1 // SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause) 2 /* 3 * f_mass_storage.c -- Mass Storage USB Composite Function 4 * 5 * Copyright (C) 2003-2008 Alan Stern 6 * Copyright (C) 2009 Samsung Electronics 7 * Author: Michal Nazarewicz <mina86@mina86.com> 8 * All rights reserved. 9 */ 10 11 /* 12 * The Mass Storage Function acts as a USB Mass Storage device, 13 * appearing to the host as a disk drive or as a CD-ROM drive. In 14 * addition to providing an example of a genuinely useful composite 15 * function for a USB device, it also illustrates a technique of 16 * double-buffering for increased throughput. 17 * 18 * For more information about MSF and in particular its module 19 * parameters and sysfs interface read the 20 * <Documentation/usb/mass-storage.rst> file. 21 */ 22 23 /* 24 * MSF is configured by specifying a fsg_config structure. It has the 25 * following fields: 26 * 27 * nluns Number of LUNs function have (anywhere from 1 28 * to FSG_MAX_LUNS). 29 * luns An array of LUN configuration values. This 30 * should be filled for each LUN that 31 * function will include (ie. for "nluns" 32 * LUNs). Each element of the array has 33 * the following fields: 34 * ->filename The path to the backing file for the LUN. 35 * Required if LUN is not marked as 36 * removable. 37 * ->ro Flag specifying access to the LUN shall be 38 * read-only. This is implied if CD-ROM 39 * emulation is enabled as well as when 40 * it was impossible to open "filename" 41 * in R/W mode. 42 * ->removable Flag specifying that LUN shall be indicated as 43 * being removable. 44 * ->cdrom Flag specifying that LUN shall be reported as 45 * being a CD-ROM. 46 * ->nofua Flag specifying that FUA flag in SCSI WRITE(10,12) 47 * commands for this LUN shall be ignored. 48 * 49 * vendor_name 50 * product_name 51 * release Information used as a reply to INQUIRY 52 * request. To use default set to NULL, 53 * NULL, 0xffff respectively. The first 54 * field should be 8 and the second 16 55 * characters or less. 56 * 57 * can_stall Set to permit function to halt bulk endpoints. 58 * Disabled on some USB devices known not 59 * to work correctly. You should set it 60 * to true. 61 * 62 * If "removable" is not set for a LUN then a backing file must be 63 * specified. If it is set, then NULL filename means the LUN's medium 64 * is not loaded (an empty string as "filename" in the fsg_config 65 * structure causes error). The CD-ROM emulation includes a single 66 * data track and no audio tracks; hence there need be only one 67 * backing file per LUN. 68 * 69 * This function is heavily based on "File-backed Storage Gadget" by 70 * Alan Stern which in turn is heavily based on "Gadget Zero" by David 71 * Brownell. The driver's SCSI command interface was based on the 72 * "Information technology - Small Computer System Interface - 2" 73 * document from X3T9.2 Project 375D, Revision 10L, 7-SEP-93, 74 * available at <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>. 75 * The single exception is opcode 0x23 (READ FORMAT CAPACITIES), which 76 * was based on the "Universal Serial Bus Mass Storage Class UFI 77 * Command Specification" document, Revision 1.0, December 14, 1998, 78 * available at 79 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>. 80 */ 81 82 /* 83 * Driver Design 84 * 85 * The MSF is fairly straightforward. There is a main kernel 86 * thread that handles most of the work. Interrupt routines field 87 * callbacks from the controller driver: bulk- and interrupt-request 88 * completion notifications, endpoint-0 events, and disconnect events. 89 * Completion events are passed to the main thread by wakeup calls. Many 90 * ep0 requests are handled at interrupt time, but SetInterface, 91 * SetConfiguration, and device reset requests are forwarded to the 92 * thread in the form of "exceptions" using SIGUSR1 signals (since they 93 * should interrupt any ongoing file I/O operations). 94 * 95 * The thread's main routine implements the standard command/data/status 96 * parts of a SCSI interaction. It and its subroutines are full of tests 97 * for pending signals/exceptions -- all this polling is necessary since 98 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an 99 * indication that the driver really wants to be running in userspace.) 100 * An important point is that so long as the thread is alive it keeps an 101 * open reference to the backing file. This will prevent unmounting 102 * the backing file's underlying filesystem and could cause problems 103 * during system shutdown, for example. To prevent such problems, the 104 * thread catches INT, TERM, and KILL signals and converts them into 105 * an EXIT exception. 106 * 107 * In normal operation the main thread is started during the gadget's 108 * fsg_bind() callback and stopped during fsg_unbind(). But it can 109 * also exit when it receives a signal, and there's no point leaving 110 * the gadget running when the thread is dead. As of this moment, MSF 111 * provides no way to deregister the gadget when thread dies -- maybe 112 * a callback functions is needed. 113 * 114 * To provide maximum throughput, the driver uses a circular pipeline of 115 * buffer heads (struct fsg_buffhd). In principle the pipeline can be 116 * arbitrarily long; in practice the benefits don't justify having more 117 * than 2 stages (i.e., double buffering). But it helps to think of the 118 * pipeline as being a long one. Each buffer head contains a bulk-in and 119 * a bulk-out request pointer (since the buffer can be used for both 120 * output and input -- directions always are given from the host's 121 * point of view) as well as a pointer to the buffer and various state 122 * variables. 123 * 124 * Use of the pipeline follows a simple protocol. There is a variable 125 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use. 126 * At any time that buffer head may still be in use from an earlier 127 * request, so each buffer head has a state variable indicating whether 128 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the 129 * buffer head to be EMPTY, filling the buffer either by file I/O or by 130 * USB I/O (during which the buffer head is BUSY), and marking the buffer 131 * head FULL when the I/O is complete. Then the buffer will be emptied 132 * (again possibly by USB I/O, during which it is marked BUSY) and 133 * finally marked EMPTY again (possibly by a completion routine). 134 * 135 * A module parameter tells the driver to avoid stalling the bulk 136 * endpoints wherever the transport specification allows. This is 137 * necessary for some UDCs like the SuperH, which cannot reliably clear a 138 * halt on a bulk endpoint. However, under certain circumstances the 139 * Bulk-only specification requires a stall. In such cases the driver 140 * will halt the endpoint and set a flag indicating that it should clear 141 * the halt in software during the next device reset. Hopefully this 142 * will permit everything to work correctly. Furthermore, although the 143 * specification allows the bulk-out endpoint to halt when the host sends 144 * too much data, implementing this would cause an unavoidable race. 145 * The driver will always use the "no-stall" approach for OUT transfers. 146 * 147 * One subtle point concerns sending status-stage responses for ep0 148 * requests. Some of these requests, such as device reset, can involve 149 * interrupting an ongoing file I/O operation, which might take an 150 * arbitrarily long time. During that delay the host might give up on 151 * the original ep0 request and issue a new one. When that happens the 152 * driver should not notify the host about completion of the original 153 * request, as the host will no longer be waiting for it. So the driver 154 * assigns to each ep0 request a unique tag, and it keeps track of the 155 * tag value of the request associated with a long-running exception 156 * (device-reset, interface-change, or configuration-change). When the 157 * exception handler is finished, the status-stage response is submitted 158 * only if the current ep0 request tag is equal to the exception request 159 * tag. Thus only the most recently received ep0 request will get a 160 * status-stage response. 161 * 162 * Warning: This driver source file is too long. It ought to be split up 163 * into a header file plus about 3 separate .c files, to handle the details 164 * of the Gadget, USB Mass Storage, and SCSI protocols. 165 */ 166 167 168 /* #define VERBOSE_DEBUG */ 169 /* #define DUMP_MSGS */ 170 171 #include <linux/blkdev.h> 172 #include <linux/completion.h> 173 #include <linux/dcache.h> 174 #include <linux/delay.h> 175 #include <linux/device.h> 176 #include <linux/fcntl.h> 177 #include <linux/file.h> 178 #include <linux/fs.h> 179 #include <linux/kthread.h> 180 #include <linux/sched/signal.h> 181 #include <linux/limits.h> 182 #include <linux/pagemap.h> 183 #include <linux/rwsem.h> 184 #include <linux/slab.h> 185 #include <linux/spinlock.h> 186 #include <linux/string.h> 187 #include <linux/freezer.h> 188 #include <linux/module.h> 189 #include <linux/uaccess.h> 190 #include <asm/unaligned.h> 191 192 #include <linux/usb/ch9.h> 193 #include <linux/usb/gadget.h> 194 #include <linux/usb/composite.h> 195 196 #include <linux/nospec.h> 197 198 #include "configfs.h" 199 200 201 /*------------------------------------------------------------------------*/ 202 203 #define FSG_DRIVER_DESC "Mass Storage Function" 204 #define FSG_DRIVER_VERSION "2009/09/11" 205 206 static const char fsg_string_interface[] = "Mass Storage"; 207 208 #include "storage_common.h" 209 #include "f_mass_storage.h" 210 211 /* Static strings, in UTF-8 (for simplicity we use only ASCII characters) */ 212 static struct usb_string fsg_strings[] = { 213 {FSG_STRING_INTERFACE, fsg_string_interface}, 214 {} 215 }; 216 217 static struct usb_gadget_strings fsg_stringtab = { 218 .language = 0x0409, /* en-us */ 219 .strings = fsg_strings, 220 }; 221 222 static struct usb_gadget_strings *fsg_strings_array[] = { 223 &fsg_stringtab, 224 NULL, 225 }; 226 227 /*-------------------------------------------------------------------------*/ 228 229 struct fsg_dev; 230 struct fsg_common; 231 232 /* Data shared by all the FSG instances. */ 233 struct fsg_common { 234 struct usb_gadget *gadget; 235 struct usb_composite_dev *cdev; 236 struct fsg_dev *fsg; 237 wait_queue_head_t io_wait; 238 wait_queue_head_t fsg_wait; 239 240 /* filesem protects: backing files in use */ 241 struct rw_semaphore filesem; 242 243 /* lock protects: state and thread_task */ 244 spinlock_t lock; 245 246 struct usb_ep *ep0; /* Copy of gadget->ep0 */ 247 struct usb_request *ep0req; /* Copy of cdev->req */ 248 unsigned int ep0_req_tag; 249 250 struct fsg_buffhd *next_buffhd_to_fill; 251 struct fsg_buffhd *next_buffhd_to_drain; 252 struct fsg_buffhd *buffhds; 253 unsigned int fsg_num_buffers; 254 255 int cmnd_size; 256 u8 cmnd[MAX_COMMAND_SIZE]; 257 258 unsigned int lun; 259 struct fsg_lun *luns[FSG_MAX_LUNS]; 260 struct fsg_lun *curlun; 261 262 unsigned int bulk_out_maxpacket; 263 enum fsg_state state; /* For exception handling */ 264 unsigned int exception_req_tag; 265 void *exception_arg; 266 267 enum data_direction data_dir; 268 u32 data_size; 269 u32 data_size_from_cmnd; 270 u32 tag; 271 u32 residue; 272 u32 usb_amount_left; 273 274 unsigned int can_stall:1; 275 unsigned int free_storage_on_release:1; 276 unsigned int phase_error:1; 277 unsigned int short_packet_received:1; 278 unsigned int bad_lun_okay:1; 279 unsigned int running:1; 280 unsigned int sysfs:1; 281 282 struct completion thread_notifier; 283 struct task_struct *thread_task; 284 285 /* Gadget's private data. */ 286 void *private_data; 287 288 char inquiry_string[INQUIRY_STRING_LEN]; 289 }; 290 291 struct fsg_dev { 292 struct usb_function function; 293 struct usb_gadget *gadget; /* Copy of cdev->gadget */ 294 struct fsg_common *common; 295 296 u16 interface_number; 297 298 unsigned int bulk_in_enabled:1; 299 unsigned int bulk_out_enabled:1; 300 301 unsigned long atomic_bitflags; 302 #define IGNORE_BULK_OUT 0 303 304 struct usb_ep *bulk_in; 305 struct usb_ep *bulk_out; 306 }; 307 308 static inline int __fsg_is_set(struct fsg_common *common, 309 const char *func, unsigned line) 310 { 311 if (common->fsg) 312 return 1; 313 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line); 314 WARN_ON(1); 315 return 0; 316 } 317 318 #define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__)) 319 320 static inline struct fsg_dev *fsg_from_func(struct usb_function *f) 321 { 322 return container_of(f, struct fsg_dev, function); 323 } 324 325 static int exception_in_progress(struct fsg_common *common) 326 { 327 return common->state > FSG_STATE_NORMAL; 328 } 329 330 /* Make bulk-out requests be divisible by the maxpacket size */ 331 static void set_bulk_out_req_length(struct fsg_common *common, 332 struct fsg_buffhd *bh, unsigned int length) 333 { 334 unsigned int rem; 335 336 bh->bulk_out_intended_length = length; 337 rem = length % common->bulk_out_maxpacket; 338 if (rem > 0) 339 length += common->bulk_out_maxpacket - rem; 340 bh->outreq->length = length; 341 } 342 343 344 /*-------------------------------------------------------------------------*/ 345 346 static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep) 347 { 348 const char *name; 349 350 if (ep == fsg->bulk_in) 351 name = "bulk-in"; 352 else if (ep == fsg->bulk_out) 353 name = "bulk-out"; 354 else 355 name = ep->name; 356 DBG(fsg, "%s set halt\n", name); 357 return usb_ep_set_halt(ep); 358 } 359 360 361 /*-------------------------------------------------------------------------*/ 362 363 /* These routines may be called in process context or in_irq */ 364 365 static void __raise_exception(struct fsg_common *common, enum fsg_state new_state, 366 void *arg) 367 { 368 unsigned long flags; 369 370 /* 371 * Do nothing if a higher-priority exception is already in progress. 372 * If a lower-or-equal priority exception is in progress, preempt it 373 * and notify the main thread by sending it a signal. 374 */ 375 spin_lock_irqsave(&common->lock, flags); 376 if (common->state <= new_state) { 377 common->exception_req_tag = common->ep0_req_tag; 378 common->state = new_state; 379 common->exception_arg = arg; 380 if (common->thread_task) 381 send_sig_info(SIGUSR1, SEND_SIG_PRIV, 382 common->thread_task); 383 } 384 spin_unlock_irqrestore(&common->lock, flags); 385 } 386 387 static void raise_exception(struct fsg_common *common, enum fsg_state new_state) 388 { 389 __raise_exception(common, new_state, NULL); 390 } 391 392 /*-------------------------------------------------------------------------*/ 393 394 static int ep0_queue(struct fsg_common *common) 395 { 396 int rc; 397 398 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC); 399 common->ep0->driver_data = common; 400 if (rc != 0 && rc != -ESHUTDOWN) { 401 /* We can't do much more than wait for a reset */ 402 WARNING(common, "error in submission: %s --> %d\n", 403 common->ep0->name, rc); 404 } 405 return rc; 406 } 407 408 409 /*-------------------------------------------------------------------------*/ 410 411 /* Completion handlers. These always run in_irq. */ 412 413 static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req) 414 { 415 struct fsg_common *common = ep->driver_data; 416 struct fsg_buffhd *bh = req->context; 417 418 if (req->status || req->actual != req->length) 419 DBG(common, "%s --> %d, %u/%u\n", __func__, 420 req->status, req->actual, req->length); 421 if (req->status == -ECONNRESET) /* Request was cancelled */ 422 usb_ep_fifo_flush(ep); 423 424 /* Synchronize with the smp_load_acquire() in sleep_thread() */ 425 smp_store_release(&bh->state, BUF_STATE_EMPTY); 426 wake_up(&common->io_wait); 427 } 428 429 static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req) 430 { 431 struct fsg_common *common = ep->driver_data; 432 struct fsg_buffhd *bh = req->context; 433 434 dump_msg(common, "bulk-out", req->buf, req->actual); 435 if (req->status || req->actual != bh->bulk_out_intended_length) 436 DBG(common, "%s --> %d, %u/%u\n", __func__, 437 req->status, req->actual, bh->bulk_out_intended_length); 438 if (req->status == -ECONNRESET) /* Request was cancelled */ 439 usb_ep_fifo_flush(ep); 440 441 /* Synchronize with the smp_load_acquire() in sleep_thread() */ 442 smp_store_release(&bh->state, BUF_STATE_FULL); 443 wake_up(&common->io_wait); 444 } 445 446 static int _fsg_common_get_max_lun(struct fsg_common *common) 447 { 448 int i = ARRAY_SIZE(common->luns) - 1; 449 450 while (i >= 0 && !common->luns[i]) 451 --i; 452 453 return i; 454 } 455 456 static int fsg_setup(struct usb_function *f, 457 const struct usb_ctrlrequest *ctrl) 458 { 459 struct fsg_dev *fsg = fsg_from_func(f); 460 struct usb_request *req = fsg->common->ep0req; 461 u16 w_index = le16_to_cpu(ctrl->wIndex); 462 u16 w_value = le16_to_cpu(ctrl->wValue); 463 u16 w_length = le16_to_cpu(ctrl->wLength); 464 465 if (!fsg_is_set(fsg->common)) 466 return -EOPNOTSUPP; 467 468 ++fsg->common->ep0_req_tag; /* Record arrival of a new request */ 469 req->context = NULL; 470 req->length = 0; 471 dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl)); 472 473 switch (ctrl->bRequest) { 474 475 case US_BULK_RESET_REQUEST: 476 if (ctrl->bRequestType != 477 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 478 break; 479 if (w_index != fsg->interface_number || w_value != 0 || 480 w_length != 0) 481 return -EDOM; 482 483 /* 484 * Raise an exception to stop the current operation 485 * and reinitialize our state. 486 */ 487 DBG(fsg, "bulk reset request\n"); 488 raise_exception(fsg->common, FSG_STATE_PROTOCOL_RESET); 489 return USB_GADGET_DELAYED_STATUS; 490 491 case US_BULK_GET_MAX_LUN: 492 if (ctrl->bRequestType != 493 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 494 break; 495 if (w_index != fsg->interface_number || w_value != 0 || 496 w_length != 1) 497 return -EDOM; 498 VDBG(fsg, "get max LUN\n"); 499 *(u8 *)req->buf = _fsg_common_get_max_lun(fsg->common); 500 501 /* Respond with data/status */ 502 req->length = min((u16)1, w_length); 503 return ep0_queue(fsg->common); 504 } 505 506 VDBG(fsg, 507 "unknown class-specific control req %02x.%02x v%04x i%04x l%u\n", 508 ctrl->bRequestType, ctrl->bRequest, 509 le16_to_cpu(ctrl->wValue), w_index, w_length); 510 return -EOPNOTSUPP; 511 } 512 513 514 /*-------------------------------------------------------------------------*/ 515 516 /* All the following routines run in process context */ 517 518 /* Use this for bulk or interrupt transfers, not ep0 */ 519 static int start_transfer(struct fsg_dev *fsg, struct usb_ep *ep, 520 struct usb_request *req) 521 { 522 int rc; 523 524 if (ep == fsg->bulk_in) 525 dump_msg(fsg, "bulk-in", req->buf, req->length); 526 527 rc = usb_ep_queue(ep, req, GFP_KERNEL); 528 if (rc) { 529 530 /* We can't do much more than wait for a reset */ 531 req->status = rc; 532 533 /* 534 * Note: currently the net2280 driver fails zero-length 535 * submissions if DMA is enabled. 536 */ 537 if (rc != -ESHUTDOWN && 538 !(rc == -EOPNOTSUPP && req->length == 0)) 539 WARNING(fsg, "error in submission: %s --> %d\n", 540 ep->name, rc); 541 } 542 return rc; 543 } 544 545 static bool start_in_transfer(struct fsg_common *common, struct fsg_buffhd *bh) 546 { 547 if (!fsg_is_set(common)) 548 return false; 549 bh->state = BUF_STATE_SENDING; 550 if (start_transfer(common->fsg, common->fsg->bulk_in, bh->inreq)) 551 bh->state = BUF_STATE_EMPTY; 552 return true; 553 } 554 555 static bool start_out_transfer(struct fsg_common *common, struct fsg_buffhd *bh) 556 { 557 if (!fsg_is_set(common)) 558 return false; 559 bh->state = BUF_STATE_RECEIVING; 560 if (start_transfer(common->fsg, common->fsg->bulk_out, bh->outreq)) 561 bh->state = BUF_STATE_FULL; 562 return true; 563 } 564 565 static int sleep_thread(struct fsg_common *common, bool can_freeze, 566 struct fsg_buffhd *bh) 567 { 568 int rc; 569 570 /* Wait until a signal arrives or bh is no longer busy */ 571 if (can_freeze) 572 /* 573 * synchronize with the smp_store_release(&bh->state) in 574 * bulk_in_complete() or bulk_out_complete() 575 */ 576 rc = wait_event_freezable(common->io_wait, 577 bh && smp_load_acquire(&bh->state) >= 578 BUF_STATE_EMPTY); 579 else 580 rc = wait_event_interruptible(common->io_wait, 581 bh && smp_load_acquire(&bh->state) >= 582 BUF_STATE_EMPTY); 583 return rc ? -EINTR : 0; 584 } 585 586 587 /*-------------------------------------------------------------------------*/ 588 589 static int do_read(struct fsg_common *common) 590 { 591 struct fsg_lun *curlun = common->curlun; 592 u64 lba; 593 struct fsg_buffhd *bh; 594 int rc; 595 u32 amount_left; 596 loff_t file_offset, file_offset_tmp; 597 unsigned int amount; 598 ssize_t nread; 599 600 /* 601 * Get the starting Logical Block Address and check that it's 602 * not too big. 603 */ 604 if (common->cmnd[0] == READ_6) 605 lba = get_unaligned_be24(&common->cmnd[1]); 606 else { 607 if (common->cmnd[0] == READ_16) 608 lba = get_unaligned_be64(&common->cmnd[2]); 609 else /* READ_10 or READ_12 */ 610 lba = get_unaligned_be32(&common->cmnd[2]); 611 612 /* 613 * We allow DPO (Disable Page Out = don't save data in the 614 * cache) and FUA (Force Unit Access = don't read from the 615 * cache), but we don't implement them. 616 */ 617 if ((common->cmnd[1] & ~0x18) != 0) { 618 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 619 return -EINVAL; 620 } 621 } 622 if (lba >= curlun->num_sectors) { 623 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 624 return -EINVAL; 625 } 626 file_offset = ((loff_t) lba) << curlun->blkbits; 627 628 /* Carry out the file reads */ 629 amount_left = common->data_size_from_cmnd; 630 if (unlikely(amount_left == 0)) 631 return -EIO; /* No default reply */ 632 633 for (;;) { 634 /* 635 * Figure out how much we need to read: 636 * Try to read the remaining amount. 637 * But don't read more than the buffer size. 638 * And don't try to read past the end of the file. 639 */ 640 amount = min(amount_left, FSG_BUFLEN); 641 amount = min((loff_t)amount, 642 curlun->file_length - file_offset); 643 644 /* Wait for the next buffer to become available */ 645 bh = common->next_buffhd_to_fill; 646 rc = sleep_thread(common, false, bh); 647 if (rc) 648 return rc; 649 650 /* 651 * If we were asked to read past the end of file, 652 * end with an empty buffer. 653 */ 654 if (amount == 0) { 655 curlun->sense_data = 656 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 657 curlun->sense_data_info = 658 file_offset >> curlun->blkbits; 659 curlun->info_valid = 1; 660 bh->inreq->length = 0; 661 bh->state = BUF_STATE_FULL; 662 break; 663 } 664 665 /* Perform the read */ 666 file_offset_tmp = file_offset; 667 nread = kernel_read(curlun->filp, bh->buf, amount, 668 &file_offset_tmp); 669 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 670 (unsigned long long)file_offset, (int)nread); 671 if (signal_pending(current)) 672 return -EINTR; 673 674 if (nread < 0) { 675 LDBG(curlun, "error in file read: %d\n", (int)nread); 676 nread = 0; 677 } else if (nread < amount) { 678 LDBG(curlun, "partial file read: %d/%u\n", 679 (int)nread, amount); 680 nread = round_down(nread, curlun->blksize); 681 } 682 file_offset += nread; 683 amount_left -= nread; 684 common->residue -= nread; 685 686 /* 687 * Except at the end of the transfer, nread will be 688 * equal to the buffer size, which is divisible by the 689 * bulk-in maxpacket size. 690 */ 691 bh->inreq->length = nread; 692 bh->state = BUF_STATE_FULL; 693 694 /* If an error occurred, report it and its position */ 695 if (nread < amount) { 696 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 697 curlun->sense_data_info = 698 file_offset >> curlun->blkbits; 699 curlun->info_valid = 1; 700 break; 701 } 702 703 if (amount_left == 0) 704 break; /* No more left to read */ 705 706 /* Send this buffer and go read some more */ 707 bh->inreq->zero = 0; 708 if (!start_in_transfer(common, bh)) 709 /* Don't know what to do if common->fsg is NULL */ 710 return -EIO; 711 common->next_buffhd_to_fill = bh->next; 712 } 713 714 return -EIO; /* No default reply */ 715 } 716 717 718 /*-------------------------------------------------------------------------*/ 719 720 static int do_write(struct fsg_common *common) 721 { 722 struct fsg_lun *curlun = common->curlun; 723 u64 lba; 724 struct fsg_buffhd *bh; 725 int get_some_more; 726 u32 amount_left_to_req, amount_left_to_write; 727 loff_t usb_offset, file_offset, file_offset_tmp; 728 unsigned int amount; 729 ssize_t nwritten; 730 int rc; 731 732 if (curlun->ro) { 733 curlun->sense_data = SS_WRITE_PROTECTED; 734 return -EINVAL; 735 } 736 spin_lock(&curlun->filp->f_lock); 737 curlun->filp->f_flags &= ~O_SYNC; /* Default is not to wait */ 738 spin_unlock(&curlun->filp->f_lock); 739 740 /* 741 * Get the starting Logical Block Address and check that it's 742 * not too big 743 */ 744 if (common->cmnd[0] == WRITE_6) 745 lba = get_unaligned_be24(&common->cmnd[1]); 746 else { 747 if (common->cmnd[0] == WRITE_16) 748 lba = get_unaligned_be64(&common->cmnd[2]); 749 else /* WRITE_10 or WRITE_12 */ 750 lba = get_unaligned_be32(&common->cmnd[2]); 751 752 /* 753 * We allow DPO (Disable Page Out = don't save data in the 754 * cache) and FUA (Force Unit Access = write directly to the 755 * medium). We don't implement DPO; we implement FUA by 756 * performing synchronous output. 757 */ 758 if (common->cmnd[1] & ~0x18) { 759 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 760 return -EINVAL; 761 } 762 if (!curlun->nofua && (common->cmnd[1] & 0x08)) { /* FUA */ 763 spin_lock(&curlun->filp->f_lock); 764 curlun->filp->f_flags |= O_SYNC; 765 spin_unlock(&curlun->filp->f_lock); 766 } 767 } 768 if (lba >= curlun->num_sectors) { 769 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 770 return -EINVAL; 771 } 772 773 /* Carry out the file writes */ 774 get_some_more = 1; 775 file_offset = usb_offset = ((loff_t) lba) << curlun->blkbits; 776 amount_left_to_req = common->data_size_from_cmnd; 777 amount_left_to_write = common->data_size_from_cmnd; 778 779 while (amount_left_to_write > 0) { 780 781 /* Queue a request for more data from the host */ 782 bh = common->next_buffhd_to_fill; 783 if (bh->state == BUF_STATE_EMPTY && get_some_more) { 784 785 /* 786 * Figure out how much we want to get: 787 * Try to get the remaining amount, 788 * but not more than the buffer size. 789 */ 790 amount = min(amount_left_to_req, FSG_BUFLEN); 791 792 /* Beyond the end of the backing file? */ 793 if (usb_offset >= curlun->file_length) { 794 get_some_more = 0; 795 curlun->sense_data = 796 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 797 curlun->sense_data_info = 798 usb_offset >> curlun->blkbits; 799 curlun->info_valid = 1; 800 continue; 801 } 802 803 /* Get the next buffer */ 804 usb_offset += amount; 805 common->usb_amount_left -= amount; 806 amount_left_to_req -= amount; 807 if (amount_left_to_req == 0) 808 get_some_more = 0; 809 810 /* 811 * Except at the end of the transfer, amount will be 812 * equal to the buffer size, which is divisible by 813 * the bulk-out maxpacket size. 814 */ 815 set_bulk_out_req_length(common, bh, amount); 816 if (!start_out_transfer(common, bh)) 817 /* Dunno what to do if common->fsg is NULL */ 818 return -EIO; 819 common->next_buffhd_to_fill = bh->next; 820 continue; 821 } 822 823 /* Write the received data to the backing file */ 824 bh = common->next_buffhd_to_drain; 825 if (bh->state == BUF_STATE_EMPTY && !get_some_more) 826 break; /* We stopped early */ 827 828 /* Wait for the data to be received */ 829 rc = sleep_thread(common, false, bh); 830 if (rc) 831 return rc; 832 833 common->next_buffhd_to_drain = bh->next; 834 bh->state = BUF_STATE_EMPTY; 835 836 /* Did something go wrong with the transfer? */ 837 if (bh->outreq->status != 0) { 838 curlun->sense_data = SS_COMMUNICATION_FAILURE; 839 curlun->sense_data_info = 840 file_offset >> curlun->blkbits; 841 curlun->info_valid = 1; 842 break; 843 } 844 845 amount = bh->outreq->actual; 846 if (curlun->file_length - file_offset < amount) { 847 LERROR(curlun, "write %u @ %llu beyond end %llu\n", 848 amount, (unsigned long long)file_offset, 849 (unsigned long long)curlun->file_length); 850 amount = curlun->file_length - file_offset; 851 } 852 853 /* 854 * Don't accept excess data. The spec doesn't say 855 * what to do in this case. We'll ignore the error. 856 */ 857 amount = min(amount, bh->bulk_out_intended_length); 858 859 /* Don't write a partial block */ 860 amount = round_down(amount, curlun->blksize); 861 if (amount == 0) 862 goto empty_write; 863 864 /* Perform the write */ 865 file_offset_tmp = file_offset; 866 nwritten = kernel_write(curlun->filp, bh->buf, amount, 867 &file_offset_tmp); 868 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount, 869 (unsigned long long)file_offset, (int)nwritten); 870 if (signal_pending(current)) 871 return -EINTR; /* Interrupted! */ 872 873 if (nwritten < 0) { 874 LDBG(curlun, "error in file write: %d\n", 875 (int) nwritten); 876 nwritten = 0; 877 } else if (nwritten < amount) { 878 LDBG(curlun, "partial file write: %d/%u\n", 879 (int) nwritten, amount); 880 nwritten = round_down(nwritten, curlun->blksize); 881 } 882 file_offset += nwritten; 883 amount_left_to_write -= nwritten; 884 common->residue -= nwritten; 885 886 /* If an error occurred, report it and its position */ 887 if (nwritten < amount) { 888 curlun->sense_data = SS_WRITE_ERROR; 889 curlun->sense_data_info = 890 file_offset >> curlun->blkbits; 891 curlun->info_valid = 1; 892 break; 893 } 894 895 empty_write: 896 /* Did the host decide to stop early? */ 897 if (bh->outreq->actual < bh->bulk_out_intended_length) { 898 common->short_packet_received = 1; 899 break; 900 } 901 } 902 903 return -EIO; /* No default reply */ 904 } 905 906 907 /*-------------------------------------------------------------------------*/ 908 909 static int do_synchronize_cache(struct fsg_common *common) 910 { 911 struct fsg_lun *curlun = common->curlun; 912 int rc; 913 914 /* We ignore the requested LBA and write out all file's 915 * dirty data buffers. */ 916 rc = fsg_lun_fsync_sub(curlun); 917 if (rc) 918 curlun->sense_data = SS_WRITE_ERROR; 919 return 0; 920 } 921 922 923 /*-------------------------------------------------------------------------*/ 924 925 static void invalidate_sub(struct fsg_lun *curlun) 926 { 927 struct file *filp = curlun->filp; 928 struct inode *inode = file_inode(filp); 929 unsigned long rc; 930 931 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1); 932 VLDBG(curlun, "invalidate_mapping_pages -> %ld\n", rc); 933 } 934 935 static int do_verify(struct fsg_common *common) 936 { 937 struct fsg_lun *curlun = common->curlun; 938 u32 lba; 939 u32 verification_length; 940 struct fsg_buffhd *bh = common->next_buffhd_to_fill; 941 loff_t file_offset, file_offset_tmp; 942 u32 amount_left; 943 unsigned int amount; 944 ssize_t nread; 945 946 /* 947 * Get the starting Logical Block Address and check that it's 948 * not too big. 949 */ 950 lba = get_unaligned_be32(&common->cmnd[2]); 951 if (lba >= curlun->num_sectors) { 952 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 953 return -EINVAL; 954 } 955 956 /* 957 * We allow DPO (Disable Page Out = don't save data in the 958 * cache) but we don't implement it. 959 */ 960 if (common->cmnd[1] & ~0x10) { 961 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 962 return -EINVAL; 963 } 964 965 verification_length = get_unaligned_be16(&common->cmnd[7]); 966 if (unlikely(verification_length == 0)) 967 return -EIO; /* No default reply */ 968 969 /* Prepare to carry out the file verify */ 970 amount_left = verification_length << curlun->blkbits; 971 file_offset = ((loff_t) lba) << curlun->blkbits; 972 973 /* Write out all the dirty buffers before invalidating them */ 974 fsg_lun_fsync_sub(curlun); 975 if (signal_pending(current)) 976 return -EINTR; 977 978 invalidate_sub(curlun); 979 if (signal_pending(current)) 980 return -EINTR; 981 982 /* Just try to read the requested blocks */ 983 while (amount_left > 0) { 984 /* 985 * Figure out how much we need to read: 986 * Try to read the remaining amount, but not more than 987 * the buffer size. 988 * And don't try to read past the end of the file. 989 */ 990 amount = min(amount_left, FSG_BUFLEN); 991 amount = min((loff_t)amount, 992 curlun->file_length - file_offset); 993 if (amount == 0) { 994 curlun->sense_data = 995 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 996 curlun->sense_data_info = 997 file_offset >> curlun->blkbits; 998 curlun->info_valid = 1; 999 break; 1000 } 1001 1002 /* Perform the read */ 1003 file_offset_tmp = file_offset; 1004 nread = kernel_read(curlun->filp, bh->buf, amount, 1005 &file_offset_tmp); 1006 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 1007 (unsigned long long) file_offset, 1008 (int) nread); 1009 if (signal_pending(current)) 1010 return -EINTR; 1011 1012 if (nread < 0) { 1013 LDBG(curlun, "error in file verify: %d\n", (int)nread); 1014 nread = 0; 1015 } else if (nread < amount) { 1016 LDBG(curlun, "partial file verify: %d/%u\n", 1017 (int)nread, amount); 1018 nread = round_down(nread, curlun->blksize); 1019 } 1020 if (nread == 0) { 1021 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 1022 curlun->sense_data_info = 1023 file_offset >> curlun->blkbits; 1024 curlun->info_valid = 1; 1025 break; 1026 } 1027 file_offset += nread; 1028 amount_left -= nread; 1029 } 1030 return 0; 1031 } 1032 1033 1034 /*-------------------------------------------------------------------------*/ 1035 1036 static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh) 1037 { 1038 struct fsg_lun *curlun = common->curlun; 1039 u8 *buf = (u8 *) bh->buf; 1040 1041 if (!curlun) { /* Unsupported LUNs are okay */ 1042 common->bad_lun_okay = 1; 1043 memset(buf, 0, 36); 1044 buf[0] = TYPE_NO_LUN; /* Unsupported, no device-type */ 1045 buf[4] = 31; /* Additional length */ 1046 return 36; 1047 } 1048 1049 buf[0] = curlun->cdrom ? TYPE_ROM : TYPE_DISK; 1050 buf[1] = curlun->removable ? 0x80 : 0; 1051 buf[2] = 2; /* ANSI SCSI level 2 */ 1052 buf[3] = 2; /* SCSI-2 INQUIRY data format */ 1053 buf[4] = 31; /* Additional length */ 1054 buf[5] = 0; /* No special options */ 1055 buf[6] = 0; 1056 buf[7] = 0; 1057 if (curlun->inquiry_string[0]) 1058 memcpy(buf + 8, curlun->inquiry_string, 1059 sizeof(curlun->inquiry_string)); 1060 else 1061 memcpy(buf + 8, common->inquiry_string, 1062 sizeof(common->inquiry_string)); 1063 return 36; 1064 } 1065 1066 static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh) 1067 { 1068 struct fsg_lun *curlun = common->curlun; 1069 u8 *buf = (u8 *) bh->buf; 1070 u32 sd, sdinfo; 1071 int valid; 1072 1073 /* 1074 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 1075 * 1076 * If a REQUEST SENSE command is received from an initiator 1077 * with a pending unit attention condition (before the target 1078 * generates the contingent allegiance condition), then the 1079 * target shall either: 1080 * a) report any pending sense data and preserve the unit 1081 * attention condition on the logical unit, or, 1082 * b) report the unit attention condition, may discard any 1083 * pending sense data, and clear the unit attention 1084 * condition on the logical unit for that initiator. 1085 * 1086 * FSG normally uses option a); enable this code to use option b). 1087 */ 1088 #if 0 1089 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) { 1090 curlun->sense_data = curlun->unit_attention_data; 1091 curlun->unit_attention_data = SS_NO_SENSE; 1092 } 1093 #endif 1094 1095 if (!curlun) { /* Unsupported LUNs are okay */ 1096 common->bad_lun_okay = 1; 1097 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1098 sdinfo = 0; 1099 valid = 0; 1100 } else { 1101 sd = curlun->sense_data; 1102 sdinfo = curlun->sense_data_info; 1103 valid = curlun->info_valid << 7; 1104 curlun->sense_data = SS_NO_SENSE; 1105 curlun->sense_data_info = 0; 1106 curlun->info_valid = 0; 1107 } 1108 1109 memset(buf, 0, 18); 1110 buf[0] = valid | 0x70; /* Valid, current error */ 1111 buf[2] = SK(sd); 1112 put_unaligned_be32(sdinfo, &buf[3]); /* Sense information */ 1113 buf[7] = 18 - 8; /* Additional sense length */ 1114 buf[12] = ASC(sd); 1115 buf[13] = ASCQ(sd); 1116 return 18; 1117 } 1118 1119 static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh) 1120 { 1121 struct fsg_lun *curlun = common->curlun; 1122 u32 lba = get_unaligned_be32(&common->cmnd[2]); 1123 int pmi = common->cmnd[8]; 1124 u8 *buf = (u8 *)bh->buf; 1125 u32 max_lba; 1126 1127 /* Check the PMI and LBA fields */ 1128 if (pmi > 1 || (pmi == 0 && lba != 0)) { 1129 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1130 return -EINVAL; 1131 } 1132 1133 if (curlun->num_sectors < 0x100000000ULL) 1134 max_lba = curlun->num_sectors - 1; 1135 else 1136 max_lba = 0xffffffff; 1137 put_unaligned_be32(max_lba, &buf[0]); /* Max logical block */ 1138 put_unaligned_be32(curlun->blksize, &buf[4]); /* Block length */ 1139 return 8; 1140 } 1141 1142 static int do_read_capacity_16(struct fsg_common *common, struct fsg_buffhd *bh) 1143 { 1144 struct fsg_lun *curlun = common->curlun; 1145 u64 lba = get_unaligned_be64(&common->cmnd[2]); 1146 int pmi = common->cmnd[14]; 1147 u8 *buf = (u8 *)bh->buf; 1148 1149 /* Check the PMI and LBA fields */ 1150 if (pmi > 1 || (pmi == 0 && lba != 0)) { 1151 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1152 return -EINVAL; 1153 } 1154 1155 put_unaligned_be64(curlun->num_sectors - 1, &buf[0]); 1156 /* Max logical block */ 1157 put_unaligned_be32(curlun->blksize, &buf[8]); /* Block length */ 1158 1159 /* It is safe to keep other fields zeroed */ 1160 memset(&buf[12], 0, 32 - 12); 1161 return 32; 1162 } 1163 1164 static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh) 1165 { 1166 struct fsg_lun *curlun = common->curlun; 1167 int msf = common->cmnd[1] & 0x02; 1168 u32 lba = get_unaligned_be32(&common->cmnd[2]); 1169 u8 *buf = (u8 *)bh->buf; 1170 1171 if (common->cmnd[1] & ~0x02) { /* Mask away MSF */ 1172 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1173 return -EINVAL; 1174 } 1175 if (lba >= curlun->num_sectors) { 1176 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1177 return -EINVAL; 1178 } 1179 1180 memset(buf, 0, 8); 1181 buf[0] = 0x01; /* 2048 bytes of user data, rest is EC */ 1182 store_cdrom_address(&buf[4], msf, lba); 1183 return 8; 1184 } 1185 1186 static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh) 1187 { 1188 struct fsg_lun *curlun = common->curlun; 1189 int msf = common->cmnd[1] & 0x02; 1190 int start_track = common->cmnd[6]; 1191 u8 *buf = (u8 *)bh->buf; 1192 1193 if ((common->cmnd[1] & ~0x02) != 0 || /* Mask away MSF */ 1194 start_track > 1) { 1195 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1196 return -EINVAL; 1197 } 1198 1199 memset(buf, 0, 20); 1200 buf[1] = (20-2); /* TOC data length */ 1201 buf[2] = 1; /* First track number */ 1202 buf[3] = 1; /* Last track number */ 1203 buf[5] = 0x16; /* Data track, copying allowed */ 1204 buf[6] = 0x01; /* Only track is number 1 */ 1205 store_cdrom_address(&buf[8], msf, 0); 1206 1207 buf[13] = 0x16; /* Lead-out track is data */ 1208 buf[14] = 0xAA; /* Lead-out track number */ 1209 store_cdrom_address(&buf[16], msf, curlun->num_sectors); 1210 return 20; 1211 } 1212 1213 static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh) 1214 { 1215 struct fsg_lun *curlun = common->curlun; 1216 int mscmnd = common->cmnd[0]; 1217 u8 *buf = (u8 *) bh->buf; 1218 u8 *buf0 = buf; 1219 int pc, page_code; 1220 int changeable_values, all_pages; 1221 int valid_page = 0; 1222 int len, limit; 1223 1224 if ((common->cmnd[1] & ~0x08) != 0) { /* Mask away DBD */ 1225 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1226 return -EINVAL; 1227 } 1228 pc = common->cmnd[2] >> 6; 1229 page_code = common->cmnd[2] & 0x3f; 1230 if (pc == 3) { 1231 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 1232 return -EINVAL; 1233 } 1234 changeable_values = (pc == 1); 1235 all_pages = (page_code == 0x3f); 1236 1237 /* 1238 * Write the mode parameter header. Fixed values are: default 1239 * medium type, no cache control (DPOFUA), and no block descriptors. 1240 * The only variable value is the WriteProtect bit. We will fill in 1241 * the mode data length later. 1242 */ 1243 memset(buf, 0, 8); 1244 if (mscmnd == MODE_SENSE) { 1245 buf[2] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */ 1246 buf += 4; 1247 limit = 255; 1248 } else { /* MODE_SENSE_10 */ 1249 buf[3] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */ 1250 buf += 8; 1251 limit = 65535; /* Should really be FSG_BUFLEN */ 1252 } 1253 1254 /* No block descriptors */ 1255 1256 /* 1257 * The mode pages, in numerical order. The only page we support 1258 * is the Caching page. 1259 */ 1260 if (page_code == 0x08 || all_pages) { 1261 valid_page = 1; 1262 buf[0] = 0x08; /* Page code */ 1263 buf[1] = 10; /* Page length */ 1264 memset(buf+2, 0, 10); /* None of the fields are changeable */ 1265 1266 if (!changeable_values) { 1267 buf[2] = 0x04; /* Write cache enable, */ 1268 /* Read cache not disabled */ 1269 /* No cache retention priorities */ 1270 put_unaligned_be16(0xffff, &buf[4]); 1271 /* Don't disable prefetch */ 1272 /* Minimum prefetch = 0 */ 1273 put_unaligned_be16(0xffff, &buf[8]); 1274 /* Maximum prefetch */ 1275 put_unaligned_be16(0xffff, &buf[10]); 1276 /* Maximum prefetch ceiling */ 1277 } 1278 buf += 12; 1279 } 1280 1281 /* 1282 * Check that a valid page was requested and the mode data length 1283 * isn't too long. 1284 */ 1285 len = buf - buf0; 1286 if (!valid_page || len > limit) { 1287 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1288 return -EINVAL; 1289 } 1290 1291 /* Store the mode data length */ 1292 if (mscmnd == MODE_SENSE) 1293 buf0[0] = len - 1; 1294 else 1295 put_unaligned_be16(len - 2, buf0); 1296 return len; 1297 } 1298 1299 static int do_start_stop(struct fsg_common *common) 1300 { 1301 struct fsg_lun *curlun = common->curlun; 1302 int loej, start; 1303 1304 if (!curlun) { 1305 return -EINVAL; 1306 } else if (!curlun->removable) { 1307 curlun->sense_data = SS_INVALID_COMMAND; 1308 return -EINVAL; 1309 } else if ((common->cmnd[1] & ~0x01) != 0 || /* Mask away Immed */ 1310 (common->cmnd[4] & ~0x03) != 0) { /* Mask LoEj, Start */ 1311 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1312 return -EINVAL; 1313 } 1314 1315 loej = common->cmnd[4] & 0x02; 1316 start = common->cmnd[4] & 0x01; 1317 1318 /* 1319 * Our emulation doesn't support mounting; the medium is 1320 * available for use as soon as it is loaded. 1321 */ 1322 if (start) { 1323 if (!fsg_lun_is_open(curlun)) { 1324 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1325 return -EINVAL; 1326 } 1327 return 0; 1328 } 1329 1330 /* Are we allowed to unload the media? */ 1331 if (curlun->prevent_medium_removal) { 1332 LDBG(curlun, "unload attempt prevented\n"); 1333 curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED; 1334 return -EINVAL; 1335 } 1336 1337 if (!loej) 1338 return 0; 1339 1340 up_read(&common->filesem); 1341 down_write(&common->filesem); 1342 fsg_lun_close(curlun); 1343 up_write(&common->filesem); 1344 down_read(&common->filesem); 1345 1346 return 0; 1347 } 1348 1349 static int do_prevent_allow(struct fsg_common *common) 1350 { 1351 struct fsg_lun *curlun = common->curlun; 1352 int prevent; 1353 1354 if (!common->curlun) { 1355 return -EINVAL; 1356 } else if (!common->curlun->removable) { 1357 common->curlun->sense_data = SS_INVALID_COMMAND; 1358 return -EINVAL; 1359 } 1360 1361 prevent = common->cmnd[4] & 0x01; 1362 if ((common->cmnd[4] & ~0x01) != 0) { /* Mask away Prevent */ 1363 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1364 return -EINVAL; 1365 } 1366 1367 if (curlun->prevent_medium_removal && !prevent) 1368 fsg_lun_fsync_sub(curlun); 1369 curlun->prevent_medium_removal = prevent; 1370 return 0; 1371 } 1372 1373 static int do_read_format_capacities(struct fsg_common *common, 1374 struct fsg_buffhd *bh) 1375 { 1376 struct fsg_lun *curlun = common->curlun; 1377 u8 *buf = (u8 *) bh->buf; 1378 1379 buf[0] = buf[1] = buf[2] = 0; 1380 buf[3] = 8; /* Only the Current/Maximum Capacity Descriptor */ 1381 buf += 4; 1382 1383 put_unaligned_be32(curlun->num_sectors, &buf[0]); 1384 /* Number of blocks */ 1385 put_unaligned_be32(curlun->blksize, &buf[4]);/* Block length */ 1386 buf[4] = 0x02; /* Current capacity */ 1387 return 12; 1388 } 1389 1390 static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh) 1391 { 1392 struct fsg_lun *curlun = common->curlun; 1393 1394 /* We don't support MODE SELECT */ 1395 if (curlun) 1396 curlun->sense_data = SS_INVALID_COMMAND; 1397 return -EINVAL; 1398 } 1399 1400 1401 /*-------------------------------------------------------------------------*/ 1402 1403 static int halt_bulk_in_endpoint(struct fsg_dev *fsg) 1404 { 1405 int rc; 1406 1407 rc = fsg_set_halt(fsg, fsg->bulk_in); 1408 if (rc == -EAGAIN) 1409 VDBG(fsg, "delayed bulk-in endpoint halt\n"); 1410 while (rc != 0) { 1411 if (rc != -EAGAIN) { 1412 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc); 1413 rc = 0; 1414 break; 1415 } 1416 1417 /* Wait for a short time and then try again */ 1418 if (msleep_interruptible(100) != 0) 1419 return -EINTR; 1420 rc = usb_ep_set_halt(fsg->bulk_in); 1421 } 1422 return rc; 1423 } 1424 1425 static int wedge_bulk_in_endpoint(struct fsg_dev *fsg) 1426 { 1427 int rc; 1428 1429 DBG(fsg, "bulk-in set wedge\n"); 1430 rc = usb_ep_set_wedge(fsg->bulk_in); 1431 if (rc == -EAGAIN) 1432 VDBG(fsg, "delayed bulk-in endpoint wedge\n"); 1433 while (rc != 0) { 1434 if (rc != -EAGAIN) { 1435 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc); 1436 rc = 0; 1437 break; 1438 } 1439 1440 /* Wait for a short time and then try again */ 1441 if (msleep_interruptible(100) != 0) 1442 return -EINTR; 1443 rc = usb_ep_set_wedge(fsg->bulk_in); 1444 } 1445 return rc; 1446 } 1447 1448 static int throw_away_data(struct fsg_common *common) 1449 { 1450 struct fsg_buffhd *bh, *bh2; 1451 u32 amount; 1452 int rc; 1453 1454 for (bh = common->next_buffhd_to_drain; 1455 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0; 1456 bh = common->next_buffhd_to_drain) { 1457 1458 /* Try to submit another request if we need one */ 1459 bh2 = common->next_buffhd_to_fill; 1460 if (bh2->state == BUF_STATE_EMPTY && 1461 common->usb_amount_left > 0) { 1462 amount = min(common->usb_amount_left, FSG_BUFLEN); 1463 1464 /* 1465 * Except at the end of the transfer, amount will be 1466 * equal to the buffer size, which is divisible by 1467 * the bulk-out maxpacket size. 1468 */ 1469 set_bulk_out_req_length(common, bh2, amount); 1470 if (!start_out_transfer(common, bh2)) 1471 /* Dunno what to do if common->fsg is NULL */ 1472 return -EIO; 1473 common->next_buffhd_to_fill = bh2->next; 1474 common->usb_amount_left -= amount; 1475 continue; 1476 } 1477 1478 /* Wait for the data to be received */ 1479 rc = sleep_thread(common, false, bh); 1480 if (rc) 1481 return rc; 1482 1483 /* Throw away the data in a filled buffer */ 1484 bh->state = BUF_STATE_EMPTY; 1485 common->next_buffhd_to_drain = bh->next; 1486 1487 /* A short packet or an error ends everything */ 1488 if (bh->outreq->actual < bh->bulk_out_intended_length || 1489 bh->outreq->status != 0) { 1490 raise_exception(common, FSG_STATE_ABORT_BULK_OUT); 1491 return -EINTR; 1492 } 1493 } 1494 return 0; 1495 } 1496 1497 static int finish_reply(struct fsg_common *common) 1498 { 1499 struct fsg_buffhd *bh = common->next_buffhd_to_fill; 1500 int rc = 0; 1501 1502 switch (common->data_dir) { 1503 case DATA_DIR_NONE: 1504 break; /* Nothing to send */ 1505 1506 /* 1507 * If we don't know whether the host wants to read or write, 1508 * this must be CB or CBI with an unknown command. We mustn't 1509 * try to send or receive any data. So stall both bulk pipes 1510 * if we can and wait for a reset. 1511 */ 1512 case DATA_DIR_UNKNOWN: 1513 if (!common->can_stall) { 1514 /* Nothing */ 1515 } else if (fsg_is_set(common)) { 1516 fsg_set_halt(common->fsg, common->fsg->bulk_out); 1517 rc = halt_bulk_in_endpoint(common->fsg); 1518 } else { 1519 /* Don't know what to do if common->fsg is NULL */ 1520 rc = -EIO; 1521 } 1522 break; 1523 1524 /* All but the last buffer of data must have already been sent */ 1525 case DATA_DIR_TO_HOST: 1526 if (common->data_size == 0) { 1527 /* Nothing to send */ 1528 1529 /* Don't know what to do if common->fsg is NULL */ 1530 } else if (!fsg_is_set(common)) { 1531 rc = -EIO; 1532 1533 /* If there's no residue, simply send the last buffer */ 1534 } else if (common->residue == 0) { 1535 bh->inreq->zero = 0; 1536 if (!start_in_transfer(common, bh)) 1537 return -EIO; 1538 common->next_buffhd_to_fill = bh->next; 1539 1540 /* 1541 * For Bulk-only, mark the end of the data with a short 1542 * packet. If we are allowed to stall, halt the bulk-in 1543 * endpoint. (Note: This violates the Bulk-Only Transport 1544 * specification, which requires us to pad the data if we 1545 * don't halt the endpoint. Presumably nobody will mind.) 1546 */ 1547 } else { 1548 bh->inreq->zero = 1; 1549 if (!start_in_transfer(common, bh)) 1550 rc = -EIO; 1551 common->next_buffhd_to_fill = bh->next; 1552 if (common->can_stall) 1553 rc = halt_bulk_in_endpoint(common->fsg); 1554 } 1555 break; 1556 1557 /* 1558 * We have processed all we want from the data the host has sent. 1559 * There may still be outstanding bulk-out requests. 1560 */ 1561 case DATA_DIR_FROM_HOST: 1562 if (common->residue == 0) { 1563 /* Nothing to receive */ 1564 1565 /* Did the host stop sending unexpectedly early? */ 1566 } else if (common->short_packet_received) { 1567 raise_exception(common, FSG_STATE_ABORT_BULK_OUT); 1568 rc = -EINTR; 1569 1570 /* 1571 * We haven't processed all the incoming data. Even though 1572 * we may be allowed to stall, doing so would cause a race. 1573 * The controller may already have ACK'ed all the remaining 1574 * bulk-out packets, in which case the host wouldn't see a 1575 * STALL. Not realizing the endpoint was halted, it wouldn't 1576 * clear the halt -- leading to problems later on. 1577 */ 1578 #if 0 1579 } else if (common->can_stall) { 1580 if (fsg_is_set(common)) 1581 fsg_set_halt(common->fsg, 1582 common->fsg->bulk_out); 1583 raise_exception(common, FSG_STATE_ABORT_BULK_OUT); 1584 rc = -EINTR; 1585 #endif 1586 1587 /* 1588 * We can't stall. Read in the excess data and throw it 1589 * all away. 1590 */ 1591 } else { 1592 rc = throw_away_data(common); 1593 } 1594 break; 1595 } 1596 return rc; 1597 } 1598 1599 static void send_status(struct fsg_common *common) 1600 { 1601 struct fsg_lun *curlun = common->curlun; 1602 struct fsg_buffhd *bh; 1603 struct bulk_cs_wrap *csw; 1604 int rc; 1605 u8 status = US_BULK_STAT_OK; 1606 u32 sd, sdinfo = 0; 1607 1608 /* Wait for the next buffer to become available */ 1609 bh = common->next_buffhd_to_fill; 1610 rc = sleep_thread(common, false, bh); 1611 if (rc) 1612 return; 1613 1614 if (curlun) { 1615 sd = curlun->sense_data; 1616 sdinfo = curlun->sense_data_info; 1617 } else if (common->bad_lun_okay) 1618 sd = SS_NO_SENSE; 1619 else 1620 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1621 1622 if (common->phase_error) { 1623 DBG(common, "sending phase-error status\n"); 1624 status = US_BULK_STAT_PHASE; 1625 sd = SS_INVALID_COMMAND; 1626 } else if (sd != SS_NO_SENSE) { 1627 DBG(common, "sending command-failure status\n"); 1628 status = US_BULK_STAT_FAIL; 1629 VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;" 1630 " info x%x\n", 1631 SK(sd), ASC(sd), ASCQ(sd), sdinfo); 1632 } 1633 1634 /* Store and send the Bulk-only CSW */ 1635 csw = (void *)bh->buf; 1636 1637 csw->Signature = cpu_to_le32(US_BULK_CS_SIGN); 1638 csw->Tag = common->tag; 1639 csw->Residue = cpu_to_le32(common->residue); 1640 csw->Status = status; 1641 1642 bh->inreq->length = US_BULK_CS_WRAP_LEN; 1643 bh->inreq->zero = 0; 1644 if (!start_in_transfer(common, bh)) 1645 /* Don't know what to do if common->fsg is NULL */ 1646 return; 1647 1648 common->next_buffhd_to_fill = bh->next; 1649 return; 1650 } 1651 1652 1653 /*-------------------------------------------------------------------------*/ 1654 1655 /* 1656 * Check whether the command is properly formed and whether its data size 1657 * and direction agree with the values we already have. 1658 */ 1659 static int check_command(struct fsg_common *common, int cmnd_size, 1660 enum data_direction data_dir, unsigned int mask, 1661 int needs_medium, const char *name) 1662 { 1663 int i; 1664 unsigned int lun = common->cmnd[1] >> 5; 1665 static const char dirletter[4] = {'u', 'o', 'i', 'n'}; 1666 char hdlen[20]; 1667 struct fsg_lun *curlun; 1668 1669 hdlen[0] = 0; 1670 if (common->data_dir != DATA_DIR_UNKNOWN) 1671 sprintf(hdlen, ", H%c=%u", dirletter[(int) common->data_dir], 1672 common->data_size); 1673 VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n", 1674 name, cmnd_size, dirletter[(int) data_dir], 1675 common->data_size_from_cmnd, common->cmnd_size, hdlen); 1676 1677 /* 1678 * We can't reply at all until we know the correct data direction 1679 * and size. 1680 */ 1681 if (common->data_size_from_cmnd == 0) 1682 data_dir = DATA_DIR_NONE; 1683 if (common->data_size < common->data_size_from_cmnd) { 1684 /* 1685 * Host data size < Device data size is a phase error. 1686 * Carry out the command, but only transfer as much as 1687 * we are allowed. 1688 */ 1689 common->data_size_from_cmnd = common->data_size; 1690 common->phase_error = 1; 1691 } 1692 common->residue = common->data_size; 1693 common->usb_amount_left = common->data_size; 1694 1695 /* Conflicting data directions is a phase error */ 1696 if (common->data_dir != data_dir && common->data_size_from_cmnd > 0) { 1697 common->phase_error = 1; 1698 return -EINVAL; 1699 } 1700 1701 /* Verify the length of the command itself */ 1702 if (cmnd_size != common->cmnd_size) { 1703 1704 /* 1705 * Special case workaround: There are plenty of buggy SCSI 1706 * implementations. Many have issues with cbw->Length 1707 * field passing a wrong command size. For those cases we 1708 * always try to work around the problem by using the length 1709 * sent by the host side provided it is at least as large 1710 * as the correct command length. 1711 * Examples of such cases would be MS-Windows, which issues 1712 * REQUEST SENSE with cbw->Length == 12 where it should 1713 * be 6, and xbox360 issuing INQUIRY, TEST UNIT READY and 1714 * REQUEST SENSE with cbw->Length == 10 where it should 1715 * be 6 as well. 1716 */ 1717 if (cmnd_size <= common->cmnd_size) { 1718 DBG(common, "%s is buggy! Expected length %d " 1719 "but we got %d\n", name, 1720 cmnd_size, common->cmnd_size); 1721 cmnd_size = common->cmnd_size; 1722 } else { 1723 common->phase_error = 1; 1724 return -EINVAL; 1725 } 1726 } 1727 1728 /* Check that the LUN values are consistent */ 1729 if (common->lun != lun) 1730 DBG(common, "using LUN %u from CBW, not LUN %u from CDB\n", 1731 common->lun, lun); 1732 1733 /* Check the LUN */ 1734 curlun = common->curlun; 1735 if (curlun) { 1736 if (common->cmnd[0] != REQUEST_SENSE) { 1737 curlun->sense_data = SS_NO_SENSE; 1738 curlun->sense_data_info = 0; 1739 curlun->info_valid = 0; 1740 } 1741 } else { 1742 common->bad_lun_okay = 0; 1743 1744 /* 1745 * INQUIRY and REQUEST SENSE commands are explicitly allowed 1746 * to use unsupported LUNs; all others may not. 1747 */ 1748 if (common->cmnd[0] != INQUIRY && 1749 common->cmnd[0] != REQUEST_SENSE) { 1750 DBG(common, "unsupported LUN %u\n", common->lun); 1751 return -EINVAL; 1752 } 1753 } 1754 1755 /* 1756 * If a unit attention condition exists, only INQUIRY and 1757 * REQUEST SENSE commands are allowed; anything else must fail. 1758 */ 1759 if (curlun && curlun->unit_attention_data != SS_NO_SENSE && 1760 common->cmnd[0] != INQUIRY && 1761 common->cmnd[0] != REQUEST_SENSE) { 1762 curlun->sense_data = curlun->unit_attention_data; 1763 curlun->unit_attention_data = SS_NO_SENSE; 1764 return -EINVAL; 1765 } 1766 1767 /* Check that only command bytes listed in the mask are non-zero */ 1768 common->cmnd[1] &= 0x1f; /* Mask away the LUN */ 1769 for (i = 1; i < cmnd_size; ++i) { 1770 if (common->cmnd[i] && !(mask & (1 << i))) { 1771 if (curlun) 1772 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1773 return -EINVAL; 1774 } 1775 } 1776 1777 /* If the medium isn't mounted and the command needs to access 1778 * it, return an error. */ 1779 if (curlun && !fsg_lun_is_open(curlun) && needs_medium) { 1780 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1781 return -EINVAL; 1782 } 1783 1784 return 0; 1785 } 1786 1787 /* wrapper of check_command for data size in blocks handling */ 1788 static int check_command_size_in_blocks(struct fsg_common *common, 1789 int cmnd_size, enum data_direction data_dir, 1790 unsigned int mask, int needs_medium, const char *name) 1791 { 1792 if (common->curlun) 1793 common->data_size_from_cmnd <<= common->curlun->blkbits; 1794 return check_command(common, cmnd_size, data_dir, 1795 mask, needs_medium, name); 1796 } 1797 1798 static int do_scsi_command(struct fsg_common *common) 1799 { 1800 struct fsg_buffhd *bh; 1801 int rc; 1802 int reply = -EINVAL; 1803 int i; 1804 static char unknown[16]; 1805 1806 dump_cdb(common); 1807 1808 /* Wait for the next buffer to become available for data or status */ 1809 bh = common->next_buffhd_to_fill; 1810 common->next_buffhd_to_drain = bh; 1811 rc = sleep_thread(common, false, bh); 1812 if (rc) 1813 return rc; 1814 1815 common->phase_error = 0; 1816 common->short_packet_received = 0; 1817 1818 down_read(&common->filesem); /* We're using the backing file */ 1819 switch (common->cmnd[0]) { 1820 1821 case INQUIRY: 1822 common->data_size_from_cmnd = common->cmnd[4]; 1823 reply = check_command(common, 6, DATA_DIR_TO_HOST, 1824 (1<<4), 0, 1825 "INQUIRY"); 1826 if (reply == 0) 1827 reply = do_inquiry(common, bh); 1828 break; 1829 1830 case MODE_SELECT: 1831 common->data_size_from_cmnd = common->cmnd[4]; 1832 reply = check_command(common, 6, DATA_DIR_FROM_HOST, 1833 (1<<1) | (1<<4), 0, 1834 "MODE SELECT(6)"); 1835 if (reply == 0) 1836 reply = do_mode_select(common, bh); 1837 break; 1838 1839 case MODE_SELECT_10: 1840 common->data_size_from_cmnd = 1841 get_unaligned_be16(&common->cmnd[7]); 1842 reply = check_command(common, 10, DATA_DIR_FROM_HOST, 1843 (1<<1) | (3<<7), 0, 1844 "MODE SELECT(10)"); 1845 if (reply == 0) 1846 reply = do_mode_select(common, bh); 1847 break; 1848 1849 case MODE_SENSE: 1850 common->data_size_from_cmnd = common->cmnd[4]; 1851 reply = check_command(common, 6, DATA_DIR_TO_HOST, 1852 (1<<1) | (1<<2) | (1<<4), 0, 1853 "MODE SENSE(6)"); 1854 if (reply == 0) 1855 reply = do_mode_sense(common, bh); 1856 break; 1857 1858 case MODE_SENSE_10: 1859 common->data_size_from_cmnd = 1860 get_unaligned_be16(&common->cmnd[7]); 1861 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1862 (1<<1) | (1<<2) | (3<<7), 0, 1863 "MODE SENSE(10)"); 1864 if (reply == 0) 1865 reply = do_mode_sense(common, bh); 1866 break; 1867 1868 case ALLOW_MEDIUM_REMOVAL: 1869 common->data_size_from_cmnd = 0; 1870 reply = check_command(common, 6, DATA_DIR_NONE, 1871 (1<<4), 0, 1872 "PREVENT-ALLOW MEDIUM REMOVAL"); 1873 if (reply == 0) 1874 reply = do_prevent_allow(common); 1875 break; 1876 1877 case READ_6: 1878 i = common->cmnd[4]; 1879 common->data_size_from_cmnd = (i == 0) ? 256 : i; 1880 reply = check_command_size_in_blocks(common, 6, 1881 DATA_DIR_TO_HOST, 1882 (7<<1) | (1<<4), 1, 1883 "READ(6)"); 1884 if (reply == 0) 1885 reply = do_read(common); 1886 break; 1887 1888 case READ_10: 1889 common->data_size_from_cmnd = 1890 get_unaligned_be16(&common->cmnd[7]); 1891 reply = check_command_size_in_blocks(common, 10, 1892 DATA_DIR_TO_HOST, 1893 (1<<1) | (0xf<<2) | (3<<7), 1, 1894 "READ(10)"); 1895 if (reply == 0) 1896 reply = do_read(common); 1897 break; 1898 1899 case READ_12: 1900 common->data_size_from_cmnd = 1901 get_unaligned_be32(&common->cmnd[6]); 1902 reply = check_command_size_in_blocks(common, 12, 1903 DATA_DIR_TO_HOST, 1904 (1<<1) | (0xf<<2) | (0xf<<6), 1, 1905 "READ(12)"); 1906 if (reply == 0) 1907 reply = do_read(common); 1908 break; 1909 1910 case READ_16: 1911 common->data_size_from_cmnd = 1912 get_unaligned_be32(&common->cmnd[10]); 1913 reply = check_command_size_in_blocks(common, 16, 1914 DATA_DIR_TO_HOST, 1915 (1<<1) | (0xff<<2) | (0xf<<10), 1, 1916 "READ(16)"); 1917 if (reply == 0) 1918 reply = do_read(common); 1919 break; 1920 1921 case READ_CAPACITY: 1922 common->data_size_from_cmnd = 8; 1923 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1924 (0xf<<2) | (1<<8), 1, 1925 "READ CAPACITY"); 1926 if (reply == 0) 1927 reply = do_read_capacity(common, bh); 1928 break; 1929 1930 case READ_HEADER: 1931 if (!common->curlun || !common->curlun->cdrom) 1932 goto unknown_cmnd; 1933 common->data_size_from_cmnd = 1934 get_unaligned_be16(&common->cmnd[7]); 1935 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1936 (3<<7) | (0x1f<<1), 1, 1937 "READ HEADER"); 1938 if (reply == 0) 1939 reply = do_read_header(common, bh); 1940 break; 1941 1942 case READ_TOC: 1943 if (!common->curlun || !common->curlun->cdrom) 1944 goto unknown_cmnd; 1945 common->data_size_from_cmnd = 1946 get_unaligned_be16(&common->cmnd[7]); 1947 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1948 (7<<6) | (1<<1), 1, 1949 "READ TOC"); 1950 if (reply == 0) 1951 reply = do_read_toc(common, bh); 1952 break; 1953 1954 case READ_FORMAT_CAPACITIES: 1955 common->data_size_from_cmnd = 1956 get_unaligned_be16(&common->cmnd[7]); 1957 reply = check_command(common, 10, DATA_DIR_TO_HOST, 1958 (3<<7), 1, 1959 "READ FORMAT CAPACITIES"); 1960 if (reply == 0) 1961 reply = do_read_format_capacities(common, bh); 1962 break; 1963 1964 case REQUEST_SENSE: 1965 common->data_size_from_cmnd = common->cmnd[4]; 1966 reply = check_command(common, 6, DATA_DIR_TO_HOST, 1967 (1<<4), 0, 1968 "REQUEST SENSE"); 1969 if (reply == 0) 1970 reply = do_request_sense(common, bh); 1971 break; 1972 1973 case SERVICE_ACTION_IN_16: 1974 switch (common->cmnd[1] & 0x1f) { 1975 1976 case SAI_READ_CAPACITY_16: 1977 common->data_size_from_cmnd = 1978 get_unaligned_be32(&common->cmnd[10]); 1979 reply = check_command(common, 16, DATA_DIR_TO_HOST, 1980 (1<<1) | (0xff<<2) | (0xf<<10) | 1981 (1<<14), 1, 1982 "READ CAPACITY(16)"); 1983 if (reply == 0) 1984 reply = do_read_capacity_16(common, bh); 1985 break; 1986 1987 default: 1988 goto unknown_cmnd; 1989 } 1990 break; 1991 1992 case START_STOP: 1993 common->data_size_from_cmnd = 0; 1994 reply = check_command(common, 6, DATA_DIR_NONE, 1995 (1<<1) | (1<<4), 0, 1996 "START-STOP UNIT"); 1997 if (reply == 0) 1998 reply = do_start_stop(common); 1999 break; 2000 2001 case SYNCHRONIZE_CACHE: 2002 common->data_size_from_cmnd = 0; 2003 reply = check_command(common, 10, DATA_DIR_NONE, 2004 (0xf<<2) | (3<<7), 1, 2005 "SYNCHRONIZE CACHE"); 2006 if (reply == 0) 2007 reply = do_synchronize_cache(common); 2008 break; 2009 2010 case TEST_UNIT_READY: 2011 common->data_size_from_cmnd = 0; 2012 reply = check_command(common, 6, DATA_DIR_NONE, 2013 0, 1, 2014 "TEST UNIT READY"); 2015 break; 2016 2017 /* 2018 * Although optional, this command is used by MS-Windows. We 2019 * support a minimal version: BytChk must be 0. 2020 */ 2021 case VERIFY: 2022 common->data_size_from_cmnd = 0; 2023 reply = check_command(common, 10, DATA_DIR_NONE, 2024 (1<<1) | (0xf<<2) | (3<<7), 1, 2025 "VERIFY"); 2026 if (reply == 0) 2027 reply = do_verify(common); 2028 break; 2029 2030 case WRITE_6: 2031 i = common->cmnd[4]; 2032 common->data_size_from_cmnd = (i == 0) ? 256 : i; 2033 reply = check_command_size_in_blocks(common, 6, 2034 DATA_DIR_FROM_HOST, 2035 (7<<1) | (1<<4), 1, 2036 "WRITE(6)"); 2037 if (reply == 0) 2038 reply = do_write(common); 2039 break; 2040 2041 case WRITE_10: 2042 common->data_size_from_cmnd = 2043 get_unaligned_be16(&common->cmnd[7]); 2044 reply = check_command_size_in_blocks(common, 10, 2045 DATA_DIR_FROM_HOST, 2046 (1<<1) | (0xf<<2) | (3<<7), 1, 2047 "WRITE(10)"); 2048 if (reply == 0) 2049 reply = do_write(common); 2050 break; 2051 2052 case WRITE_12: 2053 common->data_size_from_cmnd = 2054 get_unaligned_be32(&common->cmnd[6]); 2055 reply = check_command_size_in_blocks(common, 12, 2056 DATA_DIR_FROM_HOST, 2057 (1<<1) | (0xf<<2) | (0xf<<6), 1, 2058 "WRITE(12)"); 2059 if (reply == 0) 2060 reply = do_write(common); 2061 break; 2062 2063 case WRITE_16: 2064 common->data_size_from_cmnd = 2065 get_unaligned_be32(&common->cmnd[10]); 2066 reply = check_command_size_in_blocks(common, 16, 2067 DATA_DIR_FROM_HOST, 2068 (1<<1) | (0xff<<2) | (0xf<<10), 1, 2069 "WRITE(16)"); 2070 if (reply == 0) 2071 reply = do_write(common); 2072 break; 2073 2074 /* 2075 * Some mandatory commands that we recognize but don't implement. 2076 * They don't mean much in this setting. It's left as an exercise 2077 * for anyone interested to implement RESERVE and RELEASE in terms 2078 * of Posix locks. 2079 */ 2080 case FORMAT_UNIT: 2081 case RELEASE: 2082 case RESERVE: 2083 case SEND_DIAGNOSTIC: 2084 2085 default: 2086 unknown_cmnd: 2087 common->data_size_from_cmnd = 0; 2088 sprintf(unknown, "Unknown x%02x", common->cmnd[0]); 2089 reply = check_command(common, common->cmnd_size, 2090 DATA_DIR_UNKNOWN, ~0, 0, unknown); 2091 if (reply == 0) { 2092 common->curlun->sense_data = SS_INVALID_COMMAND; 2093 reply = -EINVAL; 2094 } 2095 break; 2096 } 2097 up_read(&common->filesem); 2098 2099 if (reply == -EINTR || signal_pending(current)) 2100 return -EINTR; 2101 2102 /* Set up the single reply buffer for finish_reply() */ 2103 if (reply == -EINVAL) 2104 reply = 0; /* Error reply length */ 2105 if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) { 2106 reply = min((u32)reply, common->data_size_from_cmnd); 2107 bh->inreq->length = reply; 2108 bh->state = BUF_STATE_FULL; 2109 common->residue -= reply; 2110 } /* Otherwise it's already set */ 2111 2112 return 0; 2113 } 2114 2115 2116 /*-------------------------------------------------------------------------*/ 2117 2118 static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2119 { 2120 struct usb_request *req = bh->outreq; 2121 struct bulk_cb_wrap *cbw = req->buf; 2122 struct fsg_common *common = fsg->common; 2123 2124 /* Was this a real packet? Should it be ignored? */ 2125 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags)) 2126 return -EINVAL; 2127 2128 /* Is the CBW valid? */ 2129 if (req->actual != US_BULK_CB_WRAP_LEN || 2130 cbw->Signature != cpu_to_le32( 2131 US_BULK_CB_SIGN)) { 2132 DBG(fsg, "invalid CBW: len %u sig 0x%x\n", 2133 req->actual, 2134 le32_to_cpu(cbw->Signature)); 2135 2136 /* 2137 * The Bulk-only spec says we MUST stall the IN endpoint 2138 * (6.6.1), so it's unavoidable. It also says we must 2139 * retain this state until the next reset, but there's 2140 * no way to tell the controller driver it should ignore 2141 * Clear-Feature(HALT) requests. 2142 * 2143 * We aren't required to halt the OUT endpoint; instead 2144 * we can simply accept and discard any data received 2145 * until the next reset. 2146 */ 2147 wedge_bulk_in_endpoint(fsg); 2148 set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags); 2149 return -EINVAL; 2150 } 2151 2152 /* Is the CBW meaningful? */ 2153 if (cbw->Lun >= ARRAY_SIZE(common->luns) || 2154 cbw->Flags & ~US_BULK_FLAG_IN || cbw->Length <= 0 || 2155 cbw->Length > MAX_COMMAND_SIZE) { 2156 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, " 2157 "cmdlen %u\n", 2158 cbw->Lun, cbw->Flags, cbw->Length); 2159 2160 /* 2161 * We can do anything we want here, so let's stall the 2162 * bulk pipes if we are allowed to. 2163 */ 2164 if (common->can_stall) { 2165 fsg_set_halt(fsg, fsg->bulk_out); 2166 halt_bulk_in_endpoint(fsg); 2167 } 2168 return -EINVAL; 2169 } 2170 2171 /* Save the command for later */ 2172 common->cmnd_size = cbw->Length; 2173 memcpy(common->cmnd, cbw->CDB, common->cmnd_size); 2174 if (cbw->Flags & US_BULK_FLAG_IN) 2175 common->data_dir = DATA_DIR_TO_HOST; 2176 else 2177 common->data_dir = DATA_DIR_FROM_HOST; 2178 common->data_size = le32_to_cpu(cbw->DataTransferLength); 2179 if (common->data_size == 0) 2180 common->data_dir = DATA_DIR_NONE; 2181 common->lun = cbw->Lun; 2182 if (common->lun < ARRAY_SIZE(common->luns)) 2183 common->curlun = common->luns[common->lun]; 2184 else 2185 common->curlun = NULL; 2186 common->tag = cbw->Tag; 2187 return 0; 2188 } 2189 2190 static int get_next_command(struct fsg_common *common) 2191 { 2192 struct fsg_buffhd *bh; 2193 int rc = 0; 2194 2195 /* Wait for the next buffer to become available */ 2196 bh = common->next_buffhd_to_fill; 2197 rc = sleep_thread(common, true, bh); 2198 if (rc) 2199 return rc; 2200 2201 /* Queue a request to read a Bulk-only CBW */ 2202 set_bulk_out_req_length(common, bh, US_BULK_CB_WRAP_LEN); 2203 if (!start_out_transfer(common, bh)) 2204 /* Don't know what to do if common->fsg is NULL */ 2205 return -EIO; 2206 2207 /* 2208 * We will drain the buffer in software, which means we 2209 * can reuse it for the next filling. No need to advance 2210 * next_buffhd_to_fill. 2211 */ 2212 2213 /* Wait for the CBW to arrive */ 2214 rc = sleep_thread(common, true, bh); 2215 if (rc) 2216 return rc; 2217 2218 rc = fsg_is_set(common) ? received_cbw(common->fsg, bh) : -EIO; 2219 bh->state = BUF_STATE_EMPTY; 2220 2221 return rc; 2222 } 2223 2224 2225 /*-------------------------------------------------------------------------*/ 2226 2227 static int alloc_request(struct fsg_common *common, struct usb_ep *ep, 2228 struct usb_request **preq) 2229 { 2230 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC); 2231 if (*preq) 2232 return 0; 2233 ERROR(common, "can't allocate request for %s\n", ep->name); 2234 return -ENOMEM; 2235 } 2236 2237 /* Reset interface setting and re-init endpoint state (toggle etc). */ 2238 static int do_set_interface(struct fsg_common *common, struct fsg_dev *new_fsg) 2239 { 2240 struct fsg_dev *fsg; 2241 int i, rc = 0; 2242 2243 if (common->running) 2244 DBG(common, "reset interface\n"); 2245 2246 reset: 2247 /* Deallocate the requests */ 2248 if (common->fsg) { 2249 fsg = common->fsg; 2250 2251 for (i = 0; i < common->fsg_num_buffers; ++i) { 2252 struct fsg_buffhd *bh = &common->buffhds[i]; 2253 2254 if (bh->inreq) { 2255 usb_ep_free_request(fsg->bulk_in, bh->inreq); 2256 bh->inreq = NULL; 2257 } 2258 if (bh->outreq) { 2259 usb_ep_free_request(fsg->bulk_out, bh->outreq); 2260 bh->outreq = NULL; 2261 } 2262 } 2263 2264 /* Disable the endpoints */ 2265 if (fsg->bulk_in_enabled) { 2266 usb_ep_disable(fsg->bulk_in); 2267 fsg->bulk_in_enabled = 0; 2268 } 2269 if (fsg->bulk_out_enabled) { 2270 usb_ep_disable(fsg->bulk_out); 2271 fsg->bulk_out_enabled = 0; 2272 } 2273 2274 common->fsg = NULL; 2275 wake_up(&common->fsg_wait); 2276 } 2277 2278 common->running = 0; 2279 if (!new_fsg || rc) 2280 return rc; 2281 2282 common->fsg = new_fsg; 2283 fsg = common->fsg; 2284 2285 /* Enable the endpoints */ 2286 rc = config_ep_by_speed(common->gadget, &(fsg->function), fsg->bulk_in); 2287 if (rc) 2288 goto reset; 2289 rc = usb_ep_enable(fsg->bulk_in); 2290 if (rc) 2291 goto reset; 2292 fsg->bulk_in->driver_data = common; 2293 fsg->bulk_in_enabled = 1; 2294 2295 rc = config_ep_by_speed(common->gadget, &(fsg->function), 2296 fsg->bulk_out); 2297 if (rc) 2298 goto reset; 2299 rc = usb_ep_enable(fsg->bulk_out); 2300 if (rc) 2301 goto reset; 2302 fsg->bulk_out->driver_data = common; 2303 fsg->bulk_out_enabled = 1; 2304 common->bulk_out_maxpacket = usb_endpoint_maxp(fsg->bulk_out->desc); 2305 clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags); 2306 2307 /* Allocate the requests */ 2308 for (i = 0; i < common->fsg_num_buffers; ++i) { 2309 struct fsg_buffhd *bh = &common->buffhds[i]; 2310 2311 rc = alloc_request(common, fsg->bulk_in, &bh->inreq); 2312 if (rc) 2313 goto reset; 2314 rc = alloc_request(common, fsg->bulk_out, &bh->outreq); 2315 if (rc) 2316 goto reset; 2317 bh->inreq->buf = bh->outreq->buf = bh->buf; 2318 bh->inreq->context = bh->outreq->context = bh; 2319 bh->inreq->complete = bulk_in_complete; 2320 bh->outreq->complete = bulk_out_complete; 2321 } 2322 2323 common->running = 1; 2324 for (i = 0; i < ARRAY_SIZE(common->luns); ++i) 2325 if (common->luns[i]) 2326 common->luns[i]->unit_attention_data = 2327 SS_RESET_OCCURRED; 2328 return rc; 2329 } 2330 2331 2332 /****************************** ALT CONFIGS ******************************/ 2333 2334 static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 2335 { 2336 struct fsg_dev *fsg = fsg_from_func(f); 2337 2338 __raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, fsg); 2339 return USB_GADGET_DELAYED_STATUS; 2340 } 2341 2342 static void fsg_disable(struct usb_function *f) 2343 { 2344 struct fsg_dev *fsg = fsg_from_func(f); 2345 2346 /* Disable the endpoints */ 2347 if (fsg->bulk_in_enabled) { 2348 usb_ep_disable(fsg->bulk_in); 2349 fsg->bulk_in_enabled = 0; 2350 } 2351 if (fsg->bulk_out_enabled) { 2352 usb_ep_disable(fsg->bulk_out); 2353 fsg->bulk_out_enabled = 0; 2354 } 2355 2356 __raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, NULL); 2357 } 2358 2359 2360 /*-------------------------------------------------------------------------*/ 2361 2362 static void handle_exception(struct fsg_common *common) 2363 { 2364 int i; 2365 struct fsg_buffhd *bh; 2366 enum fsg_state old_state; 2367 struct fsg_lun *curlun; 2368 unsigned int exception_req_tag; 2369 struct fsg_dev *new_fsg; 2370 2371 /* 2372 * Clear the existing signals. Anything but SIGUSR1 is converted 2373 * into a high-priority EXIT exception. 2374 */ 2375 for (;;) { 2376 int sig = kernel_dequeue_signal(); 2377 if (!sig) 2378 break; 2379 if (sig != SIGUSR1) { 2380 spin_lock_irq(&common->lock); 2381 if (common->state < FSG_STATE_EXIT) 2382 DBG(common, "Main thread exiting on signal\n"); 2383 common->state = FSG_STATE_EXIT; 2384 spin_unlock_irq(&common->lock); 2385 } 2386 } 2387 2388 /* Cancel all the pending transfers */ 2389 if (likely(common->fsg)) { 2390 for (i = 0; i < common->fsg_num_buffers; ++i) { 2391 bh = &common->buffhds[i]; 2392 if (bh->state == BUF_STATE_SENDING) 2393 usb_ep_dequeue(common->fsg->bulk_in, bh->inreq); 2394 if (bh->state == BUF_STATE_RECEIVING) 2395 usb_ep_dequeue(common->fsg->bulk_out, 2396 bh->outreq); 2397 2398 /* Wait for a transfer to become idle */ 2399 if (sleep_thread(common, false, bh)) 2400 return; 2401 } 2402 2403 /* Clear out the controller's fifos */ 2404 if (common->fsg->bulk_in_enabled) 2405 usb_ep_fifo_flush(common->fsg->bulk_in); 2406 if (common->fsg->bulk_out_enabled) 2407 usb_ep_fifo_flush(common->fsg->bulk_out); 2408 } 2409 2410 /* 2411 * Reset the I/O buffer states and pointers, the SCSI 2412 * state, and the exception. Then invoke the handler. 2413 */ 2414 spin_lock_irq(&common->lock); 2415 2416 for (i = 0; i < common->fsg_num_buffers; ++i) { 2417 bh = &common->buffhds[i]; 2418 bh->state = BUF_STATE_EMPTY; 2419 } 2420 common->next_buffhd_to_fill = &common->buffhds[0]; 2421 common->next_buffhd_to_drain = &common->buffhds[0]; 2422 exception_req_tag = common->exception_req_tag; 2423 new_fsg = common->exception_arg; 2424 old_state = common->state; 2425 common->state = FSG_STATE_NORMAL; 2426 2427 if (old_state != FSG_STATE_ABORT_BULK_OUT) { 2428 for (i = 0; i < ARRAY_SIZE(common->luns); ++i) { 2429 curlun = common->luns[i]; 2430 if (!curlun) 2431 continue; 2432 curlun->prevent_medium_removal = 0; 2433 curlun->sense_data = SS_NO_SENSE; 2434 curlun->unit_attention_data = SS_NO_SENSE; 2435 curlun->sense_data_info = 0; 2436 curlun->info_valid = 0; 2437 } 2438 } 2439 spin_unlock_irq(&common->lock); 2440 2441 /* Carry out any extra actions required for the exception */ 2442 switch (old_state) { 2443 case FSG_STATE_NORMAL: 2444 break; 2445 2446 case FSG_STATE_ABORT_BULK_OUT: 2447 send_status(common); 2448 break; 2449 2450 case FSG_STATE_PROTOCOL_RESET: 2451 /* 2452 * In case we were forced against our will to halt a 2453 * bulk endpoint, clear the halt now. (The SuperH UDC 2454 * requires this.) 2455 */ 2456 if (!fsg_is_set(common)) 2457 break; 2458 if (test_and_clear_bit(IGNORE_BULK_OUT, 2459 &common->fsg->atomic_bitflags)) 2460 usb_ep_clear_halt(common->fsg->bulk_in); 2461 2462 if (common->ep0_req_tag == exception_req_tag) 2463 ep0_queue(common); /* Complete the status stage */ 2464 2465 /* 2466 * Technically this should go here, but it would only be 2467 * a waste of time. Ditto for the INTERFACE_CHANGE and 2468 * CONFIG_CHANGE cases. 2469 */ 2470 /* for (i = 0; i < common->ARRAY_SIZE(common->luns); ++i) */ 2471 /* if (common->luns[i]) */ 2472 /* common->luns[i]->unit_attention_data = */ 2473 /* SS_RESET_OCCURRED; */ 2474 break; 2475 2476 case FSG_STATE_CONFIG_CHANGE: 2477 do_set_interface(common, new_fsg); 2478 if (new_fsg) 2479 usb_composite_setup_continue(common->cdev); 2480 break; 2481 2482 case FSG_STATE_EXIT: 2483 do_set_interface(common, NULL); /* Free resources */ 2484 spin_lock_irq(&common->lock); 2485 common->state = FSG_STATE_TERMINATED; /* Stop the thread */ 2486 spin_unlock_irq(&common->lock); 2487 break; 2488 2489 case FSG_STATE_TERMINATED: 2490 break; 2491 } 2492 } 2493 2494 2495 /*-------------------------------------------------------------------------*/ 2496 2497 static int fsg_main_thread(void *common_) 2498 { 2499 struct fsg_common *common = common_; 2500 int i; 2501 2502 /* 2503 * Allow the thread to be killed by a signal, but set the signal mask 2504 * to block everything but INT, TERM, KILL, and USR1. 2505 */ 2506 allow_signal(SIGINT); 2507 allow_signal(SIGTERM); 2508 allow_signal(SIGKILL); 2509 allow_signal(SIGUSR1); 2510 2511 /* Allow the thread to be frozen */ 2512 set_freezable(); 2513 2514 /* The main loop */ 2515 while (common->state != FSG_STATE_TERMINATED) { 2516 if (exception_in_progress(common) || signal_pending(current)) { 2517 handle_exception(common); 2518 continue; 2519 } 2520 2521 if (!common->running) { 2522 sleep_thread(common, true, NULL); 2523 continue; 2524 } 2525 2526 if (get_next_command(common) || exception_in_progress(common)) 2527 continue; 2528 if (do_scsi_command(common) || exception_in_progress(common)) 2529 continue; 2530 if (finish_reply(common) || exception_in_progress(common)) 2531 continue; 2532 send_status(common); 2533 } 2534 2535 spin_lock_irq(&common->lock); 2536 common->thread_task = NULL; 2537 spin_unlock_irq(&common->lock); 2538 2539 /* Eject media from all LUNs */ 2540 2541 down_write(&common->filesem); 2542 for (i = 0; i < ARRAY_SIZE(common->luns); i++) { 2543 struct fsg_lun *curlun = common->luns[i]; 2544 2545 if (curlun && fsg_lun_is_open(curlun)) 2546 fsg_lun_close(curlun); 2547 } 2548 up_write(&common->filesem); 2549 2550 /* Let fsg_unbind() know the thread has exited */ 2551 kthread_complete_and_exit(&common->thread_notifier, 0); 2552 } 2553 2554 2555 /*************************** DEVICE ATTRIBUTES ***************************/ 2556 2557 static ssize_t ro_show(struct device *dev, struct device_attribute *attr, char *buf) 2558 { 2559 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2560 2561 return fsg_show_ro(curlun, buf); 2562 } 2563 2564 static ssize_t nofua_show(struct device *dev, struct device_attribute *attr, 2565 char *buf) 2566 { 2567 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2568 2569 return fsg_show_nofua(curlun, buf); 2570 } 2571 2572 static ssize_t file_show(struct device *dev, struct device_attribute *attr, 2573 char *buf) 2574 { 2575 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2576 struct rw_semaphore *filesem = dev_get_drvdata(dev); 2577 2578 return fsg_show_file(curlun, filesem, buf); 2579 } 2580 2581 static ssize_t ro_store(struct device *dev, struct device_attribute *attr, 2582 const char *buf, size_t count) 2583 { 2584 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2585 struct rw_semaphore *filesem = dev_get_drvdata(dev); 2586 2587 return fsg_store_ro(curlun, filesem, buf, count); 2588 } 2589 2590 static ssize_t nofua_store(struct device *dev, struct device_attribute *attr, 2591 const char *buf, size_t count) 2592 { 2593 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2594 2595 return fsg_store_nofua(curlun, buf, count); 2596 } 2597 2598 static ssize_t file_store(struct device *dev, struct device_attribute *attr, 2599 const char *buf, size_t count) 2600 { 2601 struct fsg_lun *curlun = fsg_lun_from_dev(dev); 2602 struct rw_semaphore *filesem = dev_get_drvdata(dev); 2603 2604 return fsg_store_file(curlun, filesem, buf, count); 2605 } 2606 2607 static DEVICE_ATTR_RW(nofua); 2608 /* mode wil be set in fsg_lun_attr_is_visible() */ 2609 static DEVICE_ATTR(ro, 0, ro_show, ro_store); 2610 static DEVICE_ATTR(file, 0, file_show, file_store); 2611 2612 /****************************** FSG COMMON ******************************/ 2613 2614 static void fsg_lun_release(struct device *dev) 2615 { 2616 /* Nothing needs to be done */ 2617 } 2618 2619 static struct fsg_common *fsg_common_setup(struct fsg_common *common) 2620 { 2621 if (!common) { 2622 common = kzalloc(sizeof(*common), GFP_KERNEL); 2623 if (!common) 2624 return ERR_PTR(-ENOMEM); 2625 common->free_storage_on_release = 1; 2626 } else { 2627 common->free_storage_on_release = 0; 2628 } 2629 init_rwsem(&common->filesem); 2630 spin_lock_init(&common->lock); 2631 init_completion(&common->thread_notifier); 2632 init_waitqueue_head(&common->io_wait); 2633 init_waitqueue_head(&common->fsg_wait); 2634 common->state = FSG_STATE_TERMINATED; 2635 memset(common->luns, 0, sizeof(common->luns)); 2636 2637 return common; 2638 } 2639 2640 void fsg_common_set_sysfs(struct fsg_common *common, bool sysfs) 2641 { 2642 common->sysfs = sysfs; 2643 } 2644 EXPORT_SYMBOL_GPL(fsg_common_set_sysfs); 2645 2646 static void _fsg_common_free_buffers(struct fsg_buffhd *buffhds, unsigned n) 2647 { 2648 if (buffhds) { 2649 struct fsg_buffhd *bh = buffhds; 2650 while (n--) { 2651 kfree(bh->buf); 2652 ++bh; 2653 } 2654 kfree(buffhds); 2655 } 2656 } 2657 2658 int fsg_common_set_num_buffers(struct fsg_common *common, unsigned int n) 2659 { 2660 struct fsg_buffhd *bh, *buffhds; 2661 int i; 2662 2663 buffhds = kcalloc(n, sizeof(*buffhds), GFP_KERNEL); 2664 if (!buffhds) 2665 return -ENOMEM; 2666 2667 /* Data buffers cyclic list */ 2668 bh = buffhds; 2669 i = n; 2670 goto buffhds_first_it; 2671 do { 2672 bh->next = bh + 1; 2673 ++bh; 2674 buffhds_first_it: 2675 bh->buf = kmalloc(FSG_BUFLEN, GFP_KERNEL); 2676 if (unlikely(!bh->buf)) 2677 goto error_release; 2678 } while (--i); 2679 bh->next = buffhds; 2680 2681 _fsg_common_free_buffers(common->buffhds, common->fsg_num_buffers); 2682 common->fsg_num_buffers = n; 2683 common->buffhds = buffhds; 2684 2685 return 0; 2686 2687 error_release: 2688 /* 2689 * "buf"s pointed to by heads after n - i are NULL 2690 * so releasing them won't hurt 2691 */ 2692 _fsg_common_free_buffers(buffhds, n); 2693 2694 return -ENOMEM; 2695 } 2696 EXPORT_SYMBOL_GPL(fsg_common_set_num_buffers); 2697 2698 void fsg_common_remove_lun(struct fsg_lun *lun) 2699 { 2700 if (device_is_registered(&lun->dev)) 2701 device_unregister(&lun->dev); 2702 fsg_lun_close(lun); 2703 kfree(lun); 2704 } 2705 EXPORT_SYMBOL_GPL(fsg_common_remove_lun); 2706 2707 static void _fsg_common_remove_luns(struct fsg_common *common, int n) 2708 { 2709 int i; 2710 2711 for (i = 0; i < n; ++i) 2712 if (common->luns[i]) { 2713 fsg_common_remove_lun(common->luns[i]); 2714 common->luns[i] = NULL; 2715 } 2716 } 2717 2718 void fsg_common_remove_luns(struct fsg_common *common) 2719 { 2720 _fsg_common_remove_luns(common, ARRAY_SIZE(common->luns)); 2721 } 2722 EXPORT_SYMBOL_GPL(fsg_common_remove_luns); 2723 2724 void fsg_common_free_buffers(struct fsg_common *common) 2725 { 2726 _fsg_common_free_buffers(common->buffhds, common->fsg_num_buffers); 2727 common->buffhds = NULL; 2728 } 2729 EXPORT_SYMBOL_GPL(fsg_common_free_buffers); 2730 2731 int fsg_common_set_cdev(struct fsg_common *common, 2732 struct usb_composite_dev *cdev, bool can_stall) 2733 { 2734 struct usb_string *us; 2735 2736 common->gadget = cdev->gadget; 2737 common->ep0 = cdev->gadget->ep0; 2738 common->ep0req = cdev->req; 2739 common->cdev = cdev; 2740 2741 us = usb_gstrings_attach(cdev, fsg_strings_array, 2742 ARRAY_SIZE(fsg_strings)); 2743 if (IS_ERR(us)) 2744 return PTR_ERR(us); 2745 2746 fsg_intf_desc.iInterface = us[FSG_STRING_INTERFACE].id; 2747 2748 /* 2749 * Some peripheral controllers are known not to be able to 2750 * halt bulk endpoints correctly. If one of them is present, 2751 * disable stalls. 2752 */ 2753 common->can_stall = can_stall && 2754 gadget_is_stall_supported(common->gadget); 2755 2756 return 0; 2757 } 2758 EXPORT_SYMBOL_GPL(fsg_common_set_cdev); 2759 2760 static struct attribute *fsg_lun_dev_attrs[] = { 2761 &dev_attr_ro.attr, 2762 &dev_attr_file.attr, 2763 &dev_attr_nofua.attr, 2764 NULL 2765 }; 2766 2767 static umode_t fsg_lun_dev_is_visible(struct kobject *kobj, 2768 struct attribute *attr, int idx) 2769 { 2770 struct device *dev = kobj_to_dev(kobj); 2771 struct fsg_lun *lun = fsg_lun_from_dev(dev); 2772 2773 if (attr == &dev_attr_ro.attr) 2774 return lun->cdrom ? S_IRUGO : (S_IWUSR | S_IRUGO); 2775 if (attr == &dev_attr_file.attr) 2776 return lun->removable ? (S_IWUSR | S_IRUGO) : S_IRUGO; 2777 return attr->mode; 2778 } 2779 2780 static const struct attribute_group fsg_lun_dev_group = { 2781 .attrs = fsg_lun_dev_attrs, 2782 .is_visible = fsg_lun_dev_is_visible, 2783 }; 2784 2785 static const struct attribute_group *fsg_lun_dev_groups[] = { 2786 &fsg_lun_dev_group, 2787 NULL 2788 }; 2789 2790 int fsg_common_create_lun(struct fsg_common *common, struct fsg_lun_config *cfg, 2791 unsigned int id, const char *name, 2792 const char **name_pfx) 2793 { 2794 struct fsg_lun *lun; 2795 char *pathbuf, *p; 2796 int rc = -ENOMEM; 2797 2798 if (id >= ARRAY_SIZE(common->luns)) 2799 return -ENODEV; 2800 2801 if (common->luns[id]) 2802 return -EBUSY; 2803 2804 if (!cfg->filename && !cfg->removable) { 2805 pr_err("no file given for LUN%d\n", id); 2806 return -EINVAL; 2807 } 2808 2809 lun = kzalloc(sizeof(*lun), GFP_KERNEL); 2810 if (!lun) 2811 return -ENOMEM; 2812 2813 lun->name_pfx = name_pfx; 2814 2815 lun->cdrom = !!cfg->cdrom; 2816 lun->ro = cfg->cdrom || cfg->ro; 2817 lun->initially_ro = lun->ro; 2818 lun->removable = !!cfg->removable; 2819 2820 if (!common->sysfs) { 2821 /* we DON'T own the name!*/ 2822 lun->name = name; 2823 } else { 2824 lun->dev.release = fsg_lun_release; 2825 lun->dev.parent = &common->gadget->dev; 2826 lun->dev.groups = fsg_lun_dev_groups; 2827 dev_set_drvdata(&lun->dev, &common->filesem); 2828 dev_set_name(&lun->dev, "%s", name); 2829 lun->name = dev_name(&lun->dev); 2830 2831 rc = device_register(&lun->dev); 2832 if (rc) { 2833 pr_info("failed to register LUN%d: %d\n", id, rc); 2834 put_device(&lun->dev); 2835 goto error_sysfs; 2836 } 2837 } 2838 2839 common->luns[id] = lun; 2840 2841 if (cfg->filename) { 2842 rc = fsg_lun_open(lun, cfg->filename); 2843 if (rc) 2844 goto error_lun; 2845 } 2846 2847 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); 2848 p = "(no medium)"; 2849 if (fsg_lun_is_open(lun)) { 2850 p = "(error)"; 2851 if (pathbuf) { 2852 p = file_path(lun->filp, pathbuf, PATH_MAX); 2853 if (IS_ERR(p)) 2854 p = "(error)"; 2855 } 2856 } 2857 pr_info("LUN: %s%s%sfile: %s\n", 2858 lun->removable ? "removable " : "", 2859 lun->ro ? "read only " : "", 2860 lun->cdrom ? "CD-ROM " : "", 2861 p); 2862 kfree(pathbuf); 2863 2864 return 0; 2865 2866 error_lun: 2867 if (device_is_registered(&lun->dev)) 2868 device_unregister(&lun->dev); 2869 fsg_lun_close(lun); 2870 common->luns[id] = NULL; 2871 error_sysfs: 2872 kfree(lun); 2873 return rc; 2874 } 2875 EXPORT_SYMBOL_GPL(fsg_common_create_lun); 2876 2877 int fsg_common_create_luns(struct fsg_common *common, struct fsg_config *cfg) 2878 { 2879 char buf[8]; /* enough for 100000000 different numbers, decimal */ 2880 int i, rc; 2881 2882 fsg_common_remove_luns(common); 2883 2884 for (i = 0; i < cfg->nluns; ++i) { 2885 snprintf(buf, sizeof(buf), "lun%d", i); 2886 rc = fsg_common_create_lun(common, &cfg->luns[i], i, buf, NULL); 2887 if (rc) 2888 goto fail; 2889 } 2890 2891 pr_info("Number of LUNs=%d\n", cfg->nluns); 2892 2893 return 0; 2894 2895 fail: 2896 _fsg_common_remove_luns(common, i); 2897 return rc; 2898 } 2899 EXPORT_SYMBOL_GPL(fsg_common_create_luns); 2900 2901 void fsg_common_set_inquiry_string(struct fsg_common *common, const char *vn, 2902 const char *pn) 2903 { 2904 int i; 2905 2906 /* Prepare inquiryString */ 2907 i = get_default_bcdDevice(); 2908 snprintf(common->inquiry_string, sizeof(common->inquiry_string), 2909 "%-8s%-16s%04x", vn ?: "Linux", 2910 /* Assume product name dependent on the first LUN */ 2911 pn ?: ((*common->luns)->cdrom 2912 ? "File-CD Gadget" 2913 : "File-Stor Gadget"), 2914 i); 2915 } 2916 EXPORT_SYMBOL_GPL(fsg_common_set_inquiry_string); 2917 2918 static void fsg_common_release(struct fsg_common *common) 2919 { 2920 int i; 2921 2922 /* If the thread isn't already dead, tell it to exit now */ 2923 if (common->state != FSG_STATE_TERMINATED) { 2924 raise_exception(common, FSG_STATE_EXIT); 2925 wait_for_completion(&common->thread_notifier); 2926 } 2927 2928 for (i = 0; i < ARRAY_SIZE(common->luns); ++i) { 2929 struct fsg_lun *lun = common->luns[i]; 2930 if (!lun) 2931 continue; 2932 fsg_lun_close(lun); 2933 if (device_is_registered(&lun->dev)) 2934 device_unregister(&lun->dev); 2935 kfree(lun); 2936 } 2937 2938 _fsg_common_free_buffers(common->buffhds, common->fsg_num_buffers); 2939 if (common->free_storage_on_release) 2940 kfree(common); 2941 } 2942 2943 2944 /*-------------------------------------------------------------------------*/ 2945 2946 static int fsg_bind(struct usb_configuration *c, struct usb_function *f) 2947 { 2948 struct fsg_dev *fsg = fsg_from_func(f); 2949 struct fsg_common *common = fsg->common; 2950 struct usb_gadget *gadget = c->cdev->gadget; 2951 int i; 2952 struct usb_ep *ep; 2953 unsigned max_burst; 2954 int ret; 2955 struct fsg_opts *opts; 2956 2957 /* Don't allow to bind if we don't have at least one LUN */ 2958 ret = _fsg_common_get_max_lun(common); 2959 if (ret < 0) { 2960 pr_err("There should be at least one LUN.\n"); 2961 return -EINVAL; 2962 } 2963 2964 opts = fsg_opts_from_func_inst(f->fi); 2965 if (!opts->no_configfs) { 2966 ret = fsg_common_set_cdev(fsg->common, c->cdev, 2967 fsg->common->can_stall); 2968 if (ret) 2969 return ret; 2970 fsg_common_set_inquiry_string(fsg->common, NULL, NULL); 2971 } 2972 2973 if (!common->thread_task) { 2974 common->state = FSG_STATE_NORMAL; 2975 common->thread_task = 2976 kthread_create(fsg_main_thread, common, "file-storage"); 2977 if (IS_ERR(common->thread_task)) { 2978 ret = PTR_ERR(common->thread_task); 2979 common->thread_task = NULL; 2980 common->state = FSG_STATE_TERMINATED; 2981 return ret; 2982 } 2983 DBG(common, "I/O thread pid: %d\n", 2984 task_pid_nr(common->thread_task)); 2985 wake_up_process(common->thread_task); 2986 } 2987 2988 fsg->gadget = gadget; 2989 2990 /* New interface */ 2991 i = usb_interface_id(c, f); 2992 if (i < 0) 2993 goto fail; 2994 fsg_intf_desc.bInterfaceNumber = i; 2995 fsg->interface_number = i; 2996 2997 /* Find all the endpoints we will use */ 2998 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc); 2999 if (!ep) 3000 goto autoconf_fail; 3001 fsg->bulk_in = ep; 3002 3003 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc); 3004 if (!ep) 3005 goto autoconf_fail; 3006 fsg->bulk_out = ep; 3007 3008 /* Assume endpoint addresses are the same for both speeds */ 3009 fsg_hs_bulk_in_desc.bEndpointAddress = 3010 fsg_fs_bulk_in_desc.bEndpointAddress; 3011 fsg_hs_bulk_out_desc.bEndpointAddress = 3012 fsg_fs_bulk_out_desc.bEndpointAddress; 3013 3014 /* Calculate bMaxBurst, we know packet size is 1024 */ 3015 max_burst = min_t(unsigned, FSG_BUFLEN / 1024, 15); 3016 3017 fsg_ss_bulk_in_desc.bEndpointAddress = 3018 fsg_fs_bulk_in_desc.bEndpointAddress; 3019 fsg_ss_bulk_in_comp_desc.bMaxBurst = max_burst; 3020 3021 fsg_ss_bulk_out_desc.bEndpointAddress = 3022 fsg_fs_bulk_out_desc.bEndpointAddress; 3023 fsg_ss_bulk_out_comp_desc.bMaxBurst = max_burst; 3024 3025 ret = usb_assign_descriptors(f, fsg_fs_function, fsg_hs_function, 3026 fsg_ss_function, fsg_ss_function); 3027 if (ret) 3028 goto autoconf_fail; 3029 3030 return 0; 3031 3032 autoconf_fail: 3033 ERROR(fsg, "unable to autoconfigure all endpoints\n"); 3034 i = -ENOTSUPP; 3035 fail: 3036 /* terminate the thread */ 3037 if (fsg->common->state != FSG_STATE_TERMINATED) { 3038 raise_exception(fsg->common, FSG_STATE_EXIT); 3039 wait_for_completion(&fsg->common->thread_notifier); 3040 } 3041 return i; 3042 } 3043 3044 /****************************** ALLOCATE FUNCTION *************************/ 3045 3046 static void fsg_unbind(struct usb_configuration *c, struct usb_function *f) 3047 { 3048 struct fsg_dev *fsg = fsg_from_func(f); 3049 struct fsg_common *common = fsg->common; 3050 3051 DBG(fsg, "unbind\n"); 3052 if (fsg->common->fsg == fsg) { 3053 __raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, NULL); 3054 /* FIXME: make interruptible or killable somehow? */ 3055 wait_event(common->fsg_wait, common->fsg != fsg); 3056 } 3057 3058 usb_free_all_descriptors(&fsg->function); 3059 } 3060 3061 static inline struct fsg_lun_opts *to_fsg_lun_opts(struct config_item *item) 3062 { 3063 return container_of(to_config_group(item), struct fsg_lun_opts, group); 3064 } 3065 3066 static inline struct fsg_opts *to_fsg_opts(struct config_item *item) 3067 { 3068 return container_of(to_config_group(item), struct fsg_opts, 3069 func_inst.group); 3070 } 3071 3072 static void fsg_lun_attr_release(struct config_item *item) 3073 { 3074 struct fsg_lun_opts *lun_opts; 3075 3076 lun_opts = to_fsg_lun_opts(item); 3077 kfree(lun_opts); 3078 } 3079 3080 static struct configfs_item_operations fsg_lun_item_ops = { 3081 .release = fsg_lun_attr_release, 3082 }; 3083 3084 static ssize_t fsg_lun_opts_file_show(struct config_item *item, char *page) 3085 { 3086 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3087 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3088 3089 return fsg_show_file(opts->lun, &fsg_opts->common->filesem, page); 3090 } 3091 3092 static ssize_t fsg_lun_opts_file_store(struct config_item *item, 3093 const char *page, size_t len) 3094 { 3095 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3096 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3097 3098 return fsg_store_file(opts->lun, &fsg_opts->common->filesem, page, len); 3099 } 3100 3101 CONFIGFS_ATTR(fsg_lun_opts_, file); 3102 3103 static ssize_t fsg_lun_opts_ro_show(struct config_item *item, char *page) 3104 { 3105 return fsg_show_ro(to_fsg_lun_opts(item)->lun, page); 3106 } 3107 3108 static ssize_t fsg_lun_opts_ro_store(struct config_item *item, 3109 const char *page, size_t len) 3110 { 3111 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3112 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3113 3114 return fsg_store_ro(opts->lun, &fsg_opts->common->filesem, page, len); 3115 } 3116 3117 CONFIGFS_ATTR(fsg_lun_opts_, ro); 3118 3119 static ssize_t fsg_lun_opts_removable_show(struct config_item *item, 3120 char *page) 3121 { 3122 return fsg_show_removable(to_fsg_lun_opts(item)->lun, page); 3123 } 3124 3125 static ssize_t fsg_lun_opts_removable_store(struct config_item *item, 3126 const char *page, size_t len) 3127 { 3128 return fsg_store_removable(to_fsg_lun_opts(item)->lun, page, len); 3129 } 3130 3131 CONFIGFS_ATTR(fsg_lun_opts_, removable); 3132 3133 static ssize_t fsg_lun_opts_cdrom_show(struct config_item *item, char *page) 3134 { 3135 return fsg_show_cdrom(to_fsg_lun_opts(item)->lun, page); 3136 } 3137 3138 static ssize_t fsg_lun_opts_cdrom_store(struct config_item *item, 3139 const char *page, size_t len) 3140 { 3141 struct fsg_lun_opts *opts = to_fsg_lun_opts(item); 3142 struct fsg_opts *fsg_opts = to_fsg_opts(opts->group.cg_item.ci_parent); 3143 3144 return fsg_store_cdrom(opts->lun, &fsg_opts->common->filesem, page, 3145 len); 3146 } 3147 3148 CONFIGFS_ATTR(fsg_lun_opts_, cdrom); 3149 3150 static ssize_t fsg_lun_opts_nofua_show(struct config_item *item, char *page) 3151 { 3152 return fsg_show_nofua(to_fsg_lun_opts(item)->lun, page); 3153 } 3154 3155 static ssize_t fsg_lun_opts_nofua_store(struct config_item *item, 3156 const char *page, size_t len) 3157 { 3158 return fsg_store_nofua(to_fsg_lun_opts(item)->lun, page, len); 3159 } 3160 3161 CONFIGFS_ATTR(fsg_lun_opts_, nofua); 3162 3163 static ssize_t fsg_lun_opts_inquiry_string_show(struct config_item *item, 3164 char *page) 3165 { 3166 return fsg_show_inquiry_string(to_fsg_lun_opts(item)->lun, page); 3167 } 3168 3169 static ssize_t fsg_lun_opts_inquiry_string_store(struct config_item *item, 3170 const char *page, size_t len) 3171 { 3172 return fsg_store_inquiry_string(to_fsg_lun_opts(item)->lun, page, len); 3173 } 3174 3175 CONFIGFS_ATTR(fsg_lun_opts_, inquiry_string); 3176 3177 static struct configfs_attribute *fsg_lun_attrs[] = { 3178 &fsg_lun_opts_attr_file, 3179 &fsg_lun_opts_attr_ro, 3180 &fsg_lun_opts_attr_removable, 3181 &fsg_lun_opts_attr_cdrom, 3182 &fsg_lun_opts_attr_nofua, 3183 &fsg_lun_opts_attr_inquiry_string, 3184 NULL, 3185 }; 3186 3187 static const struct config_item_type fsg_lun_type = { 3188 .ct_item_ops = &fsg_lun_item_ops, 3189 .ct_attrs = fsg_lun_attrs, 3190 .ct_owner = THIS_MODULE, 3191 }; 3192 3193 static struct config_group *fsg_lun_make(struct config_group *group, 3194 const char *name) 3195 { 3196 struct fsg_lun_opts *opts; 3197 struct fsg_opts *fsg_opts; 3198 struct fsg_lun_config config; 3199 char *num_str; 3200 u8 num; 3201 int ret; 3202 3203 num_str = strchr(name, '.'); 3204 if (!num_str) { 3205 pr_err("Unable to locate . in LUN.NUMBER\n"); 3206 return ERR_PTR(-EINVAL); 3207 } 3208 num_str++; 3209 3210 ret = kstrtou8(num_str, 0, &num); 3211 if (ret) 3212 return ERR_PTR(ret); 3213 3214 fsg_opts = to_fsg_opts(&group->cg_item); 3215 if (num >= FSG_MAX_LUNS) 3216 return ERR_PTR(-ERANGE); 3217 num = array_index_nospec(num, FSG_MAX_LUNS); 3218 3219 mutex_lock(&fsg_opts->lock); 3220 if (fsg_opts->refcnt || fsg_opts->common->luns[num]) { 3221 ret = -EBUSY; 3222 goto out; 3223 } 3224 3225 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 3226 if (!opts) { 3227 ret = -ENOMEM; 3228 goto out; 3229 } 3230 3231 memset(&config, 0, sizeof(config)); 3232 config.removable = true; 3233 3234 ret = fsg_common_create_lun(fsg_opts->common, &config, num, name, 3235 (const char **)&group->cg_item.ci_name); 3236 if (ret) { 3237 kfree(opts); 3238 goto out; 3239 } 3240 opts->lun = fsg_opts->common->luns[num]; 3241 opts->lun_id = num; 3242 mutex_unlock(&fsg_opts->lock); 3243 3244 config_group_init_type_name(&opts->group, name, &fsg_lun_type); 3245 3246 return &opts->group; 3247 out: 3248 mutex_unlock(&fsg_opts->lock); 3249 return ERR_PTR(ret); 3250 } 3251 3252 static void fsg_lun_drop(struct config_group *group, struct config_item *item) 3253 { 3254 struct fsg_lun_opts *lun_opts; 3255 struct fsg_opts *fsg_opts; 3256 3257 lun_opts = to_fsg_lun_opts(item); 3258 fsg_opts = to_fsg_opts(&group->cg_item); 3259 3260 mutex_lock(&fsg_opts->lock); 3261 if (fsg_opts->refcnt) { 3262 struct config_item *gadget; 3263 3264 gadget = group->cg_item.ci_parent->ci_parent; 3265 unregister_gadget_item(gadget); 3266 } 3267 3268 fsg_common_remove_lun(lun_opts->lun); 3269 fsg_opts->common->luns[lun_opts->lun_id] = NULL; 3270 lun_opts->lun_id = 0; 3271 mutex_unlock(&fsg_opts->lock); 3272 3273 config_item_put(item); 3274 } 3275 3276 static void fsg_attr_release(struct config_item *item) 3277 { 3278 struct fsg_opts *opts = to_fsg_opts(item); 3279 3280 usb_put_function_instance(&opts->func_inst); 3281 } 3282 3283 static struct configfs_item_operations fsg_item_ops = { 3284 .release = fsg_attr_release, 3285 }; 3286 3287 static ssize_t fsg_opts_stall_show(struct config_item *item, char *page) 3288 { 3289 struct fsg_opts *opts = to_fsg_opts(item); 3290 int result; 3291 3292 mutex_lock(&opts->lock); 3293 result = sprintf(page, "%d", opts->common->can_stall); 3294 mutex_unlock(&opts->lock); 3295 3296 return result; 3297 } 3298 3299 static ssize_t fsg_opts_stall_store(struct config_item *item, const char *page, 3300 size_t len) 3301 { 3302 struct fsg_opts *opts = to_fsg_opts(item); 3303 int ret; 3304 bool stall; 3305 3306 mutex_lock(&opts->lock); 3307 3308 if (opts->refcnt) { 3309 mutex_unlock(&opts->lock); 3310 return -EBUSY; 3311 } 3312 3313 ret = strtobool(page, &stall); 3314 if (!ret) { 3315 opts->common->can_stall = stall; 3316 ret = len; 3317 } 3318 3319 mutex_unlock(&opts->lock); 3320 3321 return ret; 3322 } 3323 3324 CONFIGFS_ATTR(fsg_opts_, stall); 3325 3326 #ifdef CONFIG_USB_GADGET_DEBUG_FILES 3327 static ssize_t fsg_opts_num_buffers_show(struct config_item *item, char *page) 3328 { 3329 struct fsg_opts *opts = to_fsg_opts(item); 3330 int result; 3331 3332 mutex_lock(&opts->lock); 3333 result = sprintf(page, "%d", opts->common->fsg_num_buffers); 3334 mutex_unlock(&opts->lock); 3335 3336 return result; 3337 } 3338 3339 static ssize_t fsg_opts_num_buffers_store(struct config_item *item, 3340 const char *page, size_t len) 3341 { 3342 struct fsg_opts *opts = to_fsg_opts(item); 3343 int ret; 3344 u8 num; 3345 3346 mutex_lock(&opts->lock); 3347 if (opts->refcnt) { 3348 ret = -EBUSY; 3349 goto end; 3350 } 3351 ret = kstrtou8(page, 0, &num); 3352 if (ret) 3353 goto end; 3354 3355 ret = fsg_common_set_num_buffers(opts->common, num); 3356 if (ret) 3357 goto end; 3358 ret = len; 3359 3360 end: 3361 mutex_unlock(&opts->lock); 3362 return ret; 3363 } 3364 3365 CONFIGFS_ATTR(fsg_opts_, num_buffers); 3366 #endif 3367 3368 static struct configfs_attribute *fsg_attrs[] = { 3369 &fsg_opts_attr_stall, 3370 #ifdef CONFIG_USB_GADGET_DEBUG_FILES 3371 &fsg_opts_attr_num_buffers, 3372 #endif 3373 NULL, 3374 }; 3375 3376 static struct configfs_group_operations fsg_group_ops = { 3377 .make_group = fsg_lun_make, 3378 .drop_item = fsg_lun_drop, 3379 }; 3380 3381 static const struct config_item_type fsg_func_type = { 3382 .ct_item_ops = &fsg_item_ops, 3383 .ct_group_ops = &fsg_group_ops, 3384 .ct_attrs = fsg_attrs, 3385 .ct_owner = THIS_MODULE, 3386 }; 3387 3388 static void fsg_free_inst(struct usb_function_instance *fi) 3389 { 3390 struct fsg_opts *opts; 3391 3392 opts = fsg_opts_from_func_inst(fi); 3393 fsg_common_release(opts->common); 3394 kfree(opts); 3395 } 3396 3397 static struct usb_function_instance *fsg_alloc_inst(void) 3398 { 3399 struct fsg_opts *opts; 3400 struct fsg_lun_config config; 3401 int rc; 3402 3403 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 3404 if (!opts) 3405 return ERR_PTR(-ENOMEM); 3406 mutex_init(&opts->lock); 3407 opts->func_inst.free_func_inst = fsg_free_inst; 3408 opts->common = fsg_common_setup(opts->common); 3409 if (IS_ERR(opts->common)) { 3410 rc = PTR_ERR(opts->common); 3411 goto release_opts; 3412 } 3413 3414 rc = fsg_common_set_num_buffers(opts->common, 3415 CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS); 3416 if (rc) 3417 goto release_common; 3418 3419 pr_info(FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n"); 3420 3421 memset(&config, 0, sizeof(config)); 3422 config.removable = true; 3423 rc = fsg_common_create_lun(opts->common, &config, 0, "lun.0", 3424 (const char **)&opts->func_inst.group.cg_item.ci_name); 3425 if (rc) 3426 goto release_buffers; 3427 3428 opts->lun0.lun = opts->common->luns[0]; 3429 opts->lun0.lun_id = 0; 3430 3431 config_group_init_type_name(&opts->func_inst.group, "", &fsg_func_type); 3432 3433 config_group_init_type_name(&opts->lun0.group, "lun.0", &fsg_lun_type); 3434 configfs_add_default_group(&opts->lun0.group, &opts->func_inst.group); 3435 3436 return &opts->func_inst; 3437 3438 release_buffers: 3439 fsg_common_free_buffers(opts->common); 3440 release_common: 3441 kfree(opts->common); 3442 release_opts: 3443 kfree(opts); 3444 return ERR_PTR(rc); 3445 } 3446 3447 static void fsg_free(struct usb_function *f) 3448 { 3449 struct fsg_dev *fsg; 3450 struct fsg_opts *opts; 3451 3452 fsg = container_of(f, struct fsg_dev, function); 3453 opts = container_of(f->fi, struct fsg_opts, func_inst); 3454 3455 mutex_lock(&opts->lock); 3456 opts->refcnt--; 3457 mutex_unlock(&opts->lock); 3458 3459 kfree(fsg); 3460 } 3461 3462 static struct usb_function *fsg_alloc(struct usb_function_instance *fi) 3463 { 3464 struct fsg_opts *opts = fsg_opts_from_func_inst(fi); 3465 struct fsg_common *common = opts->common; 3466 struct fsg_dev *fsg; 3467 3468 fsg = kzalloc(sizeof(*fsg), GFP_KERNEL); 3469 if (unlikely(!fsg)) 3470 return ERR_PTR(-ENOMEM); 3471 3472 mutex_lock(&opts->lock); 3473 opts->refcnt++; 3474 mutex_unlock(&opts->lock); 3475 3476 fsg->function.name = FSG_DRIVER_DESC; 3477 fsg->function.bind = fsg_bind; 3478 fsg->function.unbind = fsg_unbind; 3479 fsg->function.setup = fsg_setup; 3480 fsg->function.set_alt = fsg_set_alt; 3481 fsg->function.disable = fsg_disable; 3482 fsg->function.free_func = fsg_free; 3483 3484 fsg->common = common; 3485 3486 return &fsg->function; 3487 } 3488 3489 DECLARE_USB_FUNCTION_INIT(mass_storage, fsg_alloc_inst, fsg_alloc); 3490 MODULE_LICENSE("GPL"); 3491 MODULE_AUTHOR("Michal Nazarewicz"); 3492 3493 /************************* Module parameters *************************/ 3494 3495 3496 void fsg_config_from_params(struct fsg_config *cfg, 3497 const struct fsg_module_parameters *params, 3498 unsigned int fsg_num_buffers) 3499 { 3500 struct fsg_lun_config *lun; 3501 unsigned i; 3502 3503 /* Configure LUNs */ 3504 cfg->nluns = 3505 min(params->luns ?: (params->file_count ?: 1u), 3506 (unsigned)FSG_MAX_LUNS); 3507 for (i = 0, lun = cfg->luns; i < cfg->nluns; ++i, ++lun) { 3508 lun->ro = !!params->ro[i]; 3509 lun->cdrom = !!params->cdrom[i]; 3510 lun->removable = !!params->removable[i]; 3511 lun->filename = 3512 params->file_count > i && params->file[i][0] 3513 ? params->file[i] 3514 : NULL; 3515 } 3516 3517 /* Let MSF use defaults */ 3518 cfg->vendor_name = NULL; 3519 cfg->product_name = NULL; 3520 3521 cfg->ops = NULL; 3522 cfg->private_data = NULL; 3523 3524 /* Finalise */ 3525 cfg->can_stall = params->stall; 3526 cfg->fsg_num_buffers = fsg_num_buffers; 3527 } 3528 EXPORT_SYMBOL_GPL(fsg_config_from_params); 3529