]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - drivers/usb/gadget/f_fs.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branches 'regulator/topic/s5m8767', 'regulator/topic/st-pwm...
[mirror_ubuntu-artful-kernel.git] / drivers / usb / gadget / f_fs.c
1 /*
2 * f_fs.c -- user mode file system API for USB composite function controllers
3 *
4 * Copyright (C) 2010 Samsung Electronics
5 * Author: Michal Nazarewicz <mina86@mina86.com>
6 *
7 * Based on inode.c (GadgetFS) which was:
8 * Copyright (C) 2003-2004 David Brownell
9 * Copyright (C) 2003 Agilent Technologies
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 */
16
17
18 /* #define DEBUG */
19 /* #define VERBOSE_DEBUG */
20
21 #include <linux/blkdev.h>
22 #include <linux/pagemap.h>
23 #include <linux/export.h>
24 #include <linux/hid.h>
25 #include <linux/module.h>
26 #include <asm/unaligned.h>
27
28 #include <linux/usb/composite.h>
29 #include <linux/usb/functionfs.h>
30
31 #include "u_fs.h"
32 #include "configfs.h"
33
34 #define FUNCTIONFS_MAGIC 0xa647361 /* Chosen by a honest dice roll ;) */
35
36 /* Variable Length Array Macros **********************************************/
37 #define vla_group(groupname) size_t groupname##__next = 0
38 #define vla_group_size(groupname) groupname##__next
39
40 #define vla_item(groupname, type, name, n) \
41 size_t groupname##_##name##__offset = ({ \
42 size_t align_mask = __alignof__(type) - 1; \
43 size_t offset = (groupname##__next + align_mask) & ~align_mask;\
44 size_t size = (n) * sizeof(type); \
45 groupname##__next = offset + size; \
46 offset; \
47 })
48
49 #define vla_item_with_sz(groupname, type, name, n) \
50 size_t groupname##_##name##__sz = (n) * sizeof(type); \
51 size_t groupname##_##name##__offset = ({ \
52 size_t align_mask = __alignof__(type) - 1; \
53 size_t offset = (groupname##__next + align_mask) & ~align_mask;\
54 size_t size = groupname##_##name##__sz; \
55 groupname##__next = offset + size; \
56 offset; \
57 })
58
59 #define vla_ptr(ptr, groupname, name) \
60 ((void *) ((char *)ptr + groupname##_##name##__offset))
61
62 /* Reference counter handling */
63 static void ffs_data_get(struct ffs_data *ffs);
64 static void ffs_data_put(struct ffs_data *ffs);
65 /* Creates new ffs_data object. */
66 static struct ffs_data *__must_check ffs_data_new(void) __attribute__((malloc));
67
68 /* Opened counter handling. */
69 static void ffs_data_opened(struct ffs_data *ffs);
70 static void ffs_data_closed(struct ffs_data *ffs);
71
72 /* Called with ffs->mutex held; take over ownership of data. */
73 static int __must_check
74 __ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
75 static int __must_check
76 __ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
77
78
79 /* The function structure ***************************************************/
80
81 struct ffs_ep;
82
83 struct ffs_function {
84 struct usb_configuration *conf;
85 struct usb_gadget *gadget;
86 struct ffs_data *ffs;
87
88 struct ffs_ep *eps;
89 u8 eps_revmap[16];
90 short *interfaces_nums;
91
92 struct usb_function function;
93 };
94
95
96 static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
97 {
98 return container_of(f, struct ffs_function, function);
99 }
100
101
102 static void ffs_func_eps_disable(struct ffs_function *func);
103 static int __must_check ffs_func_eps_enable(struct ffs_function *func);
104
105 static int ffs_func_bind(struct usb_configuration *,
106 struct usb_function *);
107 static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
108 static void ffs_func_disable(struct usb_function *);
109 static int ffs_func_setup(struct usb_function *,
110 const struct usb_ctrlrequest *);
111 static void ffs_func_suspend(struct usb_function *);
112 static void ffs_func_resume(struct usb_function *);
113
114
115 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
116 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
117
118
119 /* The endpoints structures *************************************************/
120
121 struct ffs_ep {
122 struct usb_ep *ep; /* P: ffs->eps_lock */
123 struct usb_request *req; /* P: epfile->mutex */
124
125 /* [0]: full speed, [1]: high speed */
126 struct usb_endpoint_descriptor *descs[2];
127
128 u8 num;
129
130 int status; /* P: epfile->mutex */
131 };
132
133 struct ffs_epfile {
134 /* Protects ep->ep and ep->req. */
135 struct mutex mutex;
136 wait_queue_head_t wait;
137
138 struct ffs_data *ffs;
139 struct ffs_ep *ep; /* P: ffs->eps_lock */
140
141 struct dentry *dentry;
142
143 char name[5];
144
145 unsigned char in; /* P: ffs->eps_lock */
146 unsigned char isoc; /* P: ffs->eps_lock */
147
148 unsigned char _pad;
149 };
150
151 static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
152 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
153
154 static struct inode *__must_check
155 ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
156 const struct file_operations *fops,
157 struct dentry **dentry_p);
158
159 /* Devices management *******************************************************/
160
161 DEFINE_MUTEX(ffs_lock);
162 EXPORT_SYMBOL(ffs_lock);
163
164 static struct ffs_dev *ffs_find_dev(const char *name);
165 static int _ffs_name_dev(struct ffs_dev *dev, const char *name);
166 static void *ffs_acquire_dev(const char *dev_name);
167 static void ffs_release_dev(struct ffs_data *ffs_data);
168 static int ffs_ready(struct ffs_data *ffs);
169 static void ffs_closed(struct ffs_data *ffs);
170
171 /* Misc helper functions ****************************************************/
172
173 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
174 __attribute__((warn_unused_result, nonnull));
175 static char *ffs_prepare_buffer(const char __user *buf, size_t len)
176 __attribute__((warn_unused_result, nonnull));
177
178
179 /* Control file aka ep0 *****************************************************/
180
181 static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
182 {
183 struct ffs_data *ffs = req->context;
184
185 complete_all(&ffs->ep0req_completion);
186 }
187
188 static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
189 {
190 struct usb_request *req = ffs->ep0req;
191 int ret;
192
193 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
194
195 spin_unlock_irq(&ffs->ev.waitq.lock);
196
197 req->buf = data;
198 req->length = len;
199
200 /*
201 * UDC layer requires to provide a buffer even for ZLP, but should
202 * not use it at all. Let's provide some poisoned pointer to catch
203 * possible bug in the driver.
204 */
205 if (req->buf == NULL)
206 req->buf = (void *)0xDEADBABE;
207
208 reinit_completion(&ffs->ep0req_completion);
209
210 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
211 if (unlikely(ret < 0))
212 return ret;
213
214 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
215 if (unlikely(ret)) {
216 usb_ep_dequeue(ffs->gadget->ep0, req);
217 return -EINTR;
218 }
219
220 ffs->setup_state = FFS_NO_SETUP;
221 return ffs->ep0req_status;
222 }
223
224 static int __ffs_ep0_stall(struct ffs_data *ffs)
225 {
226 if (ffs->ev.can_stall) {
227 pr_vdebug("ep0 stall\n");
228 usb_ep_set_halt(ffs->gadget->ep0);
229 ffs->setup_state = FFS_NO_SETUP;
230 return -EL2HLT;
231 } else {
232 pr_debug("bogus ep0 stall!\n");
233 return -ESRCH;
234 }
235 }
236
237 static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
238 size_t len, loff_t *ptr)
239 {
240 struct ffs_data *ffs = file->private_data;
241 ssize_t ret;
242 char *data;
243
244 ENTER();
245
246 /* Fast check if setup was canceled */
247 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED)
248 return -EIDRM;
249
250 /* Acquire mutex */
251 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
252 if (unlikely(ret < 0))
253 return ret;
254
255 /* Check state */
256 switch (ffs->state) {
257 case FFS_READ_DESCRIPTORS:
258 case FFS_READ_STRINGS:
259 /* Copy data */
260 if (unlikely(len < 16)) {
261 ret = -EINVAL;
262 break;
263 }
264
265 data = ffs_prepare_buffer(buf, len);
266 if (IS_ERR(data)) {
267 ret = PTR_ERR(data);
268 break;
269 }
270
271 /* Handle data */
272 if (ffs->state == FFS_READ_DESCRIPTORS) {
273 pr_info("read descriptors\n");
274 ret = __ffs_data_got_descs(ffs, data, len);
275 if (unlikely(ret < 0))
276 break;
277
278 ffs->state = FFS_READ_STRINGS;
279 ret = len;
280 } else {
281 pr_info("read strings\n");
282 ret = __ffs_data_got_strings(ffs, data, len);
283 if (unlikely(ret < 0))
284 break;
285
286 ret = ffs_epfiles_create(ffs);
287 if (unlikely(ret)) {
288 ffs->state = FFS_CLOSING;
289 break;
290 }
291
292 ffs->state = FFS_ACTIVE;
293 mutex_unlock(&ffs->mutex);
294
295 ret = ffs_ready(ffs);
296 if (unlikely(ret < 0)) {
297 ffs->state = FFS_CLOSING;
298 return ret;
299 }
300
301 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
302 return len;
303 }
304 break;
305
306 case FFS_ACTIVE:
307 data = NULL;
308 /*
309 * We're called from user space, we can use _irq
310 * rather then _irqsave
311 */
312 spin_lock_irq(&ffs->ev.waitq.lock);
313 switch (FFS_SETUP_STATE(ffs)) {
314 case FFS_SETUP_CANCELED:
315 ret = -EIDRM;
316 goto done_spin;
317
318 case FFS_NO_SETUP:
319 ret = -ESRCH;
320 goto done_spin;
321
322 case FFS_SETUP_PENDING:
323 break;
324 }
325
326 /* FFS_SETUP_PENDING */
327 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
328 spin_unlock_irq(&ffs->ev.waitq.lock);
329 ret = __ffs_ep0_stall(ffs);
330 break;
331 }
332
333 /* FFS_SETUP_PENDING and not stall */
334 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
335
336 spin_unlock_irq(&ffs->ev.waitq.lock);
337
338 data = ffs_prepare_buffer(buf, len);
339 if (IS_ERR(data)) {
340 ret = PTR_ERR(data);
341 break;
342 }
343
344 spin_lock_irq(&ffs->ev.waitq.lock);
345
346 /*
347 * We are guaranteed to be still in FFS_ACTIVE state
348 * but the state of setup could have changed from
349 * FFS_SETUP_PENDING to FFS_SETUP_CANCELED so we need
350 * to check for that. If that happened we copied data
351 * from user space in vain but it's unlikely.
352 *
353 * For sure we are not in FFS_NO_SETUP since this is
354 * the only place FFS_SETUP_PENDING -> FFS_NO_SETUP
355 * transition can be performed and it's protected by
356 * mutex.
357 */
358 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) {
359 ret = -EIDRM;
360 done_spin:
361 spin_unlock_irq(&ffs->ev.waitq.lock);
362 } else {
363 /* unlocks spinlock */
364 ret = __ffs_ep0_queue_wait(ffs, data, len);
365 }
366 kfree(data);
367 break;
368
369 default:
370 ret = -EBADFD;
371 break;
372 }
373
374 mutex_unlock(&ffs->mutex);
375 return ret;
376 }
377
378 static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
379 size_t n)
380 {
381 /*
382 * We are holding ffs->ev.waitq.lock and ffs->mutex and we need
383 * to release them.
384 */
385 struct usb_functionfs_event events[n];
386 unsigned i = 0;
387
388 memset(events, 0, sizeof events);
389
390 do {
391 events[i].type = ffs->ev.types[i];
392 if (events[i].type == FUNCTIONFS_SETUP) {
393 events[i].u.setup = ffs->ev.setup;
394 ffs->setup_state = FFS_SETUP_PENDING;
395 }
396 } while (++i < n);
397
398 if (n < ffs->ev.count) {
399 ffs->ev.count -= n;
400 memmove(ffs->ev.types, ffs->ev.types + n,
401 ffs->ev.count * sizeof *ffs->ev.types);
402 } else {
403 ffs->ev.count = 0;
404 }
405
406 spin_unlock_irq(&ffs->ev.waitq.lock);
407 mutex_unlock(&ffs->mutex);
408
409 return unlikely(__copy_to_user(buf, events, sizeof events))
410 ? -EFAULT : sizeof events;
411 }
412
413 static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
414 size_t len, loff_t *ptr)
415 {
416 struct ffs_data *ffs = file->private_data;
417 char *data = NULL;
418 size_t n;
419 int ret;
420
421 ENTER();
422
423 /* Fast check if setup was canceled */
424 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED)
425 return -EIDRM;
426
427 /* Acquire mutex */
428 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
429 if (unlikely(ret < 0))
430 return ret;
431
432 /* Check state */
433 if (ffs->state != FFS_ACTIVE) {
434 ret = -EBADFD;
435 goto done_mutex;
436 }
437
438 /*
439 * We're called from user space, we can use _irq rather then
440 * _irqsave
441 */
442 spin_lock_irq(&ffs->ev.waitq.lock);
443
444 switch (FFS_SETUP_STATE(ffs)) {
445 case FFS_SETUP_CANCELED:
446 ret = -EIDRM;
447 break;
448
449 case FFS_NO_SETUP:
450 n = len / sizeof(struct usb_functionfs_event);
451 if (unlikely(!n)) {
452 ret = -EINVAL;
453 break;
454 }
455
456 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
457 ret = -EAGAIN;
458 break;
459 }
460
461 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
462 ffs->ev.count)) {
463 ret = -EINTR;
464 break;
465 }
466
467 return __ffs_ep0_read_events(ffs, buf,
468 min(n, (size_t)ffs->ev.count));
469
470 case FFS_SETUP_PENDING:
471 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
472 spin_unlock_irq(&ffs->ev.waitq.lock);
473 ret = __ffs_ep0_stall(ffs);
474 goto done_mutex;
475 }
476
477 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
478
479 spin_unlock_irq(&ffs->ev.waitq.lock);
480
481 if (likely(len)) {
482 data = kmalloc(len, GFP_KERNEL);
483 if (unlikely(!data)) {
484 ret = -ENOMEM;
485 goto done_mutex;
486 }
487 }
488
489 spin_lock_irq(&ffs->ev.waitq.lock);
490
491 /* See ffs_ep0_write() */
492 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) {
493 ret = -EIDRM;
494 break;
495 }
496
497 /* unlocks spinlock */
498 ret = __ffs_ep0_queue_wait(ffs, data, len);
499 if (likely(ret > 0) && unlikely(__copy_to_user(buf, data, len)))
500 ret = -EFAULT;
501 goto done_mutex;
502
503 default:
504 ret = -EBADFD;
505 break;
506 }
507
508 spin_unlock_irq(&ffs->ev.waitq.lock);
509 done_mutex:
510 mutex_unlock(&ffs->mutex);
511 kfree(data);
512 return ret;
513 }
514
515 static int ffs_ep0_open(struct inode *inode, struct file *file)
516 {
517 struct ffs_data *ffs = inode->i_private;
518
519 ENTER();
520
521 if (unlikely(ffs->state == FFS_CLOSING))
522 return -EBUSY;
523
524 file->private_data = ffs;
525 ffs_data_opened(ffs);
526
527 return 0;
528 }
529
530 static int ffs_ep0_release(struct inode *inode, struct file *file)
531 {
532 struct ffs_data *ffs = file->private_data;
533
534 ENTER();
535
536 ffs_data_closed(ffs);
537
538 return 0;
539 }
540
541 static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
542 {
543 struct ffs_data *ffs = file->private_data;
544 struct usb_gadget *gadget = ffs->gadget;
545 long ret;
546
547 ENTER();
548
549 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
550 struct ffs_function *func = ffs->func;
551 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
552 } else if (gadget && gadget->ops->ioctl) {
553 ret = gadget->ops->ioctl(gadget, code, value);
554 } else {
555 ret = -ENOTTY;
556 }
557
558 return ret;
559 }
560
561 static const struct file_operations ffs_ep0_operations = {
562 .llseek = no_llseek,
563
564 .open = ffs_ep0_open,
565 .write = ffs_ep0_write,
566 .read = ffs_ep0_read,
567 .release = ffs_ep0_release,
568 .unlocked_ioctl = ffs_ep0_ioctl,
569 };
570
571
572 /* "Normal" endpoints operations ********************************************/
573
574 static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
575 {
576 ENTER();
577 if (likely(req->context)) {
578 struct ffs_ep *ep = _ep->driver_data;
579 ep->status = req->status ? req->status : req->actual;
580 complete(req->context);
581 }
582 }
583
584 static ssize_t ffs_epfile_io(struct file *file,
585 char __user *buf, size_t len, int read)
586 {
587 struct ffs_epfile *epfile = file->private_data;
588 struct ffs_ep *ep;
589 char *data = NULL;
590 ssize_t ret, data_len;
591 int halt;
592
593 /* Are we still active? */
594 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) {
595 ret = -ENODEV;
596 goto error;
597 }
598
599 /* Wait for endpoint to be enabled */
600 ep = epfile->ep;
601 if (!ep) {
602 if (file->f_flags & O_NONBLOCK) {
603 ret = -EAGAIN;
604 goto error;
605 }
606
607 ret = wait_event_interruptible(epfile->wait, (ep = epfile->ep));
608 if (ret) {
609 ret = -EINTR;
610 goto error;
611 }
612 }
613
614 /* Do we halt? */
615 halt = !read == !epfile->in;
616 if (halt && epfile->isoc) {
617 ret = -EINVAL;
618 goto error;
619 }
620
621 /* Allocate & copy */
622 if (!halt) {
623 /*
624 * if we _do_ wait above, the epfile->ffs->gadget might be NULL
625 * before the waiting completes, so do not assign to 'gadget' earlier
626 */
627 struct usb_gadget *gadget = epfile->ffs->gadget;
628
629 /*
630 * Controller may require buffer size to be aligned to
631 * maxpacketsize of an out endpoint.
632 */
633 data_len = read ? usb_ep_align_maybe(gadget, ep->ep, len) : len;
634
635 data = kmalloc(data_len, GFP_KERNEL);
636 if (unlikely(!data))
637 return -ENOMEM;
638
639 if (!read && unlikely(copy_from_user(data, buf, len))) {
640 ret = -EFAULT;
641 goto error;
642 }
643 }
644
645 /* We will be using request */
646 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
647 if (unlikely(ret))
648 goto error;
649
650 spin_lock_irq(&epfile->ffs->eps_lock);
651
652 if (epfile->ep != ep) {
653 /* In the meantime, endpoint got disabled or changed. */
654 ret = -ESHUTDOWN;
655 spin_unlock_irq(&epfile->ffs->eps_lock);
656 } else if (halt) {
657 /* Halt */
658 if (likely(epfile->ep == ep) && !WARN_ON(!ep->ep))
659 usb_ep_set_halt(ep->ep);
660 spin_unlock_irq(&epfile->ffs->eps_lock);
661 ret = -EBADMSG;
662 } else {
663 /* Fire the request */
664 DECLARE_COMPLETION_ONSTACK(done);
665
666 struct usb_request *req = ep->req;
667 req->context = &done;
668 req->complete = ffs_epfile_io_complete;
669 req->buf = data;
670 req->length = data_len;
671
672 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
673
674 spin_unlock_irq(&epfile->ffs->eps_lock);
675
676 if (unlikely(ret < 0)) {
677 /* nop */
678 } else if (unlikely(wait_for_completion_interruptible(&done))) {
679 ret = -EINTR;
680 usb_ep_dequeue(ep->ep, req);
681 } else {
682 /*
683 * XXX We may end up silently droping data here.
684 * Since data_len (i.e. req->length) may be bigger
685 * than len (after being rounded up to maxpacketsize),
686 * we may end up with more data then user space has
687 * space for.
688 */
689 ret = ep->status;
690 if (read && ret > 0 &&
691 unlikely(copy_to_user(buf, data,
692 min_t(size_t, ret, len))))
693 ret = -EFAULT;
694 }
695 }
696
697 mutex_unlock(&epfile->mutex);
698 error:
699 kfree(data);
700 return ret;
701 }
702
703 static ssize_t
704 ffs_epfile_write(struct file *file, const char __user *buf, size_t len,
705 loff_t *ptr)
706 {
707 ENTER();
708
709 return ffs_epfile_io(file, (char __user *)buf, len, 0);
710 }
711
712 static ssize_t
713 ffs_epfile_read(struct file *file, char __user *buf, size_t len, loff_t *ptr)
714 {
715 ENTER();
716
717 return ffs_epfile_io(file, buf, len, 1);
718 }
719
720 static int
721 ffs_epfile_open(struct inode *inode, struct file *file)
722 {
723 struct ffs_epfile *epfile = inode->i_private;
724
725 ENTER();
726
727 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
728 return -ENODEV;
729
730 file->private_data = epfile;
731 ffs_data_opened(epfile->ffs);
732
733 return 0;
734 }
735
736 static int
737 ffs_epfile_release(struct inode *inode, struct file *file)
738 {
739 struct ffs_epfile *epfile = inode->i_private;
740
741 ENTER();
742
743 ffs_data_closed(epfile->ffs);
744
745 return 0;
746 }
747
748 static long ffs_epfile_ioctl(struct file *file, unsigned code,
749 unsigned long value)
750 {
751 struct ffs_epfile *epfile = file->private_data;
752 int ret;
753
754 ENTER();
755
756 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
757 return -ENODEV;
758
759 spin_lock_irq(&epfile->ffs->eps_lock);
760 if (likely(epfile->ep)) {
761 switch (code) {
762 case FUNCTIONFS_FIFO_STATUS:
763 ret = usb_ep_fifo_status(epfile->ep->ep);
764 break;
765 case FUNCTIONFS_FIFO_FLUSH:
766 usb_ep_fifo_flush(epfile->ep->ep);
767 ret = 0;
768 break;
769 case FUNCTIONFS_CLEAR_HALT:
770 ret = usb_ep_clear_halt(epfile->ep->ep);
771 break;
772 case FUNCTIONFS_ENDPOINT_REVMAP:
773 ret = epfile->ep->num;
774 break;
775 default:
776 ret = -ENOTTY;
777 }
778 } else {
779 ret = -ENODEV;
780 }
781 spin_unlock_irq(&epfile->ffs->eps_lock);
782
783 return ret;
784 }
785
786 static const struct file_operations ffs_epfile_operations = {
787 .llseek = no_llseek,
788
789 .open = ffs_epfile_open,
790 .write = ffs_epfile_write,
791 .read = ffs_epfile_read,
792 .release = ffs_epfile_release,
793 .unlocked_ioctl = ffs_epfile_ioctl,
794 };
795
796
797 /* File system and super block operations ***********************************/
798
799 /*
800 * Mounting the file system creates a controller file, used first for
801 * function configuration then later for event monitoring.
802 */
803
804 static struct inode *__must_check
805 ffs_sb_make_inode(struct super_block *sb, void *data,
806 const struct file_operations *fops,
807 const struct inode_operations *iops,
808 struct ffs_file_perms *perms)
809 {
810 struct inode *inode;
811
812 ENTER();
813
814 inode = new_inode(sb);
815
816 if (likely(inode)) {
817 struct timespec current_time = CURRENT_TIME;
818
819 inode->i_ino = get_next_ino();
820 inode->i_mode = perms->mode;
821 inode->i_uid = perms->uid;
822 inode->i_gid = perms->gid;
823 inode->i_atime = current_time;
824 inode->i_mtime = current_time;
825 inode->i_ctime = current_time;
826 inode->i_private = data;
827 if (fops)
828 inode->i_fop = fops;
829 if (iops)
830 inode->i_op = iops;
831 }
832
833 return inode;
834 }
835
836 /* Create "regular" file */
837 static struct inode *ffs_sb_create_file(struct super_block *sb,
838 const char *name, void *data,
839 const struct file_operations *fops,
840 struct dentry **dentry_p)
841 {
842 struct ffs_data *ffs = sb->s_fs_info;
843 struct dentry *dentry;
844 struct inode *inode;
845
846 ENTER();
847
848 dentry = d_alloc_name(sb->s_root, name);
849 if (unlikely(!dentry))
850 return NULL;
851
852 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
853 if (unlikely(!inode)) {
854 dput(dentry);
855 return NULL;
856 }
857
858 d_add(dentry, inode);
859 if (dentry_p)
860 *dentry_p = dentry;
861
862 return inode;
863 }
864
865 /* Super block */
866 static const struct super_operations ffs_sb_operations = {
867 .statfs = simple_statfs,
868 .drop_inode = generic_delete_inode,
869 };
870
871 struct ffs_sb_fill_data {
872 struct ffs_file_perms perms;
873 umode_t root_mode;
874 const char *dev_name;
875 struct ffs_data *ffs_data;
876 };
877
878 static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
879 {
880 struct ffs_sb_fill_data *data = _data;
881 struct inode *inode;
882 struct ffs_data *ffs = data->ffs_data;
883
884 ENTER();
885
886 ffs->sb = sb;
887 data->ffs_data = NULL;
888 sb->s_fs_info = ffs;
889 sb->s_blocksize = PAGE_CACHE_SIZE;
890 sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
891 sb->s_magic = FUNCTIONFS_MAGIC;
892 sb->s_op = &ffs_sb_operations;
893 sb->s_time_gran = 1;
894
895 /* Root inode */
896 data->perms.mode = data->root_mode;
897 inode = ffs_sb_make_inode(sb, NULL,
898 &simple_dir_operations,
899 &simple_dir_inode_operations,
900 &data->perms);
901 sb->s_root = d_make_root(inode);
902 if (unlikely(!sb->s_root))
903 return -ENOMEM;
904
905 /* EP0 file */
906 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
907 &ffs_ep0_operations, NULL)))
908 return -ENOMEM;
909
910 return 0;
911 }
912
913 static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
914 {
915 ENTER();
916
917 if (!opts || !*opts)
918 return 0;
919
920 for (;;) {
921 unsigned long value;
922 char *eq, *comma;
923
924 /* Option limit */
925 comma = strchr(opts, ',');
926 if (comma)
927 *comma = 0;
928
929 /* Value limit */
930 eq = strchr(opts, '=');
931 if (unlikely(!eq)) {
932 pr_err("'=' missing in %s\n", opts);
933 return -EINVAL;
934 }
935 *eq = 0;
936
937 /* Parse value */
938 if (kstrtoul(eq + 1, 0, &value)) {
939 pr_err("%s: invalid value: %s\n", opts, eq + 1);
940 return -EINVAL;
941 }
942
943 /* Interpret option */
944 switch (eq - opts) {
945 case 5:
946 if (!memcmp(opts, "rmode", 5))
947 data->root_mode = (value & 0555) | S_IFDIR;
948 else if (!memcmp(opts, "fmode", 5))
949 data->perms.mode = (value & 0666) | S_IFREG;
950 else
951 goto invalid;
952 break;
953
954 case 4:
955 if (!memcmp(opts, "mode", 4)) {
956 data->root_mode = (value & 0555) | S_IFDIR;
957 data->perms.mode = (value & 0666) | S_IFREG;
958 } else {
959 goto invalid;
960 }
961 break;
962
963 case 3:
964 if (!memcmp(opts, "uid", 3)) {
965 data->perms.uid = make_kuid(current_user_ns(), value);
966 if (!uid_valid(data->perms.uid)) {
967 pr_err("%s: unmapped value: %lu\n", opts, value);
968 return -EINVAL;
969 }
970 } else if (!memcmp(opts, "gid", 3)) {
971 data->perms.gid = make_kgid(current_user_ns(), value);
972 if (!gid_valid(data->perms.gid)) {
973 pr_err("%s: unmapped value: %lu\n", opts, value);
974 return -EINVAL;
975 }
976 } else {
977 goto invalid;
978 }
979 break;
980
981 default:
982 invalid:
983 pr_err("%s: invalid option\n", opts);
984 return -EINVAL;
985 }
986
987 /* Next iteration */
988 if (!comma)
989 break;
990 opts = comma + 1;
991 }
992
993 return 0;
994 }
995
996 /* "mount -t functionfs dev_name /dev/function" ends up here */
997
998 static struct dentry *
999 ffs_fs_mount(struct file_system_type *t, int flags,
1000 const char *dev_name, void *opts)
1001 {
1002 struct ffs_sb_fill_data data = {
1003 .perms = {
1004 .mode = S_IFREG | 0600,
1005 .uid = GLOBAL_ROOT_UID,
1006 .gid = GLOBAL_ROOT_GID,
1007 },
1008 .root_mode = S_IFDIR | 0500,
1009 };
1010 struct dentry *rv;
1011 int ret;
1012 void *ffs_dev;
1013 struct ffs_data *ffs;
1014
1015 ENTER();
1016
1017 ret = ffs_fs_parse_opts(&data, opts);
1018 if (unlikely(ret < 0))
1019 return ERR_PTR(ret);
1020
1021 ffs = ffs_data_new();
1022 if (unlikely(!ffs))
1023 return ERR_PTR(-ENOMEM);
1024 ffs->file_perms = data.perms;
1025
1026 ffs->dev_name = kstrdup(dev_name, GFP_KERNEL);
1027 if (unlikely(!ffs->dev_name)) {
1028 ffs_data_put(ffs);
1029 return ERR_PTR(-ENOMEM);
1030 }
1031
1032 ffs_dev = ffs_acquire_dev(dev_name);
1033 if (IS_ERR(ffs_dev)) {
1034 ffs_data_put(ffs);
1035 return ERR_CAST(ffs_dev);
1036 }
1037 ffs->private_data = ffs_dev;
1038 data.ffs_data = ffs;
1039
1040 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1041 if (IS_ERR(rv) && data.ffs_data) {
1042 ffs_release_dev(data.ffs_data);
1043 ffs_data_put(data.ffs_data);
1044 }
1045 return rv;
1046 }
1047
1048 static void
1049 ffs_fs_kill_sb(struct super_block *sb)
1050 {
1051 ENTER();
1052
1053 kill_litter_super(sb);
1054 if (sb->s_fs_info) {
1055 ffs_release_dev(sb->s_fs_info);
1056 ffs_data_put(sb->s_fs_info);
1057 }
1058 }
1059
1060 static struct file_system_type ffs_fs_type = {
1061 .owner = THIS_MODULE,
1062 .name = "functionfs",
1063 .mount = ffs_fs_mount,
1064 .kill_sb = ffs_fs_kill_sb,
1065 };
1066 MODULE_ALIAS_FS("functionfs");
1067
1068
1069 /* Driver's main init/cleanup functions *************************************/
1070
1071 static int functionfs_init(void)
1072 {
1073 int ret;
1074
1075 ENTER();
1076
1077 ret = register_filesystem(&ffs_fs_type);
1078 if (likely(!ret))
1079 pr_info("file system registered\n");
1080 else
1081 pr_err("failed registering file system (%d)\n", ret);
1082
1083 return ret;
1084 }
1085
1086 static void functionfs_cleanup(void)
1087 {
1088 ENTER();
1089
1090 pr_info("unloading\n");
1091 unregister_filesystem(&ffs_fs_type);
1092 }
1093
1094
1095 /* ffs_data and ffs_function construction and destruction code **************/
1096
1097 static void ffs_data_clear(struct ffs_data *ffs);
1098 static void ffs_data_reset(struct ffs_data *ffs);
1099
1100 static void ffs_data_get(struct ffs_data *ffs)
1101 {
1102 ENTER();
1103
1104 atomic_inc(&ffs->ref);
1105 }
1106
1107 static void ffs_data_opened(struct ffs_data *ffs)
1108 {
1109 ENTER();
1110
1111 atomic_inc(&ffs->ref);
1112 atomic_inc(&ffs->opened);
1113 }
1114
1115 static void ffs_data_put(struct ffs_data *ffs)
1116 {
1117 ENTER();
1118
1119 if (unlikely(atomic_dec_and_test(&ffs->ref))) {
1120 pr_info("%s(): freeing\n", __func__);
1121 ffs_data_clear(ffs);
1122 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1123 waitqueue_active(&ffs->ep0req_completion.wait));
1124 kfree(ffs->dev_name);
1125 kfree(ffs);
1126 }
1127 }
1128
1129 static void ffs_data_closed(struct ffs_data *ffs)
1130 {
1131 ENTER();
1132
1133 if (atomic_dec_and_test(&ffs->opened)) {
1134 ffs->state = FFS_CLOSING;
1135 ffs_data_reset(ffs);
1136 }
1137
1138 ffs_data_put(ffs);
1139 }
1140
1141 static struct ffs_data *ffs_data_new(void)
1142 {
1143 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1144 if (unlikely(!ffs))
1145 return NULL;
1146
1147 ENTER();
1148
1149 atomic_set(&ffs->ref, 1);
1150 atomic_set(&ffs->opened, 0);
1151 ffs->state = FFS_READ_DESCRIPTORS;
1152 mutex_init(&ffs->mutex);
1153 spin_lock_init(&ffs->eps_lock);
1154 init_waitqueue_head(&ffs->ev.waitq);
1155 init_completion(&ffs->ep0req_completion);
1156
1157 /* XXX REVISIT need to update it in some places, or do we? */
1158 ffs->ev.can_stall = 1;
1159
1160 return ffs;
1161 }
1162
1163 static void ffs_data_clear(struct ffs_data *ffs)
1164 {
1165 ENTER();
1166
1167 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags))
1168 ffs_closed(ffs);
1169
1170 BUG_ON(ffs->gadget);
1171
1172 if (ffs->epfiles)
1173 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1174
1175 kfree(ffs->raw_descs);
1176 kfree(ffs->raw_strings);
1177 kfree(ffs->stringtabs);
1178 }
1179
1180 static void ffs_data_reset(struct ffs_data *ffs)
1181 {
1182 ENTER();
1183
1184 ffs_data_clear(ffs);
1185
1186 ffs->epfiles = NULL;
1187 ffs->raw_descs = NULL;
1188 ffs->raw_strings = NULL;
1189 ffs->stringtabs = NULL;
1190
1191 ffs->raw_descs_length = 0;
1192 ffs->raw_fs_descs_length = 0;
1193 ffs->fs_descs_count = 0;
1194 ffs->hs_descs_count = 0;
1195
1196 ffs->strings_count = 0;
1197 ffs->interfaces_count = 0;
1198 ffs->eps_count = 0;
1199
1200 ffs->ev.count = 0;
1201
1202 ffs->state = FFS_READ_DESCRIPTORS;
1203 ffs->setup_state = FFS_NO_SETUP;
1204 ffs->flags = 0;
1205 }
1206
1207
1208 static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1209 {
1210 struct usb_gadget_strings **lang;
1211 int first_id;
1212
1213 ENTER();
1214
1215 if (WARN_ON(ffs->state != FFS_ACTIVE
1216 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1217 return -EBADFD;
1218
1219 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1220 if (unlikely(first_id < 0))
1221 return first_id;
1222
1223 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1224 if (unlikely(!ffs->ep0req))
1225 return -ENOMEM;
1226 ffs->ep0req->complete = ffs_ep0_complete;
1227 ffs->ep0req->context = ffs;
1228
1229 lang = ffs->stringtabs;
1230 for (lang = ffs->stringtabs; *lang; ++lang) {
1231 struct usb_string *str = (*lang)->strings;
1232 int id = first_id;
1233 for (; str->s; ++id, ++str)
1234 str->id = id;
1235 }
1236
1237 ffs->gadget = cdev->gadget;
1238 ffs_data_get(ffs);
1239 return 0;
1240 }
1241
1242 static void functionfs_unbind(struct ffs_data *ffs)
1243 {
1244 ENTER();
1245
1246 if (!WARN_ON(!ffs->gadget)) {
1247 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1248 ffs->ep0req = NULL;
1249 ffs->gadget = NULL;
1250 clear_bit(FFS_FL_BOUND, &ffs->flags);
1251 ffs_data_put(ffs);
1252 }
1253 }
1254
1255 static int ffs_epfiles_create(struct ffs_data *ffs)
1256 {
1257 struct ffs_epfile *epfile, *epfiles;
1258 unsigned i, count;
1259
1260 ENTER();
1261
1262 count = ffs->eps_count;
1263 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1264 if (!epfiles)
1265 return -ENOMEM;
1266
1267 epfile = epfiles;
1268 for (i = 1; i <= count; ++i, ++epfile) {
1269 epfile->ffs = ffs;
1270 mutex_init(&epfile->mutex);
1271 init_waitqueue_head(&epfile->wait);
1272 sprintf(epfiles->name, "ep%u", i);
1273 if (!unlikely(ffs_sb_create_file(ffs->sb, epfiles->name, epfile,
1274 &ffs_epfile_operations,
1275 &epfile->dentry))) {
1276 ffs_epfiles_destroy(epfiles, i - 1);
1277 return -ENOMEM;
1278 }
1279 }
1280
1281 ffs->epfiles = epfiles;
1282 return 0;
1283 }
1284
1285 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1286 {
1287 struct ffs_epfile *epfile = epfiles;
1288
1289 ENTER();
1290
1291 for (; count; --count, ++epfile) {
1292 BUG_ON(mutex_is_locked(&epfile->mutex) ||
1293 waitqueue_active(&epfile->wait));
1294 if (epfile->dentry) {
1295 d_delete(epfile->dentry);
1296 dput(epfile->dentry);
1297 epfile->dentry = NULL;
1298 }
1299 }
1300
1301 kfree(epfiles);
1302 }
1303
1304
1305 static void ffs_func_eps_disable(struct ffs_function *func)
1306 {
1307 struct ffs_ep *ep = func->eps;
1308 struct ffs_epfile *epfile = func->ffs->epfiles;
1309 unsigned count = func->ffs->eps_count;
1310 unsigned long flags;
1311
1312 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1313 do {
1314 /* pending requests get nuked */
1315 if (likely(ep->ep))
1316 usb_ep_disable(ep->ep);
1317 epfile->ep = NULL;
1318
1319 ++ep;
1320 ++epfile;
1321 } while (--count);
1322 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1323 }
1324
1325 static int ffs_func_eps_enable(struct ffs_function *func)
1326 {
1327 struct ffs_data *ffs = func->ffs;
1328 struct ffs_ep *ep = func->eps;
1329 struct ffs_epfile *epfile = ffs->epfiles;
1330 unsigned count = ffs->eps_count;
1331 unsigned long flags;
1332 int ret = 0;
1333
1334 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1335 do {
1336 struct usb_endpoint_descriptor *ds;
1337 ds = ep->descs[ep->descs[1] ? 1 : 0];
1338
1339 ep->ep->driver_data = ep;
1340 ep->ep->desc = ds;
1341 ret = usb_ep_enable(ep->ep);
1342 if (likely(!ret)) {
1343 epfile->ep = ep;
1344 epfile->in = usb_endpoint_dir_in(ds);
1345 epfile->isoc = usb_endpoint_xfer_isoc(ds);
1346 } else {
1347 break;
1348 }
1349
1350 wake_up(&epfile->wait);
1351
1352 ++ep;
1353 ++epfile;
1354 } while (--count);
1355 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1356
1357 return ret;
1358 }
1359
1360
1361 /* Parsing and building descriptors and strings *****************************/
1362
1363 /*
1364 * This validates if data pointed by data is a valid USB descriptor as
1365 * well as record how many interfaces, endpoints and strings are
1366 * required by given configuration. Returns address after the
1367 * descriptor or NULL if data is invalid.
1368 */
1369
1370 enum ffs_entity_type {
1371 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1372 };
1373
1374 typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1375 u8 *valuep,
1376 struct usb_descriptor_header *desc,
1377 void *priv);
1378
1379 static int __must_check ffs_do_desc(char *data, unsigned len,
1380 ffs_entity_callback entity, void *priv)
1381 {
1382 struct usb_descriptor_header *_ds = (void *)data;
1383 u8 length;
1384 int ret;
1385
1386 ENTER();
1387
1388 /* At least two bytes are required: length and type */
1389 if (len < 2) {
1390 pr_vdebug("descriptor too short\n");
1391 return -EINVAL;
1392 }
1393
1394 /* If we have at least as many bytes as the descriptor takes? */
1395 length = _ds->bLength;
1396 if (len < length) {
1397 pr_vdebug("descriptor longer then available data\n");
1398 return -EINVAL;
1399 }
1400
1401 #define __entity_check_INTERFACE(val) 1
1402 #define __entity_check_STRING(val) (val)
1403 #define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1404 #define __entity(type, val) do { \
1405 pr_vdebug("entity " #type "(%02x)\n", (val)); \
1406 if (unlikely(!__entity_check_ ##type(val))) { \
1407 pr_vdebug("invalid entity's value\n"); \
1408 return -EINVAL; \
1409 } \
1410 ret = entity(FFS_ ##type, &val, _ds, priv); \
1411 if (unlikely(ret < 0)) { \
1412 pr_debug("entity " #type "(%02x); ret = %d\n", \
1413 (val), ret); \
1414 return ret; \
1415 } \
1416 } while (0)
1417
1418 /* Parse descriptor depending on type. */
1419 switch (_ds->bDescriptorType) {
1420 case USB_DT_DEVICE:
1421 case USB_DT_CONFIG:
1422 case USB_DT_STRING:
1423 case USB_DT_DEVICE_QUALIFIER:
1424 /* function can't have any of those */
1425 pr_vdebug("descriptor reserved for gadget: %d\n",
1426 _ds->bDescriptorType);
1427 return -EINVAL;
1428
1429 case USB_DT_INTERFACE: {
1430 struct usb_interface_descriptor *ds = (void *)_ds;
1431 pr_vdebug("interface descriptor\n");
1432 if (length != sizeof *ds)
1433 goto inv_length;
1434
1435 __entity(INTERFACE, ds->bInterfaceNumber);
1436 if (ds->iInterface)
1437 __entity(STRING, ds->iInterface);
1438 }
1439 break;
1440
1441 case USB_DT_ENDPOINT: {
1442 struct usb_endpoint_descriptor *ds = (void *)_ds;
1443 pr_vdebug("endpoint descriptor\n");
1444 if (length != USB_DT_ENDPOINT_SIZE &&
1445 length != USB_DT_ENDPOINT_AUDIO_SIZE)
1446 goto inv_length;
1447 __entity(ENDPOINT, ds->bEndpointAddress);
1448 }
1449 break;
1450
1451 case HID_DT_HID:
1452 pr_vdebug("hid descriptor\n");
1453 if (length != sizeof(struct hid_descriptor))
1454 goto inv_length;
1455 break;
1456
1457 case USB_DT_OTG:
1458 if (length != sizeof(struct usb_otg_descriptor))
1459 goto inv_length;
1460 break;
1461
1462 case USB_DT_INTERFACE_ASSOCIATION: {
1463 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
1464 pr_vdebug("interface association descriptor\n");
1465 if (length != sizeof *ds)
1466 goto inv_length;
1467 if (ds->iFunction)
1468 __entity(STRING, ds->iFunction);
1469 }
1470 break;
1471
1472 case USB_DT_OTHER_SPEED_CONFIG:
1473 case USB_DT_INTERFACE_POWER:
1474 case USB_DT_DEBUG:
1475 case USB_DT_SECURITY:
1476 case USB_DT_CS_RADIO_CONTROL:
1477 /* TODO */
1478 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
1479 return -EINVAL;
1480
1481 default:
1482 /* We should never be here */
1483 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
1484 return -EINVAL;
1485
1486 inv_length:
1487 pr_vdebug("invalid length: %d (descriptor %d)\n",
1488 _ds->bLength, _ds->bDescriptorType);
1489 return -EINVAL;
1490 }
1491
1492 #undef __entity
1493 #undef __entity_check_DESCRIPTOR
1494 #undef __entity_check_INTERFACE
1495 #undef __entity_check_STRING
1496 #undef __entity_check_ENDPOINT
1497
1498 return length;
1499 }
1500
1501 static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
1502 ffs_entity_callback entity, void *priv)
1503 {
1504 const unsigned _len = len;
1505 unsigned long num = 0;
1506
1507 ENTER();
1508
1509 for (;;) {
1510 int ret;
1511
1512 if (num == count)
1513 data = NULL;
1514
1515 /* Record "descriptor" entity */
1516 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
1517 if (unlikely(ret < 0)) {
1518 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
1519 num, ret);
1520 return ret;
1521 }
1522
1523 if (!data)
1524 return _len - len;
1525
1526 ret = ffs_do_desc(data, len, entity, priv);
1527 if (unlikely(ret < 0)) {
1528 pr_debug("%s returns %d\n", __func__, ret);
1529 return ret;
1530 }
1531
1532 len -= ret;
1533 data += ret;
1534 ++num;
1535 }
1536 }
1537
1538 static int __ffs_data_do_entity(enum ffs_entity_type type,
1539 u8 *valuep, struct usb_descriptor_header *desc,
1540 void *priv)
1541 {
1542 struct ffs_data *ffs = priv;
1543
1544 ENTER();
1545
1546 switch (type) {
1547 case FFS_DESCRIPTOR:
1548 break;
1549
1550 case FFS_INTERFACE:
1551 /*
1552 * Interfaces are indexed from zero so if we
1553 * encountered interface "n" then there are at least
1554 * "n+1" interfaces.
1555 */
1556 if (*valuep >= ffs->interfaces_count)
1557 ffs->interfaces_count = *valuep + 1;
1558 break;
1559
1560 case FFS_STRING:
1561 /*
1562 * Strings are indexed from 1 (0 is magic ;) reserved
1563 * for languages list or some such)
1564 */
1565 if (*valuep > ffs->strings_count)
1566 ffs->strings_count = *valuep;
1567 break;
1568
1569 case FFS_ENDPOINT:
1570 /* Endpoints are indexed from 1 as well. */
1571 if ((*valuep & USB_ENDPOINT_NUMBER_MASK) > ffs->eps_count)
1572 ffs->eps_count = (*valuep & USB_ENDPOINT_NUMBER_MASK);
1573 break;
1574 }
1575
1576 return 0;
1577 }
1578
1579 static int __ffs_data_got_descs(struct ffs_data *ffs,
1580 char *const _data, size_t len)
1581 {
1582 unsigned fs_count, hs_count;
1583 int fs_len, ret = -EINVAL;
1584 char *data = _data;
1585
1586 ENTER();
1587
1588 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_DESCRIPTORS_MAGIC ||
1589 get_unaligned_le32(data + 4) != len))
1590 goto error;
1591 fs_count = get_unaligned_le32(data + 8);
1592 hs_count = get_unaligned_le32(data + 12);
1593
1594 if (!fs_count && !hs_count)
1595 goto einval;
1596
1597 data += 16;
1598 len -= 16;
1599
1600 if (likely(fs_count)) {
1601 fs_len = ffs_do_descs(fs_count, data, len,
1602 __ffs_data_do_entity, ffs);
1603 if (unlikely(fs_len < 0)) {
1604 ret = fs_len;
1605 goto error;
1606 }
1607
1608 data += fs_len;
1609 len -= fs_len;
1610 } else {
1611 fs_len = 0;
1612 }
1613
1614 if (likely(hs_count)) {
1615 ret = ffs_do_descs(hs_count, data, len,
1616 __ffs_data_do_entity, ffs);
1617 if (unlikely(ret < 0))
1618 goto error;
1619 } else {
1620 ret = 0;
1621 }
1622
1623 if (unlikely(len != ret))
1624 goto einval;
1625
1626 ffs->raw_fs_descs_length = fs_len;
1627 ffs->raw_descs_length = fs_len + ret;
1628 ffs->raw_descs = _data;
1629 ffs->fs_descs_count = fs_count;
1630 ffs->hs_descs_count = hs_count;
1631
1632 return 0;
1633
1634 einval:
1635 ret = -EINVAL;
1636 error:
1637 kfree(_data);
1638 return ret;
1639 }
1640
1641 static int __ffs_data_got_strings(struct ffs_data *ffs,
1642 char *const _data, size_t len)
1643 {
1644 u32 str_count, needed_count, lang_count;
1645 struct usb_gadget_strings **stringtabs, *t;
1646 struct usb_string *strings, *s;
1647 const char *data = _data;
1648
1649 ENTER();
1650
1651 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
1652 get_unaligned_le32(data + 4) != len))
1653 goto error;
1654 str_count = get_unaligned_le32(data + 8);
1655 lang_count = get_unaligned_le32(data + 12);
1656
1657 /* if one is zero the other must be zero */
1658 if (unlikely(!str_count != !lang_count))
1659 goto error;
1660
1661 /* Do we have at least as many strings as descriptors need? */
1662 needed_count = ffs->strings_count;
1663 if (unlikely(str_count < needed_count))
1664 goto error;
1665
1666 /*
1667 * If we don't need any strings just return and free all
1668 * memory.
1669 */
1670 if (!needed_count) {
1671 kfree(_data);
1672 return 0;
1673 }
1674
1675 /* Allocate everything in one chunk so there's less maintenance. */
1676 {
1677 unsigned i = 0;
1678 vla_group(d);
1679 vla_item(d, struct usb_gadget_strings *, stringtabs,
1680 lang_count + 1);
1681 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
1682 vla_item(d, struct usb_string, strings,
1683 lang_count*(needed_count+1));
1684
1685 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
1686
1687 if (unlikely(!vlabuf)) {
1688 kfree(_data);
1689 return -ENOMEM;
1690 }
1691
1692 /* Initialize the VLA pointers */
1693 stringtabs = vla_ptr(vlabuf, d, stringtabs);
1694 t = vla_ptr(vlabuf, d, stringtab);
1695 i = lang_count;
1696 do {
1697 *stringtabs++ = t++;
1698 } while (--i);
1699 *stringtabs = NULL;
1700
1701 /* stringtabs = vlabuf = d_stringtabs for later kfree */
1702 stringtabs = vla_ptr(vlabuf, d, stringtabs);
1703 t = vla_ptr(vlabuf, d, stringtab);
1704 s = vla_ptr(vlabuf, d, strings);
1705 strings = s;
1706 }
1707
1708 /* For each language */
1709 data += 16;
1710 len -= 16;
1711
1712 do { /* lang_count > 0 so we can use do-while */
1713 unsigned needed = needed_count;
1714
1715 if (unlikely(len < 3))
1716 goto error_free;
1717 t->language = get_unaligned_le16(data);
1718 t->strings = s;
1719 ++t;
1720
1721 data += 2;
1722 len -= 2;
1723
1724 /* For each string */
1725 do { /* str_count > 0 so we can use do-while */
1726 size_t length = strnlen(data, len);
1727
1728 if (unlikely(length == len))
1729 goto error_free;
1730
1731 /*
1732 * User may provide more strings then we need,
1733 * if that's the case we simply ignore the
1734 * rest
1735 */
1736 if (likely(needed)) {
1737 /*
1738 * s->id will be set while adding
1739 * function to configuration so for
1740 * now just leave garbage here.
1741 */
1742 s->s = data;
1743 --needed;
1744 ++s;
1745 }
1746
1747 data += length + 1;
1748 len -= length + 1;
1749 } while (--str_count);
1750
1751 s->id = 0; /* terminator */
1752 s->s = NULL;
1753 ++s;
1754
1755 } while (--lang_count);
1756
1757 /* Some garbage left? */
1758 if (unlikely(len))
1759 goto error_free;
1760
1761 /* Done! */
1762 ffs->stringtabs = stringtabs;
1763 ffs->raw_strings = _data;
1764
1765 return 0;
1766
1767 error_free:
1768 kfree(stringtabs);
1769 error:
1770 kfree(_data);
1771 return -EINVAL;
1772 }
1773
1774
1775 /* Events handling and management *******************************************/
1776
1777 static void __ffs_event_add(struct ffs_data *ffs,
1778 enum usb_functionfs_event_type type)
1779 {
1780 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
1781 int neg = 0;
1782
1783 /*
1784 * Abort any unhandled setup
1785 *
1786 * We do not need to worry about some cmpxchg() changing value
1787 * of ffs->setup_state without holding the lock because when
1788 * state is FFS_SETUP_PENDING cmpxchg() in several places in
1789 * the source does nothing.
1790 */
1791 if (ffs->setup_state == FFS_SETUP_PENDING)
1792 ffs->setup_state = FFS_SETUP_CANCELED;
1793
1794 switch (type) {
1795 case FUNCTIONFS_RESUME:
1796 rem_type2 = FUNCTIONFS_SUSPEND;
1797 /* FALL THROUGH */
1798 case FUNCTIONFS_SUSPEND:
1799 case FUNCTIONFS_SETUP:
1800 rem_type1 = type;
1801 /* Discard all similar events */
1802 break;
1803
1804 case FUNCTIONFS_BIND:
1805 case FUNCTIONFS_UNBIND:
1806 case FUNCTIONFS_DISABLE:
1807 case FUNCTIONFS_ENABLE:
1808 /* Discard everything other then power management. */
1809 rem_type1 = FUNCTIONFS_SUSPEND;
1810 rem_type2 = FUNCTIONFS_RESUME;
1811 neg = 1;
1812 break;
1813
1814 default:
1815 BUG();
1816 }
1817
1818 {
1819 u8 *ev = ffs->ev.types, *out = ev;
1820 unsigned n = ffs->ev.count;
1821 for (; n; --n, ++ev)
1822 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
1823 *out++ = *ev;
1824 else
1825 pr_vdebug("purging event %d\n", *ev);
1826 ffs->ev.count = out - ffs->ev.types;
1827 }
1828
1829 pr_vdebug("adding event %d\n", type);
1830 ffs->ev.types[ffs->ev.count++] = type;
1831 wake_up_locked(&ffs->ev.waitq);
1832 }
1833
1834 static void ffs_event_add(struct ffs_data *ffs,
1835 enum usb_functionfs_event_type type)
1836 {
1837 unsigned long flags;
1838 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
1839 __ffs_event_add(ffs, type);
1840 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
1841 }
1842
1843
1844 /* Bind/unbind USB function hooks *******************************************/
1845
1846 static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
1847 struct usb_descriptor_header *desc,
1848 void *priv)
1849 {
1850 struct usb_endpoint_descriptor *ds = (void *)desc;
1851 struct ffs_function *func = priv;
1852 struct ffs_ep *ffs_ep;
1853
1854 /*
1855 * If hs_descriptors is not NULL then we are reading hs
1856 * descriptors now
1857 */
1858 const int isHS = func->function.hs_descriptors != NULL;
1859 unsigned idx;
1860
1861 if (type != FFS_DESCRIPTOR)
1862 return 0;
1863
1864 if (isHS)
1865 func->function.hs_descriptors[(long)valuep] = desc;
1866 else
1867 func->function.fs_descriptors[(long)valuep] = desc;
1868
1869 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
1870 return 0;
1871
1872 idx = (ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK) - 1;
1873 ffs_ep = func->eps + idx;
1874
1875 if (unlikely(ffs_ep->descs[isHS])) {
1876 pr_vdebug("two %sspeed descriptors for EP %d\n",
1877 isHS ? "high" : "full",
1878 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
1879 return -EINVAL;
1880 }
1881 ffs_ep->descs[isHS] = ds;
1882
1883 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
1884 if (ffs_ep->ep) {
1885 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
1886 if (!ds->wMaxPacketSize)
1887 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
1888 } else {
1889 struct usb_request *req;
1890 struct usb_ep *ep;
1891
1892 pr_vdebug("autoconfig\n");
1893 ep = usb_ep_autoconfig(func->gadget, ds);
1894 if (unlikely(!ep))
1895 return -ENOTSUPP;
1896 ep->driver_data = func->eps + idx;
1897
1898 req = usb_ep_alloc_request(ep, GFP_KERNEL);
1899 if (unlikely(!req))
1900 return -ENOMEM;
1901
1902 ffs_ep->ep = ep;
1903 ffs_ep->req = req;
1904 func->eps_revmap[ds->bEndpointAddress &
1905 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
1906 }
1907 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
1908
1909 return 0;
1910 }
1911
1912 static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
1913 struct usb_descriptor_header *desc,
1914 void *priv)
1915 {
1916 struct ffs_function *func = priv;
1917 unsigned idx;
1918 u8 newValue;
1919
1920 switch (type) {
1921 default:
1922 case FFS_DESCRIPTOR:
1923 /* Handled in previous pass by __ffs_func_bind_do_descs() */
1924 return 0;
1925
1926 case FFS_INTERFACE:
1927 idx = *valuep;
1928 if (func->interfaces_nums[idx] < 0) {
1929 int id = usb_interface_id(func->conf, &func->function);
1930 if (unlikely(id < 0))
1931 return id;
1932 func->interfaces_nums[idx] = id;
1933 }
1934 newValue = func->interfaces_nums[idx];
1935 break;
1936
1937 case FFS_STRING:
1938 /* String' IDs are allocated when fsf_data is bound to cdev */
1939 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
1940 break;
1941
1942 case FFS_ENDPOINT:
1943 /*
1944 * USB_DT_ENDPOINT are handled in
1945 * __ffs_func_bind_do_descs().
1946 */
1947 if (desc->bDescriptorType == USB_DT_ENDPOINT)
1948 return 0;
1949
1950 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
1951 if (unlikely(!func->eps[idx].ep))
1952 return -EINVAL;
1953
1954 {
1955 struct usb_endpoint_descriptor **descs;
1956 descs = func->eps[idx].descs;
1957 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
1958 }
1959 break;
1960 }
1961
1962 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
1963 *valuep = newValue;
1964 return 0;
1965 }
1966
1967 static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
1968 struct usb_configuration *c)
1969 {
1970 struct ffs_function *func = ffs_func_from_usb(f);
1971 struct f_fs_opts *ffs_opts =
1972 container_of(f->fi, struct f_fs_opts, func_inst);
1973 int ret;
1974
1975 ENTER();
1976
1977 /*
1978 * Legacy gadget triggers binding in functionfs_ready_callback,
1979 * which already uses locking; taking the same lock here would
1980 * cause a deadlock.
1981 *
1982 * Configfs-enabled gadgets however do need ffs_dev_lock.
1983 */
1984 if (!ffs_opts->no_configfs)
1985 ffs_dev_lock();
1986 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
1987 func->ffs = ffs_opts->dev->ffs_data;
1988 if (!ffs_opts->no_configfs)
1989 ffs_dev_unlock();
1990 if (ret)
1991 return ERR_PTR(ret);
1992
1993 func->conf = c;
1994 func->gadget = c->cdev->gadget;
1995
1996 ffs_data_get(func->ffs);
1997
1998 /*
1999 * in drivers/usb/gadget/configfs.c:configfs_composite_bind()
2000 * configurations are bound in sequence with list_for_each_entry,
2001 * in each configuration its functions are bound in sequence
2002 * with list_for_each_entry, so we assume no race condition
2003 * with regard to ffs_opts->bound access
2004 */
2005 if (!ffs_opts->refcnt) {
2006 ret = functionfs_bind(func->ffs, c->cdev);
2007 if (ret)
2008 return ERR_PTR(ret);
2009 }
2010 ffs_opts->refcnt++;
2011 func->function.strings = func->ffs->stringtabs;
2012
2013 return ffs_opts;
2014 }
2015
2016 static int _ffs_func_bind(struct usb_configuration *c,
2017 struct usb_function *f)
2018 {
2019 struct ffs_function *func = ffs_func_from_usb(f);
2020 struct ffs_data *ffs = func->ffs;
2021
2022 const int full = !!func->ffs->fs_descs_count;
2023 const int high = gadget_is_dualspeed(func->gadget) &&
2024 func->ffs->hs_descs_count;
2025
2026 int ret;
2027
2028 /* Make it a single chunk, less management later on */
2029 vla_group(d);
2030 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
2031 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
2032 full ? ffs->fs_descs_count + 1 : 0);
2033 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
2034 high ? ffs->hs_descs_count + 1 : 0);
2035 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
2036 vla_item_with_sz(d, char, raw_descs,
2037 high ? ffs->raw_descs_length : ffs->raw_fs_descs_length);
2038 char *vlabuf;
2039
2040 ENTER();
2041
2042 /* Only high speed but not supported by gadget? */
2043 if (unlikely(!(full | high)))
2044 return -ENOTSUPP;
2045
2046 /* Allocate a single chunk, less management later on */
2047 vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2048 if (unlikely(!vlabuf))
2049 return -ENOMEM;
2050
2051 /* Zero */
2052 memset(vla_ptr(vlabuf, d, eps), 0, d_eps__sz);
2053 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs + 16,
2054 d_raw_descs__sz);
2055 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
2056 for (ret = ffs->eps_count; ret; --ret) {
2057 struct ffs_ep *ptr;
2058
2059 ptr = vla_ptr(vlabuf, d, eps);
2060 ptr[ret].num = -1;
2061 }
2062
2063 /* Save pointers
2064 * d_eps == vlabuf, func->eps used to kfree vlabuf later
2065 */
2066 func->eps = vla_ptr(vlabuf, d, eps);
2067 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
2068
2069 /*
2070 * Go through all the endpoint descriptors and allocate
2071 * endpoints first, so that later we can rewrite the endpoint
2072 * numbers without worrying that it may be described later on.
2073 */
2074 if (likely(full)) {
2075 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
2076 ret = ffs_do_descs(ffs->fs_descs_count,
2077 vla_ptr(vlabuf, d, raw_descs),
2078 d_raw_descs__sz,
2079 __ffs_func_bind_do_descs, func);
2080 if (unlikely(ret < 0))
2081 goto error;
2082 } else {
2083 ret = 0;
2084 }
2085
2086 if (likely(high)) {
2087 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
2088 ret = ffs_do_descs(ffs->hs_descs_count,
2089 vla_ptr(vlabuf, d, raw_descs) + ret,
2090 d_raw_descs__sz - ret,
2091 __ffs_func_bind_do_descs, func);
2092 if (unlikely(ret < 0))
2093 goto error;
2094 }
2095
2096 /*
2097 * Now handle interface numbers allocation and interface and
2098 * endpoint numbers rewriting. We can do that in one go
2099 * now.
2100 */
2101 ret = ffs_do_descs(ffs->fs_descs_count +
2102 (high ? ffs->hs_descs_count : 0),
2103 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
2104 __ffs_func_bind_do_nums, func);
2105 if (unlikely(ret < 0))
2106 goto error;
2107
2108 /* And we're done */
2109 ffs_event_add(ffs, FUNCTIONFS_BIND);
2110 return 0;
2111
2112 error:
2113 /* XXX Do we need to release all claimed endpoints here? */
2114 return ret;
2115 }
2116
2117 static int ffs_func_bind(struct usb_configuration *c,
2118 struct usb_function *f)
2119 {
2120 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
2121
2122 if (IS_ERR(ffs_opts))
2123 return PTR_ERR(ffs_opts);
2124
2125 return _ffs_func_bind(c, f);
2126 }
2127
2128
2129 /* Other USB function hooks *************************************************/
2130
2131 static int ffs_func_set_alt(struct usb_function *f,
2132 unsigned interface, unsigned alt)
2133 {
2134 struct ffs_function *func = ffs_func_from_usb(f);
2135 struct ffs_data *ffs = func->ffs;
2136 int ret = 0, intf;
2137
2138 if (alt != (unsigned)-1) {
2139 intf = ffs_func_revmap_intf(func, interface);
2140 if (unlikely(intf < 0))
2141 return intf;
2142 }
2143
2144 if (ffs->func)
2145 ffs_func_eps_disable(ffs->func);
2146
2147 if (ffs->state != FFS_ACTIVE)
2148 return -ENODEV;
2149
2150 if (alt == (unsigned)-1) {
2151 ffs->func = NULL;
2152 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
2153 return 0;
2154 }
2155
2156 ffs->func = func;
2157 ret = ffs_func_eps_enable(func);
2158 if (likely(ret >= 0))
2159 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
2160 return ret;
2161 }
2162
2163 static void ffs_func_disable(struct usb_function *f)
2164 {
2165 ffs_func_set_alt(f, 0, (unsigned)-1);
2166 }
2167
2168 static int ffs_func_setup(struct usb_function *f,
2169 const struct usb_ctrlrequest *creq)
2170 {
2171 struct ffs_function *func = ffs_func_from_usb(f);
2172 struct ffs_data *ffs = func->ffs;
2173 unsigned long flags;
2174 int ret;
2175
2176 ENTER();
2177
2178 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
2179 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
2180 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
2181 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
2182 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
2183
2184 /*
2185 * Most requests directed to interface go through here
2186 * (notable exceptions are set/get interface) so we need to
2187 * handle them. All other either handled by composite or
2188 * passed to usb_configuration->setup() (if one is set). No
2189 * matter, we will handle requests directed to endpoint here
2190 * as well (as it's straightforward) but what to do with any
2191 * other request?
2192 */
2193 if (ffs->state != FFS_ACTIVE)
2194 return -ENODEV;
2195
2196 switch (creq->bRequestType & USB_RECIP_MASK) {
2197 case USB_RECIP_INTERFACE:
2198 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
2199 if (unlikely(ret < 0))
2200 return ret;
2201 break;
2202
2203 case USB_RECIP_ENDPOINT:
2204 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
2205 if (unlikely(ret < 0))
2206 return ret;
2207 break;
2208
2209 default:
2210 return -EOPNOTSUPP;
2211 }
2212
2213 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2214 ffs->ev.setup = *creq;
2215 ffs->ev.setup.wIndex = cpu_to_le16(ret);
2216 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
2217 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2218
2219 return 0;
2220 }
2221
2222 static void ffs_func_suspend(struct usb_function *f)
2223 {
2224 ENTER();
2225 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
2226 }
2227
2228 static void ffs_func_resume(struct usb_function *f)
2229 {
2230 ENTER();
2231 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
2232 }
2233
2234
2235 /* Endpoint and interface numbers reverse mapping ***************************/
2236
2237 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
2238 {
2239 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
2240 return num ? num : -EDOM;
2241 }
2242
2243 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
2244 {
2245 short *nums = func->interfaces_nums;
2246 unsigned count = func->ffs->interfaces_count;
2247
2248 for (; count; --count, ++nums) {
2249 if (*nums >= 0 && *nums == intf)
2250 return nums - func->interfaces_nums;
2251 }
2252
2253 return -EDOM;
2254 }
2255
2256
2257 /* Devices management *******************************************************/
2258
2259 static LIST_HEAD(ffs_devices);
2260
2261 static struct ffs_dev *_ffs_find_dev(const char *name)
2262 {
2263 struct ffs_dev *dev;
2264
2265 list_for_each_entry(dev, &ffs_devices, entry) {
2266 if (!dev->name || !name)
2267 continue;
2268 if (strcmp(dev->name, name) == 0)
2269 return dev;
2270 }
2271
2272 return NULL;
2273 }
2274
2275 /*
2276 * ffs_lock must be taken by the caller of this function
2277 */
2278 static struct ffs_dev *ffs_get_single_dev(void)
2279 {
2280 struct ffs_dev *dev;
2281
2282 if (list_is_singular(&ffs_devices)) {
2283 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
2284 if (dev->single)
2285 return dev;
2286 }
2287
2288 return NULL;
2289 }
2290
2291 /*
2292 * ffs_lock must be taken by the caller of this function
2293 */
2294 static struct ffs_dev *ffs_find_dev(const char *name)
2295 {
2296 struct ffs_dev *dev;
2297
2298 dev = ffs_get_single_dev();
2299 if (dev)
2300 return dev;
2301
2302 return _ffs_find_dev(name);
2303 }
2304
2305 /* Configfs support *********************************************************/
2306
2307 static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
2308 {
2309 return container_of(to_config_group(item), struct f_fs_opts,
2310 func_inst.group);
2311 }
2312
2313 static void ffs_attr_release(struct config_item *item)
2314 {
2315 struct f_fs_opts *opts = to_ffs_opts(item);
2316
2317 usb_put_function_instance(&opts->func_inst);
2318 }
2319
2320 static struct configfs_item_operations ffs_item_ops = {
2321 .release = ffs_attr_release,
2322 };
2323
2324 static struct config_item_type ffs_func_type = {
2325 .ct_item_ops = &ffs_item_ops,
2326 .ct_owner = THIS_MODULE,
2327 };
2328
2329
2330 /* Function registration interface ******************************************/
2331
2332 static void ffs_free_inst(struct usb_function_instance *f)
2333 {
2334 struct f_fs_opts *opts;
2335
2336 opts = to_f_fs_opts(f);
2337 ffs_dev_lock();
2338 ffs_free_dev(opts->dev);
2339 ffs_dev_unlock();
2340 kfree(opts);
2341 }
2342
2343 #define MAX_INST_NAME_LEN 40
2344
2345 static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
2346 {
2347 struct f_fs_opts *opts;
2348 char *ptr;
2349 const char *tmp;
2350 int name_len, ret;
2351
2352 name_len = strlen(name) + 1;
2353 if (name_len > MAX_INST_NAME_LEN)
2354 return -ENAMETOOLONG;
2355
2356 ptr = kstrndup(name, name_len, GFP_KERNEL);
2357 if (!ptr)
2358 return -ENOMEM;
2359
2360 opts = to_f_fs_opts(fi);
2361 tmp = NULL;
2362
2363 ffs_dev_lock();
2364
2365 tmp = opts->dev->name_allocated ? opts->dev->name : NULL;
2366 ret = _ffs_name_dev(opts->dev, ptr);
2367 if (ret) {
2368 kfree(ptr);
2369 ffs_dev_unlock();
2370 return ret;
2371 }
2372 opts->dev->name_allocated = true;
2373
2374 ffs_dev_unlock();
2375
2376 kfree(tmp);
2377
2378 return 0;
2379 }
2380
2381 static struct usb_function_instance *ffs_alloc_inst(void)
2382 {
2383 struct f_fs_opts *opts;
2384 struct ffs_dev *dev;
2385
2386 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
2387 if (!opts)
2388 return ERR_PTR(-ENOMEM);
2389
2390 opts->func_inst.set_inst_name = ffs_set_inst_name;
2391 opts->func_inst.free_func_inst = ffs_free_inst;
2392 ffs_dev_lock();
2393 dev = ffs_alloc_dev();
2394 ffs_dev_unlock();
2395 if (IS_ERR(dev)) {
2396 kfree(opts);
2397 return ERR_CAST(dev);
2398 }
2399 opts->dev = dev;
2400 dev->opts = opts;
2401
2402 config_group_init_type_name(&opts->func_inst.group, "",
2403 &ffs_func_type);
2404 return &opts->func_inst;
2405 }
2406
2407 static void ffs_free(struct usb_function *f)
2408 {
2409 kfree(ffs_func_from_usb(f));
2410 }
2411
2412 static void ffs_func_unbind(struct usb_configuration *c,
2413 struct usb_function *f)
2414 {
2415 struct ffs_function *func = ffs_func_from_usb(f);
2416 struct ffs_data *ffs = func->ffs;
2417 struct f_fs_opts *opts =
2418 container_of(f->fi, struct f_fs_opts, func_inst);
2419 struct ffs_ep *ep = func->eps;
2420 unsigned count = ffs->eps_count;
2421 unsigned long flags;
2422
2423 ENTER();
2424 if (ffs->func == func) {
2425 ffs_func_eps_disable(func);
2426 ffs->func = NULL;
2427 }
2428
2429 if (!--opts->refcnt)
2430 functionfs_unbind(ffs);
2431
2432 /* cleanup after autoconfig */
2433 spin_lock_irqsave(&func->ffs->eps_lock, flags);
2434 do {
2435 if (ep->ep && ep->req)
2436 usb_ep_free_request(ep->ep, ep->req);
2437 ep->req = NULL;
2438 ++ep;
2439 } while (--count);
2440 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
2441 kfree(func->eps);
2442 func->eps = NULL;
2443 /*
2444 * eps, descriptors and interfaces_nums are allocated in the
2445 * same chunk so only one free is required.
2446 */
2447 func->function.fs_descriptors = NULL;
2448 func->function.hs_descriptors = NULL;
2449 func->interfaces_nums = NULL;
2450
2451 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
2452 }
2453
2454 static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
2455 {
2456 struct ffs_function *func;
2457
2458 ENTER();
2459
2460 func = kzalloc(sizeof(*func), GFP_KERNEL);
2461 if (unlikely(!func))
2462 return ERR_PTR(-ENOMEM);
2463
2464 func->function.name = "Function FS Gadget";
2465
2466 func->function.bind = ffs_func_bind;
2467 func->function.unbind = ffs_func_unbind;
2468 func->function.set_alt = ffs_func_set_alt;
2469 func->function.disable = ffs_func_disable;
2470 func->function.setup = ffs_func_setup;
2471 func->function.suspend = ffs_func_suspend;
2472 func->function.resume = ffs_func_resume;
2473 func->function.free_func = ffs_free;
2474
2475 return &func->function;
2476 }
2477
2478 /*
2479 * ffs_lock must be taken by the caller of this function
2480 */
2481 struct ffs_dev *ffs_alloc_dev(void)
2482 {
2483 struct ffs_dev *dev;
2484 int ret;
2485
2486 if (ffs_get_single_dev())
2487 return ERR_PTR(-EBUSY);
2488
2489 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2490 if (!dev)
2491 return ERR_PTR(-ENOMEM);
2492
2493 if (list_empty(&ffs_devices)) {
2494 ret = functionfs_init();
2495 if (ret) {
2496 kfree(dev);
2497 return ERR_PTR(ret);
2498 }
2499 }
2500
2501 list_add(&dev->entry, &ffs_devices);
2502
2503 return dev;
2504 }
2505
2506 /*
2507 * ffs_lock must be taken by the caller of this function
2508 * The caller is responsible for "name" being available whenever f_fs needs it
2509 */
2510 static int _ffs_name_dev(struct ffs_dev *dev, const char *name)
2511 {
2512 struct ffs_dev *existing;
2513
2514 existing = _ffs_find_dev(name);
2515 if (existing)
2516 return -EBUSY;
2517
2518 dev->name = name;
2519
2520 return 0;
2521 }
2522
2523 /*
2524 * The caller is responsible for "name" being available whenever f_fs needs it
2525 */
2526 int ffs_name_dev(struct ffs_dev *dev, const char *name)
2527 {
2528 int ret;
2529
2530 ffs_dev_lock();
2531 ret = _ffs_name_dev(dev, name);
2532 ffs_dev_unlock();
2533
2534 return ret;
2535 }
2536 EXPORT_SYMBOL(ffs_name_dev);
2537
2538 int ffs_single_dev(struct ffs_dev *dev)
2539 {
2540 int ret;
2541
2542 ret = 0;
2543 ffs_dev_lock();
2544
2545 if (!list_is_singular(&ffs_devices))
2546 ret = -EBUSY;
2547 else
2548 dev->single = true;
2549
2550 ffs_dev_unlock();
2551 return ret;
2552 }
2553 EXPORT_SYMBOL(ffs_single_dev);
2554
2555 /*
2556 * ffs_lock must be taken by the caller of this function
2557 */
2558 void ffs_free_dev(struct ffs_dev *dev)
2559 {
2560 list_del(&dev->entry);
2561 if (dev->name_allocated)
2562 kfree(dev->name);
2563 kfree(dev);
2564 if (list_empty(&ffs_devices))
2565 functionfs_cleanup();
2566 }
2567
2568 static void *ffs_acquire_dev(const char *dev_name)
2569 {
2570 struct ffs_dev *ffs_dev;
2571
2572 ENTER();
2573 ffs_dev_lock();
2574
2575 ffs_dev = ffs_find_dev(dev_name);
2576 if (!ffs_dev)
2577 ffs_dev = ERR_PTR(-ENODEV);
2578 else if (ffs_dev->mounted)
2579 ffs_dev = ERR_PTR(-EBUSY);
2580 else if (ffs_dev->ffs_acquire_dev_callback &&
2581 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
2582 ffs_dev = ERR_PTR(-ENODEV);
2583 else
2584 ffs_dev->mounted = true;
2585
2586 ffs_dev_unlock();
2587 return ffs_dev;
2588 }
2589
2590 static void ffs_release_dev(struct ffs_data *ffs_data)
2591 {
2592 struct ffs_dev *ffs_dev;
2593
2594 ENTER();
2595 ffs_dev_lock();
2596
2597 ffs_dev = ffs_data->private_data;
2598 if (ffs_dev)
2599 ffs_dev->mounted = false;
2600
2601 if (ffs_dev->ffs_release_dev_callback)
2602 ffs_dev->ffs_release_dev_callback(ffs_dev);
2603
2604 ffs_dev_unlock();
2605 }
2606
2607 static int ffs_ready(struct ffs_data *ffs)
2608 {
2609 struct ffs_dev *ffs_obj;
2610 int ret = 0;
2611
2612 ENTER();
2613 ffs_dev_lock();
2614
2615 ffs_obj = ffs->private_data;
2616 if (!ffs_obj) {
2617 ret = -EINVAL;
2618 goto done;
2619 }
2620 if (WARN_ON(ffs_obj->desc_ready)) {
2621 ret = -EBUSY;
2622 goto done;
2623 }
2624
2625 ffs_obj->desc_ready = true;
2626 ffs_obj->ffs_data = ffs;
2627
2628 if (ffs_obj->ffs_ready_callback)
2629 ret = ffs_obj->ffs_ready_callback(ffs);
2630
2631 done:
2632 ffs_dev_unlock();
2633 return ret;
2634 }
2635
2636 static void ffs_closed(struct ffs_data *ffs)
2637 {
2638 struct ffs_dev *ffs_obj;
2639
2640 ENTER();
2641 ffs_dev_lock();
2642
2643 ffs_obj = ffs->private_data;
2644 if (!ffs_obj)
2645 goto done;
2646
2647 ffs_obj->desc_ready = false;
2648
2649 if (ffs_obj->ffs_closed_callback)
2650 ffs_obj->ffs_closed_callback(ffs);
2651
2652 if (!ffs_obj->opts || ffs_obj->opts->no_configfs
2653 || !ffs_obj->opts->func_inst.group.cg_item.ci_parent)
2654 goto done;
2655
2656 unregister_gadget_item(ffs_obj->opts->
2657 func_inst.group.cg_item.ci_parent->ci_parent);
2658 done:
2659 ffs_dev_unlock();
2660 }
2661
2662 /* Misc helper functions ****************************************************/
2663
2664 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
2665 {
2666 return nonblock
2667 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
2668 : mutex_lock_interruptible(mutex);
2669 }
2670
2671 static char *ffs_prepare_buffer(const char __user *buf, size_t len)
2672 {
2673 char *data;
2674
2675 if (unlikely(!len))
2676 return NULL;
2677
2678 data = kmalloc(len, GFP_KERNEL);
2679 if (unlikely(!data))
2680 return ERR_PTR(-ENOMEM);
2681
2682 if (unlikely(__copy_from_user(data, buf, len))) {
2683 kfree(data);
2684 return ERR_PTR(-EFAULT);
2685 }
2686
2687 pr_vdebug("Buffer from user space:\n");
2688 ffs_dump_mem("", data, len);
2689
2690 return data;
2691 }
2692
2693 DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
2694 MODULE_LICENSE("GPL");
2695 MODULE_AUTHOR("Michal Nazarewicz");
Ubuntu Artful kernel mirror