xref: /openbmc/qemu/hw/usb/dev-mtp.c (revision 60e58bd9f08a3b91a35850f7501a0a1bcf912b6f)
1 /*
2  * Media Transfer Protocol implementation, backed by host filesystem.
3  *
4  * Copyright Red Hat, Inc 2014
5  *
6  * Author:
7  *   Gerd Hoffmann <kraxel@redhat.com>
8  *
9  * This code is licensed under the GPL v2 or later.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "qapi/error.h"
14 #include <wchar.h>
15 #include <dirent.h>
16 
17 #include <sys/statvfs.h>
18 #ifdef CONFIG_INOTIFY1
19 #include <sys/inotify.h>
20 #include "qemu/main-loop.h"
21 #endif
22 
23 #include "qemu-common.h"
24 #include "qemu/iov.h"
25 #include "trace.h"
26 #include "hw/usb.h"
27 #include "hw/usb/desc.h"
28 
29 /* ----------------------------------------------------------------------- */
30 
31 enum mtp_container_type {
32     TYPE_COMMAND  = 1,
33     TYPE_DATA     = 2,
34     TYPE_RESPONSE = 3,
35     TYPE_EVENT    = 4,
36 };
37 
38 enum mtp_code {
39     /* command codes */
40     CMD_GET_DEVICE_INFO            = 0x1001,
41     CMD_OPEN_SESSION               = 0x1002,
42     CMD_CLOSE_SESSION              = 0x1003,
43     CMD_GET_STORAGE_IDS            = 0x1004,
44     CMD_GET_STORAGE_INFO           = 0x1005,
45     CMD_GET_NUM_OBJECTS            = 0x1006,
46     CMD_GET_OBJECT_HANDLES         = 0x1007,
47     CMD_GET_OBJECT_INFO            = 0x1008,
48     CMD_GET_OBJECT                 = 0x1009,
49     CMD_GET_PARTIAL_OBJECT         = 0x101b,
50     CMD_GET_OBJECT_PROPS_SUPPORTED = 0x9801,
51     CMD_GET_OBJECT_PROP_DESC       = 0x9802,
52     CMD_GET_OBJECT_PROP_VALUE      = 0x9803,
53 
54     /* response codes */
55     RES_OK                         = 0x2001,
56     RES_GENERAL_ERROR              = 0x2002,
57     RES_SESSION_NOT_OPEN           = 0x2003,
58     RES_INVALID_TRANSACTION_ID     = 0x2004,
59     RES_OPERATION_NOT_SUPPORTED    = 0x2005,
60     RES_PARAMETER_NOT_SUPPORTED    = 0x2006,
61     RES_INCOMPLETE_TRANSFER        = 0x2007,
62     RES_INVALID_STORAGE_ID         = 0x2008,
63     RES_INVALID_OBJECT_HANDLE      = 0x2009,
64     RES_INVALID_OBJECT_FORMAT_CODE = 0x200b,
65     RES_SPEC_BY_FORMAT_UNSUPPORTED = 0x2014,
66     RES_INVALID_PARENT_OBJECT      = 0x201a,
67     RES_INVALID_PARAMETER          = 0x201d,
68     RES_SESSION_ALREADY_OPEN       = 0x201e,
69     RES_INVALID_OBJECT_PROP_CODE   = 0xA801,
70 
71     /* format codes */
72     FMT_UNDEFINED_OBJECT           = 0x3000,
73     FMT_ASSOCIATION                = 0x3001,
74 
75     /* event codes */
76     EVT_OBJ_ADDED                  = 0x4002,
77     EVT_OBJ_REMOVED                = 0x4003,
78     EVT_OBJ_INFO_CHANGED           = 0x4007,
79 
80     /* object properties */
81     PROP_STORAGE_ID                = 0xDC01,
82     PROP_OBJECT_FORMAT             = 0xDC02,
83     PROP_OBJECT_COMPRESSED_SIZE    = 0xDC04,
84     PROP_PARENT_OBJECT             = 0xDC0B,
85     PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER = 0xDC41,
86     PROP_NAME                      = 0xDC44,
87 };
88 
89 enum mtp_data_type {
90     DATA_TYPE_UINT16  = 0x0004,
91     DATA_TYPE_UINT32  = 0x0006,
92     DATA_TYPE_UINT64  = 0x0008,
93     DATA_TYPE_UINT128 = 0x000a,
94     DATA_TYPE_STRING  = 0xffff,
95 };
96 
97 typedef struct {
98     uint32_t length;
99     uint16_t type;
100     uint16_t code;
101     uint32_t trans;
102 } QEMU_PACKED mtp_container;
103 
104 /* ----------------------------------------------------------------------- */
105 
106 typedef struct MTPState MTPState;
107 typedef struct MTPControl MTPControl;
108 typedef struct MTPData MTPData;
109 typedef struct MTPObject MTPObject;
110 
111 enum {
112     EP_DATA_IN = 1,
113     EP_DATA_OUT,
114     EP_EVENT,
115 };
116 
117 #ifdef CONFIG_INOTIFY1
118 typedef struct MTPMonEntry MTPMonEntry;
119 
120 struct MTPMonEntry {
121     uint32_t event;
122     uint32_t handle;
123 
124     QTAILQ_ENTRY(MTPMonEntry) next;
125 };
126 #endif
127 
128 struct MTPControl {
129     uint16_t     code;
130     uint32_t     trans;
131     int          argc;
132     uint32_t     argv[5];
133 };
134 
135 struct MTPData {
136     uint16_t     code;
137     uint32_t     trans;
138     uint64_t     offset;
139     uint64_t     length;
140     uint32_t     alloc;
141     uint8_t      *data;
142     bool         first;
143     int          fd;
144 };
145 
146 struct MTPObject {
147     uint32_t     handle;
148     uint16_t     format;
149     char         *name;
150     char         *path;
151     struct stat  stat;
152 #ifdef CONFIG_INOTIFY1
153     /* inotify watch cookie */
154     int          watchfd;
155 #endif
156     MTPObject    *parent;
157     uint32_t     nchildren;
158     QLIST_HEAD(, MTPObject) children;
159     QLIST_ENTRY(MTPObject) list;
160     bool         have_children;
161     QTAILQ_ENTRY(MTPObject) next;
162 };
163 
164 struct MTPState {
165     USBDevice    dev;
166     char         *root;
167     char         *desc;
168     uint32_t     flags;
169 
170     MTPData      *data_in;
171     MTPData      *data_out;
172     MTPControl   *result;
173     uint32_t     session;
174     uint32_t     next_handle;
175 
176     QTAILQ_HEAD(, MTPObject) objects;
177 #ifdef CONFIG_INOTIFY1
178     /* inotify descriptor */
179     int          inotifyfd;
180     QTAILQ_HEAD(events, MTPMonEntry) events;
181 #endif
182 };
183 
184 #define TYPE_USB_MTP "usb-mtp"
185 #define USB_MTP(obj) OBJECT_CHECK(MTPState, (obj), TYPE_USB_MTP)
186 
187 #define QEMU_STORAGE_ID 0x00010001
188 
189 #define MTP_FLAG_WRITABLE 0
190 
191 #define FLAG_SET(_mtp, _flag)  ((_mtp)->flags & (1 << (_flag)))
192 
193 /* ----------------------------------------------------------------------- */
194 
195 #define MTP_MANUFACTURER  "QEMU"
196 #define MTP_PRODUCT       "QEMU filesharing"
197 
198 enum {
199     STR_MANUFACTURER = 1,
200     STR_PRODUCT,
201     STR_SERIALNUMBER,
202     STR_MTP,
203     STR_CONFIG_FULL,
204     STR_CONFIG_HIGH,
205     STR_CONFIG_SUPER,
206 };
207 
208 static const USBDescStrings desc_strings = {
209     [STR_MANUFACTURER] = MTP_MANUFACTURER,
210     [STR_PRODUCT]      = MTP_PRODUCT,
211     [STR_SERIALNUMBER] = "34617",
212     [STR_MTP]          = "MTP",
213     [STR_CONFIG_FULL]  = "Full speed config (usb 1.1)",
214     [STR_CONFIG_HIGH]  = "High speed config (usb 2.0)",
215     [STR_CONFIG_SUPER] = "Super speed config (usb 3.0)",
216 };
217 
218 static const USBDescIface desc_iface_full = {
219     .bInterfaceNumber              = 0,
220     .bNumEndpoints                 = 3,
221     .bInterfaceClass               = USB_CLASS_STILL_IMAGE,
222     .bInterfaceSubClass            = 0x01,
223     .bInterfaceProtocol            = 0x01,
224     .iInterface                    = STR_MTP,
225     .eps = (USBDescEndpoint[]) {
226         {
227             .bEndpointAddress      = USB_DIR_IN | EP_DATA_IN,
228             .bmAttributes          = USB_ENDPOINT_XFER_BULK,
229             .wMaxPacketSize        = 64,
230         },{
231             .bEndpointAddress      = USB_DIR_OUT | EP_DATA_OUT,
232             .bmAttributes          = USB_ENDPOINT_XFER_BULK,
233             .wMaxPacketSize        = 64,
234         },{
235             .bEndpointAddress      = USB_DIR_IN | EP_EVENT,
236             .bmAttributes          = USB_ENDPOINT_XFER_INT,
237             .wMaxPacketSize        = 64,
238             .bInterval             = 0x0a,
239         },
240     }
241 };
242 
243 static const USBDescDevice desc_device_full = {
244     .bcdUSB                        = 0x0200,
245     .bMaxPacketSize0               = 8,
246     .bNumConfigurations            = 1,
247     .confs = (USBDescConfig[]) {
248         {
249             .bNumInterfaces        = 1,
250             .bConfigurationValue   = 1,
251             .iConfiguration        = STR_CONFIG_FULL,
252             .bmAttributes          = USB_CFG_ATT_ONE | USB_CFG_ATT_WAKEUP,
253             .bMaxPower             = 2,
254             .nif = 1,
255             .ifs = &desc_iface_full,
256         },
257     },
258 };
259 
260 static const USBDescIface desc_iface_high = {
261     .bInterfaceNumber              = 0,
262     .bNumEndpoints                 = 3,
263     .bInterfaceClass               = USB_CLASS_STILL_IMAGE,
264     .bInterfaceSubClass            = 0x01,
265     .bInterfaceProtocol            = 0x01,
266     .iInterface                    = STR_MTP,
267     .eps = (USBDescEndpoint[]) {
268         {
269             .bEndpointAddress      = USB_DIR_IN | EP_DATA_IN,
270             .bmAttributes          = USB_ENDPOINT_XFER_BULK,
271             .wMaxPacketSize        = 512,
272         },{
273             .bEndpointAddress      = USB_DIR_OUT | EP_DATA_OUT,
274             .bmAttributes          = USB_ENDPOINT_XFER_BULK,
275             .wMaxPacketSize        = 512,
276         },{
277             .bEndpointAddress      = USB_DIR_IN | EP_EVENT,
278             .bmAttributes          = USB_ENDPOINT_XFER_INT,
279             .wMaxPacketSize        = 64,
280             .bInterval             = 0x0a,
281         },
282     }
283 };
284 
285 static const USBDescDevice desc_device_high = {
286     .bcdUSB                        = 0x0200,
287     .bMaxPacketSize0               = 64,
288     .bNumConfigurations            = 1,
289     .confs = (USBDescConfig[]) {
290         {
291             .bNumInterfaces        = 1,
292             .bConfigurationValue   = 1,
293             .iConfiguration        = STR_CONFIG_HIGH,
294             .bmAttributes          = USB_CFG_ATT_ONE | USB_CFG_ATT_WAKEUP,
295             .bMaxPower             = 2,
296             .nif = 1,
297             .ifs = &desc_iface_high,
298         },
299     },
300 };
301 
302 static const USBDescMSOS desc_msos = {
303     .CompatibleID = "MTP",
304     .SelectiveSuspendEnabled = true,
305 };
306 
307 static const USBDesc desc = {
308     .id = {
309         .idVendor          = 0x46f4, /* CRC16() of "QEMU" */
310         .idProduct         = 0x0004,
311         .bcdDevice         = 0,
312         .iManufacturer     = STR_MANUFACTURER,
313         .iProduct          = STR_PRODUCT,
314         .iSerialNumber     = STR_SERIALNUMBER,
315     },
316     .full  = &desc_device_full,
317     .high  = &desc_device_high,
318     .str   = desc_strings,
319     .msos  = &desc_msos,
320 };
321 
322 /* ----------------------------------------------------------------------- */
323 
324 static MTPObject *usb_mtp_object_alloc(MTPState *s, uint32_t handle,
325                                        MTPObject *parent, char *name)
326 {
327     MTPObject *o = g_new0(MTPObject, 1);
328 
329     if (name[0] == '.') {
330         goto ignore;
331     }
332 
333     o->handle = handle;
334     o->parent = parent;
335     o->name = g_strdup(name);
336     if (parent == NULL) {
337         o->path = g_strdup(name);
338     } else {
339         o->path = g_strdup_printf("%s/%s", parent->path, name);
340     }
341 
342     if (lstat(o->path, &o->stat) != 0) {
343         goto ignore;
344     }
345     if (S_ISREG(o->stat.st_mode)) {
346         o->format = FMT_UNDEFINED_OBJECT;
347     } else if (S_ISDIR(o->stat.st_mode)) {
348         o->format = FMT_ASSOCIATION;
349     } else {
350         goto ignore;
351     }
352 
353     if (access(o->path, R_OK) != 0) {
354         goto ignore;
355     }
356 
357     trace_usb_mtp_object_alloc(s->dev.addr, o->handle, o->path);
358 
359     QTAILQ_INSERT_TAIL(&s->objects, o, next);
360     return o;
361 
362 ignore:
363     g_free(o->name);
364     g_free(o->path);
365     g_free(o);
366     return NULL;
367 }
368 
369 static void usb_mtp_object_free(MTPState *s, MTPObject *o)
370 {
371     MTPObject *iter;
372 
373     if (!o) {
374         return;
375     }
376 
377     trace_usb_mtp_object_free(s->dev.addr, o->handle, o->path);
378 
379     QTAILQ_REMOVE(&s->objects, o, next);
380     if (o->parent) {
381         QLIST_REMOVE(o, list);
382         o->parent->nchildren--;
383     }
384 
385     while (!QLIST_EMPTY(&o->children)) {
386         iter = QLIST_FIRST(&o->children);
387         usb_mtp_object_free(s, iter);
388     }
389     g_free(o->name);
390     g_free(o->path);
391     g_free(o);
392 }
393 
394 static MTPObject *usb_mtp_object_lookup(MTPState *s, uint32_t handle)
395 {
396     MTPObject *o;
397 
398     QTAILQ_FOREACH(o, &s->objects, next) {
399         if (o->handle == handle) {
400             return o;
401         }
402     }
403     return NULL;
404 }
405 
406 static MTPObject *usb_mtp_add_child(MTPState *s, MTPObject *o,
407                                     char *name)
408 {
409     MTPObject *child =
410         usb_mtp_object_alloc(s, s->next_handle++, o, name);
411 
412     if (child) {
413         trace_usb_mtp_add_child(s->dev.addr, child->handle, child->path);
414         QLIST_INSERT_HEAD(&o->children, child, list);
415         o->nchildren++;
416 
417         if (child->format == FMT_ASSOCIATION) {
418             QLIST_INIT(&child->children);
419         }
420     }
421 
422     return child;
423 }
424 
425 #ifdef CONFIG_INOTIFY1
426 static MTPObject *usb_mtp_object_lookup_name(MTPObject *parent,
427                                              char *name, int len)
428 {
429     MTPObject *iter;
430 
431     QLIST_FOREACH(iter, &parent->children, list) {
432         if (strncmp(iter->name, name, len) == 0) {
433             return iter;
434         }
435     }
436 
437     return NULL;
438 }
439 
440 static MTPObject *usb_mtp_object_lookup_wd(MTPState *s, int wd)
441 {
442     MTPObject *iter;
443 
444     QTAILQ_FOREACH(iter, &s->objects, next) {
445         if (iter->watchfd == wd) {
446             return iter;
447         }
448     }
449 
450     return NULL;
451 }
452 
453 static void inotify_watchfn(void *arg)
454 {
455     MTPState *s = arg;
456     ssize_t bytes;
457     /* From the man page: atleast one event can be read */
458     int pos;
459     char buf[sizeof(struct inotify_event) + NAME_MAX + 1];
460 
461     for (;;) {
462         bytes = read(s->inotifyfd, buf, sizeof(buf));
463         pos = 0;
464 
465         if (bytes <= 0) {
466             /* Better luck next time */
467             return;
468         }
469 
470         /*
471          * TODO: Ignore initiator initiated events.
472          * For now we are good because the store is RO
473          */
474         while (bytes > 0) {
475             char *p = buf + pos;
476             struct inotify_event *event = (struct inotify_event *)p;
477             int watchfd = 0;
478             uint32_t mask = event->mask & (IN_CREATE | IN_DELETE |
479                                            IN_MODIFY | IN_IGNORED);
480             MTPObject *parent = usb_mtp_object_lookup_wd(s, event->wd);
481             MTPMonEntry *entry = NULL;
482             MTPObject *o;
483 
484             pos = pos + sizeof(struct inotify_event) + event->len;
485             bytes = bytes - pos;
486 
487             if (!parent) {
488                 continue;
489             }
490 
491             switch (mask) {
492             case IN_CREATE:
493                 if (usb_mtp_object_lookup_name
494                     (parent, event->name, event->len)) {
495                     /* Duplicate create event */
496                     continue;
497                 }
498                 entry = g_new0(MTPMonEntry, 1);
499                 entry->handle = s->next_handle;
500                 entry->event = EVT_OBJ_ADDED;
501                 o = usb_mtp_add_child(s, parent, event->name);
502                 if (!o) {
503                     g_free(entry);
504                     continue;
505                 }
506                 o->watchfd = watchfd;
507                 trace_usb_mtp_inotify_event(s->dev.addr, event->name,
508                                             event->mask, "Obj Added");
509                 break;
510 
511             case IN_DELETE:
512                 /*
513                  * The kernel issues a IN_IGNORED event
514                  * when a dir containing a watchpoint is
515                  * deleted, so we don't have to delete the
516                  * watchpoint
517                  */
518                 o = usb_mtp_object_lookup_name(parent, event->name, event->len);
519                 if (!o) {
520                     continue;
521                 }
522                 entry = g_new0(MTPMonEntry, 1);
523                 entry->handle = o->handle;
524                 entry->event = EVT_OBJ_REMOVED;
525                 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
526                                       event->mask, "Obj Deleted");
527                 usb_mtp_object_free(s, o);
528                 break;
529 
530             case IN_MODIFY:
531                 o = usb_mtp_object_lookup_name(parent, event->name, event->len);
532                 if (!o) {
533                     continue;
534                 }
535                 entry = g_new0(MTPMonEntry, 1);
536                 entry->handle = o->handle;
537                 entry->event = EVT_OBJ_INFO_CHANGED;
538                 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
539                                       event->mask, "Obj Modified");
540                 break;
541 
542             case IN_IGNORED:
543                 o = usb_mtp_object_lookup_name(parent, event->name, event->len);
544                 trace_usb_mtp_inotify_event(s->dev.addr, o->path,
545                                       event->mask, "Obj ignored");
546                 break;
547 
548             default:
549                 fprintf(stderr, "usb-mtp: failed to parse inotify event\n");
550                 continue;
551             }
552 
553             if (entry) {
554                 QTAILQ_INSERT_HEAD(&s->events, entry, next);
555             }
556         }
557     }
558 }
559 
560 static int usb_mtp_inotify_init(MTPState *s)
561 {
562     int fd;
563 
564     fd = inotify_init1(IN_NONBLOCK);
565     if (fd == -1) {
566         return 1;
567     }
568 
569     QTAILQ_INIT(&s->events);
570     s->inotifyfd = fd;
571 
572     qemu_set_fd_handler(fd, inotify_watchfn, NULL, s);
573 
574     return 0;
575 }
576 
577 static void usb_mtp_inotify_cleanup(MTPState *s)
578 {
579     MTPMonEntry *e, *p;
580 
581     if (!s->inotifyfd) {
582         return;
583     }
584 
585     qemu_set_fd_handler(s->inotifyfd, NULL, NULL, s);
586     close(s->inotifyfd);
587 
588     QTAILQ_FOREACH_SAFE(e, &s->events, next, p) {
589         QTAILQ_REMOVE(&s->events, e, next);
590         g_free(e);
591     }
592 }
593 
594 static int usb_mtp_add_watch(int inotifyfd, char *path)
595 {
596     uint32_t mask = IN_CREATE | IN_DELETE | IN_MODIFY |
597         IN_ISDIR;
598 
599     return inotify_add_watch(inotifyfd, path, mask);
600 }
601 #endif
602 
603 static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
604 {
605     struct dirent *entry;
606     DIR *dir;
607 
608     if (o->have_children) {
609         return;
610     }
611     o->have_children = true;
612 
613     dir = opendir(o->path);
614     if (!dir) {
615         return;
616     }
617 #ifdef CONFIG_INOTIFY1
618     int watchfd = usb_mtp_add_watch(s->inotifyfd, o->path);
619     if (watchfd == -1) {
620         fprintf(stderr, "usb-mtp: failed to add watch for %s\n", o->path);
621     } else {
622         trace_usb_mtp_inotify_event(s->dev.addr, o->path,
623                                     0, "Watch Added");
624         o->watchfd = watchfd;
625     }
626 #endif
627     while ((entry = readdir(dir)) != NULL) {
628         usb_mtp_add_child(s, o, entry->d_name);
629     }
630     closedir(dir);
631 }
632 
633 /* ----------------------------------------------------------------------- */
634 
635 static MTPData *usb_mtp_data_alloc(MTPControl *c)
636 {
637     MTPData *data = g_new0(MTPData, 1);
638 
639     data->code  = c->code;
640     data->trans = c->trans;
641     data->fd    = -1;
642     data->first = true;
643     return data;
644 }
645 
646 static void usb_mtp_data_free(MTPData *data)
647 {
648     if (data == NULL) {
649         return;
650     }
651     if (data->fd != -1) {
652         close(data->fd);
653     }
654     g_free(data->data);
655     g_free(data);
656 }
657 
658 static void usb_mtp_realloc(MTPData *data, uint32_t bytes)
659 {
660     if (data->length + bytes <= data->alloc) {
661         return;
662     }
663     data->alloc = (data->length + bytes + 0xff) & ~0xff;
664     data->data  = g_realloc(data->data, data->alloc);
665 }
666 
667 static void usb_mtp_add_u8(MTPData *data, uint8_t val)
668 {
669     usb_mtp_realloc(data, 1);
670     data->data[data->length++] = val;
671 }
672 
673 static void usb_mtp_add_u16(MTPData *data, uint16_t val)
674 {
675     usb_mtp_realloc(data, 2);
676     data->data[data->length++] = (val >> 0) & 0xff;
677     data->data[data->length++] = (val >> 8) & 0xff;
678 }
679 
680 static void usb_mtp_add_u32(MTPData *data, uint32_t val)
681 {
682     usb_mtp_realloc(data, 4);
683     data->data[data->length++] = (val >>  0) & 0xff;
684     data->data[data->length++] = (val >>  8) & 0xff;
685     data->data[data->length++] = (val >> 16) & 0xff;
686     data->data[data->length++] = (val >> 24) & 0xff;
687 }
688 
689 static void usb_mtp_add_u64(MTPData *data, uint64_t val)
690 {
691     usb_mtp_realloc(data, 8);
692     data->data[data->length++] = (val >>  0) & 0xff;
693     data->data[data->length++] = (val >>  8) & 0xff;
694     data->data[data->length++] = (val >> 16) & 0xff;
695     data->data[data->length++] = (val >> 24) & 0xff;
696     data->data[data->length++] = (val >> 32) & 0xff;
697     data->data[data->length++] = (val >> 40) & 0xff;
698     data->data[data->length++] = (val >> 48) & 0xff;
699     data->data[data->length++] = (val >> 56) & 0xff;
700 }
701 
702 static void usb_mtp_add_u16_array(MTPData *data, uint32_t len,
703                                   const uint16_t *vals)
704 {
705     int i;
706 
707     usb_mtp_add_u32(data, len);
708     for (i = 0; i < len; i++) {
709         usb_mtp_add_u16(data, vals[i]);
710     }
711 }
712 
713 static void usb_mtp_add_u32_array(MTPData *data, uint32_t len,
714                                   const uint32_t *vals)
715 {
716     int i;
717 
718     usb_mtp_add_u32(data, len);
719     for (i = 0; i < len; i++) {
720         usb_mtp_add_u32(data, vals[i]);
721     }
722 }
723 
724 static void usb_mtp_add_wstr(MTPData *data, const wchar_t *str)
725 {
726     uint32_t len = wcslen(str);
727     int i;
728 
729     if (len > 0) {
730         len++; /* include terminating L'\0' */
731     }
732 
733     usb_mtp_add_u8(data, len);
734     for (i = 0; i < len; i++) {
735         usb_mtp_add_u16(data, str[i]);
736     }
737 }
738 
739 static void usb_mtp_add_str(MTPData *data, const char *str)
740 {
741     uint32_t len = strlen(str)+1;
742     wchar_t *wstr = g_new(wchar_t, len);
743     size_t ret;
744 
745     ret = mbstowcs(wstr, str, len);
746     if (ret == -1) {
747         usb_mtp_add_wstr(data, L"Oops");
748     } else {
749         usb_mtp_add_wstr(data, wstr);
750     }
751 
752     g_free(wstr);
753 }
754 
755 static void usb_mtp_add_time(MTPData *data, time_t time)
756 {
757     char buf[16];
758     struct tm tm;
759 
760     gmtime_r(&time, &tm);
761     strftime(buf, sizeof(buf), "%Y%m%dT%H%M%S", &tm);
762     usb_mtp_add_str(data, buf);
763 }
764 
765 /* ----------------------------------------------------------------------- */
766 
767 static void usb_mtp_queue_result(MTPState *s, uint16_t code, uint32_t trans,
768                                  int argc, uint32_t arg0, uint32_t arg1)
769 {
770     MTPControl *c = g_new0(MTPControl, 1);
771 
772     c->code  = code;
773     c->trans = trans;
774     c->argc  = argc;
775     if (argc > 0) {
776         c->argv[0] = arg0;
777     }
778     if (argc > 1) {
779         c->argv[1] = arg1;
780     }
781 
782     assert(s->result == NULL);
783     s->result = c;
784 }
785 
786 /* ----------------------------------------------------------------------- */
787 
788 static MTPData *usb_mtp_get_device_info(MTPState *s, MTPControl *c)
789 {
790     static const uint16_t ops[] = {
791         CMD_GET_DEVICE_INFO,
792         CMD_OPEN_SESSION,
793         CMD_CLOSE_SESSION,
794         CMD_GET_STORAGE_IDS,
795         CMD_GET_STORAGE_INFO,
796         CMD_GET_NUM_OBJECTS,
797         CMD_GET_OBJECT_HANDLES,
798         CMD_GET_OBJECT_INFO,
799         CMD_GET_OBJECT,
800         CMD_GET_PARTIAL_OBJECT,
801         CMD_GET_OBJECT_PROPS_SUPPORTED,
802         CMD_GET_OBJECT_PROP_DESC,
803         CMD_GET_OBJECT_PROP_VALUE,
804     };
805     static const uint16_t fmt[] = {
806         FMT_UNDEFINED_OBJECT,
807         FMT_ASSOCIATION,
808     };
809     MTPData *d = usb_mtp_data_alloc(c);
810 
811     trace_usb_mtp_op_get_device_info(s->dev.addr);
812 
813     usb_mtp_add_u16(d, 100);
814     usb_mtp_add_u32(d, 0x00000006);
815     usb_mtp_add_u16(d, 0x0064);
816     usb_mtp_add_wstr(d, L"");
817     usb_mtp_add_u16(d, 0x0000);
818 
819     usb_mtp_add_u16_array(d, ARRAY_SIZE(ops), ops);
820     usb_mtp_add_u16_array(d, 0, NULL);
821     usb_mtp_add_u16_array(d, 0, NULL);
822     usb_mtp_add_u16_array(d, 0, NULL);
823     usb_mtp_add_u16_array(d, ARRAY_SIZE(fmt), fmt);
824 
825     usb_mtp_add_wstr(d, L"" MTP_MANUFACTURER);
826     usb_mtp_add_wstr(d, L"" MTP_PRODUCT);
827     usb_mtp_add_wstr(d, L"0.1");
828     usb_mtp_add_wstr(d, L"0123456789abcdef0123456789abcdef");
829 
830     return d;
831 }
832 
833 static MTPData *usb_mtp_get_storage_ids(MTPState *s, MTPControl *c)
834 {
835     static const uint32_t ids[] = {
836         QEMU_STORAGE_ID,
837     };
838     MTPData *d = usb_mtp_data_alloc(c);
839 
840     trace_usb_mtp_op_get_storage_ids(s->dev.addr);
841 
842     usb_mtp_add_u32_array(d, ARRAY_SIZE(ids), ids);
843 
844     return d;
845 }
846 
847 static MTPData *usb_mtp_get_storage_info(MTPState *s, MTPControl *c)
848 {
849     MTPData *d = usb_mtp_data_alloc(c);
850     struct statvfs buf;
851     int rc;
852 
853     trace_usb_mtp_op_get_storage_info(s->dev.addr);
854 
855     if (FLAG_SET(s, MTP_FLAG_WRITABLE)) {
856         usb_mtp_add_u16(d, 0x0003);
857         usb_mtp_add_u16(d, 0x0002);
858         usb_mtp_add_u16(d, 0x0000);
859     } else {
860         usb_mtp_add_u16(d, 0x0001);
861         usb_mtp_add_u16(d, 0x0002);
862         usb_mtp_add_u16(d, 0x0001);
863     }
864 
865     rc = statvfs(s->root, &buf);
866     if (rc == 0) {
867         usb_mtp_add_u64(d, (uint64_t)buf.f_frsize * buf.f_blocks);
868         usb_mtp_add_u64(d, (uint64_t)buf.f_bavail * buf.f_blocks);
869         usb_mtp_add_u32(d, buf.f_ffree);
870     } else {
871         usb_mtp_add_u64(d, 0xffffffff);
872         usb_mtp_add_u64(d, 0xffffffff);
873         usb_mtp_add_u32(d, 0xffffffff);
874     }
875 
876     usb_mtp_add_str(d, s->desc);
877     usb_mtp_add_wstr(d, L"123456789abcdef");
878     return d;
879 }
880 
881 static MTPData *usb_mtp_get_object_handles(MTPState *s, MTPControl *c,
882                                            MTPObject *o)
883 {
884     MTPData *d = usb_mtp_data_alloc(c);
885     uint32_t i = 0, handles[o->nchildren];
886     MTPObject *iter;
887 
888     trace_usb_mtp_op_get_object_handles(s->dev.addr, o->handle, o->path);
889 
890     QLIST_FOREACH(iter, &o->children, list) {
891         handles[i++] = iter->handle;
892     }
893     assert(i == o->nchildren);
894     usb_mtp_add_u32_array(d, o->nchildren, handles);
895 
896     return d;
897 }
898 
899 static MTPData *usb_mtp_get_object_info(MTPState *s, MTPControl *c,
900                                         MTPObject *o)
901 {
902     MTPData *d = usb_mtp_data_alloc(c);
903 
904     trace_usb_mtp_op_get_object_info(s->dev.addr, o->handle, o->path);
905 
906     usb_mtp_add_u32(d, QEMU_STORAGE_ID);
907     usb_mtp_add_u16(d, o->format);
908     usb_mtp_add_u16(d, 0);
909 
910     if (o->stat.st_size > 0xFFFFFFFF) {
911         usb_mtp_add_u32(d, 0xFFFFFFFF);
912     } else {
913         usb_mtp_add_u32(d, o->stat.st_size);
914     }
915 
916     usb_mtp_add_u16(d, 0);
917     usb_mtp_add_u32(d, 0);
918     usb_mtp_add_u32(d, 0);
919     usb_mtp_add_u32(d, 0);
920     usb_mtp_add_u32(d, 0);
921     usb_mtp_add_u32(d, 0);
922     usb_mtp_add_u32(d, 0);
923 
924     if (o->parent) {
925         usb_mtp_add_u32(d, o->parent->handle);
926     } else {
927         usb_mtp_add_u32(d, 0);
928     }
929     if (o->format == FMT_ASSOCIATION) {
930         usb_mtp_add_u16(d, 0x0001);
931         usb_mtp_add_u32(d, 0x00000001);
932         usb_mtp_add_u32(d, 0);
933     } else {
934         usb_mtp_add_u16(d, 0);
935         usb_mtp_add_u32(d, 0);
936         usb_mtp_add_u32(d, 0);
937     }
938 
939     usb_mtp_add_str(d, o->name);
940     usb_mtp_add_time(d, o->stat.st_ctime);
941     usb_mtp_add_time(d, o->stat.st_mtime);
942     usb_mtp_add_wstr(d, L"");
943 
944     return d;
945 }
946 
947 static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
948                                    MTPObject *o)
949 {
950     MTPData *d = usb_mtp_data_alloc(c);
951 
952     trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
953 
954     d->fd = open(o->path, O_RDONLY);
955     if (d->fd == -1) {
956         usb_mtp_data_free(d);
957         return NULL;
958     }
959     d->length = o->stat.st_size;
960     d->alloc  = 512;
961     d->data   = g_malloc(d->alloc);
962     return d;
963 }
964 
965 static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
966                                            MTPObject *o)
967 {
968     MTPData *d = usb_mtp_data_alloc(c);
969     off_t offset;
970 
971     trace_usb_mtp_op_get_partial_object(s->dev.addr, o->handle, o->path,
972                                         c->argv[1], c->argv[2]);
973 
974     d->fd = open(o->path, O_RDONLY);
975     if (d->fd == -1) {
976         usb_mtp_data_free(d);
977         return NULL;
978     }
979 
980     offset = c->argv[1];
981     if (offset > o->stat.st_size) {
982         offset = o->stat.st_size;
983     }
984     if (lseek(d->fd, offset, SEEK_SET) < 0) {
985         usb_mtp_data_free(d);
986         return NULL;
987     }
988 
989     d->length = c->argv[2];
990     if (d->length > o->stat.st_size - offset) {
991         d->length = o->stat.st_size - offset;
992     }
993 
994     return d;
995 }
996 
997 static MTPData *usb_mtp_get_object_props_supported(MTPState *s, MTPControl *c)
998 {
999     static const uint16_t props[] = {
1000         PROP_STORAGE_ID,
1001         PROP_OBJECT_FORMAT,
1002         PROP_OBJECT_COMPRESSED_SIZE,
1003         PROP_PARENT_OBJECT,
1004         PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER,
1005         PROP_NAME,
1006     };
1007     MTPData *d = usb_mtp_data_alloc(c);
1008     usb_mtp_add_u16_array(d, ARRAY_SIZE(props), props);
1009 
1010     return d;
1011 }
1012 
1013 static MTPData *usb_mtp_get_object_prop_desc(MTPState *s, MTPControl *c)
1014 {
1015     MTPData *d = usb_mtp_data_alloc(c);
1016     switch (c->argv[0]) {
1017     case PROP_STORAGE_ID:
1018         usb_mtp_add_u16(d, PROP_STORAGE_ID);
1019         usb_mtp_add_u16(d, DATA_TYPE_UINT32);
1020         usb_mtp_add_u8(d, 0x00);
1021         usb_mtp_add_u32(d, 0x00000000);
1022         usb_mtp_add_u32(d, 0x00000000);
1023         usb_mtp_add_u8(d, 0x00);
1024         break;
1025     case PROP_OBJECT_FORMAT:
1026         usb_mtp_add_u16(d, PROP_OBJECT_FORMAT);
1027         usb_mtp_add_u16(d, DATA_TYPE_UINT16);
1028         usb_mtp_add_u8(d, 0x00);
1029         usb_mtp_add_u16(d, 0x0000);
1030         usb_mtp_add_u32(d, 0x00000000);
1031         usb_mtp_add_u8(d, 0x00);
1032         break;
1033     case PROP_OBJECT_COMPRESSED_SIZE:
1034         usb_mtp_add_u16(d, PROP_OBJECT_COMPRESSED_SIZE);
1035         usb_mtp_add_u16(d, DATA_TYPE_UINT64);
1036         usb_mtp_add_u8(d, 0x00);
1037         usb_mtp_add_u64(d, 0x0000000000000000);
1038         usb_mtp_add_u32(d, 0x00000000);
1039         usb_mtp_add_u8(d, 0x00);
1040         break;
1041     case PROP_PARENT_OBJECT:
1042         usb_mtp_add_u16(d, PROP_PARENT_OBJECT);
1043         usb_mtp_add_u16(d, DATA_TYPE_UINT32);
1044         usb_mtp_add_u8(d, 0x00);
1045         usb_mtp_add_u32(d, 0x00000000);
1046         usb_mtp_add_u32(d, 0x00000000);
1047         usb_mtp_add_u8(d, 0x00);
1048         break;
1049     case PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER:
1050         usb_mtp_add_u16(d, PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER);
1051         usb_mtp_add_u16(d, DATA_TYPE_UINT128);
1052         usb_mtp_add_u8(d, 0x00);
1053         usb_mtp_add_u64(d, 0x0000000000000000);
1054         usb_mtp_add_u64(d, 0x0000000000000000);
1055         usb_mtp_add_u32(d, 0x00000000);
1056         usb_mtp_add_u8(d, 0x00);
1057         break;
1058     case PROP_NAME:
1059         usb_mtp_add_u16(d, PROP_NAME);
1060         usb_mtp_add_u16(d, DATA_TYPE_STRING);
1061         usb_mtp_add_u8(d, 0x00);
1062         usb_mtp_add_u8(d, 0x00);
1063         usb_mtp_add_u32(d, 0x00000000);
1064         usb_mtp_add_u8(d, 0x00);
1065         break;
1066     default:
1067         usb_mtp_data_free(d);
1068         return NULL;
1069     }
1070 
1071     return d;
1072 }
1073 
1074 static MTPData *usb_mtp_get_object_prop_value(MTPState *s, MTPControl *c,
1075                                               MTPObject *o)
1076 {
1077     MTPData *d = usb_mtp_data_alloc(c);
1078     switch (c->argv[1]) {
1079     case PROP_STORAGE_ID:
1080         usb_mtp_add_u32(d, QEMU_STORAGE_ID);
1081         break;
1082     case PROP_OBJECT_FORMAT:
1083         usb_mtp_add_u16(d, o->format);
1084         break;
1085     case PROP_OBJECT_COMPRESSED_SIZE:
1086         usb_mtp_add_u64(d, o->stat.st_size);
1087         break;
1088     case PROP_PARENT_OBJECT:
1089         if (o->parent == NULL) {
1090             usb_mtp_add_u32(d, 0x00000000);
1091         } else {
1092             usb_mtp_add_u32(d, o->parent->handle);
1093         }
1094         break;
1095     case PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER:
1096         /* Should be persistent between sessions,
1097          * but using our objedt ID is "good enough"
1098          * for now */
1099         usb_mtp_add_u64(d, 0x0000000000000000);
1100         usb_mtp_add_u64(d, o->handle);
1101         break;
1102     case PROP_NAME:
1103         usb_mtp_add_str(d, o->name);
1104         break;
1105     default:
1106         usb_mtp_data_free(d);
1107         return NULL;
1108     }
1109 
1110     return d;
1111 }
1112 
1113 static void usb_mtp_command(MTPState *s, MTPControl *c)
1114 {
1115     MTPData *data_in = NULL;
1116     MTPObject *o;
1117     uint32_t nres = 0, res0 = 0;
1118 
1119     /* sanity checks */
1120     if (c->code >= CMD_CLOSE_SESSION && s->session == 0) {
1121         usb_mtp_queue_result(s, RES_SESSION_NOT_OPEN,
1122                              c->trans, 0, 0, 0);
1123         return;
1124     }
1125 
1126     /* process commands */
1127     switch (c->code) {
1128     case CMD_GET_DEVICE_INFO:
1129         data_in = usb_mtp_get_device_info(s, c);
1130         break;
1131     case CMD_OPEN_SESSION:
1132         if (s->session) {
1133             usb_mtp_queue_result(s, RES_SESSION_ALREADY_OPEN,
1134                                  c->trans, 1, s->session, 0);
1135             return;
1136         }
1137         if (c->argv[0] == 0) {
1138             usb_mtp_queue_result(s, RES_INVALID_PARAMETER,
1139                                  c->trans, 0, 0, 0);
1140             return;
1141         }
1142         trace_usb_mtp_op_open_session(s->dev.addr);
1143         s->session = c->argv[0];
1144         usb_mtp_object_alloc(s, s->next_handle++, NULL, s->root);
1145 #ifdef CONFIG_INOTIFY1
1146         if (usb_mtp_inotify_init(s)) {
1147             fprintf(stderr, "usb-mtp: file monitoring init failed\n");
1148         }
1149 #endif
1150         break;
1151     case CMD_CLOSE_SESSION:
1152         trace_usb_mtp_op_close_session(s->dev.addr);
1153         s->session = 0;
1154         s->next_handle = 0;
1155 #ifdef CONFIG_INOTIFY1
1156         usb_mtp_inotify_cleanup(s);
1157 #endif
1158         usb_mtp_object_free(s, QTAILQ_FIRST(&s->objects));
1159         assert(QTAILQ_EMPTY(&s->objects));
1160         break;
1161     case CMD_GET_STORAGE_IDS:
1162         data_in = usb_mtp_get_storage_ids(s, c);
1163         break;
1164     case CMD_GET_STORAGE_INFO:
1165         if (c->argv[0] != QEMU_STORAGE_ID &&
1166             c->argv[0] != 0xffffffff) {
1167             usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID,
1168                                  c->trans, 0, 0, 0);
1169             return;
1170         }
1171         data_in = usb_mtp_get_storage_info(s, c);
1172         break;
1173     case CMD_GET_NUM_OBJECTS:
1174     case CMD_GET_OBJECT_HANDLES:
1175         if (c->argv[0] != QEMU_STORAGE_ID &&
1176             c->argv[0] != 0xffffffff) {
1177             usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID,
1178                                  c->trans, 0, 0, 0);
1179             return;
1180         }
1181         if (c->argv[1] != 0x00000000) {
1182             usb_mtp_queue_result(s, RES_SPEC_BY_FORMAT_UNSUPPORTED,
1183                                  c->trans, 0, 0, 0);
1184             return;
1185         }
1186         if (c->argv[2] == 0x00000000 ||
1187             c->argv[2] == 0xffffffff) {
1188             o = QTAILQ_FIRST(&s->objects);
1189         } else {
1190             o = usb_mtp_object_lookup(s, c->argv[2]);
1191         }
1192         if (o == NULL) {
1193             usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1194                                  c->trans, 0, 0, 0);
1195             return;
1196         }
1197         if (o->format != FMT_ASSOCIATION) {
1198             usb_mtp_queue_result(s, RES_INVALID_PARENT_OBJECT,
1199                                  c->trans, 0, 0, 0);
1200             return;
1201         }
1202         usb_mtp_object_readdir(s, o);
1203         if (c->code == CMD_GET_NUM_OBJECTS) {
1204             trace_usb_mtp_op_get_num_objects(s->dev.addr, o->handle, o->path);
1205             nres = 1;
1206             res0 = o->nchildren;
1207         } else {
1208             data_in = usb_mtp_get_object_handles(s, c, o);
1209         }
1210         break;
1211     case CMD_GET_OBJECT_INFO:
1212         o = usb_mtp_object_lookup(s, c->argv[0]);
1213         if (o == NULL) {
1214             usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1215                                  c->trans, 0, 0, 0);
1216             return;
1217         }
1218         data_in = usb_mtp_get_object_info(s, c, o);
1219         break;
1220     case CMD_GET_OBJECT:
1221         o = usb_mtp_object_lookup(s, c->argv[0]);
1222         if (o == NULL) {
1223             usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1224                                  c->trans, 0, 0, 0);
1225             return;
1226         }
1227         if (o->format == FMT_ASSOCIATION) {
1228             usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1229                                  c->trans, 0, 0, 0);
1230             return;
1231         }
1232         data_in = usb_mtp_get_object(s, c, o);
1233         if (data_in == NULL) {
1234             usb_mtp_queue_result(s, RES_GENERAL_ERROR,
1235                                  c->trans, 0, 0, 0);
1236             return;
1237         }
1238         break;
1239     case CMD_GET_PARTIAL_OBJECT:
1240         o = usb_mtp_object_lookup(s, c->argv[0]);
1241         if (o == NULL) {
1242             usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1243                                  c->trans, 0, 0, 0);
1244             return;
1245         }
1246         if (o->format == FMT_ASSOCIATION) {
1247             usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1248                                  c->trans, 0, 0, 0);
1249             return;
1250         }
1251         data_in = usb_mtp_get_partial_object(s, c, o);
1252         if (data_in == NULL) {
1253             usb_mtp_queue_result(s, RES_GENERAL_ERROR,
1254                                  c->trans, 0, 0, 0);
1255             return;
1256         }
1257         nres = 1;
1258         res0 = data_in->length;
1259         break;
1260     case CMD_GET_OBJECT_PROPS_SUPPORTED:
1261         if (c->argv[0] != FMT_UNDEFINED_OBJECT &&
1262             c->argv[0] != FMT_ASSOCIATION) {
1263             usb_mtp_queue_result(s, RES_INVALID_OBJECT_FORMAT_CODE,
1264                                  c->trans, 0, 0, 0);
1265             return;
1266         }
1267         data_in = usb_mtp_get_object_props_supported(s, c);
1268         break;
1269     case CMD_GET_OBJECT_PROP_DESC:
1270         if (c->argv[1] != FMT_UNDEFINED_OBJECT &&
1271             c->argv[1] != FMT_ASSOCIATION) {
1272             usb_mtp_queue_result(s, RES_INVALID_OBJECT_FORMAT_CODE,
1273                                  c->trans, 0, 0, 0);
1274             return;
1275         }
1276         data_in = usb_mtp_get_object_prop_desc(s, c);
1277         if (data_in == NULL) {
1278             usb_mtp_queue_result(s, RES_INVALID_OBJECT_PROP_CODE,
1279                                  c->trans, 0, 0, 0);
1280             return;
1281         }
1282         break;
1283     case CMD_GET_OBJECT_PROP_VALUE:
1284         o = usb_mtp_object_lookup(s, c->argv[0]);
1285         if (o == NULL) {
1286             usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE,
1287                                  c->trans, 0, 0, 0);
1288             return;
1289         }
1290         data_in = usb_mtp_get_object_prop_value(s, c, o);
1291         if (data_in == NULL) {
1292             usb_mtp_queue_result(s, RES_INVALID_OBJECT_PROP_CODE,
1293                                  c->trans, 0, 0, 0);
1294             return;
1295         }
1296         break;
1297     default:
1298         trace_usb_mtp_op_unknown(s->dev.addr, c->code);
1299         usb_mtp_queue_result(s, RES_OPERATION_NOT_SUPPORTED,
1300                              c->trans, 0, 0, 0);
1301         return;
1302     }
1303 
1304     /* return results on success */
1305     if (data_in) {
1306         assert(s->data_in == NULL);
1307         s->data_in = data_in;
1308     }
1309     usb_mtp_queue_result(s, RES_OK, c->trans, nres, res0, 0);
1310 }
1311 
1312 /* ----------------------------------------------------------------------- */
1313 
1314 static void usb_mtp_handle_reset(USBDevice *dev)
1315 {
1316     MTPState *s = USB_MTP(dev);
1317 
1318     trace_usb_mtp_reset(s->dev.addr);
1319 
1320 #ifdef CONFIG_INOTIFY1
1321     usb_mtp_inotify_cleanup(s);
1322 #endif
1323     usb_mtp_object_free(s, QTAILQ_FIRST(&s->objects));
1324     s->session = 0;
1325     usb_mtp_data_free(s->data_in);
1326     s->data_in = NULL;
1327     usb_mtp_data_free(s->data_out);
1328     s->data_out = NULL;
1329     g_free(s->result);
1330     s->result = NULL;
1331 }
1332 
1333 static void usb_mtp_handle_control(USBDevice *dev, USBPacket *p,
1334                                    int request, int value, int index,
1335                                    int length, uint8_t *data)
1336 {
1337     int ret;
1338 
1339     ret = usb_desc_handle_control(dev, p, request, value, index, length, data);
1340     if (ret >= 0) {
1341         return;
1342     }
1343 
1344     trace_usb_mtp_stall(dev->addr, "unknown control request");
1345     p->status = USB_RET_STALL;
1346 }
1347 
1348 static void usb_mtp_cancel_packet(USBDevice *dev, USBPacket *p)
1349 {
1350     /* we don't use async packets, so this should never be called */
1351     fprintf(stderr, "%s\n", __func__);
1352 }
1353 
1354 static void usb_mtp_handle_data(USBDevice *dev, USBPacket *p)
1355 {
1356     MTPState *s = USB_MTP(dev);
1357     MTPControl cmd;
1358     mtp_container container;
1359     uint32_t params[5];
1360     int i, rc;
1361 
1362     switch (p->ep->nr) {
1363     case EP_DATA_IN:
1364         if (s->data_out != NULL) {
1365             /* guest bug */
1366             trace_usb_mtp_stall(s->dev.addr, "awaiting data-out");
1367             p->status = USB_RET_STALL;
1368             return;
1369         }
1370         if (p->iov.size < sizeof(container)) {
1371             trace_usb_mtp_stall(s->dev.addr, "packet too small");
1372             p->status = USB_RET_STALL;
1373             return;
1374         }
1375         if (s->data_in !=  NULL) {
1376             MTPData *d = s->data_in;
1377             uint64_t dlen = d->length - d->offset;
1378             if (d->first) {
1379                 trace_usb_mtp_data_in(s->dev.addr, d->trans, d->length);
1380                 if (d->length + sizeof(container) > 0xFFFFFFFF) {
1381                     container.length = cpu_to_le32(0xFFFFFFFF);
1382                 } else {
1383                     container.length =
1384                         cpu_to_le32(d->length + sizeof(container));
1385                 }
1386                 container.type   = cpu_to_le16(TYPE_DATA);
1387                 container.code   = cpu_to_le16(d->code);
1388                 container.trans  = cpu_to_le32(d->trans);
1389                 usb_packet_copy(p, &container, sizeof(container));
1390                 d->first = false;
1391                 if (dlen > p->iov.size - sizeof(container)) {
1392                     dlen = p->iov.size - sizeof(container);
1393                 }
1394             } else {
1395                 if (dlen > p->iov.size) {
1396                     dlen = p->iov.size;
1397                 }
1398             }
1399             if (d->fd == -1) {
1400                 usb_packet_copy(p, d->data + d->offset, dlen);
1401             } else {
1402                 if (d->alloc < p->iov.size) {
1403                     d->alloc = p->iov.size;
1404                     d->data = g_realloc(d->data, d->alloc);
1405                 }
1406                 rc = read(d->fd, d->data, dlen);
1407                 if (rc != dlen) {
1408                     memset(d->data, 0, dlen);
1409                     s->result->code = RES_INCOMPLETE_TRANSFER;
1410                 }
1411                 usb_packet_copy(p, d->data, dlen);
1412             }
1413             d->offset += dlen;
1414             if (d->offset == d->length) {
1415                 usb_mtp_data_free(s->data_in);
1416                 s->data_in = NULL;
1417             }
1418         } else if (s->result != NULL) {
1419             MTPControl *r = s->result;
1420             int length = sizeof(container) + r->argc * sizeof(uint32_t);
1421             if (r->code == RES_OK) {
1422                 trace_usb_mtp_success(s->dev.addr, r->trans,
1423                                       (r->argc > 0) ? r->argv[0] : 0,
1424                                       (r->argc > 1) ? r->argv[1] : 0);
1425             } else {
1426                 trace_usb_mtp_error(s->dev.addr, r->code, r->trans,
1427                                     (r->argc > 0) ? r->argv[0] : 0,
1428                                     (r->argc > 1) ? r->argv[1] : 0);
1429             }
1430             container.length = cpu_to_le32(length);
1431             container.type   = cpu_to_le16(TYPE_RESPONSE);
1432             container.code   = cpu_to_le16(r->code);
1433             container.trans  = cpu_to_le32(r->trans);
1434             for (i = 0; i < r->argc; i++) {
1435                 params[i] = cpu_to_le32(r->argv[i]);
1436             }
1437             usb_packet_copy(p, &container, sizeof(container));
1438             usb_packet_copy(p, &params, length - sizeof(container));
1439             g_free(s->result);
1440             s->result = NULL;
1441         }
1442         break;
1443     case EP_DATA_OUT:
1444         if (p->iov.size < sizeof(container)) {
1445             trace_usb_mtp_stall(s->dev.addr, "packet too small");
1446             p->status = USB_RET_STALL;
1447             return;
1448         }
1449         usb_packet_copy(p, &container, sizeof(container));
1450         switch (le16_to_cpu(container.type)) {
1451         case TYPE_COMMAND:
1452             if (s->data_in || s->data_out || s->result) {
1453                 trace_usb_mtp_stall(s->dev.addr, "transaction inflight");
1454                 p->status = USB_RET_STALL;
1455                 return;
1456             }
1457             cmd.code = le16_to_cpu(container.code);
1458             cmd.argc = (le32_to_cpu(container.length) - sizeof(container))
1459                 / sizeof(uint32_t);
1460             cmd.trans = le32_to_cpu(container.trans);
1461             if (cmd.argc > ARRAY_SIZE(cmd.argv)) {
1462                 cmd.argc = ARRAY_SIZE(cmd.argv);
1463             }
1464             if (p->iov.size < sizeof(container) + cmd.argc * sizeof(uint32_t)) {
1465                 trace_usb_mtp_stall(s->dev.addr, "packet too small");
1466                 p->status = USB_RET_STALL;
1467                 return;
1468             }
1469             usb_packet_copy(p, &params, cmd.argc * sizeof(uint32_t));
1470             for (i = 0; i < cmd.argc; i++) {
1471                 cmd.argv[i] = le32_to_cpu(params[i]);
1472             }
1473             trace_usb_mtp_command(s->dev.addr, cmd.code, cmd.trans,
1474                                   (cmd.argc > 0) ? cmd.argv[0] : 0,
1475                                   (cmd.argc > 1) ? cmd.argv[1] : 0,
1476                                   (cmd.argc > 2) ? cmd.argv[2] : 0,
1477                                   (cmd.argc > 3) ? cmd.argv[3] : 0,
1478                                   (cmd.argc > 4) ? cmd.argv[4] : 0);
1479             usb_mtp_command(s, &cmd);
1480             break;
1481         default:
1482             /* not needed as long as the mtp device is read-only */
1483             p->status = USB_RET_STALL;
1484             return;
1485         }
1486         break;
1487     case EP_EVENT:
1488 #ifdef CONFIG_INOTIFY1
1489         if (!QTAILQ_EMPTY(&s->events)) {
1490             struct MTPMonEntry *e = QTAILQ_LAST(&s->events, events);
1491             uint32_t handle;
1492             int len = sizeof(container) + sizeof(uint32_t);
1493 
1494             if (p->iov.size < len) {
1495                 trace_usb_mtp_stall(s->dev.addr,
1496                                     "packet too small to send event");
1497                 p->status = USB_RET_STALL;
1498                 return;
1499             }
1500 
1501             QTAILQ_REMOVE(&s->events, e, next);
1502             container.length = cpu_to_le32(len);
1503             container.type = cpu_to_le32(TYPE_EVENT);
1504             container.code = cpu_to_le16(e->event);
1505             container.trans = 0; /* no trans specific events */
1506             handle = cpu_to_le32(e->handle);
1507             usb_packet_copy(p, &container, sizeof(container));
1508             usb_packet_copy(p, &handle, sizeof(uint32_t));
1509             g_free(e);
1510             return;
1511         }
1512 #endif
1513         p->status = USB_RET_NAK;
1514         return;
1515     default:
1516         trace_usb_mtp_stall(s->dev.addr, "invalid endpoint");
1517         p->status = USB_RET_STALL;
1518         return;
1519     }
1520 
1521     if (p->actual_length == 0) {
1522         trace_usb_mtp_nak(s->dev.addr, p->ep->nr);
1523         p->status = USB_RET_NAK;
1524         return;
1525     } else {
1526         trace_usb_mtp_xfer(s->dev.addr, p->ep->nr, p->actual_length,
1527                            p->iov.size);
1528         return;
1529     }
1530 }
1531 
1532 static void usb_mtp_realize(USBDevice *dev, Error **errp)
1533 {
1534     MTPState *s = USB_MTP(dev);
1535 
1536     usb_desc_create_serial(dev);
1537     usb_desc_init(dev);
1538     QTAILQ_INIT(&s->objects);
1539     if (s->desc == NULL) {
1540         if (s->root == NULL) {
1541             error_setg(errp, "usb-mtp: x-root property must be configured");
1542             return;
1543         }
1544         s->desc = strrchr(s->root, '/');
1545         if (s->desc && s->desc[0]) {
1546             s->desc = g_strdup(s->desc + 1);
1547         } else {
1548             s->desc = g_strdup("none");
1549         }
1550     }
1551 }
1552 
1553 static const VMStateDescription vmstate_usb_mtp = {
1554     .name = "usb-mtp",
1555     .unmigratable = 1,
1556     .version_id = 1,
1557     .minimum_version_id = 1,
1558     .fields = (VMStateField[]) {
1559         VMSTATE_USB_DEVICE(dev, MTPState),
1560         VMSTATE_END_OF_LIST()
1561     }
1562 };
1563 
1564 static Property mtp_properties[] = {
1565     DEFINE_PROP_STRING("x-root", MTPState, root),
1566     DEFINE_PROP_STRING("desc", MTPState, desc),
1567     DEFINE_PROP_END_OF_LIST(),
1568 };
1569 
1570 static void usb_mtp_class_initfn(ObjectClass *klass, void *data)
1571 {
1572     DeviceClass *dc = DEVICE_CLASS(klass);
1573     USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
1574 
1575     uc->realize        = usb_mtp_realize;
1576     uc->product_desc   = "QEMU USB MTP";
1577     uc->usb_desc       = &desc;
1578     uc->cancel_packet  = usb_mtp_cancel_packet;
1579     uc->handle_attach  = usb_desc_attach;
1580     uc->handle_reset   = usb_mtp_handle_reset;
1581     uc->handle_control = usb_mtp_handle_control;
1582     uc->handle_data    = usb_mtp_handle_data;
1583     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
1584     dc->desc = "USB Media Transfer Protocol device";
1585     dc->fw_name = "mtp";
1586     dc->vmsd = &vmstate_usb_mtp;
1587     dc->props = mtp_properties;
1588 }
1589 
1590 static TypeInfo mtp_info = {
1591     .name          = TYPE_USB_MTP,
1592     .parent        = TYPE_USB_DEVICE,
1593     .instance_size = sizeof(MTPState),
1594     .class_init    = usb_mtp_class_initfn,
1595 };
1596 
1597 static void usb_mtp_register_types(void)
1598 {
1599     type_register_static(&mtp_info);
1600 }
1601 
1602 type_init(usb_mtp_register_types)
1603