desc;
1863
1864 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
1865 return 0;
1866
1867 idx = (ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK) - 1;
1868 ffs_ep = func->eps + idx;
1869
1870 if (unlikely(ffs_ep->descs[isHS])) {
1871 pr_vdebug("two %sspeed descriptors for EP %d\n",
1872 isHS ? "high" : "full",
1873 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
1874 return -EINVAL;
1875 }
1876 ffs_ep->descs[isHS] = ds;
1877
1878 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
1879 if (ffs_ep->ep) {
1880 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
1881 if (!ds->wMaxPacketSize)
1882 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
1883 } else {
1884 struct usb_request *req;
1885 struct usb_ep *ep;
1886
1887 pr_vdebug("autoconfig\n");
1888 ep = usb_ep_autoconfig(func->gadget, ds);
1889 if (unlikely(!ep))
1890 return -ENOTSUPP;
1891 ep->driver_data = func->eps + idx;
1892
1893 req = usb_ep_alloc_request(ep, GFP_KERNEL);
1894 if (unlikely(!req))
1895 return -ENOMEM;
1896
1897 ffs_ep->ep = ep;
1898 ffs_ep->req = req;
1899 func->eps_revmap[ds->bEndpointAddress &
1900 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
1901 }
1902 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
1903
1904 return 0;
1905 }
1906
1907 static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
1908 struct usb_descriptor_header *desc,
1909 void *priv)
1910 {
1911 struct ffs_function *func = priv;
1912 unsigned idx;
1913 u8 newValue;
1914
1915 switch (type) {
1916 default:
1917 case FFS_DESCRIPTOR:
1918 /* Handled in previous pass by __ffs_func_bind_do_descs() */
1919 return 0;
1920
1921 case FFS_INTERFACE:
1922 idx = *valuep;
1923 if (func->interfaces_nums[idx] < 0) {
1924 int id = usb_interface_id(func->conf, &func->function);
1925 if (unlikely(id < 0))
1926 return id;
1927 func->interfaces_nums[idx] = id;
1928 }
1929 newValue = func->interfaces_nums[idx];
1930 break;
1931
1932 case FFS_STRING:
1933 /* String' IDs are allocated when fsf_data is bound to cdev */
1934 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
1935 break;
1936
1937 case FFS_ENDPOINT:
1938 /*
1939 * USB_DT_ENDPOINT are handled in
1940 * __ffs_func_bind_do_descs().
1941 */
1942 if (desc->bDescriptorType == USB_DT_ENDPOINT)
1943 return 0;
1944
1945 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
1946 if (unlikely(!func->eps[idx].ep))
1947 return -EINVAL;
1948
1949 {
1950 struct usb_endpoint_descriptor **descs;
1951 descs = func->eps[idx].descs;
1952 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
1953 }
1954 break;
1955 }
1956
1957 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
1958 *valuep = newValue;
1959 return 0;
1960 }
1961
1962 static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
1963 struct usb_configuration *c)
1964 {
1965 struct ffs_function *func = ffs_func_from_usb(f);
1966 struct f_fs_opts *ffs_opts =
1967 container_of(f->fi, struct f_fs_opts, func_inst);
1968 int ret;
1969
1970 ENTER();
1971
1972 /*
1973 * Legacy gadget triggers binding in functionfs_ready_callback,
1974 * which already uses locking; taking the same lock here would
1975 * cause a deadlock.
1976 *
1977 * Configfs-enabled gadgets however do need ffs_dev_lock.
1978 */
1979 if (!ffs_opts->no_configfs)
1980 ffs_dev_lock();
1981 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
1982 func->ffs = ffs_opts->dev->ffs_data;
1983 if (!ffs_opts->no_configfs)
1984 ffs_dev_unlock();
1985 if (ret)
1986 return ERR_PTR(ret);
1987
1988 func->conf = c;
1989 func->gadget = c->cdev->gadget;
1990
1991 ffs_data_get(func->ffs);
1992
1993 /*
1994 * in drivers/usb/gadget/configfs.c:configfs_composite_bind()
1995 * configurations are bound in sequence with list_for_each_entry,
1996 * in each configuration its functions are bound in sequence
1997 * with list_for_each_entry, so we assume no race condition
1998 * with regard to ffs_opts->bound access
1999 */
2000 if (!ffs_opts->refcnt) {
2001 ret = functionfs_bind(func->ffs, c->cdev);
2002 if (ret)
2003 return ERR_PTR(ret);
2004 }
2005 ffs_opts->refcnt++;
2006 func->function.strings = func->ffs->stringtabs;
2007
2008 return ffs_opts;
2009 }
2010
2011 static int _ffs_func_bind(struct usb_configuration *c,
2012 struct usb_function *f)
2013 {
2014 struct ffs_function *func = ffs_func_from_usb(f);
2015 struct ffs_data *ffs = func->ffs;
2016
2017 const int full = !!func->ffs->fs_descs_count;
2018 const int high = gadget_is_dualspeed(func->gadget) &&
2019 func->ffs->hs_descs_count;
2020
2021 int ret;
2022
2023 /* Make it a single chunk, less management later on */
2024 vla_group(d);
2025 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
2026 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
2027 full ? ffs->fs_descs_count + 1 : 0);
2028 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
2029 high ? ffs->hs_descs_count + 1 : 0);
2030 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
2031 vla_item_with_sz(d, char, raw_descs,
2032 high ? ffs->raw_descs_length : ffs->raw_fs_descs_length);
2033 char *vlabuf;
2034
2035 ENTER();
2036
2037 /* Only high speed but not supported by gadget? */
2038 if (unlikely(!(full | high)))
2039 return -ENOTSUPP;
2040
2041 /* Allocate a single chunk, less management later on */
2042 vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2043 if (unlikely(!vlabuf))
2044 return -ENOMEM;
2045
2046 /* Zero */
2047 memset(vla_ptr(vlabuf, d, eps), 0, d_eps__sz);
2048 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs + 16,
2049 d_raw_descs__sz);
2050 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
2051 for (ret = ffs->eps_count; ret; --ret) {
2052 struct ffs_ep *ptr;
2053
2054 ptr = vla_ptr(vlabuf, d, eps);
2055 ptr[ret].num = -1;
2056 }
2057
2058 /* Save pointers
2059 * d_eps == vlabuf, func->eps used to kfree vlabuf later
2060 */
2061 func->eps = vla_ptr(vlabuf, d, eps);
2062 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
2063
2064 /*
2065 * Go through all the endpoint descriptors and allocate
2066 * endpoints first, so that later we can rewrite the endpoint
2067 * numbers without worrying that it may be described later on.
2068 */
2069 if (likely(full)) {
2070 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
2071 ret = ffs_do_descs(ffs->fs_descs_count,
2072 vla_ptr(vlabuf, d, raw_descs),
2073 d_raw_descs__sz,
2074 __ffs_func_bind_do_descs, func);
2075 if (unlikely(ret < 0))
2076 goto error;
2077 } else {
2078 ret = 0;
2079 }
2080
2081 if (likely(high)) {
2082 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
2083 ret = ffs_do_descs(ffs->hs_descs_count,
2084 vla_ptr(vlabuf, d, raw_descs) + ret,
2085 d_raw_descs__sz - ret,
2086 __ffs_func_bind_do_descs, func);
2087 if (unlikely(ret < 0))
2088 goto error;
2089 }
2090
2091 /*
2092 * Now handle interface numbers allocation and interface and
2093 * endpoint numbers rewriting. We can do that in one go
2094 * now.
2095 */
2096 ret = ffs_do_descs(ffs->fs_descs_count +
2097 (high ? ffs->hs_descs_count : 0),
2098 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
2099 __ffs_func_bind_do_nums, func);
2100 if (unlikely(ret < 0))
2101 goto error;
2102
2103 /* And we're done */
2104 ffs_event_add(ffs, FUNCTIONFS_BIND);
2105 return 0;
2106
2107 error:
2108 /* XXX Do we need to release all claimed endpoints here? */
2109 return ret;
2110 }
2111
2112 static int ffs_func_bind(struct usb_configuration *c,
2113 struct usb_function *f)
2114 {
2115 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
2116
2117 if (IS_ERR(ffs_opts))
2118 return PTR_ERR(ffs_opts);
2119
2120 return _ffs_func_bind(c, f);
2121 }
2122
2123
2124 /* Other USB function hooks *************************************************/
2125
2126 static int ffs_func_set_alt(struct usb_function *f,
2127 unsigned interface, unsigned alt)
2128 {
2129 struct ffs_function *func = ffs_func_from_usb(f);
2130 struct ffs_data *ffs = func->ffs;
2131 int ret = 0, intf;
2132
2133 if (alt != (unsigned)-1) {
2134 intf = ffs_func_revmap_intf(func, interface);
2135 if (unlikely(intf < 0))
2136 return intf;
2137 }
2138
2139 if (ffs->func)
2140 ffs_func_eps_disable(ffs->func);
2141
2142 if (ffs->state != FFS_ACTIVE)
2143 return -ENODEV;
2144
2145 if (alt == (unsigned)-1) {
2146 ffs->func = NULL;
2147 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
2148 return 0;
2149 }
2150
2151 ffs->func = func;
2152 ret = ffs_func_eps_enable(func);
2153 if (likely(ret >= 0))
2154 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
2155 return ret;
2156 }
2157
2158 static void ffs_func_disable(struct usb_function *f)
2159 {
2160 ffs_func_set_alt(f, 0, (unsigned)-1);
2161 }
2162
2163 static int ffs_func_setup(struct usb_function *f,
2164 const struct usb_ctrlrequest *creq)
2165 {
2166 struct ffs_function *func = ffs_func_from_usb(f);
2167 struct ffs_data *ffs = func->ffs;
2168 unsigned long flags;
2169 int ret;
2170
2171 ENTER();
2172
2173 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
2174 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
2175 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
2176 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
2177 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
2178
2179 /*
2180 * Most requests directed to interface go through here
2181 * (notable exceptions are set/get interface) so we need to
2182 * handle them. All other either handled by composite or
2183 * passed to usb_configuration->setup() (if one is set). No
2184 * matter, we will handle requests directed to endpoint here
2185 * as well (as it's straightforward) but what to do with any
2186 * other request?
2187 */
2188 if (ffs->state != FFS_ACTIVE)
2189 return -ENODEV;
2190
2191 switch (creq->bRequestType & USB_RECIP_MASK) {
2192 case USB_RECIP_INTERFACE:
2193 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
2194 if (unlikely(ret < 0))
2195 return ret;
2196 break;
2197
2198 case USB_RECIP_ENDPOINT:
2199 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
2200 if (unlikely(ret < 0))
2201 return ret;
2202 break;
2203
2204 default:
2205 return -EOPNOTSUPP;
2206 }
2207
2208 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2209 ffs->ev.setup = *creq;
2210 ffs->ev.setup.wIndex = cpu_to_le16(ret);
2211 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
2212 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2213
2214 return 0;
2215 }
2216
2217 static void ffs_func_suspend(struct usb_function *f)
2218 {
2219 ENTER();
2220 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
2221 }
2222
2223 static void ffs_func_resume(struct usb_function *f)
2224 {
2225 ENTER();
2226 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
2227 }
2228
2229
2230 /* Endpoint and interface numbers reverse mapping ***************************/
2231
2232 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
2233 {
2234 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
2235 return num ? num : -EDOM;
2236 }
2237
2238 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
2239 {
2240 short *nums = func->interfaces_nums;
2241 unsigned count = func->ffs->interfaces_count;
2242
2243 for (; count; --count, ++nums) {
2244 if (*nums >= 0 && *nums == intf)
2245 return nums - func->interfaces_nums;
2246 }
2247
2248 return -EDOM;
2249 }
2250
2251
2252 /* Devices management *******************************************************/
2253
2254 static LIST_HEAD(ffs_devices);
2255
2256 static struct ffs_dev *_ffs_find_dev(const char *name)
2257 {
2258 struct ffs_dev *dev;
2259
2260 list_for_each_entry(dev, &ffs_devices, entry) {
2261 if (!dev->name || !name)
2262 continue;
2263 if (strcmp(dev->name, name) == 0)
2264 return dev;
2265 }
2266
2267 return NULL;
2268 }
2269
2270 /*
2271 * ffs_lock must be taken by the caller of this function
2272 */
2273 static struct ffs_dev *ffs_get_single_dev(void)
2274 {
2275 struct ffs_dev *dev;
2276
2277 if (list_is_singular(&ffs_devices)) {
2278 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
2279 if (dev->single)
2280 return dev;
2281 }
2282
2283 return NULL;
2284 }
2285
2286 /*
2287 * ffs_lock must be taken by the caller of this function
2288 */
2289 static struct ffs_dev *ffs_find_dev(const char *name)
2290 {
2291 struct ffs_dev *dev;
2292
2293 dev = ffs_get_single_dev();
2294 if (dev)
2295 return dev;
2296
2297 return _ffs_find_dev(name);
2298 }
2299
2300 /* Configfs support *********************************************************/
2301
2302 static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
2303 {
2304 return container_of(to_config_group(item), struct f_fs_opts,
2305 func_inst.group);
2306 }
2307
2308 static void ffs_attr_release(struct config_item *item)
2309 {
2310 struct f_fs_opts *opts = to_ffs_opts(item);
2311
2312 usb_put_function_instance(&opts->func_inst);
2313 }
2314
2315 static struct configfs_item_operations ffs_item_ops = {
2316 .release = ffs_attr_release,
2317 };
2318
2319 static struct config_item_type ffs_func_type = {
2320 .ct_item_ops = &ffs_item_ops,
2321 .ct_owner = THIS_MODULE,
2322 };
2323
2324
2325 /* Function registration interface ******************************************/
2326
2327 static void ffs_free_inst(struct usb_function_instance *f)
2328 {
2329 struct f_fs_opts *opts;
2330
2331 opts = to_f_fs_opts(f);
2332 ffs_dev_lock();
2333 ffs_free_dev(opts->dev);
2334 ffs_dev_unlock();
2335 kfree(opts);
2336 }
2337
2338 #define MAX_INST_NAME_LEN 40
2339
2340 static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
2341 {
2342 struct f_fs_opts *opts;
2343 char *ptr;
2344 const char *tmp;
2345 int name_len, ret;
2346
2347 name_len = strlen(name) + 1;
2348 if (name_len > MAX_INST_NAME_LEN)
2349 return -ENAMETOOLONG;
2350
2351 ptr = kstrndup(name, name_len, GFP_KERNEL);
2352 if (!ptr)
2353 return -ENOMEM;
2354
2355 opts = to_f_fs_opts(fi);
2356 tmp = NULL;
2357
2358 ffs_dev_lock();
2359
2360 tmp = opts->dev->name_allocated ? opts->dev->name : NULL;
2361 ret = _ffs_name_dev(opts->dev, ptr);
2362 if (ret) {
2363 kfree(ptr);
2364 ffs_dev_unlock();
2365 return ret;
2366 }
2367 opts->dev->name_allocated = true;
2368
2369 ffs_dev_unlock();
2370
2371 kfree(tmp);
2372
2373 return 0;
2374 }
2375
2376 static struct usb_function_instance *ffs_alloc_inst(void)
2377 {
2378 struct f_fs_opts *opts;
2379 struct ffs_dev *dev;
2380
2381 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
2382 if (!opts)
2383 return ERR_PTR(-ENOMEM);
2384
2385 opts->func_inst.set_inst_name = ffs_set_inst_name;
2386 opts->func_inst.free_func_inst = ffs_free_inst;
2387 ffs_dev_lock();
2388 dev = ffs_alloc_dev();
2389 ffs_dev_unlock();
2390 if (IS_ERR(dev)) {
2391 kfree(opts);
2392 return ERR_CAST(dev);
2393 }
2394 opts->dev = dev;
2395 dev->opts = opts;
2396
2397 config_group_init_type_name(&opts->func_inst.group, "",
2398 &ffs_func_type);
2399 return &opts->func_inst;
2400 }
2401
2402 static void ffs_free(struct usb_function *f)
2403 {
2404 kfree(ffs_func_from_usb(f));
2405 }
2406
2407 static void ffs_func_unbind(struct usb_configuration *c,
2408 struct usb_function *f)
2409 {
2410 struct ffs_function *func = ffs_func_from_usb(f);
2411 struct ffs_data *ffs = func->ffs;
2412 struct f_fs_opts *opts =
2413 container_of(f->fi, struct f_fs_opts, func_inst);
2414 struct ffs_ep *ep = func->eps;
2415 unsigned count = ffs->eps_count;
2416 unsigned long flags;
2417
2418 ENTER();
2419 if (ffs->func == func) {
2420 ffs_func_eps_disable(func);
2421 ffs->func = NULL;
2422 }
2423
2424 if (!--opts->refcnt)
2425 functionfs_unbind(ffs);
2426
2427 /* cleanup after autoconfig */
2428 spin_lock_irqsave(&func->ffs->eps_lock, flags);
2429 do {
2430 if (ep->ep && ep->req)
2431 usb_ep_free_request(ep->ep, ep->req);
2432 ep->req = NULL;
2433 ++ep;
2434 } while (--count);
2435 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
2436 kfree(func->eps);
2437 func->eps = NULL;
2438 /*
2439 * eps, descriptors and interfaces_nums are allocated in the
2440 * same chunk so only one free is required.
2441 */
2442 func->function.fs_descriptors = NULL;
2443 func->function.hs_descriptors = NULL;
2444 func->interfaces_nums = NULL;
2445
2446 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
2447 }
2448
2449 static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
2450 {
2451 struct ffs_function *func;
2452
2453 ENTER();
2454
2455 func = kzalloc(sizeof(*func), GFP_KERNEL);
2456 if (unlikely(!func))
2457 return ERR_PTR(-ENOMEM);
2458
2459 func->function.name = "Function FS Gadget";
2460
2461 func->function.bind = ffs_func_bind;
2462 func->function.unbind = ffs_func_unbind;
2463 func->function.set_alt = ffs_func_set_alt;
2464 func->function.disable = ffs_func_disable;
2465 func->function.setup = ffs_func_setup;
2466 func->function.suspend = ffs_func_suspend;
2467 func->function.resume = ffs_func_resume;
2468 func->function.free_func = ffs_free;
2469
2470 return &func->function;
2471 }
2472
2473 /*
2474 * ffs_lock must be taken by the caller of this function
2475 */
2476 struct ffs_dev *ffs_alloc_dev(void)
2477 {
2478 struct ffs_dev *dev;
2479 int ret;
2480
2481 if (ffs_get_single_dev())
2482 return ERR_PTR(-EBUSY);
2483
2484 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2485 if (!dev)
2486 return ERR_PTR(-ENOMEM);
2487
2488 if (list_empty(&ffs_devices)) {
2489 ret = functionfs_init();
2490 if (ret) {
2491 kfree(dev);
2492 return ERR_PTR(ret);
2493 }
2494 }
2495
2496 list_add(&dev->entry, &ffs_devices);
2497
2498 return dev;
2499 }
2500
2501 /*
2502 * ffs_lock must be taken by the caller of this function
2503 * The caller is responsible for "name" being available whenever f_fs needs it
2504 */
2505 static int _ffs_name_dev(struct ffs_dev *dev, const char *name)
2506 {
2507 struct ffs_dev *existing;
2508
2509 existing = _ffs_find_dev(name);
2510 if (existing)
2511 return -EBUSY;
2512
2513 dev->name = name;
2514
2515 return 0;
2516 }
2517
2518 /*
2519 * The caller is responsible for "name" being available whenever f_fs needs it
2520 */
2521 int ffs_name_dev(struct ffs_dev *dev, const char *name)
2522 {
2523 int ret;
2524
2525 ffs_dev_lock();
2526 ret = _ffs_name_dev(dev, name);
2527 ffs_dev_unlock();
2528
2529 return ret;
2530 }
2531 EXPORT_SYMBOL(ffs_name_dev);
2532
2533 int ffs_single_dev(struct ffs_dev *dev)
2534 {
2535 int ret;
2536
2537 ret = 0;
2538 ffs_dev_lock();
2539
2540 if (!list_is_singular(&ffs_devices))
2541 ret = -EBUSY;
2542 else
2543 dev->single = true;
2544
2545 ffs_dev_unlock();
2546 return ret;
2547 }
2548 EXPORT_SYMBOL(ffs_single_dev);
2549
2550 /*
2551 * ffs_lock must be taken by the caller of this function
2552 */
2553 void ffs_free_dev(struct ffs_dev *dev)
2554 {
2555 list_del(&dev->entry);
2556 if (dev->name_allocated)
2557 kfree(dev->name);
2558 kfree(dev);
2559 if (list_empty(&ffs_devices))
2560 functionfs_cleanup();
2561 }
2562
2563 static void *ffs_acquire_dev(const char *dev_name)
2564 {
2565 struct ffs_dev *ffs_dev;
2566
2567 ENTER();
2568 ffs_dev_lock();
2569
2570 ffs_dev = ffs_find_dev(dev_name);
2571 if (!ffs_dev)
2572 ffs_dev = ERR_PTR(-ENODEV);
2573 else if (ffs_dev->mounted)
2574 ffs_dev = ERR_PTR(-EBUSY);
2575 else if (ffs_dev->ffs_acquire_dev_callback &&
2576 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
2577 ffs_dev = ERR_PTR(-ENODEV);
2578 else
2579 ffs_dev->mounted = true;
2580
2581 ffs_dev_unlock();
2582 return ffs_dev;
2583 }
2584
2585 static void ffs_release_dev(struct ffs_data *ffs_data)
2586 {
2587 struct ffs_dev *ffs_dev;
2588
2589 ENTER();
2590 ffs_dev_lock();
2591
2592 ffs_dev = ffs_data->private_data;
2593 if (ffs_dev)
2594 ffs_dev->mounted = false;
2595
2596 if (ffs_dev->ffs_release_dev_callback)
2597 ffs_dev->ffs_release_dev_callback(ffs_dev);
2598
2599 ffs_dev_unlock();
2600 }
2601
2602 static int ffs_ready(struct ffs_data *ffs)
2603 {
2604 struct ffs_dev *ffs_obj;
2605 int ret = 0;
2606
2607 ENTER();
2608 ffs_dev_lock();
2609
2610 ffs_obj = ffs->private_data;
2611 if (!ffs_obj) {
2612 ret = -EINVAL;
2613 goto done;
2614 }
2615 if (WARN_ON(ffs_obj->desc_ready)) {
2616 ret = -EBUSY;
2617 goto done;
2618 }
2619
2620 ffs_obj->desc_ready = true;
2621 ffs_obj->ffs_data = ffs;
2622
2623 if (ffs_obj->ffs_ready_callback)
2624 ret = ffs_obj->ffs_ready_callback(ffs);
2625
2626 done:
2627 ffs_dev_unlock();
2628 return ret;
2629 }
2630
2631 static void ffs_closed(struct ffs_data *ffs)
2632 {
2633 struct ffs_dev *ffs_obj;
2634
2635 ENTER();
2636 ffs_dev_lock();
2637
2638 ffs_obj = ffs->private_data;
2639 if (!ffs_obj)
2640 goto done;
2641
2642 ffs_obj->desc_ready = false;
2643
2644 if (ffs_obj->ffs_closed_callback)
2645 ffs_obj->ffs_closed_callback(ffs);
2646
2647 if (!ffs_obj->opts || ffs_obj->opts->no_configfs
2648 || !ffs_obj->opts->func_inst.group.cg_item.ci_parent)
2649 goto done;
2650
2651 unregister_gadget_item(ffs_obj->opts->
2652 func_inst.group.cg_item.ci_parent->ci_parent);
2653 done:
2654 ffs_dev_unlock();
2655 }
2656
2657 /* Misc helper functions ****************************************************/
2658
2659 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
2660 {
2661 return nonblock
2662 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
2663 : mutex_lock_interruptible(mutex);
2664 }
2665
2666 static char *ffs_prepare_buffer(const char __user *buf, size_t len)
2667 {
2668 char *data;
2669
2670 if (unlikely(!len))
2671 return NULL;
2672
2673 data = kmalloc(len, GFP_KERNEL);
2674 if (unlikely(!data))
2675 return ERR_PTR(-ENOMEM);
2676
2677 if (unlikely(__copy_from_user(data, buf, len))) {
2678 kfree(data);
2679 return ERR_PTR(-EFAULT);
2680 }
2681
2682 pr_vdebug("Buffer from user space:\n");
2683 ffs_dump_mem("", data, len);
2684
2685 return data;
2686 }
2687
2688 DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
2689 MODULE_LICENSE("GPL");
2690 MODULE_AUTHOR("Michal Nazarewicz");
Linux with added FPC-III support