1 // SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause) 2 /* 3 * f_mass_storage.c -- Mass Storage USB Composite Function 4 * 5 * Copyright (C) 2003-2008 Alan Stern 6 * Copyright (C) 2009 Samsung Electronics 7 * Author: Michal Nazarewicz <mina86@mina86.com> 8 * All rights reserved. 9 */ 10 11 /* 12 * The Mass Storage Function acts as a USB Mass Storage device, 13 * appearing to the host as a disk drive or as a CD-ROM drive. In 14 * addition to providing an example of a genuinely useful composite 15 * function for a USB device, it also illustrates a technique of 16 * double-buffering for increased throughput. 17 * 18 * For more information about MSF and in particular its module 19 * parameters and sysfs interface read the 20 * <Documentation/usb/mass-storage.rst> file. 21 */ 22 23 /* 24 * MSF is configured by specifying a fsg_config structure. It has the 25 * following fields: 26 * 27 * nluns Number of LUNs function have (anywhere from 1 28 * to FSG_MAX_LUNS). 29 * luns An array of LUN configuration values. This 30 * should be filled for each LUN that 31 * function will include (ie. for "nluns" 32 * LUNs). Each element of the array has 33 * the following fields: 34 * ->filename The path to the backing file for the LUN. 35 * Required if LUN is not marked as 36 * removable. 37 * ->ro Flag specifying access to the LUN shall be 38 * read-only. This is implied if CD-ROM 39 * emulation is enabled as well as when 40 * it was impossible to open "filename" 41 * in R/W mode. 42 * ->removable Flag specifying that LUN shall be indicated as 43 * being removable. 44 * ->cdrom Flag specifying that LUN shall be reported as 45 * being a CD-ROM. 46 * ->nofua Flag specifying that FUA flag in SCSI WRITE(10,12) 47 * commands for this LUN shall be ignored. 48 * 49 * vendor_name 50 * product_name 51 * release Information used as a reply to INQUIRY 52 * request. To use default set to NULL, 53 * NULL, 0xffff respectively. The first 54 * field should be 8 and the second 16 55 * characters or less. 56 * 57 * can_stall Set to permit function to halt bulk endpoints. 58 * Disabled on some USB devices known not 59 * to work correctly. You should set it 60 * to true. 61 * 62 * If "removable" is not set for a LUN then a backing file must be 63 * specified. If it is set, then NULL filename means the LUN's medium 64 * is not loaded (an empty string as "filename" in the fsg_config 65 * structure causes error). The CD-ROM emulation includes a single 66 * data track and no audio tracks; hence there need be only one 67 * backing file per LUN. 68 * 69 * This function is heavily based on "File-backed Storage Gadget" by 70 * Alan Stern which in turn is heavily based on "Gadget Zero" by David 71 * Brownell. The driver's SCSI command interface was based on the 72 * "Information technology - Small Computer System Interface - 2" 73 * document from X3T9.2 Project 375D, Revision 10L, 7-SEP-93, 74 * available at <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>. 75 * The single exception is opcode 0x23 (READ FORMAT CAPACITIES), which 76 * was based on the "Universal Serial Bus Mass Storage Class UFI 77 * Command Specification" document, Revision 1.0, December 14, 1998, 78 * available at 79 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>. 80 */ 81 82 /* 83 * Driver Design 84 * 85 * The MSF is fairly straightforward. There is a main kernel 86 * thread that handles most of the work. Interrupt routines field 87 * callbacks from the controller driver: bulk- and interrupt-request 88 * completion notifications, endpoint-0 events, and disconnect events. 89 * Completion events are passed to the main thread by wakeup calls. Many 90 * ep0 requests are handled at interrupt time, but SetInterface, 91 * SetConfiguration, and device reset requests are forwarded to the 92 * thread in the form of "exceptions" using SIGUSR1 signals (since they 93 * should interrupt any ongoing file I/O operations). 94 * 95 * The thread's main routine implements the standard command/data/status 96 * parts of a SCSI interaction. It and its subroutines are full of tests 97 * for pending signals/exceptions -- all this polling is necessary since 98 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an 99 * indication that the driver really wants to be running in userspace.) 100 * An important point is that so long as the thread is alive it keeps an 101 * open reference to the backing file. This will prevent unmounting 102 * the backing file's underlying filesystem and could cause problems 103 * during system shutdown, for example. To prevent such problems, the 104 * thread catches INT, TERM, and KILL signals and converts them into 105 * an EXIT exception. 106 * 107 * In normal operation the main thread is started during the gadget's 108 * fsg_bind() callback and stopped during fsg_unbind(). But it can 109 * also exit when it receives a signal, and there's no point leaving 110 * the gadget running when the thread is dead. As of this moment, MSF 111 * provides no way to deregister the gadget when thread dies -- maybe 112 * a callback functions is needed. 113 * 114 * To provide maximum throughput, the driver uses a circular pipeline of 115 * buffer heads (struct fsg_buffhd). In principle the pipeline can be 116 * arbitrarily long; in practice the benefits don't justify having more 117 * than 2 stages (i.e., double buffering). But it helps to think of the 118 * pipeline as being a long one. Each buffer head contains a bulk-in and 119 * a bulk-out request pointer (since the buffer can be used for both 120 * output and input -- directions always are given from the host's 121 * point of view) as well as a pointer to the buffer and various state 122 * variables. 123 * 124 * Use of the pipeline follows a simple protocol. There is a variable 125 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use. 126 * At any time that buffer head may still be in use from an earlier 127 * request, so each buffer head has a state variable indicating whether 128 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the 129 * buffer head to be EMPTY, filling the buffer either by file I/O or by 130 * USB I/O (during which the buffer head is BUSY), and marking the buffer 131 * head FULL when the I/O is complete. Then the buffer will be emptied 132 * (again possibly by USB I/O, during which it is marked BUSY) and 133 * finally marked EMPTY again (possibly by a completion routine). 134 * 135 * A module parameter tells the driver to avoid stalling the bulk 136 * endpoints wherever the transport specification allows. This is 137 * necessary for some UDCs like the SuperH, which cannot reliably clear a 138 * halt on a bulk endpoint. However, under certain circumstances the 139 * Bulk-only specification requires a stall. In such cases the driver 140 * will halt the endpoint and set a flag indicating that it should clear 141 * the halt in software during the next device reset. Hopefully this 142 * will permit everything to work correctly. Furthermore, although the 143 * specification allows the bulk-out endpoint to halt when the host sends 144 * too much data, implementing this would cause an unavoidable race. 145 * The driver will always use the "no-stall" approach for OUT transfers. 146 * 147 * One subtle point concerns sending status-stage responses for ep0 148 * requests. Some of these requests, such as device reset, can involve 149 * interrupting an ongoing file I/O operation, which might take an 150 * arbitrarily long time. During that delay the host might give up on 151 * the original ep0 request and issue a new one. When that happens the 152 * driver should not notify the host about completion of the original 153 * request, as the host will no longer be waiting for it. So the driver 154 * assigns to each ep0 request a unique tag, and it keeps track of the 155 * tag value of the request associated with a long-running exception 156 * (device-reset, interface-change, or configuration-change). When the 157 * exception handler is finished, the status-stage response is submitted 158 * only if the current ep0 request tag is equal to the exception request 159 * tag. Thus only the most recently received ep0 request will get a 160 * status-stage response. 161 * 162 * Warning: This driver source file is too long. It ought to be split up 163 * into a header file plus about 3 separate .c files, to handle the details 164 * of the Gadget, USB Mass Storage, and SCSI protocols. 165 */ 166 167 168 /* #define VERBOSE_DEBUG */ 169 /* #define DUMP_MSGS */ 170 171 #include <linux/blkdev.h> 172 #include <linux/completion.h> 173 #include <linux/dcache.h> 174 #include <linux/delay.h> 175 #include <linux/device.h> 176 #include <linux/fcntl.h> 177 #include <linux/file.h> 178 #include <linux/fs.h> 179 #include <linux/kthread.h> 180 #include <linux/sched/signal.h> 181 #include <linux/limits.h> 182 #include <linux/pagemap.h> 183 #include <linux/rwsem.h> 184 #include <linux/slab.h> 185 #include <linux/spinlock.h> 186 #include <linux/string.h> 187 #include <linux/freezer.h> 188 #include <linux/module.h> 189 #include <linux/uaccess.h> 190 #include <asm/unaligned.h> 191 192 #include <linux/usb/ch9.h> 193 #include <linux/usb/gadget.h> 194 #include <linux/usb/composite.h> 195 196 #include <linux/nospec.h> 197 198 #include "configfs.h" 199 200 201 /*------------------------------------------------------------------------*/ 202 203 #define FSG_DRIVER_DESC "Mass Storage Function" 204 #define FSG_DRIVER_VERSION "2009/09/11" 205 206 static const char fsg_string_interface[] = "Mass Storage"; 207 208 #include "storage_common.h" 209 #include "f_mass_storage.h" 210 211 /* Static strings, in UTF-8 (for simplicity we use only ASCII characters) */ 212 static struct usb_string fsg_strings[] = { 213 {FSG_STRING_INTERFACE, fsg_string_interface}, 214 {} 215 }; 216 217 static struct usb_gadget_strings fsg_stringtab = { 218 .language = 0x0409, /* en-us */ 219 .strings = fsg_strings, 220 }; 221 222 static struct usb_gadget_strings *fsg_strings_array[] = { 223 &fsg_stringtab, 224 NULL, 225 }; 226 227 /*-------------------------------------------------------------------------*/ 228 229 struct fsg_dev; 230 struct fsg_common; 231 232 /* Data shared by all the FSG instances. */ 233 struct fsg_common { 234 struct usb_gadget *gadget; 235 struct usb_composite_dev *cdev; 236 struct fsg_dev *fsg; 237 wait_queue_head_t io_wait; 238 wait_queue_head_t fsg_wait; 239 240 /* filesem protects: backing files in use */ 241 struct rw_semaphore filesem; 242 243 /* lock protects: state and thread_task */ 244 spinlock_t lock; 245 246 struct usb_ep *ep0; /* Copy of gadget->ep0 */ 247 struct usb_request *ep0req; /* Copy of cdev->req */ 248 unsigned int ep0_req_tag; 249 250 struct fsg_buffhd *next_buffhd_to_fill; 251 struct fsg_buffhd *next_buffhd_to_drain; 252 struct fsg_buffhd *buffhds; 253 unsigned int fsg_num_buffers; 254 255 int cmnd_size; 256 u8 cmnd[MAX_COMMAND_SIZE]; 257 258 unsigned int lun; 259 struct fsg_lun *luns[FSG_MAX_LUNS]; 260 struct fsg_lun *curlun; 261 262 unsigned int bulk_out_maxpacket; 263 enum fsg_state state; /* For exception handling */ 264 unsigned int exception_req_tag; 265 void *exception_arg; 266 267 enum data_direction data_dir; 268 u32 data_size; 269 u32 data_size_from_cmnd; 270 u32 tag; 271 u32 residue; 272 u32 usb_amount_left; 273 274 unsigned int can_stall:1; 275 unsigned int free_storage_on_release:1; 276 unsigned int phase_error:1; 277 unsigned int short_packet_received:1; 278 unsigned int bad_lun_okay:1; 279 unsigned int running:1; 280 unsigned int sysfs:1; 281 282 struct completion thread_notifier; 283 struct task_struct *thread_task; 284 285 /* Gadget's private data. */ 286 void *private_data; 287 288 char inquiry_string[INQUIRY_STRING_LEN]; 289 }; 290 291 struct fsg_dev { 292 struct usb_function function; 293 struct usb_gadget *gadget; /* Copy of cdev->gadget */ 294 struct fsg_common *common; 295 296 u16 interface_number; 297 298 unsigned int bulk_in_enabled:1; 299 unsigned int bulk_out_enabled:1; 300 301 unsigned long atomic_bitflags; 302 #define IGNORE_BULK_OUT 0 303 304 struct usb_ep *bulk_in; 305 struct usb_ep *bulk_out; 306 }; 307 308 static inline int __fsg_is_set(struct fsg_common *common, 309 const char *func, unsigned line) 310 { 311 if (common->fsg) 312 return 1; 313 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line); 314 WARN_ON(1); 315 return 0; 316 } 317 318 #define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__)) 319 320 static inline struct fsg_dev *fsg_from_func(struct usb_function *f) 321 { 322 return container_of(f, struct fsg_dev, function); 323 } 324 325 static int exception_in_progress(struct fsg_common *common) 326 { 327 return common->state > FSG_STATE_NORMAL; 328 } 329 330 /* Make bulk-out requests be divisible by the maxpacket size */ 331 static void set_bulk_out_req_length(struct fsg_common *common, 332 struct fsg_buffhd *bh, unsigned int length) 333 { 334 unsigned int rem; 335 336 bh->bulk_out_intended_length = length; 337 rem = length % common->bulk_out_maxpacket; 338 if (rem > 0) 339 length += common->bulk_out_maxpacket - rem; 340 bh->outreq->length = length; 341 } 342 343 344 /*-------------------------------------------------------------------------*/ 345 346 static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep) 347 { 348 const char *name; 349 350 if (ep == fsg->bulk_in) 351 name = "bulk-in"; 352 else if (ep == fsg->bulk_out) 353 name = "bulk-out"; 354 else 355 name = ep->name; 356 DBG(fsg, "%s set halt\n", name); 357 return usb_ep_set_halt(ep); 358 } 359 360 361 /*-------------------------------------------------------------------------*/ 362 363 /* These routines may be called in process context or in_irq */ 364 365 static void __raise_exception(struct fsg_common *common, enum fsg_state new_state, 366 void *arg) 367 { 368 unsigned long flags; 369 370 /* 371 * Do nothing if a higher-priority exception is already in progress. 372 * If a lower-or-equal priority exception is in progress, preempt it 373 * and notify the main thread by sending it a signal. 374 */ 375 spin_lock_irqsave(&common->lock, flags); 376 if (common->state <= new_state) { 377 common->exception_req_tag = common->ep0_req_tag; 378 common->state = new_state; 379 common->exception_arg = arg; 380 if (common->thread_task) 381 send_sig_info(SIGUSR1, SEND_SIG_PRIV, 382 common->thread_task); 383 } 384 spin_unlock_irqrestore(&common->lock, flags); 385 } 386 387 static void raise_exception(struct fsg_common *common, enum fsg_state new_state) 388 { 389 __raise_exception(common, new_state, NULL); 390 } 391 392 /*-------------------------------------------------------------------------*/ 393 394 static int ep0_queue(struct fsg_common *common) 395 { 396 int rc; 397 398 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC); 399 common->ep0->driver_data = common; 400 if (rc != 0 && rc != -ESHUTDOWN) { 401 /* We can't do much more than wait for a reset */ 402 WARNING(common, "error in submission: %s --> %d\n", 403 common->ep0->name, rc); 404 } 405 return rc; 406 } 407 408 409 /*-------------------------------------------------------------------------*/ 410 411 /* Completion handlers. These always run in_irq. */ 412 413 static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req) 414 { 415 struct fsg_common *common = ep->driver_data; 416 struct fsg_buffhd *bh = req->context; 417 418 if (req->status || req->actual != req->length) 419 DBG(common, "%s --> %d, %u/%u\n", __func__, 420 req->status, req->actual, req->length); 421 if (req->status == -ECONNRESET) /* Request was cancelled */ 422 usb_ep_fifo_flush(ep); 423 424 /* Synchronize with the smp_load_acquire() in sleep_thread() */ 425 smp_store_release(&bh->state, BUF_STATE_EMPTY); 426 wake_up(&common->io_wait); 427 } 428 429 static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req) 430 { 431 struct fsg_common *common = ep->driver_data; 432 struct fsg_buffhd *bh = req->context; 433 434 dump_msg(common, "bulk-out", req->buf, req->actual); 435 if (req->status || req->actual != bh->bulk_out_intended_length) 436 DBG(common, "%s --> %d, %u/%u\n", __func__, 437 req->status, req->actual, bh->bulk_out_intended_length); 438 if (req->status == -ECONNRESET) /* Request was cancelled */ 439 usb_ep_fifo_flush(ep); 440 441 /* Synchronize with the smp_load_acquire() in sleep_thread() */ 442 smp_store_release(&bh->state, BUF_STATE_FULL); 443 wake_up(&common->io_wait); 444 } 445 446 static int _fsg_common_get_max_lun(struct fsg_common *common) 447 { 448 int i = ARRAY_SIZE(common->luns) - 1; 449 450 while (i >= 0 && !common->luns[i]) 451 --i; 452 453 return i; 454 } 455 456 static int fsg_setup(struct usb_function *f, 457 const struct usb_ctrlrequest *ctrl) 458 { 459 struct fsg_dev *fsg = fsg_from_func(f); 460 struct usb_request *req = fsg->common->ep0req; 461 u16 w_index = le16_to_cpu(ctrl->wIndex); 462 u16 w_value = le16_to_cpu(ctrl->wValue); 463 u16 w_length = le16_to_cpu(ctrl->wLength); 464 465 if (!fsg_is_set(fsg->common)) 466 return -EOPNOTSUPP; 467 468 ++fsg->common->ep0_req_tag; /* Record arrival of a new request */ 469 req->context = NULL; 470 req->length = 0; 471 dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl)); 472 473 switch (ctrl->bRequest) { 474 475 case US_BULK_RESET_REQUEST: 476 if (ctrl->bRequestType != 477 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 478 break; 479 if (w_index != fsg->interface_number || w_value != 0 || 480 w_length != 0) 481 return -EDOM; 482 483 /* 484 * Raise an exception to stop the current operation 485 * and reinitialize our state. 486 */ 487 DBG(fsg, "bulk reset request\n"); 488 raise_exception(fsg->common, FSG_STATE_PROTOCOL_RESET); 489 return USB_GADGET_DELAYED_STATUS; 490 491 case US_BULK_GET_MAX_LUN: 492 if (ctrl->bRequestType != 493 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 494 break; 495 if (w_index != fsg->interface_number || w_value != 0 || 496 w_length != 1) 497 return -EDOM; 498 VDBG(fsg, "get max LUN\n"); 499 *(u8 *)req->buf = _fsg_common_get_max_lun(fsg->common); 500 501 /* Respond with data/status */ 502 req->length = min((u16)1, w_length); 503 return ep0_queue(fsg->common); 504 } 505 506 VDBG(fsg, 507 "unknown class-specific control req %02x.%02x v%04x i%04x l%u\n", 508 ctrl->bRequestType, ctrl->bRequest, 509 le16_to_cpu(ctrl->wValue), w_index, w_length); 510 return -EOPNOTSUPP; 511 } 512 513 514 /*-------------------------------------------------------------------------*/ 515 516 /* All the following routines run in process context */ 517 518 /* Use this for bulk or interrupt transfers, not ep0 */ 519 static int start_transfer(struct fsg_dev *fsg, struct usb_ep *ep, 520 struct usb_request *req) 521 { 522 int rc; 523 524 if (ep == fsg->bulk_in) 525 dump_msg(fsg, "bulk-in", req->buf, req->length); 526 527 rc = usb_ep_queue(ep, req, GFP_KERNEL); 528 if (rc) { 529 530 /* We can't do much more than wait for a reset */ 531 req->status = rc; 532 533 /* 534 * Note: currently the net2280 driver fails zero-length 535 * submissions if DMA is enabled. 536 */ 537 if (rc != -ESHUTDOWN && 538 !(rc == -EOPNOTSUPP && req->length == 0)) 539 WARNING(fsg, "error in submission: %s --> %d\n", 540 ep->name, rc); 541 } 542 return rc; 543 } 544 545 static bool start_in_transfer(struct fsg_common *common, struct fsg_buffhd *bh) 546 { 547 if (!fsg_is_set(common)) 548 return false; 549 bh->state = BUF_STATE_SENDING; 550 if (start_transfer(common->fsg, common->fsg->bulk_in, bh->inreq)) 551 bh->state = BUF_STATE_EMPTY; 552 return true; 553 } 554 555 static bool start_out_transfer(struct fsg_common *common, struct fsg_buffhd *bh) 556 { 557 if (!fsg_is_set(common)) 558 return false; 559 bh->state = BUF_STATE_RECEIVING; 560 if (start_transfer(common->fsg, common->fsg->bulk_out, bh->outreq)) 561 bh->state = BUF_STATE_FULL; 562 return true; 563 } 564 565 static int sleep_thread(struct fsg_common *common, bool can_freeze, 566 struct fsg_buffhd *bh) 567 { 568 int rc; 569 570 /* Wait until a signal arrives or bh is no longer busy */ 571 if (can_freeze) 572 /* 573 * synchronize with the smp_store_release(&bh->state) in 574 * bulk_in_complete() or bulk_out_complete() 575 */ 576 rc = wait_event_freezable(common->io_wait, 577 bh && smp_load_acquire(&bh->state) >= 578 BUF_STATE_EMPTY); 579 else 580 rc = wait_event_interruptible(common->io_wait, 581 bh && smp_load_acquire(&bh->state) >= 582 BUF_STATE_EMPTY); 583 return rc ? -EINTR : 0; 584 } 585 586 587 /*-------------------------------------------------------------------------*/ 588 589 static int do_read(struct fsg_common *common) 590 { 591 struct fsg_lun *curlun = common->curlun; 592 u64 lba; 593 struct fsg_buffhd *bh; 594 int rc; 595 u32 amount_left; 596 loff_t file_offset, file_offset_tmp; 597 unsigned int amount; 598 ssize_t nread; 599 600 /* 601 * Get the starting Logical Block Address and check that it's 602 * not too big. 603 */ 604 if (common->cmnd[0] == READ_6) 605 lba = get_unaligned_be24(&common->cmnd[1]); 606 else { 607 if (common->cmnd[0] == READ_16) 608 lba = get_unaligned_be64(&common->cmnd[2]); 609 else /* READ_10 or READ_12 */ 610 lba = get_unaligned_be32(&common->cmnd[2]); 611 612 /* 613 * We allow DPO (Disable Page Out = don't save data in the 614 * cache) and FUA (Force Unit Access = don't read from the 615 * cache), but we don't implement them. 616 */ 617 if ((common->cmnd[1] & ~0x18) != 0) { 618 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 619 return -EINVAL; 620 } 621 } 622 if (lba >= curlun->num_sectors) { 623 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 624 return -EINVAL; 625 } 626 file_offset = ((loff_t) lba) << curlun->blkbits; 627 628 /* Carry out the file reads */ 629 amount_left = common->data_size_from_cmnd; 630 if (unlikely(amount_left == 0)) 631 return -EIO; /* No default reply */ 632 633 for (;;) { 634 /* 635 * Figure out how much we need to read: 636 * Try to read the remaining amount. 637 * But don't read more than the buffer size. 638 * And don't try to read past the end of the file. 639 */ 640 amount = min(amount_left, FSG_BUFLEN); 641 amount = min((loff_t)amount, 642 curlun->file_length - file_offset); 643 644 /* Wait for the next buffer to become available */ 645 bh = common->next_buffhd_to_fill; 646 rc = sleep_thread(common, false, bh); 647 if (rc) 648 return rc; 649 650 /* 651 * If we were asked to read past the end of file, 652 * end with an empty buffer. 653 */ 654 if (amount == 0) { 655 curlun->sense_data = 656 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 657 curlun->sense_data_info = 658 file_offset >> curlun->blkbits; 659 curlun->info_valid = 1; 660 bh->inreq->length = 0; 661 bh->state = BUF_STATE_FULL; 662 break; 663 } 664 665 /* Perform the read */ 666 file_offset_tmp = file_offset; 667 nread = kernel_read(curlun->filp, bh->buf, amount, 668 &file_offset_tmp); 669 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 670 (unsigned long long)file_offset, (int)nread); 671 if (signal_pending(current)) 672 return -EINTR; 673 674 if (nread < 0) { 675 LDBG(curlun, "error in file read: %d\n", (int)nread); 676 nread = 0; 677 } else if (nread < amount) { 678 LDBG(curlun, "partial file read: %d/%u\n", 679 (int)nread, amount); 680 nread = round_down(nread, curlun->blksize); 681 } 682 file_offset += nread; 683 amount_left -= nread; 684 common->residue -= nread; 685 686 /* 687 * Except at the end of the transfer, nread will be 688 * equal to the buffer size, which is divisible by the 689 * bulk-in maxpacket size. 690 */ 691 bh->inreq->length = nread; 692 bh->state = BUF_STATE_FULL; 693 694 /* If an error occurred, report it and its position */ 695 if (nread < amount) { 696 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 697 curlun->sense_data_info = 698 file_offset >> curlun->blkbits; 699 curlun->info_valid = 1; 700 break; 701 } 702 703 if (amount_left == 0) 704 break; /* No more left to read */ 705 706 /* Send this buffer and go read some more */ 707 bh->inreq->zero = 0; 708 if (!start_in_transfer(common, bh)) 709 /* Don't know what to do if common->fsg is NULL */ 710 return -EIO; 711 common->next_buffhd_to_fill = bh->next; 712 } 713 714 return -EIO; /* No default reply */ 715 } 716 717 718 /*-------------------------------------------------------------------------*/ 719 720 static int do_write(struct fsg_common *common) 721 { 722 struct fsg_lun *curlun = common->curlun; 723 u64 lba; 724 struct fsg_buffhd *bh; 725 int get_some_more; 726 u32 amount_left_to_req, amount_left_to_write; 727 loff_t usb_offset, file_offset, file_offset_tmp; 728 unsigned int amount; 729 ssize_t nwritten; 730 int rc; 731 732 if (curlun->ro) { 733 curlun->sense_data = SS_WRITE_PROTECTED; 734 return -EINVAL; 735 } 736 spin_lock(&curlun->filp->f_lock); 737 curlun->filp->f_flags &= ~O_SYNC; /* Default is not to wait */ 738 spin_unlock(&curlun->filp->f_lock); 739 740 /* 741 * Get the starting Logical Block Address and check that it's 742 * not too big 743 */ 744 if (common->cmnd[0] == WRITE_6) 745 lba = get_unaligned_be24(&common->cmnd[1]); 746 else { 747 if (common->cmnd[0] == WRITE_16) 748 lba = get_unaligned_be64(&common->cmnd[2]); 749 else /* WRITE_10 or WRITE_12 */ 750 lba = get_unaligned_be32(&common->cmnd[2]); 751 752 /* 753 * We allow DPO (Disable Page Out = don't save data in the 754 * cache) and FUA (Force Unit Access = write directly to the 755 * medium). We don't implement DPO; we implement FUA by 756 * performing synchronous output. 757 */ 758 if (common->cmnd[1] & ~0x18) { 759 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 760 return -EINVAL; 761 } 762 if (!curlun->nofua && (common->cmnd[1] & 0x08)) { /* FUA */ 763 spin_lock(&curlun->filp->f_lock); 764 curlun->filp->f_flags |= O_SYNC; 765 spin_unlock(&curlun->filp->f_lock); 766 } 767 } 768 if (lba >= curlun->num_sectors) { 769 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 770 return -EINVAL; 771 } 772 773 /* Carry out the file writes */ 774 get_some_more = 1; 775 file_offset = usb_offset = ((loff_t) lba) << curlun->blkbits; 776 amount_left_to_req = common->data_size_from_cmnd; 777 amount_left_to_write = common->data_size_from_cmnd; 778 779 while (amount_left_to_write > 0) { 780 781 /* Queue a request for more data from the host */ 782 bh = common->next_buffhd_to_fill; 783 if (bh->state == BUF_STATE_EMPTY && get_some_more) { 784 785 /* 786 * Figure out how much we want to get: 787 * Try to get the remaining amount, 788 * but not more than the buffer size. 789 */ 790 amount = min(amount_left_to_req, FSG_BUFLEN); 791 792 /* Beyond the end of the backing file? */ 793 if (usb_offset >= curlun->file_length) { 794 get_some_more = 0; 795 curlun->sense_data = 796 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 797 curlun->sense_data_info = 798 usb_offset >> curlun->blkbits; 799 curlun->info_valid = 1; 800 continue; 801 } 802 803 /* Get the next buffer */ 804 usb_offset += amount; 805 common->usb_amount_left -= amount; 806 amount_left_to_req -= amount; 807 if (amount_left_to_req == 0) 808 get_some_more = 0; 809 810 /* 811 * Except at the end of the transfer, amount will be 812 * equal to the buffer size, which is divisible by 813 * the bulk-out maxpacket size. 814 */ 815 set_bulk_out_req_length(common, bh, amount); 816 if (!start_out_transfer(common, bh)) 817 /* Dunno what to do if common->fsg is NULL */ 818 return -EIO; 819 common->next_buffhd_to_fill = bh->next; 820 continue; 821 } 822 823 /* Write the received data to the backing file */ 824 bh = common->next_buffhd_to_drain; 825 if (bh->state == BUF_STATE_EMPTY && !get_some_more) 826 break; /* We stopped early */ 827 828 /* Wait for the data to be received */ 829 rc = sleep_thread(common, false, bh); 830 if (rc) 831 return rc; 832 833 common->next_buffhd_to_drain = bh->next; 834 bh->state = BUF_STATE_EMPTY; 835 836 /* Did something go wrong with the transfer? */ 837 if (bh->outreq->status != 0) { 838 curlun->sense_data = SS_COMMUNICATION_FAILURE; 839 curlun->sense_data_info = 840 file_offset >> curlun->blkbits; 841 curlun->info_valid = 1; 842 break; 843 } 844 845 amount = bh->outreq->actual; 846 if (curlun->file_length - file_offset < amount) { 847 LERROR(curlun, "write %u @ %llu beyond end %llu\n", 848 amount, (unsigned long long)file_offset, 849 (unsigned long long)curlun->file_length); 850 amount = curlun->file_length - file_offset; 851 } 852 853 /* 854 * Don't accept excess data. The spec doesn't say 855 * what to do in this case. We'll ignore the error. 856 */ 857 amount = min(amount, bh->bulk_out_intended_length); 858 859 /* Don't write a partial block */ 860 amount = round_down(amount, curlun->blksize); 861 if (amount == 0) 862 goto empty_write; 863 864 /* Perform the write */ 865 file_offset_tmp = file_offset; 866 nwritten = kernel_write(curlun->filp, bh->buf, amount, 867 &file_offset_tmp); 868 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount, 869 (unsigned long long)file_offset, (int)nwritten); 870 if (signal_pending(current)) 871 return -EINTR; /* Interrupted! */ 872 873 if (nwritten < 0) { 874 LDBG(curlun, "error in file write: %d\n", 875 (int) nwritten); 876 nwritten = 0; 877 } else if (nwritten < amount) { 878 LDBG(curlun, "partial file write: %d/%u\n", 879 (int) nwritten, amount); 880 nwritten = round_down(nwritten, curlun->blksize); 881 } 882 file_offset += nwritten; 883 amount_left_to_write -= nwritten; 884 common->residue -= nwritten; 885 886 /* If an error occurred, report it and its position */ 887 if (nwritten < amount) { 888 curlun->sense_data = SS_WRITE_ERROR; 889 curlun->sense_data_info = 890 file_offset >> curlun->blkbits; 891 curlun->info_valid = 1; 892 break; 893 } 894 895 empty_write: 896 /* Did the host decide to stop early? */ 897 if (bh->outreq->actual < bh->bulk_out_intended_length) { 898 common->short_packet_received = 1; 899 break; 900 } 901 } 902 903 return -EIO; /* No default reply */ 904 } 905 906 907 /*-------------------------------------------------------------------------*/ 908 909 static int do_synchronize_cache(struct fsg_common *common) 910 { 911 struct fsg_lun *curlun = common->curlun; 912 int rc; 913 914 /* We ignore the requested LBA and write out all file's 915 * dirty data buffers. */ 916 rc = fsg_lun_fsync_sub(curlun); 917 if (rc) 918 curlun->sense_data = SS_WRITE_ERROR; 919 return 0; 920 } 921 922 923 /*-------------------------------------------------------------------------*/ 924 925 static void invalidate_sub(struct fsg_lun *curlun) 926 { 927 struct file *filp = curlun->filp; 928 struct inode *inode = file_inode(filp); 929 unsigned long rc; 930 931 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1); 932 VLDBG(curlun, "invalidate_mapping_pages -> %ld\n", rc); 933 } 934 935 static int do_verify(struct fsg_common *common) 936 { 937 struct fsg_lun *curlun = common->curlun; 938 u32 lba; 939 u32 verification_length; 940 struct fsg_buffhd *bh = common->next_buffhd_to_fill; 941 loff_t file_offset, file_offset_tmp; 942 u32 amount_left; 943 unsigned int amount; 944 ssize_t nread; 945 946 /* 947 * Get the starting Logical Block Address and check that it's 948 * not too big. 949 */ 950 lba = get_unaligned_be32(&common->cmnd[2]); 951 if (lba >= curlun->num_sectors) { 952 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 953 return -EINVAL; 954 } 955 956 /* 957 * We allow DPO (Disable Page Out = don't save data in the 958 * cache) but we don't implement it. 959 */ 960 if (common->cmnd[1] & ~0x10) { 961 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 962 return -EINVAL; 963 } 964 965 verification_length = get_unaligned_be16(&common->cmnd[7]); 966 if (unlikely(verification_length == 0)) 967 return -EIO; /* No default reply */ 968 969 /* Prepare to carry out the file verify */ 970 amount_left = verification_length << curlun->blkbits; 971 file_offset = ((loff_t) lba) << curlun->blkbits; 972 973 /* Write out all the dirty buffers before invalidating them */ 974 fsg_lun_fsync_sub(curlun); 975 if (signal_pending(current)) 976 return -EINTR; 977 978 invalidate_sub(curlun); 979 if (signal_pending(current)) 980 return -EINTR; 981 982 /* Just try to read the requested blocks */ 983 while (amount_left > 0) { 984 /* 985 * Figure out how much we need to read: 986 * Try to read the remaining amount, but not more than 987 * the buffer size. 988 * And don't try to read past the end of the file. 989 */ 990 amount = min(amount_left, FSG_BUFLEN); 991 amount = min((loff_t)amount, 992 curlun->file_length - file_offset); 993 if (amount == 0) { 994 curlun->sense_data = 995 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 996 curlun->sense_data_info = 997 file_offset >> curlun->blkbits; 998 curlun->info_valid = 1; 999 break; 1000 } 1001 1002 /* Perform the read */ 1003 file_offset_tmp = file_offset; 1004 nread = kernel_read(curlun->filp, bh->buf, amount, 1005 &file_offset_tmp); 1006 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 1007 (unsigned long long) file_offset, 1008 (int) nread); 1009 if (signal_pending(current)) 1010 return -EINTR; 1011 1012 if (nread < 0) { 1013 LDBG(curlun, "error in file verify: %d\n", (int)nread); 1014 nread = 0; 1015 } else if (nread < amount) { 1016 LDBG(curlun, "partial file verify: %d/%u\n", 1017 (int)nread, amount); 1018 nread = round_down(nread, curlun->blksize); 1019 } 1020 if (nread == 0) { 1021 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 1022 curlun->sense_data_info = 1023 file_offset >> curlun->blkbits; 1024 curlun->info_valid = 1; 1025 break; 1026 } 1027 file_offset += nread; 1028 amount_left -= nread; 1029 } 1030 return 0; 1031 } 1032 1033 1034 /*-------------------------------------------------------------------------*/ 1035 1036 static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh) 1037 { 1038 struct fsg_lun *curlun = common->curlun; 1039 u8 *buf = (u8 *) bh->buf; 1040 1041 if (!curlun) { /* Unsupported LUNs are okay */ 1042 common->bad_lun_okay = 1; 1043 memset(buf, 0, 36); 1044 buf[0] = TYPE_NO_LUN; /* Unsupported, no device-type */ 1045 buf[4] = 31; /* Additional length */ 1046 return 36; 1047 } 1048 1049 buf[0] = curlun->cdrom ? TYPE_ROM : TYPE_DISK; 1050 buf[1] = curlun->removable ? 0x80 : 0; 1051 buf[2] = 2; /* ANSI SCSI level 2 */ 1052 buf[3] = 2; /* SCSI-2 INQUIRY data format */ 1053 buf[4] = 31; /* Additional length */ 1054 buf[5] = 0; /* No special options */ 1055 buf[6] = 0; 1056 buf[7] = 0; 1057 if (curlun->inquiry_string[0]) 1058 memcpy(buf + 8, curlun->inquiry_string, 1059 sizeof(curlun->inquiry_string)); 1060 else 1061 memcpy(buf + 8, common->inquiry_string, 1062 sizeof(common->inquiry_string)); 1063 return 36; 1064 } 1065 1066 static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh) 1067 { 1068 struct fsg_lun *curlun = common->curlun; 1069 u8 *buf = (u8 *) bh->buf; 1070 u32 sd, sdinfo; 1071 int valid; 1072 1073 /* 1074 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 1075 * 1076 * If a REQUEST SENSE command is received from an initiator 1077 * with a pending unit attention condition (before the target 1078 * generates the contingent allegiance condition), then the 1079 * target shall either: 1080 * a) report any pending sense data and preserve the unit 1081 * attention condition on the logical unit, or, 1082 * b) report the unit attention condition, may discard any 1083 * pending sense data, and clear the unit attention 1084 * condition on the logical unit for that initiator. 1085 * 1086 * FSG normally uses option a); enable this code to use option b). 1087 */ 1088 #if 0 1089 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) { 1090 curlun->sense_data = curlun->unit_attention_data; 1091 curlun->unit_attention_data = SS_NO_SENSE; 1092 } 1093 #endif 1094 1095 if (!curlun) { /* Unsupported LUNs are okay */ 1096 common->bad_lun_okay = 1; 1097 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1098 sdinfo = 0; 1099 valid = 0; 1100 } else { 1101 sd = curlun->sense_data; 1102 sdinfo = curlun->sense_data_info; 1103 valid = curlun->info_valid << 7; 1104 curlun->sense_data = SS_NO_SENSE; 1105 curlun->sense_data_info = 0; 1106 curlun->info_valid = 0; 1107 } 1108 1109 memset(buf, 0, 18); 1110 buf[0] = valid | 0x70; /* Valid, current error */ 1111 buf[2] = SK(sd); 1112 put_unaligned_be32(sdinfo, &buf[3]); /* Sense information */ 1113 buf[7] = 18 - 8; /* Additional sense length */ 1114 buf[12] = ASC(sd); 1115 buf[13] = ASCQ(sd); 1116 return 18; 1117 } 1118 1119 static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh) 1120 { 1121 struct fsg_lun *curlun = common->curlun; 1122 u32 lba = get_unaligned_be32(&common->cmnd[2]); 1123 int pmi = common->cmnd[8]; 1124 u8 *buf = (u8 *)bh->buf; 1125 u32 max_lba; 1126 1127 /* Check the PMI and LBA fields */ 1128 if (pmi > 1 || (pmi == 0 && lba != 0)) { 1129 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1130 return -EINVAL; 1131 } 1132 1133 if (curlun->num_sectors < 0x100000000ULL) 1134 max_lba = curlun->num_sectors - 1; 1135 else 1136 max_lba = 0xffffffff; 1137 put_unaligned_be32(max_lba, &buf[0]); /* Max logical block */ 1138 put_unaligned_be32(curlun->blksize, &buf[4]); /* Block length */ 1139 return 8; 1140 } 1141 1142 static int do_read_capacity_16(struct fsg_common *common, struct fsg_buffhd *bh) 1143 { 1144 struct fsg_lun *curlun = common->curlun; 1145 u64 lba = get_unaligned_be64(&common->cmnd[2]); 1146 int pmi = common->cmnd[14]; 1147 u8 *buf = (u8 *)bh->buf; 1148 1149 /* Check the PMI and LBA fields */ 1150 if (pmi > 1 || (pmi == 0 && lba != 0)) { 1151 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1152 return -EINVAL; 1153 } 1154 1155 put_unaligned_be64(curlun->num_sectors - 1, &buf[0]); 1156 /* Max logical block */ 1157 put_unaligned_be32(curlun->blksize, &buf[8]); /* Block length */ 1158 1159 /* It is safe to keep other fields zeroed */ 1160 memset(&buf[12], 0, 32 - 12); 1161 return 32; 1162 } 1163 1164 static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh) 1165 { 1166 struct fsg_lun *curlun = common->curlun; 1167 int msf = common->cmnd[1] & 0x02; 1168 u32 lba = get_unaligned_be32(&common->cmnd[2]); 1169 u8 *buf = (u8 *)bh->buf; 1170 1171 if (common->cmnd[1] & ~0x02) { /* Mask away MSF */ 1172 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1173 return -EINVAL; 1174 } 1175 if (lba >= curlun->num_sectors) { 1176 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1177 return -EINVAL; 1178 } 1179 1180 memset(buf, 0, 8); 1181 buf[0] = 0x01; /* 2048 bytes of user data, rest is EC */ 1182 store_cdrom_address(&buf[4], msf, lba); 1183 return 8; 1184 } 1185 1186 static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh) 1187 { 1188 struct fsg_lun *curlun = common->curlun; 1189 int msf = common->cmnd[1] & 0x02; 1190 int start_track = common->cmnd[6]; 1191 u8 *buf = (u8 *)bh->buf; 1192 u8 format; 1193 int i, len; 1194 1195 if ((common->cmnd[1] & ~0x02) != 0 || /* Mask away MSF */ 1196 start_track > 1) { 1197 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1198 return -EINVAL; 1199 } 1200 1201 format = common->cmnd[2] & 0xf; 1202 /* 1203 * Check if CDB is old style SFF-8020i 1204 * i.e. format is in 2 MSBs of byte 9 1205 * Mac OS-X host sends us this. 1206 */ 1207 if (format == 0) 1208 format = (common->cmnd[9] >> 6) & 0x3; 1209 1210 switch (format) { 1211 case 0: 1212 /* Formatted TOC */ 1213 len = 4 + 2*8; /* 4 byte header + 2 descriptors */ 1214 memset(buf, 0, len); 1215 buf[1] = len - 2; /* TOC Length excludes length field */ 1216 buf[2] = 1; /* First track number */ 1217 buf[3] = 1; /* Last track number */ 1218 buf[5] = 0x16; /* Data track, copying allowed */ 1219 buf[6] = 0x01; /* Only track is number 1 */ 1220 store_cdrom_address(&buf[8], msf, 0); 1221 1222 buf[13] = 0x16; /* Lead-out track is data */ 1223 buf[14] = 0xAA; /* Lead-out track number */ 1224 store_cdrom_address(&buf[16], msf, curlun->num_sectors); 1225 return len; 1226 1227 case 2: 1228 /* Raw TOC */ 1229 len = 4 + 3*11; /* 4 byte header + 3 descriptors */ 1230 memset(buf, 0, len); /* Header + A0, A1 & A2 descriptors */ 1231 buf[1] = len - 2; /* TOC Length excludes length field */ 1232 buf[2] = 1; /* First complete session */ 1233 buf[3] = 1; /* Last complete session */ 1234 1235 buf += 4; 1236 /* fill in A0, A1 and A2 points */ 1237 for (i = 0; i < 3; i++) { 1238 buf[0] = 1; /* Session number */ 1239 buf[1] = 0x16; /* Data track, copying allowed */ 1240 /* 2 - Track number 0 -> TOC */ 1241 buf[3] = 0xA0 + i; /* A0, A1, A2 point */ 1242 /* 4, 5, 6 - Min, sec, frame is zero */ 1243 buf[8] = 1; /* Pmin: last track number */ 1244 buf += 11; /* go to next track descriptor */ 1245 } 1246 buf -= 11; /* go back to A2 descriptor */ 1247 1248 /* For A2, 7, 8, 9, 10 - zero, Pmin, Psec, Pframe of Lead out */ 1249 store_cdrom_address(&buf[7], msf, curlun->num_sectors); 1250 return len; 1251 1252 default: 1253 /* Multi-session, PMA, ATIP, CD-TEXT not supported/required */ 1254 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1255 return -EINVAL; 1256 } 1257 } 1258 1259 static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh) 1260 { 1261 struct fsg_lun *curlun = common->curlun; 1262 int mscmnd = common->cmnd[0]; 1263 u8 *buf = (u8 *) bh->buf; 1264 u8 *buf0 = buf; 1265 int pc, page_code; 1266 int changeable_values, all_pages; 1267 int valid_page = 0; 1268 int len, limit; 1269 1270 if ((common->cmnd[1] & ~0x08) != 0) { /* Mask away DBD */ 1271 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1272 return -EINVAL; 1273 } 1274 pc = common->cmnd[2] >> 6; 1275 page_code = common->cmnd[2] & 0x3f; 1276 if (pc == 3) { 1277 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 1278 return -EINVAL; 1279 } 1280 changeable_values = (pc == 1); 1281 all_pages = (page_code == 0x3f); 1282 1283 /* 1284 * Write the mode parameter header. Fixed values are: default 1285 * medium type, no cache control (DPOFUA), and no block descriptors. 1286 * The only variable value is the WriteProtect bit. We will fill in 1287 * the mode data length later. 1288 */ 1289 memset(buf, 0, 8); 1290 if (mscmnd == MODE_SENSE) { 1291 buf[2] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */ 1292 buf += 4; 1293 limit = 255; 1294 } else { /* MODE_SENSE_10 */ 1295 buf[3] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */ 1296 buf += 8; 1297 limit = 65535; /* Should really be FSG_BUFLEN */ 1298 } 1299 1300 /* No block descriptors */ 1301 1302 /* 1303 * The mode pages, in numerical order. The only page we support 1304 * is the Caching page. 1305 */ 1306 if (page_code == 0x08 || all_pages) { 1307 valid_page = 1; 1308 buf[0] = 0x08; /* Page code */ 1309 buf[1] = 10; /* Page length */ 1310 memset(buf+2, 0, 10); /* None of the fields are changeable */ 1311 1312 if (!changeable_values) { 1313 buf[2] = 0x04; /* Write cache enable, */ 1314 /* Read cache not disabled */ 1315 /* No cache retention priorities */ 1316 put_unaligned_be16(0xffff, &buf[4]); 1317 /* Don't disable prefetch */ 1318 /* Minimum prefetch = 0 */ 1319 put_unaligned_be16(0xffff, &buf[8]); 1320 /* Maximum prefetch */ 1321 put_unaligned_be16(0xffff, &buf[10]); 1322 /* Maximum prefetch ceiling */ 1323 } 1324 buf += 12; 1325 } 1326 1327 /* 1328 * Check that a valid page was requested and the mode data length 1329 * isn't too long. 1330 */ 1331 len = buf - buf0; 1332 if (!valid_page || len > limit) { 1333 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1334 return -EINVAL; 1335 } 1336 1337 /* Store the mode data length */ 1338 if (mscmnd == MODE_SENSE) 1339 buf0[0] = len - 1; 1340 else 1341 put_unaligned_be16(len - 2, buf0); 1342 return len; 1343 } 1344 1345 static int do_start_stop(struct fsg_common *common) 1346 { 1347 struct fsg_lun *curlun = common->curlun; 1348 int loej, start; 1349 1350 if (!curlun) { 1351 return -EINVAL; 1352 } else if (!curlun->removable) { 1353 curlun->sense_data = SS_INVALID_COMMAND; 1354 return -EINVAL; 1355 } else if ((common->cmnd[1] & ~0x01) != 0 || /* Mask away Immed */ 1356 (common->cmnd[4] & ~0x03) != 0) { /* Mask LoEj, Start */ 1357 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1358 return -EINVAL; 1359 } 1360 1361 loej = common->cmnd[4] & 0x02; 1362 start = common->cmnd[4] & 0x01; 1363 1364 /* 1365 * Our emulation doesn't support mounting; the medium is 1366 * available for use as soon as it is loaded. 1367 */ 1368 if (start) { 1369 if (!fsg_lun_is_open(curlun)) { 1370 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1371 return -EINVAL; 1372 } 1373 return 0; 1374 } 1375 1376 /* Are we allowed to unload the media? */ 1377 if (curlun->prevent_medium_removal) { 1378 LDBG(curlun, "unload attempt prevented\n"); 1379 curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED; 1380 return -EINVAL; 1381 } 1382 1383 if (!loej) 1384 return 0; 1385 1386 up_read(&common->filesem); 1387 down_write(&common->filesem); 1388 fsg_lun_close(curlun); 1389 up_write(&common->filesem); 1390 down_read(&common->filesem); 1391 1392 return 0; 1393 } 1394 1395 static int do_prevent_allow(struct fsg_common *common) 1396 { 1397 struct fsg_lun *curlun = common->curlun; 1398 int prevent; 1399 1400 if (!common->curlun) { 1401 return -EINVAL; 1402 } else if (!common->curlun->removable) { 1403 common->curlun->sense_data = SS_INVALID_COMMAND; 1404 return -EINVAL; 1405 } 1406 1407 prevent = common->cmnd[4] & 0x01; 1408 if ((common->cmnd[4] & ~0x01) != 0) { /* Mask away Prevent */ 1409 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1410 return -EINVAL; 1411 } 1412 1413 if (curlun->prevent_medium_removal && !prevent) 1414 fsg_lun_fsync_sub(curlun); 1415 curlun->prevent_medium_removal = prevent; 1416 return 0; 1417 } 1418 1419 static int do_read_format_capacities(struct fsg_common *common, 1420 struct fsg_buffhd *bh) 1421 { 1422 struct fsg_lun *curlun = common->curlun; 1423 u8 *buf = (u8 *) bh->buf; 1424 1425 buf[0] = buf[1] = buf[2] = 0; 1426 buf[3] = 8; /* Only the Current/Maximum Capacity Descriptor */ 1427 buf += 4; 1428 1429 put_unaligned_be32(curlun->num_sectors, &buf[0]); 1430 /* Number of blocks */ 1431 put_unaligned_be32(curlun->blksize, &buf[4]);/* Block length */ 1432 buf[4] = 0x02; /* Current capacity */ 1433 return 12; 1434 } 1435 1436 static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh) 1437 { 1438 struct fsg_lun *curlun = common->curlun; 1439 1440 /* We don't support MODE SELECT */ 1441 if (curlun) 1442 curlun->sense_data = SS_INVALID_COMMAND; 1443 return -EINVAL; 1444 } 1445 1446 1447 /*-------------------------------------------------------------------------*/ 1448 1449 static int halt_bulk_in_endpoint(struct fsg_dev *fsg) 1450 { 1451 int rc; 1452 1453 rc = fsg_set_halt(fsg, fsg->bulk_in); 1454 if (rc == -EAGAIN) 1455 VDBG(fsg, "delayed bulk-in endpoint halt\n"); 1456 while (rc != 0) { 1457 if (rc != -EAGAIN) { 1458 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc); 1459 rc = 0; 1460 break; 1461 } 1462 1463 /* Wait for a short time and then try again */ 1464 if (msleep_interruptible(100) != 0) 1465 return -EINTR; 1466 rc = usb_ep_set_halt(fsg->bulk_in); 1467 } 1468 return rc; 1469 } 1470 1471 static int wedge_bulk_in_endpoint(struct fsg_dev *fsg) 1472 { 1473 int rc; 1474 1475 DBG(fsg, "bulk-in set wedge\n"); 1476 rc = usb_ep_set_wedge(fsg->bulk_in); 1477 if (rc == -EAGAIN) 1478 VDBG(fsg, "delayed bulk-in endpoint wedge\n"); 1479 while (rc != 0) { 1480 if (rc != -EAGAIN) { 1481 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc); 1482 rc = 0; 1483 break; 1484 } 1485 1486 /* Wait for a short time and then try again */ 1487 if (msleep_interruptible(100) != 0) 1488 return -EINTR; 1489 rc = usb_ep_set_wedge(fsg->bulk_in); 1490 } 1491 return rc; 1492 } 1493 1494 static int throw_away_data(struct fsg_common *common) 1495 { 1496 struct fsg_buffhd *bh, *bh2; 1497 u32 amount; 1498 int rc; 1499 1500 for (bh = common->next_buffhd_to_drain; 1501 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0; 1502 bh = common->next_buffhd_to_drain) { 1503 1504 /* Try to submit another request if we need one */ 1505 bh2 = common->next_buffhd_to_fill; 1506 if (bh2->state == BUF_STATE_EMPTY && 1507 common->usb_amount_left > 0) { 1508 amount = min(common->usb_amount_left, FSG_BUFLEN); 1509 1510 /* 1511 * Except at the end of the transfer, amount will be 1512 * equal to the buffer size, which is divisible by 1513 * the bulk-out maxpacket size. 1514 */ 1515 set_bulk_out_req_length(common, bh2, amount); 1516 if (!start_out_transfer(common, bh2)) 1517 /* Dunno what to do if common->fsg is NULL */ 1518 return -EIO; 1519 common->next_buffhd_to_fill = bh2->next; 1520 common->usb_amount_left -= amount; 1521 continue; 1522 } 1523 1524 /* Wait for the data to be received */ 1525 rc = sleep_thread(common, false, bh); 1526 if (rc) 1527 return rc; 1528 1529 /* Throw away the data in a filled buffer */ 1530 bh->state = BUF_STATE_EMPTY; 1531 common->next_buffhd_to_drain = bh->next; 1532 1533 /* A short packet or an error ends everything */ 1534 if (bh->outreq->actual < bh->bulk_out_intended_length || 1535 bh->outreq->status != 0) { 1536 raise_exception(common, FSG_STATE_ABORT_BULK_OUT); 1537 return -EINTR; 1538 } 1539 } 1540 return 0; 1541 } 1542 1543 static int finish_reply(struct fsg_common *common) 1544 { 1545 struct fsg_buffhd *bh = common->next_buffhd_to_fill; 1546 int rc = 0; 1547 1548 switch (common->data_dir) { 1549 case DATA_DIR_NONE: 1550 break; /* Nothing to send */ 1551 1552 /* 1553 * If we don't know whether the host wants to read or write, 1554 * this must be CB or CBI with an unknown command. We mustn't 1555 * try to send or receive any data. So stall both bulk pipes 1556 * if we can and wait for a reset. 1557 */ 1558 case DATA_DIR_UNKNOWN: 1559 if (!common->can_stall) { 1560 /* Nothing */ 1561 } else if (fsg_is_set(common)) { 1562 fsg_set_halt(common->fsg, common->fsg->bulk_out); 1563 rc = halt_bulk_in_endpoint(common->fsg); 1564 } else { 1565 /* Don't know what to do if common->fsg is NULL */ 1566 rc = -EIO; 1567 } 1568 break; 1569 1570 /* All but the last buffer of data must have already been sent */ 1571 case DATA_DIR_TO_HOST: 1572 if (common->data_size == 0) { 1573 /* Nothing to send */ 1574 1575 /* Don't know what to do if common->fsg is NULL */ 1576 } else if (!fsg_is_set(common)) { 1577 rc = -EIO; 1578 1579 /* If there's no residue, simply send the last buffer */ 1580 } else if (common->residue == 0) { 1581 bh->inreq->zero = 0; 1582 if (!start_in_transfer(common, bh)) 1583 return -EIO; 1584 common->next_buffhd_to_fill = bh->next; 1585 1586 /* 1587 * For Bulk-only, mark the end of the data with a short 1588 * packet. If we are allowed to stall, halt the bulk-in 1589 * endpoint. (Note: This violates the Bulk-Only Transport 1590 * specification, which requires us to pad the data if we 1591 * don't halt the endpoint. Presumably nobody will mind.) 1592 */ 1593 } else { 1594 bh->inreq->zero = 1; 1595 if (!start_in_transfer(common, bh)) 1596 rc = -EIO; 1597 common->next_buffhd_to_fill = bh->next; 1598 if (common->can_stall) 1599 rc = halt_bulk_in_endpoint(common->fsg); 1600 } 1601 break; 1602 1603 /* 1604 * We have processed all we want from the data the host has sent. 1605 * There may still be outstanding bulk-out requests. 1606 */ 1607 case DATA_DIR_FROM_HOST: 1608 if (common->residue == 0) { 1609 /* Nothing to receive */ 1610 1611 /* Did the host stop sending unexpectedly early? */ 1612 } else if (common->short_packet_received) { 1613 raise_exception(common, FSG_STATE_ABORT_BULK_OUT); 1614 rc = -EINTR; 1615 1616 /* 1617 * We haven't processed all the incoming data. Even though 1618 * we may be allowed to stall, doing so would cause a race. 1619 * The controller may already have ACK'ed all the remaining 1620 * bulk-out packets, in which case the host wouldn't see a 1621 * STALL. Not realizing the endpoint was halted, it wouldn't 1622 * clear the halt -- leading to problems later on. 1623 */ 1624 #if 0 1625 } else if (common->can_stall) { 1626 if (fsg_is_set(common)) 1627 fsg_set_halt(common->fsg, 1628 common->fsg->bulk_out); 1629 raise_exception(common, FSG_STATE_ABORT_BULK_OUT); 1630 rc = -EINTR; 1631 #endif 1632 1633 /* 1634 * We can't stall. Read in the excess data and throw it 1635 * all away. 1636 */ 1637 } else { 1638 rc = throw_away_data(common); 1639 } 1640 break; 1641 } 1642 return rc; 1643 } 1644 1645 static void send_status(struct fsg_common *common) 1646 { 1647 struct fsg_lun *curlun = common->curlun; 1648 struct fsg_buffhd *bh; 1649 struct bulk_cs_wrap *csw; 1650 int rc; 1651 u8 status = US_BULK_STAT_OK; 1652 u32 sd, sdinfo = 0; 1653 1654 /* Wait for the next buffer to become available */ 1655 bh = common->next_buffhd_to_fill; 1656 rc = sleep_thread(common, false, bh); 1657 if (rc) 1658 return; 1659 1660 if (curlun) { 1661 sd = curlun->sense_data; 1662 sdinfo = curlun->sense_data_info; 1663 } else if (common->bad_lun_okay) 1664 sd = SS_NO_SENSE; 1665 else 1666 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1667 1668 if (common->phase_error) { 1669 DBG(common, "sending phase-error status\n"); 1670 status = US_BULK_STAT_PHASE; 1671 sd = SS_INVALID_COMMAND; 1672 } else if (sd != SS_NO_SENSE) { 1673 DBG(common, "sending command-failure status\n"); 1674 status = US_BULK_STAT_FAIL; 1675 VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;" 1676 " info x%x\n", 1677 SK(sd), ASC(sd), ASCQ(sd), sdinfo); 1678 } 1679 1680 /* Store and send the Bulk-only CSW */ 1681 csw = (void *)bh->buf; 1682 1683 csw->Signature = cpu_to_le32(US_BULK_CS_SIGN); 1684 csw->Tag = common->tag; 1685 csw->Residue = cpu_to_le32(common->residue); 1686 csw->Status = status; 1687 1688 bh->inreq->length = US_BULK_CS_WRAP_LEN; 1689 bh->inreq->zero = 0; 1690 if (!start_in_transfer(common, bh)) 1691 /* Don't know what to do if common->fsg is NULL */ 1692 return; 1693 1694 common->next_buffhd_to_fill = bh->next; 1695 return; 1696 } 1697 1698 1699 /*-------------------------------------------------------------------------*/ 1700 1701 /* 1702 * Check whether the command is properly formed and whether its data size 1703 * and direction agree with the values we already have. 1704 */ 1705 static int check_command(struct fsg_common *common, int cmnd_size, 1706 enum data_direction data_dir, unsigned int mask, 1707 int needs_medium, const char *name) 1708 { 1709 int i; 1710 unsigned int lun = common->cmnd[1] >> 5; 1711 static const char dirletter[4] = {'u', 'o', 'i', 'n'}; 1712 char hdlen[20]; 1713 struct fsg_lun *curlun; 1714 1715 hdlen[0] = 0; 1716 if (common->data_dir != DATA_DIR_UNKNOWN) 1717 sprintf(hdlen, ", H%c=%u", dirletter[(int) common->data_dir], 1718 common->data_size); 1719 VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n", 1720 name, cmnd_size, dirletter[(int) data_dir], 1721 common->data_size_from_cmnd, common->cmnd_size, hdlen); 1722 1723 /* 1724 * We can't reply at all until we know the correct data direction 1725 * and size. 1726 */ 1727 if (common->data_size_from_cmnd == 0) 1728 data_dir = DATA_DIR_NONE; 1729 if (common->data_size < common->data_size_from_cmnd) { 1730 /* 1731 * Host data size < Device data size is a phase error. 1732 * Carry out the command, but only transfer as much as 1733 * we are allowed. 1734 */ 1735 common->data_size_from_cmnd = common->data_size; 1736 common->phase_error = 1; 1737 } 1738 common->residue = common->data_size; 1739 common->usb_amount_left = common->data_size; 1740 1741 /* Conflicting data directions is a phase error */ 1742 if (common->data_dir != data_dir && common->data_size_from_cmnd > 0) { 1743 common->phase_error = 1; 1744 return -EINVAL; 1745 } 1746 1747 /* Verify the length of the command itself */ 1748 if (cmnd_size != common->cmnd_size) { 1749 1750 /* 1751 * Special case workaround: There are plenty of buggy SCSI 1752 * implementations. Many have issues with cbw->Length 1753 * field passing a wrong command size. For those cases we 1754 * always try to work around the problem by using the length 1755 * sent by the host side provided it is at least as large 1756 * as the correct command length. 1757 * Examples of such cases would be MS-Windows, which issues 1758 * REQUEST SENSE with cbw->Length == 12 where it should 1759 * be 6, and xbox360 issuing INQUIRY, TEST UNIT READY and 1760 * REQUEST SENSE with cbw->Length == 10 where it should 1761 * be 6 as well. 1762 */ 1763 if (cmnd_size <= common->cmnd_size) { 1764 DBG(common, "%s is buggy! Expected length %d " 1765 "but we got %d\n", name, 1766 cmnd_size, common->cmnd_size); 1767 cmnd_size = common->cmnd_size; 1768 } else { 1769 common->phase_error = 1; 1770 return -EINVAL; 1771 } 1772 } 1773 1774 /* Check that the LUN values are consistent */ 1775 if (common->lun != lun) 1776 DBG(common, "using LUN %u from CBW, not LUN %u from CDB\n", 1777 common->lun, lun); 1778 1779 /* Check the LUN */ 1780 curlun = common->curlun; 1781 if (curlun) { 1782 if (common->cmnd[0] != REQUEST_SENSE) { 1783 curlun->sense_data = SS_NO_SENSE; 1784 curlun->sense_data_info = 0; 1785 curlun->info_valid = 0; 1786 } 1787 } else { 1788 common->bad_lun_okay = 0; 1789 1790 /* 1791 * INQUIRY and REQUEST SENSE commands are explicitly allowed 1792 * to use unsupported LUNs; all others may not. 1793 */ 1794 if (common->cmnd[0] != INQUIRY && 1795 common->cmnd[0] != REQUEST_SENSE) { 1796 DBG(common, "unsupported LUN %u\n", common->lun); 1797 return -EINVAL; 1798 } 1799 } 1800 1801 /* 1802 * If a unit attention condition exists, only INQUIRY and 1803 * REQUEST SENSE commands are allowed; anything else must fail. 1804 */ 1805 if (curlun && curlun->unit_attention_data != SS_NO_SENSE && 1806 common->cmnd[0] != INQUIRY && 1807 common->cmnd[0] != REQUEST_SENSE) { 1808 curlun->sense_data = curlun->unit_attention_data; 1809 curlun->unit_attention_data = SS_NO_SENSE; 1810 return -EINVAL; 1811 } 1812 1813 /* Check that only command bytes listed in the mask are non-zero */ 1814 common->cmnd[1] &= 0x1f; /* Mask away the LUN */ 1815 for (i = 1; i < cmnd_size; ++i) { 1816 if (common->cmnd[i] && !(mask & (1 << i))) { 1817 if (curlun) 1818 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1819 return -EINVAL; 1820 } 1821 } 1822 1823 /* If the medium isn't mounted and the command needs to access 1824 * it, return an error. */ 1825 if (curlun && !fsg_lun_is_open(curlun) && needs_medium) { 1826 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1827 return -EINVAL; 1828 } 1829 1830 return 0; 1831 } 1832 1833 /* wrapper of check_command for data size in blocks handling */ 1834 static int check_command_size_in_blocks(struct fsg_common *common, 1835 int cmnd_size, enum data_direction data_dir, 1836 unsigned int mask, int needs_medium, const char *name) 1837 { 1838 if (common->curlun) 1839 common->data_size_from_cmnd <<= common->curlun->blkbits; 1840 return check_command(common, cmnd_size, data_dir, 1841 mask, needs_medium, name); 1842 } 1843 1844 static int do_scsi_command(struct fsg_common *common) 1845 { 1846 struct fsg_buffhd *bh; 1847 int rc; 1848 int reply = -EINVAL; 1849 int i; 1850 static char unknown[16]; 1851 1852 dump_cdb(common); 1853 1854 /* Wait for the next buffer to become available for data or status */ 1855 bh = common->next_buffhd_to_fill; 1856 common->next_buffhd_to_drain = bh; 1857 rc = sleep_thread(common, false, bh); 1858 if (rc) 1859 return rc; 1860 1861 common->phase_error = 0; 1862 common->short_packet_received = 0; 1863 1864 down_read(&common->filesem); /* We're using the backing file */ 1865 switch (common->cmnd[0]) { 1866 1867 case INQUIRY: 1868 common->data_size_from_cmnd = common->cmnd[4]; 1869 reply = check_command(common, 6, DATA_DIR_TO_HOST, 1870 (1<<4), 0, 1871 "INQUIRY"); 1872 if (reply == 0) 1873 reply = do_inquiry(common, bh); 1874 break; 1875 1876 case MODE_SELECT: 1877 common->data_size_from_cmnd = common->cmnd[4]; 1878 reply = check_command(common, 6, DATA_DIR_FROM_HOST, 1879 (1<<1) | (1<<4), 0, 1880 "MODE SELECT(6)"); 1881 if (reply == 0) 1882 reply = do_mode_select(common, bh); 1883 break; 1884 1885 case MODE_SELECT_10: 1886 common->data_size_from_cmnd = 1887 get_unaligned_be16(&common->cmnd[7]); 1888 reply = check_command(common, 10, DATA_DIR_FROM_HOST, 1889 (1<<1) | (3<<7), 0, 1890 "MODE SELECT(10)"); 1891 if (reply == 0) 1892 reply = do_mode_select(common, bh); 1893 break; 1894 1895 case MODE_SENSE: 1896 common->data_size_from_cmnd = common->cmnd[4]; 1897 reply = check_command(common, 6, DATA_DIR_TO_HOST, 1898 (1<<1) | (1<<2) | (1<<4), 0, 1899 "MODE SENSE(6)"); 1900 if (reply == 0) 1901 reply = do_mode_sense(common, bh); 1902 break; 1903 1904 case MODE_SENSE_10: 1905 common->data_size_from_cmnd = 1906 get_unaligned_be16(&common->cmnd[7]); 1907 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1908 (1<<1) | (1<<2) | (3<<7), 0, 1909 "MODE SENSE(10)"); 1910 if (reply == 0) 1911 reply = do_mode_sense(common, bh); 1912 break; 1913 1914 case ALLOW_MEDIUM_REMOVAL: 1915 common->data_size_from_cmnd = 0; 1916 reply = check_command(common, 6, DATA_DIR_NONE, 1917 (1<<4), 0, 1918 "PREVENT-ALLOW MEDIUM REMOVAL"); 1919 if (reply == 0) 1920 reply = do_prevent_allow(common); 1921 break; 1922 1923 case READ_6: 1924 i = common->cmnd[4]; 1925 common->data_size_from_cmnd = (i == 0) ? 256 : i; 1926 reply = check_command_size_in_blocks(common, 6, 1927 DATA_DIR_TO_HOST, 1928 (7<<1) | (1<<4), 1, 1929 "READ(6)"); 1930 if (reply == 0) 1931 reply = do_read(common); 1932 break; 1933 1934 case READ_10: 1935 common->data_size_from_cmnd = 1936 get_unaligned_be16(&common->cmnd[7]); 1937 reply = check_command_size_in_blocks(common, 10, 1938 DATA_DIR_TO_HOST, 1939 (1<<1) | (0xf<<2) | (3<<7), 1, 1940 "READ(10)"); 1941 if (reply == 0) 1942 reply = do_read(common); 1943 break; 1944 1945 case READ_12: 1946 common->data_size_from_cmnd = 1947 get_unaligned_be32(&common->cmnd[6]); 1948 reply = check_command_size_in_blocks(common, 12, 1949 DATA_DIR_TO_HOST, 1950 (1<<1) | (0xf<<2) | (0xf<<6), 1, 1951 "READ(12)"); 1952 if (reply == 0) 1953 reply = do_read(common); 1954 break; 1955 1956 case READ_16: 1957 common->data_size_from_cmnd = 1958 get_unaligned_be32(&common->cmnd[10]); 1959 reply = check_command_size_in_blocks(common, 16, 1960 DATA_DIR_TO_HOST, 1961 (1<<1) | (0xff<<2) | (0xf<<10), 1, 1962 "READ(16)"); 1963 if (reply == 0) 1964 reply = do_read(common); 1965 break; 1966 1967 case READ_CAPACITY: 1968 common->data_size_from_cmnd = 8; 1969 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1970 (0xf<<2) | (1<<8), 1, 1971 "READ CAPACITY"); 1972 if (reply == 0) 1973 reply = do_read_capacity(common, bh); 1974 break; 1975 1976 case READ_HEADER: 1977 if (!common->curlun || !common->curlun->cdrom) 1978 goto unknown_cmnd; 1979 common->data_size_from_cmnd = 1980 get_unaligned_be16(&common->cmnd[7]); 1981 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1982 (3<<7) | (0x1f<<1), 1, 1983 "READ HEADER"); 1984 if (reply == 0) 1985 reply = do_read_header(common, bh); 1986 break; 1987 1988 case READ_TOC: 1989 if (!common->curlun || !common->curlun->cdrom) 1990 goto unknown_cmnd; 1991 common->data_size_from_cmnd = 1992 get_unaligned_be16(&common->cmnd[7]); 1993 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1994 (0xf<<6) | (3<<1), 1, 1995 "READ TOC"); 1996 if (reply == 0) 1997 reply = do_read_toc(common, bh); 1998 break; 1999 2000 case READ_FORMAT_CAPACITIES: 2001 common->data_size_from_cmnd = 2002 get_unaligned_be16(&common->cmnd[7]); 2003 reply = check_command(common, 10, DATA_DIR_TO_HOST, 2004 (3<<7), 1, 2005 "READ FORMAT CAPACITIES"); 2006 if (reply == 0) 2007 reply = do_read_format_capacities(common, bh); 2008 break; 2009 2010 case REQUEST_SENSE: 2011 common->data_size_from_cmnd = common->cmnd[4]; 2012 reply = check_command(common, 6, DATA_DIR_TO_HOST, 2013 (1<<4), 0, 2014 "REQUEST SENSE"); 2015 if (reply == 0) 2016 reply = do_request_sense(common, bh); 2017 break; 2018 2019 case SERVICE_ACTION_IN_16: 2020 switch (common->cmnd[1] & 0x1f) { 2021 2022 case SAI_READ_CAPACITY_16: 2023 common->data_size_from_cmnd = 2024 get_unaligned_be32(&common->cmnd[10]); 2025 reply = check_command(common, 16, DATA_DIR_TO_HOST, 2026 (1<<1) | (0xff<<2) | (0xf<<10) | 2027 (1<<14), 1, 2028 "READ CAPACITY(16)"); 2029 if (reply == 0) 2030 reply = do_read_capacity_16(common, bh); 2031 break; 2032 2033 default: 2034 goto unknown_cmnd; 2035 } 2036 break; 2037 2038 case START_STOP: 2039 common->data_size_from_cmnd = 0; 2040 reply = check_command(common, 6, DATA_DIR_NONE, 2041 (1<<1) | (1<<4), 0, 2042 "START-STOP UNIT"); 2043 if (reply == 0) 2044 reply = do_start_stop(common); 2045 break; 2046 2047 case SYNCHRONIZE_CACHE: 2048 common->data_size_from_cmnd = 0; 2049 reply = check_command(common, 10, DATA_DIR_NONE, 2050 (0xf<<2) | (3<<7), 1, 2051 "SYNCHRONIZE CACHE"); 2052 if (reply == 0) 2053 reply = do_synchronize_cache(common); 2054 break; 2055 2056 case TEST_UNIT_READY: 2057 common->data_size_from_cmnd = 0; 2058 reply = check_command(common, 6, DATA_DIR_NONE, 2059 0, 1, 2060 "TEST UNIT READY"); 2061 break; 2062 2063 /* 2064 * Although optional, this command is used by MS-Windows. We 2065 * support a minimal version: BytChk must be 0. 2066 */ 2067 case VERIFY: 2068 common->data_size_from_cmnd = 0; 2069 reply = check_command(common, 10, DATA_DIR_NONE, 2070 (1<<1) | (0xf<<2) | (3<<7), 1, 2071 "VERIFY"); 2072 if (reply == 0) 2073 reply = do_verify(common); 2074 break; 2075 2076 case WRITE_6: 2077 i = common->cmnd[4]; 2078 common->data_size_from_cmnd = (i == 0) ? 256 : i; 2079 reply = check_command_size_in_blocks(common, 6, 2080 DATA_DIR_FROM_HOST, 2081 (7<<1) | (1<<4), 1, 2082 "WRITE(6)"); 2083 if (reply == 0) 2084 reply = do_write(common); 2085 break; 2086 2087 case WRITE_10: 2088 common->data_size_from_cmnd = 2089 get_unaligned_be16(&common->cmnd[7]); 2090 reply = check_command_size_in_blocks(common, 10, 2091 DATA_DIR_FROM_HOST, 2092 (1<<1) | (0xf<<2) | (3<<7), 1, 2093 "WRITE(10)"); 2094 if (reply == 0) 2095 reply = do_write(common); 2096 break; 2097 2098 case WRITE_12: 2099 common->data_size_from_cmnd = 2100 get_unaligned_be32(&common->cmnd[6]); 2101 reply = check_command_size_in_blocks(common, 12, 2102 DATA_DIR_FROM_HOST, 2103 (1<<1) | (0xf<<2) | (0xf<<6), 1, 2104 "WRITE(12)"); 2105 if (reply == 0) 2106 reply = do_write(common); 2107 break; 2108 2109 case WRITE_16: 2110 common->data_size_from_cmnd = 2111 get_unaligned_be32(&common->cmnd[10]); 2112 reply = check_command_size_in_blocks(common, 16, 2113 DATA_DIR_FROM_HOST, 2114 (1<<1) | (0xff<<2) | (0xf<<10), 1, 2115 "WRITE(16)"); 2116 if (reply == 0) 2117 reply = do_write(common); 2118 break; 2119 2120 /* 2121 * Some mandatory commands that we recognize but don't implement. 2122 * They don't mean much in this setting. It's left as an exercise 2123 * for anyone interested to implement RESERVE and RELEASE in terms 2124 * of Posix locks. 2125 */ 2126 case FORMAT_UNIT: 2127 case RELEASE: 2128 case RESERVE: 2129 case SEND_DIAGNOSTIC: 2130 2131 default: 2132 unknown_cmnd: 2133 common->data_size_from_cmnd = 0; 2134 sprintf(unknown, "Unknown x%02x", common->cmnd[0]); 2135 reply = check_command(common, common->cmnd_size, 2136 DATA_DIR_UNKNOWN, ~0, 0, unknown); 2137 if (reply == 0) { 2138 common->curlun->sense_data = SS_INVALID_COMMAND; 2139 reply = -EINVAL; 2140 } 2141 break; 2142 } 2143 up_read(&common->filesem); 2144 2145 if (reply == -EINTR || signal_pending(current)) 2146 return -EINTR; 2147 2148 /* Set up the single reply buffer for finish_reply() */ 2149 if (reply == -EINVAL) 2150 reply = 0; /* Error reply length */ 2151 if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) { 2152 reply = min((u32)reply, common->data_size_from_cmnd); 2153 bh->inreq->length = reply; 2154 bh->state = BUF_STATE_FULL; 2155 common->residue -= reply; 2156 } /* Otherwise it's already set */ 2157 2158 return 0; 2159 } 2160 2161 2162 /*-------------------------------------------------------------------------*/ 2163 2164 static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2165 { 2166 struct usb_request *req = bh->outreq; 2167 struct bulk_cb_wrap *cbw = req->buf; 2168 struct fsg_common *common = fsg->common; 2169 2170 /* Was this a real packet? Should it be ignored? */ 2171 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags)) 2172 return -EINVAL; 2173 2174 /* Is the CBW valid? */ 2175 if (req->actual != US_BULK_CB_WRAP_LEN || 2176 cbw->Signature != cpu_to_le32( 2177 US_BULK_CB_SIGN)) { 2178 DBG(fsg, "invalid CBW: len %u sig 0x%x\n", 2179 req->actual, 2180 le32_to_cpu(cbw->Signature)); 2181 2182 /* 2183 * The Bulk-only spec says we MUST stall the IN endpoint 2184 * (6.6.1), so it's unavoidable. It also says we must 2185 * retain this state until the next reset, but there's 2186 * no way to tell the controller driver it should ignore 2187 * Clear-Feature(HALT) requests. 2188 * 2189 * We aren't required to halt the OUT endpoint; instead 2190 * we can simply accept and discard any data received 2191 * until the next reset. 2192 */ 2193 wedge_bulk_in_endpoint(fsg); 2194 set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags); 2195 return -EINVAL; 2196 } 2197 2198 /* Is the CBW meaningful? */ 2199 if (cbw->Lun >= ARRAY_SIZE(common->luns) || 2200 cbw->Flags & ~US_BULK_FLAG_IN || cbw->Length <= 0 || 2201 cbw->Length > MAX_COMMAND_SIZE) { 2202 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, " 2203 "cmdlen %u\n", 2204 cbw->Lun, cbw->Flags, cbw->Length); 2205 2206 /* 2207 * We can do anything we want here, so let's stall the 2208 * bulk pipes if we are allowed to. 2209 */ 2210 if (common->can_stall) { 2211 fsg_set_halt(fsg, fsg->bulk_out); 2212 halt_bulk_in_endpoint(fsg); 2213 } 2214 return -EINVAL; 2215 } 2216 2217 /* Save the command for later */ 2218 common->cmnd_size = cbw->Length; 2219 memcpy(common->cmnd, cbw->CDB, common->cmnd_size); 2220 if (cbw->Flags & US_BULK_FLAG_IN) 2221 common->data_dir = DATA_DIR_TO_HOST; 2222 else 2223 common->data_dir = DATA_DIR_FROM_HOST; 2224 common->data_size = le32_to_cpu(cbw->DataTransferLength); 2225 if (common->data_size == 0) 2226 common->data_dir = DATA_DIR_NONE; 2227 common->lun = cbw->Lun; 2228 if (common->lun < ARRAY_SIZE(common->luns)) 2229 common->curlun = common->luns[common->lun]; 2230 else 2231 common->curlun = NULL; 2232 common->tag = cbw->Tag; 2233 return 0; 2234 } 2235 2236 static int get_next_command(struct fsg_common *common) 2237 { 2238 struct fsg_buffhd *bh; 2239 int rc = 0; 2240 2241 /* Wait for the next buffer to become available */ 2242 bh = common->next_buffhd_to_fill; 2243 rc = sleep_thread(common, true, bh); 2244 if (rc) 2245 return rc; 2246 2247 /* Queue a request to read a Bulk-only CBW */ 2248 set_bulk_out_req_length(common, bh, US_BULK_CB_WRAP_LEN); 2249 if (!start_out_transfer(common, bh)) 2250 /* Don't know what to do if common->fsg is NULL */ 2251 return -EIO; 2252 2253 /* 2254 * We will drain the buffer in software, which means we 2255 * can reuse it for the next filling. No need to advance 2256 * next_buffhd_to_fill. 2257 */ 2258 2259 /* Wait for the CBW to arrive */ 2260 rc = sleep_thread(common, true, bh); 2261 if (rc) 2262 return rc; 2263 2264 rc = fsg_is_set(common) ? received_cbw(common->fsg, bh) : -EIO; 2265 bh->state = BUF_STATE_EMPTY; 2266 2267 return rc; 2268 } 2269 2270 2271 /*-------------------------------------------------------------------------*/ 2272 2273 static int alloc_request(struct fsg_common *common, struct usb_ep *ep, 2274 struct usb_request **preq) 2275 { 2276 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC); 2277 if (*preq) 2278 return 0; 2279 ERROR(common, "can't allocate request for %s\n", ep->name); 2280 return -ENOMEM; 2281 } 2282 2283 /* Reset interface setting and re-init endpoint state (toggle etc). */ 2284 static int do_set_interface(struct fsg_common *common, struct fsg_dev *new_fsg) 2285 { 2286 struct fsg_dev *fsg; 2287 int i, rc = 0; 2288 2289 if (common->running) 2290 DBG(common, "reset interface\n"); 2291 2292 reset: 2293 /* Deallocate the requests */ 2294 if (common->fsg) { 2295 fsg = common->fsg; 2296 2297 for (i = 0; i < common->fsg_num_buffers; ++i) { 2298 struct fsg_buffhd *bh = &common->buffhds[i]; 2299 2300 if (bh->inreq) { 2301 usb_ep_free_request(fsg->bulk_in, bh->inreq); 2302 bh->inreq = NULL; 2303 } 2304 if (bh->outreq) { 2305 usb_ep_free_request(fsg->bulk_out, bh->outreq); 2306 bh->outreq = NULL; 2307 } 2308 } 2309 2310 /* Disable the endpoints */ 2311 if (fsg->bulk_in_enabled) { 2312 usb_ep_disable(fsg->bulk_in); 2313 fsg->bulk_in_enabled = 0; 2314 } 2315 if (fsg->bulk_out_enabled) { 2316 usb_ep_disable(fsg->bulk_out); 2317 fsg->bulk_out_enabled = 0; 2318 } 2319 2320 common->fsg = NULL; 2321 wake_up(&common->fsg_wait); 2322 } 2323 2324 common->running = 0; 2325 if (!new_fsg || rc) 2326 return rc; 2327 2328 common->fsg = new_fsg; 2329 fsg = common->fsg; 2330 2331 /* Enable the endpoints */ 2332 rc = config_ep_by_speed(common->gadget, &(fsg->function), fsg->bulk_in); 2333 if (rc) 2334 goto reset; 2335 rc = usb_ep_enable(fsg->bulk_in); 2336 if (rc) 2337 goto reset; 2338 fsg->bulk_in->driver_data = common; 2339 fsg->bulk_in_enabled = 1; 2340 2341 rc = config_ep_by_speed(common->gadget, &(fsg->function), 2342 fsg->bulk_out); 2343 if (rc) 2344 goto reset; 2345 rc = usb_ep_enable(fsg->bulk_out); 2346 if (rc) 2347 goto reset; 2348 fsg->bulk_out->driver_data = common; 2349 fsg->bulk_out_enabled = 1; 2350 common->bulk_out_maxpacket = usb_endpoint_maxp(fsg->bulk_out->desc); 2351 clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags); 2352 2353 /* Allocate the requests */ 2354 for (i = 0; i < common->fsg_num_buffers; ++i) { 2355 struct fsg_buffhd *bh = &common->buffhds[i]; 2356 2357 rc = alloc_request(common, fsg->bulk_in, &bh->inreq); 2358 if (rc) 2359 goto reset; 2360 rc = alloc_request(common, fsg->bulk_out, &bh->outreq); 2361 if (rc) 2362 goto reset; 2363 bh->inreq->buf = bh->outreq->buf = bh->buf; 2364 bh->inreq->context = bh->outreq->context = bh; 2365 bh->inreq->complete = bulk_in_complete; 2366 bh->outreq->complete = bulk_out_complete; 2367 } 2368 2369 common->running = 1; 2370 for (i = 0; i < ARRAY_SIZE(common->luns); ++i) 2371 if (common->luns[i]) 2372 common->luns[i]->unit_attention_data = 2373 SS_RESET_OCCURRED; 2374 return rc; 2375 } 2376 2377 2378 /****************************** ALT CONFIGS ******************************/ 2379 2380 static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 2381 { 2382 struct fsg_dev *fsg = fsg_from_func(f); 2383 2384 __raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, fsg); 2385 return USB_GADGET_DELAYED_STATUS; 2386 } 2387 2388 static void fsg_disable(struct usb_function *f) 2389 { 2390 struct fsg_dev *fsg = fsg_from_func(f); 2391 2392 /* Disable the endpoints */ 2393 if (fsg->bulk_in_enabled) { 2394 usb_ep_disable(fsg->bulk_in); 2395 fsg->bulk_in_enabled = 0; 2396 } 2397 if (fsg->bulk_out_enabled) { 2398 usb_ep_disable(fsg->bulk_out); 2399 fsg->bulk_out_enabled = 0; 2400 } 2401 2402 __raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, NULL); 2403 } 2404 2405 2406 /*-------------------------------------------------------------------------*/ 2407 2408 static void handle_exception(struct fsg_common *common) 2409 { 2410 int i; 2411 struct fsg_buffhd *bh; 2412 enum fsg_state old_state; 2413 struct fsg_lun *curlun; 2414 unsigned int exception_req_tag; 2415 struct fsg_dev *new_fsg; 2416 2417 /* 2418 * Clear the existing signals. Anything but SIGUSR1 is converted 2419 * into a high-priority EXIT exception. 2420 */ 2421 for (;;) { 2422 int sig = kernel_dequeue_signal(); 2423 if (!sig) 2424 break; 2425 if (sig != SIGUSR1) { 2426 spin_lock_irq(&common->lock); 2427 if (common->state < FSG_STATE_EXIT) 2428 DBG(common, "Main thread exiting on signal\n"); 2429 common->state = FSG_STATE_EXIT; 2430 spin_unlock_irq(&common->lock); 2431 } 2432 } 2433 2434 /* Cancel all the pending transfers */ 2435 if (likely(common->fsg)) { 2436 for (i = 0; i < common->fsg_num_buffers; ++i) { 2437 bh = &common->buffhds[i]; 2438 if (bh->state == BUF_STATE_SENDING) 2439 usb_ep_dequeue(common->fsg->bulk_in, bh->inreq); 2440 if (bh->state == BUF_STATE_RECEIVING) 2441 usb_ep_dequeue(common->fsg->bulk_out, 2442 bh->outreq); 2443 2444 /* Wait for a transfer to become idle */ 2445 if (sleep_thread(common, false, bh)) 2446 return; 2447 } 2448 2449 /* Clear out the controller's fifos */ 2450 if (common->fsg->bulk_in_enabled) 2451 usb_ep_fifo_flush(common->fsg->bulk_in); 2452 if (common->fsg->bulk_out_enabled) 2453 usb_ep_fifo_flush(common->fsg->bulk_out); 2454 } 2455 2456 /* 2457 * Reset the I/O buffer states and pointers, the SCSI 2458 * state, and the exception. Then invoke the handler. 2459 */ 2460 spin_lock_irq(&common->lock); 2461 2462 for (i = 0; i < common->fsg_num_buffers; ++i) { 2463 bh = &common->buffhds[i]; 2464 bh->state = BUF_STATE_EMPTY; 2465 } 2466 common->next_buffhd_to_fill = &common->buffhds[0]; 2467 common->next_buffhd_to_drain = &common->buffhds[0]; 2468 exception_req_tag = common->exception_req_tag; 2469 new_fsg = common->exception_arg; 2470 old_state = common->state; 2471 common->state = FSG_STATE_NORMAL; 2472 2473 if (old_state != FSG_STATE_ABORT_BULK_OUT) { 2474 for (i = 0; i < ARRAY_SIZE(common->luns); ++i) { 2475 curlun = common->luns[i]; 2476 if (!curlun) 2477 continue; 2478 curlun->prevent_medium_removal = 0; 2479 curlun->sense_data = SS_NO_SENSE; 2480 curlun->unit_attention_data = SS_NO_SENSE; 2481 curlun->sense_data_info = 0; 2482 curlun->info_valid = 0; 2483 } 2484 } 2485 spin_unlock_irq(&common->lock); 2486 2487 /* Carry out any extra actions required for the exception */ 2488 switch (old_state) { 2489 case FSG_STATE_NORMAL: 2490 break; 2491 2492 case FSG_STATE_ABORT_BULK_OUT: 2493 send_status(common); 2494 break; 2495 2496 case FSG_STATE_PROTOCOL_RESET: 2497 /* 2498 * In case we were forced against our will to halt a 2499 * bulk endpoint, clear the halt now. (The SuperH UDC 2500 * requires this.) 2501 */ 2502 if (!fsg_is_set(common)) 2503 break; 2504 if (test_and_clear_bit(IGNORE_BULK_OUT, 2505 &common->fsg->atomic_bitflags)) 2506 usb_ep_clear_halt(common->fsg->bulk_in); 2507 2508 if (common->ep0_req_tag == exception_req_tag) 2509 ep0_queue(common); /* Complete the status stage */ 2510 2511 /* 2512 * Technically this should go here, but it would only be 2513 * a waste of time. Ditto for the INTERFACE_CHANGE and 2514 * CONFIG_CHANGE cases. 2515 */ 2516 /* for (i = 0; i < common->ARRAY_SIZE(common->luns); ++i) */ 2517 /* if (common->luns[i]) */ 2518 /* common->luns[i]->unit_attention_data = */ 2519 /* SS_RESET_OCCURRED; */ 2520 break; 2521 2522 case FSG_STATE_CONFIG_CHANGE: 2523 do_set_interface(common, new_fsg); 2524 if (new_fsg) 2525 usb_composite_setup_continue(common->cdev); 2526 break; 2527 2528 case FSG_STATE_EXIT: 2529 do_set_interface(common, NULL); /* Free resources */ 2530 spin_lock_irq(&common->lock); 2531 common->state = FSG_STATE_TERMINATED; /* Stop the thread */ 2532 spin_unlock_irq(&common->lock); 2533 break; 2534 2535 case FSG_STATE_TERMINATED: 2536 break; 2537 } 2538 } 2539 2540 2541 /*-------------------------------------------------------------------------*/ 2542 2543 static int fsg_main_thread(void *common_) 2544 { 2545 struct fsg_common *common = common_; 2546 int i; 2547 2548 /* 2549 * Allow the thread to be killed by a signal, but set the signal mask 2550 * to block everything but INT, TERM, KILL, and USR1. 2551 */ 2552 allow_signal(SIGINT); 2553 allow_signal(SIGTERM); 2554 allow_signal(SIGKILL); 2555 allow_signal(SIGUSR1); 2556 2557 /* Allow the thread to be frozen */ 2558 set_freezable(); 2559 2560 /* The main loop */ 2561 while (common->state != FSG_STATE_TERMINATED) { 2562 if (exception_in_progress(common) || signal_pending(current)) { 2563 handle_exception(common); 2564 continue; 2565 } 2566 2567 if (!common->running) { 2568 sleep_thread(common, true, NULL); 2569 continue; 2570 } 2571 2572 if (get_next_command(common) || exception_in_progress(common)) 2573 continue; 2574 if (do_scsi_command(common) || exception_in_progress(common)) 2575 continue; 2576 if (finish_reply(common) || exception_in_progress(common)) 2577 continue; 2578 send_status(common); 2579 } 2580 2581 spin_lock_irq(&common->lock); 2582 common->thread_task = NULL; 2583 spin_unlock_irq(&common->lock); 2584 2585 /* Eject media from all LUNs */ 2586 2587 down_write(&common->filesem); 2588 for (i = 0; i < ARRAY_SIZE(common->luns); i++) { 2589 struct fsg_lun *curlun = common->luns[i]; 2590 2591 if (curlun && fsg_lun_is_open(curlun)) 2592 fsg_lun_close(curlun); 2593 } 2594 up_write(&common->filesem); 2595 2596 /* Let fsg_unbind() know the thread has exited */ 2597 kthread_complete_and_exit(&common->thread_notifier, 0); 2598 } 2599 2600 2601 /*************************** DEVICE ATTRIBUTES ***************************/ 2602 2603 static ssize_t ro_show(struct device *dev, struct device_attribute *attr, char *buf) 2604 { 2605 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2606 2607 return fsg_show_ro(curlun, buf); 2608 } 2609 2610 static ssize_t nofua_show(struct device *dev, struct device_attribute *attr, 2611 char *buf) 2612 { 2613 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2614 2615 return fsg_show_nofua(curlun, buf); 2616 } 2617 2618 static ssize_t file_show(struct device *dev, struct device_attribute *attr, 2619 char *buf) 2620 { 2621 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2622 struct rw_semaphore *filesem = dev_get_drvdata(dev); 2623 2624 return fsg_show_file(curlun, filesem, buf); 2625 } 2626 2627 static ssize_t ro_store(struct device *dev, struct device_attribute *attr, 2628 const char *buf, size_t count) 2629 { 2630 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2631 struct rw_semaphore *filesem = dev_get_drvdata(dev); 2632 2633 return fsg_store_ro(curlun, filesem, buf, count); 2634 } 2635 2636 static ssize_t nofua_store(struct device *dev, struct device_attribute *attr, 2637 const char *buf, size_t count) 2638 { 2639 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2640 2641 return fsg_store_nofua(curlun, buf, count); 2642 } 2643 2644 static ssize_t file_store(struct device *dev, struct device_attribute *attr, 2645 const char *buf, size_t count) 2646 { 2647 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2648 struct rw_semaphore *filesem = dev_get_drvdata(dev); 2649 2650 return fsg_store_file(curlun, filesem, buf, count); 2651 } 2652 2653 static DEVICE_ATTR_RW(nofua); 2654 /* mode wil be set in fsg_lun_attr_is_visible() */ 2655 static DEVICE_ATTR(ro, 0, ro_show, ro_store); 2656 static DEVICE_ATTR(file, 0, file_show, file_store); 2657 2658 /****************************** FSG COMMON ******************************/ 2659 2660 static void fsg_lun_release(struct device *dev) 2661 { 2662 /* Nothing needs to be done */ 2663 } 2664 2665 static struct fsg_common *fsg_common_setup(struct fsg_common *common) 2666 { 2667 if (!common) { 2668 common = kzalloc(sizeof(*common), GFP_KERNEL); 2669 if (!common) 2670 return ERR_PTR(-ENOMEM); 2671 common->free_storage_on_release = 1; 2672 } else { 2673 common->free_storage_on_release = 0; 2674 } 2675 init_rwsem(&common->filesem); 2676 spin_lock_init(&common->lock); 2677 init_completion(&common->thread_notifier); 2678 init_waitqueue_head(&common->io_wait); 2679 init_waitqueue_head(&common->fsg_wait); 2680 common->state = FSG_STATE_TERMINATED; 2681 memset(common->luns, 0, sizeof(common->luns)); 2682 2683 return common; 2684 } 2685 2686 void fsg_common_set_sysfs(struct fsg_common *common, bool sysfs) 2687 { 2688 common->sysfs = sysfs; 2689 } 2690 EXPORT_SYMBOL_GPL(fsg_common_set_sysfs); 2691 2692 static void _fsg_common_free_buffers(struct fsg_buffhd *buffhds, unsigned n) 2693 { 2694 if (buffhds) { 2695 struct fsg_buffhd *bh = buffhds; 2696 while (n--) { 2697 kfree(bh->buf); 2698 ++bh; 2699 } 2700 kfree(buffhds); 2701 } 2702 } 2703 2704 int fsg_common_set_num_buffers(struct fsg_common *common, unsigned int n) 2705 { 2706 struct fsg_buffhd *bh, *buffhds; 2707 int i; 2708 2709 buffhds = kcalloc(n, sizeof(*buffhds), GFP_KERNEL); 2710 if (!buffhds) 2711 return -ENOMEM; 2712 2713 /* Data buffers cyclic list */ 2714 bh = buffhds; 2715 i = n; 2716 goto buffhds_first_it; 2717 do { 2718 bh->next = bh + 1; 2719 ++bh; 2720 buffhds_first_it: 2721 bh->buf = kmalloc(FSG_BUFLEN, GFP_KERNEL); 2722 if (unlikely(!bh->buf)) 2723 goto error_release; 2724 } while (--i); 2725 bh->next = buffhds; 2726 2727 _fsg_common_free_buffers(common->buffhds, common->fsg_num_buffers); 2728 common->fsg_num_buffers = n; 2729 common->buffhds = buffhds; 2730 2731 return 0; 2732 2733 error_release: 2734 /* 2735 * "buf"s pointed to by heads after n - i are NULL 2736 * so releasing them won't hurt 2737 */ 2738 _fsg_common_free_buffers(buffhds, n); 2739 2740 return -ENOMEM; 2741 } 2742 EXPORT_SYMBOL_GPL(fsg_common_set_num_buffers); 2743 2744 void fsg_common_remove_lun(struct fsg_lun *lun) 2745 { 2746 if (device_is_registered(&lun->dev)) 2747 device_unregister(&lun->dev); 2748 fsg_lun_close(lun); 2749 kfree(lun); 2750 } 2751 EXPORT_SYMBOL_GPL(fsg_common_remove_lun); 2752 2753 static void _fsg_common_remove_luns(struct fsg_common *common, int n) 2754 { 2755 int i; 2756 2757 for (i = 0; i < n; ++i) 2758 if (common->luns[i]) { 2759 fsg_common_remove_lun(common->luns[i]); 2760 common->luns[i] = NULL; 2761 } 2762 } 2763 2764 void fsg_common_remove_luns(struct fsg_common *common) 2765 { 2766 _fsg_common_remove_luns(common, ARRAY_SIZE(common->luns)); 2767 } 2768 EXPORT_SYMBOL_GPL(fsg_common_remove_luns); 2769 2770 void fsg_common_free_buffers(struct fsg_common *common) 2771 { 2772 _fsg_common_free_buffers(common->buffhds, common->fsg_num_buffers); 2773 common->buffhds = NULL; 2774 } 2775 EXPORT_SYMBOL_GPL(fsg_common_free_buffers); 2776 2777 int fsg_common_set_cdev(struct fsg_common *common, 2778 struct usb_composite_dev *cdev, bool can_stall) 2779 { 2780 struct usb_string *us; 2781 2782 common->gadget = cdev->gadget; 2783 common->ep0 = cdev->gadget->ep0; 2784 common->ep0req = cdev->req; 2785 common->cdev = cdev; 2786 2787 us = usb_gstrings_attach(cdev, fsg_strings_array, 2788 ARRAY_SIZE(fsg_strings)); 2789 if (IS_ERR(us)) 2790 return PTR_ERR(us); 2791 2792 fsg_intf_desc.iInterface = us[FSG_STRING_INTERFACE].id; 2793 2794 /* 2795 * Some peripheral controllers are known not to be able to 2796 * halt bulk endpoints correctly. If one of them is present, 2797 * disable stalls. 2798 */ 2799 common->can_stall = can_stall && 2800 gadget_is_stall_supported(common->gadget); 2801 2802 return 0; 2803 } 2804 EXPORT_SYMBOL_GPL(fsg_common_set_cdev); 2805 2806 static struct attribute *fsg_lun_dev_attrs[] = { 2807 &dev_attr_ro.attr, 2808 &dev_attr_file.attr, 2809 &dev_attr_nofua.attr, 2810 NULL 2811 }; 2812 2813 static umode_t fsg_lun_dev_is_visible(struct kobject *kobj, 2814 struct attribute *attr, int idx) 2815 { 2816 struct device *dev = kobj_to_dev(kobj); 2817 struct fsg_lun *lun = fsg_lun_from_dev(dev); 2818 2819 if (attr == &dev_attr_ro.attr) 2820 return lun->cdrom ? S_IRUGO : (S_IWUSR | S_IRUGO); 2821 if (attr == &dev_attr_file.attr) 2822 return lun->removable ? (S_IWUSR | S_IRUGO) : S_IRUGO; 2823 return attr->mode; 2824 } 2825 2826 static const struct attribute_group fsg_lun_dev_group = { 2827 .attrs = fsg_lun_dev_attrs, 2828 .is_visible = fsg_lun_dev_is_visible, 2829 }; 2830 2831 static const struct attribute_group *fsg_lun_dev_groups[] = { 2832 &fsg_lun_dev_group, 2833 NULL 2834 }; 2835 2836 int fsg_common_create_lun(struct fsg_common *common, struct fsg_lun_config *cfg, 2837 unsigned int id, const char *name, 2838 const char **name_pfx) 2839 { 2840 struct fsg_lun *lun; 2841 char *pathbuf, *p; 2842 int rc = -ENOMEM; 2843 2844 if (id >= ARRAY_SIZE(common->luns)) 2845 return -ENODEV; 2846 2847 if (common->luns[id]) 2848 return -EBUSY; 2849 2850 if (!cfg->filename && !cfg->removable) { 2851 pr_err("no file given for LUN%d\n", id); 2852 return -EINVAL; 2853 } 2854 2855 lun = kzalloc(sizeof(*lun), GFP_KERNEL); 2856 if (!lun) 2857 return -ENOMEM; 2858 2859 lun->name_pfx = name_pfx; 2860 2861 lun->cdrom = !!cfg->cdrom; 2862 lun->ro = cfg->cdrom || cfg->ro; 2863 lun->initially_ro = lun->ro; 2864 lun->removable = !!cfg->removable; 2865 2866 if (!common->sysfs) { 2867 /* we DON'T own the name!*/ 2868 lun->name = name; 2869 } else { 2870 lun->dev.release = fsg_lun_release; 2871 lun->dev.parent = &common->gadget->dev; 2872 lun->dev.groups = fsg_lun_dev_groups; 2873 dev_set_drvdata(&lun->dev, &common->filesem); 2874 dev_set_name(&lun->dev, "%s", name); 2875 lun->name = dev_name(&lun->dev); 2876 2877 rc = device_register(&lun->dev); 2878 if (rc) { 2879 pr_info("failed to register LUN%d: %d\n", id, rc); 2880 put_device(&lun->dev); 2881 goto error_sysfs; 2882 } 2883 } 2884 2885 common->luns[id] = lun; 2886 2887 if (cfg->filename) { 2888 rc = fsg_lun_open(lun, cfg->filename); 2889 if (rc) 2890 goto error_lun; 2891 } 2892 2893 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); 2894 p = "(no medium)"; 2895 if (fsg_lun_is_open(lun)) { 2896 p = "(error)"; 2897 if (pathbuf) { 2898 p = file_path(lun->filp, pathbuf, PATH_MAX); 2899 if (IS_ERR(p)) 2900 p = "(error)"; 2901 } 2902 } 2903 pr_info("LUN: %s%s%sfile: %s\n", 2904 lun->removable ? "removable " : "", 2905 lun->ro ? "read only " : "", 2906 lun->cdrom ? "CD-ROM " : "", 2907 p); 2908 kfree(pathbuf); 2909 2910 return 0; 2911 2912 error_lun: 2913 if (device_is_registered(&lun->dev)) 2914 device_unregister(&lun->dev); 2915 fsg_lun_close(lun); 2916 common->luns[id] = NULL; 2917 error_sysfs: 2918 kfree(lun); 2919 return rc; 2920 } 2921 EXPORT_SYMBOL_GPL(fsg_common_create_lun); 2922 2923 int fsg_common_create_luns(struct fsg_common *common, struct fsg_config *cfg) 2924 { 2925 char buf[8]; /* enough for 100000000 different numbers, decimal */ 2926 int i, rc; 2927 2928 fsg_common_remove_luns(common); 2929 2930 for (i = 0; i < cfg->nluns; ++i) { 2931 snprintf(buf, sizeof(buf), "lun%d", i); 2932 rc = fsg_common_create_lun(common, &cfg->luns[i], i, buf, NULL); 2933 if (rc) 2934 goto fail; 2935 } 2936 2937 pr_info("Number of LUNs=%d\n", cfg->nluns); 2938 2939 return 0; 2940 2941 fail: 2942 _fsg_common_remove_luns(common, i); 2943 return rc; 2944 } 2945 EXPORT_SYMBOL_GPL(fsg_common_create_luns); 2946 2947 void fsg_common_set_inquiry_string(struct fsg_common *common, const char *vn, 2948 const char *pn) 2949 { 2950 int i; 2951 2952 /* Prepare inquiryString */ 2953 i = get_default_bcdDevice(); 2954 snprintf(common->inquiry_string, sizeof(common->inquiry_string), 2955 "%-8s%-16s%04x", vn ?: "Linux", 2956 /* Assume product name dependent on the first LUN */ 2957 pn ?: ((*common->luns)->cdrom 2958 ? "File-CD Gadget" 2959 : "File-Stor Gadget"), 2960 i); 2961 } 2962 EXPORT_SYMBOL_GPL(fsg_common_set_inquiry_string); 2963 2964 static void fsg_common_release(struct fsg_common *common) 2965 { 2966 int i; 2967 2968 /* If the thread isn't already dead, tell it to exit now */ 2969 if (common->state != FSG_STATE_TERMINATED) { 2970 raise_exception(common, FSG_STATE_EXIT); 2971 wait_for_completion(&common->thread_notifier); 2972 } 2973 2974 for (i = 0; i < ARRAY_SIZE(common->luns); ++i) { 2975 struct fsg_lun *lun = common->luns[i]; 2976 if (!lun) 2977 continue; 2978 fsg_lun_close(lun); 2979 if (device_is_registered(&lun->dev)) 2980 device_unregister(&lun->dev); 2981 kfree(lun); 2982 } 2983 2984 _fsg_common_free_buffers(common->buffhds, common->fsg_num_buffers); 2985 if (common->free_storage_on_release) 2986 kfree(common); 2987 } 2988 2989 2990 /*-------------------------------------------------------------------------*/ 2991 2992 static int fsg_bind(struct usb_configuration *c, struct usb_function *f) 2993 { 2994 struct fsg_dev *fsg = fsg_from_func(f); 2995 struct fsg_common *common = fsg->common; 2996 struct usb_gadget *gadget = c->cdev->gadget; 2997 int i; 2998 struct usb_ep *ep; 2999 unsigned max_burst; 3000 int ret; 3001 struct fsg_opts *opts; 3002 3003 /* Don't allow to bind if we don't have at least one LUN */ 3004 ret = _fsg_common_get_max_lun(common); 3005 if (ret < 0) { 3006 pr_err("There should be at least one LUN.\n"); 3007 return -EINVAL; 3008 } 3009 3010 opts = fsg_opts_from_func_inst(f->fi); 3011 if (!opts->no_configfs) { 3012 ret = fsg_common_set_cdev(fsg->common, c->cdev, 3013 fsg->common->can_stall); 3014 if (ret) 3015 return ret; 3016 fsg_common_set_inquiry_string(fsg->common, NULL, NULL); 3017 } 3018 3019 if (!common->thread_task) { 3020 common->state = FSG_STATE_NORMAL; 3021 common->thread_task = 3022 kthread_create(fsg_main_thread, common, "file-storage"); 3023 if (IS_ERR(common->thread_task)) { 3024 ret = PTR_ERR(common->thread_task); 3025 common->thread_task = NULL; 3026 common->state = FSG_STATE_TERMINATED; 3027 return ret; 3028 } 3029 DBG(common, "I/O thread pid: %d\n", 3030 task_pid_nr(common->thread_task)); 3031 wake_up_process(common->thread_task); 3032 } 3033 3034 fsg->gadget = gadget; 3035 3036 /* New interface */ 3037 i = usb_interface_id(c, f); 3038 if (i < 0) 3039 goto fail; 3040 fsg_intf_desc.bInterfaceNumber = i; 3041 fsg->interface_number = i; 3042 3043 /* Find all the endpoints we will use */ 3044 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc); 3045 if (!ep) 3046 goto autoconf_fail; 3047 fsg->bulk_in = ep; 3048 3049 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc); 3050 if (!ep) 3051 goto autoconf_fail; 3052 fsg->bulk_out = ep; 3053 3054 /* Assume endpoint addresses are the same for both speeds */ 3055 fsg_hs_bulk_in_desc.bEndpointAddress = 3056 fsg_fs_bulk_in_desc.bEndpointAddress; 3057 fsg_hs_bulk_out_desc.bEndpointAddress = 3058 fsg_fs_bulk_out_desc.bEndpointAddress; 3059 3060 /* Calculate bMaxBurst, we know packet size is 1024 */ 3061 max_burst = min_t(unsigned, FSG_BUFLEN / 1024, 15); 3062 3063 fsg_ss_bulk_in_desc.bEndpointAddress = 3064 fsg_fs_bulk_in_desc.bEndpointAddress; 3065 fsg_ss_bulk_in_comp_desc.bMaxBurst = max_burst; 3066 3067 fsg_ss_bulk_out_desc.bEndpointAddress = 3068 fsg_fs_bulk_out_desc.bEndpointAddress; 3069 fsg_ss_bulk_out_comp_desc.bMaxBurst = max_burst; 3070 3071 ret = usb_assign_descriptors(f, fsg_fs_function, fsg_hs_function, 3072 fsg_ss_function, fsg_ss_function); 3073 if (ret) 3074 goto autoconf_fail; 3075 3076 return 0; 3077 3078 autoconf_fail: 3079 ERROR(fsg, "unable to autoconfigure all endpoints\n"); 3080 i = -ENOTSUPP; 3081 fail: 3082 /* terminate the thread */ 3083 if (fsg->common->state != FSG_STATE_TERMINATED) { 3084 raise_exception(fsg->common, FSG_STATE_EXIT); 3085 wait_for_completion(&fsg->common->thread_notifier); 3086 } 3087 return i; 3088 } 3089 3090 /****************************** ALLOCATE FUNCTION *************************/ 3091 3092 static void fsg_unbind(struct usb_configuration *c, struct usb_function *f) 3093 { 3094 struct fsg_dev *fsg = fsg_from_func(f); 3095 struct fsg_common *common = fsg->common; 3096 3097 DBG(fsg, "unbind\n"); 3098 if (fsg->common->fsg == fsg) { 3099 __raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, NULL); 3100 /* FIXME: make interruptible or killable somehow? */ 3101 wait_event(common->fsg_wait, common->fsg != fsg); 3102 } 3103 3104 usb_free_all_descriptors(&fsg->function); 3105 } 3106 3107 static inline struct fsg_lun_opts *to_fsg_lun_opts(struct config_item *item) 3108 { 3109 return container_of(to_config_group(item), struct fsg_lun_opts, group); 3110 } 3111 3112 static inline struct fsg_opts *to_fsg_opts(struct config_item *item) 3113 { 3114 return container_of(to_config_group(item), struct fsg_opts, 3115 func_inst.group); 3116 } 3117 3118 static void fsg_lun_attr_release(struct config_item *item) 3119 { 3120 struct fsg_lun_opts *lun_opts; 3121 3122 lun_opts = to_fsg_lun_opts(item); 3123 kfree(lun_opts); 3124 } 3125 3126 static struct configfs_item_operations fsg_lun_item_ops = { 3127 .release = fsg_lun_attr_release, 3128 }; 3129 3130 static ssize_t fsg_lun_opts_file_show(struct config_item *item, char *page) 3131 { 3132 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3133 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3134 3135 return fsg_show_file(opts->lun, &fsg_opts->common->filesem, page); 3136 } 3137 3138 static ssize_t fsg_lun_opts_file_store(struct config_item *item, 3139 const char *page, size_t len) 3140 { 3141 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3142 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3143 3144 return fsg_store_file(opts->lun, &fsg_opts->common->filesem, page, len); 3145 } 3146 3147 CONFIGFS_ATTR(fsg_lun_opts_, file); 3148 3149 static ssize_t fsg_lun_opts_ro_show(struct config_item *item, char *page) 3150 { 3151 return fsg_show_ro(to_fsg_lun_opts(item)->lun, page); 3152 } 3153 3154 static ssize_t fsg_lun_opts_ro_store(struct config_item *item, 3155 const char *page, size_t len) 3156 { 3157 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3158 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3159 3160 return fsg_store_ro(opts->lun, &fsg_opts->common->filesem, page, len); 3161 } 3162 3163 CONFIGFS_ATTR(fsg_lun_opts_, ro); 3164 3165 static ssize_t fsg_lun_opts_removable_show(struct config_item *item, 3166 char *page) 3167 { 3168 return fsg_show_removable(to_fsg_lun_opts(item)->lun, page); 3169 } 3170 3171 static ssize_t fsg_lun_opts_removable_store(struct config_item *item, 3172 const char *page, size_t len) 3173 { 3174 return fsg_store_removable(to_fsg_lun_opts(item)->lun, page, len); 3175 } 3176 3177 CONFIGFS_ATTR(fsg_lun_opts_, removable); 3178 3179 static ssize_t fsg_lun_opts_cdrom_show(struct config_item *item, char *page) 3180 { 3181 return fsg_show_cdrom(to_fsg_lun_opts(item)->lun, page); 3182 } 3183 3184 static ssize_t fsg_lun_opts_cdrom_store(struct config_item *item, 3185 const char *page, size_t len) 3186 { 3187 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3188 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3189 3190 return fsg_store_cdrom(opts->lun, &fsg_opts->common->filesem, page, 3191 len); 3192 } 3193 3194 CONFIGFS_ATTR(fsg_lun_opts_, cdrom); 3195 3196 static ssize_t fsg_lun_opts_nofua_show(struct config_item *item, char *page) 3197 { 3198 return fsg_show_nofua(to_fsg_lun_opts(item)->lun, page); 3199 } 3200 3201 static ssize_t fsg_lun_opts_nofua_store(struct config_item *item, 3202 const char *page, size_t len) 3203 { 3204 return fsg_store_nofua(to_fsg_lun_opts(item)->lun, page, len); 3205 } 3206 3207 CONFIGFS_ATTR(fsg_lun_opts_, nofua); 3208 3209 static ssize_t fsg_lun_opts_inquiry_string_show(struct config_item *item, 3210 char *page) 3211 { 3212 return fsg_show_inquiry_string(to_fsg_lun_opts(item)->lun, page); 3213 } 3214 3215 static ssize_t fsg_lun_opts_inquiry_string_store(struct config_item *item, 3216 const char *page, size_t len) 3217 { 3218 return fsg_store_inquiry_string(to_fsg_lun_opts(item)->lun, page, len); 3219 } 3220 3221 CONFIGFS_ATTR(fsg_lun_opts_, inquiry_string); 3222 3223 static struct configfs_attribute *fsg_lun_attrs[] = { 3224 &fsg_lun_opts_attr_file, 3225 &fsg_lun_opts_attr_ro, 3226 &fsg_lun_opts_attr_removable, 3227 &fsg_lun_opts_attr_cdrom, 3228 &fsg_lun_opts_attr_nofua, 3229 &fsg_lun_opts_attr_inquiry_string, 3230 NULL, 3231 }; 3232 3233 static const struct config_item_type fsg_lun_type = { 3234 .ct_item_ops = &fsg_lun_item_ops, 3235 .ct_attrs = fsg_lun_attrs, 3236 .ct_owner = THIS_MODULE, 3237 }; 3238 3239 static struct config_group *fsg_lun_make(struct config_group *group, 3240 const char *name) 3241 { 3242 struct fsg_lun_opts *opts; 3243 struct fsg_opts *fsg_opts; 3244 struct fsg_lun_config config; 3245 char *num_str; 3246 u8 num; 3247 int ret; 3248 3249 num_str = strchr(name, '.'); 3250 if (!num_str) { 3251 pr_err("Unable to locate . in LUN.NUMBER\n"); 3252 return ERR_PTR(-EINVAL); 3253 } 3254 num_str++; 3255 3256 ret = kstrtou8(num_str, 0, &num); 3257 if (ret) 3258 return ERR_PTR(ret); 3259 3260 fsg_opts = to_fsg_opts(&group->cg_item); 3261 if (num >= FSG_MAX_LUNS) 3262 return ERR_PTR(-ERANGE); 3263 num = array_index_nospec(num, FSG_MAX_LUNS); 3264 3265 mutex_lock(&fsg_opts->lock); 3266 if (fsg_opts->refcnt || fsg_opts->common->luns[num]) { 3267 ret = -EBUSY; 3268 goto out; 3269 } 3270 3271 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 3272 if (!opts) { 3273 ret = -ENOMEM; 3274 goto out; 3275 } 3276 3277 memset(&config, 0, sizeof(config)); 3278 config.removable = true; 3279 3280 ret = fsg_common_create_lun(fsg_opts->common, &config, num, name, 3281 (const char **)&group->cg_item.ci_name); 3282 if (ret) { 3283 kfree(opts); 3284 goto out; 3285 } 3286 opts->lun = fsg_opts->common->luns[num]; 3287 opts->lun_id = num; 3288 mutex_unlock(&fsg_opts->lock); 3289 3290 config_group_init_type_name(&opts->group, name, &fsg_lun_type); 3291 3292 return &opts->group; 3293 out: 3294 mutex_unlock(&fsg_opts->lock); 3295 return ERR_PTR(ret); 3296 } 3297 3298 static void fsg_lun_drop(struct config_group *group, struct config_item *item) 3299 { 3300 struct fsg_lun_opts *lun_opts; 3301 struct fsg_opts *fsg_opts; 3302 3303 lun_opts = to_fsg_lun_opts(item); 3304 fsg_opts = to_fsg_opts(&group->cg_item); 3305 3306 mutex_lock(&fsg_opts->lock); 3307 if (fsg_opts->refcnt) { 3308 struct config_item *gadget; 3309 3310 gadget = group->cg_item.ci_parent->ci_parent; 3311 unregister_gadget_item(gadget); 3312 } 3313 3314 fsg_common_remove_lun(lun_opts->lun); 3315 fsg_opts->common->luns[lun_opts->lun_id] = NULL; 3316 lun_opts->lun_id = 0; 3317 mutex_unlock(&fsg_opts->lock); 3318 3319 config_item_put(item); 3320 } 3321 3322 static void fsg_attr_release(struct config_item *item) 3323 { 3324 struct fsg_opts *opts = to_fsg_opts(item); 3325 3326 usb_put_function_instance(&opts->func_inst); 3327 } 3328 3329 static struct configfs_item_operations fsg_item_ops = { 3330 .release = fsg_attr_release, 3331 }; 3332 3333 static ssize_t fsg_opts_stall_show(struct config_item *item, char *page) 3334 { 3335 struct fsg_opts *opts = to_fsg_opts(item); 3336 int result; 3337 3338 mutex_lock(&opts->lock); 3339 result = sprintf(page, "%d", opts->common->can_stall); 3340 mutex_unlock(&opts->lock); 3341 3342 return result; 3343 } 3344 3345 static ssize_t fsg_opts_stall_store(struct config_item *item, const char *page, 3346 size_t len) 3347 { 3348 struct fsg_opts *opts = to_fsg_opts(item); 3349 int ret; 3350 bool stall; 3351 3352 mutex_lock(&opts->lock); 3353 3354 if (opts->refcnt) { 3355 mutex_unlock(&opts->lock); 3356 return -EBUSY; 3357 } 3358 3359 ret = strtobool(page, &stall); 3360 if (!ret) { 3361 opts->common->can_stall = stall; 3362 ret = len; 3363 } 3364 3365 mutex_unlock(&opts->lock); 3366 3367 return ret; 3368 } 3369 3370 CONFIGFS_ATTR(fsg_opts_, stall); 3371 3372 #ifdef CONFIG_USB_GADGET_DEBUG_FILES 3373 static ssize_t fsg_opts_num_buffers_show(struct config_item *item, char *page) 3374 { 3375 struct fsg_opts *opts = to_fsg_opts(item); 3376 int result; 3377 3378 mutex_lock(&opts->lock); 3379 result = sprintf(page, "%d", opts->common->fsg_num_buffers); 3380 mutex_unlock(&opts->lock); 3381 3382 return result; 3383 } 3384 3385 static ssize_t fsg_opts_num_buffers_store(struct config_item *item, 3386 const char *page, size_t len) 3387 { 3388 struct fsg_opts *opts = to_fsg_opts(item); 3389 int ret; 3390 u8 num; 3391 3392 mutex_lock(&opts->lock); 3393 if (opts->refcnt) { 3394 ret = -EBUSY; 3395 goto end; 3396 } 3397 ret = kstrtou8(page, 0, &num); 3398 if (ret) 3399 goto end; 3400 3401 ret = fsg_common_set_num_buffers(opts->common, num); 3402 if (ret) 3403 goto end; 3404 ret = len; 3405 3406 end: 3407 mutex_unlock(&opts->lock); 3408 return ret; 3409 } 3410 3411 CONFIGFS_ATTR(fsg_opts_, num_buffers); 3412 #endif 3413 3414 static struct configfs_attribute *fsg_attrs[] = { 3415 &fsg_opts_attr_stall, 3416 #ifdef CONFIG_USB_GADGET_DEBUG_FILES 3417 &fsg_opts_attr_num_buffers, 3418 #endif 3419 NULL, 3420 }; 3421 3422 static struct configfs_group_operations fsg_group_ops = { 3423 .make_group = fsg_lun_make, 3424 .drop_item = fsg_lun_drop, 3425 }; 3426 3427 static const struct config_item_type fsg_func_type = { 3428 .ct_item_ops = &fsg_item_ops, 3429 .ct_group_ops = &fsg_group_ops, 3430 .ct_attrs = fsg_attrs, 3431 .ct_owner = THIS_MODULE, 3432 }; 3433 3434 static void fsg_free_inst(struct usb_function_instance *fi) 3435 { 3436 struct fsg_opts *opts; 3437 3438 opts = fsg_opts_from_func_inst(fi); 3439 fsg_common_release(opts->common); 3440 kfree(opts); 3441 } 3442 3443 static struct usb_function_instance *fsg_alloc_inst(void) 3444 { 3445 struct fsg_opts *opts; 3446 struct fsg_lun_config config; 3447 int rc; 3448 3449 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 3450 if (!opts) 3451 return ERR_PTR(-ENOMEM); 3452 mutex_init(&opts->lock); 3453 opts->func_inst.free_func_inst = fsg_free_inst; 3454 opts->common = fsg_common_setup(opts->common); 3455 if (IS_ERR(opts->common)) { 3456 rc = PTR_ERR(opts->common); 3457 goto release_opts; 3458 } 3459 3460 rc = fsg_common_set_num_buffers(opts->common, 3461 CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS); 3462 if (rc) 3463 goto release_common; 3464 3465 pr_info(FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n"); 3466 3467 memset(&config, 0, sizeof(config)); 3468 config.removable = true; 3469 rc = fsg_common_create_lun(opts->common, &config, 0, "lun.0", 3470 (const char **)&opts->func_inst.group.cg_item.ci_name); 3471 if (rc) 3472 goto release_buffers; 3473 3474 opts->lun0.lun = opts->common->luns[0]; 3475 opts->lun0.lun_id = 0; 3476 3477 config_group_init_type_name(&opts->func_inst.group, "", &fsg_func_type); 3478 3479 config_group_init_type_name(&opts->lun0.group, "lun.0", &fsg_lun_type); 3480 configfs_add_default_group(&opts->lun0.group, &opts->func_inst.group); 3481 3482 return &opts->func_inst; 3483 3484 release_buffers: 3485 fsg_common_free_buffers(opts->common); 3486 release_common: 3487 kfree(opts->common); 3488 release_opts: 3489 kfree(opts); 3490 return ERR_PTR(rc); 3491 } 3492 3493 static void fsg_free(struct usb_function *f) 3494 { 3495 struct fsg_dev *fsg; 3496 struct fsg_opts *opts; 3497 3498 fsg = container_of(f, struct fsg_dev, function); 3499 opts = container_of(f->fi, struct fsg_opts, func_inst); 3500 3501 mutex_lock(&opts->lock); 3502 opts->refcnt--; 3503 mutex_unlock(&opts->lock); 3504 3505 kfree(fsg); 3506 } 3507 3508 static struct usb_function *fsg_alloc(struct usb_function_instance *fi) 3509 { 3510 struct fsg_opts *opts = fsg_opts_from_func_inst(fi); 3511 struct fsg_common *common = opts->common; 3512 struct fsg_dev *fsg; 3513 3514 fsg = kzalloc(sizeof(*fsg), GFP_KERNEL); 3515 if (unlikely(!fsg)) 3516 return ERR_PTR(-ENOMEM); 3517 3518 mutex_lock(&opts->lock); 3519 opts->refcnt++; 3520 mutex_unlock(&opts->lock); 3521 3522 fsg->function.name = FSG_DRIVER_DESC; 3523 fsg->function.bind = fsg_bind; 3524 fsg->function.unbind = fsg_unbind; 3525 fsg->function.setup = fsg_setup; 3526 fsg->function.set_alt = fsg_set_alt; 3527 fsg->function.disable = fsg_disable; 3528 fsg->function.free_func = fsg_free; 3529 3530 fsg->common = common; 3531 3532 return &fsg->function; 3533 } 3534 3535 DECLARE_USB_FUNCTION_INIT(mass_storage, fsg_alloc_inst, fsg_alloc); 3536 MODULE_LICENSE("GPL"); 3537 MODULE_AUTHOR("Michal Nazarewicz"); 3538 3539 /************************* Module parameters *************************/ 3540 3541 3542 void fsg_config_from_params(struct fsg_config *cfg, 3543 const struct fsg_module_parameters *params, 3544 unsigned int fsg_num_buffers) 3545 { 3546 struct fsg_lun_config *lun; 3547 unsigned i; 3548 3549 /* Configure LUNs */ 3550 cfg->nluns = 3551 min(params->luns ?: (params->file_count ?: 1u), 3552 (unsigned)FSG_MAX_LUNS); 3553 for (i = 0, lun = cfg->luns; i < cfg->nluns; ++i, ++lun) { 3554 lun->ro = !!params->ro[i]; 3555 lun->cdrom = !!params->cdrom[i]; 3556 lun->removable = !!params->removable[i]; 3557 lun->filename = 3558 params->file_count > i && params->file[i][0] 3559 ? params->file[i] 3560 : NULL; 3561 } 3562 3563 /* Let MSF use defaults */ 3564 cfg->vendor_name = NULL; 3565 cfg->product_name = NULL; 3566 3567 cfg->ops = NULL; 3568 cfg->private_data = NULL; 3569 3570 /* Finalise */ 3571 cfg->can_stall = params->stall; 3572 cfg->fsg_num_buffers = fsg_num_buffers; 3573 } 3574 EXPORT_SYMBOL_GPL(fsg_config_from_params); 3575