1 // SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause) 2 /* 3 * f_mass_storage.c -- Mass Storage USB Composite Function 4 * 5 * Copyright (C) 2003-2008 Alan Stern 6 * Copyright (C) 2009 Samsung Electronics 7 * Author: Michal Nazarewicz <mina86@mina86.com> 8 * All rights reserved. 9 */ 10 11 /* 12 * The Mass Storage Function acts as a USB Mass Storage device, 13 * appearing to the host as a disk drive or as a CD-ROM drive. In 14 * addition to providing an example of a genuinely useful composite 15 * function for a USB device, it also illustrates a technique of 16 * double-buffering for increased throughput. 17 * 18 * For more information about MSF and in particular its module 19 * parameters and sysfs interface read the 20 * <Documentation/usb/mass-storage.rst> file. 21 */ 22 23 /* 24 * MSF is configured by specifying a fsg_config structure. It has the 25 * following fields: 26 * 27 * nluns Number of LUNs function have (anywhere from 1 28 * to FSG_MAX_LUNS). 29 * luns An array of LUN configuration values. This 30 * should be filled for each LUN that 31 * function will include (ie. for "nluns" 32 * LUNs). Each element of the array has 33 * the following fields: 34 * ->filename The path to the backing file for the LUN. 35 * Required if LUN is not marked as 36 * removable. 37 * ->ro Flag specifying access to the LUN shall be 38 * read-only. This is implied if CD-ROM 39 * emulation is enabled as well as when 40 * it was impossible to open "filename" 41 * in R/W mode. 42 * ->removable Flag specifying that LUN shall be indicated as 43 * being removable. 44 * ->cdrom Flag specifying that LUN shall be reported as 45 * being a CD-ROM. 46 * ->nofua Flag specifying that FUA flag in SCSI WRITE(10,12) 47 * commands for this LUN shall be ignored. 48 * 49 * vendor_name 50 * product_name 51 * release Information used as a reply to INQUIRY 52 * request. To use default set to NULL, 53 * NULL, 0xffff respectively. The first 54 * field should be 8 and the second 16 55 * characters or less. 56 * 57 * can_stall Set to permit function to halt bulk endpoints. 58 * Disabled on some USB devices known not 59 * to work correctly. You should set it 60 * to true. 61 * 62 * If "removable" is not set for a LUN then a backing file must be 63 * specified. If it is set, then NULL filename means the LUN's medium 64 * is not loaded (an empty string as "filename" in the fsg_config 65 * structure causes error). The CD-ROM emulation includes a single 66 * data track and no audio tracks; hence there need be only one 67 * backing file per LUN. 68 * 69 * This function is heavily based on "File-backed Storage Gadget" by 70 * Alan Stern which in turn is heavily based on "Gadget Zero" by David 71 * Brownell. The driver's SCSI command interface was based on the 72 * "Information technology - Small Computer System Interface - 2" 73 * document from X3T9.2 Project 375D, Revision 10L, 7-SEP-93, 74 * available at <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>. 75 * The single exception is opcode 0x23 (READ FORMAT CAPACITIES), which 76 * was based on the "Universal Serial Bus Mass Storage Class UFI 77 * Command Specification" document, Revision 1.0, December 14, 1998, 78 * available at 79 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>. 80 */ 81 82 /* 83 * Driver Design 84 * 85 * The MSF is fairly straightforward. There is a main kernel 86 * thread that handles most of the work. Interrupt routines field 87 * callbacks from the controller driver: bulk- and interrupt-request 88 * completion notifications, endpoint-0 events, and disconnect events. 89 * Completion events are passed to the main thread by wakeup calls. Many 90 * ep0 requests are handled at interrupt time, but SetInterface, 91 * SetConfiguration, and device reset requests are forwarded to the 92 * thread in the form of "exceptions" using SIGUSR1 signals (since they 93 * should interrupt any ongoing file I/O operations). 94 * 95 * The thread's main routine implements the standard command/data/status 96 * parts of a SCSI interaction. It and its subroutines are full of tests 97 * for pending signals/exceptions -- all this polling is necessary since 98 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an 99 * indication that the driver really wants to be running in userspace.) 100 * An important point is that so long as the thread is alive it keeps an 101 * open reference to the backing file. This will prevent unmounting 102 * the backing file's underlying filesystem and could cause problems 103 * during system shutdown, for example. To prevent such problems, the 104 * thread catches INT, TERM, and KILL signals and converts them into 105 * an EXIT exception. 106 * 107 * In normal operation the main thread is started during the gadget's 108 * fsg_bind() callback and stopped during fsg_unbind(). But it can 109 * also exit when it receives a signal, and there's no point leaving 110 * the gadget running when the thread is dead. As of this moment, MSF 111 * provides no way to deregister the gadget when thread dies -- maybe 112 * a callback functions is needed. 113 * 114 * To provide maximum throughput, the driver uses a circular pipeline of 115 * buffer heads (struct fsg_buffhd). In principle the pipeline can be 116 * arbitrarily long; in practice the benefits don't justify having more 117 * than 2 stages (i.e., double buffering). But it helps to think of the 118 * pipeline as being a long one. Each buffer head contains a bulk-in and 119 * a bulk-out request pointer (since the buffer can be used for both 120 * output and input -- directions always are given from the host's 121 * point of view) as well as a pointer to the buffer and various state 122 * variables. 123 * 124 * Use of the pipeline follows a simple protocol. There is a variable 125 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use. 126 * At any time that buffer head may still be in use from an earlier 127 * request, so each buffer head has a state variable indicating whether 128 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the 129 * buffer head to be EMPTY, filling the buffer either by file I/O or by 130 * USB I/O (during which the buffer head is BUSY), and marking the buffer 131 * head FULL when the I/O is complete. Then the buffer will be emptied 132 * (again possibly by USB I/O, during which it is marked BUSY) and 133 * finally marked EMPTY again (possibly by a completion routine). 134 * 135 * A module parameter tells the driver to avoid stalling the bulk 136 * endpoints wherever the transport specification allows. This is 137 * necessary for some UDCs like the SuperH, which cannot reliably clear a 138 * halt on a bulk endpoint. However, under certain circumstances the 139 * Bulk-only specification requires a stall. In such cases the driver 140 * will halt the endpoint and set a flag indicating that it should clear 141 * the halt in software during the next device reset. Hopefully this 142 * will permit everything to work correctly. Furthermore, although the 143 * specification allows the bulk-out endpoint to halt when the host sends 144 * too much data, implementing this would cause an unavoidable race. 145 * The driver will always use the "no-stall" approach for OUT transfers. 146 * 147 * One subtle point concerns sending status-stage responses for ep0 148 * requests. Some of these requests, such as device reset, can involve 149 * interrupting an ongoing file I/O operation, which might take an 150 * arbitrarily long time. During that delay the host might give up on 151 * the original ep0 request and issue a new one. When that happens the 152 * driver should not notify the host about completion of the original 153 * request, as the host will no longer be waiting for it. So the driver 154 * assigns to each ep0 request a unique tag, and it keeps track of the 155 * tag value of the request associated with a long-running exception 156 * (device-reset, interface-change, or configuration-change). When the 157 * exception handler is finished, the status-stage response is submitted 158 * only if the current ep0 request tag is equal to the exception request 159 * tag. Thus only the most recently received ep0 request will get a 160 * status-stage response. 161 * 162 * Warning: This driver source file is too long. It ought to be split up 163 * into a header file plus about 3 separate .c files, to handle the details 164 * of the Gadget, USB Mass Storage, and SCSI protocols. 165 */ 166 167 168 /* #define VERBOSE_DEBUG */ 169 /* #define DUMP_MSGS */ 170 171 #include <linux/blkdev.h> 172 #include <linux/completion.h> 173 #include <linux/dcache.h> 174 #include <linux/delay.h> 175 #include <linux/device.h> 176 #include <linux/fcntl.h> 177 #include <linux/file.h> 178 #include <linux/fs.h> 179 #include <linux/kthread.h> 180 #include <linux/sched/signal.h> 181 #include <linux/limits.h> 182 #include <linux/rwsem.h> 183 #include <linux/slab.h> 184 #include <linux/spinlock.h> 185 #include <linux/string.h> 186 #include <linux/freezer.h> 187 #include <linux/module.h> 188 #include <linux/uaccess.h> 189 #include <asm/unaligned.h> 190 191 #include <linux/usb/ch9.h> 192 #include <linux/usb/gadget.h> 193 #include <linux/usb/composite.h> 194 195 #include <linux/nospec.h> 196 197 #include "configfs.h" 198 199 200 /*------------------------------------------------------------------------*/ 201 202 #define FSG_DRIVER_DESC "Mass Storage Function" 203 #define FSG_DRIVER_VERSION "2009/09/11" 204 205 static const char fsg_string_interface[] = "Mass Storage"; 206 207 #include "storage_common.h" 208 #include "f_mass_storage.h" 209 210 /* Static strings, in UTF-8 (for simplicity we use only ASCII characters) */ 211 static struct usb_string fsg_strings[] = { 212 {FSG_STRING_INTERFACE, fsg_string_interface}, 213 {} 214 }; 215 216 static struct usb_gadget_strings fsg_stringtab = { 217 .language = 0x0409, /* en-us */ 218 .strings = fsg_strings, 219 }; 220 221 static struct usb_gadget_strings *fsg_strings_array[] = { 222 &fsg_stringtab, 223 NULL, 224 }; 225 226 /*-------------------------------------------------------------------------*/ 227 228 struct fsg_dev; 229 struct fsg_common; 230 231 /* Data shared by all the FSG instances. */ 232 struct fsg_common { 233 struct usb_gadget *gadget; 234 struct usb_composite_dev *cdev; 235 struct fsg_dev *fsg; 236 wait_queue_head_t io_wait; 237 wait_queue_head_t fsg_wait; 238 239 /* filesem protects: backing files in use */ 240 struct rw_semaphore filesem; 241 242 /* lock protects: state and thread_task */ 243 spinlock_t lock; 244 245 struct usb_ep *ep0; /* Copy of gadget->ep0 */ 246 struct usb_request *ep0req; /* Copy of cdev->req */ 247 unsigned int ep0_req_tag; 248 249 struct fsg_buffhd *next_buffhd_to_fill; 250 struct fsg_buffhd *next_buffhd_to_drain; 251 struct fsg_buffhd *buffhds; 252 unsigned int fsg_num_buffers; 253 254 int cmnd_size; 255 u8 cmnd[MAX_COMMAND_SIZE]; 256 257 unsigned int lun; 258 struct fsg_lun *luns[FSG_MAX_LUNS]; 259 struct fsg_lun *curlun; 260 261 unsigned int bulk_out_maxpacket; 262 enum fsg_state state; /* For exception handling */ 263 unsigned int exception_req_tag; 264 void *exception_arg; 265 266 enum data_direction data_dir; 267 u32 data_size; 268 u32 data_size_from_cmnd; 269 u32 tag; 270 u32 residue; 271 u32 usb_amount_left; 272 273 unsigned int can_stall:1; 274 unsigned int free_storage_on_release:1; 275 unsigned int phase_error:1; 276 unsigned int short_packet_received:1; 277 unsigned int bad_lun_okay:1; 278 unsigned int running:1; 279 unsigned int sysfs:1; 280 281 struct completion thread_notifier; 282 struct task_struct *thread_task; 283 284 /* Gadget's private data. */ 285 void *private_data; 286 287 char inquiry_string[INQUIRY_STRING_LEN]; 288 }; 289 290 struct fsg_dev { 291 struct usb_function function; 292 struct usb_gadget *gadget; /* Copy of cdev->gadget */ 293 struct fsg_common *common; 294 295 u16 interface_number; 296 297 unsigned int bulk_in_enabled:1; 298 unsigned int bulk_out_enabled:1; 299 300 unsigned long atomic_bitflags; 301 #define IGNORE_BULK_OUT 0 302 303 struct usb_ep *bulk_in; 304 struct usb_ep *bulk_out; 305 }; 306 307 static inline int __fsg_is_set(struct fsg_common *common, 308 const char *func, unsigned line) 309 { 310 if (common->fsg) 311 return 1; 312 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line); 313 WARN_ON(1); 314 return 0; 315 } 316 317 #define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__)) 318 319 static inline struct fsg_dev *fsg_from_func(struct usb_function *f) 320 { 321 return container_of(f, struct fsg_dev, function); 322 } 323 324 static int exception_in_progress(struct fsg_common *common) 325 { 326 return common->state > FSG_STATE_NORMAL; 327 } 328 329 /* Make bulk-out requests be divisible by the maxpacket size */ 330 static void set_bulk_out_req_length(struct fsg_common *common, 331 struct fsg_buffhd *bh, unsigned int length) 332 { 333 unsigned int rem; 334 335 bh->bulk_out_intended_length = length; 336 rem = length % common->bulk_out_maxpacket; 337 if (rem > 0) 338 length += common->bulk_out_maxpacket - rem; 339 bh->outreq->length = length; 340 } 341 342 343 /*-------------------------------------------------------------------------*/ 344 345 static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep) 346 { 347 const char *name; 348 349 if (ep == fsg->bulk_in) 350 name = "bulk-in"; 351 else if (ep == fsg->bulk_out) 352 name = "bulk-out"; 353 else 354 name = ep->name; 355 DBG(fsg, "%s set halt\n", name); 356 return usb_ep_set_halt(ep); 357 } 358 359 360 /*-------------------------------------------------------------------------*/ 361 362 /* These routines may be called in process context or in_irq */ 363 364 static void __raise_exception(struct fsg_common *common, enum fsg_state new_state, 365 void *arg) 366 { 367 unsigned long flags; 368 369 /* 370 * Do nothing if a higher-priority exception is already in progress. 371 * If a lower-or-equal priority exception is in progress, preempt it 372 * and notify the main thread by sending it a signal. 373 */ 374 spin_lock_irqsave(&common->lock, flags); 375 if (common->state <= new_state) { 376 common->exception_req_tag = common->ep0_req_tag; 377 common->state = new_state; 378 common->exception_arg = arg; 379 if (common->thread_task) 380 send_sig_info(SIGUSR1, SEND_SIG_PRIV, 381 common->thread_task); 382 } 383 spin_unlock_irqrestore(&common->lock, flags); 384 } 385 386 static void raise_exception(struct fsg_common *common, enum fsg_state new_state) 387 { 388 __raise_exception(common, new_state, NULL); 389 } 390 391 /*-------------------------------------------------------------------------*/ 392 393 static int ep0_queue(struct fsg_common *common) 394 { 395 int rc; 396 397 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC); 398 common->ep0->driver_data = common; 399 if (rc != 0 && rc != -ESHUTDOWN) { 400 /* We can't do much more than wait for a reset */ 401 WARNING(common, "error in submission: %s --> %d\n", 402 common->ep0->name, rc); 403 } 404 return rc; 405 } 406 407 408 /*-------------------------------------------------------------------------*/ 409 410 /* Completion handlers. These always run in_irq. */ 411 412 static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req) 413 { 414 struct fsg_common *common = ep->driver_data; 415 struct fsg_buffhd *bh = req->context; 416 417 if (req->status || req->actual != req->length) 418 DBG(common, "%s --> %d, %u/%u\n", __func__, 419 req->status, req->actual, req->length); 420 if (req->status == -ECONNRESET) /* Request was cancelled */ 421 usb_ep_fifo_flush(ep); 422 423 /* Synchronize with the smp_load_acquire() in sleep_thread() */ 424 smp_store_release(&bh->state, BUF_STATE_EMPTY); 425 wake_up(&common->io_wait); 426 } 427 428 static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req) 429 { 430 struct fsg_common *common = ep->driver_data; 431 struct fsg_buffhd *bh = req->context; 432 433 dump_msg(common, "bulk-out", req->buf, req->actual); 434 if (req->status || req->actual != bh->bulk_out_intended_length) 435 DBG(common, "%s --> %d, %u/%u\n", __func__, 436 req->status, req->actual, bh->bulk_out_intended_length); 437 if (req->status == -ECONNRESET) /* Request was cancelled */ 438 usb_ep_fifo_flush(ep); 439 440 /* Synchronize with the smp_load_acquire() in sleep_thread() */ 441 smp_store_release(&bh->state, BUF_STATE_FULL); 442 wake_up(&common->io_wait); 443 } 444 445 static int _fsg_common_get_max_lun(struct fsg_common *common) 446 { 447 int i = ARRAY_SIZE(common->luns) - 1; 448 449 while (i >= 0 && !common->luns[i]) 450 --i; 451 452 return i; 453 } 454 455 static int fsg_setup(struct usb_function *f, 456 const struct usb_ctrlrequest *ctrl) 457 { 458 struct fsg_dev *fsg = fsg_from_func(f); 459 struct usb_request *req = fsg->common->ep0req; 460 u16 w_index = le16_to_cpu(ctrl->wIndex); 461 u16 w_value = le16_to_cpu(ctrl->wValue); 462 u16 w_length = le16_to_cpu(ctrl->wLength); 463 464 if (!fsg_is_set(fsg->common)) 465 return -EOPNOTSUPP; 466 467 ++fsg->common->ep0_req_tag; /* Record arrival of a new request */ 468 req->context = NULL; 469 req->length = 0; 470 dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl)); 471 472 switch (ctrl->bRequest) { 473 474 case US_BULK_RESET_REQUEST: 475 if (ctrl->bRequestType != 476 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 477 break; 478 if (w_index != fsg->interface_number || w_value != 0 || 479 w_length != 0) 480 return -EDOM; 481 482 /* 483 * Raise an exception to stop the current operation 484 * and reinitialize our state. 485 */ 486 DBG(fsg, "bulk reset request\n"); 487 raise_exception(fsg->common, FSG_STATE_PROTOCOL_RESET); 488 return USB_GADGET_DELAYED_STATUS; 489 490 case US_BULK_GET_MAX_LUN: 491 if (ctrl->bRequestType != 492 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 493 break; 494 if (w_index != fsg->interface_number || w_value != 0 || 495 w_length != 1) 496 return -EDOM; 497 VDBG(fsg, "get max LUN\n"); 498 *(u8 *)req->buf = _fsg_common_get_max_lun(fsg->common); 499 500 /* Respond with data/status */ 501 req->length = min((u16)1, w_length); 502 return ep0_queue(fsg->common); 503 } 504 505 VDBG(fsg, 506 "unknown class-specific control req %02x.%02x v%04x i%04x l%u\n", 507 ctrl->bRequestType, ctrl->bRequest, 508 le16_to_cpu(ctrl->wValue), w_index, w_length); 509 return -EOPNOTSUPP; 510 } 511 512 513 /*-------------------------------------------------------------------------*/ 514 515 /* All the following routines run in process context */ 516 517 /* Use this for bulk or interrupt transfers, not ep0 */ 518 static int start_transfer(struct fsg_dev *fsg, struct usb_ep *ep, 519 struct usb_request *req) 520 { 521 int rc; 522 523 if (ep == fsg->bulk_in) 524 dump_msg(fsg, "bulk-in", req->buf, req->length); 525 526 rc = usb_ep_queue(ep, req, GFP_KERNEL); 527 if (rc) { 528 529 /* We can't do much more than wait for a reset */ 530 req->status = rc; 531 532 /* 533 * Note: currently the net2280 driver fails zero-length 534 * submissions if DMA is enabled. 535 */ 536 if (rc != -ESHUTDOWN && 537 !(rc == -EOPNOTSUPP && req->length == 0)) 538 WARNING(fsg, "error in submission: %s --> %d\n", 539 ep->name, rc); 540 } 541 return rc; 542 } 543 544 static bool start_in_transfer(struct fsg_common *common, struct fsg_buffhd *bh) 545 { 546 if (!fsg_is_set(common)) 547 return false; 548 bh->state = BUF_STATE_SENDING; 549 if (start_transfer(common->fsg, common->fsg->bulk_in, bh->inreq)) 550 bh->state = BUF_STATE_EMPTY; 551 return true; 552 } 553 554 static bool start_out_transfer(struct fsg_common *common, struct fsg_buffhd *bh) 555 { 556 if (!fsg_is_set(common)) 557 return false; 558 bh->state = BUF_STATE_RECEIVING; 559 if (start_transfer(common->fsg, common->fsg->bulk_out, bh->outreq)) 560 bh->state = BUF_STATE_FULL; 561 return true; 562 } 563 564 static int sleep_thread(struct fsg_common *common, bool can_freeze, 565 struct fsg_buffhd *bh) 566 { 567 int rc; 568 569 /* Wait until a signal arrives or bh is no longer busy */ 570 if (can_freeze) 571 /* 572 * synchronize with the smp_store_release(&bh->state) in 573 * bulk_in_complete() or bulk_out_complete() 574 */ 575 rc = wait_event_freezable(common->io_wait, 576 bh && smp_load_acquire(&bh->state) >= 577 BUF_STATE_EMPTY); 578 else 579 rc = wait_event_interruptible(common->io_wait, 580 bh && smp_load_acquire(&bh->state) >= 581 BUF_STATE_EMPTY); 582 return rc ? -EINTR : 0; 583 } 584 585 586 /*-------------------------------------------------------------------------*/ 587 588 static int do_read(struct fsg_common *common) 589 { 590 struct fsg_lun *curlun = common->curlun; 591 u64 lba; 592 struct fsg_buffhd *bh; 593 int rc; 594 u32 amount_left; 595 loff_t file_offset, file_offset_tmp; 596 unsigned int amount; 597 ssize_t nread; 598 599 /* 600 * Get the starting Logical Block Address and check that it's 601 * not too big. 602 */ 603 if (common->cmnd[0] == READ_6) 604 lba = get_unaligned_be24(&common->cmnd[1]); 605 else { 606 if (common->cmnd[0] == READ_16) 607 lba = get_unaligned_be64(&common->cmnd[2]); 608 else /* READ_10 or READ_12 */ 609 lba = get_unaligned_be32(&common->cmnd[2]); 610 611 /* 612 * We allow DPO (Disable Page Out = don't save data in the 613 * cache) and FUA (Force Unit Access = don't read from the 614 * cache), but we don't implement them. 615 */ 616 if ((common->cmnd[1] & ~0x18) != 0) { 617 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 618 return -EINVAL; 619 } 620 } 621 if (lba >= curlun->num_sectors) { 622 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 623 return -EINVAL; 624 } 625 file_offset = ((loff_t) lba) << curlun->blkbits; 626 627 /* Carry out the file reads */ 628 amount_left = common->data_size_from_cmnd; 629 if (unlikely(amount_left == 0)) 630 return -EIO; /* No default reply */ 631 632 for (;;) { 633 /* 634 * Figure out how much we need to read: 635 * Try to read the remaining amount. 636 * But don't read more than the buffer size. 637 * And don't try to read past the end of the file. 638 */ 639 amount = min(amount_left, FSG_BUFLEN); 640 amount = min((loff_t)amount, 641 curlun->file_length - file_offset); 642 643 /* Wait for the next buffer to become available */ 644 bh = common->next_buffhd_to_fill; 645 rc = sleep_thread(common, false, bh); 646 if (rc) 647 return rc; 648 649 /* 650 * If we were asked to read past the end of file, 651 * end with an empty buffer. 652 */ 653 if (amount == 0) { 654 curlun->sense_data = 655 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 656 curlun->sense_data_info = 657 file_offset >> curlun->blkbits; 658 curlun->info_valid = 1; 659 bh->inreq->length = 0; 660 bh->state = BUF_STATE_FULL; 661 break; 662 } 663 664 /* Perform the read */ 665 file_offset_tmp = file_offset; 666 nread = kernel_read(curlun->filp, bh->buf, amount, 667 &file_offset_tmp); 668 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 669 (unsigned long long)file_offset, (int)nread); 670 if (signal_pending(current)) 671 return -EINTR; 672 673 if (nread < 0) { 674 LDBG(curlun, "error in file read: %d\n", (int)nread); 675 nread = 0; 676 } else if (nread < amount) { 677 LDBG(curlun, "partial file read: %d/%u\n", 678 (int)nread, amount); 679 nread = round_down(nread, curlun->blksize); 680 } 681 file_offset += nread; 682 amount_left -= nread; 683 common->residue -= nread; 684 685 /* 686 * Except at the end of the transfer, nread will be 687 * equal to the buffer size, which is divisible by the 688 * bulk-in maxpacket size. 689 */ 690 bh->inreq->length = nread; 691 bh->state = BUF_STATE_FULL; 692 693 /* If an error occurred, report it and its position */ 694 if (nread < amount) { 695 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 696 curlun->sense_data_info = 697 file_offset >> curlun->blkbits; 698 curlun->info_valid = 1; 699 break; 700 } 701 702 if (amount_left == 0) 703 break; /* No more left to read */ 704 705 /* Send this buffer and go read some more */ 706 bh->inreq->zero = 0; 707 if (!start_in_transfer(common, bh)) 708 /* Don't know what to do if common->fsg is NULL */ 709 return -EIO; 710 common->next_buffhd_to_fill = bh->next; 711 } 712 713 return -EIO; /* No default reply */ 714 } 715 716 717 /*-------------------------------------------------------------------------*/ 718 719 static int do_write(struct fsg_common *common) 720 { 721 struct fsg_lun *curlun = common->curlun; 722 u64 lba; 723 struct fsg_buffhd *bh; 724 int get_some_more; 725 u32 amount_left_to_req, amount_left_to_write; 726 loff_t usb_offset, file_offset, file_offset_tmp; 727 unsigned int amount; 728 ssize_t nwritten; 729 int rc; 730 731 if (curlun->ro) { 732 curlun->sense_data = SS_WRITE_PROTECTED; 733 return -EINVAL; 734 } 735 spin_lock(&curlun->filp->f_lock); 736 curlun->filp->f_flags &= ~O_SYNC; /* Default is not to wait */ 737 spin_unlock(&curlun->filp->f_lock); 738 739 /* 740 * Get the starting Logical Block Address and check that it's 741 * not too big 742 */ 743 if (common->cmnd[0] == WRITE_6) 744 lba = get_unaligned_be24(&common->cmnd[1]); 745 else { 746 if (common->cmnd[0] == WRITE_16) 747 lba = get_unaligned_be64(&common->cmnd[2]); 748 else /* WRITE_10 or WRITE_12 */ 749 lba = get_unaligned_be32(&common->cmnd[2]); 750 751 /* 752 * We allow DPO (Disable Page Out = don't save data in the 753 * cache) and FUA (Force Unit Access = write directly to the 754 * medium). We don't implement DPO; we implement FUA by 755 * performing synchronous output. 756 */ 757 if (common->cmnd[1] & ~0x18) { 758 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 759 return -EINVAL; 760 } 761 if (!curlun->nofua && (common->cmnd[1] & 0x08)) { /* FUA */ 762 spin_lock(&curlun->filp->f_lock); 763 curlun->filp->f_flags |= O_SYNC; 764 spin_unlock(&curlun->filp->f_lock); 765 } 766 } 767 if (lba >= curlun->num_sectors) { 768 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 769 return -EINVAL; 770 } 771 772 /* Carry out the file writes */ 773 get_some_more = 1; 774 file_offset = usb_offset = ((loff_t) lba) << curlun->blkbits; 775 amount_left_to_req = common->data_size_from_cmnd; 776 amount_left_to_write = common->data_size_from_cmnd; 777 778 while (amount_left_to_write > 0) { 779 780 /* Queue a request for more data from the host */ 781 bh = common->next_buffhd_to_fill; 782 if (bh->state == BUF_STATE_EMPTY && get_some_more) { 783 784 /* 785 * Figure out how much we want to get: 786 * Try to get the remaining amount, 787 * but not more than the buffer size. 788 */ 789 amount = min(amount_left_to_req, FSG_BUFLEN); 790 791 /* Beyond the end of the backing file? */ 792 if (usb_offset >= curlun->file_length) { 793 get_some_more = 0; 794 curlun->sense_data = 795 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 796 curlun->sense_data_info = 797 usb_offset >> curlun->blkbits; 798 curlun->info_valid = 1; 799 continue; 800 } 801 802 /* Get the next buffer */ 803 usb_offset += amount; 804 common->usb_amount_left -= amount; 805 amount_left_to_req -= amount; 806 if (amount_left_to_req == 0) 807 get_some_more = 0; 808 809 /* 810 * Except at the end of the transfer, amount will be 811 * equal to the buffer size, which is divisible by 812 * the bulk-out maxpacket size. 813 */ 814 set_bulk_out_req_length(common, bh, amount); 815 if (!start_out_transfer(common, bh)) 816 /* Dunno what to do if common->fsg is NULL */ 817 return -EIO; 818 common->next_buffhd_to_fill = bh->next; 819 continue; 820 } 821 822 /* Write the received data to the backing file */ 823 bh = common->next_buffhd_to_drain; 824 if (bh->state == BUF_STATE_EMPTY && !get_some_more) 825 break; /* We stopped early */ 826 827 /* Wait for the data to be received */ 828 rc = sleep_thread(common, false, bh); 829 if (rc) 830 return rc; 831 832 common->next_buffhd_to_drain = bh->next; 833 bh->state = BUF_STATE_EMPTY; 834 835 /* Did something go wrong with the transfer? */ 836 if (bh->outreq->status != 0) { 837 curlun->sense_data = SS_COMMUNICATION_FAILURE; 838 curlun->sense_data_info = 839 file_offset >> curlun->blkbits; 840 curlun->info_valid = 1; 841 break; 842 } 843 844 amount = bh->outreq->actual; 845 if (curlun->file_length - file_offset < amount) { 846 LERROR(curlun, "write %u @ %llu beyond end %llu\n", 847 amount, (unsigned long long)file_offset, 848 (unsigned long long)curlun->file_length); 849 amount = curlun->file_length - file_offset; 850 } 851 852 /* 853 * Don't accept excess data. The spec doesn't say 854 * what to do in this case. We'll ignore the error. 855 */ 856 amount = min(amount, bh->bulk_out_intended_length); 857 858 /* Don't write a partial block */ 859 amount = round_down(amount, curlun->blksize); 860 if (amount == 0) 861 goto empty_write; 862 863 /* Perform the write */ 864 file_offset_tmp = file_offset; 865 nwritten = kernel_write(curlun->filp, bh->buf, amount, 866 &file_offset_tmp); 867 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount, 868 (unsigned long long)file_offset, (int)nwritten); 869 if (signal_pending(current)) 870 return -EINTR; /* Interrupted! */ 871 872 if (nwritten < 0) { 873 LDBG(curlun, "error in file write: %d\n", 874 (int) nwritten); 875 nwritten = 0; 876 } else if (nwritten < amount) { 877 LDBG(curlun, "partial file write: %d/%u\n", 878 (int) nwritten, amount); 879 nwritten = round_down(nwritten, curlun->blksize); 880 } 881 file_offset += nwritten; 882 amount_left_to_write -= nwritten; 883 common->residue -= nwritten; 884 885 /* If an error occurred, report it and its position */ 886 if (nwritten < amount) { 887 curlun->sense_data = SS_WRITE_ERROR; 888 curlun->sense_data_info = 889 file_offset >> curlun->blkbits; 890 curlun->info_valid = 1; 891 break; 892 } 893 894 empty_write: 895 /* Did the host decide to stop early? */ 896 if (bh->outreq->actual < bh->bulk_out_intended_length) { 897 common->short_packet_received = 1; 898 break; 899 } 900 } 901 902 return -EIO; /* No default reply */ 903 } 904 905 906 /*-------------------------------------------------------------------------*/ 907 908 static int do_synchronize_cache(struct fsg_common *common) 909 { 910 struct fsg_lun *curlun = common->curlun; 911 int rc; 912 913 /* We ignore the requested LBA and write out all file's 914 * dirty data buffers. */ 915 rc = fsg_lun_fsync_sub(curlun); 916 if (rc) 917 curlun->sense_data = SS_WRITE_ERROR; 918 return 0; 919 } 920 921 922 /*-------------------------------------------------------------------------*/ 923 924 static void invalidate_sub(struct fsg_lun *curlun) 925 { 926 struct file *filp = curlun->filp; 927 struct inode *inode = file_inode(filp); 928 unsigned long rc; 929 930 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1); 931 VLDBG(curlun, "invalidate_mapping_pages -> %ld\n", rc); 932 } 933 934 static int do_verify(struct fsg_common *common) 935 { 936 struct fsg_lun *curlun = common->curlun; 937 u32 lba; 938 u32 verification_length; 939 struct fsg_buffhd *bh = common->next_buffhd_to_fill; 940 loff_t file_offset, file_offset_tmp; 941 u32 amount_left; 942 unsigned int amount; 943 ssize_t nread; 944 945 /* 946 * Get the starting Logical Block Address and check that it's 947 * not too big. 948 */ 949 lba = get_unaligned_be32(&common->cmnd[2]); 950 if (lba >= curlun->num_sectors) { 951 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 952 return -EINVAL; 953 } 954 955 /* 956 * We allow DPO (Disable Page Out = don't save data in the 957 * cache) but we don't implement it. 958 */ 959 if (common->cmnd[1] & ~0x10) { 960 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 961 return -EINVAL; 962 } 963 964 verification_length = get_unaligned_be16(&common->cmnd[7]); 965 if (unlikely(verification_length == 0)) 966 return -EIO; /* No default reply */ 967 968 /* Prepare to carry out the file verify */ 969 amount_left = verification_length << curlun->blkbits; 970 file_offset = ((loff_t) lba) << curlun->blkbits; 971 972 /* Write out all the dirty buffers before invalidating them */ 973 fsg_lun_fsync_sub(curlun); 974 if (signal_pending(current)) 975 return -EINTR; 976 977 invalidate_sub(curlun); 978 if (signal_pending(current)) 979 return -EINTR; 980 981 /* Just try to read the requested blocks */ 982 while (amount_left > 0) { 983 /* 984 * Figure out how much we need to read: 985 * Try to read the remaining amount, but not more than 986 * the buffer size. 987 * And don't try to read past the end of the file. 988 */ 989 amount = min(amount_left, FSG_BUFLEN); 990 amount = min((loff_t)amount, 991 curlun->file_length - file_offset); 992 if (amount == 0) { 993 curlun->sense_data = 994 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 995 curlun->sense_data_info = 996 file_offset >> curlun->blkbits; 997 curlun->info_valid = 1; 998 break; 999 } 1000 1001 /* Perform the read */ 1002 file_offset_tmp = file_offset; 1003 nread = kernel_read(curlun->filp, bh->buf, amount, 1004 &file_offset_tmp); 1005 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 1006 (unsigned long long) file_offset, 1007 (int) nread); 1008 if (signal_pending(current)) 1009 return -EINTR; 1010 1011 if (nread < 0) { 1012 LDBG(curlun, "error in file verify: %d\n", (int)nread); 1013 nread = 0; 1014 } else if (nread < amount) { 1015 LDBG(curlun, "partial file verify: %d/%u\n", 1016 (int)nread, amount); 1017 nread = round_down(nread, curlun->blksize); 1018 } 1019 if (nread == 0) { 1020 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 1021 curlun->sense_data_info = 1022 file_offset >> curlun->blkbits; 1023 curlun->info_valid = 1; 1024 break; 1025 } 1026 file_offset += nread; 1027 amount_left -= nread; 1028 } 1029 return 0; 1030 } 1031 1032 1033 /*-------------------------------------------------------------------------*/ 1034 1035 static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh) 1036 { 1037 struct fsg_lun *curlun = common->curlun; 1038 u8 *buf = (u8 *) bh->buf; 1039 1040 if (!curlun) { /* Unsupported LUNs are okay */ 1041 common->bad_lun_okay = 1; 1042 memset(buf, 0, 36); 1043 buf[0] = TYPE_NO_LUN; /* Unsupported, no device-type */ 1044 buf[4] = 31; /* Additional length */ 1045 return 36; 1046 } 1047 1048 buf[0] = curlun->cdrom ? TYPE_ROM : TYPE_DISK; 1049 buf[1] = curlun->removable ? 0x80 : 0; 1050 buf[2] = 2; /* ANSI SCSI level 2 */ 1051 buf[3] = 2; /* SCSI-2 INQUIRY data format */ 1052 buf[4] = 31; /* Additional length */ 1053 buf[5] = 0; /* No special options */ 1054 buf[6] = 0; 1055 buf[7] = 0; 1056 if (curlun->inquiry_string[0]) 1057 memcpy(buf + 8, curlun->inquiry_string, 1058 sizeof(curlun->inquiry_string)); 1059 else 1060 memcpy(buf + 8, common->inquiry_string, 1061 sizeof(common->inquiry_string)); 1062 return 36; 1063 } 1064 1065 static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh) 1066 { 1067 struct fsg_lun *curlun = common->curlun; 1068 u8 *buf = (u8 *) bh->buf; 1069 u32 sd, sdinfo; 1070 int valid; 1071 1072 /* 1073 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 1074 * 1075 * If a REQUEST SENSE command is received from an initiator 1076 * with a pending unit attention condition (before the target 1077 * generates the contingent allegiance condition), then the 1078 * target shall either: 1079 * a) report any pending sense data and preserve the unit 1080 * attention condition on the logical unit, or, 1081 * b) report the unit attention condition, may discard any 1082 * pending sense data, and clear the unit attention 1083 * condition on the logical unit for that initiator. 1084 * 1085 * FSG normally uses option a); enable this code to use option b). 1086 */ 1087 #if 0 1088 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) { 1089 curlun->sense_data = curlun->unit_attention_data; 1090 curlun->unit_attention_data = SS_NO_SENSE; 1091 } 1092 #endif 1093 1094 if (!curlun) { /* Unsupported LUNs are okay */ 1095 common->bad_lun_okay = 1; 1096 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1097 sdinfo = 0; 1098 valid = 0; 1099 } else { 1100 sd = curlun->sense_data; 1101 sdinfo = curlun->sense_data_info; 1102 valid = curlun->info_valid << 7; 1103 curlun->sense_data = SS_NO_SENSE; 1104 curlun->sense_data_info = 0; 1105 curlun->info_valid = 0; 1106 } 1107 1108 memset(buf, 0, 18); 1109 buf[0] = valid | 0x70; /* Valid, current error */ 1110 buf[2] = SK(sd); 1111 put_unaligned_be32(sdinfo, &buf[3]); /* Sense information */ 1112 buf[7] = 18 - 8; /* Additional sense length */ 1113 buf[12] = ASC(sd); 1114 buf[13] = ASCQ(sd); 1115 return 18; 1116 } 1117 1118 static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh) 1119 { 1120 struct fsg_lun *curlun = common->curlun; 1121 u32 lba = get_unaligned_be32(&common->cmnd[2]); 1122 int pmi = common->cmnd[8]; 1123 u8 *buf = (u8 *)bh->buf; 1124 u32 max_lba; 1125 1126 /* Check the PMI and LBA fields */ 1127 if (pmi > 1 || (pmi == 0 && lba != 0)) { 1128 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1129 return -EINVAL; 1130 } 1131 1132 if (curlun->num_sectors < 0x100000000ULL) 1133 max_lba = curlun->num_sectors - 1; 1134 else 1135 max_lba = 0xffffffff; 1136 put_unaligned_be32(max_lba, &buf[0]); /* Max logical block */ 1137 put_unaligned_be32(curlun->blksize, &buf[4]); /* Block length */ 1138 return 8; 1139 } 1140 1141 static int do_read_capacity_16(struct fsg_common *common, struct fsg_buffhd *bh) 1142 { 1143 struct fsg_lun *curlun = common->curlun; 1144 u64 lba = get_unaligned_be64(&common->cmnd[2]); 1145 int pmi = common->cmnd[14]; 1146 u8 *buf = (u8 *)bh->buf; 1147 1148 /* Check the PMI and LBA fields */ 1149 if (pmi > 1 || (pmi == 0 && lba != 0)) { 1150 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1151 return -EINVAL; 1152 } 1153 1154 put_unaligned_be64(curlun->num_sectors - 1, &buf[0]); 1155 /* Max logical block */ 1156 put_unaligned_be32(curlun->blksize, &buf[8]); /* Block length */ 1157 1158 /* It is safe to keep other fields zeroed */ 1159 memset(&buf[12], 0, 32 - 12); 1160 return 32; 1161 } 1162 1163 static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh) 1164 { 1165 struct fsg_lun *curlun = common->curlun; 1166 int msf = common->cmnd[1] & 0x02; 1167 u32 lba = get_unaligned_be32(&common->cmnd[2]); 1168 u8 *buf = (u8 *)bh->buf; 1169 1170 if (common->cmnd[1] & ~0x02) { /* Mask away MSF */ 1171 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1172 return -EINVAL; 1173 } 1174 if (lba >= curlun->num_sectors) { 1175 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1176 return -EINVAL; 1177 } 1178 1179 memset(buf, 0, 8); 1180 buf[0] = 0x01; /* 2048 bytes of user data, rest is EC */ 1181 store_cdrom_address(&buf[4], msf, lba); 1182 return 8; 1183 } 1184 1185 static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh) 1186 { 1187 struct fsg_lun *curlun = common->curlun; 1188 int msf = common->cmnd[1] & 0x02; 1189 int start_track = common->cmnd[6]; 1190 u8 *buf = (u8 *)bh->buf; 1191 1192 if ((common->cmnd[1] & ~0x02) != 0 || /* Mask away MSF */ 1193 start_track > 1) { 1194 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1195 return -EINVAL; 1196 } 1197 1198 memset(buf, 0, 20); 1199 buf[1] = (20-2); /* TOC data length */ 1200 buf[2] = 1; /* First track number */ 1201 buf[3] = 1; /* Last track number */ 1202 buf[5] = 0x16; /* Data track, copying allowed */ 1203 buf[6] = 0x01; /* Only track is number 1 */ 1204 store_cdrom_address(&buf[8], msf, 0); 1205 1206 buf[13] = 0x16; /* Lead-out track is data */ 1207 buf[14] = 0xAA; /* Lead-out track number */ 1208 store_cdrom_address(&buf[16], msf, curlun->num_sectors); 1209 return 20; 1210 } 1211 1212 static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh) 1213 { 1214 struct fsg_lun *curlun = common->curlun; 1215 int mscmnd = common->cmnd[0]; 1216 u8 *buf = (u8 *) bh->buf; 1217 u8 *buf0 = buf; 1218 int pc, page_code; 1219 int changeable_values, all_pages; 1220 int valid_page = 0; 1221 int len, limit; 1222 1223 if ((common->cmnd[1] & ~0x08) != 0) { /* Mask away DBD */ 1224 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1225 return -EINVAL; 1226 } 1227 pc = common->cmnd[2] >> 6; 1228 page_code = common->cmnd[2] & 0x3f; 1229 if (pc == 3) { 1230 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 1231 return -EINVAL; 1232 } 1233 changeable_values = (pc == 1); 1234 all_pages = (page_code == 0x3f); 1235 1236 /* 1237 * Write the mode parameter header. Fixed values are: default 1238 * medium type, no cache control (DPOFUA), and no block descriptors. 1239 * The only variable value is the WriteProtect bit. We will fill in 1240 * the mode data length later. 1241 */ 1242 memset(buf, 0, 8); 1243 if (mscmnd == MODE_SENSE) { 1244 buf[2] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */ 1245 buf += 4; 1246 limit = 255; 1247 } else { /* MODE_SENSE_10 */ 1248 buf[3] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */ 1249 buf += 8; 1250 limit = 65535; /* Should really be FSG_BUFLEN */ 1251 } 1252 1253 /* No block descriptors */ 1254 1255 /* 1256 * The mode pages, in numerical order. The only page we support 1257 * is the Caching page. 1258 */ 1259 if (page_code == 0x08 || all_pages) { 1260 valid_page = 1; 1261 buf[0] = 0x08; /* Page code */ 1262 buf[1] = 10; /* Page length */ 1263 memset(buf+2, 0, 10); /* None of the fields are changeable */ 1264 1265 if (!changeable_values) { 1266 buf[2] = 0x04; /* Write cache enable, */ 1267 /* Read cache not disabled */ 1268 /* No cache retention priorities */ 1269 put_unaligned_be16(0xffff, &buf[4]); 1270 /* Don't disable prefetch */ 1271 /* Minimum prefetch = 0 */ 1272 put_unaligned_be16(0xffff, &buf[8]); 1273 /* Maximum prefetch */ 1274 put_unaligned_be16(0xffff, &buf[10]); 1275 /* Maximum prefetch ceiling */ 1276 } 1277 buf += 12; 1278 } 1279 1280 /* 1281 * Check that a valid page was requested and the mode data length 1282 * isn't too long. 1283 */ 1284 len = buf - buf0; 1285 if (!valid_page || len > limit) { 1286 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1287 return -EINVAL; 1288 } 1289 1290 /* Store the mode data length */ 1291 if (mscmnd == MODE_SENSE) 1292 buf0[0] = len - 1; 1293 else 1294 put_unaligned_be16(len - 2, buf0); 1295 return len; 1296 } 1297 1298 static int do_start_stop(struct fsg_common *common) 1299 { 1300 struct fsg_lun *curlun = common->curlun; 1301 int loej, start; 1302 1303 if (!curlun) { 1304 return -EINVAL; 1305 } else if (!curlun->removable) { 1306 curlun->sense_data = SS_INVALID_COMMAND; 1307 return -EINVAL; 1308 } else if ((common->cmnd[1] & ~0x01) != 0 || /* Mask away Immed */ 1309 (common->cmnd[4] & ~0x03) != 0) { /* Mask LoEj, Start */ 1310 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1311 return -EINVAL; 1312 } 1313 1314 loej = common->cmnd[4] & 0x02; 1315 start = common->cmnd[4] & 0x01; 1316 1317 /* 1318 * Our emulation doesn't support mounting; the medium is 1319 * available for use as soon as it is loaded. 1320 */ 1321 if (start) { 1322 if (!fsg_lun_is_open(curlun)) { 1323 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1324 return -EINVAL; 1325 } 1326 return 0; 1327 } 1328 1329 /* Are we allowed to unload the media? */ 1330 if (curlun->prevent_medium_removal) { 1331 LDBG(curlun, "unload attempt prevented\n"); 1332 curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED; 1333 return -EINVAL; 1334 } 1335 1336 if (!loej) 1337 return 0; 1338 1339 up_read(&common->filesem); 1340 down_write(&common->filesem); 1341 fsg_lun_close(curlun); 1342 up_write(&common->filesem); 1343 down_read(&common->filesem); 1344 1345 return 0; 1346 } 1347 1348 static int do_prevent_allow(struct fsg_common *common) 1349 { 1350 struct fsg_lun *curlun = common->curlun; 1351 int prevent; 1352 1353 if (!common->curlun) { 1354 return -EINVAL; 1355 } else if (!common->curlun->removable) { 1356 common->curlun->sense_data = SS_INVALID_COMMAND; 1357 return -EINVAL; 1358 } 1359 1360 prevent = common->cmnd[4] & 0x01; 1361 if ((common->cmnd[4] & ~0x01) != 0) { /* Mask away Prevent */ 1362 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1363 return -EINVAL; 1364 } 1365 1366 if (curlun->prevent_medium_removal && !prevent) 1367 fsg_lun_fsync_sub(curlun); 1368 curlun->prevent_medium_removal = prevent; 1369 return 0; 1370 } 1371 1372 static int do_read_format_capacities(struct fsg_common *common, 1373 struct fsg_buffhd *bh) 1374 { 1375 struct fsg_lun *curlun = common->curlun; 1376 u8 *buf = (u8 *) bh->buf; 1377 1378 buf[0] = buf[1] = buf[2] = 0; 1379 buf[3] = 8; /* Only the Current/Maximum Capacity Descriptor */ 1380 buf += 4; 1381 1382 put_unaligned_be32(curlun->num_sectors, &buf[0]); 1383 /* Number of blocks */ 1384 put_unaligned_be32(curlun->blksize, &buf[4]);/* Block length */ 1385 buf[4] = 0x02; /* Current capacity */ 1386 return 12; 1387 } 1388 1389 static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh) 1390 { 1391 struct fsg_lun *curlun = common->curlun; 1392 1393 /* We don't support MODE SELECT */ 1394 if (curlun) 1395 curlun->sense_data = SS_INVALID_COMMAND; 1396 return -EINVAL; 1397 } 1398 1399 1400 /*-------------------------------------------------------------------------*/ 1401 1402 static int halt_bulk_in_endpoint(struct fsg_dev *fsg) 1403 { 1404 int rc; 1405 1406 rc = fsg_set_halt(fsg, fsg->bulk_in); 1407 if (rc == -EAGAIN) 1408 VDBG(fsg, "delayed bulk-in endpoint halt\n"); 1409 while (rc != 0) { 1410 if (rc != -EAGAIN) { 1411 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc); 1412 rc = 0; 1413 break; 1414 } 1415 1416 /* Wait for a short time and then try again */ 1417 if (msleep_interruptible(100) != 0) 1418 return -EINTR; 1419 rc = usb_ep_set_halt(fsg->bulk_in); 1420 } 1421 return rc; 1422 } 1423 1424 static int wedge_bulk_in_endpoint(struct fsg_dev *fsg) 1425 { 1426 int rc; 1427 1428 DBG(fsg, "bulk-in set wedge\n"); 1429 rc = usb_ep_set_wedge(fsg->bulk_in); 1430 if (rc == -EAGAIN) 1431 VDBG(fsg, "delayed bulk-in endpoint wedge\n"); 1432 while (rc != 0) { 1433 if (rc != -EAGAIN) { 1434 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc); 1435 rc = 0; 1436 break; 1437 } 1438 1439 /* Wait for a short time and then try again */ 1440 if (msleep_interruptible(100) != 0) 1441 return -EINTR; 1442 rc = usb_ep_set_wedge(fsg->bulk_in); 1443 } 1444 return rc; 1445 } 1446 1447 static int throw_away_data(struct fsg_common *common) 1448 { 1449 struct fsg_buffhd *bh, *bh2; 1450 u32 amount; 1451 int rc; 1452 1453 for (bh = common->next_buffhd_to_drain; 1454 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0; 1455 bh = common->next_buffhd_to_drain) { 1456 1457 /* Try to submit another request if we need one */ 1458 bh2 = common->next_buffhd_to_fill; 1459 if (bh2->state == BUF_STATE_EMPTY && 1460 common->usb_amount_left > 0) { 1461 amount = min(common->usb_amount_left, FSG_BUFLEN); 1462 1463 /* 1464 * Except at the end of the transfer, amount will be 1465 * equal to the buffer size, which is divisible by 1466 * the bulk-out maxpacket size. 1467 */ 1468 set_bulk_out_req_length(common, bh2, amount); 1469 if (!start_out_transfer(common, bh2)) 1470 /* Dunno what to do if common->fsg is NULL */ 1471 return -EIO; 1472 common->next_buffhd_to_fill = bh2->next; 1473 common->usb_amount_left -= amount; 1474 continue; 1475 } 1476 1477 /* Wait for the data to be received */ 1478 rc = sleep_thread(common, false, bh); 1479 if (rc) 1480 return rc; 1481 1482 /* Throw away the data in a filled buffer */ 1483 bh->state = BUF_STATE_EMPTY; 1484 common->next_buffhd_to_drain = bh->next; 1485 1486 /* A short packet or an error ends everything */ 1487 if (bh->outreq->actual < bh->bulk_out_intended_length || 1488 bh->outreq->status != 0) { 1489 raise_exception(common, FSG_STATE_ABORT_BULK_OUT); 1490 return -EINTR; 1491 } 1492 } 1493 return 0; 1494 } 1495 1496 static int finish_reply(struct fsg_common *common) 1497 { 1498 struct fsg_buffhd *bh = common->next_buffhd_to_fill; 1499 int rc = 0; 1500 1501 switch (common->data_dir) { 1502 case DATA_DIR_NONE: 1503 break; /* Nothing to send */ 1504 1505 /* 1506 * If we don't know whether the host wants to read or write, 1507 * this must be CB or CBI with an unknown command. We mustn't 1508 * try to send or receive any data. So stall both bulk pipes 1509 * if we can and wait for a reset. 1510 */ 1511 case DATA_DIR_UNKNOWN: 1512 if (!common->can_stall) { 1513 /* Nothing */ 1514 } else if (fsg_is_set(common)) { 1515 fsg_set_halt(common->fsg, common->fsg->bulk_out); 1516 rc = halt_bulk_in_endpoint(common->fsg); 1517 } else { 1518 /* Don't know what to do if common->fsg is NULL */ 1519 rc = -EIO; 1520 } 1521 break; 1522 1523 /* All but the last buffer of data must have already been sent */ 1524 case DATA_DIR_TO_HOST: 1525 if (common->data_size == 0) { 1526 /* Nothing to send */ 1527 1528 /* Don't know what to do if common->fsg is NULL */ 1529 } else if (!fsg_is_set(common)) { 1530 rc = -EIO; 1531 1532 /* If there's no residue, simply send the last buffer */ 1533 } else if (common->residue == 0) { 1534 bh->inreq->zero = 0; 1535 if (!start_in_transfer(common, bh)) 1536 return -EIO; 1537 common->next_buffhd_to_fill = bh->next; 1538 1539 /* 1540 * For Bulk-only, mark the end of the data with a short 1541 * packet. If we are allowed to stall, halt the bulk-in 1542 * endpoint. (Note: This violates the Bulk-Only Transport 1543 * specification, which requires us to pad the data if we 1544 * don't halt the endpoint. Presumably nobody will mind.) 1545 */ 1546 } else { 1547 bh->inreq->zero = 1; 1548 if (!start_in_transfer(common, bh)) 1549 rc = -EIO; 1550 common->next_buffhd_to_fill = bh->next; 1551 if (common->can_stall) 1552 rc = halt_bulk_in_endpoint(common->fsg); 1553 } 1554 break; 1555 1556 /* 1557 * We have processed all we want from the data the host has sent. 1558 * There may still be outstanding bulk-out requests. 1559 */ 1560 case DATA_DIR_FROM_HOST: 1561 if (common->residue == 0) { 1562 /* Nothing to receive */ 1563 1564 /* Did the host stop sending unexpectedly early? */ 1565 } else if (common->short_packet_received) { 1566 raise_exception(common, FSG_STATE_ABORT_BULK_OUT); 1567 rc = -EINTR; 1568 1569 /* 1570 * We haven't processed all the incoming data. Even though 1571 * we may be allowed to stall, doing so would cause a race. 1572 * The controller may already have ACK'ed all the remaining 1573 * bulk-out packets, in which case the host wouldn't see a 1574 * STALL. Not realizing the endpoint was halted, it wouldn't 1575 * clear the halt -- leading to problems later on. 1576 */ 1577 #if 0 1578 } else if (common->can_stall) { 1579 if (fsg_is_set(common)) 1580 fsg_set_halt(common->fsg, 1581 common->fsg->bulk_out); 1582 raise_exception(common, FSG_STATE_ABORT_BULK_OUT); 1583 rc = -EINTR; 1584 #endif 1585 1586 /* 1587 * We can't stall. Read in the excess data and throw it 1588 * all away. 1589 */ 1590 } else { 1591 rc = throw_away_data(common); 1592 } 1593 break; 1594 } 1595 return rc; 1596 } 1597 1598 static void send_status(struct fsg_common *common) 1599 { 1600 struct fsg_lun *curlun = common->curlun; 1601 struct fsg_buffhd *bh; 1602 struct bulk_cs_wrap *csw; 1603 int rc; 1604 u8 status = US_BULK_STAT_OK; 1605 u32 sd, sdinfo = 0; 1606 1607 /* Wait for the next buffer to become available */ 1608 bh = common->next_buffhd_to_fill; 1609 rc = sleep_thread(common, false, bh); 1610 if (rc) 1611 return; 1612 1613 if (curlun) { 1614 sd = curlun->sense_data; 1615 sdinfo = curlun->sense_data_info; 1616 } else if (common->bad_lun_okay) 1617 sd = SS_NO_SENSE; 1618 else 1619 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1620 1621 if (common->phase_error) { 1622 DBG(common, "sending phase-error status\n"); 1623 status = US_BULK_STAT_PHASE; 1624 sd = SS_INVALID_COMMAND; 1625 } else if (sd != SS_NO_SENSE) { 1626 DBG(common, "sending command-failure status\n"); 1627 status = US_BULK_STAT_FAIL; 1628 VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;" 1629 " info x%x\n", 1630 SK(sd), ASC(sd), ASCQ(sd), sdinfo); 1631 } 1632 1633 /* Store and send the Bulk-only CSW */ 1634 csw = (void *)bh->buf; 1635 1636 csw->Signature = cpu_to_le32(US_BULK_CS_SIGN); 1637 csw->Tag = common->tag; 1638 csw->Residue = cpu_to_le32(common->residue); 1639 csw->Status = status; 1640 1641 bh->inreq->length = US_BULK_CS_WRAP_LEN; 1642 bh->inreq->zero = 0; 1643 if (!start_in_transfer(common, bh)) 1644 /* Don't know what to do if common->fsg is NULL */ 1645 return; 1646 1647 common->next_buffhd_to_fill = bh->next; 1648 return; 1649 } 1650 1651 1652 /*-------------------------------------------------------------------------*/ 1653 1654 /* 1655 * Check whether the command is properly formed and whether its data size 1656 * and direction agree with the values we already have. 1657 */ 1658 static int check_command(struct fsg_common *common, int cmnd_size, 1659 enum data_direction data_dir, unsigned int mask, 1660 int needs_medium, const char *name) 1661 { 1662 int i; 1663 unsigned int lun = common->cmnd[1] >> 5; 1664 static const char dirletter[4] = {'u', 'o', 'i', 'n'}; 1665 char hdlen[20]; 1666 struct fsg_lun *curlun; 1667 1668 hdlen[0] = 0; 1669 if (common->data_dir != DATA_DIR_UNKNOWN) 1670 sprintf(hdlen, ", H%c=%u", dirletter[(int) common->data_dir], 1671 common->data_size); 1672 VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n", 1673 name, cmnd_size, dirletter[(int) data_dir], 1674 common->data_size_from_cmnd, common->cmnd_size, hdlen); 1675 1676 /* 1677 * We can't reply at all until we know the correct data direction 1678 * and size. 1679 */ 1680 if (common->data_size_from_cmnd == 0) 1681 data_dir = DATA_DIR_NONE; 1682 if (common->data_size < common->data_size_from_cmnd) { 1683 /* 1684 * Host data size < Device data size is a phase error. 1685 * Carry out the command, but only transfer as much as 1686 * we are allowed. 1687 */ 1688 common->data_size_from_cmnd = common->data_size; 1689 common->phase_error = 1; 1690 } 1691 common->residue = common->data_size; 1692 common->usb_amount_left = common->data_size; 1693 1694 /* Conflicting data directions is a phase error */ 1695 if (common->data_dir != data_dir && common->data_size_from_cmnd > 0) { 1696 common->phase_error = 1; 1697 return -EINVAL; 1698 } 1699 1700 /* Verify the length of the command itself */ 1701 if (cmnd_size != common->cmnd_size) { 1702 1703 /* 1704 * Special case workaround: There are plenty of buggy SCSI 1705 * implementations. Many have issues with cbw->Length 1706 * field passing a wrong command size. For those cases we 1707 * always try to work around the problem by using the length 1708 * sent by the host side provided it is at least as large 1709 * as the correct command length. 1710 * Examples of such cases would be MS-Windows, which issues 1711 * REQUEST SENSE with cbw->Length == 12 where it should 1712 * be 6, and xbox360 issuing INQUIRY, TEST UNIT READY and 1713 * REQUEST SENSE with cbw->Length == 10 where it should 1714 * be 6 as well. 1715 */ 1716 if (cmnd_size <= common->cmnd_size) { 1717 DBG(common, "%s is buggy! Expected length %d " 1718 "but we got %d\n", name, 1719 cmnd_size, common->cmnd_size); 1720 cmnd_size = common->cmnd_size; 1721 } else { 1722 common->phase_error = 1; 1723 return -EINVAL; 1724 } 1725 } 1726 1727 /* Check that the LUN values are consistent */ 1728 if (common->lun != lun) 1729 DBG(common, "using LUN %u from CBW, not LUN %u from CDB\n", 1730 common->lun, lun); 1731 1732 /* Check the LUN */ 1733 curlun = common->curlun; 1734 if (curlun) { 1735 if (common->cmnd[0] != REQUEST_SENSE) { 1736 curlun->sense_data = SS_NO_SENSE; 1737 curlun->sense_data_info = 0; 1738 curlun->info_valid = 0; 1739 } 1740 } else { 1741 common->bad_lun_okay = 0; 1742 1743 /* 1744 * INQUIRY and REQUEST SENSE commands are explicitly allowed 1745 * to use unsupported LUNs; all others may not. 1746 */ 1747 if (common->cmnd[0] != INQUIRY && 1748 common->cmnd[0] != REQUEST_SENSE) { 1749 DBG(common, "unsupported LUN %u\n", common->lun); 1750 return -EINVAL; 1751 } 1752 } 1753 1754 /* 1755 * If a unit attention condition exists, only INQUIRY and 1756 * REQUEST SENSE commands are allowed; anything else must fail. 1757 */ 1758 if (curlun && curlun->unit_attention_data != SS_NO_SENSE && 1759 common->cmnd[0] != INQUIRY && 1760 common->cmnd[0] != REQUEST_SENSE) { 1761 curlun->sense_data = curlun->unit_attention_data; 1762 curlun->unit_attention_data = SS_NO_SENSE; 1763 return -EINVAL; 1764 } 1765 1766 /* Check that only command bytes listed in the mask are non-zero */ 1767 common->cmnd[1] &= 0x1f; /* Mask away the LUN */ 1768 for (i = 1; i < cmnd_size; ++i) { 1769 if (common->cmnd[i] && !(mask & (1 << i))) { 1770 if (curlun) 1771 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1772 return -EINVAL; 1773 } 1774 } 1775 1776 /* If the medium isn't mounted and the command needs to access 1777 * it, return an error. */ 1778 if (curlun && !fsg_lun_is_open(curlun) && needs_medium) { 1779 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1780 return -EINVAL; 1781 } 1782 1783 return 0; 1784 } 1785 1786 /* wrapper of check_command for data size in blocks handling */ 1787 static int check_command_size_in_blocks(struct fsg_common *common, 1788 int cmnd_size, enum data_direction data_dir, 1789 unsigned int mask, int needs_medium, const char *name) 1790 { 1791 if (common->curlun) 1792 common->data_size_from_cmnd <<= common->curlun->blkbits; 1793 return check_command(common, cmnd_size, data_dir, 1794 mask, needs_medium, name); 1795 } 1796 1797 static int do_scsi_command(struct fsg_common *common) 1798 { 1799 struct fsg_buffhd *bh; 1800 int rc; 1801 int reply = -EINVAL; 1802 int i; 1803 static char unknown[16]; 1804 1805 dump_cdb(common); 1806 1807 /* Wait for the next buffer to become available for data or status */ 1808 bh = common->next_buffhd_to_fill; 1809 common->next_buffhd_to_drain = bh; 1810 rc = sleep_thread(common, false, bh); 1811 if (rc) 1812 return rc; 1813 1814 common->phase_error = 0; 1815 common->short_packet_received = 0; 1816 1817 down_read(&common->filesem); /* We're using the backing file */ 1818 switch (common->cmnd[0]) { 1819 1820 case INQUIRY: 1821 common->data_size_from_cmnd = common->cmnd[4]; 1822 reply = check_command(common, 6, DATA_DIR_TO_HOST, 1823 (1<<4), 0, 1824 "INQUIRY"); 1825 if (reply == 0) 1826 reply = do_inquiry(common, bh); 1827 break; 1828 1829 case MODE_SELECT: 1830 common->data_size_from_cmnd = common->cmnd[4]; 1831 reply = check_command(common, 6, DATA_DIR_FROM_HOST, 1832 (1<<1) | (1<<4), 0, 1833 "MODE SELECT(6)"); 1834 if (reply == 0) 1835 reply = do_mode_select(common, bh); 1836 break; 1837 1838 case MODE_SELECT_10: 1839 common->data_size_from_cmnd = 1840 get_unaligned_be16(&common->cmnd[7]); 1841 reply = check_command(common, 10, DATA_DIR_FROM_HOST, 1842 (1<<1) | (3<<7), 0, 1843 "MODE SELECT(10)"); 1844 if (reply == 0) 1845 reply = do_mode_select(common, bh); 1846 break; 1847 1848 case MODE_SENSE: 1849 common->data_size_from_cmnd = common->cmnd[4]; 1850 reply = check_command(common, 6, DATA_DIR_TO_HOST, 1851 (1<<1) | (1<<2) | (1<<4), 0, 1852 "MODE SENSE(6)"); 1853 if (reply == 0) 1854 reply = do_mode_sense(common, bh); 1855 break; 1856 1857 case MODE_SENSE_10: 1858 common->data_size_from_cmnd = 1859 get_unaligned_be16(&common->cmnd[7]); 1860 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1861 (1<<1) | (1<<2) | (3<<7), 0, 1862 "MODE SENSE(10)"); 1863 if (reply == 0) 1864 reply = do_mode_sense(common, bh); 1865 break; 1866 1867 case ALLOW_MEDIUM_REMOVAL: 1868 common->data_size_from_cmnd = 0; 1869 reply = check_command(common, 6, DATA_DIR_NONE, 1870 (1<<4), 0, 1871 "PREVENT-ALLOW MEDIUM REMOVAL"); 1872 if (reply == 0) 1873 reply = do_prevent_allow(common); 1874 break; 1875 1876 case READ_6: 1877 i = common->cmnd[4]; 1878 common->data_size_from_cmnd = (i == 0) ? 256 : i; 1879 reply = check_command_size_in_blocks(common, 6, 1880 DATA_DIR_TO_HOST, 1881 (7<<1) | (1<<4), 1, 1882 "READ(6)"); 1883 if (reply == 0) 1884 reply = do_read(common); 1885 break; 1886 1887 case READ_10: 1888 common->data_size_from_cmnd = 1889 get_unaligned_be16(&common->cmnd[7]); 1890 reply = check_command_size_in_blocks(common, 10, 1891 DATA_DIR_TO_HOST, 1892 (1<<1) | (0xf<<2) | (3<<7), 1, 1893 "READ(10)"); 1894 if (reply == 0) 1895 reply = do_read(common); 1896 break; 1897 1898 case READ_12: 1899 common->data_size_from_cmnd = 1900 get_unaligned_be32(&common->cmnd[6]); 1901 reply = check_command_size_in_blocks(common, 12, 1902 DATA_DIR_TO_HOST, 1903 (1<<1) | (0xf<<2) | (0xf<<6), 1, 1904 "READ(12)"); 1905 if (reply == 0) 1906 reply = do_read(common); 1907 break; 1908 1909 case READ_16: 1910 common->data_size_from_cmnd = 1911 get_unaligned_be32(&common->cmnd[10]); 1912 reply = check_command_size_in_blocks(common, 16, 1913 DATA_DIR_TO_HOST, 1914 (1<<1) | (0xff<<2) | (0xf<<10), 1, 1915 "READ(16)"); 1916 if (reply == 0) 1917 reply = do_read(common); 1918 break; 1919 1920 case READ_CAPACITY: 1921 common->data_size_from_cmnd = 8; 1922 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1923 (0xf<<2) | (1<<8), 1, 1924 "READ CAPACITY"); 1925 if (reply == 0) 1926 reply = do_read_capacity(common, bh); 1927 break; 1928 1929 case READ_HEADER: 1930 if (!common->curlun || !common->curlun->cdrom) 1931 goto unknown_cmnd; 1932 common->data_size_from_cmnd = 1933 get_unaligned_be16(&common->cmnd[7]); 1934 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1935 (3<<7) | (0x1f<<1), 1, 1936 "READ HEADER"); 1937 if (reply == 0) 1938 reply = do_read_header(common, bh); 1939 break; 1940 1941 case READ_TOC: 1942 if (!common->curlun || !common->curlun->cdrom) 1943 goto unknown_cmnd; 1944 common->data_size_from_cmnd = 1945 get_unaligned_be16(&common->cmnd[7]); 1946 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1947 (7<<6) | (1<<1), 1, 1948 "READ TOC"); 1949 if (reply == 0) 1950 reply = do_read_toc(common, bh); 1951 break; 1952 1953 case READ_FORMAT_CAPACITIES: 1954 common->data_size_from_cmnd = 1955 get_unaligned_be16(&common->cmnd[7]); 1956 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1957 (3<<7), 1, 1958 "READ FORMAT CAPACITIES"); 1959 if (reply == 0) 1960 reply = do_read_format_capacities(common, bh); 1961 break; 1962 1963 case REQUEST_SENSE: 1964 common->data_size_from_cmnd = common->cmnd[4]; 1965 reply = check_command(common, 6, DATA_DIR_TO_HOST, 1966 (1<<4), 0, 1967 "REQUEST SENSE"); 1968 if (reply == 0) 1969 reply = do_request_sense(common, bh); 1970 break; 1971 1972 case SERVICE_ACTION_IN_16: 1973 switch (common->cmnd[1] & 0x1f) { 1974 1975 case SAI_READ_CAPACITY_16: 1976 common->data_size_from_cmnd = 1977 get_unaligned_be32(&common->cmnd[10]); 1978 reply = check_command(common, 16, DATA_DIR_TO_HOST, 1979 (1<<1) | (0xff<<2) | (0xf<<10) | 1980 (1<<14), 1, 1981 "READ CAPACITY(16)"); 1982 if (reply == 0) 1983 reply = do_read_capacity_16(common, bh); 1984 break; 1985 1986 default: 1987 goto unknown_cmnd; 1988 } 1989 break; 1990 1991 case START_STOP: 1992 common->data_size_from_cmnd = 0; 1993 reply = check_command(common, 6, DATA_DIR_NONE, 1994 (1<<1) | (1<<4), 0, 1995 "START-STOP UNIT"); 1996 if (reply == 0) 1997 reply = do_start_stop(common); 1998 break; 1999 2000 case SYNCHRONIZE_CACHE: 2001 common->data_size_from_cmnd = 0; 2002 reply = check_command(common, 10, DATA_DIR_NONE, 2003 (0xf<<2) | (3<<7), 1, 2004 "SYNCHRONIZE CACHE"); 2005 if (reply == 0) 2006 reply = do_synchronize_cache(common); 2007 break; 2008 2009 case TEST_UNIT_READY: 2010 common->data_size_from_cmnd = 0; 2011 reply = check_command(common, 6, DATA_DIR_NONE, 2012 0, 1, 2013 "TEST UNIT READY"); 2014 break; 2015 2016 /* 2017 * Although optional, this command is used by MS-Windows. We 2018 * support a minimal version: BytChk must be 0. 2019 */ 2020 case VERIFY: 2021 common->data_size_from_cmnd = 0; 2022 reply = check_command(common, 10, DATA_DIR_NONE, 2023 (1<<1) | (0xf<<2) | (3<<7), 1, 2024 "VERIFY"); 2025 if (reply == 0) 2026 reply = do_verify(common); 2027 break; 2028 2029 case WRITE_6: 2030 i = common->cmnd[4]; 2031 common->data_size_from_cmnd = (i == 0) ? 256 : i; 2032 reply = check_command_size_in_blocks(common, 6, 2033 DATA_DIR_FROM_HOST, 2034 (7<<1) | (1<<4), 1, 2035 "WRITE(6)"); 2036 if (reply == 0) 2037 reply = do_write(common); 2038 break; 2039 2040 case WRITE_10: 2041 common->data_size_from_cmnd = 2042 get_unaligned_be16(&common->cmnd[7]); 2043 reply = check_command_size_in_blocks(common, 10, 2044 DATA_DIR_FROM_HOST, 2045 (1<<1) | (0xf<<2) | (3<<7), 1, 2046 "WRITE(10)"); 2047 if (reply == 0) 2048 reply = do_write(common); 2049 break; 2050 2051 case WRITE_12: 2052 common->data_size_from_cmnd = 2053 get_unaligned_be32(&common->cmnd[6]); 2054 reply = check_command_size_in_blocks(common, 12, 2055 DATA_DIR_FROM_HOST, 2056 (1<<1) | (0xf<<2) | (0xf<<6), 1, 2057 "WRITE(12)"); 2058 if (reply == 0) 2059 reply = do_write(common); 2060 break; 2061 2062 case WRITE_16: 2063 common->data_size_from_cmnd = 2064 get_unaligned_be32(&common->cmnd[10]); 2065 reply = check_command_size_in_blocks(common, 16, 2066 DATA_DIR_FROM_HOST, 2067 (1<<1) | (0xff<<2) | (0xf<<10), 1, 2068 "WRITE(16)"); 2069 if (reply == 0) 2070 reply = do_write(common); 2071 break; 2072 2073 /* 2074 * Some mandatory commands that we recognize but don't implement. 2075 * They don't mean much in this setting. It's left as an exercise 2076 * for anyone interested to implement RESERVE and RELEASE in terms 2077 * of Posix locks. 2078 */ 2079 case FORMAT_UNIT: 2080 case RELEASE: 2081 case RESERVE: 2082 case SEND_DIAGNOSTIC: 2083 2084 default: 2085 unknown_cmnd: 2086 common->data_size_from_cmnd = 0; 2087 sprintf(unknown, "Unknown x%02x", common->cmnd[0]); 2088 reply = check_command(common, common->cmnd_size, 2089 DATA_DIR_UNKNOWN, ~0, 0, unknown); 2090 if (reply == 0) { 2091 common->curlun->sense_data = SS_INVALID_COMMAND; 2092 reply = -EINVAL; 2093 } 2094 break; 2095 } 2096 up_read(&common->filesem); 2097 2098 if (reply == -EINTR || signal_pending(current)) 2099 return -EINTR; 2100 2101 /* Set up the single reply buffer for finish_reply() */ 2102 if (reply == -EINVAL) 2103 reply = 0; /* Error reply length */ 2104 if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) { 2105 reply = min((u32)reply, common->data_size_from_cmnd); 2106 bh->inreq->length = reply; 2107 bh->state = BUF_STATE_FULL; 2108 common->residue -= reply; 2109 } /* Otherwise it's already set */ 2110 2111 return 0; 2112 } 2113 2114 2115 /*-------------------------------------------------------------------------*/ 2116 2117 static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2118 { 2119 struct usb_request *req = bh->outreq; 2120 struct bulk_cb_wrap *cbw = req->buf; 2121 struct fsg_common *common = fsg->common; 2122 2123 /* Was this a real packet? Should it be ignored? */ 2124 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags)) 2125 return -EINVAL; 2126 2127 /* Is the CBW valid? */ 2128 if (req->actual != US_BULK_CB_WRAP_LEN || 2129 cbw->Signature != cpu_to_le32( 2130 US_BULK_CB_SIGN)) { 2131 DBG(fsg, "invalid CBW: len %u sig 0x%x\n", 2132 req->actual, 2133 le32_to_cpu(cbw->Signature)); 2134 2135 /* 2136 * The Bulk-only spec says we MUST stall the IN endpoint 2137 * (6.6.1), so it's unavoidable. It also says we must 2138 * retain this state until the next reset, but there's 2139 * no way to tell the controller driver it should ignore 2140 * Clear-Feature(HALT) requests. 2141 * 2142 * We aren't required to halt the OUT endpoint; instead 2143 * we can simply accept and discard any data received 2144 * until the next reset. 2145 */ 2146 wedge_bulk_in_endpoint(fsg); 2147 set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags); 2148 return -EINVAL; 2149 } 2150 2151 /* Is the CBW meaningful? */ 2152 if (cbw->Lun >= ARRAY_SIZE(common->luns) || 2153 cbw->Flags & ~US_BULK_FLAG_IN || cbw->Length <= 0 || 2154 cbw->Length > MAX_COMMAND_SIZE) { 2155 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, " 2156 "cmdlen %u\n", 2157 cbw->Lun, cbw->Flags, cbw->Length); 2158 2159 /* 2160 * We can do anything we want here, so let's stall the 2161 * bulk pipes if we are allowed to. 2162 */ 2163 if (common->can_stall) { 2164 fsg_set_halt(fsg, fsg->bulk_out); 2165 halt_bulk_in_endpoint(fsg); 2166 } 2167 return -EINVAL; 2168 } 2169 2170 /* Save the command for later */ 2171 common->cmnd_size = cbw->Length; 2172 memcpy(common->cmnd, cbw->CDB, common->cmnd_size); 2173 if (cbw->Flags & US_BULK_FLAG_IN) 2174 common->data_dir = DATA_DIR_TO_HOST; 2175 else 2176 common->data_dir = DATA_DIR_FROM_HOST; 2177 common->data_size = le32_to_cpu(cbw->DataTransferLength); 2178 if (common->data_size == 0) 2179 common->data_dir = DATA_DIR_NONE; 2180 common->lun = cbw->Lun; 2181 if (common->lun < ARRAY_SIZE(common->luns)) 2182 common->curlun = common->luns[common->lun]; 2183 else 2184 common->curlun = NULL; 2185 common->tag = cbw->Tag; 2186 return 0; 2187 } 2188 2189 static int get_next_command(struct fsg_common *common) 2190 { 2191 struct fsg_buffhd *bh; 2192 int rc = 0; 2193 2194 /* Wait for the next buffer to become available */ 2195 bh = common->next_buffhd_to_fill; 2196 rc = sleep_thread(common, true, bh); 2197 if (rc) 2198 return rc; 2199 2200 /* Queue a request to read a Bulk-only CBW */ 2201 set_bulk_out_req_length(common, bh, US_BULK_CB_WRAP_LEN); 2202 if (!start_out_transfer(common, bh)) 2203 /* Don't know what to do if common->fsg is NULL */ 2204 return -EIO; 2205 2206 /* 2207 * We will drain the buffer in software, which means we 2208 * can reuse it for the next filling. No need to advance 2209 * next_buffhd_to_fill. 2210 */ 2211 2212 /* Wait for the CBW to arrive */ 2213 rc = sleep_thread(common, true, bh); 2214 if (rc) 2215 return rc; 2216 2217 rc = fsg_is_set(common) ? received_cbw(common->fsg, bh) : -EIO; 2218 bh->state = BUF_STATE_EMPTY; 2219 2220 return rc; 2221 } 2222 2223 2224 /*-------------------------------------------------------------------------*/ 2225 2226 static int alloc_request(struct fsg_common *common, struct usb_ep *ep, 2227 struct usb_request **preq) 2228 { 2229 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC); 2230 if (*preq) 2231 return 0; 2232 ERROR(common, "can't allocate request for %s\n", ep->name); 2233 return -ENOMEM; 2234 } 2235 2236 /* Reset interface setting and re-init endpoint state (toggle etc). */ 2237 static int do_set_interface(struct fsg_common *common, struct fsg_dev *new_fsg) 2238 { 2239 struct fsg_dev *fsg; 2240 int i, rc = 0; 2241 2242 if (common->running) 2243 DBG(common, "reset interface\n"); 2244 2245 reset: 2246 /* Deallocate the requests */ 2247 if (common->fsg) { 2248 fsg = common->fsg; 2249 2250 for (i = 0; i < common->fsg_num_buffers; ++i) { 2251 struct fsg_buffhd *bh = &common->buffhds[i]; 2252 2253 if (bh->inreq) { 2254 usb_ep_free_request(fsg->bulk_in, bh->inreq); 2255 bh->inreq = NULL; 2256 } 2257 if (bh->outreq) { 2258 usb_ep_free_request(fsg->bulk_out, bh->outreq); 2259 bh->outreq = NULL; 2260 } 2261 } 2262 2263 /* Disable the endpoints */ 2264 if (fsg->bulk_in_enabled) { 2265 usb_ep_disable(fsg->bulk_in); 2266 fsg->bulk_in_enabled = 0; 2267 } 2268 if (fsg->bulk_out_enabled) { 2269 usb_ep_disable(fsg->bulk_out); 2270 fsg->bulk_out_enabled = 0; 2271 } 2272 2273 common->fsg = NULL; 2274 wake_up(&common->fsg_wait); 2275 } 2276 2277 common->running = 0; 2278 if (!new_fsg || rc) 2279 return rc; 2280 2281 common->fsg = new_fsg; 2282 fsg = common->fsg; 2283 2284 /* Enable the endpoints */ 2285 rc = config_ep_by_speed(common->gadget, &(fsg->function), fsg->bulk_in); 2286 if (rc) 2287 goto reset; 2288 rc = usb_ep_enable(fsg->bulk_in); 2289 if (rc) 2290 goto reset; 2291 fsg->bulk_in->driver_data = common; 2292 fsg->bulk_in_enabled = 1; 2293 2294 rc = config_ep_by_speed(common->gadget, &(fsg->function), 2295 fsg->bulk_out); 2296 if (rc) 2297 goto reset; 2298 rc = usb_ep_enable(fsg->bulk_out); 2299 if (rc) 2300 goto reset; 2301 fsg->bulk_out->driver_data = common; 2302 fsg->bulk_out_enabled = 1; 2303 common->bulk_out_maxpacket = usb_endpoint_maxp(fsg->bulk_out->desc); 2304 clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags); 2305 2306 /* Allocate the requests */ 2307 for (i = 0; i < common->fsg_num_buffers; ++i) { 2308 struct fsg_buffhd *bh = &common->buffhds[i]; 2309 2310 rc = alloc_request(common, fsg->bulk_in, &bh->inreq); 2311 if (rc) 2312 goto reset; 2313 rc = alloc_request(common, fsg->bulk_out, &bh->outreq); 2314 if (rc) 2315 goto reset; 2316 bh->inreq->buf = bh->outreq->buf = bh->buf; 2317 bh->inreq->context = bh->outreq->context = bh; 2318 bh->inreq->complete = bulk_in_complete; 2319 bh->outreq->complete = bulk_out_complete; 2320 } 2321 2322 common->running = 1; 2323 for (i = 0; i < ARRAY_SIZE(common->luns); ++i) 2324 if (common->luns[i]) 2325 common->luns[i]->unit_attention_data = 2326 SS_RESET_OCCURRED; 2327 return rc; 2328 } 2329 2330 2331 /****************************** ALT CONFIGS ******************************/ 2332 2333 static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 2334 { 2335 struct fsg_dev *fsg = fsg_from_func(f); 2336 2337 __raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, fsg); 2338 return USB_GADGET_DELAYED_STATUS; 2339 } 2340 2341 static void fsg_disable(struct usb_function *f) 2342 { 2343 struct fsg_dev *fsg = fsg_from_func(f); 2344 2345 /* Disable the endpoints */ 2346 if (fsg->bulk_in_enabled) { 2347 usb_ep_disable(fsg->bulk_in); 2348 fsg->bulk_in_enabled = 0; 2349 } 2350 if (fsg->bulk_out_enabled) { 2351 usb_ep_disable(fsg->bulk_out); 2352 fsg->bulk_out_enabled = 0; 2353 } 2354 2355 __raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, NULL); 2356 } 2357 2358 2359 /*-------------------------------------------------------------------------*/ 2360 2361 static void handle_exception(struct fsg_common *common) 2362 { 2363 int i; 2364 struct fsg_buffhd *bh; 2365 enum fsg_state old_state; 2366 struct fsg_lun *curlun; 2367 unsigned int exception_req_tag; 2368 struct fsg_dev *new_fsg; 2369 2370 /* 2371 * Clear the existing signals. Anything but SIGUSR1 is converted 2372 * into a high-priority EXIT exception. 2373 */ 2374 for (;;) { 2375 int sig = kernel_dequeue_signal(); 2376 if (!sig) 2377 break; 2378 if (sig != SIGUSR1) { 2379 spin_lock_irq(&common->lock); 2380 if (common->state < FSG_STATE_EXIT) 2381 DBG(common, "Main thread exiting on signal\n"); 2382 common->state = FSG_STATE_EXIT; 2383 spin_unlock_irq(&common->lock); 2384 } 2385 } 2386 2387 /* Cancel all the pending transfers */ 2388 if (likely(common->fsg)) { 2389 for (i = 0; i < common->fsg_num_buffers; ++i) { 2390 bh = &common->buffhds[i]; 2391 if (bh->state == BUF_STATE_SENDING) 2392 usb_ep_dequeue(common->fsg->bulk_in, bh->inreq); 2393 if (bh->state == BUF_STATE_RECEIVING) 2394 usb_ep_dequeue(common->fsg->bulk_out, 2395 bh->outreq); 2396 2397 /* Wait for a transfer to become idle */ 2398 if (sleep_thread(common, false, bh)) 2399 return; 2400 } 2401 2402 /* Clear out the controller's fifos */ 2403 if (common->fsg->bulk_in_enabled) 2404 usb_ep_fifo_flush(common->fsg->bulk_in); 2405 if (common->fsg->bulk_out_enabled) 2406 usb_ep_fifo_flush(common->fsg->bulk_out); 2407 } 2408 2409 /* 2410 * Reset the I/O buffer states and pointers, the SCSI 2411 * state, and the exception. Then invoke the handler. 2412 */ 2413 spin_lock_irq(&common->lock); 2414 2415 for (i = 0; i < common->fsg_num_buffers; ++i) { 2416 bh = &common->buffhds[i]; 2417 bh->state = BUF_STATE_EMPTY; 2418 } 2419 common->next_buffhd_to_fill = &common->buffhds[0]; 2420 common->next_buffhd_to_drain = &common->buffhds[0]; 2421 exception_req_tag = common->exception_req_tag; 2422 new_fsg = common->exception_arg; 2423 old_state = common->state; 2424 common->state = FSG_STATE_NORMAL; 2425 2426 if (old_state != FSG_STATE_ABORT_BULK_OUT) { 2427 for (i = 0; i < ARRAY_SIZE(common->luns); ++i) { 2428 curlun = common->luns[i]; 2429 if (!curlun) 2430 continue; 2431 curlun->prevent_medium_removal = 0; 2432 curlun->sense_data = SS_NO_SENSE; 2433 curlun->unit_attention_data = SS_NO_SENSE; 2434 curlun->sense_data_info = 0; 2435 curlun->info_valid = 0; 2436 } 2437 } 2438 spin_unlock_irq(&common->lock); 2439 2440 /* Carry out any extra actions required for the exception */ 2441 switch (old_state) { 2442 case FSG_STATE_NORMAL: 2443 break; 2444 2445 case FSG_STATE_ABORT_BULK_OUT: 2446 send_status(common); 2447 break; 2448 2449 case FSG_STATE_PROTOCOL_RESET: 2450 /* 2451 * In case we were forced against our will to halt a 2452 * bulk endpoint, clear the halt now. (The SuperH UDC 2453 * requires this.) 2454 */ 2455 if (!fsg_is_set(common)) 2456 break; 2457 if (test_and_clear_bit(IGNORE_BULK_OUT, 2458 &common->fsg->atomic_bitflags)) 2459 usb_ep_clear_halt(common->fsg->bulk_in); 2460 2461 if (common->ep0_req_tag == exception_req_tag) 2462 ep0_queue(common); /* Complete the status stage */ 2463 2464 /* 2465 * Technically this should go here, but it would only be 2466 * a waste of time. Ditto for the INTERFACE_CHANGE and 2467 * CONFIG_CHANGE cases. 2468 */ 2469 /* for (i = 0; i < common->ARRAY_SIZE(common->luns); ++i) */ 2470 /* if (common->luns[i]) */ 2471 /* common->luns[i]->unit_attention_data = */ 2472 /* SS_RESET_OCCURRED; */ 2473 break; 2474 2475 case FSG_STATE_CONFIG_CHANGE: 2476 do_set_interface(common, new_fsg); 2477 if (new_fsg) 2478 usb_composite_setup_continue(common->cdev); 2479 break; 2480 2481 case FSG_STATE_EXIT: 2482 do_set_interface(common, NULL); /* Free resources */ 2483 spin_lock_irq(&common->lock); 2484 common->state = FSG_STATE_TERMINATED; /* Stop the thread */ 2485 spin_unlock_irq(&common->lock); 2486 break; 2487 2488 case FSG_STATE_TERMINATED: 2489 break; 2490 } 2491 } 2492 2493 2494 /*-------------------------------------------------------------------------*/ 2495 2496 static int fsg_main_thread(void *common_) 2497 { 2498 struct fsg_common *common = common_; 2499 int i; 2500 2501 /* 2502 * Allow the thread to be killed by a signal, but set the signal mask 2503 * to block everything but INT, TERM, KILL, and USR1. 2504 */ 2505 allow_signal(SIGINT); 2506 allow_signal(SIGTERM); 2507 allow_signal(SIGKILL); 2508 allow_signal(SIGUSR1); 2509 2510 /* Allow the thread to be frozen */ 2511 set_freezable(); 2512 2513 /* The main loop */ 2514 while (common->state != FSG_STATE_TERMINATED) { 2515 if (exception_in_progress(common) || signal_pending(current)) { 2516 handle_exception(common); 2517 continue; 2518 } 2519 2520 if (!common->running) { 2521 sleep_thread(common, true, NULL); 2522 continue; 2523 } 2524 2525 if (get_next_command(common) || exception_in_progress(common)) 2526 continue; 2527 if (do_scsi_command(common) || exception_in_progress(common)) 2528 continue; 2529 if (finish_reply(common) || exception_in_progress(common)) 2530 continue; 2531 send_status(common); 2532 } 2533 2534 spin_lock_irq(&common->lock); 2535 common->thread_task = NULL; 2536 spin_unlock_irq(&common->lock); 2537 2538 /* Eject media from all LUNs */ 2539 2540 down_write(&common->filesem); 2541 for (i = 0; i < ARRAY_SIZE(common->luns); i++) { 2542 struct fsg_lun *curlun = common->luns[i]; 2543 2544 if (curlun && fsg_lun_is_open(curlun)) 2545 fsg_lun_close(curlun); 2546 } 2547 up_write(&common->filesem); 2548 2549 /* Let fsg_unbind() know the thread has exited */ 2550 kthread_complete_and_exit(&common->thread_notifier, 0); 2551 } 2552 2553 2554 /*************************** DEVICE ATTRIBUTES ***************************/ 2555 2556 static ssize_t ro_show(struct device *dev, struct device_attribute *attr, char *buf) 2557 { 2558 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2559 2560 return fsg_show_ro(curlun, buf); 2561 } 2562 2563 static ssize_t nofua_show(struct device *dev, struct device_attribute *attr, 2564 char *buf) 2565 { 2566 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2567 2568 return fsg_show_nofua(curlun, buf); 2569 } 2570 2571 static ssize_t file_show(struct device *dev, struct device_attribute *attr, 2572 char *buf) 2573 { 2574 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2575 struct rw_semaphore *filesem = dev_get_drvdata(dev); 2576 2577 return fsg_show_file(curlun, filesem, buf); 2578 } 2579 2580 static ssize_t ro_store(struct device *dev, struct device_attribute *attr, 2581 const char *buf, size_t count) 2582 { 2583 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2584 struct rw_semaphore *filesem = dev_get_drvdata(dev); 2585 2586 return fsg_store_ro(curlun, filesem, buf, count); 2587 } 2588 2589 static ssize_t nofua_store(struct device *dev, struct device_attribute *attr, 2590 const char *buf, size_t count) 2591 { 2592 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2593 2594 return fsg_store_nofua(curlun, buf, count); 2595 } 2596 2597 static ssize_t file_store(struct device *dev, struct device_attribute *attr, 2598 const char *buf, size_t count) 2599 { 2600 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2601 struct rw_semaphore *filesem = dev_get_drvdata(dev); 2602 2603 return fsg_store_file(curlun, filesem, buf, count); 2604 } 2605 2606 static DEVICE_ATTR_RW(nofua); 2607 /* mode wil be set in fsg_lun_attr_is_visible() */ 2608 static DEVICE_ATTR(ro, 0, ro_show, ro_store); 2609 static DEVICE_ATTR(file, 0, file_show, file_store); 2610 2611 /****************************** FSG COMMON ******************************/ 2612 2613 static void fsg_lun_release(struct device *dev) 2614 { 2615 /* Nothing needs to be done */ 2616 } 2617 2618 static struct fsg_common *fsg_common_setup(struct fsg_common *common) 2619 { 2620 if (!common) { 2621 common = kzalloc(sizeof(*common), GFP_KERNEL); 2622 if (!common) 2623 return ERR_PTR(-ENOMEM); 2624 common->free_storage_on_release = 1; 2625 } else { 2626 common->free_storage_on_release = 0; 2627 } 2628 init_rwsem(&common->filesem); 2629 spin_lock_init(&common->lock); 2630 init_completion(&common->thread_notifier); 2631 init_waitqueue_head(&common->io_wait); 2632 init_waitqueue_head(&common->fsg_wait); 2633 common->state = FSG_STATE_TERMINATED; 2634 memset(common->luns, 0, sizeof(common->luns)); 2635 2636 return common; 2637 } 2638 2639 void fsg_common_set_sysfs(struct fsg_common *common, bool sysfs) 2640 { 2641 common->sysfs = sysfs; 2642 } 2643 EXPORT_SYMBOL_GPL(fsg_common_set_sysfs); 2644 2645 static void _fsg_common_free_buffers(struct fsg_buffhd *buffhds, unsigned n) 2646 { 2647 if (buffhds) { 2648 struct fsg_buffhd *bh = buffhds; 2649 while (n--) { 2650 kfree(bh->buf); 2651 ++bh; 2652 } 2653 kfree(buffhds); 2654 } 2655 } 2656 2657 int fsg_common_set_num_buffers(struct fsg_common *common, unsigned int n) 2658 { 2659 struct fsg_buffhd *bh, *buffhds; 2660 int i; 2661 2662 buffhds = kcalloc(n, sizeof(*buffhds), GFP_KERNEL); 2663 if (!buffhds) 2664 return -ENOMEM; 2665 2666 /* Data buffers cyclic list */ 2667 bh = buffhds; 2668 i = n; 2669 goto buffhds_first_it; 2670 do { 2671 bh->next = bh + 1; 2672 ++bh; 2673 buffhds_first_it: 2674 bh->buf = kmalloc(FSG_BUFLEN, GFP_KERNEL); 2675 if (unlikely(!bh->buf)) 2676 goto error_release; 2677 } while (--i); 2678 bh->next = buffhds; 2679 2680 _fsg_common_free_buffers(common->buffhds, common->fsg_num_buffers); 2681 common->fsg_num_buffers = n; 2682 common->buffhds = buffhds; 2683 2684 return 0; 2685 2686 error_release: 2687 /* 2688 * "buf"s pointed to by heads after n - i are NULL 2689 * so releasing them won't hurt 2690 */ 2691 _fsg_common_free_buffers(buffhds, n); 2692 2693 return -ENOMEM; 2694 } 2695 EXPORT_SYMBOL_GPL(fsg_common_set_num_buffers); 2696 2697 void fsg_common_remove_lun(struct fsg_lun *lun) 2698 { 2699 if (device_is_registered(&lun->dev)) 2700 device_unregister(&lun->dev); 2701 fsg_lun_close(lun); 2702 kfree(lun); 2703 } 2704 EXPORT_SYMBOL_GPL(fsg_common_remove_lun); 2705 2706 static void _fsg_common_remove_luns(struct fsg_common *common, int n) 2707 { 2708 int i; 2709 2710 for (i = 0; i < n; ++i) 2711 if (common->luns[i]) { 2712 fsg_common_remove_lun(common->luns[i]); 2713 common->luns[i] = NULL; 2714 } 2715 } 2716 2717 void fsg_common_remove_luns(struct fsg_common *common) 2718 { 2719 _fsg_common_remove_luns(common, ARRAY_SIZE(common->luns)); 2720 } 2721 EXPORT_SYMBOL_GPL(fsg_common_remove_luns); 2722 2723 void fsg_common_free_buffers(struct fsg_common *common) 2724 { 2725 _fsg_common_free_buffers(common->buffhds, common->fsg_num_buffers); 2726 common->buffhds = NULL; 2727 } 2728 EXPORT_SYMBOL_GPL(fsg_common_free_buffers); 2729 2730 int fsg_common_set_cdev(struct fsg_common *common, 2731 struct usb_composite_dev *cdev, bool can_stall) 2732 { 2733 struct usb_string *us; 2734 2735 common->gadget = cdev->gadget; 2736 common->ep0 = cdev->gadget->ep0; 2737 common->ep0req = cdev->req; 2738 common->cdev = cdev; 2739 2740 us = usb_gstrings_attach(cdev, fsg_strings_array, 2741 ARRAY_SIZE(fsg_strings)); 2742 if (IS_ERR(us)) 2743 return PTR_ERR(us); 2744 2745 fsg_intf_desc.iInterface = us[FSG_STRING_INTERFACE].id; 2746 2747 /* 2748 * Some peripheral controllers are known not to be able to 2749 * halt bulk endpoints correctly. If one of them is present, 2750 * disable stalls. 2751 */ 2752 common->can_stall = can_stall && 2753 gadget_is_stall_supported(common->gadget); 2754 2755 return 0; 2756 } 2757 EXPORT_SYMBOL_GPL(fsg_common_set_cdev); 2758 2759 static struct attribute *fsg_lun_dev_attrs[] = { 2760 &dev_attr_ro.attr, 2761 &dev_attr_file.attr, 2762 &dev_attr_nofua.attr, 2763 NULL 2764 }; 2765 2766 static umode_t fsg_lun_dev_is_visible(struct kobject *kobj, 2767 struct attribute *attr, int idx) 2768 { 2769 struct device *dev = kobj_to_dev(kobj); 2770 struct fsg_lun *lun = fsg_lun_from_dev(dev); 2771 2772 if (attr == &dev_attr_ro.attr) 2773 return lun->cdrom ? S_IRUGO : (S_IWUSR | S_IRUGO); 2774 if (attr == &dev_attr_file.attr) 2775 return lun->removable ? (S_IWUSR | S_IRUGO) : S_IRUGO; 2776 return attr->mode; 2777 } 2778 2779 static const struct attribute_group fsg_lun_dev_group = { 2780 .attrs = fsg_lun_dev_attrs, 2781 .is_visible = fsg_lun_dev_is_visible, 2782 }; 2783 2784 static const struct attribute_group *fsg_lun_dev_groups[] = { 2785 &fsg_lun_dev_group, 2786 NULL 2787 }; 2788 2789 int fsg_common_create_lun(struct fsg_common *common, struct fsg_lun_config *cfg, 2790 unsigned int id, const char *name, 2791 const char **name_pfx) 2792 { 2793 struct fsg_lun *lun; 2794 char *pathbuf, *p; 2795 int rc = -ENOMEM; 2796 2797 if (id >= ARRAY_SIZE(common->luns)) 2798 return -ENODEV; 2799 2800 if (common->luns[id]) 2801 return -EBUSY; 2802 2803 if (!cfg->filename && !cfg->removable) { 2804 pr_err("no file given for LUN%d\n", id); 2805 return -EINVAL; 2806 } 2807 2808 lun = kzalloc(sizeof(*lun), GFP_KERNEL); 2809 if (!lun) 2810 return -ENOMEM; 2811 2812 lun->name_pfx = name_pfx; 2813 2814 lun->cdrom = !!cfg->cdrom; 2815 lun->ro = cfg->cdrom || cfg->ro; 2816 lun->initially_ro = lun->ro; 2817 lun->removable = !!cfg->removable; 2818 2819 if (!common->sysfs) { 2820 /* we DON'T own the name!*/ 2821 lun->name = name; 2822 } else { 2823 lun->dev.release = fsg_lun_release; 2824 lun->dev.parent = &common->gadget->dev; 2825 lun->dev.groups = fsg_lun_dev_groups; 2826 dev_set_drvdata(&lun->dev, &common->filesem); 2827 dev_set_name(&lun->dev, "%s", name); 2828 lun->name = dev_name(&lun->dev); 2829 2830 rc = device_register(&lun->dev); 2831 if (rc) { 2832 pr_info("failed to register LUN%d: %d\n", id, rc); 2833 put_device(&lun->dev); 2834 goto error_sysfs; 2835 } 2836 } 2837 2838 common->luns[id] = lun; 2839 2840 if (cfg->filename) { 2841 rc = fsg_lun_open(lun, cfg->filename); 2842 if (rc) 2843 goto error_lun; 2844 } 2845 2846 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); 2847 p = "(no medium)"; 2848 if (fsg_lun_is_open(lun)) { 2849 p = "(error)"; 2850 if (pathbuf) { 2851 p = file_path(lun->filp, pathbuf, PATH_MAX); 2852 if (IS_ERR(p)) 2853 p = "(error)"; 2854 } 2855 } 2856 pr_info("LUN: %s%s%sfile: %s\n", 2857 lun->removable ? "removable " : "", 2858 lun->ro ? "read only " : "", 2859 lun->cdrom ? "CD-ROM " : "", 2860 p); 2861 kfree(pathbuf); 2862 2863 return 0; 2864 2865 error_lun: 2866 if (device_is_registered(&lun->dev)) 2867 device_unregister(&lun->dev); 2868 fsg_lun_close(lun); 2869 common->luns[id] = NULL; 2870 error_sysfs: 2871 kfree(lun); 2872 return rc; 2873 } 2874 EXPORT_SYMBOL_GPL(fsg_common_create_lun); 2875 2876 int fsg_common_create_luns(struct fsg_common *common, struct fsg_config *cfg) 2877 { 2878 char buf[8]; /* enough for 100000000 different numbers, decimal */ 2879 int i, rc; 2880 2881 fsg_common_remove_luns(common); 2882 2883 for (i = 0; i < cfg->nluns; ++i) { 2884 snprintf(buf, sizeof(buf), "lun%d", i); 2885 rc = fsg_common_create_lun(common, &cfg->luns[i], i, buf, NULL); 2886 if (rc) 2887 goto fail; 2888 } 2889 2890 pr_info("Number of LUNs=%d\n", cfg->nluns); 2891 2892 return 0; 2893 2894 fail: 2895 _fsg_common_remove_luns(common, i); 2896 return rc; 2897 } 2898 EXPORT_SYMBOL_GPL(fsg_common_create_luns); 2899 2900 void fsg_common_set_inquiry_string(struct fsg_common *common, const char *vn, 2901 const char *pn) 2902 { 2903 int i; 2904 2905 /* Prepare inquiryString */ 2906 i = get_default_bcdDevice(); 2907 snprintf(common->inquiry_string, sizeof(common->inquiry_string), 2908 "%-8s%-16s%04x", vn ?: "Linux", 2909 /* Assume product name dependent on the first LUN */ 2910 pn ?: ((*common->luns)->cdrom 2911 ? "File-CD Gadget" 2912 : "File-Stor Gadget"), 2913 i); 2914 } 2915 EXPORT_SYMBOL_GPL(fsg_common_set_inquiry_string); 2916 2917 static void fsg_common_release(struct fsg_common *common) 2918 { 2919 int i; 2920 2921 /* If the thread isn't already dead, tell it to exit now */ 2922 if (common->state != FSG_STATE_TERMINATED) { 2923 raise_exception(common, FSG_STATE_EXIT); 2924 wait_for_completion(&common->thread_notifier); 2925 } 2926 2927 for (i = 0; i < ARRAY_SIZE(common->luns); ++i) { 2928 struct fsg_lun *lun = common->luns[i]; 2929 if (!lun) 2930 continue; 2931 fsg_lun_close(lun); 2932 if (device_is_registered(&lun->dev)) 2933 device_unregister(&lun->dev); 2934 kfree(lun); 2935 } 2936 2937 _fsg_common_free_buffers(common->buffhds, common->fsg_num_buffers); 2938 if (common->free_storage_on_release) 2939 kfree(common); 2940 } 2941 2942 2943 /*-------------------------------------------------------------------------*/ 2944 2945 static int fsg_bind(struct usb_configuration *c, struct usb_function *f) 2946 { 2947 struct fsg_dev *fsg = fsg_from_func(f); 2948 struct fsg_common *common = fsg->common; 2949 struct usb_gadget *gadget = c->cdev->gadget; 2950 int i; 2951 struct usb_ep *ep; 2952 unsigned max_burst; 2953 int ret; 2954 struct fsg_opts *opts; 2955 2956 /* Don't allow to bind if we don't have at least one LUN */ 2957 ret = _fsg_common_get_max_lun(common); 2958 if (ret < 0) { 2959 pr_err("There should be at least one LUN.\n"); 2960 return -EINVAL; 2961 } 2962 2963 opts = fsg_opts_from_func_inst(f->fi); 2964 if (!opts->no_configfs) { 2965 ret = fsg_common_set_cdev(fsg->common, c->cdev, 2966 fsg->common->can_stall); 2967 if (ret) 2968 return ret; 2969 fsg_common_set_inquiry_string(fsg->common, NULL, NULL); 2970 } 2971 2972 if (!common->thread_task) { 2973 common->state = FSG_STATE_NORMAL; 2974 common->thread_task = 2975 kthread_create(fsg_main_thread, common, "file-storage"); 2976 if (IS_ERR(common->thread_task)) { 2977 ret = PTR_ERR(common->thread_task); 2978 common->thread_task = NULL; 2979 common->state = FSG_STATE_TERMINATED; 2980 return ret; 2981 } 2982 DBG(common, "I/O thread pid: %d\n", 2983 task_pid_nr(common->thread_task)); 2984 wake_up_process(common->thread_task); 2985 } 2986 2987 fsg->gadget = gadget; 2988 2989 /* New interface */ 2990 i = usb_interface_id(c, f); 2991 if (i < 0) 2992 goto fail; 2993 fsg_intf_desc.bInterfaceNumber = i; 2994 fsg->interface_number = i; 2995 2996 /* Find all the endpoints we will use */ 2997 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc); 2998 if (!ep) 2999 goto autoconf_fail; 3000 fsg->bulk_in = ep; 3001 3002 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc); 3003 if (!ep) 3004 goto autoconf_fail; 3005 fsg->bulk_out = ep; 3006 3007 /* Assume endpoint addresses are the same for both speeds */ 3008 fsg_hs_bulk_in_desc.bEndpointAddress = 3009 fsg_fs_bulk_in_desc.bEndpointAddress; 3010 fsg_hs_bulk_out_desc.bEndpointAddress = 3011 fsg_fs_bulk_out_desc.bEndpointAddress; 3012 3013 /* Calculate bMaxBurst, we know packet size is 1024 */ 3014 max_burst = min_t(unsigned, FSG_BUFLEN / 1024, 15); 3015 3016 fsg_ss_bulk_in_desc.bEndpointAddress = 3017 fsg_fs_bulk_in_desc.bEndpointAddress; 3018 fsg_ss_bulk_in_comp_desc.bMaxBurst = max_burst; 3019 3020 fsg_ss_bulk_out_desc.bEndpointAddress = 3021 fsg_fs_bulk_out_desc.bEndpointAddress; 3022 fsg_ss_bulk_out_comp_desc.bMaxBurst = max_burst; 3023 3024 ret = usb_assign_descriptors(f, fsg_fs_function, fsg_hs_function, 3025 fsg_ss_function, fsg_ss_function); 3026 if (ret) 3027 goto autoconf_fail; 3028 3029 return 0; 3030 3031 autoconf_fail: 3032 ERROR(fsg, "unable to autoconfigure all endpoints\n"); 3033 i = -ENOTSUPP; 3034 fail: 3035 /* terminate the thread */ 3036 if (fsg->common->state != FSG_STATE_TERMINATED) { 3037 raise_exception(fsg->common, FSG_STATE_EXIT); 3038 wait_for_completion(&fsg->common->thread_notifier); 3039 } 3040 return i; 3041 } 3042 3043 /****************************** ALLOCATE FUNCTION *************************/ 3044 3045 static void fsg_unbind(struct usb_configuration *c, struct usb_function *f) 3046 { 3047 struct fsg_dev *fsg = fsg_from_func(f); 3048 struct fsg_common *common = fsg->common; 3049 3050 DBG(fsg, "unbind\n"); 3051 if (fsg->common->fsg == fsg) { 3052 __raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, NULL); 3053 /* FIXME: make interruptible or killable somehow? */ 3054 wait_event(common->fsg_wait, common->fsg != fsg); 3055 } 3056 3057 usb_free_all_descriptors(&fsg->function); 3058 } 3059 3060 static inline struct fsg_lun_opts *to_fsg_lun_opts(struct config_item *item) 3061 { 3062 return container_of(to_config_group(item), struct fsg_lun_opts, group); 3063 } 3064 3065 static inline struct fsg_opts *to_fsg_opts(struct config_item *item) 3066 { 3067 return container_of(to_config_group(item), struct fsg_opts, 3068 func_inst.group); 3069 } 3070 3071 static void fsg_lun_attr_release(struct config_item *item) 3072 { 3073 struct fsg_lun_opts *lun_opts; 3074 3075 lun_opts = to_fsg_lun_opts(item); 3076 kfree(lun_opts); 3077 } 3078 3079 static struct configfs_item_operations fsg_lun_item_ops = { 3080 .release = fsg_lun_attr_release, 3081 }; 3082 3083 static ssize_t fsg_lun_opts_file_show(struct config_item *item, char *page) 3084 { 3085 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3086 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3087 3088 return fsg_show_file(opts->lun, &fsg_opts->common->filesem, page); 3089 } 3090 3091 static ssize_t fsg_lun_opts_file_store(struct config_item *item, 3092 const char *page, size_t len) 3093 { 3094 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3095 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3096 3097 return fsg_store_file(opts->lun, &fsg_opts->common->filesem, page, len); 3098 } 3099 3100 CONFIGFS_ATTR(fsg_lun_opts_, file); 3101 3102 static ssize_t fsg_lun_opts_ro_show(struct config_item *item, char *page) 3103 { 3104 return fsg_show_ro(to_fsg_lun_opts(item)->lun, page); 3105 } 3106 3107 static ssize_t fsg_lun_opts_ro_store(struct config_item *item, 3108 const char *page, size_t len) 3109 { 3110 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3111 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3112 3113 return fsg_store_ro(opts->lun, &fsg_opts->common->filesem, page, len); 3114 } 3115 3116 CONFIGFS_ATTR(fsg_lun_opts_, ro); 3117 3118 static ssize_t fsg_lun_opts_removable_show(struct config_item *item, 3119 char *page) 3120 { 3121 return fsg_show_removable(to_fsg_lun_opts(item)->lun, page); 3122 } 3123 3124 static ssize_t fsg_lun_opts_removable_store(struct config_item *item, 3125 const char *page, size_t len) 3126 { 3127 return fsg_store_removable(to_fsg_lun_opts(item)->lun, page, len); 3128 } 3129 3130 CONFIGFS_ATTR(fsg_lun_opts_, removable); 3131 3132 static ssize_t fsg_lun_opts_cdrom_show(struct config_item *item, char *page) 3133 { 3134 return fsg_show_cdrom(to_fsg_lun_opts(item)->lun, page); 3135 } 3136 3137 static ssize_t fsg_lun_opts_cdrom_store(struct config_item *item, 3138 const char *page, size_t len) 3139 { 3140 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3141 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3142 3143 return fsg_store_cdrom(opts->lun, &fsg_opts->common->filesem, page, 3144 len); 3145 } 3146 3147 CONFIGFS_ATTR(fsg_lun_opts_, cdrom); 3148 3149 static ssize_t fsg_lun_opts_nofua_show(struct config_item *item, char *page) 3150 { 3151 return fsg_show_nofua(to_fsg_lun_opts(item)->lun, page); 3152 } 3153 3154 static ssize_t fsg_lun_opts_nofua_store(struct config_item *item, 3155 const char *page, size_t len) 3156 { 3157 return fsg_store_nofua(to_fsg_lun_opts(item)->lun, page, len); 3158 } 3159 3160 CONFIGFS_ATTR(fsg_lun_opts_, nofua); 3161 3162 static ssize_t fsg_lun_opts_inquiry_string_show(struct config_item *item, 3163 char *page) 3164 { 3165 return fsg_show_inquiry_string(to_fsg_lun_opts(item)->lun, page); 3166 } 3167 3168 static ssize_t fsg_lun_opts_inquiry_string_store(struct config_item *item, 3169 const char *page, size_t len) 3170 { 3171 return fsg_store_inquiry_string(to_fsg_lun_opts(item)->lun, page, len); 3172 } 3173 3174 CONFIGFS_ATTR(fsg_lun_opts_, inquiry_string); 3175 3176 static struct configfs_attribute *fsg_lun_attrs[] = { 3177 &fsg_lun_opts_attr_file, 3178 &fsg_lun_opts_attr_ro, 3179 &fsg_lun_opts_attr_removable, 3180 &fsg_lun_opts_attr_cdrom, 3181 &fsg_lun_opts_attr_nofua, 3182 &fsg_lun_opts_attr_inquiry_string, 3183 NULL, 3184 }; 3185 3186 static const struct config_item_type fsg_lun_type = { 3187 .ct_item_ops = &fsg_lun_item_ops, 3188 .ct_attrs = fsg_lun_attrs, 3189 .ct_owner = THIS_MODULE, 3190 }; 3191 3192 static struct config_group *fsg_lun_make(struct config_group *group, 3193 const char *name) 3194 { 3195 struct fsg_lun_opts *opts; 3196 struct fsg_opts *fsg_opts; 3197 struct fsg_lun_config config; 3198 char *num_str; 3199 u8 num; 3200 int ret; 3201 3202 num_str = strchr(name, '.'); 3203 if (!num_str) { 3204 pr_err("Unable to locate . in LUN.NUMBER\n"); 3205 return ERR_PTR(-EINVAL); 3206 } 3207 num_str++; 3208 3209 ret = kstrtou8(num_str, 0, &num); 3210 if (ret) 3211 return ERR_PTR(ret); 3212 3213 fsg_opts = to_fsg_opts(&group->cg_item); 3214 if (num >= FSG_MAX_LUNS) 3215 return ERR_PTR(-ERANGE); 3216 num = array_index_nospec(num, FSG_MAX_LUNS); 3217 3218 mutex_lock(&fsg_opts->lock); 3219 if (fsg_opts->refcnt || fsg_opts->common->luns[num]) { 3220 ret = -EBUSY; 3221 goto out; 3222 } 3223 3224 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 3225 if (!opts) { 3226 ret = -ENOMEM; 3227 goto out; 3228 } 3229 3230 memset(&config, 0, sizeof(config)); 3231 config.removable = true; 3232 3233 ret = fsg_common_create_lun(fsg_opts->common, &config, num, name, 3234 (const char **)&group->cg_item.ci_name); 3235 if (ret) { 3236 kfree(opts); 3237 goto out; 3238 } 3239 opts->lun = fsg_opts->common->luns[num]; 3240 opts->lun_id = num; 3241 mutex_unlock(&fsg_opts->lock); 3242 3243 config_group_init_type_name(&opts->group, name, &fsg_lun_type); 3244 3245 return &opts->group; 3246 out: 3247 mutex_unlock(&fsg_opts->lock); 3248 return ERR_PTR(ret); 3249 } 3250 3251 static void fsg_lun_drop(struct config_group *group, struct config_item *item) 3252 { 3253 struct fsg_lun_opts *lun_opts; 3254 struct fsg_opts *fsg_opts; 3255 3256 lun_opts = to_fsg_lun_opts(item); 3257 fsg_opts = to_fsg_opts(&group->cg_item); 3258 3259 mutex_lock(&fsg_opts->lock); 3260 if (fsg_opts->refcnt) { 3261 struct config_item *gadget; 3262 3263 gadget = group->cg_item.ci_parent->ci_parent; 3264 unregister_gadget_item(gadget); 3265 } 3266 3267 fsg_common_remove_lun(lun_opts->lun); 3268 fsg_opts->common->luns[lun_opts->lun_id] = NULL; 3269 lun_opts->lun_id = 0; 3270 mutex_unlock(&fsg_opts->lock); 3271 3272 config_item_put(item); 3273 } 3274 3275 static void fsg_attr_release(struct config_item *item) 3276 { 3277 struct fsg_opts *opts = to_fsg_opts(item); 3278 3279 usb_put_function_instance(&opts->func_inst); 3280 } 3281 3282 static struct configfs_item_operations fsg_item_ops = { 3283 .release = fsg_attr_release, 3284 }; 3285 3286 static ssize_t fsg_opts_stall_show(struct config_item *item, char *page) 3287 { 3288 struct fsg_opts *opts = to_fsg_opts(item); 3289 int result; 3290 3291 mutex_lock(&opts->lock); 3292 result = sprintf(page, "%d", opts->common->can_stall); 3293 mutex_unlock(&opts->lock); 3294 3295 return result; 3296 } 3297 3298 static ssize_t fsg_opts_stall_store(struct config_item *item, const char *page, 3299 size_t len) 3300 { 3301 struct fsg_opts *opts = to_fsg_opts(item); 3302 int ret; 3303 bool stall; 3304 3305 mutex_lock(&opts->lock); 3306 3307 if (opts->refcnt) { 3308 mutex_unlock(&opts->lock); 3309 return -EBUSY; 3310 } 3311 3312 ret = strtobool(page, &stall); 3313 if (!ret) { 3314 opts->common->can_stall = stall; 3315 ret = len; 3316 } 3317 3318 mutex_unlock(&opts->lock); 3319 3320 return ret; 3321 } 3322 3323 CONFIGFS_ATTR(fsg_opts_, stall); 3324 3325 #ifdef CONFIG_USB_GADGET_DEBUG_FILES 3326 static ssize_t fsg_opts_num_buffers_show(struct config_item *item, char *page) 3327 { 3328 struct fsg_opts *opts = to_fsg_opts(item); 3329 int result; 3330 3331 mutex_lock(&opts->lock); 3332 result = sprintf(page, "%d", opts->common->fsg_num_buffers); 3333 mutex_unlock(&opts->lock); 3334 3335 return result; 3336 } 3337 3338 static ssize_t fsg_opts_num_buffers_store(struct config_item *item, 3339 const char *page, size_t len) 3340 { 3341 struct fsg_opts *opts = to_fsg_opts(item); 3342 int ret; 3343 u8 num; 3344 3345 mutex_lock(&opts->lock); 3346 if (opts->refcnt) { 3347 ret = -EBUSY; 3348 goto end; 3349 } 3350 ret = kstrtou8(page, 0, &num); 3351 if (ret) 3352 goto end; 3353 3354 ret = fsg_common_set_num_buffers(opts->common, num); 3355 if (ret) 3356 goto end; 3357 ret = len; 3358 3359 end: 3360 mutex_unlock(&opts->lock); 3361 return ret; 3362 } 3363 3364 CONFIGFS_ATTR(fsg_opts_, num_buffers); 3365 #endif 3366 3367 static struct configfs_attribute *fsg_attrs[] = { 3368 &fsg_opts_attr_stall, 3369 #ifdef CONFIG_USB_GADGET_DEBUG_FILES 3370 &fsg_opts_attr_num_buffers, 3371 #endif 3372 NULL, 3373 }; 3374 3375 static struct configfs_group_operations fsg_group_ops = { 3376 .make_group = fsg_lun_make, 3377 .drop_item = fsg_lun_drop, 3378 }; 3379 3380 static const struct config_item_type fsg_func_type = { 3381 .ct_item_ops = &fsg_item_ops, 3382 .ct_group_ops = &fsg_group_ops, 3383 .ct_attrs = fsg_attrs, 3384 .ct_owner = THIS_MODULE, 3385 }; 3386 3387 static void fsg_free_inst(struct usb_function_instance *fi) 3388 { 3389 struct fsg_opts *opts; 3390 3391 opts = fsg_opts_from_func_inst(fi); 3392 fsg_common_release(opts->common); 3393 kfree(opts); 3394 } 3395 3396 static struct usb_function_instance *fsg_alloc_inst(void) 3397 { 3398 struct fsg_opts *opts; 3399 struct fsg_lun_config config; 3400 int rc; 3401 3402 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 3403 if (!opts) 3404 return ERR_PTR(-ENOMEM); 3405 mutex_init(&opts->lock); 3406 opts->func_inst.free_func_inst = fsg_free_inst; 3407 opts->common = fsg_common_setup(opts->common); 3408 if (IS_ERR(opts->common)) { 3409 rc = PTR_ERR(opts->common); 3410 goto release_opts; 3411 } 3412 3413 rc = fsg_common_set_num_buffers(opts->common, 3414 CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS); 3415 if (rc) 3416 goto release_common; 3417 3418 pr_info(FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n"); 3419 3420 memset(&config, 0, sizeof(config)); 3421 config.removable = true; 3422 rc = fsg_common_create_lun(opts->common, &config, 0, "lun.0", 3423 (const char **)&opts->func_inst.group.cg_item.ci_name); 3424 if (rc) 3425 goto release_buffers; 3426 3427 opts->lun0.lun = opts->common->luns[0]; 3428 opts->lun0.lun_id = 0; 3429 3430 config_group_init_type_name(&opts->func_inst.group, "", &fsg_func_type); 3431 3432 config_group_init_type_name(&opts->lun0.group, "lun.0", &fsg_lun_type); 3433 configfs_add_default_group(&opts->lun0.group, &opts->func_inst.group); 3434 3435 return &opts->func_inst; 3436 3437 release_buffers: 3438 fsg_common_free_buffers(opts->common); 3439 release_common: 3440 kfree(opts->common); 3441 release_opts: 3442 kfree(opts); 3443 return ERR_PTR(rc); 3444 } 3445 3446 static void fsg_free(struct usb_function *f) 3447 { 3448 struct fsg_dev *fsg; 3449 struct fsg_opts *opts; 3450 3451 fsg = container_of(f, struct fsg_dev, function); 3452 opts = container_of(f->fi, struct fsg_opts, func_inst); 3453 3454 mutex_lock(&opts->lock); 3455 opts->refcnt--; 3456 mutex_unlock(&opts->lock); 3457 3458 kfree(fsg); 3459 } 3460 3461 static struct usb_function *fsg_alloc(struct usb_function_instance *fi) 3462 { 3463 struct fsg_opts *opts = fsg_opts_from_func_inst(fi); 3464 struct fsg_common *common = opts->common; 3465 struct fsg_dev *fsg; 3466 3467 fsg = kzalloc(sizeof(*fsg), GFP_KERNEL); 3468 if (unlikely(!fsg)) 3469 return ERR_PTR(-ENOMEM); 3470 3471 mutex_lock(&opts->lock); 3472 opts->refcnt++; 3473 mutex_unlock(&opts->lock); 3474 3475 fsg->function.name = FSG_DRIVER_DESC; 3476 fsg->function.bind = fsg_bind; 3477 fsg->function.unbind = fsg_unbind; 3478 fsg->function.setup = fsg_setup; 3479 fsg->function.set_alt = fsg_set_alt; 3480 fsg->function.disable = fsg_disable; 3481 fsg->function.free_func = fsg_free; 3482 3483 fsg->common = common; 3484 3485 return &fsg->function; 3486 } 3487 3488 DECLARE_USB_FUNCTION_INIT(mass_storage, fsg_alloc_inst, fsg_alloc); 3489 MODULE_LICENSE("GPL"); 3490 MODULE_AUTHOR("Michal Nazarewicz"); 3491 3492 /************************* Module parameters *************************/ 3493 3494 3495 void fsg_config_from_params(struct fsg_config *cfg, 3496 const struct fsg_module_parameters *params, 3497 unsigned int fsg_num_buffers) 3498 { 3499 struct fsg_lun_config *lun; 3500 unsigned i; 3501 3502 /* Configure LUNs */ 3503 cfg->nluns = 3504 min(params->luns ?: (params->file_count ?: 1u), 3505 (unsigned)FSG_MAX_LUNS); 3506 for (i = 0, lun = cfg->luns; i < cfg->nluns; ++i, ++lun) { 3507 lun->ro = !!params->ro[i]; 3508 lun->cdrom = !!params->cdrom[i]; 3509 lun->removable = !!params->removable[i]; 3510 lun->filename = 3511 params->file_count > i && params->file[i][0] 3512 ? params->file[i] 3513 : NULL; 3514 } 3515 3516 /* Let MSF use defaults */ 3517 cfg->vendor_name = NULL; 3518 cfg->product_name = NULL; 3519 3520 cfg->ops = NULL; 3521 cfg->private_data = NULL; 3522 3523 /* Finalise */ 3524 cfg->can_stall = params->stall; 3525 cfg->fsg_num_buffers = fsg_num_buffers; 3526 } 3527 EXPORT_SYMBOL_GPL(fsg_config_from_params); 3528