bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / tools / usb / ffs-test.c
blob95dd14648ba51cf9fcc7f86a38e81e8f47aa9f61
1 /*
2 * ffs-test.c -- user mode filesystem api for usb composite function
4 * Copyright (C) 2010 Samsung Electronics
5 * Author: Michal Nazarewicz <mina86@mina86.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 /* $(CROSS_COMPILE)cc -Wall -Wextra -g -o ffs-test ffs-test.c -lpthread */
25 #define _DEFAULT_SOURCE /* for endian.h */
27 #include <endian.h>
28 #include <errno.h>
29 #include <fcntl.h>
30 #include <pthread.h>
31 #include <stdarg.h>
32 #include <stdbool.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <sys/ioctl.h>
37 #include <sys/stat.h>
38 #include <sys/types.h>
39 #include <unistd.h>
40 #include <tools/le_byteshift.h>
42 #include "../../include/uapi/linux/usb/functionfs.h"
45 /******************** Little Endian Handling ********************************/
47 #define cpu_to_le16(x) htole16(x)
48 #define cpu_to_le32(x) htole32(x)
49 #define le32_to_cpu(x) le32toh(x)
50 #define le16_to_cpu(x) le16toh(x)
53 /******************** Messages and Errors ***********************************/
55 static const char argv0[] = "ffs-test";
57 static unsigned verbosity = 7;
59 static void _msg(unsigned level, const char *fmt, ...)
61 if (level < 2)
62 level = 2;
63 else if (level > 7)
64 level = 7;
66 if (level <= verbosity) {
67 static const char levels[8][6] = {
68 [2] = "crit:",
69 [3] = "err: ",
70 [4] = "warn:",
71 [5] = "note:",
72 [6] = "info:",
73 [7] = "dbg: "
76 int _errno = errno;
77 va_list ap;
79 fprintf(stderr, "%s: %s ", argv0, levels[level]);
80 va_start(ap, fmt);
81 vfprintf(stderr, fmt, ap);
82 va_end(ap);
84 if (fmt[strlen(fmt) - 1] != '\n') {
85 char buffer[128];
86 strerror_r(_errno, buffer, sizeof buffer);
87 fprintf(stderr, ": (-%d) %s\n", _errno, buffer);
90 fflush(stderr);
94 #define die(...) (_msg(2, __VA_ARGS__), exit(1))
95 #define err(...) _msg(3, __VA_ARGS__)
96 #define warn(...) _msg(4, __VA_ARGS__)
97 #define note(...) _msg(5, __VA_ARGS__)
98 #define info(...) _msg(6, __VA_ARGS__)
99 #define debug(...) _msg(7, __VA_ARGS__)
101 #define die_on(cond, ...) do { \
102 if (cond) \
103 die(__VA_ARGS__); \
104 } while (0)
107 /******************** Descriptors and Strings *******************************/
109 static const struct {
110 struct usb_functionfs_descs_head_v2 header;
111 __le32 fs_count;
112 __le32 hs_count;
113 __le32 ss_count;
114 struct {
115 struct usb_interface_descriptor intf;
116 struct usb_endpoint_descriptor_no_audio sink;
117 struct usb_endpoint_descriptor_no_audio source;
118 } __attribute__((packed)) fs_descs, hs_descs;
119 struct {
120 struct usb_interface_descriptor intf;
121 struct usb_endpoint_descriptor_no_audio sink;
122 struct usb_ss_ep_comp_descriptor sink_comp;
123 struct usb_endpoint_descriptor_no_audio source;
124 struct usb_ss_ep_comp_descriptor source_comp;
125 } ss_descs;
126 } __attribute__((packed)) descriptors = {
127 .header = {
128 .magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC_V2),
129 .flags = cpu_to_le32(FUNCTIONFS_HAS_FS_DESC |
130 FUNCTIONFS_HAS_HS_DESC |
131 FUNCTIONFS_HAS_SS_DESC),
132 .length = cpu_to_le32(sizeof descriptors),
134 .fs_count = cpu_to_le32(3),
135 .fs_descs = {
136 .intf = {
137 .bLength = sizeof descriptors.fs_descs.intf,
138 .bDescriptorType = USB_DT_INTERFACE,
139 .bNumEndpoints = 2,
140 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
141 .iInterface = 1,
143 .sink = {
144 .bLength = sizeof descriptors.fs_descs.sink,
145 .bDescriptorType = USB_DT_ENDPOINT,
146 .bEndpointAddress = 1 | USB_DIR_IN,
147 .bmAttributes = USB_ENDPOINT_XFER_BULK,
148 /* .wMaxPacketSize = autoconfiguration (kernel) */
150 .source = {
151 .bLength = sizeof descriptors.fs_descs.source,
152 .bDescriptorType = USB_DT_ENDPOINT,
153 .bEndpointAddress = 2 | USB_DIR_OUT,
154 .bmAttributes = USB_ENDPOINT_XFER_BULK,
155 /* .wMaxPacketSize = autoconfiguration (kernel) */
158 .hs_count = cpu_to_le32(3),
159 .hs_descs = {
160 .intf = {
161 .bLength = sizeof descriptors.fs_descs.intf,
162 .bDescriptorType = USB_DT_INTERFACE,
163 .bNumEndpoints = 2,
164 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
165 .iInterface = 1,
167 .sink = {
168 .bLength = sizeof descriptors.hs_descs.sink,
169 .bDescriptorType = USB_DT_ENDPOINT,
170 .bEndpointAddress = 1 | USB_DIR_IN,
171 .bmAttributes = USB_ENDPOINT_XFER_BULK,
172 .wMaxPacketSize = cpu_to_le16(512),
174 .source = {
175 .bLength = sizeof descriptors.hs_descs.source,
176 .bDescriptorType = USB_DT_ENDPOINT,
177 .bEndpointAddress = 2 | USB_DIR_OUT,
178 .bmAttributes = USB_ENDPOINT_XFER_BULK,
179 .wMaxPacketSize = cpu_to_le16(512),
180 .bInterval = 1, /* NAK every 1 uframe */
183 .ss_count = cpu_to_le32(5),
184 .ss_descs = {
185 .intf = {
186 .bLength = sizeof descriptors.fs_descs.intf,
187 .bDescriptorType = USB_DT_INTERFACE,
188 .bNumEndpoints = 2,
189 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
190 .iInterface = 1,
192 .sink = {
193 .bLength = sizeof descriptors.hs_descs.sink,
194 .bDescriptorType = USB_DT_ENDPOINT,
195 .bEndpointAddress = 1 | USB_DIR_IN,
196 .bmAttributes = USB_ENDPOINT_XFER_BULK,
197 .wMaxPacketSize = cpu_to_le16(1024),
199 .sink_comp = {
200 .bLength = USB_DT_SS_EP_COMP_SIZE,
201 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
202 .bMaxBurst = 0,
203 .bmAttributes = 0,
204 .wBytesPerInterval = 0,
206 .source = {
207 .bLength = sizeof descriptors.hs_descs.source,
208 .bDescriptorType = USB_DT_ENDPOINT,
209 .bEndpointAddress = 2 | USB_DIR_OUT,
210 .bmAttributes = USB_ENDPOINT_XFER_BULK,
211 .wMaxPacketSize = cpu_to_le16(1024),
212 .bInterval = 1, /* NAK every 1 uframe */
214 .source_comp = {
215 .bLength = USB_DT_SS_EP_COMP_SIZE,
216 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
217 .bMaxBurst = 0,
218 .bmAttributes = 0,
219 .wBytesPerInterval = 0,
224 static size_t descs_to_legacy(void **legacy, const void *descriptors_v2)
226 const unsigned char *descs_end, *descs_start;
227 __u32 length, fs_count = 0, hs_count = 0, count;
229 /* Read v2 header */
231 const struct {
232 const struct usb_functionfs_descs_head_v2 header;
233 const __le32 counts[];
234 } __attribute__((packed)) *const in = descriptors_v2;
235 const __le32 *counts = in->counts;
236 __u32 flags;
238 if (le32_to_cpu(in->header.magic) !=
239 FUNCTIONFS_DESCRIPTORS_MAGIC_V2)
240 return 0;
241 length = le32_to_cpu(in->header.length);
242 if (length <= sizeof in->header)
243 return 0;
244 length -= sizeof in->header;
245 flags = le32_to_cpu(in->header.flags);
246 if (flags & ~(FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC |
247 FUNCTIONFS_HAS_SS_DESC))
248 return 0;
250 #define GET_NEXT_COUNT_IF_FLAG(ret, flg) do { \
251 if (!(flags & (flg))) \
252 break; \
253 if (length < 4) \
254 return 0; \
255 ret = le32_to_cpu(*counts); \
256 length -= 4; \
257 ++counts; \
258 } while (0)
260 GET_NEXT_COUNT_IF_FLAG(fs_count, FUNCTIONFS_HAS_FS_DESC);
261 GET_NEXT_COUNT_IF_FLAG(hs_count, FUNCTIONFS_HAS_HS_DESC);
262 GET_NEXT_COUNT_IF_FLAG(count, FUNCTIONFS_HAS_SS_DESC);
264 count = fs_count + hs_count;
265 if (!count)
266 return 0;
267 descs_start = (const void *)counts;
269 #undef GET_NEXT_COUNT_IF_FLAG
273 * Find the end of FS and HS USB descriptors. SS descriptors
274 * are ignored since legacy format does not support them.
276 descs_end = descs_start;
277 do {
278 if (length < *descs_end)
279 return 0;
280 length -= *descs_end;
281 descs_end += *descs_end;
282 } while (--count);
284 /* Allocate legacy descriptors and copy the data. */
286 #pragma GCC diagnostic push
287 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
288 struct {
289 struct usb_functionfs_descs_head header;
290 __u8 descriptors[];
291 } __attribute__((packed)) *out;
292 #pragma GCC diagnostic pop
294 length = sizeof out->header + (descs_end - descs_start);
295 out = malloc(length);
296 out->header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC);
297 out->header.length = cpu_to_le32(length);
298 out->header.fs_count = cpu_to_le32(fs_count);
299 out->header.hs_count = cpu_to_le32(hs_count);
300 memcpy(out->descriptors, descs_start, descs_end - descs_start);
301 *legacy = out;
304 return length;
308 #define STR_INTERFACE_ "Source/Sink"
310 static const struct {
311 struct usb_functionfs_strings_head header;
312 struct {
313 __le16 code;
314 const char str1[sizeof STR_INTERFACE_];
315 } __attribute__((packed)) lang0;
316 } __attribute__((packed)) strings = {
317 .header = {
318 .magic = cpu_to_le32(FUNCTIONFS_STRINGS_MAGIC),
319 .length = cpu_to_le32(sizeof strings),
320 .str_count = cpu_to_le32(1),
321 .lang_count = cpu_to_le32(1),
323 .lang0 = {
324 cpu_to_le16(0x0409), /* en-us */
325 STR_INTERFACE_,
329 #define STR_INTERFACE strings.lang0.str1
332 /******************** Files and Threads Handling ****************************/
334 struct thread;
336 static ssize_t read_wrap(struct thread *t, void *buf, size_t nbytes);
337 static ssize_t write_wrap(struct thread *t, const void *buf, size_t nbytes);
338 static ssize_t ep0_consume(struct thread *t, const void *buf, size_t nbytes);
339 static ssize_t fill_in_buf(struct thread *t, void *buf, size_t nbytes);
340 static ssize_t empty_out_buf(struct thread *t, const void *buf, size_t nbytes);
343 static struct thread {
344 const char *const filename;
345 size_t buf_size;
347 ssize_t (*in)(struct thread *, void *, size_t);
348 const char *const in_name;
350 ssize_t (*out)(struct thread *, const void *, size_t);
351 const char *const out_name;
353 int fd;
354 pthread_t id;
355 void *buf;
356 ssize_t status;
357 } threads[] = {
359 "ep0", 4 * sizeof(struct usb_functionfs_event),
360 read_wrap, NULL,
361 ep0_consume, "<consume>",
362 0, 0, NULL, 0
365 "ep1", 8 * 1024,
366 fill_in_buf, "<in>",
367 write_wrap, NULL,
368 0, 0, NULL, 0
371 "ep2", 8 * 1024,
372 read_wrap, NULL,
373 empty_out_buf, "<out>",
374 0, 0, NULL, 0
379 static void init_thread(struct thread *t)
381 t->buf = malloc(t->buf_size);
382 die_on(!t->buf, "malloc");
384 t->fd = open(t->filename, O_RDWR);
385 die_on(t->fd < 0, "%s", t->filename);
388 static void cleanup_thread(void *arg)
390 struct thread *t = arg;
391 int ret, fd;
393 fd = t->fd;
394 if (t->fd < 0)
395 return;
396 t->fd = -1;
398 /* test the FIFO ioctls (non-ep0 code paths) */
399 if (t != threads) {
400 ret = ioctl(fd, FUNCTIONFS_FIFO_STATUS);
401 if (ret < 0) {
402 /* ENODEV reported after disconnect */
403 if (errno != ENODEV)
404 err("%s: get fifo status", t->filename);
405 } else if (ret) {
406 warn("%s: unclaimed = %d\n", t->filename, ret);
407 if (ioctl(fd, FUNCTIONFS_FIFO_FLUSH) < 0)
408 err("%s: fifo flush", t->filename);
412 if (close(fd) < 0)
413 err("%s: close", t->filename);
415 free(t->buf);
416 t->buf = NULL;
419 static void *start_thread_helper(void *arg)
421 const char *name, *op, *in_name, *out_name;
422 struct thread *t = arg;
423 ssize_t ret;
425 info("%s: starts\n", t->filename);
426 in_name = t->in_name ? t->in_name : t->filename;
427 out_name = t->out_name ? t->out_name : t->filename;
429 pthread_cleanup_push(cleanup_thread, arg);
431 for (;;) {
432 pthread_testcancel();
434 ret = t->in(t, t->buf, t->buf_size);
435 if (ret > 0) {
436 ret = t->out(t, t->buf, ret);
437 name = out_name;
438 op = "write";
439 } else {
440 name = in_name;
441 op = "read";
444 if (ret > 0) {
445 /* nop */
446 } else if (!ret) {
447 debug("%s: %s: EOF", name, op);
448 break;
449 } else if (errno == EINTR || errno == EAGAIN) {
450 debug("%s: %s", name, op);
451 } else {
452 warn("%s: %s", name, op);
453 break;
457 pthread_cleanup_pop(1);
459 t->status = ret;
460 info("%s: ends\n", t->filename);
461 return NULL;
464 static void start_thread(struct thread *t)
466 debug("%s: starting\n", t->filename);
468 die_on(pthread_create(&t->id, NULL, start_thread_helper, t) < 0,
469 "pthread_create(%s)", t->filename);
472 static void join_thread(struct thread *t)
474 int ret = pthread_join(t->id, NULL);
476 if (ret < 0)
477 err("%s: joining thread", t->filename);
478 else
479 debug("%s: joined\n", t->filename);
483 static ssize_t read_wrap(struct thread *t, void *buf, size_t nbytes)
485 return read(t->fd, buf, nbytes);
488 static ssize_t write_wrap(struct thread *t, const void *buf, size_t nbytes)
490 return write(t->fd, buf, nbytes);
494 /******************** Empty/Fill buffer routines ****************************/
496 /* 0 -- stream of zeros, 1 -- i % 63, 2 -- pipe */
497 enum pattern { PAT_ZERO, PAT_SEQ, PAT_PIPE };
498 static enum pattern pattern;
500 static ssize_t
501 fill_in_buf(struct thread *ignore, void *buf, size_t nbytes)
503 size_t i;
504 __u8 *p;
506 (void)ignore;
508 switch (pattern) {
509 case PAT_ZERO:
510 memset(buf, 0, nbytes);
511 break;
513 case PAT_SEQ:
514 for (p = buf, i = 0; i < nbytes; ++i, ++p)
515 *p = i % 63;
516 break;
518 case PAT_PIPE:
519 return fread(buf, 1, nbytes, stdin);
522 return nbytes;
525 static ssize_t
526 empty_out_buf(struct thread *ignore, const void *buf, size_t nbytes)
528 const __u8 *p;
529 __u8 expected;
530 ssize_t ret;
531 size_t len;
533 (void)ignore;
535 switch (pattern) {
536 case PAT_ZERO:
537 expected = 0;
538 for (p = buf, len = 0; len < nbytes; ++p, ++len)
539 if (*p)
540 goto invalid;
541 break;
543 case PAT_SEQ:
544 for (p = buf, len = 0; len < nbytes; ++p, ++len)
545 if (*p != len % 63) {
546 expected = len % 63;
547 goto invalid;
549 break;
551 case PAT_PIPE:
552 ret = fwrite(buf, nbytes, 1, stdout);
553 if (ret > 0)
554 fflush(stdout);
555 break;
557 invalid:
558 err("bad OUT byte %zd, expected %02x got %02x\n",
559 len, expected, *p);
560 for (p = buf, len = 0; len < nbytes; ++p, ++len) {
561 if (0 == (len % 32))
562 fprintf(stderr, "%4zd:", len);
563 fprintf(stderr, " %02x", *p);
564 if (31 == (len % 32))
565 fprintf(stderr, "\n");
567 fflush(stderr);
568 errno = EILSEQ;
569 return -1;
572 return len;
576 /******************** Endpoints routines ************************************/
578 static void handle_setup(const struct usb_ctrlrequest *setup)
580 printf("bRequestType = %d\n", setup->bRequestType);
581 printf("bRequest = %d\n", setup->bRequest);
582 printf("wValue = %d\n", le16_to_cpu(setup->wValue));
583 printf("wIndex = %d\n", le16_to_cpu(setup->wIndex));
584 printf("wLength = %d\n", le16_to_cpu(setup->wLength));
587 static ssize_t
588 ep0_consume(struct thread *ignore, const void *buf, size_t nbytes)
590 static const char *const names[] = {
591 [FUNCTIONFS_BIND] = "BIND",
592 [FUNCTIONFS_UNBIND] = "UNBIND",
593 [FUNCTIONFS_ENABLE] = "ENABLE",
594 [FUNCTIONFS_DISABLE] = "DISABLE",
595 [FUNCTIONFS_SETUP] = "SETUP",
596 [FUNCTIONFS_SUSPEND] = "SUSPEND",
597 [FUNCTIONFS_RESUME] = "RESUME",
600 const struct usb_functionfs_event *event = buf;
601 size_t n;
603 (void)ignore;
605 for (n = nbytes / sizeof *event; n; --n, ++event)
606 switch (event->type) {
607 case FUNCTIONFS_BIND:
608 case FUNCTIONFS_UNBIND:
609 case FUNCTIONFS_ENABLE:
610 case FUNCTIONFS_DISABLE:
611 case FUNCTIONFS_SETUP:
612 case FUNCTIONFS_SUSPEND:
613 case FUNCTIONFS_RESUME:
614 printf("Event %s\n", names[event->type]);
615 if (event->type == FUNCTIONFS_SETUP)
616 handle_setup(&event->u.setup);
617 break;
619 default:
620 printf("Event %03u (unknown)\n", event->type);
623 return nbytes;
626 static void ep0_init(struct thread *t, bool legacy_descriptors)
628 void *legacy;
629 ssize_t ret;
630 size_t len;
632 if (legacy_descriptors) {
633 info("%s: writing descriptors\n", t->filename);
634 goto legacy;
637 info("%s: writing descriptors (in v2 format)\n", t->filename);
638 ret = write(t->fd, &descriptors, sizeof descriptors);
640 if (ret < 0 && errno == EINVAL) {
641 warn("%s: new format rejected, trying legacy\n", t->filename);
642 legacy:
643 len = descs_to_legacy(&legacy, &descriptors);
644 if (len) {
645 ret = write(t->fd, legacy, len);
646 free(legacy);
649 die_on(ret < 0, "%s: write: descriptors", t->filename);
651 info("%s: writing strings\n", t->filename);
652 ret = write(t->fd, &strings, sizeof strings);
653 die_on(ret < 0, "%s: write: strings", t->filename);
657 /******************** Main **************************************************/
659 int main(int argc, char **argv)
661 bool legacy_descriptors;
662 unsigned i;
664 legacy_descriptors = argc > 2 && !strcmp(argv[1], "-l");
666 init_thread(threads);
667 ep0_init(threads, legacy_descriptors);
669 for (i = 1; i < sizeof threads / sizeof *threads; ++i)
670 init_thread(threads + i);
672 for (i = 1; i < sizeof threads / sizeof *threads; ++i)
673 start_thread(threads + i);
675 start_thread_helper(threads);
677 for (i = 1; i < sizeof threads / sizeof *threads; ++i)
678 join_thread(threads + i);
680 return 0;